Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 99832d497938a45ea90ecb496cdef4dcb8e54763 / . / tests / unit-tests / security / validator-config.t.cpp
blob: e3f2f99eb9381ceb627b779af1186ccfb534bcac [file] [log] [blame]
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]3 * Copyright (c) 2013-2016 Regents of the University of California.
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#include "security/validator-config.hpp"
23
24#include "security/key-chain.hpp"
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]25#include "security/signing-helpers.hpp"
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]26#include "util/io.hpp"
27#include "util/scheduler.hpp"
28#include "util/dummy-client-face.hpp"
29
30#include <boost/asio.hpp>
31
32#include "identity-management-fixture.hpp"
33#include "../identity-management-time-fixture.hpp"
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]34#include "../make-interest-data.hpp"
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]35#include "boost-test.hpp"
36
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]37namespace ndn {
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]38namespace security {
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]39namespace tests {
40
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]41using namespace ndn::tests;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]42
Junxiao Shid5827ce2016-07-14 20:49:37 +0000[diff] [blame]43BOOST_AUTO_TEST_SUITE(Security)
44BOOST_FIXTURE_TEST_SUITE(TestValidatorConfig, IdentityManagementFixture)
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]45
46BOOST_AUTO_TEST_CASE(NameFilter)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]47{
48 Name identity("/TestValidatorConfig/NameFilter");
49 identity.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]50 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-1.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]51 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]52
53 Name dataName1("/simple/equal");
54 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]55 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]56
57 Name dataName2("/simple/different");
58 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]59 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]60
61 std::string CONFIG_1 =
62 "rule\n"
63 "{\n"
64 " id \"Simple Rule\"\n"
65 " for data\n"
66 " filter"
67 " {\n"
68 " type name\n"
69 " name /simple/equal\n"
70 " relation equal\n"
71 " }\n"
72 " checker\n"
73 " {\n"
74 " type customized\n"
75 " sig-type rsa-sha256\n"
76 " key-locator\n"
77 " {\n"
78 " type name\n"
79 " name ";
80
81 std::string CONFIG_2 =
82 "\n"
83 " relation equal\n"
84 " }\n"
85 " }\n"
86 "}\n"
87 "trust-anchor\n"
88 "{\n"
89 " type file\n"
90 " file-name \"trust-anchor-1.cert\"\n"
91 "}\n";
92 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
93
94 const boost::filesystem::path CONFIG_PATH =
95 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
96
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]97 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]98 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]99 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]100
101 validator.validate(*data1,
102 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]103 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]104
105 validator.validate(*data2,
106 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]107 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]108}
109
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]110BOOST_AUTO_TEST_CASE(NameFilter2)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]111{
112 Name identity("/TestValidatorConfig/NameFilter2");
113 identity.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]114 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-2.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]115 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]116
117 Name dataName1("/simple/isPrefixOf");
118 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]119 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]120
121 Name dataName2("/simple/notPrefixOf");
122 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]123 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]124
125 Name dataName3("/simple/isPrefixOf/anotherLevel");
126 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]127 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]128
129 std::string CONFIG_1 =
130 "rule\n"
131 "{\n"
132 " id \"Simple2 Rule\"\n"
133 " for data\n"
134 " filter"
135 " {\n"
136 " type name\n"
137 " name /simple/isPrefixOf\n"
138 " relation is-prefix-of\n"
139 " }\n"
140 " checker\n"
141 " {\n"
142 " type customized\n"
143 " sig-type rsa-sha256\n"
144 " key-locator\n"
145 " {\n"
146 " type name\n"
147 " name ";
148
149 std::string CONFIG_2 =
150 "\n"
151 " relation equal\n"
152 " }\n"
153 " }\n"
154 "}\n"
155 "trust-anchor\n"
156 "{\n"
157 " type file\n"
158 " file-name \"trust-anchor-2.cert\"\n"
159 "}\n";
160 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
161
162 const boost::filesystem::path CONFIG_PATH =
163 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
164
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]165 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]166 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]167 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]168
169 validator.validate(*data1,
170 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]171 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]172
173 validator.validate(*data2,
174 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]175 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]176
177 validator.validate(*data3,
178 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]179 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]180}
181
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]182BOOST_AUTO_TEST_CASE(NameFilter3)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]183{
184 Name identity("/TestValidatorConfig/NameFilter3");
185 identity.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]186 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-3.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]187 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]188
189 Name dataName1("/simple/isStrictPrefixOf");
190 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]191 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]192
193 Name dataName2("/simple");
194 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]195 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]196
197 Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
198 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]199 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]200
201 std::string CONFIG_1 =
202 "rule\n"
203 "{\n"
204 " id \"Simple3 Rule\"\n"
205 " for data\n"
206 " filter"
207 " {\n"
208 " type name\n"
209 " name /simple/isStrictPrefixOf\n"
210 " relation is-strict-prefix-of\n"
211 " }\n"
212 " checker\n"
213 " {\n"
214 " type customized\n"
215 " sig-type rsa-sha256\n"
216 " key-locator\n"
217 " {\n"
218 " type name\n"
219 " name ";
220
221 std::string CONFIG_2 =
222 "\n"
223 " relation equal\n"
224 " }\n"
225 " }\n"
226 "}\n"
