Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 1caa634dca20197bacc010e07678b5d69aa5bfa2 / . / tests / unit / security / validation-policy-command-interest.t.cpp
blob: 9f320560d39412caaa9152a39686f4b4c6ce9571 [file] [log] [blame]
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Junxiao Shi2bea5c42017-08-14 20:10:32 +0000[diff] [blame]2/*
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]3 * Copyright (c) 2013-2020 Regents of the University of California.
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]22#include "ndn-cxx/security/validation-policy-command-interest.hpp"
Davide Pesavento7e780642018-11-24 15:51:34 -0500[diff] [blame]23#include "ndn-cxx/security/command-interest-signer.hpp"
24#include "ndn-cxx/security/signing-helpers.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]25#include "ndn-cxx/security/validation-policy-accept-all.hpp"
26#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]27
Davide Pesavento7e780642018-11-24 15:51:34 -0500[diff] [blame]28#include "tests/boost-test.hpp"
29#include "tests/make-interest-data.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]30#include "tests/unit/security/validator-fixture.hpp"
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]31
32#include <boost/lexical_cast.hpp>
33#include <boost/mpl/vector.hpp>
34
35namespace ndn {
36namespace security {
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]37inline namespace v2 {
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]38namespace tests {
39
40using namespace ndn::tests;
41
42BOOST_AUTO_TEST_SUITE(Security)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]43
Eric Newberry1caa6342020-08-23 19:29:08 -0700[diff] [blame^]44class CommandInterestDefaultOptions
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]45{
46public:
47 static ValidationPolicyCommandInterest::Options
48 getOptions()
49 {
50 return {};
51 }
52};
53
54template<class T, class InnerPolicy>
55class CommandInterestPolicyWrapper : public ValidationPolicyCommandInterest
56{
57public:
58 CommandInterestPolicyWrapper()
59 : ValidationPolicyCommandInterest(make_unique<InnerPolicy>(), T::getOptions())
60 {
61 }
62};
63
64template<class T, class InnerPolicy = ValidationPolicySimpleHierarchy>
65class ValidationPolicyCommandInterestFixture : public HierarchicalValidatorFixture<CommandInterestPolicyWrapper<T, InnerPolicy>>
66{
67public:
68 ValidationPolicyCommandInterestFixture()
69 : m_signer(this->m_keyChain)
70 {
71 }
72
73 Interest
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]74 makeCommandInterest(const Identity& identity, bool wantV3 = false)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]75 {
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]76 if (wantV3) {
77 Interest i(Name(identity.getName()).append("CMD"));
78 i.setCanBePrefix(false);
79 m_signer.makeSignedInterest(i, signingByIdentity(identity));
80 return i;
81 }
82 else {
83 return m_signer.makeCommandInterest(Name(identity.getName()).append("CMD"),
84 signingByIdentity(identity));
85 }
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]86 }
87
88public:
89 CommandInterestSigner m_signer;
90};
91
Eric Newberry1caa6342020-08-23 19:29:08 -0700[diff] [blame^]92BOOST_FIXTURE_TEST_SUITE(TestValidationPolicyCommandInterest,
93 ValidationPolicyCommandInterestFixture<CommandInterestDefaultOptions>)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]94
95BOOST_AUTO_TEST_SUITE(Accepts)
96
97BOOST_AUTO_TEST_CASE(Basic)
98{
99 auto i1 = makeCommandInterest(identity);
100 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]101 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]102
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]103 advanceClocks(5_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]104 auto i2 = makeCommandInterest(identity);
105 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]106
107 auto i3 = m_signer.makeCommandInterest(Name(identity.getName()).append("CMD"), signingWithSha256());
108 VALIDATE_FAILURE(i3, "Should fail (Sha256 signature violates policy)");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]109}
110
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]111BOOST_AUTO_TEST_CASE(BasicV3)
112{
113 auto i1 = makeCommandInterest(identity, true);
