blob: 69748b53a276fe0d5a671c4101527f83bd3f33d3 [file] [log] [blame]
Yingdi Yufe4733a2015-10-22 14:24:12 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Davide Pesavento82d6a4c2017-12-23 19:47:20 -05002/*
Davide Pesavento0c526032024-01-31 21:14:01 -05003 * Copyright (c) 2013-2024 Regents of the University of California.
Yingdi Yufe4733a2015-10-22 14:24:12 -07004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
Alexander Afanasyev09236c22020-06-03 13:42:38 -040022#include "ndn-cxx/security/key-chain.hpp"
laqinfan56a812d2019-06-03 15:33:58 -050023#include "ndn-cxx/security/transform/private-key.hpp"
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -050024#include "ndn-cxx/security/verification-helpers.hpp"
Yingdi Yufe4733a2015-10-22 14:24:12 -070025
Davide Pesavento7e780642018-11-24 15:51:34 -050026#include "tests/boost-test.hpp"
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -050027#include "tests/key-chain-fixture.hpp"
Junxiao Shi9ee770b2022-04-25 23:33:33 +000028#include "tests/unit/clock-fixture.hpp"
Davide Pesavento7e780642018-11-24 15:51:34 -050029#include "tests/unit/test-home-env-saver.hpp"
Yingdi Yufe4733a2015-10-22 14:24:12 -070030
Davide Pesavento49e1e872023-11-11 00:45:23 -050031#include <boost/mp11/list.hpp>
Davide Pesavento73710362020-12-04 16:10:03 -050032
Davide Pesavento47ce2ee2023-05-09 01:33:33 -040033namespace ndn::tests {
Yingdi Yufe4733a2015-10-22 14:24:12 -070034
Davide Pesavento47ce2ee2023-05-09 01:33:33 -040035using namespace ndn::security;
Yingdi Yufe4733a2015-10-22 14:24:12 -070036
37BOOST_AUTO_TEST_SUITE(Security)
Yingdi Yufe4733a2015-10-22 14:24:12 -070038BOOST_FIXTURE_TEST_SUITE(TestKeyChain, TestHomeEnvSaver)
39
40template<class Path>
41class TestHomeAndPibFixture : public TestHomeFixture<Path>
42{
43public:
44 TestHomeAndPibFixture()
45 {
46 unsetenv("NDN_CLIENT_PIB");
47 unsetenv("NDN_CLIENT_TPM");
48 }
Alexander Afanasyev80782e02017-01-04 13:16:54 -080049
50 ~TestHomeAndPibFixture()
51 {
Davide Pesavento0e768ef2022-05-09 20:03:44 -040052 KeyChain::resetDefaultLocators();
Alexander Afanasyev80782e02017-01-04 13:16:54 -080053 }
Yingdi Yufe4733a2015-10-22 14:24:12 -070054};
55
56struct PibPathConfigFileHome
57{
Davide Pesavento3fdb02f2023-04-12 02:32:38 -040058 static constexpr std::string_view PATH = "build/config-file-home/";
Yingdi Yufe4733a2015-10-22 14:24:12 -070059};
60
61BOOST_FIXTURE_TEST_CASE(ConstructorNormalConfig, TestHomeAndPibFixture<PibPathConfigFileHome>)
62{
63 createClientConf({"pib=pib-memory:", "tpm=tpm-memory:"});
64
Yingdi Yufe4733a2015-10-22 14:24:12 -070065 KeyChain keyChain;
66 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-memory:");
67 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-memory:");
68 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-memory:");
69}
70
71struct PibPathConfigFileEmptyHome
72{
Davide Pesavento3fdb02f2023-04-12 02:32:38 -040073 static constexpr std::string_view PATH = "build/config-file-empty-home/";
Yingdi Yufe4733a2015-10-22 14:24:12 -070074};
75
76BOOST_FIXTURE_TEST_CASE(ConstructorEmptyConfig, TestHomeAndPibFixture<PibPathConfigFileEmptyHome>)
77{
78 createClientConf({"pib=pib-memory:"});
79
Alexander Afanasyev0cf887d2017-03-26 16:58:59 -050080#if defined(NDN_CXX_HAVE_OSX_FRAMEWORKS)
Yingdi Yufe4733a2015-10-22 14:24:12 -070081 std::string oldHOME;
82 if (std::getenv("OLD_HOME"))
83 oldHOME = std::getenv("OLD_HOME");
84
85 std::string HOME;
86 if (std::getenv("HOME"))
87 HOME = std::getenv("HOME");
88
89 if (!oldHOME.empty())
90 setenv("HOME", oldHOME.c_str(), 1);
91 else
92 unsetenv("HOME");
93#endif
94
Yingdi Yufe4733a2015-10-22 14:24:12 -070095 KeyChain keyChain;
96 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-memory:");
97
Davide Pesaventodc3575f2022-07-30 21:10:34 -040098#if defined(NDN_CXX_HAVE_OSX_FRAMEWORKS) && defined(NDN_CXX_WITH_OSX_KEYCHAIN)
Yingdi Yufe4733a2015-10-22 14:24:12 -070099 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-osxkeychain:");
100 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-osxkeychain:");
101#else
102 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-file:");
103 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-file:");
104#endif
105
Alexander Afanasyev0cf887d2017-03-26 16:58:59 -0500106#if defined(NDN_CXX_HAVE_OSX_FRAMEWORKS)
Yingdi Yufe4733a2015-10-22 14:24:12 -0700107 if (!HOME.empty())
108 setenv("HOME", HOME.c_str(), 1);
109 else
110 unsetenv("HOME");
111
112 if (!oldHOME.empty())
113 setenv("OLD_HOME", oldHOME.c_str(), 1);
114 else
115 unsetenv("OLD_HOME");
116#endif
117}
118
119struct PibPathConfigFileEmpty2Home
120{
Davide Pesavento3fdb02f2023-04-12 02:32:38 -0400121 static constexpr std::string_view PATH = "build/config-file-empty2-home/";
Yingdi Yufe4733a2015-10-22 14:24:12 -0700122};
123
Davide Pesavento73710362020-12-04 16:10:03 -0500124BOOST_FIXTURE_TEST_CASE(ConstructorEmptyConfig2, TestHomeAndPibFixture<PibPathConfigFileEmpty2Home>)
Yingdi Yufe4733a2015-10-22 14:24:12 -0700125{
126 createClientConf({"tpm=tpm-memory:"});
127
Yingdi Yufe4733a2015-10-22 14:24:12 -0700128 KeyChain keyChain;
129 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-sqlite3:");
130 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-memory:");
131 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-memory:");
132}
133
134struct PibPathConfigFileMalformedHome
135{
Davide Pesavento3fdb02f2023-04-12 02:32:38 -0400136 static constexpr std::string_view PATH = "build/config-file-malformed-home/";
Yingdi Yufe4733a2015-10-22 14:24:12 -0700137};
138
Davide Pesavento73710362020-12-04 16:10:03 -0500139BOOST_FIXTURE_TEST_CASE(ConstructorBadConfig, TestHomeAndPibFixture<PibPathConfigFileMalformedHome>)
Yingdi Yufe4733a2015-10-22 14:24:12 -0700140{
141 createClientConf({"pib=lord", "tpm=ring"});
Davide Pesavento73710362020-12-04 16:10:03 -0500142 BOOST_CHECK_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected.
