Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 0b2aa13fbf2cc72e6c1f3dee4802cf726d9907a6 / . / tests / unit / security / validation-policy-simple-hierarchy.t.cpp
blob: a6b6fdc51ab580a7384c4e38fa4c675793d7ede9 [file] [log] [blame]
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Davide Pesavento74daf742018-11-23 18:14:13 -0500[diff] [blame]2/*
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]3 * Copyright (c) 2013-2020 Regents of the University of California.
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]22#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
Davide Pesavento97ee8112020-08-11 21:38:34 -0400[diff] [blame]23#include "ndn-cxx/util/scope.hpp"
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]24
Davide Pesavento7e780642018-11-24 15:51:34 -0500[diff] [blame]25#include "tests/boost-test.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]26#include "tests/unit/security/validator-fixture.hpp"
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]27
28#include <boost/mpl/vector.hpp>
29
30namespace ndn {
31namespace security {
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]32inline namespace v2 {
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]33namespace tests {
34
35using namespace ndn::tests;
36
37BOOST_AUTO_TEST_SUITE(Security)
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]38BOOST_FIXTURE_TEST_SUITE(TestValidationPolicySimpleHierarchy,
39 HierarchicalValidatorFixture<ValidationPolicySimpleHierarchy>)
40
Davide Pesavento97ee8112020-08-11 21:38:34 -0400[diff] [blame]41using Packets = boost::mpl::vector<Interest, Data>;
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]42
43BOOST_AUTO_TEST_CASE_TEMPLATE(Validate, Packet, Packets)
44{
Eric Newberryb74bbda2020-06-18 19:33:58 -0700[diff] [blame]45 // Can't set CanBePrefix on Interests in this test case because of template
46 // TODO: Remove in #4582
Davide Pesavento97ee8112020-08-11 21:38:34 -0400[diff] [blame]47 auto guard = make_scope_exit([] { Interest::s_errorIfCanBePrefixUnset = true; });
Eric Newberryb74bbda2020-06-18 19:33:58 -0700[diff] [blame]48 Interest::s_errorIfCanBePrefixUnset = false;
49
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]50 Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Sub2/Packet");
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]51
52 Packet packet = unsignedPacket;
53 VALIDATE_FAILURE(packet, "Unsigned");
54
55 packet = unsignedPacket;
56 m_keyChain.sign(packet, signingWithSha256());
57 VALIDATE_FAILURE(packet, "Policy doesn't accept Sha256Digest signature");
58
59 packet = unsignedPacket;
60 m_keyChain.sign(packet, signingByIdentity(identity));
61 VALIDATE_SUCCESS(packet, "Should get accepted, as signed by the anchor");
62
63 packet = unsignedPacket;
64 m_keyChain.sign(packet, signingByIdentity(subIdentity));
65 VALIDATE_SUCCESS(packet, "Should get accepted, as signed by the policy-compliant cert");
66
67 packet = unsignedPacket;
68 m_keyChain.sign(packet, signingByIdentity(otherIdentity));
69 VALIDATE_FAILURE(packet, "Should fail, as signed by the policy-violating cert");
70
71 packet = unsignedPacket;
72 m_keyChain.sign(packet, signingByIdentity(subSelfSignedIdentity));
73 VALIDATE_FAILURE(packet, "Should fail, because subSelfSignedIdentity is not a trust anchor");
74
75 // TODO add checks with malformed packets
76}
77
Alexander Afanasyev8afba422020-06-11 17:56:21 -0400[diff] [blame]78BOOST_AUTO_TEST_CASE(NonKeyNameInsideLocator)
79{
80 // auto cert = identity.getDefaultKey().getDefaultCertificate().wireEncode();
