blob: 3d579c667ab3138d19273d6c7f8b97d2190dd00c [file] [log] [blame]
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
* Copyright (c) 2013-2022 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
* ndn-cxx library is free software: you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later version.
*
* ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
*
* You should have received copies of the GNU General Public License and GNU Lesser
* General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
* <http://www.gnu.org/licenses/>.
*
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
#include "ndn-cxx/security/pib/impl/pib-memory.hpp"
#include "ndn-cxx/security/pib/impl/pib-sqlite3.hpp"
#include "ndn-cxx/security/security-common.hpp"
#include "tests/boost-test.hpp"
#include "tests/unit/security/pib/pib-data-fixture.hpp"
#include <boost/filesystem.hpp>
#include <boost/mpl/vector.hpp>
namespace ndn {
namespace security {
namespace pib {
namespace tests {
BOOST_AUTO_TEST_SUITE(Security)
BOOST_AUTO_TEST_SUITE(Pib)
BOOST_AUTO_TEST_SUITE(TestPibImpl)
using pib::Pib;
class PibMemoryFixture : public PibDataFixture
{
public:
PibMemory pib;
};
class PibSqlite3Fixture : public PibDataFixture
{
public:
~PibSqlite3Fixture()
{
boost::filesystem::remove_all(m_path);
}
private:
const boost::filesystem::path m_path{boost::filesystem::path(UNIT_TESTS_TMPDIR) / "TestPibImpl"};
public:
PibSqlite3 pib{m_path.string()};
};
using PibImpls = boost::mpl::vector<PibMemoryFixture, PibSqlite3Fixture>;
BOOST_FIXTURE_TEST_CASE_TEMPLATE(TpmLocator, T, PibImpls, T)
{
// Basic getting and setting
BOOST_CHECK_NO_THROW(this->pib.getTpmLocator());
BOOST_CHECK_NO_THROW(this->pib.setTpmLocator("tpmLocator"));
BOOST_CHECK_EQUAL(this->pib.getTpmLocator(), "tpmLocator");
// Add cert, and do not change TPM locator
this->pib.addCertificate(this->id1Key1Cert1);
BOOST_CHECK(this->pib.hasIdentity(this->id1));
BOOST_CHECK(this->pib.hasKey(this->id1Key1Name));
BOOST_CHECK(this->pib.hasCertificate(this->id1Key1Cert1.getName()));
// Set TPM locator to the same value, nothing should change
this->pib.setTpmLocator("tpmLocator");
BOOST_CHECK(this->pib.hasIdentity(this->id1));
BOOST_CHECK(this->pib.hasKey(this->id1Key1Name));
BOOST_CHECK(this->pib.hasCertificate(this->id1Key1Cert1.getName()));
// Change TPM locator (contents of PIB should not change)
this->pib.setTpmLocator("newTpmLocator");
BOOST_CHECK(this->pib.hasIdentity(this->id1));
BOOST_CHECK(this->pib.hasKey(this->id1Key1Name));
BOOST_CHECK(this->pib.hasCertificate(this->id1Key1Cert1.getName()));
}
BOOST_FIXTURE_TEST_CASE_TEMPLATE(IdentityManagement, T, PibImpls, T)
{
// no default setting, throw Error
BOOST_CHECK_THROW(this->pib.getDefaultIdentity(), Pib::Error);
// check id1, which should not exist
BOOST_CHECK_EQUAL(this->pib.hasIdentity(this->id1), false);
// add id1, should be default
this->pib.addIdentity(this->id1);
BOOST_CHECK_EQUAL(this->pib.hasIdentity(this->id1), true);
BOOST_CHECK_NO_THROW(this->pib.getDefaultIdentity());
BOOST_CHECK_EQUAL(this->pib.getDefaultIdentity(), this->id1);
// add id2, should not be default
this->pib.addIdentity(this->id2);
BOOST_CHECK_EQUAL(this->pib.hasIdentity(this->id2), true);
BOOST_CHECK_EQUAL(this->pib.getDefaultIdentity(), this->id1);
// set id2 explicitly as default
this->pib.setDefaultIdentity(this->id2);
BOOST_CHECK_EQUAL(this->pib.getDefaultIdentity(), this->id2);
