blob: 5eae0c4d86fa2725f0fe38111ed0b195aa989978 [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -04001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yu8dceb1d2014-02-18 12:45:10 -08002/**
José Quevedo641de4c2016-01-29 00:11:24 +00003 * Copyright (c) 2013-2016 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -07004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -07006 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -04007 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Yingdi Yu8dceb1d2014-02-18 12:45:10 -080020 */
21
Yingdi Yu8dceb1d2014-02-18 12:45:10 -080022#include "security/key-chain.hpp"
Yingdi Yu1b0311c2015-06-10 14:58:47 -070023#include "security/validator.hpp"
José Quevedo641de4c2016-01-29 00:11:24 +000024#include "security/signing-helpers.hpp"
Yingdi Yu8dceb1d2014-02-18 12:45:10 -080025
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -070026#include "boost-test.hpp"
Alexander Afanasyev07113802015-01-15 19:14:36 -080027#include "dummy-keychain.hpp"
José Quevedo641de4c2016-01-29 00:11:24 +000028#include "../util/test-home-environment-fixture.hpp"
29
30#include <boost/filesystem.hpp>
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -070031
Yingdi Yu8dceb1d2014-02-18 12:45:10 -080032namespace ndn {
Yingdi Yu1b0311c2015-06-10 14:58:47 -070033namespace security {
Yingdi Yuf56c68f2014-04-24 21:50:13 -070034namespace tests {
Yingdi Yu8dceb1d2014-02-18 12:45:10 -080035
Spyridon Mastorakis429634f2015-02-19 17:35:33 -080036BOOST_FIXTURE_TEST_SUITE(SecurityKeyChain, util::TestHomeEnvironmentFixture)
Yingdi Yuf56c68f2014-04-24 21:50:13 -070037
38BOOST_AUTO_TEST_CASE(ConstructorNormalConfig)
39{
40 using namespace boost::filesystem;
41
Alexander Afanasyev8b1674a2014-05-15 00:58:43 -070042 setenv("TEST_HOME", "tests/unit-tests/security/config-file-home", 1);
Yingdi Yuf56c68f2014-04-24 21:50:13 -070043
44 BOOST_REQUIRE_NO_THROW(KeyChain());
45
Alexander Afanasyev07113802015-01-15 19:14:36 -080046 KeyChain keyChain;
47 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(),
48 "pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-file/");
49 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(),
50 "tpm-file:/tmp/test/ndn-cxx/keychain/sqlite3-file/");
51 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(),
52 "tpm-file:/tmp/test/ndn-cxx/keychain/sqlite3-file/");
53
Yingdi Yuf56c68f2014-04-24 21:50:13 -070054 path pibPath(absolute(std::getenv("TEST_HOME")));
55 pibPath /= ".ndn/ndnsec-public-info.db";
56
57 boost::filesystem::remove(pibPath);
58}
59
60BOOST_AUTO_TEST_CASE(ConstructorEmptyConfig)
61{
62 using namespace boost::filesystem;
63
Alexander Afanasyev8b1674a2014-05-15 00:58:43 -070064 setenv("TEST_HOME", "tests/unit-tests/security/config-file-empty-home", 1);
Yingdi Yuf56c68f2014-04-24 21:50:13 -070065
Yingdi Yu41546342014-11-30 23:37:53 -080066#if defined(NDN_CXX_HAVE_OSX_SECURITY)
67 std::string oldHOME;
68 if (std::getenv("OLD_HOME"))
69 oldHOME = std::getenv("OLD_HOME");
70
71 std::string HOME;
72 if (std::getenv("HOME"))
73 HOME = std::getenv("HOME");
74
75 if (!oldHOME.empty())
76 setenv("HOME", oldHOME.c_str(), 1);
77 else
78 unsetenv("HOME");
79#endif
80
81 BOOST_REQUIRE_NO_THROW(KeyChain());
Alexander Afanasyev07113802015-01-15 19:14:36 -080082 KeyChain keyChain;
83 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(),
84 "pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/");
85
86#if defined(NDN_CXX_HAVE_OSX_SECURITY)
87 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-osxkeychain:");
88 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-osxkeychain:");
89#else
90 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(),
91 "tpm-file:");
92 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(),
93 "tpm-file:");
94#endif
Yingdi Yu41546342014-11-30 23:37:53 -080095
96#if defined(NDN_CXX_HAVE_OSX_SECURITY)
97 if (!HOME.empty())
98 setenv("HOME", HOME.c_str(), 1);
99 else
100 unsetenv("HOME");
101#endif
102
103 path pibPath(absolute(std::getenv("TEST_HOME")));
104 pibPath /= ".ndn/ndnsec-public-info.db";
105
106 boost::filesystem::remove(pibPath);
107}
108
109BOOST_AUTO_TEST_CASE(ConstructorEmpty2Config)
110{
111 using namespace boost::filesystem;
112
113 setenv("TEST_HOME", "tests/unit-tests/security/config-file-empty2-home", 1);
114
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700115 BOOST_REQUIRE_NO_THROW(KeyChain());
116
Alexander Afanasyev07113802015-01-15 19:14:36 -0800117 KeyChain keyChain;
