Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 3f13f35987a006edf60a5c8b529c995d7f4d4c32 / . / tests / unit / security / validation-policy-command-interest.t.cpp
blob: 478b2d5704fcbce749a94001b17540485142e703 [file] [log] [blame]
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Junxiao Shi2bea5c42017-08-14 20:10:32 +0000[diff] [blame]2/*
Davide Pesavento77c5ce82021-05-07 16:12:02 -0400[diff] [blame]3 * Copyright (c) 2013-2021 Regents of the University of California.
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]22#include "ndn-cxx/security/validation-policy-command-interest.hpp"
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]23
Davide Pesavento77c5ce82021-05-07 16:12:02 -0400[diff] [blame]24#include "ndn-cxx/security/interest-signer.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]25#include "ndn-cxx/security/validation-policy-accept-all.hpp"
26#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]27
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]28#include "tests/test-common.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]29#include "tests/unit/security/validator-fixture.hpp"
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]30
31#include <boost/lexical_cast.hpp>
32#include <boost/mpl/vector.hpp>
33
34namespace ndn {
35namespace security {
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]36inline namespace v2 {
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]37namespace tests {
38
39using namespace ndn::tests;
40
41BOOST_AUTO_TEST_SUITE(Security)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]42
Eric Newberry1caa6342020-08-23 19:29:08 -0700[diff] [blame]43class CommandInterestDefaultOptions
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]44{
45public:
46 static ValidationPolicyCommandInterest::Options
47 getOptions()
48 {
49 return {};
50 }
51};
52
53template<class T, class InnerPolicy>
54class CommandInterestPolicyWrapper : public ValidationPolicyCommandInterest
55{
56public:
57 CommandInterestPolicyWrapper()
58 : ValidationPolicyCommandInterest(make_unique<InnerPolicy>(), T::getOptions())
59 {
60 }
61};
62
63template<class T, class InnerPolicy = ValidationPolicySimpleHierarchy>
64class ValidationPolicyCommandInterestFixture : public HierarchicalValidatorFixture<CommandInterestPolicyWrapper<T, InnerPolicy>>
65{
66public:
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]67 Interest
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]68 makeCommandInterest(const Identity& identity, bool wantV3 = false)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]69 {
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]70 if (wantV3) {
71 Interest i(Name(identity.getName()).append("CMD"));
72 i.setCanBePrefix(false);
73 m_signer.makeSignedInterest(i, signingByIdentity(identity));
74 return i;
75 }
76 else {
77 return m_signer.makeCommandInterest(Name(identity.getName()).append("CMD"),
78 signingByIdentity(identity));
79 }
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]80 }
81
82public:
Davide Pesavento77c5ce82021-05-07 16:12:02 -0400[diff] [blame]83 InterestSigner m_signer{this->m_keyChain};
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]84};
85
Eric Newberry1caa6342020-08-23 19:29:08 -0700[diff] [blame]86BOOST_FIXTURE_TEST_SUITE(TestValidationPolicyCommandInterest,
87 ValidationPolicyCommandInterestFixture<CommandInterestDefaultOptions>)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]88
89BOOST_AUTO_TEST_SUITE(Accepts)
90
91BOOST_AUTO_TEST_CASE(Basic)
92{
93 auto i1 = makeCommandInterest(identity);
94 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]95 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]96
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]97 advanceClocks(5_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]98 auto i2 = makeCommandInterest(identity);
99 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]100
101 auto i3 = m_signer.makeCommandInterest(Name(identity.getName()).append("CMD"), signingWithSha256());
102 VALIDATE_FAILURE(i3, "Should fail (Sha256 signature violates policy)");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]103}
104
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]105BOOST_AUTO_TEST_CASE(BasicV3)
106{
