commit b032fcb38f586639edce2dc790a7caed7dbf619c
author Junxiao Shi <git@mail1.yoursunny.com> Thu Apr 28 01:28:50 2022 +0000
committer Junxiao Shi <git@mail1.yoursunny.com> Thu Apr 28 01:28:50 2022 +0000
tree f0d9301c61bcb2f98ee64ed57e3374d80e6af1c9
parent 583473a76fdd2c02bba8f63db89745bdd2c150b6

conf+security: accommodate certificate name in KeyLocator

refs #5195

Change-Id: I88709f891fe78fc9f2699bc021d35ca72ebc6850

tests/security/test-certificate-store.cpp

diff --git a/tests/security/test-certificate-store.cpp b/tests/security/test-certificate-store.cpp
index ffb94d1..216aba5 100644
--- a/tests/security/test-certificate-store.cpp
+++ b/tests/security/test-certificate-store.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2014-2021,  The University of Memphis,
+ * Copyright (c) 2014-2022,  The University of Memphis,
  *                           Regents of the University of California,
  *                           Arizona Board of Regents.
  *
@@ -59,26 +59,21 @@
     opIdentity = addSubCertificate(opIdentityName, siteIdentity);
     routerId = addSubCertificate(routerIdName, opIdentity);
 
-    auto certificate = conf.initializeKey();
-    if (certificate) {
-      certStore.insert(*certificate);
-    };
+    auto instanceCert = conf.initializeKey();
+    BOOST_REQUIRE(!!instanceCert);
+    certStore.insert(*instanceCert);
+    instanceCertName = instanceCert->getName();
 
     // Create certificate and load it to the validator
     // previously this was done by in nlsr ctor
-    conf.loadCertToValidator(rootId.getDefaultKey().getDefaultCertificate());
-    conf.loadCertToValidator(siteIdentity.getDefaultKey().getDefaultCertificate());
-    conf.loadCertToValidator(opIdentity.getDefaultKey().getDefaultCertificate());
-    conf.loadCertToValidator(routerId.getDefaultKey().getDefaultCertificate());
-
-    std::ifstream inputFile;
-    inputFile.open(std::string("nlsr.conf"));
-
-    BOOST_REQUIRE(inputFile.is_open());
+    for (const auto& id : {rootId, siteIdentity, opIdentity, routerId}) {
+      const auto& cert = id.getDefaultKey().getDefaultCertificate();
+      conf.loadCertToValidator(cert);
+      certStore.insert(cert);
+    }
 
     boost::property_tree::ptree pt;
-
-    boost::property_tree::read_info(inputFile, pt);
+    boost::property_tree::read_info("nlsr.conf", pt);
 
     // Load security section and file name
     for (const auto& tn : pt) {
@@ -88,9 +83,8 @@
         break;
       }
     }
-    inputFile.close();
 
-    this->advanceClocks(ndn::time::milliseconds(20));
+    advanceClocks(20_ms);
   }
 
 public:
@@ -114,6 +108,7 @@
 
   ndn::Name rootIdName, siteIdentityName, opIdentityName, routerIdName;
   ndn::security::pib::Identity rootId, siteIdentity, opIdentity, routerId;
+  ndn::Name instanceCertName;
 
   Nlsr nlsr;
   Lsdb& lsdb;
@@ -136,12 +131,14 @@
   ndn::Name certKey = certificate.getKeyName();
 
   BOOST_CHECK(certStore.find(certKey) == nullptr);
+  BOOST_CHECK(certStore.find(certificate.getName()) == nullptr);
 
   // Certificate should be retrievable from the CertificateStore
   certStore.insert(certificate);
   conf.loadCertToValidator(certificate);
 
   BOOST_CHECK(certStore.find(certKey) != nullptr);
+  BOOST_CHECK(certStore.find(certificate.getName()) != nullptr);
 
   lsdb.expressInterest(certKey, 0);
 
