blob: f113ca95903748fea3e15a95f64fbf36e5de07a1 [file] [log] [blame]
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Davide Pesavento0f830802018-01-16 23:58:58 -05002/*
Davide Pesaventoa3d809e2022-02-06 11:55:02 -05003 * Copyright (c) 2013-2022 Regents of the University of California.
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -07004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 *
21 * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
22 */
23
Alexander Afanasyev09236c22020-06-03 13:42:38 -040024#include "ndn-cxx/security/certificate.hpp"
Davide Pesaventodd0724b2022-04-18 00:30:05 -040025#include "ndn-cxx/encoding/block-helpers.hpp"
26#include "ndn-cxx/util/io.hpp"
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -070027
Davide Pesavento7e780642018-11-24 15:51:34 -050028#include "tests/boost-test.hpp"
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -050029#include "tests/unit/clock-fixture.hpp"
Davide Pesavento74daf742018-11-23 18:14:13 -050030
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -070031#include <boost/lexical_cast.hpp>
32
33namespace ndn {
34namespace security {
Alexander Afanasyev09236c22020-06-03 13:42:38 -040035inline namespace v2 {
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -070036namespace tests {
37
38using namespace ndn::tests;
39
40BOOST_AUTO_TEST_SUITE(Security)
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -050041BOOST_FIXTURE_TEST_SUITE(TestCertificate, ClockFixture)
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -070042
43const uint8_t PUBLIC_KEY[] = {
44 0x30, 0x81, 0x9d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
45 0x01, 0x05, 0x00, 0x03, 0x81, 0x8b, 0x00, 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e,
46 0x06, 0x3e, 0x47, 0x85, 0xb2, 0x34, 0x37, 0xaa, 0x85, 0x47, 0xac, 0x03, 0x24, 0x83, 0xb5,
47 0x9c, 0xa8, 0x05, 0x3a, 0x24, 0x1e, 0xeb, 0x89, 0x01, 0xbb, 0xe9, 0x9b, 0xb2, 0xc3, 0x22,
48 0xac, 0x68, 0xe3, 0xf0, 0x6c, 0x02, 0xce, 0x68, 0xa6, 0xc4, 0xd0, 0xa7, 0x06, 0x90, 0x9c,
49 0xaa, 0x1b, 0x08, 0x1d, 0x8b, 0x43, 0x9a, 0x33, 0x67, 0x44, 0x6d, 0x21, 0xa3, 0x1b, 0x88,
50 0x9a, 0x97, 0x5e, 0x59, 0xc4, 0x15, 0x0b, 0xd9, 0x2c, 0xbd, 0x51, 0x07, 0x61, 0x82, 0xad,
51 0xc1, 0xb8, 0xd7, 0xbf, 0x9b, 0xcf, 0x7d, 0x24, 0xc2, 0x63, 0xf3, 0x97, 0x17, 0xeb, 0xfe,
52 0x62, 0x25, 0xba, 0x5b, 0x4d, 0x8a, 0xc2, 0x7a, 0xbd, 0x43, 0x8a, 0x8f, 0xb8, 0xf2, 0xf1,
53 0xc5, 0x6a, 0x30, 0xd3, 0x50, 0x8c, 0xc8, 0x9a, 0xdf, 0xef, 0xed, 0x35, 0xe7, 0x7a, 0x62,
54 0xea, 0x76, 0x7c, 0xbb, 0x08, 0x26, 0xc7, 0x02, 0x01, 0x11
55};
56
57const uint8_t SIG_INFO[] = {
58 0x16, 0x55, 0x1B, 0x01, 0x01, 0x1C, 0x26, 0x07, 0x24, 0x08, 0x03, 0x6E, 0x64, 0x6E, 0x08, 0x05,
59 0x73, 0x69, 0x74, 0x65, 0x31, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D, 0x32, 0x35, 0x31, 0x36, 0x34,
60 0x32, 0x35, 0x33, 0x37, 0x37, 0x30, 0x39, 0x34, 0x08, 0x03, 0x4B, 0x45, 0x59, 0xFD, 0x00, 0xFD,
61 0x26, 0xFD, 0x00, 0xFE, 0x0F, 0x32, 0x30, 0x31, 0x35, 0x30, 0x38, 0x31, 0x34, 0x54, 0x32, 0x32,
62 0x33, 0x37, 0x33, 0x39, 0xFD, 0x00, 0xFF, 0x0F, 0x32, 0x30, 0x31, 0x35, 0x30, 0x38, 0x31, 0x38,