107 auto i1 = makeCommandInterest(identity, true);
108 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
109 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
110
111 advanceClocks(5_ms);
112 auto i2 = makeCommandInterest(identity, true);
113 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
114
115 Interest i3(Name(identity.getName()).append("CMD"));
116 i3.setCanBePrefix(false);
117 m_signer.makeSignedInterest(i3, signingWithSha256());
118 VALIDATE_FAILURE(i3, "Should fail (Sha256 signature violates policy)");
119}
120
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]121BOOST_AUTO_TEST_CASE(DataPassthru)
122{
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]123 Data d1("/Security/ValidatorFixture/Sub1");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]124 m_keyChain.sign(d1);
125 VALIDATE_SUCCESS(d1, "Should succeed (fallback on inner validation policy for data)");
126}
127
Eric Newberry1caa6342020-08-23 19:29:08 -0700[diff] [blame]128using ValidationPolicyAcceptAllCommands = ValidationPolicyCommandInterestFixture<CommandInterestDefaultOptions,
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]129 ValidationPolicyAcceptAll>;
130
131BOOST_FIXTURE_TEST_CASE(SignedWithSha256, ValidationPolicyAcceptAllCommands) // Bug 4635
132{
133 auto i1 = m_signer.makeCommandInterest("/hello/world/CMD", signingWithSha256());
134 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
135 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
136
137 advanceClocks(5_ms);
138 auto i2 = m_signer.makeCommandInterest("/hello/world/CMD", signingWithSha256());
139 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
140}
141
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]142BOOST_AUTO_TEST_SUITE_END() // Accepts
143
144BOOST_AUTO_TEST_SUITE(Rejects)
145
146BOOST_AUTO_TEST_CASE(NameTooShort)
147{
148 auto i1 = makeInterest("/name/too/short");
149 VALIDATE_FAILURE(*i1, "Should fail (name is too short)");
150}
151
152BOOST_AUTO_TEST_CASE(BadTimestamp)
153{
154 auto i1 = makeCommandInterest(identity);
155 setNameComponent(i1, command_interest::POS_TIMESTAMP, "not-timestamp");
156 VALIDATE_FAILURE(i1, "Should fail (timestamp is missing)");
157}
158
159BOOST_AUTO_TEST_CASE(BadSigInfo)
160{
161 auto i1 = makeCommandInterest(identity);
162 setNameComponent(i1, command_interest::POS_SIG_INFO, "not-SignatureInfo");
163 VALIDATE_FAILURE(i1, "Should fail (signature info is missing)");
164}
165
166BOOST_AUTO_TEST_CASE(MissingKeyLocator)
167{
168 auto i1 = makeCommandInterest(identity);
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]169 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]170 setNameComponent(i1, command_interest::POS_SIG_INFO,
171 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
172 VALIDATE_FAILURE(i1, "Should fail (missing KeyLocator)");
173}
174
175BOOST_AUTO_TEST_CASE(BadKeyLocatorType)
176{
177 auto i1 = makeCommandInterest(identity);
178 KeyLocator kl;
179 kl.setKeyDigest(makeBinaryBlock(tlv::KeyDigest, "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD", 8));
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]180 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]181 sigInfo.setKeyLocator(kl);
182 setNameComponent(i1, command_interest::POS_SIG_INFO,
183 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
184 VALIDATE_FAILURE(i1, "Should fail (bad KeyLocator type)");
185}
186
187BOOST_AUTO_TEST_CASE(BadCertName)
188{
189 auto i1 = makeCommandInterest(identity);
190 KeyLocator kl;
191 kl.setName("/bad/cert/name");
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]192 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]193 sigInfo.setKeyLocator(kl);
194 setNameComponent(i1, command_interest::POS_SIG_INFO,
195 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
196 VALIDATE_FAILURE(i1, "Should fail (bad certificate name)");
197}
198
199BOOST_AUTO_TEST_CASE(InnerPolicyReject)
200{
201 auto i1 = makeCommandInterest(otherIdentity);
202 VALIDATE_FAILURE(i1, "Should fail (inner policy should reject)");
203}
204
205class GracePeriod15Sec
206{
207public:
208 static ValidationPolicyCommandInterest::Options
209 getOptions()
210 {
211 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]212 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]213 return options;
