security: Pair-up Tpm and Pib in KeyChain
In this commit, we also change the HOME setting for test cases.
Change-Id: I7fa15461555b3519d9d2005c6956c167ed07d66f
Refs: #2242
Refs: #2260
diff --git a/src/security/key-chain.cpp b/src/security/key-chain.cpp
index f22c5a9..9360671 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/key-chain.cpp
@@ -41,96 +41,177 @@
const RsaKeyParams KeyChain::DEFAULT_KEY_PARAMS;
KeyChain::KeyChain()
- : m_pib(0)
- , m_tpm(0)
+ : m_pib(nullptr)
+ , m_tpm(nullptr)
, m_lastTimestamp(time::toUnixTimestamp(time::system_clock::now()))
{
+ initialize("", "", false);
+}
- ConfigFile config;
- const ConfigFile::Parsed& parsed = config.getParsedConfiguration();
-
- std::string pibName;
- try
- {
- pibName = parsed.get<std::string>("pib");
- }
- catch (boost::property_tree::ptree_bad_path& error)
- {
- // pib is not specified, take the default
- }
- catch (boost::property_tree::ptree_bad_data& error)
- {
- throw ConfigFile::Error(error.what());
- }
-
- std::string tpmName;
- try
- {
- tpmName = parsed.get<std::string>("tpm");
- }
- catch (boost::property_tree::ptree_bad_path& error)
- {
- // tpm is not specified, take the default
- }
- catch (boost::property_tree::ptree_bad_data& error)
- {
- throw ConfigFile::Error(error.what());
- }
-
-
- if (pibName.empty() || pibName == "sqlite3")
- m_pib = new SecPublicInfoSqlite3;
- else
- throw Error("PIB type '" + pibName + "' is not supported");
-
- if (tpmName.empty())
-#if defined(NDN_CXX_HAVE_OSX_SECURITY) and defined(NDN_CXX_WITH_OSX_KEYCHAIN)
- m_tpm = new SecTpmOsx();
-#else
- m_tpm = new SecTpmFile();
-#endif // defined(NDN_CXX_HAVE_OSX_SECURITY) and defined(NDN_CXX_WITH_OSX_KEYCHAIN)
- else if (tpmName == "osx-keychain")
-#if defined(NDN_CXX_HAVE_OSX_SECURITY)
- m_tpm = new SecTpmOsx();
-#else
- throw Error("TPM type '" + tpmName + "' is not supported on this platform");
-#endif // NDN_CXX_HAVE_OSX_SECURITY
- else if (tpmName == "file")
- m_tpm = new SecTpmFile();
- else
- throw Error("TPM type '" + tpmName + "' is not supported");
+template<class T>
+inline
+KeyChain::KeyChain(T traits)
+ : m_pib(new typename T::Pib)
+ , m_tpm(nullptr)
+ , m_lastTimestamp(time::toUnixTimestamp(time::system_clock::now()))
+{
+ initialize(T::Pib::SCHEME, T::Tpm::SCHEME, false);
}
KeyChain::KeyChain(const std::string& pibName,
- const std::string& tpmName)
- : m_pib(0)
- , m_tpm(0)
+ const std::string& tpmName,
+ bool allowReset)
+ : m_pib(nullptr)
+ , m_tpm(nullptr)
, m_lastTimestamp(time::toUnixTimestamp(time::system_clock::now()))
{
- if (pibName == "sqlite3")
- m_pib = new SecPublicInfoSqlite3;
- else
- throw Error("PIB type '" + pibName + "' is not supported");
+ std::string pibLocator;
+ std::string tpmLocator;
if (tpmName == "file")
- m_tpm = new SecTpmFile;
+ tpmLocator = SecTpmFile::SCHEME;
#if defined(NDN_CXX_HAVE_OSX_SECURITY)
else if (tpmName == "osx-keychain")
- m_tpm = new SecTpmOsx();
+ tpmLocator = SecTpmOsx::SCHEME;
#endif //NDN_CXX_HAVE_OSX_SECURITY
else
- throw Error("TPM type '" + tpmName + "' is not supported");
+ tpmLocator = tpmName;
+
+ if (pibName == "sqlite3")
+ pibLocator = SecPublicInfoSqlite3::SCHEME;
+ else
+ pibLocator = pibName;
+
+ initialize(pibLocator, tpmLocator, allowReset);
}
KeyChain::~KeyChain()
{
- if (m_pib != 0)
+ if (m_pib != nullptr)
delete m_pib;
- if (m_tpm != 0)
+ if (m_tpm != nullptr)
delete m_tpm;
}
+void
+KeyChain::initialize(const std::string& pib,
+ const std::string& tpm,
+ bool allowReset)
+{
+ ConfigFile config;
+ const ConfigFile::Parsed& parsed = config.getParsedConfiguration();
+
+ std::string defaultTpmLocator;
+ try {
+ defaultTpmLocator = parsed.get<std::string>("tpm");
+ }
+ catch (boost::property_tree::ptree_bad_path&) {
+ // tpm is not specified, take the default
+ }
+ catch (boost::property_tree::ptree_bad_data& error) {
+ throw ConfigFile::Error(error.what());
+ }
+
+ if (defaultTpmLocator.empty())
+#if defined(NDN_CXX_HAVE_OSX_SECURITY) and defined(NDN_CXX_WITH_OSX_KEYCHAIN)
+ defaultTpmLocator = SecTpmOsx::SCHEME;
+#else
+ defaultTpmLocator = SecTpmFile::SCHEME;
+#endif // defined(NDN_CXX_HAVE_OSX_SECURITY) and defined(NDN_CXX_WITH_OSX_KEYCHAIN)
+ else if (defaultTpmLocator == "osx-keychain")
+#if defined(NDN_CXX_HAVE_OSX_SECURITY)
+ defaultTpmLocator = SecTpmOsx::SCHEME;
+#else
+ throw Error("TPM Locator '" + defaultTpmLocator + "' is not supported on this platform");
+#endif // NDN_CXX_HAVE_OSX_SECURITY
+ else if (defaultTpmLocator == "file")
+ defaultTpmLocator = SecTpmFile::SCHEME;
+
+ std::string defaultPibLocator;
+ try {
+ defaultPibLocator = parsed.get<std::string>("pib");
+ }
+ catch (boost::property_tree::ptree_bad_path&) {
+ // pib is not specified, take the default
+ }
+ catch (boost::property_tree::ptree_bad_data& error) {
+ throw ConfigFile::Error(error.what());
+ }
+
+ if (defaultPibLocator.empty() || defaultPibLocator == "sqlite3")
+ defaultPibLocator = SecPublicInfoSqlite3::SCHEME;
+
+ std::string pibLocator = pib;
+ std::string tpmLocator = tpm;
+
+ if (pibLocator == "")
+ pibLocator = defaultPibLocator;
+
+ if (defaultPibLocator == pibLocator)
+ tpmLocator = defaultTpmLocator;
+
+ initializePib(pibLocator);
+
+ std::string currentTpmLocator;
+ try {
+ currentTpmLocator = m_pib->getTpmLocator();
+
+ if (currentTpmLocator != tpmLocator) {
+ if (!allowReset) {
+ // Tpm mismatch, but we do not want to reset PIB
+ throw MismatchError("TPM locator supplied and TPM locator in PIB mismatch: " +
+ currentTpmLocator + " != " + tpmLocator);
+ }
+ else {
+ // reset is explicitly required
+ tpmLocator = currentTpmLocator;
+ }
+ }
+ }
+ catch (SecPublicInfo::Error&) {
+ // TPM locator is not set in PIB yet.
+ }
+
+ initializeTpm(tpmLocator); // note that key mismatch may still happen
+ // if the TPM locator is initially set to a wrong one
+ // or if the PIB was shared by more than one TPMs before.
+ // This is due to the old PIB does not have TPM info,
+ // new pib should not have this problem.
+
+ m_pib->setTpmLocator(tpmLocator);
+}
+
+void
+KeyChain::initializeTpm(const std::string& locator)
+{
+ size_t pos = locator.find(':');
+ std::string type = locator.substr(0, pos + 1);
+ std::string location = locator.substr(pos + 1);
+
+ if (type == SecTpmFile::SCHEME)
+ m_tpm = new SecTpmFile(location);
+#if defined(NDN_CXX_HAVE_OSX_SECURITY) and defined(NDN_CXX_WITH_OSX_KEYCHAIN)
+ else if (type == SecTpmOsx::SCHEME)
+ m_tpm = new SecTpmOsx(location);
+#endif
+ else
+ throw Error("Tpm locator error: Unsupported Tpm type: " + type);
+}
+
+void
+KeyChain::initializePib(const std::string& locator)
+{
+ size_t pos = locator.find(':');
+ std::string type = locator.substr(0, pos + 1);
+ std::string location = locator.substr(pos + 1);
+
+ if (type == SecPublicInfoSqlite3::SCHEME)
+ m_pib = new SecPublicInfoSqlite3(location);
+ else
+ throw Error("Pib locator error: Unsupported Pib type: " + type);
+}
+
Name
KeyChain::createIdentity(const Name& identityName, const KeyParams& params)
{
@@ -171,6 +252,20 @@
}
Name
+KeyChain::generateRsaKeyPair(const Name& identityName, bool isKsk, uint32_t keySize)
+{
+ RsaKeyParams params(keySize);
+ return generateKeyPair(identityName, isKsk, params);
+}
+
+Name
+KeyChain::generateEcdsaKeyPair(const Name& identityName, bool isKsk, uint32_t keySize)
+{
+ EcdsaKeyParams params(keySize);
+ return generateKeyPair(identityName, isKsk, params);
+}
+
+Name
KeyChain::generateRsaKeyPairAsDefault(const Name& identityName, bool isKsk, uint32_t keySize)
{
RsaKeyParams params(keySize);
@@ -414,7 +509,7 @@
shared_ptr<PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
// HACK! We should set key type according to the pkcs8 info.
- m_pib->addPublicKey(keyName, KEY_TYPE_RSA, *pubKey);
+ m_pib->addKey(keyName, *pubKey);
m_pib->setDefaultKeyNameForIdentity(keyName);
// Add cert
diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index 5d348c4..28de735 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -60,10 +60,19 @@
}
};
- static const Name DEFAULT_PREFIX;
-
- // RsaKeyParams is set to be default for backward compatibility.
- static const RsaKeyParams DEFAULT_KEY_PARAMS;
+ /**
+ * This error is thrown when the TPM locator retrieved from PIB is
+ * different from what is supplied to the KeyChain constructor.
+ */
+ class MismatchError : public Error
+ {
+ public:
+ explicit
+ MismatchError(const std::string& what)
+ : Error(what)
+ {
+ }
+ };
KeyChain();
@@ -71,8 +80,19 @@
explicit
KeyChain(KeyChainTraits traits);
- KeyChain(const std::string& pibName,
- const std::string& tpmName);
+ /**
+ * @brief KeyChain constructor
+ *
+ * @sa http://redmine.named-data.net/issues/2260
+ *
+ * @param pibLocator
+ * @param tpmLocator
+ * @param allowReset if true, the PIB will be reset when the supplied tpmLocator
+ * mismatches the one in PIB
+ */
+ KeyChain(const std::string& pibLocator,
+ const std::string& tpmLocator,
+ bool allowReset = false);
virtual
~KeyChain();
@@ -96,10 +116,10 @@
* @param keySize The size of the key.
* @return The generated key name.
*/
- inline Name
+ Name
generateRsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 2048);
- inline Name
+ Name
generateEcdsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 256);
/**
* @brief Generate a pair of RSA keys for the specified identity and set it as default key for
@@ -356,7 +376,7 @@
void
addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer)
{
- return m_pib->addPublicKey(keyName, keyType, publicKeyDer);
+ return m_pib->addKey(keyName, publicKeyDer);
}
void
@@ -643,6 +663,17 @@
}
private:
+ void
+ initialize(const std::string& pibLocator,
+ const std::string& tpmLocator,
+ bool needReset);
+
+ void
+ initializeTpm(const std::string& locator);
+
+ void
+ initializePib(const std::string& locator);
+
/**
* @brief Determine signature type
*
@@ -707,6 +738,10 @@
signPacketWrapper(Interest& interest, const Signature& signature,
const Name& keyName, DigestAlgorithm digestAlgorithm);
+public:
+ static const Name DEFAULT_PREFIX;
+ // RsaKeyParams is set to be default for backward compatibility.
+ static const RsaKeyParams DEFAULT_KEY_PARAMS;
private:
SecPublicInfo* m_pib;
@@ -714,29 +749,6 @@
time::milliseconds m_lastTimestamp;
};
-template<class T>
-inline
-KeyChain::KeyChain(T)
- : m_pib(new typename T::Pib)
- , m_tpm(new typename T::Tpm)
- , m_lastTimestamp(time::toUnixTimestamp(time::system_clock::now()))
-{
-}
-
-inline Name
-KeyChain::generateRsaKeyPair(const Name& identityName, bool isKsk, uint32_t keySize)
-{
- RsaKeyParams params(keySize);
- return generateKeyPair(identityName, isKsk, params);
-}
-
-inline Name
-KeyChain::generateEcdsaKeyPair(const Name& identityName, bool isKsk, uint32_t keySize)
-{
- EcdsaKeyParams params(keySize);
- return generateKeyPair(identityName, isKsk, params);
-}
-
template<typename T>
void
KeyChain::sign(T& packet)
diff --git a/src/security/sec-public-info-sqlite3.cpp b/src/security/sec-public-info-sqlite3.cpp
index 946eb56..58d6267 100644
--- a/src/security/sec-public-info-sqlite3.cpp
+++ b/src/security/sec-public-info-sqlite3.cpp
@@ -40,71 +40,84 @@
using std::string;
using std::vector;
-static const string INIT_ID_TABLE = "\
-CREATE TABLE IF NOT EXISTS \n \
- Identity( \n \
- identity_name BLOB NOT NULL, \n \
- default_identity INTEGER DEFAULT 0, \n \
- \
- PRIMARY KEY (identity_name) \n \
- ); \n \
- \
-CREATE INDEX identity_index ON Identity(identity_name); \n \
-";
+const std::string SecPublicInfoSqlite3::SCHEME("pib-sqlite3:");
-static const string INIT_KEY_TABLE = "\
-CREATE TABLE IF NOT EXISTS \n \
- Key( \n \
- identity_name BLOB NOT NULL, \n \
- key_identifier BLOB NOT NULL, \n \
- key_type INTEGER, \n \
- public_key BLOB, \n \
- default_key INTEGER DEFAULT 0, \n \
- active INTEGER DEFAULT 0, \n \
- \
- PRIMARY KEY (identity_name, key_identifier) \n \
- ); \n \
- \
-CREATE INDEX key_index ON Key(identity_name); \n \
-";
+static const string INIT_TPM_INFO_TABLE =
+ "CREATE TABLE IF NOT EXISTS "
+ " TpmInfo( "
+ " tpm_locator BLOB NOT NULL,"
+ " PRIMARY KEY (tpm_locator) "
+ " ); ";
-static const string INIT_CERT_TABLE = "\
-CREATE TABLE IF NOT EXISTS \n \
- Certificate( \n \
- cert_name BLOB NOT NULL, \n \
- cert_issuer BLOB NOT NULL, \n \
- identity_name BLOB NOT NULL, \n \
- key_identifier BLOB NOT NULL, \n \
- not_before TIMESTAMP, \n \
- not_after TIMESTAMP, \n \
- certificate_data BLOB NOT NULL, \n \
- valid_flag INTEGER DEFAULT 1, \n \
- default_cert INTEGER DEFAULT 0, \n \
- \
- PRIMARY KEY (cert_name) \n \
- ); \n \
- \
-CREATE INDEX cert_index ON Certificate(cert_name); \n \
-CREATE INDEX subject ON Certificate(identity_name); \n \
-";
+static const string INIT_ID_TABLE =
+ "CREATE TABLE IF NOT EXISTS "
+ " Identity( "
+ " identity_name BLOB NOT NULL, "
+ " default_identity INTEGER DEFAULT 0, "
+ " PRIMARY KEY (identity_name) "
+ " ); "
+ "CREATE INDEX identity_index ON Identity(identity_name);";
+
+static const string INIT_KEY_TABLE =
+ "CREATE TABLE IF NOT EXISTS "
+ " Key( "
+ " identity_name BLOB NOT NULL, "
+ " key_identifier BLOB NOT NULL, "
+ " key_type INTEGER, "
+ " public_key BLOB, "
+ " default_key INTEGER DEFAULT 0, "
+ " active INTEGER DEFAULT 0, "
+ " PRIMARY KEY (identity_name, key_identifier)"
+ " ); "
+ "CREATE INDEX key_index ON Key(identity_name); ";
+
+
+static const string INIT_CERT_TABLE =
+ "CREATE TABLE IF NOT EXISTS "
+ " Certificate( "
+ " cert_name BLOB NOT NULL, "
+ " cert_issuer BLOB NOT NULL, "
+ " identity_name BLOB NOT NULL, "
+ " key_identifier BLOB NOT NULL, "
+ " not_before TIMESTAMP, "
+ " not_after TIMESTAMP, "
+ " certificate_data BLOB NOT NULL, "
+ " valid_flag INTEGER DEFAULT 1, "
+ " default_cert INTEGER DEFAULT 0, "
+ " PRIMARY KEY (cert_name) "
+ " ); "
+ "CREATE INDEX cert_index ON Certificate(cert_name); "
+ "CREATE INDEX subject ON Certificate(identity_name);";
/**
* A utility function to call the normal sqlite3_bind_text where the value and length are
* value.c_str() and value.size().
