mgmt: Switch nfd::Controller to use v2::Validator interface
The conversion also includes relevant changes in SegmentFetcher and
tests.
Change-Id: Ie2f55bac650e3689f4971ab814a8bd51068a2a40
Refs: #3920
diff --git a/tests/unit-tests/security/command-interest-validator.t.cpp b/tests/unit-tests/security/command-interest-validator.t.cpp
deleted file mode 100644
index e8c4eeb..0000000
--- a/tests/unit-tests/security/command-interest-validator.t.cpp
+++ /dev/null
@@ -1,412 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2017 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- */
-
-#include "security/command-interest-validator.hpp"
-#include "security/command-interest-signer.hpp"
-#include "security/signing-helpers.hpp"
-
-#include "boost-test.hpp"
-#include "dummy-validator.hpp"
-#include "../identity-management-time-fixture.hpp"
-#include "../make-interest-data.hpp"
-
-#include <boost/lexical_cast.hpp>
-
-namespace ndn {
-namespace security {
-namespace tests {
-
-using namespace ndn::tests;
-
-class CommandInterestValidatorFixture : public IdentityManagementTimeFixture
-{
-protected:
- CommandInterestValidatorFixture()
- : signer(m_keyChain)
- {
- this->initialize(CommandInterestValidator::Options{});
- }
-
- void
- initialize(const CommandInterestValidator::Options& options)
- {
- auto inner = make_unique<DummyValidator>();
- this->inner = inner.get();
- this->validator = make_unique<CommandInterestValidator>(std::move(inner), options);
- }
-
- Name
- makeIdentity(uint64_t identity)
- {
- Name name("/localhost/CommandInterestValidatorIdentity");
- name.appendSequenceNumber(identity);
- this->addIdentity(name);
- return name;
- }
-
- shared_ptr<Interest>
- makeCommandInterest(uint64_t identity = 0)
- {
- auto interest = signer.makeCommandInterest("/CommandInterestPrefix", signingByIdentity(makeIdentity(identity)));
- return make_shared<Interest>(std::move(interest));
- }
-
- /** \brief check that validator accepts interest
- * \param interest to be validated
- */
- void
- assertAccept(const Interest& interest)
- {
- int nAccepts = 0;
- validator->validate(interest,
- [&nAccepts] (const shared_ptr<const Interest>&) { ++nAccepts; },
- [] (const shared_ptr<const Interest>&, const std::string& msg) {
- BOOST_ERROR("validation request should succeed but fails with: " << msg);
- });
- BOOST_CHECK_EQUAL(nAccepts, 1);
- }
-
- /** \brief check that validator rejects interest
- * \param interest to be validated
- * \param error if not NONE, further check the error code matches \p error
- * if NONE, error code is not checked
- */
- void
- assertReject(const Interest& interest, CommandInterestValidator::ErrorCode error)
- {
- int nRejects = 0;
- validator->validate(interest,
- [] (const shared_ptr<const Interest>&) {
- BOOST_ERROR("validation request should fail but succeeds");
- },
- [&nRejects, error] (const shared_ptr<const Interest>&, const std::string& msg) {
- ++nRejects;
- if (error != CommandInterestValidator::ErrorCode::NONE) {
- BOOST_CHECK_EQUAL(msg, boost::lexical_cast<std::string>(error));
- }
- });
- BOOST_CHECK_EQUAL(nRejects, 1);
- }
-
-protected:
- CommandInterestSigner signer;
- DummyValidator* inner;
- unique_ptr<CommandInterestValidator> validator;
-};
-
-BOOST_AUTO_TEST_SUITE(Security)
-BOOST_FIXTURE_TEST_SUITE(TestCommandInterestValidator, CommandInterestValidatorFixture)
-
-BOOST_AUTO_TEST_SUITE(Accepts)
-
-BOOST_AUTO_TEST_CASE(Basic)
-{
- auto i1 = makeCommandInterest();
- assertAccept(*i1);
-
- advanceClocks(time::milliseconds(5));
- auto i2 = makeCommandInterest();
- assertAccept(*i2);
-
- advanceClocks(time::seconds(2));
- auto i3 = makeCommandInterest();
- assertAccept(*i3);
-}
-
-BOOST_AUTO_TEST_CASE(DataPassthru)
-{
- auto d1 = makeData("/data");
- int nAccepts = 0;
- validator->validate(*d1,
- [&nAccepts] (const shared_ptr<const Data>&) { ++nAccepts; },
- [] (const shared_ptr<const Data>&, const std::string& msg) {
