Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 1b0311ce9ab0fd9248bf26fae7020de5cca87d86 / . / tests / unit-tests / security / validator-config.t.cpp
blob: 63eee7437a238de78527e787b84734c80fb83d32 [file] [log] [blame]
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Alexander Afanasyevaf99f462015-01-19 21:43:09 -0800[diff] [blame]3 * Copyright (c) 2013-2015 Regents of the University of California.
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#include "security/validator-config.hpp"
23
24#include "security/key-chain.hpp"
25#include "util/io.hpp"
26#include "util/scheduler.hpp"
27#include "util/dummy-client-face.hpp"
28
29#include <boost/asio.hpp>
30
31#include "identity-management-fixture.hpp"
32#include "../identity-management-time-fixture.hpp"
33#include "boost-test.hpp"
34
35using namespace std;
36
37namespace ndn {
38namespace tests {
39
Spyridon Mastorakis429634f2015-02-19 17:35:33 -0800[diff] [blame]40BOOST_AUTO_TEST_SUITE(SecurityValidatorConfig)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]41
42BOOST_FIXTURE_TEST_CASE(NameFilter, security::IdentityManagementFixture)
43{
44 Name identity("/TestValidatorConfig/NameFilter");
45 identity.appendVersion();
46 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
47 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
48 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
49 io::save(*idCert, "trust-anchor-1.cert");
50
51 Name dataName1("/simple/equal");
52 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]53 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
54 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
55 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]56
57 Name dataName2("/simple/different");
58 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]59 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
60 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
61 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]62
63 std::string CONFIG_1 =
64 "rule\n"
65 "{\n"
66 " id \"Simple Rule\"\n"
67 " for data\n"
68 " filter"
69 " {\n"
70 " type name\n"
71 " name /simple/equal\n"
72 " relation equal\n"
73 " }\n"
74 " checker\n"
75 " {\n"
76 " type customized\n"
77 " sig-type rsa-sha256\n"
78 " key-locator\n"
79 " {\n"
80 " type name\n"
81 " name ";
82
83 std::string CONFIG_2 =
84 "\n"
85 " relation equal\n"
86 " }\n"
87 " }\n"
88 "}\n"
89 "trust-anchor\n"
90 "{\n"
91 " type file\n"
92 " file-name \"trust-anchor-1.cert\"\n"
93 "}\n";
94 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
95
96 const boost::filesystem::path CONFIG_PATH =
97 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
98
99
100 Face face;
101 ValidatorConfig validator(face);
102 validator.load(CONFIG, CONFIG_PATH.native());
103
104 validator.validate(*data1,
105 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
106 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
107
108 validator.validate(*data2,
109 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
110 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
111
112 const boost::filesystem::path CERT_PATH =
113 (boost::filesystem::current_path() / std::string("trust-anchor-1.cert"));
114 boost::filesystem::remove(CERT_PATH);
115}
116
117BOOST_FIXTURE_TEST_CASE(NameFilter2, security::IdentityManagementFixture)
118{
119 Name identity("/TestValidatorConfig/NameFilter2");
120 identity.appendVersion();
121 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
122 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
123 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
124 io::save(*idCert, "trust-anchor-2.cert");
125
126 Name dataName1("/simple/isPrefixOf");
127 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]128 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
129 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
130 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]131
132 Name dataName2("/simple/notPrefixOf");
133 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]134 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
135 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
136 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]137
138 Name dataName3("/simple/isPrefixOf/anotherLevel");
139 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]140 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
141 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
142 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]143
144 std::string CONFIG_1 =
145 "rule\n"
146 "{\n"
147 " id \"Simple2 Rule\"\n"
148 " for data\n"
149 " filter"
150 " {\n"
151 " type name\n"
152 " name /simple/isPrefixOf\n"
153 " relation is-prefix-of\n"
154 " }\n"
155 " checker\n"
156 " {\n"
157 " type customized\n"
158 " sig-type rsa-sha256\n"
159 " key-locator\n"
160 " {\n"
161 " type name\n"
162 " name ";
163
164 std::string CONFIG_2 =
165 "\n"
166 " relation equal\n"
167 " }\n"
168 " }\n"
169 "}\n"
170 "trust-anchor\n"
171 "{\n"
172 " type file\n"
173 " file-name \"trust-anchor-2.cert\"\n"
174 "}\n";
175 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
176
177 const boost::filesystem::path CONFIG_PATH =
178 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
179
180
181 Face face;
182 ValidatorConfig validator(face);
183 validator.load(CONFIG, CONFIG_PATH.native());
184
185 validator.validate(*data1,
186 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
187 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
188
189 validator.validate(*data2,
190 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
191 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
192
193 validator.validate(*data3,
194 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
195 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
196
197 const boost::filesystem::path CERT_PATH =
198 (boost::filesystem::current_path() / std::string("trust-anchor-2.cert"));
199 boost::filesystem::remove(CERT_PATH);
200}
201
202BOOST_FIXTURE_TEST_CASE(NameFilter3, security::IdentityManagementFixture)
203{
204 Name identity("/TestValidatorConfig/NameFilter3");
205 identity.appendVersion();
206 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
207 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
208 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
209 io::save(*idCert, "trust-anchor-3.cert");
210
211 Name dataName1("/simple/isStrictPrefixOf");
212 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]213 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
214 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
215 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]216
