security: ValidatorConfig rule evaluates all checkers
Also fix bug when target cert is not in anchors and cert cache is empty
Refs #3645
Change-Id: Ifb39e474c74611897ea28a1b8f26ed70750a1990
diff --git a/AUTHORS.md b/AUTHORS.md
index b837729..517b335 100644
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -39,3 +39,4 @@
* Marcin Juszkiewicz <http://marcin.juszkiewicz.com.pl/>
* Susmit Shannigrahi <https://www.linkedin.com/in/susmit-shannigrahi-90433b8>
* José Quevedo <http://atnog.av.it.pt/members/jquevedo>
+* Zhiyi Zhang <zhangzhiyi1919@cs.ucla.edu>
diff --git a/docs/tutorials/security-validator-config.rst b/docs/tutorials/security-validator-config.rst
index a9ec70e..aec8d7d 100644
--- a/docs/tutorials/security-validator-config.rst
+++ b/docs/tutorials/security-validator-config.rst
@@ -97,8 +97,9 @@
**ATTENTION: A packet that satisfies all the filters may not be valid**.
The property **checker** defines the conditions that a matched packet must fulfill to be
-treated as a valid packet. A rule must have at least one **checker** property, a packet is
-treated as invalid if it cannot pass none of the checkers.
+treated as a valid packet. A rule must have at least one **checker** property. A packet is
+treated as valid if it can pass at least one of the checkers and as invalid when it cannot
+pass any checkers.
**filter** and **checker** have their own properties. Next, we will introduce them
separately.
diff --git a/src/security/conf/checker.hpp b/src/security/conf/checker.hpp
index 49898cb..c2c4244 100644
--- a/src/security/conf/checker.hpp
+++ b/src/security/conf/checker.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -63,31 +63,23 @@
* @brief check if data satisfies condition defined in the specific checker implementation
*
* @param data Data packet
- * @param onValidated Callback function which is called when data is immediately valid
- * @param onValidationFailed Call function which is called when data is immediately invalid
- * @return -1 if data is immediately invalid (onValidationFailed has been called)
- * 1 if data is immediately valid (onValidated has been called)
- * 0 if further signature verification is needed.
+ * @retval -1 if data is immediately invalid
+ * @retval 1 if data is immediately valid
+ * @retval 0 if further signature verification is needed.
*/
virtual int8_t
- check(const Data& data,
- const OnDataChecked& onValidated,
- const OnDataCheckFailed& onValidationFailed) = 0;
+ check(const Data& data) = 0;
/**
* @brief check if interest satisfies condition defined in the specific checker implementation
*
* @param interest Interest packet
- * @param onValidated Callback function which is called when interest is immediately valid
- * @param onValidationFailed Call function which is called when interest is immediately invalid
- * @return -1 if interest is immediately invalid (onValidationFailed has been called)
- * 1 if interest is immediately valid (onValidated has been called)
- * 0 if further signature verification is needed.
+ * @retval -1 if interest is immediately invalid
+ * @retval 1 if interest is immediately valid
+ * @retval 0 if further signature verification is needed.
*/
virtual int8_t
- check(const Interest& interest,
- const OnInterestChecked& onValidated,
- const OnInterestCheckFailed& onValidationFailed) = 0;
+ check(const Interest& interest) = 0;
};
class CustomizedChecker : public Checker
@@ -98,118 +90,89 @@
: m_sigType(sigType)
, m_keyLocatorChecker(keyLocatorChecker)
{
- switch (sigType)
- {
+ switch (sigType) {
case tlv::SignatureSha256WithRsa:
- case tlv::SignatureSha256WithEcdsa:
- {
- if (!static_cast<bool>(m_keyLocatorChecker))
- BOOST_THROW_EXCEPTION(Error("Strong signature requires KeyLocatorChecker"));
-
- return;
- }
+ case tlv::SignatureSha256WithEcdsa: {
+ if (!static_cast<bool>(m_keyLocatorChecker))
+ BOOST_THROW_EXCEPTION(Error("Strong signature requires KeyLocatorChecker"));
+ return;
+ }
case tlv::DigestSha256:
return;
default:
BOOST_THROW_EXCEPTION(Error("Unsupported signature type"));
- }
+ }
}
virtual int8_t
- check(const Data& data,
- const OnDataChecked& onValidated,
- const OnDataCheckFailed& onValidationFailed)
+ check(const Data& data) override
{
- return check(data, data.getSignature(), onValidated, onValidationFailed);
+ return check(data, data.getSignature());
}
virtual int8_t
- check(const Interest& interest,
- const OnInterestChecked& onValidated,
- const OnInterestCheckFailed& onValidationFailed)
+ check(const Interest& interest) override
{
- try
- {
- const Name& interestName = interest.getName();
- Signature signature(interestName[Checker::INTEREST_SIG_INFO].blockFromValue(),
- interestName[Checker::INTEREST_SIG_VALUE].blockFromValue());
- return check(interest, signature, onValidated, onValidationFailed);
- }
- catch (Signature::Error& e)
- {
- onValidationFailed(interest.shared_from_this(), "Invalid signature");
- return -1;
- }
- catch (tlv::Error& e)
- {
- onValidationFailed(interest.shared_from_this(), "Cannot decode signature related TLVs");
- return -1;
- }
+ try {
+ const Name& interestName = interest.getName();
+ Signature signature(interestName[Checker::INTEREST_SIG_INFO].blockFromValue(),
+ interestName[Checker::INTEREST_SIG_VALUE].blockFromValue());
+ return check(interest, signature);
+ }
+ catch (const Signature::Error& e) {
+ // Invalid signature
+ return -1;
+ }
+ catch (const tlv::Error& e) {
+ // Cannot decode signature related TLVs
+ return -1;
+ }
}
private:
- template<class Packet, class OnValidated, class OnFailed>
+ template<class Packet>
int8_t
- check(const Packet& packet, const Signature& signature,
- const OnValidated& onValidated,
- const OnFailed& onValidationFailed)
+ check(const Packet& packet, const Signature& signature)
{
- if (m_sigType != signature.getType())
- {
- onValidationFailed(packet.shared_from_this(),
- "Signature type does not match: " +
- boost::lexical_cast<std::string>(m_sigType) +
- "!=" +
- boost::lexical_cast<std::string>(signature.getType()));
- return -1;
- }
+ if (m_sigType != signature.getType()) {
+ // Signature type does not match
+ return -1;
+ }
