Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 17d4b93f0499ceb8e27fc77bbb3c27a13fa91a27 / . / tests / unit / security / validator-config / checker.t.cpp
blob: d098b11e03ac9dae4cfc69edb8e902d6fd0f9fd9 [file] [log] [blame]
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/*
Junxiao Shi5dc75602021-02-19 11:33:00 -0700[diff] [blame]3 * Copyright (c) 2013-2021 Regents of the University of California.
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]22#include "ndn-cxx/security/validator-config/checker.hpp"
Davide Pesavento7e780642018-11-24 15:51:34 -0500[diff] [blame]23#include "ndn-cxx/security/command-interest-signer.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]24#include "ndn-cxx/security/validation-policy.hpp"
25#include "ndn-cxx/security/validation-state.hpp"
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]26
Davide Pesavento7e780642018-11-24 15:51:34 -0500[diff] [blame]27#include "tests/boost-test.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]28#include "tests/unit/security/validator-fixture.hpp"
29#include "tests/unit/security/validator-config/common.hpp"
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]30
31namespace ndn {
32namespace security {
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]33inline namespace v2 {
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]34namespace validator_config {
35namespace tests {
36
37using namespace ndn::tests;
Junxiao Shi5dc75602021-02-19 11:33:00 -0700[diff] [blame]38using namespace ndn::security::tests;
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]39
40BOOST_AUTO_TEST_SUITE(Security)
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]41BOOST_AUTO_TEST_SUITE(ValidatorConfig)
Junxiao Shi5dc75602021-02-19 11:33:00 -0700[diff] [blame]42BOOST_AUTO_TEST_SUITE(TestChecker)
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]43
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]44class CheckerFixture : public KeyChainFixture
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]45{
46public:
47 CheckerFixture()
48 {
49 names.push_back("/foo/bar");
50 names.push_back("/foo/bar/bar");
51 names.push_back("/foo");
52 names.push_back("/other/prefix");
53 }
54
Davide Pesavento5437aa22019-03-24 14:02:37 -0400[diff] [blame]55 static Name
Junxiao Shi5dc75602021-02-19 11:33:00 -0700[diff] [blame]56 makeKeyLocatorKeyName(const Name& name)
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]57 {
Junxiao Shi5dc75602021-02-19 11:33:00 -0700[diff] [blame]58 static PartialName suffix("KEY/keyid");
59 return Name(name).append(suffix);
60 }
61
62 static Name
63 makeKeyLocatorCertName(const Name& name)
64 {
65 static PartialName suffix("KEY/keyid/issuer/v=1");
66 return Name(name).append(suffix);
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]67 }
68
Junxiao Shi58b9e0f2021-03-18 15:54:07 -0600[diff] [blame]69 template<typename PktType, typename C>
70 static void
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400[diff] [blame^]71 testChecker(C& checker, tlv::SignatureTypeValue sigType, const Name& pktName, const Name& klName, bool expectedOutcome)
Junxiao Shi58b9e0f2021-03-18 15:54:07 -0600[diff] [blame]72 {
73 BOOST_TEST_CONTEXT("pkt=" << pktName << " kl=" << klName) {
74 auto state = PktType::makeState();
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400[diff] [blame^]75 auto result = checker.check(PktType::getType(), sigType, pktName, klName, *state);
Junxiao Shi58b9e0f2021-03-18 15:54:07 -0600[diff] [blame]76 BOOST_CHECK_EQUAL(bool(result), expectedOutcome);
77 BOOST_CHECK(boost::logic::indeterminate(state->getOutcome()));
78 if (!result) {
79 BOOST_CHECK_NE(result.getErrorMessage(), "");
80 }
81 }
82 }
83
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]84public:
85 std::vector<Name> names;
86};
87
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]88class NameRelationEqual : public CheckerFixture
89{
90public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400[diff] [blame^]91 NameRelationChecker checker{tlv::SignatureSha256WithRsa, "/foo/bar", NameRelation::EQUAL};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]92 std::vector<std::vector<bool>> outcomes = {{true, false, false, false},
93 {true, false, false, false},
94 {true, false, false, false},
95 {true, false, false, false}};
96};
97
98class NameRelationIsPrefixOf : public CheckerFixture
99{
100public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400[diff] [blame^]101 NameRelationChecker checker{tlv::SignatureSha256WithRsa, "/foo/bar", NameRelation::IS_PREFIX_OF};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]102 std::vector<std::vector<bool>> outcomes = {{true, true, false, false},
103 {true, true, false, false},
104 {true, true, false, false},
105 {true, true, false, false}};
106};
