blob: 6c61085738f400d91896af5f283341ffe3bd66fb [file] [log] [blame]
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/*
Davide Pesavento47ce2ee2023-05-09 01:33:33 -04003 * Copyright (c) 2013-2023 Regents of the University of California.
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -08004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
Alexander Afanasyev09236c22020-06-03 13:42:38 -040022#include "ndn-cxx/security/validator-config/checker.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -040023#include "ndn-cxx/security/validation-policy.hpp"
24#include "ndn-cxx/security/validation-state.hpp"
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080025
Davide Pesavento7e780642018-11-24 15:51:34 -050026#include "tests/boost-test.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -040027#include "tests/unit/security/validator-fixture.hpp"
28#include "tests/unit/security/validator-config/common.hpp"
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080029
Davide Pesavento47ce2ee2023-05-09 01:33:33 -040030namespace ndn::tests {
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080031
Davide Pesavento47ce2ee2023-05-09 01:33:33 -040032using namespace ndn::security::validator_config;
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080033
34BOOST_AUTO_TEST_SUITE(Security)
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080035BOOST_AUTO_TEST_SUITE(ValidatorConfig)
Junxiao Shi5dc75602021-02-19 11:33:00 -070036BOOST_AUTO_TEST_SUITE(TestChecker)
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080037
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -050038class CheckerFixture : public KeyChainFixture
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080039{
40public:
41 CheckerFixture()
42 {
43 names.push_back("/foo/bar");
44 names.push_back("/foo/bar/bar");
45 names.push_back("/foo");
46 names.push_back("/other/prefix");
47 }
48
Davide Pesavento5437aa22019-03-24 14:02:37 -040049 static Name
Junxiao Shi5dc75602021-02-19 11:33:00 -070050 makeKeyLocatorKeyName(const Name& name)
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080051 {
Junxiao Shi5dc75602021-02-19 11:33:00 -070052 static PartialName suffix("KEY/keyid");
53 return Name(name).append(suffix);
54 }
55
56 static Name
57 makeKeyLocatorCertName(const Name& name)
58 {
59 static PartialName suffix("KEY/keyid/issuer/v=1");
60 return Name(name).append(suffix);
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080061 }
62
Junxiao Shi58b9e0f2021-03-18 15:54:07 -060063 template<typename PktType, typename C>
64 static void
Alexander Afanasyev17d4b932021-03-17 17:58:40 -040065 testChecker(C& checker, tlv::SignatureTypeValue sigType, const Name& pktName, const Name& klName, bool expectedOutcome)
Junxiao Shi58b9e0f2021-03-18 15:54:07 -060066 {
67 BOOST_TEST_CONTEXT("pkt=" << pktName << " kl=" << klName) {
68 auto state = PktType::makeState();
Alexander Afanasyev17d4b932021-03-17 17:58:40 -040069 auto result = checker.check(PktType::getType(), sigType, pktName, klName, *state);
Junxiao Shi58b9e0f2021-03-18 15:54:07 -060070 BOOST_CHECK_EQUAL(bool(result), expectedOutcome);
71 BOOST_CHECK(boost::logic::indeterminate(state->getOutcome()));
72 if (!result) {
73 BOOST_CHECK_NE(result.getErrorMessage(), "");
74 }
75 }
76 }
77
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080078public:
79 std::vector<Name> names;
80};
81
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080082class NameRelationEqual : public CheckerFixture
83{
84public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -040085 NameRelationChecker checker{tlv::SignatureSha256WithRsa, "/foo/bar", NameRelation::EQUAL};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080086 std::vector<std::vector<bool>> outcomes = {{true, false, false, false},
87 {true, false, false, false},
88 {true, false, false, false},
89 {true, false, false, false}};
90};
91
92class NameRelationIsPrefixOf : public CheckerFixture
93{
94public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -040095 NameRelationChecker checker{tlv::SignatureSha256WithRsa, "/foo/bar", NameRelation::IS_PREFIX_OF};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080096 std::vector<std::vector<bool>> outcomes = {{true, true, false, false},
97 {true, true, false, false},
98 {true, true, false, false},
99 {true, true, false, false}};
100};
101
102class NameRelationIsStrictPrefixOf : public CheckerFixture
103{
