Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 2d08539268b087e6f3ff810db4b9386ae087ca57 / . / tests / unit / security / validation-policy-command-interest.t.cpp
blob: 069c1beaf2037673df299a1d74cd89b801231bbd [file] [log] [blame]
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Junxiao Shi2bea5c42017-08-14 20:10:32 +0000[diff] [blame]2/*
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]3 * Copyright (c) 2013-2024 Regents of the University of California.
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]22#include "ndn-cxx/security/validation-policy-command-interest.hpp"
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]23
Davide Pesavento77c5ce82021-05-07 16:12:02 -0400[diff] [blame]24#include "ndn-cxx/security/interest-signer.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]25#include "ndn-cxx/security/validation-policy-accept-all.hpp"
26#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]27
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]28#include "tests/test-common.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]29#include "tests/unit/security/validator-fixture.hpp"
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]30
Davide Pesavento49e1e872023-11-11 00:45:23 -0500[diff] [blame]31#include <boost/mp11/list.hpp>
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]32
Davide Pesavento47ce2ee2023-05-09 01:33:33 -0400[diff] [blame]33namespace ndn::tests {
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]34
Davide Pesavento47ce2ee2023-05-09 01:33:33 -0400[diff] [blame]35using namespace ndn::security;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]36
37BOOST_AUTO_TEST_SUITE(Security)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]38
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]39struct CommandInterestDefaultOptions
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]40{
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]41 static auto
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]42 getOptions()
43 {
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]44 return ValidationPolicyCommandInterest::Options{};
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]45 }
46};
47
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]48template<class ValidationOptions, class InnerPolicy>
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]49class CommandInterestPolicyWrapper : public ValidationPolicyCommandInterest
50{
51public:
52 CommandInterestPolicyWrapper()
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]53 : ValidationPolicyCommandInterest(make_unique<InnerPolicy>(), ValidationOptions::getOptions())
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]54 {
55 }
56};
57
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]58template<class ValidationOptions = CommandInterestDefaultOptions,
59 class InnerPolicy = ValidationPolicySimpleHierarchy>
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]60class ValidationPolicyCommandInterestFixture
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]61 : public HierarchicalValidatorFixture<CommandInterestPolicyWrapper<ValidationOptions, InnerPolicy>>
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]62{
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]63protected:
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]64 Interest
Davide Pesaventof6b45892023-03-13 15:00:51 -0400[diff] [blame]65 makeCommandInterest(const Identity& id, SignedInterestFormat format = SignedInterestFormat::V02)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]66 {
Davide Pesaventof6b45892023-03-13 15:00:51 -0400[diff] [blame]67 Name name = id.getName();
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]68 name.append("CMD");
69 switch (format) {
70 case SignedInterestFormat::V02:
Davide Pesaventof6b45892023-03-13 15:00:51 -0400[diff] [blame]71 return m_signer.makeCommandInterest(name, signingByIdentity(id));
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]72 case SignedInterestFormat::V03: {
73 Interest interest(name);
Davide Pesaventof6b45892023-03-13 15:00:51 -0400[diff] [blame]74 m_signer.makeSignedInterest(interest, signingByIdentity(id));
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]75 return interest;
76 }
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]77 }
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]78 NDN_CXX_UNREACHABLE;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]79 }
80
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]81protected:
Davide Pesavento77c5ce82021-05-07 16:12:02 -0400[diff] [blame]82 InterestSigner m_signer{this->m_keyChain};
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]83};
84
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]85BOOST_FIXTURE_TEST_SUITE(TestValidationPolicyCommandInterest, ValidationPolicyCommandInterestFixture<>)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]86
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]87template<int secs>
88struct GracePeriodSeconds
89{
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]90 static auto
