Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 8618c1e0267fc927c7e360433158f5b33fdc4962 / . / tests / unit / security / validation-policy-command-interest.t.cpp
blob: cf91ee33c6d2ffde899389b44375665591ee5d10 [file] [log] [blame]
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Junxiao Shi2bea5c42017-08-14 20:10:32 +0000[diff] [blame]2/*
Davide Pesaventofbea4fc2022-02-08 07:26:04 -0500[diff] [blame]3 * Copyright (c) 2013-2022 Regents of the University of California.
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]22#include "ndn-cxx/security/validation-policy-command-interest.hpp"
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]23
Davide Pesavento77c5ce82021-05-07 16:12:02 -0400[diff] [blame]24#include "ndn-cxx/security/interest-signer.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]25#include "ndn-cxx/security/validation-policy-accept-all.hpp"
26#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]27
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]28#include "tests/test-common.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]29#include "tests/unit/security/validator-fixture.hpp"
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]30
31#include <boost/lexical_cast.hpp>
32#include <boost/mpl/vector.hpp>
33
34namespace ndn {
35namespace security {
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]36inline namespace v2 {
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]37namespace tests {
38
39using namespace ndn::tests;
40
41BOOST_AUTO_TEST_SUITE(Security)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]42
Eric Newberry1caa6342020-08-23 19:29:08 -0700[diff] [blame]43class CommandInterestDefaultOptions
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]44{
45public:
46 static ValidationPolicyCommandInterest::Options
47 getOptions()
48 {
49 return {};
50 }
51};
52
53template<class T, class InnerPolicy>
54class CommandInterestPolicyWrapper : public ValidationPolicyCommandInterest
55{
56public:
57 CommandInterestPolicyWrapper()
58 : ValidationPolicyCommandInterest(make_unique<InnerPolicy>(), T::getOptions())
59 {
60 }
61};
62
63template<class T, class InnerPolicy = ValidationPolicySimpleHierarchy>
64class ValidationPolicyCommandInterestFixture : public HierarchicalValidatorFixture<CommandInterestPolicyWrapper<T, InnerPolicy>>
65{
66public:
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]67 Interest
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]68 makeCommandInterest(const Identity& identity, bool wantV3 = false)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]69 {
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]70 if (wantV3) {
71 Interest i(Name(identity.getName()).append("CMD"));
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]72 m_signer.makeSignedInterest(i, signingByIdentity(identity));
73 return i;
74 }
75 else {
76 return m_signer.makeCommandInterest(Name(identity.getName()).append("CMD"),
77 signingByIdentity(identity));
78 }
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]79 }
80
81public:
Davide Pesavento77c5ce82021-05-07 16:12:02 -0400[diff] [blame]82 InterestSigner m_signer{this->m_keyChain};
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]83};
84
Eric Newberry1caa6342020-08-23 19:29:08 -0700[diff] [blame]85BOOST_FIXTURE_TEST_SUITE(TestValidationPolicyCommandInterest,
86 ValidationPolicyCommandInterestFixture<CommandInterestDefaultOptions>)
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]87
88BOOST_AUTO_TEST_SUITE(Accepts)
89
90BOOST_AUTO_TEST_CASE(Basic)
91{
92 auto i1 = makeCommandInterest(identity);
93 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]94 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]95
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]96 advanceClocks(5_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]97 auto i2 = makeCommandInterest(identity);
98 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]99
100 auto i3 = m_signer.makeCommandInterest(Name(identity.getName()).append("CMD"), signingWithSha256());
101 VALIDATE_FAILURE(i3, "Should fail (Sha256 signature violates policy)");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]102}
103
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]104BOOST_AUTO_TEST_CASE(BasicV3)
105{
106 auto i1 = makeCommandInterest(identity, true);
107 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
