Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 4c1ad4ca650ead94a10c96dacbdf5af876ffbc17 / . / tests / unit / security / validation-policy-config.t.cpp
blob: 38c59864fc2e1a0de00d447aa3578e55b52bfce3 [file] [log] [blame]
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/*
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]3 * Copyright (c) 2013-2020 Regents of the University of California.
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]22#include "ndn-cxx/security/validation-policy-config.hpp"
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame^]23
Davide Pesavento7e780642018-11-24 15:51:34 -0500[diff] [blame]24#include "ndn-cxx/security/transform/base64-encode.hpp"
25#include "ndn-cxx/security/transform/buffer-source.hpp"
26#include "ndn-cxx/security/transform/stream-sink.hpp"
Davide Pesavento7e780642018-11-24 15:51:34 -0500[diff] [blame]27#include "ndn-cxx/util/io.hpp"
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]28
Davide Pesavento7e780642018-11-24 15:51:34 -0500[diff] [blame]29#include "tests/boost-test.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]30#include "tests/unit/security/validator-config/common.hpp"
31#include "tests/unit/security/validator-fixture.hpp"
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]32
33namespace ndn {
34namespace security {
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]35inline namespace v2 {
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]36namespace validator_config {
37namespace tests {
38
39using namespace ndn::tests;
40using namespace ndn::security::v2::tests;
41
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]42BOOST_AUTO_TEST_SUITE(Security)
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]43BOOST_AUTO_TEST_SUITE(TestValidationPolicyConfig)
44
Davide Pesavento0a6456c2019-11-14 00:33:11 -0500[diff] [blame]45BOOST_FIXTURE_TEST_CASE(EmptyConfig, HierarchicalValidatorFixture<ValidationPolicyConfig>)
46{
47 this->policy.load(ConfigSection{}, "<empty>");
48
49 BOOST_CHECK_EQUAL(this->policy.m_isConfigured, true);
50 BOOST_CHECK_EQUAL(this->policy.m_shouldBypass, false);
51 BOOST_CHECK_EQUAL(this->policy.m_dataRules.size(), 0);
52 BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 0);
53
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]54 Data d("/Security/ValidationPolicyConfig/D");
Davide Pesavento0a6456c2019-11-14 00:33:11 -0500[diff] [blame]55 this->m_keyChain.sign(d, signingByIdentity(this->identity));
56 VALIDATE_FAILURE(d, "Empty policy should reject everything");
57
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]58 Interest i("/Security/ValidationPolicyConfig/I");
Eric Newberryb74bbda2020-06-18 19:33:58 -0700[diff] [blame]59 i.setCanBePrefix(false);
Davide Pesavento0a6456c2019-11-14 00:33:11 -0500[diff] [blame]60 this->m_keyChain.sign(i, signingByIdentity(this->identity));
61 VALIDATE_FAILURE(i, "Empty policy should reject everything");
62}
63
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]64template<typename Packet>
65class PacketName;
66
67template<>
68class PacketName<Interest>
69{
70public:
71 static std::string
72 getName()
73 {
74 return "interest";
75 }
76};
77
78template<>
79class PacketName<Data>
80{
81public:
82 static std::string
83 getName()
84 {
85 return "data";
86 }
87};
88
89template<typename PacketType>
90class ValidationPolicyConfigFixture : public HierarchicalValidatorFixture<ValidationPolicyConfig>
91{
92public:
93 ValidationPolicyConfigFixture()
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame^]94 : path(boost::filesystem::path(UNIT_TESTS_TMPDIR) / "security" / "validation-policy-config")
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]95 {
96 boost::filesystem::create_directories(path);
97 baseConfig = R"CONF(
98 rule
99 {
100 id test-rule-id
101 for )CONF" + PacketName<Packet>::getName() + R"CONF(
102 filter
103 {
104 type name
105 name )CONF" + identity.getName().toUri() + R"CONF(
106 relation is-prefix-of
107 }
108 checker
109 {
110 type hierarchical
