security: Pair-up Tpm and Pib in KeyChain
In this commit, we also change the HOME setting for test cases.
Change-Id: I7fa15461555b3519d9d2005c6956c167ed07d66f
Refs: #2242
Refs: #2260
diff --git a/tests/unit-tests/security/identity-management-fixture.cpp b/tests/identity-management-fixture.cpp
similarity index 87%
rename from tests/unit-tests/security/identity-management-fixture.cpp
rename to tests/identity-management-fixture.cpp
index 72c0cbe..739725c 100644
--- a/tests/unit-tests/security/identity-management-fixture.cpp
+++ b/tests/identity-management-fixture.cpp
@@ -25,15 +25,13 @@
namespace security {
IdentityManagementFixture::IdentityManagementFixture()
- : m_keyChain("sqlite3", "file")
{
}
IdentityManagementFixture::~IdentityManagementFixture()
{
- for (std::vector<Name>::iterator it = m_identities.begin();
- it != m_identities.end(); it++) {
- m_keyChain.deleteIdentity(*it);
+ for (const auto& identity : m_identities) {
+ m_keyChain.deleteIdentity(identity);
}
}
@@ -45,7 +43,7 @@
m_identities.push_back(identity);
return true;
}
- catch (std::runtime_error& e) {
+ catch (std::runtime_error&) {
return false;
}
}
diff --git a/tests/unit-tests/security/identity-management-fixture.hpp b/tests/identity-management-fixture.hpp
similarity index 91%
rename from tests/unit-tests/security/identity-management-fixture.hpp
rename to tests/identity-management-fixture.hpp
index 268d2ea..116309a 100644
--- a/tests/unit-tests/security/identity-management-fixture.hpp
+++ b/tests/identity-management-fixture.hpp
@@ -19,6 +19,9 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
+#ifndef NDN_TESTS_IDENTITY_MANAGEMENT_FIXTURE_HPP
+#define NDN_TESTS_IDENTITY_MANAGEMENT_FIXTURE_HPP
+
#include "security/key-chain.hpp"
#include <vector>
@@ -51,3 +54,5 @@
} // namespace security
} // namespace ndn
+
+#endif // NDN_TESTS_IDENTITY_MANAGEMENT_FIXTURE_HPP
diff --git a/tests/integrated/test-faces.cpp b/tests/integrated/test-faces.cpp
index 9550286..05a2d6a 100644
--- a/tests/integrated/test-faces.cpp
+++ b/tests/integrated/test-faces.cpp
@@ -23,12 +23,13 @@
#include "util/scheduler.hpp"
#include "security/key-chain.hpp"
+#include "identity-management-fixture.hpp"
#include "boost-test.hpp"
namespace ndn {
namespace tests {
-class FacesFixture
+class FacesFixture : public security::IdentityManagementFixture
{
public:
FacesFixture()
@@ -147,8 +148,7 @@
shared_ptr<Data> data = make_shared<Data>(veryLongName);
data->setContent(reinterpret_cast<const uint8_t*>("01234567890"), 10);
- KeyChain keyChain;
- keyChain.sign(*data);
+ m_keyChain.sign(*data);
BOOST_CHECK_THROW(face.put(*data), Face::Error);
BOOST_REQUIRE_NO_THROW(face.processEvents());
diff --git a/tests/integrated/test-validator-config.cpp b/tests/integrated/test-validator-config.cpp
deleted file mode 100644
index 34f8fee..0000000
--- a/tests/integrated/test-validator-config.cpp
+++ /dev/null
@@ -1,1651 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2014 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <yingdi0@cs.ucla.edu>
- */
-
-#include "security/validator-config.hpp"
-
-#include "security/key-chain.hpp"
-#include "util/io.hpp"
-#include "util/scheduler.hpp"
-
-#include <boost/asio.hpp>
-
-#include "boost-test.hpp"
-
-using namespace std;
-
-namespace ndn {
-
-BOOST_AUTO_TEST_SUITE(TestValidatorConfig)
-
-void
-onValidated(const shared_ptr<const Data>& data)
-{
- BOOST_CHECK(true);
-}
-
-void
-onValidationFailed(const shared_ptr<const Data>& data, const string& failureInfo)
-{
- std::cerr << "Failure Info: " << failureInfo << std::endl;
- BOOST_CHECK(false);
-}
-
-void
-onIntentionalFailureValidated(const shared_ptr<const Data>& data)
-{
- BOOST_CHECK(false);
-}
-
-void
-onIntentionalFailureInvalidated(const shared_ptr<const Data>& data, const string& failureInfo)
-{
- BOOST_CHECK(true);
-}
-
-void
-onValidated2(const shared_ptr<const Interest>& interest)
-{
- BOOST_CHECK(true);
-}
-
-void
-onValidationFailed2(const shared_ptr<const Interest>& interest, const string& failureInfo)
-{
- std::cerr << "Interest Name: " << interest->getName() << std::endl;
- std::cerr << "Failure Info: " << failureInfo << std::endl;
- BOOST_CHECK(false);
-}
-
-void
-onIntentionalFailureValidated2(const shared_ptr<const Interest>& interest)
-{
- BOOST_CHECK(false);
-}
-
-void
-onIntentionalFailureInvalidated2(const shared_ptr<const Interest>& interest,
- const string& failureInfo)
-{
- BOOST_CHECK(true);
-}
-
-BOOST_AUTO_TEST_CASE(NameFilter)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/NameFilter");
- identity.appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
- Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
- shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
- io::save(*idCert, "trust-anchor-1.cert");
-
- Name dataName1("/simple/equal");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
-
- Name dataName2("/simple/different");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
-
- std::string CONFIG_1 =
- "rule\n"
- "{\n"
- " id \"Simple Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /simple/equal\n"
- " relation equal\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " name ";
-
- std::string CONFIG_2 =
- "\n"
- " relation equal\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-1.cert\"\n"
- "}\n";
- const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*data1,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- validator.validate(*data2,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- keyChain.deleteIdentity(identity);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-1.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-BOOST_AUTO_TEST_CASE(NameFilter2)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/NameFilter2");
- identity.appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
- Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
- shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
- io::save(*idCert, "trust-anchor-2.cert");
-
- Name dataName1("/simple/isPrefixOf");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
-
- Name dataName2("/simple/notPrefixOf");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
-
- Name dataName3("/simple/isPrefixOf/anotherLevel");
- shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
-
- std::string CONFIG_1 =
- "rule\n"
- "{\n"
- " id \"Simple2 Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /simple/isPrefixOf\n"
- " relation is-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " name ";
-
- std::string CONFIG_2 =
- "\n"
- " relation equal\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-2.cert\"\n"
- "}\n";
- const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*data1,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- validator.validate(*data2,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- validator.validate(*data3,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- keyChain.deleteIdentity(identity);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-2.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-BOOST_AUTO_TEST_CASE(NameFilter3)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/NameFilter3");
- identity.appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
- Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
- shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
- io::save(*idCert, "trust-anchor-3.cert");
-
- Name dataName1("/simple/isStrictPrefixOf");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
-
- Name dataName2("/simple");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
-
- Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
- shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
-
- std::string CONFIG_1 =
- "rule\n"
- "{\n"
- " id \"Simple3 Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /simple/isStrictPrefixOf\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " name ";
-
- std::string CONFIG_2 =
- "\n"
- " relation equal\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-3.cert\"\n"
- "}\n";
- const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*data1,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- validator.validate(*data2,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- validator.validate(*data3,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- keyChain.deleteIdentity(identity);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-3.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-BOOST_AUTO_TEST_CASE(NameFilter4)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/NameFilter4");
- identity.appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
- Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
- shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
- io::save(*idCert, "trust-anchor-4.cert");
-
- Name dataName1("/simple/regex");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
-
- Name dataName2("/simple/regex-wrong");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
-
- Name dataName3("/simple/regex/correct");
- shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
-
- std::string CONFIG_1 =
- "rule\n"
- "{\n"
- " id \"Simple3 Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " regex ^<simple><regex>\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " name ";
-
- std::string CONFIG_2 =
- "\n"
- " relation equal\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-4.cert\"\n"
- "}\n";
- const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*data1,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- validator.validate(*data2,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- validator.validate(*data3,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- keyChain.deleteIdentity(identity);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-4.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-BOOST_AUTO_TEST_CASE(KeyLocatorNameChecker1)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
- identity.appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
- Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
- shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
- io::save(*idCert, "trust-anchor-5.cert");
-
- Name dataName1 = identity;
- dataName1.append("1");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
-
- Name dataName2 = identity;
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
-
- Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
- shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"Simple3 Rule\"\n"
- " for data\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " hyper-relation\n"
- " {\n"
- " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
- " k-expand \\\\1\\\\2\n"
- " h-relation is-strict-prefix-of\n"
- " p-regex ^(<>*)$\n"
- " p-expand \\\\1\n"
- " }\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-5.cert\"\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*data1,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- validator.validate(*data2,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- validator.validate(*data3,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- keyChain.deleteIdentity(identity);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-5.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-struct FacesFixture
-{
- FacesFixture()
- : regPrefixId(0)
- , regPrefixId2(0)
- {}
-
- void
- onInterest(shared_ptr<Face> face, shared_ptr<Data> data)
- {
- face->put(*data);
- face->unsetInterestFilter(regPrefixId);
- }
-
- void