227 "trust-anchor\n"
228 "{\n"
229 " type file\n"
230 " file-name \"trust-anchor-3.cert\"\n"
231 "}\n";
232 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
233
234 const boost::filesystem::path CONFIG_PATH =
235 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
236
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]237 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]238 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]239 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]240
241 validator.validate(*data1,
242 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]243 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]244
245 validator.validate(*data2,
246 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]247 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]248
249 validator.validate(*data3,
250 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]251 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]252}
253
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]254BOOST_AUTO_TEST_CASE(NameFilter4)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]255{
256 Name identity("/TestValidatorConfig/NameFilter4");
257 identity.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]258 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-4.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]259 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]260
261 Name dataName1("/simple/regex");
262 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]263 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]264
265 Name dataName2("/simple/regex-wrong");
266 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]267 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]268
269 Name dataName3("/simple/regex/correct");
270 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]271 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]272
273 std::string CONFIG_1 =
274 "rule\n"
275 "{\n"
276 " id \"Simple3 Rule\"\n"
277 " for data\n"
278 " filter"
279 " {\n"
280 " type name\n"
281 " regex ^<simple><regex>\n"
282 " }\n"
283 " checker\n"
284 " {\n"
285 " type customized\n"
286 " sig-type rsa-sha256\n"
287 " key-locator\n"
288 " {\n"
289 " type name\n"
290 " name ";
291
292 std::string CONFIG_2 =
293 "\n"
294 " relation equal\n"
295 " }\n"
296 " }\n"
297 "}\n"
298 "trust-anchor\n"
299 "{\n"
300 " type file\n"
301 " file-name \"trust-anchor-4.cert\"\n"
302 "}\n";
303 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
304
305 const boost::filesystem::path CONFIG_PATH =
306 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
307
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]308 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]309 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]310 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]311
312 validator.validate(*data1,
313 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]314 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]315
316 validator.validate(*data2,
317 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]318 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]319
320 validator.validate(*data3,
321 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]322 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]323}
324
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]325BOOST_AUTO_TEST_CASE(KeyLocatorNameChecker1)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]326{
327 Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
328 identity.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]329 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-5.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]330
331 Name dataName1 = identity;
332 dataName1.append("1");
333 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]334 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]335
336 Name dataName2 = identity;
337 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]338 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]339
340 Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
341 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]342 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]343
344 const std::string CONFIG =
345 "rule\n"
346 "{\n"
347 " id \"Simple3 Rule\"\n"
348 " for data\n"
349 " checker\n"
350 " {\n"
351 " type customized\n"
352 " sig-type rsa-sha256\n"
353 " key-locator\n"
354 " {\n"
355 " type name\n"
356 " hyper-relation\n"
357 " {\n"
358 " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
359 " k-expand \\\\1\\\\2\n"
360 " h-relation is-strict-prefix-of\n"
361 " p-regex ^(<>*)$\n"
362 " p-expand \\\\1\n"
363 " }\n"
364 " }\n"
365 " }\n"
366 "}\n"
367 "trust-anchor\n"
368 "{\n"
369 " type file\n"
370 " file-name \"trust-anchor-5.cert\"\n"
371 "}\n";
372 const boost::filesystem::path CONFIG_PATH =
373 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
374
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]375 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]376 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]377 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]378
379 validator.validate(*data1,
380 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]381 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]382
383 validator.validate(*data2,
384 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]385 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]386
387 validator.validate(*data3,
388 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]389 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]390}
391
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]392BOOST_AUTO_TEST_CASE(FixedSignerChecker)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]393{
394 Name identity("/TestValidatorConfig/FixedSignerChecker");
395
396 Name identity1 = identity;
397 identity1.append("1").appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]398 BOOST_REQUIRE(saveIdentityCertificate(identity1, "trust-anchor-7.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]399
400 Name identity2 = identity;
401 identity2.append("2").appendVersion();
402 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
403
404 Name dataName1 = identity;
405 dataName1.append("data").appendVersion();
406 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]407 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]408
409 Name dataName2 = identity;
410 dataName2.append("data").appendVersion();
411 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]412 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]413
414 Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
415 shared_ptr<Interest> interest = make_shared<Interest>(interestName);
416
417 const std::string CONFIG =
418 "rule\n"
419 "{\n"
420 " id \"FixedSignerChecker Data Rule\"\n"
421 " for data\n"
422 " filter"
423 " {\n"
424 " type name\n"
425 " name /TestValidatorConfig/FixedSignerChecker\n"
426 " relation is-strict-prefix-of\n"
427 " }\n"
428 " checker\n"
429 " {\n"
430 " type fixed-signer\n"
431 " sig-type rsa-sha256\n"
432 " signer\n"
433 " {\n"
434 " type file\n"
435 " file-name \"trust-anchor-7.cert\"\n"
436 " }\n"
437 " }\n"
438 "}\n"
439 "rule\n"
440 "{\n"
441 " id \"FixedSignerChecker Interest Rule\"\n"
442 " for interest\n"
443 " filter"
444 " {\n"
445 " type name\n"