214 }
215};
216
217BOOST_FIXTURE_TEST_CASE(TimestampOutOfGracePositive, ValidationPolicyCommandInterestFixture<GracePeriod15Sec>)
218{
219 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]220 advanceClocks(16_s); // verifying at +16s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]221 VALIDATE_FAILURE(i1, "Should fail (timestamp outside the grace period)");
222 rewindClockAfterValidation();
223
224 auto i2 = makeCommandInterest(identity); // signed at +16s
225 VALIDATE_SUCCESS(i2, "Should succeed");
226}
227
228BOOST_FIXTURE_TEST_CASE(TimestampOutOfGraceNegative, ValidationPolicyCommandInterestFixture<GracePeriod15Sec>)
229{
230 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]231 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]232 auto i2 = makeCommandInterest(identity); // signed at +1s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]233 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]234 auto i3 = makeCommandInterest(identity); // signed at +2s
235
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]236 m_systemClock->advance(-18_s); // verifying at -16s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]237 VALIDATE_FAILURE(i1, "Should fail (timestamp outside the grace period)");
238 rewindClockAfterValidation();
239
240 // CommandInterestValidator should not remember i1's timestamp
241 VALIDATE_FAILURE(i2, "Should fail (timestamp outside the grace period)");
242 rewindClockAfterValidation();
243
244 // CommandInterestValidator should not remember i2's timestamp, and should treat i3 as initial
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]245 advanceClocks(18_s); // verifying at +2s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]246 VALIDATE_SUCCESS(i3, "Should succeed");
247}
248
249BOOST_AUTO_TEST_CASE(TimestampReorderEqual)
250{
251 auto i1 = makeCommandInterest(identity); // signed at 0s
252 VALIDATE_SUCCESS(i1, "Should succeed");
253
254 auto i2 = makeCommandInterest(identity); // signed at 0s
255 setNameComponent(i2, command_interest::POS_TIMESTAMP,
256 i1.getName()[command_interest::POS_TIMESTAMP]);
257 VALIDATE_FAILURE(i2, "Should fail (timestamp reordered)");
258
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]259 advanceClocks(2_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]260 auto i3 = makeCommandInterest(identity); // signed at +2s
261 VALIDATE_SUCCESS(i3, "Should succeed");
262}
263
264BOOST_AUTO_TEST_CASE(TimestampReorderNegative)
265{
266 auto i2 = makeCommandInterest(identity); // signed at 0ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]267 advanceClocks(200_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]268 auto i3 = makeCommandInterest(identity); // signed at +200ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]269 advanceClocks(900_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]270 auto i1 = makeCommandInterest(identity); // signed at +1100ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]271 advanceClocks(300_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]272 auto i4 = makeCommandInterest(identity); // signed at +1400ms
273
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]274 m_systemClock->advance(-300_ms); // verifying at +1100ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]275 VALIDATE_SUCCESS(i1, "Should succeed");
276 rewindClockAfterValidation();
277
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]278 m_systemClock->advance(-1100_ms); // verifying at 0ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]279 VALIDATE_FAILURE(i2, "Should fail (timestamp reordered)");
280 rewindClockAfterValidation();
281
282 // CommandInterestValidator should not remember i2's timestamp
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]283 advanceClocks(200_ms); // verifying at +200ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]284 VALIDATE_FAILURE(i3, "Should fail (timestamp reordered)");
285 rewindClockAfterValidation();
286
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]287 advanceClocks(1200_ms); // verifying at 1400ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]288 VALIDATE_SUCCESS(i4, "Should succeed");
289}
290
291BOOST_AUTO_TEST_SUITE_END() // Rejects
292
293BOOST_AUTO_TEST_SUITE(Options)
294
295template<class T>
