Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 83eb1cc88e8e3eb5cabf858419f2a3ad841819dc / . / tests / unit-tests / security / validator-config.t.cpp
blob: 2419e8daee7fdd752fc732b4ec821e26ab41d9d0 [file] [log] [blame]
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Zhiyi Zhang48becde2017-01-05 16:41:38 -0800[diff] [blame]3 * Copyright (c) 2013-2017 Regents of the University of California.
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#include "security/validator-config.hpp"
23
24#include "security/key-chain.hpp"
25#include "util/io.hpp"
26#include "util/scheduler.hpp"
27#include "util/dummy-client-face.hpp"
Zhiyi Zhang48becde2017-01-05 16:41:38 -0800[diff] [blame]28#include "lp/tags.hpp"
29#include "lp/nack.hpp"
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]30
31#include <boost/asio.hpp>
Zhiyi Zhang48becde2017-01-05 16:41:38 -0800[diff] [blame]32#include <boost/logic/tribool.hpp>
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]33
34#include "identity-management-fixture.hpp"
35#include "../identity-management-time-fixture.hpp"
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]36#include "../make-interest-data.hpp"
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]37#include "boost-test.hpp"
38
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]39namespace ndn {
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]40namespace security {
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]41namespace tests {
42
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]43using namespace ndn::tests;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]44
Junxiao Shid5827ce2016-07-14 20:49:37 +0000[diff] [blame]45BOOST_AUTO_TEST_SUITE(Security)
46BOOST_FIXTURE_TEST_SUITE(TestValidatorConfig, IdentityManagementFixture)
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]47
48BOOST_AUTO_TEST_CASE(NameFilter)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]49{
50 Name identity("/TestValidatorConfig/NameFilter");
51 identity.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]52 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-1.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]53 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]54
55 Name dataName1("/simple/equal");
56 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]57 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]58
59 Name dataName2("/simple/different");
60 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]61 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]62
63 std::string CONFIG_1 =
64 "rule\n"
65 "{\n"
66 " id \"Simple Rule\"\n"
67 " for data\n"
68 " filter"
69 " {\n"
70 " type name\n"
71 " name /simple/equal\n"
72 " relation equal\n"
73 " }\n"
74 " checker\n"
75 " {\n"
76 " type customized\n"
77 " sig-type rsa-sha256\n"
78 " key-locator\n"
79 " {\n"
80 " type name\n"
81 " name ";
82
83 std::string CONFIG_2 =
84 "\n"
85 " relation equal\n"
86 " }\n"
87 " }\n"
88 "}\n"
89 "trust-anchor\n"
90 "{\n"
91 " type file\n"
92 " file-name \"trust-anchor-1.cert\"\n"
93 "}\n";
94 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
95
96 const boost::filesystem::path CONFIG_PATH =
97 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
98
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]99 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]100 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]101 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]102
103 validator.validate(*data1,
104 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]105 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]106
107 validator.validate(*data2,
108 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]109 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]110}
111
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]112BOOST_AUTO_TEST_CASE(NameFilter2)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]113{
114 Name identity("/TestValidatorConfig/NameFilter2");
115 identity.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]116 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-2.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]117 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]118
119 Name dataName1("/simple/isPrefixOf");
120 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]121 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]122
123 Name dataName2("/simple/notPrefixOf");
124 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]125 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]126
127 Name dataName3("/simple/isPrefixOf/anotherLevel");
128 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]129 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]130
131 std::string CONFIG_1 =
132 "rule\n"
133 "{\n"
134 " id \"Simple2 Rule\"\n"
135 " for data\n"
136 " filter"
137 " {\n"
138 " type name\n"
139 " name /simple/isPrefixOf\n"
140 " relation is-prefix-of\n"
141 " }\n"
142 " checker\n"
143 " {\n"
144 " type customized\n"
145 " sig-type rsa-sha256\n"
146 " key-locator\n"
147 " {\n"
148 " type name\n"
149 " name ";
150
151 std::string CONFIG_2 =
152 "\n"
153 " relation equal\n"
154 " }\n"
155 " }\n"
156 "}\n"
157 "trust-anchor\n"
158 "{\n"
159 " type file\n"
160 " file-name \"trust-anchor-2.cert\"\n"
161 "}\n";
162 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
163
164 const boost::filesystem::path CONFIG_PATH =
165 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
166
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]167 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]168 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]169 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]170
171 validator.validate(*data1,
172 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]173 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]174
175 validator.validate(*data2,
176 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]177 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]178
179 validator.validate(*data3,
180 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]181 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]182}
183
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]184BOOST_AUTO_TEST_CASE(NameFilter3)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]185{
186 Name identity("/TestValidatorConfig/NameFilter3");
187 identity.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]188 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-3.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]189 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]190
191 Name dataName1("/simple/isStrictPrefixOf");
192 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]193 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]194
195 Name dataName2("/simple");
196 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]197 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]198
199 Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
200 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]201 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]202
203 std::string CONFIG_1 =
204 "rule\n"
205 "{\n"
206 " id \"Simple3 Rule\"\n"
207 " for data\n"
208 " filter"
209 " {\n"
210 " type name\n"
211 " name /simple/isStrictPrefixOf\n"
212 " relation is-strict-prefix-of\n"
213 " }\n"
214 " checker\n"
215 " {\n"
216 " type customized\n"
217 " sig-type rsa-sha256\n"