446 " name /TestValidatorConfig/FixedSignerChecker\n"
447 " relation is-strict-prefix-of\n"
448 " }\n"
449 " checker\n"
450 " {\n"
451 " type fixed-signer\n"
452 " sig-type rsa-sha256\n"
453 " signer\n"
454 " {\n"
455 " type file\n"
456 " file-name \"trust-anchor-7.cert\"\n"
457 " }\n"
458 " }\n"
459 "}\n";
460 const boost::filesystem::path CONFIG_PATH =
461 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
462
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]463 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]464 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]465 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]466
467 validator.validate(*data1,
468 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]469 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]470
471 validator.validate(*data2,
472 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]473 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]474
475 validator.validate(*interest,
476 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]477 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]478}
479
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]480BOOST_AUTO_TEST_CASE(MultiCheckers)
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]481{
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]482 Name identity1("/TestValidatorConfig/MultiCheckers/");
483 identity1.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]484 BOOST_REQUIRE(saveIdentityCertificate(identity1, "trust-anchor-multi-1.cert", true));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]485
486 Name identity2("/TestValidatorConfig/");
487 identity2.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]488 BOOST_REQUIRE(saveIdentityCertificate(identity2, "trust-anchor-multi-2.cert", true));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]489
490 const std::string CONFIG =
491 "rule\n"
492 "{\n"
493 " id \"Simple Rule01\"\n"
494 " for data\n"
495 " filter"
496 " {\n"
497 " type name\n"
498 " name /\n"
499 " relation is-prefix-of\n"
500 " }\n"
501 " checker\n" // checker 1, signer should have prefix /TestValidatorConfig/MultiCheckers
502 " {\n"
503 " type customized\n"
504 " sig-type rsa-sha256\n"
505 " key-locator\n"
506 " {\n"
507 " type name\n"
508 " name /TestValidatorConfig/MultiCheckers/\n"
509 " relation is-prefix-of\n"
510 " }\n"
511 " }\n"
512 " checker\n" // checker 2, data should have same prefix of its signer
513 " {\n"
514 " type hierarchical\n"
515 " sig-type rsa-sha256\n"
516 " }\n"
517 " checker\n" // checker 3, the signer should be identity1
518 " {\n"
519 " type fixed-signer\n"
520 " sig-type rsa-sha256\n"
521 " signer\n"
522 " {\n"
523 " type file\n"
524 " file-name \"trust-anchor-multi-1.cert\"\n"
525 " }\n"
526 " }\n"
527 "}\n";
528
529 const boost::filesystem::path CONFIG_PATH =
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]530 (boost::filesystem::current_path() / std::string("unit-test-multicheckers.conf"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]531
532 ValidatorConfig validator;
533 validator.load(CONFIG, CONFIG_PATH.c_str());
534 conf::Checker& checker0 = *validator.m_dataRules.front()->m_checkers[0];
535 conf::Checker& checker1 = *validator.m_dataRules.front()->m_checkers[1];
536 conf::Checker& checker2 = *validator.m_dataRules.front()->m_checkers[2];
537
Junxiao Shi85d90832016-08-04 03:19:46 +0000[diff] [blame]538 auto data1 = makeData(Name(identity1).append("Test"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]539 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
540 BOOST_CHECK_EQUAL(checker0.check(*data1), 0);
541 BOOST_CHECK_EQUAL(checker1.check(*data1), 0);
542 BOOST_CHECK_EQUAL(checker2.check(*data1), 1);
543
Junxiao Shi85d90832016-08-04 03:19:46 +0000[diff] [blame]544 auto data2 = makeData(Name(identity2).append("Data2"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]545 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
546 BOOST_CHECK_EQUAL(checker0.check(*data2), -1);
547 BOOST_CHECK_EQUAL(checker1.check(*data2), 0);
548 BOOST_CHECK_EQUAL(checker2.check(*data2), -1);
549
Junxiao Shi85d90832016-08-04 03:19:46 +0000[diff] [blame]550 auto data3 = makeData(Name(identity2).append("Data3"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]551 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity1)));
552 BOOST_CHECK_EQUAL(checker0.check(*data3), 0);
553 BOOST_CHECK_EQUAL(checker1.check(*data3), -1);
554 BOOST_CHECK_EQUAL(checker2.check(*data3), 1);
555
Junxiao Shi85d90832016-08-04 03:19:46 +0000[diff] [blame]556 auto data4 = makeData("/Data4");
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]557 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data4, security::signingByIdentity(identity2)));
558 BOOST_CHECK_EQUAL(checker0.check(*data4), -1);
559 BOOST_CHECK_EQUAL(checker1.check(*data4), -1);
560 BOOST_CHECK_EQUAL(checker2.check(*data4), -1);
561
562 int count = 0;
563 validator.validate(*data1,
564 [&] (const shared_ptr<const Data>&) {
565 BOOST_CHECK(true);
566 count++;
567 },
568 [] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
569
570 validator.validate(*data2,
571 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
572 [&] (const shared_ptr<const Data>&, const std::string& str) {
573 BOOST_CHECK(true);
574 count++;
575 });
576
577 validator.validate(*data3,
578 [&] (const shared_ptr<const Data>&) {
579 BOOST_CHECK(true);
580 count++;
581 },
582 [] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
583
584 validator.validate(*data4,
585 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
586 [&] (const shared_ptr<const Data>&, const std::string& str) {
587 BOOST_CHECK(true);
588 count++;
589 });
590
591 BOOST_CHECK_EQUAL(count, 4);
592}
593
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]594BOOST_AUTO_TEST_CASE(Reset)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]595{
596 Name root("/TestValidatorConfig/Reload");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]597 BOOST_REQUIRE(saveIdentityCertificate(root, "trust-anchor-8.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]598
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]599 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]600
601 const std::string CONFIG =
602 "rule\n"
603 "{\n"
604 " id \"NRD Prefix Registration Command Rule\"\n"
605 " for interest\n"
606 " filter\n"
607 " {\n"
608 " type name\n"
609 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
610 " }\n"
611 " checker\n"
612 " {\n"
613 " type customized\n"
614 " sig-type rsa-sha256\n"
615 " key-locator\n"
616 " {\n"
617 " type name\n"
618 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
619 " }\n"
620 " }\n"
621 "}\n"
622 "rule\n"
623 "{\n"
624 " id \"Testbed Hierarchy Rule\"\n"
625 " for data\n"
626 " filter\n"
627 " {\n"
628 " type name\n"
629 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
630 " }\n"
631 " checker\n"
632 " {\n"
633 " type hierarchical\n"
634 " sig-type rsa-sha256\n"
635 " }\n"
636 "}\n"
637 "trust-anchor\n"
638 "{\n"
639 " type file\n"
640 " file-name \"trust-anchor-8.cert\"\n"
641 "}\n";
642 const boost::filesystem::path CONFIG_PATH =
643 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
644
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]645 shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
646
