mgmt: Switch nfd::Controller to use v2::Validator interface
The conversion also includes relevant changes in SegmentFetcher and
tests.
Change-Id: Ie2f55bac650e3689f4971ab814a8bd51068a2a40
Refs: #3920
diff --git a/src/mgmt/nfd/controller.cpp b/src/mgmt/nfd/controller.cpp
index bfb0843..945c16d 100644
--- a/src/mgmt/nfd/controller.cpp
+++ b/src/mgmt/nfd/controller.cpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -20,9 +20,12 @@
*/
#include "controller.hpp"
-#include "../../face.hpp"
-#include "../../security/key-chain.hpp"
-#include "../../util/segment-fetcher.hpp"
+#include "face.hpp"
+#include "security/v2/key-chain.hpp"
+#include "security/validator-null.hpp"
+#include "util/segment-fetcher.hpp"
+
+#include <boost/lexical_cast.hpp>
namespace ndn {
namespace nfd {
@@ -34,13 +37,12 @@
const uint32_t Controller::ERROR_VALIDATION = 10021; // 10000 + TLS1_ALERT_DECRYPTION_FAILED
const uint32_t Controller::ERROR_SERVER = 500;
const uint32_t Controller::ERROR_LBOUND = 400;
-ValidatorNull Controller::s_validatorNull;
-Controller::Controller(Face& face, KeyChain& keyChain, Validator& validator)
+Controller::Controller(Face& face, KeyChain& keyChain, security::v2::Validator& validator)
: m_face(face)
, m_keyChain(keyChain)
- , m_signer(keyChain)
, m_validator(validator)
+ , m_signer(keyChain)
{
}
@@ -79,11 +81,11 @@
const CommandFailCallback& onFailure)
{
m_validator.validate(data,
- [=] (const shared_ptr<const Data>& data) {
- this->processValidatedCommandResponse(*data, command, onSuccess, onFailure);
+ [=] (const Data& data) {
+ this->processValidatedCommandResponse(data, command, onSuccess, onFailure);
},
- [=] (const shared_ptr<const Data>&, const std::string& msg) {
- onFailure(ControlResponse(ERROR_VALIDATION, msg));
+ [=] (const Data& data, const security::v2::ValidationError& error) {
+ onFailure(ControlResponse(ERROR_VALIDATION, boost::lexical_cast<std::string>(error)));
}
);
}
diff --git a/src/mgmt/nfd/controller.hpp b/src/mgmt/nfd/controller.hpp
index d9bfa1f..6582a66 100644
--- a/src/mgmt/nfd/controller.hpp
+++ b/src/mgmt/nfd/controller.hpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -26,15 +26,13 @@
#include "control-response.hpp"
#include "status-dataset.hpp"
#include "command-options.hpp"
-#include "../../security/validator-null.hpp"
-#include "../../security/key-chain.hpp"
#include "../../security/command-interest-signer.hpp"
+#include "../../security/validator-null.hpp"
+#include "../../security/v2/key-chain.hpp"
+#include "../../security/v2/validator.hpp"
namespace ndn {
-namespace security {
-class Validator;
-} // namespace security
class Face;
namespace nfd {
@@ -67,7 +65,7 @@
/** \brief construct a Controller that uses face for transport,
* and uses the passed KeyChain to sign commands
*/
- Controller(Face& face, KeyChain& keyChain, security::Validator& validator = s_validatorNull);
+ Controller(Face& face, KeyChain& keyChain, security::v2::Validator& validator = security::getAcceptAllValidator());
/** \brief start command execution
*/
@@ -172,11 +170,8 @@
protected:
Face& m_face;
KeyChain& m_keyChain;
+ security::v2::Validator& m_validator;
security::CommandInterestSigner m_signer;
- security::Validator& m_validator;
-
-private:
- static ValidatorNull s_validatorNull;
};
template<typename Dataset>
diff --git a/src/security/validator-null.cpp b/src/security/validator-null.cpp
new file mode 100644
index 0000000..6ca3174
--- /dev/null
+++ b/src/security/validator-null.cpp
@@ -0,0 +1,44 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2017 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "validator-null.hpp"
+#include "v2/validation-policy-accept-all.hpp"
+#include "v2/certificate-fetcher-offline.hpp"
+
+namespace ndn {
+namespace security {
+namespace v2 {
+
+ValidatorNull::ValidatorNull()
+ : Validator(make_unique<ValidationPolicyAcceptAll>(), make_unique<CertificateFetcherOffline>())
+{
+}
+
+security::v2::Validator&
+getAcceptAllValidator()
+{
+ static security::ValidatorNull validator;
+ return validator;
+}
+
+} // namespace v2
+} // namespace security
+} // namespace ndn
diff --git a/src/security/validator-null.hpp b/src/security/validator-null.hpp
index 36448af..f8f48ce 100644
--- a/src/security/validator-null.hpp
+++ b/src/security/validator-null.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+/*
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -17,53 +17,35 @@
* <http://www.gnu.org/licenses/>.
