security: New generalized signing API in KeyChain
A new API in KeyChain introduces a general interface to sign interest
and data packets and supply necessary signing information, such as
signing identity name, signing key name, or signing certificate name.
In addition, the supplied signing information can include additional
information that signer wants to include in the SignatureInfo of the
signed packet.
Old sign methods `KeyChain::sign(Packet, Name)`, `KeyChain::sign(uint8_t*, size_t, Name)`,
`KeyChain::signByIdentity(Packet, Name)`, `KeyChain::signByIdentity(uint8_t*, size_t, Name)`,
`KeyChain::signWithSha256(Data)`, and `KeyChain::signWithSha256(Interest)`
are now deprecated and will be removed in the next release.
Change-Id: I086e6c6522f70bcb7799e7dfc4cc4b2f8a3816a0
Refs: #2871, #1705
diff --git a/tests/unit-tests/data.t.cpp b/tests/unit-tests/data.t.cpp
index 1682854..262f2ac 100644
--- a/tests/unit-tests/data.t.cpp
+++ b/tests/unit-tests/data.t.cpp
@@ -471,7 +471,7 @@
BOOST_CHECK_THROW(d.getFullName(), Data::Error);
- keyChain.sign(d, certName);
+ keyChain.sign(d, security::SigningInfo(security::SigningInfo::SIGNER_TYPE_CERT, certName));
Name fullName;
BOOST_REQUIRE_NO_THROW(fullName = d.getFullName());
diff --git a/tests/unit-tests/security/conf/checker.t.cpp b/tests/unit-tests/security/conf/checker.t.cpp
index ea26b0c..e989237 100644
--- a/tests/unit-tests/security/conf/checker.t.cpp
+++ b/tests/unit-tests/security/conf/checker.t.cpp
@@ -102,16 +102,24 @@
Name packetName("/SecurityTestConfChecker/CustomizedCheckerTest1/Data");
shared_ptr<Data> data1 = make_shared<Data>(packetName);
- m_keyChain.signByIdentity(*data1, identity);
+ m_keyChain.sign(*data1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity));
shared_ptr<Data> data2 = make_shared<Data>(packetName);
- m_keyChain.signByIdentity(*data2, identity2);
+ m_keyChain.sign(*data2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity2));
shared_ptr<Interest> interest1 = make_shared<Interest>(packetName);
- m_keyChain.signByIdentity(*interest1, identity);
+ m_keyChain.sign(*interest1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity));
shared_ptr<Interest> interest2 = make_shared<Interest>(packetName);
- m_keyChain.signByIdentity(*interest2, identity2);
+ m_keyChain.sign(*interest2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity2));
int8_t result = 0;
@@ -237,16 +245,24 @@
Name packetName("/SecurityTestConfChecker/CustomizedCheckerTest2/Data");
shared_ptr<Data> data1 = make_shared<Data>(packetName);
- m_keyChain.signByIdentity(*data1, identity);
+ m_keyChain.sign(*data1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity));
shared_ptr<Data> data2 = make_shared<Data>(packetName);
- m_keyChain.signByIdentity(*data2, identity2);
+ m_keyChain.sign(*data2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity2));
shared_ptr<Interest> interest1 = make_shared<Interest>(packetName);
- m_keyChain.signByIdentity(*interest1, identity);
+ m_keyChain.sign(*interest1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity));
shared_ptr<Interest> interest2 = make_shared<Interest>(packetName);
- m_keyChain.signByIdentity(*interest2, identity2);
+ m_keyChain.sign(*interest2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity2));
int8_t result = 0;
@@ -293,16 +309,24 @@
Name packetName("/SecurityTestConfChecker/CustomizedCheckerTest3/Data");
shared_ptr<Data> data1 = make_shared<Data>(packetName);
- m_keyChain.signByIdentity(*data1, identity);
+ m_keyChain.sign(*data1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity));
shared_ptr<Data> data2 = make_shared<Data>(packetName);
- m_keyChain.signByIdentity(*data2, identity2);
+ m_keyChain.sign(*data2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity2));
