blob: 2419e8daee7fdd752fc732b4ec821e26ab41d9d0 [file] [log] [blame]
Yingdi Yu41546342014-11-30 23:37:53 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Zhiyi Zhang48becde2017-01-05 16:41:38 -08003 * Copyright (c) 2013-2017 Regents of the University of California.
Yingdi Yu41546342014-11-30 23:37:53 -08004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#include "security/validator-config.hpp"
23
24#include "security/key-chain.hpp"
25#include "util/io.hpp"
26#include "util/scheduler.hpp"
27#include "util/dummy-client-face.hpp"
Zhiyi Zhang48becde2017-01-05 16:41:38 -080028#include "lp/tags.hpp"
29#include "lp/nack.hpp"
Yingdi Yu41546342014-11-30 23:37:53 -080030
31#include <boost/asio.hpp>
Zhiyi Zhang48becde2017-01-05 16:41:38 -080032#include <boost/logic/tribool.hpp>
Yingdi Yu41546342014-11-30 23:37:53 -080033
34#include "identity-management-fixture.hpp"
35#include "../identity-management-time-fixture.hpp"
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -070036#include "../make-interest-data.hpp"
Yingdi Yu41546342014-11-30 23:37:53 -080037#include "boost-test.hpp"
38
Yingdi Yu41546342014-11-30 23:37:53 -080039namespace ndn {
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -070040namespace security {
Yingdi Yu41546342014-11-30 23:37:53 -080041namespace tests {
42
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -070043using namespace ndn::tests;
Yingdi Yu41546342014-11-30 23:37:53 -080044
Junxiao Shid5827ce2016-07-14 20:49:37 +000045BOOST_AUTO_TEST_SUITE(Security)
46BOOST_FIXTURE_TEST_SUITE(TestValidatorConfig, IdentityManagementFixture)
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -070047
48BOOST_AUTO_TEST_CASE(NameFilter)
Yingdi Yu41546342014-11-30 23:37:53 -080049{
50 Name identity("/TestValidatorConfig/NameFilter");
51 identity.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -080052 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-1.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -080053 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -080054
55 Name dataName1("/simple/equal");
56 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -070057 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -080058
59 Name dataName2("/simple/different");
60 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -070061 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -080062
63 std::string CONFIG_1 =
64 "rule\n"
65 "{\n"
66 " id \"Simple Rule\"\n"
67 " for data\n"
68 " filter"
69 " {\n"
70 " type name\n"
71 " name /simple/equal\n"
72 " relation equal\n"
73 " }\n"
74 " checker\n"
75 " {\n"
76 " type customized\n"
77 " sig-type rsa-sha256\n"
78 " key-locator\n"
79 " {\n"
80 " type name\n"
81 " name ";
82
83 std::string CONFIG_2 =
84 "\n"
85 " relation equal\n"
86 " }\n"
87 " }\n"
88 "}\n"
89 "trust-anchor\n"
90 "{\n"
91 " type file\n"
92 " file-name \"trust-anchor-1.cert\"\n"
93 "}\n";
94 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
95
96 const boost::filesystem::path CONFIG_PATH =
97 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
98
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -070099 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800100 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700101 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800102
103 validator.validate(*data1,
104 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700105 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800106
107 validator.validate(*data2,
108 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700109 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800110}
111
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700112BOOST_AUTO_TEST_CASE(NameFilter2)
Yingdi Yu41546342014-11-30 23:37:53 -0800113{
114 Name identity("/TestValidatorConfig/NameFilter2");
115 identity.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800116 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-2.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800117 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -0800118
119 Name dataName1("/simple/isPrefixOf");
120 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700121 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800122
123 Name dataName2("/simple/notPrefixOf");
124 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700125 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800126
127 Name dataName3("/simple/isPrefixOf/anotherLevel");
128 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700129 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800130
131 std::string CONFIG_1 =
132 "rule\n"
133 "{\n"
134 " id \"Simple2 Rule\"\n"
135 " for data\n"
136 " filter"
137 " {\n"
138 " type name\n"
139 " name /simple/isPrefixOf\n"
140 " relation is-prefix-of\n"
141 " }\n"
142 " checker\n"
143 " {\n"
144 " type customized\n"
145 " sig-type rsa-sha256\n"
146 " key-locator\n"
147 " {\n"
148 " type name\n"
149 " name ";
150
151 std::string CONFIG_2 =
152 "\n"
153 " relation equal\n"
154 " }\n"
155 " }\n"
156 "}\n"
157 "trust-anchor\n"
158 "{\n"
159 " type file\n"
160 " file-name \"trust-anchor-2.cert\"\n"
161 "}\n";
162 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
163
164 const boost::filesystem::path CONFIG_PATH =
165 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
166
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700167 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800168 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700169 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800170
171 validator.validate(*data1,
172 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700173 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800174
175 validator.validate(*data2,
176 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700177 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800178
179 validator.validate(*data3,
180 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700181 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800182}
183
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700184BOOST_AUTO_TEST_CASE(NameFilter3)
Yingdi Yu41546342014-11-30 23:37:53 -0800185{
186 Name identity("/TestValidatorConfig/NameFilter3");
187 identity.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800188 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-3.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800189 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -0800190
191 Name dataName1("/simple/isStrictPrefixOf");
192 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700193 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800194
195 Name dataName2("/simple");
196 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700197 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800198
199 Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
200 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700201 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800202
203 std::string CONFIG_1 =
204 "rule\n"
205 "{\n"
206 " id \"Simple3 Rule\"\n"
207 " for data\n"
208 " filter"
209 " {\n"
210 " type name\n"
211 " name /simple/isStrictPrefixOf\n"
212 " relation is-strict-prefix-of\n"
213 " }\n"
214 " checker\n"
215 " {\n"
216 " type customized\n"
217 " sig-type rsa-sha256\n"
218 " key-locator\n"
219 " {\n"
220 " type name\n"
221 " name ";
222
223 std::string CONFIG_2 =
224 "\n"
225 " relation equal\n"
226 " }\n"
227 " }\n"
228 "}\n"
229 "trust-anchor\n"
230 "{\n"
231 " type file\n"
232 " file-name \"trust-anchor-3.cert\"\n"
233 "}\n";