*
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
- * @author Jeff Thompson <jefft0@remap.ucla.edu>
*/
#ifndef NDN_SECURITY_VALIDATOR_NULL_HPP
#define NDN_SECURITY_VALIDATOR_NULL_HPP
-#include "validator.hpp"
+#include "v2/validator.hpp"
namespace ndn {
namespace security {
+namespace v2 {
+/**
+ * @brief Validator with "accept-all" policy and offline certificate fetcher
+ */
class ValidatorNull : public Validator
{
public:
- virtual
- ~ValidatorNull()
- {
- }
-
-protected:
- virtual void
- checkPolicy(const Data& data,
- int nSteps,
- const OnDataValidated& onValidated,
- const OnDataValidationFailed& onValidationFailed,
- std::vector<shared_ptr<ValidationRequest> >& nextSteps)
- {
- onValidated(data.shared_from_this());
- }
-
- virtual void
- checkPolicy(const Interest& interest,
- int nSteps,
- const OnInterestValidated& onValidated,
- const OnInterestValidationFailed& onValidationFailed,
- std::vector<shared_ptr<ValidationRequest> >& nextSteps)
- {
- onValidated(interest.shared_from_this());
- }
+ ValidatorNull();
};
+security::v2::Validator&
+getAcceptAllValidator();
+
+} // namespace v2
+
+using v2::ValidatorNull;
+using v2::getAcceptAllValidator;
+
} // namespace security
-
-using security::ValidatorNull;
-
} // namespace ndn
-#endif //NDN_SECURITY_VALIDATOR_NULL_HPP
+#endif // NDN_SECURITY_VALIDATOR_NULL_HPP
diff --git a/src/util/segment-fetcher.cpp b/src/util/segment-fetcher.cpp
index 70ad632..c8075e7 100644
--- a/src/util/segment-fetcher.cpp
+++ b/src/util/segment-fetcher.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+/*
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -25,13 +25,15 @@
#include "../lp/nack.hpp"
#include "../lp/nack-header.hpp"
+#include <boost/lexical_cast.hpp>
+
namespace ndn {
namespace util {
const uint32_t SegmentFetcher::MAX_INTEREST_REEXPRESS = 3;
SegmentFetcher::SegmentFetcher(Face& face,
- shared_ptr<Validator> validator,
+ shared_ptr<security::v2::Validator> validator,
const CompleteCallback& completeCallback,
const ErrorCallback& errorCallback)
: m_face(face)
@@ -46,19 +48,18 @@
void
SegmentFetcher::fetch(Face& face,
const Interest& baseInterest,
- Validator& validator,
+ security::v2::Validator& validator,
const CompleteCallback& completeCallback,
const ErrorCallback& errorCallback)
{
- shared_ptr<Validator> sharedValidator = shared_ptr<Validator>(&validator, [] (Validator*) {});
-
- fetch(face, baseInterest, sharedValidator, completeCallback, errorCallback);
+ shared_ptr<security::v2::Validator> validatorPtr(&validator, [] (security::v2::Validator*) {});
+ fetch(face, baseInterest, validatorPtr, completeCallback, errorCallback);
}
void
SegmentFetcher::fetch(Face& face,
const Interest& baseInterest,
- shared_ptr<Validator> validator,
+ shared_ptr<security::v2::Validator> validator,
const CompleteCallback& completeCallback,
const ErrorCallback& errorCallback)
{
@@ -106,29 +107,29 @@
m_validator->validate(data,
bind(&SegmentFetcher::afterValidationSuccess, this, _1,
isSegmentZeroExpected, origInterest, self),
- bind(&SegmentFetcher::afterValidationFailure, this, _1));
+ bind(&SegmentFetcher::afterValidationFailure, this, _1, _2));
}
void
-SegmentFetcher::afterValidationSuccess(const shared_ptr<const Data> data,
+SegmentFetcher::afterValidationSuccess(const Data& data,
bool isSegmentZeroExpected,
const Interest& origInterest,
shared_ptr<SegmentFetcher> self)
{
- name::Component currentSegment = data->getName().get(-1);
+ name::Component currentSegment = data.getName().get(-1);
if (currentSegment.isSegment()) {
if (isSegmentZeroExpected && currentSegment.toSegment() != 0) {
- fetchNextSegment(origInterest, data->getName(), 0, self);
+ fetchNextSegment(origInterest, data.getName(), 0, self);
}
else {
- m_buffer->write(reinterpret_cast<const char*>(data->getContent().value()),
- data->getContent().value_size());
+ m_buffer->write(reinterpret_cast<const char*>(data.getContent().value()),
+ data.getContent().value_size());
- const name::Component& finalBlockId = data->getMetaInfo().getFinalBlockId();
+ const name::Component& finalBlockId = data.getMetaInfo().getFinalBlockId();
if (finalBlockId.empty() || (finalBlockId > currentSegment)) {
- fetchNextSegment(origInterest, data->getName(), currentSegment.toSegment() + 1, self);
+ fetchNextSegment(origInterest, data.getName(), currentSegment.toSegment() + 1, self);