shared_ptr<Interest> interest1 = make_shared<Interest>(packetName);
- m_keyChain.signByIdentity(*interest1, identity);
+ m_keyChain.sign(*interest1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity));
shared_ptr<Interest> interest2 = make_shared<Interest>(packetName);
- m_keyChain.signByIdentity(*interest2, identity2);
+ m_keyChain.sign(*interest2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity2));
int8_t result = 0;
@@ -358,22 +382,34 @@
Name packetName3("/SecurityTestConfChecker/HierarchicalCheckerTest1");
shared_ptr<Data> data1 = make_shared<Data>(packetName);
- m_keyChain.signByIdentity(*data1, identity);
+ m_keyChain.sign(*data1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity));
shared_ptr<Data> data2 = make_shared<Data>(packetName2);
- m_keyChain.signByIdentity(*data2, identity);
+ m_keyChain.sign(*data2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity));
shared_ptr<Data> data3 = make_shared<Data>(packetName3);
- m_keyChain.signByIdentity(*data3, identity);
+ m_keyChain.sign(*data3,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity));
shared_ptr<Data> data4 = make_shared<Data>(packetName);
- m_keyChain.signByIdentity(*data4, identity2);
+ m_keyChain.sign(*data4,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity2));
shared_ptr<Data> data5 = make_shared<Data>(packetName2);
- m_keyChain.signByIdentity(*data5, identity2);
+ m_keyChain.sign(*data5,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity2));
shared_ptr<Data> data6 = make_shared<Data>(packetName3);
- m_keyChain.signByIdentity(*data6, identity2);
+ m_keyChain.sign(*data6,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity2));
int8_t result = 0;
@@ -460,10 +496,14 @@
Name packetName("/Test/Data");
shared_ptr<Data> data1 = make_shared<Data>(packetName);
- m_keyChain.signByIdentity(*data1, identity);
+ m_keyChain.sign(*data1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity));
shared_ptr<Data> data2 = make_shared<Data>(packetName);
- m_keyChain.signByIdentity(*data2, identity2);
+ m_keyChain.sign(*data2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity2));
std::vector<shared_ptr<IdentityCertificate> > certSet1;
certSet1.push_back(cert1);
diff --git a/tests/unit-tests/security/digest-sha256.t.cpp b/tests/unit-tests/security/digest-sha256.t.cpp
index b0cdebc..ebf50c7 100644
--- a/tests/unit-tests/security/digest-sha256.t.cpp
+++ b/tests/unit-tests/security/digest-sha256.t.cpp
@@ -54,7 +54,7 @@
char content[5] = "1234";
testData.setContent(reinterpret_cast<uint8_t*>(content), 5);
- m_keyChain.signWithSha256(testData);
+ m_keyChain.sign(testData, security::SigningInfo(security::SigningInfo::SIGNER_TYPE_SHA256));
testData.wireEncode();
@@ -70,7 +70,7 @@
Name name("/SecurityTestDigestSha256/InterestSignature/Interest1");
Interest testInterest(name);
- m_keyChain.signWithSha256(testInterest);
+ m_keyChain.sign(testInterest, security::SigningInfo(security::SigningInfo::SIGNER_TYPE_SHA256));
testInterest.wireEncode();
const Name& signedName = testInterest.getName();
diff --git a/tests/unit-tests/security/key-chain.t.cpp b/tests/unit-tests/security/key-chain.t.cpp
index d364dcf..a6c0cbe 100644
--- a/tests/unit-tests/security/key-chain.t.cpp
+++ b/tests/unit-tests/security/key-chain.t.cpp
@@ -20,6 +20,7 @@
*/
#include "security/key-chain.hpp"
+#include "security/validator.hpp"
#include "../util/test-home-environment-fixture.hpp"
#include <boost/filesystem.hpp>
@@ -27,6 +28,7 @@
#include "dummy-keychain.hpp"
namespace ndn {
+namespace security {
namespace tests {
BOOST_FIXTURE_TEST_SUITE(SecurityKeyChain, util::TestHomeEnvironmentFixture)
@@ -341,7 +343,82 @@
BOOST_CHECK_EQUAL(keyChain.getDefaultIdentity(), "/dummy/key");