218 " key-locator\n"
219 " {\n"
220 " type name\n"
221 " name ";
222
223 std::string CONFIG_2 =
224 "\n"
225 " relation equal\n"
226 " }\n"
227 " }\n"
228 "}\n"
229 "trust-anchor\n"
230 "{\n"
231 " type file\n"
232 " file-name \"trust-anchor-3.cert\"\n"
233 "}\n";
234 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
235
236 const boost::filesystem::path CONFIG_PATH =
237 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
238
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]239 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]240 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]241 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]242
243 validator.validate(*data1,
244 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]245 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]246
247 validator.validate(*data2,
248 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]249 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]250
251 validator.validate(*data3,
252 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]253 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]254}
255
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]256BOOST_AUTO_TEST_CASE(NameFilter4)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]257{
258 Name identity("/TestValidatorConfig/NameFilter4");
259 identity.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]260 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-4.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]261 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]262
263 Name dataName1("/simple/regex");
264 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]265 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]266
267 Name dataName2("/simple/regex-wrong");
268 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]269 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]270
271 Name dataName3("/simple/regex/correct");
272 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]273 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]274
275 std::string CONFIG_1 =
276 "rule\n"
277 "{\n"
278 " id \"Simple3 Rule\"\n"
279 " for data\n"
280 " filter"
281 " {\n"
282 " type name\n"
283 " regex ^<simple><regex>\n"
284 " }\n"
285 " checker\n"
286 " {\n"
287 " type customized\n"
288 " sig-type rsa-sha256\n"
289 " key-locator\n"
290 " {\n"
291 " type name\n"
292 " name ";
293
294 std::string CONFIG_2 =
295 "\n"
296 " relation equal\n"
297 " }\n"
298 " }\n"
299 "}\n"
300 "trust-anchor\n"
301 "{\n"
302 " type file\n"
303 " file-name \"trust-anchor-4.cert\"\n"
304 "}\n";
305 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
306
307 const boost::filesystem::path CONFIG_PATH =
308 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
309
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]310 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]311 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]312 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]313
314 validator.validate(*data1,
315 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]316 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]317
318 validator.validate(*data2,
319 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]320 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]321
322 validator.validate(*data3,
323 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]324 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]325}
326
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]327BOOST_AUTO_TEST_CASE(KeyLocatorNameChecker1)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]328{
329 Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
330 identity.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]331 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-5.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]332
333 Name dataName1 = identity;
334 dataName1.append("1");
335 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]336 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]337
338 Name dataName2 = identity;
339 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]340 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]341
342 Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
343 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]344 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]345
346 const std::string CONFIG =
347 "rule\n"
348 "{\n"
349 " id \"Simple3 Rule\"\n"
350 " for data\n"
351 " checker\n"
352 " {\n"
353 " type customized\n"
354 " sig-type rsa-sha256\n"
355 " key-locator\n"
356 " {\n"
357 " type name\n"
358 " hyper-relation\n"
359 " {\n"
360 " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
361 " k-expand \\\\1\\\\2\n"
362 " h-relation is-strict-prefix-of\n"
363 " p-regex ^(<>*)$\n"
364 " p-expand \\\\1\n"
365 " }\n"
366 " }\n"
367 " }\n"
368 "}\n"
369 "trust-anchor\n"
370 "{\n"
371 " type file\n"
372 " file-name \"trust-anchor-5.cert\"\n"
373 "}\n";
374 const boost::filesystem::path CONFIG_PATH =
375 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
376
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]377 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]378 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]379 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]380
381 validator.validate(*data1,
382 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]383 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]384
385 validator.validate(*data2,
386 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]387 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]388
389 validator.validate(*data3,
390 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]391 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]392}
393
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]394BOOST_AUTO_TEST_CASE(FixedSignerChecker)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]395{
396 Name identity("/TestValidatorConfig/FixedSignerChecker");
397
398 Name identity1 = identity;
399 identity1.append("1").appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]400 BOOST_REQUIRE(saveIdentityCertificate(identity1, "trust-anchor-7.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]401
402 Name identity2 = identity;
403 identity2.append("2").appendVersion();
404 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
405
406 Name dataName1 = identity;
407 dataName1.append("data").appendVersion();
408 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]409 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]410
411 Name dataName2 = identity;
412 dataName2.append("data").appendVersion();
413 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]414 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]415
416 Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
417 shared_ptr<Interest> interest = make_shared<Interest>(interestName);
418
419 const std::string CONFIG =
420 "rule\n"
421 "{\n"
422 " id \"FixedSignerChecker Data Rule\"\n"
423 " for data\n"
424 " filter"
425 " {\n"
426 " type name\n"
427 " name /TestValidatorConfig/FixedSignerChecker\n"
428 " relation is-strict-prefix-of\n"
429 " }\n"
430 " checker\n"
431 " {\n"
432 " type fixed-signer\n"
433 " sig-type rsa-sha256\n"
434 " signer\n"
435 " {\n"
436 " type file\n"
437 " file-name \"trust-anchor-7.cert\"\n"
438 " }\n"
439 " }\n"
440 "}\n"
441 "rule\n"
442 "{\n"