81 // std::cerr << "Certificate idCert{\"" << toHex(cert.wire(), cert.size()) << "\"_block};" << std::endl;
82
83 // cert = subIdentity.getDefaultKey().getDefaultCertificate().wireEncode();
84 // std::cerr << "Certificate subIdCert{\"" << toHex(cert.wire(), cert.size()) << "\"_block};" << std::endl;
85
86 // Data packet("/Security/ValidatorFixture/Sub1/Sub2/Packet");
87 // m_keyChain.sign(packet, signingByIdentity(subIdentity));
88 // std::cerr << "Data packet{\"" << toHex(packet.wireEncode().wire(), packet.wireEncode().size()) << "\"_block};" << std::endl;
89
90 // These are hard-coded with a key locator that is the exact name of the certificate
91 Certificate idCert{"06FD014C073C08085365637572697479081056616C696461746F724669787475726508034B455"
92 "9080816971C408D162A0A080473656C660809FD000001499D598CA0140918010219040036EE80155B30593013060"
93 "72A8648CE3D020106082A8648CE3D03010703420004F795BB9A7D51ECC4491605D49ADFCB46598D8260F872F0F15"
94 "15FA4EA7259F2A27C25B5ADAFA8D548C5FA0FBB88AB7769E986057FCAB52C7AF17A7964C47DF57B165C1B01031C2"
95 "D072B08085365637572697479081056616C696461746F724669787475726508034B4559080816971C408D162A0AF"
96 "D00FD26FD00FE0F313937303031303154303030303030FD00FF0F323033343131303654303533353332174630440"
97 "2200E9C538FE7285B006476C86F1CCCEC4398C939D1F6CE2E4F3537EB145252EE1502201A1C50E647CAF90CAA76A"
98 "065452D1D560E5BB7122A7553002E7DFBCA80FCB422"_block};
99 Certificate subIdCert{"06FD0188074408085365637572697479081056616C696461746F7246697874757265080453"
100 "75623108034B45590808D76A31B01E14092B0806706172656E740809FD000001499D598CA0140918010219040036"
101 "EE80155B3059301306072A8648CE3D020106082A8648CE3D0301070342000441783BEDE80DEF6F2910D78E1BD0AD"
102 "7EF033A62F510A7578D1FC8F7601AC2B7709B27BBF225423A865964FA523B9746169FDB03C68B2FAC8D75DA0C755"
103 "8122AF16901B01031C3E073C08085365637572697479081056616C696461746F724669787475726508034B455908"
104 "0816971C408D162A0A080473656C660809FD000001499D598CA0FD00FD26FD00FE0F323031343131313154303533"
105 "353332FD00FF0F323033343131303654303533353332FD01021FFD02001BFD02010474797065FD02020F7375622D"
106 "636572746966696361746517463044022013CEFBF0E15EA6C85B26C56B550316A8A0F6F45510CCBDA4188E7732EF"
107 "1E81B6022026BDC1B6F32BE163F20E379B86EF686F5B8B2B57B6494DE89D5D503C8E3C6125"_block};
108 Data packet{"06CD073008085365637572697479081056616C696461746F724669787475726508045375623108045375"
109 "623208065061636B657414001500164B1B01031C46074408085365637572697479081056616C696461746F724669"
110 "787475726508045375623108034B45590808D76A31B01E14092B0806706172656E740809FD000001499D598CA017"
111 "483046022100BDD3E0EF2385658825EB73E87A02D1A16AA8ACE50840C1B91782836164AACA3B0221008007B3EBA9"
112 "B7638BD204766B08AF6E4221CDB88156CC7DA13CD916610D6D3AED"_block};
113
114 this->cache.insert(idCert);
115 this->cache.insert(subIdCert);
116 this->validator.loadAnchor("", std::move(idCert));
117
118 BOOST_REQUIRE(packet.getKeyLocator());
119 BOOST_CHECK_EQUAL(packet.getKeyLocator()->getName(),
120 "/Security/ValidatorFixture/Sub1/KEY/%D7j1%B0%1E%14%09%2B/parent/%FD%00%00%01I%9DY%8C%A0");
121
122 VALIDATE_SUCCESS(packet, "Should get accepted, as signed by the policy-compliant cert");
123}
124
125BOOST_AUTO_TEST_SUITE_END() // TestValidationPolicySimpleHierarchy
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]126BOOST_AUTO_TEST_SUITE_END() // Security
127
128} // namespace tests
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]129} // inline namespace v2
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]130} // namespace security
131} // namespace ndn