blob: 9bd97af6db1f0a22fabbfb71825331b7f5e14520 [file] [log] [blame]
Yingdi Yufe4733a2015-10-22 14:24:12 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Davide Pesavento82d6a4c2017-12-23 19:47:20 -05002/*
Davide Pesaventof6b45892023-03-13 15:00:51 -04003 * Copyright (c) 2013-2023 Regents of the University of California.
Yingdi Yufe4733a2015-10-22 14:24:12 -07004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
Alexander Afanasyev09236c22020-06-03 13:42:38 -040022#include "ndn-cxx/security/key-chain.hpp"
laqinfan56a812d2019-06-03 15:33:58 -050023#include "ndn-cxx/security/transform/private-key.hpp"
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -050024#include "ndn-cxx/security/verification-helpers.hpp"
Yingdi Yufe4733a2015-10-22 14:24:12 -070025
Davide Pesavento7e780642018-11-24 15:51:34 -050026#include "tests/boost-test.hpp"
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -050027#include "tests/key-chain-fixture.hpp"
Junxiao Shi9ee770b2022-04-25 23:33:33 +000028#include "tests/unit/clock-fixture.hpp"
Davide Pesavento7e780642018-11-24 15:51:34 -050029#include "tests/unit/test-home-env-saver.hpp"
Yingdi Yufe4733a2015-10-22 14:24:12 -070030
Davide Pesavento80d671f2022-06-08 04:04:52 -040031#include <openssl/opensslv.h>
Davide Pesavento73710362020-12-04 16:10:03 -050032#include <boost/mpl/vector.hpp>
33
Yingdi Yufe4733a2015-10-22 14:24:12 -070034namespace ndn {
35namespace security {
Alexander Afanasyev09236c22020-06-03 13:42:38 -040036inline namespace v2 {
Yingdi Yufe4733a2015-10-22 14:24:12 -070037namespace tests {
38
39using namespace ndn::tests;
40
41BOOST_AUTO_TEST_SUITE(Security)
Yingdi Yufe4733a2015-10-22 14:24:12 -070042BOOST_FIXTURE_TEST_SUITE(TestKeyChain, TestHomeEnvSaver)
43
44template<class Path>
45class TestHomeAndPibFixture : public TestHomeFixture<Path>
46{
47public:
48 TestHomeAndPibFixture()
49 {
50 unsetenv("NDN_CLIENT_PIB");
51 unsetenv("NDN_CLIENT_TPM");
52 }
Alexander Afanasyev80782e02017-01-04 13:16:54 -080053
54 ~TestHomeAndPibFixture()
55 {
Davide Pesavento0e768ef2022-05-09 20:03:44 -040056 KeyChain::resetDefaultLocators();
Alexander Afanasyev80782e02017-01-04 13:16:54 -080057 }
Yingdi Yufe4733a2015-10-22 14:24:12 -070058};
59
60struct PibPathConfigFileHome
61{
62 const std::string PATH = "build/config-file-home/";
63};
64
65BOOST_FIXTURE_TEST_CASE(ConstructorNormalConfig, TestHomeAndPibFixture<PibPathConfigFileHome>)
66{
67 createClientConf({"pib=pib-memory:", "tpm=tpm-memory:"});
68
Yingdi Yufe4733a2015-10-22 14:24:12 -070069 KeyChain keyChain;
70 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-memory:");
71 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-memory:");
72 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-memory:");
73}
74
75struct PibPathConfigFileEmptyHome
76{
77 const std::string PATH = "build/config-file-empty-home/";
78};
79
80BOOST_FIXTURE_TEST_CASE(ConstructorEmptyConfig, TestHomeAndPibFixture<PibPathConfigFileEmptyHome>)
81{
82 createClientConf({"pib=pib-memory:"});
83
Alexander Afanasyev0cf887d2017-03-26 16:58:59 -050084#if defined(NDN_CXX_HAVE_OSX_FRAMEWORKS)
Yingdi Yufe4733a2015-10-22 14:24:12 -070085 std::string oldHOME;
86 if (std::getenv("OLD_HOME"))
87 oldHOME = std::getenv("OLD_HOME");
88
89 std::string HOME;
90 if (std::getenv("HOME"))
91 HOME = std::getenv("HOME");
92
93 if (!oldHOME.empty())
94 setenv("HOME", oldHOME.c_str(), 1);
95 else
96 unsetenv("HOME");
97#endif
98
Yingdi Yufe4733a2015-10-22 14:24:12 -070099 KeyChain keyChain;
100 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-memory:");
101
Davide Pesaventodc3575f2022-07-30 21:10:34 -0400102#if defined(NDN_CXX_HAVE_OSX_FRAMEWORKS) && defined(NDN_CXX_WITH_OSX_KEYCHAIN)
Yingdi Yufe4733a2015-10-22 14:24:12 -0700103 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-osxkeychain:");
104 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-osxkeychain:");
105#else
106 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-file:");
107 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-file:");
108#endif
109
Alexander Afanasyev0cf887d2017-03-26 16:58:59 -0500110#if defined(NDN_CXX_HAVE_OSX_FRAMEWORKS)
Yingdi Yufe4733a2015-10-22 14:24:12 -0700111 if (!HOME.empty())
112 setenv("HOME", HOME.c_str(), 1);
113 else
114 unsetenv("HOME");
115
116 if (!oldHOME.empty())
117 setenv("OLD_HOME", oldHOME.c_str(), 1);
118 else
119 unsetenv("OLD_HOME");
120#endif
121}
122
123struct PibPathConfigFileEmpty2Home
124{
125 const std::string PATH = "build/config-file-empty2-home/";
126};
127
Davide Pesavento73710362020-12-04 16:10:03 -0500128BOOST_FIXTURE_TEST_CASE(ConstructorEmptyConfig2, TestHomeAndPibFixture<PibPathConfigFileEmpty2Home>)
Yingdi Yufe4733a2015-10-22 14:24:12 -0700129{
130 createClientConf({"tpm=tpm-memory:"});
131
Yingdi Yufe4733a2015-10-22 14:24:12 -0700132 KeyChain keyChain;
133 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-sqlite3:");
134 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-memory:");
135 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-memory:");
136}
137
138struct PibPathConfigFileMalformedHome
139{
140 const std::string PATH = "build/config-file-malformed-home/";
141};
142
Davide Pesavento73710362020-12-04 16:10:03 -0500143BOOST_FIXTURE_TEST_CASE(ConstructorBadConfig, TestHomeAndPibFixture<PibPathConfigFileMalformedHome>)
Yingdi Yufe4733a2015-10-22 14:24:12 -0700144{
145 createClientConf({"pib=lord", "tpm=ring"});
Davide Pesavento73710362020-12-04 16:10:03 -0500146 BOOST_CHECK_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected.
