Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 1ece2e3744fa75bb5afc0c2199a86b0b27a4de03 / . / tests / unit-tests / security / v1 / key-chain.t.cpp
blob: ef10ca4f244e09c8b6c049dc372f519ac6ea1ac6 [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]2/**
Alexander Afanasyev4c9a3d52017-01-03 17:45:19 -0800[diff] [blame]3 * Copyright (c) 2013-2017 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]6 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]20 */
21
Alexander Afanasyev4c9a3d52017-01-03 17:45:19 -0800[diff] [blame]22#include "security/v1/key-chain.hpp"
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]23#include "security/validator.hpp"
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]24#include "security/signing-helpers.hpp"
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]25
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]26#include "boost-test.hpp"
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]27#include "dummy-keychain.hpp"
Alexander Afanasyev4c9a3d52017-01-03 17:45:19 -0800[diff] [blame]28#include "../../test-home-env-saver.hpp"
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800[diff] [blame]29#include "test-home-fixture.hpp"
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]30#include "identity-management-fixture.hpp"
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]31
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]32#include <boost/algorithm/string.hpp>
Davide Pesaventoeee3e822016-11-26 19:19:34 +0100[diff] [blame]33#include <boost/filesystem.hpp>
34#include <cstdlib>
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]35
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]36namespace ndn {
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]37namespace security {
Alexander Afanasyev4c9a3d52017-01-03 17:45:19 -0800[diff] [blame]38namespace v1 {
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]39namespace tests {
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]40
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]41using namespace ndn::tests;
42
Davide Pesaventoeee3e822016-11-26 19:19:34 +0100[diff] [blame]43BOOST_AUTO_TEST_SUITE(Security)
Alexander Afanasyev4c9a3d52017-01-03 17:45:19 -0800[diff] [blame]44BOOST_AUTO_TEST_SUITE(V1)
Davide Pesaventoeee3e822016-11-26 19:19:34 +0100[diff] [blame]45BOOST_FIXTURE_TEST_SUITE(TestKeyChain, TestHomeEnvSaver)
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]46
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]47template<class Path>
Alexander Afanasyevcf490552016-06-27 22:51:36 -0700[diff] [blame]48class TestHomeAndPibFixture : public TestHomeFixture<Path>
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]49{
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]50public:
51 TestHomeAndPibFixture()
52 {
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]53 unsetenv("NDN_CLIENT_PIB");
54 unsetenv("NDN_CLIENT_TPM");
55 }
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]56};
57
58struct PibPathSqlite3File
59{
60 const std::string PATH = "build/keys-sqlite3-file/";
61};
62
63BOOST_FIXTURE_TEST_CASE(ConstructorNormalConfig, TestHomeAndPibFixture<PibPathSqlite3File>)
64{
65 createClientConf({"pib=pib-sqlite3:%PATH%", "tpm=tpm-file:%PATH%"});
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]66
67 BOOST_REQUIRE_NO_THROW(KeyChain());
68
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]69 KeyChain keyChain;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]70 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-sqlite3:" + m_pibDir);
71 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-file:" + m_pibDir);
72 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-file:" + m_pibDir);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]73}
74
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]75struct PibPathSqlite3Empty
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]76{
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]77 const std::string PATH = "build/keys-sqlite3-empty/";
78};
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]79
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]80BOOST_FIXTURE_TEST_CASE(ConstructorEmptyConfig, TestHomeAndPibFixture<PibPathSqlite3Empty>)
81{
82 createClientConf({"pib=pib-sqlite3:%PATH%"});
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]83
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]84#if defined(NDN_CXX_HAVE_OSX_SECURITY)
85 std::string oldHOME;
86 if (std::getenv("OLD_HOME"))
87 oldHOME = std::getenv("OLD_HOME");
88
89 std::string HOME;
90 if (std::getenv("HOME"))
91 HOME = std::getenv("HOME");
92
93 if (!oldHOME.empty())
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]94 setenv("HOME", oldHOME.c_str(), true);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]95 else
96 unsetenv("HOME");
97#endif
98
99 BOOST_REQUIRE_NO_THROW(KeyChain());
