blob: a44ddfbd3fef2f9fe32dbe57c6c1258c9e8800c4 [file] [log] [blame]
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Davide Pesavento0f830802018-01-16 23:58:58 -05002/*
Davide Pesaventof6b45892023-03-13 15:00:51 -04003 * Copyright (c) 2013-2023 Regents of the University of California.
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -07004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 *
21 * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
22 */
23
Alexander Afanasyev09236c22020-06-03 13:42:38 -040024#include "ndn-cxx/security/certificate.hpp"
Davide Pesaventodd0724b2022-04-18 00:30:05 -040025#include "ndn-cxx/encoding/block-helpers.hpp"
26#include "ndn-cxx/util/io.hpp"
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -070027
Davide Pesavento7e780642018-11-24 15:51:34 -050028#include "tests/boost-test.hpp"
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -050029#include "tests/unit/clock-fixture.hpp"
Davide Pesavento74daf742018-11-23 18:14:13 -050030
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -070031#include <boost/lexical_cast.hpp>
32
Davide Pesavento47ce2ee2023-05-09 01:33:33 -040033namespace ndn::tests {
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -070034
Davide Pesavento47ce2ee2023-05-09 01:33:33 -040035using ndn::security::Certificate;
36using ndn::security::ValidityPeriod;
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -070037
Davide Pesavento152ef442023-04-22 02:02:29 -040038BOOST_CONCEPT_ASSERT((WireEncodable<Certificate>));
39BOOST_CONCEPT_ASSERT((WireDecodable<Certificate>));
40static_assert(std::is_convertible_v<Certificate::Error*, Data::Error*>,
41 "Certificate::Error must inherit from Data::Error");
42
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -070043BOOST_AUTO_TEST_SUITE(Security)
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -050044BOOST_FIXTURE_TEST_SUITE(TestCertificate, ClockFixture)
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -070045
46const uint8_t PUBLIC_KEY[] = {
47 0x30, 0x81, 0x9d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
48 0x01, 0x05, 0x00, 0x03, 0x81, 0x8b, 0x00, 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e,
49 0x06, 0x3e, 0x47, 0x85, 0xb2, 0x34, 0x37, 0xaa, 0x85, 0x47, 0xac, 0x03, 0x24, 0x83, 0xb5,
50 0x9c, 0xa8, 0x05, 0x3a, 0x24, 0x1e, 0xeb, 0x89, 0x01, 0xbb, 0xe9, 0x9b, 0xb2, 0xc3, 0x22,
51 0xac, 0x68, 0xe3, 0xf0, 0x6c, 0x02, 0xce, 0x68, 0xa6, 0xc4, 0xd0, 0xa7, 0x06, 0x90, 0x9c,
52 0xaa, 0x1b, 0x08, 0x1d, 0x8b, 0x43, 0x9a, 0x33, 0x67, 0x44, 0x6d, 0x21, 0xa3, 0x1b, 0x88,
53 0x9a, 0x97, 0x5e, 0x59, 0xc4, 0x15, 0x0b, 0xd9, 0x2c, 0xbd, 0x51, 0x07, 0x61, 0x82, 0xad,
54 0xc1, 0xb8, 0xd7, 0xbf, 0x9b, 0xcf, 0x7d, 0x24, 0xc2, 0x63, 0xf3, 0x97, 0x17, 0xeb, 0xfe,
55 0x62, 0x25, 0xba, 0x5b, 0x4d, 0x8a, 0xc2, 0x7a, 0xbd, 0x43, 0x8a, 0x8f, 0xb8, 0xf2, 0xf1,
56 0xc5, 0x6a, 0x30, 0xd3, 0x50, 0x8c, 0xc8, 0x9a, 0xdf, 0xef, 0xed, 0x35, 0xe7, 0x7a, 0x62,
57 0xea, 0x76, 0x7c, 0xbb, 0x08, 0x26, 0xc7, 0x02, 0x01, 0x11
58};
59
60const uint8_t SIG_INFO[] = {
61 0x16, 0x55, 0x1B, 0x01, 0x01, 0x1C, 0x26, 0x07, 0x24, 0x08, 0x03, 0x6E, 0x64, 0x6E, 0x08, 0x05,
62 0x73, 0x69, 0x74, 0x65, 0x31, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D, 0x32, 0x35, 0x31, 0x36, 0x34,
