Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 42c2362d8b6013c556c31de42b751256d05a943e / . / tests / unit-tests / security / test-conf-checker.cpp
blob: 9135a50e5d372ab736ccc5259430289ea5e3e3b1 [file] [log] [blame]
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2013-2014 Regents of the University of California.
4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#include "security/conf/checker.hpp"
23#include "security/key-chain.hpp"
24#include "boost-test.hpp"
25
26namespace ndn {
27
28BOOST_AUTO_TEST_SUITE(SecurityTestConfChecker)
29
30void
31interestChecked(const shared_ptr<const Interest>& interest)
32{
33 BOOST_CHECK(true);
34}
35
36void
37interestCheckFailed(const shared_ptr<const Interest>& interest,
38 const std::string& failureInfo)
39{
40 std::cerr << failureInfo << std::endl;
41 BOOST_CHECK(false);
42}
43
44void
45interestCheckedFalse(const shared_ptr<const Interest>& interest)
46{
47 BOOST_CHECK(false);
48}
49
50void
51interestCheckFailedFalse(const shared_ptr<const Interest>& interest,
52 const std::string& failureInfo)
53{
54 BOOST_CHECK(true);
55}
56
57void
58dataChecked(const shared_ptr<const Data>& interest)
59{
60 BOOST_CHECK(true);
61}
62
63void
64dataCheckFailed(const shared_ptr<const Data>& interest,
65 const std::string& failureInfo)
66{
67 std::cerr << failureInfo << std::endl;
68 BOOST_CHECK(false);
69}
70
71void
72dataCheckedFalse(const shared_ptr<const Data>& interest)
73{
74 BOOST_CHECK(false);
75}
76
77void
78dataCheckFailedFalse(const shared_ptr<const Data>& interest,
79 const std::string& failureInfo)
80{
81 BOOST_CHECK(true);
82}
83
84
85BOOST_AUTO_TEST_CASE(CustomizedCheckerTest1)
86{
87 using security::conf::CustomizedChecker;
88 using security::conf::KeyLocatorChecker;
89 using security::conf::RelationKeyLocatorNameChecker;
90
91 KeyChain keyChain("sqlite3", "file");
92
93 Name identity("/SecurityTestConfChecker/CustomizedCheckerTest1");
94 Name certName = keyChain.createIdentity(identity);
95
96 Name identity2("/SecurityTestConfChecker/CustomizedCheckerTest1Wrong");
97 Name certName2 = keyChain.createIdentity(identity2);
98
99 Name packetName("/SecurityTestConfChecker/CustomizedCheckerTest1/Data");
100 shared_ptr<Data> data1 = make_shared<Data>(packetName);
101 keyChain.signByIdentity(*data1, identity);
102
103 shared_ptr<Data> data2 = make_shared<Data>(packetName);
104 keyChain.signByIdentity(*data2, identity2);
105
106 shared_ptr<Interest> interest1 = make_shared<Interest>(packetName);
107 keyChain.signByIdentity(*interest1, identity);
108
109 shared_ptr<Interest> interest2 = make_shared<Interest>(packetName);
110 keyChain.signByIdentity(*interest2, identity2);
111
112 int8_t result = 0;
113
114
115 shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerEqual1 =
116 make_shared<RelationKeyLocatorNameChecker>(certName.getPrefix(-1),
117 KeyLocatorChecker::RELATION_EQUAL);
118 CustomizedChecker checker1(Tlv::SignatureSha256WithRsa, keyLocatorCheckerEqual1);
119
120 result = checker1.check(*data1,
121 bind(dataChecked, _1),
122 bind(dataCheckFailed, _1, _2));
123 BOOST_CHECK_EQUAL(result, 0);
124
125 result = checker1.check(*data2,
126 bind(dataCheckedFalse, _1),
127 bind(dataCheckFailedFalse, _1, _2));
128 BOOST_CHECK_EQUAL(result, -1);
129
130 result = checker1.check(*interest1,
131 bind(interestChecked, _1),
132 bind(interestCheckFailed, _1, _2));
133 BOOST_CHECK_EQUAL(result, 0);