108 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
109
110 advanceClocks(5_ms);
111 auto i2 = makeCommandInterest(identity, true);
112 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
113
114 Interest i3(Name(identity.getName()).append("CMD"));
Eric Newberry17d7c472020-06-18 21:29:22 -0700[diff] [blame]115 m_signer.makeSignedInterest(i3, signingWithSha256());
116 VALIDATE_FAILURE(i3, "Should fail (Sha256 signature violates policy)");
117}
118
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]119BOOST_AUTO_TEST_CASE(DataPassthru)
120{
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]121 Data d1("/Security/ValidatorFixture/Sub1");
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]122 m_keyChain.sign(d1);
123 VALIDATE_SUCCESS(d1, "Should succeed (fallback on inner validation policy for data)");
124}
125
Eric Newberry1caa6342020-08-23 19:29:08 -0700[diff] [blame]126using ValidationPolicyAcceptAllCommands = ValidationPolicyCommandInterestFixture<CommandInterestDefaultOptions,
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]127 ValidationPolicyAcceptAll>;
128
129BOOST_FIXTURE_TEST_CASE(SignedWithSha256, ValidationPolicyAcceptAllCommands) // Bug 4635
130{
131 auto i1 = m_signer.makeCommandInterest("/hello/world/CMD", signingWithSha256());
132 VALIDATE_SUCCESS(i1, "Should succeed (within grace period)");
133 VALIDATE_FAILURE(i1, "Should fail (replay attack)");
134
135 advanceClocks(5_ms);
136 auto i2 = m_signer.makeCommandInterest("/hello/world/CMD", signingWithSha256());
137 VALIDATE_SUCCESS(i2, "Should succeed (timestamp larger than previous)");
138}
139
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]140BOOST_AUTO_TEST_SUITE_END() // Accepts
141
142BOOST_AUTO_TEST_SUITE(Rejects)
143
144BOOST_AUTO_TEST_CASE(NameTooShort)
145{
146 auto i1 = makeInterest("/name/too/short");
147 VALIDATE_FAILURE(*i1, "Should fail (name is too short)");
148}
149
150BOOST_AUTO_TEST_CASE(BadTimestamp)
151{
152 auto i1 = makeCommandInterest(identity);
153 setNameComponent(i1, command_interest::POS_TIMESTAMP, "not-timestamp");
154 VALIDATE_FAILURE(i1, "Should fail (timestamp is missing)");
155}
156
157BOOST_AUTO_TEST_CASE(BadSigInfo)
158{
159 auto i1 = makeCommandInterest(identity);
160 setNameComponent(i1, command_interest::POS_SIG_INFO, "not-SignatureInfo");
161 VALIDATE_FAILURE(i1, "Should fail (signature info is missing)");
162}
163
164BOOST_AUTO_TEST_CASE(MissingKeyLocator)
165{
166 auto i1 = makeCommandInterest(identity);
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]167 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]168 setNameComponent(i1, command_interest::POS_SIG_INFO,
169 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
170 VALIDATE_FAILURE(i1, "Should fail (missing KeyLocator)");
171}
172
173BOOST_AUTO_TEST_CASE(BadKeyLocatorType)
174{
175 auto i1 = makeCommandInterest(identity);
176 KeyLocator kl;
Davide Pesaventofbea4fc2022-02-08 07:26:04 -0500[diff] [blame]177 kl.setKeyDigest(makeBinaryBlock(tlv::KeyDigest, {0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD}));
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]178 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]179 sigInfo.setKeyLocator(kl);
180 setNameComponent(i1, command_interest::POS_SIG_INFO,
181 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
182 VALIDATE_FAILURE(i1, "Should fail (bad KeyLocator type)");
183}
184
185BOOST_AUTO_TEST_CASE(BadCertName)
186{
187 auto i1 = makeCommandInterest(identity);
188 KeyLocator kl;
189 kl.setName("/bad/cert/name");
Junxiao Shi605671d2017-08-26 13:41:06 +0000[diff] [blame]190 SignatureInfo sigInfo(tlv::SignatureSha256WithRsa);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]191 sigInfo.setKeyLocator(kl);
192 setNameComponent(i1, command_interest::POS_SIG_INFO,
193 sigInfo.wireEncode().begin(), sigInfo.wireEncode().end());
194 VALIDATE_FAILURE(i1, "Should fail (bad certificate name)");
195}
196
197BOOST_AUTO_TEST_CASE(InnerPolicyReject)
198{
199 auto i1 = makeCommandInterest(otherIdentity);
200 VALIDATE_FAILURE(i1, "Should fail (inner policy should reject)");
201}
202
203class GracePeriod15Sec
204{
205public:
206 static ValidationPolicyCommandInterest::Options
207 getOptions()
208 {
209 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]210 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]211 return options;
