Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 933a567c8ac839a5d97c0f56675ede33ab2fc5b6 / . / tests / unit / security / validation-policy-command-interest.t.cpp
blob: da6ced79a907517e9f9d712ae11a4ca64256e771 [file] [log] [blame]
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Junxiao Shi2bea5c42017-08-14 20:10:32 +0000[diff] [blame]2/*
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]3 * Copyright (c) 2013-2020 Regents of the University of California.
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]22#include "ndn-cxx/security/validation-policy-command-interest.hpp"
Davide Pesavento7e780642018-11-24 15:51:34 -0500[diff] [blame]23#include "ndn-cxx/security/command-interest-signer.hpp"
24#include "ndn-cxx/security/signing-helpers.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]25#include "ndn-cxx/security/validation-policy-accept-all.hpp"
26#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]27
Davide Pesavento7e780642018-11-24 15:51:34 -0500[diff] [blame]28#include "tests/boost-test.hpp"
29#include "tests/make-interest-data.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]30#include "tests/unit/security/validator-fixture.hpp"
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]31
32#include <boost/lexical_cast.hpp>
33#include <boost/mpl/vector.hpp>
34
35namespace ndn {
36namespace security {
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]37inline namespace v2 {
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]38namespace tests {
39
40using namespace ndn::tests;
41
42BOOST_AUTO_TEST_SUITE(Security)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]43
44class DefaultOptions
45{
46public:
47 static ValidationPolicyCommandInterest::Options
48 getOptions()
49 {
50 return {};
51 }
52};
53
54template<class T, class InnerPolicy>
55class CommandInterestPolicyWrapper : public ValidationPolicyCommandInterest
56{
57public:
58 CommandInterestPolicyWrapper()
59 : ValidationPolicyCommandInterest(make_unique<InnerPolicy>(), T::getOptions())
60 {
61 }
62};
63
64template<class T, class InnerPolicy = ValidationPolicySimpleHierarchy>
65class ValidationPolicyCommandInterestFixture : public HierarchicalValidatorFixture<CommandInterestPolicyWrapper<T, InnerPolicy>>
66{
67public:
68 ValidationPolicyCommandInterestFixture()
69 : m_signer(this->m_keyChain)
70 {
71 }
72
73 Interest
74 makeCommandInterest(const Identity& identity)
75 {
76 return m_signer.makeCommandInterest(Name(identity.getName()).append("CMD"),
77 signingByIdentity(identity));
78 }
79
80public:
81 CommandInterestSigner m_signer;
82};
83
84BOOST_FIXTURE_TEST_SUITE(TestValidationPolicyCommandInterest, ValidationPolicyCommandInterestFixture<DefaultOptions>)
85
86BOOST_AUTO_TEST_SUITE(Accepts)
87
88BOOST_AUTO_TEST_CASE(Basic)
89{
90 auto i1 = makeCommandInterest(identity);
91 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]92 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]93
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]94 advanceClocks(5_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]95 auto i2 = makeCommandInterest(identity);
96 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]97
98 auto i3 = m_signer.makeCommandInterest(Name(identity.getName()).append("CMD"), signingWithSha256());
99 VALIDATE_FAILURE(i3, "Should fail (Sha256 signature violates policy)");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]100}
101
102BOOST_AUTO_TEST_CASE(DataPassthru)
103{
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]104 Data d1("/Security/ValidatorFixture/Sub1");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]105 m_keyChain.sign(d1);
106 VALIDATE_SUCCESS(d1, "Should succeed (fallback on inner validation policy for data)");
107}
108
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]109using ValidationPolicyAcceptAllCommands = ValidationPolicyCommandInterestFixture<DefaultOptions,
110 ValidationPolicyAcceptAll>;
111
112BOOST_FIXTURE_TEST_CASE(SignedWithSha256, ValidationPolicyAcceptAllCommands) // Bug 4635
113{
114 auto i1 = m_signer.makeCommandInterest("/hello/world/CMD", signingWithSha256());
115 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
116 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
117
118 advanceClocks(5_ms);
119 auto i2 = m_signer.makeCommandInterest("/hello/world/CMD", signingWithSha256());
120 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
121}
122
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]123BOOST_AUTO_TEST_SUITE_END() // Accepts
124
125BOOST_AUTO_TEST_SUITE(Rejects)
126
127BOOST_AUTO_TEST_CASE(NameTooShort)
128{
129 auto i1 = makeInterest("/name/too/short");
130 VALIDATE_FAILURE(*i1, "Should fail (name is too short)");
131}
132
133BOOST_AUTO_TEST_CASE(BadTimestamp)
134{
135 auto i1 = makeCommandInterest(identity);
136 setNameComponent(i1, command_interest::POS_TIMESTAMP, "not-timestamp");
137 VALIDATE_FAILURE(i1, "Should fail (timestamp is missing)");