Yingdi Yufe4733a2015-10-22 14:24:12 -0700147}
148
149struct PibPathConfigFileMalformed2Home
150{
151 const std::string PATH = "build/config-file-malformed2-home/";
152};
153
Davide Pesavento73710362020-12-04 16:10:03 -0500154BOOST_FIXTURE_TEST_CASE(ConstructorBadConfig2, TestHomeAndPibFixture<PibPathConfigFileMalformed2Home>)
Yingdi Yufe4733a2015-10-22 14:24:12 -0700155{
156 createClientConf({"pib=pib-sqlite3:%PATH%", "tpm=just-wrong"});
Davide Pesavento73710362020-12-04 16:10:03 -0500157 BOOST_CHECK_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected.
Yingdi Yufe4733a2015-10-22 14:24:12 -0700158}
159
Alexander Afanasyev57d02b62018-06-15 18:19:50 -0400160struct PibPathConfigFileNonCanonicalTpm
161{
162 const std::string PATH = "build/config-file-non-canonical-tpm/";
163};
164
165BOOST_FIXTURE_TEST_CASE(ConstructorNonCanonicalTpm, TestHomeAndPibFixture<PibPathConfigFileNonCanonicalTpm>) // Bug 4297
166{
167 createClientConf({"pib=pib-sqlite3:", "tpm=tpm-file"});
168
169 {
170 KeyChain keyChain;
171 keyChain.createIdentity("/test");
172 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-sqlite3:");
173 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-file:");
174 }
175
176 {
177 KeyChain keyChain;
178 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-sqlite3:");
179 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-file:");
180 BOOST_CHECK(keyChain.getPib().getIdentities().find("/test") != keyChain.getPib().getIdentities().end());
181 }
182}
183
Yingdi Yufe4733a2015-10-22 14:24:12 -0700184BOOST_AUTO_TEST_CASE(KeyChainWithCustomTpmAndPib)
185{
Yingdi Yufe4733a2015-10-22 14:24:12 -0700186 KeyChain keyChain("pib-memory", "tpm-memory");
187 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-memory:");
188 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-memory:");
189 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-memory:");
Davide Pesavento0e768ef2022-05-09 20:03:44 -0400190
191 BOOST_CHECK_NO_THROW(KeyChain("pib-memory:", "tpm-memory:"));
192 BOOST_CHECK_NO_THROW(KeyChain("pib-memory:/something", "tpm-memory:/something"));
Yingdi Yufe4733a2015-10-22 14:24:12 -0700193}
194
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500195BOOST_FIXTURE_TEST_CASE(SigningWithCorruptedPibTpm, KeyChainFixture)
Alexander Afanasyevf601e192020-06-02 16:41:07 -0400196{
197 Identity id = m_keyChain.createIdentity("/test");
198
199 Data data("/foobar");
200 BOOST_CHECK_NO_THROW(m_keyChain.sign(data, signingByIdentity(id)));
201
202 // now, "corrupting TPM"
203 const_cast<Tpm&>(m_keyChain.getTpm()).deleteKey(id.getDefaultKey().getName());
204
205 BOOST_CHECK_NO_THROW(id.getDefaultKey());
206 BOOST_CHECK_THROW(m_keyChain.sign(data, signingByIdentity(id)), KeyChain::InvalidSigningInfoError);
207}
208
Davide Pesavento73710362020-12-04 16:10:03 -0500209BOOST_FIXTURE_TEST_CASE(SigningWithNonExistingIdentity, KeyChainFixture)
210{
211 Data data("/test/data");
212 BOOST_CHECK_THROW(m_keyChain.sign(data, signingByIdentity("/non-existing/identity")),
213 KeyChain::InvalidSigningInfoError);
214}
215
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500216BOOST_FIXTURE_TEST_CASE(Management, KeyChainFixture)
Yingdi Yufe4733a2015-10-22 14:24:12 -0700217{
Yingdi Yufe4733a2015-10-22 14:24:12 -0700218 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentities().size(), 0);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400219 BOOST_CHECK_THROW(m_keyChain.getPib().getDefaultIdentity(), Pib::Error);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700220
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400221 // Create an identity
222 Name idName("/test/id");
223 Identity id = m_keyChain.createIdentity(idName);
224 BOOST_REQUIRE(id);
225 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentities().size(), 1);
226 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentity(idName), id);
227
Yingdi Yufe4733a2015-10-22 14:24:12 -0700228 // The first added identity becomes the default identity
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400229 BOOST_CHECK_EQUAL(m_keyChain.getPib().getDefaultIdentity(), id);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700230 // The default key of the added identity must exist
laqinfan56a812d2019-06-03 15:33:58 -0500231 Key key = id.getDefaultKey();
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400232 BOOST_REQUIRE(key);
233 BOOST_CHECK_EQUAL(id.getKeys().size(), 1);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700234 // The default certificate of the default key must exist
laqinfan56a812d2019-06-03 15:33:58 -0500235 BOOST_CHECK_NO_THROW(key.getDefaultCertificate());