212 }
213};
214
215BOOST_FIXTURE_TEST_CASE(TimestampOutOfGracePositive, ValidationPolicyCommandInterestFixture<GracePeriod15Sec>)
216{
217 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]218 advanceClocks(16_s); // verifying at +16s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]219 VALIDATE_FAILURE(i1, "Should fail (timestamp outside the grace period)");
220 rewindClockAfterValidation();
221
222 auto i2 = makeCommandInterest(identity); // signed at +16s
223 VALIDATE_SUCCESS(i2, "Should succeed");
224}
225
226BOOST_FIXTURE_TEST_CASE(TimestampOutOfGraceNegative, ValidationPolicyCommandInterestFixture<GracePeriod15Sec>)
227{
228 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]229 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]230 auto i2 = makeCommandInterest(identity); // signed at +1s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]231 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]232 auto i3 = makeCommandInterest(identity); // signed at +2s
233
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]234 m_systemClock->advance(-18_s); // verifying at -16s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]235 VALIDATE_FAILURE(i1, "Should fail (timestamp outside the grace period)");
236 rewindClockAfterValidation();
237
238 // CommandInterestValidator should not remember i1's timestamp
239 VALIDATE_FAILURE(i2, "Should fail (timestamp outside the grace period)");
240 rewindClockAfterValidation();
241
242 // CommandInterestValidator should not remember i2's timestamp, and should treat i3 as initial
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]243 advanceClocks(18_s); // verifying at +2s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]244 VALIDATE_SUCCESS(i3, "Should succeed");
245}
246
247BOOST_AUTO_TEST_CASE(TimestampReorderEqual)
248{
249 auto i1 = makeCommandInterest(identity); // signed at 0s
250 VALIDATE_SUCCESS(i1, "Should succeed");
251
252 auto i2 = makeCommandInterest(identity); // signed at 0s
253 setNameComponent(i2, command_interest::POS_TIMESTAMP,
254 i1.getName()[command_interest::POS_TIMESTAMP]);
255 VALIDATE_FAILURE(i2, "Should fail (timestamp reordered)");
256
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]257 advanceClocks(2_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]258 auto i3 = makeCommandInterest(identity); // signed at +2s
259 VALIDATE_SUCCESS(i3, "Should succeed");
260}
261
262BOOST_AUTO_TEST_CASE(TimestampReorderNegative)
263{
264 auto i2 = makeCommandInterest(identity); // signed at 0ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]265 advanceClocks(200_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]266 auto i3 = makeCommandInterest(identity); // signed at +200ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]267 advanceClocks(900_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]268 auto i1 = makeCommandInterest(identity); // signed at +1100ms
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]269 advanceClocks(300_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]270 auto i4 = makeCommandInterest(identity); // signed at +1400ms
271
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]272 m_systemClock->advance(-300_ms); // verifying at +1100ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]273 VALIDATE_SUCCESS(i1, "Should succeed");
274 rewindClockAfterValidation();
275
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]276 m_systemClock->advance(-1100_ms); // verifying at 0ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]277 VALIDATE_FAILURE(i2, "Should fail (timestamp reordered)");
278 rewindClockAfterValidation();
279
280 // CommandInterestValidator should not remember i2's timestamp
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]281 advanceClocks(200_ms); // verifying at +200ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]282 VALIDATE_FAILURE(i3, "Should fail (timestamp reordered)");
283 rewindClockAfterValidation();
284
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]285 advanceClocks(1200_ms); // verifying at 1400ms
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]286 VALIDATE_SUCCESS(i4, "Should succeed");
287}
288
289BOOST_AUTO_TEST_SUITE_END() // Rejects
290
291BOOST_AUTO_TEST_SUITE(Options)
292
293template<class T>
294class GracePeriod
295{
296public:
297 static ValidationPolicyCommandInterest::Options
