Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 99431c13b553cfe2f34bd69819c0167a4ae7fe19 / . / tests / unit / security / validation-policy-command-interest.t.cpp
blob: 9b8f36044bb59acfaf33e9df9b453506d4fa99b1 [file] [log] [blame]
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Junxiao Shi2bea5c42017-08-14 20:10:32 +0000[diff] [blame]2/*
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]3 * Copyright (c) 2013-2020 Regents of the University of California.
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]22#include "ndn-cxx/security/validation-policy-command-interest.hpp"
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]23
Davide Pesavento7e780642018-11-24 15:51:34 -0500[diff] [blame]24#include "ndn-cxx/security/command-interest-signer.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]25#include "ndn-cxx/security/validation-policy-accept-all.hpp"
26#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]27
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]28#include "tests/test-common.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]29#include "tests/unit/security/validator-fixture.hpp"
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]30
31#include <boost/lexical_cast.hpp>
32#include <boost/mpl/vector.hpp>
33
34namespace ndn {
35namespace security {
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]36inline namespace v2 {
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]37namespace tests {
38
39using namespace ndn::tests;
40
41BOOST_AUTO_TEST_SUITE(Security)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]42
Eric Newberry1caa6342020-08-23 19:29:08 -0700[diff] [blame]43class CommandInterestDefaultOptions
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]44{
45public:
46 static ValidationPolicyCommandInterest::Options
47 getOptions()
48 {
49 return {};
50 }
51};
52
53template<class T, class InnerPolicy>
54class CommandInterestPolicyWrapper : public ValidationPolicyCommandInterest
55{
56public:
57 CommandInterestPolicyWrapper()
58 : ValidationPolicyCommandInterest(make_unique<InnerPolicy>(), T::getOptions())
59 {
60 }
61};
62
63template<class T, class InnerPolicy = ValidationPolicySimpleHierarchy>
64class ValidationPolicyCommandInterestFixture : public HierarchicalValidatorFixture<CommandInterestPolicyWrapper<T, InnerPolicy>>
65{
66public:
67 ValidationPolicyCommandInterestFixture()
68 : m_signer(this->m_keyChain)
69 {
70 }
71
72 Interest
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]73 makeCommandInterest(const Identity& identity, bool wantV3 = false)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]74 {
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]75 if (wantV3) {
76 Interest i(Name(identity.getName()).append("CMD"));
77 i.setCanBePrefix(false);
78 m_signer.makeSignedInterest(i, signingByIdentity(identity));
79 return i;
80 }
81 else {
82 return m_signer.makeCommandInterest(Name(identity.getName()).append("CMD"),
83 signingByIdentity(identity));
84 }
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]85 }
86
87public:
88 CommandInterestSigner m_signer;
89};
90
Eric Newberry1caa6342020-08-23 19:29:08 -0700[diff] [blame]91BOOST_FIXTURE_TEST_SUITE(TestValidationPolicyCommandInterest,
92 ValidationPolicyCommandInterestFixture<CommandInterestDefaultOptions>)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]93
94BOOST_AUTO_TEST_SUITE(Accepts)
95
96BOOST_AUTO_TEST_CASE(Basic)
97{
98 auto i1 = makeCommandInterest(identity);
99 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]100 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]101
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]102 advanceClocks(5_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]103 auto i2 = makeCommandInterest(identity);
104 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]105
106 auto i3 = m_signer.makeCommandInterest(Name(identity.getName()).append("CMD"), signingWithSha256());
107 VALIDATE_FAILURE(i3, "Should fail (Sha256 signature violates policy)");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]108}
109
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]110BOOST_AUTO_TEST_CASE(BasicV3)
111{
112 auto i1 = makeCommandInterest(identity, true);
113 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