}
+BOOST_AUTO_TEST_CASE(GeneralSigningInterface)
+{
+ KeyChain keyChain;
+ Name id("/id");
+ Name certName = keyChain.createIdentity(id);
+ shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
+ Name keyName = idCert->getPublicKeyName();
+ keyChain.setDefaultIdentity(id);
+
+ Name id2("/id2");
+ Name cert2Name = keyChain.createIdentity(id2);
+ shared_ptr<IdentityCertificate> id2Cert = keyChain.getCertificate(cert2Name);
+
+ // SigningInfo is set to default
+ Data data1("/data1");
+ keyChain.sign(data1);
+ BOOST_CHECK(Validator::verifySignature(data1, idCert->getPublicKeyInfo()));
+ BOOST_CHECK_EQUAL(data1.getSignature().getKeyLocator().getName(), certName.getPrefix(-1));
+
+ Interest interest1("/interest1");
+ keyChain.sign(interest1);
+ BOOST_CHECK(Validator::verifySignature(interest1, idCert->getPublicKeyInfo()));
+ SignatureInfo sigInfo1(interest1.getName()[-2].blockFromValue());
+ BOOST_CHECK_EQUAL(sigInfo1.getKeyLocator().getName(), certName.getPrefix(-1));
+
+ // SigningInfo is set to Identity
+ Data data2("/data2");
+ keyChain.sign(data2, SigningInfo(SigningInfo::SIGNER_TYPE_ID, id2));
+ BOOST_CHECK(Validator::verifySignature(data2, id2Cert->getPublicKeyInfo()));
+ BOOST_CHECK_EQUAL(data2.getSignature().getKeyLocator().getName(), cert2Name.getPrefix(-1));
+
+ Interest interest2("/interest2");
+ keyChain.sign(interest2, SigningInfo(SigningInfo::SIGNER_TYPE_ID, id2));
+ BOOST_CHECK(Validator::verifySignature(interest2, id2Cert->getPublicKeyInfo()));
+ SignatureInfo sigInfo2(interest2.getName()[-2].blockFromValue());
+ BOOST_CHECK_EQUAL(sigInfo2.getKeyLocator().getName(), cert2Name.getPrefix(-1));
+
+ // SigningInfo is set to Key
+ Data data3("/data3");
+ keyChain.sign(data3, SigningInfo(SigningInfo::SIGNER_TYPE_KEY, keyName));
+ BOOST_CHECK(Validator::verifySignature(data3, idCert->getPublicKeyInfo()));
+ BOOST_CHECK_EQUAL(data3.getSignature().getKeyLocator().getName(), certName.getPrefix(-1));
+
+ Interest interest3("/interest3");
+ keyChain.sign(interest3);
+ BOOST_CHECK(Validator::verifySignature(interest3, idCert->getPublicKeyInfo()));
+ SignatureInfo sigInfo3(interest1.getName()[-2].blockFromValue());
+ BOOST_CHECK_EQUAL(sigInfo3.getKeyLocator().getName(), certName.getPrefix(-1));
+
+ // SigningInfo is set to Cert
+ Data data4("/data4");
+ keyChain.sign(data4, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certName));
+ BOOST_CHECK(Validator::verifySignature(data4, idCert->getPublicKeyInfo()));
+ BOOST_CHECK_EQUAL(data4.getSignature().getKeyLocator().getName(), certName.getPrefix(-1));
+
+ Interest interest4("/interest4");
+ keyChain.sign(interest4, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certName));
+ BOOST_CHECK(Validator::verifySignature(interest4, idCert->getPublicKeyInfo()));
+ SignatureInfo sigInfo4(interest4.getName()[-2].blockFromValue());
+ BOOST_CHECK_EQUAL(sigInfo4.getKeyLocator().getName(), certName.getPrefix(-1));
+
+
+ // SigningInfo is set to DigestSha256
+ Data data5("/data5");
+ keyChain.sign(data5, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256));
+ BOOST_CHECK(Validator::verifySignature(data5, DigestSha256(data5.getSignature())));
+
+ Interest interest5("/interest4");
+ keyChain.sign(interest5, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256));
+ BOOST_CHECK(Validator::verifySignature(interest5,
+ DigestSha256(Signature(interest5.getName()[-2].blockFromValue(),
+ interest5.getName()[-1].blockFromValue()))));
+}
+
BOOST_AUTO_TEST_SUITE_END()
} // namespace tests
+} // namespace security
} // namespace ndn
diff --git a/tests/unit-tests/security/sec-rule-relative.t.cpp b/tests/unit-tests/security/sec-rule-relative.t.cpp
index f2f92e6a5..8557cc9 100644