298 getOptions()
299 {
300 ValidationPolicyCommandInterest::Options options;
301 options.gracePeriod = time::seconds(T::value);
302 return options;
303 }
304};
305
306typedef boost::mpl::vector<
307 GracePeriod<boost::mpl::int_<0>>,
308 GracePeriod<boost::mpl::int_<-1>>
309> GraceNonPositiveValues;
310
311BOOST_FIXTURE_TEST_CASE_TEMPLATE(GraceNonPositive, GracePeriod, GraceNonPositiveValues,
312 ValidationPolicyCommandInterestFixture<GracePeriod>)
313{
314 auto i1 = this->makeCommandInterest(this->identity); // signed at 0ms
315 auto i2 = this->makeCommandInterest(this->subIdentity); // signed at 0ms
316 for (auto interest : {&i1, &i2}) {
317 setNameComponent(*interest, command_interest::POS_TIMESTAMP,
318 name::Component::fromNumber(time::toUnixTimestamp(time::system_clock::now()).count()));
319 } // ensure timestamps are exactly 0ms
320
321 VALIDATE_SUCCESS(i1, "Should succeed when validating at 0ms");
322 this->rewindClockAfterValidation();
323
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]324 this->advanceClocks(1_ms);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]325 VALIDATE_FAILURE(i2, "Should fail when validating at 1ms");
326}
327
328class LimitedRecordsOptions
329{
330public:
331 static ValidationPolicyCommandInterest::Options
332 getOptions()
333 {
334 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]335 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]336 options.maxRecords = 3;
337 return options;
338 }
339};
340
341BOOST_FIXTURE_TEST_CASE(LimitedRecords, ValidationPolicyCommandInterestFixture<LimitedRecordsOptions>)
342{
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]343 Identity id1 = this->addSubCertificate("/Security/ValidatorFixture/Sub1", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]344 this->cache.insert(id1.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]345 Identity id2 = this->addSubCertificate("/Security/ValidatorFixture/Sub2", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]346 this->cache.insert(id2.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]347 Identity id3 = this->addSubCertificate("/Security/ValidatorFixture/Sub3", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]348 this->cache.insert(id3.getDefaultKey().getDefaultCertificate());
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]349 Identity id4 = this->addSubCertificate("/Security/ValidatorFixture/Sub4", identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]350 this->cache.insert(id4.getDefaultKey().getDefaultCertificate());
351
352 auto i1 = makeCommandInterest(id2);
353 auto i2 = makeCommandInterest(id3);
354 auto i3 = makeCommandInterest(id4);
355 auto i00 = makeCommandInterest(id1); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]356 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]357 auto i01 = makeCommandInterest(id1); // signed at 1s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]358 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]359 auto i02 = makeCommandInterest(id1); // signed at 2s
360
361 VALIDATE_SUCCESS(i00, "Should succeed");
362 rewindClockAfterValidation();
363
364 VALIDATE_SUCCESS(i02, "Should succeed");
365 rewindClockAfterValidation();
366
367 VALIDATE_SUCCESS(i1, "Should succeed");
368 rewindClockAfterValidation();
369
370 VALIDATE_SUCCESS(i2, "Should succeed");
371 rewindClockAfterValidation();
372
373 VALIDATE_SUCCESS(i3, "Should succeed, forgets identity id1");
374 rewindClockAfterValidation();
375
376 VALIDATE_SUCCESS(i01, "Should succeed despite timestamp is reordered, because record has been evicted");
377}
378
379class UnlimitedRecordsOptions
380{
381public:
382 static ValidationPolicyCommandInterest::Options
383 getOptions()
384 {
385 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]386 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]387 options.maxRecords = -1;
388 return options;
389 }
390};
391
392BOOST_FIXTURE_TEST_CASE(UnlimitedRecords, ValidationPolicyCommandInterestFixture<UnlimitedRecordsOptions>)
393{
394 std::vector<Identity> identities;
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]395 for (size_t i = 0; i < 20; ++i) {
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]396 Identity id = this->addSubCertificate("/Security/ValidatorFixture/Sub" + to_string(i), identity);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]397 this->cache.insert(id.getDefaultKey().getDefaultCertificate());