138}
139
140BOOST_AUTO_TEST_CASE(BadSigInfo)
141{
142 auto i1 = makeCommandInterest(identity);
143 setNameComponent(i1, command_interest::POS_SIG_INFO, "not-SignatureInfo");
144 VALIDATE_FAILURE(i1, "Should fail (signature info is missing)");
145}
146
147BOOST_AUTO_TEST_CASE(MissingKeyLocator)
148{
149 auto i1 = makeCommandInterest(identity);
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]150 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]151 setNameComponent(i1, command_interest::POS_SIG_INFO,
152 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
153 VALIDATE_FAILURE(i1, "Should fail (missing KeyLocator)");
154}
155
156BOOST_AUTO_TEST_CASE(BadKeyLocatorType)
157{
158 auto i1 = makeCommandInterest(identity);
159 KeyLocator kl;
160 kl.setKeyDigest(makeBinaryBlock(tlv::KeyDigest, "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD", 8));
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]161 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]162 sigInfo.setKeyLocator(kl);
163 setNameComponent(i1, command_interest::POS_SIG_INFO,
164 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
165 VALIDATE_FAILURE(i1, "Should fail (bad KeyLocator type)");
166}
167
168BOOST_AUTO_TEST_CASE(BadCertName)
169{
170 auto i1 = makeCommandInterest(identity);
171 KeyLocator kl;
172 kl.setName("/bad/cert/name");
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]173 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]174 sigInfo.setKeyLocator(kl);
175 setNameComponent(i1, command_interest::POS_SIG_INFO,
176 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
177 VALIDATE_FAILURE(i1, "Should fail (bad certificate name)");
178}
179
180BOOST_AUTO_TEST_CASE(InnerPolicyReject)
181{
182 auto i1 = makeCommandInterest(otherIdentity);
183 VALIDATE_FAILURE(i1, "Should fail (inner policy should reject)");
184}
185
186class GracePeriod15Sec
187{
188public:
189 static ValidationPolicyCommandInterest::Options
190 getOptions()
191 {
192 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]193 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]194 return options;
195 }
196};
197
198BOOST_FIXTURE_TEST_CASE(TimestampOutOfGracePositive, ValidationPolicyCommandInterestFixture<GracePeriod15Sec>)
199{
200 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]201 advanceClocks(16_s); // verifying at +16s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]202 VALIDATE_FAILURE(i1, "Should fail (timestamp outside the grace period)");
203 rewindClockAfterValidation();
204
205 auto i2 = makeCommandInterest(identity); // signed at +16s
206 VALIDATE_SUCCESS(i2, "Should succeed");
207}
208
209BOOST_FIXTURE_TEST_CASE(TimestampOutOfGraceNegative, ValidationPolicyCommandInterestFixture<GracePeriod15Sec>)
210{
211 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]212 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]213 auto i2 = makeCommandInterest(identity); // signed at +1s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]214 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]215 auto i3 = makeCommandInterest(identity); // signed at +2s
216
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]217 systemClock->advance(-18_s); // verifying at -16s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]218 VALIDATE_FAILURE(i1, "Should fail (timestamp outside the grace period)");
219 rewindClockAfterValidation();
220
221 // CommandInterestValidator should not remember i1's timestamp
222 VALIDATE_FAILURE(i2, "Should fail (timestamp outside the grace period)");
223 rewindClockAfterValidation();
224
225 // CommandInterestValidator should not remember i2's timestamp, and should treat i3 as initial
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]226 advanceClocks(18_s); // verifying at +2s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]227 VALIDATE_SUCCESS(i3, "Should succeed");
228}
229
230BOOST_AUTO_TEST_CASE(TimestampReorderEqual)
231{
232 auto i1 = makeCommandInterest(identity); // signed at 0s
233 VALIDATE_SUCCESS(i1, "Should succeed");
234
235 auto i2 = makeCommandInterest(identity); // signed at 0s
236 setNameComponent(i2, command_interest::POS_TIMESTAMP,
237 i1.getName()[command_interest::POS_TIMESTAMP]);
238 VALIDATE_FAILURE(i2, "Should fail (timestamp reordered)");
239
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]240 advanceClocks(2_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]241 auto i3 = makeCommandInterest(identity); // signed at +2s
242 VALIDATE_SUCCESS(i3, "Should succeed");
243}
244
245BOOST_AUTO_TEST_CASE(TimestampReorderNegative)
246{
247 auto i2 = makeCommandInterest(identity); // signed at 0ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]248 advanceClocks(200_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]249 auto i3 = makeCommandInterest(identity); // signed at +200ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]250 advanceClocks(900_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]251 auto i1 = makeCommandInterest(identity); // signed at +1100ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]252 advanceClocks(300_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]253 auto i4 = makeCommandInterest(identity); // signed at +1400ms
