blob: 9ddf43a93927166a4bb61c1223ca65260fd8fe04 [file] [log] [blame]
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
* ndn-cxx library is free software: you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later version.
*
* ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
*
* You should have received copies of the GNU General Public License and GNU Lesser
* General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
* <http://www.gnu.org/licenses/>.
*
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
#include "security/conf/checker.hpp"
#include "boost-test.hpp"
#include "identity-management-fixture.hpp"
namespace ndn {
namespace security {
namespace conf {
namespace tests {
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
BOOST_AUTO_TEST_SUITE(Conf)
BOOST_FIXTURE_TEST_SUITE(TestChecker, IdentityManagementFixture)
BOOST_AUTO_TEST_CASE(CustomizedCheckerTest1)
{
using security::conf::CustomizedChecker;
using security::conf::KeyLocatorChecker;
using security::conf::RelationKeyLocatorNameChecker;
Name identity("/SecurityTestConfChecker/CustomizedCheckerTest1");
BOOST_REQUIRE(addIdentity(identity, RsaKeyParams()));
Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Name identity2("/SecurityTestConfChecker/CustomizedCheckerTest1Wrong");
BOOST_REQUIRE(addIdentity(identity2, RsaKeyParams()));
Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
Name packetName("/SecurityTestConfChecker/CustomizedCheckerTest1/Data");
shared_ptr<Data> data1 = make_shared<Data>(packetName);
m_keyChain.sign(*data1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity));
shared_ptr<Data> data2 = make_shared<Data>(packetName);
m_keyChain.sign(*data2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity2));
shared_ptr<Interest> interest1 = make_shared<Interest>(packetName);
m_keyChain.sign(*interest1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity));
shared_ptr<Interest> interest2 = make_shared<Interest>(packetName);
m_keyChain.sign(*interest2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity2));
int8_t result = 0;
shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerEqual1 =
make_shared<RelationKeyLocatorNameChecker>(certName.getPrefix(-1),
KeyLocatorChecker::RELATION_EQUAL);
CustomizedChecker checker1(tlv::SignatureSha256WithRsa, keyLocatorCheckerEqual1);
result = checker1.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
result = checker1.check(*interest1);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*interest2);
BOOST_CHECK_EQUAL(result, -1);
shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerEqual2 =
make_shared<RelationKeyLocatorNameChecker>(identity,
KeyLocatorChecker::RELATION_EQUAL);
CustomizedChecker checker2(tlv::SignatureSha256WithRsa, keyLocatorCheckerEqual2);
result = checker2.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
result = checker2.check(*interest1);
BOOST_CHECK_EQUAL(result, -1);
shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerPrefix1 =
make_shared<RelationKeyLocatorNameChecker>(certName.getPrefix(-1),
KeyLocatorChecker::RELATION_IS_PREFIX_OF);
CustomizedChecker checker3(tlv::SignatureSha256WithRsa, keyLocatorCheckerPrefix1);
result = checker3.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
result = checker3.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerPrefix2 =
make_shared<RelationKeyLocatorNameChecker>(identity,
KeyLocatorChecker::RELATION_IS_PREFIX_OF);
CustomizedChecker checker4(tlv::SignatureSha256WithRsa, keyLocatorCheckerPrefix2);
result = checker4.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
result = checker4.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerStrict1 =
make_shared<RelationKeyLocatorNameChecker>(certName.getPrefix(-1),
KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF);
CustomizedChecker checker5(tlv::SignatureSha256WithRsa, keyLocatorCheckerStrict1);
result = checker5.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
result = checker5.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerStrict2 =
make_shared<RelationKeyLocatorNameChecker>(identity,
KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF);