if (signature.getType() == tlv::DigestSha256)
return 0;
- try
- {
- switch (signature.getType())
- {
- case tlv::SignatureSha256WithRsa:
- case tlv::SignatureSha256WithEcdsa:
- {
- if (!signature.hasKeyLocator()) {
- onValidationFailed(packet.shared_from_this(),
- "Missing KeyLocator in SignatureInfo");
- }
- break;
- }
- default:
- {
- onValidationFailed(packet.shared_from_this(),
- "Unsupported signature type: " +
- boost::lexical_cast<std::string>(signature.getType()));
- return -1;
- }
+ try {
+ switch (signature.getType()) {
+ case tlv::SignatureSha256WithRsa:
+ case tlv::SignatureSha256WithEcdsa: {
+ if (!signature.hasKeyLocator()) {
+ // Missing KeyLocator in SignatureInfo
+ return -1;
}
+ break;
+ }
+ default: {
+ // Unsupported signature type
+ return -1;
+ }
}
- catch (KeyLocator::Error& e)
- {
- onValidationFailed(packet.shared_from_this(),
- "Cannot decode KeyLocator");
- return -1;
- }
- catch (tlv::Error& e)
- {
- onValidationFailed(packet.shared_from_this(),
- "Cannot decode signature");
- return -1;
- }
+ }
+ catch (const KeyLocator::Error& e) {
+ // Cannot decode KeyLocator
+ return -1;
+ }
+ catch (const tlv::Error& e) {
+ // Cannot decode signature
+ return -1;
+ }
std::string failInfo;
if (m_keyLocatorChecker->check(packet, signature.getKeyLocator(), failInfo))
return 0;
- else
- {
- onValidationFailed(packet.shared_from_this(), failInfo);
- return -1;
- }
+ else {
+ return -1;
+ }
}
private:
@@ -235,139 +198,104 @@
{
public:
FixedSignerChecker(uint32_t sigType,
- const std::vector<shared_ptr<IdentityCertificate> >& signers)
+ const std::vector<shared_ptr<IdentityCertificate>>& signers)
: m_sigType(sigType)
{
- for (std::vector<shared_ptr<IdentityCertificate> >::const_iterator it = signers.begin();
+ for (std::vector<shared_ptr<IdentityCertificate>>::const_iterator it = signers.begin();
it != signers.end(); it++)
m_signers[(*it)->getName().getPrefix(-1)] = (*it);
if (sigType != tlv::SignatureSha256WithRsa &&
- sigType != tlv::SignatureSha256WithEcdsa)
- {
- BOOST_THROW_EXCEPTION(Error("FixedSigner is only meaningful for strong signature type"));
- }
-
+ sigType != tlv::SignatureSha256WithEcdsa) {
+ BOOST_THROW_EXCEPTION(Error("FixedSigner is only meaningful for strong signature type"));
+ }
}
virtual int8_t
- check(const Data& data,
- const OnDataChecked& onValidated,
- const OnDataCheckFailed& onValidationFailed)
+ check(const Data& data) override
{
- return check(data, data.getSignature(), onValidated, onValidationFailed);
+ return check(data, data.getSignature());
}
virtual int8_t
- check(const Interest& interest,
- const OnInterestChecked& onValidated,
- const OnInterestCheckFailed& onValidationFailed)
+ check(const Interest& interest) override
{
- try
- {
- const Name& interestName = interest.getName();
- Signature signature(interestName[Checker::INTEREST_SIG_INFO].blockFromValue(),
- interestName[Checker::INTEREST_SIG_VALUE].blockFromValue());
- return check(interest, signature, onValidated, onValidationFailed);
- }
- catch (Signature::Error& e)
- {
- onValidationFailed(interest.shared_from_this(), "Invalid signature");
- return -1;
- }
- catch (tlv::Error& e)
- {
- onValidationFailed(interest.shared_from_this(), "Cannot decode signature related TLVs");
- return -1;
- }
+ try {
+ const Name& interestName = interest.getName();
+ Signature signature(interestName[Checker::INTEREST_SIG_INFO].blockFromValue(),
+ interestName[Checker::INTEREST_SIG_VALUE].blockFromValue());
+ return check(interest, signature);
+ }
+ catch (const Signature::Error& e) {
+ // Invalid signature
+ return -1;
+ }
+ catch (const tlv::Error& e) {
+ // Cannot decode signature related TLVs
+ return -1;
+ }
}
private:
- template<class Packet, class OnValidated, class OnFailed>
+ template<class Packet>
int8_t
- check(const Packet& packet, const Signature& signature,
- const OnValidated& onValidated,
- const OnFailed& onValidationFailed)
+ check(const Packet& packet, const Signature& signature)
{
- if (m_sigType != signature.getType())
- {
- onValidationFailed(packet.shared_from_this(),
- "Signature type does not match: " +
- boost::lexical_cast<std::string>(m_sigType) +
- "!=" +
- boost::lexical_cast<std::string>(signature.getType()));
- return -1;
- }
+ if (m_sigType != signature.getType()) {
+ // Signature type does not match
+ return -1;
+ }
- if (signature.getType() == tlv::DigestSha256)
- {
- onValidationFailed(packet.shared_from_this(),
- "FixedSigner does not allow Sha256 signature type");
- return -1;
- }
+ if (signature.getType() == tlv::DigestSha256) {
+ // FixedSigner does not allow Sha256 signature type
+ return -1;
+ }
- try
- {
- switch (signature.getType())
- {
- case tlv::SignatureSha256WithRsa:
- case tlv::SignatureSha256WithEcdsa:
- {
- if (!signature.hasKeyLocator()) {
- onValidationFailed(packet.shared_from_this(),
- "Missing KeyLocator in SignatureInfo");
- }
- break;
- }
- default:
- {
- onValidationFailed(packet.shared_from_this(),
- "Unsupported signature type: " +
- boost::lexical_cast<std::string>(signature.getType()));
- return -1;
- }
- }
-
- const Name& keyLocatorName = signature.getKeyLocator().getName();
-
- if (m_signers.find(keyLocatorName) == m_signers.end())
- {
- onValidationFailed(packet.shared_from_this(),
- "Signer is not in the fixed signer list: " +
- keyLocatorName.toUri());
+ try {
+ switch (signature.getType()) {
+ case tlv::SignatureSha256WithRsa:
+ case tlv::SignatureSha256WithEcdsa: {
+ if (!signature.hasKeyLocator()) {
+ // Missing KeyLocator in SignatureInfo
return -1;
}
+ break;
+ }
- if (Validator::verifySignature(packet, signature,
- m_signers[keyLocatorName]->getPublicKeyInfo()))
- {
- onValidated(packet.shared_from_this());
- return 1;
- }
- else
- {
- onValidationFailed(packet.shared_from_this(),
- "Signature cannot be validated");
- return -1;
- }
+ default: {
+ // Unsupported signature type
+ return -1;
+ }
}
- catch (KeyLocator::Error& e)
- {
- onValidationFailed(packet.shared_from_this(),
- "KeyLocator does not have name");
+
+ const Name& keyLocatorName = signature.getKeyLocator().getName();
+
+ if (m_signers.find(keyLocatorName) == m_signers.end()) {