63 0x32, 0x35, 0x33, 0x37, 0x37, 0x30, 0x39, 0x34, 0x08, 0x03, 0x4B, 0x45, 0x59, 0xFD, 0x00, 0xFD,
64 0x26, 0xFD, 0x00, 0xFE, 0x0F, 0x32, 0x30, 0x31, 0x35, 0x30, 0x38, 0x31, 0x34, 0x54, 0x32, 0x32,
65 0x33, 0x37, 0x33, 0x39, 0xFD, 0x00, 0xFF, 0x0F, 0x32, 0x30, 0x31, 0x35, 0x30, 0x38, 0x31, 0x38,
66 0x54, 0x32, 0x32, 0x33, 0x37, 0x33, 0x38
67};
68
69const uint8_t SIG_VALUE[] = {
Davide Pesavento14c56cd2020-05-21 01:44:03 -040070 0x2f, 0xd6, 0xf1, 0x6e, 0x80, 0x6f, 0x10, 0xbe, 0xb1, 0x6f, 0x3e, 0x31, 0xec, 0xe3, 0xb9, 0xea,
71 0x83, 0x30, 0x40, 0x03, 0xfc, 0xa0, 0x13, 0xd9, 0xb3, 0xc6, 0x25, 0x16, 0x2d, 0xa6, 0x58, 0x41,
72 0x69, 0x62, 0x56, 0xd8, 0xb3, 0x6a, 0x38, 0x76, 0x56, 0xea, 0x61, 0xb2, 0x32, 0x70, 0x1c, 0xb6,
73 0x4d, 0x10, 0x1d, 0xdc, 0x92, 0x8e, 0x52, 0xa5, 0x8a, 0x1d, 0xd9, 0x96, 0x5e, 0xc0, 0x62, 0x0b,
74 0xcf, 0x3a, 0x9d, 0x7f, 0xca, 0xbe, 0xa1, 0x41, 0x71, 0x85, 0x7a, 0x8b, 0x5d, 0xa9, 0x64, 0xd6,
75 0x66, 0xb4, 0xe9, 0x8d, 0x0c, 0x28, 0x43, 0xee, 0xa6, 0x64, 0xe8, 0x55, 0xf6, 0x1c, 0x19, 0x0b,
76 0xef, 0x99, 0x25, 0x1e, 0xdc, 0x78, 0xb3, 0xa7, 0xaa, 0x0d, 0x14, 0x58, 0x30, 0xe5, 0x37, 0x6a,
77 0x6d, 0xdb, 0x56, 0xac, 0xa3, 0xfc, 0x90, 0x7a, 0xb8, 0x66, 0x9c, 0x0e, 0xf6, 0xb7, 0x64, 0xd1,
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -070078};
79
80const uint8_t CERT[] = {
81 0x06, 0xFD, 0x01, 0xBB, // Data
82 0x07, 0x33, // Name /ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B
83 0x08, 0x03, 0x6E, 0x64, 0x6E,
84 0x08, 0x05, 0x73, 0x69, 0x74, 0x65, 0x31,
85 0x08, 0x03, 0x4B, 0x45, 0x59,
86 0x08, 0x11,
87 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x36, 0x34, 0x32, 0x35, 0x33, 0x37, 0x37, 0x30, 0x39,
88 0x34,
89 0x08, 0x04, 0x30, 0x31, 0x32, 0x33,
90 0x08, 0x07, 0xFD, 0x00, 0x00, 0x01, 0x49, 0xC9, 0x8B,
91 0x14, 0x09, // MetaInfo
92 0x18, 0x01, 0x02, // ContentType = Key
93 0x19, 0x04, 0x00, 0x36, 0xEE, 0x80, // FreshnessPeriod = 3600000 ms
94 0x15, 0xA0, // Content
95 0x30, 0x81, 0x9D, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
96 0x05, 0x00, 0x03, 0x81, 0x8B, 0x00, 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9E, 0x06, 0x3E,
97 0x47, 0x85, 0xB2, 0x34, 0x37, 0xAA, 0x85, 0x47, 0xAC, 0x03, 0x24, 0x83, 0xB5, 0x9C, 0xA8, 0x05,
98 0x3A, 0x24, 0x1E, 0xEB, 0x89, 0x01, 0xBB, 0xE9, 0x9B, 0xB2, 0xC3, 0x22, 0xAC, 0x68, 0xE3, 0xF0,
99 0x6C, 0x02, 0xCE, 0x68, 0xA6, 0xC4, 0xD0, 0xA7, 0x06, 0x90, 0x9C, 0xAA, 0x1B, 0x08, 0x1D, 0x8B,
100 0x43, 0x9A, 0x33, 0x67, 0x44, 0x6D, 0x21, 0xA3, 0x1B, 0x88, 0x9A, 0x97, 0x5E, 0x59, 0xC4, 0x15,
101 0x0B, 0xD9, 0x2C, 0xBD, 0x51, 0x07, 0x61, 0x82, 0xAD, 0xC1, 0xB8, 0xD7, 0xBF, 0x9B, 0xCF, 0x7D,
102 0x24, 0xC2, 0x63, 0xF3, 0x97, 0x17, 0xEB, 0xFE, 0x62, 0x25, 0xBA, 0x5B, 0x4D, 0x8A, 0xC2, 0x7A,
103 0xBD, 0x43, 0x8A, 0x8F, 0xB8, 0xF2, 0xF1, 0xC5, 0x6A, 0x30, 0xD3, 0x50, 0x8C, 0xC8, 0x9A, 0xDF,
104 0xEF, 0xED, 0x35, 0xE7, 0x7A, 0x62, 0xEA, 0x76, 0x7C, 0xBB, 0x08, 0x26, 0xC7, 0x02, 0x01, 0x11,
105 0x16, 0x55, // SignatureInfo
106 0x1B, 0x01, 0x01, // SignatureType
107 0x1C, 0x26, // KeyLocator: /ndn/site1/KEY/ksk-2516425377094
108 0x07, 0x24,
109 0x08, 0x03, 0x6E, 0x64, 0x6E,
110 0x08, 0x05, 0x73, 0x69, 0x74, 0x65, 0x31,
111 0x08, 0x03, 0x4B, 0x45, 0x59,
112 0x08, 0x11,