107
108class NameRelationIsStrictPrefixOf : public CheckerFixture
109{
110public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400[diff] [blame^]111 NameRelationChecker checker{tlv::SignatureSha256WithRsa, "/foo/bar", NameRelation::IS_STRICT_PREFIX_OF};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]112 std::vector<std::vector<bool>> outcomes = {{false, true, false, false},
113 {false, true, false, false},
114 {false, true, false, false},
115 {false, true, false, false}};
116};
117
118class RegexEqual : public CheckerFixture
119{
120public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400[diff] [blame^]121 RegexChecker checker{tlv::SignatureSha256WithRsa, Regex("^<foo><bar><KEY><>{1,3}$")};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]122 std::vector<std::vector<bool>> outcomes = {{true, false, false, false},
123 {true, false, false, false},
124 {true, false, false, false},
125 {true, false, false, false}};
126};
127
128class RegexIsPrefixOf : public CheckerFixture
129{
130public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400[diff] [blame^]131 RegexChecker checker{tlv::SignatureSha256WithRsa, Regex("^<foo><bar><>*<KEY><>{1,3}$")};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]132 std::vector<std::vector<bool>> outcomes = {{true, true, false, false},
133 {true, true, false, false},
134 {true, true, false, false},
135 {true, true, false, false}};
136};
137
138class RegexIsStrictPrefixOf : public CheckerFixture
139{
140public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400[diff] [blame^]141 RegexChecker checker{tlv::SignatureSha256WithRsa, Regex("^<foo><bar><>+<KEY><>{1,3}$")};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]142 std::vector<std::vector<bool>> outcomes = {{false, true, false, false},
143 {false, true, false, false},
144 {false, true, false, false},
145 {false, true, false, false}};
146};
147
148class HyperRelationEqual : public CheckerFixture
149{
150public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400[diff] [blame^]151 HyperRelationChecker checker{tlv::SignatureSha256WithRsa,
152 "^(<>+)$", "\\1", "^(<>+)<KEY><>{1,3}$", "\\1", NameRelation::EQUAL};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]153 std::vector<std::vector<bool>> outcomes = {{true, false, false, false},
154 {false, true, false, false},
155 {false, false, true, false},
156 {false, false, false, true}};
157};
158
159class HyperRelationIsPrefixOf : public CheckerFixture
160{
161public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400[diff] [blame^]162 HyperRelationChecker checker{tlv::SignatureSha256WithRsa,
163 "^(<>+)$", "\\1", "^(<>+)<KEY><>{1,3}$", "\\1", NameRelation::IS_PREFIX_OF};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]164 std::vector<std::vector<bool>> outcomes = {{true, false, true, false},
165 {true, true, true, false},
166 {false, false, true, false},
167 {false, false, false, true}};
168};
169
170class HyperRelationIsStrictPrefixOf : public CheckerFixture
171{
172public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400[diff] [blame^]173 HyperRelationChecker checker{tlv::SignatureSha256WithRsa,
174 "^(<>+)$", "\\1", "^(<>+)<KEY><>{1,3}$", "\\1", NameRelation::IS_STRICT_PREFIX_OF};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]175 std::vector<std::vector<bool>> outcomes = {{false, false, true, false},
176 {true, false, true, false},
177 {false, false, false, false},
178 {false, false, false, false}};
179};
180
181class Hierarchical : public CheckerFixture
182{
183public:
184 Hierarchical()
185 : checkerPtr(Checker::create(makeSection(R"CONF(
186 type hierarchical
187 sig-type rsa-sha256
188 )CONF"), "test-config"))
189 , checker(*checkerPtr)
190 {
191 }
192
193public:
194 std::unique_ptr<Checker> checkerPtr;
195 Checker& checker;
196
197 std::vector<std::vector<bool>> outcomes = {{true, false, true, false},
198 {true, true, true, false},
199 {false, false, true, false},
200 {false, false, false, true}};
201};
202
203class CustomizedNameRelation : public CheckerFixture
204{
205public:
206 CustomizedNameRelation()
207 : checkerPtr(Checker::create(makeSection(R"CONF(
208 type customized
209 sig-type rsa-sha256
210 key-locator
211 {
212 type name
213 name /foo/bar
214 relation equal
215 }
216 )CONF"), "test-config"))
217 , checker(*checkerPtr)
218 {
219 }
220
221public:
222 std::unique_ptr<Checker> checkerPtr;
223 Checker& checker;
224
225 std::vector<std::vector<bool>> outcomes = {{true, false, false, false},
226 {true, false, false, false},
227 {true, false, false, false},
228 {true, false, false, false}};
229};
230
231class CustomizedRegex : public CheckerFixture
232{
233public:
234 CustomizedRegex()
235 : checkerPtr(Checker::create(makeSection(R"CONF(
236 type customized
237 sig-type rsa-sha256
