Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 2 | /** |
José Quevedo | 641de4c | 2016-01-29 00:11:24 +0000 | [diff] [blame] | 3 | * Copyright (c) 2013-2016 Regents of the University of California. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 6 | * |
Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 7 | * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| 8 | * terms of the GNU Lesser General Public License as published by the Free Software |
| 9 | * Foundation, either version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License and GNU Lesser |
| 16 | * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| 17 | * <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 20 | */ |
| 21 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 22 | #include "security/key-chain.hpp" |
Yingdi Yu | 1b0311c | 2015-06-10 14:58:47 -0700 | [diff] [blame] | 23 | #include "security/validator.hpp" |
José Quevedo | 641de4c | 2016-01-29 00:11:24 +0000 | [diff] [blame] | 24 | #include "security/signing-helpers.hpp" |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 25 | |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 26 | #include "boost-test.hpp" |
Alexander Afanasyev | 0711380 | 2015-01-15 19:14:36 -0800 | [diff] [blame] | 27 | #include "dummy-keychain.hpp" |
José Quevedo | 641de4c | 2016-01-29 00:11:24 +0000 | [diff] [blame] | 28 | #include "../util/test-home-environment-fixture.hpp" |
| 29 | |
| 30 | #include <boost/filesystem.hpp> |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 31 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 32 | namespace ndn { |
Yingdi Yu | 1b0311c | 2015-06-10 14:58:47 -0700 | [diff] [blame] | 33 | namespace security { |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 34 | namespace tests { |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 35 | |
Spyridon Mastorakis | 429634f | 2015-02-19 17:35:33 -0800 | [diff] [blame] | 36 | BOOST_FIXTURE_TEST_SUITE(SecurityKeyChain, util::TestHomeEnvironmentFixture) |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 37 | |
| 38 | BOOST_AUTO_TEST_CASE(ConstructorNormalConfig) |
| 39 | { |
| 40 | using namespace boost::filesystem; |
| 41 | |
Alexander Afanasyev | 8b1674a | 2014-05-15 00:58:43 -0700 | [diff] [blame] | 42 | setenv("TEST_HOME", "tests/unit-tests/security/config-file-home", 1); |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 43 | |
| 44 | BOOST_REQUIRE_NO_THROW(KeyChain()); |
| 45 | |
Alexander Afanasyev | 0711380 | 2015-01-15 19:14:36 -0800 | [diff] [blame] | 46 | KeyChain keyChain; |
| 47 | BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), |
| 48 | "pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-file/"); |
| 49 | BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), |
| 50 | "tpm-file:/tmp/test/ndn-cxx/keychain/sqlite3-file/"); |
| 51 | BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), |
| 52 | "tpm-file:/tmp/test/ndn-cxx/keychain/sqlite3-file/"); |
| 53 | |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 54 | path pibPath(absolute(std::getenv("TEST_HOME"))); |
| 55 | pibPath /= ".ndn/ndnsec-public-info.db"; |
| 56 | |
| 57 | boost::filesystem::remove(pibPath); |
| 58 | } |
| 59 | |
| 60 | BOOST_AUTO_TEST_CASE(ConstructorEmptyConfig) |
| 61 | { |
| 62 | using namespace boost::filesystem; |
| 63 | |
Alexander Afanasyev | 8b1674a | 2014-05-15 00:58:43 -0700 | [diff] [blame] | 64 | setenv("TEST_HOME", "tests/unit-tests/security/config-file-empty-home", 1); |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 65 | |
Yingdi Yu | 4154634 | 2014-11-30 23:37:53 -0800 | [diff] [blame] | 66 | #if defined(NDN_CXX_HAVE_OSX_SECURITY) |
| 67 | std::string oldHOME; |
| 68 | if (std::getenv("OLD_HOME")) |
