blob: 9a2300dfa95b5bd77b6dac67f861a7fd1f691012 [file] [log] [blame]
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
* Copyright (c) 2013-2014 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
* ndn-cxx library is free software: you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later version.
*
* ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
*
* You should have received copies of the GNU General Public License and GNU Lesser
* General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
* <http://www.gnu.org/licenses/>.
*
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
#include "security/key-chain.hpp"
#include <boost/filesystem.hpp>
#include "boost-test.hpp"
using namespace std;
namespace ndn {
namespace tests {
class KeychainConfigFileFixture
{
public:
KeychainConfigFileFixture()
{
if (std::getenv("TEST_HOME"))
m_HOME = std::getenv("TEST_HOME");
}
~KeychainConfigFileFixture()
{
if (!m_HOME.empty())
setenv("TEST_HOME", m_HOME.c_str(), 1);
else
unsetenv("TEST_HOME");
}
protected:
std::string m_HOME;
};
BOOST_FIXTURE_TEST_SUITE(SecurityTestKeyChain, KeychainConfigFileFixture)
BOOST_AUTO_TEST_CASE(ConstructorNormalConfig)
{
using namespace boost::filesystem;
setenv("TEST_HOME", "tests/unit-tests/security/config-file-home", 1);
BOOST_REQUIRE_NO_THROW(KeyChain());
path pibPath(absolute(std::getenv("TEST_HOME")));
pibPath /= ".ndn/ndnsec-public-info.db";
boost::filesystem::remove(pibPath);
}
BOOST_AUTO_TEST_CASE(ConstructorEmptyConfig)
{
using namespace boost::filesystem;
setenv("TEST_HOME", "tests/unit-tests/security/config-file-empty-home", 1);
BOOST_REQUIRE_NO_THROW(KeyChain());
path pibPath(absolute(std::getenv("TEST_HOME")));
pibPath /= ".ndn/ndnsec-public-info.db";
boost::filesystem::remove(pibPath);
}
BOOST_AUTO_TEST_CASE(ConstructorMalConfig)
{
using namespace boost::filesystem;
setenv("TEST_HOME", "tests/unit-tests/security/config-file-malformed-home", 1);
BOOST_REQUIRE_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected.
}
BOOST_AUTO_TEST_CASE(ConstructorMal2Config)
{
using namespace boost::filesystem;
setenv("TEST_HOME", "tests/unit-tests/security/config-file-malformed2-home", 1);
BOOST_REQUIRE_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected.
}
BOOST_AUTO_TEST_CASE(ExportIdentity)
{
BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
KeyChain keyChain("sqlite3", "file");
Name identity("/TestKeyChain/ExportIdentity/");
identity.appendVersion();
keyChain.createIdentity(identity);
shared_ptr<SecuredBag> exported = keyChain.exportIdentity(identity, "1234");
Block block = exported->wireEncode();
Name keyName = keyChain.getDefaultKeyNameForIdentity(identity);
Name certName = keyChain.getDefaultCertificateNameForKey(keyName);
keyChain.deleteIdentity(identity);
BOOST_REQUIRE(keyChain.doesIdentityExist(identity) == false);
BOOST_REQUIRE(keyChain.doesPublicKeyExist(keyName) == false);
BOOST_REQUIRE(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE) == false);
BOOST_REQUIRE(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC) == false);
BOOST_REQUIRE(keyChain.doesCertificateExist(certName) == false);
SecuredBag imported;
imported.wireDecode(block);
keyChain.importIdentity(imported, "1234");
BOOST_REQUIRE(keyChain.doesIdentityExist(identity));
BOOST_REQUIRE(keyChain.doesPublicKeyExist(keyName));
BOOST_REQUIRE(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE));
BOOST_REQUIRE(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC));
BOOST_REQUIRE(keyChain.doesCertificateExist(certName));
keyChain.deleteIdentity(identity);
BOOST_REQUIRE(keyChain.doesIdentityExist(identity) == false);
BOOST_REQUIRE(keyChain.doesPublicKeyExist(keyName) == false);
BOOST_REQUIRE(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE) == false);
BOOST_REQUIRE(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC) == false);
BOOST_REQUIRE(keyChain.doesCertificateExist(certName) == false);
}
BOOST_AUTO_TEST_CASE(PrepareIdentityCertificate)
{
BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
KeyChain keyChain("sqlite3", "file");
Name identity("/TestKeyChain/PrepareIdentityCertificate/");
identity.appendVersion();
keyChain.createIdentity(identity);
vector<CertificateSubjectDescription> subjectDescription;
Name lowerIdentity = identity;
lowerIdentity.append("Lower").appendVersion();
Name lowerKeyName = keyChain.generateRsaKeyPair(lowerIdentity, true);
shared_ptr<IdentityCertificate> idCert
= keyChain.prepareUnsignedIdentityCertificate(lowerKeyName, identity,
time::system_clock::now(),
time::system_clock::now() + time::days(365),
subjectDescription);
BOOST_CHECK(static_cast<bool>(idCert));
BOOST_CHECK(idCert->getName().getPrefix(5) ==
Name().append(identity).append("KEY").append("Lower"));
Name anotherIdentity("/TestKeyChain/PrepareIdentityCertificate/Another/");
anotherIdentity.appendVersion();
Name anotherKeyName = keyChain.generateRsaKeyPair(anotherIdentity, true);
shared_ptr<IdentityCertificate> idCert2
= keyChain.prepareUnsignedIdentityCertificate(anotherKeyName, identity,
time::system_clock::now(),
time::system_clock::now() + time::days(365),
subjectDescription);
BOOST_CHECK(static_cast<bool>(idCert2));
BOOST_CHECK(idCert2->getName().getPrefix(5) == Name().append(anotherIdentity).append("KEY"));
Name wrongKeyName1;
shared_ptr<IdentityCertificate> idCert3
= keyChain.prepareUnsignedIdentityCertificate(wrongKeyName1, identity,
time::system_clock::now(),
time::system_clock::now() + time::days(365),
subjectDescription);
BOOST_CHECK(!static_cast<bool>(idCert3));
Name wrongKeyName2("/TestKeyChain/PrepareIdentityCertificate");
shared_ptr<IdentityCertificate> idCert4
= keyChain.prepareUnsignedIdentityCertificate(wrongKeyName2, identity,
time::system_clock::now(),
time::system_clock::now() + time::days(365),
subjectDescription);
BOOST_CHECK(!static_cast<bool>(idCert4));
Name wrongKeyName3("/TestKeyChain/PrepareIdentityCertificate/ksk-1234");
shared_ptr<IdentityCertificate> idCert5
= keyChain.prepareUnsignedIdentityCertificate(wrongKeyName3, identity,
time::system_clock::now(),
time::system_clock::now() + time::days(365),
subjectDescription);
BOOST_CHECK(!static_cast<bool>(idCert5));
keyChain.deleteIdentity(identity);
keyChain.deleteIdentity(lowerIdentity);
keyChain.deleteIdentity(anotherIdentity);
}
BOOST_AUTO_TEST_SUITE_END()
} // namespace tests
} // namespace ndn