134
135 result = checker1.check(*interest2,
136 bind(interestCheckedFalse, _1),
137 bind(interestCheckFailedFalse, _1, _2));
138 BOOST_CHECK_EQUAL(result, -1);
139
140
141 shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerEqual2 =
142 make_shared<RelationKeyLocatorNameChecker>(identity,
143 KeyLocatorChecker::RELATION_EQUAL);
144 CustomizedChecker checker2(Tlv::SignatureSha256WithRsa, keyLocatorCheckerEqual2);
145
146 result = checker2.check(*data1,
147 bind(dataCheckedFalse, _1),
148 bind(dataCheckFailedFalse, _1, _2));
149 BOOST_CHECK_EQUAL(result, -1);
150
151 result = checker2.check(*interest1,
152 bind(interestCheckedFalse, _1),
153 bind(interestCheckFailedFalse, _1, _2));
154 BOOST_CHECK_EQUAL(result, -1);
155
156
157 shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerPrefix1 =
158 make_shared<RelationKeyLocatorNameChecker>(certName.getPrefix(-1),
159 KeyLocatorChecker::RELATION_IS_PREFIX_OF);
160 CustomizedChecker checker3(Tlv::SignatureSha256WithRsa, keyLocatorCheckerPrefix1);
161
162 result = checker3.check(*data1,
163 bind(dataChecked, _1),
164 bind(dataCheckFailed, _1, _2));
165 BOOST_CHECK_EQUAL(result, 0);
166
167 result = checker3.check(*data2,
168 bind(dataCheckedFalse, _1),
169 bind(dataCheckFailedFalse, _1, _2));
170 BOOST_CHECK_EQUAL(result, -1);
171
172
173 shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerPrefix2 =
174 make_shared<RelationKeyLocatorNameChecker>(identity,
175 KeyLocatorChecker::RELATION_IS_PREFIX_OF);
176 CustomizedChecker checker4(Tlv::SignatureSha256WithRsa, keyLocatorCheckerPrefix2);
177
178 result = checker4.check(*data1,
179 bind(dataChecked, _1),
180 bind(dataCheckFailed, _1, _2));
181 BOOST_CHECK_EQUAL(result, 0);
182
183 result = checker4.check(*data2,
184 bind(dataCheckedFalse, _1),
185 bind(dataCheckFailedFalse, _1, _2));
186 BOOST_CHECK_EQUAL(result, -1);
187
188
189 shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerStrict1 =
190 make_shared<RelationKeyLocatorNameChecker>(certName.getPrefix(-1),
191 KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF);
192 CustomizedChecker checker5(Tlv::SignatureSha256WithRsa, keyLocatorCheckerStrict1);
193
194 result = checker5.check(*data1,
195 bind(dataCheckedFalse, _1),
196 bind(dataCheckFailedFalse, _1, _2));
197 BOOST_CHECK_EQUAL(result, -1);
198
199 result = checker5.check(*data2,
200 bind(dataCheckedFalse, _1),
201 bind(dataCheckFailedFalse, _1, _2));
202 BOOST_CHECK_EQUAL(result, -1);
203
204 shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerStrict2 =
205 make_shared<RelationKeyLocatorNameChecker>(identity,
206 KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF);
207 CustomizedChecker checker6(Tlv::SignatureSha256WithRsa, keyLocatorCheckerStrict2);
208
209 result = checker6.check(*data1,
210 bind(dataCheckedFalse, _1),
211 bind(dataCheckFailedFalse, _1, _2));
212 BOOST_CHECK_EQUAL(result, 0);
213
214 result = checker6.check(*data2,
215 bind(dataCheckedFalse, _1),
216 bind(dataCheckFailedFalse, _1, _2));
217 BOOST_CHECK_EQUAL(result, -1);
218
219
220 keyChain.deleteIdentity(identity);
221 keyChain.deleteIdentity(identity2);
222}
223
224BOOST_AUTO_TEST_CASE(CustomizedCheckerTest2)
225{
226 using security::conf::CustomizedChecker;
227 using security::conf::KeyLocatorChecker;
228 using security::conf::RegexKeyLocatorNameChecker;
229
230 KeyChain keyChain("sqlite3", "file");
231