- BOOST_ERROR("validation request should succeed but fails with: " << msg);
- });
- BOOST_CHECK_EQUAL(nAccepts, 1);
-}
-
-BOOST_AUTO_TEST_SUITE_END() // Accepts
-
-BOOST_AUTO_TEST_SUITE(Rejects)
-
-BOOST_AUTO_TEST_CASE(NameTooShort)
-{
- auto i1 = makeInterest("/name/too/short");
- assertReject(*i1, CommandInterestValidator::ErrorCode::NAME_TOO_SHORT);
-}
-
-BOOST_AUTO_TEST_CASE(BadTimestamp)
-{
- auto i1 = makeCommandInterest();
- setNameComponent(*i1, command_interest::POS_TIMESTAMP, "not-timestamp");
- assertReject(*i1, CommandInterestValidator::ErrorCode::BAD_TIMESTAMP);
-}
-
-BOOST_AUTO_TEST_CASE(BadSigInfo)
-{
- auto i1 = makeCommandInterest();
- setNameComponent(*i1, signed_interest::POS_SIG_INFO, "not-SignatureInfo");
- assertReject(*i1, CommandInterestValidator::ErrorCode::BAD_SIG_INFO);
-}
-
-BOOST_AUTO_TEST_CASE(MissingKeyLocator)
-{
- auto i1 = makeCommandInterest();
- SignatureInfo sigInfo;
- setNameComponent(*i1, signed_interest::POS_SIG_INFO,
- sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
- assertReject(*i1, CommandInterestValidator::ErrorCode::MISSING_KEY_LOCATOR);
-}
-
-BOOST_AUTO_TEST_CASE(BadKeyLocatorType)
-{
- auto i1 = makeCommandInterest();
- KeyLocator kl;
- kl.setKeyDigest(makeBinaryBlock(tlv::KeyDigest, "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD", 8));
- SignatureInfo sigInfo;
- sigInfo.setKeyLocator(kl);
- setNameComponent(*i1, signed_interest::POS_SIG_INFO,
- sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
- assertReject(*i1, CommandInterestValidator::ErrorCode::BAD_KEY_LOCATOR_TYPE);
-}
-
-BOOST_AUTO_TEST_CASE(BadCertName)
-{
- auto i1 = makeCommandInterest();
- KeyLocator kl;
- kl.setName("/bad/cert/name");
- SignatureInfo sigInfo;
- sigInfo.setKeyLocator(kl);
- setNameComponent(*i1, signed_interest::POS_SIG_INFO,
- sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
- assertReject(*i1, CommandInterestValidator::ErrorCode::BAD_CERT_NAME);
-}
-
-BOOST_AUTO_TEST_CASE(InnerReject)
-{
- inner->setResult(false);
- auto i1 = makeCommandInterest();
- assertReject(*i1, CommandInterestValidator::ErrorCode::NONE);
-}
-
-BOOST_AUTO_TEST_CASE(TimestampOutOfGracePositive)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(15);
- initialize(options);
-
- auto i1 = makeCommandInterest(); // signed at 0s
- advanceClocks(time::seconds(16)); // verifying at +16s
- assertReject(*i1, CommandInterestValidator::ErrorCode::TIMESTAMP_OUT_OF_GRACE);
-
- auto i2 = makeCommandInterest(); // signed at +16s
- assertAccept(*i2); // verifying at +16s
-}
-
-BOOST_AUTO_TEST_CASE(TimestampOutOfGraceNegative)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(15);
- initialize(options);
-
- auto i1 = makeCommandInterest(); // signed at 0s
- advanceClocks(time::seconds(1));
- auto i2 = makeCommandInterest(); // signed at +1s
- advanceClocks(time::seconds(1));
- auto i3 = makeCommandInterest(); // signed at +2s
-
- systemClock->advance(time::seconds(-18)); // verifying at -16s
- assertReject(*i1, CommandInterestValidator::ErrorCode::TIMESTAMP_OUT_OF_GRACE);
-
- // CommandInterestValidator should not remember i1's timestamp
- assertReject(*i2, CommandInterestValidator::ErrorCode::TIMESTAMP_OUT_OF_GRACE);
-
- // CommandInterestValidator should not remember i2's timestamp, and should treat i3 as initial
- advanceClocks(time::seconds(18)); // verifying at +2s
- assertAccept(*i3);
-}
-
-BOOST_AUTO_TEST_CASE(TimestampReorderEqual)
-{
- auto i1 = makeCommandInterest(); // signed at 0s
- assertAccept(*i1);
-
- auto i2 = makeCommandInterest(); // signed at 0s
- setNameComponent(*i2, command_interest::POS_TIMESTAMP,
- i1->getName()[command_interest::POS_TIMESTAMP]);
- assertReject(*i2, CommandInterestValidator::ErrorCode::TIMESTAMP_REORDER);
-
- advanceClocks(time::seconds(2));
- auto i3 = makeCommandInterest(); // signed at +2s
- assertAccept(*i3);
-}
-
-BOOST_AUTO_TEST_CASE(TimestampReorderNegative)
-{