Yingdi Yufe4733a2015-10-22 14:24:12 -0700143}
144
145struct PibPathConfigFileMalformed2Home
146{
Davide Pesavento3fdb02f2023-04-12 02:32:38 -0400147 static constexpr std::string_view PATH = "build/config-file-malformed2-home/";
Yingdi Yufe4733a2015-10-22 14:24:12 -0700148};
149
Davide Pesavento73710362020-12-04 16:10:03 -0500150BOOST_FIXTURE_TEST_CASE(ConstructorBadConfig2, TestHomeAndPibFixture<PibPathConfigFileMalformed2Home>)
Yingdi Yufe4733a2015-10-22 14:24:12 -0700151{
152 createClientConf({"pib=pib-sqlite3:%PATH%", "tpm=just-wrong"});
Davide Pesavento73710362020-12-04 16:10:03 -0500153 BOOST_CHECK_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected.
Yingdi Yufe4733a2015-10-22 14:24:12 -0700154}
155
Alexander Afanasyev57d02b62018-06-15 18:19:50 -0400156struct PibPathConfigFileNonCanonicalTpm
157{
Davide Pesavento3fdb02f2023-04-12 02:32:38 -0400158 static constexpr std::string_view PATH = "build/config-file-non-canonical-tpm/";
Alexander Afanasyev57d02b62018-06-15 18:19:50 -0400159};
160
Davide Pesavento0c526032024-01-31 21:14:01 -0500161BOOST_FIXTURE_TEST_CASE(ConstructorNonCanonicalTpm, TestHomeAndPibFixture<PibPathConfigFileNonCanonicalTpm>,
162 * ut::description("test for bug #4297"))
Alexander Afanasyev57d02b62018-06-15 18:19:50 -0400163{
164 createClientConf({"pib=pib-sqlite3:", "tpm=tpm-file"});
165
166 {
167 KeyChain keyChain;
168 keyChain.createIdentity("/test");
169 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-sqlite3:");
170 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-file:");
171 }
172
173 {
174 KeyChain keyChain;
175 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-sqlite3:");
176 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-file:");
177 BOOST_CHECK(keyChain.getPib().getIdentities().find("/test") != keyChain.getPib().getIdentities().end());
178 }
179}
180
Yingdi Yufe4733a2015-10-22 14:24:12 -0700181BOOST_AUTO_TEST_CASE(KeyChainWithCustomTpmAndPib)
182{
Yingdi Yufe4733a2015-10-22 14:24:12 -0700183 KeyChain keyChain("pib-memory", "tpm-memory");
184 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-memory:");
185 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-memory:");
186 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-memory:");
Davide Pesavento0e768ef2022-05-09 20:03:44 -0400187
188 BOOST_CHECK_NO_THROW(KeyChain("pib-memory:", "tpm-memory:"));
189 BOOST_CHECK_NO_THROW(KeyChain("pib-memory:/something", "tpm-memory:/something"));
Yingdi Yufe4733a2015-10-22 14:24:12 -0700190}
191
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500192BOOST_FIXTURE_TEST_CASE(SigningWithCorruptedPibTpm, KeyChainFixture)
Alexander Afanasyevf601e192020-06-02 16:41:07 -0400193{
194 Identity id = m_keyChain.createIdentity("/test");
195
196 Data data("/foobar");
197 BOOST_CHECK_NO_THROW(m_keyChain.sign(data, signingByIdentity(id)));
198
199 // now, "corrupting TPM"
200 const_cast<Tpm&>(m_keyChain.getTpm()).deleteKey(id.getDefaultKey().getName());
201
202 BOOST_CHECK_NO_THROW(id.getDefaultKey());
203 BOOST_CHECK_THROW(m_keyChain.sign(data, signingByIdentity(id)), KeyChain::InvalidSigningInfoError);
204}
205
Davide Pesavento73710362020-12-04 16:10:03 -0500206BOOST_FIXTURE_TEST_CASE(SigningWithNonExistingIdentity, KeyChainFixture)
207{
208 Data data("/test/data");
209 BOOST_CHECK_THROW(m_keyChain.sign(data, signingByIdentity("/non-existing/identity")),
210 KeyChain::InvalidSigningInfoError);
211}
212
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500213BOOST_FIXTURE_TEST_CASE(Management, KeyChainFixture)
Yingdi Yufe4733a2015-10-22 14:24:12 -0700214{
Yingdi Yufe4733a2015-10-22 14:24:12 -0700215 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentities().size(), 0);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400216 BOOST_CHECK_THROW(m_keyChain.getPib().getDefaultIdentity(), Pib::Error);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700217
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400218 // Create an identity
219 Name idName("/test/id");
220 Identity id = m_keyChain.createIdentity(idName);
221 BOOST_REQUIRE(id);
222 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentities().size(), 1);
223 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentity(idName), id);
224
Yingdi Yufe4733a2015-10-22 14:24:12 -0700225 // The first added identity becomes the default identity
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400226 BOOST_CHECK_EQUAL(m_keyChain.getPib().getDefaultIdentity(), id);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700227 // The default key of the added identity must exist
laqinfan56a812d2019-06-03 15:33:58 -0500228 Key key = id.getDefaultKey();
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400229 BOOST_REQUIRE(key);