// remove id2, should not have default identity
this->pib.removeIdentity(this->id2);
BOOST_CHECK_EQUAL(this->pib.hasIdentity(this->id2), false);
BOOST_CHECK_THROW(this->pib.getDefaultIdentity(), Pib::Error);
// add id2 again, should be default
this->pib.addIdentity(this->id2);
BOOST_CHECK_EQUAL(this->pib.getDefaultIdentity(), this->id2);
// try to set non-existing identity as a default
BOOST_CHECK_THROW(this->pib.setDefaultIdentity("/non-existing-identity"), Pib::Error);
// get all identities, should contain id1 and id2
std::set<Name> idNames = this->pib.getIdentities();
BOOST_CHECK_EQUAL(idNames.size(), 2);
BOOST_CHECK_EQUAL(idNames.count(this->id1), 1);
BOOST_CHECK_EQUAL(idNames.count(this->id2), 1);
}
BOOST_FIXTURE_TEST_CASE_TEMPLATE(ClearIdentities, T, PibImpls, T)
{
this->pib.setTpmLocator("tpmLocator");
// Add id, key, and cert
this->pib.addCertificate(this->id1Key1Cert1);
BOOST_CHECK(this->pib.hasIdentity(this->id1));
BOOST_CHECK(this->pib.hasKey(this->id1Key1Name));
BOOST_CHECK(this->pib.hasCertificate(this->id1Key1Cert1.getName()));
// Clear identities
this->pib.clearIdentities();
BOOST_CHECK_EQUAL(this->pib.getIdentities().size(), 0);
BOOST_CHECK_EQUAL(this->pib.getKeysOfIdentity(this->id1).size(), 0);
BOOST_CHECK_EQUAL(this->pib.getCertificatesOfKey(this->id1Key1Name).size(), 0);
BOOST_CHECK_EQUAL(this->pib.getTpmLocator(), "tpmLocator");
}
BOOST_FIXTURE_TEST_CASE_TEMPLATE(KeyManagement, T, PibImpls, T)
{
// no default setting, throw Error
BOOST_CHECK_THROW(this->pib.getDefaultKeyOfIdentity(this->id1), Pib::Error);
// check id1Key1, should not exist, neither should id1.
BOOST_CHECK_EQUAL(this->pib.hasKey(this->id1Key1Name), false);
BOOST_CHECK_EQUAL(this->pib.hasIdentity(this->id1), false);
// add id1Key1, should be default, id1 should be added implicitly
this->pib.addKey(this->id1, this->id1Key1Name, this->id1Key1);
BOOST_CHECK_EQUAL(this->pib.hasKey(this->id1Key1Name), true);
BOOST_CHECK_EQUAL(this->pib.hasIdentity(this->id1), true);
const Buffer& keyBits = this->pib.getKeyBits(this->id1Key1Name);
BOOST_CHECK(keyBits == this->id1Key1);
BOOST_CHECK_NO_THROW(this->pib.getDefaultKeyOfIdentity(this->id1));
BOOST_CHECK_EQUAL(this->pib.getDefaultKeyOfIdentity(this->id1), this->id1Key1Name);
// add id1Key2, should not be default
this->pib.addKey(this->id1, this->id1Key2Name, this->id1Key2);
BOOST_CHECK_EQUAL(this->pib.hasKey(this->id1Key2Name), true);
BOOST_CHECK_EQUAL(this->pib.getDefaultKeyOfIdentity(this->id1), this->id1Key1Name);
// set id1Key2 explicitly as default
this->pib.setDefaultKeyOfIdentity(this->id1, this->id1Key2Name);
BOOST_CHECK_EQUAL(this->pib.getDefaultKeyOfIdentity(this->id1), this->id1Key2Name);
// set a non-existing key as default, throw Error
BOOST_CHECK_THROW(this->pib.setDefaultKeyOfIdentity(this->id1, Name("/non-existing")),
Pib::Error);
// remove id1Key2, should not have default key
this->pib.removeKey(this->id1Key2Name);
BOOST_CHECK_EQUAL(this->pib.hasKey(this->id1Key2Name), false);
BOOST_CHECK_THROW(this->pib.getKeyBits(this->id1Key2Name), Pib::Error);
BOOST_CHECK_THROW(this->pib.getDefaultKeyOfIdentity(this->id1), Pib::Error);
// add id1Key2 back, should be default
this->pib.addKey(this->id1, this->id1Key2Name, this->id1Key2);
BOOST_CHECK_NO_THROW(this->pib.getKeyBits(this->id1Key2Name));
BOOST_CHECK_EQUAL(this->pib.getDefaultKeyOfIdentity(this->id1), this->id1Key2Name);