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400236 BOOST_CHECK_EQUAL(key.getCertificates().size(), 1);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700237
238 // Delete key
239 Name key1Name = key.getName();
Yingdi Yufe4733a2015-10-22 14:24:12 -0700240 m_keyChain.deleteKey(id, key);
241 // The key instance should not be valid any more
242 BOOST_CHECK(!key);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400243 BOOST_CHECK_THROW(id.getDefaultKey(), Pib::Error);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700244 BOOST_CHECK_THROW(id.getKey(key1Name), Pib::Error);
245 BOOST_CHECK_EQUAL(id.getKeys().size(), 0);
246
247 // Create another key
248 m_keyChain.createKey(id);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400249 // The added key becomes the default key
Yingdi Yufe4733a2015-10-22 14:24:12 -0700250 Key key2 = id.getDefaultKey();
251 BOOST_REQUIRE(key2);
252 BOOST_CHECK_NE(key2.getName(), key1Name);
253 BOOST_CHECK_EQUAL(id.getKeys().size(), 1);
laqinfan56a812d2019-06-03 15:33:58 -0500254 BOOST_CHECK_NO_THROW(key2.getDefaultCertificate());
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400255 BOOST_CHECK_EQUAL(key2.getCertificates().size(), 1);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700256
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400257 // Create a third key
Yingdi Yufe4733a2015-10-22 14:24:12 -0700258 Key key3 = m_keyChain.createKey(id);
Junxiao Shi72c0c642018-04-20 15:41:09 +0000259 BOOST_CHECK_NE(key3.getName(), key2.getName());
Yingdi Yufe4733a2015-10-22 14:24:12 -0700260 BOOST_CHECK_EQUAL(id.getKeys().size(), 2);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400261 // The added key will not be the default key, because the default was already set
262 BOOST_CHECK_EQUAL(id.getDefaultKey().getName(), key2.getName());
Yingdi Yufe4733a2015-10-22 14:24:12 -0700263
264 // Delete cert
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400265 BOOST_REQUIRE_EQUAL(key3.getCertificates().size(), 1);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700266 Certificate key3Cert1 = *key3.getCertificates().begin();
267 Name key3CertName = key3Cert1.getName();
268 m_keyChain.deleteCertificate(key3, key3CertName);
269 BOOST_CHECK_EQUAL(key3.getCertificates().size(), 0);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400270 BOOST_CHECK_THROW(key3.getDefaultCertificate(), Pib::Error);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700271
272 // Add cert
273 m_keyChain.addCertificate(key3, key3Cert1);
274 BOOST_CHECK_EQUAL(key3.getCertificates().size(), 1);
laqinfan56a812d2019-06-03 15:33:58 -0500275 BOOST_CHECK_NO_THROW(key3.getDefaultCertificate());
Alexander Afanasyeva10b2ff2017-01-30 12:44:15 -0800276 m_keyChain.addCertificate(key3, key3Cert1); // overwriting the cert should work
Yingdi Yufe4733a2015-10-22 14:24:12 -0700277 BOOST_CHECK_EQUAL(key3.getCertificates().size(), 1);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400278
Yingdi Yufe4733a2015-10-22 14:24:12 -0700279 // Add another cert
280 Certificate key3Cert2 = key3Cert1;
281 Name key3Cert2Name = key3.getName();
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400282 key3Cert2Name.append("Self").appendVersion();
Yingdi Yufe4733a2015-10-22 14:24:12 -0700283 key3Cert2.setName(key3Cert2Name);
284 m_keyChain.addCertificate(key3, key3Cert2);
285 BOOST_CHECK_EQUAL(key3.getCertificates().size(), 2);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400286
Davide Pesavento81bd6962020-06-17 16:03:23 -0400287 // Add empty cert
288 Certificate key3Cert3 = key3Cert1;
289 key3Cert3.unsetContent();
290 BOOST_CHECK_THROW(m_keyChain.addCertificate(key3, key3Cert3), std::invalid_argument);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700291
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400292 // Create another identity
293 Name id2Name("/test/id2");
294 Identity id2 = m_keyChain.createIdentity(id2Name);
295 BOOST_REQUIRE(id2);
296 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentities().size(), 2);
297 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentity(id2Name), id2);
298
299 // Default identity setting
300 BOOST_CHECK_EQUAL(m_keyChain.getPib().getDefaultIdentity().getName(), id.getName());
301 m_keyChain.setDefaultIdentity(id2);
302 BOOST_CHECK_EQUAL(m_keyChain.getPib().getDefaultIdentity().getName(), id2.getName());
Yingdi Yufe4733a2015-10-22 14:24:12 -0700303
304 // Default key setting
305 BOOST_CHECK_EQUAL(id.getDefaultKey().getName(), key2.getName());
306 m_keyChain.setDefaultKey(id, key3);
307 BOOST_CHECK_EQUAL(id.getDefaultKey().getName(), key3.getName());
