Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 9c57818289aaddeb33ee871d6a89ad3caa3c743d / . / tests-integrated / security / test-validator-config.cpp
blob: df1dd77df10f26a789f2da1e7068b33bc83738d5 [file] [log] [blame]
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]2/**
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]3 * Copyright (c) 2013-2014, Regents of the University of California.
4 * All rights reserved.
5 *
6 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
7 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
8 *
9 * This file licensed under New BSD License. See COPYING for detailed information about
10 * ndn-cxx library copyright, permissions, and redistribution restrictions.
11 *
12 * @author Yingdi Yu <yingdi0@cs.ucla.edu>
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]13 */
14
15#include "security/validator-config.hpp"
16
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]17#include "security/key-chain.hpp"
18#include "util/io.hpp"
Alexander Afanasyev258ec2b2014-05-14 16:15:37 -0700[diff] [blame]19#include "util/scheduler.hpp"
20
21#include <boost/asio.hpp>
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]22
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]23#include "boost-test.hpp"
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]24
25using namespace std;
26
27namespace ndn {
28
29BOOST_AUTO_TEST_SUITE(TestValidatorConfig)
30
31void
32onValidated(const shared_ptr<const Data>& data)
33{
34 BOOST_CHECK(true);
35}
36
37void
38onValidationFailed(const shared_ptr<const Data>& data, const string& failureInfo)
39{
40 std::cerr << "Failure Info: " << failureInfo << std::endl;
41 BOOST_CHECK(false);
42}
43
44void
45onIntentionalFailureValidated(const shared_ptr<const Data>& data)
46{
47 BOOST_CHECK(false);
48}
49
50void
51onIntentionalFailureInvalidated(const shared_ptr<const Data>& data, const string& failureInfo)
52{
53 BOOST_CHECK(true);
54}
55
56void
57onValidated2(const shared_ptr<const Interest>& interest)
58{
59 BOOST_CHECK(true);
60}
61
62void
63onValidationFailed2(const shared_ptr<const Interest>& interest, const string& failureInfo)
64{
65 std::cerr << "Interest Name: " << interest->getName() << std::endl;
66 std::cerr << "Failure Info: " << failureInfo << std::endl;
67 BOOST_CHECK(false);
68}
69
70void
71onIntentionalFailureValidated2(const shared_ptr<const Interest>& interest)
72{
73 BOOST_CHECK(false);
74}
75
76void
77onIntentionalFailureInvalidated2(const shared_ptr<const Interest>& interest,
78 const string& failureInfo)
79{
80 BOOST_CHECK(true);
81}
82
83BOOST_AUTO_TEST_CASE(NameFilter)
84{
85 KeyChain keyChain;
86
87 Name identity("/TestValidatorConfig/NameFilter");
88 identity.appendVersion();
89 BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
90 Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
91 shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
92 io::save(*idCert, "trust-anchor-1.cert");
93
94 Name dataName1("/simple/equal");
95 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
96 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
97
98 Name dataName2("/simple/different");
99 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
100 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
101
102 std::string CONFIG_1 =
103 "rule\n"
104 "{\n"
105 " id \"Simple Rule\"\n"
106 " for data\n"
107 " filter"
108 " {\n"
109 " type name\n"
110 " name /simple/equal\n"
111 " relation equal\n"
112 " }\n"
113 " checker\n"
114 " {\n"
115 " type customized\n"
116 " sig-type rsa-sha256\n"
117 " key-locator\n"
118 " {\n"
119 " type name\n"
120 " name ";
121
122 std::string CONFIG_2 =
123 "\n"
124 " relation equal\n"
125 " }\n"
126 " }\n"
127 "}\n"
128 "trust-anchor\n"
129 "{\n"
130 " type file\n"
131 " file-name \"trust-anchor-1.cert\"\n"
132 "}\n";
133 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
134