*/
static int
-sqlite3_bind_text(sqlite3_stmt* statement,
- int index,
- const string& value,
- void(*destructor)(void*))
+sqlite3_bind_string(sqlite3_stmt* statement,
+ int index,
+ const string& value,
+ void(*destructor)(void*))
{
return sqlite3_bind_text(statement, index, value.c_str(), value.size(), destructor);
}
-SecPublicInfoSqlite3::SecPublicInfoSqlite3()
- : m_database(nullptr)
+static string
+sqlite3_column_string(sqlite3_stmt* statement, int column)
{
- boost::filesystem::path identityDir = boost::filesystem::path(getenv("HOME")) / ".ndn";
+ return string(reinterpret_cast<const char*>(sqlite3_column_text(statement, column)),
+ sqlite3_column_bytes(statement, column));
+}
+
+SecPublicInfoSqlite3::SecPublicInfoSqlite3(const std::string& dir)
+ : SecPublicInfo(dir)
+ , m_database(nullptr)
+{
+ boost::filesystem::path identityDir;
+ if (dir == "")
+ identityDir = boost::filesystem::path(getenv("HOME")) / ".ndn";
+ else
+ identityDir = boost::filesystem::path(dir) / ".ndn";
boost::filesystem::create_directories(identityDir);
/// @todo Add define for windows/unix in wscript. The following may completely fail on windows
@@ -119,71 +132,13 @@
if (res != SQLITE_OK)
throw Error("identity DB cannot be opened/created");
+
BOOST_ASSERT(m_database != nullptr);
- //Check if Key table exists;
- sqlite3_stmt* statement;
- sqlite3_prepare_v2(m_database,
- "SELECT name FROM sqlite_master WHERE type='table' And name='Identity'",
- -1, &statement, 0);
- res = sqlite3_step(statement);
-
- bool idTableExists = false;
- if (res == SQLITE_ROW)
- idTableExists = true;
-
- sqlite3_finalize(statement);
-
- if (!idTableExists) {
- char* errorMessage = 0;
- res = sqlite3_exec(m_database, INIT_ID_TABLE.c_str(), NULL, NULL, &errorMessage);
-
- if (res != SQLITE_OK && errorMessage != 0) {
- sqlite3_free(errorMessage);
- }
- }
-
- //Check if Key table exists;
- sqlite3_prepare_v2(m_database,
- "SELECT name FROM sqlite_master WHERE type='table' And name='Key'",
- -1, &statement, 0);
- res = sqlite3_step(statement);
-
- bool keyTableExists = false;
- if (res == SQLITE_ROW)
- keyTableExists = true;
-
- sqlite3_finalize(statement);
-
- if (!keyTableExists) {
- char* errorMessage = 0;
- res = sqlite3_exec(m_database, INIT_KEY_TABLE.c_str(), NULL, NULL, &errorMessage);
-
- if (res != SQLITE_OK && errorMessage != 0) {
- sqlite3_free(errorMessage);
- }
- }
-
- //Check if Certificate table exists;
- sqlite3_prepare_v2(m_database,
- "SELECT name FROM sqlite_master WHERE type='table' And name='Certificate'",
- -1, &statement, 0);
- res = sqlite3_step(statement);
-
- bool idCertificateTableExists = false;
- if (res == SQLITE_ROW)
- idCertificateTableExists = true;
-
- sqlite3_finalize(statement);
-
- if (!idCertificateTableExists) {
- char* errorMessage = 0;
- res = sqlite3_exec(m_database, INIT_CERT_TABLE.c_str(), NULL, NULL, &errorMessage);
-
- if (res != SQLITE_OK && errorMessage != 0) {
- sqlite3_free(errorMessage);
- }
- }
+ initializeTable("TpmInfo", INIT_TPM_INFO_TABLE); // Check if TpmInfo table exists;
+ initializeTable("Identity", INIT_ID_TABLE); // Check if Identity table exists;
+ initializeTable("Key", INIT_KEY_TABLE); // Check if Key table exists;
+ initializeTable("Certificate", INIT_CERT_TABLE); // Check if Certificate table exists;
}
SecPublicInfoSqlite3::~SecPublicInfoSqlite3()
@@ -193,6 +148,126 @@
}
bool
+SecPublicInfoSqlite3::doesTableExist(const string& tableName)
+{
+ // Check if the table exists;
+ bool doesTableExist = false;
+ string checkingString =
+ "SELECT name FROM sqlite_master WHERE type='table' AND name='" + tableName + "'";
+
+ sqlite3_stmt* statement;
+ sqlite3_prepare_v2(m_database, checkingString.c_str(), -1, &statement, 0);
+
+ int result = sqlite3_step(statement);
+ if (result == SQLITE_ROW)
+ doesTableExist = true;
+ sqlite3_finalize(statement);
+
+ return doesTableExist;
+}
+
+bool
+SecPublicInfoSqlite3::initializeTable(const string& tableName, const string& initCommand)
+{
+ // Create the table if it does not exist
+ if (!doesTableExist(tableName)) {
+ char* errorMessage = 0;
+ int result = sqlite3_exec(m_database, initCommand.c_str(), NULL, NULL, &errorMessage);
+
+ if (result != SQLITE_OK && errorMessage != 0) {
+ sqlite3_free(errorMessage);
+ return false;
+ }
+ }
+
+ return true;
+}
+
+void
+SecPublicInfoSqlite3::deleteTable(const string& tableName)
+{
+ string query = "DROP TABLE IF EXISTS " + tableName;
+
+ sqlite3_stmt* statement;
+ sqlite3_prepare_v2(m_database, query.c_str(), -1, &statement, 0);
+
+ sqlite3_step(statement);
+ sqlite3_finalize(statement);
+}
+
+void
+SecPublicInfoSqlite3::setTpmLocator(const string& tpmLocator)
+{
+ string currentTpm;
+ try {
+ currentTpm = getTpmLocator();
+ }
+ catch (SecPublicInfo::Error&) {
+ setTpmLocatorInternal(tpmLocator, false); // set tpmInfo without resetting
+ return;
+ }
+
+ if (currentTpm == tpmLocator)
+ return; // if the same, nothing will be changed
+
+ setTpmLocatorInternal(tpmLocator, true); // set tpmInfo and reset pib
+}
+
+string
+SecPublicInfoSqlite3::getTpmLocator()
+{
+ sqlite3_stmt* statement;
+ sqlite3_prepare_v2(m_database, "SELECT tpm_locator FROM TpmInfo", -1, &statement, 0);
+
+ int res = sqlite3_step(statement);
+
+ if (res == SQLITE_ROW) {
+ string tpmLocator = sqlite3_column_string(statement, 0);
+ sqlite3_finalize(statement);
+ return tpmLocator;
+ }
+ else {
+ sqlite3_finalize(statement);
+ throw SecPublicInfo::Error("TPM info does not exist");
+ }
+}
+
+void
+SecPublicInfoSqlite3::setTpmLocatorInternal(const string& tpmLocator, bool needReset)
+{
+ sqlite3_stmt* statement;
+
+ if (needReset) {
+ deleteTable("Identity");
+ deleteTable("Key");
+ deleteTable("Certificate");
+
+ initializeTable("Identity", INIT_ID_TABLE);
+ initializeTable("Key", INIT_KEY_TABLE);
+ initializeTable("Certificate", INIT_CERT_TABLE);
+
+ sqlite3_prepare_v2(m_database, "UPDATE TpmInfo SET tpm_locator = ?",
+ -1, &statement, 0);
+ sqlite3_bind_string(statement, 1, tpmLocator, SQLITE_TRANSIENT);
+ }
+ else {
+ // no reset implies there is no tpmLocator record, insert one
+ sqlite3_prepare_v2(m_database, "INSERT INTO TpmInfo (tpm_locator) VALUES (?)",
+ -1, &statement, 0);
+ sqlite3_bind_string(statement, 1, tpmLocator, SQLITE_TRANSIENT);
+ }
+
+ sqlite3_step(statement);
+ sqlite3_finalize(statement);
+}
+
+std::string
+SecPublicInfoSqlite3::getPibLocator()
+{
+ return string("pib-sqlite3:").append(m_location);
+}
+
+bool
SecPublicInfoSqlite3::doesIdentityExist(const Name& identityName)
{
bool result = false;
@@ -202,7 +277,7 @@
"SELECT count(*) FROM Identity WHERE identity_name=?",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
int res = sqlite3_step(statement);
if (res == SQLITE_ROW) {
@@ -228,7 +303,7 @@
"INSERT OR REPLACE INTO Identity (identity_name) values (?)",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
sqlite3_step(statement);
@@ -256,8 +331,8 @@
"SELECT count(*) FROM Key WHERE identity_name=? AND key_identifier=?",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
- sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 2, keyId, SQLITE_TRANSIENT);
int res = sqlite3_step(statement);
@@ -295,8 +370,8 @@
values (?, ?, ?, ?)",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
- sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 2, keyId, SQLITE_TRANSIENT);
sqlite3_bind_int(statement, 3, publicKeyDer.getKeyType());
sqlite3_bind_blob(statement, 4,
publicKeyDer.get().buf(),
@@ -324,8 +399,8 @@
"SELECT public_key FROM Key WHERE identity_name=? AND key_identifier=?",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
- sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 2, keyId, SQLITE_TRANSIENT);
int res = sqlite3_step(statement);
@@ -359,8 +434,8 @@
"SELECT key_type FROM Key WHERE identity_name=? AND key_identifier=?",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
- sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 2, keyId, SQLITE_TRANSIENT);
int res = sqlite3_step(statement);
@@ -386,7 +461,7 @@
"SELECT count(*) FROM Certificate WHERE cert_name=?",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, certificateName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, certificateName.toUri(), SQLITE_TRANSIENT);
int res = sqlite3_step(statement);
@@ -479,22 +554,22 @@
values (?, ?, ?, ?, datetime(?, 'unixepoch'), datetime(?, 'unixepoch'), ?)",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, certificateName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, certificateName.toUri(), SQLITE_TRANSIENT);
try
{
// this will throw an exception if the signature is not the standard one
// or there is no key locator present
std::string signerName = certificate.getSignature().getKeyLocator().getName().toUri();
- sqlite3_bind_text(statement, 2, signerName, SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 2, signerName, SQLITE_TRANSIENT);
}
catch (tlv::Error& e)
{
return;
}
- sqlite3_bind_text(statement, 3, identity.toUri(), SQLITE_TRANSIENT);
- sqlite3_bind_text(statement, 4, keyId, SQLITE_STATIC);
+ sqlite3_bind_string(statement, 3, identity.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 4, keyId, SQLITE_STATIC);
sqlite3_bind_int64(statement, 5,
static_cast<sqlite3_int64>(
@@ -522,7 +597,7 @@
"SELECT certificate_data FROM Certificate WHERE cert_name=?",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, certificateName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, certificateName.toUri(), SQLITE_TRANSIENT);
int res = sqlite3_step(statement);
@@ -554,8 +629,7 @@
if (res == SQLITE_ROW)
{
- Name identity(string(reinterpret_cast<const char *>(sqlite3_column_text(statement, 0)),
- sqlite3_column_bytes(statement, 0)));
+ Name identity(sqlite3_column_string(statement, 0));
sqlite3_finalize(statement);
return identity;
}
@@ -589,7 +663,7 @@
"UPDATE Identity SET default_identity=1 WHERE identity_name=?",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
sqlite3_step(statement);
@@ -604,7 +678,7 @@
"SELECT key_identifier FROM Key WHERE identity_name=? AND default_key=1",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
int res = sqlite3_step(statement);
@@ -639,7 +713,7 @@
"UPDATE Key SET default_key=0 WHERE default_key=1 and identity_name=?",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
while (sqlite3_step(statement) == SQLITE_ROW)
;
@@ -651,8 +725,8 @@
"UPDATE Key SET default_key=1 WHERE identity_name=? AND key_identifier=?",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
- sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 2, keyId, SQLITE_TRANSIENT);
sqlite3_step(statement);
@@ -674,8 +748,8 @@
WHERE identity_name=? AND key_identifier=? AND default_cert=1",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
- sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 2, keyId, SQLITE_TRANSIENT);
int res = sqlite3_step(statement);
@@ -711,8 +785,8 @@
WHERE default_cert=1 AND identity_name=? AND key_identifier=?",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
- sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 2, keyId, SQLITE_TRANSIENT);
while (sqlite3_step(statement) == SQLITE_ROW)
;
@@ -725,9 +799,9 @@
WHERE identity_name=? AND key_identifier=? AND cert_name=?",
-1, &statement, 0);
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
- sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
- sqlite3_bind_text(statement, 3, certificateName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 2, keyId, SQLITE_TRANSIENT);
+ sqlite3_bind_string(statement, 3, certificateName.toUri(), SQLITE_TRANSIENT);
sqlite3_step(statement);
@@ -795,10 +869,7 @@
"SELECT key_identifier FROM Key WHERE default_key=0 and identity_name=?",
-1, &stmt, 0);
- sqlite3_bind_text(stmt, 1,
- identity.toUri().c_str(),
- identity.toUri().size(),
- SQLITE_TRANSIENT);
+ sqlite3_bind_string(stmt, 1, identity.toUri(), SQLITE_TRANSIENT);
while (sqlite3_step(stmt) == SQLITE_ROW)
{
@@ -852,10 +923,10 @@
-1, &stmt, 0);
Name identity = keyName.getPrefix(-1);
- sqlite3_bind_text(stmt, 1, identity.toUri().c_str(), identity.toUri().size(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(stmt, 1, identity.toUri(), SQLITE_TRANSIENT);
std::string baseKeyName = keyName.get(-1).toUri();
- sqlite3_bind_text(stmt, 2, baseKeyName.c_str(), baseKeyName.size(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(stmt, 2, baseKeyName, SQLITE_TRANSIENT);
while (sqlite3_step(stmt) == SQLITE_ROW)
nameList.push_back(string(reinterpret_cast<const char *>(sqlite3_column_text(stmt, 0)),
@@ -872,7 +943,7 @@
sqlite3_stmt* stmt;
sqlite3_prepare_v2(m_database, "DELETE FROM Certificate WHERE cert_name=?", -1, &stmt, 0);
- sqlite3_bind_text(stmt, 1, certName.toUri().c_str(), certName.toUri().size(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(stmt, 1, certName.toUri(), SQLITE_TRANSIENT);
sqlite3_step(stmt);
sqlite3_finalize(stmt);
}
@@ -890,16 +961,16 @@
sqlite3_prepare_v2(m_database,
"DELETE FROM Certificate WHERE identity_name=? and key_identifier=?",
-1, &stmt, 0);
- sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size(), SQLITE_TRANSIENT);
- sqlite3_bind_text(stmt, 2, keyId.c_str(), keyId.size(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(stmt, 1, identity, SQLITE_TRANSIENT);
+ sqlite3_bind_string(stmt, 2, keyId, SQLITE_TRANSIENT);
sqlite3_step(stmt);
sqlite3_finalize(stmt);
sqlite3_prepare_v2(m_database,
"DELETE FROM Key WHERE identity_name=? and key_identifier=?",
-1, &stmt, 0);
- sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size(), SQLITE_TRANSIENT);
- sqlite3_bind_text(stmt, 2, keyId.c_str(), keyId.size(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(stmt, 1, identity, SQLITE_TRANSIENT);
+ sqlite3_bind_string(stmt, 2, keyId, SQLITE_TRANSIENT);
sqlite3_step(stmt);
sqlite3_finalize(stmt);
}
@@ -911,19 +982,25 @@
sqlite3_stmt* stmt;
sqlite3_prepare_v2(m_database, "DELETE FROM Certificate WHERE identity_name=?", -1, &stmt, 0);
- sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(stmt, 1, identity, SQLITE_TRANSIENT);
sqlite3_step(stmt);
sqlite3_finalize(stmt);
sqlite3_prepare_v2(m_database, "DELETE FROM Key WHERE identity_name=?", -1, &stmt, 0);
- sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(stmt, 1, identity, SQLITE_TRANSIENT);
sqlite3_step(stmt);
sqlite3_finalize(stmt);
sqlite3_prepare_v2(m_database, "DELETE FROM Identity WHERE identity_name=?", -1, &stmt, 0);
- sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size(), SQLITE_TRANSIENT);
+ sqlite3_bind_string(stmt, 1, identity, SQLITE_TRANSIENT);
sqlite3_step(stmt);
sqlite3_finalize(stmt);
}
+std::string
+SecPublicInfoSqlite3::getScheme()
+{
+ return SCHEME;
+}
+
} // namespace ndn
diff --git a/src/security/sec-public-info-sqlite3.hpp b/src/security/sec-public-info-sqlite3.hpp
index beaff10..7c2fbb6 100644
--- a/src/security/sec-public-info-sqlite3.hpp
+++ b/src/security/sec-public-info-sqlite3.hpp
@@ -45,7 +45,8 @@
}
};
- SecPublicInfoSqlite3();
+ explicit
+ SecPublicInfoSqlite3(const std::string& dir = "");
virtual
~SecPublicInfoSqlite3();