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400308 // Set key of a different identity as default
309 BOOST_CHECK_THROW(m_keyChain.setDefaultKey(id, id2.getDefaultKey()), std::invalid_argument);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700310
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400311 // Default certificate setting
312 BOOST_CHECK_EQUAL(key3.getDefaultCertificate().getName(), key3CertName);
313 m_keyChain.setDefaultCertificate(key3, key3Cert2);
314 BOOST_CHECK_EQUAL(key3.getDefaultCertificate().getName(), key3Cert2Name);
315 // Set certificate of a different key as default
316 BOOST_CHECK_THROW(m_keyChain.setDefaultCertificate(key3, key2.getDefaultCertificate()),
317 std::invalid_argument);
318
319 // Delete certificate name mismatch
320 BOOST_CHECK_THROW(m_keyChain.deleteCertificate(key2, key3CertName), std::invalid_argument);
321 // Delete key name mismatch
322 BOOST_CHECK_THROW(m_keyChain.deleteKey(id, id2.getDefaultKey()), std::invalid_argument);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700323
324 // Delete identity
325 m_keyChain.deleteIdentity(id);
326 // The identity instance should not be valid any more
327 BOOST_CHECK(!id);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400328 BOOST_CHECK_THROW(m_keyChain.getPib().getIdentity(idName), Pib::Error);
329 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentities().size(), 1);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700330}
331
Davide Pesavento73710362020-12-04 16:10:03 -0500332struct DataPkt
Yingdi Yufe4733a2015-10-22 14:24:12 -0700333{
Davide Pesavento73710362020-12-04 16:10:03 -0500334 Data packet{"/data"};
335 SignedInterestFormat sigFormat = SignedInterestFormat::V02; // irrelevant for Data
Yingdi Yufe4733a2015-10-22 14:24:12 -0700336
Davide Pesavento73710362020-12-04 16:10:03 -0500337 SignatureInfo
338 getSignatureInfo() const
339 {
340 return packet.getSignatureInfo();
341 }
342};
laqinfan56a812d2019-06-03 15:33:58 -0500343
Davide Pesavento73710362020-12-04 16:10:03 -0500344struct InterestV02Pkt
345{
Davide Pesaventoaee2ada2022-02-18 14:43:02 -0500346 Interest packet{"/interest02"};
Davide Pesavento73710362020-12-04 16:10:03 -0500347 SignedInterestFormat sigFormat = SignedInterestFormat::V02;
Eric Newberryb74bbda2020-06-18 19:33:58 -0700348
Davide Pesavento73710362020-12-04 16:10:03 -0500349 SignatureInfo
350 getSignatureInfo() const
351 {
352 return SignatureInfo(packet.getName()[signed_interest::POS_SIG_INFO].blockFromValue());
353 }
354};
Eric Newberryb74bbda2020-06-18 19:33:58 -0700355
Davide Pesavento73710362020-12-04 16:10:03 -0500356struct InterestV03Pkt
357{
Davide Pesaventoaee2ada2022-02-18 14:43:02 -0500358 Interest packet{"/interest03"};
Davide Pesavento73710362020-12-04 16:10:03 -0500359 SignedInterestFormat sigFormat = SignedInterestFormat::V03;
Eric Newberryb74bbda2020-06-18 19:33:58 -0700360
Davide Pesavento73710362020-12-04 16:10:03 -0500361 SignatureInfo
362 getSignatureInfo() const
363 {
364 return packet.getSignatureInfo().value(); // use .value() for checked access
365 }
366};
Eric Newberryb74bbda2020-06-18 19:33:58 -0700367
Davide Pesavento73710362020-12-04 16:10:03 -0500368template<typename KeyParams>
369struct DefaultIdentity
370{
371 Identity
372 operator()(KeyChain& keyChain) const
373 {
374 auto id = keyChain.createIdentity("/id", KeyParams());
375 BOOST_ASSERT(keyChain.getPib().getDefaultIdentity() == id);
376 return id;
377 }
378};
Eric Newberryb74bbda2020-06-18 19:33:58 -0700379
Davide Pesavento73710362020-12-04 16:10:03 -0500380template<typename KeyParams>
381struct NonDefaultIdentity
382{
383 Identity
384 operator()(KeyChain& keyChain) const
385 {
386 auto id = keyChain.createIdentity("/id");
387 auto id2 = keyChain.createIdentity("/id2", KeyParams());
388 BOOST_ASSERT(keyChain.getPib().getDefaultIdentity() == id);
389 return id2;
390 }
391};
Eric Newberryb74bbda2020-06-18 19:33:58 -0700392
Davide Pesavento73710362020-12-04 16:10:03 -0500393template<typename KeyParams>
394struct DefaultKey
395{
396 Key
397 operator()(KeyChain&, const Identity& id) const
398 {
399 auto key = id.getDefaultKey();
400 BOOST_ASSERT(key.getKeyType() == KeyParams().getKeyType());
401 return key;
402 }
403};
Eric Newberryb74bbda2020-06-18 19:33:58 -0700404
Davide Pesavento73710362020-12-04 16:10:03 -0500405template<typename KeyParams>
406struct NonDefaultKey
407{
408 Key
409 operator()(KeyChain& keyChain, const Identity& id) const
410 {
411 auto key2 = keyChain.createKey(id, KeyParams());
412 BOOST_ASSERT(id.getDefaultKey() != key2);
413 return key2;
414 }
415};
Eric Newberryb74bbda2020-06-18 19:33:58 -0700416
Davide Pesavento73710362020-12-04 16:10:03 -0500417template<typename PacketType,