443 " id \"FixedSignerChecker Interest Rule\"\n"
444 " for interest\n"
445 " filter"
446 " {\n"
447 " type name\n"
448 " name /TestValidatorConfig/FixedSignerChecker\n"
449 " relation is-strict-prefix-of\n"
450 " }\n"
451 " checker\n"
452 " {\n"
453 " type fixed-signer\n"
454 " sig-type rsa-sha256\n"
455 " signer\n"
456 " {\n"
457 " type file\n"
458 " file-name \"trust-anchor-7.cert\"\n"
459 " }\n"
460 " }\n"
461 "}\n";
462 const boost::filesystem::path CONFIG_PATH =
463 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
464
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]465 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]466 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]467 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]468
469 validator.validate(*data1,
470 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]471 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]472
473 validator.validate(*data2,
474 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]475 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]476
477 validator.validate(*interest,
478 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]479 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]480}
481
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]482BOOST_AUTO_TEST_CASE(MultiCheckers)
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]483{
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]484 Name identity1("/TestValidatorConfig/MultiCheckers/");
485 identity1.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]486 BOOST_REQUIRE(saveIdentityCertificate(identity1, "trust-anchor-multi-1.cert", true));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]487
488 Name identity2("/TestValidatorConfig/");
489 identity2.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]490 BOOST_REQUIRE(saveIdentityCertificate(identity2, "trust-anchor-multi-2.cert", true));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]491
492 const std::string CONFIG =
493 "rule\n"
494 "{\n"
495 " id \"Simple Rule01\"\n"
496 " for data\n"
497 " filter"
498 " {\n"
499 " type name\n"
500 " name /\n"
501 " relation is-prefix-of\n"
502 " }\n"
503 " checker\n" // checker 1, signer should have prefix /TestValidatorConfig/MultiCheckers
504 " {\n"
505 " type customized\n"
506 " sig-type rsa-sha256\n"
507 " key-locator\n"
508 " {\n"
509 " type name\n"
510 " name /TestValidatorConfig/MultiCheckers/\n"
511 " relation is-prefix-of\n"
512 " }\n"
513 " }\n"
514 " checker\n" // checker 2, data should have same prefix of its signer
515 " {\n"
516 " type hierarchical\n"
517 " sig-type rsa-sha256\n"
518 " }\n"
519 " checker\n" // checker 3, the signer should be identity1
520 " {\n"
521 " type fixed-signer\n"
522 " sig-type rsa-sha256\n"
523 " signer\n"
524 " {\n"
525 " type file\n"
526 " file-name \"trust-anchor-multi-1.cert\"\n"
527 " }\n"
528 " }\n"
529 "}\n";
530
531 const boost::filesystem::path CONFIG_PATH =
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]532 (boost::filesystem::current_path() / std::string("unit-test-multicheckers.conf"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]533
534 ValidatorConfig validator;
535 validator.load(CONFIG, CONFIG_PATH.c_str());
536 conf::Checker& checker0 = *validator.m_dataRules.front()->m_checkers[0];
537 conf::Checker& checker1 = *validator.m_dataRules.front()->m_checkers[1];
538 conf::Checker& checker2 = *validator.m_dataRules.front()->m_checkers[2];
539
Junxiao Shi85d90832016-08-04 03:19:46 +0000[diff] [blame]540 auto data1 = makeData(Name(identity1).append("Test"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]541 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
542 BOOST_CHECK_EQUAL(checker0.check(*data1), 0);
543 BOOST_CHECK_EQUAL(checker1.check(*data1), 0);
544 BOOST_CHECK_EQUAL(checker2.check(*data1), 1);
545
Junxiao Shi85d90832016-08-04 03:19:46 +0000[diff] [blame]546 auto data2 = makeData(Name(identity2).append("Data2"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]547 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
548 BOOST_CHECK_EQUAL(checker0.check(*data2), -1);
549 BOOST_CHECK_EQUAL(checker1.check(*data2), 0);
550 BOOST_CHECK_EQUAL(checker2.check(*data2), -1);
551
Junxiao Shi85d90832016-08-04 03:19:46 +0000[diff] [blame]552 auto data3 = makeData(Name(identity2).append("Data3"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]553 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity1)));
554 BOOST_CHECK_EQUAL(checker0.check(*data3), 0);
555 BOOST_CHECK_EQUAL(checker1.check(*data3), -1);
556 BOOST_CHECK_EQUAL(checker2.check(*data3), 1);
557
Junxiao Shi85d90832016-08-04 03:19:46 +0000[diff] [blame]558 auto data4 = makeData("/Data4");
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]559 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data4, security::signingByIdentity(identity2)));
560 BOOST_CHECK_EQUAL(checker0.check(*data4), -1);
561 BOOST_CHECK_EQUAL(checker1.check(*data4), -1);
562 BOOST_CHECK_EQUAL(checker2.check(*data4), -1);
563
564 int count = 0;
565 validator.validate(*data1,
566 [&] (const shared_ptr<const Data>&) {
567 BOOST_CHECK(true);
568 count++;
569 },
570 [] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
571
572 validator.validate(*data2,
573 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
574 [&] (const shared_ptr<const Data>&, const std::string& str) {
575 BOOST_CHECK(true);
576 count++;
577 });
578
579 validator.validate(*data3,
580 [&] (const shared_ptr<const Data>&) {
581 BOOST_CHECK(true);
582 count++;
583 },
584 [] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
585
586 validator.validate(*data4,
587 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
588 [&] (const shared_ptr<const Data>&, const std::string& str) {
589 BOOST_CHECK(true);
590 count++;
591 });
592
593 BOOST_CHECK_EQUAL(count, 4);
594}
595
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]596BOOST_AUTO_TEST_CASE(Reset)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]597{
598 Name root("/TestValidatorConfig/Reload");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]599 BOOST_REQUIRE(saveIdentityCertificate(root, "trust-anchor-8.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]600
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]601 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]602
603 const std::string CONFIG =
604 "rule\n"
605 "{\n"
606 " id \"NRD Prefix Registration Command Rule\"\n"
607 " for interest\n"
608 " filter\n"
609 " {\n"
610 " type name\n"
611 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
612 " }\n"
613 " checker\n"
614 " {\n"
615 " type customized\n"
616 " sig-type rsa-sha256\n"
617 " key-locator\n"
618 " {\n"
619 " type name\n"
620 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
621 " }\n"
622 " }\n"
623 "}\n"
624 "rule\n"
625 "{\n"
626 " id \"Testbed Hierarchy Rule\"\n"
627 " for data\n"
628 " filter\n"
629 " {\n"
630 " type name\n"
631 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
632 " }\n"
633 " checker\n"
634 " {\n"
635 " type hierarchical\n"
636 " sig-type rsa-sha256\n"
637 " }\n"
638 "}\n"
639 "trust-anchor\n"
640 "{\n"
641 " type file\n"
642 " file-name \"trust-anchor-8.cert\"\n"
643 "}\n";
644 const boost::filesystem::path CONFIG_PATH =
645 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
646
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]647 shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