118 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(),
119 "pib-sqlite3:");
120 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(),
121 "tpm-file:/tmp/test/ndn-cxx/keychain/empty-file/");
122 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(),
123 "tpm-file:/tmp/test/ndn-cxx/keychain/empty-file/");
124
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700125 path pibPath(absolute(std::getenv("TEST_HOME")));
126 pibPath /= ".ndn/ndnsec-public-info.db";
127
128 boost::filesystem::remove(pibPath);
129}
130
131BOOST_AUTO_TEST_CASE(ConstructorMalConfig)
132{
133 using namespace boost::filesystem;
134
Alexander Afanasyev8b1674a2014-05-15 00:58:43 -0700135 setenv("TEST_HOME", "tests/unit-tests/security/config-file-malformed-home", 1);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700136
137 BOOST_REQUIRE_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected.
138}
139
140BOOST_AUTO_TEST_CASE(ConstructorMal2Config)
141{
142 using namespace boost::filesystem;
143
Alexander Afanasyev8b1674a2014-05-15 00:58:43 -0700144 setenv("TEST_HOME", "tests/unit-tests/security/config-file-malformed2-home", 1);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700145
146 BOOST_REQUIRE_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected.
147}
148
149BOOST_AUTO_TEST_CASE(ExportIdentity)
150{
Yingdi Yu41546342014-11-30 23:37:53 -0800151 KeyChain keyChain;
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800152
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700153 Name identity("/TestKeyChain/ExportIdentity/");
154 identity.appendVersion();
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800155 keyChain.createIdentity(identity);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700156
Yingdi Yu64c3fb42014-02-26 17:30:04 -0800157 shared_ptr<SecuredBag> exported = keyChain.exportIdentity(identity, "1234");
158
159 Block block = exported->wireEncode();
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800160
161 Name keyName = keyChain.getDefaultKeyNameForIdentity(identity);
162 Name certName = keyChain.getDefaultCertificateNameForKey(keyName);
163
164 keyChain.deleteIdentity(identity);
165
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700166 BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), false);
167 BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName), false);
168 BOOST_CHECK_EQUAL(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE), false);
169 BOOST_CHECK_EQUAL(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC), false);
170 BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName), false);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800171
Yingdi Yu64c3fb42014-02-26 17:30:04 -0800172 SecuredBag imported;
173 imported.wireDecode(block);
174 keyChain.importIdentity(imported, "1234");
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800175
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700176 BOOST_CHECK(keyChain.doesIdentityExist(identity));
177 BOOST_CHECK(keyChain.doesPublicKeyExist(keyName));
178 BOOST_CHECK(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE));
179 BOOST_CHECK(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC));
180 BOOST_CHECK(keyChain.doesCertificateExist(certName));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800181
182 keyChain.deleteIdentity(identity);
183
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700184 BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), false);
185 BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName), false);
186 BOOST_CHECK_EQUAL(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE), false);
187 BOOST_CHECK_EQUAL(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC), false);
188 BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName), false);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800189}
190
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700191BOOST_AUTO_TEST_CASE(PrepareIdentityCertificate)
Yingdi Yuc55680b2014-02-26 12:31:35 -0800192{
Yingdi Yu41546342014-11-30 23:37:53 -0800193 KeyChain keyChain;
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700194
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700195 Name identity("/TestKeyChain/PrepareIdentityCertificate/");
196 identity.appendVersion();
Yingdi Yuc55680b2014-02-26 12:31:35 -0800197 keyChain.createIdentity(identity);
198
Junxiao Shi8ca43252015-06-11 21:29:43 -0700199 std::vector<CertificateSubjectDescription> subjectDescription;