111 sig-type rsa-sha256
112 }
113 }
114 )CONF";
115 }
116
117 ~ValidationPolicyConfigFixture()
118 {
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame^]119 boost::filesystem::remove_all(path);
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]120 }
121
Davide Pesavento0a6456c2019-11-14 00:33:11 -0500[diff] [blame]122protected:
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]123 using Packet = PacketType;
124
125 const boost::filesystem::path path;
126 std::string baseConfig;
127};
128
129template<typename PacketType>
130class LoadStringWithFileAnchor : public ValidationPolicyConfigFixture<PacketType>
131{
132public:
133 LoadStringWithFileAnchor()
134 {
135 BOOST_CHECK_EQUAL(this->policy.m_isConfigured, false);
136
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame^]137 this->saveIdentityCert(this->identity, (this->path / "identity.ndncert").string());
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]138 this->policy.load(this->baseConfig + R"CONF(
139 trust-anchor
140 {
141 type file
142 file-name "trust-anchor.ndncert"
143 }
144 )CONF", (this->path / "test-config").string());
145
146 BOOST_CHECK_EQUAL(this->policy.m_isConfigured, true);
147 BOOST_CHECK_EQUAL(this->policy.m_shouldBypass, false);
148 }
149};
150
151template<typename PacketType>
152class LoadFileWithFileAnchor : public ValidationPolicyConfigFixture<PacketType>
153{
154public:
155 LoadFileWithFileAnchor()
156 {
157 std::string configFile = (this->path / "config.conf").string();
158 {
Davide Pesavento0a6456c2019-11-14 00:33:11 -0500[diff] [blame]159 std::ofstream config(configFile);
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]160 config << this->baseConfig << R"CONF(
Davide Pesavento0a6456c2019-11-14 00:33:11 -0500[diff] [blame]161 trust-anchor
162 {
163 type file
164 file-name "trust-anchor.ndncert"
165 }
166 )CONF";
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]167 }
Davide Pesavento0a6456c2019-11-14 00:33:11 -0500[diff] [blame]168
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame^]169 this->saveIdentityCert(this->identity, (this->path / "identity.ndncert").string());
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]170
171 BOOST_CHECK_EQUAL(this->policy.m_isConfigured, false);
172
173 this->policy.load(configFile);
174
175 BOOST_CHECK_EQUAL(this->policy.m_isConfigured, true);
176 BOOST_CHECK_EQUAL(this->policy.m_shouldBypass, false);
177 }
178};
179
180template<typename PacketType>
181class LoadSectionWithFileAnchor : public ValidationPolicyConfigFixture<PacketType>
182{
183public:
184 LoadSectionWithFileAnchor()
185 {
186 auto section = makeSection(this->baseConfig + R"CONF(
187 trust-anchor
188 {
189 type file
190 file-name "trust-anchor.ndncert"
191 }
192 )CONF");
193
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame^]194 this->saveIdentityCert(this->identity, (this->path / "identity.ndncert").string());
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]195
196 BOOST_CHECK_EQUAL(this->policy.m_isConfigured, false);
197
198 this->policy.load(section, (this->path / "test-config").string());
199
200 BOOST_CHECK_EQUAL(this->policy.m_isConfigured, true);
201 BOOST_CHECK_EQUAL(this->policy.m_shouldBypass, false);
202 }
203};
204
205template<typename PacketType>
206class LoadStringWithBase64Anchor : public ValidationPolicyConfigFixture<PacketType>
207{
208public:
209 LoadStringWithBase64Anchor()
210 {
211 BOOST_CHECK_EQUAL(this->policy.m_isConfigured, false);
212
213 std::ostringstream os;
Davide Pesavento0a6456c2019-11-14 00:33:11 -0500[diff] [blame]214 {
215 using namespace ndn::security::transform;
216 const auto& cert = this->identity.getDefaultKey().getDefaultCertificate().wireEncode();
217 bufferSource(cert.wire(), cert.size()) >> base64Encode(false) >> streamSink(os);
218 }
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]219
220 this->policy.load(this->baseConfig + R"CONF(
221 trust-anchor
222 {
223 type base64
224 base64-string ")CONF" + os.str() + R"CONF("
225 }