63 0x54, 0x32, 0x32, 0x33, 0x37, 0x33, 0x38
64};
65
66const uint8_t SIG_VALUE[] = {
Davide Pesavento14c56cd2020-05-21 01:44:03 -040067 0x2f, 0xd6, 0xf1, 0x6e, 0x80, 0x6f, 0x10, 0xbe, 0xb1, 0x6f, 0x3e, 0x31, 0xec, 0xe3, 0xb9, 0xea,
68 0x83, 0x30, 0x40, 0x03, 0xfc, 0xa0, 0x13, 0xd9, 0xb3, 0xc6, 0x25, 0x16, 0x2d, 0xa6, 0x58, 0x41,
69 0x69, 0x62, 0x56, 0xd8, 0xb3, 0x6a, 0x38, 0x76, 0x56, 0xea, 0x61, 0xb2, 0x32, 0x70, 0x1c, 0xb6,
70 0x4d, 0x10, 0x1d, 0xdc, 0x92, 0x8e, 0x52, 0xa5, 0x8a, 0x1d, 0xd9, 0x96, 0x5e, 0xc0, 0x62, 0x0b,
71 0xcf, 0x3a, 0x9d, 0x7f, 0xca, 0xbe, 0xa1, 0x41, 0x71, 0x85, 0x7a, 0x8b, 0x5d, 0xa9, 0x64, 0xd6,
72 0x66, 0xb4, 0xe9, 0x8d, 0x0c, 0x28, 0x43, 0xee, 0xa6, 0x64, 0xe8, 0x55, 0xf6, 0x1c, 0x19, 0x0b,
73 0xef, 0x99, 0x25, 0x1e, 0xdc, 0x78, 0xb3, 0xa7, 0xaa, 0x0d, 0x14, 0x58, 0x30, 0xe5, 0x37, 0x6a,
74 0x6d, 0xdb, 0x56, 0xac, 0xa3, 0xfc, 0x90, 0x7a, 0xb8, 0x66, 0x9c, 0x0e, 0xf6, 0xb7, 0x64, 0xd1,
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -070075};
76
77const uint8_t CERT[] = {
78 0x06, 0xFD, 0x01, 0xBB, // Data
79 0x07, 0x33, // Name /ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B
80 0x08, 0x03, 0x6E, 0x64, 0x6E,
81 0x08, 0x05, 0x73, 0x69, 0x74, 0x65, 0x31,
82 0x08, 0x03, 0x4B, 0x45, 0x59,
83 0x08, 0x11,
84 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x36, 0x34, 0x32, 0x35, 0x33, 0x37, 0x37, 0x30, 0x39,
85 0x34,
86 0x08, 0x04, 0x30, 0x31, 0x32, 0x33,
87 0x08, 0x07, 0xFD, 0x00, 0x00, 0x01, 0x49, 0xC9, 0x8B,
88 0x14, 0x09, // MetaInfo
89 0x18, 0x01, 0x02, // ContentType = Key
90 0x19, 0x04, 0x00, 0x36, 0xEE, 0x80, // FreshnessPeriod = 3600000 ms
91 0x15, 0xA0, // Content
92 0x30, 0x81, 0x9D, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
93 0x05, 0x00, 0x03, 0x81, 0x8B, 0x00, 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9E, 0x06, 0x3E,
94 0x47, 0x85, 0xB2, 0x34, 0x37, 0xAA, 0x85, 0x47, 0xAC, 0x03, 0x24, 0x83, 0xB5, 0x9C, 0xA8, 0x05,
95 0x3A, 0x24, 0x1E, 0xEB, 0x89, 0x01, 0xBB, 0xE9, 0x9B, 0xB2, 0xC3, 0x22, 0xAC, 0x68, 0xE3, 0xF0,
96 0x6C, 0x02, 0xCE, 0x68, 0xA6, 0xC4, 0xD0, 0xA7, 0x06, 0x90, 0x9C, 0xAA, 0x1B, 0x08, 0x1D, 0x8B,
97 0x43, 0x9A, 0x33, 0x67, 0x44, 0x6D, 0x21, 0xA3, 0x1B, 0x88, 0x9A, 0x97, 0x5E, 0x59, 0xC4, 0x15,
98 0x0B, 0xD9, 0x2C, 0xBD, 0x51, 0x07, 0x61, 0x82, 0xAD, 0xC1, 0xB8, 0xD7, 0xBF, 0x9B, 0xCF, 0x7D,
99 0x24, 0xC2, 0x63, 0xF3, 0x97, 0x17, 0xEB, 0xFE, 0x62, 0x25, 0xBA, 0x5B, 0x4D, 0x8A, 0xC2, 0x7A,
100 0xBD, 0x43, 0x8A, 0x8F, 0xB8, 0xF2, 0xF1, 0xC5, 0x6A, 0x30, 0xD3, 0x50, 0x8C, 0xC8, 0x9A, 0xDF,
101 0xEF, 0xED, 0x35, 0xE7, 0x7A, 0x62, 0xEA, 0x76, 0x7C, 0xBB, 0x08, 0x26, 0xC7, 0x02, 0x01, 0x11,
102 0x16, 0x55, // SignatureInfo
103 0x1B, 0x01, 0x01, // SignatureType
104 0x1C, 0x26, // KeyLocator: /ndn/site1/KEY/ksk-2516425377094
105 0x07, 0x24,
106 0x08, 0x03, 0x6E, 0x64, 0x6E,
107 0x08, 0x05, 0x73, 0x69, 0x74, 0x65, 0x31,
108 0x08, 0x03, 0x4B, 0x45, 0x59,
109 0x08, 0x11,
110 0x6B, 0x73, 0x6B, 0x2D, 0x32, 0x35, 0x31, 0x36, 0x34, 0x32, 0x35, 0x33, 0x37, 0x37, 0x30, 0x39,
111 0x34,
112 0xFD, 0x00, 0xFD, 0x26, // ValidityPeriod: (20150814T223739, 20150818T223738)
113 0xFD, 0x00, 0xFE, 0x0F,