135 const boost::filesystem::path CONFIG_PATH =
136 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
137
138
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]139 Face face;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]140 ValidatorConfig validator(face);
141 validator.load(CONFIG, CONFIG_PATH.native());
142
143 validator.validate(*data1,
144 bind(&onValidated, _1),
145 bind(&onValidationFailed, _1, _2));
146
147 validator.validate(*data2,
148 bind(&onIntentionalFailureValidated, _1),
149 bind(&onIntentionalFailureInvalidated, _1, _2));
150
151 keyChain.deleteIdentity(identity);
152
153 const boost::filesystem::path CERT_PATH =
154 (boost::filesystem::current_path() / std::string("trust-anchor-1.cert"));
155 boost::filesystem::remove(CERT_PATH);
156}
157
158BOOST_AUTO_TEST_CASE(NameFilter2)
159{
160 KeyChain keyChain;
161
162 Name identity("/TestValidatorConfig/NameFilter2");
163 identity.appendVersion();
164 BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
165 Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
166 shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
167 io::save(*idCert, "trust-anchor-2.cert");
168
169 Name dataName1("/simple/isPrefixOf");
170 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
171 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
172
173 Name dataName2("/simple/notPrefixOf");
174 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
175 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
176
177 Name dataName3("/simple/isPrefixOf/anotherLevel");
178 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
179 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
180
181 std::string CONFIG_1 =
182 "rule\n"
183 "{\n"
184 " id \"Simple2 Rule\"\n"
185 " for data\n"
186 " filter"
187 " {\n"
188 " type name\n"
189 " name /simple/isPrefixOf\n"
190 " relation is-prefix-of\n"
191 " }\n"
192 " checker\n"
193 " {\n"
194 " type customized\n"
195 " sig-type rsa-sha256\n"
196 " key-locator\n"
197 " {\n"
198 " type name\n"
199 " name ";
200
201 std::string CONFIG_2 =
202 "\n"
203 " relation equal\n"
204 " }\n"
205 " }\n"
206 "}\n"
207 "trust-anchor\n"
208 "{\n"
209 " type file\n"
210 " file-name \"trust-anchor-2.cert\"\n"
211 "}\n";
212 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
213
214 const boost::filesystem::path CONFIG_PATH =
215 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
216
217
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]218 Face face;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]219 ValidatorConfig validator(face);
220 validator.load(CONFIG, CONFIG_PATH.native());
221
222 validator.validate(*data1,
223 bind(&onValidated, _1),
224 bind(&onValidationFailed, _1, _2));
225
226 validator.validate(*data2,
227 bind(&onIntentionalFailureValidated, _1),
228 bind(&onIntentionalFailureInvalidated, _1, _2));
229
230 validator.validate(*data3,
231 bind(&onValidated, _1),
232 bind(&onValidationFailed, _1, _2));
233
234 keyChain.deleteIdentity(identity);
235
236 const boost::filesystem::path CERT_PATH =
237 (boost::filesystem::current_path() / std::string("trust-anchor-2.cert"));
238 boost::filesystem::remove(CERT_PATH);
239}
240
241BOOST_AUTO_TEST_CASE(NameFilter3)
242{
243 KeyChain keyChain;
244
245 Name identity("/TestValidatorConfig/NameFilter3");
246 identity.appendVersion();
247 BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
248 Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
249 shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
250 io::save(*idCert, "trust-anchor-3.cert");
251
252 Name dataName1("/simple/isStrictPrefixOf");
253 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
254 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
255
256 Name dataName2("/simple");
257 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
258 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