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]647 validator->load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]648 BOOST_CHECK_EQUAL(validator->isEmpty(), false);
649
650 validator->reset();
651 BOOST_CHECK(validator->isEmpty());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]652}
653
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]654BOOST_AUTO_TEST_CASE(TrustAnchorWildcard)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]655{
656 Name identity("/TestValidatorConfig/Wildcard");
657 identity.appendVersion();
658 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
659
660 Name dataName1("/any/data");
661 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]662 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]663
664 std::string CONFIG =
665 "trust-anchor\n"
666 "{\n"
667 " type any\n"
668 "}\n";
669
670 const boost::filesystem::path CONFIG_PATH =
671 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
672
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]673 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]674 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]675 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]676
677 validator.validate(*data1,
678 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]679 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]680}
681
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]682BOOST_AUTO_TEST_CASE(SignedInterestTest)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]683{
684 Name identity("/TestValidatorConfig/SignedInterestTest");
685
686 Name identity1 = identity;
687 identity1.appendVersion();
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]688 BOOST_REQUIRE(saveIdentityCertificate(identity1, "trust-anchor-9.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]689
690 Name interestName("/TestValidatorConfig/SignedInterestTest");
691 Name interestName1 = interestName;
692 interestName1.append("1");
693 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
694 Name interestName2 = interestName;
695 interestName2.append("2");
696 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
697
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]698 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]699 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]700 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]701
702 const std::string CONFIG =
703 "rule\n"
704 "{\n"
705 " id \"FixedSignerChecker Interest Rule\"\n"
706 " for interest\n"
707 " filter"
708 " {\n"
709 " type name\n"
710 " name /TestValidatorConfig/SignedInterestTest\n"
711 " relation is-strict-prefix-of\n"
712 " }\n"
713 " checker\n"
714 " {\n"
715 " type fixed-signer\n"
716 " sig-type rsa-sha256\n"
717 " signer\n"
718 " {\n"
719 " type file\n"
720 " file-name \"trust-anchor-9.cert\"\n"
721 " }\n"
722 " }\n"
723 "}\n";
724 const boost::filesystem::path CONFIG_PATH =
725 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
726
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]727 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]728 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]729 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]730
731 validator.validate(*interest1,
732 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]733 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]734
735 validator.validate(*interest2,
736 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]737 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]738
739 validator.validate(*interest1,
740 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]741 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]742}
743
744
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]745BOOST_AUTO_TEST_CASE(MaxKeyTest)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]746{
747 Name identity("/TestValidatorConfig/MaxKeyTest");
748
749 Name identity1 = identity;
750 identity1.append("Key1");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]751 BOOST_REQUIRE(saveIdentityCertificate(identity1, "trust-anchor-10-1.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]752
753 Name identity2 = identity;
754 identity2.append("Key2");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]755 BOOST_REQUIRE(saveIdentityCertificate(identity2, "trust-anchor-10-2.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]756
757 Name identity3 = identity;
758 identity3.append("Key3");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]759 BOOST_REQUIRE(saveIdentityCertificate(identity3, "trust-anchor-10-3.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]760
761
762 Name interestName("/TestValidatorConfig/MaxKeyTest");
763 Name interestName1 = interestName;
764 interestName1.append("1");
765 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
766 Name interestName2 = interestName;
767 interestName2.append("2");
768 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
769 Name interestName3 = interestName;
770 interestName3.append("3");
771 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
772
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]773 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]774 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]775 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]776 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]777 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]778
779 const std::string CONFIG =
780 "rule\n"
781 "{\n"
782 " id \"FixedSignerChecker Interest Rule\"\n"
783 " for interest\n"
784 " filter"
785 " {\n"
786 " type name\n"
787 " name /TestValidatorConfig/MaxKeyTest\n"
788 " relation is-strict-prefix-of\n"
789 " }\n"
790 " checker\n"
791 " {\n"
792 " type fixed-signer\n"
793 " sig-type rsa-sha256\n"
794 " signer\n"
795 " {\n"
796 " type file\n"
797 " file-name \"trust-anchor-10-1.cert\"\n"
798 " }\n"
799 " signer\n"
800 " {\n"
801 " type file\n"
802 " file-name \"trust-anchor-10-2.cert\"\n"
803 " }\n"
804 " signer\n"
805 " {\n"
806 " type file\n"
807 " file-name \"trust-anchor-10-3.cert\"\n"
808 " }\n"
809 " }\n"
810 "}\n";
811 const boost::filesystem::path CONFIG_PATH =
812 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
813
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]814 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]815 ValidatorConfig validator(face,
816 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
817 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
818 10,
819 2, // Two keys can be tracked
820 time::seconds(1)); // TTL is set to 1 sec
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]821 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]822
823 validator.validate(*interest1,
824 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]825 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]826
827 validator.validate(*interest2,
828 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]829 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]830
831 validator.validate(*interest1,
832 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]833 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]834
835 validator.validate(*interest3,
836 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]837 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]838
839 // Should succeed because identity1's key has been cleaned up due to space limit.