104public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400105 NameRelationChecker checker{tlv::SignatureSha256WithRsa, "/foo/bar", NameRelation::IS_STRICT_PREFIX_OF};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800106 std::vector<std::vector<bool>> outcomes = {{false, true, false, false},
107 {false, true, false, false},
108 {false, true, false, false},
109 {false, true, false, false}};
110};
111
112class RegexEqual : public CheckerFixture
113{
114public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400115 RegexChecker checker{tlv::SignatureSha256WithRsa, Regex("^<foo><bar><KEY><>{1,3}$")};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800116 std::vector<std::vector<bool>> outcomes = {{true, false, false, false},
117 {true, false, false, false},
118 {true, false, false, false},
119 {true, false, false, false}};
120};
121
122class RegexIsPrefixOf : public CheckerFixture
123{
124public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400125 RegexChecker checker{tlv::SignatureSha256WithRsa, Regex("^<foo><bar><>*<KEY><>{1,3}$")};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800126 std::vector<std::vector<bool>> outcomes = {{true, true, false, false},
127 {true, true, false, false},
128 {true, true, false, false},
129 {true, true, false, false}};
130};
131
132class RegexIsStrictPrefixOf : public CheckerFixture
133{
134public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400135 RegexChecker checker{tlv::SignatureSha256WithRsa, Regex("^<foo><bar><>+<KEY><>{1,3}$")};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800136 std::vector<std::vector<bool>> outcomes = {{false, true, false, false},
137 {false, true, false, false},
138 {false, true, false, false},
139 {false, true, false, false}};
140};
141
142class HyperRelationEqual : public CheckerFixture
143{
144public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400145 HyperRelationChecker checker{tlv::SignatureSha256WithRsa,
146 "^(<>+)$", "\\1", "^(<>+)<KEY><>{1,3}$", "\\1", NameRelation::EQUAL};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800147 std::vector<std::vector<bool>> outcomes = {{true, false, false, false},
148 {false, true, false, false},
149 {false, false, true, false},
150 {false, false, false, true}};
151};
152
153class HyperRelationIsPrefixOf : public CheckerFixture
154{
155public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400156 HyperRelationChecker checker{tlv::SignatureSha256WithRsa,
157 "^(<>+)$", "\\1", "^(<>+)<KEY><>{1,3}$", "\\1", NameRelation::IS_PREFIX_OF};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800158 std::vector<std::vector<bool>> outcomes = {{true, false, true, false},
159 {true, true, true, false},
160 {false, false, true, false},
161 {false, false, false, true}};
162};
163
164class HyperRelationIsStrictPrefixOf : public CheckerFixture
165{
166public:
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400167 HyperRelationChecker checker{tlv::SignatureSha256WithRsa,
168 "^(<>+)$", "\\1", "^(<>+)<KEY><>{1,3}$", "\\1", NameRelation::IS_STRICT_PREFIX_OF};
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800169 std::vector<std::vector<bool>> outcomes = {{false, false, true, false},
170 {true, false, true, false},
171 {false, false, false, false},
172 {false, false, false, false}};
173};
174
175class Hierarchical : public CheckerFixture
176{
177public:
178 Hierarchical()
179 : checkerPtr(Checker::create(makeSection(R"CONF(
180 type hierarchical
181 sig-type rsa-sha256
182 )CONF"), "test-config"))
183 , checker(*checkerPtr)
184 {
185 }
186
187public:
188 std::unique_ptr<Checker> checkerPtr;
189 Checker& checker;
190
191 std::vector<std::vector<bool>> outcomes = {{true, false, true, false},
192 {true, true, true, false},
193 {false, false, true, false},
194 {false, false, false, true}};
195};
196
197class CustomizedNameRelation : public CheckerFixture
198{
199public:
200 CustomizedNameRelation()
201 : checkerPtr(Checker::create(makeSection(R"CONF(
202 type customized
203 sig-type rsa-sha256
204 key-locator
205 {
206 type name
207 name /foo/bar
208 relation equal
209 }
210 )CONF"), "test-config"))
211 , checker(*checkerPtr)
212 {
213 }
214
215public:
216 std::unique_ptr<Checker> checkerPtr;
217 Checker& checker;
218
219 std::vector<std::vector<bool>> outcomes = {{true, false, false, false},
220 {true, false, false, false},
221 {true, false, false, false},
222 {true, false, false, false}};
223};
224
225class CustomizedRegex : public CheckerFixture
226{
227public:
228 CustomizedRegex()
229 : checkerPtr(Checker::create(makeSection(R"CONF(