648
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]649 validator->load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]650 BOOST_CHECK_EQUAL(validator->isEmpty(), false);
651
652 validator->reset();
653 BOOST_CHECK(validator->isEmpty());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]654}
655
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]656BOOST_AUTO_TEST_CASE(TrustAnchorWildcard)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]657{
658 Name identity("/TestValidatorConfig/Wildcard");
659 identity.appendVersion();
660 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
661
662 Name dataName1("/any/data");
663 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]664 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]665
666 std::string CONFIG =
667 "trust-anchor\n"
668 "{\n"
669 " type any\n"
670 "}\n";
671
672 const boost::filesystem::path CONFIG_PATH =
673 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
674
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]675 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]676 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]677 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]678
679 validator.validate(*data1,
680 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]681 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]682}
683
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]684BOOST_AUTO_TEST_CASE(SignedInterestTest)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]685{
686 Name identity("/TestValidatorConfig/SignedInterestTest");
687
688 Name identity1 = identity;
689 identity1.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]690 BOOST_REQUIRE(saveIdentityCertificate(identity1, "trust-anchor-9.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]691
692 Name interestName("/TestValidatorConfig/SignedInterestTest");
693 Name interestName1 = interestName;
694 interestName1.append("1");
695 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
696 Name interestName2 = interestName;
697 interestName2.append("2");
698 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
699
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]700 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]701 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]702 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]703
704 const std::string CONFIG =
705 "rule\n"
706 "{\n"
707 " id \"FixedSignerChecker Interest Rule\"\n"
708 " for interest\n"
709 " filter"
710 " {\n"
711 " type name\n"
712 " name /TestValidatorConfig/SignedInterestTest\n"
713 " relation is-strict-prefix-of\n"
714 " }\n"
715 " checker\n"
716 " {\n"
717 " type fixed-signer\n"
718 " sig-type rsa-sha256\n"
719 " signer\n"
720 " {\n"
721 " type file\n"
722 " file-name \"trust-anchor-9.cert\"\n"
723 " }\n"
724 " }\n"
725 "}\n";
726 const boost::filesystem::path CONFIG_PATH =
727 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
728
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]729 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]730 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]731 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]732
733 validator.validate(*interest1,
734 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]735 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]736
737 validator.validate(*interest2,
738 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]739 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]740
741 validator.validate(*interest1,
742 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]743 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]744}
745
746
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]747BOOST_AUTO_TEST_CASE(MaxKeyTest)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]748{
749 Name identity("/TestValidatorConfig/MaxKeyTest");
750
751 Name identity1 = identity;
752 identity1.append("Key1");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]753 BOOST_REQUIRE(saveIdentityCertificate(identity1, "trust-anchor-10-1.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]754
755 Name identity2 = identity;
756 identity2.append("Key2");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]757 BOOST_REQUIRE(saveIdentityCertificate(identity2, "trust-anchor-10-2.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]758
759 Name identity3 = identity;
760 identity3.append("Key3");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]761 BOOST_REQUIRE(saveIdentityCertificate(identity3, "trust-anchor-10-3.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]762
763
764 Name interestName("/TestValidatorConfig/MaxKeyTest");
765 Name interestName1 = interestName;
766 interestName1.append("1");
767 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
768 Name interestName2 = interestName;
769 interestName2.append("2");
770 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
771 Name interestName3 = interestName;
772 interestName3.append("3");
773 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
774
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]775 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]776 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]777 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]778 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]779 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]780
781 const std::string CONFIG =
782 "rule\n"
783 "{\n"
784 " id \"FixedSignerChecker Interest Rule\"\n"
785 " for interest\n"
786 " filter"
787 " {\n"
788 " type name\n"
789 " name /TestValidatorConfig/MaxKeyTest\n"
790 " relation is-strict-prefix-of\n"
791 " }\n"
792 " checker\n"
793 " {\n"
794 " type fixed-signer\n"
795 " sig-type rsa-sha256\n"
796 " signer\n"
797 " {\n"
798 " type file\n"
799 " file-name \"trust-anchor-10-1.cert\"\n"
800 " }\n"
801 " signer\n"
802 " {\n"
803 " type file\n"
804 " file-name \"trust-anchor-10-2.cert\"\n"
805 " }\n"
806 " signer\n"
807 " {\n"
808 " type file\n"
809 " file-name \"trust-anchor-10-3.cert\"\n"
810 " }\n"
811 " }\n"
812 "}\n";
813 const boost::filesystem::path CONFIG_PATH =
814 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
815
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]816 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]817 ValidatorConfig validator(face,
818 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
819 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
820 10,
821 2, // Two keys can be tracked
822 time::seconds(1)); // TTL is set to 1 sec
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]823 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]824
825 validator.validate(*interest1,
826 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]827 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]828
829 validator.validate(*interest2,
830 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]831 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]832
833 validator.validate(*interest1,
834 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]835 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]836
837 validator.validate(*interest3,
838 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]839 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]840
841 // Should succeed because identity1's key has been cleaned up due to space limit.