232 Name identity("/SecurityTestConfChecker/CustomizedCheckerTest2");
233 Name certName = keyChain.createIdentity(identity);
234
235 Name identity2("/SecurityTestConfChecker/CustomizedCheckerTest2Wrong");
236 Name certName2 = keyChain.createIdentity(identity2);
237
238 Name packetName("/SecurityTestConfChecker/CustomizedCheckerTest2/Data");
239 shared_ptr<Data> data1 = make_shared<Data>(packetName);
240 keyChain.signByIdentity(*data1, identity);
241
242 shared_ptr<Data> data2 = make_shared<Data>(packetName);
243 keyChain.signByIdentity(*data2, identity2);
244
245 shared_ptr<Interest> interest1 = make_shared<Interest>(packetName);
246 keyChain.signByIdentity(*interest1, identity);
247
248 shared_ptr<Interest> interest2 = make_shared<Interest>(packetName);
249 keyChain.signByIdentity(*interest2, identity2);
250
251 int8_t result = 0;
252
253
254 shared_ptr<RegexKeyLocatorNameChecker> keyLocatorCheckerRegex1 =
255 make_shared<RegexKeyLocatorNameChecker>(
256 Regex("^<SecurityTestConfChecker><CustomizedCheckerTest2>"));
257 CustomizedChecker checker1(Tlv::SignatureSha256WithRsa, keyLocatorCheckerRegex1);
258
259 result = checker1.check(*data1,
260 bind(dataChecked, _1),
261 bind(dataCheckFailed, _1, _2));
262 BOOST_CHECK_EQUAL(result, 0);
263
264 result = checker1.check(*data2,
265 bind(dataCheckedFalse, _1),
266 bind(dataCheckFailedFalse, _1, _2));
267 BOOST_CHECK_EQUAL(result, -1);
268
269 result = checker1.check(*interest1,
270 bind(interestChecked, _1),
271 bind(interestCheckFailed, _1, _2));
272 BOOST_CHECK_EQUAL(result, 0);
273
274 result = checker1.check(*interest2,
275 bind(interestCheckedFalse, _1),
276 bind(interestCheckFailedFalse, _1, _2));
277 BOOST_CHECK_EQUAL(result, -1);
278
279 keyChain.deleteIdentity(identity);
280 keyChain.deleteIdentity(identity2);
281}
282
283BOOST_AUTO_TEST_CASE(CustomizedCheckerTest3)
284{
285 using security::conf::CustomizedChecker;
286 using security::conf::KeyLocatorChecker;
287 using security::conf::RegexKeyLocatorNameChecker;
288
289 KeyChain keyChain("sqlite3", "file");
290
291 EcdsaKeyParams params;
292
293 Name identity("/SecurityTestConfChecker/CustomizedCheckerTest3");
294 Name certName = keyChain.createIdentity(identity, params);
295
296 Name identity2("/SecurityTestConfChecker/CustomizedCheckerTest3Wrong");
297 Name certName2 = keyChain.createIdentity(identity2, params);
298
299 Name packetName("/SecurityTestConfChecker/CustomizedCheckerTest3/Data");
300 shared_ptr<Data> data1 = make_shared<Data>(packetName);
301 keyChain.signByIdentity(*data1, identity);
302
303 shared_ptr<Data> data2 = make_shared<Data>(packetName);
304 keyChain.signByIdentity(*data2, identity2);
305
306 shared_ptr<Interest> interest1 = make_shared<Interest>(packetName);
307 keyChain.signByIdentity(*interest1, identity);
308
309 shared_ptr<Interest> interest2 = make_shared<Interest>(packetName);
310 keyChain.signByIdentity(*interest2, identity2);
311
312 int8_t result = 0;
313
314
315 shared_ptr<RegexKeyLocatorNameChecker> keyLocatorCheckerRegex1 =
316 make_shared<RegexKeyLocatorNameChecker>(
317 Regex("^<SecurityTestConfChecker><CustomizedCheckerTest3>"));
318 CustomizedChecker checker1(Tlv::SignatureSha256WithEcdsa, keyLocatorCheckerRegex1);
319
320 result = checker1.check(*data1,
321 bind(dataChecked, _1),
322 bind(dataCheckFailed, _1, _2));
323 BOOST_CHECK_EQUAL(result, 0);
324
325 result = checker1.check(*data2,
326 bind(dataCheckedFalse, _1),