- onInterest2(shared_ptr<Face> face, shared_ptr<Data> data)
- {
- face->put(*data);
- face->unsetInterestFilter(regPrefixId2);
- }
-
- void
- onRegFailed()
- {}
-
- void
- validate1(shared_ptr<ValidatorConfig> validator, shared_ptr<Data> data)
- {
- validator->validate(*data,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
- }
-
- void
- validate2(shared_ptr<ValidatorConfig> validator, shared_ptr<Data> data)
- {
- validator->validate(*data,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
- }
-
- void
- validate3(shared_ptr<ValidatorConfig> validator, shared_ptr<Interest> interest)
- {
- validator->validate(*interest,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
- }
-
- void
- validate4(shared_ptr<ValidatorConfig> validator, shared_ptr<Interest> interest)
- {
- validator->validate(*interest,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
- }
-
- void
- terminate(shared_ptr<Face> face)
- {
- face->getIoService().stop();
- }
-
- const RegisteredPrefixId* regPrefixId;
- const RegisteredPrefixId* regPrefixId2;
-};
-
-BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
-{
- KeyChain keyChain;
- std::vector<CertificateSubjectDescription> subjectDescription;
-
- Name root("/TestValidatorConfig");
- Name rootCertName = keyChain.createIdentity(root);
- shared_ptr<IdentityCertificate> rootCert =
- keyChain.getCertificate(rootCertName);
- io::save(*rootCert, "trust-anchor-6.cert");
-
-
- Name sld("/TestValidatorConfig/HierarchicalChecker");
- Name sldKeyName = keyChain.generateRsaKeyPairAsDefault(sld, true);
- shared_ptr<IdentityCertificate> sldCert =
- keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
- root,
- time::system_clock::now(),
- time::system_clock::now() + time::days(7300),
- subjectDescription);
- keyChain.signByIdentity(*sldCert, root);
- keyChain.addCertificateAsIdentityDefault(*sldCert);
-
- Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
- Name nldKeyName = keyChain.generateRsaKeyPairAsDefault(nld, true);
- shared_ptr<IdentityCertificate> nldCert =
- keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
- sld,
- time::system_clock::now(),
- time::system_clock::now() + time::days(7300),
- subjectDescription);
- keyChain.signByIdentity(*nldCert, sld);
- keyChain.addCertificateAsIdentityDefault(*nldCert);
-
- shared_ptr<Face> face = make_shared<Face>();
- Face face2(face->getIoService());
- Scheduler scheduler(face->getIoService());
-
- scheduler.scheduleEvent(time::seconds(1),
- bind(&FacesFixture::terminate, this, face));
-
- regPrefixId = face->setInterestFilter(sldCert->getName().getPrefix(-1),
- bind(&FacesFixture::onInterest, this, face, sldCert),
- RegisterPrefixSuccessCallback(),
- bind(&FacesFixture::onRegFailed, this));
-
- regPrefixId2 = face->setInterestFilter(nldCert->getName().getPrefix(-1),
- bind(&FacesFixture::onInterest2, this, face, nldCert),
- RegisterPrefixSuccessCallback(),
- bind(&FacesFixture::onRegFailed, this));
-
- Name dataName1 = nld;
- dataName1.append("data1");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, nld));
-
- Name dataName2("/ConfValidatorTest");
- dataName2.append("data1");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, nld));
-
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"Simple3 Rule\"\n"
- " for data\n"
- " checker\n"
- " {\n"
- " type hierarchical\n"
- " sig-type rsa-sha256\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-6.cert\"\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face2));
- validator->load(CONFIG, CONFIG_PATH.native());
-
- scheduler.scheduleEvent(time::milliseconds(200),
- bind(&FacesFixture::validate1, this,
- validator, data1));
-
- scheduler.scheduleEvent(time::milliseconds(400),
- bind(&FacesFixture::validate2, this,
- validator, data2));
-
- BOOST_REQUIRE_NO_THROW(face->processEvents());
-
- keyChain.deleteIdentity(root);
- keyChain.deleteIdentity(sld);
- keyChain.deleteIdentity(nld);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-6.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-BOOST_AUTO_TEST_CASE(FixedSignerChecker)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/FixedSignerChecker");
-
- Name identity1 = identity;
- identity1.append("1").appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity1));
- Name certName1 = keyChain.getDefaultCertificateNameForIdentity(identity1);
- shared_ptr<IdentityCertificate> idCert1 = keyChain.getCertificate(certName1);
- io::save(*idCert1, "trust-anchor-7.cert");
-
- Name identity2 = identity;
- identity2.append("2").appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity2));
-
- Name dataName1 = identity;
- dataName1.append("data").appendVersion();
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity1));
-
- Name dataName2 = identity;
- dataName2.append("data").appendVersion();
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity2));
-
- Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
- shared_ptr<Interest> interest = make_shared<Interest>(interestName);
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Data Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/FixedSignerChecker\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-7.cert\"\n"
- " }\n"
- " }\n"
- "}\n"
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Interest Rule\"\n"
- " for interest\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/FixedSignerChecker\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-7.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*data1,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- validator.validate(*data2,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- validator.validate(*interest,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
-
-
- keyChain.deleteIdentity(identity1);
- keyChain.deleteIdentity(identity2);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-7.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-
-BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
-{
- KeyChain keyChain;
- std::vector<CertificateSubjectDescription> subjectDescription;
-
- Name root("/TestValidatorConfig");
- Name rootCertName = keyChain.createIdentity(root);
- shared_ptr<IdentityCertificate> rootCert =
- keyChain.getCertificate(rootCertName);
- io::save(*rootCert, "trust-anchor-8.cert");
-
-
- Name sld("/TestValidatorConfig/Nrd-1");
- Name sldKeyName = keyChain.generateRsaKeyPairAsDefault(sld, true);
- shared_ptr<IdentityCertificate> sldCert =
- keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
- root,
- time::system_clock::now(),
- time::system_clock::now() + time::days(7300),
- subjectDescription);
- keyChain.signByIdentity(*sldCert, root);
- keyChain.addCertificateAsIdentityDefault(*sldCert);
-
- Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
- Name nldKeyName = keyChain.generateRsaKeyPairAsDefault(nld, true);
- shared_ptr<IdentityCertificate> nldCert =
- keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
- sld,
- time::system_clock::now(),
- time::system_clock::now() + time::days(7300),
- subjectDescription);
- keyChain.signByIdentity(*nldCert, sld);
- keyChain.addCertificateAsIdentityDefault(*nldCert);
-
- shared_ptr<Face> face = make_shared<Face>();
- Face face2(face->getIoService());
- Scheduler scheduler(face->getIoService());
-
- scheduler.scheduleEvent(time::seconds(1),
- bind(&FacesFixture::terminate, this, face));
-
- regPrefixId = face->setInterestFilter(sldCert->getName().getPrefix(-1),
- bind(&FacesFixture::onInterest, this, face, sldCert),
- RegisterPrefixSuccessCallback(),
- bind(&FacesFixture::onRegFailed, this));
-
- regPrefixId2 = face->setInterestFilter(nldCert->getName().getPrefix(-1),
- bind(&FacesFixture::onInterest2, this, face, nldCert),
- RegisterPrefixSuccessCallback(),
- bind(&FacesFixture::onRegFailed, this));
-
- Name interestName1("/localhost/nrd/register/option");
- shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest1, nld));
-
- Name interestName2("/localhost/nrd/non-register");
- shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest2, nld));
-
- Name interestName3("/localhost/nrd/register/option");
- shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest3, root));
-
- Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
- shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"NRD Prefix Registration Command Rule\"\n"
- " for interest\n"
- " filter\n"
- " {\n"
- " type name\n"
- " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
- " }\n"
- " }\n"
- "}\n"
- "rule\n"
- "{\n"
- " id \"Testbed Hierarchy Rule\"\n"
- " for data\n"
- " filter\n"
- " {\n"
- " type name\n"
- " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
- " }\n"
- " checker\n"
- " {\n"
- " type hierarchical\n"
- " sig-type rsa-sha256\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-8.cert\"\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face2));
- validator->load(CONFIG, CONFIG_PATH.native());
-
- // should succeed
- scheduler.scheduleEvent(time::milliseconds(200),
- bind(&FacesFixture::validate3, this,
- validator, interest1));
- // should fail
- scheduler.scheduleEvent(time::milliseconds(400),
- bind(&FacesFixture::validate4, this,
- validator, interest2));
- // should succeed
- scheduler.scheduleEvent(time::milliseconds(600),
- bind(&FacesFixture::validate3, this,
- validator, interest3));
- // should fail
- scheduler.scheduleEvent(time::milliseconds(600),
- bind(&FacesFixture::validate4, this,
- validator, interest4));
-
- BOOST_REQUIRE_NO_THROW(face->processEvents());
-
- keyChain.deleteIdentity(root);
- keyChain.deleteIdentity(sld);
- keyChain.deleteIdentity(nld);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-BOOST_AUTO_TEST_CASE(Reset)
-{
- KeyChain keyChain;
-
- Name root("/TestValidatorConfig/Reload");
- Name rootCertName = keyChain.createIdentity(root);
- shared_ptr<IdentityCertificate> rootCert =
- keyChain.getCertificate(rootCertName);
- io::save(*rootCert, "trust-anchor-8.cert");
-
- Face face;
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"NRD Prefix Registration Command Rule\"\n"
- " for interest\n"
- " filter\n"
- " {\n"
- " type name\n"
- " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
- " }\n"
- " }\n"
- "}\n"
- "rule\n"
- "{\n"
- " id \"Testbed Hierarchy Rule\"\n"
- " for data\n"
- " filter\n"
- " {\n"
- " type name\n"
- " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
- " }\n"
- " checker\n"
- " {\n"
- " type hierarchical\n"
- " sig-type rsa-sha256\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-8.cert\"\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
-
- validator->load(CONFIG, CONFIG_PATH.native());
- BOOST_CHECK_EQUAL(validator->isEmpty(), false);
-
- validator->reset();
- BOOST_CHECK(validator->isEmpty());
-
- keyChain.deleteIdentity(root);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-BOOST_AUTO_TEST_CASE(TrustAnchorWildcard)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/Wildcard");
- identity.appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
-
- Name dataName1("/any/data");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
-
- std::string CONFIG =
- "trust-anchor\n"
- "{\n"
- " type any\n"
- "}\n";
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*data1,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- keyChain.deleteIdentity(identity);
-}
-
-
-
-struct DirTestFixture
-{
- DirTestFixture()
- : m_scheduler(m_face.getIoService())
- , m_validator(m_face, ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
- ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