234 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
235
236 const boost::filesystem::path CONFIG_PATH =
237 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
238
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700239 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800240 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700241 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800242
243 validator.validate(*data1,
244 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700245 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800246
247 validator.validate(*data2,
248 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700249 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800250
251 validator.validate(*data3,
252 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700253 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800254}
255
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700256BOOST_AUTO_TEST_CASE(NameFilter4)
Yingdi Yu41546342014-11-30 23:37:53 -0800257{
258 Name identity("/TestValidatorConfig/NameFilter4");
259 identity.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800260 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-4.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800261 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -0800262
263 Name dataName1("/simple/regex");
264 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700265 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800266
267 Name dataName2("/simple/regex-wrong");
268 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700269 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800270
271 Name dataName3("/simple/regex/correct");
272 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700273 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800274
275 std::string CONFIG_1 =
276 "rule\n"
277 "{\n"
278 " id \"Simple3 Rule\"\n"
279 " for data\n"
280 " filter"
281 " {\n"
282 " type name\n"
283 " regex ^<simple><regex>\n"
284 " }\n"
285 " checker\n"
286 " {\n"
287 " type customized\n"
288 " sig-type rsa-sha256\n"
289 " key-locator\n"
290 " {\n"
291 " type name\n"
292 " name ";
293
294 std::string CONFIG_2 =
295 "\n"
296 " relation equal\n"
297 " }\n"
298 " }\n"
299 "}\n"
300 "trust-anchor\n"
301 "{\n"
302 " type file\n"
303 " file-name \"trust-anchor-4.cert\"\n"
304 "}\n";
305 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
306
307 const boost::filesystem::path CONFIG_PATH =
308 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
309
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700310 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800311 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700312 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800313
314 validator.validate(*data1,
315 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700316 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800317
318 validator.validate(*data2,
319 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700320 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800321
322 validator.validate(*data3,
323 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700324 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800325}
326
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700327BOOST_AUTO_TEST_CASE(KeyLocatorNameChecker1)
Yingdi Yu41546342014-11-30 23:37:53 -0800328{
329 Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
330 identity.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800331 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-5.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800332
333 Name dataName1 = identity;
334 dataName1.append("1");
335 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700336 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800337
338 Name dataName2 = identity;
339 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700340 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800341
342 Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
343 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700344 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800345
346 const std::string CONFIG =
347 "rule\n"
348 "{\n"
349 " id \"Simple3 Rule\"\n"
350 " for data\n"
351 " checker\n"
352 " {\n"
353 " type customized\n"
354 " sig-type rsa-sha256\n"
355 " key-locator\n"
356 " {\n"
357 " type name\n"
358 " hyper-relation\n"
359 " {\n"
360 " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
361 " k-expand \\\\1\\\\2\n"
362 " h-relation is-strict-prefix-of\n"
363 " p-regex ^(<>*)$\n"
364 " p-expand \\\\1\n"
365 " }\n"
366 " }\n"
367 " }\n"
368 "}\n"
369 "trust-anchor\n"
370 "{\n"
371 " type file\n"
372 " file-name \"trust-anchor-5.cert\"\n"
373 "}\n";
374 const boost::filesystem::path CONFIG_PATH =
375 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
376
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700377 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800378 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700379 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800380
381 validator.validate(*data1,
382 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700383 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800384
385 validator.validate(*data2,
386 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700387 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800388
389 validator.validate(*data3,
390 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700391 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800392}
393
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700394BOOST_AUTO_TEST_CASE(FixedSignerChecker)
Yingdi Yu41546342014-11-30 23:37:53 -0800395{
396 Name identity("/TestValidatorConfig/FixedSignerChecker");
397
398 Name identity1 = identity;
399 identity1.append("1").appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800400 BOOST_REQUIRE(saveIdentityCertificate(identity1, "trust-anchor-7.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800401
402 Name identity2 = identity;
403 identity2.append("2").appendVersion();
404 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
405
406 Name dataName1 = identity;
407 dataName1.append("data").appendVersion();
408 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700409 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800410
411 Name dataName2 = identity;
412 dataName2.append("data").appendVersion();
413 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700414 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800415
416 Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
417 shared_ptr<Interest> interest = make_shared<Interest>(interestName);
418
419 const std::string CONFIG =
420 "rule\n"
421 "{\n"
422 " id \"FixedSignerChecker Data Rule\"\n"
423 " for data\n"
424 " filter"
425 " {\n"
426 " type name\n"
427 " name /TestValidatorConfig/FixedSignerChecker\n"
428 " relation is-strict-prefix-of\n"
429 " }\n"
430 " checker\n"
431 " {\n"
432 " type fixed-signer\n"
433 " sig-type rsa-sha256\n"
434 " signer\n"
435 " {\n"
436 " type file\n"
437 " file-name \"trust-anchor-7.cert\"\n"
438 " }\n"
439 " }\n"
440 "}\n"
441 "rule\n"
442 "{\n"
443 " id \"FixedSignerChecker Interest Rule\"\n"
444 " for interest\n"
445 " filter"
446 " {\n"
447 " type name\n"
448 " name /TestValidatorConfig/FixedSignerChecker\n"
449 " relation is-strict-prefix-of\n"
450 " }\n"
451 " checker\n"
452 " {\n"
453 " type fixed-signer\n"
454 " sig-type rsa-sha256\n"
455 " signer\n"
456 " {\n"