}
else {
return m_completeCallback(m_buffer->buf());
@@ -141,9 +142,10 @@
}
void
-SegmentFetcher::afterValidationFailure(const shared_ptr<const Data> data)
+SegmentFetcher::afterValidationFailure(const Data& data, const security::v2::ValidationError& error)
{
- return m_errorCallback(SEGMENT_VALIDATION_FAIL, "Segment validation fail");
+ return m_errorCallback(SEGMENT_VALIDATION_FAIL, "Segment validation fail " +
+ boost::lexical_cast<std::string>(error));
}
diff --git a/src/util/segment-fetcher.hpp b/src/util/segment-fetcher.hpp
index 0c2e908..99510f5 100644
--- a/src/util/segment-fetcher.hpp
+++ b/src/util/segment-fetcher.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+/*
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -25,7 +25,7 @@
#include "scheduler.hpp"
#include "../common.hpp"
#include "../face.hpp"
-#include "../security/validator.hpp"
+#include "../security/v2/validator.hpp"
namespace ndn {
@@ -140,7 +140,7 @@
void
fetch(Face& face,
const Interest& baseInterest,
- Validator& validator,
+ security::v2::Validator& validator,
const CompleteCallback& completeCallback,
const ErrorCallback& errorCallback);
@@ -163,13 +163,13 @@
void
fetch(Face& face,
const Interest& baseInterest,
- shared_ptr<Validator> validator,
+ shared_ptr<security::v2::Validator> validator,
const CompleteCallback& completeCallback,
const ErrorCallback& errorCallback);
private:
SegmentFetcher(Face& face,
- shared_ptr<Validator> validator,
+ shared_ptr<security::v2::Validator> validator,
const CompleteCallback& completeCallback,
const ErrorCallback& errorCallback);
@@ -185,13 +185,13 @@
const Data& data, bool isSegmentZeroExpected,
shared_ptr<SegmentFetcher> self);
void
- afterValidationSuccess(const shared_ptr<const Data> data,
+ afterValidationSuccess(const Data& data,
bool isSegmentZeroExpected,
const Interest& origInterest,
shared_ptr<SegmentFetcher> self);
void
- afterValidationFailure(const shared_ptr<const Data> data);
+ afterValidationFailure(const Data& data, const security::v2::ValidationError& error);
void
afterNackReceived(const Interest& origInterest, const lp::Nack& nack,
@@ -204,7 +204,7 @@
private:
Face& m_face;
Scheduler m_scheduler;
- shared_ptr<Validator> m_validator;
+ shared_ptr<security::v2::Validator> m_validator;
CompleteCallback m_completeCallback;
ErrorCallback m_errorCallback;
diff --git a/tests/dummy-validator.hpp b/tests/dummy-validator.hpp
index 40e4bcb..255c2ce 100644
--- a/tests/dummy-validator.hpp
+++ b/tests/dummy-validator.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+/*
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,21 +22,23 @@
#ifndef NDN_TESTS_DUMMY_VALIDATOR_HPP
#define NDN_TESTS_DUMMY_VALIDATOR_HPP
-#include "security/validator.hpp"
+#include "security/v2/validator.hpp"
+#include "security/v2/validation-policy.hpp"
+#include "security/v2/certificate-fetcher-offline.hpp"
namespace ndn {
namespace tests {
-/** \brief a Validator for unit testing
+/** \brief A validation policy for unit testing
*/
-class DummyValidator : public Validator
+class DummyValidationPolicy : public security::v2::ValidationPolicy
{
public:
/** \brief constructor
* \param shouldAccept whether to accept or reject all validation requests
*/
explicit
- DummyValidator(bool shouldAccept = true)
+ DummyValidationPolicy(bool shouldAccept = true)
{
this->setResult(shouldAccept);
}
@@ -61,29 +63,27 @@
}
protected:
- virtual void
- checkPolicy(const Interest& interest, int nSteps,
- const OnInterestValidated& accept, const OnInterestValidationFailed& reject,
- std::vector<shared_ptr<ValidationRequest>>&) override
+ void
+ checkPolicy(const Data& data, const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation) override
{
- if (m_decide(interest.getName())) {
- accept(interest.shared_from_this());
+ if (m_decide(data.getName())) {
+ continueValidation(nullptr, state);
}
else {
- reject(interest.shared_from_this(), "");
+ state->fail(security::v2::ValidationError::NO_ERROR);
}
}
- virtual void
- checkPolicy(const Data& data, int nSteps,
- const OnDataValidated& accept, const OnDataValidationFailed& reject,
- std::vector<shared_ptr<ValidationRequest>>&) override
+ void
+ checkPolicy(const Interest& interest, const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation) override
{
- if (m_decide(data.getName())) {
- accept(data.shared_from_this());