- {
- m_certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
- boost::filesystem::create_directory(m_certDirPath);
-
- m_firstCertPath = (boost::filesystem::current_path() /
- std::string("test-cert-dir") /
- std::string("trust-anchor-1.cert"));
-
- m_secondCertPath = (boost::filesystem::current_path() /
- std::string("test-cert-dir") /
- std::string("trust-anchor-2.cert"));
-
- m_firstIdentity = Name("/TestValidatorConfig/Dir/First");
- BOOST_REQUIRE_NO_THROW(m_keyChain.createIdentity(m_firstIdentity));
- Name firstCertName = m_keyChain.getDefaultCertificateNameForIdentity(m_firstIdentity);
- m_firstCert = m_keyChain.getCertificate(firstCertName);
- io::save(*m_firstCert, m_firstCertPath.string());
-
- m_secondIdentity = Name("/TestValidatorConfig/Dir/Second");
- BOOST_REQUIRE_NO_THROW(m_keyChain.createIdentity(m_secondIdentity));
- Name secondCertName = m_keyChain.getDefaultCertificateNameForIdentity(m_secondIdentity);
- m_secondCert = m_keyChain.getCertificate(secondCertName);
- }
-
- ~DirTestFixture()
- {
- m_keyChain.deleteIdentity(m_firstIdentity);
- m_keyChain.deleteIdentity(m_secondIdentity);
-
- boost::filesystem::remove_all(m_certDirPath);
- }
-
- void
- insertSecondTrustAnchor()
- {
- io::save(*m_secondCert, m_secondCertPath.string());
- }
-
- void
- validate(shared_ptr<Data> data)
- {
- m_validator.validate(*data,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
- }
-
- void
- invalidate(shared_ptr<Data> data)
- {
- m_validator.validate(*data,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
- }
-
- void
- terminate()
- {
- m_face.getIoService().stop();
- }
-
-protected:
-
- KeyChain m_keyChain;
-
- boost::filesystem::path m_certDirPath;
- boost::filesystem::path m_firstCertPath;
- boost::filesystem::path m_secondCertPath;
-
- Name m_firstIdentity;
- Name m_secondIdentity;
-
- shared_ptr<IdentityCertificate> m_firstCert;
- shared_ptr<IdentityCertificate> m_secondCert;
-
- Face m_face;
- Scheduler m_scheduler;
- ValidatorConfig m_validator;
-};
-
-BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
-{
- Name dataName1("/any/data/1");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, m_firstIdentity));
-
- Name dataName2("/any/data/2");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, m_secondIdentity));
-
- std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"Any Rule\"\n"
- " for data\n"
- " filter\n"
- " {\n"
- " type name\n"
- " regex ^<>*$\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " regex ^<>*$\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type dir\n"
- " dir test-cert-dir\n"
- " refresh 1s\n"
- "}\n";
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- m_validator.load(CONFIG, CONFIG_PATH.native());
-
- m_scheduler.scheduleEvent(time::milliseconds(200),
- bind(&DirTestFixture::validate, this, data1));
- m_scheduler.scheduleEvent(time::milliseconds(200),
- bind(&DirTestFixture::invalidate, this, data2));
-
- m_scheduler.scheduleEvent(time::milliseconds(500),
- bind(&DirTestFixture::insertSecondTrustAnchor, this));
-
- m_scheduler.scheduleEvent(time::milliseconds(1500),
- bind(&DirTestFixture::validate, this, data1));
- m_scheduler.scheduleEvent(time::milliseconds(1500),
- bind(&DirTestFixture::validate, this, data2));
-
- m_scheduler.scheduleEvent(time::milliseconds(2000),
- bind(&DirTestFixture::terminate, this));
-
- BOOST_REQUIRE_NO_THROW(m_face.processEvents());
-}
-
-
-BOOST_AUTO_TEST_CASE(SignedInterestTest)
-{
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/SignedInterestTest");
-
- Name identity1 = identity;
- identity1.appendVersion();
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity1));
- Name certName1 = keyChain.getDefaultCertificateNameForIdentity(identity1);
- shared_ptr<IdentityCertificate> idCert1 = keyChain.getCertificate(certName1);
- io::save(*idCert1, "trust-anchor-9.cert");
-
- Name interestName("/TestValidatorConfig/SignedInterestTest");
- Name interestName1 = interestName;
- interestName1.append("1");
- shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
- Name interestName2 = interestName;
- interestName2.append("2");
- shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
-
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest1, identity1));
- usleep(10000);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest2, identity1));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Interest Rule\"\n"
- " for interest\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/SignedInterestTest\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-9.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*interest1,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest2,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest1,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
-
-
- keyChain.deleteIdentity(identity1);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-9.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-
-BOOST_AUTO_TEST_CASE(MaxKeyTest)
-{
-
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/MaxKeyTest");
-
- Name identity1 = identity;
- identity1.append("Key1");
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity1));
- Name certName1 = keyChain.getDefaultCertificateNameForIdentity(identity1);
- shared_ptr<IdentityCertificate> idCert1 = keyChain.getCertificate(certName1);
- io::save(*idCert1, "trust-anchor-10-1.cert");
-
- Name identity2 = identity;
- identity2.append("Key2");
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity2));
- Name certName2 = keyChain.getDefaultCertificateNameForIdentity(identity2);
- shared_ptr<IdentityCertificate> idCert2 = keyChain.getCertificate(certName2);
- io::save(*idCert2, "trust-anchor-10-2.cert");
-
- Name identity3 = identity;
- identity3.append("Key3");
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity3));
- Name certName3 = keyChain.getDefaultCertificateNameForIdentity(identity3);
- shared_ptr<IdentityCertificate> idCert3 = keyChain.getCertificate(certName3);
- io::save(*idCert3, "trust-anchor-10-3.cert");
-
-
- Name interestName("/TestValidatorConfig/MaxKeyTest");
- Name interestName1 = interestName;
- interestName1.append("1");
- shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
- Name interestName2 = interestName;
- interestName2.append("2");
- shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
- Name interestName3 = interestName;
- interestName3.append("3");
- shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
-
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest1, identity1));
- usleep(10000);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest2, identity2));
- usleep(10000);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest3, identity3));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Interest Rule\"\n"
- " for interest\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/MaxKeyTest\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-1.cert\"\n"
- " }\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-2.cert\"\n"
- " }\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-3.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face,
- ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
- ValidatorConfig::DEFAULT_GRACE_INTERVAL,
- 10,
- 2, // Two keys can be tracked
- time::seconds(1)); // TTL is set to 1 sec
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*interest1,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest2,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest1,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
-
- validator.validate(*interest3,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- // Should succeed because identity1's key has been cleaned up due to space limit.
- validator.validate(*interest1,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
-
- keyChain.deleteIdentity(identity1);
- keyChain.deleteIdentity(identity2);
- keyChain.deleteIdentity(identity3);
-
- const boost::filesystem::path CERT_PATH1 =
- (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
- boost::filesystem::remove(CERT_PATH1);
-
- const boost::filesystem::path CERT_PATH2 =
- (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
- boost::filesystem::remove(CERT_PATH2);
-
- const boost::filesystem::path CERT_PATH3 =
- (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
- boost::filesystem::remove(CERT_PATH3);
-}
-
-BOOST_AUTO_TEST_CASE(MaxKeyTest2)
-{
-
- KeyChain keyChain;
-
- Name identity("/TestValidatorConfig/MaxKeyTest");
-
- Name identity1 = identity;
- identity1.append("Key1");
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity1));
- Name certName1 = keyChain.getDefaultCertificateNameForIdentity(identity1);
- shared_ptr<IdentityCertificate> idCert1 = keyChain.getCertificate(certName1);
- io::save(*idCert1, "trust-anchor-10-1.cert");
-
- Name identity2 = identity;
- identity2.append("Key2");
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity2));
- Name certName2 = keyChain.getDefaultCertificateNameForIdentity(identity2);
- shared_ptr<IdentityCertificate> idCert2 = keyChain.getCertificate(certName2);
- io::save(*idCert2, "trust-anchor-10-2.cert");
-
- Name identity3 = identity;
- identity3.append("Key3");
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity3));
- Name certName3 = keyChain.getDefaultCertificateNameForIdentity(identity3);
- shared_ptr<IdentityCertificate> idCert3 = keyChain.getCertificate(certName3);
- io::save(*idCert3, "trust-anchor-10-3.cert");
-
- Name identity4 = identity;
- identity4.append("Key4");
- BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity4));
- Name certName4 = keyChain.getDefaultCertificateNameForIdentity(identity4);
- shared_ptr<IdentityCertificate> idCert4 = keyChain.getCertificate(certName4);
- io::save(*idCert4, "trust-anchor-10-4.cert");
-
-
- Name interestName("/TestValidatorConfig/MaxKeyTest");
- Name interestName1 = interestName;
- interestName1.append("1");
- shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
- Name interestName2 = interestName;
- interestName2.append("2");
- shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
- Name interestName3 = interestName;
- interestName3.append("3");
- shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
- Name interestName4 = interestName;
- interestName4.append("4");
- shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
-
-
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest1, identity1));
- usleep(10000);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest2, identity2));
- usleep(10000);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest3, identity3));
- usleep(10000);
- BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest4, identity4));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Interest Rule\"\n"
- " for interest\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/MaxKeyTest\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-1.cert\"\n"
- " }\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-2.cert\"\n"
- " }\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-3.cert\"\n"
- " }\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-4.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
-
- Face face;
- ValidatorConfig validator(face,
- ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
- ValidatorConfig::DEFAULT_GRACE_INTERVAL,
- 10,
- 3, // Two keys can be tracked
- time::seconds(1)); // TTL is set to 1 sec
