Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
| 2 | /* |
Junxiao Shi | 58b9e0f | 2021-03-18 15:54:07 -0600 | [diff] [blame] | 3 | * Copyright (c) 2013-2021 Regents of the University of California. |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
| 6 | * |
| 7 | * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| 8 | * terms of the GNU Lesser General Public License as published by the Free Software |
| 9 | * Foundation, either version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License and GNU Lesser |
| 16 | * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| 17 | * <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
| 20 | */ |
| 21 | |
Alexander Afanasyev | 09236c2 | 2020-06-03 13:42:38 -0400 | [diff] [blame] | 22 | #include "ndn-cxx/security/validator-config/rule.hpp" |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 23 | |
Davide Pesavento | 7e78064 | 2018-11-24 15:51:34 -0500 | [diff] [blame] | 24 | #include "tests/boost-test.hpp" |
Alexander Afanasyev | 09236c2 | 2020-06-03 13:42:38 -0400 | [diff] [blame] | 25 | #include "tests/unit/security/validator-fixture.hpp" |
| 26 | #include "tests/unit/security/validator-config/common.hpp" |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 27 | |
| 28 | #include <boost/mpl/vector_c.hpp> |
| 29 | |
| 30 | namespace ndn { |
| 31 | namespace security { |
Alexander Afanasyev | 09236c2 | 2020-06-03 13:42:38 -0400 | [diff] [blame] | 32 | inline namespace v2 { |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 33 | namespace validator_config { |
| 34 | namespace tests { |
| 35 | |
| 36 | using namespace ndn::tests; |
| 37 | using namespace ndn::security::v2::tests; |
| 38 | |
| 39 | BOOST_AUTO_TEST_SUITE(Security) |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 40 | BOOST_AUTO_TEST_SUITE(ValidatorConfig) |
| 41 | |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 42 | template<class Packet> |
Davide Pesavento | 4c1ad4c | 2020-11-16 21:12:02 -0500 | [diff] [blame] | 43 | class RuleFixture : public KeyChainFixture |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 44 | { |
| 45 | public: |
| 46 | RuleFixture() |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 47 | : rule(ruleId, Packet::getType()) |
| 48 | , pktName(Packet::makeName("/foo/bar", m_keyChain)) |
| 49 | , state(Packet::makeState()) |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 50 | { |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 51 | } |
| 52 | |
| 53 | public: |
| 54 | const std::string ruleId = "rule-id"; |
| 55 | Rule rule; |
| 56 | Name pktName; |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 57 | shared_ptr<ValidationState> state; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 58 | }; |
| 59 | |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 60 | using PktTypes = boost::mpl::vector<DataPkt, InterestV02Pkt, InterestV03Pkt>; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 61 | |
| 62 | BOOST_AUTO_TEST_SUITE(TestRule) |
| 63 | |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 64 | BOOST_FIXTURE_TEST_CASE(Errors, RuleFixture<DataPkt>) |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 65 | { |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 66 | BOOST_CHECK_THROW(rule.match(tlv::Interest, this->pktName, state), Error); |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame^] | 67 | BOOST_CHECK_THROW(rule.check(tlv::Interest, tlv::SignatureSha256WithRsa, |
| 68 | this->pktName, "/foo/bar", state), Error); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 69 | } |
| 70 | |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 71 | BOOST_FIXTURE_TEST_CASE_TEMPLATE(Constructor, PktType, PktTypes, RuleFixture<PktType>) |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 72 | { |
| 73 | BOOST_CHECK_EQUAL(this->rule.getId(), this->ruleId); |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 74 | BOOST_CHECK_EQUAL(this->rule.getPktType(), PktType::getType()); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 75 | } |