114 0x32, 0x30, 0x31, 0x35, 0x30, 0x38, 0x31, 0x34, 0x54, 0x32, 0x32, 0x33, 0x37, 0x33, 0x39,
115 0xFD, 0x00, 0xFF, 0x0F,
116 0x32, 0x30, 0x31, 0x35, 0x30, 0x38, 0x31, 0x38, 0x54, 0x32, 0x32, 0x33, 0x37, 0x33, 0x38,
117 0x17, 0x80, // SignatureValue
118 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
119 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
120 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
121 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
122 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
123 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
124 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
125 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
126};
127
Eric Newberrya3c8bd12020-05-15 17:27:07 -0700128static void
129generateFakeSignature(Data& data)
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700130{
Davide Pesaventofbea4fc2022-02-08 07:26:04 -0500131 SignatureInfo signatureInfo(Block{SIG_INFO});
Davide Pesavento487e3d32022-05-05 18:06:23 -0400132 signatureInfo.setKeyLocator(Name("/ndn/site1/KEY/ksk-2516425377094"));
Eric Newberrya3c8bd12020-05-15 17:27:07 -0700133 signatureInfo.setValidityPeriod(ValidityPeriod(time::fromIsoString("20141111T050000"),
134 time::fromIsoString("20141111T060000")));
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700135
Eric Newberrya3c8bd12020-05-15 17:27:07 -0700136 data.setSignatureInfo(signatureInfo);
Davide Pesavento487e3d32022-05-05 18:06:23 -0400137 data.setSignatureValue(SIG_VALUE);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700138}
139
140BOOST_AUTO_TEST_CASE(Construction)
141{
Davide Pesaventofbea4fc2022-02-08 07:26:04 -0500142 Block block(CERT);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700143 Certificate certificate(block);
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400144 const ValidityPeriod vp(time::fromIsoString("20150814T223739"),
145 time::fromIsoString("20150818T223738"));
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700146
147 BOOST_CHECK_EQUAL(certificate.getName(), "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B");
148 BOOST_CHECK_EQUAL(certificate.getKeyName(), "/ndn/site1/KEY/ksk-1416425377094");
149 BOOST_CHECK_EQUAL(certificate.getIdentity(), "/ndn/site1");
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700150 BOOST_CHECK_EQUAL(certificate.getKeyId(), name::Component("ksk-1416425377094"));
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400151 BOOST_CHECK_EQUAL(certificate.getIssuerId(), name::Component("0123"));
152 BOOST_TEST(certificate.getPublicKey() == PUBLIC_KEY, boost::test_tools::per_element());
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400153 BOOST_CHECK_EQUAL(certificate.getKeyLocator().value().getName(), "/ndn/site1/KEY/ksk-2516425377094");
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400154 BOOST_CHECK_EQUAL(certificate.getValidityPeriod(), vp);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700155
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400156 BOOST_CHECK_EQUAL(certificate.getExtension(tlv::ValidityPeriod), vp.wireEncode());