217 Name dataName2("/simple");
218 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]219 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
220 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
221 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]222
223 Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
224 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]225 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
226 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
227 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]228
229 std::string CONFIG_1 =
230 "rule\n"
231 "{\n"
232 " id \"Simple3 Rule\"\n"
233 " for data\n"
234 " filter"
235 " {\n"
236 " type name\n"
237 " name /simple/isStrictPrefixOf\n"
238 " relation is-strict-prefix-of\n"
239 " }\n"
240 " checker\n"
241 " {\n"
242 " type customized\n"
243 " sig-type rsa-sha256\n"
244 " key-locator\n"
245 " {\n"
246 " type name\n"
247 " name ";
248
249 std::string CONFIG_2 =
250 "\n"
251 " relation equal\n"
252 " }\n"
253 " }\n"
254 "}\n"
255 "trust-anchor\n"
256 "{\n"
257 " type file\n"
258 " file-name \"trust-anchor-3.cert\"\n"
259 "}\n";
260 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
261
262 const boost::filesystem::path CONFIG_PATH =
263 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
264
265
266 Face face;
267 ValidatorConfig validator(face);
268 validator.load(CONFIG, CONFIG_PATH.native());
269
270 validator.validate(*data1,
271 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
272 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
273
274 validator.validate(*data2,
275 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
276 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
277
278 validator.validate(*data3,
279 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
280 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
281
282 const boost::filesystem::path CERT_PATH =
283 (boost::filesystem::current_path() / std::string("trust-anchor-3.cert"));
284 boost::filesystem::remove(CERT_PATH);
285}
286
287BOOST_FIXTURE_TEST_CASE(NameFilter4, security::IdentityManagementFixture)
288{
289 Name identity("/TestValidatorConfig/NameFilter4");
290 identity.appendVersion();
291 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
292 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
293 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
294 io::save(*idCert, "trust-anchor-4.cert");
295
296 Name dataName1("/simple/regex");
297 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]298 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
299 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
300 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]301
302 Name dataName2("/simple/regex-wrong");
303 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]304 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
305 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
306 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]307
308 Name dataName3("/simple/regex/correct");
309 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]310 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
311 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
312 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]313
314 std::string CONFIG_1 =
315 "rule\n"
316 "{\n"
317 " id \"Simple3 Rule\"\n"
318 " for data\n"
319 " filter"
320 " {\n"
321 " type name\n"
322 " regex ^<simple><regex>\n"
323 " }\n"
324 " checker\n"
325 " {\n"
326 " type customized\n"
327 " sig-type rsa-sha256\n"
328 " key-locator\n"
329 " {\n"
330 " type name\n"
331 " name ";
332
333 std::string CONFIG_2 =
334 "\n"
335 " relation equal\n"
336 " }\n"
337 " }\n"
338 "}\n"
339 "trust-anchor\n"
340 "{\n"
341 " type file\n"
342 " file-name \"trust-anchor-4.cert\"\n"
343 "}\n";
344 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
345
346 const boost::filesystem::path CONFIG_PATH =
347 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
348
349
350 Face face;
351 ValidatorConfig validator(face);
352 validator.load(CONFIG, CONFIG_PATH.native());
353
354 validator.validate(*data1,
355 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
356 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
357
358 validator.validate(*data2,
359 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
360 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
361
362 validator.validate(*data3,
363 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
364 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
365
366 const boost::filesystem::path CERT_PATH =
367 (boost::filesystem::current_path() / std::string("trust-anchor-4.cert"));
368 boost::filesystem::remove(CERT_PATH);
369}
370
371BOOST_FIXTURE_TEST_CASE(KeyLocatorNameChecker1, security::IdentityManagementFixture)
372{
373 Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
374 identity.appendVersion();
375 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
376 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
377 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
378 io::save(*idCert, "trust-anchor-5.cert");
379
380 Name dataName1 = identity;
381 dataName1.append("1");
382 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]383 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
384 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
385 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]386
387 Name dataName2 = identity;
388 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]389 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
390 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
391 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]392
393 Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
394 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]395 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
396 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
397 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]398
399 const std::string CONFIG =
400 "rule\n"
401 "{\n"
402 " id \"Simple3 Rule\"\n"
403 " for data\n"
404 " checker\n"
405 " {\n"
406 " type customized\n"
407 " sig-type rsa-sha256\n"
408 " key-locator\n"
409 " {\n"
410 " type name\n"
411 " hyper-relation\n"
412 " {\n"
413 " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
414 " k-expand \\\\1\\\\2\n"
415 " h-relation is-strict-prefix-of\n"
416 " p-regex ^(<>*)$\n"
417 " p-expand \\\\1\n"
418 " }\n"
419 " }\n"
420 " }\n"
421 "}\n"
422 "trust-anchor\n"
423 "{\n"
424 " type file\n"
425 " file-name \"trust-anchor-5.cert\"\n"
426 "}\n";
427 const boost::filesystem::path CONFIG_PATH =