+ if (m_decide(interest.getName())) {
+ continueValidation(nullptr, state);
}
else {
- reject(data.shared_from_this(), "");
+ state->fail(security::v2::ValidationError::NO_ERROR);
}
}
@@ -91,15 +91,21 @@
function<bool(const Name&)> m_decide;
};
-/** \brief a DummyValidator initialized to reject all requests
- */
-class DummyRejectValidator : public DummyValidator
+
+class DummyValidator : public security::v2::Validator
{
public:
- DummyRejectValidator()
- : DummyValidator(false)
+ DummyValidator(bool shouldAccept = true)
+ : security::v2::Validator(make_unique<DummyValidationPolicy>(shouldAccept),
+ make_unique<security::v2::CertificateFetcherOffline>())
{
}
+
+ DummyValidationPolicy&
+ getPolicy()
+ {
+ return static_cast<DummyValidationPolicy&>(security::v2::Validator::getPolicy());
+ }
};
} // namespace tests
diff --git a/tests/unit-tests/mgmt/nfd/controller-fixture.hpp b/tests/unit-tests/mgmt/nfd/controller-fixture.hpp
index 8f31f14..6054ed2 100644
--- a/tests/unit-tests/mgmt/nfd/controller-fixture.hpp
+++ b/tests/unit-tests/mgmt/nfd/controller-fixture.hpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -23,11 +23,12 @@
#define NDN_TESTS_MGMT_NFD_CONTROLLER_FIXTURE_HPP
#include "mgmt/nfd/controller.hpp"
-#include "../../../dummy-validator.hpp"
+#include "util/dummy-client-face.hpp"
+#include "security/v2/certificate-fetcher-offline.hpp"
#include "boost-test.hpp"
-#include "util/dummy-client-face.hpp"
-#include "../../identity-management-time-fixture.hpp"
+#include "dummy-validator.hpp"
+#include "unit-tests/identity-management-time-fixture.hpp"
namespace ndn {
namespace nfd {
@@ -40,6 +41,7 @@
protected:
ControllerFixture()
: face(io, m_keyChain)
+ , m_validator(true)
, controller(face, m_keyChain, m_validator)
, commandFailCallback(bind(&ControllerFixture::recordCommandFail, this, _1))
, datasetFailCallback(bind(&ControllerFixture::recordDatasetFail, this, _1, _2))
@@ -56,7 +58,7 @@
void
setValidationResult(bool shouldAccept)
{
- m_validator.setResult(shouldAccept);
+ m_validator.getPolicy().setResult(shouldAccept);
}
private:
@@ -74,13 +76,11 @@
protected:
ndn::util::DummyClientFace face;
+ DummyValidator m_validator;
Controller controller;
Controller::CommandFailCallback commandFailCallback;
Controller::DatasetFailCallback datasetFailCallback;
std::vector<uint32_t> failCodes;
-
-private:
- DummyValidator m_validator;
};
} // namespace tests
diff --git a/tests/unit-tests/security/command-interest-validator.t.cpp b/tests/unit-tests/security/command-interest-validator.t.cpp
deleted file mode 100644
index e8c4eeb..0000000
--- a/tests/unit-tests/security/command-interest-validator.t.cpp
+++ /dev/null
@@ -1,412 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2017 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- */
-
-#include "security/command-interest-validator.hpp"
-#include "security/command-interest-signer.hpp"
-#include "security/signing-helpers.hpp"
-
-#include "boost-test.hpp"
-#include "dummy-validator.hpp"
-#include "../identity-management-time-fixture.hpp"
-#include "../make-interest-data.hpp"
-
-#include <boost/lexical_cast.hpp>
-
-namespace ndn {
-namespace security {
-namespace tests {
-
-using namespace ndn::tests;
-
-class CommandInterestValidatorFixture : public IdentityManagementTimeFixture
-{
-protected:
- CommandInterestValidatorFixture()
- : signer(m_keyChain)
- {
- this->initialize(CommandInterestValidator::Options{});
- }
-
- void
- initialize(const CommandInterestValidator::Options& options)
- {
- auto inner = make_unique<DummyValidator>();
- this->inner = inner.get();
- this->validator = make_unique<CommandInterestValidator>(std::move(inner), options);
- }
-
- Name
- makeIdentity(uint64_t identity)
- {
- Name name("/localhost/CommandInterestValidatorIdentity");
- name.appendSequenceNumber(identity);
- this->addIdentity(name);
- return name;
- }
-
- shared_ptr<Interest>
- makeCommandInterest(uint64_t identity = 0)
- {
- auto interest = signer.makeCommandInterest("/CommandInterestPrefix", signingByIdentity(makeIdentity(identity)));
- return make_shared<Interest>(std::move(interest));
- }
-
- /** \brief check that validator accepts interest
- * \param interest to be validated
- */
- void
- assertAccept(const Interest& interest)
- {
- int nAccepts = 0;
- validator->validate(interest,