114 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
115 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
116
117 advanceClocks(5_ms);
118 auto i2 = makeCommandInterest(identity, true);
119 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
120
121 Interest i3(Name(identity.getName()).append("CMD"));
122 i3.setCanBePrefix(false);
123 m_signer.makeSignedInterest(i3, signingWithSha256());
124 VALIDATE_FAILURE(i3, "Should fail (Sha256 signature violates policy)");
125}
126
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]127BOOST_AUTO_TEST_CASE(DataPassthru)
128{
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]129 Data d1("/Security/ValidatorFixture/Sub1");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]130 m_keyChain.sign(d1);
131 VALIDATE_SUCCESS(d1, "Should succeed (fallback on inner validation policy for data)");
132}
133
Eric Newberry1caa6342020-08-23 19:29:08 -0700[diff] [blame^]134using ValidationPolicyAcceptAllCommands = ValidationPolicyCommandInterestFixture<CommandInterestDefaultOptions,
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]135 ValidationPolicyAcceptAll>;
136
137BOOST_FIXTURE_TEST_CASE(SignedWithSha256, ValidationPolicyAcceptAllCommands) // Bug 4635
138{
139 auto i1 = m_signer.makeCommandInterest("/hello/world/CMD", signingWithSha256());
140 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
141 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
142
143 advanceClocks(5_ms);
144 auto i2 = m_signer.makeCommandInterest("/hello/world/CMD", signingWithSha256());
145 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
146}
147
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]148BOOST_AUTO_TEST_SUITE_END() // Accepts
149
150BOOST_AUTO_TEST_SUITE(Rejects)
151
152BOOST_AUTO_TEST_CASE(NameTooShort)
153{
154 auto i1 = makeInterest("/name/too/short");
155 VALIDATE_FAILURE(*i1, "Should fail (name is too short)");
156}
157
158BOOST_AUTO_TEST_CASE(BadTimestamp)
159{
160 auto i1 = makeCommandInterest(identity);
161 setNameComponent(i1, command_interest::POS_TIMESTAMP, "not-timestamp");
162 VALIDATE_FAILURE(i1, "Should fail (timestamp is missing)");
163}
164
165BOOST_AUTO_TEST_CASE(BadSigInfo)
166{
167 auto i1 = makeCommandInterest(identity);
168 setNameComponent(i1, command_interest::POS_SIG_INFO, "not-SignatureInfo");
169 VALIDATE_FAILURE(i1, "Should fail (signature info is missing)");
170}
171
172BOOST_AUTO_TEST_CASE(MissingKeyLocator)
173{
174 auto i1 = makeCommandInterest(identity);
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]175 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]176 setNameComponent(i1, command_interest::POS_SIG_INFO,
177 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
178 VALIDATE_FAILURE(i1, "Should fail (missing KeyLocator)");
179}
180
181BOOST_AUTO_TEST_CASE(BadKeyLocatorType)
182{
183 auto i1 = makeCommandInterest(identity);
184 KeyLocator kl;
185 kl.setKeyDigest(makeBinaryBlock(tlv::KeyDigest, "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD", 8));
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]186 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]187 sigInfo.setKeyLocator(kl);
188 setNameComponent(i1, command_interest::POS_SIG_INFO,
189 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
190 VALIDATE_FAILURE(i1, "Should fail (bad KeyLocator type)");
191}
192
193BOOST_AUTO_TEST_CASE(BadCertName)
194{
195 auto i1 = makeCommandInterest(identity);
196 KeyLocator kl;
197 kl.setName("/bad/cert/name");
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]198 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]199 sigInfo.setKeyLocator(kl);
200 setNameComponent(i1, command_interest::POS_SIG_INFO,
201 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
202 VALIDATE_FAILURE(i1, "Should fail (bad certificate name)");
203}
204
205BOOST_AUTO_TEST_CASE(InnerPolicyReject)
206{
207 auto i1 = makeCommandInterest(otherIdentity);
208 VALIDATE_FAILURE(i1, "Should fail (inner policy should reject)");
209}
210
211class GracePeriod15Sec
212{
213public:
214 static ValidationPolicyCommandInterest::Options
215 getOptions()
216 {
217 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]218 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]219 return options;