@@ -53,6 +54,16 @@
/**********************
* from SecPublicInfo *
**********************/
+
+ virtual void
+ setTpmLocator(const std::string& tpmLocator);
+
+ virtual std::string
+ getTpmLocator();
+
+ virtual std::string
+ getPibLocator();
+
virtual bool
doesIdentityExist(const Name& identityName);
@@ -118,16 +129,35 @@
virtual void
deleteIdentityInfo(const Name& identity);
-protected:
- virtual void
+private:
+ bool
+ initializeTable(const std::string& tableName, const std::string& initCommand);
+
+ void
+ deleteTable(const std::string& tableName);
+
+ void
+ setTpmLocatorInternal(const std::string& tpmLocator, bool needReset);
+
+ void
setDefaultIdentityInternal(const Name& identityName);
- virtual void
+ void
setDefaultKeyNameForIdentityInternal(const Name& keyName);
- virtual void
+ void
setDefaultCertificateNameForKeyInternal(const Name& certificateName);
+ std::string
+ getScheme();
+
+NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
+ bool
+ doesTableExist(const std::string& tableName);
+
+public:
+ static const std::string SCHEME;
+
private:
sqlite3* m_database;
};
diff --git a/src/security/sec-public-info.cpp b/src/security/sec-public-info.cpp
new file mode 100644
index 0000000..6b01758
--- /dev/null
+++ b/src/security/sec-public-info.cpp
@@ -0,0 +1,161 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2014 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "sec-public-info.hpp"
+
+namespace ndn {
+
+SecPublicInfo::SecPublicInfo(const std::string& location)
+ : m_location(location)
+{
+}
+
+SecPublicInfo::~SecPublicInfo()
+{
+}
+
+std::string
+SecPublicInfo::getPibLocator()
+{
+ return this->getScheme() + m_location;
+}
+
+void
+SecPublicInfo::addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey)
+{
+ addKey(keyName, publicKey);
+}
+
+void
+SecPublicInfo::setDefaultIdentity(const Name& identityName)
+{
+ setDefaultIdentityInternal(identityName);
+ refreshDefaultCertificate();
+}
+
+void
+SecPublicInfo::setDefaultKeyNameForIdentity(const Name& keyName)
+{
+ setDefaultKeyNameForIdentityInternal(keyName);
+ refreshDefaultCertificate();
+}
+
+void
+SecPublicInfo::setDefaultCertificateNameForKey(const Name& certificateName)
+{
+ setDefaultCertificateNameForKeyInternal(certificateName);
+ refreshDefaultCertificate();
+}
+
+Name
+SecPublicInfo::getDefaultCertificateNameForIdentity(const Name& identityName)
+{
+ return getDefaultCertificateNameForKey(getDefaultKeyNameForIdentity(identityName));
+}
+
+Name
+SecPublicInfo::getDefaultCertificateName()
+{
+ if (m_defaultCertificate == nullptr)
+ refreshDefaultCertificate();
+
+ if (m_defaultCertificate == nullptr)
+ throw Error("No default certificate is set");
+
+ return m_defaultCertificate->getName();
+}
+
+Name
+SecPublicInfo::getNewKeyName(const Name& identityName, bool useKsk)
+{
+ std::ostringstream oss;
+
+ if (useKsk)
+ oss << "ksk-";
+ else
+ oss << "dsk-";
+
+ oss << time::toUnixTimestamp(time::system_clock::now()).count();
+
+ Name keyName = Name(identityName).append(oss.str());
+
+ if (doesPublicKeyExist(keyName))
+ throw Error("Key name already exists: " + keyName.toUri());
+
+ return keyName;
+}
+
+void
+SecPublicInfo::addCertificateAsKeyDefault(const IdentityCertificate& certificate)
+{
+ addCertificate(certificate);
+ setDefaultCertificateNameForKeyInternal(certificate.getName());
+ refreshDefaultCertificate();
+}
+
+void
+SecPublicInfo::addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
+{
+ addCertificate(certificate);
+ Name certName = certificate.getName();
+ Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
+ setDefaultKeyNameForIdentityInternal(keyName);
+ setDefaultCertificateNameForKeyInternal(certName);
+ refreshDefaultCertificate();
+}
+
+void
+SecPublicInfo::addCertificateAsSystemDefault(const IdentityCertificate& certificate)
+{
+ addCertificate(certificate);
+ Name certName = certificate.getName();
+ Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
+ setDefaultIdentityInternal(keyName.getPrefix(-1));
+ setDefaultKeyNameForIdentityInternal(keyName);
+ setDefaultCertificateNameForKeyInternal(certName);
+ refreshDefaultCertificate();
+}
+
+shared_ptr<IdentityCertificate>
+SecPublicInfo::defaultCertificate()
+{
+ return getDefaultCertificate();
+}
+
+shared_ptr<IdentityCertificate>
+SecPublicInfo::getDefaultCertificate()
+{
+ return m_defaultCertificate;
+}
+
+void
+SecPublicInfo::refreshDefaultCertificate()
+{
+ try {
+ Name certName = getDefaultCertificateNameForIdentity(getDefaultIdentity());
+ m_defaultCertificate = getCertificate(certName);
+ }
+ catch (SecPublicInfo::Error&) {
+ m_defaultCertificate.reset();
+ }
+}
+
+} // namespace ndn
diff --git a/src/security/sec-public-info.hpp b/src/security/sec-public-info.hpp
index 743914e..4afee08 100644
--- a/src/security/sec-public-info.hpp
+++ b/src/security/sec-public-info.hpp
@@ -17,9 +17,6 @@
* <http://www.gnu.org/licenses/>.
*
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
- * @author Jeff Thompson <jefft0@remap.ucla.edu>
*/
#ifndef NDN_SECURITY_SEC_PUBLIC_INFO_HPP
@@ -52,13 +49,42 @@
}
};
+ explicit
+ SecPublicInfo(const std::string& location);
+
/**
* @brief The virtual Destructor
*/
virtual
- ~SecPublicInfo()
- {
- }
+ ~SecPublicInfo();
+
+ /**
+ * @brief Set the corresponding TPM information to @p tpmLocator
+ *
+ * If the provided @p tpmLocator is different from the existing one, the PIB will be reset,
+ * otherwise nothing will be changed.
+ *
+ * For legacy issue, the TPM info may not exist (some old PIB content may not have this info),
+ * this method will simply set the TPM info as provided without changing anything else. Thus an
+ * ideal process of handling old PIB is to check if TPM info exists. If it does not exist,
+ * then set it to the default value according to configuration.
+ */
+ virtual void
+ setTpmLocator(const std::string& tpmLocator) = 0;
+
+ /**
+ * @brief Get TPM Locator
+ *
+ * @throws SecPublicInfo::Error if the TPM info does not exist
+ */
+ virtual std::string
+ getTpmLocator() = 0;
+
+ /**
+ * @brief Get PIB Locator
+ */
+ std::string
+ getPibLocator();
/**
* @brief Check if the specified identity already exists
@@ -99,17 +125,14 @@
/**
* @brief Add a public key to the identity storage.
*
- * @deprecated Use addKey instead
- *
* @param keyName The name of the public key to be added
* @param keyType Type of the public key to be added
* @param publicKey Reference to the PublicKey object
+ * @deprecated Use addKey instead
*/
+ DEPRECATED(
void
- addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey)
- {
- addKey(keyName, publicKey);
- }
+ addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey));
/**
* @brief Add a public key to the identity storage.
@@ -306,6 +329,12 @@
virtual void
setDefaultCertificateNameForKeyInternal(const Name& certificateName) = 0;
+ /**
+ * @brief return the scheme of the PibLocator
+ */
+ virtual std::string
+ getScheme() = 0;
+
public:
/*****************************************
@@ -423,125 +452,9 @@
protected:
shared_ptr<IdentityCertificate> m_defaultCertificate;
+ std::string m_location;
};
-inline void
-SecPublicInfo::setDefaultIdentity(const Name& identityName)
-{
- setDefaultIdentityInternal(identityName);
- refreshDefaultCertificate();
-}
-
-inline void
-SecPublicInfo::setDefaultKeyNameForIdentity(const Name& keyName)
-{
- setDefaultKeyNameForIdentityInternal(keyName);
- refreshDefaultCertificate();
-}
-
-inline void
-SecPublicInfo::setDefaultCertificateNameForKey(const Name& certificateName)
-{
- setDefaultCertificateNameForKeyInternal(certificateName);
- refreshDefaultCertificate();
-}
-
-inline Name
-SecPublicInfo::getDefaultCertificateNameForIdentity(const Name& identityName)
-{
- return getDefaultCertificateNameForKey(getDefaultKeyNameForIdentity(identityName));
-}
-
-inline Name
-SecPublicInfo::getNewKeyName (const Name& identityName, bool useKsk)
-{
- std::ostringstream oss;
-
- if (useKsk)
- oss << "ksk-";
- else
- oss << "dsk-";
-
- oss << time::toUnixTimestamp(time::system_clock::now()).count();
-
- Name keyName = Name(identityName).append(oss.str());
-
- if (doesPublicKeyExist(keyName))
- throw Error("Key name already exists: " + keyName.toUri());
-
- return keyName;
-}
-
-inline Name
-SecPublicInfo::getDefaultCertificateName()
-{
- if (!static_cast<bool>(m_defaultCertificate))
- refreshDefaultCertificate();
-
- if (!static_cast<bool>(m_defaultCertificate))
- throw Error("No default certificate is set");
-
- return m_defaultCertificate->getName();
-}
-
-inline void
-SecPublicInfo::addCertificateAsKeyDefault(const IdentityCertificate& certificate)
-{
- addCertificate(certificate);
- setDefaultCertificateNameForKeyInternal(certificate.getName());
- refreshDefaultCertificate();
-}
-
-inline void
-SecPublicInfo::addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
-{
- addCertificate(certificate);
- Name certName = certificate.getName();
- Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
- setDefaultKeyNameForIdentityInternal(keyName);
- setDefaultCertificateNameForKeyInternal(certName);
- refreshDefaultCertificate();
-}
-
-inline void
-SecPublicInfo::addCertificateAsSystemDefault(const IdentityCertificate& certificate)
-{
- addCertificate(certificate);
- Name certName = certificate.getName();
- Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
- setDefaultIdentityInternal(keyName.getPrefix(-1));
- setDefaultKeyNameForIdentityInternal(keyName);
- setDefaultCertificateNameForKeyInternal(certName);
- refreshDefaultCertificate();
-}
-
-inline shared_ptr<IdentityCertificate>
-SecPublicInfo::defaultCertificate()
-{
- return getDefaultCertificate();
-}
-
-inline shared_ptr<IdentityCertificate>
-SecPublicInfo::getDefaultCertificate()
-{
- return m_defaultCertificate;
-}
-
-inline void
-SecPublicInfo::refreshDefaultCertificate()
-{
- try
- {
- Name certName = getDefaultCertificateNameForIdentity(getDefaultIdentity());
- m_defaultCertificate = getCertificate(certName);
- }
- catch (SecPublicInfo::Error& e)
- {
- m_defaultCertificate.reset();
- }
-
-}
-
} // namespace ndn
-#endif //NDN_SECURITY_SEC_PUBLIC_INFO_HPP
+#endif // NDN_SECURITY_SEC_PUBLIC_INFO_HPP
diff --git a/src/security/sec-tpm-file.cpp b/src/security/sec-tpm-file.cpp
index 7d0748d..26862c5 100644
--- a/src/security/sec-tpm-file.cpp
+++ b/src/security/sec-tpm-file.cpp
@@ -44,6 +44,8 @@
using std::ostringstream;
using std::ofstream;
+const std::string SecTpmFile::SCHEME("tpm-file:");
+
class SecTpmFile::Impl
{
public:
@@ -53,7 +55,7 @@
if (dir.empty())
m_keystorePath = boost::filesystem::path(getenv("HOME")) / ".ndn" / "ndnsec-tpm-file";
else
- m_keystorePath = dir;
+ m_keystorePath = boost::filesystem::path(dir) / ".ndn" / "ndnsec-tpm-file";
boost::filesystem::create_directories(m_keystorePath);
}
@@ -95,12 +97,17 @@
};
-SecTpmFile::SecTpmFile(const string& dir)
- : m_impl(new Impl(dir))
+SecTpmFile::SecTpmFile(const string& location)
+ : SecTpm(location)
+ , m_impl(new Impl(location))
, m_inTerminal(false)
{
}
+SecTpmFile::~SecTpmFile()
+{
+}
+
void
SecTpmFile::generateKeyPairInTpm(const Name& keyName, const KeyParams& params)
{
@@ -239,6 +246,12 @@
os.str().size());
}
+std::string
+SecTpmFile::getScheme()
+{
+ return SCHEME;
+}
+
ConstBufferPtr
SecTpmFile::exportPrivateKeyPkcs8FromTpm(const Name& keyName)
{
diff --git a/src/security/sec-tpm-file.hpp b/src/security/sec-tpm-file.hpp
index 3c97e4e..f9d954e 100644
--- a/src/security/sec-tpm-file.hpp
+++ b/src/security/sec-tpm-file.hpp
@@ -49,9 +49,7 @@
SecTpmFile(const std::string& dir = "");
virtual
- ~SecTpmFile()
- {
- }
+ ~SecTpmFile();
virtual void
setTpmPassword(const uint8_t* password, size_t passwordLength)
@@ -124,6 +122,8 @@
////////////////////////////////
// From TrustedPlatformModule //
////////////////////////////////
+ virtual std::string
+ getScheme();
virtual ConstBufferPtr
exportPrivateKeyPkcs8FromTpm(const Name& keyName);
@@ -134,12 +134,15 @@
virtual bool
importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size);
+public:
+ static const std::string SCHEME;
+
private:
class Impl;
- shared_ptr<Impl> m_impl;
+ unique_ptr<Impl> m_impl;
bool m_inTerminal;
};
} // namespace ndn
-#endif //NDN_SECURITY_SEC_TPM_FILE_HPP
+#endif // NDN_SECURITY_SEC_TPM_FILE_HPP
diff --git a/src/security/sec-tpm-osx.cpp b/src/security/sec-tpm-osx.cpp
index 9f722fd..593c586 100644
--- a/src/security/sec-tpm-osx.cpp
+++ b/src/security/sec-tpm-osx.cpp
@@ -47,6 +47,8 @@
using std::string;
+const std::string SecTpmOsx::SCHEME("tpm-osxkeychain:");
+
/**
* @brief Helper class to wrap CoreFoundation object pointers
*
@@ -236,9 +238,11 @@
bool m_inTerminal;
};
-SecTpmOsx::SecTpmOsx()
- : m_impl(new Impl)
+SecTpmOsx::SecTpmOsx(const std::string& location)
+ : SecTpm(location)
+ , m_impl(new Impl)
{
+ // TODO: add location support
if (m_impl->m_inTerminal)
SecKeychainSetUserInteractionAllowed(false);
else
@@ -250,8 +254,8 @@
throw Error("No default keychain, create one first!");
}
-SecTpmOsx::~SecTpmOsx(){
- //TODO: implement
+SecTpmOsx::~SecTpmOsx()
+{
}
void
@@ -525,6 +529,12 @@
return key;
}
+std::string
+SecTpmOsx::getScheme()
+{
+ return SCHEME;
+}
+
ConstBufferPtr
SecTpmOsx::exportPrivateKeyPkcs8FromTpmInternal(const Name& keyName, bool needRetry)
{
diff --git a/src/security/sec-tpm-osx.hpp b/src/security/sec-tpm-osx.hpp
index fca8dda..fc6360d 100644
--- a/src/security/sec-tpm-osx.hpp
+++ b/src/security/sec-tpm-osx.hpp
@@ -47,14 +47,13 @@
}
};
- SecTpmOsx();
+ explicit
+ SecTpmOsx(const std::string& location = "");
virtual
~SecTpmOsx();
-
// Following methods are inherited from SecTpm
-
virtual void
setTpmPassword(const uint8_t* password, size_t passwordLength);
@@ -115,6 +114,9 @@
protected:
// Following methods are inherited from SecTpm
+ virtual std::string
+ getScheme();
+
virtual ConstBufferPtr
exportPrivateKeyPkcs8FromTpm(const Name& keyName)
{
@@ -150,6 +152,9 @@
const Name& keyName, DigestAlgorithm digestAlgorithm,
bool needRetry);
+public:
+ static const std::string SCHEME;
+
private:
class Impl;
shared_ptr<Impl> m_impl;
diff --git a/src/security/sec-tpm.cpp b/src/security/sec-tpm.cpp
index 97adf7a..d8c6a4f 100644
--- a/src/security/sec-tpm.cpp
+++ b/src/security/sec-tpm.cpp
@@ -31,6 +31,21 @@
using std::string;
+SecTpm::SecTpm(const string& location)
+ : m_location(location)
+{
+}
+
+SecTpm::~SecTpm()
+{
+}
+
+std::string
+SecTpm::getTpmLocator()
+{
+ return this->getScheme() + m_location;
+}
+
ConstBufferPtr
SecTpm::exportPrivateKeyPkcs5FromTpm(const Name& keyName, const string& passwordStr)
{
diff --git a/src/security/sec-tpm.hpp b/src/security/sec-tpm.hpp
index 031aa2b..20a103d 100644
--- a/src/security/sec-tpm.hpp
+++ b/src/security/sec-tpm.hpp
@@ -51,10 +51,14 @@
}
};
+ explicit
+ SecTpm(const std::string& location);
+
virtual
- ~SecTpm()
- {
- }
+ ~SecTpm();
+
+ std::string
+ getTpmLocator();
/**
* @brief set password of TPM
@@ -246,6 +250,9 @@
const std::string& password);
protected:
+ virtual std::string
+ getScheme() = 0;
+
/**
* @brief Export a private key in PKCS#8 format.