457 " type file\n"
458 " file-name \"trust-anchor-7.cert\"\n"
459 " }\n"
460 " }\n"
461 "}\n";
462 const boost::filesystem::path CONFIG_PATH =
463 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
464
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700465 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800466 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700467 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800468
469 validator.validate(*data1,
470 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700471 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800472
473 validator.validate(*data2,
474 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700475 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800476
477 validator.validate(*interest,
478 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700479 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800480}
481
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800482BOOST_AUTO_TEST_CASE(MultiCheckers)
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700483{
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700484 Name identity1("/TestValidatorConfig/MultiCheckers/");
485 identity1.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800486 BOOST_REQUIRE(saveIdentityCertificate(identity1, "trust-anchor-multi-1.cert", true));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700487
488 Name identity2("/TestValidatorConfig/");
489 identity2.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800490 BOOST_REQUIRE(saveIdentityCertificate(identity2, "trust-anchor-multi-2.cert", true));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700491
492 const std::string CONFIG =
493 "rule\n"
494 "{\n"
495 " id \"Simple Rule01\"\n"
496 " for data\n"
497 " filter"
498 " {\n"
499 " type name\n"
500 " name /\n"
501 " relation is-prefix-of\n"
502 " }\n"
503 " checker\n" // checker 1, signer should have prefix /TestValidatorConfig/MultiCheckers
504 " {\n"
505 " type customized\n"
506 " sig-type rsa-sha256\n"
507 " key-locator\n"
508 " {\n"
509 " type name\n"
510 " name /TestValidatorConfig/MultiCheckers/\n"
511 " relation is-prefix-of\n"
512 " }\n"
513 " }\n"
514 " checker\n" // checker 2, data should have same prefix of its signer
515 " {\n"
516 " type hierarchical\n"
517 " sig-type rsa-sha256\n"
518 " }\n"
519 " checker\n" // checker 3, the signer should be identity1
520 " {\n"
521 " type fixed-signer\n"
522 " sig-type rsa-sha256\n"
523 " signer\n"
524 " {\n"
525 " type file\n"
526 " file-name \"trust-anchor-multi-1.cert\"\n"
527 " }\n"
528 " }\n"
529 "}\n";
530
531 const boost::filesystem::path CONFIG_PATH =
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800532 (boost::filesystem::current_path() / std::string("unit-test-multicheckers.conf"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700533
534 ValidatorConfig validator;
535 validator.load(CONFIG, CONFIG_PATH.c_str());
536 conf::Checker& checker0 = *validator.m_dataRules.front()->m_checkers[0];
537 conf::Checker& checker1 = *validator.m_dataRules.front()->m_checkers[1];
538 conf::Checker& checker2 = *validator.m_dataRules.front()->m_checkers[2];
539
Junxiao Shi85d90832016-08-04 03:19:46 +0000540 auto data1 = makeData(Name(identity1).append("Test"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700541 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
542 BOOST_CHECK_EQUAL(checker0.check(*data1), 0);
543 BOOST_CHECK_EQUAL(checker1.check(*data1), 0);
544 BOOST_CHECK_EQUAL(checker2.check(*data1), 1);
545
Junxiao Shi85d90832016-08-04 03:19:46 +0000546 auto data2 = makeData(Name(identity2).append("Data2"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700547 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
548 BOOST_CHECK_EQUAL(checker0.check(*data2), -1);
549 BOOST_CHECK_EQUAL(checker1.check(*data2), 0);
550 BOOST_CHECK_EQUAL(checker2.check(*data2), -1);
551
Junxiao Shi85d90832016-08-04 03:19:46 +0000552 auto data3 = makeData(Name(identity2).append("Data3"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700553 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity1)));
554 BOOST_CHECK_EQUAL(checker0.check(*data3), 0);
555 BOOST_CHECK_EQUAL(checker1.check(*data3), -1);
556 BOOST_CHECK_EQUAL(checker2.check(*data3), 1);
557
Junxiao Shi85d90832016-08-04 03:19:46 +0000558 auto data4 = makeData("/Data4");
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700559 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data4, security::signingByIdentity(identity2)));
560 BOOST_CHECK_EQUAL(checker0.check(*data4), -1);
561 BOOST_CHECK_EQUAL(checker1.check(*data4), -1);
562 BOOST_CHECK_EQUAL(checker2.check(*data4), -1);
563
564 int count = 0;
565 validator.validate(*data1,
566 [&] (const shared_ptr<const Data>&) {
567 BOOST_CHECK(true);
568 count++;
569 },
570 [] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
571
572 validator.validate(*data2,
573 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
574 [&] (const shared_ptr<const Data>&, const std::string& str) {
575 BOOST_CHECK(true);
576 count++;
577 });
578
579 validator.validate(*data3,
580 [&] (const shared_ptr<const Data>&) {
581 BOOST_CHECK(true);
582 count++;
583 },
584 [] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
585
586 validator.validate(*data4,
587 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
588 [&] (const shared_ptr<const Data>&, const std::string& str) {
589 BOOST_CHECK(true);
590 count++;
591 });
592
593 BOOST_CHECK_EQUAL(count, 4);
594}
595
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700596BOOST_AUTO_TEST_CASE(Reset)
Yingdi Yu41546342014-11-30 23:37:53 -0800597{
598 Name root("/TestValidatorConfig/Reload");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800599 BOOST_REQUIRE(saveIdentityCertificate(root, "trust-anchor-8.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800600
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700601 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800602
603 const std::string CONFIG =
604 "rule\n"
605 "{\n"
606 " id \"NRD Prefix Registration Command Rule\"\n"
607 " for interest\n"
608 " filter\n"
609 " {\n"
610 " type name\n"
611 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
612 " }\n"
613 " checker\n"
614 " {\n"
615 " type customized\n"
616 " sig-type rsa-sha256\n"
617 " key-locator\n"
618 " {\n"
619 " type name\n"
620 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
621 " }\n"
622 " }\n"
623 "}\n"
624 "rule\n"
625 "{\n"
626 " id \"Testbed Hierarchy Rule\"\n"
627 " for data\n"
628 " filter\n"
629 " {\n"
630 " type name\n"
631 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
632 " }\n"
633 " checker\n"
634 " {\n"
635 " type hierarchical\n"
636 " sig-type rsa-sha256\n"
637 " }\n"
638 "}\n"
639 "trust-anchor\n"
640 "{\n"
641 " type file\n"
642 " file-name \"trust-anchor-8.cert\"\n"
643 "}\n";
644 const boost::filesystem::path CONFIG_PATH =
645 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
646
Yingdi Yu41546342014-11-30 23:37:53 -0800647 shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
648
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700649 validator->load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800650 BOOST_CHECK_EQUAL(validator->isEmpty(), false);
651
652 validator->reset();
653 BOOST_CHECK(validator->isEmpty());
Yingdi Yu41546342014-11-30 23:37:53 -0800654}
655
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700656BOOST_AUTO_TEST_CASE(TrustAnchorWildcard)
Yingdi Yu41546342014-11-30 23:37:53 -0800657{