113 0x6B, 0x73, 0x6B, 0x2D, 0x32, 0x35, 0x31, 0x36, 0x34, 0x32, 0x35, 0x33, 0x37, 0x37, 0x30, 0x39,
114 0x34,
115 0xFD, 0x00, 0xFD, 0x26, // ValidityPeriod: (20150814T223739, 20150818T223738)
116 0xFD, 0x00, 0xFE, 0x0F,
117 0x32, 0x30, 0x31, 0x35, 0x30, 0x38, 0x31, 0x34, 0x54, 0x32, 0x32, 0x33, 0x37, 0x33, 0x39,
118 0xFD, 0x00, 0xFF, 0x0F,
119 0x32, 0x30, 0x31, 0x35, 0x30, 0x38, 0x31, 0x38, 0x54, 0x32, 0x32, 0x33, 0x37, 0x33, 0x38,
120 0x17, 0x80, // SignatureValue
121 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
122 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
123 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
124 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
125 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
126 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
127 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
128 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
129};
130
Eric Newberrya3c8bd12020-05-15 17:27:07 -0700131static void
132generateFakeSignature(Data& data)
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700133{
Davide Pesaventofbea4fc2022-02-08 07:26:04 -0500134 SignatureInfo signatureInfo(Block{SIG_INFO});
Davide Pesavento487e3d32022-05-05 18:06:23 -0400135 signatureInfo.setKeyLocator(Name("/ndn/site1/KEY/ksk-2516425377094"));
Eric Newberrya3c8bd12020-05-15 17:27:07 -0700136 signatureInfo.setValidityPeriod(ValidityPeriod(time::fromIsoString("20141111T050000"),
137 time::fromIsoString("20141111T060000")));
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700138
Eric Newberrya3c8bd12020-05-15 17:27:07 -0700139 data.setSignatureInfo(signatureInfo);
Davide Pesavento487e3d32022-05-05 18:06:23 -0400140 data.setSignatureValue(SIG_VALUE);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700141}
142
143BOOST_AUTO_TEST_CASE(Construction)
144{
Davide Pesaventofbea4fc2022-02-08 07:26:04 -0500145 Block block(CERT);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700146 Certificate certificate(block);
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400147 const ValidityPeriod vp(time::fromIsoString("20150814T223739"),
148 time::fromIsoString("20150818T223738"));
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700149
150 BOOST_CHECK_EQUAL(certificate.getName(), "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B");
151 BOOST_CHECK_EQUAL(certificate.getKeyName(), "/ndn/site1/KEY/ksk-1416425377094");
152 BOOST_CHECK_EQUAL(certificate.getIdentity(), "/ndn/site1");
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700153 BOOST_CHECK_EQUAL(certificate.getKeyId(), name::Component("ksk-1416425377094"));
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400154 BOOST_CHECK_EQUAL(certificate.getIssuerId(), name::Component("0123"));
155 BOOST_TEST(certificate.getPublicKey() == PUBLIC_KEY, boost::test_tools::per_element());
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400156 BOOST_CHECK_EQUAL(certificate.getKeyLocator().value().getName(), "/ndn/site1/KEY/ksk-2516425377094");
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400157 BOOST_CHECK_EQUAL(certificate.getValidityPeriod(), vp);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700158