| 69 | oldHOME = std::getenv("OLD_HOME"); |
| 70 | |
| 71 | std::string HOME; |
| 72 | if (std::getenv("HOME")) |
| 73 | HOME = std::getenv("HOME"); |
| 74 | |
| 75 | if (!oldHOME.empty()) |
| 76 | setenv("HOME", oldHOME.c_str(), 1); |
| 77 | else |
| 78 | unsetenv("HOME"); |
| 79 | #endif |
| 80 | |
| 81 | BOOST_REQUIRE_NO_THROW(KeyChain()); |
Alexander Afanasyev | 0711380 | 2015-01-15 19:14:36 -0800 | [diff] [blame] | 82 | KeyChain keyChain; |
| 83 | BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), |
| 84 | "pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/"); |
| 85 | |
| 86 | #if defined(NDN_CXX_HAVE_OSX_SECURITY) |
| 87 | BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-osxkeychain:"); |
| 88 | BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-osxkeychain:"); |
| 89 | #else |
| 90 | BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), |
| 91 | "tpm-file:"); |
| 92 | BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), |
| 93 | "tpm-file:"); |
| 94 | #endif |
Yingdi Yu | 4154634 | 2014-11-30 23:37:53 -0800 | [diff] [blame] | 95 | |
| 96 | #if defined(NDN_CXX_HAVE_OSX_SECURITY) |
| 97 | if (!HOME.empty()) |
| 98 | setenv("HOME", HOME.c_str(), 1); |
| 99 | else |
| 100 | unsetenv("HOME"); |
| 101 | #endif |
| 102 | |
| 103 | path pibPath(absolute(std::getenv("TEST_HOME"))); |
| 104 | pibPath /= ".ndn/ndnsec-public-info.db"; |
| 105 | |
| 106 | boost::filesystem::remove(pibPath); |
| 107 | } |
| 108 | |
| 109 | BOOST_AUTO_TEST_CASE(ConstructorEmpty2Config) |
| 110 | { |
| 111 | using namespace boost::filesystem; |
| 112 | |
| 113 | setenv("TEST_HOME", "tests/unit-tests/security/config-file-empty2-home", 1); |
| 114 | |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 115 | BOOST_REQUIRE_NO_THROW(KeyChain()); |
| 116 | |
Alexander Afanasyev | 0711380 | 2015-01-15 19:14:36 -0800 | [diff] [blame] | 117 | KeyChain keyChain; |
| 118 | BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), |
| 119 | "pib-sqlite3:"); |
| 120 | BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), |
| 121 | "tpm-file:/tmp/test/ndn-cxx/keychain/empty-file/"); |
| 122 | BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), |
| 123 | "tpm-file:/tmp/test/ndn-cxx/keychain/empty-file/"); |
| 124 | |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 125 | path pibPath(absolute(std::getenv("TEST_HOME"))); |
| 126 | pibPath /= ".ndn/ndnsec-public-info.db"; |
| 127 | |
| 128 | boost::filesystem::remove(pibPath); |
| 129 | } |
| 130 | |
| 131 | BOOST_AUTO_TEST_CASE(ConstructorMalConfig) |
| 132 | { |
| 133 | using namespace boost::filesystem; |
| 134 | |
Alexander Afanasyev | 8b1674a | 2014-05-15 00:58:43 -0700 | [diff] [blame] | 135 | setenv("TEST_HOME", "tests/unit-tests/security/config-file-malformed-home", 1); |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 136 | |
| 137 | BOOST_REQUIRE_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected. |
| 138 | } |
| 139 | |
| 140 | BOOST_AUTO_TEST_CASE(ConstructorMal2Config) |
| 141 | { |
| 142 | using namespace boost::filesystem; |
| 143 | |
Alexander Afanasyev | 8b1674a | 2014-05-15 00:58:43 -0700 | [diff] [blame] | 144 | setenv("TEST_HOME", "tests/unit-tests/security/config-file-malformed2-home", 1); |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 145 | |
| 146 | BOOST_REQUIRE_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected. |
| 147 | } |
| 148 | |
| 149 | BOOST_AUTO_TEST_CASE(ExportIdentity) |
| 150 | { |
Yingdi Yu | 4154634 | 2014-11-30 23:37:53 -0800 | [diff] [blame] | 151 | KeyChain keyChain; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 152 | |
Alexander Afanasyev | aa0e7da | 2014-03-17 14:37:33 -0700 | [diff] [blame] | 153 | Name identity("/TestKeyChain/ExportIdentity/"); |