840 validator.validate(*interest1,
841 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]842 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]843}
844
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]845BOOST_AUTO_TEST_CASE(MaxKeyTest2)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]846{
847 Name identity("/TestValidatorConfig/MaxKeyTest");
848
849 Name identity1 = identity;
850 identity1.append("Key1");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]851 BOOST_REQUIRE(saveIdentityCertificate(identity1, "trust-anchor-10-1.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]852
853 Name identity2 = identity;
854 identity2.append("Key2");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]855 BOOST_REQUIRE(saveIdentityCertificate(identity2, "trust-anchor-10-2.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]856
857 Name identity3 = identity;
858 identity3.append("Key3");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]859 BOOST_REQUIRE(saveIdentityCertificate(identity3, "trust-anchor-10-3.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]860
861 Name identity4 = identity;
862 identity4.append("Key4");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]863 BOOST_REQUIRE(saveIdentityCertificate(identity4, "trust-anchor-10-4.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]864
865
866 Name interestName("/TestValidatorConfig/MaxKeyTest");
867 Name interestName1 = interestName;
868 interestName1.append("1");
869 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
870 Name interestName2 = interestName;
871 interestName2.append("2");
872 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
873 Name interestName3 = interestName;
874 interestName3.append("3");
875 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
876 Name interestName4 = interestName;
877 interestName4.append("4");
878 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
879
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]880 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]881 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]882 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]883 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]884 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]885 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]886 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest4, security::signingByIdentity(identity4)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]887
888 const std::string CONFIG =
889 "rule\n"
890 "{\n"
891 " id \"FixedSignerChecker Interest Rule\"\n"
892 " for interest\n"
893 " filter"
894 " {\n"
895 " type name\n"
896 " name /TestValidatorConfig/MaxKeyTest\n"
897 " relation is-strict-prefix-of\n"
898 " }\n"
899 " checker\n"
900 " {\n"
901 " type fixed-signer\n"
902 " sig-type rsa-sha256\n"
903 " signer\n"
904 " {\n"
905 " type file\n"
906 " file-name \"trust-anchor-10-1.cert\"\n"
907 " }\n"
908 " signer\n"
909 " {\n"
910 " type file\n"
911 " file-name \"trust-anchor-10-2.cert\"\n"
912 " }\n"
913 " signer\n"
914 " {\n"
915 " type file\n"
916 " file-name \"trust-anchor-10-3.cert\"\n"
917 " }\n"
918 " signer\n"
919 " {\n"
920 " type file\n"
921 " file-name \"trust-anchor-10-4.cert\"\n"
922 " }\n"
923 " }\n"
924 "}\n";
925 const boost::filesystem::path CONFIG_PATH =
926 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
927
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]928 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]929 ValidatorConfig validator(face,
930 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
931 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
932 10,
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]933 3, // Three keys can be tracked
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]934 time::seconds(1)); // TTL is set to 1 sec
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]935 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]936
937 validator.validate(*interest1,
938 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]939 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]940
941 validator.validate(*interest2,
942 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]943 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]944
945 validator.validate(*interest3,
946 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]947 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]948
949 validator.validate(*interest1,
950 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]951 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]952
953 validator.validate(*interest2,
954 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]955 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]956
957 validator.validate(*interest3,
958 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]959 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]960
961 sleep(2);
962
963 validator.validate(*interest4,
964 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]965 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]966
967 // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
968 validator.validate(*interest1,
969 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]970 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]971
972 validator.validate(*interest2,
973 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]974 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]975
976 validator.validate(*interest3,
977 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]978 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]979}
980
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]981BOOST_AUTO_TEST_CASE(FixedSignerChecker2)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]982{
983 Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]984 BOOST_REQUIRE(addIdentity(rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]985 Name rsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(rsaIdentity);
986
987 Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]988 BOOST_REQUIRE(addIdentity(ecdsaIdentity, EcdsaKeyParams()));
989 BOOST_REQUIRE(saveIdentityCertificate(ecdsaIdentity, "trust-anchor-11.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]990
991 Name dataName("/TestValidatorConfig/FixedSignerChecker2");
992 shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]993 m_keyChain.sign(*dataRsa, security::signingByIdentity(rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]994 shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]995 m_keyChain.sign(*dataEcdsa, security::signingByIdentity(ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]996