- auto i2 = makeCommandInterest(); // signed at 0ms
- advanceClocks(time::milliseconds(200));
- auto i3 = makeCommandInterest(); // signed at +200ms
- advanceClocks(time::milliseconds(900));
- auto i1 = makeCommandInterest(); // signed at +1100ms
- advanceClocks(time::milliseconds(300));
- auto i4 = makeCommandInterest(); // signed at +1400ms
-
- systemClock->advance(time::milliseconds(-300)); // verifying at +1100ms
- assertAccept(*i1);
-
- systemClock->advance(time::milliseconds(-1100)); // verifying at 0ms
- assertReject(*i2, CommandInterestValidator::ErrorCode::TIMESTAMP_REORDER);
-
- // CommandInterestValidator should not remember i2's timestamp
- advanceClocks(time::milliseconds(200)); // verifying at +200ms
- assertReject(*i3, CommandInterestValidator::ErrorCode::TIMESTAMP_REORDER);
-
- advanceClocks(time::milliseconds(1200)); // verifying at 1400ms
- assertAccept(*i4);
-}
-
-BOOST_AUTO_TEST_SUITE_END() // Rejects
-
-BOOST_AUTO_TEST_SUITE(Options)
-
-typedef boost::mpl::vector<
- boost::mpl::int_<0>,
- boost::mpl::int_<-1>
-> GraceNonPositiveValues;
-
-BOOST_AUTO_TEST_CASE_TEMPLATE(GraceNonPositive, VALUE, GraceNonPositiveValues)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(VALUE::value);
- initialize(options);
-
- auto i1 = makeCommandInterest(1); // signed at 0ms
- auto i2 = makeCommandInterest(2); // signed at 0ms
- for (auto interest : {i1, i2}) {
- setNameComponent(*interest, command_interest::POS_TIMESTAMP,
- name::Component::fromNumber(time::toUnixTimestamp(time::system_clock::now()).count()));
- } // ensure timestamps are exactly 0ms
-
- assertAccept(*i1); // verifying at 0ms
-
- advanceClocks(time::milliseconds(1));
- assertReject(*i2, CommandInterestValidator::ErrorCode::TIMESTAMP_OUT_OF_GRACE); // verifying at 1ms
-}
-
-BOOST_AUTO_TEST_CASE(TimestampsLimited)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(15);
- options.maxTimestamps = 3;
- initialize(options);
-
- auto i1 = makeCommandInterest(1);
- auto i2 = makeCommandInterest(2);
- auto i3 = makeCommandInterest(3);
- auto i00 = makeCommandInterest(0); // signed at 0s
- advanceClocks(time::seconds(1));
- auto i01 = makeCommandInterest(0); // signed at 1s
- advanceClocks(time::seconds(1));
- auto i02 = makeCommandInterest(0); // signed at 2s
-
- assertAccept(*i00);
- assertAccept(*i02);
- assertAccept(*i1);
- assertAccept(*i2);
- assertAccept(*i3); // forgets identity 0
- assertAccept(*i01); // accepted despite timestamp is reordered, because record has been evicted
-}
-
-BOOST_AUTO_TEST_CASE(TimestampsUnlimited)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(15);
- options.maxTimestamps = -1;
- initialize(options);
-
- auto i1 = makeCommandInterest(0); // signed at 0s
- advanceClocks(time::seconds(1));
- for (int identity = 0; identity < 20; ++identity) {
- auto i2 = makeCommandInterest(identity); // signed at +1s
- assertAccept(*i2);
- }
- assertReject(*i1, CommandInterestValidator::ErrorCode::TIMESTAMP_REORDER);
-}
-
-BOOST_AUTO_TEST_CASE(TimestampsDisabled)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(15);
- options.maxTimestamps = 0;
- initialize(options);
-
- auto i1 = makeCommandInterest(); // signed at 0s
- advanceClocks(time::seconds(1));
- auto i2 = makeCommandInterest(); // signed at +1s
- assertAccept(*i2);
-
- assertAccept(*i1); // accepted despite timestamp is reordered, because record isn't kept
-}
-
-BOOST_AUTO_TEST_CASE(TtlLimited)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(120);
- options.timestampTtl = time::seconds(300);
- initialize(options);
-
- auto i1 = makeCommandInterest(); // signed at 0s
- advanceClocks(time::seconds(240));
- auto i2 = makeCommandInterest(); // signed at +240s
- advanceClocks(time::seconds(120));
- auto i3 = makeCommandInterest(); // signed at +360s
-
- systemClock->advance(time::seconds(-360)); // rewind system clock to 0s
- assertAccept(*i1);
- assertAccept(*i3);
-