| 76 | |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 77 | BOOST_FIXTURE_TEST_CASE_TEMPLATE(EmptyRule, PktType, PktTypes, RuleFixture<PktType>) |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 78 | { |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 79 | BOOST_CHECK_EQUAL(this->rule.match(PktType::getType(), this->pktName, this->state), true); |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame^] | 80 | BOOST_CHECK_EQUAL(this->rule.check(PktType::getType(), tlv::SignatureSha256WithRsa, |
| 81 | this->pktName, "/foo/bar", this->state), false); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 82 | } |
| 83 | |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 84 | BOOST_FIXTURE_TEST_CASE_TEMPLATE(Filters, PktType, PktTypes, RuleFixture<PktType>) |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 85 | { |
| 86 | this->rule.addFilter(make_unique<RegexNameFilter>(Regex("^<foo><bar>$"))); |
| 87 | |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 88 | BOOST_CHECK_EQUAL(this->rule.match(PktType::getType(), this->pktName, this->state), true); |
| 89 | BOOST_CHECK_EQUAL(this->rule.match(PktType::getType(), "/not" + this->pktName.toUri(), this->state), false); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 90 | |
| 91 | this->rule.addFilter(make_unique<RegexNameFilter>(Regex("^<not><foo><bar>$"))); |
| 92 | |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 93 | BOOST_CHECK_EQUAL(this->rule.match(PktType::getType(), this->pktName, this->state), true); |
| 94 | BOOST_CHECK_EQUAL(this->rule.match(PktType::getType(), "/not" + this->pktName.toUri(), this->state), true); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 95 | |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame^] | 96 | BOOST_CHECK_EQUAL(this->rule.check(PktType::getType(), tlv::SignatureSha256WithRsa, |
| 97 | this->pktName, "/foo/bar", this->state), false); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 98 | } |
| 99 | |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 100 | BOOST_FIXTURE_TEST_CASE_TEMPLATE(Checkers, PktType, PktTypes, RuleFixture<PktType>) |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 101 | { |
Junxiao Shi | 58b9e0f | 2021-03-18 15:54:07 -0600 | [diff] [blame] | 102 | auto testChecker = [this] (const Name& klName, bool expectedOutcome) { |
| 103 | BOOST_TEST_CONTEXT(klName << " expected=" << expectedOutcome) { |
| 104 | this->state = PktType::makeState(); // reset state |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame^] | 105 | BOOST_CHECK_EQUAL(this->rule.check(PktType::getType(), tlv::SignatureSha256WithRsa, |
| 106 | this->pktName, klName, this->state), |
Junxiao Shi | 58b9e0f | 2021-03-18 15:54:07 -0600 | [diff] [blame] | 107 | expectedOutcome); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 108 | |
Junxiao Shi | 58b9e0f | 2021-03-18 15:54:07 -0600 | [diff] [blame] | 109 | auto outcome = this->state->getOutcome(); |
| 110 | if (expectedOutcome) { |
| 111 | BOOST_CHECK(boost::logic::indeterminate(outcome)); |
| 112 | } |
| 113 | else { |
| 114 | BOOST_CHECK(!boost::logic::indeterminate(outcome)); |
| 115 | BOOST_CHECK(!bool(outcome)); |
| 116 | } |
| 117 | } |
| 118 | }; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 119 | |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame^] | 120 | this->rule.addChecker(make_unique<HyperRelationChecker>(tlv::SignatureSha256WithRsa, |
| 121 | "^(<>+)$", "\\1", |
Junxiao Shi | 58b9e0f | 2021-03-18 15:54:07 -0600 | [diff] [blame] | 122 | "^<always>(<>+)$", "\\1", |
| 123 | NameRelation::EQUAL)); |
| 124 | testChecker("/always/foo/bar", true); |
| 125 | testChecker("/seldomly/foo/bar", false); |
| 126 | testChecker("/never/foo/bar", false); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 127 | |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame^] | 128 | this->rule.addChecker(make_unique<HyperRelationChecker>(tlv::SignatureSha256WithRsa, |
| 129 | "^(<>+)$", "\\1", |