296class GracePeriod
297{
298public:
299 static ValidationPolicyCommandInterest::Options
300 getOptions()
301 {
302 ValidationPolicyCommandInterest::Options options;
303 options.gracePeriod = time::seconds(T::value);
304 return options;
305 }
306};
307
308typedef boost::mpl::vector<
309 GracePeriod<boost::mpl::int_<0>>,
310 GracePeriod<boost::mpl::int_<-1>>
311> GraceNonPositiveValues;
312
313BOOST_FIXTURE_TEST_CASE_TEMPLATE(GraceNonPositive, GracePeriod, GraceNonPositiveValues,
314 ValidationPolicyCommandInterestFixture<GracePeriod>)
315{
316 auto i1 = this->makeCommandInterest(this->identity); // signed at 0ms
317 auto i2 = this->makeCommandInterest(this->subIdentity); // signed at 0ms
318 for (auto interest : {&i1, &i2}) {
319 setNameComponent(*interest, command_interest::POS_TIMESTAMP,
320 name::Component::fromNumber(time::toUnixTimestamp(time::system_clock::now()).count()));
321 } // ensure timestamps are exactly 0ms
322
323 VALIDATE_SUCCESS(i1, "Should succeed when validating at 0ms");
324 this->rewindClockAfterValidation();
325
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]326 this->advanceClocks(1_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]327 VALIDATE_FAILURE(i2, "Should fail when validating at 1ms");
328}
329
330class LimitedRecordsOptions
331{
332public:
333 static ValidationPolicyCommandInterest::Options
334 getOptions()
335 {
336 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]337 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]338 options.maxRecords = 3;
339 return options;
340 }
341};
342
343BOOST_FIXTURE_TEST_CASE(LimitedRecords, ValidationPolicyCommandInterestFixture<LimitedRecordsOptions>)
344{
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]345 Identity id1 = this->addSubCertificate("/Security/ValidatorFixture/Sub1", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]346 this->cache.insert(id1.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]347 Identity id2 = this->addSubCertificate("/Security/ValidatorFixture/Sub2", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]348 this->cache.insert(id2.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]349 Identity id3 = this->addSubCertificate("/Security/ValidatorFixture/Sub3", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]350 this->cache.insert(id3.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]351 Identity id4 = this->addSubCertificate("/Security/ValidatorFixture/Sub4", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]352 this->cache.insert(id4.getDefaultKey().getDefaultCertificate());
353
354 auto i1 = makeCommandInterest(id2);
355 auto i2 = makeCommandInterest(id3);
356 auto i3 = makeCommandInterest(id4);
357 auto i00 = makeCommandInterest(id1); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]358 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]359 auto i01 = makeCommandInterest(id1); // signed at 1s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]360 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]361 auto i02 = makeCommandInterest(id1); // signed at 2s
362
363 VALIDATE_SUCCESS(i00, "Should succeed");
364 rewindClockAfterValidation();
365
366 VALIDATE_SUCCESS(i02, "Should succeed");
367 rewindClockAfterValidation();
368
369 VALIDATE_SUCCESS(i1, "Should succeed");
370 rewindClockAfterValidation();
371
372 VALIDATE_SUCCESS(i2, "Should succeed");
373 rewindClockAfterValidation();
374
375 VALIDATE_SUCCESS(i3, "Should succeed, forgets identity id1");
376 rewindClockAfterValidation();
377
378 VALIDATE_SUCCESS(i01, "Should succeed despite timestamp is reordered, because record has been evicted");
379}
380
381class UnlimitedRecordsOptions
382{
383public:
384 static ValidationPolicyCommandInterest::Options
385 getOptions()
386 {
387 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]388 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]389 options.maxRecords = -1;
390 return options;
391 }
392};
393
394BOOST_FIXTURE_TEST_CASE(UnlimitedRecords, ValidationPolicyCommandInterestFixture<UnlimitedRecordsOptions>)
395{
396 std::vector<Identity> identities;
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]397 for (size_t i = 0; i < 20; ++i) {