226 )CONF", (this->path / "test-config").string());
227
228 BOOST_CHECK_EQUAL(this->policy.m_isConfigured, true);
229 BOOST_CHECK_EQUAL(this->policy.m_shouldBypass, false);
230 }
231};
232
233class NoRefresh
234{
235public:
236 static std::string
237 getRefreshString()
238 {
239 return "";
240 }
241};
242
243class Refresh1h
244{
245public:
246 static std::string
247 getRefreshString()
248 {
249 return "refresh 1h";
250 }
251
252 static time::milliseconds
253 getRefreshTime()
254 {
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]255 return 1_h;
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]256 }
257};
258
259class Refresh1m
260{
261public:
262 static std::string
263 getRefreshString()
264 {
265 return "refresh 1m";
266 }
267
268 static time::milliseconds
269 getRefreshTime()
270 {
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]271 return 1_min;
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]272 }
273};
274
275class Refresh1s
276{
277public:
278 static std::string
279 getRefreshString()
280 {
281 return "refresh 1s";
282 }
283
284 static time::milliseconds
285 getRefreshTime()
286 {
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]287 return 1_s;
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]288 }
289};
290
291template<typename PacketType, typename Refresh = NoRefresh>
292class LoadStringWithDirAnchor : public ValidationPolicyConfigFixture<PacketType>
293{
294public:
295 LoadStringWithDirAnchor()
296 {
297 BOOST_CHECK_EQUAL(this->policy.m_isConfigured, false);
298
299 boost::filesystem::create_directories(this->path / "keys");
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame^]300 this->saveIdentityCert(this->identity, (this->path / "keys" / "identity.ndncert").string());
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]301
302 this->policy.load(this->baseConfig + R"CONF(
303 trust-anchor
304 {
305 type dir
306 dir keys
307 )CONF" + Refresh::getRefreshString() + R"CONF(
308 }
309 )CONF", (this->path / "test-config").string());
310
311 BOOST_CHECK_EQUAL(this->policy.m_isConfigured, true);
312 BOOST_CHECK_EQUAL(this->policy.m_shouldBypass, false);
313 }
314};
315
316using DataPolicies = boost::mpl::vector<LoadStringWithFileAnchor<Data>,
317 LoadFileWithFileAnchor<Data>,
318 LoadSectionWithFileAnchor<Data>,
319 LoadStringWithBase64Anchor<Data>,
320 LoadStringWithDirAnchor<Data>,
321 LoadStringWithDirAnchor<Data, Refresh1h>,
322 LoadStringWithDirAnchor<Data, Refresh1m>,
323 LoadStringWithDirAnchor<Data, Refresh1s>
324 >;
325
326using InterestPolicies = boost::mpl::vector<LoadStringWithFileAnchor<Interest>,
327 LoadFileWithFileAnchor<Interest>,
328 LoadSectionWithFileAnchor<Interest>,
329 LoadStringWithBase64Anchor<Interest>,
330 LoadStringWithDirAnchor<Interest>,
331 LoadStringWithDirAnchor<Interest, Refresh1h>,
332 LoadStringWithDirAnchor<Interest, Refresh1m>,
333 LoadStringWithDirAnchor<Interest, Refresh1s>
334 >;
335
336BOOST_FIXTURE_TEST_CASE_TEMPLATE(ValidateData, Policy, DataPolicies, Policy)
337{
338 BOOST_CHECK_EQUAL(this->policy.m_dataRules.size(), 1);
339 BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 0);
340
341 using Packet = typename Policy::Packet;
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]342 Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Sub2/Packet");
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]343
344 Packet packet = unsignedPacket;
345 VALIDATE_FAILURE(packet, "Unsigned");
346
347 packet = unsignedPacket;
348 this->m_keyChain.sign(packet, signingWithSha256());
349 VALIDATE_FAILURE(packet, "Policy doesn't accept Sha256Digest signature");
350
351 packet = unsignedPacket;
352 this->m_keyChain.sign(packet, signingByIdentity(this->identity));
353 VALIDATE_SUCCESS(packet, "Should get accepted, as signed by the anchor");
354
355 packet = unsignedPacket;
356 this->m_keyChain.sign(packet, signingByIdentity(this->subIdentity));
357 VALIDATE_SUCCESS(packet, "Should get accepted, as signed by the policy-compliant cert");
358
359 packet = unsignedPacket;