// get all the keys: id1Key1 and id1Key2
std::set<Name> keyNames = this->pib.getKeysOfIdentity(this->id1);
BOOST_CHECK_EQUAL(keyNames.size(), 2);
BOOST_CHECK_EQUAL(keyNames.count(this->id1Key1Name), 1);
BOOST_CHECK_EQUAL(keyNames.count(this->id1Key2Name), 1);
// remove id1, should remove all the keys
this->pib.removeIdentity(this->id1);
keyNames = this->pib.getKeysOfIdentity(this->id1);
BOOST_CHECK_EQUAL(keyNames.size(), 0);
}
BOOST_FIXTURE_TEST_CASE_TEMPLATE(CertificateManagement, T, PibImpls, T)
{
// no default setting, throw Error
BOOST_CHECK_THROW(this->pib.getDefaultCertificateOfKey(this->id1Key1Name), Pib::Error);
// check id1Key1Cert1, should not exist, neither should id1 and id1Key1
BOOST_CHECK_EQUAL(this->pib.hasCertificate(this->id1Key1Cert1.getName()), false);
BOOST_CHECK_EQUAL(this->pib.hasIdentity(this->id1), false);
BOOST_CHECK_EQUAL(this->pib.hasKey(this->id1Key1Name), false);
// add id1Key1Cert1, should be default, id1 and id1Key1 should be added implicitly
this->pib.addCertificate(this->id1Key1Cert1);
BOOST_CHECK_EQUAL(this->pib.hasCertificate(this->id1Key1Cert1.getName()), true);
BOOST_CHECK_EQUAL(this->pib.hasIdentity(this->id1), true);
BOOST_CHECK_EQUAL(this->pib.hasKey(this->id1Key1Name), true);
BOOST_CHECK_EQUAL(this->pib.getCertificate(this->id1Key1Cert1.getName()).wireEncode(),
this->id1Key1Cert1.wireEncode());
BOOST_CHECK_NO_THROW(this->pib.getDefaultCertificateOfKey(this->id1Key1Name));
BOOST_CHECK_EQUAL(this->pib.getDefaultCertificateOfKey(this->id1Key1Name), this->id1Key1Cert1);
// add id1Key1Cert2, should not be default
this->pib.addCertificate(this->id1Key1Cert2);
BOOST_CHECK_EQUAL(this->pib.hasCertificate(this->id1Key1Cert2.getName()), true);
BOOST_CHECK_EQUAL(this->pib.getDefaultCertificateOfKey(this->id1Key1Name), this->id1Key1Cert1);
// set id1Key1Cert2 explicitly as default
this->pib.setDefaultCertificateOfKey(this->id1Key1Name, this->id1Key1Cert2.getName());
BOOST_CHECK_EQUAL(this->pib.getDefaultCertificateOfKey(this->id1Key1Name), this->id1Key1Cert2);
// set a non-existing cert as default, throw Error
BOOST_CHECK_THROW(this->pib.setDefaultCertificateOfKey(this->id1Key1Name, Name("/non-existing")),
Pib::Error);
// remove id1Key1Cert2, should not have default cert
this->pib.removeCertificate(this->id1Key1Cert2.getName());
BOOST_CHECK_EQUAL(this->pib.hasCertificate(this->id1Key1Cert2.getName()), false);
BOOST_CHECK_THROW(this->pib.getCertificate(this->id1Key1Cert2.getName()), Pib::Error);
BOOST_CHECK_THROW(this->pib.getDefaultCertificateOfKey(this->id1Key1Name), Pib::Error);
// add id1Key1Cert2, should be default
this->pib.addCertificate(this->id1Key1Cert2);
BOOST_CHECK_NO_THROW(this->pib.getCertificate(this->id1Key1Cert1.getName()));
BOOST_CHECK_EQUAL(this->pib.getDefaultCertificateOfKey(this->id1Key1Name), this->id1Key1Cert2);
// get all certificates: id1Key1Cert1 and id1Key1Cert2
std::set<Name> certNames = this->pib.getCertificatesOfKey(this->id1Key1Name);
BOOST_CHECK_EQUAL(certNames.size(), 2);
BOOST_CHECK_EQUAL(certNames.count(this->id1Key1Cert1.getName()), 1);
BOOST_CHECK_EQUAL(certNames.count(this->id1Key1Cert2.getName()), 1);
// remove id1Key1, should remove all the certs
this->pib.removeKey(this->id1Key1Name);
certNames = this->pib.getCertificatesOfKey(this->id1Key1Name);
BOOST_CHECK_EQUAL(certNames.size(), 0);
}