658 Name identity("/TestValidatorConfig/Wildcard");
659 identity.appendVersion();
660 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
661
662 Name dataName1("/any/data");
663 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700664 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800665
666 std::string CONFIG =
667 "trust-anchor\n"
668 "{\n"
669 " type any\n"
670 "}\n";
671
672 const boost::filesystem::path CONFIG_PATH =
673 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
674
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700675 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800676 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700677 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800678
679 validator.validate(*data1,
680 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700681 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800682}
683
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700684BOOST_AUTO_TEST_CASE(SignedInterestTest)
Yingdi Yu41546342014-11-30 23:37:53 -0800685{
686 Name identity("/TestValidatorConfig/SignedInterestTest");
687
688 Name identity1 = identity;
689 identity1.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800690 BOOST_REQUIRE(saveIdentityCertificate(identity1, "trust-anchor-9.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800691
692 Name interestName("/TestValidatorConfig/SignedInterestTest");
693 Name interestName1 = interestName;
694 interestName1.append("1");
695 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
696 Name interestName2 = interestName;
697 interestName2.append("2");
698 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
699
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700700 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800701 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700702 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800703
704 const std::string CONFIG =
705 "rule\n"
706 "{\n"
707 " id \"FixedSignerChecker Interest Rule\"\n"
708 " for interest\n"
709 " filter"
710 " {\n"
711 " type name\n"
712 " name /TestValidatorConfig/SignedInterestTest\n"
713 " relation is-strict-prefix-of\n"
714 " }\n"
715 " checker\n"
716 " {\n"
717 " type fixed-signer\n"
718 " sig-type rsa-sha256\n"
719 " signer\n"
720 " {\n"
721 " type file\n"
722 " file-name \"trust-anchor-9.cert\"\n"
723 " }\n"
724 " }\n"
725 "}\n";
726 const boost::filesystem::path CONFIG_PATH =
727 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
728
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700729 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800730 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700731 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800732
733 validator.validate(*interest1,
734 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700735 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800736
737 validator.validate(*interest2,
738 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700739 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800740
741 validator.validate(*interest1,
742 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700743 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800744}
745
746
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700747BOOST_AUTO_TEST_CASE(MaxKeyTest)
Yingdi Yu41546342014-11-30 23:37:53 -0800748{
749 Name identity("/TestValidatorConfig/MaxKeyTest");
750
751 Name identity1 = identity;
752 identity1.append("Key1");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800753 BOOST_REQUIRE(saveIdentityCertificate(identity1, "trust-anchor-10-1.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800754
755 Name identity2 = identity;
756 identity2.append("Key2");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800757 BOOST_REQUIRE(saveIdentityCertificate(identity2, "trust-anchor-10-2.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800758
759 Name identity3 = identity;
760 identity3.append("Key3");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800761 BOOST_REQUIRE(saveIdentityCertificate(identity3, "trust-anchor-10-3.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800762
763
764 Name interestName("/TestValidatorConfig/MaxKeyTest");
765 Name interestName1 = interestName;
766 interestName1.append("1");
767 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
768 Name interestName2 = interestName;
769 interestName2.append("2");
770 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
771 Name interestName3 = interestName;
772 interestName3.append("3");
773 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
774
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700775 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800776 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700777 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800778 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700779 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
Yingdi Yu41546342014-11-30 23:37:53 -0800780
781 const std::string CONFIG =
782 "rule\n"
783 "{\n"
784 " id \"FixedSignerChecker Interest Rule\"\n"
785 " for interest\n"
786 " filter"
787 " {\n"
788 " type name\n"
789 " name /TestValidatorConfig/MaxKeyTest\n"
790 " relation is-strict-prefix-of\n"
791 " }\n"
792 " checker\n"
793 " {\n"
794 " type fixed-signer\n"
795 " sig-type rsa-sha256\n"
796 " signer\n"
797 " {\n"
798 " type file\n"
799 " file-name \"trust-anchor-10-1.cert\"\n"
800 " }\n"
801 " signer\n"
802 " {\n"
803 " type file\n"
804 " file-name \"trust-anchor-10-2.cert\"\n"
805 " }\n"
806 " signer\n"
807 " {\n"
808 " type file\n"
809 " file-name \"trust-anchor-10-3.cert\"\n"
810 " }\n"
811 " }\n"
812 "}\n";
813 const boost::filesystem::path CONFIG_PATH =
814 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
815
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700816 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800817 ValidatorConfig validator(face,
818 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
819 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
820 10,
821 2, // Two keys can be tracked
822 time::seconds(1)); // TTL is set to 1 sec
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700823 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800824
825 validator.validate(*interest1,
826 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700827 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800828
829 validator.validate(*interest2,
830 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700831 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800832
833 validator.validate(*interest1,
834 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700835 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800836
837 validator.validate(*interest3,
838 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700839 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800840
841 // Should succeed because identity1's key has been cleaned up due to space limit.
842 validator.validate(*interest1,
843 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700844 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800845}
846
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700847BOOST_AUTO_TEST_CASE(MaxKeyTest2)
Yingdi Yu41546342014-11-30 23:37:53 -0800848{
849 Name identity("/TestValidatorConfig/MaxKeyTest");
850
851 Name identity1 = identity;
852 identity1.append("Key1");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800853 BOOST_REQUIRE(saveIdentityCertificate(identity1, "trust-anchor-10-1.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800854