360 this->m_keyChain.sign(packet, signingByIdentity(this->otherIdentity));
361 VALIDATE_FAILURE(packet, "Should fail, as signed by the policy-violating cert");
362
363 packet = unsignedPacket;
364 this->m_keyChain.sign(packet, signingByIdentity(this->subSelfSignedIdentity));
365 VALIDATE_FAILURE(packet, "Should fail, because subSelfSignedIdentity is not a trust anchor");
366}
367
368BOOST_FIXTURE_TEST_CASE_TEMPLATE(ValidateInterest, Policy, InterestPolicies, Policy)
369{
370 BOOST_CHECK_EQUAL(this->policy.m_dataRules.size(), 0);
371 BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 1);
372
373 using Packet = typename Policy::Packet;
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]374 Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Sub2/Packet");
Eric Newberryb74bbda2020-06-18 19:33:58 -0700[diff] [blame]375 // All of the packet types inputed to this test case template are Interests, so we can call
376 // setCanBePrefix
377 unsignedPacket.setCanBePrefix(false);
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]378
379 Packet packet = unsignedPacket;
380 VALIDATE_FAILURE(packet, "Unsigned");
381
382 packet = unsignedPacket;
383 this->m_keyChain.sign(packet, signingWithSha256());
384 VALIDATE_FAILURE(packet, "Policy doesn't accept Sha256Digest signature");
385
386 packet = unsignedPacket;
387 this->m_keyChain.sign(packet, signingByIdentity(this->identity));
388 VALIDATE_SUCCESS(packet, "Should get accepted, as signed by the anchor");
389
390 packet = unsignedPacket;
391 this->m_keyChain.sign(packet, signingByIdentity(this->subIdentity));
392 VALIDATE_FAILURE(packet, "Should fail, as there is no matching rule for data");
393
394 packet = unsignedPacket;
395 this->m_keyChain.sign(packet, signingByIdentity(this->otherIdentity));
396 VALIDATE_FAILURE(packet, "Should fail, as signed by the policy-violating cert");
397
398 packet = unsignedPacket;
399 this->m_keyChain.sign(packet, signingByIdentity(this->subSelfSignedIdentity));
400 VALIDATE_FAILURE(packet, "Should fail, because subSelfSignedIdentity is not a trust anchor");
401}
402
Alexander Afanasyev6aff0242017-08-29 17:14:44 -0400[diff] [blame]403BOOST_FIXTURE_TEST_CASE(Reload, HierarchicalValidatorFixture<ValidationPolicyConfig>)
404{
405 BOOST_CHECK_EQUAL(this->policy.m_isConfigured, false);
406 this->policy.load(R"CONF(
407 rule
408 {
409 id test-rule-data-id
410 for data
411 filter
412 {
413 type name
414 name /foo/bar
415 relation is-prefix-of
416 }
417 checker
418 {
419 type hierarchical
420 sig-type rsa-sha256
421 }
422 }
423 rule
424 {
425 id test-rule-interest-id
426 for interest
427 filter
428 {
429 type name
430 name /foo/bar
431 relation is-prefix-of
432 }
433 checker
434 {
435 type hierarchical
436 sig-type rsa-sha256
437 }
438 }
439 trust-anchor
440 {
441 type dir
442 dir keys
443 refresh 1h
444 }
445 )CONF", "test-config");
446 BOOST_CHECK_EQUAL(this->policy.m_isConfigured, true);
447 BOOST_CHECK_EQUAL(this->policy.m_shouldBypass, false);
448 BOOST_CHECK_EQUAL(this->policy.m_dataRules.size(), 1);
449 BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 1);
450
451 this->policy.load(R"CONF(
452 trust-anchor
453 {
454 type any
455 }
456 )CONF", "test-config");
457 BOOST_CHECK_EQUAL(this->policy.m_isConfigured, true);
458 BOOST_CHECK_EQUAL(this->policy.m_shouldBypass, true);
459 BOOST_CHECK_EQUAL(this->policy.m_dataRules.size(), 0);
460 BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 0);
461}
462
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]463using Packets = boost::mpl::vector<Interest, Data>;
464
465BOOST_FIXTURE_TEST_CASE_TEMPLATE(TrustAnchorWildcard, Packet, Packets, ValidationPolicyConfigFixture<Packet>)
466{
467 this->policy.load(R"CONF(
468 trust-anchor
469 {
470 type any
471 }
472 )CONF", "test-config");
473
474 BOOST_CHECK_EQUAL(this->policy.m_isConfigured, true);
475 BOOST_CHECK_EQUAL(this->policy.m_shouldBypass, true);
476 BOOST_CHECK_EQUAL(this->policy.m_dataRules.size(), 0);