--- a/tests/unit-tests/security/sec-rule-relative.t.cpp
+++ b/tests/unit-tests/security/sec-rule-relative.t.cpp
@@ -37,11 +37,15 @@
Name dataName("SecurityTestSecRule/Basic");
Data rsaData(dataName);
- m_keyChain.signByIdentity(rsaData, rsaIdentity);
+ m_keyChain.sign(rsaData,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ rsaIdentity));
Data ecdsaData(dataName);
- m_keyChain.signByIdentity(ecdsaData, ecdsaIdentity);
+ m_keyChain.sign(ecdsaData,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ ecdsaIdentity));
Data sha256Data(dataName);
- m_keyChain.signWithSha256(sha256Data);
+ m_keyChain.sign(sha256Data, security::SigningInfo(security::SigningInfo::SIGNER_TYPE_SHA256));
SecRuleRelative rule("^(<SecurityTestSecRule><Basic>)$",
"^(<SecurityTestSecRule><Basic>)<><KEY><><>$",
diff --git a/tests/unit-tests/security/sec-rule-specific.t.cpp b/tests/unit-tests/security/sec-rule-specific.t.cpp
index 3c48265..602a080 100644
--- a/tests/unit-tests/security/sec-rule-specific.t.cpp
+++ b/tests/unit-tests/security/sec-rule-specific.t.cpp
@@ -40,11 +40,15 @@
Name dataName("SecurityTestSecRule/Basic");
Data rsaData(dataName);
- m_keyChain.signByIdentity(rsaData, rsaIdentity);
+ m_keyChain.sign(rsaData,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ rsaIdentity));
Data ecdsaData(dataName);
- m_keyChain.signByIdentity(ecdsaData, ecdsaIdentity);
+ m_keyChain.sign(ecdsaData,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ ecdsaIdentity));
Data sha256Data(dataName);
- m_keyChain.signWithSha256(sha256Data);
+ m_keyChain.sign(sha256Data, security::SigningInfo(security::SigningInfo::SIGNER_TYPE_SHA256));
shared_ptr<Regex> dataRegex =
make_shared<Regex>("^<SecurityTestSecRule><Basic>$");
diff --git a/tests/unit-tests/security/signature-sha256-with-ecdsa.t.cpp b/tests/unit-tests/security/signature-sha256-with-ecdsa.t.cpp
index 22b324a..2df573b 100644
--- a/tests/unit-tests/security/signature-sha256-with-ecdsa.t.cpp
+++ b/tests/unit-tests/security/signature-sha256-with-ecdsa.t.cpp
@@ -114,7 +114,9 @@
Data testData("/SecurityTestSignatureSha256WithEcdsa/DataSignature/Data1");
char content[5] = "1234";
testData.setContent(reinterpret_cast<uint8_t*>(content), 5);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(testData, identityName));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(testData,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identityName)));
Block dataBlock(testData.wireEncode().wire(), testData.wireEncode().size());
Data testData2;
@@ -136,12 +138,16 @@
Interest interest11("/SecurityTestSignatureSha256WithEcdsa/InterestSignature/Interest1");
scheduler.scheduleEvent(time::milliseconds(100), [&] {
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest, identityName));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(interest,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identityName)));
});
advanceClocks(time::milliseconds(100));
scheduler.scheduleEvent(time::milliseconds(100), [&] {
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest11, identityName));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(interest11,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identityName)));
});
advanceClocks(time::milliseconds(100));
diff --git a/tests/unit-tests/security/signature-sha256-with-rsa.t.cpp b/tests/unit-tests/security/signature-sha256-with-rsa.t.cpp
index 0eb39f4..5c6f87d 100644
--- a/tests/unit-tests/security/signature-sha256-with-rsa.t.cpp
+++ b/tests/unit-tests/security/signature-sha256-with-rsa.t.cpp
@@ -119,7 +119,9 @@
Data testData("/SecurityTestSignatureSha256WithRsa/DataSignature/Data1");
char content[5] = "1234";