327 bind(dataCheckFailedFalse, _1, _2));
328 BOOST_CHECK_EQUAL(result, -1);
329
330 result = checker1.check(*interest1,
331 bind(interestChecked, _1),
332 bind(interestCheckFailed, _1, _2));
333 BOOST_CHECK_EQUAL(result, 0);
334
335 result = checker1.check(*interest2,
336 bind(interestCheckedFalse, _1),
337 bind(interestCheckFailedFalse, _1, _2));
338 BOOST_CHECK_EQUAL(result, -1);
339
340
341 CustomizedChecker checker2(Tlv::SignatureSha256WithRsa, keyLocatorCheckerRegex1);
342
343 result = checker2.check(*data1,
344 bind(dataCheckedFalse, _1),
345 bind(dataCheckFailedFalse, _1, _2));
346 BOOST_CHECK_EQUAL(result, -1);
347
348
349 keyChain.deleteIdentity(identity);
350 keyChain.deleteIdentity(identity2);
351}
352
353BOOST_AUTO_TEST_CASE(HierarchicalCheckerTest1)
354{
355 using security::conf::HierarchicalChecker;
356
357 KeyChain keyChain("sqlite3", "file");
358
359 EcdsaKeyParams params;
360
361 Name identity("/SecurityTestConfChecker/HierarchicalCheckerTest1");
362 Name certName = keyChain.createIdentity(identity, params);
363
364 Name identity2("/SecurityTestConfChecker/HierarchicalCheckerTest1/Data");
365 Name certName2 = keyChain.createIdentity(identity2);
366
367 Name packetName("/SecurityTestConfChecker/HierarchicalCheckerTest1/Data");
368 Name packetName2("/SecurityTestConfChecker");
369 Name packetName3("/SecurityTestConfChecker/HierarchicalCheckerTest1");
370
371 shared_ptr<Data> data1 = make_shared<Data>(packetName);
372 keyChain.signByIdentity(*data1, identity);
373
374 shared_ptr<Data> data2 = make_shared<Data>(packetName2);
375 keyChain.signByIdentity(*data2, identity);
376
377 shared_ptr<Data> data3 = make_shared<Data>(packetName3);
378 keyChain.signByIdentity(*data3, identity);
379
380 shared_ptr<Data> data4 = make_shared<Data>(packetName);
381 keyChain.signByIdentity(*data4, identity2);
382
383 shared_ptr<Data> data5 = make_shared<Data>(packetName2);
384 keyChain.signByIdentity(*data5, identity2);
385
386 shared_ptr<Data> data6 = make_shared<Data>(packetName3);
387 keyChain.signByIdentity(*data6, identity2);
388
389 int8_t result = 0;
390
391 HierarchicalChecker checker1(Tlv::SignatureSha256WithEcdsa);
392
393 result = checker1.check(*data1,
394 bind(dataChecked, _1),
395 bind(dataCheckFailed, _1, _2));
396 BOOST_CHECK_EQUAL(result, 0);
397
398 result = checker1.check(*data2,
399 bind(dataCheckedFalse, _1),
400 bind(dataCheckFailedFalse, _1, _2));
401 BOOST_CHECK_EQUAL(result, -1);
402
403 result = checker1.check(*data3,
404 bind(dataChecked, _1),
405 bind(dataCheckFailed, _1, _2));
406 BOOST_CHECK_EQUAL(result, 0);
407
408 result = checker1.check(*data4,
409 bind(dataCheckedFalse, _1),
410 bind(dataCheckFailedFalse, _1, _2));
411 BOOST_CHECK_EQUAL(result, -1);
412
413 result = checker1.check(*data5,
414 bind(dataCheckedFalse, _1),
415 bind(dataCheckFailedFalse, _1, _2));
416 BOOST_CHECK_EQUAL(result, -1);
417
418 result = checker1.check(*data6,
419 bind(dataCheckedFalse, _1),
420 bind(dataCheckFailedFalse, _1, _2));
421 BOOST_CHECK_EQUAL(result, -1);
422
423
424 HierarchicalChecker checker2(Tlv::SignatureSha256WithRsa);
425
426 result = checker2.check(*data1,
427 bind(dataCheckedFalse, _1),
428 bind(dataCheckFailedFalse, _1, _2));
429 BOOST_CHECK_EQUAL(result, -1);
430
431 result = checker2.check(*data2,
432 bind(dataCheckedFalse, _1),
433 bind(dataCheckFailedFalse, _1, _2));
434 BOOST_CHECK_EQUAL(result, -1);
435