428 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
429
430
431 Face face;
432 ValidatorConfig validator(face);
433 validator.load(CONFIG, CONFIG_PATH.native());
434
435 validator.validate(*data1,
436 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
437 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
438
439 validator.validate(*data2,
440 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
441 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
442
443 validator.validate(*data3,
444 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
445 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
446
447 const boost::filesystem::path CERT_PATH =
448 (boost::filesystem::current_path() / std::string("trust-anchor-5.cert"));
449 boost::filesystem::remove(CERT_PATH);
450}
451
452BOOST_FIXTURE_TEST_CASE(FixedSignerChecker, security::IdentityManagementFixture)
453{
454 Name identity("/TestValidatorConfig/FixedSignerChecker");
455
456 Name identity1 = identity;
457 identity1.append("1").appendVersion();
458 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
459 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
460 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
461 io::save(*idCert1, "trust-anchor-7.cert");
462
463 Name identity2 = identity;
464 identity2.append("2").appendVersion();
465 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
466
467 Name dataName1 = identity;
468 dataName1.append("data").appendVersion();
469 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]470 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
471 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
472 identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]473
474 Name dataName2 = identity;
475 dataName2.append("data").appendVersion();
476 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]477 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
478 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
479 identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]480
481 Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
482 shared_ptr<Interest> interest = make_shared<Interest>(interestName);
483
484 const std::string CONFIG =
485 "rule\n"
486 "{\n"
487 " id \"FixedSignerChecker Data Rule\"\n"
488 " for data\n"
489 " filter"
490 " {\n"
491 " type name\n"
492 " name /TestValidatorConfig/FixedSignerChecker\n"
493 " relation is-strict-prefix-of\n"
494 " }\n"
495 " checker\n"
496 " {\n"
497 " type fixed-signer\n"
498 " sig-type rsa-sha256\n"
499 " signer\n"
500 " {\n"
501 " type file\n"
502 " file-name \"trust-anchor-7.cert\"\n"
503 " }\n"
504 " }\n"
505 "}\n"
506 "rule\n"
507 "{\n"
508 " id \"FixedSignerChecker Interest Rule\"\n"
509 " for interest\n"
510 " filter"
511 " {\n"
512 " type name\n"
513 " name /TestValidatorConfig/FixedSignerChecker\n"
514 " relation is-strict-prefix-of\n"
515 " }\n"
516 " checker\n"
517 " {\n"
518 " type fixed-signer\n"
519 " sig-type rsa-sha256\n"
520 " signer\n"
521 " {\n"
522 " type file\n"
523 " file-name \"trust-anchor-7.cert\"\n"
524 " }\n"
525 " }\n"
526 "}\n";
527 const boost::filesystem::path CONFIG_PATH =
528 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
529
530
531 Face face;
532 ValidatorConfig validator(face);
533 validator.load(CONFIG, CONFIG_PATH.native());
534
535 validator.validate(*data1,
536 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
537 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
538
539 validator.validate(*data2,
540 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
541 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
542
543 validator.validate(*interest,
544 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
545 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
546
547 const boost::filesystem::path CERT_PATH =
548 (boost::filesystem::current_path() / std::string("trust-anchor-7.cert"));
549 boost::filesystem::remove(CERT_PATH);
550}
551
552BOOST_FIXTURE_TEST_CASE(Reset, security::IdentityManagementFixture)
553{
554 Name root("/TestValidatorConfig/Reload");
555 BOOST_REQUIRE_NO_THROW(addIdentity(root));
556 Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
557 shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
558 io::save(*rootCert, "trust-anchor-8.cert");
559
560 Face face;
561
562 const std::string CONFIG =
563 "rule\n"
564 "{\n"
565 " id \"NRD Prefix Registration Command Rule\"\n"
566 " for interest\n"
567 " filter\n"
568 " {\n"
569 " type name\n"
570 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
571 " }\n"
572 " checker\n"
573 " {\n"
574 " type customized\n"
575 " sig-type rsa-sha256\n"
576 " key-locator\n"
577 " {\n"
578 " type name\n"
579 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
580 " }\n"
581 " }\n"
582 "}\n"
583 "rule\n"
584 "{\n"
585 " id \"Testbed Hierarchy Rule\"\n"
586 " for data\n"
587 " filter\n"
588 " {\n"
589 " type name\n"
590 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
591 " }\n"
592 " checker\n"
593 " {\n"
594 " type hierarchical\n"
595 " sig-type rsa-sha256\n"
596 " }\n"
597 "}\n"
598 "trust-anchor\n"
599 "{\n"
600 " type file\n"
601 " file-name \"trust-anchor-8.cert\"\n"
602 "}\n";
603 const boost::filesystem::path CONFIG_PATH =
604 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
605
606
607 shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
608
609 validator->load(CONFIG, CONFIG_PATH.native());
610 BOOST_CHECK_EQUAL(validator->isEmpty(), false);
611
612 validator->reset();
613 BOOST_CHECK(validator->isEmpty());
614
615 const boost::filesystem::path CERT_PATH =
616 (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
617 boost::filesystem::remove(CERT_PATH);
618}
619
620BOOST_FIXTURE_TEST_CASE(TrustAnchorWildcard, security::IdentityManagementFixture)
621{
622 Name identity("/TestValidatorConfig/Wildcard");
623 identity.appendVersion();
624 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
625
626 Name dataName1("/any/data");
627 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]628 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
629 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
630 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]631
632 std::string CONFIG =
633 "trust-anchor\n"
634 "{\n"
635 " type any\n"
636 "}\n";
637
638 const boost::filesystem::path CONFIG_PATH =
639 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
640
641
642 Face face;
643 ValidatorConfig validator(face);
644 validator.load(CONFIG, CONFIG_PATH.native());
645
646 validator.validate(*data1,
647 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