114 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
115
116 advanceClocks(5_ms);
117 auto i2 = makeCommandInterest(identity, true);
118 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
119
120 Interest i3(Name(identity.getName()).append("CMD"));
121 i3.setCanBePrefix(false);
122 m_signer.makeSignedInterest(i3, signingWithSha256());
123 VALIDATE_FAILURE(i3, "Should fail (Sha256 signature violates policy)");
124}
125
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]126BOOST_AUTO_TEST_CASE(DataPassthru)
127{
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]128 Data d1("/Security/ValidatorFixture/Sub1");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]129 m_keyChain.sign(d1);
130 VALIDATE_SUCCESS(d1, "Should succeed (fallback on inner validation policy for data)");
131}
132
Eric Newberry1caa6342020-08-23 19:29:08 -0700[diff] [blame]133using ValidationPolicyAcceptAllCommands = ValidationPolicyCommandInterestFixture<CommandInterestDefaultOptions,
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]134 ValidationPolicyAcceptAll>;
135
136BOOST_FIXTURE_TEST_CASE(SignedWithSha256, ValidationPolicyAcceptAllCommands) // Bug 4635
137{
138 auto i1 = m_signer.makeCommandInterest("/hello/world/CMD", signingWithSha256());
139 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
140 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
141
142 advanceClocks(5_ms);
143 auto i2 = m_signer.makeCommandInterest("/hello/world/CMD", signingWithSha256());
144 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
145}
146
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]147BOOST_AUTO_TEST_SUITE_END() // Accepts
148
149BOOST_AUTO_TEST_SUITE(Rejects)
150
151BOOST_AUTO_TEST_CASE(NameTooShort)
152{
153 auto i1 = makeInterest("/name/too/short");
154 VALIDATE_FAILURE(*i1, "Should fail (name is too short)");
155}
156
157BOOST_AUTO_TEST_CASE(BadTimestamp)
158{
159 auto i1 = makeCommandInterest(identity);
160 setNameComponent(i1, command_interest::POS_TIMESTAMP, "not-timestamp");
161 VALIDATE_FAILURE(i1, "Should fail (timestamp is missing)");
162}
163
164BOOST_AUTO_TEST_CASE(BadSigInfo)
165{
166 auto i1 = makeCommandInterest(identity);
167 setNameComponent(i1, command_interest::POS_SIG_INFO, "not-SignatureInfo");
168 VALIDATE_FAILURE(i1, "Should fail (signature info is missing)");
169}
170
171BOOST_AUTO_TEST_CASE(MissingKeyLocator)
172{
173 auto i1 = makeCommandInterest(identity);
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]174 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]175 setNameComponent(i1, command_interest::POS_SIG_INFO,
176 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
177 VALIDATE_FAILURE(i1, "Should fail (missing KeyLocator)");
178}
179
180BOOST_AUTO_TEST_CASE(BadKeyLocatorType)
181{
182 auto i1 = makeCommandInterest(identity);
183 KeyLocator kl;
184 kl.setKeyDigest(makeBinaryBlock(tlv::KeyDigest, "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD", 8));
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]185 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]186 sigInfo.setKeyLocator(kl);
187 setNameComponent(i1, command_interest::POS_SIG_INFO,
188 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
189 VALIDATE_FAILURE(i1, "Should fail (bad KeyLocator type)");
190}
191
192BOOST_AUTO_TEST_CASE(BadCertName)
193{
194 auto i1 = makeCommandInterest(identity);
195 KeyLocator kl;
196 kl.setName("/bad/cert/name");
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]197 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]198 sigInfo.setKeyLocator(kl);
199 setNameComponent(i1, command_interest::POS_SIG_INFO,
200 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
201 VALIDATE_FAILURE(i1, "Should fail (bad certificate name)");
202}
203
204BOOST_AUTO_TEST_CASE(InnerPolicyReject)
205{
206 auto i1 = makeCommandInterest(otherIdentity);
207 VALIDATE_FAILURE(i1, "Should fail (inner policy should reject)");
208}
209
210class GracePeriod15Sec
211{
212public:
213 static ValidationPolicyCommandInterest::Options
214 getOptions()
215 {
216 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]217 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]218 return options;
219 }
220};
221