| 154 | identity.appendVersion(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 155 | keyChain.createIdentity(identity); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 156 | |
Yingdi Yu | 64c3fb4 | 2014-02-26 17:30:04 -0800 | [diff] [blame] | 157 | shared_ptr<SecuredBag> exported = keyChain.exportIdentity(identity, "1234"); |
| 158 | |
| 159 | Block block = exported->wireEncode(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 160 | |
| 161 | Name keyName = keyChain.getDefaultKeyNameForIdentity(identity); |
| 162 | Name certName = keyChain.getDefaultCertificateNameForKey(keyName); |
| 163 | |
| 164 | keyChain.deleteIdentity(identity); |
| 165 | |
Yingdi Yu | 5ec0ee3 | 2014-06-24 16:26:09 -0700 | [diff] [blame] | 166 | BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), false); |
| 167 | BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName), false); |
| 168 | BOOST_CHECK_EQUAL(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE), false); |
| 169 | BOOST_CHECK_EQUAL(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC), false); |
| 170 | BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName), false); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 171 | |
Yingdi Yu | 64c3fb4 | 2014-02-26 17:30:04 -0800 | [diff] [blame] | 172 | SecuredBag imported; |
| 173 | imported.wireDecode(block); |
| 174 | keyChain.importIdentity(imported, "1234"); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 175 | |
Yingdi Yu | 5ec0ee3 | 2014-06-24 16:26:09 -0700 | [diff] [blame] | 176 | BOOST_CHECK(keyChain.doesIdentityExist(identity)); |
| 177 | BOOST_CHECK(keyChain.doesPublicKeyExist(keyName)); |
| 178 | BOOST_CHECK(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE)); |
| 179 | BOOST_CHECK(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC)); |
| 180 | BOOST_CHECK(keyChain.doesCertificateExist(certName)); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 181 | |
| 182 | keyChain.deleteIdentity(identity); |
| 183 | |
Yingdi Yu | 5ec0ee3 | 2014-06-24 16:26:09 -0700 | [diff] [blame] | 184 | BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), false); |
| 185 | BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName), false); |
| 186 | BOOST_CHECK_EQUAL(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE), false); |
| 187 | BOOST_CHECK_EQUAL(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC), false); |
| 188 | BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName), false); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 189 | } |
| 190 | |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 191 | BOOST_AUTO_TEST_CASE(PrepareIdentityCertificate) |
Yingdi Yu | c55680b | 2014-02-26 12:31:35 -0800 | [diff] [blame] | 192 | { |
Yingdi Yu | 4154634 | 2014-11-30 23:37:53 -0800 | [diff] [blame] | 193 | KeyChain keyChain; |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 194 | |
Alexander Afanasyev | aa0e7da | 2014-03-17 14:37:33 -0700 | [diff] [blame] | 195 | Name identity("/TestKeyChain/PrepareIdentityCertificate/"); |
| 196 | identity.appendVersion(); |
Yingdi Yu | c55680b | 2014-02-26 12:31:35 -0800 | [diff] [blame] | 197 | keyChain.createIdentity(identity); |
| 198 | |
Junxiao Shi | 8ca4325 | 2015-06-11 21:29:43 -0700 | [diff] [blame] | 199 | std::vector<CertificateSubjectDescription> subjectDescription; |
Yingdi Yu | c55680b | 2014-02-26 12:31:35 -0800 | [diff] [blame] | 200 | Name lowerIdentity = identity; |
Alexander Afanasyev | aa0e7da | 2014-03-17 14:37:33 -0700 | [diff] [blame] | 201 | lowerIdentity.append("Lower").appendVersion(); |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 202 | Name lowerKeyName = keyChain.generateRsaKeyPair(lowerIdentity, true); |