259
260 Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
261 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
262 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
263
264 std::string CONFIG_1 =
265 "rule\n"
266 "{\n"
267 " id \"Simple3 Rule\"\n"
268 " for data\n"
269 " filter"
270 " {\n"
271 " type name\n"
272 " name /simple/isStrictPrefixOf\n"
273 " relation is-strict-prefix-of\n"
274 " }\n"
275 " checker\n"
276 " {\n"
277 " type customized\n"
278 " sig-type rsa-sha256\n"
279 " key-locator\n"
280 " {\n"
281 " type name\n"
282 " name ";
283
284 std::string CONFIG_2 =
285 "\n"
286 " relation equal\n"
287 " }\n"
288 " }\n"
289 "}\n"
290 "trust-anchor\n"
291 "{\n"
292 " type file\n"
293 " file-name \"trust-anchor-3.cert\"\n"
294 "}\n";
295 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
296
297 const boost::filesystem::path CONFIG_PATH =
298 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
299
300
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]301 Face face;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]302 ValidatorConfig validator(face);
303 validator.load(CONFIG, CONFIG_PATH.native());
304
305 validator.validate(*data1,
306 bind(&onIntentionalFailureValidated, _1),
307 bind(&onIntentionalFailureInvalidated, _1, _2));
308
309 validator.validate(*data2,
310 bind(&onIntentionalFailureValidated, _1),
311 bind(&onIntentionalFailureInvalidated, _1, _2));
312
313 validator.validate(*data3,
314 bind(&onValidated, _1),
315 bind(&onValidationFailed, _1, _2));
316
317 keyChain.deleteIdentity(identity);
318
319 const boost::filesystem::path CERT_PATH =
320 (boost::filesystem::current_path() / std::string("trust-anchor-3.cert"));
321 boost::filesystem::remove(CERT_PATH);
322}
323
324BOOST_AUTO_TEST_CASE(NameFilter4)
325{
326 KeyChain keyChain;
327
328 Name identity("/TestValidatorConfig/NameFilter4");
329 identity.appendVersion();
330 BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
331 Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
332 shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
333 io::save(*idCert, "trust-anchor-4.cert");
334
335 Name dataName1("/simple/regex");
336 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
337 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
338
339 Name dataName2("/simple/regex-wrong");
340 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
341 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
342
343 Name dataName3("/simple/regex/correct");
344 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
345 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
346
347 std::string CONFIG_1 =
348 "rule\n"
349 "{\n"
350 " id \"Simple3 Rule\"\n"
351 " for data\n"
352 " filter"
353 " {\n"
354 " type name\n"
355 " regex ^<simple><regex>\n"
356 " }\n"
357 " checker\n"
358 " {\n"
359 " type customized\n"
360 " sig-type rsa-sha256\n"
361 " key-locator\n"
362 " {\n"
363 " type name\n"
364 " name ";
365
366 std::string CONFIG_2 =
367 "\n"
368 " relation equal\n"
369 " }\n"
370 " }\n"
371 "}\n"
372 "trust-anchor\n"
373 "{\n"
374 " type file\n"
375 " file-name \"trust-anchor-4.cert\"\n"
376 "}\n";
377 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
378
379 const boost::filesystem::path CONFIG_PATH =
380 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
381
382
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]383 Face face;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]384 ValidatorConfig validator(face);
385 validator.load(CONFIG, CONFIG_PATH.native());
386
387 validator.validate(*data1,
388 bind(&onValidated, _1),
389 bind(&onValidationFailed, _1, _2));
390
391 validator.validate(*data2,
392 bind(&onIntentionalFailureValidated, _1),
393 bind(&onIntentionalFailureInvalidated, _1, _2));
394
395 validator.validate(*data3,
396 bind(&onValidated, _1),
397 bind(&onValidationFailed, _1, _2));