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]100 KeyChain keyChain;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]101 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-sqlite3:" + m_pibDir);
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]102
103#if defined(NDN_CXX_HAVE_OSX_SECURITY)
104 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-osxkeychain:");
105 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-osxkeychain:");
106#else
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]107 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-file:");
108 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-file:");
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]109#endif
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]110
111#if defined(NDN_CXX_HAVE_OSX_SECURITY)
112 if (!HOME.empty())
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]113 setenv("HOME", HOME.c_str(), true);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]114 else
115 unsetenv("HOME");
116#endif
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]117}
118
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]119struct PibPathEmptyFile
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]120{
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]121 const std::string PATH = "build/keys-empty-file/";
122};
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]123
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]124BOOST_FIXTURE_TEST_CASE(ConstructorEmpty2Config, TestHomeAndPibFixture<PibPathEmptyFile>)
125{
126 createClientConf({"tpm=tpm-file:%PATH%"});
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]127
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]128 BOOST_REQUIRE_NO_THROW(KeyChain());
129
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]130 KeyChain keyChain;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]131 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-sqlite3:");
132 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-file:" + m_pibDir);
133 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-file:" + m_pibDir);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]134}
135
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]136BOOST_FIXTURE_TEST_CASE(ConstructorMalConfig, TestHomeAndPibFixture<DefaultPibDir>)
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]137{
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]138 createClientConf({"pib=lord", "tpm=ring"});
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]139
140 BOOST_REQUIRE_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected.
141}
142
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]143BOOST_FIXTURE_TEST_CASE(ConstructorMal2Config, TestHomeAndPibFixture<DefaultPibDir>)
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]144{
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]145 createClientConf({"pib=pib-sqlite3:%PATH%", "tpm=just-wrong"});
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]146 BOOST_REQUIRE_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected.
147}
148
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800[diff] [blame]149BOOST_FIXTURE_TEST_CASE(ExportIdentity, IdentityManagementV1Fixture)
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]150{
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]151 Name identity("/TestKeyChain/ExportIdentity/");
152 identity.appendVersion();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]153 addIdentity(identity);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]154
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]155 shared_ptr<SecuredBag> exported = m_keyChain.exportIdentity(identity, "1234");
Yingdi Yu64c3fb42014-02-26 17:30:04 -0800[diff] [blame]156
157 Block block = exported->wireEncode();
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]158
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]159 Name keyName = m_keyChain.getDefaultKeyNameForIdentity(identity);
160 Name certName = m_keyChain.getDefaultCertificateNameForKey(keyName);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]161
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]162 m_keyChain.deleteIdentity(identity);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]163
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]164 BOOST_CHECK_EQUAL(m_keyChain.doesIdentityExist(identity), false);
165 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName), false);
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]166 BOOST_CHECK_EQUAL(m_keyChain.doesKeyExistInTpm(keyName, KeyClass::PRIVATE), false);
167 BOOST_CHECK_EQUAL(m_keyChain.doesKeyExistInTpm(keyName, KeyClass::PUBLIC), false);
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]168 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName), false);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]169
Yingdi Yu64c3fb42014-02-26 17:30:04 -0800[diff] [blame]170 SecuredBag imported;
171 imported.wireDecode(block);