Yingdi Yu | 5ec0ee3 | 2014-06-24 16:26:09 -0700 | [diff] [blame] | 203 | shared_ptr<IdentityCertificate> idCert = |
| 204 | keyChain.prepareUnsignedIdentityCertificate(lowerKeyName, identity, |
| 205 | time::system_clock::now(), |
| 206 | time::system_clock::now() + time::days(365), |
| 207 | subjectDescription); |
Yingdi Yu | c55680b | 2014-02-26 12:31:35 -0800 | [diff] [blame] | 208 | BOOST_CHECK(static_cast<bool>(idCert)); |
Yingdi Yu | 5ec0ee3 | 2014-06-24 16:26:09 -0700 | [diff] [blame] | 209 | BOOST_CHECK_EQUAL(idCert->getName().getPrefix(5), |
| 210 | Name().append(identity).append("KEY").append("Lower")); |
Junxiao Shi | 8ca4325 | 2015-06-11 21:29:43 -0700 | [diff] [blame] | 211 | BOOST_CHECK(idCert->getFreshnessPeriod() >= time::milliseconds::zero()); |
Yingdi Yu | c55680b | 2014-02-26 12:31:35 -0800 | [diff] [blame] | 212 | |
Yingdi Yu | 0eb5d72 | 2014-06-10 15:06:25 -0700 | [diff] [blame] | 213 | shared_ptr<IdentityCertificate> idCert11 = |
| 214 | keyChain.prepareUnsignedIdentityCertificate(lowerKeyName, identity, |
| 215 | time::system_clock::now(), |
| 216 | time::system_clock::now() + time::days(365), |
| 217 | subjectDescription, |
| 218 | lowerIdentity); |
| 219 | BOOST_CHECK(static_cast<bool>(idCert11)); |
Yingdi Yu | 5ec0ee3 | 2014-06-24 16:26:09 -0700 | [diff] [blame] | 220 | BOOST_CHECK_EQUAL(idCert11->getName().getPrefix(6), |
Yingdi Yu | 0eb5d72 | 2014-06-10 15:06:25 -0700 | [diff] [blame] | 221 | Name().append(lowerIdentity).append("KEY")); |
Yingdi Yu | c55680b | 2014-02-26 12:31:35 -0800 | [diff] [blame] | 222 | |
Alexander Afanasyev | aa0e7da | 2014-03-17 14:37:33 -0700 | [diff] [blame] | 223 | Name anotherIdentity("/TestKeyChain/PrepareIdentityCertificate/Another/"); |
| 224 | anotherIdentity.appendVersion(); |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 225 | Name anotherKeyName = keyChain.generateRsaKeyPair(anotherIdentity, true); |
Yingdi Yu | 5ec0ee3 | 2014-06-24 16:26:09 -0700 | [diff] [blame] | 226 | shared_ptr<IdentityCertificate> idCert2 = |
| 227 | keyChain.prepareUnsignedIdentityCertificate(anotherKeyName, identity, |
| 228 | time::system_clock::now(), |
| 229 | time::system_clock::now() + time::days(365), |
| 230 | subjectDescription); |
Yingdi Yu | c55680b | 2014-02-26 12:31:35 -0800 | [diff] [blame] | 231 | BOOST_CHECK(static_cast<bool>(idCert2)); |
Yingdi Yu | 5ec0ee3 | 2014-06-24 16:26:09 -0700 | [diff] [blame] | 232 | BOOST_CHECK_EQUAL(idCert2->getName().getPrefix(5), Name().append(anotherIdentity).append("KEY")); |
Yingdi Yu | c55680b | 2014-02-26 12:31:35 -0800 | [diff] [blame] | 233 | |
| 234 | |
| 235 | Name wrongKeyName1; |
Yingdi Yu | 5ec0ee3 | 2014-06-24 16:26:09 -0700 | [diff] [blame] | 236 | shared_ptr<IdentityCertificate> idCert3 = |
| 237 | keyChain.prepareUnsignedIdentityCertificate(wrongKeyName1, identity, |
| 238 | time::system_clock::now(), |
| 239 | time::system_clock::now() + time::days(365), |
| 240 | subjectDescription); |
| 241 | BOOST_CHECK_EQUAL(static_cast<bool>(idCert3), false); |
Yingdi Yu | c55680b | 2014-02-26 12:31:35 -0800 | [diff] [blame] | 242 | |
| 243 | |
| 244 | Name wrongKeyName2("/TestKeyChain/PrepareIdentityCertificate"); |
Yingdi Yu | 5ec0ee3 | 2014-06-24 16:26:09 -0700 | [diff] [blame] | 245 | shared_ptr<IdentityCertificate> idCert4 = |
| 246 | keyChain.prepareUnsignedIdentityCertificate(wrongKeyName2, identity, |
| 247 | time::system_clock::now(), |
| 248 | time::system_clock::now() + time::days(365), |
| 249 | subjectDescription); |
| 250 | BOOST_CHECK_EQUAL(static_cast<bool>(idCert4), false); |
Alexander Afanasyev | b1db7c6 | 2014-04-03 14:57:25 -0700 | [diff] [blame] | 251 | |
Yingdi Yu | c55680b | 2014-02-26 12:31:35 -0800 | [diff] [blame] | 252 | |
| 253 | Name wrongKeyName3("/TestKeyChain/PrepareIdentityCertificate/ksk-1234"); |