- [&nAccepts] (const shared_ptr<const Interest>&) { ++nAccepts; },
- [] (const shared_ptr<const Interest>&, const std::string& msg) {
- BOOST_ERROR("validation request should succeed but fails with: " << msg);
- });
- BOOST_CHECK_EQUAL(nAccepts, 1);
- }
-
- /** \brief check that validator rejects interest
- * \param interest to be validated
- * \param error if not NONE, further check the error code matches \p error
- * if NONE, error code is not checked
- */
- void
- assertReject(const Interest& interest, CommandInterestValidator::ErrorCode error)
- {
- int nRejects = 0;
- validator->validate(interest,
- [] (const shared_ptr<const Interest>&) {
- BOOST_ERROR("validation request should fail but succeeds");
- },
- [&nRejects, error] (const shared_ptr<const Interest>&, const std::string& msg) {
- ++nRejects;
- if (error != CommandInterestValidator::ErrorCode::NONE) {
- BOOST_CHECK_EQUAL(msg, boost::lexical_cast<std::string>(error));
- }
- });
- BOOST_CHECK_EQUAL(nRejects, 1);
- }
-
-protected:
- CommandInterestSigner signer;
- DummyValidator* inner;
- unique_ptr<CommandInterestValidator> validator;
-};
-
-BOOST_AUTO_TEST_SUITE(Security)
-BOOST_FIXTURE_TEST_SUITE(TestCommandInterestValidator, CommandInterestValidatorFixture)
-
-BOOST_AUTO_TEST_SUITE(Accepts)
-
-BOOST_AUTO_TEST_CASE(Basic)
-{
- auto i1 = makeCommandInterest();
- assertAccept(*i1);
-
- advanceClocks(time::milliseconds(5));
- auto i2 = makeCommandInterest();
- assertAccept(*i2);
-
- advanceClocks(time::seconds(2));
- auto i3 = makeCommandInterest();
- assertAccept(*i3);
-}
-
-BOOST_AUTO_TEST_CASE(DataPassthru)
-{
- auto d1 = makeData("/data");
- int nAccepts = 0;
- validator->validate(*d1,
- [&nAccepts] (const shared_ptr<const Data>&) { ++nAccepts; },
- [] (const shared_ptr<const Data>&, const std::string& msg) {
- BOOST_ERROR("validation request should succeed but fails with: " << msg);
- });
- BOOST_CHECK_EQUAL(nAccepts, 1);
-}
-
-BOOST_AUTO_TEST_SUITE_END() // Accepts
-
-BOOST_AUTO_TEST_SUITE(Rejects)
-
-BOOST_AUTO_TEST_CASE(NameTooShort)
-{
- auto i1 = makeInterest("/name/too/short");
- assertReject(*i1, CommandInterestValidator::ErrorCode::NAME_TOO_SHORT);
-}
-
-BOOST_AUTO_TEST_CASE(BadTimestamp)
-{
- auto i1 = makeCommandInterest();
- setNameComponent(*i1, command_interest::POS_TIMESTAMP, "not-timestamp");
- assertReject(*i1, CommandInterestValidator::ErrorCode::BAD_TIMESTAMP);
-}
-
-BOOST_AUTO_TEST_CASE(BadSigInfo)
-{
- auto i1 = makeCommandInterest();
- setNameComponent(*i1, signed_interest::POS_SIG_INFO, "not-SignatureInfo");
- assertReject(*i1, CommandInterestValidator::ErrorCode::BAD_SIG_INFO);
-}
-
-BOOST_AUTO_TEST_CASE(MissingKeyLocator)
-{
- auto i1 = makeCommandInterest();
- SignatureInfo sigInfo;
- setNameComponent(*i1, signed_interest::POS_SIG_INFO,
- sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
- assertReject(*i1, CommandInterestValidator::ErrorCode::MISSING_KEY_LOCATOR);
-}
-
-BOOST_AUTO_TEST_CASE(BadKeyLocatorType)
-{
- auto i1 = makeCommandInterest();
- KeyLocator kl;
- kl.setKeyDigest(makeBinaryBlock(tlv::KeyDigest, "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD", 8));
- SignatureInfo sigInfo;
- sigInfo.setKeyLocator(kl);
- setNameComponent(*i1, signed_interest::POS_SIG_INFO,
- sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
- assertReject(*i1, CommandInterestValidator::ErrorCode::BAD_KEY_LOCATOR_TYPE);
-}
-
-BOOST_AUTO_TEST_CASE(BadCertName)
-{
- auto i1 = makeCommandInterest();
- KeyLocator kl;
- kl.setName("/bad/cert/name");
- SignatureInfo sigInfo;
- sigInfo.setKeyLocator(kl);
- setNameComponent(*i1, signed_interest::POS_SIG_INFO,
- sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
- assertReject(*i1, CommandInterestValidator::ErrorCode::BAD_CERT_NAME);
-}
-
-BOOST_AUTO_TEST_CASE(InnerReject)
-{
- inner->setResult(false);
- auto i1 = makeCommandInterest();
- assertReject(*i1, CommandInterestValidator::ErrorCode::NONE);
-}
-
-BOOST_AUTO_TEST_CASE(TimestampOutOfGracePositive)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(15);
- initialize(options);
-
- auto i1 = makeCommandInterest(); // signed at 0s
- advanceClocks(time::seconds(16)); // verifying at +16s
- assertReject(*i1, CommandInterestValidator::ErrorCode::TIMESTAMP_OUT_OF_GRACE);
-
- auto i2 = makeCommandInterest(); // signed at +16s
- assertAccept(*i2); // verifying at +16s
-}
-