Yingdi Yuc55680b2014-02-26 12:31:35 -0800200 Name lowerIdentity = identity;
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700201 lowerIdentity.append("Lower").appendVersion();
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700202 Name lowerKeyName = keyChain.generateRsaKeyPair(lowerIdentity, true);
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700203 shared_ptr<IdentityCertificate> idCert =
204 keyChain.prepareUnsignedIdentityCertificate(lowerKeyName, identity,
205 time::system_clock::now(),
206 time::system_clock::now() + time::days(365),
207 subjectDescription);
Yingdi Yuc55680b2014-02-26 12:31:35 -0800208 BOOST_CHECK(static_cast<bool>(idCert));
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700209 BOOST_CHECK_EQUAL(idCert->getName().getPrefix(5),
210 Name().append(identity).append("KEY").append("Lower"));
Junxiao Shi8ca43252015-06-11 21:29:43 -0700211 BOOST_CHECK(idCert->getFreshnessPeriod() >= time::milliseconds::zero());
Yingdi Yuc55680b2014-02-26 12:31:35 -0800212
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700213 shared_ptr<IdentityCertificate> idCert11 =
214 keyChain.prepareUnsignedIdentityCertificate(lowerKeyName, identity,
215 time::system_clock::now(),
216 time::system_clock::now() + time::days(365),
217 subjectDescription,
218 lowerIdentity);
219 BOOST_CHECK(static_cast<bool>(idCert11));
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700220 BOOST_CHECK_EQUAL(idCert11->getName().getPrefix(6),
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700221 Name().append(lowerIdentity).append("KEY"));
Yingdi Yuc55680b2014-02-26 12:31:35 -0800222
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700223 Name anotherIdentity("/TestKeyChain/PrepareIdentityCertificate/Another/");
224 anotherIdentity.appendVersion();
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700225 Name anotherKeyName = keyChain.generateRsaKeyPair(anotherIdentity, true);
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700226 shared_ptr<IdentityCertificate> idCert2 =
227 keyChain.prepareUnsignedIdentityCertificate(anotherKeyName, identity,
228 time::system_clock::now(),
229 time::system_clock::now() + time::days(365),
230 subjectDescription);
Yingdi Yuc55680b2014-02-26 12:31:35 -0800231 BOOST_CHECK(static_cast<bool>(idCert2));
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700232 BOOST_CHECK_EQUAL(idCert2->getName().getPrefix(5), Name().append(anotherIdentity).append("KEY"));
Yingdi Yuc55680b2014-02-26 12:31:35 -0800233
234
235 Name wrongKeyName1;
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700236 shared_ptr<IdentityCertificate> idCert3 =
237 keyChain.prepareUnsignedIdentityCertificate(wrongKeyName1, identity,
238 time::system_clock::now(),
239 time::system_clock::now() + time::days(365),
240 subjectDescription);
241 BOOST_CHECK_EQUAL(static_cast<bool>(idCert3), false);
Yingdi Yuc55680b2014-02-26 12:31:35 -0800242
243
244 Name wrongKeyName2("/TestKeyChain/PrepareIdentityCertificate");
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700245 shared_ptr<IdentityCertificate> idCert4 =
246 keyChain.prepareUnsignedIdentityCertificate(wrongKeyName2, identity,
247 time::system_clock::now(),
248 time::system_clock::now() + time::days(365),
249 subjectDescription);
250 BOOST_CHECK_EQUAL(static_cast<bool>(idCert4), false);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700251
Yingdi Yuc55680b2014-02-26 12:31:35 -0800252
253 Name wrongKeyName3("/TestKeyChain/PrepareIdentityCertificate/ksk-1234");
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700254 shared_ptr<IdentityCertificate> idCert5 =
255 keyChain.prepareUnsignedIdentityCertificate(wrongKeyName3, identity,
256 time::system_clock::now(),
257 time::system_clock::now() + time::days(365),
258 subjectDescription);
259 BOOST_CHECK_EQUAL(static_cast<bool>(idCert5), false);
Yingdi Yuc55680b2014-02-26 12:31:35 -0800260
261 keyChain.deleteIdentity(identity);
262 keyChain.deleteIdentity(lowerIdentity);
263 keyChain.deleteIdentity(anotherIdentity);
264}
265
Yingdi Yu41546342014-11-30 23:37:53 -0800266BOOST_AUTO_TEST_CASE(Delete)
267{
268 KeyChain keyChain;
269
270 Name identity("/TestSecPublicInfoSqlite3/Delete");
271 identity.appendVersion();
272
273 Name certName1;
274 BOOST_REQUIRE_NO_THROW(certName1 = keyChain.createIdentity(identity));
275
276 Name keyName1 = IdentityCertificate::certificateNameToPublicKeyName(certName1);
277 Name keyName2;