157 BOOST_CHECK_THROW(certificate.getExtension(12345), tlv::Error);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700158
159 Data data(block);
160 Certificate certificate2(std::move(data));
161 BOOST_CHECK_EQUAL(certificate, certificate2);
162}
163
164BOOST_AUTO_TEST_CASE(Setters)
165{
166 Certificate certificate;
167 certificate.setName("/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B");
Davide Pesavento0f830802018-01-16 23:58:58 -0500168 certificate.setFreshnessPeriod(1_h);
Davide Pesaventoa3d809e2022-02-06 11:55:02 -0500169 certificate.setContent(PUBLIC_KEY);
Eric Newberrya3c8bd12020-05-15 17:27:07 -0700170 generateFakeSignature(certificate);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700171
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400172 const ValidityPeriod vp(time::fromIsoString("20141111T050000"),
173 time::fromIsoString("20141111T060000"));
174
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700175 BOOST_CHECK_EQUAL(certificate.getName(), "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B");
176 BOOST_CHECK_EQUAL(certificate.getKeyName(), "/ndn/site1/KEY/ksk-1416425377094");
177 BOOST_CHECK_EQUAL(certificate.getIdentity(), "/ndn/site1");
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700178 BOOST_CHECK_EQUAL(certificate.getKeyId(), name::Component("ksk-1416425377094"));
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400179 BOOST_CHECK_EQUAL(certificate.getIssuerId(), name::Component("0123"));
180 BOOST_TEST(certificate.getPublicKey() == PUBLIC_KEY, boost::test_tools::per_element());
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400181 BOOST_CHECK_EQUAL(certificate.getKeyLocator().value().getName(), "/ndn/site1/KEY/ksk-2516425377094");
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400182 BOOST_CHECK_EQUAL(certificate.getValidityPeriod(), vp);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700183
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400184 BOOST_CHECK_EQUAL(certificate.getExtension(tlv::ValidityPeriod), vp.wireEncode());
185 BOOST_CHECK_THROW(certificate.getExtension(12345), tlv::Error);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700186}
187
188BOOST_AUTO_TEST_CASE(ValidityPeriodChecking)
189{
190 Certificate certificate;
191 certificate.setName("/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B");
Davide Pesavento0f830802018-01-16 23:58:58 -0500192 certificate.setFreshnessPeriod(1_h);
Davide Pesaventoa3d809e2022-02-06 11:55:02 -0500193 certificate.setContent(PUBLIC_KEY);
Eric Newberrya3c8bd12020-05-15 17:27:07 -0700194 generateFakeSignature(certificate);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700195
196 BOOST_CHECK_EQUAL(certificate.isValid(), true);
197 BOOST_CHECK_EQUAL(certificate.isValid(time::fromIsoString("20141111T045959")), false);
198 BOOST_CHECK_EQUAL(certificate.isValid(time::fromIsoString("20141111T060001")), false);
199}
200
201// This fixture prepares a well-formed certificate. A test case then modifies one of the
202// fields, and verifies the Certificate class correctly identifies the certificate as
203// malformed.