398
399 keyChain.deleteIdentity(identity);
400
401 const boost::filesystem::path CERT_PATH =
402 (boost::filesystem::current_path() / std::string("trust-anchor-4.cert"));
403 boost::filesystem::remove(CERT_PATH);
404}
405
406BOOST_AUTO_TEST_CASE(KeyLocatorNameChecker1)
407{
408 KeyChain keyChain;
409
410 Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
411 identity.appendVersion();
412 BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
413 Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
414 shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
415 io::save(*idCert, "trust-anchor-5.cert");
416
417 Name dataName1 = identity;
418 dataName1.append("1");
419 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
420 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
421
422 Name dataName2 = identity;
423 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
424 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
425
426 Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
427 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
428 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
429
430 const std::string CONFIG =
431 "rule\n"
432 "{\n"
433 " id \"Simple3 Rule\"\n"
434 " for data\n"
435 " checker\n"
436 " {\n"
437 " type customized\n"
438 " sig-type rsa-sha256\n"
439 " key-locator\n"
440 " {\n"
441 " type name\n"
442 " hyper-relation\n"
443 " {\n"
444 " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
445 " k-expand \\\\1\\\\2\n"
446 " h-relation is-strict-prefix-of\n"
447 " p-regex ^(<>*)$\n"
448 " p-expand \\\\1\n"
449 " }\n"
450 " }\n"
451 " }\n"
452 "}\n"
453 "trust-anchor\n"
454 "{\n"
455 " type file\n"
456 " file-name \"trust-anchor-5.cert\"\n"
457 "}\n";
458 const boost::filesystem::path CONFIG_PATH =
459 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
460
461
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]462 Face face;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]463 ValidatorConfig validator(face);
464 validator.load(CONFIG, CONFIG_PATH.native());
465
466 validator.validate(*data1,
467 bind(&onValidated, _1),
468 bind(&onValidationFailed, _1, _2));
469
470 validator.validate(*data2,
471 bind(&onIntentionalFailureValidated, _1),
472 bind(&onIntentionalFailureInvalidated, _1, _2));
473
474 validator.validate(*data3,
475 bind(&onIntentionalFailureValidated, _1),
476 bind(&onIntentionalFailureInvalidated, _1, _2));
477
478 keyChain.deleteIdentity(identity);
479
480 const boost::filesystem::path CERT_PATH =
481 (boost::filesystem::current_path() / std::string("trust-anchor-5.cert"));
482 boost::filesystem::remove(CERT_PATH);
483}
484
485struct FacesFixture
486{
487 FacesFixture()
488 : regPrefixId(0)
489 , regPrefixId2(0)
490 {}
491
492 void
493 onInterest(shared_ptr<Face> face, shared_ptr<Data> data)
494 {
495 face->put(*data);
496 face->unsetInterestFilter(regPrefixId);
497 }
498
499 void
500 onInterest2(shared_ptr<Face> face, shared_ptr<Data> data)
501 {
502 face->put(*data);
503 face->unsetInterestFilter(regPrefixId2);
504 }
505
506 void
507 onRegFailed()
508 {}
509
510 void
511 validate1(shared_ptr<ValidatorConfig> validator, shared_ptr<Data> data)
512 {
513 validator->validate(*data,
514 bind(&onValidated, _1),
515 bind(&onValidationFailed, _1, _2));
516 }
517
518 void
519 validate2(shared_ptr<ValidatorConfig> validator, shared_ptr<Data> data)
520 {
521 validator->validate(*data,
522 bind(&onIntentionalFailureValidated, _1),
523 bind(&onIntentionalFailureInvalidated, _1, _2));
524 }
525
526 void
527 validate3(shared_ptr<ValidatorConfig> validator, shared_ptr<Interest> interest)
528 {
529 validator->validate(*interest,
530 bind(&onValidated2, _1),
531 bind(&onValidationFailed2, _1, _2));
532 }
533
534 void
535 validate4(shared_ptr<ValidatorConfig> validator, shared_ptr<Interest> interest)
536 {
537 validator->validate(*interest,