855 Name identity2 = identity;
856 identity2.append("Key2");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800857 BOOST_REQUIRE(saveIdentityCertificate(identity2, "trust-anchor-10-2.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800858
859 Name identity3 = identity;
860 identity3.append("Key3");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800861 BOOST_REQUIRE(saveIdentityCertificate(identity3, "trust-anchor-10-3.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800862
863 Name identity4 = identity;
864 identity4.append("Key4");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800865 BOOST_REQUIRE(saveIdentityCertificate(identity4, "trust-anchor-10-4.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800866
867
868 Name interestName("/TestValidatorConfig/MaxKeyTest");
869 Name interestName1 = interestName;
870 interestName1.append("1");
871 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
872 Name interestName2 = interestName;
873 interestName2.append("2");
874 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
875 Name interestName3 = interestName;
876 interestName3.append("3");
877 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
878 Name interestName4 = interestName;
879 interestName4.append("4");
880 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
881
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700882 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800883 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700884 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800885 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700886 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
Yingdi Yu41546342014-11-30 23:37:53 -0800887 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700888 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest4, security::signingByIdentity(identity4)));
Yingdi Yu41546342014-11-30 23:37:53 -0800889
890 const std::string CONFIG =
891 "rule\n"
892 "{\n"
893 " id \"FixedSignerChecker Interest Rule\"\n"
894 " for interest\n"
895 " filter"
896 " {\n"
897 " type name\n"
898 " name /TestValidatorConfig/MaxKeyTest\n"
899 " relation is-strict-prefix-of\n"
900 " }\n"
901 " checker\n"
902 " {\n"
903 " type fixed-signer\n"
904 " sig-type rsa-sha256\n"
905 " signer\n"
906 " {\n"
907 " type file\n"
908 " file-name \"trust-anchor-10-1.cert\"\n"
909 " }\n"
910 " signer\n"
911 " {\n"
912 " type file\n"
913 " file-name \"trust-anchor-10-2.cert\"\n"
914 " }\n"
915 " signer\n"
916 " {\n"
917 " type file\n"
918 " file-name \"trust-anchor-10-3.cert\"\n"
919 " }\n"
920 " signer\n"
921 " {\n"
922 " type file\n"
923 " file-name \"trust-anchor-10-4.cert\"\n"
924 " }\n"
925 " }\n"
926 "}\n";
927 const boost::filesystem::path CONFIG_PATH =
928 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
929
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700930 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800931 ValidatorConfig validator(face,
932 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
933 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
934 10,
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800935 3, // Three keys can be tracked
Yingdi Yu41546342014-11-30 23:37:53 -0800936 time::seconds(1)); // TTL is set to 1 sec
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700937 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800938
939 validator.validate(*interest1,
940 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700941 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800942
943 validator.validate(*interest2,
944 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700945 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800946
947 validator.validate(*interest3,
948 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700949 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800950
951 validator.validate(*interest1,
952 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700953 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800954
955 validator.validate(*interest2,
956 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700957 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800958
959 validator.validate(*interest3,
960 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700961 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800962
963 sleep(2);
964
965 validator.validate(*interest4,
966 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700967 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800968
969 // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
970 validator.validate(*interest1,
971 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700972 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800973
974 validator.validate(*interest2,
975 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700976 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800977
978 validator.validate(*interest3,
979 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700980 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800981}
982
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700983BOOST_AUTO_TEST_CASE(FixedSignerChecker2)
Yingdi Yu41546342014-11-30 23:37:53 -0800984{
985 Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800986 BOOST_REQUIRE(addIdentity(rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800987 Name rsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(rsaIdentity);
988
989 Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800990 BOOST_REQUIRE(addIdentity(ecdsaIdentity, EcdsaKeyParams()));
991 BOOST_REQUIRE(saveIdentityCertificate(ecdsaIdentity, "trust-anchor-11.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800992
993 Name dataName("/TestValidatorConfig/FixedSignerChecker2");
994 shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700995 m_keyChain.sign(*dataRsa, security::signingByIdentity(rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800996 shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700997 m_keyChain.sign(*dataEcdsa, security::signingByIdentity(ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800998
999 shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001000 m_keyChain.sign(*interestRsa, security::signingByIdentity(rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -08001001 shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001002 m_keyChain.sign(*interestEcdsa, security::signingByIdentity(ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -08001003
1004 const std::string CONFIG =
1005 "rule\n"
1006 "{\n"
1007 " id \"FixedSignerChecker Data Rule\"\n"
1008 " for data\n"
1009 " filter"
1010 " {\n"
1011 " type name\n"
1012 " name /TestValidatorConfig/FixedSignerChecker2\n"
1013 " relation equal\n"
1014 " }\n"
1015 " checker\n"
1016 " {\n"
1017 " type fixed-signer\n"
1018 " sig-type ecdsa-sha256\n"
1019 " signer\n"
1020 " {\n"
1021 " type file\n"
1022 " file-name \"trust-anchor-11.cert\"\n"
1023 " }\n"
1024 " }\n"
1025 "}\n"
1026 "rule\n"
1027 "{\n"
1028 " id \"FixedSignerChecker Interest Rule\"\n"
1029 " for interest\n"
1030 " filter"
1031 " {\n"
1032 " type name\n"
1033 " name /TestValidatorConfig/FixedSignerChecker2\n"
1034 " relation equal\n"
1035 " }\n"
1036 " checker\n"
1037 " {\n"
1038 " type fixed-signer\n"
1039 " sig-type ecdsa-sha256\n"
1040 " signer\n"
1041 " {\n"
1042 " type file\n"
1043 " file-name \"trust-anchor-11.cert\"\n"
1044 " }\n"
1045 " }\n"
1046 "}\n";
1047 const boost::filesystem::path CONFIG_PATH =