*
@@ -288,8 +295,11 @@
*/
virtual bool
getImpExpPassWord(std::string& password, const std::string& prompt);
+
+protected:
+ std::string m_location;
};
} // namespace ndn
-#endif //NDN_SECURITY_SEC_TPM_HPP
+#endif // NDN_SECURITY_SEC_TPM_HPP
diff --git a/tests/unit-tests/security/identity-management-fixture.cpp b/tests/identity-management-fixture.cpp
similarity index 87%
rename from tests/unit-tests/security/identity-management-fixture.cpp
rename to tests/identity-management-fixture.cpp
index 72c0cbe..739725c 100644
--- a/tests/unit-tests/security/identity-management-fixture.cpp
+++ b/tests/identity-management-fixture.cpp
@@ -25,15 +25,13 @@
namespace security {
IdentityManagementFixture::IdentityManagementFixture()
- : m_keyChain("sqlite3", "file")
{
}
IdentityManagementFixture::~IdentityManagementFixture()
{
- for (std::vector<Name>::iterator it = m_identities.begin();
- it != m_identities.end(); it++) {
- m_keyChain.deleteIdentity(*it);
+ for (const auto& identity : m_identities) {
+ m_keyChain.deleteIdentity(identity);
}
}
@@ -45,7 +43,7 @@
m_identities.push_back(identity);
return true;
}
- catch (std::runtime_error& e) {
+ catch (std::runtime_error&) {
return false;
}
}
diff --git a/tests/unit-tests/security/identity-management-fixture.hpp b/tests/identity-management-fixture.hpp
similarity index 91%
rename from tests/unit-tests/security/identity-management-fixture.hpp
rename to tests/identity-management-fixture.hpp
index 268d2ea..116309a 100644
--- a/tests/unit-tests/security/identity-management-fixture.hpp
+++ b/tests/identity-management-fixture.hpp
@@ -19,6 +19,9 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
+#ifndef NDN_TESTS_IDENTITY_MANAGEMENT_FIXTURE_HPP
+#define NDN_TESTS_IDENTITY_MANAGEMENT_FIXTURE_HPP
+
#include "security/key-chain.hpp"
#include <vector>
@@ -51,3 +54,5 @@
} // namespace security
} // namespace ndn
+
+#endif // NDN_TESTS_IDENTITY_MANAGEMENT_FIXTURE_HPP
diff --git a/tests/integrated/test-faces.cpp b/tests/integrated/test-faces.cpp
index 9550286..05a2d6a 100644
--- a/tests/integrated/test-faces.cpp
+++ b/tests/integrated/test-faces.cpp
@@ -23,12 +23,13 @@
#include "util/scheduler.hpp"
#include "security/key-chain.hpp"
+#include "identity-management-fixture.hpp"
#include "boost-test.hpp"
namespace ndn {
namespace tests {
-class FacesFixture
+class FacesFixture : public security::IdentityManagementFixture
{
public:
FacesFixture()
@@ -147,8 +148,7 @@
shared_ptr<Data> data = make_shared<Data>(veryLongName);
data->setContent(reinterpret_cast<const uint8_t*>("01234567890"), 10);
- KeyChain keyChain;
- keyChain.sign(*data);
+ m_keyChain.sign(*data);
BOOST_CHECK_THROW(face.put(*data), Face::Error);
BOOST_REQUIRE_NO_THROW(face.processEvents());
diff --git a/tests/integrated/test-validator-config.cpp b/tests/integrated/test-validator-config.cpp
deleted file mode 100644
index 34f8fee..0000000
--- a/tests/integrated/test-validator-config.cpp
+++ /dev/null
@@ -1,1651 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2014 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <yingdi0@cs.ucla.edu>
- */
-
-#include "security/validator-config.hpp"
-
-#include "security/key-chain.hpp"
-#include "util/io.hpp"
-#include "util/scheduler.hpp"
-
-#include <boost/asio.hpp>
-
-#include "boost-test.hpp"
-
-using namespace std;
-
-namespace ndn {
-
-BOOST_AUTO_TEST_SUITE(TestValidatorConfig)
-
-void
-onValidated(const shared_ptr<const Data>& data)
-{
- BOOST_CHECK(true);
-}
-
-void
-onValidationFailed(const shared_ptr<const Data>& data, const string& failureInfo)
-{
- std::cerr << "Failure Info: " << failureInfo << std::endl;
- BOOST_CHECK(false);
-}
-
-void
-onIntentionalFailureValidated(const shared_ptr<const Data>& data)
-{
- BOOST_CHECK(false);
-}
-
-void
-onIntentionalFailureInvalidated(const shared_ptr<const Data>& data, const string& failureInfo)
-{
- BOOST_CHECK(true);
-}
-
-void
-onValidated2(const shared_ptr<const Interest>& interest)
-{
- BOOST_CHECK(true);
-}
-
-void
-onValidationFailed2(const shared_ptr<const Interest>& interest, const string& failureInfo)
-{
- std::cerr << "Interest Name: " << interest->getName() << std::endl;
- std::cerr << "Failure Info: " << failureInfo << std::endl;
- BOOST_CHECK(false);
-}
-
-void
-onIntentionalFailureValidated2(const shared_ptr<const Interest>& interest)
-{
- BOOST_CHECK(false);
-}
-
-void
-onIntentionalFailureInvalidated2(const shared_ptr<const Interest>& interest,
- const string& failureInfo)
-{
- BOOST_CHECK(true);
-}
-
-BOOST_AUTO_TEST_CASE(NameFilter)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/NameFilter");
- identity.appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
- Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
- shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
- io::save(*idCert, "trust-anchor-1.cert");
-
- Name dataName1("/simple/equal");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
-
- Name dataName2("/simple/different");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
-
- std::string CONFIG_1 =
- "rule\n"
- "{\n"
- " id \"Simple Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /simple/equal\n"
- " relation equal\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " name ";
-
- std::string CONFIG_2 =
- "\n"
- " relation equal\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-1.cert\"\n"
- "}\n";
- const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*data1,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- validator.validate(*data2,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- keyChain.deleteIdentity(identity);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-1.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-BOOST_AUTO_TEST_CASE(NameFilter2)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/NameFilter2");
- identity.appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
- Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
- shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
- io::save(*idCert, "trust-anchor-2.cert");
-
- Name dataName1("/simple/isPrefixOf");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
-
- Name dataName2("/simple/notPrefixOf");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
-
- Name dataName3("/simple/isPrefixOf/anotherLevel");
- shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
-
- std::string CONFIG_1 =
- "rule\n"
- "{\n"
- " id \"Simple2 Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /simple/isPrefixOf\n"
- " relation is-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " name ";
-
- std::string CONFIG_2 =
- "\n"
- " relation equal\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-2.cert\"\n"
- "}\n";
- const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*data1,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- validator.validate(*data2,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- validator.validate(*data3,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- keyChain.deleteIdentity(identity);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-2.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-BOOST_AUTO_TEST_CASE(NameFilter3)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/NameFilter3");
- identity.appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
- Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
- shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
- io::save(*idCert, "trust-anchor-3.cert");
-
- Name dataName1("/simple/isStrictPrefixOf");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
-
- Name dataName2("/simple");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
-
- Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
- shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
-
- std::string CONFIG_1 =
- "rule\n"
- "{\n"
- " id \"Simple3 Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /simple/isStrictPrefixOf\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " name ";
-
- std::string CONFIG_2 =
- "\n"
- " relation equal\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-3.cert\"\n"
- "}\n";
- const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*data1,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- validator.validate(*data2,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- validator.validate(*data3,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- keyChain.deleteIdentity(identity);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-3.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-BOOST_AUTO_TEST_CASE(NameFilter4)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/NameFilter4");
- identity.appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
- Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
- shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
- io::save(*idCert, "trust-anchor-4.cert");
-
- Name dataName1("/simple/regex");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
-
- Name dataName2("/simple/regex-wrong");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
-
- Name dataName3("/simple/regex/correct");
- shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
-
- std::string CONFIG_1 =
- "rule\n"
- "{\n"
- " id \"Simple3 Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " regex ^<simple><regex>\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " name ";
-
- std::string CONFIG_2 =
- "\n"
- " relation equal\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-4.cert\"\n"
- "}\n";
- const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*data1,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- validator.validate(*data2,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- validator.validate(*data3,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- keyChain.deleteIdentity(identity);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-4.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-BOOST_AUTO_TEST_CASE(KeyLocatorNameChecker1)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
- identity.appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
- Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
- shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
- io::save(*idCert, "trust-anchor-5.cert");
-
- Name dataName1 = identity;
- dataName1.append("1");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
-
- Name dataName2 = identity;
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
-
- Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
- shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"Simple3 Rule\"\n"
- " for data\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " hyper-relation\n"
- " {\n"
- " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
- " k-expand \\\\1\\\\2\n"
- " h-relation is-strict-prefix-of\n"
- " p-regex ^(<>*)$\n"
- " p-expand \\\\1\n"
- " }\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-5.cert\"\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*data1,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- validator.validate(*data2,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- validator.validate(*data3,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- keyChain.deleteIdentity(identity);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-5.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-struct FacesFixture
-{
- FacesFixture()
- : regPrefixId(0)
- , regPrefixId2(0)
- {}
-
- void
- onInterest(shared_ptr<Face> face, shared_ptr<Data> data)
- {
- face->put(*data);
- face->unsetInterestFilter(regPrefixId);
- }
-
- void
- onInterest2(shared_ptr<Face> face, shared_ptr<Data> data)
- {
- face->put(*data);
- face->unsetInterestFilter(regPrefixId2);
- }
-
- void
- onRegFailed()
- {}
-
- void
- validate1(shared_ptr<ValidatorConfig> validator, shared_ptr<Data> data)
- {
- validator->validate(*data,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
- }
-
- void
- validate2(shared_ptr<ValidatorConfig> validator, shared_ptr<Data> data)
- {
- validator->validate(*data,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
- }
-
- void
- validate3(shared_ptr<ValidatorConfig> validator, shared_ptr<Interest> interest)
- {
- validator->validate(*interest,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
- }
-
- void
- validate4(shared_ptr<ValidatorConfig> validator, shared_ptr<Interest> interest)
- {
- validator->validate(*interest,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
- }
-
- void
- terminate(shared_ptr<Face> face)
- {
- face->getIoService().stop();
- }
-
- const RegisteredPrefixId* regPrefixId;
- const RegisteredPrefixId* regPrefixId2;
-};
-
-BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
-{
- KeyChain keyChain;
- std::vector<CertificateSubjectDescription> subjectDescription;
-
- Name root("/TestValidatorConfig");
- Name rootCertName = keyChain.createIdentity(root);
- shared_ptr<IdentityCertificate> rootCert =
- keyChain.getCertificate(rootCertName);
- io::save(*rootCert, "trust-anchor-6.cert");
-
-
- Name sld("/TestValidatorConfig/HierarchicalChecker");
- Name sldKeyName = keyChain.generateRsaKeyPairAsDefault(sld, true);
- shared_ptr<IdentityCertificate> sldCert =
- keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
- root,
- time::system_clock::now(),
- time::system_clock::now() + time::days(7300),
- subjectDescription);
- keyChain.signByIdentity(*sldCert, root);
- keyChain.addCertificateAsIdentityDefault(*sldCert);
-
- Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
- Name nldKeyName = keyChain.generateRsaKeyPairAsDefault(nld, true);
- shared_ptr<IdentityCertificate> nldCert =
- keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
- sld,
- time::system_clock::now(),
- time::system_clock::now() + time::days(7300),
- subjectDescription);
- keyChain.signByIdentity(*nldCert, sld);
- keyChain.addCertificateAsIdentityDefault(*nldCert);
-
- shared_ptr<Face> face = make_shared<Face>();
- Face face2(face->getIoService());
- Scheduler scheduler(face->getIoService());
-
- scheduler.scheduleEvent(time::seconds(1),
- bind(&FacesFixture::terminate, this, face));
-
- regPrefixId = face->setInterestFilter(sldCert->getName().getPrefix(-1),
- bind(&FacesFixture::onInterest, this, face, sldCert),
- RegisterPrefixSuccessCallback(),
- bind(&FacesFixture::onRegFailed, this));
-
- regPrefixId2 = face->setInterestFilter(nldCert->getName().getPrefix(-1),
- bind(&FacesFixture::onInterest2, this, face, nldCert),
- RegisterPrefixSuccessCallback(),
- bind(&FacesFixture::onRegFailed, this));
-
- Name dataName1 = nld;
- dataName1.append("data1");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, nld));
-
- Name dataName2("/ConfValidatorTest");
- dataName2.append("data1");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, nld));
-
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"Simple3 Rule\"\n"
- " for data\n"
- " checker\n"
- " {\n"
- " type hierarchical\n"
- " sig-type rsa-sha256\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-6.cert\"\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face2));
- validator->load(CONFIG, CONFIG_PATH.native());
-
- scheduler.scheduleEvent(time::milliseconds(200),
- bind(&FacesFixture::validate1, this,
- validator, data1));
-
- scheduler.scheduleEvent(time::milliseconds(400),
- bind(&FacesFixture::validate2, this,
- validator, data2));
-
- BOOST_REQUIRE_NO_THROW(face->processEvents());
-
- keyChain.deleteIdentity(root);
- keyChain.deleteIdentity(sld);
- keyChain.deleteIdentity(nld);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-6.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-BOOST_AUTO_TEST_CASE(FixedSignerChecker)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/FixedSignerChecker");
-
- Name identity1 = identity;
- identity1.append("1").appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity1));
- Name certName1 = keyChain.getDefaultCertificateNameForIdentity(identity1);
- shared_ptr<IdentityCertificate> idCert1 = keyChain.getCertificate(certName1);
- io::save(*idCert1, "trust-anchor-7.cert");
-
- Name identity2 = identity;
- identity2.append("2").appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity2));
-
- Name dataName1 = identity;
- dataName1.append("data").appendVersion();
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity1));
-
- Name dataName2 = identity;
- dataName2.append("data").appendVersion();
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity2));
-
- Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
- shared_ptr<Interest> interest = make_shared<Interest>(interestName);
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Data Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/FixedSignerChecker\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-7.cert\"\n"
- " }\n"
- " }\n"
- "}\n"
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Interest Rule\"\n"
- " for interest\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/FixedSignerChecker\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-7.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*data1,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- validator.validate(*data2,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- validator.validate(*interest,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
-
-
- keyChain.deleteIdentity(identity1);
- keyChain.deleteIdentity(identity2);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-7.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-
-BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
-{
- KeyChain keyChain;
- std::vector<CertificateSubjectDescription> subjectDescription;
-
- Name root("/TestValidatorConfig");
- Name rootCertName = keyChain.createIdentity(root);
- shared_ptr<IdentityCertificate> rootCert =
- keyChain.getCertificate(rootCertName);
- io::save(*rootCert, "trust-anchor-8.cert");
-
-
- Name sld("/TestValidatorConfig/Nrd-1");
- Name sldKeyName = keyChain.generateRsaKeyPairAsDefault(sld, true);
- shared_ptr<IdentityCertificate> sldCert =
- keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
- root,
- time::system_clock::now(),
- time::system_clock::now() + time::days(7300),
- subjectDescription);
- keyChain.signByIdentity(*sldCert, root);
- keyChain.addCertificateAsIdentityDefault(*sldCert);
-
- Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
- Name nldKeyName = keyChain.generateRsaKeyPairAsDefault(nld, true);
- shared_ptr<IdentityCertificate> nldCert =
- keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
- sld,
- time::system_clock::now(),
- time::system_clock::now() + time::days(7300),
- subjectDescription);
- keyChain.signByIdentity(*nldCert, sld);
- keyChain.addCertificateAsIdentityDefault(*nldCert);
-
- shared_ptr<Face> face = make_shared<Face>();
- Face face2(face->getIoService());
- Scheduler scheduler(face->getIoService());
-
- scheduler.scheduleEvent(time::seconds(1),
- bind(&FacesFixture::terminate, this, face));
-
- regPrefixId = face->setInterestFilter(sldCert->getName().getPrefix(-1),
- bind(&FacesFixture::onInterest, this, face, sldCert),
- RegisterPrefixSuccessCallback(),
- bind(&FacesFixture::onRegFailed, this));
-
- regPrefixId2 = face->setInterestFilter(nldCert->getName().getPrefix(-1),
- bind(&FacesFixture::onInterest2, this, face, nldCert),
- RegisterPrefixSuccessCallback(),
- bind(&FacesFixture::onRegFailed, this));
-
- Name interestName1("/localhost/nrd/register/option");
- shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest1, nld));
-
- Name interestName2("/localhost/nrd/non-register");
- shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest2, nld));
-
- Name interestName3("/localhost/nrd/register/option");
- shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest3, root));
-
- Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
- shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"NRD Prefix Registration Command Rule\"\n"
- " for interest\n"
- " filter\n"
- " {\n"
- " type name\n"
- " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
- " }\n"
- " }\n"
- "}\n"
- "rule\n"
- "{\n"
- " id \"Testbed Hierarchy Rule\"\n"
- " for data\n"
- " filter\n"
- " {\n"
- " type name\n"
- " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
- " }\n"
- " checker\n"
- " {\n"