254
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]255 systemClock->advance(-300_ms); // verifying at +1100ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]256 VALIDATE_SUCCESS(i1, "Should succeed");
257 rewindClockAfterValidation();
258
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]259 systemClock->advance(-1100_ms); // verifying at 0ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]260 VALIDATE_FAILURE(i2, "Should fail (timestamp reordered)");
261 rewindClockAfterValidation();
262
263 // CommandInterestValidator should not remember i2's timestamp
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]264 advanceClocks(200_ms); // verifying at +200ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]265 VALIDATE_FAILURE(i3, "Should fail (timestamp reordered)");
266 rewindClockAfterValidation();
267
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]268 advanceClocks(1200_ms); // verifying at 1400ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]269 VALIDATE_SUCCESS(i4, "Should succeed");
270}
271
272BOOST_AUTO_TEST_SUITE_END() // Rejects
273
274BOOST_AUTO_TEST_SUITE(Options)
275
276template<class T>
277class GracePeriod
278{
279public:
280 static ValidationPolicyCommandInterest::Options
281 getOptions()
282 {
283 ValidationPolicyCommandInterest::Options options;
284 options.gracePeriod = time::seconds(T::value);
285 return options;
286 }
287};
288
289typedef boost::mpl::vector<
290 GracePeriod<boost::mpl::int_<0>>,
291 GracePeriod<boost::mpl::int_<-1>>
292> GraceNonPositiveValues;
293
294BOOST_FIXTURE_TEST_CASE_TEMPLATE(GraceNonPositive, GracePeriod, GraceNonPositiveValues,
295 ValidationPolicyCommandInterestFixture<GracePeriod>)
296{
297 auto i1 = this->makeCommandInterest(this->identity); // signed at 0ms
298 auto i2 = this->makeCommandInterest(this->subIdentity); // signed at 0ms
299 for (auto interest : {&i1, &i2}) {
300 setNameComponent(*interest, command_interest::POS_TIMESTAMP,
301 name::Component::fromNumber(time::toUnixTimestamp(time::system_clock::now()).count()));
302 } // ensure timestamps are exactly 0ms
303
304 VALIDATE_SUCCESS(i1, "Should succeed when validating at 0ms");
305 this->rewindClockAfterValidation();
306
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]307 this->advanceClocks(1_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]308 VALIDATE_FAILURE(i2, "Should fail when validating at 1ms");
309}
310
311class LimitedRecordsOptions
312{
313public:
314 static ValidationPolicyCommandInterest::Options
315 getOptions()
316 {
317 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]318 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]319 options.maxRecords = 3;
320 return options;
321 }
322};
323
324BOOST_FIXTURE_TEST_CASE(LimitedRecords, ValidationPolicyCommandInterestFixture<LimitedRecordsOptions>)
325{
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]326 Identity id1 = this->addSubCertificate("/Security/ValidatorFixture/Sub1", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]327 this->cache.insert(id1.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]328 Identity id2 = this->addSubCertificate("/Security/ValidatorFixture/Sub2", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]329 this->cache.insert(id2.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]330 Identity id3 = this->addSubCertificate("/Security/ValidatorFixture/Sub3", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]331 this->cache.insert(id3.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]332 Identity id4 = this->addSubCertificate("/Security/ValidatorFixture/Sub4", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]333 this->cache.insert(id4.getDefaultKey().getDefaultCertificate());
334
335 auto i1 = makeCommandInterest(id2);
336 auto i2 = makeCommandInterest(id3);
337 auto i3 = makeCommandInterest(id4);
338 auto i00 = makeCommandInterest(id1); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]339 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]340 auto i01 = makeCommandInterest(id1); // signed at 1s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]341 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]342 auto i02 = makeCommandInterest(id1); // signed at 2s
343
344 VALIDATE_SUCCESS(i00, "Should succeed");
345 rewindClockAfterValidation();
346
347 VALIDATE_SUCCESS(i02, "Should succeed");
348 rewindClockAfterValidation();
349
350 VALIDATE_SUCCESS(i1, "Should succeed");
351 rewindClockAfterValidation();
352
353 VALIDATE_SUCCESS(i2, "Should succeed");
354 rewindClockAfterValidation();
355
356 VALIDATE_SUCCESS(i3, "Should succeed, forgets identity id1");