418 template<typename> class IdentityMaker = DefaultIdentity,
419 template<typename> class KeyMaker = DefaultKey,
420 typename AsymmetricKeyParams = EcKeyParams,
421 uint32_t SignatureTypeTlvValue = tlv::SignatureSha256WithEcdsa>
422struct AsymmetricSigningBase : protected KeyChainFixture, protected PacketType
423{
424 const Identity id = IdentityMaker<AsymmetricKeyParams>()(m_keyChain);
425 const Key key = KeyMaker<AsymmetricKeyParams>()(m_keyChain, id);
426 const Certificate cert = key.getDefaultCertificate();
427
428 const uint32_t expectedSigType = SignatureTypeTlvValue;
429 const bool shouldHaveKeyLocator = true;
Davide Pesaventof6b45892023-03-13 15:00:51 -0400430 const std::optional<KeyLocator> expectedKeyLocator = cert.getName();
Davide Pesavento73710362020-12-04 16:10:03 -0500431
432 bool
433 verify(const SigningInfo&) const
434 {
435 return verifySignature(this->packet, key);
436 }
437};
438
439template<typename PacketType,
440 typename AsymmetricKeyParams,
441 uint32_t SignatureTypeTlvValue>
442struct AsymmetricSigning : protected AsymmetricSigningBase<PacketType, DefaultIdentity, DefaultKey,
443 AsymmetricKeyParams, SignatureTypeTlvValue>
444{
445 const std::vector<SigningInfo> signingInfos = {
Yingdi Yufe4733a2015-10-22 14:24:12 -0700446 SigningInfo(),
Davide Pesavento73710362020-12-04 16:10:03 -0500447 SigningInfo(""),
Yingdi Yufe4733a2015-10-22 14:24:12 -0700448
Davide Pesavento73710362020-12-04 16:10:03 -0500449 SigningInfo(this->id),
450 SigningInfo(SigningInfo::SIGNER_TYPE_ID, this->id.getName()),
451 SigningInfo("id:" + this->id.getName().toUri()),
452 signingByIdentity(this->id),
453 signingByIdentity(this->id.getName()),
Yingdi Yufe4733a2015-10-22 14:24:12 -0700454
Davide Pesavento73710362020-12-04 16:10:03 -0500455 SigningInfo(this->key),
456 SigningInfo(SigningInfo::SIGNER_TYPE_KEY, this->key.getName()),
457 SigningInfo("key:" + this->key.getName().toUri()),
458 signingByKey(this->key),
459 signingByKey(this->key.getName()),
Alexander Afanasyevd6d78aa2017-01-02 18:14:23 -0800460
Davide Pesavento73710362020-12-04 16:10:03 -0500461 SigningInfo(SigningInfo::SIGNER_TYPE_CERT, this->cert.getName()),
462 SigningInfo("cert:" + this->cert.getName().toUri()),
463 signingByCertificate(this->cert),
464 signingByCertificate(this->cert.getName()),
465 };
466};
Yingdi Yufe4733a2015-10-22 14:24:12 -0700467
Davide Pesavento73710362020-12-04 16:10:03 -0500468template<typename PacketType>
469using RsaSigning = AsymmetricSigning<PacketType, RsaKeyParams, tlv::SignatureSha256WithRsa>;
Alexander Afanasyevd6d78aa2017-01-02 18:14:23 -0800470
Davide Pesavento73710362020-12-04 16:10:03 -0500471template<typename PacketType>
472using EcdsaSigning = AsymmetricSigning<PacketType, EcKeyParams, tlv::SignatureSha256WithEcdsa>;
Yingdi Yufe4733a2015-10-22 14:24:12 -0700473
Davide Pesavento73710362020-12-04 16:10:03 -0500474template<typename PacketType>
475struct SigningWithNonDefaultIdentity : protected AsymmetricSigningBase<PacketType, NonDefaultIdentity>
476{
477 const std::vector<SigningInfo> signingInfos = {
478 signingByIdentity(this->id),
479 signingByIdentity(this->id.getName()),
480 signingByKey(this->key),
481 signingByCertificate(this->cert),
482 };
483};
484
485template<typename PacketType>
486struct SigningWithNonDefaultKey : protected AsymmetricSigningBase<PacketType, NonDefaultIdentity, NonDefaultKey>
487{
488 const std::vector<SigningInfo> signingInfos = {
489 signingByKey(this->key),
490 signingByKey(this->key.getName()),
491 signingByCertificate(this->cert),
492 };
493};
494
495template<typename PacketType,
496 DigestAlgorithm DigestAlgo = DigestAlgorithm::SHA256,
497 uint32_t SignatureTypeTlvValue = tlv::SignatureHmacWithSha256>
498struct HmacSigning : protected KeyChainFixture, protected PacketType
499{
500 const std::vector<SigningInfo> signingInfos = {
501 SigningInfo(SigningInfo::SIGNER_TYPE_HMAC, m_keyChain.createHmacKey()),
laqinfan56a812d2019-06-03 15:33:58 -0500502 SigningInfo("hmac-sha256:QjM3NEEyNkE3MTQ5MDQzN0FBMDI0RTRGQURENUI0OTdGREZGMUE4RUE2RkYxMkY2RkI2NUFGMjcyMEI1OUNDRg=="),
Davide Pesavento73710362020-12-04 16:10:03 -0500503 };
laqinfan56a812d2019-06-03 15:33:58 -0500504
Davide Pesavento73710362020-12-04 16:10:03 -0500505 const uint32_t expectedSigType = SignatureTypeTlvValue;
506 const bool shouldHaveKeyLocator = true;
Davide Pesaventof6b45892023-03-13 15:00:51 -0400507 const std::optional<KeyLocator> expectedKeyLocator = std::nullopt; // don't check KeyLocator value
Davide Pesavento73710362020-12-04 16:10:03 -0500508
509 bool
510 verify(const SigningInfo& si) const
511 {