204class InvalidCertFixture
205{
206public:
207 InvalidCertFixture()
208 {
Davide Pesaventofbea4fc2022-02-08 07:26:04 -0500209 Certificate certBase(Block{CERT});
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700210 m_certBase = Data(certBase);
Eric Newberrya3c8bd12020-05-15 17:27:07 -0700211 generateFakeSignature(m_certBase);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700212
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400213 BOOST_REQUIRE_NO_THROW(Certificate{m_certBase});
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700214 }
215
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400216protected:
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700217 Data m_certBase;
218};
219
220BOOST_FIXTURE_TEST_CASE(InvalidName, InvalidCertFixture)
221{
222 Data data(m_certBase);
223 data.setName("/ndn/site1/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B");
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700224
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400225 BOOST_CHECK_EXCEPTION(Certificate{std::move(data)}, Certificate::Error, [] (const auto& e) {
226 return e.what() == "Certificate name does not follow the naming conventions"s;
227 });
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700228}
229
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400230BOOST_FIXTURE_TEST_CASE(InvalidContentType, InvalidCertFixture)
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700231{
232 Data data(m_certBase);
233 data.setContentType(tlv::ContentType_Blob);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700234
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400235 BOOST_CHECK_EXCEPTION(Certificate{std::move(data)}, Certificate::Error, [] (const auto& e) {
236 return e.what() == "Expecting ContentType=Key, got 0"s;
237 });
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700238}
239
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400240BOOST_FIXTURE_TEST_CASE(InvalidFreshnessPeriod, InvalidCertFixture)
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700241{
242 Data data(m_certBase);
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400243 data.setFreshnessPeriod(0_ms);
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700244
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400245 BOOST_CHECK_EXCEPTION(Certificate{std::move(data)}, Certificate::Error, [] (const auto& e) {
246 return e.what() == "Certificate FreshnessPeriod cannot be zero"s;
247 });
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700248}
249
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400250BOOST_AUTO_TEST_CASE(Print)
Alexander Afanasyev5f1820e2017-01-04 18:12:42 -0800251{
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400252 const std::string expected1(
253R"TXT(Certificate Name:
254 /
255Public Key:
256 Key Type: Unknown (0 bytes)
257Signature Information:
258 Signature Type: Unknown(65535)
259)TXT");
260
261 Certificate cert1;
262 BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(cert1), expected1);
263
264 const std::string expected2(
265R"TXT(Certificate Name:
Alexander Afanasyev5f1820e2017-01-04 18:12:42 -0800266 /ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400267Public Key:
268 Key Type: 1024-bit RSA
Alexander Afanasyev5f1820e2017-01-04 18:12:42 -0800269 MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCeBj5HhbI0N6qFR6wDJIO1nKgF
270 OiQe64kBu+mbssMirGjj8GwCzmimxNCnBpCcqhsIHYtDmjNnRG0hoxuImpdeWcQV
271 C9ksvVEHYYKtwbjXv5vPfSTCY/OXF+v+YiW6W02Kwnq9Q4qPuPLxxWow01CMyJrf
272 7+0153pi6nZ8uwgmxwIBEQ==
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400273Validity:
274 Not Before: 2015-08-14T22:37:39
275 Not After: 2015-08-18T22:37:38
Alexander Afanasyev5f1820e2017-01-04 18:12:42 -0800276Signature Information:
277 Signature Type: SignatureSha256WithRsa
278 Key Locator: Name=/ndn/site1/KEY/ksk-2516425377094
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400279)TXT");
Alexander Afanasyev5f1820e2017-01-04 18:12:42 -0800280
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400281 Certificate cert2(Block{CERT});
282 BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(cert2), expected2);
Alexander Afanasyev5f1820e2017-01-04 18:12:42 -0800283
Davide Pesaventodd0724b2022-04-18 00:30:05 -0400284 const std::string expected3(
285R"TXT(Certificate Name:
286 /ndn/test/identity/KEY/%C7G%3A%D6%12P%B5%F0/self/v=1650251820652
287Public Key:
288 Key Type: 256-bit EC
289 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnoGVuhO+9JnIRo6QSgJin8RgA8Gh
290 RN9oVbnXi2rAJa4jq1yuCKaLeOt2sdXlkW6uBByOhbTuDdovlbIUsJ8bhg==
291Validity:
292 Not Before: 1970-01-01T00:00:00
293 Not After: 2042-04-13T03:17:00
294Signature Information:
295 Signature Type: SignatureSha256WithEcdsa
296 Key Locator: Name=/ndn/test/identity/KEY/%C7G%3A%D6%12P%B5%F0
297 Self-Signed: yes
298)TXT");
299
300 std::istringstream is(
301R"BASE64(Bv0BPgc0CANuZG4IBHRlc3QICGlkZW50aXR5CANLRVkICMdHOtYSULXwCARzZWxm
302NggAAAGAOqxubBQJGAECGQQANu6AFVswWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
303AASegZW6E770mchGjpBKAmKfxGADwaFE32hVudeLasAlriOrXK4Ipot463ax1eWR
304bq4EHI6FtO4N2i+VshSwnxuGFlUbAQMcJgckCANuZG4IBHRlc3QICGlkZW50aXR5
305CANLRVkICMdHOtYSULXw/QD9Jv0A/g8xOTcwMDEwMVQwMDAwMDD9AP8PMjA0MjA0
306MTNUMDMxNzAwF0cwRQIgFRnwthtzKdqRgO3cZMNA1hfT3QcNu/+xjo7hUy+UvdsC
307IQCz3DHoRtKl7uZoJOgQsZP1/CGkNjlGZE3EQ+Ylwiprrw==)BASE64");
308 Certificate cert3 = io::loadTlv<Certificate>(is, io::BASE64);
309 BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(cert3), expected3);
310
311 const std::string expected4(
312R"TXT(Certificate Name:
313 /ndn/test/identity/KEY/%C7G%3A%D6%12P%B5%F0/self/v=1650251820652
314Public Key:
315 Key Type: Unknown (23 bytes)
316 bm90IGEgdmFsaWQgcHVibGljIGtleQA=
317Validity:
318 Not Before: 1970-01-01T00:00:00
319 Not After: 2042-04-13T03:17:00
320Signature Information:
321 Signature Type: SignatureSha256WithEcdsa
322 Key Locator: Name=/ndn/test/identity/KEY/%C7G%3A%D6%12P%B5%F0
323 Self-Signed: yes
324)TXT");
325
326 const uint8_t notAKey[] = "not a valid public key";
327 Certificate cert4(cert3);
328 cert4.setContent(notAKey);
329 BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(cert4), expected4);
330
331 const std::string expected5(
332R"TXT(Certificate Name:
333 /ndn/test/identity/KEY/%C7G%3A%D6%12P%B5%F0/self/v=1650251820652
334Additional Description:
335 bWFsZm9ybWVk
336Public Key:
337 Key Type: 256-bit EC