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*interest1,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest2,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest3,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest1,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
-
- validator.validate(*interest2,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
-
- validator.validate(*interest3,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
-
- sleep(2);
-
- validator.validate(*interest4,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
- validator.validate(*interest1,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest2,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interest3,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
-
- keyChain.deleteIdentity(identity1);
- keyChain.deleteIdentity(identity2);
- keyChain.deleteIdentity(identity3);
- keyChain.deleteIdentity(identity4);
-
- const boost::filesystem::path CERT_PATH1 =
- (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
- boost::filesystem::remove(CERT_PATH1);
-
- const boost::filesystem::path CERT_PATH2 =
- (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
- boost::filesystem::remove(CERT_PATH2);
-
- const boost::filesystem::path CERT_PATH3 =
- (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
- boost::filesystem::remove(CERT_PATH3);
-
- const boost::filesystem::path CERT_PATH4 =
- (boost::filesystem::current_path() / std::string("trust-anchor-10-4.cert"));
- boost::filesystem::remove(CERT_PATH4);
-}
-
-BOOST_AUTO_TEST_CASE(FixedSignerChecker2)
-{
- KeyChain keyChain("sqlite3", "file");
-
- Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
- Name rsaCertName = keyChain.createIdentity(rsaIdentity);
-
- EcdsaKeyParams params;
- Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
- Name ecdsaCertName = keyChain.createIdentity(ecdsaIdentity, params);
- shared_ptr<IdentityCertificate> ecdsaCert = keyChain.getCertificate(ecdsaCertName);
- io::save(*ecdsaCert, "trust-anchor-11.cert");
-
-
- Name dataName("/TestValidatorConfig/FixedSignerChecker2");
- shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
- keyChain.signByIdentity(*dataRsa, rsaIdentity);
- shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
- keyChain.signByIdentity(*dataEcdsa, ecdsaIdentity);
-
- shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
- keyChain.signByIdentity(*interestRsa, rsaIdentity);
- shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
- keyChain.signByIdentity(*interestEcdsa, ecdsaIdentity);
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Data Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/FixedSignerChecker2\n"
- " relation equal\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type ecdsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-11.cert\"\n"
- " }\n"
- " }\n"
- "}\n"
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Interest Rule\"\n"
- " for interest\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/FixedSignerChecker2\n"
- " relation equal\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type ecdsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-11.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test.conf"));
-
-
- Face face;
- ValidatorConfig validator(face);
- validator.load(CONFIG, CONFIG_PATH.native());
-
- validator.validate(*dataEcdsa,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-
- validator.validate(*dataRsa,
- bind(&onIntentionalFailureValidated, _1),
- bind(&onIntentionalFailureInvalidated, _1, _2));
-
- validator.validate(*interestEcdsa,
- bind(&onValidated2, _1),
- bind(&onValidationFailed2, _1, _2));
-
- validator.validate(*interestRsa,
- bind(&onIntentionalFailureValidated2, _1),
- bind(&onIntentionalFailureInvalidated2, _1, _2));
-
-
- keyChain.deleteIdentity(rsaIdentity);
- keyChain.deleteIdentity(ecdsaIdentity);
-
- const boost::filesystem::path CERT_PATH =
- (boost::filesystem::current_path() / std::string("trust-anchor-11.cert"));
- boost::filesystem::remove(CERT_PATH);
-}
-
-
-BOOST_AUTO_TEST_SUITE_END()
-
-} // namespace ndn
diff --git a/tests/unit-tests/security/identity-management-fixture.cpp b/tests/unit-tests/identity-management-time-fixture.cpp
similarity index 64%
copy from tests/unit-tests/security/identity-management-fixture.cpp
copy to tests/unit-tests/identity-management-time-fixture.cpp
index 72c0cbe..4033e30 100644
--- a/tests/unit-tests/security/identity-management-fixture.cpp
+++ b/tests/unit-tests/identity-management-time-fixture.cpp
@@ -19,35 +19,17 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "identity-management-fixture.hpp"
+#include "identity-management-time-fixture.hpp"
namespace ndn {
namespace security {
-IdentityManagementFixture::IdentityManagementFixture()
- : m_keyChain("sqlite3", "file")
+IdentityManagementTimeFixture::IdentityManagementTimeFixture()
{
}
-IdentityManagementFixture::~IdentityManagementFixture()
+IdentityManagementTimeFixture::~IdentityManagementTimeFixture()
{
- for (std::vector<Name>::iterator it = m_identities.begin();
- it != m_identities.end(); it++) {
- m_keyChain.deleteIdentity(*it);
- }
-}
-
-bool
-IdentityManagementFixture::addIdentity(const Name& identity, const KeyParams& params)
-{
- try {
- m_keyChain.createIdentity(identity, params);
- m_identities.push_back(identity);
- return true;
- }
- catch (std::runtime_error& e) {
- return false;
- }
}
} // namespace security
diff --git a/tests/unit-tests/security/identity-management-fixture.hpp b/tests/unit-tests/identity-management-time-fixture.hpp
similarity index 71%
copy from tests/unit-tests/security/identity-management-fixture.hpp
copy to tests/unit-tests/identity-management-time-fixture.hpp
index 268d2ea..f6fdb3d 100644
--- a/tests/unit-tests/security/identity-management-fixture.hpp
+++ b/tests/unit-tests/identity-management-time-fixture.hpp
@@ -19,8 +19,13 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
+#ifndef NDN_TESTS_IDENTITY_MANAGEMENT_TIME_FIXTURE_HPP
+#define NDN_TESTS_IDENTITY_MANAGEMENT_TIME_FIXTURE_HPP
+
#include "security/key-chain.hpp"
#include <vector>
+#include "identity-management-fixture.hpp"
+#include "unit-test-time-fixture.hpp"
#include "boost-test.hpp"
@@ -28,26 +33,21 @@
namespace security {
/**
- * @brief IdentityManagementFixture is a test suite level fixture.
+ * @brief IdentityManagementTimeFixture is a test suite level fixture.
* Test cases in the suite can use this fixture to create identities.
* Identities added via addIdentity method are automatically deleted
* during test teardown.
*/
-class IdentityManagementFixture
+class IdentityManagementTimeFixture : public tests::UnitTestTimeFixture
+ , public IdentityManagementFixture
{
public:
- IdentityManagementFixture();
+ IdentityManagementTimeFixture();
- ~IdentityManagementFixture();
-
- /// @brief add identity, return true if succeed.
- bool
- addIdentity(const Name& identity, const KeyParams& params = KeyChain::DEFAULT_KEY_PARAMS);
-
-protected:
- KeyChain m_keyChain;
- std::vector<Name> m_identities;
+ ~IdentityManagementTimeFixture();
};
} // namespace security
} // namespace ndn
+
+#endif // NDN_TESTS_IDENTITY_MANAGEMENT_TIME_FIXTURE_HPP
diff --git a/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf b/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf
index e69de29..ebc2bfd 100644
--- a/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf
+++ b/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf
@@ -0,0 +1,4 @@
+; Empty client.conf is unfeasible in automated tests,
+; see tests/unit-tests/security/config-file-readme.txt.
+; The test is broken into two: 1) missing pib and 2) missing tpm
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
\ No newline at end of file
diff --git a/tests/unit-tests/security/config-file-empty2-home/.ndn/client.conf b/tests/unit-tests/security/config-file-empty2-home/.ndn/client.conf
new file mode 100644
index 0000000..d50e5ac
--- /dev/null
+++ b/tests/unit-tests/security/config-file-empty2-home/.ndn/client.conf
@@ -0,0 +1,4 @@
+; Empty client.conf is unfeasible in automated tests,
+; see tests/unit-tests/security/config-file-readme.txt.
+; The test is broken into two: 1) missing pib and 2) missing tpm
+tpm=tpm-file:/tmp/test/ndn-cxx/keychain/empty-file/
\ No newline at end of file
diff --git a/tests/unit-tests/security/config-file-home/.ndn/client.conf b/tests/unit-tests/security/config-file-home/.ndn/client.conf
index cc05409..47c9406 100644
--- a/tests/unit-tests/security/config-file-home/.ndn/client.conf
+++ b/tests/unit-tests/security/config-file-home/.ndn/client.conf
@@ -1,2 +1,2 @@
-pib=sqlite3
-tpm=file
\ No newline at end of file
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-file/
+tpm=tpm-file:/tmp/test/ndn-cxx/keychain/sqlite3-file/
\ No newline at end of file
diff --git a/tests/unit-tests/security/config-file-malformed2-home/.ndn/client.conf b/tests/unit-tests/security/config-file-malformed2-home/.ndn/client.conf
index 3f7795d..2cfb7f6 100644
--- a/tests/unit-tests/security/config-file-malformed2-home/.ndn/client.conf
+++ b/tests/unit-tests/security/config-file-malformed2-home/.ndn/client.conf
@@ -1,2 +1,2 @@
-pib=sqlite3
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-just-wrong/
tpm=just-wrong
diff --git a/tests/unit-tests/security/config-file-readme.txt b/tests/unit-tests/security/config-file-readme.txt
new file mode 100644
index 0000000..44e5f61
--- /dev/null
+++ b/tests/unit-tests/security/config-file-readme.txt
@@ -0,0 +1,11 @@
+In test, we set a test-specific "HOME", which cause OS X keychain look for the
+default keychain of a "different" user. If the default keychain does not exist,
+all subsequent calls to OS X keychain will fail. User interaction (such as
+specifying password) is required to create a keychain. However, user interaction
+is not feasible in automated tests.
+
+This problem is caused by the OS X system assumption that one user must have a
+login keychain, which is also the user's default keychain, because a user
+account is always created with a login keychain as default. Thus OS X system
+infers a user according to the HOME env, and did not expect user to change the
+HOME env in normal use.
diff --git a/tests/unit-tests/security/identity-fixture.cpp b/tests/unit-tests/security/identity-fixture.cpp
index 38c85a8..0e543bf 100644
--- a/tests/unit-tests/security/identity-fixture.cpp
+++ b/tests/unit-tests/security/identity-fixture.cpp
@@ -21,6 +21,8 @@
#include "security/key-chain.hpp"
#include "../util/test-home-environment-fixture.hpp"
+#include <boost/filesystem.hpp>
+
#include "boost-test.hpp"
namespace ndn {
@@ -31,10 +33,18 @@
public:
IdentityFixture()
{
- // initialize KeyChain from TEST_HOME
- setenv("TEST_HOME", "tests/unit-tests/security/config-file-home", 1);
+ using namespace boost::filesystem;
- KeyChain keyChain("sqlite3", "file");
+ // initialize KeyChain from test specific HOME: tests/unit-tests/security/tmp-home
+ if (std::getenv("HOME"))
+ m_HOME = std::getenv("HOME");
+ if (std::getenv("OLD_HOME"))
+ m_OLD_HOME = std::getenv("OLD_HOME");
+
+ setenv("HOME", "tests/unit-tests/security/tmp-home", 1);
+ setenv("OLD_HOME", m_HOME.c_str(), 1);
+
+ KeyChain keyChain;
// save the old default identity
try {
@@ -58,7 +68,9 @@
~IdentityFixture()
{
- KeyChain keyChain("sqlite3", "file");
+ using namespace boost::filesystem;
+
+ KeyChain keyChain;
// recover the old default setting
if (m_hasOldDefaultIdentity) {
@@ -69,9 +81,30 @@
// XXX This has no effect if oldDefaultIdentity doesn't exist.