+ // Signer is not in the fixed signer list
return -1;
}
- catch (tlv::Error& e)
- {
- onValidationFailed(packet.shared_from_this(),
- "Cannot decode signature");
+
+ if (Validator::verifySignature(packet, signature,
+ m_signers[keyLocatorName]->getPublicKeyInfo())) {
+ return 1;
+ }
+ else {
+ // Signature cannot be validated
return -1;
}
+ }
+ catch (const KeyLocator::Error& e) {
+ // KeyLocator does not have name
+ return -1;
+ }
+ catch (const tlv::Error& e) {
+ // Cannot decode signature
+ return -1;
+ }
}
private:
- typedef std::map<Name, shared_ptr<IdentityCertificate> > SignerList;
-
+ typedef std::map<Name, shared_ptr<IdentityCertificate>> SignerList;
uint32_t m_sigType;
SignerList m_signers;
};
@@ -466,15 +394,14 @@
std::string sigType = propertyIt->second.data();
propertyIt++;
- std::vector<shared_ptr<IdentityCertificate> > signers;
- for (; propertyIt != configSection.end(); propertyIt++)
- {
- if (!boost::iequals(propertyIt->first, "signer"))
- BOOST_THROW_EXCEPTION(Error("Expect <checker.signer> but get <checker." +
- propertyIt->first + ">"));
+ std::vector<shared_ptr<IdentityCertificate>> signers;
+ for (; propertyIt != configSection.end(); propertyIt++) {
+ if (!boost::iequals(propertyIt->first, "signer"))
+ BOOST_THROW_EXCEPTION(Error("Expect <checker.signer> but get <checker." +
+ propertyIt->first + ">"));
- signers.push_back(getSigner(propertyIt->second, configFilename));
- }
+ signers.push_back(getSigner(propertyIt->second, configFilename));
+ }
if (propertyIt != configSection.end())
BOOST_THROW_EXCEPTION(Error("Expect the end of checker"));
@@ -497,48 +424,46 @@
std::string type = propertyIt->second.data();
propertyIt++;
- if (boost::iequals(type, "file"))
- {
- // Get checker.signer.file-name
- if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "file-name"))
- BOOST_THROW_EXCEPTION(Error("Expect <checker.signer.file-name>"));
+ if (boost::iequals(type, "file")) {
+ // Get checker.signer.file-name
+ if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "file-name"))
+ BOOST_THROW_EXCEPTION(Error("Expect <checker.signer.file-name>"));
- path certfilePath = absolute(propertyIt->second.data(),
- path(configFilename).parent_path());
- propertyIt++;
+ path certfilePath = absolute(propertyIt->second.data(),
+ path(configFilename).parent_path());
+ propertyIt++;
- if (propertyIt != configSection.end())
- BOOST_THROW_EXCEPTION(Error("Expect the end of checker.signer"));
+ if (propertyIt != configSection.end())
+ BOOST_THROW_EXCEPTION(Error("Expect the end of checker.signer"));
- shared_ptr<IdentityCertificate> idCert
- = io::load<IdentityCertificate>(certfilePath.c_str());
+ shared_ptr<IdentityCertificate> idCert
+ = io::load<IdentityCertificate>(certfilePath.c_str());
- if (static_cast<bool>(idCert))
- return idCert;
- else
- BOOST_THROW_EXCEPTION(Error("Cannot read certificate from file: " +
- certfilePath.native()));
- }
- else if (boost::iequals(type, "base64"))
- {
- // Get checker.signer.base64-string
- if (propertyIt == configSection.end() ||
- !boost::iequals(propertyIt->first, "base64-string"))
- BOOST_THROW_EXCEPTION(Error("Expect <checker.signer.base64-string>"));
+ if (static_cast<bool>(idCert))
+ return idCert;
+ else
+ BOOST_THROW_EXCEPTION(Error("Cannot read certificate from file: " +
+ certfilePath.native()));
+ }
+ else if (boost::iequals(type, "base64")) {
+ // Get checker.signer.base64-string
+ if (propertyIt == configSection.end() ||
+ !boost::iequals(propertyIt->first, "base64-string"))
+ BOOST_THROW_EXCEPTION(Error("Expect <checker.signer.base64-string>"));
- std::stringstream ss(propertyIt->second.data());
- propertyIt++;
+ std::stringstream ss(propertyIt->second.data());
+ propertyIt++;
- if (propertyIt != configSection.end())
- BOOST_THROW_EXCEPTION(Error("Expect the end of checker.signer"));
+ if (propertyIt != configSection.end())
+ BOOST_THROW_EXCEPTION(Error("Expect the end of checker.signer"));
- shared_ptr<IdentityCertificate> idCert = io::load<IdentityCertificate>(ss);
+ shared_ptr<IdentityCertificate> idCert = io::load<IdentityCertificate>(ss);
- if (static_cast<bool>(idCert))
- return idCert;
- else
- BOOST_THROW_EXCEPTION(Error("Cannot decode certificate from string"));
- }
+ if (static_cast<bool>(idCert))
+ return idCert;
+ else
+ BOOST_THROW_EXCEPTION(Error("Cannot decode certificate from string"));
+ }
else
BOOST_THROW_EXCEPTION(Error("Unsupported checker.signer type: " + type));
}
diff --git a/src/security/conf/rule.hpp b/src/security/conf/rule.hpp
index 31d81f7..03af661 100644
--- a/src/security/conf/rule.hpp
+++ b/src/security/conf/rule.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,6 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*
* @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
+ * @author Zhiyi Zhang <zhangzhiyi1919@gmail.com>
*/
#ifndef NDN_SECURITY_CONF_RULE_HPP
@@ -97,19 +98,28 @@
const ValidatedCallback& onValidated,
const ValidationFailureCallback& onValidationFailed)
{
- for (CheckerList::iterator it = m_checkers.begin();
- it != m_checkers.end(); it++)
- {
- int8_t result = (*it)->check(packet, onValidated, onValidationFailed);
- if (result >= 0)
- return result;
+ bool hasPendingResult = false;
+ for (CheckerList::iterator it = m_checkers.begin(); it != m_checkers.end(); it++) {
+ int8_t result = (*it)->check(packet);
+ if (result > 0) {
+ onValidated(packet.shared_from_this());
+ return result;
}
- return -1;
+ else if (result == 0)
+ hasPendingResult = true;
+ }
+ if (hasPendingResult) {
+ return 0;
+ }
+ else {
+ onValidationFailed(packet.shared_from_this(), "Packet cannot pass any checkers.");
+ return -1;
+ }
}
-private:
- typedef std::vector<shared_ptr<Filter> > FilterList;
- typedef std::vector<shared_ptr<Checker> > CheckerList;
+NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
+ typedef std::vector<shared_ptr<Filter>> FilterList;
+ typedef std::vector<shared_ptr<Checker>> CheckerList;
std::string m_id;
FilterList m_filters;
diff --git a/src/security/validator-config.cpp b/src/security/validator-config.cpp
index 859a711..ba37a5a 100644
--- a/src/security/validator-config.cpp