- " type hierarchical\n"
- " sig-type rsa-sha256\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-8.cert\"\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face2));
- validator->load(CONFIG, CONFIG_PATH.native());
-
- // should succeed
- scheduler.scheduleEvent(time::milliseconds(200),
- bind(&FacesFixture::validate3, this,
- validator, interest1));
- // should fail
- scheduler.scheduleEvent(time::milliseconds(400),
- bind(&FacesFixture::validate4, this,
- validator, interest2));
- // should succeed
- scheduler.scheduleEvent(time::milliseconds(600),
- bind(&FacesFixture::validate3, this,
- validator, interest3));
- // should fail
- scheduler.scheduleEvent(time::milliseconds(600),
- bind(&FacesFixture::validate4, this,
- validator, interest4));
-
- BOOST_REQUIRE_NO_THROW(face->processEvents());
-
- keyChain.deleteIdentity(root);
- keyChain.deleteIdentity(sld);
- keyChain.deleteIdentity(nld);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-BOOST_AUTO_TEST_CASE(Reset)
-{
- KeyChain keyChain;
-
- Name root("/TestValidatorConfig/Reload");
- Name rootCertName = keyChain.createIdentity(root);
- shared_ptr<IdentityCertificate> rootCert =
- keyChain.getCertificate(rootCertName);
- io::save(*rootCert, "trust-anchor-8.cert");
-
- Face face;
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"NRD Prefix Registration Command Rule\"\n"
- " for interest\n"
- " filter\n"
- " {\n"
- " type name\n"
- " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
- " }\n"
- " }\n"
- "}\n"
- "rule\n"
- "{\n"
- " id \"Testbed Hierarchy Rule\"\n"
- " for data\n"
- " filter\n"
- " {\n"
- " type name\n"
- " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
- " }\n"
- " checker\n"
- " {\n"
- " type hierarchical\n"
- " sig-type rsa-sha256\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-8.cert\"\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
-
- validator->load(CONFIG, CONFIG_PATH.native());
- BOOST_CHECK_EQUAL(validator->isEmpty(), false);
-
- validator->reset();
- BOOST_CHECK(validator->isEmpty());
-
- keyChain.deleteIdentity(root);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-BOOST_AUTO_TEST_CASE(TrustAnchorWildcard)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/Wildcard");
- identity.appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
-
- Name dataName1("/any/data");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
-
- std::string CONFIG =
- "trust-anchor\n"
- "{\n"
- " type any\n"
- "}\n";
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*data1,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- keyChain.deleteIdentity(identity);
-}
-
-
-
-struct DirTestFixture
-{
- DirTestFixture()
- : m_scheduler(m_face.getIoService())
- , m_validator(m_face, ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
- ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
- {
- m_certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
- boost::filesystem::create_directory(m_certDirPath);
-
- m_firstCertPath = (boost::filesystem::current_path() /
- std::string("test-cert-dir") /
- std::string("trust-anchor-1.cert"));
-
- m_secondCertPath = (boost::filesystem::current_path() /
- std::string("test-cert-dir") /
- std::string("trust-anchor-2.cert"));
-
- m_firstIdentity = Name("/TestValidatorConfig/Dir/First");
- BOOST_REQUIRE_NO_THROW(m_keyChain.createIdentity(m_firstIdentity));
- Name firstCertName = m_keyChain.getDefaultCertificateNameForIdentity(m_firstIdentity);
- m_firstCert = m_keyChain.getCertificate(firstCertName);
- io::save(*m_firstCert, m_firstCertPath.string());
-
- m_secondIdentity = Name("/TestValidatorConfig/Dir/Second");
- BOOST_REQUIRE_NO_THROW(m_keyChain.createIdentity(m_secondIdentity));
- Name secondCertName = m_keyChain.getDefaultCertificateNameForIdentity(m_secondIdentity);
- m_secondCert = m_keyChain.getCertificate(secondCertName);
- }
-
- ~DirTestFixture()
- {
- m_keyChain.deleteIdentity(m_firstIdentity);
- m_keyChain.deleteIdentity(m_secondIdentity);
-
- boost::filesystem::remove_all(m_certDirPath);
- }
-
- void
- insertSecondTrustAnchor()
- {
- io::save(*m_secondCert, m_secondCertPath.string());
- }
-
- void
- validate(shared_ptr<Data> data)
- {
- m_validator.validate(*data,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
- }
-
- void
- invalidate(shared_ptr<Data> data)
- {
- m_validator.validate(*data,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
- }
-
- void
- terminate()
- {
- m_face.getIoService().stop();
- }
-
-protected:
-
- KeyChain m_keyChain;
-
- boost::filesystem::path m_certDirPath;
- boost::filesystem::path m_firstCertPath;
- boost::filesystem::path m_secondCertPath;
-
- Name m_firstIdentity;
- Name m_secondIdentity;
-
- shared_ptr<IdentityCertificate> m_firstCert;
- shared_ptr<IdentityCertificate> m_secondCert;
-
- Face m_face;
- Scheduler m_scheduler;
- ValidatorConfig m_validator;
-};
-
-BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
-{
- Name dataName1("/any/data/1");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, m_firstIdentity));
-
- Name dataName2("/any/data/2");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, m_secondIdentity));
-
- std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"Any Rule\"\n"
- " for data\n"
- " filter\n"
- " {\n"
- " type name\n"
- " regex ^<>*$\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " regex ^<>*$\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type dir\n"
- " dir test-cert-dir\n"
- " refresh 1s\n"
- "}\n";
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- m_validator.load(CONFIG, CONFIG_PATH.native());
-
- m_scheduler.scheduleEvent(time::milliseconds(200),
- bind(&DirTestFixture::validate, this, data1));
- m_scheduler.scheduleEvent(time::milliseconds(200),
- bind(&DirTestFixture::invalidate, this, data2));
-
- m_scheduler.scheduleEvent(time::milliseconds(500),
- bind(&DirTestFixture::insertSecondTrustAnchor, this));
-
- m_scheduler.scheduleEvent(time::milliseconds(1500),
- bind(&DirTestFixture::validate, this, data1));
- m_scheduler.scheduleEvent(time::milliseconds(1500),
- bind(&DirTestFixture::validate, this, data2));
-
- m_scheduler.scheduleEvent(time::milliseconds(2000),
- bind(&DirTestFixture::terminate, this));
-
- BOOST_REQUIRE_NO_THROW(m_face.processEvents());
-}
-
-
-BOOST_AUTO_TEST_CASE(SignedInterestTest)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/SignedInterestTest");
-
- Name identity1 = identity;
- identity1.appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity1));
- Name certName1 = keyChain.getDefaultCertificateNameForIdentity(identity1);
- shared_ptr<IdentityCertificate> idCert1 = keyChain.getCertificate(certName1);
- io::save(*idCert1, "trust-anchor-9.cert");
-
- Name interestName("/TestValidatorConfig/SignedInterestTest");
- Name interestName1 = interestName;
- interestName1.append("1");
- shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
- Name interestName2 = interestName;
- interestName2.append("2");
- shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
-
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest1, identity1));
- usleep(10000);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest2, identity1));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Interest Rule\"\n"
- " for interest\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/SignedInterestTest\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-9.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*interest1,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest2,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest1,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
-
-
- keyChain.deleteIdentity(identity1);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-9.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-
-BOOST_AUTO_TEST_CASE(MaxKeyTest)
-{
-
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/MaxKeyTest");
-
- Name identity1 = identity;
- identity1.append("Key1");
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity1));
- Name certName1 = keyChain.getDefaultCertificateNameForIdentity(identity1);
- shared_ptr<IdentityCertificate> idCert1 = keyChain.getCertificate(certName1);
- io::save(*idCert1, "trust-anchor-10-1.cert");
-
- Name identity2 = identity;
- identity2.append("Key2");
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity2));
- Name certName2 = keyChain.getDefaultCertificateNameForIdentity(identity2);
- shared_ptr<IdentityCertificate> idCert2 = keyChain.getCertificate(certName2);
- io::save(*idCert2, "trust-anchor-10-2.cert");
-
- Name identity3 = identity;
- identity3.append("Key3");
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity3));
- Name certName3 = keyChain.getDefaultCertificateNameForIdentity(identity3);
- shared_ptr<IdentityCertificate> idCert3 = keyChain.getCertificate(certName3);
- io::save(*idCert3, "trust-anchor-10-3.cert");
-
-
- Name interestName("/TestValidatorConfig/MaxKeyTest");
- Name interestName1 = interestName;
- interestName1.append("1");
- shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
- Name interestName2 = interestName;
- interestName2.append("2");
- shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
- Name interestName3 = interestName;
- interestName3.append("3");
- shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
-
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest1, identity1));
- usleep(10000);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest2, identity2));
- usleep(10000);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest3, identity3));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Interest Rule\"\n"
- " for interest\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/MaxKeyTest\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-1.cert\"\n"
- " }\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-2.cert\"\n"
- " }\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-3.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face,
- ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
- ValidatorConfig::DEFAULT_GRACE_INTERVAL,
- 10,
- 2, // Two keys can be tracked
- time::seconds(1)); // TTL is set to 1 sec
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*interest1,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest2,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest1,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
-
- validator.validate(*interest3,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- // Should succeed because identity1's key has been cleaned up due to space limit.
- validator.validate(*interest1,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
-
- keyChain.deleteIdentity(identity1);
- keyChain.deleteIdentity(identity2);
- keyChain.deleteIdentity(identity3);
-
- const boost::filesystem::path CERT_PATH1 =
- (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
- boost::filesystem::remove(CERT_PATH1);
-
- const boost::filesystem::path CERT_PATH2 =
- (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
- boost::filesystem::remove(CERT_PATH2);
-
- const boost::filesystem::path CERT_PATH3 =
- (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
- boost::filesystem::remove(CERT_PATH3);
-}
-
-BOOST_AUTO_TEST_CASE(MaxKeyTest2)
-{
-
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/MaxKeyTest");
-
- Name identity1 = identity;
- identity1.append("Key1");
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity1));
- Name certName1 = keyChain.getDefaultCertificateNameForIdentity(identity1);
- shared_ptr<IdentityCertificate> idCert1 = keyChain.getCertificate(certName1);
- io::save(*idCert1, "trust-anchor-10-1.cert");
-
- Name identity2 = identity;
- identity2.append("Key2");
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity2));
- Name certName2 = keyChain.getDefaultCertificateNameForIdentity(identity2);
- shared_ptr<IdentityCertificate> idCert2 = keyChain.getCertificate(certName2);
- io::save(*idCert2, "trust-anchor-10-2.cert");
-
- Name identity3 = identity;
- identity3.append("Key3");
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity3));
- Name certName3 = keyChain.getDefaultCertificateNameForIdentity(identity3);
- shared_ptr<IdentityCertificate> idCert3 = keyChain.getCertificate(certName3);
- io::save(*idCert3, "trust-anchor-10-3.cert");
-
- Name identity4 = identity;
- identity4.append("Key4");
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity4));
- Name certName4 = keyChain.getDefaultCertificateNameForIdentity(identity4);
- shared_ptr<IdentityCertificate> idCert4 = keyChain.getCertificate(certName4);
- io::save(*idCert4, "trust-anchor-10-4.cert");
-
-
- Name interestName("/TestValidatorConfig/MaxKeyTest");
- Name interestName1 = interestName;
- interestName1.append("1");
- shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
- Name interestName2 = interestName;
- interestName2.append("2");
- shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
- Name interestName3 = interestName;
- interestName3.append("3");
- shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
- Name interestName4 = interestName;
- interestName4.append("4");
- shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
-
-
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest1, identity1));
- usleep(10000);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest2, identity2));
- usleep(10000);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest3, identity3));
- usleep(10000);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest4, identity4));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Interest Rule\"\n"
- " for interest\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/MaxKeyTest\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-1.cert\"\n"
- " }\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-2.cert\"\n"
- " }\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-3.cert\"\n"
- " }\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-4.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face,
- ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
- ValidatorConfig::DEFAULT_GRACE_INTERVAL,
- 10,
- 3, // Two keys can be tracked
- time::seconds(1)); // TTL is set to 1 sec
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*interest1,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest2,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest3,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest1,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
-
- validator.validate(*interest2,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
-
- validator.validate(*interest3,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
-
- sleep(2);
-
- validator.validate(*interest4,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
- validator.validate(*interest1,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest2,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest3,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
-
- keyChain.deleteIdentity(identity1);
- keyChain.deleteIdentity(identity2);
- keyChain.deleteIdentity(identity3);
- keyChain.deleteIdentity(identity4);
-
- const boost::filesystem::path CERT_PATH1 =
- (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
- boost::filesystem::remove(CERT_PATH1);
-
- const boost::filesystem::path CERT_PATH2 =
- (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
- boost::filesystem::remove(CERT_PATH2);
-
- const boost::filesystem::path CERT_PATH3 =
- (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
- boost::filesystem::remove(CERT_PATH3);
-
- const boost::filesystem::path CERT_PATH4 =
- (boost::filesystem::current_path() / std::string("trust-anchor-10-4.cert"));
- boost::filesystem::remove(CERT_PATH4);
-}
-
-BOOST_AUTO_TEST_CASE(FixedSignerChecker2)
-{
- KeyChain keyChain("sqlite3", "file");
-
- Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
- Name rsaCertName = keyChain.createIdentity(rsaIdentity);
-
- EcdsaKeyParams params;
- Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
- Name ecdsaCertName = keyChain.createIdentity(ecdsaIdentity, params);
- shared_ptr<IdentityCertificate> ecdsaCert = keyChain.getCertificate(ecdsaCertName);
- io::save(*ecdsaCert, "trust-anchor-11.cert");
-
-
- Name dataName("/TestValidatorConfig/FixedSignerChecker2");
- shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
- keyChain.signByIdentity(*dataRsa, rsaIdentity);
- shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
- keyChain.signByIdentity(*dataEcdsa, ecdsaIdentity);
-
- shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
- keyChain.signByIdentity(*interestRsa, rsaIdentity);
- shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
- keyChain.signByIdentity(*interestEcdsa, ecdsaIdentity);
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Data Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/FixedSignerChecker2\n"
- " relation equal\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type ecdsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-11.cert\"\n"
- " }\n"
- " }\n"
- "}\n"
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Interest Rule\"\n"
- " for interest\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/FixedSignerChecker2\n"
- " relation equal\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type ecdsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-11.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*dataEcdsa,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- validator.validate(*dataRsa,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- validator.validate(*interestEcdsa,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interestRsa,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
-
-
- keyChain.deleteIdentity(rsaIdentity);
- keyChain.deleteIdentity(ecdsaIdentity);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-11.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-
-BOOST_AUTO_TEST_SUITE_END()
-
-} // namespace ndn
diff --git a/tests/unit-tests/security/identity-management-fixture.cpp b/tests/unit-tests/identity-management-time-fixture.cpp
similarity index 64%
copy from tests/unit-tests/security/identity-management-fixture.cpp
copy to tests/unit-tests/identity-management-time-fixture.cpp
index 72c0cbe..4033e30 100644
--- a/tests/unit-tests/security/identity-management-fixture.cpp
+++ b/tests/unit-tests/identity-management-time-fixture.cpp
@@ -19,35 +19,17 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "identity-management-fixture.hpp"
+#include "identity-management-time-fixture.hpp"
namespace ndn {
namespace security {
-IdentityManagementFixture::IdentityManagementFixture()
- : m_keyChain("sqlite3", "file")
+IdentityManagementTimeFixture::IdentityManagementTimeFixture()
{
}
-IdentityManagementFixture::~IdentityManagementFixture()
+IdentityManagementTimeFixture::~IdentityManagementTimeFixture()
{
- for (std::vector<Name>::iterator it = m_identities.begin();
- it != m_identities.end(); it++) {
- m_keyChain.deleteIdentity(*it);
- }
-}
-
-bool
-IdentityManagementFixture::addIdentity(const Name& identity, const KeyParams& params)
-{
- try {
- m_keyChain.createIdentity(identity, params);
- m_identities.push_back(identity);
- return true;
- }
- catch (std::runtime_error& e) {
- return false;
- }
}
} // namespace security
diff --git a/tests/unit-tests/security/identity-management-fixture.hpp b/tests/unit-tests/identity-management-time-fixture.hpp
similarity index 71%
copy from tests/unit-tests/security/identity-management-fixture.hpp
copy to tests/unit-tests/identity-management-time-fixture.hpp
index 268d2ea..f6fdb3d 100644
--- a/tests/unit-tests/security/identity-management-fixture.hpp
+++ b/tests/unit-tests/identity-management-time-fixture.hpp
@@ -19,8 +19,13 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
+#ifndef NDN_TESTS_IDENTITY_MANAGEMENT_TIME_FIXTURE_HPP
+#define NDN_TESTS_IDENTITY_MANAGEMENT_TIME_FIXTURE_HPP
+
#include "security/key-chain.hpp"
#include <vector>
+#include "identity-management-fixture.hpp"
+#include "unit-test-time-fixture.hpp"
#include "boost-test.hpp"
@@ -28,26 +33,21 @@
namespace security {
/**
- * @brief IdentityManagementFixture is a test suite level fixture.