CustomizedChecker checker6(tlv::SignatureSha256WithRsa, keyLocatorCheckerStrict2);
result = checker6.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
result = checker6.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
}
BOOST_AUTO_TEST_CASE(CustomizedCheckerTest2)
{
using security::conf::CustomizedChecker;
using security::conf::KeyLocatorChecker;
using security::conf::RegexKeyLocatorNameChecker;
Name identity("/SecurityTestConfChecker/CustomizedCheckerTest2");
BOOST_REQUIRE(addIdentity(identity, RsaKeyParams()));
Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Name identity2("/SecurityTestConfChecker/CustomizedCheckerTest2Wrong");
BOOST_REQUIRE(addIdentity(identity2, RsaKeyParams()));
Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
Name packetName("/SecurityTestConfChecker/CustomizedCheckerTest2/Data");
shared_ptr<Data> data1 = make_shared<Data>(packetName);
m_keyChain.sign(*data1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity));
shared_ptr<Data> data2 = make_shared<Data>(packetName);
m_keyChain.sign(*data2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity2));
shared_ptr<Interest> interest1 = make_shared<Interest>(packetName);
m_keyChain.sign(*interest1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity));
shared_ptr<Interest> interest2 = make_shared<Interest>(packetName);
m_keyChain.sign(*interest2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity2));
int8_t result = 0;
shared_ptr<RegexKeyLocatorNameChecker> keyLocatorCheckerRegex1 =
make_shared<RegexKeyLocatorNameChecker>(
Regex("^<SecurityTestConfChecker><CustomizedCheckerTest2>"));
CustomizedChecker checker1(tlv::SignatureSha256WithRsa, keyLocatorCheckerRegex1);
result = checker1.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
result = checker1.check(*interest1);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*interest2);
BOOST_CHECK_EQUAL(result, -1);
}
BOOST_AUTO_TEST_CASE(CustomizedCheckerTest3)
{
using security::conf::CustomizedChecker;
using security::conf::KeyLocatorChecker;
using security::conf::RegexKeyLocatorNameChecker;
Name identity("/SecurityTestConfChecker/CustomizedCheckerTest3");
BOOST_REQUIRE(addIdentity(identity, EcdsaKeyParams()));
Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Name identity2("/SecurityTestConfChecker/CustomizedCheckerTest3Wrong");
BOOST_REQUIRE(addIdentity(identity2, EcdsaKeyParams()));
Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
Name packetName("/SecurityTestConfChecker/CustomizedCheckerTest3/Data");
shared_ptr<Data> data1 = make_shared<Data>(packetName);
m_keyChain.sign(*data1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity));
shared_ptr<Data> data2 = make_shared<Data>(packetName);
m_keyChain.sign(*data2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity2));
shared_ptr<Interest> interest1 = make_shared<Interest>(packetName);
m_keyChain.sign(*interest1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity));
shared_ptr<Interest> interest2 = make_shared<Interest>(packetName);
m_keyChain.sign(*interest2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity2));
int8_t result = 0;
shared_ptr<RegexKeyLocatorNameChecker> keyLocatorCheckerRegex1 =
make_shared<RegexKeyLocatorNameChecker>(
Regex("^<SecurityTestConfChecker><CustomizedCheckerTest3>"));
CustomizedChecker checker1(tlv::SignatureSha256WithEcdsa, keyLocatorCheckerRegex1);
result = checker1.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
result = checker1.check(*interest1);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*interest2);
BOOST_CHECK_EQUAL(result, -1);
CustomizedChecker checker2(tlv::SignatureSha256WithRsa, keyLocatorCheckerRegex1);
result = checker2.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
}
BOOST_AUTO_TEST_CASE(HierarchicalCheckerTest1)
{
using security::conf::HierarchicalChecker;
Name identity("/SecurityTestConfChecker/HierarchicalCheckerTest1");
BOOST_REQUIRE(addIdentity(identity, EcdsaKeyParams()));
Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Name identity2("/SecurityTestConfChecker/HierarchicalCheckerTest1/Data");
BOOST_REQUIRE(addIdentity(identity2, RsaKeyParams()));
Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
Name packetName("/SecurityTestConfChecker/HierarchicalCheckerTest1/Data");
Name packetName2("/SecurityTestConfChecker");
Name packetName3("/SecurityTestConfChecker/HierarchicalCheckerTest1");
shared_ptr<Data> data1 = make_shared<Data>(packetName);
m_keyChain.sign(*data1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity));
shared_ptr<Data> data2 = make_shared<Data>(packetName2);
m_keyChain.sign(*data2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity));
shared_ptr<Data> data3 = make_shared<Data>(packetName3);
m_keyChain.sign(*data3,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity));
shared_ptr<Data> data4 = make_shared<Data>(packetName);
m_keyChain.sign(*data4,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity2));
shared_ptr<Data> data5 = make_shared<Data>(packetName2);
m_keyChain.sign(*data5,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity2));
shared_ptr<Data> data6 = make_shared<Data>(packetName3);
m_keyChain.sign(*data6,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity2));
int8_t result = 0;
HierarchicalChecker checker1(tlv::SignatureSha256WithEcdsa);
result = checker1.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
result = checker1.check(*data3);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*data4);
BOOST_CHECK_EQUAL(result, -1);
result = checker1.check(*data5);
BOOST_CHECK_EQUAL(result, -1);
result = checker1.check(*data6);
BOOST_CHECK_EQUAL(result, -1);
HierarchicalChecker checker2(tlv::SignatureSha256WithRsa);
result = checker2.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
result = checker2.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
result = checker2.check(*data3);
BOOST_CHECK_EQUAL(result, -1);
result = checker2.check(*data4);
BOOST_CHECK_EQUAL(result, 0);
result = checker2.check(*data5);
BOOST_CHECK_EQUAL(result, -1);
result = checker2.check(*data6);
BOOST_CHECK_EQUAL(result, -1);
}
BOOST_AUTO_TEST_CASE(FixedSignerCheckerTest1)
{
using security::conf::FixedSignerChecker;
Name identity("/SecurityTestConfChecker/FixedSignerCheckerTest1");
BOOST_REQUIRE(addIdentity(identity, EcdsaKeyParams()));
Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
shared_ptr<v1::IdentityCertificate> cert1 = m_keyChain.getCertificate(certName);
Name identity2("/SecurityTestConfChecker/FixedSignerCheckerTest1Wrong");
BOOST_REQUIRE(addIdentity(identity2, RsaKeyParams()));
Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
shared_ptr<v1::IdentityCertificate> cert2 = m_keyChain.getCertificate(certName2);
Name packetName("/Test/Data");
shared_ptr<Data> data1 = make_shared<Data>(packetName);
m_keyChain.sign(*data1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity));
shared_ptr<Data> data2 = make_shared<Data>(packetName);
m_keyChain.sign(*data2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity2));
std::vector<shared_ptr<v1::IdentityCertificate> > certSet1;
certSet1.push_back(cert1);
std::vector<shared_ptr<v1::IdentityCertificate> > certSet2;
certSet2.push_back(cert2);
int8_t result = 0;
FixedSignerChecker checker1(tlv::SignatureSha256WithEcdsa, certSet1);
result = checker1.check(*data1);
BOOST_CHECK_EQUAL(result, 1);
result = checker1.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
FixedSignerChecker checker2(tlv::SignatureSha256WithRsa, certSet1);
result = checker2.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
result = checker2.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
FixedSignerChecker checker3(tlv::SignatureSha256WithEcdsa, certSet2);
result = checker3.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
result = checker3.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
FixedSignerChecker checker4(tlv::SignatureSha256WithRsa, certSet2);
result = checker4.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
result = checker4.check(*data2);
BOOST_CHECK_EQUAL(result, 1);
}
BOOST_AUTO_TEST_SUITE_END() // TestChecker
BOOST_AUTO_TEST_SUITE_END() // Conf
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
} // namespace conf
} // namespace security
} // namespace ndn