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400159 BOOST_CHECK_EQUAL(certificate.getExtension(tlv::ValidityPeriod), vp.wireEncode());
160 BOOST_CHECK_THROW(certificate.getExtension(12345), tlv::Error);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700161
162 Data data(block);
163 Certificate certificate2(std::move(data));
164 BOOST_CHECK_EQUAL(certificate, certificate2);
165}
166
167BOOST_AUTO_TEST_CASE(Setters)
168{
169 Certificate certificate;
170 certificate.setName("/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B");
Davide Pesavento0f830802018-01-16 23:58:58 -0500171 certificate.setFreshnessPeriod(1_h);
Davide Pesaventoa3d809e2022-02-06 11:55:02 -0500172 certificate.setContent(PUBLIC_KEY);
Eric Newberrya3c8bd12020-05-15 17:27:07 -0700173 generateFakeSignature(certificate);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700174
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400175 const ValidityPeriod vp(time::fromIsoString("20141111T050000"),
176 time::fromIsoString("20141111T060000"));
177
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700178 BOOST_CHECK_EQUAL(certificate.getName(), "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B");
179 BOOST_CHECK_EQUAL(certificate.getKeyName(), "/ndn/site1/KEY/ksk-1416425377094");
180 BOOST_CHECK_EQUAL(certificate.getIdentity(), "/ndn/site1");
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700181 BOOST_CHECK_EQUAL(certificate.getKeyId(), name::Component("ksk-1416425377094"));
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400182 BOOST_CHECK_EQUAL(certificate.getIssuerId(), name::Component("0123"));
183 BOOST_TEST(certificate.getPublicKey() == PUBLIC_KEY, boost::test_tools::per_element());
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400184 BOOST_CHECK_EQUAL(certificate.getKeyLocator().value().getName(), "/ndn/site1/KEY/ksk-2516425377094");
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400185 BOOST_CHECK_EQUAL(certificate.getValidityPeriod(), vp);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700186
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400187 BOOST_CHECK_EQUAL(certificate.getExtension(tlv::ValidityPeriod), vp.wireEncode());
188 BOOST_CHECK_THROW(certificate.getExtension(12345), tlv::Error);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700189}
190
191BOOST_AUTO_TEST_CASE(ValidityPeriodChecking)
192{
193 Certificate certificate;
194 certificate.setName("/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B");
Davide Pesavento0f830802018-01-16 23:58:58 -0500195 certificate.setFreshnessPeriod(1_h);
Davide Pesaventoa3d809e2022-02-06 11:55:02 -0500196 certificate.setContent(PUBLIC_KEY);
Eric Newberrya3c8bd12020-05-15 17:27:07 -0700197 generateFakeSignature(certificate);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700198
199 BOOST_CHECK_EQUAL(certificate.isValid(), true);
200 BOOST_CHECK_EQUAL(certificate.isValid(time::fromIsoString("20141111T045959")), false);
201 BOOST_CHECK_EQUAL(certificate.isValid(time::fromIsoString("20141111T060001")), false);
202}
203
204// This fixture prepares a well-formed certificate. A test case then modifies one of the
205// fields, and verifies the Certificate class correctly identifies the certificate as
206// malformed.