230 BOOST_CHECK_EQUAL(id.getKeys().size(), 1);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700231 // The default certificate of the default key must exist
laqinfan56a812d2019-06-03 15:33:58 -0500232 BOOST_CHECK_NO_THROW(key.getDefaultCertificate());
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400233 BOOST_CHECK_EQUAL(key.getCertificates().size(), 1);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700234
235 // Delete key
236 Name key1Name = key.getName();
Yingdi Yufe4733a2015-10-22 14:24:12 -0700237 m_keyChain.deleteKey(id, key);
238 // The key instance should not be valid any more
239 BOOST_CHECK(!key);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400240 BOOST_CHECK_THROW(id.getDefaultKey(), Pib::Error);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700241 BOOST_CHECK_THROW(id.getKey(key1Name), Pib::Error);
242 BOOST_CHECK_EQUAL(id.getKeys().size(), 0);
243
244 // Create another key
245 m_keyChain.createKey(id);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400246 // The added key becomes the default key
Yingdi Yufe4733a2015-10-22 14:24:12 -0700247 Key key2 = id.getDefaultKey();
248 BOOST_REQUIRE(key2);
249 BOOST_CHECK_NE(key2.getName(), key1Name);
250 BOOST_CHECK_EQUAL(id.getKeys().size(), 1);
laqinfan56a812d2019-06-03 15:33:58 -0500251 BOOST_CHECK_NO_THROW(key2.getDefaultCertificate());
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400252 BOOST_CHECK_EQUAL(key2.getCertificates().size(), 1);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700253
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400254 // Create a third key
Yingdi Yufe4733a2015-10-22 14:24:12 -0700255 Key key3 = m_keyChain.createKey(id);
Junxiao Shi72c0c642018-04-20 15:41:09 +0000256 BOOST_CHECK_NE(key3.getName(), key2.getName());
Yingdi Yufe4733a2015-10-22 14:24:12 -0700257 BOOST_CHECK_EQUAL(id.getKeys().size(), 2);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400258 // The added key will not be the default key, because the default was already set
259 BOOST_CHECK_EQUAL(id.getDefaultKey().getName(), key2.getName());
Yingdi Yufe4733a2015-10-22 14:24:12 -0700260
261 // Delete cert
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400262 BOOST_REQUIRE_EQUAL(key3.getCertificates().size(), 1);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700263 Certificate key3Cert1 = *key3.getCertificates().begin();
264 Name key3CertName = key3Cert1.getName();
265 m_keyChain.deleteCertificate(key3, key3CertName);
266 BOOST_CHECK_EQUAL(key3.getCertificates().size(), 0);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400267 BOOST_CHECK_THROW(key3.getDefaultCertificate(), Pib::Error);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700268
269 // Add cert
270 m_keyChain.addCertificate(key3, key3Cert1);
271 BOOST_CHECK_EQUAL(key3.getCertificates().size(), 1);
laqinfan56a812d2019-06-03 15:33:58 -0500272 BOOST_CHECK_NO_THROW(key3.getDefaultCertificate());
Alexander Afanasyeva10b2ff2017-01-30 12:44:15 -0800273 m_keyChain.addCertificate(key3, key3Cert1); // overwriting the cert should work
Yingdi Yufe4733a2015-10-22 14:24:12 -0700274 BOOST_CHECK_EQUAL(key3.getCertificates().size(), 1);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400275
Yingdi Yufe4733a2015-10-22 14:24:12 -0700276 // Add another cert
277 Certificate key3Cert2 = key3Cert1;
278 Name key3Cert2Name = key3.getName();
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400279 key3Cert2Name.append("Self").appendVersion();
Yingdi Yufe4733a2015-10-22 14:24:12 -0700280 key3Cert2.setName(key3Cert2Name);
281 m_keyChain.addCertificate(key3, key3Cert2);
282 BOOST_CHECK_EQUAL(key3.getCertificates().size(), 2);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400283
Davide Pesavento81bd6962020-06-17 16:03:23 -0400284 // Add empty cert
285 Certificate key3Cert3 = key3Cert1;
286 key3Cert3.unsetContent();
287 BOOST_CHECK_THROW(m_keyChain.addCertificate(key3, key3Cert3), std::invalid_argument);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700288
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400289 // Create another identity
290 Name id2Name("/test/id2");
291 Identity id2 = m_keyChain.createIdentity(id2Name);
292 BOOST_REQUIRE(id2);
293 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentities().size(), 2);
294 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentity(id2Name), id2);
295
296 // Default identity setting
297 BOOST_CHECK_EQUAL(m_keyChain.getPib().getDefaultIdentity().getName(), id.getName());
298 m_keyChain.setDefaultIdentity(id2);
299 BOOST_CHECK_EQUAL(m_keyChain.getPib().getDefaultIdentity().getName(), id2.getName());
Yingdi Yufe4733a2015-10-22 14:24:12 -0700300
301 // Default key setting
302 BOOST_CHECK_EQUAL(id.getDefaultKey().getName(), key2.getName());