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]91 getOptions()
92 {
93 ValidationPolicyCommandInterest::Options options;
94 options.gracePeriod = time::seconds(secs);
95 return options;
96 }
97};
98
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]99BOOST_AUTO_TEST_SUITE(Accepts)
100
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]101BOOST_AUTO_TEST_CASE(BasicV02)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]102{
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]103 auto i1 = makeCommandInterest(identity, SignedInterestFormat::V02);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]104 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]105 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]106 BOOST_TEST(lastError.getCode() == ValidationError::POLICY_ERROR);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]107
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]108 advanceClocks(5_ms);
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]109 auto i2 = makeCommandInterest(identity, SignedInterestFormat::V02);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]110 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]111
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]112 auto i3 = m_signer.makeCommandInterest(Name(identity.getName()).append("CMD"), signingWithSha256());
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]113 VALIDATE_FAILURE(i3, "Should fail (Sha256 signature violates policy)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]114 BOOST_TEST(lastError.getCode() == ValidationError::POLICY_ERROR);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]115}
116
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]117BOOST_AUTO_TEST_CASE(BasicV03)
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]118{
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]119 auto i1 = makeCommandInterest(identity, SignedInterestFormat::V03);
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]120 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
121 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]122 BOOST_TEST(lastError.getCode() == ValidationError::POLICY_ERROR);
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]123
124 advanceClocks(5_ms);
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]125 auto i2 = makeCommandInterest(identity, SignedInterestFormat::V03);
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]126 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
127
128 Interest i3(Name(identity.getName()).append("CMD"));
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]129 m_signer.makeSignedInterest(i3, signingWithSha256());
130 VALIDATE_FAILURE(i3, "Should fail (Sha256 signature violates policy)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]131 BOOST_TEST(lastError.getCode() == ValidationError::POLICY_ERROR);
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]132}
133
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]134BOOST_AUTO_TEST_CASE(DataPassthrough)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]135{
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]136 Data d1("/Security/ValidatorFixture/Sub1");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]137 m_keyChain.sign(d1);
138 VALIDATE_SUCCESS(d1, "Should succeed (fallback on inner validation policy for data)");
139}
140
Eric Newberry1caa6342020-08-23 19:29:08 -0700[diff] [blame]141using ValidationPolicyAcceptAllCommands = ValidationPolicyCommandInterestFixture<CommandInterestDefaultOptions,
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]142 ValidationPolicyAcceptAll>;
143
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]144BOOST_FIXTURE_TEST_CASE(SignedWithSha256, ValidationPolicyAcceptAllCommands,
145 * ut::description("test for bug #4635"))
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]146{
147 auto i1 = m_signer.makeCommandInterest("/hello/world/CMD", signingWithSha256());
148 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
149 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]150 BOOST_TEST(lastError.getCode() == ValidationError::POLICY_ERROR);
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]151
152 advanceClocks(5_ms);
153 auto i2 = m_signer.makeCommandInterest("/hello/world/CMD", signingWithSha256());
154 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
155}
156
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]157BOOST_AUTO_TEST_SUITE_END() // Accepts
158
159BOOST_AUTO_TEST_SUITE(Rejects)
160
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]161BOOST_AUTO_TEST_CASE(NotSigned)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]162{
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]163 auto i1 = Interest("/short");
164 BOOST_TEST_REQUIRE(i1.getName().size() < signed_interest::MIN_SIZE);
165 VALIDATE_FAILURE(i1, "Should fail (not signed / name too short)");
Davide Pesavento637ea3b2022-09-10 00:11:34 -0400[diff] [blame]166 BOOST_TEST(lastError.getCode() == ValidationError::MALFORMED_SIGNATURE);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]167}
168
