security: include certificate name in KeyLocator
refs #5112
Change-Id: I0066b30ea48d8a51c66630aa186a372280eecd7f
diff --git a/tests/key-chain-fixture.cpp b/tests/key-chain-fixture.cpp
index 73e27c4..af62de5 100644
--- a/tests/key-chain-fixture.cpp
+++ b/tests/key-chain-fixture.cpp
@@ -44,8 +44,11 @@
}
Certificate
-KeyChainFixture::makeCert(const Key& key, const std::string& issuer, const Key& signingKey)
+KeyChainFixture::makeCert(const Key& key, const std::string& issuer, const Key& signingKey,
+ optional<KeyLocator> keyLocator)
{
+ const Key& signer = signingKey ? signingKey : key;
+
Certificate cert;
cert.setName(Name(key.getName())
.append(issuer)
@@ -62,8 +65,11 @@
ndn::SignatureInfo info;
auto now = time::system_clock::now();
info.setValidityPeriod(ValidityPeriod(now - 30_days, now + 30_days));
+ if (keyLocator) {
+ info.setKeyLocator(*keyLocator);
+ }
- m_keyChain.sign(cert, signingByKey(signingKey ? signingKey : key).setSignatureInfo(info));
+ m_keyChain.sign(cert, signingByKey(signer).setSignatureInfo(info));
return cert;
}
diff --git a/tests/key-chain-fixture.hpp b/tests/key-chain-fixture.hpp
index 7ed405b..9c4c699 100644
--- a/tests/key-chain-fixture.hpp
+++ b/tests/key-chain-fixture.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2020 Regents of the University of California.
+ * Copyright (c) 2013-2022 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -50,9 +50,12 @@
* @param issuer The IssuerId to include in the certificate name
* @param signingKey The key with which to sign the certificate; if not provided, the
* certificate will be self-signed
+ * @param keyLocator The KeyLocator name in the generated certificate; if nullopt,
+ * @p signingKey 's default certificate will be used
*/
Certificate
- makeCert(const Key& key, const std::string& issuer, const Key& signingKey = Key());
+ makeCert(const Key& key, const std::string& issuer, const Key& signingKey = Key(),
+ optional<KeyLocator> keyLocator = nullopt);
/**
* @brief Saves an NDN certificate to a file
diff --git a/tests/unit/security/key-chain.t.cpp b/tests/unit/security/key-chain.t.cpp
index 1e35aef..94e75a0 100644
--- a/tests/unit/security/key-chain.t.cpp
+++ b/tests/unit/security/key-chain.t.cpp
@@ -425,7 +425,7 @@
const uint32_t expectedSigType = SignatureTypeTlvValue;
const bool shouldHaveKeyLocator = true;
- const optional<KeyLocator> expectedKeyLocator = cert.getName().getPrefix(-2);
+ const optional<KeyLocator> expectedKeyLocator = cert.getName();
bool
verify(const SigningInfo&) const
diff --git a/tests/unit/security/validator-fixture.cpp b/tests/unit/security/validator-fixture.cpp
index 5d50794..8048fc4 100644
--- a/tests/unit/security/validator-fixture.cpp
+++ b/tests/unit/security/validator-fixture.cpp
@@ -36,8 +36,12 @@
processInterest = [this] (const Interest& interest) {
auto cert = cache.find(interest);
if (cert != nullptr) {
+ BOOST_TEST_MESSAGE("ValidatorFixture processInterest " << interest << " reply " << cert->getName());
face.receive(*cert);
}
+ else {
+ BOOST_TEST_MESSAGE("ValidatorFixture processInterest " << interest << " no reply");
+ }
};
}
diff --git a/tests/unit/security/validator.t.cpp b/tests/unit/security/validator.t.cpp
index 75ab618..0a45c72 100644
--- a/tests/unit/security/validator.t.cpp
+++ b/tests/unit/security/validator.t.cpp
@@ -262,12 +262,13 @@
// create another key for the same identity and sign it properly
Key parentKey = m_keyChain.createKey(subIdentity);
Key requestedKey = subIdentity.getKey(interest.getName());
- auto cert = makeCert(requestedKey, "looper", parentKey);
+ auto cert = makeCert(requestedKey, "looper", parentKey, parentKey.getName());
face.receive(cert);
};
Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
- m_keyChain.sign(data, signingByIdentity(subIdentity));
+ m_keyChain.sign(data, signingByIdentity(subIdentity).setSignatureInfo(
+ SignatureInfo().setKeyLocator(subIdentity.getDefaultKey().getName())));
validator.setMaxDepth(40);
BOOST_CHECK_EQUAL(validator.getMaxDepth(), 40);
@@ -290,27 +291,23 @@
auto k2 = m_keyChain.createKey(s1, RsaKeyParams(name::Component("key2")));
auto k3 = m_keyChain.createKey(s1, RsaKeyParams(name::Component("key3")));
- auto makeCert = [this] (Key& key, const Key& signer) {
- Certificate request = key.getDefaultCertificate();
- request.setName(Name(key.getName()).append("looper").appendVersion());
-
- SignatureInfo info;
- info.setValidityPeriod(ValidityPeriod(time::system_clock::now() - 100_days,
- time::system_clock::now() + 100_days));
- m_keyChain.sign(request, signingByKey(signer).setSignatureInfo(info));
- m_keyChain.addCertificate(key, request);
-
- cache.insert(request);
+ auto makeLoopCert = [this] (Key& key, const Key& signer) {
+ auto cert = this->makeCert(key, "looper", signer, signer.getName());
+ m_keyChain.setDefaultCertificate(key, cert);
+ cache.insert(cert);
};
- makeCert(k1, k2);
- makeCert(k2, k3);
- makeCert(k3, k1);
+ makeLoopCert(k1, k2);
+ makeLoopCert(k2, k3);
+ makeLoopCert(k3, k1);
Data data("/loop/Data");
m_keyChain.sign(data, signingByKey(k1));
VALIDATE_FAILURE(data, "Should fail, as certificate chain loops");
- BOOST_CHECK_EQUAL(face.sentInterests.size(), 3);
+ BOOST_REQUIRE_EQUAL(face.sentInterests.size(), 3);
+ BOOST_CHECK_EQUAL(face.sentInterests[0].getName(), k1.getDefaultCertificate().getName());
+ BOOST_CHECK_EQUAL(face.sentInterests[1].getName(), k2.getName());
+ BOOST_CHECK_EQUAL(face.sentInterests[2].getName(), k3.getName());
}
BOOST_AUTO_TEST_SUITE_END() // TestValidator