220 }
221};
222
223BOOST_FIXTURE_TEST_CASE(TimestampOutOfGracePositive, ValidationPolicyCommandInterestFixture<GracePeriod15Sec>)
224{
225 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]226 advanceClocks(16_s); // verifying at +16s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]227 VALIDATE_FAILURE(i1, "Should fail (timestamp outside the grace period)");
228 rewindClockAfterValidation();
229
230 auto i2 = makeCommandInterest(identity); // signed at +16s
231 VALIDATE_SUCCESS(i2, "Should succeed");
232}
233
234BOOST_FIXTURE_TEST_CASE(TimestampOutOfGraceNegative, ValidationPolicyCommandInterestFixture<GracePeriod15Sec>)
235{
236 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]237 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]238 auto i2 = makeCommandInterest(identity); // signed at +1s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]239 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]240 auto i3 = makeCommandInterest(identity); // signed at +2s
241
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]242 systemClock->advance(-18_s); // verifying at -16s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]243 VALIDATE_FAILURE(i1, "Should fail (timestamp outside the grace period)");
244 rewindClockAfterValidation();
245
246 // CommandInterestValidator should not remember i1's timestamp
247 VALIDATE_FAILURE(i2, "Should fail (timestamp outside the grace period)");
248 rewindClockAfterValidation();
249
250 // CommandInterestValidator should not remember i2's timestamp, and should treat i3 as initial
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]251 advanceClocks(18_s); // verifying at +2s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]252 VALIDATE_SUCCESS(i3, "Should succeed");
253}
254
255BOOST_AUTO_TEST_CASE(TimestampReorderEqual)
256{
257 auto i1 = makeCommandInterest(identity); // signed at 0s
258 VALIDATE_SUCCESS(i1, "Should succeed");
259
260 auto i2 = makeCommandInterest(identity); // signed at 0s
261 setNameComponent(i2, command_interest::POS_TIMESTAMP,
262 i1.getName()[command_interest::POS_TIMESTAMP]);
263 VALIDATE_FAILURE(i2, "Should fail (timestamp reordered)");
264
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]265 advanceClocks(2_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]266 auto i3 = makeCommandInterest(identity); // signed at +2s
267 VALIDATE_SUCCESS(i3, "Should succeed");
268}
269
270BOOST_AUTO_TEST_CASE(TimestampReorderNegative)
271{
272 auto i2 = makeCommandInterest(identity); // signed at 0ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]273 advanceClocks(200_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]274 auto i3 = makeCommandInterest(identity); // signed at +200ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]275 advanceClocks(900_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]276 auto i1 = makeCommandInterest(identity); // signed at +1100ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]277 advanceClocks(300_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]278 auto i4 = makeCommandInterest(identity); // signed at +1400ms
279
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]280 systemClock->advance(-300_ms); // verifying at +1100ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]281 VALIDATE_SUCCESS(i1, "Should succeed");
282 rewindClockAfterValidation();
283
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]284 systemClock->advance(-1100_ms); // verifying at 0ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]285 VALIDATE_FAILURE(i2, "Should fail (timestamp reordered)");
286 rewindClockAfterValidation();
287
288 // CommandInterestValidator should not remember i2's timestamp
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]289 advanceClocks(200_ms); // verifying at +200ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]290 VALIDATE_FAILURE(i3, "Should fail (timestamp reordered)");
291 rewindClockAfterValidation();
292
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]293 advanceClocks(1200_ms); // verifying at 1400ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]294 VALIDATE_SUCCESS(i4, "Should succeed");
295}
296
297BOOST_AUTO_TEST_SUITE_END() // Rejects
298