169BOOST_AUTO_TEST_CASE(BadSigInfo)
170{
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]171 auto i1 = makeCommandInterest(identity, SignedInterestFormat::V02);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]172 setNameComponent(i1, command_interest::POS_SIG_INFO, "not-SignatureInfo");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]173 BOOST_TEST_REQUIRE(i1.getName().size() >= command_interest::MIN_SIZE);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]174 VALIDATE_FAILURE(i1, "Should fail (signature info is missing)");
Davide Pesavento637ea3b2022-09-10 00:11:34 -0400[diff] [blame]175 BOOST_TEST(lastError.getCode() == ValidationError::MALFORMED_SIGNATURE);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]176}
177
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]178BOOST_AUTO_TEST_CASE(BadTimestampV02)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]179{
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]180 // i1 is a valid signed interest (in v0.2 format) but is not a valid command interest
181 auto i1 = Interest("/short");
182 m_keyChain.sign(i1, signingByIdentity(identity).setSignedInterestFormat(SignedInterestFormat::V02));
183 BOOST_TEST_REQUIRE((i1.getName().size() >= signed_interest::MIN_SIZE &&
184 i1.getName().size() < command_interest::MIN_SIZE));
185 VALIDATE_FAILURE(i1, "Should fail (timestamp is missing)");
186 BOOST_TEST(lastError.getCode() == ValidationError::POLICY_ERROR);
187
188 auto i2 = makeCommandInterest(identity, SignedInterestFormat::V02);
189 setNameComponent(i2, command_interest::POS_TIMESTAMP, "not-timestamp");
190 BOOST_TEST_REQUIRE(i2.getName().size() >= command_interest::MIN_SIZE);
191 VALIDATE_FAILURE(i2, "Should fail (timestamp is malformed)");
192 BOOST_TEST(lastError.getCode() == ValidationError::POLICY_ERROR);
193}
194
195BOOST_AUTO_TEST_CASE(BadTimestampV03)
196{
197 auto i1 = makeCommandInterest(identity, SignedInterestFormat::V03);
198 auto si = i1.getSignatureInfo().value();
Davide Pesaventof6b45892023-03-13 15:00:51 -0400[diff] [blame]199 si.setTime(std::nullopt);
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]200 i1.setSignatureInfo(si);
201 VALIDATE_FAILURE(i1, "Should fail (timestamp is missing)");
202 BOOST_TEST(lastError.getCode() == ValidationError::POLICY_ERROR);
203}
204
205BOOST_AUTO_TEST_CASE(MissingKeyLocatorV02)
206{
207 auto i1 = makeCommandInterest(identity, SignedInterestFormat::V02);
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]208 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]209 setNameComponent(i1, command_interest::POS_SIG_INFO,
210 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
211 VALIDATE_FAILURE(i1, "Should fail (missing KeyLocator)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]212 BOOST_TEST(lastError.getCode() == ValidationError::INVALID_KEY_LOCATOR);
213}
214
215BOOST_AUTO_TEST_CASE(MissingKeyLocatorV03)
216{
217 auto i1 = makeCommandInterest(identity, SignedInterestFormat::V03);
218 auto si = i1.getSignatureInfo().value();
Davide Pesaventof6b45892023-03-13 15:00:51 -0400[diff] [blame]219 si.setKeyLocator(std::nullopt);
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]220 i1.setSignatureInfo(si);
221 VALIDATE_FAILURE(i1, "Should fail (missing KeyLocator)");
222 BOOST_TEST(lastError.getCode() == ValidationError::INVALID_KEY_LOCATOR);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]223}
224
225BOOST_AUTO_TEST_CASE(BadKeyLocatorType)
226{
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]227 auto i1 = makeCommandInterest(identity, SignedInterestFormat::V02);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]228 KeyLocator kl;
Davide Pesaventofbea4fc2022-02-08 07:26:04 -0500[diff] [blame]229 kl.setKeyDigest(makeBinaryBlock(tlv::KeyDigest, {0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD}));
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]230 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa, kl);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]231 setNameComponent(i1, command_interest::POS_SIG_INFO,
232 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
233 VALIDATE_FAILURE(i1, "Should fail (bad KeyLocator type)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]234 BOOST_TEST(lastError.getCode() == ValidationError::INVALID_KEY_LOCATOR);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]235}
236
237BOOST_AUTO_TEST_CASE(BadCertName)
238{
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]239 auto i1 = makeCommandInterest(identity, SignedInterestFormat::V02);
240 SignatureInfo sigInfo(tlv::SignatureSha256WithEcdsa, KeyLocator("/bad/cert/name"));
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]241 setNameComponent(i1, command_interest::POS_SIG_INFO,
242 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
243 VALIDATE_FAILURE(i1, "Should fail (bad certificate name)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]244 BOOST_TEST(lastError.getCode() == ValidationError::INVALID_KEY_LOCATOR);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]245}
246
247BOOST_AUTO_TEST_CASE(InnerPolicyReject)
248{