303 m_keyChain.setDefaultKey(id, key3);
304 BOOST_CHECK_EQUAL(id.getDefaultKey().getName(), key3.getName());
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400305 // Set key of a different identity as default
306 BOOST_CHECK_THROW(m_keyChain.setDefaultKey(id, id2.getDefaultKey()), std::invalid_argument);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700307
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400308 // Default certificate setting
309 BOOST_CHECK_EQUAL(key3.getDefaultCertificate().getName(), key3CertName);
310 m_keyChain.setDefaultCertificate(key3, key3Cert2);
311 BOOST_CHECK_EQUAL(key3.getDefaultCertificate().getName(), key3Cert2Name);
312 // Set certificate of a different key as default
313 BOOST_CHECK_THROW(m_keyChain.setDefaultCertificate(key3, key2.getDefaultCertificate()),
314 std::invalid_argument);
315
316 // Delete certificate name mismatch
317 BOOST_CHECK_THROW(m_keyChain.deleteCertificate(key2, key3CertName), std::invalid_argument);
318 // Delete key name mismatch
319 BOOST_CHECK_THROW(m_keyChain.deleteKey(id, id2.getDefaultKey()), std::invalid_argument);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700320
321 // Delete identity
322 m_keyChain.deleteIdentity(id);
323 // The identity instance should not be valid any more
324 BOOST_CHECK(!id);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400325 BOOST_CHECK_THROW(m_keyChain.getPib().getIdentity(idName), Pib::Error);
326 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentities().size(), 1);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700327}
328
Davide Pesavento73710362020-12-04 16:10:03 -0500329struct DataPkt
Yingdi Yufe4733a2015-10-22 14:24:12 -0700330{
Davide Pesavento73710362020-12-04 16:10:03 -0500331 Data packet{"/data"};
Davide Pesavento0c526032024-01-31 21:14:01 -0500332 static constexpr SignedInterestFormat sigFormat = SignedInterestFormat::V02; // irrelevant for Data
Yingdi Yufe4733a2015-10-22 14:24:12 -0700333
Davide Pesavento73710362020-12-04 16:10:03 -0500334 SignatureInfo
335 getSignatureInfo() const
336 {
337 return packet.getSignatureInfo();
338 }
339};
laqinfan56a812d2019-06-03 15:33:58 -0500340
Davide Pesavento73710362020-12-04 16:10:03 -0500341struct InterestV02Pkt
342{
Davide Pesaventoaee2ada2022-02-18 14:43:02 -0500343 Interest packet{"/interest02"};
Davide Pesavento0c526032024-01-31 21:14:01 -0500344 static constexpr SignedInterestFormat sigFormat = SignedInterestFormat::V02;
Eric Newberryb74bbda2020-06-18 19:33:58 -0700345
Davide Pesavento73710362020-12-04 16:10:03 -0500346 SignatureInfo
347 getSignatureInfo() const
348 {
349 return SignatureInfo(packet.getName()[signed_interest::POS_SIG_INFO].blockFromValue());
350 }
351};
Eric Newberryb74bbda2020-06-18 19:33:58 -0700352
Davide Pesavento73710362020-12-04 16:10:03 -0500353struct InterestV03Pkt
354{
Davide Pesaventoaee2ada2022-02-18 14:43:02 -0500355 Interest packet{"/interest03"};
Davide Pesavento0c526032024-01-31 21:14:01 -0500356 static constexpr SignedInterestFormat sigFormat = SignedInterestFormat::V03;
Eric Newberryb74bbda2020-06-18 19:33:58 -0700357
Davide Pesavento73710362020-12-04 16:10:03 -0500358 SignatureInfo
359 getSignatureInfo() const
360 {
361 return packet.getSignatureInfo().value(); // use .value() for checked access
362 }
363};
Eric Newberryb74bbda2020-06-18 19:33:58 -0700364
Davide Pesavento73710362020-12-04 16:10:03 -0500365template<typename KeyParams>
366struct DefaultIdentity
367{
368 Identity
369 operator()(KeyChain& keyChain) const
370 {
371 auto id = keyChain.createIdentity("/id", KeyParams());
372 BOOST_ASSERT(keyChain.getPib().getDefaultIdentity() == id);
373 return id;
374 }
375};
Eric Newberryb74bbda2020-06-18 19:33:58 -0700376
Davide Pesavento73710362020-12-04 16:10:03 -0500377template<typename KeyParams>
378struct NonDefaultIdentity
379{
380 Identity
381 operator()(KeyChain& keyChain) const
382 {
383 auto id = keyChain.createIdentity("/id");
384 auto id2 = keyChain.createIdentity("/id2", KeyParams());
385 BOOST_ASSERT(keyChain.getPib().getDefaultIdentity() == id);
386 return id2;
387 }
388};
Eric Newberryb74bbda2020-06-18 19:33:58 -0700389
Davide Pesavento73710362020-12-04 16:10:03 -0500390template<typename KeyParams>
391struct DefaultKey
392{
393 Key
394 operator()(KeyChain&, const Identity& id) const
395 {
396 auto key = id.getDefaultKey();
397 BOOST_ASSERT(key.getKeyType() == KeyParams().getKeyType());
398 return key;
399 }
400};
Eric Newberryb74bbda2020-06-18 19:33:58 -0700401
Davide Pesavento73710362020-12-04 16:10:03 -0500402template<typename KeyParams>
403struct NonDefaultKey
404{
405 Key
406 operator()(KeyChain& keyChain, const Identity& id) const
407 {
408 auto key2 = keyChain.createKey(id, KeyParams());
409 BOOST_ASSERT(id.getDefaultKey() != key2);