299BOOST_AUTO_TEST_SUITE(Options)
300
301template<class T>
302class GracePeriod
303{
304public:
305 static ValidationPolicyCommandInterest::Options
306 getOptions()
307 {
308 ValidationPolicyCommandInterest::Options options;
309 options.gracePeriod = time::seconds(T::value);
310 return options;
311 }
312};
313
314typedef boost::mpl::vector<
315 GracePeriod<boost::mpl::int_<0>>,
316 GracePeriod<boost::mpl::int_<-1>>
317> GraceNonPositiveValues;
318
319BOOST_FIXTURE_TEST_CASE_TEMPLATE(GraceNonPositive, GracePeriod, GraceNonPositiveValues,
320 ValidationPolicyCommandInterestFixture<GracePeriod>)
321{
322 auto i1 = this->makeCommandInterest(this->identity); // signed at 0ms
323 auto i2 = this->makeCommandInterest(this->subIdentity); // signed at 0ms
324 for (auto interest : {&i1, &i2}) {
325 setNameComponent(*interest, command_interest::POS_TIMESTAMP,
326 name::Component::fromNumber(time::toUnixTimestamp(time::system_clock::now()).count()));
327 } // ensure timestamps are exactly 0ms
328
329 VALIDATE_SUCCESS(i1, "Should succeed when validating at 0ms");
330 this->rewindClockAfterValidation();
331
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]332 this->advanceClocks(1_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]333 VALIDATE_FAILURE(i2, "Should fail when validating at 1ms");
334}
335
336class LimitedRecordsOptions
337{
338public:
339 static ValidationPolicyCommandInterest::Options
340 getOptions()
341 {
342 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]343 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]344 options.maxRecords = 3;
345 return options;
346 }
347};
348
349BOOST_FIXTURE_TEST_CASE(LimitedRecords, ValidationPolicyCommandInterestFixture<LimitedRecordsOptions>)
350{
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]351 Identity id1 = this->addSubCertificate("/Security/ValidatorFixture/Sub1", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]352 this->cache.insert(id1.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]353 Identity id2 = this->addSubCertificate("/Security/ValidatorFixture/Sub2", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]354 this->cache.insert(id2.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]355 Identity id3 = this->addSubCertificate("/Security/ValidatorFixture/Sub3", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]356 this->cache.insert(id3.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]357 Identity id4 = this->addSubCertificate("/Security/ValidatorFixture/Sub4", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]358 this->cache.insert(id4.getDefaultKey().getDefaultCertificate());
359
360 auto i1 = makeCommandInterest(id2);
361 auto i2 = makeCommandInterest(id3);
362 auto i3 = makeCommandInterest(id4);
363 auto i00 = makeCommandInterest(id1); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]364 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]365 auto i01 = makeCommandInterest(id1); // signed at 1s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]366 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]367 auto i02 = makeCommandInterest(id1); // signed at 2s
368
369 VALIDATE_SUCCESS(i00, "Should succeed");
370 rewindClockAfterValidation();
371
372 VALIDATE_SUCCESS(i02, "Should succeed");
373 rewindClockAfterValidation();
374
375 VALIDATE_SUCCESS(i1, "Should succeed");
376 rewindClockAfterValidation();
377
378 VALIDATE_SUCCESS(i2, "Should succeed");
379 rewindClockAfterValidation();
380
381 VALIDATE_SUCCESS(i3, "Should succeed, forgets identity id1");
382 rewindClockAfterValidation();
383
384 VALIDATE_SUCCESS(i01, "Should succeed despite timestamp is reordered, because record has been evicted");
385}
386
387class UnlimitedRecordsOptions
388{
389public:
390 static ValidationPolicyCommandInterest::Options
391 getOptions()
392 {
393 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]394 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]395 options.maxRecords = -1;
396 return options;
397 }
398};
399
400BOOST_FIXTURE_TEST_CASE(UnlimitedRecords, ValidationPolicyCommandInterestFixture<UnlimitedRecordsOptions>)
401{
402 std::vector<Identity> identities;
403 for (int i = 0; i < 20; ++i) {