1048 (boost::filesystem::current_path() / std::string("unit-test.conf"));
1049
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001050 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -08001051 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001052 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -08001053
1054 validator.validate(*dataEcdsa,
1055 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001056 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001057
1058 validator.validate(*dataRsa,
1059 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001060 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001061
1062 validator.validate(*interestEcdsa,
1063 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001064 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001065
1066 validator.validate(*interestRsa,
1067 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001068 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001069}
1070
1071
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001072struct FacesFixture : public IdentityManagementTimeFixture
Yingdi Yu41546342014-11-30 23:37:53 -08001073{
1074 FacesFixture()
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001075 : face1(io, m_keyChain, {true, true})
1076 , face2(io, m_keyChain, {true, true})
Yingdi Yu41546342014-11-30 23:37:53 -08001077 , readInterestOffset1(0)
1078 , readDataOffset1(0)
1079 , readInterestOffset2(0)
1080 , readDataOffset2(0)
1081 {
1082 }
1083
1084 bool
1085 passPacket()
1086 {
1087 bool hasPassed = false;
1088
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001089 checkFace(face1.sentInterests, readInterestOffset1, face2, hasPassed);
1090 checkFace(face1.sentData, readDataOffset1, face2, hasPassed);
1091 checkFace(face2.sentInterests, readInterestOffset2, face1, hasPassed);
Zhiyi Zhang99832d42016-11-18 10:03:49 -08001092 checkFace(face2.sentData, readDataOffset2, face1, hasPassed);
Yingdi Yu41546342014-11-30 23:37:53 -08001093
1094 return hasPassed;
1095 }
1096
1097 template<typename Packet>
1098 void
1099 checkFace(std::vector<Packet>& receivedPackets,
1100 size_t& readPacketOffset,
1101 util::DummyClientFace& receiver,
1102 bool& hasPassed)
1103 {
1104 while (receivedPackets.size() > readPacketOffset) {
1105 receiver.receive(receivedPackets[readPacketOffset]);
1106 readPacketOffset++;
1107 hasPassed = true;
1108 }
1109 }
1110
1111 ~FacesFixture()
1112 {
1113 }
1114
1115public:
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001116 util::DummyClientFace face1;
1117 util::DummyClientFace face2;
Yingdi Yu41546342014-11-30 23:37:53 -08001118
1119 size_t readInterestOffset1;
1120 size_t readDataOffset1;
1121 size_t readInterestOffset2;
1122 size_t readDataOffset2;
1123};
1124
1125BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
1126{
Alexander Afanasyev2fa59392016-07-29 17:24:23 -07001127 std::vector<v1::CertificateSubjectDescription> subjectDescription;
Yingdi Yu41546342014-11-30 23:37:53 -08001128
1129 Name root("/TestValidatorConfig");
Zhiyi Zhang433686c2016-11-18 10:18:30 -08001130 BOOST_REQUIRE(saveIdentityCertificate(root, "trust-anchor-6.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -08001131
1132
1133 Name sld("/TestValidatorConfig/HierarchicalChecker");
Zhiyi Zhang433686c2016-11-18 10:18:30 -08001134 BOOST_REQUIRE(addIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -08001135 advanceClocks(time::milliseconds(100));
1136 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -07001137 shared_ptr<v1::IdentityCertificate> sldCert =
Yingdi Yu41546342014-11-30 23:37:53 -08001138 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1139 root,
1140 time::system_clock::now(),
1141 time::system_clock::now() + time::days(7300),
1142 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001143 m_keyChain.sign(*sldCert, security::signingByIdentity(root));
Yingdi Yu41546342014-11-30 23:37:53 -08001144 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1145
1146 Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
Zhiyi Zhang433686c2016-11-18 10:18:30 -08001147 BOOST_REQUIRE(addIdentity(nld));
Yingdi Yu41546342014-11-30 23:37:53 -08001148 advanceClocks(time::milliseconds(100));
1149 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -07001150 shared_ptr<v1::IdentityCertificate> nldCert =
Yingdi Yu41546342014-11-30 23:37:53 -08001151 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1152 sld,
1153 time::system_clock::now(),
1154 time::system_clock::now() + time::days(7300),
1155 subjectDescription);
Zhiyi Zhang433686c2016-11-18 10:18:30 -08001156 m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -08001157 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1158
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001159 face1.setInterestFilter(sldCert->getName().getPrefix(-1),
1160 [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -08001161 RegisterPrefixSuccessCallback(),
1162 [] (const Name&, const std::string&) {});
1163
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001164 face1.setInterestFilter(nldCert->getName().getPrefix(-1),
1165 [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -08001166 RegisterPrefixSuccessCallback(),
1167 [] (const Name&, const std::string&) {});
1168
1169 Name dataName1 = nld;
1170 dataName1.append("data1");
1171 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001172 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -08001173
1174 Name dataName2("/ConfValidatorTest");
1175 dataName2.append("data1");
1176 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001177 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -08001178
Yingdi Yu41546342014-11-30 23:37:53 -08001179 const std::string CONFIG =
1180 "rule\n"
1181 "{\n"
1182 " id \"Simple3 Rule\"\n"
1183 " for data\n"
1184 " checker\n"
1185 " {\n"
1186 " type hierarchical\n"
1187 " sig-type rsa-sha256\n"
1188 " }\n"
1189 "}\n"
1190 "trust-anchor\n"
1191 "{\n"
1192 " type file\n"
1193 " file-name \"trust-anchor-6.cert\"\n"
1194 "}\n";
1195 const boost::filesystem::path CONFIG_PATH =
1196 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1197
1198
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001199 auto validator = make_shared<ValidatorConfig>(&face2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001200 validator->load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -08001201
1202 advanceClocks(time::milliseconds(2), 100);
1203 validator->validate(*data1,
1204 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001205 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001206
1207 do {
1208 advanceClocks(time::milliseconds(2), 10);
1209 } while (passPacket());
1210
1211 validator->validate(*data2,
1212 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001213 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001214
1215 do {
1216 advanceClocks(time::milliseconds(2), 10);
1217 } while (passPacket());
Yingdi Yu41546342014-11-30 23:37:53 -08001218}
1219
1220BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
1221{
Junxiao Shid5827ce2016-07-14 20:49:37 +00001222 advanceClocks(time::nanoseconds(1));
Yingdi Yu41546342014-11-30 23:37:53 -08001223
Alexander Afanasyev2fa59392016-07-29 17:24:23 -07001224 std::vector<v1::CertificateSubjectDescription> subjectDescription;
Yingdi Yu41546342014-11-30 23:37:53 -08001225
1226 Name root("/TestValidatorConfig");
Zhiyi Zhang433686c2016-11-18 10:18:30 -08001227 BOOST_REQUIRE(saveIdentityCertificate(root, "trust-anchor-8.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -08001228