Junxiao Shi | 58b9e0f | 2021-03-18 15:54:07 -0600 | [diff] [blame] | 130 | "^<seldomly>(<>+)$", "\\1", |
| 131 | NameRelation::EQUAL)); |
| 132 | testChecker("/always/foo/bar", true); |
| 133 | testChecker("/seldomly/foo/bar", true); |
| 134 | testChecker("/never/foo/bar", false); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 135 | } |
| 136 | |
| 137 | BOOST_AUTO_TEST_SUITE(Create) |
| 138 | |
| 139 | BOOST_AUTO_TEST_CASE(Errors) |
| 140 | { |
| 141 | BOOST_CHECK_THROW(Rule::create(makeSection(""), "test-config"), Error); |
| 142 | |
| 143 | std::string config = R"CONF( |
| 144 | id rule-id |
| 145 | for something |
| 146 | )CONF"; |
| 147 | BOOST_CHECK_THROW(Rule::create(makeSection(config), "test-config"), Error); |
| 148 | |
| 149 | config = R"CONF( |
| 150 | id rule-id |
| 151 | for data |
| 152 | )CONF"; |
| 153 | BOOST_CHECK_THROW(Rule::create(makeSection(config), "test-config"), Error); // at least one checker required |
| 154 | |
| 155 | config = R"CONF( |
| 156 | id rule-id |
| 157 | for data |
| 158 | checker |
| 159 | { |
| 160 | type hierarchical |
| 161 | sig-type rsa-sha256 |
| 162 | } |
| 163 | other stuff |
| 164 | )CONF"; |
| 165 | BOOST_CHECK_THROW(Rule::create(makeSection(config), "test-config"), Error); |
| 166 | } |
| 167 | |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 168 | BOOST_FIXTURE_TEST_CASE_TEMPLATE(FilterAndChecker, PktType, PktTypes, RuleFixture<PktType>) |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 169 | { |
Davide Pesavento | db4da5e | 2018-06-15 11:37:52 -0400 | [diff] [blame] | 170 | std::string config = R"CONF( |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 171 | id rule-id |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 172 | for )CONF" + (PktType::getType() == tlv::Data ? "data"s : "interest"s) + R"CONF( |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 173 | filter |
| 174 | { |
| 175 | type name |
| 176 | regex ^<foo><bar>$ |
| 177 | } |
| 178 | checker |
| 179 | { |
| 180 | type customized |
| 181 | sig-type rsa-sha256 |
| 182 | key-locator |
| 183 | { |
| 184 | type name |
| 185 | hyper-relation |
| 186 | { |
| 187 | k-regex ^(<>+)$ |
| 188 | k-expand \\1 |
| 189 | h-relation equal |
| 190 | p-regex ^(<>+)$ |
| 191 | p-expand \\1 |
| 192 | } |
| 193 | } |
| 194 | } |
| 195 | )CONF"; |
| 196 | auto rule = Rule::create(makeSection(config), "test-config"); |
| 197 | |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame^] | 198 | BOOST_CHECK(rule->match(PktType::getType(), this->pktName, this->state)); |
| 199 | BOOST_CHECK(!rule->match(PktType::getType(), "/not" + this->pktName.toUri(), this->state)); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 200 | |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame^] | 201 | BOOST_CHECK(rule->check(PktType::getType(), tlv::SignatureSha256WithRsa, this->pktName, "/foo/bar", this->state)); |
| 202 | BOOST_CHECK(!rule->check(PktType::getType(), tlv::SignatureSha256WithEcdsa, this->pktName, "/foo/bar", this->state)); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 203 | |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 204 | this->state = PktType::makeState(); // reset state |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame^] | 205 | BOOST_CHECK(!rule->check(PktType::getType(), tlv::SignatureSha256WithRsa, this->pktName, "/not/foo/bar", this->state)); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 206 | } |
| 207 | |
| 208 | BOOST_AUTO_TEST_SUITE_END() // Create |
| 209 | |
| 210 | BOOST_AUTO_TEST_SUITE_END() // TestRule |
| 211 | BOOST_AUTO_TEST_SUITE_END() // ValidatorConfig |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 212 | BOOST_AUTO_TEST_SUITE_END() // Security |
| 213 | |
| 214 | } // namespace tests |
| 215 | } // namespace validator_config |
Alexander Afanasyev | 09236c2 | 2020-06-03 13:42:38 -0400 | [diff] [blame] | 216 | } // inline namespace v2 |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 217 | } // namespace security |
| 218 | } // namespace ndn |