648 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
649}
650
651BOOST_FIXTURE_TEST_CASE(SignedInterestTest, security::IdentityManagementFixture)
652{
653 Name identity("/TestValidatorConfig/SignedInterestTest");
654
655 Name identity1 = identity;
656 identity1.appendVersion();
657 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
658 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
659 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
660 io::save(*idCert1, "trust-anchor-9.cert");
661
662 Name interestName("/TestValidatorConfig/SignedInterestTest");
663 Name interestName1 = interestName;
664 interestName1.append("1");
665 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
666 Name interestName2 = interestName;
667 interestName2.append("2");
668 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
669
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]670 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
671 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
672 identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]673 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]674 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
675 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
676 identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]677
678 const std::string CONFIG =
679 "rule\n"
680 "{\n"
681 " id \"FixedSignerChecker Interest Rule\"\n"
682 " for interest\n"
683 " filter"
684 " {\n"
685 " type name\n"
686 " name /TestValidatorConfig/SignedInterestTest\n"
687 " relation is-strict-prefix-of\n"
688 " }\n"
689 " checker\n"
690 " {\n"
691 " type fixed-signer\n"
692 " sig-type rsa-sha256\n"
693 " signer\n"
694 " {\n"
695 " type file\n"
696 " file-name \"trust-anchor-9.cert\"\n"
697 " }\n"
698 " }\n"
699 "}\n";
700 const boost::filesystem::path CONFIG_PATH =
701 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
702
703
704 Face face;
705 ValidatorConfig validator(face);
706 validator.load(CONFIG, CONFIG_PATH.native());
707
708 validator.validate(*interest1,
709 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
710 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
711
712 validator.validate(*interest2,
713 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
714 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
715
716 validator.validate(*interest1,
717 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
718 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
719
720 const boost::filesystem::path CERT_PATH =
721 (boost::filesystem::current_path() / std::string("trust-anchor-9.cert"));
722 boost::filesystem::remove(CERT_PATH);
723}
724
725
726BOOST_FIXTURE_TEST_CASE(MaxKeyTest, security::IdentityManagementFixture)
727{
728 Name identity("/TestValidatorConfig/MaxKeyTest");
729
730 Name identity1 = identity;
731 identity1.append("Key1");
732 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
733 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
734 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
735 io::save(*idCert1, "trust-anchor-10-1.cert");
736
737 Name identity2 = identity;
738 identity2.append("Key2");
739 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
740 Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
741 shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
742 io::save(*idCert2, "trust-anchor-10-2.cert");
743
744 Name identity3 = identity;
745 identity3.append("Key3");
746 BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
747 Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
748 shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
749 io::save(*idCert3, "trust-anchor-10-3.cert");
750
751
752 Name interestName("/TestValidatorConfig/MaxKeyTest");
753 Name interestName1 = interestName;
754 interestName1.append("1");
755 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
756 Name interestName2 = interestName;
757 interestName2.append("2");
758 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
759 Name interestName3 = interestName;
760 interestName3.append("3");
761 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
762
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]763 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
764 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
765 identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]766 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]767 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
768 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
769 identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]770 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]771 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
772 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
773 identity3)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]774
775 const std::string CONFIG =
776 "rule\n"
777 "{\n"
778 " id \"FixedSignerChecker Interest Rule\"\n"
779 " for interest\n"
780 " filter"
781 " {\n"
782 " type name\n"
783 " name /TestValidatorConfig/MaxKeyTest\n"
784 " relation is-strict-prefix-of\n"
785 " }\n"
786 " checker\n"
787 " {\n"
788 " type fixed-signer\n"
789 " sig-type rsa-sha256\n"
790 " signer\n"
791 " {\n"
792 " type file\n"
793 " file-name \"trust-anchor-10-1.cert\"\n"
794 " }\n"
795 " signer\n"
796 " {\n"
797 " type file\n"
798 " file-name \"trust-anchor-10-2.cert\"\n"
799 " }\n"
800 " signer\n"
801 " {\n"
802 " type file\n"
803 " file-name \"trust-anchor-10-3.cert\"\n"
804 " }\n"
805 " }\n"
806 "}\n";
807 const boost::filesystem::path CONFIG_PATH =
808 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
809
810
811 Face face;
812 ValidatorConfig validator(face,
813 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
814 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
815 10,
816 2, // Two keys can be tracked
817 time::seconds(1)); // TTL is set to 1 sec
818 validator.load(CONFIG, CONFIG_PATH.native());
819
820 validator.validate(*interest1,
821 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
822 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
823
824 validator.validate(*interest2,
825 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
826 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
827
828 validator.validate(*interest1,
829 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
830 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
831
832 validator.validate(*interest3,
833 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
834 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
835
836 // Should succeed because identity1's key has been cleaned up due to space limit.