842 validator.validate(*interest1,
843 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]844 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]845}
846
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]847BOOST_AUTO_TEST_CASE(MaxKeyTest2)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]848{
849 Name identity("/TestValidatorConfig/MaxKeyTest");
850
851 Name identity1 = identity;
852 identity1.append("Key1");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]853 BOOST_REQUIRE(saveIdentityCertificate(identity1, "trust-anchor-10-1.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]854
855 Name identity2 = identity;
856 identity2.append("Key2");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]857 BOOST_REQUIRE(saveIdentityCertificate(identity2, "trust-anchor-10-2.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]858
859 Name identity3 = identity;
860 identity3.append("Key3");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]861 BOOST_REQUIRE(saveIdentityCertificate(identity3, "trust-anchor-10-3.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]862
863 Name identity4 = identity;
864 identity4.append("Key4");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]865 BOOST_REQUIRE(saveIdentityCertificate(identity4, "trust-anchor-10-4.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]866
867
868 Name interestName("/TestValidatorConfig/MaxKeyTest");
869 Name interestName1 = interestName;
870 interestName1.append("1");
871 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
872 Name interestName2 = interestName;
873 interestName2.append("2");
874 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
875 Name interestName3 = interestName;
876 interestName3.append("3");
877 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
878 Name interestName4 = interestName;
879 interestName4.append("4");
880 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
881
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]882 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]883 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]884 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]885 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]886 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]887 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]888 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest4, security::signingByIdentity(identity4)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]889
890 const std::string CONFIG =
891 "rule\n"
892 "{\n"
893 " id \"FixedSignerChecker Interest Rule\"\n"
894 " for interest\n"
895 " filter"
896 " {\n"
897 " type name\n"
898 " name /TestValidatorConfig/MaxKeyTest\n"
899 " relation is-strict-prefix-of\n"
900 " }\n"
901 " checker\n"
902 " {\n"
903 " type fixed-signer\n"
904 " sig-type rsa-sha256\n"
905 " signer\n"
906 " {\n"
907 " type file\n"
908 " file-name \"trust-anchor-10-1.cert\"\n"
909 " }\n"
910 " signer\n"
911 " {\n"
912 " type file\n"
913 " file-name \"trust-anchor-10-2.cert\"\n"
914 " }\n"
915 " signer\n"
916 " {\n"
917 " type file\n"
918 " file-name \"trust-anchor-10-3.cert\"\n"
919 " }\n"
920 " signer\n"
921 " {\n"
922 " type file\n"
923 " file-name \"trust-anchor-10-4.cert\"\n"
924 " }\n"
925 " }\n"
926 "}\n";
927 const boost::filesystem::path CONFIG_PATH =
928 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
929
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]930 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]931 ValidatorConfig validator(face,
932 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
933 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
934 10,
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]935 3, // Three keys can be tracked
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]936 time::seconds(1)); // TTL is set to 1 sec
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]937 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]938
939 validator.validate(*interest1,
940 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]941 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]942
943 validator.validate(*interest2,
944 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]945 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]946
947 validator.validate(*interest3,
948 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]949 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]950
951 validator.validate(*interest1,
952 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]953 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]954
955 validator.validate(*interest2,
956 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]957 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]958
959 validator.validate(*interest3,
960 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]961 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]962
963 sleep(2);
964
965 validator.validate(*interest4,
966 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]967 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]968
969 // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
970 validator.validate(*interest1,
971 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]972 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]973
974 validator.validate(*interest2,
975 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]976 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]977
978 validator.validate(*interest3,
979 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]980 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]981}
982
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]983BOOST_AUTO_TEST_CASE(FixedSignerChecker2)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]984{
985 Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]986 BOOST_REQUIRE(addIdentity(rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]987 Name rsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(rsaIdentity);
988
989 Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]990 BOOST_REQUIRE(addIdentity(ecdsaIdentity, EcdsaKeyParams()));
991 BOOST_REQUIRE(saveIdentityCertificate(ecdsaIdentity, "trust-anchor-11.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]992
993 Name dataName("/TestValidatorConfig/FixedSignerChecker2");
994 shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]995 m_keyChain.sign(*dataRsa, security::signingByIdentity(rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]996 shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]997 m_keyChain.sign(*dataEcdsa, security::signingByIdentity(ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]998
999 shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1000 m_keyChain.sign(*interestRsa, security::signingByIdentity(rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1001 shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1002 m_keyChain.sign(*interestEcdsa, security::signingByIdentity(ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1003
1004 const std::string CONFIG =
1005 "rule\n"
1006 "{\n"
1007 " id \"FixedSignerChecker Data Rule\"\n"
1008 " for data\n"
1009 " filter"
1010 " {\n"
1011 " type name\n"
1012 " name /TestValidatorConfig/FixedSignerChecker2\n"
1013 " relation equal\n"
1014 " }\n"
1015 " checker\n"
1016 " {\n"
1017 " type fixed-signer\n"
1018 " sig-type ecdsa-sha256\n"
1019 " signer\n"
1020 " {\n"
1021 " type file\n"
1022 " file-name \"trust-anchor-11.cert\"\n"
1023 " }\n"
1024 " }\n"
1025 "}\n"
1026 "rule\n"
1027 "{\n"
1028 " id \"FixedSignerChecker Interest Rule\"\n"
1029 " for interest\n"
1030 " filter"
1031 " {\n"
1032 " type name\n"