512 return verifySignature(this->packet, m_keyChain.getTpm(), si.getSignerName(), DigestAlgo);
513 }
514};
515
516template<typename PacketType>
517struct Sha256Signing : protected KeyChainFixture, protected PacketType
518{
519 const std::vector<SigningInfo> signingInfos = {
Yingdi Yufe4733a2015-10-22 14:24:12 -0700520 SigningInfo(SigningInfo::SIGNER_TYPE_SHA256),
Davide Pesavento73710362020-12-04 16:10:03 -0500521 SigningInfo("id:" + SigningInfo::getDigestSha256Identity().toUri()),
Yingdi Yufe4733a2015-10-22 14:24:12 -0700522 signingWithSha256()
523 };
524
Davide Pesavento73710362020-12-04 16:10:03 -0500525 const uint32_t expectedSigType = tlv::DigestSha256;
526 const bool shouldHaveKeyLocator = false;
Davide Pesaventof6b45892023-03-13 15:00:51 -0400527 const std::optional<KeyLocator> expectedKeyLocator = std::nullopt;
Yingdi Yufe4733a2015-10-22 14:24:12 -0700528
Davide Pesavento73710362020-12-04 16:10:03 -0500529 bool
530 verify(const SigningInfo&) const
531 {
Davide Pesaventof6b45892023-03-13 15:00:51 -0400532 return verifySignature(this->packet, std::nullopt);
Davide Pesavento73710362020-12-04 16:10:03 -0500533 }
534};
Yingdi Yufe4733a2015-10-22 14:24:12 -0700535
Davide Pesavento73710362020-12-04 16:10:03 -0500536using SigningTests = boost::mpl::vector<
537 RsaSigning<DataPkt>,
538 RsaSigning<InterestV02Pkt>,
539 RsaSigning<InterestV03Pkt>,
540 EcdsaSigning<DataPkt>,
541 EcdsaSigning<InterestV02Pkt>,
542 EcdsaSigning<InterestV03Pkt>,
Davide Pesavento94dfcf12021-09-26 14:18:45 -0400543#if OPENSSL_VERSION_NUMBER < 0x30000000L // FIXME #5154
Davide Pesavento73710362020-12-04 16:10:03 -0500544 HmacSigning<DataPkt>,
545 HmacSigning<InterestV02Pkt>,
546 HmacSigning<InterestV03Pkt>,
Davide Pesavento94dfcf12021-09-26 14:18:45 -0400547#endif
Davide Pesavento73710362020-12-04 16:10:03 -0500548 Sha256Signing<DataPkt>,
549 Sha256Signing<InterestV02Pkt>,
550 Sha256Signing<InterestV03Pkt>,
551 SigningWithNonDefaultIdentity<DataPkt>,
Davide Pesavento809f7542021-03-24 18:53:05 -0400552 SigningWithNonDefaultIdentity<InterestV03Pkt>,
553 SigningWithNonDefaultKey<DataPkt>,
554 SigningWithNonDefaultKey<InterestV03Pkt>
Davide Pesavento73710362020-12-04 16:10:03 -0500555>;
Eric Newberryb74bbda2020-06-18 19:33:58 -0700556
Davide Pesavento73710362020-12-04 16:10:03 -0500557BOOST_FIXTURE_TEST_CASE_TEMPLATE(SigningInterface, T, SigningTests, T)
558{
559 BOOST_TEST_CONTEXT("Packet = " << this->packet.getName()) {
560 for (auto signingInfo : this->signingInfos) {
561 signingInfo.setSignedInterestFormat(this->sigFormat);
562
563 BOOST_TEST_CONTEXT("SigningInfo = " << signingInfo) {
564 this->m_keyChain.sign(this->packet, signingInfo);
565
566 auto sigInfo = this->getSignatureInfo();
567 BOOST_CHECK_EQUAL(sigInfo.getSignatureType(), this->expectedSigType);
568 BOOST_CHECK_EQUAL(sigInfo.hasKeyLocator(), this->shouldHaveKeyLocator);
569 if (this->expectedKeyLocator) {
570 BOOST_CHECK_EQUAL(sigInfo.getKeyLocator(), *this->expectedKeyLocator);
571 }
572 BOOST_CHECK(this->verify(signingInfo));
Eric Newberryb74bbda2020-06-18 19:33:58 -0700573 }
Yingdi Yufe4733a2015-10-22 14:24:12 -0700574 }
575 }
576}
577
Junxiao Shi9ee770b2022-04-25 23:33:33 +0000578class MakeCertificateFixture : public ClockFixture
579{
580public:
581 MakeCertificateFixture()
582 : requesterKeyChain("pib-memory:", "tpm-memory:")
583 , signerKeyChain("pib-memory:", "tpm-memory:")
584 {
585 m_systemClock->setNow(time::fromIsoString("20091117T203458,651387237").time_since_epoch());
586
587 requester = requesterKeyChain.createIdentity("/requester").getDefaultKey();
588 Name signerIdentityName("/signer");
589 signerKey = signerKeyChain.createIdentity(signerIdentityName).getDefaultKey();
590 signerParams = signingByIdentity(signerIdentityName);
591 }
592
593 void
Davide Pesaventof6b45892023-03-13 15:00:51 -0400594 checkKeyLocatorName(const Certificate& cert,
595 const std::optional<Name>& klName = std::nullopt) const
Junxiao Shi9ee770b2022-04-25 23:33:33 +0000596 {
597 auto kl = cert.getKeyLocator();
598 if (!kl.has_value()) {
599 BOOST_ERROR("KeyLocator is missing");
600 return;
601 }
Davide Pesavento07db0732022-05-06 15:20:26 -0400602 BOOST_CHECK_EQUAL(kl->getName(), klName.value_or(signerKey.getDefaultCertificate().getName()));
Junxiao Shi9ee770b2022-04-25 23:33:33 +0000603 }
604
605 void
606 checkCertFromDefaults(const Certificate& cert) const
607 {
608 BOOST_CHECK(Certificate::isValidName(cert.getName()));
609 BOOST_CHECK_EQUAL(cert.getKeyName(), requester.getName());
610 BOOST_CHECK_EQUAL(cert.getName()[-2], name::Component("NA"));
611 BOOST_CHECK(cert.getName()[-1].isVersion());
612
613 BOOST_CHECK_EQUAL(cert.getContentType(), tlv::ContentType_Key);