Yingdi Yu | 5ec0ee3 | 2014-06-24 16:26:09 -0700 | [diff] [blame] | 254 | shared_ptr<IdentityCertificate> idCert5 = |
| 255 | keyChain.prepareUnsignedIdentityCertificate(wrongKeyName3, identity, |
| 256 | time::system_clock::now(), |
| 257 | time::system_clock::now() + time::days(365), |
| 258 | subjectDescription); |
| 259 | BOOST_CHECK_EQUAL(static_cast<bool>(idCert5), false); |
Yingdi Yu | c55680b | 2014-02-26 12:31:35 -0800 | [diff] [blame] | 260 | |
| 261 | keyChain.deleteIdentity(identity); |
| 262 | keyChain.deleteIdentity(lowerIdentity); |
| 263 | keyChain.deleteIdentity(anotherIdentity); |
| 264 | } |
| 265 | |
Yingdi Yu | 4154634 | 2014-11-30 23:37:53 -0800 | [diff] [blame] | 266 | BOOST_AUTO_TEST_CASE(Delete) |
| 267 | { |
| 268 | KeyChain keyChain; |
| 269 | |
| 270 | Name identity("/TestSecPublicInfoSqlite3/Delete"); |
| 271 | identity.appendVersion(); |
| 272 | |
| 273 | Name certName1; |
| 274 | BOOST_REQUIRE_NO_THROW(certName1 = keyChain.createIdentity(identity)); |
| 275 | |
| 276 | Name keyName1 = IdentityCertificate::certificateNameToPublicKeyName(certName1); |
| 277 | Name keyName2; |
| 278 | BOOST_REQUIRE_NO_THROW(keyName2 = keyChain.generateRsaKeyPairAsDefault(identity)); |
| 279 | |
| 280 | shared_ptr<IdentityCertificate> cert2; |
| 281 | BOOST_REQUIRE_NO_THROW(cert2 = keyChain.selfSign(keyName2)); |
| 282 | Name certName2 = cert2->getName(); |
| 283 | BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert2)); |
| 284 | |
| 285 | Name keyName3; |
| 286 | BOOST_REQUIRE_NO_THROW(keyName3 = keyChain.generateRsaKeyPairAsDefault(identity)); |
| 287 | |
| 288 | shared_ptr<IdentityCertificate> cert3; |
| 289 | BOOST_REQUIRE_NO_THROW(cert3 = keyChain.selfSign(keyName3)); |
| 290 | Name certName3 = cert3->getName(); |
| 291 | BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert3)); |
| 292 | shared_ptr<IdentityCertificate> cert4; |
| 293 | BOOST_REQUIRE_NO_THROW(cert4 = keyChain.selfSign(keyName3)); |
| 294 | Name certName4 = cert4->getName(); |
| 295 | BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert4)); |
| 296 | shared_ptr<IdentityCertificate> cert5; |
| 297 | BOOST_REQUIRE_NO_THROW(cert5 = keyChain.selfSign(keyName3)); |
| 298 | Name certName5 = cert5->getName(); |
| 299 | BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert5)); |
| 300 | |
| 301 | BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true); |
| 302 | BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true); |
| 303 | BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true); |
| 304 | BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true); |
| 305 | BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), true); |
| 306 | BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), true); |
| 307 | BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true); |
| 308 | BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true); |
| 309 | BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), true); |
| 310 | |
| 311 | BOOST_REQUIRE_NO_THROW(keyChain.deleteCertificate(certName5)); |
| 312 | BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), false); |
| 313 | BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true); |
| 314 | BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true); |
| 315 | BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true); |
| 316 | |
| 317 | BOOST_REQUIRE_NO_THROW(keyChain.deleteKey(keyName3)); |
| 318 | BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), false); |
| 319 | BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), false); |
| 320 | BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), false); |
| 321 | BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true); |