+ * @brief IdentityManagementTimeFixture is a test suite level fixture.
* Test cases in the suite can use this fixture to create identities.
* Identities added via addIdentity method are automatically deleted
* during test teardown.
*/
-class IdentityManagementFixture
+class IdentityManagementTimeFixture : public tests::UnitTestTimeFixture
+ , public IdentityManagementFixture
{
public:
- IdentityManagementFixture();
+ IdentityManagementTimeFixture();
- ~IdentityManagementFixture();
-
- /// @brief add identity, return true if succeed.
- bool
- addIdentity(const Name& identity, const KeyParams& params = KeyChain::DEFAULT_KEY_PARAMS);
-
-protected:
- KeyChain m_keyChain;
- std::vector<Name> m_identities;
+ ~IdentityManagementTimeFixture();
};
} // namespace security
} // namespace ndn
+
+#endif // NDN_TESTS_IDENTITY_MANAGEMENT_TIME_FIXTURE_HPP
diff --git a/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf b/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf
index e69de29..ebc2bfd 100644
--- a/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf
+++ b/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf
@@ -0,0 +1,4 @@
+; Empty client.conf is unfeasible in automated tests,
+; see tests/unit-tests/security/config-file-readme.txt.
+; The test is broken into two: 1) missing pib and 2) missing tpm
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
\ No newline at end of file
diff --git a/tests/unit-tests/security/config-file-empty2-home/.ndn/client.conf b/tests/unit-tests/security/config-file-empty2-home/.ndn/client.conf
new file mode 100644
index 0000000..d50e5ac
--- /dev/null
+++ b/tests/unit-tests/security/config-file-empty2-home/.ndn/client.conf
@@ -0,0 +1,4 @@
+; Empty client.conf is unfeasible in automated tests,
+; see tests/unit-tests/security/config-file-readme.txt.
+; The test is broken into two: 1) missing pib and 2) missing tpm
+tpm=tpm-file:/tmp/test/ndn-cxx/keychain/empty-file/
\ No newline at end of file
diff --git a/tests/unit-tests/security/config-file-home/.ndn/client.conf b/tests/unit-tests/security/config-file-home/.ndn/client.conf
index cc05409..47c9406 100644
--- a/tests/unit-tests/security/config-file-home/.ndn/client.conf
+++ b/tests/unit-tests/security/config-file-home/.ndn/client.conf
@@ -1,2 +1,2 @@
-pib=sqlite3
-tpm=file
\ No newline at end of file
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-file/
+tpm=tpm-file:/tmp/test/ndn-cxx/keychain/sqlite3-file/
\ No newline at end of file
diff --git a/tests/unit-tests/security/config-file-malformed2-home/.ndn/client.conf b/tests/unit-tests/security/config-file-malformed2-home/.ndn/client.conf
index 3f7795d..2cfb7f6 100644
--- a/tests/unit-tests/security/config-file-malformed2-home/.ndn/client.conf
+++ b/tests/unit-tests/security/config-file-malformed2-home/.ndn/client.conf
@@ -1,2 +1,2 @@
-pib=sqlite3
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-just-wrong/
tpm=just-wrong
diff --git a/tests/unit-tests/security/config-file-readme.txt b/tests/unit-tests/security/config-file-readme.txt
new file mode 100644
index 0000000..44e5f61
--- /dev/null
+++ b/tests/unit-tests/security/config-file-readme.txt
@@ -0,0 +1,11 @@
+In test, we set a test-specific "HOME", which cause OS X keychain look for the
+default keychain of a "different" user. If the default keychain does not exist,
+all subsequent calls to OS X keychain will fail. User interaction (such as
+specifying password) is required to create a keychain. However, user interaction
+is not feasible in automated tests.
+
+This problem is caused by the OS X system assumption that one user must have a
+login keychain, which is also the user's default keychain, because a user
+account is always created with a login keychain as default. Thus OS X system
+infers a user according to the HOME env, and did not expect user to change the
+HOME env in normal use.
diff --git a/tests/unit-tests/security/identity-fixture.cpp b/tests/unit-tests/security/identity-fixture.cpp
index 38c85a8..0e543bf 100644
--- a/tests/unit-tests/security/identity-fixture.cpp
+++ b/tests/unit-tests/security/identity-fixture.cpp
@@ -21,6 +21,8 @@
#include "security/key-chain.hpp"
#include "../util/test-home-environment-fixture.hpp"
+#include <boost/filesystem.hpp>
+
#include "boost-test.hpp"
namespace ndn {
@@ -31,10 +33,18 @@
public:
IdentityFixture()
{
- // initialize KeyChain from TEST_HOME
- setenv("TEST_HOME", "tests/unit-tests/security/config-file-home", 1);
+ using namespace boost::filesystem;
- KeyChain keyChain("sqlite3", "file");
+ // initialize KeyChain from test specific HOME: tests/unit-tests/security/tmp-home
+ if (std::getenv("HOME"))
+ m_HOME = std::getenv("HOME");
+ if (std::getenv("OLD_HOME"))
+ m_OLD_HOME = std::getenv("OLD_HOME");
+
+ setenv("HOME", "tests/unit-tests/security/tmp-home", 1);
+ setenv("OLD_HOME", m_HOME.c_str(), 1);
+
+ KeyChain keyChain;
// save the old default identity
try {
@@ -58,7 +68,9 @@
~IdentityFixture()
{
- KeyChain keyChain("sqlite3", "file");
+ using namespace boost::filesystem;
+
+ KeyChain keyChain;
// recover the old default setting
if (m_hasOldDefaultIdentity) {
@@ -69,9 +81,30 @@
// XXX This has no effect if oldDefaultIdentity doesn't exist.
// newIdentity would be kept as default.
keyChain.deleteIdentity(m_newIdentity);
+
+ path pibPath(absolute(std::getenv("HOME")));
+ pibPath /= ".ndn/ndnsec-public-info.db";
+
+ boost::filesystem::remove(pibPath);
+
+ path tpmPath(absolute(std::getenv("HOME")));
+ tpmPath /= ".ndn/ndnsec-tpm-file";
+
+ boost::filesystem::remove_all(tpmPath);
+
+ if (!m_HOME.empty())
+ setenv("HOME", m_HOME.c_str(), 1);
+ else
+ unsetenv("HOME");
+
+ if (!m_OLD_HOME.empty())
+ setenv("OLD_HOME", m_OLD_HOME.c_str(), 1);
+ else
+ unsetenv("OLD_HOME");
}
private:
+ std::string m_OLD_HOME;
std::string m_HOME;
bool m_hasOldDefaultIdentity;
diff --git a/tests/unit-tests/security/test-keychain.cpp b/tests/unit-tests/security/test-keychain.cpp
index bb3af0c..70e8e01 100644
--- a/tests/unit-tests/security/test-keychain.cpp
+++ b/tests/unit-tests/security/test-keychain.cpp
@@ -52,6 +52,42 @@
setenv("TEST_HOME", "tests/unit-tests/security/config-file-empty-home", 1);
+#if defined(NDN_CXX_HAVE_OSX_SECURITY)
+ std::string oldHOME;
+ if (std::getenv("OLD_HOME"))
+ oldHOME = std::getenv("OLD_HOME");
+
+ std::string HOME;
+ if (std::getenv("HOME"))
+ HOME = std::getenv("HOME");
+
+ if (!oldHOME.empty())
+ setenv("HOME", oldHOME.c_str(), 1);
+ else
+ unsetenv("HOME");
+#endif
+
+ BOOST_REQUIRE_NO_THROW(KeyChain());
+
+#if defined(NDN_CXX_HAVE_OSX_SECURITY)
+ if (!HOME.empty())
+ setenv("HOME", HOME.c_str(), 1);
+ else
+ unsetenv("HOME");
+#endif
+
+ path pibPath(absolute(std::getenv("TEST_HOME")));
+ pibPath /= ".ndn/ndnsec-public-info.db";
+
+ boost::filesystem::remove(pibPath);
+}
+
+BOOST_AUTO_TEST_CASE(ConstructorEmpty2Config)
+{
+ using namespace boost::filesystem;
+
+ setenv("TEST_HOME", "tests/unit-tests/security/config-file-empty2-home", 1);
+
BOOST_REQUIRE_NO_THROW(KeyChain());
path pibPath(absolute(std::getenv("TEST_HOME")));
@@ -80,8 +116,7 @@
BOOST_AUTO_TEST_CASE(ExportIdentity)
{
- BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
- KeyChain keyChain("sqlite3", "file");
+ KeyChain keyChain;
Name identity("/TestKeyChain/ExportIdentity/");
identity.appendVersion();
@@ -123,8 +158,7 @@
BOOST_AUTO_TEST_CASE(PrepareIdentityCertificate)
{
- BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
- KeyChain keyChain("sqlite3", "file");
+ KeyChain keyChain;
Name identity("/TestKeyChain/PrepareIdentityCertificate/");
identity.appendVersion();
@@ -196,6 +230,73 @@
keyChain.deleteIdentity(anotherIdentity);
}
+BOOST_AUTO_TEST_CASE(Delete)
+{
+ KeyChain keyChain;
+
+ Name identity("/TestSecPublicInfoSqlite3/Delete");
+ identity.appendVersion();
+
+ Name certName1;
+ BOOST_REQUIRE_NO_THROW(certName1 = keyChain.createIdentity(identity));
+
+ Name keyName1 = IdentityCertificate::certificateNameToPublicKeyName(certName1);
+ Name keyName2;
+ BOOST_REQUIRE_NO_THROW(keyName2 = keyChain.generateRsaKeyPairAsDefault(identity));
+
+ shared_ptr<IdentityCertificate> cert2;
+ BOOST_REQUIRE_NO_THROW(cert2 = keyChain.selfSign(keyName2));
+ Name certName2 = cert2->getName();
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert2));
+
+ Name keyName3;
+ BOOST_REQUIRE_NO_THROW(keyName3 = keyChain.generateRsaKeyPairAsDefault(identity));
+
+ shared_ptr<IdentityCertificate> cert3;
+ BOOST_REQUIRE_NO_THROW(cert3 = keyChain.selfSign(keyName3));
+ Name certName3 = cert3->getName();
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert3));
+ shared_ptr<IdentityCertificate> cert4;
+ BOOST_REQUIRE_NO_THROW(cert4 = keyChain.selfSign(keyName3));
+ Name certName4 = cert4->getName();
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert4));
+ shared_ptr<IdentityCertificate> cert5;
+ BOOST_REQUIRE_NO_THROW(cert5 = keyChain.selfSign(keyName3));
+ Name certName5 = cert5->getName();
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert5));
+
+ BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), true);
+
+ BOOST_REQUIRE_NO_THROW(keyChain.deleteCertificate(certName5));
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), false);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true);
+
+ BOOST_REQUIRE_NO_THROW(keyChain.deleteKey(keyName3));
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), false);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), false);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), false);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true);
+ BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true);
+
+ BOOST_REQUIRE_NO_THROW(keyChain.deleteIdentity(identity));
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), false);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), false);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), false);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), false);
+ BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), false);
+}
+
BOOST_AUTO_TEST_SUITE_END()
} // namespace tests
diff --git a/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp b/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp
index 6d44811..f7c4136 100644
--- a/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp
+++ b/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp
@@ -25,11 +25,32 @@
#include "encoding/buffer-stream.hpp"
#include "util/time.hpp"
+#include <boost/filesystem.hpp>
+#include <boost/lexical_cast.hpp>
#include "boost-test.hpp"
-using namespace std;
namespace ndn {
+class PibTmpPathFixture
+{
+public:
+ PibTmpPathFixture()
+ {
+ boost::system::error_code error;
+ tmpPath = boost::filesystem::temp_directory_path(error);
+ BOOST_REQUIRE(boost::system::errc::success == error.value());
+ tmpPath /= boost::lexical_cast<std::string>(random::generateWord32());
+ }
+
+ ~PibTmpPathFixture()
+ {
+ boost::filesystem::remove_all(tmpPath);
+ }
+
+public:
+ boost::filesystem::path tmpPath;
+};
+
BOOST_AUTO_TEST_SUITE(SecurityTestSecPublicInfoSqlite3)
const std::string RSA_DER("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFoDcNtffwbfFix64fw0\
@@ -42,72 +63,36 @@
const std::string ECDSA_DER("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENZpqkPJDj8uhSpffOiCbvSYMLsGB\
1Eo/WU6mrexjGvduQXjqwon/eSHFI6EgHZk8L9KfiV5XVtVsk2g5wIpJVg==");
-BOOST_AUTO_TEST_CASE(Delete)
+BOOST_FIXTURE_TEST_CASE(Basic, PibTmpPathFixture)
{
- BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
- KeyChain keyChain("sqlite3", "file");
+ SecPublicInfoSqlite3 pib(tmpPath.generic_string());
- Name identity("/TestSecPublicInfoSqlite3/Delete");
- identity.appendVersion();
+ BOOST_CHECK(pib.doesTableExist("Identity"));
+ BOOST_CHECK(pib.doesTableExist("Key"));
+ BOOST_CHECK(pib.doesTableExist("Certificate"));
+}
- Name certName1;
- BOOST_REQUIRE_NO_THROW(certName1 = keyChain.createIdentity(identity));
+BOOST_FIXTURE_TEST_CASE(TpmLocatorTest, PibTmpPathFixture)
+{
+ SecPublicInfoSqlite3 pib(tmpPath.generic_string());
- Name keyName1 = IdentityCertificate::certificateNameToPublicKeyName(certName1);
- Name keyName2;
- BOOST_REQUIRE_NO_THROW(keyName2 = keyChain.generateRsaKeyPairAsDefault(identity));
+ BOOST_REQUIRE_THROW(pib.getTpmLocator(), SecPublicInfo::Error);
+ pib.addIdentity("/test/id1");
+ BOOST_CHECK(pib.doesIdentityExist("/test/id1"));
- shared_ptr<IdentityCertificate> cert2;
- BOOST_REQUIRE_NO_THROW(cert2 = keyChain.selfSign(keyName2));
- Name certName2 = cert2->getName();
- BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert2));
+ // Pib does not have tpmInfo set yet, setTpmInfo simply set the tpmInfo.