614 BOOST_CHECK_EQUAL(cert.getFreshnessPeriod(), 1_h);
615
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400616 BOOST_TEST(cert.getPublicKey() == requester.getPublicKey(), boost::test_tools::per_element());
Junxiao Shi9ee770b2022-04-25 23:33:33 +0000617
618 checkKeyLocatorName(cert);
619
620 BOOST_CHECK(cert.isValid());
621 auto vp = cert.getValidityPeriod().getPeriod();
622 BOOST_CHECK_EQUAL(vp.first, time::fromIsoString("20091117T203458"));
623 BOOST_CHECK_EQUAL(vp.second, time::fromIsoString("20101117T203458"));
624
625 auto adBlock = cert.getSignatureInfo().getCustomTlv(tlv::AdditionalDescription);
626 BOOST_CHECK(!adBlock.has_value());
627 }
628
629public:
630 KeyChain requesterKeyChain;
631 pib::Key requester;
632
633 KeyChain signerKeyChain;
634 pib::Key signerKey;
635 Name signerCertificateName;
636 SigningInfo signerParams;
637};
638
639BOOST_FIXTURE_TEST_SUITE(MakeCertificate, MakeCertificateFixture)
640
641BOOST_AUTO_TEST_CASE(DefaultsFromKey)
642{
643 auto cert = signerKeyChain.makeCertificate(requester, signerParams);
644 checkCertFromDefaults(cert);
645}
646
647BOOST_AUTO_TEST_CASE(DefaultsFromCert)
648{
649 auto cert = signerKeyChain.makeCertificate(requester.getDefaultCertificate(), signerParams);
650 checkCertFromDefaults(cert);
651}
652
653BOOST_AUTO_TEST_CASE(Options)
654{
655 MakeCertificateOptions opts;
656 opts.issuerId = name::Component::fromEscapedString("ISSUER");
657 opts.version = 41218268;
658 opts.freshnessPeriod = 321_s;
659 opts.validity.emplace(time::fromIsoString("20060702T150405"),
660 time::fromIsoString("20160702T150405"));
661
662 SignatureInfo sigInfo;
663 sigInfo.setKeyLocator(signerKey.getName());
664 sigInfo.setValidityPeriod(ValidityPeriod(time::fromIsoString("20060102T150405"),
665 time::fromIsoString("20160102T150405")));
666 sigInfo.addCustomTlv(Block(0xF0));
667 signerParams.setSignatureInfo(sigInfo);
668
669 auto cert = signerKeyChain.makeCertificate(requester, signerParams, opts);
670
671 BOOST_CHECK_EQUAL(cert.getName(),
672 Name(requester.getName()).append(PartialName("ISSUER/v=41218268")));
673 BOOST_CHECK_EQUAL(cert.getFreshnessPeriod(), 321_s);
674 checkKeyLocatorName(cert, signerKey.getName());
675
676 auto vp = cert.getValidityPeriod().getPeriod();
677 BOOST_CHECK_EQUAL(vp.first, time::fromIsoString("20060702T150405"));
678 BOOST_CHECK_EQUAL(vp.second, time::fromIsoString("20160702T150405"));
679
680 BOOST_CHECK(cert.getSignatureInfo().getCustomTlv(0xF0).has_value());
681}
682
683BOOST_AUTO_TEST_CASE(ErrSigner)
684{
685 signerParams = signingByIdentity("/nonexistent");
686 BOOST_CHECK_THROW(signerKeyChain.makeCertificate(requester, signerParams), KeyChain::Error);
687}
688
689BOOST_AUTO_TEST_CASE(ErrZeroFreshness)
690{
691 MakeCertificateOptions opts;
692 opts.freshnessPeriod = 0_ms;
693 BOOST_CHECK_THROW(signerKeyChain.makeCertificate(requester, signerParams, opts),
694 std::invalid_argument);
695}
696
697BOOST_AUTO_TEST_CASE(ErrNegativeFreshness)
698{
699 MakeCertificateOptions opts;
700 opts.freshnessPeriod = -1_ms;
701 BOOST_CHECK_THROW(signerKeyChain.makeCertificate(requester, signerParams, opts),
702 std::invalid_argument);
703}
704
705BOOST_AUTO_TEST_CASE(ErrContent)
706{
707 Certificate request(requester.getDefaultCertificate());
Davide Pesavento07db0732022-05-06 15:20:26 -0400708
709 // malformed public key
Junxiao Shi9ee770b2022-04-25 23:33:33 +0000710 const auto& oldContent = request.getContent();
711 std::vector<uint8_t> content(oldContent.value_begin(), oldContent.value_end());
712 content[0] ^= 0x80;
713 request.setContent(content);
714 BOOST_CHECK_THROW(signerKeyChain.makeCertificate(request, signerParams), std::invalid_argument);
Davide Pesavento07db0732022-05-06 15:20:26 -0400715
716 // empty content
717 request.setContent(span<uint8_t>{});
718 BOOST_CHECK_THROW(signerKeyChain.makeCertificate(request, signerParams), std::invalid_argument);
Junxiao Shi9ee770b2022-04-25 23:33:33 +0000719}
720
721BOOST_AUTO_TEST_SUITE_END() // MakeCertificate
722
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500723BOOST_FIXTURE_TEST_CASE(ImportPrivateKey, KeyChainFixture)
laqinfan56a812d2019-06-03 15:33:58 -0500724{
Davide Pesavento765abc92021-12-27 00:44:04 -0500725 const Name keyName("/test/device2");
726 const uint8_t rawKey[] = "nPSNOHyZKsg2WLqHAs7MXGb0sjQb4zCT";
laqinfan56a812d2019-06-03 15:33:58 -0500727 auto key = make_shared<transform::PrivateKey>();
Davide Pesavento765abc92021-12-27 00:44:04 -0500728 key->loadRaw(KeyType::HMAC, rawKey);
laqinfan56a812d2019-06-03 15:33:58 -0500729
730 m_keyChain.importPrivateKey(keyName, key);
731 BOOST_CHECK_EQUAL(m_keyChain.getTpm().hasKey(keyName), true);