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]172 m_keyChain.importIdentity(imported, "1234");
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]173
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]174 BOOST_CHECK(m_keyChain.doesIdentityExist(identity));
175 BOOST_CHECK(m_keyChain.doesPublicKeyExist(keyName));
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]176 BOOST_CHECK(m_keyChain.doesKeyExistInTpm(keyName, KeyClass::PRIVATE));
177 BOOST_CHECK(m_keyChain.doesKeyExistInTpm(keyName, KeyClass::PUBLIC));
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]178 BOOST_CHECK(m_keyChain.doesCertificateExist(certName));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]179}
180
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800[diff] [blame]181BOOST_FIXTURE_TEST_CASE(PrepareIdentityCertificate, IdentityManagementV1Fixture)
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]182{
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]183 Name identity("/TestKeyChain/PrepareIdentityCertificate/");
184 identity.appendVersion();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]185 addIdentity(identity);
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]186
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]187 std::vector<v1::CertificateSubjectDescription> subjectDescription;
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]188 Name lowerIdentity = identity;
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]189 lowerIdentity.append("Lower").appendVersion();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]190 Name lowerKeyName = m_keyChain.generateRsaKeyPair(lowerIdentity, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]191 shared_ptr<v1::IdentityCertificate> idCert =
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]192 m_keyChain.prepareUnsignedIdentityCertificate(lowerKeyName, identity,
193 time::system_clock::now(),
194 time::system_clock::now() + time::days(365),
195 subjectDescription);
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]196 BOOST_CHECK(static_cast<bool>(idCert));
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]197 BOOST_CHECK_EQUAL(idCert->getName().getPrefix(5),
198 Name().append(identity).append("KEY").append("Lower"));
Junxiao Shi8ca43252015-06-11 21:29:43 -0700[diff] [blame]199 BOOST_CHECK(idCert->getFreshnessPeriod() >= time::milliseconds::zero());
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]200
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]201 shared_ptr<v1::IdentityCertificate> idCert11 =
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]202 m_keyChain.prepareUnsignedIdentityCertificate(lowerKeyName, identity,
203 time::system_clock::now(),
204 time::system_clock::now() + time::days(365),
205 subjectDescription,
206 lowerIdentity);
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]207 BOOST_CHECK(static_cast<bool>(idCert11));
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]208 BOOST_CHECK_EQUAL(idCert11->getName().getPrefix(6),
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]209 Name().append(lowerIdentity).append("KEY"));
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]210
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]211 Name anotherIdentity("/TestKeyChain/PrepareIdentityCertificate/Another/");
212 anotherIdentity.appendVersion();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]213 Name anotherKeyName = m_keyChain.generateRsaKeyPair(anotherIdentity, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]214 shared_ptr<v1::IdentityCertificate> idCert2 =
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]215 m_keyChain.prepareUnsignedIdentityCertificate(anotherKeyName, identity,
216 time::system_clock::now(),
217 time::system_clock::now() + time::days(365),
218 subjectDescription);
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]219 BOOST_CHECK(static_cast<bool>(idCert2));
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]220 BOOST_CHECK_EQUAL(idCert2->getName().getPrefix(5), Name().append(anotherIdentity).append("KEY"));
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]221
222
223 Name wrongKeyName1;
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]224 shared_ptr<v1::IdentityCertificate> idCert3 =
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]225 m_keyChain.prepareUnsignedIdentityCertificate(wrongKeyName1, identity,
226 time::system_clock::now(),
227 time::system_clock::now() + time::days(365),
228 subjectDescription);
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]229 BOOST_CHECK_EQUAL(static_cast<bool>(idCert3), false);
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]230
231
232 Name wrongKeyName2("/TestKeyChain/PrepareIdentityCertificate");
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]233 shared_ptr<v1::IdentityCertificate> idCert4 =
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]234 m_keyChain.prepareUnsignedIdentityCertificate(wrongKeyName2, identity,