| 322 | BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true); |
| 323 | BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true); |
| 324 | |
| 325 | BOOST_REQUIRE_NO_THROW(keyChain.deleteIdentity(identity)); |
| 326 | BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), false); |
| 327 | BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), false); |
| 328 | BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), false); |
| 329 | BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), false); |
| 330 | BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), false); |
| 331 | } |
| 332 | |
Alexander Afanasyev | 0711380 | 2015-01-15 19:14:36 -0800 | [diff] [blame] | 333 | BOOST_AUTO_TEST_CASE(KeyChainWithCustomTpmAndPib) |
| 334 | { |
| 335 | BOOST_REQUIRE_NO_THROW((KeyChain("pib-dummy", "tpm-dummy"))); |
Alexander Afanasyev | 34a3763 | 2015-01-16 17:37:36 -0800 | [diff] [blame] | 336 | BOOST_REQUIRE_NO_THROW((KeyChain("pib-dummy2", "tpm-dummy2"))); |
Alexander Afanasyev | 0711380 | 2015-01-15 19:14:36 -0800 | [diff] [blame] | 337 | BOOST_REQUIRE_NO_THROW((KeyChain("dummy", "dummy"))); |
| 338 | BOOST_REQUIRE_NO_THROW((KeyChain("dummy:", "dummy:"))); |
| 339 | BOOST_REQUIRE_NO_THROW((KeyChain("dummy:/something", "dummy:/something"))); |
| 340 | |
| 341 | KeyChain keyChain("dummy", "dummy"); |
Alexander Afanasyev | 34a3763 | 2015-01-16 17:37:36 -0800 | [diff] [blame] | 342 | BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-dummy:"); |
| 343 | BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-dummy:"); |
| 344 | BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-dummy:"); |
Alexander Afanasyev | 0711380 | 2015-01-15 19:14:36 -0800 | [diff] [blame] | 345 | BOOST_CHECK_EQUAL(keyChain.getDefaultIdentity(), "/dummy/key"); |
| 346 | } |
| 347 | |
Yingdi Yu | 1b0311c | 2015-06-10 14:58:47 -0700 | [diff] [blame] | 348 | BOOST_AUTO_TEST_CASE(GeneralSigningInterface) |
| 349 | { |
| 350 | KeyChain keyChain; |
| 351 | Name id("/id"); |
| 352 | Name certName = keyChain.createIdentity(id); |
| 353 | shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName); |
| 354 | Name keyName = idCert->getPublicKeyName(); |
| 355 | keyChain.setDefaultIdentity(id); |
| 356 | |
| 357 | Name id2("/id2"); |
| 358 | Name cert2Name = keyChain.createIdentity(id2); |
| 359 | shared_ptr<IdentityCertificate> id2Cert = keyChain.getCertificate(cert2Name); |
| 360 | |
| 361 | // SigningInfo is set to default |
| 362 | Data data1("/data1"); |
| 363 | keyChain.sign(data1); |
| 364 | BOOST_CHECK(Validator::verifySignature(data1, idCert->getPublicKeyInfo())); |
| 365 | BOOST_CHECK_EQUAL(data1.getSignature().getKeyLocator().getName(), certName.getPrefix(-1)); |
| 366 | |
| 367 | Interest interest1("/interest1"); |
| 368 | keyChain.sign(interest1); |
| 369 | BOOST_CHECK(Validator::verifySignature(interest1, idCert->getPublicKeyInfo())); |
| 370 | SignatureInfo sigInfo1(interest1.getName()[-2].blockFromValue()); |
| 371 | BOOST_CHECK_EQUAL(sigInfo1.getKeyLocator().getName(), certName.getPrefix(-1)); |
| 372 | |
| 373 | // SigningInfo is set to Identity |
| 374 | Data data2("/data2"); |
| 375 | keyChain.sign(data2, SigningInfo(SigningInfo::SIGNER_TYPE_ID, id2)); |
| 376 | BOOST_CHECK(Validator::verifySignature(data2, id2Cert->getPublicKeyInfo())); |
| 377 | BOOST_CHECK_EQUAL(data2.getSignature().getKeyLocator().getName(), cert2Name.getPrefix(-1)); |
| 378 | |
| 379 | Interest interest2("/interest2"); |
| 380 | keyChain.sign(interest2, SigningInfo(SigningInfo::SIGNER_TYPE_ID, id2)); |
| 381 | BOOST_CHECK(Validator::verifySignature(interest2, id2Cert->getPublicKeyInfo())); |
| 382 | SignatureInfo sigInfo2(interest2.getName()[-2].blockFromValue()); |
| 383 | BOOST_CHECK_EQUAL(sigInfo2.getKeyLocator().getName(), cert2Name.getPrefix(-1)); |