testData.setContent(reinterpret_cast<uint8_t*>(content), 5);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(testData, identityName));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(testData,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identityName)));
Block dataBlock(testData.wireEncode().wire(), testData.wireEncode().size());
Data testData2;
@@ -139,12 +141,16 @@
Interest interest11("/SecurityTestSignatureSha256WithRsa/InterestSignature/Interest1");
scheduler.scheduleEvent(time::milliseconds(100), [&] {
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest, identityName));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(interest,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identityName)));
});
advanceClocks(time::milliseconds(100));
scheduler.scheduleEvent(time::milliseconds(100), [&] {
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest11, identityName));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(interest11,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identityName)));
});
advanceClocks(time::milliseconds(100));
diff --git a/tests/unit-tests/security/signing-info.t.cpp b/tests/unit-tests/security/signing-info.t.cpp
new file mode 100644
index 0000000..d3311be
--- /dev/null
+++ b/tests/unit-tests/security/signing-info.t.cpp
@@ -0,0 +1,100 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2015 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "security/signing-info.hpp"
+
+#include "boost-test.hpp"
+
+namespace ndn {
+namespace security {
+namespace tests {
+
+BOOST_AUTO_TEST_SUITE(SecuritySigningInfo)
+
+BOOST_AUTO_TEST_CASE(Basic)
+{
+ Name id("/id");
+ Name key("/key");
+ Name cert("/cert");
+
+ SigningInfo info;
+
+ BOOST_CHECK_EQUAL(info.getSignerType(), SigningInfo::SIGNER_TYPE_NULL);
+ BOOST_CHECK_EQUAL(info.getSignerName(), SigningInfo::EMPTY_NAME);
+ BOOST_CHECK_EQUAL(info.getDigestAlgorithm(), DIGEST_ALGORITHM_SHA256);
+
+ const SignatureInfo& sigInfo = info.getSignatureInfo();
+ BOOST_CHECK_EQUAL(sigInfo.getSignatureType(), -1);
+ BOOST_CHECK_EQUAL(sigInfo.hasKeyLocator(), false);
+
+ info.setSigningIdentity(id);
+ BOOST_CHECK_EQUAL(info.getSignerType(), SigningInfo::SIGNER_TYPE_ID);
+ BOOST_CHECK_EQUAL(info.getSignerName(), id);
+
+ SigningInfo infoId(SigningInfo::SIGNER_TYPE_ID, id);
+ BOOST_CHECK_EQUAL(infoId.getSignerType(), SigningInfo::SIGNER_TYPE_ID);
+ BOOST_CHECK_EQUAL(infoId.getSignerName(), id);
+
+ info.setSigningKeyName(key);
+ BOOST_CHECK_EQUAL(info.getSignerType(), SigningInfo::SIGNER_TYPE_KEY);
+ BOOST_CHECK_EQUAL(info.getSignerName(), key);
+
+ SigningInfo infoKey(SigningInfo::SIGNER_TYPE_KEY, key);
+ BOOST_CHECK_EQUAL(infoKey.getSignerType(), SigningInfo::SIGNER_TYPE_KEY);
+ BOOST_CHECK_EQUAL(infoKey.getSignerName(), key);
+
+ info.setSigningCertName(cert);
+ BOOST_CHECK_EQUAL(info.getSignerType(), SigningInfo::SIGNER_TYPE_CERT);
+ BOOST_CHECK_EQUAL(info.getSignerName(), cert);
+
+ SigningInfo infoCert(SigningInfo::SIGNER_TYPE_CERT, cert);
+ BOOST_CHECK_EQUAL(infoCert.getSignerType(), SigningInfo::SIGNER_TYPE_CERT);
+ BOOST_CHECK_EQUAL(infoCert.getSignerName(), cert);
+
+ info.setSha256Signing();
+ BOOST_CHECK_EQUAL(info.getSignerType(), SigningInfo::SIGNER_TYPE_SHA256);
+ BOOST_CHECK_EQUAL(info.getSignerName(), SigningInfo::EMPTY_NAME);
+
+ SigningInfo infoSha(SigningInfo::SIGNER_TYPE_SHA256);
+ BOOST_CHECK_EQUAL(infoSha.getSignerType(), SigningInfo::SIGNER_TYPE_SHA256);
+ BOOST_CHECK_EQUAL(infoSha.getSignerName(), SigningInfo::EMPTY_NAME);
+}
+
+BOOST_AUTO_TEST_CASE(CustomSignatureInfo)
+{
+ SigningInfo info1;
+ BOOST_CHECK(info1.getSignatureInfo() == SignatureInfo());
+
+ SignatureInfo si;
+ si.setKeyLocator(Name("ndn:/test/key/locator"));
+ info1.setSignatureInfo(si);
+
+ BOOST_CHECK(info1.getSignatureInfo() == si);
+