997 shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]998 m_keyChain.sign(*interestRsa, security::signingByIdentity(rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]999 shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1000 m_keyChain.sign(*interestEcdsa, security::signingByIdentity(ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1001
1002 const std::string CONFIG =
1003 "rule\n"
1004 "{\n"
1005 " id \"FixedSignerChecker Data Rule\"\n"
1006 " for data\n"
1007 " filter"
1008 " {\n"
1009 " type name\n"
1010 " name /TestValidatorConfig/FixedSignerChecker2\n"
1011 " relation equal\n"
1012 " }\n"
1013 " checker\n"
1014 " {\n"
1015 " type fixed-signer\n"
1016 " sig-type ecdsa-sha256\n"
1017 " signer\n"
1018 " {\n"
1019 " type file\n"
1020 " file-name \"trust-anchor-11.cert\"\n"
1021 " }\n"
1022 " }\n"
1023 "}\n"
1024 "rule\n"
1025 "{\n"
1026 " id \"FixedSignerChecker Interest Rule\"\n"
1027 " for interest\n"
1028 " filter"
1029 " {\n"
1030 " type name\n"
1031 " name /TestValidatorConfig/FixedSignerChecker2\n"
1032 " relation equal\n"
1033 " }\n"
1034 " checker\n"
1035 " {\n"
1036 " type fixed-signer\n"
1037 " sig-type ecdsa-sha256\n"
1038 " signer\n"
1039 " {\n"
1040 " type file\n"
1041 " file-name \"trust-anchor-11.cert\"\n"
1042 " }\n"
1043 " }\n"
1044 "}\n";
1045 const boost::filesystem::path CONFIG_PATH =
1046 (boost::filesystem::current_path() / std::string("unit-test.conf"));
1047
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1048 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1049 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1050 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1051
1052 validator.validate(*dataEcdsa,
1053 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1054 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1055
1056 validator.validate(*dataRsa,
1057 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1058 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1059
1060 validator.validate(*interestEcdsa,
1061 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1062 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1063
1064 validator.validate(*interestRsa,
1065 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1066 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1067}
1068
1069
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1070struct FacesFixture : public IdentityManagementTimeFixture
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1071{
1072 FacesFixture()
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1073 : face1(io, m_keyChain, {true, true})
1074 , face2(io, m_keyChain, {true, true})
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1075 , readInterestOffset1(0)
1076 , readDataOffset1(0)
1077 , readInterestOffset2(0)
1078 , readDataOffset2(0)
1079 {
1080 }
1081
1082 bool
1083 passPacket()
1084 {
1085 bool hasPassed = false;
1086
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1087 checkFace(face1.sentInterests, readInterestOffset1, face2, hasPassed);
1088 checkFace(face1.sentData, readDataOffset1, face2, hasPassed);
1089 checkFace(face2.sentInterests, readInterestOffset2, face1, hasPassed);
Zhiyi Zhang99832d42016-11-18 10:03:49 -0800[diff] [blame^]1090 checkFace(face2.sentData, readDataOffset2, face1, hasPassed);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1091
1092 return hasPassed;
1093 }
1094
1095 template<typename Packet>
1096 void
1097 checkFace(std::vector<Packet>& receivedPackets,
1098 size_t& readPacketOffset,
1099 util::DummyClientFace& receiver,
1100 bool& hasPassed)
1101 {
1102 while (receivedPackets.size() > readPacketOffset) {
1103 receiver.receive(receivedPackets[readPacketOffset]);
1104 readPacketOffset++;
1105 hasPassed = true;
1106 }
1107 }
1108
1109 ~FacesFixture()
1110 {
1111 }
1112
1113public:
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1114 util::DummyClientFace face1;
1115 util::DummyClientFace face2;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1116
1117 size_t readInterestOffset1;
1118 size_t readDataOffset1;
1119 size_t readInterestOffset2;
1120 size_t readDataOffset2;
1121};
1122
1123BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
1124{
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]1125 std::vector<v1::CertificateSubjectDescription> subjectDescription;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1126
1127 Name root("/TestValidatorConfig");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1128 BOOST_REQUIRE(saveIdentityCertificate(root, "trust-anchor-6.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1129
1130
1131 Name sld("/TestValidatorConfig/HierarchicalChecker");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1132 BOOST_REQUIRE(addIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1133 advanceClocks(time::milliseconds(100));
1134 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]1135 shared_ptr<v1::IdentityCertificate> sldCert =
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1136 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1137 root,
1138 time::system_clock::now(),
1139 time::system_clock::now() + time::days(7300),
1140 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1141 m_keyChain.sign(*sldCert, security::signingByIdentity(root));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1142 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1143
1144 Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1145 BOOST_REQUIRE(addIdentity(nld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1146 advanceClocks(time::milliseconds(100));
1147 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]1148 shared_ptr<v1::IdentityCertificate> nldCert =
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1149 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1150 sld,
1151 time::system_clock::now(),
1152 time::system_clock::now() + time::days(7300),
1153 subjectDescription);
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1154 m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1155 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1156
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1157 face1.setInterestFilter(sldCert->getName().getPrefix(-1),
1158 [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1159 RegisterPrefixSuccessCallback(),
1160 [] (const Name&, const std::string&) {});
1161