278 BOOST_REQUIRE_NO_THROW(keyName2 = keyChain.generateRsaKeyPairAsDefault(identity));
279
280 shared_ptr<IdentityCertificate> cert2;
281 BOOST_REQUIRE_NO_THROW(cert2 = keyChain.selfSign(keyName2));
282 Name certName2 = cert2->getName();
283 BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert2));
284
285 Name keyName3;
286 BOOST_REQUIRE_NO_THROW(keyName3 = keyChain.generateRsaKeyPairAsDefault(identity));
287
288 shared_ptr<IdentityCertificate> cert3;
289 BOOST_REQUIRE_NO_THROW(cert3 = keyChain.selfSign(keyName3));
290 Name certName3 = cert3->getName();
291 BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert3));
292 shared_ptr<IdentityCertificate> cert4;
293 BOOST_REQUIRE_NO_THROW(cert4 = keyChain.selfSign(keyName3));
294 Name certName4 = cert4->getName();
295 BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert4));
296 shared_ptr<IdentityCertificate> cert5;
297 BOOST_REQUIRE_NO_THROW(cert5 = keyChain.selfSign(keyName3));
298 Name certName5 = cert5->getName();
299 BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert5));
300
301 BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true);
302 BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true);
303 BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true);
304 BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true);
305 BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), true);
306 BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), true);
307 BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true);
308 BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true);
309 BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), true);
310
311 BOOST_REQUIRE_NO_THROW(keyChain.deleteCertificate(certName5));
312 BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), false);
313 BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true);
314 BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true);
315 BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true);
316
317 BOOST_REQUIRE_NO_THROW(keyChain.deleteKey(keyName3));
318 BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), false);
319 BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), false);
320 BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), false);
321 BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true);
322 BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true);
323 BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true);
324
325 BOOST_REQUIRE_NO_THROW(keyChain.deleteIdentity(identity));
326 BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), false);
327 BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), false);
328 BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), false);
329 BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), false);
330 BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), false);
331}
332
Alexander Afanasyev07113802015-01-15 19:14:36 -0800333BOOST_AUTO_TEST_CASE(KeyChainWithCustomTpmAndPib)
334{
335 BOOST_REQUIRE_NO_THROW((KeyChain("pib-dummy", "tpm-dummy")));
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800336 BOOST_REQUIRE_NO_THROW((KeyChain("pib-dummy2", "tpm-dummy2")));
Alexander Afanasyev07113802015-01-15 19:14:36 -0800337 BOOST_REQUIRE_NO_THROW((KeyChain("dummy", "dummy")));
338 BOOST_REQUIRE_NO_THROW((KeyChain("dummy:", "dummy:")));
339 BOOST_REQUIRE_NO_THROW((KeyChain("dummy:/something", "dummy:/something")));
340
341 KeyChain keyChain("dummy", "dummy");
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800342 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-dummy:");
343 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-dummy:");
344 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-dummy:");
Alexander Afanasyev07113802015-01-15 19:14:36 -0800345 BOOST_CHECK_EQUAL(keyChain.getDefaultIdentity(), "/dummy/key");
346}
347
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700348BOOST_AUTO_TEST_CASE(GeneralSigningInterface)
349{
350 KeyChain keyChain;
351 Name id("/id");
352 Name certName = keyChain.createIdentity(id);
353 shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
354 Name keyName = idCert->getPublicKeyName();
355 keyChain.setDefaultIdentity(id);
356
357 Name id2("/id2");
358 Name cert2Name = keyChain.createIdentity(id2);
359 shared_ptr<IdentityCertificate> id2Cert = keyChain.getCertificate(cert2Name);
360
361 // SigningInfo is set to default
362 Data data1("/data1");
363 keyChain.sign(data1);