+ SigningInfo info2(SigningInfo::SIGNER_TYPE_NULL, SigningInfo::EMPTY_NAME, si);
+ BOOST_CHECK(info2.getSignatureInfo() == si);
+}
+
+BOOST_AUTO_TEST_SUITE_END()
+
+} // namespace tests
+} // namespace security
+} // namespace ndn
diff --git a/tests/unit-tests/security/validator-config.t.cpp b/tests/unit-tests/security/validator-config.t.cpp
index 4171554..63eee74 100644
--- a/tests/unit-tests/security/validator-config.t.cpp
+++ b/tests/unit-tests/security/validator-config.t.cpp
@@ -50,11 +50,15 @@
Name dataName1("/simple/equal");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
Name dataName2("/simple/different");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
std::string CONFIG_1 =
"rule\n"
@@ -121,15 +125,21 @@
Name dataName1("/simple/isPrefixOf");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
Name dataName2("/simple/notPrefixOf");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
Name dataName3("/simple/isPrefixOf/anotherLevel");
shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
std::string CONFIG_1 =
"rule\n"
@@ -200,15 +210,21 @@
Name dataName1("/simple/isStrictPrefixOf");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
Name dataName2("/simple");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
std::string CONFIG_1 =
"rule\n"
@@ -279,15 +295,21 @@
Name dataName1("/simple/regex");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
Name dataName2("/simple/regex-wrong");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
Name dataName3("/simple/regex/correct");
shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
std::string CONFIG_1 =
"rule\n"
@@ -358,15 +380,21 @@
Name dataName1 = identity;
dataName1.append("1");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
Name dataName2 = identity;
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
const std::string CONFIG =
"rule\n"
@@ -439,12 +467,16 @@
Name dataName1 = identity;
dataName1.append("data").appendVersion();
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity1));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity1)));
Name dataName2 = identity;
dataName2.append("data").appendVersion();
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity2));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity2)));
Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
shared_ptr<Interest> interest = make_shared<Interest>(interestName);
@@ -593,7 +625,9 @@
Name dataName1("/any/data");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
std::string CONFIG =
"trust-anchor\n"
@@ -633,9 +667,13 @@
interestName2.append("2");
shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, identity1));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity1)));
usleep(10000);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, identity1));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity1)));
const std::string CONFIG =
"rule\n"
@@ -722,11 +760,17 @@
interestName3.append("3");
shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, identity1));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity1)));
usleep(10000);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, identity2));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity2)));
usleep(10000);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest3, identity3));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity3)));
const std::string CONFIG =
"rule\n"
@@ -855,13 +899,21 @@
shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, identity1));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity1)));
usleep(10000);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, identity2));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity2)));