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]398 Identity id = this->addSubCertificate("/Security/ValidatorFixture/Sub" + to_string(i), identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]399 this->cache.insert(id.getDefaultKey().getDefaultCertificate());
400 identities.push_back(id);
401 }
402
403 auto i1 = makeCommandInterest(identities.at(0)); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]404 advanceClocks(1_s);
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]405 for (size_t i = 0; i < 20; ++i) {
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]406 auto i2 = makeCommandInterest(identities.at(i)); // signed at +1s
407
408 VALIDATE_SUCCESS(i2, "Should succeed");
409 rewindClockAfterValidation();
410 }
411 VALIDATE_FAILURE(i1, "Should fail (timestamp reorder)");
412}
413
414class ZeroRecordsOptions
415{
416public:
417 static ValidationPolicyCommandInterest::Options
418 getOptions()
419 {
420 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]421 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]422 options.maxRecords = 0;
423 return options;
424 }
425};
426
427BOOST_FIXTURE_TEST_CASE(ZeroRecords, ValidationPolicyCommandInterestFixture<ZeroRecordsOptions>)
428{
429 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]430 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]431 auto i2 = makeCommandInterest(identity); // signed at +1s
432 VALIDATE_SUCCESS(i2, "Should succeed");
433 rewindClockAfterValidation();
434
435 VALIDATE_SUCCESS(i1, "Should succeed despite timestamp is reordered, because record isn't kept");
436}
437
438class LimitedRecordLifetimeOptions
439{
440public:
441 static ValidationPolicyCommandInterest::Options
442 getOptions()
443 {
444 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]445 options.gracePeriod = 400_s;
446 options.recordLifetime = 300_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]447 return options;
448 }
449};
450
451BOOST_FIXTURE_TEST_CASE(LimitedRecordLifetime, ValidationPolicyCommandInterestFixture<LimitedRecordLifetimeOptions>)
452{
453 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]454 advanceClocks(240_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]455 auto i2 = makeCommandInterest(identity); // signed at +240s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]456 advanceClocks(120_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]457 auto i3 = makeCommandInterest(identity); // signed at +360s
458
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]459 m_systemClock->advance(-360_s); // rewind system clock to 0s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]460 VALIDATE_SUCCESS(i1, "Should succeed");
461 rewindClockAfterValidation();
462
463 VALIDATE_SUCCESS(i3, "Should succeed");
464 rewindClockAfterValidation();
465
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]466 advanceClocks(30_s, 301_s); // advance steady clock by 301s, and system clock to +301s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]467 VALIDATE_SUCCESS(i2, "Should succeed despite timestamp is reordered, because record has been expired");
468}
469
470class ZeroRecordLifetimeOptions
471{
472public:
473 static ValidationPolicyCommandInterest::Options
474 getOptions()
475 {
476 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]477 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]478 options.recordLifetime = time::seconds::zero();
479 return options;
480 }
481};
482
483BOOST_FIXTURE_TEST_CASE(ZeroRecordLifetime, ValidationPolicyCommandInterestFixture<ZeroRecordLifetimeOptions>)
484{
485 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]486 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]487 auto i2 = makeCommandInterest(identity); // signed at +1s
488 VALIDATE_SUCCESS(i2, "Should succeed");
489 rewindClockAfterValidation();
490
491 VALIDATE_SUCCESS(i1, "Should succeed despite timestamp is reordered, because record has been expired");
492}
493
494BOOST_AUTO_TEST_SUITE_END() // Options
495
496BOOST_AUTO_TEST_SUITE_END() // TestValidationPolicyCommandInterest
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]497BOOST_AUTO_TEST_SUITE_END() // Security
498
499} // namespace tests
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]500} // inline namespace v2
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]501} // namespace security
502} // namespace ndn