222BOOST_FIXTURE_TEST_CASE(TimestampOutOfGracePositive, ValidationPolicyCommandInterestFixture<GracePeriod15Sec>)
223{
224 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]225 advanceClocks(16_s); // verifying at +16s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]226 VALIDATE_FAILURE(i1, "Should fail (timestamp outside the grace period)");
227 rewindClockAfterValidation();
228
229 auto i2 = makeCommandInterest(identity); // signed at +16s
230 VALIDATE_SUCCESS(i2, "Should succeed");
231}
232
233BOOST_FIXTURE_TEST_CASE(TimestampOutOfGraceNegative, ValidationPolicyCommandInterestFixture<GracePeriod15Sec>)
234{
235 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]236 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]237 auto i2 = makeCommandInterest(identity); // signed at +1s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]238 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]239 auto i3 = makeCommandInterest(identity); // signed at +2s
240
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]241 m_systemClock->advance(-18_s); // verifying at -16s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]242 VALIDATE_FAILURE(i1, "Should fail (timestamp outside the grace period)");
243 rewindClockAfterValidation();
244
245 // CommandInterestValidator should not remember i1's timestamp
246 VALIDATE_FAILURE(i2, "Should fail (timestamp outside the grace period)");
247 rewindClockAfterValidation();
248
249 // CommandInterestValidator should not remember i2's timestamp, and should treat i3 as initial
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]250 advanceClocks(18_s); // verifying at +2s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]251 VALIDATE_SUCCESS(i3, "Should succeed");
252}
253
254BOOST_AUTO_TEST_CASE(TimestampReorderEqual)
255{
256 auto i1 = makeCommandInterest(identity); // signed at 0s
257 VALIDATE_SUCCESS(i1, "Should succeed");
258
259 auto i2 = makeCommandInterest(identity); // signed at 0s
260 setNameComponent(i2, command_interest::POS_TIMESTAMP,
261 i1.getName()[command_interest::POS_TIMESTAMP]);
262 VALIDATE_FAILURE(i2, "Should fail (timestamp reordered)");
263
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]264 advanceClocks(2_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]265 auto i3 = makeCommandInterest(identity); // signed at +2s
266 VALIDATE_SUCCESS(i3, "Should succeed");
267}
268
269BOOST_AUTO_TEST_CASE(TimestampReorderNegative)
270{
271 auto i2 = makeCommandInterest(identity); // signed at 0ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]272 advanceClocks(200_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]273 auto i3 = makeCommandInterest(identity); // signed at +200ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]274 advanceClocks(900_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]275 auto i1 = makeCommandInterest(identity); // signed at +1100ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]276 advanceClocks(300_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]277 auto i4 = makeCommandInterest(identity); // signed at +1400ms
278
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]279 m_systemClock->advance(-300_ms); // verifying at +1100ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]280 VALIDATE_SUCCESS(i1, "Should succeed");
281 rewindClockAfterValidation();
282
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]283 m_systemClock->advance(-1100_ms); // verifying at 0ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]284 VALIDATE_FAILURE(i2, "Should fail (timestamp reordered)");
285 rewindClockAfterValidation();
286
287 // CommandInterestValidator should not remember i2's timestamp
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]288 advanceClocks(200_ms); // verifying at +200ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]289 VALIDATE_FAILURE(i3, "Should fail (timestamp reordered)");
290 rewindClockAfterValidation();
291
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]292 advanceClocks(1200_ms); // verifying at 1400ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]293 VALIDATE_SUCCESS(i4, "Should succeed");
294}
295
296BOOST_AUTO_TEST_SUITE_END() // Rejects
297
298BOOST_AUTO_TEST_SUITE(Options)
299
300template<class T>
301class GracePeriod
302{
303public:
304 static ValidationPolicyCommandInterest::Options
305 getOptions()
306 {
307 ValidationPolicyCommandInterest::Options options;
308 options.gracePeriod = time::seconds(T::value);
309 return options;
310 }
311};
312
313typedef boost::mpl::vector<
314 GracePeriod<boost::mpl::int_<0>>,
315 GracePeriod<boost::mpl::int_<-1>>
316> GraceNonPositiveValues;
317
318BOOST_FIXTURE_TEST_CASE_TEMPLATE(GraceNonPositive, GracePeriod, GraceNonPositiveValues,
319 ValidationPolicyCommandInterestFixture<GracePeriod>)
320{
321 auto i1 = this->makeCommandInterest(this->identity); // signed at 0ms
322 auto i2 = this->makeCommandInterest(this->subIdentity); // signed at 0ms
323 for (auto interest : {&i1, &i2}) {
324 setNameComponent(*interest, command_interest::POS_TIMESTAMP,
325 name::Component::fromNumber(time::toUnixTimestamp(time::system_clock::now()).count()));
326 } // ensure timestamps are exactly 0ms
327
328 VALIDATE_SUCCESS(i1, "Should succeed when validating at 0ms");
329 this->rewindClockAfterValidation();
330
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]331 this->advanceClocks(1_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]332 VALIDATE_FAILURE(i2, "Should fail when validating at 1ms");
333}
334
335class LimitedRecordsOptions
336{
337public:
338 static ValidationPolicyCommandInterest::Options
339 getOptions()
340 {
341 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]342 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]343 options.maxRecords = 3;
344 return options;
345 }
346};
347
348BOOST_FIXTURE_TEST_CASE(LimitedRecords, ValidationPolicyCommandInterestFixture<LimitedRecordsOptions>)
349{
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]350 Identity id1 = this->addSubCertificate("/Security/ValidatorFixture/Sub1", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]351 this->cache.insert(id1.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]352 Identity id2 = this->addSubCertificate("/Security/ValidatorFixture/Sub2", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]353 this->cache.insert(id2.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]354 Identity id3 = this->addSubCertificate("/Security/ValidatorFixture/Sub3", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]355 this->cache.insert(id3.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]356 Identity id4 = this->addSubCertificate("/Security/ValidatorFixture/Sub4", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]357 this->cache.insert(id4.getDefaultKey().getDefaultCertificate());
358
359 auto i1 = makeCommandInterest(id2);
360 auto i2 = makeCommandInterest(id3);
361 auto i3 = makeCommandInterest(id4);
362 auto i00 = makeCommandInterest(id1); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]363 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]364 auto i01 = makeCommandInterest(id1); // signed at 1s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]365 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]366 auto i02 = makeCommandInterest(id1); // signed at 2s
367
368 VALIDATE_SUCCESS(i00, "Should succeed");
369 rewindClockAfterValidation();
370
371 VALIDATE_SUCCESS(i02, "Should succeed");
372 rewindClockAfterValidation();
373
374 VALIDATE_SUCCESS(i1, "Should succeed");
375 rewindClockAfterValidation();
376
377 VALIDATE_SUCCESS(i2, "Should succeed");
378 rewindClockAfterValidation();
379
380 VALIDATE_SUCCESS(i3, "Should succeed, forgets identity id1");
381 rewindClockAfterValidation();
382
383 VALIDATE_SUCCESS(i01, "Should succeed despite timestamp is reordered, because record has been evicted");
384}
385
386class UnlimitedRecordsOptions
387{
388public:
389 static ValidationPolicyCommandInterest::Options
390 getOptions()
391 {
392 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]393 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]394 options.maxRecords = -1;
395 return options;
396 }
397};
398
399BOOST_FIXTURE_TEST_CASE(UnlimitedRecords, ValidationPolicyCommandInterestFixture<UnlimitedRecordsOptions>)
400{
401 std::vector<Identity> identities;
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]402 for (size_t i = 0; i < 20; ++i) {