538 bind(&onIntentionalFailureValidated2, _1),
539 bind(&onIntentionalFailureInvalidated2, _1, _2));
540 }
541
542 void
543 terminate(shared_ptr<Face> face)
544 {
Alexander Afanasyev9c578182014-05-14 17:28:28 -0700[diff] [blame^]545 face->getIoService().stop();
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]546 }
547
548 const RegisteredPrefixId* regPrefixId;
549 const RegisteredPrefixId* regPrefixId2;
550};
551
552BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
553{
554 KeyChain keyChain;
555 std::vector<CertificateSubjectDescription> subjectDescription;
556
557 Name root("/TestValidatorConfig");
558 Name rootCertName = keyChain.createIdentity(root);
559 shared_ptr<IdentityCertificate> rootCert =
560 keyChain.getCertificate(rootCertName);
561 io::save(*rootCert, "trust-anchor-6.cert");
562
563
564 Name sld("/TestValidatorConfig/HierarchicalChecker");
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]565 Name sldKeyName = keyChain.generateRsaKeyPairAsDefault(sld, true);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]566 shared_ptr<IdentityCertificate> sldCert =
567 keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
568 root,
569 time::system_clock::now(),
570 time::system_clock::now() + time::days(7300),
571 subjectDescription);
572 keyChain.signByIdentity(*sldCert, root);
573 keyChain.addCertificateAsIdentityDefault(*sldCert);
574
575 Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]576 Name nldKeyName = keyChain.generateRsaKeyPairAsDefault(nld, true);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]577 shared_ptr<IdentityCertificate> nldCert =
578 keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
579 sld,
580 time::system_clock::now(),
581 time::system_clock::now() + time::days(7300),
582 subjectDescription);
583 keyChain.signByIdentity(*nldCert, sld);
584 keyChain.addCertificateAsIdentityDefault(*nldCert);
585
586 shared_ptr<Face> face = make_shared<Face>();
Alexander Afanasyev9c578182014-05-14 17:28:28 -0700[diff] [blame^]587 Face face2(face->getIoService());
588 Scheduler scheduler(face->getIoService());
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]589
590 scheduler.scheduleEvent(time::seconds(1),
591 bind(&FacesFixture::terminate, this, face));
592
593 regPrefixId = face->setInterestFilter(sldCert->getName().getPrefix(-1),
Alexander Afanasyev9c578182014-05-14 17:28:28 -0700[diff] [blame^]594 bind(&FacesFixture::onInterest, this, face, sldCert),
595 RegisterPrefixSuccessCallback(),
596 bind(&FacesFixture::onRegFailed, this));
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]597
598 regPrefixId2 = face->setInterestFilter(nldCert->getName().getPrefix(-1),
599 bind(&FacesFixture::onInterest2, this, face, nldCert),
Alexander Afanasyev9c578182014-05-14 17:28:28 -0700[diff] [blame^]600 RegisterPrefixSuccessCallback(),
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]601 bind(&FacesFixture::onRegFailed, this));
602
603 Name dataName1 = nld;
604 dataName1.append("data1");
605 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
606 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, nld));
607
608 Name dataName2("/ConfValidatorTest");
609 dataName2.append("data1");
610 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
611 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, nld));
612
613
614 const std::string CONFIG =
615 "rule\n"
616 "{\n"
617 " id \"Simple3 Rule\"\n"
618 " for data\n"
619 " checker\n"
620 " {\n"
621 " type hierarchical\n"
622 " sig-type rsa-sha256\n"
623 " }\n"
624 "}\n"
625 "trust-anchor\n"
626 "{\n"
627 " type file\n"
628 " file-name \"trust-anchor-6.cert\"\n"
629 "}\n";
630 const boost::filesystem::path CONFIG_PATH =
631 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
632
633
634 shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face2));
635 validator->load(CONFIG, CONFIG_PATH.native());
636