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]249 auto i1 = makeCommandInterest(otherIdentity, SignedInterestFormat::V02);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]250 VALIDATE_FAILURE(i1, "Should fail (inner policy should reject)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]251 BOOST_TEST(lastError.getCode() == ValidationError::LOOP_DETECTED);
252
253 auto i2 = makeCommandInterest(otherIdentity, SignedInterestFormat::V03);
254 VALIDATE_FAILURE(i2, "Should fail (inner policy should reject)");
255 BOOST_TEST(lastError.getCode() == ValidationError::LOOP_DETECTED);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]256}
257
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]258BOOST_FIXTURE_TEST_CASE(TimestampOutOfGracePositive,
259 ValidationPolicyCommandInterestFixture<GracePeriodSeconds<15>>)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]260{
261 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]262 advanceClocks(16_s); // verifying at +16s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]263 VALIDATE_FAILURE(i1, "Should fail (timestamp outside the grace period)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]264 BOOST_TEST(lastError.getCode() == ValidationError::POLICY_ERROR);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]265 rewindClockAfterValidation();
266
267 auto i2 = makeCommandInterest(identity); // signed at +16s
268 VALIDATE_SUCCESS(i2, "Should succeed");
269}
270
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]271BOOST_FIXTURE_TEST_CASE(TimestampOutOfGraceNegative,
272 ValidationPolicyCommandInterestFixture<GracePeriodSeconds<15>>)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]273{
274 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]275 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]276 auto i2 = makeCommandInterest(identity); // signed at +1s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]277 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]278 auto i3 = makeCommandInterest(identity); // signed at +2s
279
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]280 m_systemClock->advance(-18_s); // verifying at -16s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]281 VALIDATE_FAILURE(i1, "Should fail (timestamp outside the grace period)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]282 BOOST_TEST(lastError.getCode() == ValidationError::POLICY_ERROR);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]283 rewindClockAfterValidation();
284
285 // CommandInterestValidator should not remember i1's timestamp
286 VALIDATE_FAILURE(i2, "Should fail (timestamp outside the grace period)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]287 BOOST_TEST(lastError.getCode() == ValidationError::POLICY_ERROR);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]288 rewindClockAfterValidation();
289
290 // CommandInterestValidator should not remember i2's timestamp, and should treat i3 as initial
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]291 advanceClocks(18_s); // verifying at +2s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]292 VALIDATE_SUCCESS(i3, "Should succeed");
293}
294
295BOOST_AUTO_TEST_CASE(TimestampReorderEqual)
296{
297 auto i1 = makeCommandInterest(identity); // signed at 0s
298 VALIDATE_SUCCESS(i1, "Should succeed");
299
300 auto i2 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]301 setNameComponent(i2, command_interest::POS_TIMESTAMP, i1.getName()[command_interest::POS_TIMESTAMP]);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]302 VALIDATE_FAILURE(i2, "Should fail (timestamp reordered)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]303 BOOST_TEST(lastError.getCode() == ValidationError::POLICY_ERROR);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]304
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]305 advanceClocks(2_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]306 auto i3 = makeCommandInterest(identity); // signed at +2s
307 VALIDATE_SUCCESS(i3, "Should succeed");
308}
309
310BOOST_AUTO_TEST_CASE(TimestampReorderNegative)
311{
312 auto i2 = makeCommandInterest(identity); // signed at 0ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]313 advanceClocks(200_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]314 auto i3 = makeCommandInterest(identity); // signed at +200ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]315 advanceClocks(900_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]316 auto i1 = makeCommandInterest(identity); // signed at +1100ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]317 advanceClocks(300_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]318 auto i4 = makeCommandInterest(identity); // signed at +1400ms
319
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]320 m_systemClock->advance(-300_ms); // verifying at +1100ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]321 VALIDATE_SUCCESS(i1, "Should succeed");
322 rewindClockAfterValidation();
323
