security: Allow reloading ValidationPolicyConfig / ValidatorConfig
Change-Id: Idba53c0b4e2cf645d3d0e6c76c57a1b54995462a
Refs: #4261
diff --git a/tests/unit-tests/security/v2/validation-policy-config.t.cpp b/tests/unit-tests/security/v2/validation-policy-config.t.cpp
index 308b0fe..7808700 100644
--- a/tests/unit-tests/security/v2/validation-policy-config.t.cpp
+++ b/tests/unit-tests/security/v2/validation-policy-config.t.cpp
@@ -377,6 +377,66 @@
VALIDATE_FAILURE(packet, "Should fail, because subSelfSignedIdentity is not a trust anchor");
}
+BOOST_FIXTURE_TEST_CASE(Reload, HierarchicalValidatorFixture<ValidationPolicyConfig>)
+{
+ BOOST_CHECK_EQUAL(this->policy.m_isConfigured, false);
+ this->policy.load(R"CONF(
+ rule
+ {
+ id test-rule-data-id
+ for data
+ filter
+ {
+ type name
+ name /foo/bar
+ relation is-prefix-of
+ }
+ checker
+ {
+ type hierarchical
+ sig-type rsa-sha256
+ }
+ }
+ rule
+ {
+ id test-rule-interest-id
+ for interest
+ filter
+ {
+ type name
+ name /foo/bar
+ relation is-prefix-of
+ }
+ checker
+ {
+ type hierarchical
+ sig-type rsa-sha256
+ }
+ }
+ trust-anchor
+ {
+ type dir
+ dir keys
+ refresh 1h
+ }
+ )CONF", "test-config");
+ BOOST_CHECK_EQUAL(this->policy.m_isConfigured, true);
+ BOOST_CHECK_EQUAL(this->policy.m_shouldBypass, false);
+ BOOST_CHECK_EQUAL(this->policy.m_dataRules.size(), 1);
+ BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 1);
+
+ this->policy.load(R"CONF(
+ trust-anchor
+ {
+ type any
+ }
+ )CONF", "test-config");
+ BOOST_CHECK_EQUAL(this->policy.m_isConfigured, true);
+ BOOST_CHECK_EQUAL(this->policy.m_shouldBypass, true);
+ BOOST_CHECK_EQUAL(this->policy.m_dataRules.size(), 0);
+ BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 0);
+}
+
using Packets = boost::mpl::vector<Interest, Data>;
BOOST_FIXTURE_TEST_CASE_TEMPLATE(TrustAnchorWildcard, Packet, Packets, ValidationPolicyConfigFixture<Packet>)
@@ -419,22 +479,22 @@
VALIDATE_SUCCESS(packet, "Policy should accept everything");
}
-using ReloadedPolicies = boost::mpl::vector<Refresh1h, Refresh1m, Refresh1s>;
+using RefreshPolicies = boost::mpl::vector<Refresh1h, Refresh1m, Refresh1s>;
// Somehow, didn't work without this wrapper
-template<typename ReloadPolicy>
-class ReloadPolicyFixture : public LoadStringWithDirAnchor<Data, ReloadPolicy>
+template<typename RefreshPolicy>
+class RefreshPolicyFixture : public LoadStringWithDirAnchor<Data, RefreshPolicy>
{
public:
};
-BOOST_FIXTURE_TEST_CASE_TEMPLATE(ValidateReload, Reload, ReloadedPolicies, ReloadPolicyFixture<Reload>)
+BOOST_FIXTURE_TEST_CASE_TEMPLATE(ValidateRefresh, Refresh, RefreshPolicies, RefreshPolicyFixture<Refresh>)
{
using Packet = Data;
Packet unsignedPacket("/Security/V2/ValidatorFixture/Sub1/Sub2/Packet");
boost::filesystem::remove(this->path / "keys" / "identity.ndncert");
- this->advanceClocks(Reload::getRefreshTime(), 3);
+ this->advanceClocks(Refresh::getRefreshTime(), 3);
Packet packet = unsignedPacket;
this->m_keyChain.sign(packet, signingByIdentity(this->identity));
diff --git a/tests/unit-tests/security/v2/validator.t.cpp b/tests/unit-tests/security/v2/validator.t.cpp
index 42bcf2a..bb545e1 100644
--- a/tests/unit-tests/security/v2/validator.t.cpp
+++ b/tests/unit-tests/security/v2/validator.t.cpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -100,7 +100,6 @@
BOOST_CHECK_EQUAL(face.sentInterests.size(), 1);
}
-
BOOST_AUTO_TEST_CASE(ExpiredCert)
{
Data expiredCert = subIdentity.getDefaultKey().getDefaultCertificate();
@@ -127,6 +126,15 @@
BOOST_CHECK_EQUAL(face.sentInterests.size(), 1);
}
+BOOST_AUTO_TEST_CASE(ResetAnchors)
+{
+ validator.resetAnchors();
+
+ Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+ m_keyChain.sign(data, signingByIdentity(subIdentity));
+ VALIDATE_FAILURE(data, "Should fail, as no anchors configured");
+}
+
BOOST_AUTO_TEST_CASE(TrustedCertCaching)
{
Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
@@ -149,6 +157,21 @@
face.sentInterests.clear();
}
+BOOST_AUTO_TEST_CASE(ResetVerifiedCertificates)
+{
+ Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+ m_keyChain.sign(data, signingByIdentity(subIdentity));
+ VALIDATE_SUCCESS(data, "Should get accepted, as signed by the policy-compliant cert");
+
+ // reset anchors
+ validator.resetAnchors();
+ VALIDATE_SUCCESS(data, "Should get accepted, as signed by the cert in trusted cache");
+
+ // reset trusted cache
+ validator.resetVerifiedCertificates();
+ VALIDATE_FAILURE(data, "Should fail, as no trusted cache or anchors");
+}
+
BOOST_AUTO_TEST_CASE(UntrustedCertCaching)
{
Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");