+++ b/src/security/validator-config.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,6 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*
* @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
+ * @author Zhiyi Zhang <zhangzhiyi1919@gmail.com>
*/
#include "validator-config.hpp"
@@ -190,7 +191,7 @@
+ " in rule: " + ruleId));
// Get rule.filter(s)
- std::vector<shared_ptr<Filter> > filters;
+ std::vector<shared_ptr<Filter>> filters;
for (; propertyIt != configSection.end(); propertyIt++)
{
if (!boost::iequals(propertyIt->first, "filter"))
@@ -205,7 +206,7 @@
}
// Get rule.checker(s)
- std::vector<shared_ptr<Checker> > checkers;
+ std::vector<shared_ptr<Checker>> checkers;
for (; propertyIt != configSection.end(); propertyIt++)
{
if (!boost::iequals(propertyIt->first, "checker"))
@@ -489,7 +490,7 @@
int nSteps,
const OnDataValidated& onValidated,
const OnDataValidationFailed& onValidationFailed,
- std::vector<shared_ptr<ValidationRequest> >& nextSteps)
+ std::vector<shared_ptr<ValidationRequest>>& nextSteps)
{
if (!m_shouldValidate)
return onValidated(data.shared_from_this());
@@ -524,7 +525,7 @@
int nSteps,
const OnInterestValidated& onValidated,
const OnInterestValidationFailed& onValidationFailed,
- std::vector<shared_ptr<ValidationRequest> >& nextSteps)
+ std::vector<shared_ptr<ValidationRequest>>& nextSteps)
{
if (!m_shouldValidate)
return onValidated(interest.shared_from_this());
@@ -733,7 +734,7 @@
size_t nSteps,
const OnValidated& onValidated,
const OnFailed& onValidationFailed,
- std::vector<shared_ptr<ValidationRequest> >& nextSteps)
+ std::vector<shared_ptr<ValidationRequest>>& nextSteps)
{
if (signature.getType() == tlv::DigestSha256)
{
@@ -785,7 +786,7 @@
AnchorList::const_iterator it = m_anchors.find(keyLocatorName);
if (m_anchors.end() == it && static_cast<bool>(m_certificateCache))
trustedCert = m_certificateCache->getCertificate(keyLocatorName);
- else
+ else if (m_anchors.end() != it)
trustedCert = it->second;
if (static_cast<bool>(trustedCert))
diff --git a/src/security/validator-config.hpp b/src/security/validator-config.hpp
index e1ae5fd..db8d17d 100644
--- a/src/security/validator-config.hpp
+++ b/src/security/validator-config.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,6 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*
* @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
+ * @author Zhiyi Zhang <zhangzhiyi1919@gmail.com>
*/
#ifndef NDN_SECURITY_VALIDATOR_CONFIG_HPP
@@ -66,9 +67,7 @@
const time::system_clock::Duration& keyTimestampTtl = DEFAULT_KEY_TIMESTAMP_TTL);
virtual
- ~ValidatorConfig()
- {
- }
+ ~ValidatorConfig() = default;
void
load(const std::string& filename);
@@ -95,14 +94,14 @@
int nSteps,
const OnDataValidated& onValidated,
const OnDataValidationFailed& onValidationFailed,
- std::vector<shared_ptr<ValidationRequest> >& nextSteps);
+ std::vector<shared_ptr<ValidationRequest>>& nextSteps);
virtual void
checkPolicy(const Interest& interest,
int nSteps,
const OnInterestValidated& onValidated,
const OnInterestValidationFailed& onValidationFailed,
- std::vector<shared_ptr<ValidationRequest> >& nextSteps);
+ std::vector<shared_ptr<ValidationRequest>>& nextSteps);
private:
template<class Packet, class OnValidated, class OnFailed>
@@ -112,7 +111,7 @@
size_t nSteps,
const OnValidated& onValidated,
const OnFailed& onValidationFailed,
- std::vector<shared_ptr<ValidationRequest> >& nextSteps);
+ std::vector<shared_ptr<ValidationRequest>>& nextSteps);
void
checkTimestamp(const shared_ptr<const Interest>& interest,
@@ -154,14 +153,6 @@
void
cleanOldKeys();
-#ifdef NDN_CXX_HAVE_TESTS
- size_t
- getTimestampMapSize()
- {
- return m_lastTimestamp.size();
- }
-#endif
-
class TrustAnchorContainer
{
public:
@@ -169,7 +160,7 @@
{
}
- const std::list<shared_ptr<IdentityCertificate> >&
+ const std::list<shared_ptr<IdentityCertificate>>&
getAll() const
{
return m_certificates;
@@ -182,7 +173,7 @@
}
protected:
- std::list<shared_ptr<IdentityCertificate> > m_certificates;
+ std::list<shared_ptr<IdentityCertificate>> m_certificates;
};
class DynamicTrustAnchorContainer : public TrustAnchorContainer
@@ -237,14 +228,14 @@
static const time::milliseconds DEFAULT_GRACE_INTERVAL;
static const time::system_clock::Duration DEFAULT_KEY_TIMESTAMP_TTL;
-private:
+NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
typedef security::conf::Rule<Interest> InterestRule;
typedef security::conf::Rule<Data> DataRule;
- typedef std::vector<shared_ptr<InterestRule> > InterestRuleList;
- typedef std::vector<shared_ptr<DataRule> > DataRuleList;
- typedef std::map<Name, shared_ptr<IdentityCertificate> > AnchorList;
+ typedef std::vector<shared_ptr<InterestRule>> InterestRuleList;
+ typedef std::vector<shared_ptr<DataRule>> DataRuleList;
+ typedef std::map<Name, shared_ptr<IdentityCertificate>> AnchorList;
typedef std::list<DynamicTrustAnchorContainer> DynamicContainers; // sorted by m_lastRefresh
- typedef std::list<shared_ptr<IdentityCertificate> > CertificateList;
+ typedef std::list<shared_ptr<IdentityCertificate>> CertificateList;
/**
diff --git a/tests/unit-tests/security/conf/checker.t.cpp b/tests/unit-tests/security/conf/checker.t.cpp
index 64588eb..ba18323 100644
--- a/tests/unit-tests/security/conf/checker.t.cpp
+++ b/tests/unit-tests/security/conf/checker.t.cpp
@@ -33,61 +33,6 @@
BOOST_FIXTURE_TEST_SUITE(SecurityConfChecker, IdentityManagementFixture)
-void
-interestChecked(const shared_ptr<const Interest>& interest)
-{
- BOOST_CHECK(true);
-}
-
-void
-interestCheckFailed(const shared_ptr<const Interest>& interest,
- const std::string& failureInfo)
-{
- std::cerr << failureInfo << std::endl;
- BOOST_CHECK(false);
-}
-
-void
-interestCheckedFalse(const shared_ptr<const Interest>& interest)
-{
- BOOST_CHECK(false);
-}
-
-void
-interestCheckFailedFalse(const shared_ptr<const Interest>& interest,
- const std::string& failureInfo)
-{
- BOOST_CHECK(true);
-}
-
-void
-dataChecked(const shared_ptr<const Data>& interest)
-{
- BOOST_CHECK(true);
-}
-
-void
-dataCheckFailed(const shared_ptr<const Data>& interest,
- const std::string& failureInfo)
-{