410 return key2;
411 }
412};
Eric Newberryb74bbda2020-06-18 19:33:58 -0700413
Davide Pesavento73710362020-12-04 16:10:03 -0500414template<typename PacketType,
415 template<typename> class IdentityMaker = DefaultIdentity,
416 template<typename> class KeyMaker = DefaultKey,
417 typename AsymmetricKeyParams = EcKeyParams,
418 uint32_t SignatureTypeTlvValue = tlv::SignatureSha256WithEcdsa>
419struct AsymmetricSigningBase : protected KeyChainFixture, protected PacketType
420{
421 const Identity id = IdentityMaker<AsymmetricKeyParams>()(m_keyChain);
422 const Key key = KeyMaker<AsymmetricKeyParams>()(m_keyChain, id);
423 const Certificate cert = key.getDefaultCertificate();
424
Davide Pesavento0c526032024-01-31 21:14:01 -0500425 static constexpr uint32_t expectedSigType = SignatureTypeTlvValue;
426 static constexpr bool shouldHaveKeyLocator = true;
Davide Pesaventof6b45892023-03-13 15:00:51 -0400427 const std::optional<KeyLocator> expectedKeyLocator = cert.getName();
Davide Pesavento73710362020-12-04 16:10:03 -0500428
429 bool
430 verify(const SigningInfo&) const
431 {
432 return verifySignature(this->packet, key);
433 }
434};
435
436template<typename PacketType,
437 typename AsymmetricKeyParams,
438 uint32_t SignatureTypeTlvValue>
439struct AsymmetricSigning : protected AsymmetricSigningBase<PacketType, DefaultIdentity, DefaultKey,
440 AsymmetricKeyParams, SignatureTypeTlvValue>
441{
442 const std::vector<SigningInfo> signingInfos = {
Yingdi Yufe4733a2015-10-22 14:24:12 -0700443 SigningInfo(),
Davide Pesavento73710362020-12-04 16:10:03 -0500444 SigningInfo(""),
Yingdi Yufe4733a2015-10-22 14:24:12 -0700445
Davide Pesavento73710362020-12-04 16:10:03 -0500446 SigningInfo(this->id),
447 SigningInfo(SigningInfo::SIGNER_TYPE_ID, this->id.getName()),
448 SigningInfo("id:" + this->id.getName().toUri()),
449 signingByIdentity(this->id),
450 signingByIdentity(this->id.getName()),
Yingdi Yufe4733a2015-10-22 14:24:12 -0700451
Davide Pesavento73710362020-12-04 16:10:03 -0500452 SigningInfo(this->key),
453 SigningInfo(SigningInfo::SIGNER_TYPE_KEY, this->key.getName()),
454 SigningInfo("key:" + this->key.getName().toUri()),
455 signingByKey(this->key),
456 signingByKey(this->key.getName()),
Alexander Afanasyevd6d78aa2017-01-02 18:14:23 -0800457
Davide Pesavento73710362020-12-04 16:10:03 -0500458 SigningInfo(SigningInfo::SIGNER_TYPE_CERT, this->cert.getName()),
459 SigningInfo("cert:" + this->cert.getName().toUri()),
460 signingByCertificate(this->cert),
461 signingByCertificate(this->cert.getName()),
462 };
463};
Yingdi Yufe4733a2015-10-22 14:24:12 -0700464
Davide Pesavento73710362020-12-04 16:10:03 -0500465template<typename PacketType>
466using RsaSigning = AsymmetricSigning<PacketType, RsaKeyParams, tlv::SignatureSha256WithRsa>;
Alexander Afanasyevd6d78aa2017-01-02 18:14:23 -0800467
Davide Pesavento73710362020-12-04 16:10:03 -0500468template<typename PacketType>
469using EcdsaSigning = AsymmetricSigning<PacketType, EcKeyParams, tlv::SignatureSha256WithEcdsa>;
Yingdi Yufe4733a2015-10-22 14:24:12 -0700470
Davide Pesavento73710362020-12-04 16:10:03 -0500471template<typename PacketType>
472struct SigningWithNonDefaultIdentity : protected AsymmetricSigningBase<PacketType, NonDefaultIdentity>
473{
474 const std::vector<SigningInfo> signingInfos = {
475 signingByIdentity(this->id),
476 signingByIdentity(this->id.getName()),
477 signingByKey(this->key),
478 signingByCertificate(this->cert),
479 };
480};
481
482template<typename PacketType>
483struct SigningWithNonDefaultKey : protected AsymmetricSigningBase<PacketType, NonDefaultIdentity, NonDefaultKey>
484{
485 const std::vector<SigningInfo> signingInfos = {
486 signingByKey(this->key),
487 signingByKey(this->key.getName()),
488 signingByCertificate(this->cert),
489 };
490};
491
492template<typename PacketType,
493 DigestAlgorithm DigestAlgo = DigestAlgorithm::SHA256,
494 uint32_t SignatureTypeTlvValue = tlv::SignatureHmacWithSha256>
495struct HmacSigning : protected KeyChainFixture, protected PacketType
496{
497 const std::vector<SigningInfo> signingInfos = {
498 SigningInfo(SigningInfo::SIGNER_TYPE_HMAC, m_keyChain.createHmacKey()),
laqinfan56a812d2019-06-03 15:33:58 -0500499 SigningInfo("hmac-sha256:QjM3NEEyNkE3MTQ5MDQzN0FBMDI0RTRGQURENUI0OTdGREZGMUE4RUE2RkYxMkY2RkI2NUFGMjcyMEI1OUNDRg=="),
Davide Pesavento73710362020-12-04 16:10:03 -0500500 };
laqinfan56a812d2019-06-03 15:33:58 -0500501
Davide Pesavento0c526032024-01-31 21:14:01 -0500502 static constexpr uint32_t expectedSigType = SignatureTypeTlvValue;
503 static constexpr bool shouldHaveKeyLocator = true;
Davide Pesaventof6b45892023-03-13 15:00:51 -0400504 const std::optional<KeyLocator> expectedKeyLocator = std::nullopt; // don't check KeyLocator value