+ std::string tpmLocator("tpm-file:");
+ tpmLocator.append((tmpPath / "tpm").generic_string());
+ pib.setTpmLocator(tpmLocator);
+ BOOST_CHECK(pib.doesIdentityExist("/test/id1"));
- Name keyName3;
- BOOST_REQUIRE_NO_THROW(keyName3 = keyChain.generateRsaKeyPairAsDefault(identity));
+ BOOST_REQUIRE_NO_THROW(pib.getTpmLocator());
+ BOOST_CHECK_EQUAL(tpmLocator, pib.getTpmLocator());
- shared_ptr<IdentityCertificate> cert3;
- BOOST_REQUIRE_NO_THROW(cert3 = keyChain.selfSign(keyName3));
- Name certName3 = cert3->getName();
- BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert3));
- shared_ptr<IdentityCertificate> cert4;
- BOOST_REQUIRE_NO_THROW(cert4 = keyChain.selfSign(keyName3));
- Name certName4 = cert4->getName();
- BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert4));
- shared_ptr<IdentityCertificate> cert5;
- BOOST_REQUIRE_NO_THROW(cert5 = keyChain.selfSign(keyName3));
- Name certName5 = cert5->getName();
- BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert5));
-
- BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), true);
-
- BOOST_REQUIRE_NO_THROW(keyChain.deleteCertificate(certName5));
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), false);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true);
-
- BOOST_REQUIRE_NO_THROW(keyChain.deleteKey(keyName3));
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), false);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), false);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), false);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true);
- BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true);
-
- BOOST_REQUIRE_NO_THROW(keyChain.deleteIdentity(identity));
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), false);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), false);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), false);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), false);
- BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), false);
+ // Pib has tpmInfo set, set a different tpmInfo will reset Pib content.
+ std::string tpmLocator3("tpm-osxkeychain:");
+ pib.setTpmLocator(tpmLocator3);
+ BOOST_CHECK(!pib.doesIdentityExist("/test/id1"));
}
BOOST_AUTO_TEST_CASE(KeyTypeRsa)
@@ -123,7 +108,7 @@
os.buf()->size())));
Name rsaKeyName("/TestSecPublicInfoSqlite3/KeyType/RSA/ksk-123");
SecPublicInfoSqlite3 pib;
- pib.addPublicKey(rsaKeyName, rsaKey->getKeyType(), *rsaKey);
+ pib.addKey(rsaKeyName, *rsaKey);
BOOST_CHECK_EQUAL(KEY_TYPE_RSA, pib.getPublicKeyType(rsaKeyName));
@@ -143,7 +128,7 @@
os.buf()->size())));
Name ecdsaKeyName("/TestSecPublicInfoSqlite3/KeyType/ECDSA/ksk-123");
SecPublicInfoSqlite3 pib;
- pib.addPublicKey(ecdsaKeyName, ecdsaKey->getKeyType(), *ecdsaKey);
+ pib.addKey(ecdsaKeyName, *ecdsaKey);
BOOST_CHECK_EQUAL(KEY_TYPE_ECDSA, pib.getPublicKeyType(ecdsaKeyName));
pib.deleteIdentityInfo(Name("/TestSecPublicInfoSqlite3/KeyType/ECDSA"));
diff --git a/tests/unit-tests/security/test-sec-tpm-file.cpp b/tests/unit-tests/security/test-sec-tpm-file.cpp
index 0b900ed..727d0d4 100644
--- a/tests/unit-tests/security/test-sec-tpm-file.cpp
+++ b/tests/unit-tests/security/test-sec-tpm-file.cpp
@@ -25,8 +25,8 @@
#include "util/time.hpp"
+#include <boost/filesystem.hpp>
#include <boost/lexical_cast.hpp>
-
#include "boost-test.hpp"
namespace ndn {
diff --git a/tests/unit-tests/security/test-sec-tpm-osx.cpp b/tests/unit-tests/security/test-sec-tpm-osx.cpp
index a7d1d80..7b31a1a 100644
--- a/tests/unit-tests/security/test-sec-tpm-osx.cpp
+++ b/tests/unit-tests/security/test-sec-tpm-osx.cpp
@@ -31,7 +31,37 @@
namespace ndn {
-BOOST_AUTO_TEST_SUITE(SecurityTestSecTpmOsx)
+class OsxKeyChainTestFixture
+{
+public:
+ OsxKeyChainTestFixture()
+ {
+ std::string oldHOME;
+ if (std::getenv("OLD_HOME"))
+ oldHOME = std::getenv("OLD_HOME");
+
+ if (std::getenv("HOME"))
+ m_HOME = std::getenv("HOME");
+
+ if (!oldHOME.empty())
+ setenv("HOME", oldHOME.c_str(), 1);
+ else
+ unsetenv("HOME");
+ }
+
+ ~OsxKeyChainTestFixture()
+ {
+ if (!m_HOME.empty())
+ setenv("HOME", m_HOME.c_str(), 1);
+ else
+ unsetenv("HOME");
+ }
+
+protected:
+ std::string m_HOME;
+};
+
+BOOST_FIXTURE_TEST_SUITE(SecurityTestSecTpmOsx, OsxKeyChainTestFixture)
BOOST_AUTO_TEST_CASE(Delete)
{
diff --git a/tests/unit-tests/security/test-validator-config.cpp b/tests/unit-tests/security/test-validator-config.cpp
new file mode 100644
index 0000000..8bac80c
--- /dev/null
+++ b/tests/unit-tests/security/test-validator-config.cpp
@@ -0,0 +1,1512 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2014 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "security/validator-config.hpp"
+
+#include "security/key-chain.hpp"
+#include "util/io.hpp"
+#include "util/scheduler.hpp"
+#include "util/dummy-client-face.hpp"
+
+#include <boost/asio.hpp>
+
+#include "identity-management-fixture.hpp"
+#include "../identity-management-time-fixture.hpp"
+#include "boost-test.hpp"
+
+using namespace std;
+
+namespace ndn {
+namespace tests {
+
+BOOST_AUTO_TEST_SUITE(TestValidatorConfig)
+
+BOOST_FIXTURE_TEST_CASE(NameFilter, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/NameFilter");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+ Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
+ shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
+ io::save(*idCert, "trust-anchor-1.cert");
+
+ Name dataName1("/simple/equal");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ Name dataName2("/simple/different");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+
+ std::string CONFIG_1 =
+ "rule\n"
+ "{\n"
+ " id \"Simple Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /simple/equal\n"
+ " relation equal\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " name ";
+
+ std::string CONFIG_2 =
+ "\n"
+ " relation equal\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-1.cert\"\n"
+ "}\n";
+ const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-1.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(NameFilter2, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/NameFilter2");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+ Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
+ shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
+ io::save(*idCert, "trust-anchor-2.cert");
+
+ Name dataName1("/simple/isPrefixOf");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ Name dataName2("/simple/notPrefixOf");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+
+ Name dataName3("/simple/isPrefixOf/anotherLevel");
+ shared_ptr<Data> data3 = make_shared<Data>(dataName3);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+
+ std::string CONFIG_1 =
+ "rule\n"
+ "{\n"
+ " id \"Simple2 Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /simple/isPrefixOf\n"
+ " relation is-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " name ";
+
+ std::string CONFIG_2 =
+ "\n"
+ " relation equal\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-2.cert\"\n"
+ "}\n";
+ const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*data3,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-2.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(NameFilter3, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/NameFilter3");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+ Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
+ shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
+ io::save(*idCert, "trust-anchor-3.cert");
+
+ Name dataName1("/simple/isStrictPrefixOf");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ Name dataName2("/simple");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+
+ Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
+ shared_ptr<Data> data3 = make_shared<Data>(dataName3);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+
+ std::string CONFIG_1 =
+ "rule\n"
+ "{\n"
+ " id \"Simple3 Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /simple/isStrictPrefixOf\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " name ";
+
+ std::string CONFIG_2 =
+ "\n"
+ " relation equal\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-3.cert\"\n"
+ "}\n";
+ const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*data3,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-3.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(NameFilter4, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/NameFilter4");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+ Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
+ shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
+ io::save(*idCert, "trust-anchor-4.cert");
+
+ Name dataName1("/simple/regex");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ Name dataName2("/simple/regex-wrong");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+
+ Name dataName3("/simple/regex/correct");
+ shared_ptr<Data> data3 = make_shared<Data>(dataName3);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+
+ std::string CONFIG_1 =
+ "rule\n"
+ "{\n"
+ " id \"Simple3 Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " regex ^<simple><regex>\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " name ";
+
+ std::string CONFIG_2 =
+ "\n"
+ " relation equal\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-4.cert\"\n"
+ "}\n";
+ const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*data3,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-4.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(KeyLocatorNameChecker1, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+ Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
+ shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
+ io::save(*idCert, "trust-anchor-5.cert");
+
+ Name dataName1 = identity;
+ dataName1.append("1");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ Name dataName2 = identity;
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+
+ Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
+ shared_ptr<Data> data3 = make_shared<Data>(dataName3);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"Simple3 Rule\"\n"
+ " for data\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " hyper-relation\n"
+ " {\n"
+ " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
+ " k-expand \\\\1\\\\2\n"
+ " h-relation is-strict-prefix-of\n"
+ " p-regex ^(<>*)$\n"
+ " p-expand \\\\1\n"
+ " }\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-5.cert\"\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*data3,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-5.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(FixedSignerChecker, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/FixedSignerChecker");
+
+ Name identity1 = identity;
+ identity1.append("1").appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
+ Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
+ shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
+ io::save(*idCert1, "trust-anchor-7.cert");
+
+ Name identity2 = identity;
+ identity2.append("2").appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
+
+ Name dataName1 = identity;
+ dataName1.append("data").appendVersion();
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity1));
+
+ Name dataName2 = identity;
+ dataName2.append("data").appendVersion();
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity2));
+
+ Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
+ shared_ptr<Interest> interest = make_shared<Interest>(interestName);
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Data Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/FixedSignerChecker\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-7.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/FixedSignerChecker\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-7.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*interest,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-7.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(Reset, security::IdentityManagementFixture)
+{
+ Name root("/TestValidatorConfig/Reload");
+ BOOST_REQUIRE_NO_THROW(addIdentity(root));
+ Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
+ shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
+ io::save(*rootCert, "trust-anchor-8.cert");
+
+ Face face;
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"NRD Prefix Registration Command Rule\"\n"
+ " for interest\n"
+ " filter\n"
+ " {\n"
+ " type name\n"
+ " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "rule\n"
+ "{\n"
+ " id \"Testbed Hierarchy Rule\"\n"
+ " for data\n"
+ " filter\n"
+ " {\n"
+ " type name\n"
+ " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type hierarchical\n"
+ " sig-type rsa-sha256\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-8.cert\"\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
+
+ validator->load(CONFIG, CONFIG_PATH.native());
+ BOOST_CHECK_EQUAL(validator->isEmpty(), false);
+
+ validator->reset();
+ BOOST_CHECK(validator->isEmpty());
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(TrustAnchorWildcard, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/Wildcard");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+
+ Name dataName1("/any/data");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ std::string CONFIG =
+ "trust-anchor\n"
+ "{\n"
+ " type any\n"
+ "}\n";
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+}
+
+BOOST_FIXTURE_TEST_CASE(SignedInterestTest, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/SignedInterestTest");
+
+ Name identity1 = identity;
+ identity1.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
+ Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
+ shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
+ io::save(*idCert1, "trust-anchor-9.cert");
+
+ Name interestName("/TestValidatorConfig/SignedInterestTest");
+ Name interestName1 = interestName;
+ interestName1.append("1");
+ shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
+ Name interestName2 = interestName;
+ interestName2.append("2");
+ shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
+
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, identity1));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, identity1));
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/SignedInterestTest\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-9.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-9.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+
+BOOST_FIXTURE_TEST_CASE(MaxKeyTest, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/MaxKeyTest");
+
+ Name identity1 = identity;
+ identity1.append("Key1");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
+ Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
+ shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
+ io::save(*idCert1, "trust-anchor-10-1.cert");
+
+ Name identity2 = identity;
+ identity2.append("Key2");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
+ Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
+ shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
+ io::save(*idCert2, "trust-anchor-10-2.cert");
+
+ Name identity3 = identity;
+ identity3.append("Key3");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
+ Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
+ shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
+ io::save(*idCert3, "trust-anchor-10-3.cert");
+
+
+ Name interestName("/TestValidatorConfig/MaxKeyTest");
+ Name interestName1 = interestName;
+ interestName1.append("1");
+ shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
+ Name interestName2 = interestName;
+ interestName2.append("2");
+ shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
+ Name interestName3 = interestName;
+ interestName3.append("3");
+ shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
+
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, identity1));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, identity2));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest3, identity3));
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/MaxKeyTest\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-1.cert\"\n"
+ " }\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-2.cert\"\n"
+ " }\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-3.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face,
+ ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
+ ValidatorConfig::DEFAULT_GRACE_INTERVAL,
+ 10,
+ 2, // Two keys can be tracked
+ time::seconds(1)); // TTL is set to 1 sec
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*interest3,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ // Should succeed because identity1's key has been cleaned up due to space limit.