732 BOOST_CHECK_THROW(m_keyChain.importPrivateKey(keyName, key), KeyChain::Error);
733}
734
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500735BOOST_FIXTURE_TEST_CASE(ExportImport, KeyChainFixture)
Yingdi Yufe4733a2015-10-22 14:24:12 -0700736{
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500737 Identity id = m_keyChain.createIdentity("/TestKeyChain/ExportIdentity");
Yingdi Yufe4733a2015-10-22 14:24:12 -0700738 Certificate cert = id.getDefaultKey().getDefaultCertificate();
739
740 shared_ptr<SafeBag> exported = m_keyChain.exportSafeBag(cert, "1234", 4);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400741 const auto& block = exported->wireEncode();
Yingdi Yufe4733a2015-10-22 14:24:12 -0700742
743 m_keyChain.deleteIdentity(id);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400744 BOOST_CHECK_EXCEPTION(m_keyChain.exportSafeBag(cert, "1234", 4), KeyChain::Error, [] (const auto& e) {
745 return std::string(e.what()).find("Failed to export private key") == 0;
746 });
Yingdi Yufe4733a2015-10-22 14:24:12 -0700747
748 BOOST_CHECK_EQUAL(m_keyChain.getTpm().hasKey(cert.getKeyName()), false);
749 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentities().size(), 0);
750
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400751 SafeBag imported(block);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700752 m_keyChain.importSafeBag(imported, "1234", 4);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400753 BOOST_CHECK_EXCEPTION(m_keyChain.importSafeBag(imported, "1234", 4), KeyChain::Error, [] (const auto& e) {
754 return std::string(e.what()).find("already exists") != std::string::npos;
755 });
Yingdi Yufe4733a2015-10-22 14:24:12 -0700756
757 BOOST_CHECK_EQUAL(m_keyChain.getTpm().hasKey(cert.getKeyName()), true);
758 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentities().size(), 1);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700759 Identity newId = m_keyChain.getPib().getIdentity(cert.getIdentity());
760 BOOST_CHECK_EQUAL(newId.getKeys().size(), 1);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700761 Key newKey = newId.getKey(cert.getKeyName());
762 BOOST_CHECK_EQUAL(newKey.getCertificates().size(), 1);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400763 Certificate newCert = newKey.getCertificate(cert.getName());
764 BOOST_CHECK_EQUAL(newCert, cert);
765}
Yingdi Yufe4733a2015-10-22 14:24:12 -0700766
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400767BOOST_FIXTURE_TEST_CASE(ImportInvalid, KeyChainFixture)
768{
769 Identity id = m_keyChain.createIdentity("/TestKeyChain/ExportIdentity");
770 Certificate cert = id.getDefaultKey().getDefaultCertificate();
771
772 auto exported = m_keyChain.exportSafeBag(cert, "1234", 4);
773 m_keyChain.deleteIdentity(id);
774
775 Identity id2 = m_keyChain.createIdentity("/TestKeyChain/AnotherIdentity");
776 Certificate cert2 = id2.getDefaultKey().getDefaultCertificate();
777 m_keyChain.deleteIdentity(id2);
778
779 SafeBag mismatch(cert2, exported->getEncryptedKey());
780 BOOST_CHECK_EXCEPTION(m_keyChain.importSafeBag(mismatch, "1234", 4), KeyChain::Error, [] (const auto& e) {
781 return std::string(e.what()).find("do not match") != std::string::npos;
782 });
783
784 SafeBag invalidPriv(cert2, {0xCA, 0xFE});
785 BOOST_CHECK_EXCEPTION(m_keyChain.importSafeBag(invalidPriv, "1234", 4), KeyChain::Error, [] (const auto& e) {
786 return std::string(e.what()).find("Failed to import private key") == 0;
787 });
Yingdi Yufe4733a2015-10-22 14:24:12 -0700788}
789
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500790BOOST_FIXTURE_TEST_CASE(SelfSignedCertValidity, KeyChainFixture)
Alexander Afanasyevf8379172017-01-11 16:56:04 -0800791{
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500792 Certificate cert = m_keyChain.createIdentity("/Security/TestKeyChain/SelfSignedCertValidity")
Alexander Afanasyevf8379172017-01-11 16:56:04 -0800793 .getDefaultKey()
794 .getDefaultCertificate();
795 BOOST_CHECK(cert.isValid());
Davide Pesavento0f830802018-01-16 23:58:58 -0500796 BOOST_CHECK(cert.isValid(time::system_clock::now() + 10 * 365_days));
797 BOOST_CHECK_GT(cert.getValidityPeriod().getPeriod().second, time::system_clock::now() + 10 * 365_days);
Alexander Afanasyevf8379172017-01-11 16:56:04 -0800798}
799
Yingdi Yufe4733a2015-10-22 14:24:12 -0700800BOOST_AUTO_TEST_SUITE_END() // TestKeyChain
Yingdi Yufe4733a2015-10-22 14:24:12 -0700801BOOST_AUTO_TEST_SUITE_END() // Security
802
803} // namespace tests
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400804} // inline namespace v2
Yingdi Yufe4733a2015-10-22 14:24:12 -0700805} // namespace security
806} // namespace ndn