637 scheduler.scheduleEvent(time::milliseconds(200),
638 bind(&FacesFixture::validate1, this,
639 validator, data1));
640
641 scheduler.scheduleEvent(time::milliseconds(400),
642 bind(&FacesFixture::validate2, this,
643 validator, data2));
644
645 BOOST_REQUIRE_NO_THROW(face->processEvents());
646
647 keyChain.deleteIdentity(root);
648 keyChain.deleteIdentity(sld);
649 keyChain.deleteIdentity(nld);
650
651 const boost::filesystem::path CERT_PATH =
652 (boost::filesystem::current_path() / std::string("trust-anchor-6.cert"));
653 boost::filesystem::remove(CERT_PATH);
654}
655
656BOOST_AUTO_TEST_CASE(FixedSingerChecker)
657{
658 KeyChain keyChain;
659
660 Name identity("/TestValidatorConfig/FixedSingerChecker");
661
662 Name identity1 = identity;
663 identity1.append("1").appendVersion();
664 BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity1));
665 Name certName1 = keyChain.getDefaultCertificateNameForIdentity(identity1);
666 shared_ptr<IdentityCertificate> idCert1 = keyChain.getCertificate(certName1);
667 io::save(*idCert1, "trust-anchor-7.cert");
668
669 Name identity2 = identity;
670 identity2.append("2").appendVersion();
671 BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity2));
672
673 Name dataName1 = identity;
674 dataName1.append("data").appendVersion();
675 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
676 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity1));
677
678 Name dataName2 = identity;
679 dataName2.append("data").appendVersion();
680 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
681 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity2));
682
Yingdi Yu20a06962014-04-17 12:56:04 -0700[diff] [blame]683 Name interestName("/TestValidatorConfig/FixedSingerChecker/fakeSigInfo/fakeSigValue");
684 shared_ptr<Interest> interest = make_shared<Interest>(interestName);
685
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]686 const std::string CONFIG =
687 "rule\n"
688 "{\n"
Yingdi Yu20a06962014-04-17 12:56:04 -0700[diff] [blame]689 " id \"FixedSingerChecker Data Rule\"\n"
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]690 " for data\n"
691 " filter"
692 " {\n"
693 " type name\n"
694 " name /TestValidatorConfig/FixedSingerChecker\n"
695 " relation is-strict-prefix-of\n"
696 " }\n"
697 " checker\n"
698 " {\n"
699 " type fixed-signer\n"
700 " sig-type rsa-sha256\n"
701 " signer\n"
702 " {\n"
703 " type file\n"
704 " file-name \"trust-anchor-7.cert\"\n"
705 " }\n"
706 " }\n"
Yingdi Yu20a06962014-04-17 12:56:04 -0700[diff] [blame]707 "}\n"
708 "rule\n"
709 "{\n"
710 " id \"FixedSingerChecker Interest Rule\"\n"
711 " for interest\n"
712 " filter"
713 " {\n"
714 " type name\n"
715 " name /TestValidatorConfig/FixedSingerChecker\n"
716 " relation is-strict-prefix-of\n"
717 " }\n"
718 " checker\n"
719 " {\n"
720 " type fixed-signer\n"
721 " sig-type rsa-sha256\n"
722 " signer\n"
723 " {\n"
724 " type file\n"
725 " file-name \"trust-anchor-7.cert\"\n"
726 " }\n"
727 " }\n"
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]728 "}\n";
729 const boost::filesystem::path CONFIG_PATH =
730 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
731
732
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]733 Face face;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]734 ValidatorConfig validator(face);
735 validator.load(CONFIG, CONFIG_PATH.native());
736
737 validator.validate(*data1,
738 bind(&onValidated, _1),
739 bind(&onValidationFailed, _1, _2));
740
741 validator.validate(*data2,
742 bind(&onIntentionalFailureValidated, _1),
743 bind(&onIntentionalFailureInvalidated, _1, _2));
744
Yingdi Yu20a06962014-04-17 12:56:04 -0700[diff] [blame]745 validator.validate(*interest,
746 bind(&onIntentionalFailureValidated2, _1),
747 bind(&onIntentionalFailureInvalidated2, _1, _2));
748
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]749