238 key-locator
239 {
240 type name
Junxiao Shi5dc75602021-02-19 11:33:00 -0700[diff] [blame]241 regex ^<foo><bar><KEY><>{1,3}$
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]242 }
243 )CONF"), "test-config"))
244 , checker(*checkerPtr)
245 {
246 }
247
248public:
249 std::unique_ptr<Checker> checkerPtr;
250 Checker& checker;
251
252 std::vector<std::vector<bool>> outcomes = {{true, false, false, false},
253 {true, false, false, false},
254 {true, false, false, false},
255 {true, false, false, false}};
256};
257
258class CustomizedHyperRelation : public CheckerFixture
259{
260public:
261 CustomizedHyperRelation()
262 : checkerPtr(Checker::create(makeSection(R"CONF(
263 type customized
264 sig-type rsa-sha256
265 key-locator
266 {
267 type name
268 hyper-relation
269 {
Junxiao Shi5dc75602021-02-19 11:33:00 -0700[diff] [blame]270 k-regex ^(<>+)<KEY><>{1,3}$
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]271 k-expand \\1
272 h-relation is-prefix-of
273 p-regex ^(<>+)$
274 p-expand \\1
275 }
276 }
277 )CONF"), "test-config"))
278 , checker(*checkerPtr)
279 {
280 }
281
282public:
283 std::unique_ptr<Checker> checkerPtr;
284 Checker& checker;
285
286 std::vector<std::vector<bool>> outcomes = {{true, false, true, false},
287 {true, true, true, false},
288 {false, false, true, false},
289 {false, false, false, true}};
290};
291
Junxiao Shi5dc75602021-02-19 11:33:00 -0700[diff] [blame]292using CheckerFixtures = boost::mpl::vector<
293 NameRelationEqual,
294 NameRelationIsPrefixOf,
295 NameRelationIsStrictPrefixOf,
296 RegexEqual,
297 RegexIsPrefixOf,
298 RegexIsStrictPrefixOf,
299 HyperRelationEqual,
300 HyperRelationIsPrefixOf,
301 HyperRelationIsStrictPrefixOf,
302 Hierarchical,
303 CustomizedNameRelation,
304 CustomizedRegex,
305 CustomizedHyperRelation
306>;
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]307
Junxiao Shi5dc75602021-02-19 11:33:00 -0700[diff] [blame]308// Cartesian product of [DataPkt, InterestV02Pkt, InterestV03Pkt] and CheckerFixtures.
309// Each element is a boost::mpl::pair<PktType, CheckerFixture>.
310using Tests = boost::mpl::fold<
311 CheckerFixtures,
312 boost::mpl::vector<>,
313 boost::mpl::push_back<boost::mpl::push_back<boost::mpl::push_back<boost::mpl::_1,
314 boost::mpl::pair<DataPkt, boost::mpl::_2>>,
315 boost::mpl::pair<InterestV02Pkt, boost::mpl::_2>>,
316 boost::mpl::pair<InterestV03Pkt, boost::mpl::_2>>
317>::type;
318
319BOOST_FIXTURE_TEST_CASE_TEMPLATE(Checks, T, Tests, T::second)
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]320{
Junxiao Shi5dc75602021-02-19 11:33:00 -0700[diff] [blame]321 using PktType = typename T::first;
Davide Pesavento5437aa22019-03-24 14:02:37 -0400[diff] [blame]322
323 BOOST_REQUIRE_EQUAL(this->outcomes.size(), this->names.size());
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]324 for (size_t i = 0; i < this->names.size(); ++i) {
Davide Pesavento5437aa22019-03-24 14:02:37 -0400[diff] [blame]325 BOOST_REQUIRE_EQUAL(this->outcomes[i].size(), this->names.size());
Junxiao Shi58b9e0f2021-03-18 15:54:07 -0600[diff] [blame]326
327 auto pktName = PktType::makeName(this->names[i], this->m_keyChain);
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]328 for (size_t j = 0; j < this->names.size(); ++j) {
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]329 bool expectedOutcome = this->outcomes[i][j];
330
Junxiao Shi58b9e0f2021-03-18 15:54:07 -0600[diff] [blame]331 auto klName = this->makeKeyLocatorKeyName(this->names[j]);
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400[diff] [blame^]332 this->template testChecker<PktType>(this->checker, tlv::SignatureSha256WithRsa, pktName, klName, expectedOutcome);
333 this->template testChecker<PktType>(this->checker, tlv::SignatureSha256WithEcdsa, pktName, klName, false);
334
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]335
Junxiao Shi58b9e0f2021-03-18 15:54:07 -0600[diff] [blame]336 klName = this->makeKeyLocatorCertName(this->names[j]);
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400[diff] [blame^]337 this->template testChecker<PktType>(this->checker, tlv::SignatureSha256WithRsa, pktName, klName, expectedOutcome);
338 this->template testChecker<PktType>(this->checker, tlv::SignatureSha256WithEcdsa, pktName, klName, false);
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]339 }
340 }
341}
342
343BOOST_AUTO_TEST_SUITE_END() // TestChecker
344BOOST_AUTO_TEST_SUITE_END() // ValidatorConfig
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]345BOOST_AUTO_TEST_SUITE_END() // Security
346
347} // namespace tests
348} // namespace validator_config
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]349} // inline namespace v2
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]350} // namespace security
351} // namespace ndn