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]403 Identity id = this->addSubCertificate("/Security/ValidatorFixture/Sub" + to_string(i), identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]404 this->cache.insert(id.getDefaultKey().getDefaultCertificate());
405 identities.push_back(id);
406 }
407
408 auto i1 = makeCommandInterest(identities.at(0)); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]409 advanceClocks(1_s);
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]410 for (size_t i = 0; i < 20; ++i) {
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]411 auto i2 = makeCommandInterest(identities.at(i)); // signed at +1s
412
413 VALIDATE_SUCCESS(i2, "Should succeed");
414 rewindClockAfterValidation();
415 }
416 VALIDATE_FAILURE(i1, "Should fail (timestamp reorder)");
417}
418
419class ZeroRecordsOptions
420{
421public:
422 static ValidationPolicyCommandInterest::Options
423 getOptions()
424 {
425 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]426 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]427 options.maxRecords = 0;
428 return options;
429 }
430};
431
432BOOST_FIXTURE_TEST_CASE(ZeroRecords, ValidationPolicyCommandInterestFixture<ZeroRecordsOptions>)
433{
434 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]435 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]436 auto i2 = makeCommandInterest(identity); // signed at +1s
437 VALIDATE_SUCCESS(i2, "Should succeed");
438 rewindClockAfterValidation();
439
440 VALIDATE_SUCCESS(i1, "Should succeed despite timestamp is reordered, because record isn't kept");
441}
442
443class LimitedRecordLifetimeOptions
444{
445public:
446 static ValidationPolicyCommandInterest::Options
447 getOptions()
448 {
449 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]450 options.gracePeriod = 400_s;
451 options.recordLifetime = 300_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]452 return options;
453 }
454};
455
456BOOST_FIXTURE_TEST_CASE(LimitedRecordLifetime, ValidationPolicyCommandInterestFixture<LimitedRecordLifetimeOptions>)
457{
458 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]459 advanceClocks(240_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]460 auto i2 = makeCommandInterest(identity); // signed at +240s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]461 advanceClocks(120_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]462 auto i3 = makeCommandInterest(identity); // signed at +360s
463
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]464 m_systemClock->advance(-360_s); // rewind system clock to 0s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]465 VALIDATE_SUCCESS(i1, "Should succeed");
466 rewindClockAfterValidation();
467
468 VALIDATE_SUCCESS(i3, "Should succeed");
469 rewindClockAfterValidation();
470
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]471 advanceClocks(30_s, 301_s); // advance steady clock by 301s, and system clock to +301s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]472 VALIDATE_SUCCESS(i2, "Should succeed despite timestamp is reordered, because record has been expired");
473}
474
475class ZeroRecordLifetimeOptions
476{
477public:
478 static ValidationPolicyCommandInterest::Options
479 getOptions()
480 {
481 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]482 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]483 options.recordLifetime = time::seconds::zero();
484 return options;
485 }
486};
487
488BOOST_FIXTURE_TEST_CASE(ZeroRecordLifetime, ValidationPolicyCommandInterestFixture<ZeroRecordLifetimeOptions>)
489{
490 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]491 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]492 auto i2 = makeCommandInterest(identity); // signed at +1s
493 VALIDATE_SUCCESS(i2, "Should succeed");
494 rewindClockAfterValidation();
495
496 VALIDATE_SUCCESS(i1, "Should succeed despite timestamp is reordered, because record has been expired");
497}
498
499BOOST_AUTO_TEST_SUITE_END() // Options
500
501BOOST_AUTO_TEST_SUITE_END() // TestValidationPolicyCommandInterest
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]502BOOST_AUTO_TEST_SUITE_END() // Security
503
504} // namespace tests
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]505} // inline namespace v2
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]506} // namespace security
507} // namespace ndn