Yingdi Yu41546342014-11-30 23:37:53 -08001229 Name sld("/TestValidatorConfig/Nrd-1");
Zhiyi Zhang433686c2016-11-18 10:18:30 -08001230 BOOST_REQUIRE(addIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -08001231 advanceClocks(time::milliseconds(100));
1232 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -07001233 shared_ptr<v1::IdentityCertificate> sldCert =
Yingdi Yu41546342014-11-30 23:37:53 -08001234 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1235 root,
1236 time::system_clock::now(),
1237 time::system_clock::now() + time::days(7300),
1238 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001239 m_keyChain.sign(*sldCert, security::signingByIdentity(root));
Yingdi Yu41546342014-11-30 23:37:53 -08001240 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1241
1242 Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
Zhiyi Zhang433686c2016-11-18 10:18:30 -08001243 BOOST_REQUIRE(addIdentity(nld));
Yingdi Yu41546342014-11-30 23:37:53 -08001244 advanceClocks(time::milliseconds(100));
1245 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -07001246 shared_ptr<v1::IdentityCertificate> nldCert =
Yingdi Yu41546342014-11-30 23:37:53 -08001247 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1248 sld,
1249 time::system_clock::now(),
1250 time::system_clock::now() + time::days(7300),
1251 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001252 m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -08001253 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1254
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001255 face1.setInterestFilter(sldCert->getName().getPrefix(-1),
1256 [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -08001257 RegisterPrefixSuccessCallback(),
1258 [] (const Name&, const std::string&) {});
1259
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001260 face1.setInterestFilter(nldCert->getName().getPrefix(-1),
1261 [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -08001262 RegisterPrefixSuccessCallback(),
1263 [] (const Name&, const std::string&) {});
1264
1265 advanceClocks(time::milliseconds(10));
1266 Name interestName1("/localhost/nrd/register/option");
1267 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001268 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -08001269
1270 advanceClocks(time::milliseconds(10));
1271 Name interestName2("/localhost/nrd/non-register");
1272 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001273 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -08001274
1275 advanceClocks(time::milliseconds(10));
1276 Name interestName3("/localhost/nrd/register/option");
1277 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001278 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(root)));
Yingdi Yu41546342014-11-30 23:37:53 -08001279
1280 advanceClocks(time::milliseconds(10));
1281 Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
1282 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
1283
1284 const std::string CONFIG =
1285 "rule\n"
1286 "{\n"
1287 " id \"NRD Prefix Registration Command Rule\"\n"
1288 " for interest\n"
1289 " filter\n"
1290 " {\n"
1291 " type name\n"
1292 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
1293 " }\n"
1294 " checker\n"
1295 " {\n"
1296 " type customized\n"
1297 " sig-type rsa-sha256\n"
1298 " key-locator\n"
1299 " {\n"
1300 " type name\n"
1301 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
1302 " }\n"
1303 " }\n"
1304 "}\n"
1305 "rule\n"
1306 "{\n"
1307 " id \"Testbed Hierarchy Rule\"\n"
1308 " for data\n"
1309 " filter\n"
1310 " {\n"
1311 " type name\n"
1312 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
1313 " }\n"
1314 " checker\n"
1315 " {\n"
1316 " type hierarchical\n"
1317 " sig-type rsa-sha256\n"
1318 " }\n"
1319 "}\n"
1320 "trust-anchor\n"
1321 "{\n"
1322 " type file\n"
1323 " file-name \"trust-anchor-8.cert\"\n"
1324 "}\n";
1325 const boost::filesystem::path CONFIG_PATH =
1326 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1327
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001328 auto validator = make_shared<ValidatorConfig>(&face2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001329 validator->load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -08001330
1331 advanceClocks(time::milliseconds(2), 100);
1332
1333 // should succeed
1334 validator->validate(*interest1,
1335 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001336 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001337
1338 do {
1339 advanceClocks(time::milliseconds(2), 10);
1340 } while (passPacket());
1341
1342 // should fail
1343 validator->validate(*interest2,
1344 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001345 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001346
1347 do {
1348 advanceClocks(time::milliseconds(2), 10);
1349 } while (passPacket());
1350
1351 // should succeed
1352 validator->validate(*interest3,
1353 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001354 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001355
1356 do {
1357 advanceClocks(time::milliseconds(2), 10);
1358 } while (passPacket());
1359
1360 // should fail
1361 validator->validate(*interest4,
1362 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001363 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001364
1365 do {
1366 advanceClocks(time::milliseconds(2), 10);
1367 } while (passPacket());
Yingdi Yu41546342014-11-30 23:37:53 -08001368}
1369
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001370struct DirTestFixture : public IdentityManagementTimeFixture
Yingdi Yu41546342014-11-30 23:37:53 -08001371{
1372 DirTestFixture()
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001373 : face(io, m_keyChain, {true, true})
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001374 , validator(&face, ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
Yingdi Yu41546342014-11-30 23:37:53 -08001375 ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
1376 {
1377 certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
1378 boost::filesystem::create_directory(certDirPath);
1379
1380 firstCertPath = (boost::filesystem::current_path() /
1381 std::string("test-cert-dir") /
1382 std::string("trust-anchor-1.cert"));
1383
1384 secondCertPath = (boost::filesystem::current_path() /
1385 std::string("test-cert-dir") /
1386 std::string("trust-anchor-2.cert"));
1387
1388 firstIdentity = Name("/TestValidatorConfig/Dir/First");
Zhiyi Zhang433686c2016-11-18 10:18:30 -08001389 BOOST_REQUIRE(addIdentity(firstIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -08001390 Name firstCertName = m_keyChain.getDefaultCertificateNameForIdentity(firstIdentity);
1391 firstCert = m_keyChain.getCertificate(firstCertName);
1392 io::save(*firstCert, firstCertPath.string());
1393
1394 secondIdentity = Name("/TestValidatorConfig/Dir/Second");
Zhiyi Zhang433686c2016-11-18 10:18:30 -08001395 BOOST_REQUIRE(addIdentity(secondIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -08001396 Name secondCertName = m_keyChain.getDefaultCertificateNameForIdentity(secondIdentity);
1397 secondCert = m_keyChain.getCertificate(secondCertName);
1398 }
1399
1400 ~DirTestFixture()
1401 {
1402 boost::filesystem::remove_all(certDirPath);
1403 }
1404
1405public:
1406 boost::filesystem::path certDirPath;
1407 boost::filesystem::path firstCertPath;
1408 boost::filesystem::path secondCertPath;
1409
1410 Name firstIdentity;
1411 Name secondIdentity;
1412
Alexander Afanasyev2fa59392016-07-29 17:24:23 -07001413 shared_ptr<v1::IdentityCertificate> firstCert;
