commit 17d4b93f0499ceb8e27fc77bbb3c27a13fa91a27
author Alexander Afanasyev <aa@cs.fiu.edu> Wed Mar 17 17:58:40 2021 -0400
committer Alexander Afanasyev <aa@cs.fiu.edu> Thu Mar 18 19:31:23 2021 -0400
tree 3280b1ee8d30686af83b175e5cf32929e25155f4
parent aef53b6c269e10f38b789b2888d69bf424da8160

security: Enforce sig-type check in ValidatorConfig

Change-Id: Ia58e19bbe7453095cb83b3b05dee29ae58d64522
Refs: #4524

tests/unit/security/validator-config/rule.t.cpp

diff --git a/tests/unit/security/validator-config/rule.t.cpp b/tests/unit/security/validator-config/rule.t.cpp
index 0410d9f..8b846ff 100644
--- a/tests/unit/security/validator-config/rule.t.cpp
+++ b/tests/unit/security/validator-config/rule.t.cpp
@@ -64,7 +64,8 @@
 BOOST_FIXTURE_TEST_CASE(Errors, RuleFixture<DataPkt>)
 {
   BOOST_CHECK_THROW(rule.match(tlv::Interest, this->pktName, state), Error);
-  BOOST_CHECK_THROW(rule.check(tlv::Interest, this->pktName, "/foo/bar", state), Error);
+  BOOST_CHECK_THROW(rule.check(tlv::Interest, tlv::SignatureSha256WithRsa,
+                               this->pktName, "/foo/bar", state), Error);
 }
 
 BOOST_FIXTURE_TEST_CASE_TEMPLATE(Constructor, PktType, PktTypes, RuleFixture<PktType>)
@@ -76,7 +77,8 @@
 BOOST_FIXTURE_TEST_CASE_TEMPLATE(EmptyRule, PktType, PktTypes, RuleFixture<PktType>)
 {
   BOOST_CHECK_EQUAL(this->rule.match(PktType::getType(), this->pktName, this->state), true);
-  BOOST_CHECK_EQUAL(this->rule.check(PktType::getType(), this->pktName, "/foo/bar", this->state), false);
+  BOOST_CHECK_EQUAL(this->rule.check(PktType::getType(), tlv::SignatureSha256WithRsa,
+                                     this->pktName, "/foo/bar", this->state), false);
 }
 
 BOOST_FIXTURE_TEST_CASE_TEMPLATE(Filters, PktType, PktTypes, RuleFixture<PktType>)
@@ -91,7 +93,8 @@
   BOOST_CHECK_EQUAL(this->rule.match(PktType::getType(), this->pktName, this->state), true);
   BOOST_CHECK_EQUAL(this->rule.match(PktType::getType(), "/not" + this->pktName.toUri(), this->state), true);
 
-  BOOST_CHECK_EQUAL(this->rule.check(PktType::getType(), this->pktName, "/foo/bar", this->state), false);
+  BOOST_CHECK_EQUAL(this->rule.check(PktType::getType(), tlv::SignatureSha256WithRsa,
+                                     this->pktName, "/foo/bar", this->state), false);
 }
 
 BOOST_FIXTURE_TEST_CASE_TEMPLATE(Checkers, PktType, PktTypes, RuleFixture<PktType>)
@@ -99,7 +102,8 @@
   auto testChecker = [this] (const Name& klName, bool expectedOutcome) {
     BOOST_TEST_CONTEXT(klName << " expected=" << expectedOutcome) {
       this->state = PktType::makeState(); // reset state
-      BOOST_CHECK_EQUAL(this->rule.check(PktType::getType(), this->pktName, klName, this->state),
+      BOOST_CHECK_EQUAL(this->rule.check(PktType::getType(), tlv::SignatureSha256WithRsa,
+                                         this->pktName, klName, this->state),
                         expectedOutcome);
 
       auto outcome = this->state->getOutcome();
@@ -113,14 +117,16 @@
     }
   };
 
-  this->rule.addChecker(make_unique<HyperRelationChecker>("^(<>+)$", "\\1",
+  this->rule.addChecker(make_unique<HyperRelationChecker>(tlv::SignatureSha256WithRsa,
+                                                          "^(<>+)$", "\\1",
                                                           "^<always>(<>+)$", "\\1",
                                                           NameRelation::EQUAL));
   testChecker("/always/foo/bar", true);
   testChecker("/seldomly/foo/bar", false);
   testChecker("/never/foo/bar", false);
 
-  this->rule.addChecker(make_unique<HyperRelationChecker>("^(<>+)$", "\\1",
+  this->rule.addChecker(make_unique<HyperRelationChecker>(tlv::SignatureSha256WithRsa,
+                                                          "^(<>+)$", "\\1",
                                                           "^<seldomly>(<>+)$", "\\1",
                                                           NameRelation::EQUAL));
   testChecker("/always/foo/bar", true);
@@ -189,13 +195,14 @@
     )CONF";
   auto rule = Rule::create(makeSection(config), "test-config");
 
-  BOOST_CHECK_EQUAL(rule->match(PktType::getType(), this->pktName, this->state), true);
-  BOOST_CHECK_EQUAL(rule->match(PktType::getType(), "/not" + this->pktName.toUri(), this->state), false);
+  BOOST_CHECK(rule->match(PktType::getType(), this->pktName, this->state));
+  BOOST_CHECK(!rule->match(PktType::getType(), "/not" + this->pktName.toUri(), this->state));
 
-  BOOST_CHECK_EQUAL(rule->check(PktType::getType(), this->pktName, "/foo/bar", this->state), true);
+  BOOST_CHECK(rule->check(PktType::getType(), tlv::SignatureSha256WithRsa, this->pktName, "/foo/bar", this->state));
+  BOOST_CHECK(!rule->check(PktType::getType(), tlv::SignatureSha256WithEcdsa, this->pktName, "/foo/bar", this->state));
 
   this->state = PktType::makeState(); // reset state
-  BOOST_CHECK_EQUAL(rule->check(PktType::getType(), this->pktName, "/not/foo/bar", this->state), false);
+  BOOST_CHECK(!rule->check(PktType::getType(), tlv::SignatureSha256WithRsa, this->pktName, "/not/foo/bar", this->state));
 }
 
 BOOST_AUTO_TEST_SUITE_END() // Create