security: Allow reloading ValidationPolicyConfig / ValidatorConfig

Change-Id: Idba53c0b4e2cf645d3d0e6c76c57a1b54995462a
Refs: #4261
diff --git a/tests/unit-tests/security/v2/validation-policy-config.t.cpp b/tests/unit-tests/security/v2/validation-policy-config.t.cpp
index 308b0fe..7808700 100644
--- a/tests/unit-tests/security/v2/validation-policy-config.t.cpp
+++ b/tests/unit-tests/security/v2/validation-policy-config.t.cpp
@@ -377,6 +377,66 @@
   VALIDATE_FAILURE(packet, "Should fail, because subSelfSignedIdentity is not a trust anchor");
 }
 
+BOOST_FIXTURE_TEST_CASE(Reload, HierarchicalValidatorFixture<ValidationPolicyConfig>)
+{
+  BOOST_CHECK_EQUAL(this->policy.m_isConfigured, false);
+  this->policy.load(R"CONF(
+      rule
+      {
+        id test-rule-data-id
+        for data
+        filter
+        {
+          type name
+          name /foo/bar
+          relation is-prefix-of
+        }
+        checker
+        {
+          type hierarchical
+          sig-type rsa-sha256
+        }
+      }
+      rule
+      {
+        id test-rule-interest-id
+        for interest
+        filter
+        {
+          type name
+          name /foo/bar
+          relation is-prefix-of
+        }
+        checker
+        {
+          type hierarchical
+          sig-type rsa-sha256
+        }
+      }
+      trust-anchor
+      {
+        type dir
+        dir keys
+        refresh 1h
+      }
+    )CONF", "test-config");
+  BOOST_CHECK_EQUAL(this->policy.m_isConfigured, true);
+  BOOST_CHECK_EQUAL(this->policy.m_shouldBypass, false);
+  BOOST_CHECK_EQUAL(this->policy.m_dataRules.size(), 1);
+  BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 1);
+
+  this->policy.load(R"CONF(
+      trust-anchor
+      {
+        type any
+      }
+    )CONF", "test-config");
+  BOOST_CHECK_EQUAL(this->policy.m_isConfigured, true);
+  BOOST_CHECK_EQUAL(this->policy.m_shouldBypass, true);
+  BOOST_CHECK_EQUAL(this->policy.m_dataRules.size(), 0);
+  BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 0);
+}
+
 using Packets = boost::mpl::vector<Interest, Data>;
 
 BOOST_FIXTURE_TEST_CASE_TEMPLATE(TrustAnchorWildcard, Packet, Packets, ValidationPolicyConfigFixture<Packet>)
@@ -419,22 +479,22 @@
   VALIDATE_SUCCESS(packet, "Policy should accept everything");
 }
 
-using ReloadedPolicies = boost::mpl::vector<Refresh1h, Refresh1m, Refresh1s>;
+using RefreshPolicies = boost::mpl::vector<Refresh1h, Refresh1m, Refresh1s>;
 
 // Somehow, didn't work without this wrapper
-template<typename ReloadPolicy>
-class ReloadPolicyFixture : public LoadStringWithDirAnchor<Data, ReloadPolicy>
+template<typename RefreshPolicy>
+class RefreshPolicyFixture : public LoadStringWithDirAnchor<Data, RefreshPolicy>
 {
 public:
 };
 
-BOOST_FIXTURE_TEST_CASE_TEMPLATE(ValidateReload, Reload, ReloadedPolicies, ReloadPolicyFixture<Reload>)
+BOOST_FIXTURE_TEST_CASE_TEMPLATE(ValidateRefresh, Refresh, RefreshPolicies, RefreshPolicyFixture<Refresh>)
 {
   using Packet = Data;
   Packet unsignedPacket("/Security/V2/ValidatorFixture/Sub1/Sub2/Packet");
 
   boost::filesystem::remove(this->path / "keys" / "identity.ndncert");
-  this->advanceClocks(Reload::getRefreshTime(), 3);
+  this->advanceClocks(Refresh::getRefreshTime(), 3);
 