BOOST_FIXTURE_TEST_CASE_TEMPLATE(DefaultsManagement, T, PibImpls, T)
{
this->pib.addIdentity(this->id1);
BOOST_CHECK_EQUAL(this->pib.getDefaultIdentity(), this->id1);
this->pib.addIdentity(this->id2);
BOOST_CHECK_EQUAL(this->pib.getDefaultIdentity(), this->id1);
this->pib.removeIdentity(this->id1);
BOOST_CHECK_THROW(this->pib.getDefaultIdentity(), Pib::Error);
this->pib.addKey(this->id2, this->id2Key1Name, this->id2Key1);
BOOST_CHECK_EQUAL(this->pib.getDefaultIdentity(), this->id2);
BOOST_CHECK_EQUAL(this->pib.getDefaultKeyOfIdentity(this->id2), this->id2Key1Name);
this->pib.addKey(this->id2, this->id2Key2Name, this->id2Key2);
BOOST_CHECK_EQUAL(this->pib.getDefaultKeyOfIdentity(this->id2), this->id2Key1Name);
this->pib.removeKey(this->id2Key1Name);
BOOST_CHECK_THROW(this->pib.getDefaultKeyOfIdentity(this->id2), Pib::Error);
this->pib.addCertificate(this->id2Key2Cert1);
BOOST_CHECK_EQUAL(this->pib.getDefaultKeyOfIdentity(this->id2), this->id2Key2Name);
BOOST_CHECK_EQUAL(this->pib.getDefaultCertificateOfKey(this->id2Key2Name).getName(),
this->id2Key2Cert1.getName());
this->pib.addCertificate(this->id2Key2Cert2);
BOOST_CHECK_EQUAL(this->pib.getDefaultCertificateOfKey(this->id2Key2Name).getName(),
this->id2Key2Cert1.getName());
this->pib.removeCertificate(this->id2Key2Cert2.getName());
BOOST_CHECK_EQUAL(this->pib.getDefaultCertificateOfKey(this->id2Key2Name).getName(),
this->id2Key2Cert1.getName());
}
BOOST_FIXTURE_TEST_CASE_TEMPLATE(Overwrite, T, PibImpls, T)
{
// check id1Key1, should not exist
this->pib.removeIdentity(this->id1);
BOOST_CHECK_EQUAL(this->pib.hasKey(this->id1Key1Name), false);
// add id1Key1
this->pib.addKey(this->id1, this->id1Key1Name, this->id1Key1);
BOOST_CHECK_EQUAL(this->pib.hasKey(this->id1Key1Name), true);
const Buffer& keyBits = this->pib.getKeyBits(this->id1Key1Name);
BOOST_CHECK(keyBits == this->id1Key1);
// check overwrite, add a key with the same name.
this->pib.addKey(this->id1, this->id1Key1Name, this->id1Key2);
const Buffer& keyBits2 = this->pib.getKeyBits(this->id1Key1Name);
BOOST_CHECK(keyBits2 == this->id1Key2);
// check id1Key1Cert1, should not exist
this->pib.removeIdentity(this->id1);
BOOST_CHECK_EQUAL(this->pib.hasCertificate(this->id1Key1Cert1.getName()), false);
// add id1Key1Cert1
this->pib.addKey(this->id1, this->id1Key1Name, this->id1Key1);
this->pib.addCertificate(this->id1Key1Cert1);
BOOST_CHECK_EQUAL(this->pib.hasCertificate(this->id1Key1Cert1.getName()), true);
auto cert = this->pib.getCertificate(this->id1Key1Cert1.getName());
BOOST_CHECK_EQUAL(cert.wireEncode(), this->id1Key1Cert1.wireEncode());
// Create a fake cert with the same name
auto cert2 = this->id1Key2Cert1;
cert2.setName(this->id1Key1Cert1.getName());
BOOST_CHECK_EQUAL(cert2.getSignatureInfo(), this->id1Key2Cert1.getSignatureInfo());
BOOST_CHECK_EQUAL(cert2.getSignatureValue(), this->id1Key2Cert1.getSignatureValue());
this->pib.addCertificate(cert2);
auto cert3 = this->pib.getCertificate(this->id1Key1Cert1.getName());
BOOST_CHECK_EQUAL(cert3.wireEncode(), cert2.wireEncode());
// both key and certificate are overwritten
Buffer keyBits3 = this->pib.getKeyBits(this->id1Key1Name);
BOOST_CHECK(keyBits3 == this->id1Key2);
}
BOOST_AUTO_TEST_SUITE_END() // TestPibImpl
BOOST_AUTO_TEST_SUITE_END() // Pib
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
} // namespace pib
} // namespace security
} // namespace ndn