-BOOST_AUTO_TEST_CASE(TimestampOutOfGraceNegative)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(15);
- initialize(options);
-
- auto i1 = makeCommandInterest(); // signed at 0s
- advanceClocks(time::seconds(1));
- auto i2 = makeCommandInterest(); // signed at +1s
- advanceClocks(time::seconds(1));
- auto i3 = makeCommandInterest(); // signed at +2s
-
- systemClock->advance(time::seconds(-18)); // verifying at -16s
- assertReject(*i1, CommandInterestValidator::ErrorCode::TIMESTAMP_OUT_OF_GRACE);
-
- // CommandInterestValidator should not remember i1's timestamp
- assertReject(*i2, CommandInterestValidator::ErrorCode::TIMESTAMP_OUT_OF_GRACE);
-
- // CommandInterestValidator should not remember i2's timestamp, and should treat i3 as initial
- advanceClocks(time::seconds(18)); // verifying at +2s
- assertAccept(*i3);
-}
-
-BOOST_AUTO_TEST_CASE(TimestampReorderEqual)
-{
- auto i1 = makeCommandInterest(); // signed at 0s
- assertAccept(*i1);
-
- auto i2 = makeCommandInterest(); // signed at 0s
- setNameComponent(*i2, command_interest::POS_TIMESTAMP,
- i1->getName()[command_interest::POS_TIMESTAMP]);
- assertReject(*i2, CommandInterestValidator::ErrorCode::TIMESTAMP_REORDER);
-
- advanceClocks(time::seconds(2));
- auto i3 = makeCommandInterest(); // signed at +2s
- assertAccept(*i3);
-}
-
-BOOST_AUTO_TEST_CASE(TimestampReorderNegative)
-{
- auto i2 = makeCommandInterest(); // signed at 0ms
- advanceClocks(time::milliseconds(200));
- auto i3 = makeCommandInterest(); // signed at +200ms
- advanceClocks(time::milliseconds(900));
- auto i1 = makeCommandInterest(); // signed at +1100ms
- advanceClocks(time::milliseconds(300));
- auto i4 = makeCommandInterest(); // signed at +1400ms
-
- systemClock->advance(time::milliseconds(-300)); // verifying at +1100ms
- assertAccept(*i1);
-
- systemClock->advance(time::milliseconds(-1100)); // verifying at 0ms
- assertReject(*i2, CommandInterestValidator::ErrorCode::TIMESTAMP_REORDER);
-
- // CommandInterestValidator should not remember i2's timestamp
- advanceClocks(time::milliseconds(200)); // verifying at +200ms
- assertReject(*i3, CommandInterestValidator::ErrorCode::TIMESTAMP_REORDER);
-
- advanceClocks(time::milliseconds(1200)); // verifying at 1400ms
- assertAccept(*i4);
-}
-
-BOOST_AUTO_TEST_SUITE_END() // Rejects
-
-BOOST_AUTO_TEST_SUITE(Options)
-
-typedef boost::mpl::vector<
- boost::mpl::int_<0>,
- boost::mpl::int_<-1>
-> GraceNonPositiveValues;
-
-BOOST_AUTO_TEST_CASE_TEMPLATE(GraceNonPositive, VALUE, GraceNonPositiveValues)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(VALUE::value);
- initialize(options);
-
- auto i1 = makeCommandInterest(1); // signed at 0ms
- auto i2 = makeCommandInterest(2); // signed at 0ms
- for (auto interest : {i1, i2}) {
- setNameComponent(*interest, command_interest::POS_TIMESTAMP,
- name::Component::fromNumber(time::toUnixTimestamp(time::system_clock::now()).count()));
- } // ensure timestamps are exactly 0ms
-
- assertAccept(*i1); // verifying at 0ms
-
- advanceClocks(time::milliseconds(1));
- assertReject(*i2, CommandInterestValidator::ErrorCode::TIMESTAMP_OUT_OF_GRACE); // verifying at 1ms
-}
-
-BOOST_AUTO_TEST_CASE(TimestampsLimited)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(15);
- options.maxTimestamps = 3;
- initialize(options);
-
- auto i1 = makeCommandInterest(1);
- auto i2 = makeCommandInterest(2);
- auto i3 = makeCommandInterest(3);
- auto i00 = makeCommandInterest(0); // signed at 0s
- advanceClocks(time::seconds(1));
- auto i01 = makeCommandInterest(0); // signed at 1s
- advanceClocks(time::seconds(1));
- auto i02 = makeCommandInterest(0); // signed at 2s
-
- assertAccept(*i00);
- assertAccept(*i02);
- assertAccept(*i1);
- assertAccept(*i2);
- assertAccept(*i3); // forgets identity 0
- assertAccept(*i01); // accepted despite timestamp is reordered, because record has been evicted
-}
-
-BOOST_AUTO_TEST_CASE(TimestampsUnlimited)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(15);
- options.maxTimestamps = -1;
- initialize(options);
-
- auto i1 = makeCommandInterest(0); // signed at 0s
- advanceClocks(time::seconds(1));
- for (int identity = 0; identity < 20; ++identity) {
- auto i2 = makeCommandInterest(identity); // signed at +1s
- assertAccept(*i2);
- }
- assertReject(*i1, CommandInterestValidator::ErrorCode::TIMESTAMP_REORDER);
-}
-