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ const boost::filesystem::path CERT_PATH1 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
+ boost::filesystem::remove(CERT_PATH1);
+
+ const boost::filesystem::path CERT_PATH2 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
+ boost::filesystem::remove(CERT_PATH2);
+
+ const boost::filesystem::path CERT_PATH3 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
+ boost::filesystem::remove(CERT_PATH3);
+}
+
+BOOST_FIXTURE_TEST_CASE(MaxKeyTest2, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/MaxKeyTest");
+
+ Name identity1 = identity;
+ identity1.append("Key1");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
+ Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
+ shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
+ io::save(*idCert1, "trust-anchor-10-1.cert");
+
+ Name identity2 = identity;
+ identity2.append("Key2");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
+ Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
+ shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
+ io::save(*idCert2, "trust-anchor-10-2.cert");
+
+ Name identity3 = identity;
+ identity3.append("Key3");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
+ Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
+ shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
+ io::save(*idCert3, "trust-anchor-10-3.cert");
+
+ Name identity4 = identity;
+ identity4.append("Key4");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity4));
+ Name certName4 = m_keyChain.getDefaultCertificateNameForIdentity(identity4);
+ shared_ptr<IdentityCertificate> idCert4 = m_keyChain.getCertificate(certName4);
+ io::save(*idCert4, "trust-anchor-10-4.cert");
+
+
+ Name interestName("/TestValidatorConfig/MaxKeyTest");
+ Name interestName1 = interestName;
+ interestName1.append("1");
+ shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
+ Name interestName2 = interestName;
+ interestName2.append("2");
+ shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
+ Name interestName3 = interestName;
+ interestName3.append("3");
+ shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
+ Name interestName4 = interestName;
+ interestName4.append("4");
+ shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
+
+
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, identity1));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, identity2));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest3, identity3));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest4, identity4));
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/MaxKeyTest\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-1.cert\"\n"
+ " }\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-2.cert\"\n"
+ " }\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-3.cert\"\n"
+ " }\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-4.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face,
+ ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
+ ValidatorConfig::DEFAULT_GRACE_INTERVAL,
+ 10,
+ 3, // Two keys can be tracked
+ time::seconds(1)); // TTL is set to 1 sec
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest3,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*interest3,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ sleep(2);
+
+ validator.validate(*interest4,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest3,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+
+ const boost::filesystem::path CERT_PATH1 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
+ boost::filesystem::remove(CERT_PATH1);
+
+ const boost::filesystem::path CERT_PATH2 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
+ boost::filesystem::remove(CERT_PATH2);
+
+ const boost::filesystem::path CERT_PATH3 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
+ boost::filesystem::remove(CERT_PATH3);
+
+ const boost::filesystem::path CERT_PATH4 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-4.cert"));
+ boost::filesystem::remove(CERT_PATH4);
+}
+
+BOOST_FIXTURE_TEST_CASE(FixedSignerChecker2, security::IdentityManagementFixture)
+{
+ Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
+ BOOST_REQUIRE_NO_THROW(addIdentity(rsaIdentity));
+ Name rsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(rsaIdentity);
+
+ Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
+ BOOST_REQUIRE_NO_THROW(addIdentity(ecdsaIdentity, EcdsaKeyParams()));
+ Name ecdsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(ecdsaIdentity);
+ shared_ptr<IdentityCertificate> ecdsaCert = m_keyChain.getCertificate(ecdsaCertName);
+ io::save(*ecdsaCert, "trust-anchor-11.cert");
+
+
+ Name dataName("/TestValidatorConfig/FixedSignerChecker2");
+ shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
+ m_keyChain.signByIdentity(*dataRsa, rsaIdentity);
+ shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
+ m_keyChain.signByIdentity(*dataEcdsa, ecdsaIdentity);
+
+ shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
+ m_keyChain.signByIdentity(*interestRsa, rsaIdentity);
+ shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
+ m_keyChain.signByIdentity(*interestEcdsa, ecdsaIdentity);
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Data Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/FixedSignerChecker2\n"
+ " relation equal\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type ecdsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-11.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/FixedSignerChecker2\n"
+ " relation equal\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type ecdsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-11.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*dataEcdsa,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*dataRsa,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*interestEcdsa,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interestRsa,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-11.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+
+struct FacesFixture : public security::IdentityManagementTimeFixture
+{
+ FacesFixture()
+ : face1(util::makeDummyClientFace(io, {true, true}))
+ , face2(util::makeDummyClientFace(io, {true, true}))
+ , readInterestOffset1(0)
+ , readDataOffset1(0)
+ , readInterestOffset2(0)
+ , readDataOffset2(0)
+ {
+ }
+
+ bool
+ passPacket()
+ {
+ bool hasPassed = false;
+
+ checkFace(face1->sentInterests, readInterestOffset1, *face2, hasPassed);
+ checkFace(face1->sentDatas, readDataOffset1, *face2, hasPassed);
+ checkFace(face2->sentInterests, readInterestOffset2, *face1, hasPassed);
+ checkFace(face2->sentInterests, readDataOffset2, *face1, hasPassed);
+
+ return hasPassed;
+ }
+
+ template<typename Packet>
+ void
+ checkFace(std::vector<Packet>& receivedPackets,
+ size_t& readPacketOffset,
+ util::DummyClientFace& receiver,
+ bool& hasPassed)
+ {
+ while (receivedPackets.size() > readPacketOffset) {
+ receiver.receive(receivedPackets[readPacketOffset]);
+ readPacketOffset++;
+ hasPassed = true;
+ }
+ }
+
+ ~FacesFixture()
+ {
+ }
+
+public:
+ shared_ptr<util::DummyClientFace> face1;
+ shared_ptr<util::DummyClientFace> face2;
+
+ size_t readInterestOffset1;
+ size_t readDataOffset1;
+ size_t readInterestOffset2;
+ size_t readDataOffset2;
+};
+
+BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
+{
+ std::vector<CertificateSubjectDescription> subjectDescription;
+
+ Name root("/TestValidatorConfig");
+ BOOST_REQUIRE_NO_THROW(addIdentity(root));
+ Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
+ shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
+ io::save(*rootCert, "trust-anchor-6.cert");
+
+
+ Name sld("/TestValidatorConfig/HierarchicalChecker");
+ BOOST_REQUIRE_NO_THROW(addIdentity(sld));
+ advanceClocks(time::milliseconds(100));
+ Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
+ shared_ptr<IdentityCertificate> sldCert =
+ m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
+ root,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(7300),
+ subjectDescription);
+ m_keyChain.signByIdentity(*sldCert, root);
+ m_keyChain.addCertificateAsIdentityDefault(*sldCert);
+
+ Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
+ BOOST_REQUIRE_NO_THROW(addIdentity(nld));
+ advanceClocks(time::milliseconds(100));
+ Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
+ shared_ptr<IdentityCertificate> nldCert =
+ m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
+ sld,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(7300),
+ subjectDescription);
+ m_keyChain.signByIdentity(*nldCert, sld);
+ m_keyChain.addCertificateAsIdentityDefault(*nldCert);
+
+ face1->setInterestFilter(sldCert->getName().getPrefix(-1),
+ [&] (const InterestFilter&, const Interest&) { face1->put(*sldCert); },
+ RegisterPrefixSuccessCallback(),
+ [] (const Name&, const std::string&) {});
+
+ face1->setInterestFilter(nldCert->getName().getPrefix(-1),
+ [&] (const InterestFilter&, const Interest&) { face1->put(*nldCert); },
+ RegisterPrefixSuccessCallback(),
+ [] (const Name&, const std::string&) {});
+
+ Name dataName1 = nld;
+ dataName1.append("data1");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, nld));
+
+ Name dataName2("/ConfValidatorTest");
+ dataName2.append("data1");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, nld));
+
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"Simple3 Rule\"\n"
+ " for data\n"
+ " checker\n"
+ " {\n"
+ " type hierarchical\n"
+ " sig-type rsa-sha256\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-6.cert\"\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ auto validator = make_shared<ValidatorConfig>(face2.get());
+ validator->load(CONFIG, CONFIG_PATH.native());
+
+ advanceClocks(time::milliseconds(2), 100);
+ validator->validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ validator->validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-6.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
+{
+ advanceClocks(time::milliseconds(0));
+
+ std::vector<CertificateSubjectDescription> subjectDescription;
+
+ Name root("/TestValidatorConfig");
+ BOOST_REQUIRE_NO_THROW(addIdentity(root));
+ Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
+ shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
+ io::save(*rootCert, "trust-anchor-8.cert");
+
+
+ Name sld("/TestValidatorConfig/Nrd-1");
+ BOOST_REQUIRE_NO_THROW(addIdentity(sld));
+ advanceClocks(time::milliseconds(100));
+ Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
+ shared_ptr<IdentityCertificate> sldCert =
+ m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
+ root,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(7300),
+ subjectDescription);
+ m_keyChain.signByIdentity(*sldCert, root);
+ m_keyChain.addCertificateAsIdentityDefault(*sldCert);
+
+ Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
+ BOOST_REQUIRE_NO_THROW(addIdentity(nld));
+ advanceClocks(time::milliseconds(100));
+ Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
+ shared_ptr<IdentityCertificate> nldCert =
+ m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
+ sld,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(7300),
+ subjectDescription);
+ m_keyChain.signByIdentity(*nldCert, sld);
+ m_keyChain.addCertificateAsIdentityDefault(*nldCert);
+
+ face1->setInterestFilter(sldCert->getName().getPrefix(-1),
+ [&] (const InterestFilter&, const Interest&) { face1->put(*sldCert); },
+ RegisterPrefixSuccessCallback(),
+ [] (const Name&, const std::string&) {});
+
+ face1->setInterestFilter(nldCert->getName().getPrefix(-1),
+ [&] (const InterestFilter&, const Interest&) { face1->put(*nldCert); },
+ RegisterPrefixSuccessCallback(),
+ [] (const Name&, const std::string&) {});
+
+ advanceClocks(time::milliseconds(10));
+ Name interestName1("/localhost/nrd/register/option");
+ shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, nld));
+
+ advanceClocks(time::milliseconds(10));
+ Name interestName2("/localhost/nrd/non-register");
+ shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, nld));
+
+ advanceClocks(time::milliseconds(10));
+ Name interestName3("/localhost/nrd/register/option");
+ shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest3, root));
+
+ advanceClocks(time::milliseconds(10));
+ Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
+ shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"NRD Prefix Registration Command Rule\"\n"
+ " for interest\n"
+ " filter\n"
+ " {\n"
+ " type name\n"
+ " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "rule\n"
+ "{\n"
+ " id \"Testbed Hierarchy Rule\"\n"
+ " for data\n"
+ " filter\n"
+ " {\n"
+ " type name\n"
+ " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type hierarchical\n"
+ " sig-type rsa-sha256\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-8.cert\"\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ auto validator = make_shared<ValidatorConfig>(face2.get());
+ validator->load(CONFIG, CONFIG_PATH.native());
+
+ advanceClocks(time::milliseconds(2), 100);
+
+ // should succeed
+ validator->validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ // should fail
+ validator->validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ // should succeed
+ validator->validate(*interest3,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ // should fail
+ validator->validate(*interest4,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+struct DirTestFixture : public security::IdentityManagementTimeFixture
+{
+ DirTestFixture()
+ : face(util::makeDummyClientFace(io, {true, true}))
+ , validator(face.get(), ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
+ ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
+ {
+ certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
+ boost::filesystem::create_directory(certDirPath);
+
+ firstCertPath = (boost::filesystem::current_path() /
+ std::string("test-cert-dir") /
+ std::string("trust-anchor-1.cert"));
+
+ secondCertPath = (boost::filesystem::current_path() /
+ std::string("test-cert-dir") /
+ std::string("trust-anchor-2.cert"));
+
+ firstIdentity = Name("/TestValidatorConfig/Dir/First");
+ BOOST_REQUIRE_NO_THROW(addIdentity(firstIdentity));
+ Name firstCertName = m_keyChain.getDefaultCertificateNameForIdentity(firstIdentity);
+ firstCert = m_keyChain.getCertificate(firstCertName);
+ io::save(*firstCert, firstCertPath.string());
+
+ secondIdentity = Name("/TestValidatorConfig/Dir/Second");
+ BOOST_REQUIRE_NO_THROW(addIdentity(secondIdentity));
+ Name secondCertName = m_keyChain.getDefaultCertificateNameForIdentity(secondIdentity);
+ secondCert = m_keyChain.getCertificate(secondCertName);
+ }
+
+ ~DirTestFixture()
+ {
+ boost::filesystem::remove_all(certDirPath);
+ }
+
+public:
+ boost::filesystem::path certDirPath;
+ boost::filesystem::path firstCertPath;
+ boost::filesystem::path secondCertPath;
+
+ Name firstIdentity;
+ Name secondIdentity;
+
+ shared_ptr<IdentityCertificate> firstCert;
+ shared_ptr<IdentityCertificate> secondCert;
+
+ shared_ptr<util::DummyClientFace> face;
+ ValidatorConfig validator;
+};
+
+BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
+{
+ advanceClocks(time::milliseconds(10));
+
+ Name dataName1("/any/data/1");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, firstIdentity));
+
+ Name dataName2("/any/data/2");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, secondIdentity));
+
+ std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"Any Rule\"\n"
+ " for data\n"
+ " filter\n"
+ " {\n"
+ " type name\n"
+ " regex ^<>*$\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " regex ^<>*$\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type dir\n"
+ " dir test-cert-dir\n"
+ " refresh 1s\n"
+ "}\n";
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ advanceClocks(time::milliseconds(10), 20);
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+ advanceClocks(time::milliseconds(10), 20);
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+ advanceClocks(time::milliseconds(10), 20);
+
+ io::save(*secondCert, secondCertPath.string());
+ advanceClocks(time::milliseconds(10), 200);
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+ advanceClocks(time::milliseconds(10), 20);
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+ advanceClocks(time::milliseconds(10), 20);
+}
+
+BOOST_AUTO_TEST_SUITE_END()
+
+} // namespace tests
+} // namespace ndn
diff --git a/tests/unit-tests/security/tmp-home/.ndn/client.conf b/tests/unit-tests/security/tmp-home/.ndn/client.conf
new file mode 100644
index 0000000..b832cfc
--- /dev/null
+++ b/tests/unit-tests/security/tmp-home/.ndn/client.conf
@@ -0,0 +1,2 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain
+tpm=tpm-file:/tmp/test/ndn-cxx/keychain
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/tcp-transport/bad-malformed-uri/.ndn/client.conf b/tests/unit-tests/transport/test-homes/tcp-transport/bad-malformed-uri/.ndn/client.conf
index 872a17a..d4714da 100644
--- a/tests/unit-tests/transport/test-homes/tcp-transport/bad-malformed-uri/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/tcp-transport/bad-malformed-uri/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=tcp
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/tcp-transport/bad-missing-host/.ndn/client.conf b/tests/unit-tests/transport/test-homes/tcp-transport/bad-missing-host/.ndn/client.conf
index c09f144..7f7dd5e 100644
--- a/tests/unit-tests/transport/test-homes/tcp-transport/bad-missing-host/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/tcp-transport/bad-missing-host/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=tcp://:6000
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/tcp-transport/bad-wrong-transport/.ndn/client.conf b/tests/unit-tests/transport/test-homes/tcp-transport/bad-wrong-transport/.ndn/client.conf
index 1ee2a2f..7f8065a 100644
--- a/tests/unit-tests/transport/test-homes/tcp-transport/bad-wrong-transport/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/tcp-transport/bad-wrong-transport/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=unix://
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-host-omitted-port/.ndn/client.conf b/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-host-omitted-port/.ndn/client.conf
index d09dff3..182f47c 100644
--- a/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-host-omitted-port/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-host-omitted-port/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=tcp://
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-port/.ndn/client.conf b/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-port/.ndn/client.conf
index 8ce375b..95b5ccc 100644
--- a/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-port/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-port/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=tcp://127.0.0.1
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/tcp-transport/ok/.ndn/client.conf b/tests/unit-tests/transport/test-homes/tcp-transport/ok/.ndn/client.conf
index 2dbad7a..4c2d8c0 100644
--- a/tests/unit-tests/transport/test-homes/tcp-transport/ok/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/tcp-transport/ok/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=tcp://127.0.0.1:6000
diff --git a/tests/unit-tests/transport/test-homes/unix-transport/bad-malformed-uri/.ndn/client.conf b/tests/unit-tests/transport/test-homes/unix-transport/bad-malformed-uri/.ndn/client.conf
index 9d981af..427a2db 100644
--- a/tests/unit-tests/transport/test-homes/unix-transport/bad-malformed-uri/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/unix-transport/bad-malformed-uri/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=unix
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/unix-transport/bad-wrong-transport/.ndn/client.conf b/tests/unit-tests/transport/test-homes/unix-transport/bad-wrong-transport/.ndn/client.conf
index d09dff3..182f47c 100644
--- a/tests/unit-tests/transport/test-homes/unix-transport/bad-wrong-transport/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/unix-transport/bad-wrong-transport/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=tcp://
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-omitted-protocol/.ndn/client.conf b/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-omitted-protocol/.ndn/client.conf
index e69de29..2c4c027 100644
--- a/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-omitted-protocol/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-omitted-protocol/.ndn/client.conf
@@ -0,0 +1,3 @@
+; Empty client.conf is unfeasible in automated tests,
+; see tests/unit-tests/security/config-file-readme.txt.
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-with-protocol/.ndn/client.conf b/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-with-protocol/.ndn/client.conf
index f9ca264..8fae7f5 100644
--- a/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-with-protocol/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-with-protocol/.ndn/client.conf
@@ -1,2 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
protocol=nrd-0.1
diff --git a/tests/unit-tests/transport/test-homes/unix-transport/ok/.ndn/client.conf b/tests/unit-tests/transport/test-homes/unix-transport/ok/.ndn/client.conf
index cb3fae3..ce8b950 100644
--- a/tests/unit-tests/transport/test-homes/unix-transport/ok/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/unix-transport/ok/.ndn/client.conf
@@ -1,2 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
transport=unix:///tmp/test/nfd.sock
diff --git a/tests/unit-tests/transport/test-unix-transport.cpp b/tests/unit-tests/transport/test-unix-transport.cpp
index 8d5548c..bad7dc0 100644
--- a/tests/unit-tests/transport/test-unix-transport.cpp
+++ b/tests/unit-tests/transport/test-unix-transport.cpp
@@ -26,8 +26,6 @@
namespace ndn {
-
-
BOOST_FIXTURE_TEST_SUITE(TransportTestUnixTransport, TransportFixture)
BOOST_AUTO_TEST_CASE(GetDefaultSocketNameOk)
diff --git a/tests/unit-tests/util/segment-fetcher.cpp b/tests/unit-tests/util/segment-fetcher.cpp
index 15d7831..d19e327 100644
--- a/tests/unit-tests/util/segment-fetcher.cpp
+++ b/tests/unit-tests/util/segment-fetcher.cpp
@@ -187,8 +187,6 @@
BOOST_FIXTURE_TEST_CASE(Triple, Fixture)
{
- KeyChain keyChain;
-
SegmentFetcher::fetch(*face, Interest("/hello/world", time::seconds(1000)),
DontVerifySegment(),
bind(&Fixture::onData, this, _1),
@@ -237,8 +235,6 @@
BOOST_FIXTURE_TEST_CASE(TripleWithInitialSegmentFetching, Fixture)
{
- KeyChain keyChain;
-
SegmentFetcher::fetch(*face, Interest("/hello/world", time::seconds(1000)),
DontVerifySegment(),
bind(&Fixture::onData, this, _1),
diff --git a/tests/unit-tests/util/test-io.cpp b/tests/unit-tests/util/test-io.cpp
index b170f6e..b857a4a 100644
--- a/tests/unit-tests/util/test-io.cpp
+++ b/tests/unit-tests/util/test-io.cpp
@@ -21,7 +21,7 @@
#include "util/io.hpp"
#include "security/key-chain.hpp"
-#include "../security/identity-management-fixture.hpp"
+#include "identity-management-fixture.hpp"
#include "boost-test.hpp"