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]324 m_systemClock->advance(-1100_ms); // verifying at 0ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]325 VALIDATE_FAILURE(i2, "Should fail (timestamp reordered)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]326 BOOST_TEST(lastError.getCode() == ValidationError::POLICY_ERROR);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]327 rewindClockAfterValidation();
328
329 // CommandInterestValidator should not remember i2's timestamp
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]330 advanceClocks(200_ms); // verifying at +200ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]331 VALIDATE_FAILURE(i3, "Should fail (timestamp reordered)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]332 BOOST_TEST(lastError.getCode() == ValidationError::POLICY_ERROR);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]333 rewindClockAfterValidation();
334
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]335 advanceClocks(1200_ms); // verifying at 1400ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]336 VALIDATE_SUCCESS(i4, "Should succeed");
337}
338
339BOOST_AUTO_TEST_SUITE_END() // Rejects
340
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]341template<ssize_t count>
342struct MaxRecords
343{
344 static auto
345 getOptions()
346 {
347 ValidationPolicyCommandInterest::Options options;
348 options.gracePeriod = 15_s;
349 options.maxRecords = count;
350 return options;
351 }
352};
353
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]354BOOST_AUTO_TEST_SUITE(Options)
355
Davide Pesavento49e1e872023-11-11 00:45:23 -0500[diff] [blame]356using NonPositiveGracePeriods = boost::mp11::mp_list<GracePeriodSeconds<0>, GracePeriodSeconds<-1>>;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]357
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]358BOOST_FIXTURE_TEST_CASE_TEMPLATE(GraceNonPositive, GracePeriod, NonPositiveGracePeriods,
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]359 ValidationPolicyCommandInterestFixture<GracePeriod>)
360{
361 auto i1 = this->makeCommandInterest(this->identity); // signed at 0ms
362 auto i2 = this->makeCommandInterest(this->subIdentity); // signed at 0ms
363 for (auto interest : {&i1, &i2}) {
364 setNameComponent(*interest, command_interest::POS_TIMESTAMP,
365 name::Component::fromNumber(time::toUnixTimestamp(time::system_clock::now()).count()));
366 } // ensure timestamps are exactly 0ms
367
368 VALIDATE_SUCCESS(i1, "Should succeed when validating at 0ms");
369 this->rewindClockAfterValidation();
370
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]371 this->advanceClocks(1_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]372 VALIDATE_FAILURE(i2, "Should fail when validating at 1ms");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]373 BOOST_TEST(this->lastError.getCode() == ValidationError::POLICY_ERROR);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]374}
375
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]376BOOST_FIXTURE_TEST_CASE(LimitedRecords, ValidationPolicyCommandInterestFixture<MaxRecords<3>>)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]377{
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]378 Identity id1 = this->addSubCertificate("/Security/ValidatorFixture/Sub1", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]379 this->cache.insert(id1.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]380 Identity id2 = this->addSubCertificate("/Security/ValidatorFixture/Sub2", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]381 this->cache.insert(id2.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]382 Identity id3 = this->addSubCertificate("/Security/ValidatorFixture/Sub3", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]383 this->cache.insert(id3.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]384 Identity id4 = this->addSubCertificate("/Security/ValidatorFixture/Sub4", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]385 this->cache.insert(id4.getDefaultKey().getDefaultCertificate());
386
387 auto i1 = makeCommandInterest(id2);
388 auto i2 = makeCommandInterest(id3);
389 auto i3 = makeCommandInterest(id4);
390 auto i00 = makeCommandInterest(id1); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]391 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]392 auto i01 = makeCommandInterest(id1); // signed at 1s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]393 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]394 auto i02 = makeCommandInterest(id1); // signed at 2s
395
396 VALIDATE_SUCCESS(i00, "Should succeed");
397 rewindClockAfterValidation();
398
399 VALIDATE_SUCCESS(i02, "Should succeed");
400 rewindClockAfterValidation();
401
402 VALIDATE_SUCCESS(i1, "Should succeed");
403 rewindClockAfterValidation();
404
405 VALIDATE_SUCCESS(i2, "Should succeed");
406 rewindClockAfterValidation();
407
408 VALIDATE_SUCCESS(i3, "Should succeed, forgets identity id1");
409 rewindClockAfterValidation();
410
411 VALIDATE_SUCCESS(i01, "Should succeed despite timestamp is reordered, because record has been evicted");
412}
413