usleep(10000);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest3, identity3));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity3)));
usleep(10000);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest4, identity4));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest4,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity4)));
const std::string CONFIG =
"rule\n"
@@ -989,14 +1041,22 @@
Name dataName("/TestValidatorConfig/FixedSignerChecker2");
shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
- m_keyChain.signByIdentity(*dataRsa, rsaIdentity);
+ m_keyChain.sign(*dataRsa,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ rsaIdentity));
shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
- m_keyChain.signByIdentity(*dataEcdsa, ecdsaIdentity);
+ m_keyChain.sign(*dataEcdsa,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ ecdsaIdentity));
shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
- m_keyChain.signByIdentity(*interestRsa, rsaIdentity);
+ m_keyChain.sign(*interestRsa,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ rsaIdentity));
shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
- m_keyChain.signByIdentity(*interestEcdsa, ecdsaIdentity);
+ m_keyChain.sign(*interestEcdsa,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ ecdsaIdentity));
const std::string CONFIG =
"rule\n"
@@ -1145,7 +1205,9 @@
time::system_clock::now(),
time::system_clock::now() + time::days(7300),
subjectDescription);
- m_keyChain.signByIdentity(*sldCert, root);
+ m_keyChain.sign(*sldCert,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ root));
m_keyChain.addCertificateAsIdentityDefault(*sldCert);
Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
@@ -1158,7 +1220,9 @@
time::system_clock::now(),
time::system_clock::now() + time::days(7300),
subjectDescription);
- m_keyChain.signByIdentity(*nldCert, sld);
+ m_keyChain.sign(*nldCert,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ sld));
m_keyChain.addCertificateAsIdentityDefault(*nldCert);
face1->setInterestFilter(sldCert->getName().getPrefix(-1),
@@ -1174,12 +1238,16 @@
Name dataName1 = nld;
dataName1.append("data1");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, nld));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ nld)));
Name dataName2("/ConfValidatorTest");
dataName2.append("data1");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, nld));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ nld)));
const std::string CONFIG =
@@ -1250,7 +1318,9 @@
time::system_clock::now(),
time::system_clock::now() + time::days(7300),
subjectDescription);
- m_keyChain.signByIdentity(*sldCert, root);
+ m_keyChain.sign(*sldCert,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ root));
m_keyChain.addCertificateAsIdentityDefault(*sldCert);
Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
@@ -1263,7 +1333,9 @@
time::system_clock::now(),
time::system_clock::now() + time::days(7300),
subjectDescription);
- m_keyChain.signByIdentity(*nldCert, sld);
+ m_keyChain.sign(*nldCert,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ sld));
m_keyChain.addCertificateAsIdentityDefault(*nldCert);
face1->setInterestFilter(sldCert->getName().getPrefix(-1),
@@ -1279,17 +1351,23 @@
advanceClocks(time::milliseconds(10));
Name interestName1("/localhost/nrd/register/option");
shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, nld));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ nld)));
advanceClocks(time::milliseconds(10));
Name interestName2("/localhost/nrd/non-register");
shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, nld));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ nld)));
advanceClocks(time::milliseconds(10));
Name interestName3("/localhost/nrd/register/option");
shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest3, root));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ root)));
advanceClocks(time::milliseconds(10));
Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
@@ -1442,11 +1520,15 @@
Name dataName1("/any/data/1");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, firstIdentity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ firstIdentity)));
Name dataName2("/any/data/2");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, secondIdentity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ secondIdentity)));
std::string CONFIG =
"rule\n"
diff --git a/tests/unit-tests/security/validator.t.cpp b/tests/unit-tests/security/validator.t.cpp
index e72171e..b91e5d3 100644
--- a/tests/unit-tests/security/validator.t.cpp
+++ b/tests/unit-tests/security/validator.t.cpp
@@ -54,7 +54,9 @@
dataName.append("1");
shared_ptr<Data> data = make_shared<Data>(dataName);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(*data,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
ValidatorNull validator;
@@ -100,12 +102,16 @@
shared_ptr<PublicKey> publicKey2 = m_keyChain.getPublicKey(keyName2);
Data data("/TestData/1");
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(data, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(data,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
BOOST_CHECK_EQUAL(Validator::verifySignature(data, *publicKey), true);
BOOST_CHECK_EQUAL(Validator::verifySignature(data, *publicKey2), false);
Interest interest("/TestInterest/1");
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(interest,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
BOOST_CHECK_EQUAL(Validator::verifySignature(interest, *publicKey), true);
BOOST_CHECK_EQUAL(Validator::verifySignature(interest, *publicKey2), false);
@@ -160,12 +166,16 @@
Data data("/TestData/1");
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(data, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(data,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
BOOST_CHECK_EQUAL(Validator::verifySignature(data, *publicKey), true);
BOOST_CHECK_EQUAL(Validator::verifySignature(data, *publicKey2), false);
Interest interest("/TestInterest/1");
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest, identity));
+ BOOST_CHECK_NO_THROW(m_keyChain.sign(interest,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ identity)));
BOOST_CHECK_EQUAL(Validator::verifySignature(interest, *publicKey), true);
BOOST_CHECK_EQUAL(Validator::verifySignature(interest, *publicKey2), false);
@@ -192,13 +202,21 @@
Name packetName("/Test/Packet/Name");
shared_ptr<Data> testDataRsa = make_shared<Data>(packetName);
- m_keyChain.signByIdentity(*testDataRsa, rsaIdentity);
+ m_keyChain.sign(*testDataRsa,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ rsaIdentity));
shared_ptr<Data> testDataEcdsa = make_shared<Data>(packetName);
- m_keyChain.signByIdentity(*testDataEcdsa, ecdsaIdentity);
+ m_keyChain.sign(*testDataEcdsa,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ ecdsaIdentity));
shared_ptr<Interest> testInterestRsa = make_shared<Interest>(packetName);
- m_keyChain.signByIdentity(*testInterestRsa, rsaIdentity);
+ m_keyChain.sign(*testInterestRsa,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ rsaIdentity));
shared_ptr<Interest> testInterestEcdsa = make_shared<Interest>(packetName);
- m_keyChain.signByIdentity(*testInterestEcdsa, ecdsaIdentity);
+ m_keyChain.sign(*testInterestEcdsa,
+ security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
+ ecdsaIdentity));
BOOST_CHECK(Validator::verifySignature(*ecdsaCert, ecdsaCert->getPublicKeyInfo()));
BOOST_CHECK_EQUAL(Validator::verifySignature(*ecdsaCert, rsaCert->getPublicKeyInfo()), false);