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]404 Identity id = this->addSubCertificate("/Security/ValidatorFixture/Sub" + to_string(i), identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]405 this->cache.insert(id.getDefaultKey().getDefaultCertificate());
406 identities.push_back(id);
407 }
408
409 auto i1 = makeCommandInterest(identities.at(0)); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]410 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]411 for (int i = 0; i < 20; ++i) {
412 auto i2 = makeCommandInterest(identities.at(i)); // signed at +1s
413
414 VALIDATE_SUCCESS(i2, "Should succeed");
415 rewindClockAfterValidation();
416 }
417 VALIDATE_FAILURE(i1, "Should fail (timestamp reorder)");
418}
419
420class ZeroRecordsOptions
421{
422public:
423 static ValidationPolicyCommandInterest::Options
424 getOptions()
425 {
426 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]427 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]428 options.maxRecords = 0;
429 return options;
430 }
431};
432
433BOOST_FIXTURE_TEST_CASE(ZeroRecords, ValidationPolicyCommandInterestFixture<ZeroRecordsOptions>)
434{
435 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]436 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]437 auto i2 = makeCommandInterest(identity); // signed at +1s
438 VALIDATE_SUCCESS(i2, "Should succeed");
439 rewindClockAfterValidation();
440
441 VALIDATE_SUCCESS(i1, "Should succeed despite timestamp is reordered, because record isn't kept");
442}
443
444class LimitedRecordLifetimeOptions
445{
446public:
447 static ValidationPolicyCommandInterest::Options
448 getOptions()
449 {
450 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]451 options.gracePeriod = 400_s;
452 options.recordLifetime = 300_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]453 return options;
454 }
455};
456
457BOOST_FIXTURE_TEST_CASE(LimitedRecordLifetime, ValidationPolicyCommandInterestFixture<LimitedRecordLifetimeOptions>)
458{
459 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]460 advanceClocks(240_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]461 auto i2 = makeCommandInterest(identity); // signed at +240s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]462 advanceClocks(120_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]463 auto i3 = makeCommandInterest(identity); // signed at +360s
464
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]465 systemClock->advance(-360_s); // rewind system clock to 0s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]466 VALIDATE_SUCCESS(i1, "Should succeed");
467 rewindClockAfterValidation();
468
469 VALIDATE_SUCCESS(i3, "Should succeed");
470 rewindClockAfterValidation();
471
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]472 advanceClocks(30_s, 301_s); // advance steady clock by 301s, and system clock to +301s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]473 VALIDATE_SUCCESS(i2, "Should succeed despite timestamp is reordered, because record has been expired");
474}
475
476class ZeroRecordLifetimeOptions
477{
478public:
479 static ValidationPolicyCommandInterest::Options
480 getOptions()
481 {
482 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]483 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]484 options.recordLifetime = time::seconds::zero();
485 return options;
486 }
487};
488
489BOOST_FIXTURE_TEST_CASE(ZeroRecordLifetime, ValidationPolicyCommandInterestFixture<ZeroRecordLifetimeOptions>)
490{
491 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]492 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]493 auto i2 = makeCommandInterest(identity); // signed at +1s
494 VALIDATE_SUCCESS(i2, "Should succeed");
495 rewindClockAfterValidation();
496
497 VALIDATE_SUCCESS(i1, "Should succeed despite timestamp is reordered, because record has been expired");
498}
499
500BOOST_AUTO_TEST_SUITE_END() // Options
501
502BOOST_AUTO_TEST_SUITE_END() // TestValidationPolicyCommandInterest
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]503BOOST_AUTO_TEST_SUITE_END() // Security
504
505} // namespace tests
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]506} // inline namespace v2
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]507} // namespace security
508} // namespace ndn