750 keyChain.deleteIdentity(identity1);
751 keyChain.deleteIdentity(identity2);
752
753 const boost::filesystem::path CERT_PATH =
754 (boost::filesystem::current_path() / std::string("trust-anchor-7.cert"));
755 boost::filesystem::remove(CERT_PATH);
756}
757
758
759BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
760{
761 KeyChain keyChain;
762 std::vector<CertificateSubjectDescription> subjectDescription;
763
764 Name root("/TestValidatorConfig");
765 Name rootCertName = keyChain.createIdentity(root);
766 shared_ptr<IdentityCertificate> rootCert =
767 keyChain.getCertificate(rootCertName);
768 io::save(*rootCert, "trust-anchor-8.cert");
769
770
771 Name sld("/TestValidatorConfig/Nrd-1");
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]772 Name sldKeyName = keyChain.generateRsaKeyPairAsDefault(sld, true);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]773 shared_ptr<IdentityCertificate> sldCert =
774 keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
775 root,
776 time::system_clock::now(),
777 time::system_clock::now() + time::days(7300),
778 subjectDescription);
779 keyChain.signByIdentity(*sldCert, root);
780 keyChain.addCertificateAsIdentityDefault(*sldCert);
781
782 Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]783 Name nldKeyName = keyChain.generateRsaKeyPairAsDefault(nld, true);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]784 shared_ptr<IdentityCertificate> nldCert =
785 keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
786 sld,
787 time::system_clock::now(),
788 time::system_clock::now() + time::days(7300),
789 subjectDescription);
790 keyChain.signByIdentity(*nldCert, sld);
791 keyChain.addCertificateAsIdentityDefault(*nldCert);
792
793 shared_ptr<Face> face = make_shared<Face>();
Alexander Afanasyev9c578182014-05-14 17:28:28 -0700[diff] [blame^]794 Face face2(face->getIoService());
795 Scheduler scheduler(face->getIoService());
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]796
797 scheduler.scheduleEvent(time::seconds(1),
798 bind(&FacesFixture::terminate, this, face));
799
800 regPrefixId = face->setInterestFilter(sldCert->getName().getPrefix(-1),
Alexander Afanasyev9c578182014-05-14 17:28:28 -0700[diff] [blame^]801 bind(&FacesFixture::onInterest, this, face, sldCert),
802 RegisterPrefixSuccessCallback(),
803 bind(&FacesFixture::onRegFailed, this));
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]804
805 regPrefixId2 = face->setInterestFilter(nldCert->getName().getPrefix(-1),
806 bind(&FacesFixture::onInterest2, this, face, nldCert),
Alexander Afanasyev9c578182014-05-14 17:28:28 -0700[diff] [blame^]807 RegisterPrefixSuccessCallback(),
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]808 bind(&FacesFixture::onRegFailed, this));
809
810 Name interestName1("/localhost/nrd/register/option/timestamp/nonce");
811 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
812 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest1, nld));
813
814 Name interestName2("/localhost/nrd/non-register");
815 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
816 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest2, nld));
817
Yingdi Yu3cca4ab2014-04-11 12:46:53 -0700[diff] [blame]818 Name interestName3("/localhost/nrd/register/option/timestamp/nonce");
819 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
820 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest3, root));
821
Yingdi Yu20a06962014-04-17 12:56:04 -0700[diff] [blame]822 Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
823 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]824
825 const std::string CONFIG =
826 "rule\n"
827 "{\n"
828 " id \"NRD Prefix Registration Command Rule\"\n"
829 " for interest\n"
830 " filter\n"
831 " {\n"
832 " type name\n"
833 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>{3}$\n"
834 " }\n"
835 " checker\n"
836 " {\n"