- advanceClocks(time::seconds(30), time::seconds(301)); // advance steady clock by 301s, and system clock to +301s
- assertAccept(*i2); // accepted despite timestamp is reordered, because record has been expired
-}
-
-BOOST_AUTO_TEST_CASE(TtlZero)
-{
- CommandInterestValidator::Options options;
- options.gracePeriod = time::seconds(15);
- options.timestampTtl = time::seconds::zero();
- initialize(options);
-
- auto i1 = makeCommandInterest(); // signed at 0s
- advanceClocks(time::seconds(1));
- auto i2 = makeCommandInterest(); // signed at +1s
- assertAccept(*i2);
-
- assertAccept(*i1); // accepted despite timestamp is reordered, because record has been expired
-}
-
-BOOST_AUTO_TEST_SUITE_END() // Options
-
-BOOST_AUTO_TEST_SUITE_END() // TestCommandInterestValidator
-BOOST_AUTO_TEST_SUITE_END() // Security
-
-} // namespace tests
-} // namespace security
-} // namespace ndn
diff --git a/tests/unit-tests/security/validator-null.t.cpp b/tests/unit-tests/security/validator-null.t.cpp
new file mode 100644
index 0000000..b4f4102
--- /dev/null
+++ b/tests/unit-tests/security/validator-null.t.cpp
@@ -0,0 +1,66 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2017 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "security/validator-null.hpp"
+
+#include "boost-test.hpp"
+#include "identity-management-fixture.hpp"
+#include "../make-interest-data.hpp"
+
+namespace ndn {
+namespace security {
+namespace tests {
+
+using namespace ndn::tests;
+
+BOOST_AUTO_TEST_SUITE(Security)
+BOOST_FIXTURE_TEST_SUITE(TestValidatorNull, IdentityManagementFixture)
+
+BOOST_AUTO_TEST_CASE(ValidateData)
+{
+ auto identity = addIdentity("/TestValidator/Null");
+ Data data("/Some/Other/Data/Name");
+ m_keyChain.sign(data, signingByIdentity(identity));
+
+ ValidatorNull validator;
+ validator.validate(data,
+ bind([] { BOOST_CHECK_MESSAGE(true, "Validation should succeed"); }),
+ bind([] { BOOST_CHECK_MESSAGE(false, "Validation should not have failed"); }));
+}
+
+BOOST_AUTO_TEST_CASE(ValidateInterest)
+{
+ auto identity = addIdentity("/TestValidator/Null");
+ Interest interest("/Some/Other/Interest/Name");
+ m_keyChain.sign(interest, signingByIdentity(identity));
+
+ ValidatorNull validator;
+ validator.validate(interest,
+ bind([] { BOOST_CHECK_MESSAGE(true, "Validation should succeed"); }),
+ bind([] { BOOST_CHECK_MESSAGE(false, "Validation should not have failed"); }));
+}
+
+BOOST_AUTO_TEST_SUITE_END() // TestValidatorNull
+BOOST_AUTO_TEST_SUITE_END() // Security
+
+} // namespace tests
+} // namespace security
+} // namespace ndn
diff --git a/tests/unit-tests/security/validator.t.cpp b/tests/unit-tests/security/validator.t.cpp
index 3f26b44..6f22c5a 100644
--- a/tests/unit-tests/security/validator.t.cpp
+++ b/tests/unit-tests/security/validator.t.cpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -19,7 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "security/validator-null.hpp"
+#include "security/validator.hpp"
#include "boost-test.hpp"
#include "identity-management-fixture.hpp"
@@ -34,40 +34,6 @@
BOOST_AUTO_TEST_SUITE(Security)
BOOST_FIXTURE_TEST_SUITE(TestValidator, IdentityManagementV1Fixture)
-void
-onValidated(const shared_ptr<const Data>& data)
-{
- BOOST_CHECK(true);
-}
-
-void
-onValidationFailed(const shared_ptr<const Data>& data, const std::string& failureInfo)
-{
- BOOST_CHECK(false);
-}
-
-BOOST_AUTO_TEST_CASE(Null)
-{
- Name identity("/TestValidator/Null");
- identity.appendVersion();
- addIdentity(identity, RsaKeyParams());
-
- Name dataName = identity;
- dataName.append("1");
- shared_ptr<Data> data = make_shared<Data>(dataName);
-
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- identity)));
-
- ValidatorNull validator;
-
- // data must be a shared pointer
- validator.validate(*data,
- bind(&onValidated, _1),
- bind(&onValidationFailed, _1, _2));
-}
-
const uint8_t ecdsaSigInfo[] = {
0x16, 0x1b, // SignatureInfo
0x1b, 0x01, // SignatureType