security: fix inverted logic in CertificateBundleFetcher
Fixes regression introduced in ebfe4a207f658a77b5249cda4bd0bc35ede82066
Change-Id: I9187a4f033be2705d5ad17c4dc221eaa28855192
diff --git a/tests/unit/security/certificate-bundle-fetcher.t.cpp b/tests/unit/security/certificate-bundle-fetcher.t.cpp
index 5c05148..1d0cee9 100644
--- a/tests/unit/security/certificate-bundle-fetcher.t.cpp
+++ b/tests/unit/security/certificate-bundle-fetcher.t.cpp
@@ -22,9 +22,9 @@
#include "ndn-cxx/security/certificate-bundle-fetcher.hpp"
#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
#include "ndn-cxx/util/regex/regex-pattern-list-matcher.hpp"
-#include "ndn-cxx/lp/nack.hpp"
#include "tests/boost-test.hpp"
+#include "tests/make-interest-data.hpp"
#include "tests/unit/security/validator-fixture.hpp"
namespace ndn {
@@ -46,11 +46,11 @@
}
};
-class Bundle
+class BundleWithFinalBlockId
{
};
-class Cert
+class BundleWithoutFinalBlockId
{
};
@@ -69,31 +69,61 @@
public:
CertificateBundleFetcherFixture()
: data("/Security/ValidatorFixture/Sub1/Sub3/Data")
+ , bundleRegexMatcher(std::make_shared<RegexPatternListMatcher>("<>*<_BUNDLE><>*", nullptr))
{
subSubIdentity = addSubCertificate("/Security/ValidatorFixture/Sub1/Sub3", subIdentity);
cache.insert(subSubIdentity.getDefaultKey().getDefaultCertificate());
-
m_keyChain.sign(data, signingByIdentity(subSubIdentity));
- bundleRegexMatcher = make_shared<RegexPatternListMatcher>("<>*<_BUNDLE><>*", nullptr);
+
processInterest = [this] (const Interest& interest) {
- // check if the interest is for Bundle or individual certificates
+ // check if the interest is for bundle or individual certificates
if (bundleRegexMatcher->match(interest.getName(), 0, interest.getName().size())) {
makeResponse(interest);
}
else {
auto cert = cache.find(interest);
- if (cert == nullptr) {
- return;
+ if (cert) {
+ face.receive(*cert);
}
- face.receive(*cert);
}
};
}
+private:
void
makeResponse(const Interest& interest);
-public:
+ shared_ptr<Data>
+ makeBundle(const Interest& interest) const
+ {
+ Block certList(tlv::Content);
+ Name bundleName(interest.getName());
+
+ if (!bundleName.get(-1).isSegment() || bundleName.get(-1).toSegment() == 0) {
+ Block subSubCert = subSubIdentity.getDefaultKey().getDefaultCertificate().wireEncode();
+ certList.push_back(std::move(subSubCert));
+
+ if (!bundleName.get(-1).isSegment()) {
+ bundleName
+ .appendVersion()
+ .appendSegment(0);
+ }
+ }
+ else {
+ Block subCert = subIdentity.getDefaultKey().getDefaultCertificate().wireEncode();
+ Block anchor = identity.getDefaultKey().getDefaultCertificate().wireEncode();
+ certList.push_back(std::move(subCert));
+ certList.push_back(std::move(anchor));
+ }
+
+ auto certBundle = make_shared<Data>();
+ certBundle->setName(bundleName);
+ certBundle->setFreshnessPeriod(100_s);
+ certBundle->setContent(certList);
+ return certBundle;
+ }
+
+protected:
Data data;
Identity subSubIdentity;
shared_ptr<RegexPatternListMatcher> bundleRegexMatcher;
@@ -101,42 +131,26 @@
template<>
void
-CertificateBundleFetcherFixture<Bundle>::makeResponse(const Interest& interest)
+CertificateBundleFetcherFixture<BundleWithFinalBlockId>::makeResponse(const Interest& interest)
{
- Block certList = Block(tlv::Content);
- Name bundleName(interest.getName());
-
- if (!bundleName.get(-1).isSegment() || bundleName.get(-1).toSegment() == 0) {
- Block subSubCert = subSubIdentity.getDefaultKey().getDefaultCertificate().wireEncode();
- certList.push_back(subSubCert);
-
- if (!bundleName.get(-1).isSegment()) {
- bundleName
- .appendVersion()
- .appendSegment(0);
- }
- }
- else {
- Block subCert = subIdentity.getDefaultKey().getDefaultCertificate().wireEncode();
- Block anchor = identity.getDefaultKey().getDefaultCertificate().wireEncode();
- certList.push_back(subCert);
- certList.push_back(anchor);
- }
-
- shared_ptr<Data> certBundle = make_shared<Data>();
- certBundle->setName(bundleName);
- certBundle->setFreshnessPeriod(100_s);
- certBundle->setContent(certList);
+ auto certBundle = makeBundle(interest);
certBundle->setFinalBlock(name::Component::fromSegment(1));
-
m_keyChain.sign(*certBundle, signingWithSha256());
-
face.receive(*certBundle);
}
template<>
void
-CertificateBundleFetcherFixture<Timeout>::makeResponse(const Interest& interest)
+CertificateBundleFetcherFixture<BundleWithoutFinalBlockId>::makeResponse(const Interest& interest)
+{
+ auto certBundle = makeBundle(interest);
+ m_keyChain.sign(*certBundle, signingWithSha256());
+ face.receive(*certBundle);
+}
+
+template<>
+void
+CertificateBundleFetcherFixture<Timeout>::makeResponse(const Interest&)
{
this->advanceClocks(200_s);
}
@@ -145,12 +159,13 @@
void
CertificateBundleFetcherFixture<Nack>::makeResponse(const Interest& interest)
{
- lp::Nack nack(interest);
- nack.setHeader(lp::NackHeader().setReason(lp::NackReason::NO_ROUTE));
- face.receive(nack);
+ face.receive(makeNack(interest, lp::NackReason::NO_ROUTE));
}
-BOOST_FIXTURE_TEST_CASE(ValidateSuccessWithBundle, CertificateBundleFetcherFixture<Bundle>)
+using SuccessWithBundle = boost::mpl::vector<BundleWithFinalBlockId, BundleWithoutFinalBlockId>;
+
+BOOST_FIXTURE_TEST_CASE_TEMPLATE(ValidateSuccessWithBundle, T, SuccessWithBundle,
+ CertificateBundleFetcherFixture<T>)
{
VALIDATE_SUCCESS(this->data, "Should get accepted, as interest brings the bundle segments");
BOOST_CHECK_EQUAL(this->face.sentInterests.size(), 2); // produced bundle has 2 segments
@@ -162,10 +177,11 @@
using SuccessWithoutBundle = boost::mpl::vector<Nack, Timeout>;
-BOOST_FIXTURE_TEST_CASE_TEMPLATE(ValidateSuccessWithoutBundle, T, SuccessWithoutBundle, CertificateBundleFetcherFixture<T>)
+BOOST_FIXTURE_TEST_CASE_TEMPLATE(ValidateSuccessWithoutBundle, T, SuccessWithoutBundle,
+ CertificateBundleFetcherFixture<T>)
{
VALIDATE_SUCCESS(this->data, "Should get accepted, as interest brings the certs");
- BOOST_CHECK_EQUAL(this->face.sentInterests.size(), 4); // since interest for Bundle fails, each cert is retrieved
+ BOOST_CHECK_EQUAL(this->face.sentInterests.size(), 4); // since interest for bundle fails, each cert is retrieved
bool toggle = true;
for (const auto& sentInterest : this->face.sentInterests) {