Davide Pesavento73710362020-12-04 16:10:03 -0500505
506 bool
507 verify(const SigningInfo& si) const
508 {
509 return verifySignature(this->packet, m_keyChain.getTpm(), si.getSignerName(), DigestAlgo);
510 }
511};
512
513template<typename PacketType>
514struct Sha256Signing : protected KeyChainFixture, protected PacketType
515{
516 const std::vector<SigningInfo> signingInfos = {
Yingdi Yufe4733a2015-10-22 14:24:12 -0700517 SigningInfo(SigningInfo::SIGNER_TYPE_SHA256),
Davide Pesavento73710362020-12-04 16:10:03 -0500518 SigningInfo("id:" + SigningInfo::getDigestSha256Identity().toUri()),
Yingdi Yufe4733a2015-10-22 14:24:12 -0700519 signingWithSha256()
520 };
521
Davide Pesavento0c526032024-01-31 21:14:01 -0500522 static constexpr uint32_t expectedSigType = tlv::DigestSha256;
523 static constexpr bool shouldHaveKeyLocator = false;
Davide Pesaventof6b45892023-03-13 15:00:51 -0400524 const std::optional<KeyLocator> expectedKeyLocator = std::nullopt;
Yingdi Yufe4733a2015-10-22 14:24:12 -0700525
Davide Pesavento73710362020-12-04 16:10:03 -0500526 bool
527 verify(const SigningInfo&) const
528 {
Davide Pesaventof6b45892023-03-13 15:00:51 -0400529 return verifySignature(this->packet, std::nullopt);
Davide Pesavento73710362020-12-04 16:10:03 -0500530 }
531};
Yingdi Yufe4733a2015-10-22 14:24:12 -0700532
Davide Pesavento49e1e872023-11-11 00:45:23 -0500533using SigningTests = boost::mp11::mp_list<
Davide Pesavento73710362020-12-04 16:10:03 -0500534 RsaSigning<DataPkt>,
535 RsaSigning<InterestV02Pkt>,
536 RsaSigning<InterestV03Pkt>,
537 EcdsaSigning<DataPkt>,
538 EcdsaSigning<InterestV02Pkt>,
539 EcdsaSigning<InterestV03Pkt>,
540 HmacSigning<DataPkt>,
541 HmacSigning<InterestV02Pkt>,
542 HmacSigning<InterestV03Pkt>,
543 Sha256Signing<DataPkt>,
544 Sha256Signing<InterestV02Pkt>,
545 Sha256Signing<InterestV03Pkt>,
546 SigningWithNonDefaultIdentity<DataPkt>,
Davide Pesavento809f7542021-03-24 18:53:05 -0400547 SigningWithNonDefaultIdentity<InterestV03Pkt>,
548 SigningWithNonDefaultKey<DataPkt>,
549 SigningWithNonDefaultKey<InterestV03Pkt>
Davide Pesavento73710362020-12-04 16:10:03 -0500550>;
Eric Newberryb74bbda2020-06-18 19:33:58 -0700551
Davide Pesavento73710362020-12-04 16:10:03 -0500552BOOST_FIXTURE_TEST_CASE_TEMPLATE(SigningInterface, T, SigningTests, T)
553{
Davide Pesavento0c526032024-01-31 21:14:01 -0500554 BOOST_TEST_INFO_SCOPE("Packet = " << this->packet.getName());
Davide Pesavento73710362020-12-04 16:10:03 -0500555
Davide Pesavento0c526032024-01-31 21:14:01 -0500556 for (auto signingInfo : this->signingInfos) {
557 signingInfo.setSignedInterestFormat(this->sigFormat);
558 BOOST_TEST_INFO_SCOPE("SigningInfo = " << signingInfo);
Davide Pesavento73710362020-12-04 16:10:03 -0500559
Davide Pesavento0c526032024-01-31 21:14:01 -0500560 this->m_keyChain.sign(this->packet, signingInfo);
561
562 auto sigInfo = this->getSignatureInfo();
563 BOOST_CHECK_EQUAL(sigInfo.getSignatureType(), this->expectedSigType);
564 BOOST_CHECK_EQUAL(sigInfo.hasKeyLocator(), this->shouldHaveKeyLocator);
565 if (this->expectedKeyLocator) {
566 BOOST_CHECK_EQUAL(sigInfo.getKeyLocator(), *this->expectedKeyLocator);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700567 }
Davide Pesavento0c526032024-01-31 21:14:01 -0500568 BOOST_CHECK(this->verify(signingInfo));
Yingdi Yufe4733a2015-10-22 14:24:12 -0700569 }
570}
571
Junxiao Shi9ee770b2022-04-25 23:33:33 +0000572class MakeCertificateFixture : public ClockFixture
573{
574public:
575 MakeCertificateFixture()
576 : requesterKeyChain("pib-memory:", "tpm-memory:")
577 , signerKeyChain("pib-memory:", "tpm-memory:")
578 {
579 m_systemClock->setNow(time::fromIsoString("20091117T203458,651387237").time_since_epoch());
580
581 requester = requesterKeyChain.createIdentity("/requester").getDefaultKey();
582 Name signerIdentityName("/signer");
583 signerKey = signerKeyChain.createIdentity(signerIdentityName).getDefaultKey();
584 signerParams = signingByIdentity(signerIdentityName);
585 }
586
587 void
Davide Pesaventof6b45892023-03-13 15:00:51 -0400588 checkKeyLocatorName(const Certificate& cert,
589 const std::optional<Name>& klName = std::nullopt) const
Junxiao Shi9ee770b2022-04-25 23:33:33 +0000590 {
591 auto kl = cert.getKeyLocator();
592 if (!kl.has_value()) {
593 BOOST_ERROR("KeyLocator is missing");
594 return;
595 }
Davide Pesavento07db0732022-05-06 15:20:26 -0400596 BOOST_CHECK_EQUAL(kl->getName(), klName.value_or(signerKey.getDefaultCertificate().getName()));
Junxiao Shi9ee770b2022-04-25 23:33:33 +0000597 }
598
599 void
600 checkCertFromDefaults(const Certificate& cert) const
601 {
602 BOOST_CHECK(Certificate::isValidName(cert.getName()));
603 BOOST_CHECK_EQUAL(cert.getKeyName(), requester.getName());
604 BOOST_CHECK_EQUAL(cert.getName()[-2], name::Component("NA"));