398 identities.push_back(id);
399 }
400
401 auto i1 = makeCommandInterest(identities.at(0)); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]402 advanceClocks(1_s);
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]403 for (size_t i = 0; i < 20; ++i) {
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]404 auto i2 = makeCommandInterest(identities.at(i)); // signed at +1s
405
406 VALIDATE_SUCCESS(i2, "Should succeed");
407 rewindClockAfterValidation();
408 }
409 VALIDATE_FAILURE(i1, "Should fail (timestamp reorder)");
410}
411
412class ZeroRecordsOptions
413{
414public:
415 static ValidationPolicyCommandInterest::Options
416 getOptions()
417 {
418 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]419 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]420 options.maxRecords = 0;
421 return options;
422 }
423};
424
425BOOST_FIXTURE_TEST_CASE(ZeroRecords, ValidationPolicyCommandInterestFixture<ZeroRecordsOptions>)
426{
427 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]428 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]429 auto i2 = makeCommandInterest(identity); // signed at +1s
430 VALIDATE_SUCCESS(i2, "Should succeed");
431 rewindClockAfterValidation();
432
433 VALIDATE_SUCCESS(i1, "Should succeed despite timestamp is reordered, because record isn't kept");
434}
435
436class LimitedRecordLifetimeOptions
437{
438public:
439 static ValidationPolicyCommandInterest::Options
440 getOptions()
441 {
442 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]443 options.gracePeriod = 400_s;
444 options.recordLifetime = 300_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]445 return options;
446 }
447};
448
449BOOST_FIXTURE_TEST_CASE(LimitedRecordLifetime, ValidationPolicyCommandInterestFixture<LimitedRecordLifetimeOptions>)
450{
451 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]452 advanceClocks(240_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]453 auto i2 = makeCommandInterest(identity); // signed at +240s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]454 advanceClocks(120_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]455 auto i3 = makeCommandInterest(identity); // signed at +360s
456
Davide Pesavento4c1ad4c2020-11-16 21:12:02 -0500[diff] [blame]457 m_systemClock->advance(-360_s); // rewind system clock to 0s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]458 VALIDATE_SUCCESS(i1, "Should succeed");
459 rewindClockAfterValidation();
460
461 VALIDATE_SUCCESS(i3, "Should succeed");
462 rewindClockAfterValidation();
463
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]464 advanceClocks(30_s, 301_s); // advance steady clock by 301s, and system clock to +301s
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]465 VALIDATE_SUCCESS(i2, "Should succeed despite timestamp is reordered, because record has been expired");
466}
467
468class ZeroRecordLifetimeOptions
469{
470public:
471 static ValidationPolicyCommandInterest::Options
472 getOptions()
473 {
474 ValidationPolicyCommandInterest::Options options;
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]475 options.gracePeriod = 15_s;
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]476 options.recordLifetime = time::seconds::zero();
477 return options;
478 }
479};
480
481BOOST_FIXTURE_TEST_CASE(ZeroRecordLifetime, ValidationPolicyCommandInterestFixture<ZeroRecordLifetimeOptions>)
482{
483 auto i1 = makeCommandInterest(identity); // signed at 0s
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]484 advanceClocks(1_s);
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]485 auto i2 = makeCommandInterest(identity); // signed at +1s
486 VALIDATE_SUCCESS(i2, "Should succeed");
487 rewindClockAfterValidation();
488
489 VALIDATE_SUCCESS(i1, "Should succeed despite timestamp is reordered, because record has been expired");
490}
491
492BOOST_AUTO_TEST_SUITE_END() // Options
493
494BOOST_AUTO_TEST_SUITE_END() // TestValidationPolicyCommandInterest
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]495BOOST_AUTO_TEST_SUITE_END() // Security
496
497} // namespace tests
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400[diff] [blame]498} // inline namespace v2
Alexander Afanasyev93338872017-01-30 22:37:00 -0800[diff] [blame]499} // namespace security
500} // namespace ndn