1033 " name /TestValidatorConfig/FixedSignerChecker2\n"
1034 " relation equal\n"
1035 " }\n"
1036 " checker\n"
1037 " {\n"
1038 " type fixed-signer\n"
1039 " sig-type ecdsa-sha256\n"
1040 " signer\n"
1041 " {\n"
1042 " type file\n"
1043 " file-name \"trust-anchor-11.cert\"\n"
1044 " }\n"
1045 " }\n"
1046 "}\n";
1047 const boost::filesystem::path CONFIG_PATH =
1048 (boost::filesystem::current_path() / std::string("unit-test.conf"));
1049
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1050 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1051 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1052 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1053
1054 validator.validate(*dataEcdsa,
1055 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1056 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1057
1058 validator.validate(*dataRsa,
1059 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1060 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1061
1062 validator.validate(*interestEcdsa,
1063 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1064 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1065
1066 validator.validate(*interestRsa,
1067 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1068 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1069}
1070
1071
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1072struct FacesFixture : public IdentityManagementTimeFixture
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1073{
1074 FacesFixture()
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1075 : face1(io, m_keyChain, {true, true})
1076 , face2(io, m_keyChain, {true, true})
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1077 , readInterestOffset1(0)
1078 , readDataOffset1(0)
1079 , readInterestOffset2(0)
1080 , readDataOffset2(0)
1081 {
1082 }
1083
1084 bool
1085 passPacket()
1086 {
1087 bool hasPassed = false;
1088
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1089 checkFace(face1.sentInterests, readInterestOffset1, face2, hasPassed);
1090 checkFace(face1.sentData, readDataOffset1, face2, hasPassed);
1091 checkFace(face2.sentInterests, readInterestOffset2, face1, hasPassed);
Zhiyi Zhang99832d42016-11-18 10:03:49 -0800[diff] [blame]1092 checkFace(face2.sentData, readDataOffset2, face1, hasPassed);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1093
1094 return hasPassed;
1095 }
1096
1097 template<typename Packet>
1098 void
1099 checkFace(std::vector<Packet>& receivedPackets,
1100 size_t& readPacketOffset,
1101 util::DummyClientFace& receiver,
1102 bool& hasPassed)
1103 {
1104 while (receivedPackets.size() > readPacketOffset) {
1105 receiver.receive(receivedPackets[readPacketOffset]);
1106 readPacketOffset++;
1107 hasPassed = true;
1108 }
1109 }
1110
1111 ~FacesFixture()
1112 {
1113 }
1114
1115public:
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1116 util::DummyClientFace face1;
1117 util::DummyClientFace face2;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1118
1119 size_t readInterestOffset1;
1120 size_t readDataOffset1;
1121 size_t readInterestOffset2;
1122 size_t readDataOffset2;
1123};
1124
1125BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
1126{
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]1127 std::vector<v1::CertificateSubjectDescription> subjectDescription;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1128
1129 Name root("/TestValidatorConfig");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1130 BOOST_REQUIRE(saveIdentityCertificate(root, "trust-anchor-6.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1131
1132
1133 Name sld("/TestValidatorConfig/HierarchicalChecker");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1134 BOOST_REQUIRE(addIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1135 advanceClocks(time::milliseconds(100));
1136 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]1137 shared_ptr<v1::IdentityCertificate> sldCert =
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1138 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1139 root,
1140 time::system_clock::now(),
1141 time::system_clock::now() + time::days(7300),
1142 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1143 m_keyChain.sign(*sldCert, security::signingByIdentity(root));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1144 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1145
1146 Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1147 BOOST_REQUIRE(addIdentity(nld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1148 advanceClocks(time::milliseconds(100));
1149 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]1150 shared_ptr<v1::IdentityCertificate> nldCert =
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1151 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1152 sld,
1153 time::system_clock::now(),
1154 time::system_clock::now() + time::days(7300),
1155 subjectDescription);
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1156 m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1157 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1158
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1159 face1.setInterestFilter(sldCert->getName().getPrefix(-1),
1160 [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1161 RegisterPrefixSuccessCallback(),
1162 [] (const Name&, const std::string&) {});
1163
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1164 face1.setInterestFilter(nldCert->getName().getPrefix(-1),
1165 [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1166 RegisterPrefixSuccessCallback(),
1167 [] (const Name&, const std::string&) {});
1168
1169 Name dataName1 = nld;
1170 dataName1.append("data1");
1171 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1172 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1173
1174 Name dataName2("/ConfValidatorTest");
1175 dataName2.append("data1");
1176 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1177 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1178
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1179 const std::string CONFIG =
1180 "rule\n"
1181 "{\n"
1182 " id \"Simple3 Rule\"\n"
1183 " for data\n"
1184 " checker\n"
1185 " {\n"
1186 " type hierarchical\n"
1187 " sig-type rsa-sha256\n"
1188 " }\n"
1189 "}\n"
1190 "trust-anchor\n"
1191 "{\n"
1192 " type file\n"
1193 " file-name \"trust-anchor-6.cert\"\n"
1194 "}\n";
1195 const boost::filesystem::path CONFIG_PATH =
1196 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1197
1198
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1199 auto validator = make_shared<ValidatorConfig>(&face2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1200 validator->load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1201
1202 advanceClocks(time::milliseconds(2), 100);
1203 validator->validate(*data1,
1204 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1205 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1206
1207 do {
1208 advanceClocks(time::milliseconds(2), 10);
1209 } while (passPacket());
1210
1211 validator->validate(*data2,
1212 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1213 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1214
1215 do {
1216 advanceClocks(time::milliseconds(2), 10);
1217 } while (passPacket());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1218}
1219
1220BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
1221{
Junxiao Shid5827ce2016-07-14 20:49:37 +0000[diff] [blame]1222 advanceClocks(time::nanoseconds(1));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1223
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]1224 std::vector<v1::CertificateSubjectDescription> subjectDescription;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1225