207class InvalidCertFixture
208{
209public:
210 InvalidCertFixture()
211 {
Davide Pesaventofbea4fc2022-02-08 07:26:04 -0500212 Certificate certBase(Block{CERT});
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700213 m_certBase = Data(certBase);
Eric Newberrya3c8bd12020-05-15 17:27:07 -0700214 generateFakeSignature(m_certBase);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700215
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400216 BOOST_REQUIRE_NO_THROW(Certificate{m_certBase});
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700217 }
218
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400219protected:
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700220 Data m_certBase;
221};
222
223BOOST_FIXTURE_TEST_CASE(InvalidName, InvalidCertFixture)
224{
225 Data data(m_certBase);
226 data.setName("/ndn/site1/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B");
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700227
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400228 BOOST_CHECK_EXCEPTION(Certificate{std::move(data)}, Certificate::Error, [] (const auto& e) {
229 return e.what() == "Certificate name does not follow the naming conventions"s;
230 });
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700231}
232
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400233BOOST_FIXTURE_TEST_CASE(InvalidContentType, InvalidCertFixture)
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700234{
235 Data data(m_certBase);
236 data.setContentType(tlv::ContentType_Blob);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700237
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400238 BOOST_CHECK_EXCEPTION(Certificate{std::move(data)}, Certificate::Error, [] (const auto& e) {
239 return e.what() == "Expecting ContentType=Key, got 0"s;
240 });
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700241}
242
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400243BOOST_FIXTURE_TEST_CASE(InvalidFreshnessPeriod, InvalidCertFixture)
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700244{
245 Data data(m_certBase);
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400246 data.setFreshnessPeriod(0_ms);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700247
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400248 BOOST_CHECK_EXCEPTION(Certificate{std::move(data)}, Certificate::Error, [] (const auto& e) {
249 return e.what() == "Certificate FreshnessPeriod cannot be zero"s;
250 });
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700251}
252
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400253BOOST_AUTO_TEST_CASE(Print)
Alexander Afanasyev5f1820e2017-01-04 18:12:42 -0800254{
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400255 const std::string expected1(
256R"TXT(Certificate Name:
257 /
258Public Key:
259 Key Type: Unknown (0 bytes)
260Signature Information:
261 Signature Type: Unknown(65535)
262)TXT");
263
264 Certificate cert1;
265 BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(cert1), expected1);
266
267 const std::string expected2(
268R"TXT(Certificate Name:
Alexander Afanasyev5f1820e2017-01-04 18:12:42 -0800269 /ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400270Public Key:
271 Key Type: 1024-bit RSA
Alexander Afanasyev5f1820e2017-01-04 18:12:42 -0800272 MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCeBj5HhbI0N6qFR6wDJIO1nKgF