// newIdentity would be kept as default.
keyChain.deleteIdentity(m_newIdentity);
+
+ path pibPath(absolute(std::getenv("HOME")));
+ pibPath /= ".ndn/ndnsec-public-info.db";
+
+ boost::filesystem::remove(pibPath);
+
+ path tpmPath(absolute(std::getenv("HOME")));
+ tpmPath /= ".ndn/ndnsec-tpm-file";
+
+ boost::filesystem::remove_all(tpmPath);
+
+ if (!m_HOME.empty())
+ setenv("HOME", m_HOME.c_str(), 1);
+ else
+ unsetenv("HOME");
+
+ if (!m_OLD_HOME.empty())
+ setenv("OLD_HOME", m_OLD_HOME.c_str(), 1);
+ else
+ unsetenv("OLD_HOME");
}
private:
+ std::string m_OLD_HOME;
std::string m_HOME;
bool m_hasOldDefaultIdentity;
diff --git a/tests/unit-tests/security/test-keychain.cpp b/tests/unit-tests/security/test-keychain.cpp
index bb3af0c..70e8e01 100644
--- a/tests/unit-tests/security/test-keychain.cpp
+++ b/tests/unit-tests/security/test-keychain.cpp
@@ -52,6 +52,42 @@
setenv("TEST_HOME", "tests/unit-tests/security/config-file-empty-home", 1);
+#if defined(NDN_CXX_HAVE_OSX_SECURITY)
+ std::string oldHOME;
+ if (std::getenv("OLD_HOME"))
+ oldHOME = std::getenv("OLD_HOME");
+
+ std::string HOME;
+ if (std::getenv("HOME"))
+ HOME = std::getenv("HOME");
+
+ if (!oldHOME.empty())
+ setenv("HOME", oldHOME.c_str(), 1);
+ else
+ unsetenv("HOME");
+#endif
+
+ BOOST_REQUIRE_NO_THROW(KeyChain());
+
+#if defined(NDN_CXX_HAVE_OSX_SECURITY)
+ if (!HOME.empty())
+ setenv("HOME", HOME.c_str(), 1);
+ else
+ unsetenv("HOME");
+#endif
+
+ path pibPath(absolute(std::getenv("TEST_HOME")));
+ pibPath /= ".ndn/ndnsec-public-info.db";
+
+ boost::filesystem::remove(pibPath);
+}
+
+BOOST_AUTO_TEST_CASE(ConstructorEmpty2Config)
+{
+ using namespace boost::filesystem;
+
+ setenv("TEST_HOME", "tests/unit-tests/security/config-file-empty2-home", 1);
+
BOOST_REQUIRE_NO_THROW(KeyChain());
path pibPath(absolute(std::getenv("TEST_HOME")));
@@ -80,8 +116,7 @@
BOOST_AUTO_TEST_CASE(ExportIdentity)
{
- BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
- KeyChain keyChain("sqlite3", "file");
+ KeyChain keyChain;
Name identity("/TestKeyChain/ExportIdentity/");
identity.appendVersion();
@@ -123,8 +158,7 @@
BOOST_AUTO_TEST_CASE(PrepareIdentityCertificate)
{
- BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
- KeyChain keyChain("sqlite3", "file");
+ KeyChain keyChain;
Name identity("/TestKeyChain/PrepareIdentityCertificate/");
identity.appendVersion();
@@ -196,6 +230,73 @@
keyChain.deleteIdentity(anotherIdentity);
}
+BOOST_AUTO_TEST_CASE(Delete)
+{
+ KeyChain keyChain;
+
+ Name identity("/TestSecPublicInfoSqlite3/Delete");
+ identity.appendVersion();
+
+ Name certName1;
+ BOOST_REQUIRE_NO_THROW(certName1 = keyChain.createIdentity(identity));
+
+ Name keyName1 = IdentityCertificate::certificateNameToPublicKeyName(certName1);
+ Name keyName2;
+ BOOST_REQUIRE_NO_THROW(keyName2 = keyChain.generateRsaKeyPairAsDefault(identity));
+
+ shared_ptr<IdentityCertificate> cert2;
+ BOOST_REQUIRE_NO_THROW(cert2 = keyChain.selfSign(keyName2));
+ Name certName2 = cert2->getName();
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert2));
+
+ Name keyName3;
+ BOOST_REQUIRE_NO_THROW(keyName3 = keyChain.generateRsaKeyPairAsDefault(identity));
+
+ shared_ptr<IdentityCertificate> cert3;
+ BOOST_REQUIRE_NO_THROW(cert3 = keyChain.selfSign(keyName3));
+ Name certName3 = cert3->getName();
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert3));
+ shared_ptr<IdentityCertificate> cert4;
+ BOOST_REQUIRE_NO_THROW(cert4 = keyChain.selfSign(keyName3));
+ Name certName4 = cert4->getName();
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert4));
+ shared_ptr<IdentityCertificate> cert5;
+ BOOST_REQUIRE_NO_THROW(cert5 = keyChain.selfSign(keyName3));
+ Name certName5 = cert5->getName();
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert5));
+
+ BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), true);
+
+ BOOST_REQUIRE_NO_THROW(keyChain.deleteCertificate(certName5));
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), false);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true);
+
+ BOOST_REQUIRE_NO_THROW(keyChain.deleteKey(keyName3));
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), false);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), false);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), false);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true);
+ BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true);
+
+ BOOST_REQUIRE_NO_THROW(keyChain.deleteIdentity(identity));
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), false);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), false);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), false);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), false);
+ BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), false);
+}
+
BOOST_AUTO_TEST_SUITE_END()
} // namespace tests
diff --git a/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp b/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp
index 6d44811..f7c4136 100644
--- a/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp
+++ b/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp
@@ -25,11 +25,32 @@
#include "encoding/buffer-stream.hpp"
#include "util/time.hpp"
+#include <boost/filesystem.hpp>
+#include <boost/lexical_cast.hpp>
#include "boost-test.hpp"
-using namespace std;
namespace ndn {
+class PibTmpPathFixture
+{
+public:
+ PibTmpPathFixture()
+ {
+ boost::system::error_code error;
+ tmpPath = boost::filesystem::temp_directory_path(error);
+ BOOST_REQUIRE(boost::system::errc::success == error.value());
+ tmpPath /= boost::lexical_cast<std::string>(random::generateWord32());
+ }
+
+ ~PibTmpPathFixture()
+ {
+ boost::filesystem::remove_all(tmpPath);
+ }
+
+public:
+ boost::filesystem::path tmpPath;
+};
+
BOOST_AUTO_TEST_SUITE(SecurityTestSecPublicInfoSqlite3)
const std::string RSA_DER("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFoDcNtffwbfFix64fw0\
@@ -42,72 +63,36 @@
const std::string ECDSA_DER("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENZpqkPJDj8uhSpffOiCbvSYMLsGB\
1Eo/WU6mrexjGvduQXjqwon/eSHFI6EgHZk8L9KfiV5XVtVsk2g5wIpJVg==");
-BOOST_AUTO_TEST_CASE(Delete)
+BOOST_FIXTURE_TEST_CASE(Basic, PibTmpPathFixture)
{
- BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
- KeyChain keyChain("sqlite3", "file");
+ SecPublicInfoSqlite3 pib(tmpPath.generic_string());
- Name identity("/TestSecPublicInfoSqlite3/Delete");
- identity.appendVersion();
+ BOOST_CHECK(pib.doesTableExist("Identity"));
+ BOOST_CHECK(pib.doesTableExist("Key"));
+ BOOST_CHECK(pib.doesTableExist("Certificate"));
+}
- Name certName1;
- BOOST_REQUIRE_NO_THROW(certName1 = keyChain.createIdentity(identity));
+BOOST_FIXTURE_TEST_CASE(TpmLocatorTest, PibTmpPathFixture)
+{
+ SecPublicInfoSqlite3 pib(tmpPath.generic_string());
- Name keyName1 = IdentityCertificate::certificateNameToPublicKeyName(certName1);
- Name keyName2;
- BOOST_REQUIRE_NO_THROW(keyName2 = keyChain.generateRsaKeyPairAsDefault(identity));
+ BOOST_REQUIRE_THROW(pib.getTpmLocator(), SecPublicInfo::Error);
+ pib.addIdentity("/test/id1");
+ BOOST_CHECK(pib.doesIdentityExist("/test/id1"));
- shared_ptr<IdentityCertificate> cert2;
- BOOST_REQUIRE_NO_THROW(cert2 = keyChain.selfSign(keyName2));
- Name certName2 = cert2->getName();
- BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert2));
+ // Pib does not have tpmInfo set yet, setTpmInfo simply set the tpmInfo.
+ std::string tpmLocator("tpm-file:");
+ tpmLocator.append((tmpPath / "tpm").generic_string());
+ pib.setTpmLocator(tpmLocator);
+ BOOST_CHECK(pib.doesIdentityExist("/test/id1"));
- Name keyName3;
- BOOST_REQUIRE_NO_THROW(keyName3 = keyChain.generateRsaKeyPairAsDefault(identity));
+ BOOST_REQUIRE_NO_THROW(pib.getTpmLocator());
+ BOOST_CHECK_EQUAL(tpmLocator, pib.getTpmLocator());
- shared_ptr<IdentityCertificate> cert3;
- BOOST_REQUIRE_NO_THROW(cert3 = keyChain.selfSign(keyName3));
- Name certName3 = cert3->getName();
- BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert3));
- shared_ptr<IdentityCertificate> cert4;
- BOOST_REQUIRE_NO_THROW(cert4 = keyChain.selfSign(keyName3));
- Name certName4 = cert4->getName();
- BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert4));
- shared_ptr<IdentityCertificate> cert5;
- BOOST_REQUIRE_NO_THROW(cert5 = keyChain.selfSign(keyName3));
- Name certName5 = cert5->getName();
- BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert5));
-
- BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), true);
-
- BOOST_REQUIRE_NO_THROW(keyChain.deleteCertificate(certName5));
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), false);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true);
-
- BOOST_REQUIRE_NO_THROW(keyChain.deleteKey(keyName3));
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), false);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), false);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), false);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true);
- BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true);
-
- BOOST_REQUIRE_NO_THROW(keyChain.deleteIdentity(identity));
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), false);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), false);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), false);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), false);
- BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), false);
+ // Pib has tpmInfo set, set a different tpmInfo will reset Pib content.