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]414BOOST_FIXTURE_TEST_CASE(UnlimitedRecords, ValidationPolicyCommandInterestFixture<MaxRecords<-1>>)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]415{
416 std::vector<Identity> identities;
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]417 for (size_t i = 0; i < 20; ++i) {
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]418 Identity id = this->addSubCertificate("/Security/ValidatorFixture/Sub" + to_string(i), identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]419 this->cache.insert(id.getDefaultKey().getDefaultCertificate());
420 identities.push_back(id);
421 }
422
423 auto i1 = makeCommandInterest(identities.at(0)); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]424 advanceClocks(1_s);
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]425 for (size_t i = 0; i < 20; ++i) {
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]426 auto i2 = makeCommandInterest(identities.at(i)); // signed at +1s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]427 VALIDATE_SUCCESS(i2, "Should succeed");
428 rewindClockAfterValidation();
429 }
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]430
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]431 VALIDATE_FAILURE(i1, "Should fail (timestamp reorder)");
Davide Pesavento2acce252022-09-08 22:03:03 -0400[diff] [blame]432 BOOST_TEST(lastError.getCode() == ValidationError::POLICY_ERROR);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]433}
434
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]435BOOST_FIXTURE_TEST_CASE(ZeroRecords, ValidationPolicyCommandInterestFixture<MaxRecords<0>>)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]436{
437 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]438 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]439 auto i2 = makeCommandInterest(identity); // signed at +1s
440 VALIDATE_SUCCESS(i2, "Should succeed");
441 rewindClockAfterValidation();
442
443 VALIDATE_SUCCESS(i1, "Should succeed despite timestamp is reordered, because record isn't kept");
444}
445
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]446struct LimitedRecordLifetimeOptions
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]447{
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]448 static auto
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]449 getOptions()
450 {
451 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]452 options.gracePeriod = 400_s;
453 options.recordLifetime = 300_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]454 return options;
455 }
456};
457
458BOOST_FIXTURE_TEST_CASE(LimitedRecordLifetime, ValidationPolicyCommandInterestFixture<LimitedRecordLifetimeOptions>)
459{
460 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]461 advanceClocks(240_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]462 auto i2 = makeCommandInterest(identity); // signed at +240s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]463 advanceClocks(120_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]464 auto i3 = makeCommandInterest(identity); // signed at +360s
465
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]466 m_systemClock->advance(-360_s); // rewind system clock to 0s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]467 VALIDATE_SUCCESS(i1, "Should succeed");
468 rewindClockAfterValidation();
469
470 VALIDATE_SUCCESS(i3, "Should succeed");
471 rewindClockAfterValidation();
472
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]473 advanceClocks(30_s, 301_s); // advance steady clock by 301s, and system clock to +301s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]474 VALIDATE_SUCCESS(i2, "Should succeed despite timestamp is reordered, because record has been expired");
475}
476
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]477struct ZeroRecordLifetimeOptions
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]478{
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]479 static auto
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]480 getOptions()
481 {
482 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]483 options.gracePeriod = 15_s;
Davide Pesavento0c526032024-01-31 21:14:01 -0500[diff] [blame]484 options.recordLifetime = 0_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]485 return options;
486 }
487};
488
489BOOST_FIXTURE_TEST_CASE(ZeroRecordLifetime, ValidationPolicyCommandInterestFixture<ZeroRecordLifetimeOptions>)
490{
491 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]492 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]493 auto i2 = makeCommandInterest(identity); // signed at +1s
494 VALIDATE_SUCCESS(i2, "Should succeed");
495 rewindClockAfterValidation();
496
497 VALIDATE_SUCCESS(i1, "Should succeed despite timestamp is reordered, because record has been expired");
498}
499
500BOOST_AUTO_TEST_SUITE_END() // Options
501
502BOOST_AUTO_TEST_SUITE_END() // TestValidationPolicyCommandInterest
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]503BOOST_AUTO_TEST_SUITE_END() // Security
504
Davide Pesavento47ce2ee2023-05-09 01:33:33 -0400[diff] [blame]505} // namespace ndn::tests