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1162 face1.setInterestFilter(nldCert->getName().getPrefix(-1),
1163 [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1164 RegisterPrefixSuccessCallback(),
1165 [] (const Name&, const std::string&) {});
1166
1167 Name dataName1 = nld;
1168 dataName1.append("data1");
1169 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1170 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1171
1172 Name dataName2("/ConfValidatorTest");
1173 dataName2.append("data1");
1174 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1175 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1176
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1177 const std::string CONFIG =
1178 "rule\n"
1179 "{\n"
1180 " id \"Simple3 Rule\"\n"
1181 " for data\n"
1182 " checker\n"
1183 " {\n"
1184 " type hierarchical\n"
1185 " sig-type rsa-sha256\n"
1186 " }\n"
1187 "}\n"
1188 "trust-anchor\n"
1189 "{\n"
1190 " type file\n"
1191 " file-name \"trust-anchor-6.cert\"\n"
1192 "}\n";
1193 const boost::filesystem::path CONFIG_PATH =
1194 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1195
1196
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1197 auto validator = make_shared<ValidatorConfig>(&face2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1198 validator->load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1199
1200 advanceClocks(time::milliseconds(2), 100);
1201 validator->validate(*data1,
1202 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1203 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1204
1205 do {
1206 advanceClocks(time::milliseconds(2), 10);
1207 } while (passPacket());
1208
1209 validator->validate(*data2,
1210 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1211 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1212
1213 do {
1214 advanceClocks(time::milliseconds(2), 10);
1215 } while (passPacket());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1216}
1217
1218BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
1219{
Junxiao Shid5827ce2016-07-14 20:49:37 +0000[diff] [blame]1220 advanceClocks(time::nanoseconds(1));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1221
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]1222 std::vector<v1::CertificateSubjectDescription> subjectDescription;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1223
1224 Name root("/TestValidatorConfig");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1225 BOOST_REQUIRE(saveIdentityCertificate(root, "trust-anchor-8.cert", true));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1226
1227
1228 Name sld("/TestValidatorConfig/Nrd-1");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1229 BOOST_REQUIRE(addIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1230 advanceClocks(time::milliseconds(100));
1231 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]1232 shared_ptr<v1::IdentityCertificate> sldCert =
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1233 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1234 root,
1235 time::system_clock::now(),
1236 time::system_clock::now() + time::days(7300),
1237 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1238 m_keyChain.sign(*sldCert, security::signingByIdentity(root));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1239 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1240
1241 Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1242 BOOST_REQUIRE(addIdentity(nld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1243 advanceClocks(time::milliseconds(100));
1244 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]1245 shared_ptr<v1::IdentityCertificate> nldCert =
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1246 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1247 sld,
1248 time::system_clock::now(),
1249 time::system_clock::now() + time::days(7300),
1250 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1251 m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1252 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1253
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1254 face1.setInterestFilter(sldCert->getName().getPrefix(-1),
1255 [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1256 RegisterPrefixSuccessCallback(),
1257 [] (const Name&, const std::string&) {});
1258
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1259 face1.setInterestFilter(nldCert->getName().getPrefix(-1),
1260 [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1261 RegisterPrefixSuccessCallback(),
1262 [] (const Name&, const std::string&) {});
1263
1264 advanceClocks(time::milliseconds(10));
1265 Name interestName1("/localhost/nrd/register/option");
1266 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1267 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1268
1269 advanceClocks(time::milliseconds(10));
1270 Name interestName2("/localhost/nrd/non-register");
1271 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1272 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1273
1274 advanceClocks(time::milliseconds(10));
1275 Name interestName3("/localhost/nrd/register/option");
1276 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1277 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(root)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1278
1279 advanceClocks(time::milliseconds(10));
1280 Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
1281 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
1282
1283 const std::string CONFIG =
1284 "rule\n"
1285 "{\n"
1286 " id \"NRD Prefix Registration Command Rule\"\n"
1287 " for interest\n"
1288 " filter\n"
1289 " {\n"
1290 " type name\n"
1291 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
1292 " }\n"
1293 " checker\n"
1294 " {\n"
1295 " type customized\n"
1296 " sig-type rsa-sha256\n"
1297 " key-locator\n"
1298 " {\n"
1299 " type name\n"
1300 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
1301 " }\n"
1302 " }\n"
1303 "}\n"
1304 "rule\n"
1305 "{\n"
1306 " id \"Testbed Hierarchy Rule\"\n"
1307 " for data\n"
1308 " filter\n"
1309 " {\n"
1310 " type name\n"
1311 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
1312 " }\n"
1313 " checker\n"
1314 " {\n"
1315 " type hierarchical\n"
1316 " sig-type rsa-sha256\n"
1317 " }\n"
1318 "}\n"
1319 "trust-anchor\n"
1320 "{\n"
1321 " type file\n"
1322 " file-name \"trust-anchor-8.cert\"\n"
1323 "}\n";
1324 const boost::filesystem::path CONFIG_PATH =
1325 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1326