273 OiQe64kBu+mbssMirGjj8GwCzmimxNCnBpCcqhsIHYtDmjNnRG0hoxuImpdeWcQV
274 C9ksvVEHYYKtwbjXv5vPfSTCY/OXF+v+YiW6W02Kwnq9Q4qPuPLxxWow01CMyJrf
275 7+0153pi6nZ8uwgmxwIBEQ==
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400276Validity:
277 Not Before: 2015-08-14T22:37:39
278 Not After: 2015-08-18T22:37:38
Alexander Afanasyev5f1820e2017-01-04 18:12:42 -0800279Signature Information:
280 Signature Type: SignatureSha256WithRsa
281 Key Locator: Name=/ndn/site1/KEY/ksk-2516425377094
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400282)TXT");
Alexander Afanasyev5f1820e2017-01-04 18:12:42 -0800283
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400284 Certificate cert2(Block{CERT});
285 BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(cert2), expected2);
Alexander Afanasyev5f1820e2017-01-04 18:12:42 -0800286
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400287 const std::string expected3(
288R"TXT(Certificate Name:
289 /ndn/test/identity/KEY/%C7G%3A%D6%12P%B5%F0/self/v=1650251820652
290Public Key:
291 Key Type: 256-bit EC
292 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnoGVuhO+9JnIRo6QSgJin8RgA8Gh
293 RN9oVbnXi2rAJa4jq1yuCKaLeOt2sdXlkW6uBByOhbTuDdovlbIUsJ8bhg==
294Validity:
295 Not Before: 1970-01-01T00:00:00
296 Not After: 2042-04-13T03:17:00
297Signature Information:
298 Signature Type: SignatureSha256WithEcdsa
299 Key Locator: Name=/ndn/test/identity/KEY/%C7G%3A%D6%12P%B5%F0
300 Self-Signed: yes
301)TXT");
302
303 std::istringstream is(
304R"BASE64(Bv0BPgc0CANuZG4IBHRlc3QICGlkZW50aXR5CANLRVkICMdHOtYSULXwCARzZWxm
305NggAAAGAOqxubBQJGAECGQQANu6AFVswWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
306AASegZW6E770mchGjpBKAmKfxGADwaFE32hVudeLasAlriOrXK4Ipot463ax1eWR
307bq4EHI6FtO4N2i+VshSwnxuGFlUbAQMcJgckCANuZG4IBHRlc3QICGlkZW50aXR5
308CANLRVkICMdHOtYSULXw/QD9Jv0A/g8xOTcwMDEwMVQwMDAwMDD9AP8PMjA0MjA0
309MTNUMDMxNzAwF0cwRQIgFRnwthtzKdqRgO3cZMNA1hfT3QcNu/+xjo7hUy+UvdsC
310IQCz3DHoRtKl7uZoJOgQsZP1/CGkNjlGZE3EQ+Ylwiprrw==)BASE64");
311 Certificate cert3 = io::loadTlv<Certificate>(is, io::BASE64);
312 BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(cert3), expected3);
313
314 const std::string expected4(
315R"TXT(Certificate Name:
316 /ndn/test/identity/KEY/%C7G%3A%D6%12P%B5%F0/self/v=1650251820652
317Public Key:
Davide Pesavento296c3a12023-05-04 21:40:40 -0400318 Key Type: Unknown (22 bytes)
319 bm90IGEgdmFsaWQgcHVibGljIGtleQ==
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400320Validity:
321 Not Before: 1970-01-01T00:00:00
322 Not After: 2042-04-13T03:17:00
323Signature Information:
324 Signature Type: SignatureSha256WithEcdsa
325 Key Locator: Name=/ndn/test/identity/KEY/%C7G%3A%D6%12P%B5%F0
326 Self-Signed: yes
327)TXT");
328
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400329 Certificate cert4(cert3);
Davide Pesavento296c3a12023-05-04 21:40:40 -0400330 cert4.setContent("not a valid public key"sv);
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400331 BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(cert4), expected4);
332
333 const std::string expected5(
334R"TXT(Certificate Name:
335 /ndn/test/identity/KEY/%C7G%3A%D6%12P%B5%F0/self/v=1650251820652
336Additional Description:
337 bWFsZm9ybWVk
338Public Key:
339 Key Type: 256-bit EC
340 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnoGVuhO+9JnIRo6QSgJin8RgA8Gh