1414 shared_ptr<v1::IdentityCertificate> secondCert;
Yingdi Yu41546342014-11-30 23:37:53 -08001415
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001416 util::DummyClientFace face;
Yingdi Yu41546342014-11-30 23:37:53 -08001417 ValidatorConfig validator;
1418};
1419
1420BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
1421{
1422 advanceClocks(time::milliseconds(10));
1423
1424 Name dataName1("/any/data/1");
1425 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001426 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(firstIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -08001427
1428 Name dataName2("/any/data/2");
1429 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001430 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(secondIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -08001431
1432 std::string CONFIG =
1433 "rule\n"
1434 "{\n"
1435 " id \"Any Rule\"\n"
1436 " for data\n"
1437 " filter\n"
1438 " {\n"
1439 " type name\n"
1440 " regex ^<>*$\n"
1441 " }\n"
1442 " checker\n"
1443 " {\n"
1444 " type customized\n"
1445 " sig-type rsa-sha256\n"
1446 " key-locator\n"
1447 " {\n"
1448 " type name\n"
1449 " regex ^<>*$\n"
1450 " }\n"
1451 " }\n"
1452 "}\n"
1453 "trust-anchor\n"
1454 "{\n"
1455 " type dir\n"
1456 " dir test-cert-dir\n"
1457 " refresh 1s\n"
1458 "}\n";
1459
1460 const boost::filesystem::path CONFIG_PATH =
1461 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1462
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001463 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -08001464
1465 advanceClocks(time::milliseconds(10), 20);
1466 validator.validate(*data1,
1467 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001468 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001469 advanceClocks(time::milliseconds(10), 20);
1470
1471 validator.validate(*data2,
1472 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001473 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001474 advanceClocks(time::milliseconds(10), 20);
1475
1476 io::save(*secondCert, secondCertPath.string());
1477 advanceClocks(time::milliseconds(10), 200);
1478
1479 validator.validate(*data1,
1480 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001481 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001482 advanceClocks(time::milliseconds(10), 20);
1483
1484 validator.validate(*data2,
1485 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001486 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001487 advanceClocks(time::milliseconds(10), 20);
1488}
1489
Zhiyi Zhang48becde2017-01-05 16:41:38 -08001490class DirectCertFetchFixture : public IdentityManagementTimeFixture
1491{
1492public:
1493 DirectCertFetchFixture()
1494 : clientFace(io, m_keyChain, {true, true})
1495 , validationResult(boost::logic::indeterminate)
1496 {
1497 BOOST_REQUIRE(addIdentity(ca));
1498 BOOST_REQUIRE(saveIdentityCertificate(ca, "trust-anchor-1.cert", true));
1499 BOOST_REQUIRE(addSubCertificate(user, ca));
1500
1501 userCertName = m_keyChain.getDefaultCertificateNameForIdentity(user);
1502 userCert = m_keyChain.getCertificate(userCertName);
1503 }
1504
1505protected:
1506 void
1507 runTest(const std::function<void(const Interest&, const Interest&)> respond)
1508 {
1509 optional<Interest> directInterest;
1510 optional<Interest> infrastructureInterest;
1511 clientFace.onSendInterest.connect([&] (const Interest& interest) {
1512 const Name& interestName = interest.getName();
1513 if (interestName == userCert->getName().getPrefix(-1)) {
1514 auto nextHopFaceIdTag = interest.getTag<lp::NextHopFaceIdTag>();
1515 if (nextHopFaceIdTag != nullptr) {
1516 BOOST_CHECK(!directInterest);
1517 directInterest = interest;
1518 }
1519 else {
1520 BOOST_CHECK(!infrastructureInterest);
1521 infrastructureInterest = interest;
1522 }
1523 if (static_cast<bool>(directInterest) && static_cast<bool>(infrastructureInterest)) {
1524 io.post([directInterest, infrastructureInterest, respond] {
1525 respond(directInterest.value(), infrastructureInterest.value());
1526 });
1527 directInterest = nullopt;
1528 infrastructureInterest = nullopt;
1529 }
1530 }
1531 });
1532
1533 const boost::filesystem::path CONFIG_PATH =
1534 (boost::filesystem::current_path() / std::string("unit-test-direct.conf"));
1535 ValidatorConfig validator(&clientFace);
1536 validator.load(CONFIG, CONFIG_PATH.c_str());
1537 validator.setDirectCertFetchEnabled(true);
1538
1539 shared_ptr<Interest> interest = make_shared<Interest>(interestName);
1540 interest->setTag(make_shared<lp::IncomingFaceIdTag>(123));
1541 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest, security::signingByIdentity(user)));
1542
1543 validator.validate(*interest,
1544 [&] (const shared_ptr<const Interest>&) {
1545 BOOST_CHECK(boost::logic::indeterminate(validationResult));
1546 validationResult = true;
1547 },
1548 [&] (const shared_ptr<const Interest>&, const std::string& s) {
1549 BOOST_CHECK(boost::logic::indeterminate(validationResult));
1550 validationResult = false;
1551 });
1552
1553 advanceClocks(time::milliseconds(200), 60);
1554
1555 BOOST_CHECK(!boost::logic::indeterminate(validationResult));
1556 }
1557
1558public:
1559 util::DummyClientFace clientFace;
1560 const Name ca = Name("/DirectCertFetch");
1561 const Name user = Name("/DirectCertFetch/user");
1562 const Name interestName = Name("/DirectCertFetch/user/tag-interest");
1563 const std::string CONFIG = R"_TEXT_(
1564 rule
1565 {
1566 id "RuleForInterest"
1567 for interest
1568 checker
1569 {
1570 type hierarchical
1571 sig-type rsa-sha256
1572 }
1573 }
1574 rule
1575 {
1576 id "RuleForData"
1577 for data
1578 filter
1579 {
1580 type name
1581 regex ^<>*$
1582 }
1583 checker
1584 {
1585 type customized
1586 sig-type rsa-sha256
1587 key-locator
1588 {
1589 type name
1590 regex ^<>*$
1591 }
1592 }
1593 }
1594 trust-anchor
1595 {
1596 type file
1597 file-name "trust-anchor-1.cert"
1598 }
1599 )_TEXT_";
1600 boost::logic::tribool validationResult;
1601 Name userCertName;
1602 shared_ptr<v1::IdentityCertificate> userCert;
1603};
1604
1605BOOST_FIXTURE_TEST_SUITE(DirectCertFetch, DirectCertFetchFixture)
1606
1607BOOST_AUTO_TEST_CASE(CertFetchSuccess)
1608{
1609 runTest([this] (const Interest& directInterest, const Interest& infrastructureInterest) {
1610 this->clientFace.receive(*userCert);
1611 });
1612
1613 BOOST_CHECK_EQUAL(validationResult, true);
1614}
1615
1616BOOST_AUTO_TEST_CASE(CertFetchTimeout)
1617{
1618 // In this test case, certificate request would time out
1619 runTest([this] (const Interest& directInterest, const Interest& infrastructureInterest) { });
1620
1621 BOOST_CHECK_EQUAL(validationResult, false);
1622}
1623
1624BOOST_AUTO_TEST_CASE(CertFetchNack)
1625{
1626 runTest([this] (const Interest& directInterest, const Interest& infrastructureInterest) {
1627 lp::Nack nackInfrastructureInterest(infrastructureInterest);
1628 nackInfrastructureInterest.setHeader(lp::NackHeader().setReason(lp::NackReason::NO_ROUTE));
1629 this->clientFace.receive(nackInfrastructureInterest);
1630 });
1631
1632 BOOST_CHECK_EQUAL(validationResult, false);
1633}
1634
1635BOOST_AUTO_TEST_SUITE_END() // DirectCertFetch
Junxiao Shid5827ce2016-07-14 20:49:37 +00001636BOOST_AUTO_TEST_SUITE_END() // TestValidatorConfig
1637BOOST_AUTO_TEST_SUITE_END() // Security
Yingdi Yu41546342014-11-30 23:37:53 -08001638
1639} // namespace tests
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001640} // namespace security
Yingdi Yu41546342014-11-30 23:37:53 -08001641} // namespace ndn