1226 Name root("/TestValidatorConfig");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1227 BOOST_REQUIRE(saveIdentityCertificate(root, "trust-anchor-8.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1228
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1229 Name sld("/TestValidatorConfig/Nrd-1");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1230 BOOST_REQUIRE(addIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1231 advanceClocks(time::milliseconds(100));
1232 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]1233 shared_ptr<v1::IdentityCertificate> sldCert =
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1234 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1235 root,
1236 time::system_clock::now(),
1237 time::system_clock::now() + time::days(7300),
1238 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1239 m_keyChain.sign(*sldCert, security::signingByIdentity(root));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1240 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1241
1242 Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1243 BOOST_REQUIRE(addIdentity(nld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1244 advanceClocks(time::milliseconds(100));
1245 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]1246 shared_ptr<v1::IdentityCertificate> nldCert =
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1247 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1248 sld,
1249 time::system_clock::now(),
1250 time::system_clock::now() + time::days(7300),
1251 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1252 m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1253 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1254
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1255 face1.setInterestFilter(sldCert->getName().getPrefix(-1),
1256 [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1257 RegisterPrefixSuccessCallback(),
1258 [] (const Name&, const std::string&) {});
1259
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1260 face1.setInterestFilter(nldCert->getName().getPrefix(-1),
1261 [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1262 RegisterPrefixSuccessCallback(),
1263 [] (const Name&, const std::string&) {});
1264
1265 advanceClocks(time::milliseconds(10));
1266 Name interestName1("/localhost/nrd/register/option");
1267 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1268 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1269
1270 advanceClocks(time::milliseconds(10));
1271 Name interestName2("/localhost/nrd/non-register");
1272 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1273 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1274
1275 advanceClocks(time::milliseconds(10));
1276 Name interestName3("/localhost/nrd/register/option");
1277 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1278 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(root)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1279
1280 advanceClocks(time::milliseconds(10));
1281 Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
1282 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
1283
1284 const std::string CONFIG =
1285 "rule\n"
1286 "{\n"
1287 " id \"NRD Prefix Registration Command Rule\"\n"
1288 " for interest\n"
1289 " filter\n"
1290 " {\n"
1291 " type name\n"
1292 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
1293 " }\n"
1294 " checker\n"
1295 " {\n"
1296 " type customized\n"
1297 " sig-type rsa-sha256\n"
1298 " key-locator\n"
1299 " {\n"
1300 " type name\n"
1301 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
1302 " }\n"
1303 " }\n"
1304 "}\n"
1305 "rule\n"
1306 "{\n"
1307 " id \"Testbed Hierarchy Rule\"\n"
1308 " for data\n"
1309 " filter\n"
1310 " {\n"
1311 " type name\n"
1312 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
1313 " }\n"
1314 " checker\n"
1315 " {\n"
1316 " type hierarchical\n"
1317 " sig-type rsa-sha256\n"
1318 " }\n"
1319 "}\n"
1320 "trust-anchor\n"
1321 "{\n"
1322 " type file\n"
1323 " file-name \"trust-anchor-8.cert\"\n"
1324 "}\n";
1325 const boost::filesystem::path CONFIG_PATH =
1326 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1327
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1328 auto validator = make_shared<ValidatorConfig>(&face2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1329 validator->load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1330
1331 advanceClocks(time::milliseconds(2), 100);
1332
1333 // should succeed
1334 validator->validate(*interest1,
1335 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1336 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1337
1338 do {
1339 advanceClocks(time::milliseconds(2), 10);
1340 } while (passPacket());
1341
1342 // should fail
1343 validator->validate(*interest2,
1344 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1345 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1346
1347 do {
1348 advanceClocks(time::milliseconds(2), 10);
1349 } while (passPacket());
1350
1351 // should succeed
1352 validator->validate(*interest3,
1353 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1354 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1355
1356 do {
1357 advanceClocks(time::milliseconds(2), 10);
1358 } while (passPacket());
1359
1360 // should fail
1361 validator->validate(*interest4,
1362 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1363 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1364
1365 do {
1366 advanceClocks(time::milliseconds(2), 10);
1367 } while (passPacket());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1368}
1369
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1370struct DirTestFixture : public IdentityManagementTimeFixture
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1371{
1372 DirTestFixture()
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1373 : face(io, m_keyChain, {true, true})
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1374 , validator(&face, ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1375 ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
1376 {
1377 certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
1378 boost::filesystem::create_directory(certDirPath);
1379
1380 firstCertPath = (boost::filesystem::current_path() /
1381 std::string("test-cert-dir") /
1382 std::string("trust-anchor-1.cert"));
1383
1384 secondCertPath = (boost::filesystem::current_path() /
1385 std::string("test-cert-dir") /
1386 std::string("trust-anchor-2.cert"));
1387
1388 firstIdentity = Name("/TestValidatorConfig/Dir/First");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1389 BOOST_REQUIRE(addIdentity(firstIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1390 Name firstCertName = m_keyChain.getDefaultCertificateNameForIdentity(firstIdentity);
1391 firstCert = m_keyChain.getCertificate(firstCertName);
1392 io::save(*firstCert, firstCertPath.string());
1393
1394 secondIdentity = Name("/TestValidatorConfig/Dir/Second");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1395 BOOST_REQUIRE(addIdentity(secondIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1396 Name secondCertName = m_keyChain.getDefaultCertificateNameForIdentity(secondIdentity);
1397 secondCert = m_keyChain.getCertificate(secondCertName);
1398 }
1399
1400 ~DirTestFixture()
1401 {
1402 boost::filesystem::remove_all(certDirPath);
1403 }
1404
1405public:
1406 boost::filesystem::path certDirPath;
1407 boost::filesystem::path firstCertPath;
1408 boost::filesystem::path secondCertPath;
1409
1410 Name firstIdentity;
1411 Name secondIdentity;
1412