-BOOST_AUTO_TEST_CASE(TimestampsDisabled)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(15);
- options.maxTimestamps = 0;
- initialize(options);
-
- auto i1 = makeCommandInterest(); // signed at 0s
- advanceClocks(time::seconds(1));
- auto i2 = makeCommandInterest(); // signed at +1s
- assertAccept(*i2);
-
- assertAccept(*i1); // accepted despite timestamp is reordered, because record isn't kept
-}
-
-BOOST_AUTO_TEST_CASE(TtlLimited)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(120);
- options.timestampTtl = time::seconds(300);
- initialize(options);
-
- auto i1 = makeCommandInterest(); // signed at 0s
- advanceClocks(time::seconds(240));
- auto i2 = makeCommandInterest(); // signed at +240s
- advanceClocks(time::seconds(120));
- auto i3 = makeCommandInterest(); // signed at +360s
-
- systemClock->advance(time::seconds(-360)); // rewind system clock to 0s
- assertAccept(*i1);
- assertAccept(*i3);
-
- advanceClocks(time::seconds(30), time::seconds(301)); // advance steady clock by 301s, and system clock to +301s
- assertAccept(*i2); // accepted despite timestamp is reordered, because record has been expired
-}
-
-BOOST_AUTO_TEST_CASE(TtlZero)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(15);
- options.timestampTtl = time::seconds::zero();
- initialize(options);
-
- auto i1 = makeCommandInterest(); // signed at 0s
- advanceClocks(time::seconds(1));
- auto i2 = makeCommandInterest(); // signed at +1s
- assertAccept(*i2);
-
- assertAccept(*i1); // accepted despite timestamp is reordered, because record has been expired
-}
-
-BOOST_AUTO_TEST_SUITE_END() // Options
-
-BOOST_AUTO_TEST_SUITE_END() // TestCommandInterestValidator
-BOOST_AUTO_TEST_SUITE_END() // Security
-
-} // namespace tests
-} // namespace security
-} // namespace ndn
diff --git a/tests/unit-tests/security/validator-null.t.cpp b/tests/unit-tests/security/validator-null.t.cpp
new file mode 100644
index 0000000..b4f4102
--- /dev/null
+++ b/tests/unit-tests/security/validator-null.t.cpp
@@ -0,0 +1,66 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2017 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "security/validator-null.hpp"
+
+#include "boost-test.hpp"
+#include "identity-management-fixture.hpp"
+#include "../make-interest-data.hpp"
+
+namespace ndn {
+namespace security {
+namespace tests {
+
+using namespace ndn::tests;
+
+BOOST_AUTO_TEST_SUITE(Security)
+BOOST_FIXTURE_TEST_SUITE(TestValidatorNull, IdentityManagementFixture)
+
+BOOST_AUTO_TEST_CASE(ValidateData)
+{
+ auto identity = addIdentity("/TestValidator/Null");
+ Data data("/Some/Other/Data/Name");
+ m_keyChain.sign(data, signingByIdentity(identity));
+
+ ValidatorNull validator;
+ validator.validate(data,
+ bind([] { BOOST_CHECK_MESSAGE(true, "Validation should succeed"); }),
+ bind([] { BOOST_CHECK_MESSAGE(false, "Validation should not have failed"); }));
+}
+
+BOOST_AUTO_TEST_CASE(ValidateInterest)
+{
+ auto identity = addIdentity("/TestValidator/Null");
+ Interest interest("/Some/Other/Interest/Name");
+ m_keyChain.sign(interest, signingByIdentity(identity));
+
+ ValidatorNull validator;
+ validator.validate(interest,
+ bind([] { BOOST_CHECK_MESSAGE(true, "Validation should succeed"); }),
+ bind([] { BOOST_CHECK_MESSAGE(false, "Validation should not have failed"); }));
+}
+
+BOOST_AUTO_TEST_SUITE_END() // TestValidatorNull
+BOOST_AUTO_TEST_SUITE_END() // Security
+
+} // namespace tests
+} // namespace security
+} // namespace ndn
diff --git a/tests/unit-tests/security/validator.t.cpp b/tests/unit-tests/security/validator.t.cpp
index 3f26b44..6f22c5a 100644
--- a/tests/unit-tests/security/validator.t.cpp
+++ b/tests/unit-tests/security/validator.t.cpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -19,7 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "security/validator-null.hpp"
+#include "security/validator.hpp"
#include "boost-test.hpp"
#include "identity-management-fixture.hpp"
@@ -34,40 +34,6 @@
BOOST_AUTO_TEST_SUITE(Security)
BOOST_FIXTURE_TEST_SUITE(TestValidator, IdentityManagementV1Fixture)
-void
-onValidated(const shared_ptr<const Data>& data)
-{
- BOOST_CHECK(true);
-}
-
-void
-onValidationFailed(const shared_ptr<const Data>& data, const std::string& failureInfo)
-{
- BOOST_CHECK(false);
-}
-
-BOOST_AUTO_TEST_CASE(Null)
-{
- Name identity("/TestValidator/Null");
- identity.appendVersion();