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1327 auto validator = make_shared<ValidatorConfig>(&face2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1328 validator->load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1329
1330 advanceClocks(time::milliseconds(2), 100);
1331
1332 // should succeed
1333 validator->validate(*interest1,
1334 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1335 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1336
1337 do {
1338 advanceClocks(time::milliseconds(2), 10);
1339 } while (passPacket());
1340
1341 // should fail
1342 validator->validate(*interest2,
1343 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1344 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1345
1346 do {
1347 advanceClocks(time::milliseconds(2), 10);
1348 } while (passPacket());
1349
1350 // should succeed
1351 validator->validate(*interest3,
1352 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1353 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1354
1355 do {
1356 advanceClocks(time::milliseconds(2), 10);
1357 } while (passPacket());
1358
1359 // should fail
1360 validator->validate(*interest4,
1361 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1362 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1363
1364 do {
1365 advanceClocks(time::milliseconds(2), 10);
1366 } while (passPacket());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1367}
1368
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1369struct DirTestFixture : public IdentityManagementTimeFixture
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1370{
1371 DirTestFixture()
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1372 : face(io, m_keyChain, {true, true})
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1373 , validator(&face, ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1374 ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
1375 {
1376 certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
1377 boost::filesystem::create_directory(certDirPath);
1378
1379 firstCertPath = (boost::filesystem::current_path() /
1380 std::string("test-cert-dir") /
1381 std::string("trust-anchor-1.cert"));
1382
1383 secondCertPath = (boost::filesystem::current_path() /
1384 std::string("test-cert-dir") /
1385 std::string("trust-anchor-2.cert"));
1386
1387 firstIdentity = Name("/TestValidatorConfig/Dir/First");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1388 BOOST_REQUIRE(addIdentity(firstIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1389 Name firstCertName = m_keyChain.getDefaultCertificateNameForIdentity(firstIdentity);
1390 firstCert = m_keyChain.getCertificate(firstCertName);
1391 io::save(*firstCert, firstCertPath.string());
1392
1393 secondIdentity = Name("/TestValidatorConfig/Dir/Second");
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800[diff] [blame]1394 BOOST_REQUIRE(addIdentity(secondIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1395 Name secondCertName = m_keyChain.getDefaultCertificateNameForIdentity(secondIdentity);
1396 secondCert = m_keyChain.getCertificate(secondCertName);
1397 }
1398
1399 ~DirTestFixture()
1400 {
1401 boost::filesystem::remove_all(certDirPath);
1402 }
1403
1404public:
1405 boost::filesystem::path certDirPath;
1406 boost::filesystem::path firstCertPath;
1407 boost::filesystem::path secondCertPath;
1408
1409 Name firstIdentity;
1410 Name secondIdentity;
1411
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]1412 shared_ptr<v1::IdentityCertificate> firstCert;
1413 shared_ptr<v1::IdentityCertificate> secondCert;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1414
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1415 util::DummyClientFace face;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1416 ValidatorConfig validator;
1417};
1418
1419BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
1420{
1421 advanceClocks(time::milliseconds(10));
1422
1423 Name dataName1("/any/data/1");
1424 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1425 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(firstIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1426
1427 Name dataName2("/any/data/2");
1428 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1429 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(secondIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1430
1431 std::string CONFIG =
1432 "rule\n"
1433 "{\n"
1434 " id \"Any Rule\"\n"
1435 " for data\n"
1436 " filter\n"
1437 " {\n"
1438 " type name\n"
1439 " regex ^<>*$\n"
1440 " }\n"
1441 " checker\n"
1442 " {\n"
1443 " type customized\n"
1444 " sig-type rsa-sha256\n"
1445 " key-locator\n"
1446 " {\n"
1447 " type name\n"
1448 " regex ^<>*$\n"
1449 " }\n"
1450 " }\n"
1451 "}\n"
1452 "trust-anchor\n"
1453 "{\n"
1454 " type dir\n"
1455 " dir test-cert-dir\n"
1456 " refresh 1s\n"
1457 "}\n";
1458
1459 const boost::filesystem::path CONFIG_PATH =
1460 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1461
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700[diff] [blame]1462 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1463
1464 advanceClocks(time::milliseconds(10), 20);
1465 validator.validate(*data1,
1466 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1467 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1468 advanceClocks(time::milliseconds(10), 20);
1469
1470 validator.validate(*data2,
1471 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1472 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1473 advanceClocks(time::milliseconds(10), 20);
1474
1475 io::save(*secondCert, secondCertPath.string());
1476 advanceClocks(time::milliseconds(10), 200);
1477
1478 validator.validate(*data1,
1479 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1480 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1481 advanceClocks(time::milliseconds(10), 20);
1482
1483 validator.validate(*data2,
1484 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1485 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1486 advanceClocks(time::milliseconds(10), 20);
1487}
1488
Junxiao Shid5827ce2016-07-14 20:49:37 +0000[diff] [blame]1489BOOST_AUTO_TEST_SUITE_END() // TestValidatorConfig
1490BOOST_AUTO_TEST_SUITE_END() // Security
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1491
1492} // namespace tests
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1493} // namespace security
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1494} // namespace ndn