477 BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 0);
478
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]479 Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Sub2/Packet");
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]480
481 Packet packet = unsignedPacket;
482 VALIDATE_SUCCESS(packet, "Policy should accept everything");
483
484 packet = unsignedPacket;
485 this->m_keyChain.sign(packet, signingWithSha256());
486 VALIDATE_SUCCESS(packet, "Policy should accept everything");
487
488 packet = unsignedPacket;
489 this->m_keyChain.sign(packet, signingByIdentity(this->identity));
490 VALIDATE_SUCCESS(packet, "Policy should accept everything");
491
492 packet = unsignedPacket;
493 this->m_keyChain.sign(packet, signingByIdentity(this->subIdentity));
494 VALIDATE_SUCCESS(packet, "Policy should accept everything");
495
496 packet = unsignedPacket;
497 this->m_keyChain.sign(packet, signingByIdentity(this->otherIdentity));
498 VALIDATE_SUCCESS(packet, "Policy should accept everything");
499
500 packet = unsignedPacket;
501 this->m_keyChain.sign(packet, signingByIdentity(this->subSelfSignedIdentity));
502 VALIDATE_SUCCESS(packet, "Policy should accept everything");
503}
504
Alexander Afanasyev6aff0242017-08-29 17:14:44 -0400[diff] [blame]505using RefreshPolicies = boost::mpl::vector<Refresh1h, Refresh1m, Refresh1s>;
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]506
Alexander Afanasyev6aff0242017-08-29 17:14:44 -0400[diff] [blame]507template<typename RefreshPolicy>
508class RefreshPolicyFixture : public LoadStringWithDirAnchor<Data, RefreshPolicy>
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]509{
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]510};
511
Alexander Afanasyev6aff0242017-08-29 17:14:44 -0400[diff] [blame]512BOOST_FIXTURE_TEST_CASE_TEMPLATE(ValidateRefresh, Refresh, RefreshPolicies, RefreshPolicyFixture<Refresh>)
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]513{
514 using Packet = Data;
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]515 Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Sub2/Packet");
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]516
517 boost::filesystem::remove(this->path / "keys" / "identity.ndncert");
Alexander Afanasyev6aff0242017-08-29 17:14:44 -0400[diff] [blame]518 this->advanceClocks(Refresh::getRefreshTime(), 3);
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]519
520 Packet packet = unsignedPacket;
521 this->m_keyChain.sign(packet, signingByIdentity(this->identity));
522 VALIDATE_FAILURE(packet, "Should fail, as the trust anchor should no longer exist");
523
524 packet = unsignedPacket;
525 this->m_keyChain.sign(packet, signingByIdentity(this->subIdentity));
526 VALIDATE_FAILURE(packet, "Should fail, as the trust anchor should no longer exist");
527}
528
Alexander Afanasyev7b112462018-10-17 11:51:52 -0400[diff] [blame]529BOOST_FIXTURE_TEST_CASE(OrphanedPolicyLoad, HierarchicalValidatorFixture<ValidationPolicyConfig>) // Bug #4758
530{
531 ValidationPolicyConfig policy1;
532 BOOST_CHECK_THROW(policy1.load("trust-anchor { type any }", "test-config"), Error);
533
534 // Reloading would have triggered a segfault
535 BOOST_CHECK_THROW(policy1.load("trust-anchor { type any }", "test-config"), Error);
536
537 ValidationPolicyConfig policy2;
538
539 std::string config = R"CONF(
540 trust-anchor
541 {
542 type dir
543 dir keys
544 refresh 1h
545 }
546 )CONF";
547
548 // Inserting trust anchor would have triggered a segfault
549 BOOST_CHECK_THROW(policy2.load(config, "test-config"), Error);
550}
551
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]552BOOST_AUTO_TEST_SUITE_END() // TestValidationPolicyConfig
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]553BOOST_AUTO_TEST_SUITE_END() // Security
554
555} // namespace tests
556} // namespace validator_config
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]557} // inline namespace v2
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]558} // namespace security
559} // namespace ndn