@@ -149,6 +146,41 @@
   checkForInterest(certKey);
 }
 
+BOOST_AUTO_TEST_CASE(RetrieveCert)
+{
+  ndn::util::DummyClientFace consumer(m_ioService);
+  consumer.linkTo(face);
+
+  auto checkRetrieve = [&] (const ndn::Name& interestName, bool canBePrefix, const ndn::Name& dataName) {
+    ndn::Interest interest(interestName);
+    interest.setCanBePrefix(canBePrefix);
+    BOOST_TEST_CONTEXT(interest) {
+      bool hasData = false;
+      consumer.expressInterest(interest,
+        [&] (const auto&, const auto& data) {
+          BOOST_CHECK(!hasData);
+          hasData = true;
+          BOOST_CHECK_EQUAL(data.getName(), dataName);
+        },
+        [&] (const auto&, const auto&) { BOOST_ERROR("unexpected Nack"); },
+        [&] (const auto&) { BOOST_ERROR("unexpected timeout"); }
+      );
+      advanceClocks(10_ms, 2);
+      BOOST_CHECK(hasData);
+    }
+  };
+
+  for (const auto& id : {siteIdentity, opIdentity, routerId}) {
+    auto key = id.getDefaultKey();
+    auto cert = key.getDefaultCertificate();
+    checkRetrieve(key.getName(), true, cert.getName());
+    checkRetrieve(cert.getName(), false, cert.getName());
+  }
+
+  checkRetrieve(ndn::security::extractKeyNameFromCertName(instanceCertName), true, instanceCertName);
+  checkRetrieve(instanceCertName, false, instanceCertName);
+}
+
 BOOST_AUTO_TEST_CASE(TestKeyPrefixRegistration)
 {
   // check if nlsrKeyPrefix is registered
@@ -202,12 +234,13 @@
   // Make NLSR validate data signed by its own key
   conf.getValidator().validate(data,
                                  [] (const ndn::Data&) { BOOST_CHECK(true); },
-                                 [] (const ndn::Data&, const ndn::security::ValidationError&) {
-                                   BOOST_CHECK(false);
+                                 [] (const ndn::Data&, const ndn::security::ValidationError& e) {
+                                   BOOST_ERROR(e);
                                  });
 
   lsdb.emitSegmentValidatedSignal(data);
-  const auto keyName = data.getSignatureInfo().getKeyLocator().getName();
+  auto certName = data.getSignatureInfo().getKeyLocator().getName();
+  auto keyName = ndn::security::extractKeyNameFromCertName(certName);
   BOOST_CHECK(certStore.find(keyName) != nullptr);
 
   // testing a callback after segment validation signal from lsdb

tests/test-lsa-rule.cpp

diff --git a/tests/test-lsa-rule.cpp b/tests/test-lsa-rule.cpp
index 2b6faf4..557b540 100644
--- a/tests/test-lsa-rule.cpp
+++ b/tests/test-lsa-rule.cpp
@@ -65,21 +65,15 @@
 
     saveCertificate(rootId, ROOT_CERT_PATH.string());
 
-    confParam.loadCertToValidator(rootId.getDefaultKey().getDefaultCertificate());
-    confParam.loadCertToValidator(siteIdentity.getDefaultKey().getDefaultCertificate());
-    confParam.loadCertToValidator(opIdentity.getDefaultKey().getDefaultCertificate());
-    confParam.loadCertToValidator(routerId.getDefaultKey().getDefaultCertificate());
+    for (const auto& id : {rootId, siteIdentity, opIdentity, routerId}) {
+      const auto& cert = id.getDefaultKey().getDefaultCertificate();
+      confParam.loadCertToValidator(cert);
+    }
 
     // Loading the security section's validator part into the validator
     // See conf file processor for more details
-    std::ifstream inputFile;
-    inputFile.open(std::string("nlsr.conf"));
-
-    BOOST_REQUIRE(inputFile.is_open());
-
     boost::property_tree::ptree pt;
-
-    boost::property_tree::read_info(inputFile, pt);
+    boost::property_tree::read_info("nlsr.conf", pt);
 
     // Loads section and file name
     for (const auto& tn : pt) {
@@ -89,10 +83,8 @@
         break;
       }
     }
-    inputFile.close();
 
-    this->advanceClocks(ndn::time::milliseconds(10));
-
+    this->advanceClocks(10_ms);
     face.sentInterests.clear();
    }
 
@@ -126,7 +118,7 @@
   lsaDataName.appendNumber(1).appendNumber(1);
 
   ndn::Data data(lsaDataName);
-  data.setFreshnessPeriod(ndn::time::seconds(10));
+  data.setFreshnessPeriod(10_s);
 
   // Sign data with NLSR's key
   m_keyChain.sign(data, confParam.getSigningInfo());
@@ -134,8 +126,8 @@
   // Make NLSR validate data signed by its own key
   confParam.getValidator().validate(data,
                                     [] (const Data&) { BOOST_CHECK(true); },
-                                    [] (const Data&, const ndn::security::ValidationError&) {
-                                      BOOST_CHECK(false);
+                                    [] (const Data&, const ndn::security::ValidationError& e) {
+                                      BOOST_ERROR(e);
                                     });
 }