- addIdentity(identity, RsaKeyParams());
-
- Name dataName = identity;
- dataName.append("1");
- shared_ptr<Data> data = make_shared<Data>(dataName);
-
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
-
- ValidatorNull validator;
-
- // data must be a shared pointer
- validator.validate(*data,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-}
-
const uint8_t ecdsaSigInfo[] = {
0x16, 0x1b, // SignatureInfo
0x1b, 0x01, // SignatureType
diff --git a/tests/unit-tests/util/segment-fetcher.t.cpp b/tests/unit-tests/util/segment-fetcher.t.cpp
index 02ef85b..09eb212 100644
--- a/tests/unit-tests/util/segment-fetcher.t.cpp
+++ b/tests/unit-tests/util/segment-fetcher.t.cpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -20,7 +20,6 @@
*/
#include "util/segment-fetcher.hpp"
-#include "security/validator-null.hpp"
#include "lp/nack-header.hpp"
#include "data.hpp"
#include "encoding/block.hpp"
@@ -103,9 +102,9 @@
BOOST_FIXTURE_TEST_CASE(Timeout, Fixture)
{
- ValidatorNull nullValidator;
+ DummyValidator acceptValidator;
SegmentFetcher::fetch(face, Interest("/hello/world", time::milliseconds(100)),
- nullValidator,
+ acceptValidator,
bind(&Fixture::onComplete, this, _1),
bind(&Fixture::onError, this, _1));
@@ -132,9 +131,9 @@
BOOST_FIXTURE_TEST_CASE(Basic, Fixture)
{
- ValidatorNull nullValidator;
+ DummyValidator acceptValidator;
SegmentFetcher::fetch(face, Interest("/hello/world", time::seconds(1000)),
- nullValidator,
+ acceptValidator,
bind(&Fixture::onComplete, this, _1),
bind(&Fixture::onError, this, _1));
@@ -164,9 +163,9 @@
BOOST_FIXTURE_TEST_CASE(NoSegmentInData, Fixture)
{
- ValidatorNull nullValidator;
+ DummyValidator acceptValidator;
SegmentFetcher::fetch(face, Interest("/hello/world", time::seconds(1000)),
- nullValidator,
+ acceptValidator,
bind(&Fixture::onComplete, this, _1),
bind(&Fixture::onError, this, _1));
@@ -188,7 +187,7 @@
BOOST_FIXTURE_TEST_CASE(SegmentValidationFailure, Fixture)
{
- DummyRejectValidator rejectValidator;
+ DummyValidator rejectValidator(false);
SegmentFetcher::fetch(face, Interest("/hello/world", time::seconds(1000)),
rejectValidator,
bind(&Fixture::onComplete, this, _1),
@@ -205,9 +204,9 @@
BOOST_FIXTURE_TEST_CASE(Triple, Fixture)
{
- ValidatorNull nullValidator;
+ DummyValidator acceptValidator;
SegmentFetcher::fetch(face, Interest("/hello/world", time::seconds(1000)),
- nullValidator,
+ acceptValidator,
bind(&Fixture::onComplete, this, _1),
bind(&Fixture::onError, this, _1));
@@ -254,9 +253,9 @@
BOOST_FIXTURE_TEST_CASE(TripleWithInitialSegmentFetching, Fixture)
{
- ValidatorNull nullValidator;
+ DummyValidator acceptValidator;
SegmentFetcher::fetch(face, Interest("/hello/world", time::seconds(1000)),
- nullValidator,
+ acceptValidator,
bind(&Fixture::onComplete, this, _1),
bind(&Fixture::onError, this, _1));
@@ -313,9 +312,9 @@
BOOST_FIXTURE_TEST_CASE(MultipleSegmentFetching, Fixture)
{
- ValidatorNull nullValidator;
+ DummyValidator acceptValidator;
SegmentFetcher::fetch(face, Interest("/hello/world", time::seconds(1000)),
- nullValidator,
+ acceptValidator,
bind(&Fixture::onComplete, this, _1),
bind(&Fixture::onError, this, _1));
@@ -337,7 +336,7 @@
BOOST_FIXTURE_TEST_CASE(DuplicateNack, Fixture)
{
SegmentFetcher::fetch(face, Interest("/hello/world", time::seconds(1000)),
- make_shared<ValidatorNull>(),
+ make_shared<DummyValidator>(true),
bind(&Fixture::onComplete, this, _1),
bind(&Fixture::onError, this, _1));
advanceClocks(time::milliseconds(10));
@@ -357,7 +356,7 @@
BOOST_FIXTURE_TEST_CASE(CongestionNack, Fixture)
{
SegmentFetcher::fetch(face, Interest("/hello/world", time::seconds(1000)),
- make_shared<ValidatorNull>(),
+ make_shared<DummyValidator>(true),
bind(&Fixture::onComplete, this, _1),
bind(&Fixture::onError, this, _1));
advanceClocks(time::milliseconds(10));
@@ -381,7 +380,7 @@
ndn::Name interestName("ndn:/A");
SegmentFetcher::fetch(face,
Interest(interestName),
- make_shared<ValidatorNull>(),
+ make_shared<DummyValidator>(true),
bind(&Fixture::onComplete, this, _1),
bind(&Fixture::onError, this, _1));
@@ -416,7 +415,7 @@
BOOST_FIXTURE_TEST_CASE(ZeroComponentName, Fixture)
{
SegmentFetcher::fetch(face, Interest("ndn:/"),
- make_shared<ValidatorNull>(),
+ make_shared<DummyValidator>(true),
bind(&Fixture::onComplete, this, _1),
bind(&Fixture::onError, this, _1));
advanceClocks(time::milliseconds(10));