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]1413 shared_ptr<v1::IdentityCertificate> firstCert;
1414 shared_ptr<v1::IdentityCertificate> secondCert;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1415
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1416 util::DummyClientFace face;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1417 ValidatorConfig validator;
1418};
1419
1420BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
1421{
1422 advanceClocks(time::milliseconds(10));
1423
1424 Name dataName1("/any/data/1");
1425 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1426 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(firstIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1427
1428 Name dataName2("/any/data/2");
1429 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1430 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(secondIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1431
1432 std::string CONFIG =
1433 "rule\n"
1434 "{\n"
1435 " id \"Any Rule\"\n"
1436 " for data\n"
1437 " filter\n"
1438 " {\n"
1439 " type name\n"
1440 " regex ^<>*$\n"
1441 " }\n"
1442 " checker\n"
1443 " {\n"
1444 " type customized\n"
1445 " sig-type rsa-sha256\n"
1446 " key-locator\n"
1447 " {\n"
1448 " type name\n"
1449 " regex ^<>*$\n"
1450 " }\n"
1451 " }\n"
1452 "}\n"
1453 "trust-anchor\n"
1454 "{\n"
1455 " type dir\n"
1456 " dir test-cert-dir\n"
1457 " refresh 1s\n"
1458 "}\n";
1459
1460 const boost::filesystem::path CONFIG_PATH =
1461 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1462
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1463 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1464
1465 advanceClocks(time::milliseconds(10), 20);
1466 validator.validate(*data1,
1467 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1468 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1469 advanceClocks(time::milliseconds(10), 20);
1470
1471 validator.validate(*data2,
1472 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1473 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1474 advanceClocks(time::milliseconds(10), 20);
1475
1476 io::save(*secondCert, secondCertPath.string());
1477 advanceClocks(time::milliseconds(10), 200);
1478
1479 validator.validate(*data1,
1480 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1481 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1482 advanceClocks(time::milliseconds(10), 20);
1483
1484 validator.validate(*data2,
1485 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1486 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1487 advanceClocks(time::milliseconds(10), 20);
1488}
1489
Zhiyi Zhang48becde2017-01-05 16:41:38 -0800[diff] [blame]1490class DirectCertFetchFixture : public IdentityManagementTimeFixture
1491{
1492public:
1493 DirectCertFetchFixture()
1494 : clientFace(io, m_keyChain, {true, true})
1495 , validationResult(boost::logic::indeterminate)
1496 {
1497 BOOST_REQUIRE(addIdentity(ca));
1498 BOOST_REQUIRE(saveIdentityCertificate(ca, "trust-anchor-1.cert", true));
1499 BOOST_REQUIRE(addSubCertificate(user, ca));
1500
1501 userCertName = m_keyChain.getDefaultCertificateNameForIdentity(user);
1502 userCert = m_keyChain.getCertificate(userCertName);
1503 }
1504
1505protected:
1506 void
1507 runTest(const std::function<void(const Interest&, const Interest&)> respond)
1508 {
1509 optional<Interest> directInterest;
1510 optional<Interest> infrastructureInterest;
1511 clientFace.onSendInterest.connect([&] (const Interest& interest) {
1512 const Name& interestName = interest.getName();
1513 if (interestName == userCert->getName().getPrefix(-1)) {
1514 auto nextHopFaceIdTag = interest.getTag<lp::NextHopFaceIdTag>();
1515 if (nextHopFaceIdTag != nullptr) {
1516 BOOST_CHECK(!directInterest);
1517 directInterest = interest;
1518 }
1519 else {
1520 BOOST_CHECK(!infrastructureInterest);
1521 infrastructureInterest = interest;
1522 }
1523 if (static_cast<bool>(directInterest) && static_cast<bool>(infrastructureInterest)) {
1524 io.post([directInterest, infrastructureInterest, respond] {
1525 respond(directInterest.value(), infrastructureInterest.value());
1526 });
1527 directInterest = nullopt;
1528 infrastructureInterest = nullopt;
1529 }
1530 }
1531 });
1532
1533 const boost::filesystem::path CONFIG_PATH =
1534 (boost::filesystem::current_path() / std::string("unit-test-direct.conf"));
1535 ValidatorConfig validator(&clientFace);
1536 validator.load(CONFIG, CONFIG_PATH.c_str());
1537 validator.setDirectCertFetchEnabled(true);
1538
1539 shared_ptr<Interest> interest = make_shared<Interest>(interestName);
1540 interest->setTag(make_shared<lp::IncomingFaceIdTag>(123));
1541 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest, security::signingByIdentity(user)));
1542
1543 validator.validate(*interest,
1544 [&] (const shared_ptr<const Interest>&) {
1545 BOOST_CHECK(boost::logic::indeterminate(validationResult));
1546 validationResult = true;
1547 },
1548 [&] (const shared_ptr<const Interest>&, const std::string& s) {
1549 BOOST_CHECK(boost::logic::indeterminate(validationResult));
1550 validationResult = false;
1551 });
1552
1553 advanceClocks(time::milliseconds(200), 60);
1554
1555 BOOST_CHECK(!boost::logic::indeterminate(validationResult));
1556 }
1557
1558public:
1559 util::DummyClientFace clientFace;
1560 const Name ca = Name("/DirectCertFetch");
1561 const Name user = Name("/DirectCertFetch/user");
1562 const Name interestName = Name("/DirectCertFetch/user/tag-interest");
1563 const std::string CONFIG = R"_TEXT_(
1564 rule
1565 {
1566 id "RuleForInterest"
1567 for interest
1568 checker
1569 {
1570 type hierarchical
1571 sig-type rsa-sha256
1572 }
1573 }
1574 rule
1575 {
1576 id "RuleForData"
1577 for data
1578 filter
1579 {
1580 type name
1581 regex ^<>*$
1582 }
1583 checker
1584 {
1585 type customized
1586 sig-type rsa-sha256
1587 key-locator
1588 {
1589 type name
1590 regex ^<>*$
1591 }
1592 }
1593 }
1594 trust-anchor
1595 {
1596 type file
1597 file-name "trust-anchor-1.cert"
1598 }
1599 )_TEXT_";
1600 boost::logic::tribool validationResult;
1601 Name userCertName;
1602 shared_ptr<v1::IdentityCertificate> userCert;
1603};
1604
1605BOOST_FIXTURE_TEST_SUITE(DirectCertFetch, DirectCertFetchFixture)
1606
1607BOOST_AUTO_TEST_CASE(CertFetchSuccess)
1608{
1609 runTest([this] (const Interest& directInterest, const Interest& infrastructureInterest) {
1610 this->clientFace.receive(*userCert);
1611 });
1612
1613 BOOST_CHECK_EQUAL(validationResult, true);
1614}
1615
1616BOOST_AUTO_TEST_CASE(CertFetchTimeout)
1617{
1618 // In this test case, certificate request would time out
1619 runTest([this] (const Interest& directInterest, const Interest& infrastructureInterest) { });
1620
1621 BOOST_CHECK_EQUAL(validationResult, false);
1622}
1623
1624BOOST_AUTO_TEST_CASE(CertFetchNack)
1625{
1626 runTest([this] (const Interest& directInterest, const Interest& infrastructureInterest) {
1627 lp::Nack nackInfrastructureInterest(infrastructureInterest);
1628 nackInfrastructureInterest.setHeader(lp::NackHeader().setReason(lp::NackReason::NO_ROUTE));
1629 this->clientFace.receive(nackInfrastructureInterest);
1630 });
1631
1632 BOOST_CHECK_EQUAL(validationResult, false);
1633}
1634
1635BOOST_AUTO_TEST_SUITE_END() // DirectCertFetch
Junxiao Shid5827ce2016-07-14 20:49:37 +0000[diff] [blame]1636BOOST_AUTO_TEST_SUITE_END() // TestValidatorConfig
1637BOOST_AUTO_TEST_SUITE_END() // Security
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1638
1639} // namespace tests
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1640} // namespace security
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1641} // namespace ndn