235 time::system_clock::now(),
236 time::system_clock::now() + time::days(365),
237 subjectDescription);
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]238 BOOST_CHECK_EQUAL(static_cast<bool>(idCert4), false);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]239
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]240
241 Name wrongKeyName3("/TestKeyChain/PrepareIdentityCertificate/ksk-1234");
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]242 shared_ptr<v1::IdentityCertificate> idCert5 =
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]243 m_keyChain.prepareUnsignedIdentityCertificate(wrongKeyName3, identity,
244 time::system_clock::now(),
245 time::system_clock::now() + time::days(365),
246 subjectDescription);
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]247 BOOST_CHECK_EQUAL(static_cast<bool>(idCert5), false);
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]248}
249
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800[diff] [blame]250BOOST_FIXTURE_TEST_CASE(Delete, IdentityManagementV1Fixture)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]251{
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]252 Name identity("/TestSecPublicInfoSqlite3/Delete");
253 identity.appendVersion();
254
255 Name certName1;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]256 BOOST_REQUIRE_NO_THROW(certName1 = m_keyChain.createIdentity(identity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]257
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]258 Name keyName1 = v1::IdentityCertificate::certificateNameToPublicKeyName(certName1);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]259 Name keyName2;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]260 BOOST_REQUIRE_NO_THROW(keyName2 = m_keyChain.generateRsaKeyPairAsDefault(identity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]261
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]262 shared_ptr<v1::IdentityCertificate> cert2;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]263 BOOST_REQUIRE_NO_THROW(cert2 = m_keyChain.selfSign(keyName2));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]264 Name certName2 = cert2->getName();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]265 BOOST_REQUIRE_NO_THROW(m_keyChain.addCertificateAsKeyDefault(*cert2));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]266
267 Name keyName3;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]268 BOOST_REQUIRE_NO_THROW(keyName3 = m_keyChain.generateRsaKeyPairAsDefault(identity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]269
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]270 shared_ptr<v1::IdentityCertificate> cert3;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]271 BOOST_REQUIRE_NO_THROW(cert3 = m_keyChain.selfSign(keyName3));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]272 Name certName3 = cert3->getName();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]273 BOOST_REQUIRE_NO_THROW(m_keyChain.addCertificateAsKeyDefault(*cert3));
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]274 shared_ptr<v1::IdentityCertificate> cert4;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]275 BOOST_REQUIRE_NO_THROW(cert4 = m_keyChain.selfSign(keyName3));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]276 Name certName4 = cert4->getName();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]277 BOOST_REQUIRE_NO_THROW(m_keyChain.addCertificateAsKeyDefault(*cert4));
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]278 shared_ptr<v1::IdentityCertificate> cert5;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]279 BOOST_REQUIRE_NO_THROW(cert5 = m_keyChain.selfSign(keyName3));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]280 Name certName5 = cert5->getName();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]281 BOOST_REQUIRE_NO_THROW(m_keyChain.addCertificateAsKeyDefault(*cert5));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]282
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]283 BOOST_CHECK_EQUAL(m_keyChain.doesIdentityExist(identity), true);
284 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName1), true);
285 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName2), true);
286 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName3), true);
287 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName1), true);
288 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName2), true);
289 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName3), true);
290 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName4), true);
291 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName5), true);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]292
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]293 BOOST_REQUIRE_NO_THROW(m_keyChain.deleteCertificate(certName5));
294 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName5), false);
