blob: 8d675fc7647c13cdecb5ef8ed8b033d2cd7e3a07 [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -04001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yu4270f202014-01-28 14:19:16 -08002/**
Alexander Afanasyevc169a812014-05-20 20:37:29 -04003 * Copyright (c) 2013-2014 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -07004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -07006 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -04007 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Yingdi Yu4270f202014-01-28 14:19:16 -080020 */
21
Yingdi Yu4270f202014-01-28 14:19:16 -080022#include "security/key-chain.hpp"
Yingdi Yu6ac97982014-01-30 14:49:21 -080023#include "security/validator.hpp"
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080024
Yingdi Yuc4f6fd72014-02-26 12:48:44 -080025#include "util/command-interest-generator.hpp"
26#include "util/command-interest-validator.hpp"
Yingdi Yu4270f202014-01-28 14:19:16 -080027
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -070028#include "boost-test.hpp"
29
Yingdi Yu4270f202014-01-28 14:19:16 -080030using namespace std;
Alexander Afanasyev0abb2da2014-01-30 18:07:57 -080031namespace ndn {
Yingdi Yu4270f202014-01-28 14:19:16 -080032
Alexander Afanasyevd1b5c412014-03-27 15:03:51 -070033BOOST_AUTO_TEST_SUITE(SecurityTestSignedInterest)
Yingdi Yu4270f202014-01-28 14:19:16 -080034
Yingdi Yuf56c68f2014-04-24 21:50:13 -070035BOOST_AUTO_TEST_CASE(SignedInterest)
Yingdi Yu4270f202014-01-28 14:19:16 -080036{
Yingdi Yuf56c68f2014-04-24 21:50:13 -070037 BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
38 KeyChain keyChain("sqlite3", "file");
Yingdi Yu4270f202014-01-28 14:19:16 -080039
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070040 Name identityName("/TestSignedInterest/SignVerify");
41 identityName.appendVersion();
42
Yingdi Yu17bc3012014-02-10 17:37:12 -080043 Name certificateName;
44 BOOST_REQUIRE_NO_THROW(certificateName = keyChain.createIdentity(identityName));
Yingdi Yu4270f202014-01-28 14:19:16 -080045
Yingdi Yu17bc3012014-02-10 17:37:12 -080046 Interest interest("/TestSignedInterest/SignVerify/Interest1");
Yingdi Yu2e57a582014-02-20 23:34:43 -080047 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(interest, identityName));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070048
Yingdi Yu4270f202014-01-28 14:19:16 -080049 Block interestBlock(interest.wireEncode().wire(), interest.wireEncode().size());
50
51 Interest interest2;
52 interest2.wireDecode(interestBlock);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070053
Yingdi Yu2e57a582014-02-20 23:34:43 -080054 shared_ptr<PublicKey> publicKey;
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -070055 BOOST_REQUIRE_NO_THROW(publicKey = keyChain.getPublicKeyFromTpm(
56 keyChain.getDefaultKeyNameForIdentity(identityName)));
Yingdi Yu6ac97982014-01-30 14:49:21 -080057 bool result = Validator::verifySignature(interest2, *publicKey);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070058
Yingdi Yu17bc3012014-02-10 17:37:12 -080059 BOOST_CHECK_EQUAL(result, true);
60
Yingdi Yu2e57a582014-02-20 23:34:43 -080061 keyChain.deleteIdentity(identityName);
Yingdi Yu4270f202014-01-28 14:19:16 -080062}
63
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080064class CommandInterestFixture
65{
66public:
67 CommandInterestFixture()
68 : m_validity(false)
Alexander Afanasyev24b75c82014-05-31 15:59:31 +030069 {
70 }
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070071
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080072 void
73 validated(const shared_ptr<const Interest>& interest)
Alexander Afanasyev24b75c82014-05-31 15:59:31 +030074 {
75 m_validity = true;
76 }
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080077
78 void
Yingdi Yu40587c02014-02-21 16:40:48 -080079 validationFailed(const shared_ptr<const Interest>& interest, const string& failureInfo)
80 {
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070081 m_validity = false;
Yingdi Yu40587c02014-02-21 16:40:48 -080082 }
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080083
84 void
85 reset()
Alexander Afanasyev24b75c82014-05-31 15:59:31 +030086 {
87 m_validity = false;
88 }
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080089
90 bool m_validity;
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070091};
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080092
Yingdi Yu0fc447c2014-04-29 19:38:32 -070093BOOST_FIXTURE_TEST_CASE(CommandInterest, CommandInterestFixture)
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080094{
95 KeyChain keyChain;
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070096 Name identity("/TestCommandInterest/Validation");
97 identity.appendVersion();
98
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080099 Name certName;
100 BOOST_REQUIRE_NO_THROW(certName = keyChain.createIdentity(identity));
101
102 CommandInterestGenerator generator;
103 CommandInterestValidator validator;
104
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700105 validator.addInterestRule("^<TestCommandInterest><Validation>",
106 *keyChain.getCertificate(certName));
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800107