341 RN9oVbnXi2rAJa4jq1yuCKaLeOt2sdXlkW6uBByOhbTuDdovlbIUsJ8bhg==
342Validity:
343 Not Before: 1970-01-01T00:00:00
344 Not After: 2042-04-13T03:17:00
345Signature Information:
346 Signature Type: SignatureSha256WithEcdsa
347 Key Locator: KeyDigest=0000000000000000
348)TXT");
349
350 auto sigInfo = cert3.getSignatureInfo();
351 sigInfo.addCustomTlv(makeStringBlock(tlv::AdditionalDescription, "malformed"));
352 sigInfo.setKeyLocator(KeyLocator().setKeyDigest(std::make_shared<Buffer>(8)));
353 Certificate cert5(cert3);
354 cert5.setSignatureInfo(sigInfo);
355 BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(cert5), expected5);
356
357 const std::string expected6(
358R"TXT(Certificate Name:
359 /ndn/test/identity/KEY/%C7G%3A%D6%12P%B5%F0/self/v=1650251820652
360Public Key:
361 Key Type: 256-bit EC
362 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnoGVuhO+9JnIRo6QSgJin8RgA8Gh
363 RN9oVbnXi2rAJa4jq1yuCKaLeOt2sdXlkW6uBByOhbTuDdovlbIUsJ8bhg==
364Signature Information:
365 Signature Type: DigestSha256
366)TXT");
367
368 sigInfo.removeCustomTlv(tlv::AdditionalDescription);
369 sigInfo.addCustomTlv(makeStringBlock(tlv::ValidityPeriod, "malformed"));
370 sigInfo.setSignatureType(tlv::DigestSha256);
Davide Pesaventof6b45892023-03-13 15:00:51 -0400371 sigInfo.setKeyLocator(std::nullopt);
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400372 Certificate cert6(cert3);
373 cert6.setSignatureInfo(sigInfo);
374 BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(cert6), expected6);
Alexander Afanasyev5f1820e2017-01-04 18:12:42 -0800375}
376
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400377BOOST_AUTO_TEST_CASE(Helpers)
378{
Davide Pesavento47ce2ee2023-05-09 01:33:33 -0400379 using ndn::security::extractIdentityFromCertName;
380 using ndn::security::extractKeyNameFromCertName;
381
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400382 BOOST_CHECK_EQUAL(extractIdentityFromCertName("/KEY/hello/world/v=1"), "/");
383 BOOST_CHECK_EQUAL(extractIdentityFromCertName("/hello/world/KEY/!/self/v=42"), "/hello/world");
384
385 BOOST_CHECK_THROW(extractIdentityFromCertName("/hello"), std::invalid_argument);
386 BOOST_CHECK_THROW(extractIdentityFromCertName("/hello/KEY/keyid"), std::invalid_argument);
387 BOOST_CHECK_THROW(extractIdentityFromCertName("/hello/KEY/keyid/issuer"), std::invalid_argument);
388 BOOST_CHECK_THROW(extractIdentityFromCertName("/a/long/enough/but/invalid/name"), std::invalid_argument);
389
390 BOOST_CHECK_EQUAL(extractKeyNameFromCertName("/KEY/hello/world/v=1"), "/KEY/hello");
391 BOOST_CHECK_EQUAL(extractKeyNameFromCertName("/hello/world/KEY/!/self/v=42"), "/hello/world/KEY/!");
392
393 BOOST_CHECK_THROW(extractKeyNameFromCertName("/hello"), std::invalid_argument);
394 BOOST_CHECK_THROW(extractKeyNameFromCertName("/hello/KEY/keyid"), std::invalid_argument);
395 BOOST_CHECK_THROW(extractKeyNameFromCertName("/hello/KEY/keyid/issuer"), std::invalid_argument);
396 BOOST_CHECK_THROW(extractKeyNameFromCertName("/a/long/enough/but/invalid/name"), std::invalid_argument);
397}
398
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700399BOOST_AUTO_TEST_SUITE_END() // TestCertificate
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700400BOOST_AUTO_TEST_SUITE_END() // Security
401
Davide Pesavento47ce2ee2023-05-09 01:33:33 -0400402} // namespace ndn::tests