605 BOOST_CHECK(cert.getName()[-1].isVersion());
606
607 BOOST_CHECK_EQUAL(cert.getContentType(), tlv::ContentType_Key);
608 BOOST_CHECK_EQUAL(cert.getFreshnessPeriod(), 1_h);
609
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400610 BOOST_TEST(cert.getPublicKey() == requester.getPublicKey(), boost::test_tools::per_element());
Junxiao Shi9ee770b2022-04-25 23:33:33 +0000611
612 checkKeyLocatorName(cert);
613
614 BOOST_CHECK(cert.isValid());
615 auto vp = cert.getValidityPeriod().getPeriod();
616 BOOST_CHECK_EQUAL(vp.first, time::fromIsoString("20091117T203458"));
617 BOOST_CHECK_EQUAL(vp.second, time::fromIsoString("20101117T203458"));
618
619 auto adBlock = cert.getSignatureInfo().getCustomTlv(tlv::AdditionalDescription);
620 BOOST_CHECK(!adBlock.has_value());
621 }
622
623public:
624 KeyChain requesterKeyChain;
625 pib::Key requester;
626
627 KeyChain signerKeyChain;
628 pib::Key signerKey;
629 Name signerCertificateName;
630 SigningInfo signerParams;
631};
632
633BOOST_FIXTURE_TEST_SUITE(MakeCertificate, MakeCertificateFixture)
634
635BOOST_AUTO_TEST_CASE(DefaultsFromKey)
636{
637 auto cert = signerKeyChain.makeCertificate(requester, signerParams);
638 checkCertFromDefaults(cert);
639}
640
641BOOST_AUTO_TEST_CASE(DefaultsFromCert)
642{
643 auto cert = signerKeyChain.makeCertificate(requester.getDefaultCertificate(), signerParams);
644 checkCertFromDefaults(cert);
645}
646
647BOOST_AUTO_TEST_CASE(Options)
648{
649 MakeCertificateOptions opts;
Davide Pesavento8e047e12024-02-12 16:50:23 -0500650 opts.issuerId = name::Component::fromUri("ISSUER");
Junxiao Shi9ee770b2022-04-25 23:33:33 +0000651 opts.version = 41218268;
652 opts.freshnessPeriod = 321_s;
653 opts.validity.emplace(time::fromIsoString("20060702T150405"),
654 time::fromIsoString("20160702T150405"));
655
656 SignatureInfo sigInfo;
657 sigInfo.setKeyLocator(signerKey.getName());
658 sigInfo.setValidityPeriod(ValidityPeriod(time::fromIsoString("20060102T150405"),
659 time::fromIsoString("20160102T150405")));
660 sigInfo.addCustomTlv(Block(0xF0));
661 signerParams.setSignatureInfo(sigInfo);
662
663 auto cert = signerKeyChain.makeCertificate(requester, signerParams, opts);
664
665 BOOST_CHECK_EQUAL(cert.getName(),
666 Name(requester.getName()).append(PartialName("ISSUER/v=41218268")));
667 BOOST_CHECK_EQUAL(cert.getFreshnessPeriod(), 321_s);
668 checkKeyLocatorName(cert, signerKey.getName());
669
670 auto vp = cert.getValidityPeriod().getPeriod();
671 BOOST_CHECK_EQUAL(vp.first, time::fromIsoString("20060702T150405"));
672 BOOST_CHECK_EQUAL(vp.second, time::fromIsoString("20160702T150405"));
673
674 BOOST_CHECK(cert.getSignatureInfo().getCustomTlv(0xF0).has_value());
675}
676
677BOOST_AUTO_TEST_CASE(ErrSigner)
678{
679 signerParams = signingByIdentity("/nonexistent");
680 BOOST_CHECK_THROW(signerKeyChain.makeCertificate(requester, signerParams), KeyChain::Error);
681}
682
683BOOST_AUTO_TEST_CASE(ErrZeroFreshness)
684{
685 MakeCertificateOptions opts;
686 opts.freshnessPeriod = 0_ms;
687 BOOST_CHECK_THROW(signerKeyChain.makeCertificate(requester, signerParams, opts),
688 std::invalid_argument);
689}
690
691BOOST_AUTO_TEST_CASE(ErrNegativeFreshness)
692{
693 MakeCertificateOptions opts;
694 opts.freshnessPeriod = -1_ms;
695 BOOST_CHECK_THROW(signerKeyChain.makeCertificate(requester, signerParams, opts),
696 std::invalid_argument);
697}
698
699BOOST_AUTO_TEST_CASE(ErrContent)
700{
701 Certificate request(requester.getDefaultCertificate());
Davide Pesavento07db0732022-05-06 15:20:26 -0400702
703 // malformed public key
Junxiao Shi9ee770b2022-04-25 23:33:33 +0000704 const auto& oldContent = request.getContent();
705 std::vector<uint8_t> content(oldContent.value_begin(), oldContent.value_end());
706 content[0] ^= 0x80;
707 request.setContent(content);
708 BOOST_CHECK_THROW(signerKeyChain.makeCertificate(request, signerParams), std::invalid_argument);
Davide Pesavento07db0732022-05-06 15:20:26 -0400709
710 // empty content
Davide Pesavento296c3a12023-05-04 21:40:40 -0400711 request.setContent("");
Davide Pesavento07db0732022-05-06 15:20:26 -0400712 BOOST_CHECK_THROW(signerKeyChain.makeCertificate(request, signerParams), std::invalid_argument);
Junxiao Shi9ee770b2022-04-25 23:33:33 +0000713}
714
715BOOST_AUTO_TEST_SUITE_END() // MakeCertificate
716
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500717BOOST_FIXTURE_TEST_CASE(ImportPrivateKey, KeyChainFixture)
laqinfan56a812d2019-06-03 15:33:58 -0500718{
Davide Pesavento765abc92021-12-27 00:44:04 -0500719 const Name keyName("/test/device2");
720 const uint8_t rawKey[] = "nPSNOHyZKsg2WLqHAs7MXGb0sjQb4zCT";
laqinfan56a812d2019-06-03 15:33:58 -0500721 auto key = make_shared<transform::PrivateKey>();