- std::cerr << failureInfo << std::endl;
- BOOST_CHECK(false);
-}
-
-void
-dataCheckedFalse(const shared_ptr<const Data>& interest)
-{
- BOOST_CHECK(false);
-}
-
-void
-dataCheckFailedFalse(const shared_ptr<const Data>& interest,
- const std::string& failureInfo)
-{
- BOOST_CHECK(true);
-}
-
-
BOOST_AUTO_TEST_CASE(CustomizedCheckerTest1)
{
using security::conf::CustomizedChecker;
@@ -131,24 +76,16 @@
KeyLocatorChecker::RELATION_EQUAL);
CustomizedChecker checker1(tlv::SignatureSha256WithRsa, keyLocatorCheckerEqual1);
- result = checker1.check(*data1,
- bind(dataChecked, _1),
- bind(dataCheckFailed, _1, _2));
+ result = checker1.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
- result = checker1.check(*data2,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker1.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
- result = checker1.check(*interest1,
- bind(interestChecked, _1),
- bind(interestCheckFailed, _1, _2));
+ result = checker1.check(*interest1);
BOOST_CHECK_EQUAL(result, 0);
- result = checker1.check(*interest2,
- bind(interestCheckedFalse, _1),
- bind(interestCheckFailedFalse, _1, _2));
+ result = checker1.check(*interest2);
BOOST_CHECK_EQUAL(result, -1);
@@ -157,14 +94,10 @@
KeyLocatorChecker::RELATION_EQUAL);
CustomizedChecker checker2(tlv::SignatureSha256WithRsa, keyLocatorCheckerEqual2);
- result = checker2.check(*data1,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker2.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
- result = checker2.check(*interest1,
- bind(interestCheckedFalse, _1),
- bind(interestCheckFailedFalse, _1, _2));
+ result = checker2.check(*interest1);
BOOST_CHECK_EQUAL(result, -1);
@@ -173,14 +106,10 @@
KeyLocatorChecker::RELATION_IS_PREFIX_OF);
CustomizedChecker checker3(tlv::SignatureSha256WithRsa, keyLocatorCheckerPrefix1);
- result = checker3.check(*data1,
- bind(dataChecked, _1),
- bind(dataCheckFailed, _1, _2));
+ result = checker3.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
- result = checker3.check(*data2,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker3.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
@@ -189,14 +118,10 @@
KeyLocatorChecker::RELATION_IS_PREFIX_OF);
CustomizedChecker checker4(tlv::SignatureSha256WithRsa, keyLocatorCheckerPrefix2);
- result = checker4.check(*data1,
- bind(dataChecked, _1),
- bind(dataCheckFailed, _1, _2));
+ result = checker4.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
- result = checker4.check(*data2,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker4.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
@@ -205,14 +130,10 @@
KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF);
CustomizedChecker checker5(tlv::SignatureSha256WithRsa, keyLocatorCheckerStrict1);
- result = checker5.check(*data1,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker5.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
- result = checker5.check(*data2,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker5.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerStrict2 =
@@ -220,14 +141,10 @@
KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF);
CustomizedChecker checker6(tlv::SignatureSha256WithRsa, keyLocatorCheckerStrict2);
- result = checker6.check(*data1,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker6.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
- result = checker6.check(*data2,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker6.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
}
@@ -274,24 +191,16 @@
Regex("^<SecurityTestConfChecker><CustomizedCheckerTest2>"));
CustomizedChecker checker1(tlv::SignatureSha256WithRsa, keyLocatorCheckerRegex1);
- result = checker1.check(*data1,
- bind(dataChecked, _1),
- bind(dataCheckFailed, _1, _2));
+ result = checker1.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
- result = checker1.check(*data2,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker1.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
- result = checker1.check(*interest1,
- bind(interestChecked, _1),
- bind(interestCheckFailed, _1, _2));
+ result = checker1.check(*interest1);
BOOST_CHECK_EQUAL(result, 0);
- result = checker1.check(*interest2,
- bind(interestCheckedFalse, _1),
- bind(interestCheckFailedFalse, _1, _2));
+ result = checker1.check(*interest2);
BOOST_CHECK_EQUAL(result, -1);
}
@@ -338,32 +247,22 @@
Regex("^<SecurityTestConfChecker><CustomizedCheckerTest3>"));
CustomizedChecker checker1(tlv::SignatureSha256WithEcdsa, keyLocatorCheckerRegex1);
- result = checker1.check(*data1,
- bind(dataChecked, _1),
- bind(dataCheckFailed, _1, _2));
+ result = checker1.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
- result = checker1.check(*data2,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker1.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
- result = checker1.check(*interest1,
- bind(interestChecked, _1),
- bind(interestCheckFailed, _1, _2));
+ result = checker1.check(*interest1);
BOOST_CHECK_EQUAL(result, 0);
- result = checker1.check(*interest2,
- bind(interestCheckedFalse, _1),
- bind(interestCheckFailedFalse, _1, _2));
+ result = checker1.check(*interest2);
BOOST_CHECK_EQUAL(result, -1);
CustomizedChecker checker2(tlv::SignatureSha256WithRsa, keyLocatorCheckerRegex1);
- result = checker2.check(*data1,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker2.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
}
@@ -417,67 +316,43 @@
HierarchicalChecker checker1(tlv::SignatureSha256WithEcdsa);
- result = checker1.check(*data1,
- bind(dataChecked, _1),
- bind(dataCheckFailed, _1, _2));
+ result = checker1.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
- result = checker1.check(*data2,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker1.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
- result = checker1.check(*data3,
- bind(dataChecked, _1),
- bind(dataCheckFailed, _1, _2));
+ result = checker1.check(*data3);
BOOST_CHECK_EQUAL(result, 0);
- result = checker1.check(*data4,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker1.check(*data4);
BOOST_CHECK_EQUAL(result, -1);