837 validator.validate(*interest1,
838 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
839 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
840
841 const boost::filesystem::path CERT_PATH1 =
842 (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
843 boost::filesystem::remove(CERT_PATH1);
844
845 const boost::filesystem::path CERT_PATH2 =
846 (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
847 boost::filesystem::remove(CERT_PATH2);
848
849 const boost::filesystem::path CERT_PATH3 =
850 (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
851 boost::filesystem::remove(CERT_PATH3);
852}
853
854BOOST_FIXTURE_TEST_CASE(MaxKeyTest2, security::IdentityManagementFixture)
855{
856 Name identity("/TestValidatorConfig/MaxKeyTest");
857
858 Name identity1 = identity;
859 identity1.append("Key1");
860 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
861 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
862 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
863 io::save(*idCert1, "trust-anchor-10-1.cert");
864
865 Name identity2 = identity;
866 identity2.append("Key2");
867 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
868 Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
869 shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
870 io::save(*idCert2, "trust-anchor-10-2.cert");
871
872 Name identity3 = identity;
873 identity3.append("Key3");
874 BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
875 Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
876 shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
877 io::save(*idCert3, "trust-anchor-10-3.cert");
878
879 Name identity4 = identity;
880 identity4.append("Key4");
881 BOOST_REQUIRE_NO_THROW(addIdentity(identity4));
882 Name certName4 = m_keyChain.getDefaultCertificateNameForIdentity(identity4);
883 shared_ptr<IdentityCertificate> idCert4 = m_keyChain.getCertificate(certName4);
884 io::save(*idCert4, "trust-anchor-10-4.cert");
885
886
887 Name interestName("/TestValidatorConfig/MaxKeyTest");
888 Name interestName1 = interestName;
889 interestName1.append("1");
890 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
891 Name interestName2 = interestName;
892 interestName2.append("2");
893 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
894 Name interestName3 = interestName;
895 interestName3.append("3");
896 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
897 Name interestName4 = interestName;
898 interestName4.append("4");
899 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
900
901
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]902 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
903 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
904 identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]905 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]906 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
907 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
908 identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]909 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]910 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
911 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
912 identity3)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]913 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]914 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest4,
915 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
916 identity4)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]917
918 const std::string CONFIG =
919 "rule\n"
920 "{\n"
921 " id \"FixedSignerChecker Interest Rule\"\n"
922 " for interest\n"
923 " filter"
924 " {\n"
925 " type name\n"
926 " name /TestValidatorConfig/MaxKeyTest\n"
927 " relation is-strict-prefix-of\n"
928 " }\n"
929 " checker\n"
930 " {\n"
931 " type fixed-signer\n"
932 " sig-type rsa-sha256\n"
933 " signer\n"
934 " {\n"
935 " type file\n"
936 " file-name \"trust-anchor-10-1.cert\"\n"
937 " }\n"
938 " signer\n"
939 " {\n"
940 " type file\n"
941 " file-name \"trust-anchor-10-2.cert\"\n"
942 " }\n"
943 " signer\n"
944 " {\n"
945 " type file\n"
946 " file-name \"trust-anchor-10-3.cert\"\n"
947 " }\n"
948 " signer\n"
949 " {\n"
950 " type file\n"
951 " file-name \"trust-anchor-10-4.cert\"\n"
952 " }\n"
953 " }\n"
954 "}\n";
955 const boost::filesystem::path CONFIG_PATH =
956 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
957
958
959 Face face;
960 ValidatorConfig validator(face,
961 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
962 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
963 10,
964 3, // Two keys can be tracked
965 time::seconds(1)); // TTL is set to 1 sec
966 validator.load(CONFIG, CONFIG_PATH.native());
967
968 validator.validate(*interest1,
969 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
970 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
971
972 validator.validate(*interest2,
973 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
974 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
975
976 validator.validate(*interest3,
977 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
978 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
979
980 validator.validate(*interest1,
981 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
982 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
983
984 validator.validate(*interest2,
985 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
986 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
987
988 validator.validate(*interest3,
989 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
990 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
991
992 sleep(2);
993
994 validator.validate(*interest4,
995 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
996 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
997
998 // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
999 validator.validate(*interest1,
1000 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
1001 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
1002
1003 validator.validate(*interest2,
1004 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
1005 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
1006
1007 validator.validate(*interest3,
1008 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
1009 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
1010
1011
1012 const boost::filesystem::path CERT_PATH1 =
1013 (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
1014 boost::filesystem::remove(CERT_PATH1);
1015
1016 const boost::filesystem::path CERT_PATH2 =