   Packet packet = unsignedPacket;
   this->m_keyChain.sign(packet, signingByIdentity(this->identity));
diff --git a/tests/unit-tests/security/v2/validator.t.cpp b/tests/unit-tests/security/v2/validator.t.cpp
index 42bcf2a..bb545e1 100644
--- a/tests/unit-tests/security/v2/validator.t.cpp
+++ b/tests/unit-tests/security/v2/validator.t.cpp
@@ -1,5 +1,5 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
  * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -100,7 +100,6 @@
   BOOST_CHECK_EQUAL(face.sentInterests.size(), 1);
 }
 
-
 BOOST_AUTO_TEST_CASE(ExpiredCert)
 {
   Data expiredCert = subIdentity.getDefaultKey().getDefaultCertificate();
@@ -127,6 +126,15 @@
   BOOST_CHECK_EQUAL(face.sentInterests.size(), 1);
 }
 
+BOOST_AUTO_TEST_CASE(ResetAnchors)
+{
+  validator.resetAnchors();
+
+  Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+  m_keyChain.sign(data, signingByIdentity(subIdentity));
+  VALIDATE_FAILURE(data, "Should fail, as no anchors configured");
+}
+
 BOOST_AUTO_TEST_CASE(TrustedCertCaching)
 {
   Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
@@ -149,6 +157,21 @@
   face.sentInterests.clear();
 }
 
+BOOST_AUTO_TEST_CASE(ResetVerifiedCertificates)
+{
+  Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+  m_keyChain.sign(data, signingByIdentity(subIdentity));
+  VALIDATE_SUCCESS(data, "Should get accepted, as signed by the policy-compliant cert");
+
+  // reset anchors
+  validator.resetAnchors();
+  VALIDATE_SUCCESS(data, "Should get accepted, as signed by the cert in trusted cache");
+
+  // reset trusted cache
+  validator.resetVerifiedCertificates();
+  VALIDATE_FAILURE(data, "Should fail, as no trusted cache or anchors");
+}
+
 BOOST_AUTO_TEST_CASE(UntrustedCertCaching)
 {
   Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
diff --git a/tests/unit-tests/security/validator-config.t.cpp b/tests/unit-tests/security/validator-config.t.cpp
index 37f2cff..7dd65f5 100644
--- a/tests/unit-tests/security/validator-config.t.cpp
+++ b/tests/unit-tests/security/validator-config.t.cpp
@@ -86,14 +86,20 @@
 {
   validator.load(configFile);
   BOOST_CHECK_EQUAL(validator.m_policyConfig.m_isConfigured, true);
-  BOOST_CHECK_THROW(validator.load(configFile), std::logic_error);
+
+  // should reload policy
+  validator.load(configFile);
+  BOOST_CHECK_EQUAL(validator.m_policyConfig.m_isConfigured, true);
 }
 
 BOOST_AUTO_TEST_CASE(FromString)
 {
   validator.load(config, "config-file-from-string");
   BOOST_CHECK_EQUAL(validator.m_policyConfig.m_isConfigured, true);
-  BOOST_CHECK_THROW(validator.load(configFile), std::logic_error);
+
+  // should reload policy
+  validator.load(config, "config-file-from-string");
+  BOOST_CHECK_EQUAL(validator.m_policyConfig.m_isConfigured, true);
 }
 
 BOOST_AUTO_TEST_CASE(FromIstream)
@@ -101,14 +107,21 @@
   std::istringstream is(config);
   validator.load(is, "config-file-from-istream");
   BOOST_CHECK_EQUAL(validator.m_policyConfig.m_isConfigured, true);
-  BOOST_CHECK_THROW(validator.load(configFile), std::logic_error);
+
+  // should reload policy
+  std::istringstream is2(config);
+  validator.load(is2, "config-file-from-istream");
+  BOOST_CHECK_EQUAL(validator.m_policyConfig.m_isConfigured, true);
 }
 
 BOOST_AUTO_TEST_CASE(FromSection)
 {
   validator.load(v2::validator_config::tests::makeSection(config), "config-file-from-section");
   BOOST_CHECK_EQUAL(validator.m_policyConfig.m_isConfigured, true);
-  BOOST_CHECK_THROW(validator.load(configFile), std::logic_error);
+
+  // should reload policy
+  validator.load(v2::validator_config::tests::makeSection(config), "config-file-from-section");
+  BOOST_CHECK_EQUAL(validator.m_policyConfig.m_isConfigured, true);
 }
 
 BOOST_AUTO_TEST_SUITE_END() // Loads