- result = checker1.check(*data5,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker1.check(*data5);
BOOST_CHECK_EQUAL(result, -1);
- result = checker1.check(*data6,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker1.check(*data6);
BOOST_CHECK_EQUAL(result, -1);
HierarchicalChecker checker2(tlv::SignatureSha256WithRsa);
- result = checker2.check(*data1,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker2.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
- result = checker2.check(*data2,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker2.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
- result = checker2.check(*data3,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker2.check(*data3);
BOOST_CHECK_EQUAL(result, -1);
- result = checker2.check(*data4,
- bind(dataChecked, _1),
- bind(dataCheckFailed, _1, _2));
+ result = checker2.check(*data4);
BOOST_CHECK_EQUAL(result, 0);
- result = checker2.check(*data5,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker2.check(*data5);
BOOST_CHECK_EQUAL(result, -1);
- result = checker2.check(*data6,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker2.check(*data6);
BOOST_CHECK_EQUAL(result, -1);
}
@@ -518,53 +393,37 @@
FixedSignerChecker checker1(tlv::SignatureSha256WithEcdsa, certSet1);
- result = checker1.check(*data1,
- bind(dataChecked, _1),
- bind(dataCheckFailed, _1, _2));
+ result = checker1.check(*data1);
BOOST_CHECK_EQUAL(result, 1);
- result = checker1.check(*data2,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker1.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
FixedSignerChecker checker2(tlv::SignatureSha256WithRsa, certSet1);
- result = checker2.check(*data1,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker2.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
- result = checker2.check(*data2,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker2.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
FixedSignerChecker checker3(tlv::SignatureSha256WithEcdsa, certSet2);
- result = checker3.check(*data1,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker3.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
- result = checker3.check(*data2,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker3.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
FixedSignerChecker checker4(tlv::SignatureSha256WithRsa, certSet2);
- result = checker4.check(*data1,
- bind(dataCheckedFalse, _1),
- bind(dataCheckFailedFalse, _1, _2));
+ result = checker4.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
- result = checker4.check(*data2,
- bind(dataChecked, _1),
- bind(dataCheckFailed, _1, _2));
+ result = checker4.check(*data2);
BOOST_CHECK_EQUAL(result, 1);
}
diff --git a/tests/unit-tests/security/validator-config.t.cpp b/tests/unit-tests/security/validator-config.t.cpp
index 005ca9b..028d790 100644
--- a/tests/unit-tests/security/validator-config.t.cpp
+++ b/tests/unit-tests/security/validator-config.t.cpp
@@ -22,6 +22,7 @@
#include "security/validator-config.hpp"
#include "security/key-chain.hpp"
+#include "security/signing-helpers.hpp"
#include "util/io.hpp"
#include "util/scheduler.hpp"
#include "util/dummy-client-face.hpp"
@@ -30,6 +31,7 @@
#include "identity-management-fixture.hpp"
#include "../identity-management-time-fixture.hpp"
+#include "../make-interest-data.hpp"
#include "boost-test.hpp"
namespace ndn {
@@ -52,15 +54,11 @@
Name dataName1("/simple/equal");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Name dataName2("/simple/different");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
std::string CONFIG_1 =
"rule\n"
@@ -100,7 +98,7 @@
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
+ validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*data1,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
@@ -126,21 +124,15 @@
Name dataName1("/simple/isPrefixOf");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Name dataName2("/simple/notPrefixOf");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Name dataName3("/simple/isPrefixOf/anotherLevel");
shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
std::string CONFIG_1 =
"rule\n"
@@ -180,7 +172,7 @@
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
+ validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*data1,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
@@ -210,21 +202,15 @@
Name dataName1("/simple/isStrictPrefixOf");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Name dataName2("/simple");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
std::string CONFIG_1 =
"rule\n"
@@ -264,7 +250,7 @@
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
+ validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*data1,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
@@ -294,21 +280,15 @@
Name dataName1("/simple/regex");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Name dataName2("/simple/regex-wrong");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Name dataName3("/simple/regex/correct");
shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
std::string CONFIG_1 =
"rule\n"
@@ -347,7 +327,7 @@
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
+ validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*data1,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
@@ -378,21 +358,15 @@
Name dataName1 = identity;
dataName1.append("1");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Name dataName2 = identity;
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
const std::string CONFIG =
"rule\n"
@@ -427,7 +401,7 @@
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
+ validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*data1,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
@@ -464,16 +438,12 @@
Name dataName1 = identity;
dataName1.append("data").appendVersion();
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity1)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
Name dataName2 = identity;
dataName2.append("data").appendVersion();
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity2)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