338 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnoGVuhO+9JnIRo6QSgJin8RgA8Gh
339 RN9oVbnXi2rAJa4jq1yuCKaLeOt2sdXlkW6uBByOhbTuDdovlbIUsJ8bhg==
340Validity:
341 Not Before: 1970-01-01T00:00:00
342 Not After: 2042-04-13T03:17:00
343Signature Information:
344 Signature Type: SignatureSha256WithEcdsa
345 Key Locator: KeyDigest=0000000000000000
346)TXT");
347
348 auto sigInfo = cert3.getSignatureInfo();
349 sigInfo.addCustomTlv(makeStringBlock(tlv::AdditionalDescription, "malformed"));
350 sigInfo.setKeyLocator(KeyLocator().setKeyDigest(std::make_shared<Buffer>(8)));
351 Certificate cert5(cert3);
352 cert5.setSignatureInfo(sigInfo);
353 BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(cert5), expected5);
354
355 const std::string expected6(
356R"TXT(Certificate Name:
357 /ndn/test/identity/KEY/%C7G%3A%D6%12P%B5%F0/self/v=1650251820652
358Public Key:
359 Key Type: 256-bit EC
360 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnoGVuhO+9JnIRo6QSgJin8RgA8Gh
361 RN9oVbnXi2rAJa4jq1yuCKaLeOt2sdXlkW6uBByOhbTuDdovlbIUsJ8bhg==
362Signature Information:
363 Signature Type: DigestSha256
364)TXT");
365
366 sigInfo.removeCustomTlv(tlv::AdditionalDescription);
367 sigInfo.addCustomTlv(makeStringBlock(tlv::ValidityPeriod, "malformed"));
368 sigInfo.setSignatureType(tlv::DigestSha256);
369 sigInfo.setKeyLocator(nullopt);
370 Certificate cert6(cert3);
371 cert6.setSignatureInfo(sigInfo);
372 BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(cert6), expected6);
Alexander Afanasyev5f1820e2017-01-04 18:12:42 -0800373}
374
Davide Pesavento8e2a61d2022-05-13 18:44:03 -0400375BOOST_AUTO_TEST_CASE(Helpers)
376{
377 BOOST_CHECK_EQUAL(extractIdentityFromCertName("/KEY/hello/world/v=1"), "/");
378 BOOST_CHECK_EQUAL(extractIdentityFromCertName("/hello/world/KEY/!/self/v=42"), "/hello/world");
379
380 BOOST_CHECK_THROW(extractIdentityFromCertName("/hello"), std::invalid_argument);
381 BOOST_CHECK_THROW(extractIdentityFromCertName("/hello/KEY/keyid"), std::invalid_argument);
382 BOOST_CHECK_THROW(extractIdentityFromCertName("/hello/KEY/keyid/issuer"), std::invalid_argument);
383 BOOST_CHECK_THROW(extractIdentityFromCertName("/a/long/enough/but/invalid/name"), std::invalid_argument);
384
385 BOOST_CHECK_EQUAL(extractKeyNameFromCertName("/KEY/hello/world/v=1"), "/KEY/hello");
386 BOOST_CHECK_EQUAL(extractKeyNameFromCertName("/hello/world/KEY/!/self/v=42"), "/hello/world/KEY/!");
387
388 BOOST_CHECK_THROW(extractKeyNameFromCertName("/hello"), std::invalid_argument);
389 BOOST_CHECK_THROW(extractKeyNameFromCertName("/hello/KEY/keyid"), std::invalid_argument);
390 BOOST_CHECK_THROW(extractKeyNameFromCertName("/hello/KEY/keyid/issuer"), std::invalid_argument);
391 BOOST_CHECK_THROW(extractKeyNameFromCertName("/a/long/enough/but/invalid/name"), std::invalid_argument);
392}
393
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700394BOOST_AUTO_TEST_SUITE_END() // TestCertificate
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700395BOOST_AUTO_TEST_SUITE_END() // Security
396
397} // namespace tests
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400398} // inline namespace v2
Zhiyi Zhangf4bb5c72015-08-19 19:02:51 -0700399} // namespace security
400} // namespace ndn