| 384 | |
| 385 | // SigningInfo is set to Key |
| 386 | Data data3("/data3"); |
| 387 | keyChain.sign(data3, SigningInfo(SigningInfo::SIGNER_TYPE_KEY, keyName)); |
| 388 | BOOST_CHECK(Validator::verifySignature(data3, idCert->getPublicKeyInfo())); |
| 389 | BOOST_CHECK_EQUAL(data3.getSignature().getKeyLocator().getName(), certName.getPrefix(-1)); |
| 390 | |
| 391 | Interest interest3("/interest3"); |
| 392 | keyChain.sign(interest3); |
| 393 | BOOST_CHECK(Validator::verifySignature(interest3, idCert->getPublicKeyInfo())); |
| 394 | SignatureInfo sigInfo3(interest1.getName()[-2].blockFromValue()); |
| 395 | BOOST_CHECK_EQUAL(sigInfo3.getKeyLocator().getName(), certName.getPrefix(-1)); |
| 396 | |
| 397 | // SigningInfo is set to Cert |
| 398 | Data data4("/data4"); |
| 399 | keyChain.sign(data4, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certName)); |
| 400 | BOOST_CHECK(Validator::verifySignature(data4, idCert->getPublicKeyInfo())); |
| 401 | BOOST_CHECK_EQUAL(data4.getSignature().getKeyLocator().getName(), certName.getPrefix(-1)); |
| 402 | |
| 403 | Interest interest4("/interest4"); |
| 404 | keyChain.sign(interest4, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certName)); |
| 405 | BOOST_CHECK(Validator::verifySignature(interest4, idCert->getPublicKeyInfo())); |
| 406 | SignatureInfo sigInfo4(interest4.getName()[-2].blockFromValue()); |
| 407 | BOOST_CHECK_EQUAL(sigInfo4.getKeyLocator().getName(), certName.getPrefix(-1)); |
| 408 | |
| 409 | |
| 410 | // SigningInfo is set to DigestSha256 |
| 411 | Data data5("/data5"); |
| 412 | keyChain.sign(data5, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256)); |
| 413 | BOOST_CHECK(Validator::verifySignature(data5, DigestSha256(data5.getSignature()))); |
| 414 | |
| 415 | Interest interest5("/interest4"); |
| 416 | keyChain.sign(interest5, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256)); |
| 417 | BOOST_CHECK(Validator::verifySignature(interest5, |
| 418 | DigestSha256(Signature(interest5.getName()[-2].blockFromValue(), |
| 419 | interest5.getName()[-1].blockFromValue())))); |
| 420 | } |
| 421 | |
José Quevedo | 641de4c | 2016-01-29 00:11:24 +0000 | [diff] [blame] | 422 | BOOST_AUTO_TEST_CASE(EcdsaSigningByIdentityNoCert) |
| 423 | { |
| 424 | KeyChain keyChain; |
| 425 | Data data("/test/data"); |
| 426 | |
| 427 | Name nonExistingIdentity = Name("/non-existing/identity").appendVersion(); |
| 428 | |
| 429 | BOOST_CHECK_NO_THROW(keyChain.sign(data, signingByIdentity(nonExistingIdentity))); |
| 430 | BOOST_CHECK_EQUAL(data.getSignature().getType(), |
| 431 | KeyChain::getSignatureType(KeyChain::DEFAULT_KEY_PARAMS.getKeyType(), |
| 432 | DIGEST_ALGORITHM_SHA256)); |
| 433 | BOOST_CHECK(nonExistingIdentity.isPrefixOf(data.getSignature().getKeyLocator().getName())); |
| 434 | |
| 435 | Name ecdsaIdentity = Name("/ndn/test/ecdsa").appendVersion(); |
| 436 | Name ecdsaKeyName = keyChain.generateEcdsaKeyPairAsDefault(ecdsaIdentity, false, 256); |
| 437 | BOOST_CHECK_NO_THROW(keyChain.sign(data, signingByIdentity(ecdsaIdentity))); |
| 438 | BOOST_CHECK_EQUAL(data.getSignature().getType(), |
| 439 | KeyChain::getSignatureType(EcdsaKeyParams().getKeyType(), DIGEST_ALGORITHM_SHA256)); |
| 440 | BOOST_CHECK(ecdsaIdentity.isPrefixOf(data.getSignature().getKeyLocator().getName())); |
| 441 | } |
| 442 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 443 | BOOST_AUTO_TEST_SUITE_END() |
| 444 | |
Yingdi Yu | f56c68f | 2014-04-24 21:50:13 -0700 | [diff] [blame] | 445 | } // namespace tests |
Yingdi Yu | 1b0311c | 2015-06-10 14:58:47 -0700 | [diff] [blame] | 446 | } // namespace security |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 447 | } // namespace ndn |