436 result = checker2.check(*data3,
437 bind(dataCheckedFalse, _1),
438 bind(dataCheckFailedFalse, _1, _2));
439 BOOST_CHECK_EQUAL(result, -1);
440
441 result = checker2.check(*data4,
442 bind(dataChecked, _1),
443 bind(dataCheckFailed, _1, _2));
444 BOOST_CHECK_EQUAL(result, 0);
445
446 result = checker2.check(*data5,
447 bind(dataCheckedFalse, _1),
448 bind(dataCheckFailedFalse, _1, _2));
449 BOOST_CHECK_EQUAL(result, -1);
450
451 result = checker2.check(*data6,
452 bind(dataCheckedFalse, _1),
453 bind(dataCheckFailedFalse, _1, _2));
454 BOOST_CHECK_EQUAL(result, -1);
455
456
457 keyChain.deleteIdentity(identity);
458 keyChain.deleteIdentity(identity2);
459}
460
461BOOST_AUTO_TEST_CASE(FixedSignerCheckerTest1)
462{
463 using security::conf::FixedSignerChecker;
464
465 KeyChain keyChain("sqlite3", "file");
466
467 EcdsaKeyParams params;
468
469 Name identity("/SecurityTestConfChecker/FixedSignerCheckerTest1");
470 Name certName = keyChain.createIdentity(identity, params);
471 shared_ptr<IdentityCertificate> cert1 = keyChain.getCertificate(certName);
472
473 Name identity2("/SecurityTestConfChecker/FixedSignerCheckerTest1Wrong");
474 Name certName2 = keyChain.createIdentity(identity2);
475 shared_ptr<IdentityCertificate> cert2 = keyChain.getCertificate(certName2);
476
477 Name packetName("/Test/Data");
478
479 shared_ptr<Data> data1 = make_shared<Data>(packetName);
480 keyChain.signByIdentity(*data1, identity);
481
482 shared_ptr<Data> data2 = make_shared<Data>(packetName);
483 keyChain.signByIdentity(*data2, identity2);
484
485 std::vector<shared_ptr<IdentityCertificate> > certSet1;
486 certSet1.push_back(cert1);
487
488 std::vector<shared_ptr<IdentityCertificate> > certSet2;
489 certSet2.push_back(cert2);
490
491
492 int8_t result = 0;
493
494 FixedSignerChecker checker1(Tlv::SignatureSha256WithEcdsa, certSet1);
495
496 result = checker1.check(*data1,
497 bind(dataChecked, _1),
498 bind(dataCheckFailed, _1, _2));
499 BOOST_CHECK_EQUAL(result, 1);
500
501 result = checker1.check(*data2,
502 bind(dataCheckedFalse, _1),
503 bind(dataCheckFailedFalse, _1, _2));
504 BOOST_CHECK_EQUAL(result, -1);
505
506
507 FixedSignerChecker checker2(Tlv::SignatureSha256WithRsa, certSet1);
508
509 result = checker2.check(*data1,
510 bind(dataCheckedFalse, _1),
511 bind(dataCheckFailedFalse, _1, _2));
512 BOOST_CHECK_EQUAL(result, -1);
513
514 result = checker2.check(*data2,
515 bind(dataCheckedFalse, _1),
516 bind(dataCheckFailedFalse, _1, _2));
517 BOOST_CHECK_EQUAL(result, -1);
518
519
520 FixedSignerChecker checker3(Tlv::SignatureSha256WithEcdsa, certSet2);
521
522 result = checker3.check(*data1,
523 bind(dataCheckedFalse, _1),
524 bind(dataCheckFailedFalse, _1, _2));
525 BOOST_CHECK_EQUAL(result, -1);
526
527 result = checker3.check(*data2,
528 bind(dataCheckedFalse, _1),
529 bind(dataCheckFailedFalse, _1, _2));
530 BOOST_CHECK_EQUAL(result, -1);
531
532
533 FixedSignerChecker checker4(Tlv::SignatureSha256WithRsa, certSet2);
534
535 result = checker4.check(*data1,
536 bind(dataCheckedFalse, _1),
537 bind(dataCheckFailedFalse, _1, _2));
538 BOOST_CHECK_EQUAL(result, -1);
539
540 result = checker4.check(*data2,
541 bind(dataChecked, _1),
542 bind(dataCheckFailed, _1, _2));
543 BOOST_CHECK_EQUAL(result, 1);
544
545
546 keyChain.deleteIdentity(identity);
547 keyChain.deleteIdentity(identity2);
548}
549
550BOOST_AUTO_TEST_SUITE_END()
551
552} // namespace ndn