295 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName3), true);
296 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName4), true);
297 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName3), true);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]298
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]299 BOOST_REQUIRE_NO_THROW(m_keyChain.deleteKey(keyName3));
300 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName4), false);
301 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName3), false);
302 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName3), false);
303 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName2), true);
304 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName1), true);
305 BOOST_CHECK_EQUAL(m_keyChain.doesIdentityExist(identity), true);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]306
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]307 BOOST_REQUIRE_NO_THROW(m_keyChain.deleteIdentity(identity));
308 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName2), false);
309 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName2), false);
310 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName1), false);
311 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName1), false);
312 BOOST_CHECK_EQUAL(m_keyChain.doesIdentityExist(identity), false);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]313}
314
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]315BOOST_AUTO_TEST_CASE(KeyChainWithCustomTpmAndPib)
316{
317 BOOST_REQUIRE_NO_THROW((KeyChain("pib-dummy", "tpm-dummy")));
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800[diff] [blame]318 BOOST_REQUIRE_NO_THROW((KeyChain("pib-dummy2", "tpm-dummy2")));
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]319 BOOST_REQUIRE_NO_THROW((KeyChain("dummy", "dummy")));
320 BOOST_REQUIRE_NO_THROW((KeyChain("dummy:", "dummy:")));
321 BOOST_REQUIRE_NO_THROW((KeyChain("dummy:/something", "dummy:/something")));
322
323 KeyChain keyChain("dummy", "dummy");
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800[diff] [blame]324 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-dummy:");
325 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-dummy:");
326 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-dummy:");
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]327 BOOST_CHECK_EQUAL(keyChain.getDefaultIdentity(), "/dummy/key");
328}
329
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800[diff] [blame]330BOOST_FIXTURE_TEST_CASE(GeneralSigningInterface, IdentityManagementV1Fixture)
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]331{
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]332 Name id("/id");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]333 Name certName = m_keyChain.createIdentity(id);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]334 shared_ptr<v1::IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]335 Name keyName = idCert->getPublicKeyName();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]336 m_keyChain.setDefaultIdentity(id);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]337
338 Name id2("/id2");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]339 Name cert2Name = m_keyChain.createIdentity(id2);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]340 shared_ptr<v1::IdentityCertificate> id2Cert = m_keyChain.getCertificate(cert2Name);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]341
342 // SigningInfo is set to default
343 Data data1("/data1");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]344 m_keyChain.sign(data1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]345 BOOST_CHECK(Validator::verifySignature(data1, idCert->getPublicKeyInfo()));
346 BOOST_CHECK_EQUAL(data1.getSignature().getKeyLocator().getName(), certName.getPrefix(-1));
347
348 Interest interest1("/interest1");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]349 m_keyChain.sign(interest1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]350 BOOST_CHECK(Validator::verifySignature(interest1, idCert->getPublicKeyInfo()));
351 SignatureInfo sigInfo1(interest1.getName()[-2].blockFromValue());
352 BOOST_CHECK_EQUAL(sigInfo1.getKeyLocator().getName(), certName.getPrefix(-1));
353
354 // SigningInfo is set to Identity
355 Data data2("/data2");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]356 m_keyChain.sign(data2, SigningInfo(SigningInfo::SIGNER_TYPE_ID, id2));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]357 BOOST_CHECK(Validator::verifySignature(data2, id2Cert->getPublicKeyInfo()));
358 BOOST_CHECK_EQUAL(data2.getSignature().getKeyLocator().getName(), cert2Name.getPrefix(-1));
359
360 Interest interest2("/interest2");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]361 m_keyChain.sign(interest2, SigningInfo(SigningInfo::SIGNER_TYPE_ID, id2));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]362 BOOST_CHECK(Validator::verifySignature(interest2, id2Cert->getPublicKeyInfo()));