1017 (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
1018 boost::filesystem::remove(CERT_PATH2);
1019
1020 const boost::filesystem::path CERT_PATH3 =
1021 (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
1022 boost::filesystem::remove(CERT_PATH3);
1023
1024 const boost::filesystem::path CERT_PATH4 =
1025 (boost::filesystem::current_path() / std::string("trust-anchor-10-4.cert"));
1026 boost::filesystem::remove(CERT_PATH4);
1027}
1028
1029BOOST_FIXTURE_TEST_CASE(FixedSignerChecker2, security::IdentityManagementFixture)
1030{
1031 Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
1032 BOOST_REQUIRE_NO_THROW(addIdentity(rsaIdentity));
1033 Name rsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(rsaIdentity);
1034
1035 Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
1036 BOOST_REQUIRE_NO_THROW(addIdentity(ecdsaIdentity, EcdsaKeyParams()));
1037 Name ecdsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(ecdsaIdentity);
1038 shared_ptr<IdentityCertificate> ecdsaCert = m_keyChain.getCertificate(ecdsaCertName);
1039 io::save(*ecdsaCert, "trust-anchor-11.cert");
1040
1041
1042 Name dataName("/TestValidatorConfig/FixedSignerChecker2");
1043 shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]1044 m_keyChain.sign(*dataRsa,
1045 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1046 rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1047 shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]1048 m_keyChain.sign(*dataEcdsa,
1049 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1050 ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1051
1052 shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]1053 m_keyChain.sign(*interestRsa,
1054 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1055 rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1056 shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]1057 m_keyChain.sign(*interestEcdsa,
1058 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1059 ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1060
1061 const std::string CONFIG =
1062 "rule\n"
1063 "{\n"
1064 " id \"FixedSignerChecker Data Rule\"\n"
1065 " for data\n"
1066 " filter"
1067 " {\n"
1068 " type name\n"
1069 " name /TestValidatorConfig/FixedSignerChecker2\n"
1070 " relation equal\n"
1071 " }\n"
1072 " checker\n"
1073 " {\n"
1074 " type fixed-signer\n"
1075 " sig-type ecdsa-sha256\n"
1076 " signer\n"
1077 " {\n"
1078 " type file\n"
1079 " file-name \"trust-anchor-11.cert\"\n"
1080 " }\n"
1081 " }\n"
1082 "}\n"
1083 "rule\n"
1084 "{\n"
1085 " id \"FixedSignerChecker Interest Rule\"\n"
1086 " for interest\n"
1087 " filter"
1088 " {\n"
1089 " type name\n"
1090 " name /TestValidatorConfig/FixedSignerChecker2\n"
1091 " relation equal\n"
1092 " }\n"
1093 " checker\n"
1094 " {\n"
1095 " type fixed-signer\n"
1096 " sig-type ecdsa-sha256\n"
1097 " signer\n"
1098 " {\n"
1099 " type file\n"
1100 " file-name \"trust-anchor-11.cert\"\n"
1101 " }\n"
1102 " }\n"
1103 "}\n";
1104 const boost::filesystem::path CONFIG_PATH =
1105 (boost::filesystem::current_path() / std::string("unit-test.conf"));
1106
1107
1108 Face face;
1109 ValidatorConfig validator(face);
1110 validator.load(CONFIG, CONFIG_PATH.native());
1111
1112 validator.validate(*dataEcdsa,
1113 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
1114 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
1115
1116 validator.validate(*dataRsa,
1117 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
1118 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
1119
1120 validator.validate(*interestEcdsa,
1121 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
1122 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
1123
1124 validator.validate(*interestRsa,
1125 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
1126 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
1127
1128 const boost::filesystem::path CERT_PATH =
1129 (boost::filesystem::current_path() / std::string("trust-anchor-11.cert"));
1130 boost::filesystem::remove(CERT_PATH);
1131}
1132
1133
1134struct FacesFixture : public security::IdentityManagementTimeFixture
1135{
1136 FacesFixture()
1137 : face1(util::makeDummyClientFace(io, {true, true}))
1138 , face2(util::makeDummyClientFace(io, {true, true}))
1139 , readInterestOffset1(0)
1140 , readDataOffset1(0)
1141 , readInterestOffset2(0)
1142 , readDataOffset2(0)
1143 {
1144 }
1145
1146 bool
1147 passPacket()
1148 {
1149 bool hasPassed = false;
1150
1151 checkFace(face1->sentInterests, readInterestOffset1, *face2, hasPassed);
1152 checkFace(face1->sentDatas, readDataOffset1, *face2, hasPassed);
1153 checkFace(face2->sentInterests, readInterestOffset2, *face1, hasPassed);
1154 checkFace(face2->sentInterests, readDataOffset2, *face1, hasPassed);
1155
1156 return hasPassed;
1157 }
1158
1159 template<typename Packet>
1160 void
1161 checkFace(std::vector<Packet>& receivedPackets,
1162 size_t& readPacketOffset,
1163 util::DummyClientFace& receiver,
1164 bool& hasPassed)
1165 {
1166 while (receivedPackets.size() > readPacketOffset) {
1167 receiver.receive(receivedPackets[readPacketOffset]);
1168 readPacketOffset++;
1169 hasPassed = true;
1170 }
1171 }
1172
1173 ~FacesFixture()
1174 {
1175 }
1176
1177public:
1178 shared_ptr<util::DummyClientFace> face1;
1179 shared_ptr<util::DummyClientFace> face2;
1180
1181 size_t readInterestOffset1;
1182 size_t readDataOffset1;
1183 size_t readInterestOffset2;
1184 size_t readDataOffset2;
1185};
1186
1187BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
1188{
1189 std::vector<CertificateSubjectDescription> subjectDescription;
1190
1191 Name root("/TestValidatorConfig");
1192 BOOST_REQUIRE_NO_THROW(addIdentity(root));
1193 Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
1194 shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
1195 io::save(*rootCert, "trust-anchor-6.cert");
1196
1197
1198 Name sld("/TestValidatorConfig/HierarchicalChecker");
1199 BOOST_REQUIRE_NO_THROW(addIdentity(sld));
1200 advanceClocks(time::milliseconds(100));
1201 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
1202 shared_ptr<IdentityCertificate> sldCert =
1203 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1204 root,
1205 time::system_clock::now(),
1206 time::system_clock::now() + time::days(7300),
1207 subjectDescription);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]1208 m_keyChain.sign(*sldCert,
1209 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1210 root));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1211 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1212
1213 Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