+ std::string tpmLocator3("tpm-osxkeychain:");
+ pib.setTpmLocator(tpmLocator3);
+ BOOST_CHECK(!pib.doesIdentityExist("/test/id1"));
}
BOOST_AUTO_TEST_CASE(KeyTypeRsa)
@@ -123,7 +108,7 @@
os.buf()->size())));
Name rsaKeyName("/TestSecPublicInfoSqlite3/KeyType/RSA/ksk-123");
SecPublicInfoSqlite3 pib;
- pib.addPublicKey(rsaKeyName, rsaKey->getKeyType(), *rsaKey);
+ pib.addKey(rsaKeyName, *rsaKey);
BOOST_CHECK_EQUAL(KEY_TYPE_RSA, pib.getPublicKeyType(rsaKeyName));
@@ -143,7 +128,7 @@
os.buf()->size())));
Name ecdsaKeyName("/TestSecPublicInfoSqlite3/KeyType/ECDSA/ksk-123");
SecPublicInfoSqlite3 pib;
- pib.addPublicKey(ecdsaKeyName, ecdsaKey->getKeyType(), *ecdsaKey);
+ pib.addKey(ecdsaKeyName, *ecdsaKey);
BOOST_CHECK_EQUAL(KEY_TYPE_ECDSA, pib.getPublicKeyType(ecdsaKeyName));
pib.deleteIdentityInfo(Name("/TestSecPublicInfoSqlite3/KeyType/ECDSA"));
diff --git a/tests/unit-tests/security/test-sec-tpm-file.cpp b/tests/unit-tests/security/test-sec-tpm-file.cpp
index 0b900ed..727d0d4 100644
--- a/tests/unit-tests/security/test-sec-tpm-file.cpp
+++ b/tests/unit-tests/security/test-sec-tpm-file.cpp
@@ -25,8 +25,8 @@
#include "util/time.hpp"
+#include <boost/filesystem.hpp>
#include <boost/lexical_cast.hpp>
-
#include "boost-test.hpp"
namespace ndn {
diff --git a/tests/unit-tests/security/test-sec-tpm-osx.cpp b/tests/unit-tests/security/test-sec-tpm-osx.cpp
index a7d1d80..7b31a1a 100644
--- a/tests/unit-tests/security/test-sec-tpm-osx.cpp
+++ b/tests/unit-tests/security/test-sec-tpm-osx.cpp
@@ -31,7 +31,37 @@
namespace ndn {
-BOOST_AUTO_TEST_SUITE(SecurityTestSecTpmOsx)
+class OsxKeyChainTestFixture
+{
+public:
+ OsxKeyChainTestFixture()
+ {
+ std::string oldHOME;
+ if (std::getenv("OLD_HOME"))
+ oldHOME = std::getenv("OLD_HOME");
+
+ if (std::getenv("HOME"))
+ m_HOME = std::getenv("HOME");
+
+ if (!oldHOME.empty())
+ setenv("HOME", oldHOME.c_str(), 1);
+ else
+ unsetenv("HOME");
+ }
+
+ ~OsxKeyChainTestFixture()
+ {
+ if (!m_HOME.empty())
+ setenv("HOME", m_HOME.c_str(), 1);
+ else
+ unsetenv("HOME");
+ }
+
+protected:
+ std::string m_HOME;
+};
+
+BOOST_FIXTURE_TEST_SUITE(SecurityTestSecTpmOsx, OsxKeyChainTestFixture)
BOOST_AUTO_TEST_CASE(Delete)
{
diff --git a/tests/unit-tests/security/test-validator-config.cpp b/tests/unit-tests/security/test-validator-config.cpp
new file mode 100644
index 0000000..8bac80c
--- /dev/null
+++ b/tests/unit-tests/security/test-validator-config.cpp
@@ -0,0 +1,1512 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2014 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "security/validator-config.hpp"
+
+#include "security/key-chain.hpp"
+#include "util/io.hpp"
+#include "util/scheduler.hpp"
+#include "util/dummy-client-face.hpp"
+
+#include <boost/asio.hpp>
+
+#include "identity-management-fixture.hpp"
+#include "../identity-management-time-fixture.hpp"
+#include "boost-test.hpp"
+
+using namespace std;
+
+namespace ndn {
+namespace tests {
+
+BOOST_AUTO_TEST_SUITE(TestValidatorConfig)
+
+BOOST_FIXTURE_TEST_CASE(NameFilter, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/NameFilter");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+ Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
+ shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
+ io::save(*idCert, "trust-anchor-1.cert");
+
+ Name dataName1("/simple/equal");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ Name dataName2("/simple/different");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+
+ std::string CONFIG_1 =
+ "rule\n"
+ "{\n"
+ " id \"Simple Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /simple/equal\n"
+ " relation equal\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " name ";
+
+ std::string CONFIG_2 =
+ "\n"
+ " relation equal\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-1.cert\"\n"
+ "}\n";
+ const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-1.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(NameFilter2, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/NameFilter2");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+ Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
+ shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
+ io::save(*idCert, "trust-anchor-2.cert");
+
+ Name dataName1("/simple/isPrefixOf");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ Name dataName2("/simple/notPrefixOf");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+
+ Name dataName3("/simple/isPrefixOf/anotherLevel");
+ shared_ptr<Data> data3 = make_shared<Data>(dataName3);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+
+ std::string CONFIG_1 =
+ "rule\n"
+ "{\n"
+ " id \"Simple2 Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /simple/isPrefixOf\n"
+ " relation is-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " name ";
+
+ std::string CONFIG_2 =
+ "\n"
+ " relation equal\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-2.cert\"\n"
+ "}\n";
+ const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*data3,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-2.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(NameFilter3, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/NameFilter3");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+ Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
+ shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
+ io::save(*idCert, "trust-anchor-3.cert");
+
+ Name dataName1("/simple/isStrictPrefixOf");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ Name dataName2("/simple");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+
+ Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
+ shared_ptr<Data> data3 = make_shared<Data>(dataName3);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+
+ std::string CONFIG_1 =
+ "rule\n"
+ "{\n"
+ " id \"Simple3 Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /simple/isStrictPrefixOf\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " name ";
+
+ std::string CONFIG_2 =
+ "\n"
+ " relation equal\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-3.cert\"\n"
+ "}\n";
+ const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*data3,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-3.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(NameFilter4, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/NameFilter4");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+ Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
+ shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
+ io::save(*idCert, "trust-anchor-4.cert");
+
+ Name dataName1("/simple/regex");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ Name dataName2("/simple/regex-wrong");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+
+ Name dataName3("/simple/regex/correct");
+ shared_ptr<Data> data3 = make_shared<Data>(dataName3);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+
+ std::string CONFIG_1 =
+ "rule\n"
+ "{\n"
+ " id \"Simple3 Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " regex ^<simple><regex>\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " name ";
+
+ std::string CONFIG_2 =
+ "\n"
+ " relation equal\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-4.cert\"\n"
+ "}\n";
+ const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*data3,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-4.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(KeyLocatorNameChecker1, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+ Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
+ shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
+ io::save(*idCert, "trust-anchor-5.cert");
+
+ Name dataName1 = identity;
+ dataName1.append("1");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ Name dataName2 = identity;
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+
+ Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
+ shared_ptr<Data> data3 = make_shared<Data>(dataName3);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"Simple3 Rule\"\n"
+ " for data\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " hyper-relation\n"
+ " {\n"
+ " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
+ " k-expand \\\\1\\\\2\n"
+ " h-relation is-strict-prefix-of\n"
+ " p-regex ^(<>*)$\n"
+ " p-expand \\\\1\n"
+ " }\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-5.cert\"\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*data3,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-5.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(FixedSignerChecker, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/FixedSignerChecker");
+
+ Name identity1 = identity;
+ identity1.append("1").appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
+ Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
+ shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
+ io::save(*idCert1, "trust-anchor-7.cert");
+
+ Name identity2 = identity;
+ identity2.append("2").appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
+
+ Name dataName1 = identity;
+ dataName1.append("data").appendVersion();
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity1));
+
+ Name dataName2 = identity;
+ dataName2.append("data").appendVersion();
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity2));
+
+ Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
+ shared_ptr<Interest> interest = make_shared<Interest>(interestName);
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Data Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/FixedSignerChecker\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-7.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/FixedSignerChecker\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-7.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*interest,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-7.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(Reset, security::IdentityManagementFixture)
+{
+ Name root("/TestValidatorConfig/Reload");
+ BOOST_REQUIRE_NO_THROW(addIdentity(root));
+ Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
+ shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
+ io::save(*rootCert, "trust-anchor-8.cert");
+
+ Face face;
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"NRD Prefix Registration Command Rule\"\n"
+ " for interest\n"
+ " filter\n"
+ " {\n"
+ " type name\n"
+ " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "rule\n"
+ "{\n"
+ " id \"Testbed Hierarchy Rule\"\n"
+ " for data\n"
+ " filter\n"
+ " {\n"
+ " type name\n"
+ " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type hierarchical\n"
+ " sig-type rsa-sha256\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-8.cert\"\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
+
+ validator->load(CONFIG, CONFIG_PATH.native());
+ BOOST_CHECK_EQUAL(validator->isEmpty(), false);
+
+ validator->reset();
+ BOOST_CHECK(validator->isEmpty());
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(TrustAnchorWildcard, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/Wildcard");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+
+ Name dataName1("/any/data");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ std::string CONFIG =
+ "trust-anchor\n"
+ "{\n"
+ " type any\n"
+ "}\n";
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+}
+
+BOOST_FIXTURE_TEST_CASE(SignedInterestTest, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/SignedInterestTest");
+
+ Name identity1 = identity;
+ identity1.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
+ Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
+ shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
+ io::save(*idCert1, "trust-anchor-9.cert");
+
+ Name interestName("/TestValidatorConfig/SignedInterestTest");
+ Name interestName1 = interestName;
+ interestName1.append("1");
+ shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
+ Name interestName2 = interestName;
+ interestName2.append("2");
+ shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
+
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, identity1));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, identity1));
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/SignedInterestTest\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-9.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-9.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+
+BOOST_FIXTURE_TEST_CASE(MaxKeyTest, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/MaxKeyTest");
+
+ Name identity1 = identity;
+ identity1.append("Key1");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
+ Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
+ shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
+ io::save(*idCert1, "trust-anchor-10-1.cert");
+
+ Name identity2 = identity;
+ identity2.append("Key2");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
+ Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
+ shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
+ io::save(*idCert2, "trust-anchor-10-2.cert");
+
+ Name identity3 = identity;
+ identity3.append("Key3");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
+ Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
+ shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
+ io::save(*idCert3, "trust-anchor-10-3.cert");
+
+
+ Name interestName("/TestValidatorConfig/MaxKeyTest");
+ Name interestName1 = interestName;
+ interestName1.append("1");
+ shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
+ Name interestName2 = interestName;
+ interestName2.append("2");
+ shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
+ Name interestName3 = interestName;
+ interestName3.append("3");
+ shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
+
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, identity1));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, identity2));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest3, identity3));
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/MaxKeyTest\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-1.cert\"\n"
+ " }\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-2.cert\"\n"
+ " }\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-3.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face,
+ ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
+ ValidatorConfig::DEFAULT_GRACE_INTERVAL,
+ 10,
+ 2, // Two keys can be tracked
+ time::seconds(1)); // TTL is set to 1 sec
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*interest3,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ // Should succeed because identity1's key has been cleaned up due to space limit.