363 SignatureInfo sigInfo2(interest2.getName()[-2].blockFromValue());
364 BOOST_CHECK_EQUAL(sigInfo2.getKeyLocator().getName(), cert2Name.getPrefix(-1));
365
366 // SigningInfo is set to Key
367 Data data3("/data3");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]368 m_keyChain.sign(data3, SigningInfo(SigningInfo::SIGNER_TYPE_KEY, keyName));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]369 BOOST_CHECK(Validator::verifySignature(data3, idCert->getPublicKeyInfo()));
370 BOOST_CHECK_EQUAL(data3.getSignature().getKeyLocator().getName(), certName.getPrefix(-1));
371
372 Interest interest3("/interest3");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]373 m_keyChain.sign(interest3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]374 BOOST_CHECK(Validator::verifySignature(interest3, idCert->getPublicKeyInfo()));
375 SignatureInfo sigInfo3(interest1.getName()[-2].blockFromValue());
376 BOOST_CHECK_EQUAL(sigInfo3.getKeyLocator().getName(), certName.getPrefix(-1));
377
378 // SigningInfo is set to Cert
379 Data data4("/data4");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]380 m_keyChain.sign(data4, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certName));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]381 BOOST_CHECK(Validator::verifySignature(data4, idCert->getPublicKeyInfo()));
382 BOOST_CHECK_EQUAL(data4.getSignature().getKeyLocator().getName(), certName.getPrefix(-1));
383
384 Interest interest4("/interest4");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]385 m_keyChain.sign(interest4, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certName));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]386 BOOST_CHECK(Validator::verifySignature(interest4, idCert->getPublicKeyInfo()));
387 SignatureInfo sigInfo4(interest4.getName()[-2].blockFromValue());
388 BOOST_CHECK_EQUAL(sigInfo4.getKeyLocator().getName(), certName.getPrefix(-1));
389
390
391 // SigningInfo is set to DigestSha256
392 Data data5("/data5");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]393 m_keyChain.sign(data5, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]394 BOOST_CHECK(Validator::verifySignature(data5, DigestSha256(data5.getSignature())));
395
396 Interest interest5("/interest4");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]397 m_keyChain.sign(interest5, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]398 BOOST_CHECK(Validator::verifySignature(interest5,
399 DigestSha256(Signature(interest5.getName()[-2].blockFromValue(),
400 interest5.getName()[-1].blockFromValue()))));
401}
402
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800[diff] [blame]403BOOST_FIXTURE_TEST_CASE(EcdsaSigningByIdentityNoCert, IdentityManagementV1Fixture)
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]404{
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]405 Data data("/test/data");
406
407 Name nonExistingIdentity = Name("/non-existing/identity").appendVersion();
408
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]409 BOOST_CHECK_NO_THROW(m_keyChain.sign(data, signingByIdentity(nonExistingIdentity)));
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]410 BOOST_CHECK_EQUAL(data.getSignature().getType(),
411 KeyChain::getSignatureType(KeyChain::DEFAULT_KEY_PARAMS.getKeyType(),
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]412 DigestAlgorithm::SHA256));
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]413 BOOST_CHECK(nonExistingIdentity.isPrefixOf(data.getSignature().getKeyLocator().getName()));
414
Spyridon Mastorakis1ece2e32015-08-27 18:52:21 -0700[diff] [blame^]415 Name ecIdentity = Name("/ndn/test/ec").appendVersion();
416 Name ecKeyName = m_keyChain.generateEcKeyPairAsDefault(ecIdentity, false, 256);
417 BOOST_CHECK_NO_THROW(m_keyChain.sign(data, signingByIdentity(ecIdentity)));
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]418 BOOST_CHECK_EQUAL(data.getSignature().getType(),
Spyridon Mastorakis1ece2e32015-08-27 18:52:21 -0700[diff] [blame^]419 KeyChain::getSignatureType(EcKeyParams().getKeyType(), DigestAlgorithm::SHA256));
420 BOOST_CHECK(ecIdentity.isPrefixOf(data.getSignature().getKeyLocator().getName()));
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]421}
422
Davide Pesaventoeee3e822016-11-26 19:19:34 +0100[diff] [blame]423BOOST_AUTO_TEST_SUITE_END() // TestKeyChain
Alexander Afanasyev4c9a3d52017-01-03 17:45:19 -0800[diff] [blame]424BOOST_AUTO_TEST_SUITE_END() // V1
Davide Pesaventoeee3e822016-11-26 19:19:34 +0100[diff] [blame]425BOOST_AUTO_TEST_SUITE_END() // Security
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]426
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]427} // namespace tests
Alexander Afanasyev4c9a3d52017-01-03 17:45:19 -0800[diff] [blame]428} // namespace v1
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]429} // namespace security
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]430} // namespace ndn