108 //Test a legitimate command
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700109 shared_ptr<Interest> commandInterest1 =
110 make_shared<Interest>("/TestCommandInterest/Validation/Command1");
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800111 generator.generateWithIdentity(*commandInterest1, identity);
112 validator.validate(*commandInterest1,
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700113 bind(&CommandInterestFixture::validated, this, _1),
114 bind(&CommandInterestFixture::validationFailed, this, _1, _2));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700115
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800116 BOOST_CHECK_EQUAL(m_validity, true);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700117
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800118 //Test an outdated command
119 reset();
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700120 shared_ptr<Interest> commandInterest2 =
121 make_shared<Interest>("/TestCommandInterest/Validation/Command2");
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700122 time::milliseconds timestamp = time::toUnixTimestamp(time::system_clock::now());
123 timestamp -= time::seconds(5);
124
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800125 Name commandName = commandInterest2->getName();
126 commandName
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700127 .appendNumber(timestamp.count())
128 .appendNumber(random::generateWord64());
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800129 commandInterest2->setName(commandName);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700130
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800131 keyChain.signByIdentity(*commandInterest2, identity);
132 validator.validate(*commandInterest2,
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700133 bind(&CommandInterestFixture::validated, this, _1),
134 bind(&CommandInterestFixture::validationFailed, this, _1, _2));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700135
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800136 BOOST_CHECK_EQUAL(m_validity, false);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700137
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800138 //Test an unauthorized command
139 Name identity2("/TestCommandInterest/Validation2");
140 Name certName2;
141 BOOST_REQUIRE_NO_THROW(certName2 = keyChain.createIdentity(identity2));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700142
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700143 shared_ptr<Interest> commandInterest3 =
144 make_shared<Interest>("/TestCommandInterest/Validation/Command3");
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800145 generator.generateWithIdentity(*commandInterest3, identity2);
146 validator.validate(*commandInterest3,
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700147 bind(&CommandInterestFixture::validated, this, _1),
148 bind(&CommandInterestFixture::validationFailed, this, _1, _2));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700149
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800150 BOOST_CHECK_EQUAL(m_validity, false);
151
152 //Test another unauthorized command
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700153 shared_ptr<Interest> commandInterest4 =
154 make_shared<Interest>("/TestCommandInterest/Validation2/Command");
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800155 generator.generateWithIdentity(*commandInterest4, identity);
156 validator.validate(*commandInterest4,
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700157 bind(&CommandInterestFixture::validated, this, _1),
158 bind(&CommandInterestFixture::validationFailed, this, _1, _2));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700159
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800160 BOOST_CHECK_EQUAL(m_validity, false);
161
162 BOOST_CHECK_NO_THROW(keyChain.deleteIdentity(identity));
163 BOOST_CHECK_NO_THROW(keyChain.deleteIdentity(identity2));
164}
165
Yingdi Yu0fc447c2014-04-29 19:38:32 -0700166BOOST_FIXTURE_TEST_CASE(Exemption, CommandInterestFixture)
167{
168 KeyChain keyChain;
169 Name identity("/TestCommandInterest/AnyKey");
170
171 Name certName;
172 BOOST_REQUIRE_NO_THROW(certName = keyChain.createIdentity(identity));
173
174 CommandInterestGenerator generator;
175 CommandInterestValidator validator;
176
177 validator.addInterestBypassRule("^<TestCommandInterest><Exemption>");
178
179 //Test a legitimate command
180 shared_ptr<Interest> commandInterest1 =
181 make_shared<Interest>("/TestCommandInterest/Exemption/Command1");
182 generator.generateWithIdentity(*commandInterest1, identity);
183 validator.validate(*commandInterest1,
184 bind(&CommandInterestFixture::validated, this, _1),
185 bind(&CommandInterestFixture::validationFailed, this, _1, _2));
186
187 BOOST_CHECK_EQUAL(m_validity, true);
188
189 BOOST_CHECK_NO_THROW(keyChain.deleteIdentity(identity));
190}
191
192
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800193
Yingdi Yu4270f202014-01-28 14:19:16 -0800194BOOST_AUTO_TEST_SUITE_END()
Alexander Afanasyev0abb2da2014-01-30 18:07:57 -0800195
196} // namespace ndn