364 BOOST_CHECK(Validator::verifySignature(data1, idCert->getPublicKeyInfo()));
365 BOOST_CHECK_EQUAL(data1.getSignature().getKeyLocator().getName(), certName.getPrefix(-1));
366
367 Interest interest1("/interest1");
368 keyChain.sign(interest1);
369 BOOST_CHECK(Validator::verifySignature(interest1, idCert->getPublicKeyInfo()));
370 SignatureInfo sigInfo1(interest1.getName()[-2].blockFromValue());
371 BOOST_CHECK_EQUAL(sigInfo1.getKeyLocator().getName(), certName.getPrefix(-1));
372
373 // SigningInfo is set to Identity
374 Data data2("/data2");
375 keyChain.sign(data2, SigningInfo(SigningInfo::SIGNER_TYPE_ID, id2));
376 BOOST_CHECK(Validator::verifySignature(data2, id2Cert->getPublicKeyInfo()));
377 BOOST_CHECK_EQUAL(data2.getSignature().getKeyLocator().getName(), cert2Name.getPrefix(-1));
378
379 Interest interest2("/interest2");
380 keyChain.sign(interest2, SigningInfo(SigningInfo::SIGNER_TYPE_ID, id2));
381 BOOST_CHECK(Validator::verifySignature(interest2, id2Cert->getPublicKeyInfo()));
382 SignatureInfo sigInfo2(interest2.getName()[-2].blockFromValue());
383 BOOST_CHECK_EQUAL(sigInfo2.getKeyLocator().getName(), cert2Name.getPrefix(-1));
384
385 // SigningInfo is set to Key
386 Data data3("/data3");
387 keyChain.sign(data3, SigningInfo(SigningInfo::SIGNER_TYPE_KEY, keyName));
388 BOOST_CHECK(Validator::verifySignature(data3, idCert->getPublicKeyInfo()));
389 BOOST_CHECK_EQUAL(data3.getSignature().getKeyLocator().getName(), certName.getPrefix(-1));
390
391 Interest interest3("/interest3");
392 keyChain.sign(interest3);
393 BOOST_CHECK(Validator::verifySignature(interest3, idCert->getPublicKeyInfo()));
394 SignatureInfo sigInfo3(interest1.getName()[-2].blockFromValue());
395 BOOST_CHECK_EQUAL(sigInfo3.getKeyLocator().getName(), certName.getPrefix(-1));
396
397 // SigningInfo is set to Cert
398 Data data4("/data4");
399 keyChain.sign(data4, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certName));
400 BOOST_CHECK(Validator::verifySignature(data4, idCert->getPublicKeyInfo()));
401 BOOST_CHECK_EQUAL(data4.getSignature().getKeyLocator().getName(), certName.getPrefix(-1));
402
403 Interest interest4("/interest4");
404 keyChain.sign(interest4, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certName));
405 BOOST_CHECK(Validator::verifySignature(interest4, idCert->getPublicKeyInfo()));
406 SignatureInfo sigInfo4(interest4.getName()[-2].blockFromValue());
407 BOOST_CHECK_EQUAL(sigInfo4.getKeyLocator().getName(), certName.getPrefix(-1));
408
409
410 // SigningInfo is set to DigestSha256
411 Data data5("/data5");
412 keyChain.sign(data5, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256));
413 BOOST_CHECK(Validator::verifySignature(data5, DigestSha256(data5.getSignature())));
414
415 Interest interest5("/interest4");
416 keyChain.sign(interest5, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256));
417 BOOST_CHECK(Validator::verifySignature(interest5,
418 DigestSha256(Signature(interest5.getName()[-2].blockFromValue(),
419 interest5.getName()[-1].blockFromValue()))));
420}
421
José Quevedo641de4c2016-01-29 00:11:24 +0000422BOOST_AUTO_TEST_CASE(EcdsaSigningByIdentityNoCert)
423{
424 KeyChain keyChain;
425 Data data("/test/data");
426
427 Name nonExistingIdentity = Name("/non-existing/identity").appendVersion();
428
429 BOOST_CHECK_NO_THROW(keyChain.sign(data, signingByIdentity(nonExistingIdentity)));
430 BOOST_CHECK_EQUAL(data.getSignature().getType(),
431 KeyChain::getSignatureType(KeyChain::DEFAULT_KEY_PARAMS.getKeyType(),
432 DIGEST_ALGORITHM_SHA256));
433 BOOST_CHECK(nonExistingIdentity.isPrefixOf(data.getSignature().getKeyLocator().getName()));
434
435 Name ecdsaIdentity = Name("/ndn/test/ecdsa").appendVersion();
436 Name ecdsaKeyName = keyChain.generateEcdsaKeyPairAsDefault(ecdsaIdentity, false, 256);
437 BOOST_CHECK_NO_THROW(keyChain.sign(data, signingByIdentity(ecdsaIdentity)));
438 BOOST_CHECK_EQUAL(data.getSignature().getType(),
439 KeyChain::getSignatureType(EcdsaKeyParams().getKeyType(), DIGEST_ALGORITHM_SHA256));
440 BOOST_CHECK(ecdsaIdentity.isPrefixOf(data.getSignature().getKeyLocator().getName()));
441}
442
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800443BOOST_AUTO_TEST_SUITE_END()
444
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700445} // namespace tests
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700446} // namespace security
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800447} // namespace ndn