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ const boost::filesystem::path CERT_PATH1 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
+ boost::filesystem::remove(CERT_PATH1);
+
+ const boost::filesystem::path CERT_PATH2 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
+ boost::filesystem::remove(CERT_PATH2);
+
+ const boost::filesystem::path CERT_PATH3 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
+ boost::filesystem::remove(CERT_PATH3);
+}
+
+BOOST_FIXTURE_TEST_CASE(MaxKeyTest2, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/MaxKeyTest");
+
+ Name identity1 = identity;
+ identity1.append("Key1");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
+ Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
+ shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
+ io::save(*idCert1, "trust-anchor-10-1.cert");
+
+ Name identity2 = identity;
+ identity2.append("Key2");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
+ Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
+ shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
+ io::save(*idCert2, "trust-anchor-10-2.cert");
+
+ Name identity3 = identity;
+ identity3.append("Key3");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
+ Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
+ shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
+ io::save(*idCert3, "trust-anchor-10-3.cert");
+
+ Name identity4 = identity;
+ identity4.append("Key4");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity4));
+ Name certName4 = m_keyChain.getDefaultCertificateNameForIdentity(identity4);
+ shared_ptr<IdentityCertificate> idCert4 = m_keyChain.getCertificate(certName4);
+ io::save(*idCert4, "trust-anchor-10-4.cert");
+
+
+ Name interestName("/TestValidatorConfig/MaxKeyTest");
+ Name interestName1 = interestName;
+ interestName1.append("1");
+ shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
+ Name interestName2 = interestName;
+ interestName2.append("2");
+ shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
+ Name interestName3 = interestName;
+ interestName3.append("3");
+ shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
+ Name interestName4 = interestName;
+ interestName4.append("4");
+ shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
+
+
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, identity1));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, identity2));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest3, identity3));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest4, identity4));
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/MaxKeyTest\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-1.cert\"\n"
+ " }\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-2.cert\"\n"
+ " }\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-3.cert\"\n"
+ " }\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-4.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face,
+ ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
+ ValidatorConfig::DEFAULT_GRACE_INTERVAL,
+ 10,
+ 3, // Two keys can be tracked
+ time::seconds(1)); // TTL is set to 1 sec
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest3,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*interest3,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ sleep(2);
+
+ validator.validate(*interest4,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest3,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+
+ const boost::filesystem::path CERT_PATH1 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
+ boost::filesystem::remove(CERT_PATH1);
+
+ const boost::filesystem::path CERT_PATH2 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
+ boost::filesystem::remove(CERT_PATH2);
+
+ const boost::filesystem::path CERT_PATH3 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
+ boost::filesystem::remove(CERT_PATH3);
+
+ const boost::filesystem::path CERT_PATH4 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-4.cert"));
+ boost::filesystem::remove(CERT_PATH4);
+}
+
+BOOST_FIXTURE_TEST_CASE(FixedSignerChecker2, security::IdentityManagementFixture)
+{
+ Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
+ BOOST_REQUIRE_NO_THROW(addIdentity(rsaIdentity));
+ Name rsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(rsaIdentity);
+
+ Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
+ BOOST_REQUIRE_NO_THROW(addIdentity(ecdsaIdentity, EcdsaKeyParams()));
+ Name ecdsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(ecdsaIdentity);
+ shared_ptr<IdentityCertificate> ecdsaCert = m_keyChain.getCertificate(ecdsaCertName);
+ io::save(*ecdsaCert, "trust-anchor-11.cert");
+
+
+ Name dataName("/TestValidatorConfig/FixedSignerChecker2");
+ shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
+ m_keyChain.signByIdentity(*dataRsa, rsaIdentity);
+ shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
+ m_keyChain.signByIdentity(*dataEcdsa, ecdsaIdentity);
+
+ shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
+ m_keyChain.signByIdentity(*interestRsa, rsaIdentity);
+ shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
+ m_keyChain.signByIdentity(*interestEcdsa, ecdsaIdentity);
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Data Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/FixedSignerChecker2\n"
+ " relation equal\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type ecdsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-11.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/FixedSignerChecker2\n"
+ " relation equal\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type ecdsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-11.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*dataEcdsa,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*dataRsa,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*interestEcdsa,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interestRsa,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-11.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+
+struct FacesFixture : public security::IdentityManagementTimeFixture
+{
+ FacesFixture()
+ : face1(util::makeDummyClientFace(io, {true, true}))
+ , face2(util::makeDummyClientFace(io, {true, true}))
+ , readInterestOffset1(0)
+ , readDataOffset1(0)
+ , readInterestOffset2(0)
+ , readDataOffset2(0)
+ {
+ }
+
+ bool
+ passPacket()
+ {
+ bool hasPassed = false;
+
+ checkFace(face1->sentInterests, readInterestOffset1, *face2, hasPassed);
+ checkFace(face1->sentDatas, readDataOffset1, *face2, hasPassed);
+ checkFace(face2->sentInterests, readInterestOffset2, *face1, hasPassed);
+ checkFace(face2->sentInterests, readDataOffset2, *face1, hasPassed);
+
+ return hasPassed;
+ }
+
+ template<typename Packet>
+ void
+ checkFace(std::vector<Packet>& receivedPackets,
+ size_t& readPacketOffset,
+ util::DummyClientFace& receiver,
+ bool& hasPassed)
+ {
+ while (receivedPackets.size() > readPacketOffset) {
+ receiver.receive(receivedPackets[readPacketOffset]);
+ readPacketOffset++;
+ hasPassed = true;
+ }
+ }
+
+ ~FacesFixture()
+ {
+ }
+
+public:
+ shared_ptr<util::DummyClientFace> face1;
+ shared_ptr<util::DummyClientFace> face2;
+
+ size_t readInterestOffset1;
+ size_t readDataOffset1;
+ size_t readInterestOffset2;
+ size_t readDataOffset2;
+};
+
+BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
+{
+ std::vector<CertificateSubjectDescription> subjectDescription;
+
+ Name root("/TestValidatorConfig");
+ BOOST_REQUIRE_NO_THROW(addIdentity(root));
+ Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
+ shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
+ io::save(*rootCert, "trust-anchor-6.cert");
+
+
+ Name sld("/TestValidatorConfig/HierarchicalChecker");
+ BOOST_REQUIRE_NO_THROW(addIdentity(sld));
+ advanceClocks(time::milliseconds(100));
+ Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
+ shared_ptr<IdentityCertificate> sldCert =
+ m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
+ root,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(7300),
+ subjectDescription);
+ m_keyChain.signByIdentity(*sldCert, root);
+ m_keyChain.addCertificateAsIdentityDefault(*sldCert);
+
+ Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
+ BOOST_REQUIRE_NO_THROW(addIdentity(nld));
+ advanceClocks(time::milliseconds(100));
+ Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
+ shared_ptr<IdentityCertificate> nldCert =
+ m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
+ sld,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(7300),
+ subjectDescription);
+ m_keyChain.signByIdentity(*nldCert, sld);
+ m_keyChain.addCertificateAsIdentityDefault(*nldCert);
+
+ face1->setInterestFilter(sldCert->getName().getPrefix(-1),
+ [&] (const InterestFilter&, const Interest&) { face1->put(*sldCert); },
+ RegisterPrefixSuccessCallback(),
+ [] (const Name&, const std::string&) {});
+
+ face1->setInterestFilter(nldCert->getName().getPrefix(-1),
+ [&] (const InterestFilter&, const Interest&) { face1->put(*nldCert); },
+ RegisterPrefixSuccessCallback(),
+ [] (const Name&, const std::string&) {});
+
+ Name dataName1 = nld;
+ dataName1.append("data1");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, nld));
+
+ Name dataName2("/ConfValidatorTest");
+ dataName2.append("data1");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, nld));
+
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"Simple3 Rule\"\n"
+ " for data\n"
+ " checker\n"
+ " {\n"
+ " type hierarchical\n"
+ " sig-type rsa-sha256\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-6.cert\"\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ auto validator = make_shared<ValidatorConfig>(face2.get());
+ validator->load(CONFIG, CONFIG_PATH.native());
+
+ advanceClocks(time::milliseconds(2), 100);
+ validator->validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ validator->validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-6.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
+{
+ advanceClocks(time::milliseconds(0));
+
+ std::vector<CertificateSubjectDescription> subjectDescription;
+
+ Name root("/TestValidatorConfig");
+ BOOST_REQUIRE_NO_THROW(addIdentity(root));
+ Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
+ shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
+ io::save(*rootCert, "trust-anchor-8.cert");
+
+
+ Name sld("/TestValidatorConfig/Nrd-1");
+ BOOST_REQUIRE_NO_THROW(addIdentity(sld));
+ advanceClocks(time::milliseconds(100));
+ Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
+ shared_ptr<IdentityCertificate> sldCert =
+ m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
+ root,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(7300),
+ subjectDescription);
+ m_keyChain.signByIdentity(*sldCert, root);
+ m_keyChain.addCertificateAsIdentityDefault(*sldCert);
+
+ Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
+ BOOST_REQUIRE_NO_THROW(addIdentity(nld));
+ advanceClocks(time::milliseconds(100));
+ Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
+ shared_ptr<IdentityCertificate> nldCert =
+ m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
+ sld,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(7300),
+ subjectDescription);
+ m_keyChain.signByIdentity(*nldCert, sld);
+ m_keyChain.addCertificateAsIdentityDefault(*nldCert);
+
+ face1->setInterestFilter(sldCert->getName().getPrefix(-1),
+ [&] (const InterestFilter&, const Interest&) { face1->put(*sldCert); },
+ RegisterPrefixSuccessCallback(),
+ [] (const Name&, const std::string&) {});
+
+ face1->setInterestFilter(nldCert->getName().getPrefix(-1),
+ [&] (const InterestFilter&, const Interest&) { face1->put(*nldCert); },