shared_ptr<Interest> interest = make_shared<Interest>(interestName);
@@ -526,7 +496,7 @@
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
+ validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*data1,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
@@ -545,6 +515,148 @@
boost::filesystem::remove(CERT_PATH);
}
+struct CertCleanFixture : public IdentityManagementTimeFixture
+{
+public:
+ CertCleanFixture()
+ : tmpPath(boost::filesystem::path(UNIT_TEST_CONFIG_PATH))
+ {
+ boost::filesystem::create_directories(tmpPath);
+ }
+
+ ~CertCleanFixture()
+ {
+ boost::filesystem::remove_all(tmpPath);
+ }
+
+public:
+ boost::filesystem::path tmpPath;
+};
+
+BOOST_FIXTURE_TEST_CASE(MultiCheckers, CertCleanFixture)
+{
+ std::string certDir = tmpPath.c_str();
+
+ Name identity1("/TestValidatorConfig/MultiCheckers/");
+ identity1.appendVersion();
+ addIdentity(identity1);
+ Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
+ shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
+ std::string certDir1 = certDir + "trust-anchor-multi-1.cert";
+ io::save(*idCert1, certDir1);
+
+ Name identity2("/TestValidatorConfig/");
+ identity2.appendVersion();
+ addIdentity(identity2);
+ Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
+ shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
+ std::string certDir2 = certDir + "trust-anchor-multi-2.cert";
+ io::save(*idCert2, certDir2);
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"Simple Rule01\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /\n"
+ " relation is-prefix-of\n"
+ " }\n"
+ " checker\n" // checker 1, signer should have prefix /TestValidatorConfig/MultiCheckers
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/MultiCheckers/\n"
+ " relation is-prefix-of\n"
+ " }\n"
+ " }\n"
+ " checker\n" // checker 2, data should have same prefix of its signer
+ " {\n"
+ " type hierarchical\n"
+ " sig-type rsa-sha256\n"
+ " }\n"
+ " checker\n" // checker 3, the signer should be identity1
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-multi-1.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+
+ const boost::filesystem::path CONFIG_PATH =
+ (tmpPath / std::string("unit-test-multicheckers.conf"));
+
+ ValidatorConfig validator;
+ validator.load(CONFIG, CONFIG_PATH.c_str());
+ conf::Checker& checker0 = *validator.m_dataRules.front()->m_checkers[0];
+ conf::Checker& checker1 = *validator.m_dataRules.front()->m_checkers[1];
+ conf::Checker& checker2 = *validator.m_dataRules.front()->m_checkers[2];
+
+ auto data1 = util::makeData(Name(identity1).append("Test"));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
+ BOOST_CHECK_EQUAL(checker0.check(*data1), 0);
+ BOOST_CHECK_EQUAL(checker1.check(*data1), 0);
+ BOOST_CHECK_EQUAL(checker2.check(*data1), 1);
+
+ auto data2 = util::makeData(Name(identity2).append("Data2"));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
+ BOOST_CHECK_EQUAL(checker0.check(*data2), -1);
+ BOOST_CHECK_EQUAL(checker1.check(*data2), 0);
+ BOOST_CHECK_EQUAL(checker2.check(*data2), -1);
+
+ auto data3 = util::makeData(Name(identity2).append("Data3"));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity1)));
+ BOOST_CHECK_EQUAL(checker0.check(*data3), 0);
+ BOOST_CHECK_EQUAL(checker1.check(*data3), -1);
+ BOOST_CHECK_EQUAL(checker2.check(*data3), 1);
+
+ auto data4 = util::makeData("/Data4");
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data4, security::signingByIdentity(identity2)));
+ BOOST_CHECK_EQUAL(checker0.check(*data4), -1);
+ BOOST_CHECK_EQUAL(checker1.check(*data4), -1);
+ BOOST_CHECK_EQUAL(checker2.check(*data4), -1);
+
+ int count = 0;
+ validator.validate(*data1,
+ [&] (const shared_ptr<const Data>&) {
+ BOOST_CHECK(true);
+ count++;
+ },
+ [] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [&] (const shared_ptr<const Data>&, const std::string& str) {
+ BOOST_CHECK(true);
+ count++;
+ });
+
+ validator.validate(*data3,
+ [&] (const shared_ptr<const Data>&) {
+ BOOST_CHECK(true);
+ count++;
+ },
+ [] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
+
+ validator.validate(*data4,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [&] (const shared_ptr<const Data>&, const std::string& str) {
+ BOOST_CHECK(true);
+ count++;
+ });
+
+ BOOST_CHECK_EQUAL(count, 4);
+}
+
BOOST_AUTO_TEST_CASE(Reset)
{
Name root("/TestValidatorConfig/Reload");
@@ -602,7 +714,7 @@
shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
- validator->load(CONFIG, CONFIG_PATH.native());
+ validator->load(CONFIG, CONFIG_PATH.c_str());
BOOST_CHECK_EQUAL(validator->isEmpty(), false);
validator->reset();
@@ -621,9 +733,7 @@
Name dataName1("/any/data");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
std::string CONFIG =
"trust-anchor\n"
@@ -636,7 +746,7 @@
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
+ validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*data1,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
@@ -662,13 +772,9 @@
interestName2.append("2");
shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity1)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
usleep(10000);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity1)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity1)));
const std::string CONFIG =
"rule\n"
@@ -697,7 +803,7 @@
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
+ validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*interest1,
[] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
@@ -754,17 +860,11 @@
interestName3.append("3");
shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity1)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
usleep(10000);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity2)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
usleep(10000);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity3)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
const std::string CONFIG =
"rule\n"
@@ -808,7 +908,7 @@
10,
2, // Two keys can be tracked
time::seconds(1)); // TTL is set to 1 sec
- validator.load(CONFIG, CONFIG_PATH.native());
+ validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*interest1,
[] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
@@ -892,21 +992,13 @@
shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity1)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
usleep(10000);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity2)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
usleep(10000);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity3)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
usleep(10000);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest4,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity4)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest4, security::signingByIdentity(identity4)));
const std::string CONFIG =
"rule\n"
@@ -955,7 +1047,7 @@
10,
3, // Two keys can be tracked
time::seconds(1)); // TTL is set to 1 sec
- validator.load(CONFIG, CONFIG_PATH.native());
+ validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*interest1,
[] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
@@ -1033,22 +1125,14 @@
Name dataName("/TestValidatorConfig/FixedSignerChecker2");
shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
- m_keyChain.sign(*dataRsa,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- rsaIdentity));
+ m_keyChain.sign(*dataRsa, security::signingByIdentity(rsaIdentity));
shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
- m_keyChain.sign(*dataEcdsa,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- ecdsaIdentity));
+ m_keyChain.sign(*dataEcdsa, security::signingByIdentity(ecdsaIdentity));
shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
- m_keyChain.sign(*interestRsa,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- rsaIdentity));
+ m_keyChain.sign(*interestRsa, security::signingByIdentity(rsaIdentity));
shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
- m_keyChain.sign(*interestEcdsa,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- ecdsaIdentity));
+ m_keyChain.sign(*interestEcdsa, security::signingByIdentity(ecdsaIdentity));
const std::string CONFIG =
"rule\n"
@@ -1098,7 +1182,7 @@
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
+ validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*dataEcdsa,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
@@ -1196,9 +1280,7 @@
time::system_clock::now(),
time::system_clock::now() + time::days(7300),
subjectDescription);
- m_keyChain.sign(*sldCert,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- root));
+ m_keyChain.sign(*sldCert, security::signingByIdentity(root));
m_keyChain.addCertificateAsIdentityDefault(*sldCert);
Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
@@ -1211,9 +1293,7 @@
time::system_clock::now(),
time::system_clock::now() + time::days(7300),
subjectDescription);
- m_keyChain.sign(*nldCert,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- sld));
+m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
m_keyChain.addCertificateAsIdentityDefault(*nldCert);
face1.setInterestFilter(sldCert->getName().getPrefix(-1),
@@ -1229,16 +1309,12 @@
Name dataName1 = nld;
dataName1.append("data1");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- nld)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(nld)));
Name dataName2("/ConfValidatorTest");
dataName2.append("data1");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- nld)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(nld)));
const std::string CONFIG =
@@ -1262,7 +1338,7 @@
auto validator = make_shared<ValidatorConfig>(&face2);
- validator->load(CONFIG, CONFIG_PATH.native());
+ validator->load(CONFIG, CONFIG_PATH.c_str());
advanceClocks(time::milliseconds(2), 100);
validator->validate(*data1,
@@ -1309,9 +1385,7 @@
time::system_clock::now(),
time::system_clock::now() + time::days(7300),
subjectDescription);
- m_keyChain.sign(*sldCert,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- root));
+ m_keyChain.sign(*sldCert, security::signingByIdentity(root));
m_keyChain.addCertificateAsIdentityDefault(*sldCert);
Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
@@ -1324,9 +1398,7 @@
time::system_clock::now(),
time::system_clock::now() + time::days(7300),
subjectDescription);
- m_keyChain.sign(*nldCert,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- sld));
+ m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
m_keyChain.addCertificateAsIdentityDefault(*nldCert);
face1.setInterestFilter(sldCert->getName().getPrefix(-1),
@@ -1342,23 +1414,17 @@
advanceClocks(time::milliseconds(10));
Name interestName1("/localhost/nrd/register/option");
shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- nld)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(nld)));
advanceClocks(time::milliseconds(10));
Name interestName2("/localhost/nrd/non-register");
shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- nld)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(nld)));
advanceClocks(time::milliseconds(10));
Name interestName3("/localhost/nrd/register/option");
shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- root)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(root)));
advanceClocks(time::milliseconds(10));
Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
@@ -1409,7 +1475,7 @@
(boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
auto validator = make_shared<ValidatorConfig>(&face2);
- validator->load(CONFIG, CONFIG_PATH.native());
+ validator->load(CONFIG, CONFIG_PATH.c_str());
advanceClocks(time::milliseconds(2), 100);
@@ -1510,15 +1576,11 @@
Name dataName1("/any/data/1");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- firstIdentity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(firstIdentity)));
Name dataName2("/any/data/2");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- secondIdentity)));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(secondIdentity)));
std::string CONFIG =
"rule\n"
@@ -1551,7 +1613,7 @@
const boost::filesystem::path CONFIG_PATH =
(boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
- validator.load(CONFIG, CONFIG_PATH.native());
+ validator.load(CONFIG, CONFIG_PATH.c_str());
advanceClocks(time::milliseconds(10), 20);
validator.validate(*data1,