Davide Pesavento765abc92021-12-27 00:44:04 -0500722 key->loadRaw(KeyType::HMAC, rawKey);
laqinfan56a812d2019-06-03 15:33:58 -0500723
724 m_keyChain.importPrivateKey(keyName, key);
725 BOOST_CHECK_EQUAL(m_keyChain.getTpm().hasKey(keyName), true);
726 BOOST_CHECK_THROW(m_keyChain.importPrivateKey(keyName, key), KeyChain::Error);
727}
728
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500729BOOST_FIXTURE_TEST_CASE(ExportImport, KeyChainFixture)
Yingdi Yufe4733a2015-10-22 14:24:12 -0700730{
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500731 Identity id = m_keyChain.createIdentity("/TestKeyChain/ExportIdentity");
Yingdi Yufe4733a2015-10-22 14:24:12 -0700732 Certificate cert = id.getDefaultKey().getDefaultCertificate();
733
734 shared_ptr<SafeBag> exported = m_keyChain.exportSafeBag(cert, "1234", 4);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400735 const auto& block = exported->wireEncode();
Yingdi Yufe4733a2015-10-22 14:24:12 -0700736
737 m_keyChain.deleteIdentity(id);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400738 BOOST_CHECK_EXCEPTION(m_keyChain.exportSafeBag(cert, "1234", 4), KeyChain::Error, [] (const auto& e) {
739 return std::string(e.what()).find("Failed to export private key") == 0;
740 });
Yingdi Yufe4733a2015-10-22 14:24:12 -0700741
742 BOOST_CHECK_EQUAL(m_keyChain.getTpm().hasKey(cert.getKeyName()), false);
743 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentities().size(), 0);
744
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400745 SafeBag imported(block);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700746 m_keyChain.importSafeBag(imported, "1234", 4);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400747 BOOST_CHECK_EXCEPTION(m_keyChain.importSafeBag(imported, "1234", 4), KeyChain::Error, [] (const auto& e) {
748 return std::string(e.what()).find("already exists") != std::string::npos;
749 });
Yingdi Yufe4733a2015-10-22 14:24:12 -0700750
751 BOOST_CHECK_EQUAL(m_keyChain.getTpm().hasKey(cert.getKeyName()), true);
752 BOOST_CHECK_EQUAL(m_keyChain.getPib().getIdentities().size(), 1);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700753 Identity newId = m_keyChain.getPib().getIdentity(cert.getIdentity());
754 BOOST_CHECK_EQUAL(newId.getKeys().size(), 1);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700755 Key newKey = newId.getKey(cert.getKeyName());
756 BOOST_CHECK_EQUAL(newKey.getCertificates().size(), 1);
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400757 Certificate newCert = newKey.getCertificate(cert.getName());
758 BOOST_CHECK_EQUAL(newCert, cert);
759}
Yingdi Yufe4733a2015-10-22 14:24:12 -0700760
Davide Pesaventoe30389c2022-05-31 17:23:33 -0400761BOOST_FIXTURE_TEST_CASE(ImportInvalid, KeyChainFixture)
762{
763 Identity id = m_keyChain.createIdentity("/TestKeyChain/ExportIdentity");
764 Certificate cert = id.getDefaultKey().getDefaultCertificate();
765
766 auto exported = m_keyChain.exportSafeBag(cert, "1234", 4);
767 m_keyChain.deleteIdentity(id);
768
769 Identity id2 = m_keyChain.createIdentity("/TestKeyChain/AnotherIdentity");
770 Certificate cert2 = id2.getDefaultKey().getDefaultCertificate();
771 m_keyChain.deleteIdentity(id2);
772
773 SafeBag mismatch(cert2, exported->getEncryptedKey());
774 BOOST_CHECK_EXCEPTION(m_keyChain.importSafeBag(mismatch, "1234", 4), KeyChain::Error, [] (const auto& e) {
775 return std::string(e.what()).find("do not match") != std::string::npos;
776 });
777
778 SafeBag invalidPriv(cert2, {0xCA, 0xFE});
779 BOOST_CHECK_EXCEPTION(m_keyChain.importSafeBag(invalidPriv, "1234", 4), KeyChain::Error, [] (const auto& e) {
780 return std::string(e.what()).find("Failed to import private key") == 0;
781 });
Yingdi Yufe4733a2015-10-22 14:24:12 -0700782}
783
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500784BOOST_FIXTURE_TEST_CASE(SelfSignedCertValidity, KeyChainFixture)
Alexander Afanasyevf8379172017-01-11 16:56:04 -0800785{
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500786 Certificate cert = m_keyChain.createIdentity("/Security/TestKeyChain/SelfSignedCertValidity")
Alexander Afanasyevf8379172017-01-11 16:56:04 -0800787 .getDefaultKey()
788 .getDefaultCertificate();
789 BOOST_CHECK(cert.isValid());
Davide Pesavento0f830802018-01-16 23:58:58 -0500790 BOOST_CHECK(cert.isValid(time::system_clock::now() + 10 * 365_days));
791 BOOST_CHECK_GT(cert.getValidityPeriod().getPeriod().second, time::system_clock::now() + 10 * 365_days);
Alexander Afanasyevf8379172017-01-11 16:56:04 -0800792}
793
Yingdi Yufe4733a2015-10-22 14:24:12 -0700794BOOST_AUTO_TEST_SUITE_END() // TestKeyChain
Yingdi Yufe4733a2015-10-22 14:24:12 -0700795BOOST_AUTO_TEST_SUITE_END() // Security
796
Davide Pesavento47ce2ee2023-05-09 01:33:33 -0400797} // namespace ndn::tests