+ RegisterPrefixSuccessCallback(),
+ [] (const Name&, const std::string&) {});
+
+ advanceClocks(time::milliseconds(10));
+ Name interestName1("/localhost/nrd/register/option");
+ shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, nld));
+
+ advanceClocks(time::milliseconds(10));
+ Name interestName2("/localhost/nrd/non-register");
+ shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, nld));
+
+ advanceClocks(time::milliseconds(10));
+ Name interestName3("/localhost/nrd/register/option");
+ shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest3, root));
+
+ advanceClocks(time::milliseconds(10));
+ Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
+ shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"NRD Prefix Registration Command Rule\"\n"
+ " for interest\n"
+ " filter\n"
+ " {\n"
+ " type name\n"
+ " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "rule\n"
+ "{\n"
+ " id \"Testbed Hierarchy Rule\"\n"
+ " for data\n"
+ " filter\n"
+ " {\n"
+ " type name\n"
+ " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type hierarchical\n"
+ " sig-type rsa-sha256\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-8.cert\"\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ auto validator = make_shared<ValidatorConfig>(face2.get());
+ validator->load(CONFIG, CONFIG_PATH.native());
+
+ advanceClocks(time::milliseconds(2), 100);
+
+ // should succeed
+ validator->validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ // should fail
+ validator->validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ // should succeed
+ validator->validate(*interest3,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ // should fail
+ validator->validate(*interest4,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+struct DirTestFixture : public security::IdentityManagementTimeFixture
+{
+ DirTestFixture()
+ : face(util::makeDummyClientFace(io, {true, true}))
+ , validator(face.get(), ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
+ ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
+ {
+ certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
+ boost::filesystem::create_directory(certDirPath);
+
+ firstCertPath = (boost::filesystem::current_path() /
+ std::string("test-cert-dir") /
+ std::string("trust-anchor-1.cert"));
+
+ secondCertPath = (boost::filesystem::current_path() /
+ std::string("test-cert-dir") /
+ std::string("trust-anchor-2.cert"));
+
+ firstIdentity = Name("/TestValidatorConfig/Dir/First");
+ BOOST_REQUIRE_NO_THROW(addIdentity(firstIdentity));
+ Name firstCertName = m_keyChain.getDefaultCertificateNameForIdentity(firstIdentity);
+ firstCert = m_keyChain.getCertificate(firstCertName);
+ io::save(*firstCert, firstCertPath.string());
+
+ secondIdentity = Name("/TestValidatorConfig/Dir/Second");
+ BOOST_REQUIRE_NO_THROW(addIdentity(secondIdentity));
+ Name secondCertName = m_keyChain.getDefaultCertificateNameForIdentity(secondIdentity);
+ secondCert = m_keyChain.getCertificate(secondCertName);
+ }
+
+ ~DirTestFixture()
+ {
+ boost::filesystem::remove_all(certDirPath);
+ }
+
+public:
+ boost::filesystem::path certDirPath;
+ boost::filesystem::path firstCertPath;
+ boost::filesystem::path secondCertPath;
+
+ Name firstIdentity;
+ Name secondIdentity;
+
+ shared_ptr<IdentityCertificate> firstCert;
+ shared_ptr<IdentityCertificate> secondCert;
+
+ shared_ptr<util::DummyClientFace> face;
+ ValidatorConfig validator;
+};
+
+BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
+{
+ advanceClocks(time::milliseconds(10));
+
+ Name dataName1("/any/data/1");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, firstIdentity));
+
+ Name dataName2("/any/data/2");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, secondIdentity));
+
+ std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"Any Rule\"\n"
+ " for data\n"
+ " filter\n"
+ " {\n"
+ " type name\n"
+ " regex ^<>*$\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " regex ^<>*$\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type dir\n"
+ " dir test-cert-dir\n"
+ " refresh 1s\n"
+ "}\n";
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ advanceClocks(time::milliseconds(10), 20);
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+ advanceClocks(time::milliseconds(10), 20);
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+ advanceClocks(time::milliseconds(10), 20);
+
+ io::save(*secondCert, secondCertPath.string());
+ advanceClocks(time::milliseconds(10), 200);
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+ advanceClocks(time::milliseconds(10), 20);
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+ advanceClocks(time::milliseconds(10), 20);
+}
+
+BOOST_AUTO_TEST_SUITE_END()
+
+} // namespace tests
+} // namespace ndn
diff --git a/tests/unit-tests/security/tmp-home/.ndn/client.conf b/tests/unit-tests/security/tmp-home/.ndn/client.conf
new file mode 100644
index 0000000..b832cfc
--- /dev/null
+++ b/tests/unit-tests/security/tmp-home/.ndn/client.conf
@@ -0,0 +1,2 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain
+tpm=tpm-file:/tmp/test/ndn-cxx/keychain
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/tcp-transport/bad-malformed-uri/.ndn/client.conf b/tests/unit-tests/transport/test-homes/tcp-transport/bad-malformed-uri/.ndn/client.conf
index 872a17a..d4714da 100644
--- a/tests/unit-tests/transport/test-homes/tcp-transport/bad-malformed-uri/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/tcp-transport/bad-malformed-uri/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=tcp
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/tcp-transport/bad-missing-host/.ndn/client.conf b/tests/unit-tests/transport/test-homes/tcp-transport/bad-missing-host/.ndn/client.conf
index c09f144..7f7dd5e 100644
--- a/tests/unit-tests/transport/test-homes/tcp-transport/bad-missing-host/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/tcp-transport/bad-missing-host/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=tcp://:6000
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/tcp-transport/bad-wrong-transport/.ndn/client.conf b/tests/unit-tests/transport/test-homes/tcp-transport/bad-wrong-transport/.ndn/client.conf
index 1ee2a2f..7f8065a 100644
--- a/tests/unit-tests/transport/test-homes/tcp-transport/bad-wrong-transport/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/tcp-transport/bad-wrong-transport/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=unix://
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-host-omitted-port/.ndn/client.conf b/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-host-omitted-port/.ndn/client.conf
index d09dff3..182f47c 100644
--- a/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-host-omitted-port/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-host-omitted-port/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=tcp://
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-port/.ndn/client.conf b/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-port/.ndn/client.conf
index 8ce375b..95b5ccc 100644
--- a/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-port/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/tcp-transport/ok-omitted-port/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=tcp://127.0.0.1
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/tcp-transport/ok/.ndn/client.conf b/tests/unit-tests/transport/test-homes/tcp-transport/ok/.ndn/client.conf
index 2dbad7a..4c2d8c0 100644
--- a/tests/unit-tests/transport/test-homes/tcp-transport/ok/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/tcp-transport/ok/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=tcp://127.0.0.1:6000
diff --git a/tests/unit-tests/transport/test-homes/unix-transport/bad-malformed-uri/.ndn/client.conf b/tests/unit-tests/transport/test-homes/unix-transport/bad-malformed-uri/.ndn/client.conf
index 9d981af..427a2db 100644
--- a/tests/unit-tests/transport/test-homes/unix-transport/bad-malformed-uri/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/unix-transport/bad-malformed-uri/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=unix
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/unix-transport/bad-wrong-transport/.ndn/client.conf b/tests/unit-tests/transport/test-homes/unix-transport/bad-wrong-transport/.ndn/client.conf
index d09dff3..182f47c 100644
--- a/tests/unit-tests/transport/test-homes/unix-transport/bad-wrong-transport/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/unix-transport/bad-wrong-transport/.ndn/client.conf
@@ -1 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
+
transport=tcp://
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-omitted-protocol/.ndn/client.conf b/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-omitted-protocol/.ndn/client.conf
index e69de29..2c4c027 100644
--- a/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-omitted-protocol/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-omitted-protocol/.ndn/client.conf
@@ -0,0 +1,3 @@
+; Empty client.conf is unfeasible in automated tests,
+; see tests/unit-tests/security/config-file-readme.txt.
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
\ No newline at end of file
diff --git a/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-with-protocol/.ndn/client.conf b/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-with-protocol/.ndn/client.conf
index f9ca264..8fae7f5 100644
--- a/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-with-protocol/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/unix-transport/ok-omitted-unix-socket-with-protocol/.ndn/client.conf
@@ -1,2 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
protocol=nrd-0.1
diff --git a/tests/unit-tests/transport/test-homes/unix-transport/ok/.ndn/client.conf b/tests/unit-tests/transport/test-homes/unix-transport/ok/.ndn/client.conf
index cb3fae3..ce8b950 100644
--- a/tests/unit-tests/transport/test-homes/unix-transport/ok/.ndn/client.conf
+++ b/tests/unit-tests/transport/test-homes/unix-transport/ok/.ndn/client.conf
@@ -1,2 +1,3 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
transport=unix:///tmp/test/nfd.sock
diff --git a/tests/unit-tests/transport/test-unix-transport.cpp b/tests/unit-tests/transport/test-unix-transport.cpp
index 8d5548c..bad7dc0 100644
--- a/tests/unit-tests/transport/test-unix-transport.cpp
+++ b/tests/unit-tests/transport/test-unix-transport.cpp
@@ -26,8 +26,6 @@
namespace ndn {
-
-
BOOST_FIXTURE_TEST_SUITE(TransportTestUnixTransport, TransportFixture)
BOOST_AUTO_TEST_CASE(GetDefaultSocketNameOk)
diff --git a/tests/unit-tests/util/segment-fetcher.cpp b/tests/unit-tests/util/segment-fetcher.cpp
index 15d7831..d19e327 100644
--- a/tests/unit-tests/util/segment-fetcher.cpp
+++ b/tests/unit-tests/util/segment-fetcher.cpp
@@ -187,8 +187,6 @@
BOOST_FIXTURE_TEST_CASE(Triple, Fixture)
{
- KeyChain keyChain;
-
SegmentFetcher::fetch(*face, Interest("/hello/world", time::seconds(1000)),
DontVerifySegment(),
bind(&Fixture::onData, this, _1),
@@ -237,8 +235,6 @@
BOOST_FIXTURE_TEST_CASE(TripleWithInitialSegmentFetching, Fixture)
{
- KeyChain keyChain;
-
SegmentFetcher::fetch(*face, Interest("/hello/world", time::seconds(1000)),
DontVerifySegment(),
bind(&Fixture::onData, this, _1),
diff --git a/tests/unit-tests/util/test-io.cpp b/tests/unit-tests/util/test-io.cpp
index b170f6e..b857a4a 100644
--- a/tests/unit-tests/util/test-io.cpp
+++ b/tests/unit-tests/util/test-io.cpp
@@ -21,7 +21,7 @@
#include "util/io.hpp"
#include "security/key-chain.hpp"
-#include "../security/identity-management-fixture.hpp"
+#include "identity-management-fixture.hpp"
#include "boost-test.hpp"