230 type customized
231 sig-type rsa-sha256
232 key-locator
233 {
234 type name
Junxiao Shi5dc75602021-02-19 11:33:00 -0700235 regex ^<foo><bar><KEY><>{1,3}$
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800236 }
237 )CONF"), "test-config"))
238 , checker(*checkerPtr)
239 {
240 }
241
242public:
243 std::unique_ptr<Checker> checkerPtr;
244 Checker& checker;
245
246 std::vector<std::vector<bool>> outcomes = {{true, false, false, false},
247 {true, false, false, false},
248 {true, false, false, false},
249 {true, false, false, false}};
250};
251
252class CustomizedHyperRelation : public CheckerFixture
253{
254public:
255 CustomizedHyperRelation()
256 : checkerPtr(Checker::create(makeSection(R"CONF(
257 type customized
258 sig-type rsa-sha256
259 key-locator
260 {
261 type name
262 hyper-relation
263 {
Junxiao Shi5dc75602021-02-19 11:33:00 -0700264 k-regex ^(<>+)<KEY><>{1,3}$
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800265 k-expand \\1
266 h-relation is-prefix-of
267 p-regex ^(<>+)$
268 p-expand \\1
269 }
270 }
271 )CONF"), "test-config"))
272 , checker(*checkerPtr)
273 {
274 }
275
276public:
277 std::unique_ptr<Checker> checkerPtr;
278 Checker& checker;
279
280 std::vector<std::vector<bool>> outcomes = {{true, false, true, false},
281 {true, true, true, false},
282 {false, false, true, false},
283 {false, false, false, true}};
284};
285
Junxiao Shi5dc75602021-02-19 11:33:00 -0700286using CheckerFixtures = boost::mpl::vector<
287 NameRelationEqual,
288 NameRelationIsPrefixOf,
289 NameRelationIsStrictPrefixOf,
290 RegexEqual,
291 RegexIsPrefixOf,
292 RegexIsStrictPrefixOf,
293 HyperRelationEqual,
294 HyperRelationIsPrefixOf,
295 HyperRelationIsStrictPrefixOf,
296 Hierarchical,
297 CustomizedNameRelation,
298 CustomizedRegex,
299 CustomizedHyperRelation
300>;
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800301
Junxiao Shi5dc75602021-02-19 11:33:00 -0700302// Cartesian product of [DataPkt, InterestV02Pkt, InterestV03Pkt] and CheckerFixtures.
303// Each element is a boost::mpl::pair<PktType, CheckerFixture>.
304using Tests = boost::mpl::fold<
305 CheckerFixtures,
306 boost::mpl::vector<>,
307 boost::mpl::push_back<boost::mpl::push_back<boost::mpl::push_back<boost::mpl::_1,
308 boost::mpl::pair<DataPkt, boost::mpl::_2>>,
309 boost::mpl::pair<InterestV02Pkt, boost::mpl::_2>>,
310 boost::mpl::pair<InterestV03Pkt, boost::mpl::_2>>
311>::type;
312
313BOOST_FIXTURE_TEST_CASE_TEMPLATE(Checks, T, Tests, T::second)
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800314{
Junxiao Shi5dc75602021-02-19 11:33:00 -0700315 using PktType = typename T::first;
Davide Pesavento5437aa22019-03-24 14:02:37 -0400316
317 BOOST_REQUIRE_EQUAL(this->outcomes.size(), this->names.size());
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800318 for (size_t i = 0; i < this->names.size(); ++i) {
Davide Pesavento5437aa22019-03-24 14:02:37 -0400319 BOOST_REQUIRE_EQUAL(this->outcomes[i].size(), this->names.size());
Junxiao Shi58b9e0f2021-03-18 15:54:07 -0600320
321 auto pktName = PktType::makeName(this->names[i], this->m_keyChain);
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800322 for (size_t j = 0; j < this->names.size(); ++j) {
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800323 bool expectedOutcome = this->outcomes[i][j];
324
Junxiao Shi58b9e0f2021-03-18 15:54:07 -0600325 auto klName = this->makeKeyLocatorKeyName(this->names[j]);
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400326 this->template testChecker<PktType>(this->checker, tlv::SignatureSha256WithRsa, pktName, klName, expectedOutcome);
327 this->template testChecker<PktType>(this->checker, tlv::SignatureSha256WithEcdsa, pktName, klName, false);
328
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800329
Junxiao Shi58b9e0f2021-03-18 15:54:07 -0600330 klName = this->makeKeyLocatorCertName(this->names[j]);
Alexander Afanasyev17d4b932021-03-17 17:58:40 -0400331 this->template testChecker<PktType>(this->checker, tlv::SignatureSha256WithRsa, pktName, klName, expectedOutcome);
332 this->template testChecker<PktType>(this->checker, tlv::SignatureSha256WithEcdsa, pktName, klName, false);
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800333 }
334 }
335}
336
337BOOST_AUTO_TEST_SUITE_END() // TestChecker
338BOOST_AUTO_TEST_SUITE_END() // ValidatorConfig
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800339BOOST_AUTO_TEST_SUITE_END() // Security
340
Davide Pesavento47ce2ee2023-05-09 01:33:33 -0400341} // namespace ndn::tests