1214 BOOST_REQUIRE_NO_THROW(addIdentity(nld));
1215 advanceClocks(time::milliseconds(100));
1216 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
1217 shared_ptr<IdentityCertificate> nldCert =
1218 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1219 sld,
1220 time::system_clock::now(),
1221 time::system_clock::now() + time::days(7300),
1222 subjectDescription);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]1223 m_keyChain.sign(*nldCert,
1224 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1225 sld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1226 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1227
1228 face1->setInterestFilter(sldCert->getName().getPrefix(-1),
1229 [&] (const InterestFilter&, const Interest&) { face1->put(*sldCert); },
1230 RegisterPrefixSuccessCallback(),
1231 [] (const Name&, const std::string&) {});
1232
1233 face1->setInterestFilter(nldCert->getName().getPrefix(-1),
1234 [&] (const InterestFilter&, const Interest&) { face1->put(*nldCert); },
1235 RegisterPrefixSuccessCallback(),
1236 [] (const Name&, const std::string&) {});
1237
1238 Name dataName1 = nld;
1239 dataName1.append("data1");
1240 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]1241 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
1242 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1243 nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1244
1245 Name dataName2("/ConfValidatorTest");
1246 dataName2.append("data1");
1247 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]1248 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
1249 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1250 nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1251
1252
1253 const std::string CONFIG =
1254 "rule\n"
1255 "{\n"
1256 " id \"Simple3 Rule\"\n"
1257 " for data\n"
1258 " checker\n"
1259 " {\n"
1260 " type hierarchical\n"
1261 " sig-type rsa-sha256\n"
1262 " }\n"
1263 "}\n"
1264 "trust-anchor\n"
1265 "{\n"
1266 " type file\n"
1267 " file-name \"trust-anchor-6.cert\"\n"
1268 "}\n";
1269 const boost::filesystem::path CONFIG_PATH =
1270 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1271
1272
1273 auto validator = make_shared<ValidatorConfig>(face2.get());
1274 validator->load(CONFIG, CONFIG_PATH.native());
1275
1276 advanceClocks(time::milliseconds(2), 100);
1277 validator->validate(*data1,
1278 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
1279 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
1280
1281 do {
1282 advanceClocks(time::milliseconds(2), 10);
1283 } while (passPacket());
1284
1285 validator->validate(*data2,
1286 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
1287 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
1288
1289 do {
1290 advanceClocks(time::milliseconds(2), 10);
1291 } while (passPacket());
1292
1293 const boost::filesystem::path CERT_PATH =
1294 (boost::filesystem::current_path() / std::string("trust-anchor-6.cert"));
1295 boost::filesystem::remove(CERT_PATH);
1296}
1297
1298BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
1299{
1300 advanceClocks(time::milliseconds(0));
1301
1302 std::vector<CertificateSubjectDescription> subjectDescription;
1303
1304 Name root("/TestValidatorConfig");
1305 BOOST_REQUIRE_NO_THROW(addIdentity(root));
1306 Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
1307 shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
1308 io::save(*rootCert, "trust-anchor-8.cert");
1309
1310
1311 Name sld("/TestValidatorConfig/Nrd-1");
1312 BOOST_REQUIRE_NO_THROW(addIdentity(sld));
1313 advanceClocks(time::milliseconds(100));
1314 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
1315 shared_ptr<IdentityCertificate> sldCert =
1316 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1317 root,
1318 time::system_clock::now(),
1319 time::system_clock::now() + time::days(7300),
1320 subjectDescription);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]1321 m_keyChain.sign(*sldCert,
1322 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1323 root));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1324 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1325
1326 Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
1327 BOOST_REQUIRE_NO_THROW(addIdentity(nld));
1328 advanceClocks(time::milliseconds(100));
1329 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
1330 shared_ptr<IdentityCertificate> nldCert =
1331 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1332 sld,
1333 time::system_clock::now(),
1334 time::system_clock::now() + time::days(7300),
1335 subjectDescription);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]1336 m_keyChain.sign(*nldCert,
1337 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1338 sld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1339 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1340
1341 face1->setInterestFilter(sldCert->getName().getPrefix(-1),
1342 [&] (const InterestFilter&, const Interest&) { face1->put(*sldCert); },
1343 RegisterPrefixSuccessCallback(),
1344 [] (const Name&, const std::string&) {});
1345
1346 face1->setInterestFilter(nldCert->getName().getPrefix(-1),
1347 [&] (const InterestFilter&, const Interest&) { face1->put(*nldCert); },
1348 RegisterPrefixSuccessCallback(),
1349 [] (const Name&, const std::string&) {});
1350
1351 advanceClocks(time::milliseconds(10));
1352 Name interestName1("/localhost/nrd/register/option");
1353 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]1354 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
1355 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1356 nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1357
1358 advanceClocks(time::milliseconds(10));
1359 Name interestName2("/localhost/nrd/non-register");
1360 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]1361 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
1362 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1363 nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1364
1365 advanceClocks(time::milliseconds(10));
1366 Name interestName3("/localhost/nrd/register/option");
1367 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]1368 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
1369 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1370 root)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1371
1372 advanceClocks(time::milliseconds(10));
1373 Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
1374 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
1375
1376 const std::string CONFIG =
1377 "rule\n"
1378 "{\n"