357 rewindClockAfterValidation();
358
359 VALIDATE_SUCCESS(i01, "Should succeed despite timestamp is reordered, because record has been evicted");
360}
361
362class UnlimitedRecordsOptions
363{
364public:
365 static ValidationPolicyCommandInterest::Options
366 getOptions()
367 {
368 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]369 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]370 options.maxRecords = -1;
371 return options;
372 }
373};
374
375BOOST_FIXTURE_TEST_CASE(UnlimitedRecords, ValidationPolicyCommandInterestFixture<UnlimitedRecordsOptions>)
376{
377 std::vector<Identity> identities;
378 for (int i = 0; i < 20; ++i) {
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]379 Identity id = this->addSubCertificate("/Security/ValidatorFixture/Sub" + to_string(i), identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]380 this->cache.insert(id.getDefaultKey().getDefaultCertificate());
381 identities.push_back(id);
382 }
383
384 auto i1 = makeCommandInterest(identities.at(0)); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]385 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]386 for (int i = 0; i < 20; ++i) {
387 auto i2 = makeCommandInterest(identities.at(i)); // signed at +1s
388
389 VALIDATE_SUCCESS(i2, "Should succeed");
390 rewindClockAfterValidation();
391 }
392 VALIDATE_FAILURE(i1, "Should fail (timestamp reorder)");
393}
394
395class ZeroRecordsOptions
396{
397public:
398 static ValidationPolicyCommandInterest::Options
399 getOptions()
400 {
401 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]402 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]403 options.maxRecords = 0;
404 return options;
405 }
406};
407
408BOOST_FIXTURE_TEST_CASE(ZeroRecords, ValidationPolicyCommandInterestFixture<ZeroRecordsOptions>)
409{
410 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]411 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]412 auto i2 = makeCommandInterest(identity); // signed at +1s
413 VALIDATE_SUCCESS(i2, "Should succeed");
414 rewindClockAfterValidation();
415
416 VALIDATE_SUCCESS(i1, "Should succeed despite timestamp is reordered, because record isn't kept");
417}
418
419class LimitedRecordLifetimeOptions
420{
421public:
422 static ValidationPolicyCommandInterest::Options
423 getOptions()
424 {
425 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]426 options.gracePeriod = 400_s;
427 options.recordLifetime = 300_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]428 return options;
429 }
430};
431
432BOOST_FIXTURE_TEST_CASE(LimitedRecordLifetime, ValidationPolicyCommandInterestFixture<LimitedRecordLifetimeOptions>)
433{
434 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]435 advanceClocks(240_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]436 auto i2 = makeCommandInterest(identity); // signed at +240s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]437 advanceClocks(120_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]438 auto i3 = makeCommandInterest(identity); // signed at +360s
439
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]440 systemClock->advance(-360_s); // rewind system clock to 0s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]441 VALIDATE_SUCCESS(i1, "Should succeed");
442 rewindClockAfterValidation();
443
444 VALIDATE_SUCCESS(i3, "Should succeed");
445 rewindClockAfterValidation();
446
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]447 advanceClocks(30_s, 301_s); // advance steady clock by 301s, and system clock to +301s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]448 VALIDATE_SUCCESS(i2, "Should succeed despite timestamp is reordered, because record has been expired");
449}
450
451class ZeroRecordLifetimeOptions
452{
453public:
454 static ValidationPolicyCommandInterest::Options
455 getOptions()
456 {
457 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]458 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]459 options.recordLifetime = time::seconds::zero();
460 return options;
461 }
462};
463
464BOOST_FIXTURE_TEST_CASE(ZeroRecordLifetime, ValidationPolicyCommandInterestFixture<ZeroRecordLifetimeOptions>)
465{
466 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]467 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]468 auto i2 = makeCommandInterest(identity); // signed at +1s
469 VALIDATE_SUCCESS(i2, "Should succeed");
470 rewindClockAfterValidation();
471
472 VALIDATE_SUCCESS(i1, "Should succeed despite timestamp is reordered, because record has been expired");
473}
474
475BOOST_AUTO_TEST_SUITE_END() // Options
476
477BOOST_AUTO_TEST_SUITE_END() // TestValidationPolicyCommandInterest
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]478BOOST_AUTO_TEST_SUITE_END() // Security
479
480} // namespace tests
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]481} // inline namespace v2
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]482} // namespace security
483} // namespace ndn