1379 " id \"NRD Prefix Registration Command Rule\"\n"
1380 " for interest\n"
1381 " filter\n"
1382 " {\n"
1383 " type name\n"
1384 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
1385 " }\n"
1386 " checker\n"
1387 " {\n"
1388 " type customized\n"
1389 " sig-type rsa-sha256\n"
1390 " key-locator\n"
1391 " {\n"
1392 " type name\n"
1393 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
1394 " }\n"
1395 " }\n"
1396 "}\n"
1397 "rule\n"
1398 "{\n"
1399 " id \"Testbed Hierarchy Rule\"\n"
1400 " for data\n"
1401 " filter\n"
1402 " {\n"
1403 " type name\n"
1404 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
1405 " }\n"
1406 " checker\n"
1407 " {\n"
1408 " type hierarchical\n"
1409 " sig-type rsa-sha256\n"
1410 " }\n"
1411 "}\n"
1412 "trust-anchor\n"
1413 "{\n"
1414 " type file\n"
1415 " file-name \"trust-anchor-8.cert\"\n"
1416 "}\n";
1417 const boost::filesystem::path CONFIG_PATH =
1418 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1419
1420
1421 auto validator = make_shared<ValidatorConfig>(face2.get());
1422 validator->load(CONFIG, CONFIG_PATH.native());
1423
1424 advanceClocks(time::milliseconds(2), 100);
1425
1426 // should succeed
1427 validator->validate(*interest1,
1428 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
1429 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
1430
1431 do {
1432 advanceClocks(time::milliseconds(2), 10);
1433 } while (passPacket());
1434
1435 // should fail
1436 validator->validate(*interest2,
1437 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
1438 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
1439
1440 do {
1441 advanceClocks(time::milliseconds(2), 10);
1442 } while (passPacket());
1443
1444 // should succeed
1445 validator->validate(*interest3,
1446 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
1447 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
1448
1449 do {
1450 advanceClocks(time::milliseconds(2), 10);
1451 } while (passPacket());
1452
1453 // should fail
1454 validator->validate(*interest4,
1455 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
1456 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
1457
1458 do {
1459 advanceClocks(time::milliseconds(2), 10);
1460 } while (passPacket());
1461
1462 const boost::filesystem::path CERT_PATH =
1463 (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
1464 boost::filesystem::remove(CERT_PATH);
1465}
1466
1467struct DirTestFixture : public security::IdentityManagementTimeFixture
1468{
1469 DirTestFixture()
1470 : face(util::makeDummyClientFace(io, {true, true}))
1471 , validator(face.get(), ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
1472 ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
1473 {
1474 certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
1475 boost::filesystem::create_directory(certDirPath);
1476
1477 firstCertPath = (boost::filesystem::current_path() /
1478 std::string("test-cert-dir") /
1479 std::string("trust-anchor-1.cert"));
1480
1481 secondCertPath = (boost::filesystem::current_path() /
1482 std::string("test-cert-dir") /
1483 std::string("trust-anchor-2.cert"));
1484
1485 firstIdentity = Name("/TestValidatorConfig/Dir/First");
1486 BOOST_REQUIRE_NO_THROW(addIdentity(firstIdentity));
1487 Name firstCertName = m_keyChain.getDefaultCertificateNameForIdentity(firstIdentity);
1488 firstCert = m_keyChain.getCertificate(firstCertName);
1489 io::save(*firstCert, firstCertPath.string());
1490
1491 secondIdentity = Name("/TestValidatorConfig/Dir/Second");
1492 BOOST_REQUIRE_NO_THROW(addIdentity(secondIdentity));
1493 Name secondCertName = m_keyChain.getDefaultCertificateNameForIdentity(secondIdentity);
1494 secondCert = m_keyChain.getCertificate(secondCertName);
1495 }
1496
1497 ~DirTestFixture()
1498 {
1499 boost::filesystem::remove_all(certDirPath);
1500 }
1501
1502public:
1503 boost::filesystem::path certDirPath;
1504 boost::filesystem::path firstCertPath;
1505 boost::filesystem::path secondCertPath;
1506
1507 Name firstIdentity;
1508 Name secondIdentity;
1509
1510 shared_ptr<IdentityCertificate> firstCert;
1511 shared_ptr<IdentityCertificate> secondCert;
1512
1513 shared_ptr<util::DummyClientFace> face;
1514 ValidatorConfig validator;
1515};
1516
1517BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
1518{
1519 advanceClocks(time::milliseconds(10));
1520
1521 Name dataName1("/any/data/1");
1522 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]1523 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
1524 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1525 firstIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1526
1527 Name dataName2("/any/data/2");
1528 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame^]1529 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
1530 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1531 secondIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1532
1533 std::string CONFIG =
1534 "rule\n"
1535 "{\n"
1536 " id \"Any Rule\"\n"
1537 " for data\n"
1538 " filter\n"
1539 " {\n"
1540 " type name\n"
1541 " regex ^<>*$\n"
1542 " }\n"
1543 " checker\n"
1544 " {\n"
1545 " type customized\n"
1546 " sig-type rsa-sha256\n"
1547 " key-locator\n"
1548 " {\n"
1549 " type name\n"
1550 " regex ^<>*$\n"
1551 " }\n"
1552 " }\n"
1553 "}\n"
1554 "trust-anchor\n"
1555 "{\n"
1556 " type dir\n"
1557 " dir test-cert-dir\n"
1558 " refresh 1s\n"
1559 "}\n";
1560
1561 const boost::filesystem::path CONFIG_PATH =
1562 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1563
1564 validator.load(CONFIG, CONFIG_PATH.native());
1565
1566 advanceClocks(time::milliseconds(10), 20);
1567 validator.validate(*data1,
1568 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
1569 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
1570 advanceClocks(time::milliseconds(10), 20);
1571
1572 validator.validate(*data2,
1573 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
1574 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
1575 advanceClocks(time::milliseconds(10), 20);
1576
1577 io::save(*secondCert, secondCertPath.string());
1578 advanceClocks(time::milliseconds(10), 200);
1579
1580 validator.validate(*data1,
1581 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
1582 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
1583 advanceClocks(time::milliseconds(10), 20);
1584
1585 validator.validate(*data2,
1586 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
1587 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
1588 advanceClocks(time::milliseconds(10), 20);
1589}
1590
1591BOOST_AUTO_TEST_SUITE_END()
1592
1593} // namespace tests
1594} // namespace ndn