837 " type customized\n"
838 " sig-type rsa-sha256\n"
839 " key-locator\n"
840 " {\n"
841 " type name\n"
842 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
843 " }\n"
844 " }\n"
845 "}\n"
846 "rule\n"
847 "{\n"
848 " id \"Testbed Hierarchy Rule\"\n"
849 " for data\n"
850 " filter\n"
851 " {\n"
852 " type name\n"
853 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
854 " }\n"
855 " checker\n"
856 " {\n"
857 " type hierarchical\n"
858 " sig-type rsa-sha256\n"
859 " }\n"
860 "}\n"
861 "trust-anchor\n"
862 "{\n"
863 " type file\n"
864 " file-name \"trust-anchor-8.cert\"\n"
865 "}\n";
866 const boost::filesystem::path CONFIG_PATH =
867 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
868
869
870 shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face2));
871 validator->load(CONFIG, CONFIG_PATH.native());
872
Yingdi Yu20a06962014-04-17 12:56:04 -0700[diff] [blame]873 // should succeed
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]874 scheduler.scheduleEvent(time::milliseconds(200),
875 bind(&FacesFixture::validate3, this,
876 validator, interest1));
Yingdi Yu20a06962014-04-17 12:56:04 -0700[diff] [blame]877 // should fail
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]878 scheduler.scheduleEvent(time::milliseconds(400),
879 bind(&FacesFixture::validate4, this,
880 validator, interest2));
Yingdi Yu20a06962014-04-17 12:56:04 -0700[diff] [blame]881 // should succeed
Yingdi Yu3cca4ab2014-04-11 12:46:53 -0700[diff] [blame]882 scheduler.scheduleEvent(time::milliseconds(600),
883 bind(&FacesFixture::validate3, this,
884 validator, interest3));
Yingdi Yu20a06962014-04-17 12:56:04 -0700[diff] [blame]885 // should fail
886 scheduler.scheduleEvent(time::milliseconds(600),
887 bind(&FacesFixture::validate4, this,
888 validator, interest4));
Yingdi Yu3cca4ab2014-04-11 12:46:53 -0700[diff] [blame]889
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]890 BOOST_REQUIRE_NO_THROW(face->processEvents());
891
892 keyChain.deleteIdentity(root);
893 keyChain.deleteIdentity(sld);
894 keyChain.deleteIdentity(nld);
895
896 const boost::filesystem::path CERT_PATH =
897 (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
898 boost::filesystem::remove(CERT_PATH);
899}
900
Yingdi Yu58f33712014-04-16 16:57:47 -0700[diff] [blame]901BOOST_AUTO_TEST_CASE(Reset)
902{
903 KeyChain keyChain;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]904
Yingdi Yu58f33712014-04-16 16:57:47 -0700[diff] [blame]905 Name root("/TestValidatorConfig/Reload");
906 Name rootCertName = keyChain.createIdentity(root);
907 shared_ptr<IdentityCertificate> rootCert =
908 keyChain.getCertificate(rootCertName);
909 io::save(*rootCert, "trust-anchor-8.cert");
910
911 Face face;
912
913 const std::string CONFIG =
914 "rule\n"
915 "{\n"
916 " id \"NRD Prefix Registration Command Rule\"\n"
917 " for interest\n"
918 " filter\n"
919 " {\n"
920 " type name\n"
921 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>{3}$\n"
922 " }\n"
923 " checker\n"
924 " {\n"
925 " type customized\n"
926 " sig-type rsa-sha256\n"
927 " key-locator\n"
928 " {\n"
929 " type name\n"
930 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
931 " }\n"
932 " }\n"
933 "}\n"
934 "rule\n"
935 "{\n"
936 " id \"Testbed Hierarchy Rule\"\n"
937 " for data\n"
938 " filter\n"
939 " {\n"
940 " type name\n"
941 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
942 " }\n"
943 " checker\n"
944 " {\n"
945 " type hierarchical\n"
946 " sig-type rsa-sha256\n"
947 " }\n"
948 "}\n"
949 "trust-anchor\n"
950 "{\n"
951 " type file\n"
952 " file-name \"trust-anchor-8.cert\"\n"
953 "}\n";
954 const boost::filesystem::path CONFIG_PATH =
955 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
956
957
958 shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
959
960 validator->load(CONFIG, CONFIG_PATH.native());
961 BOOST_CHECK_EQUAL(validator->isEmpty(), false);
962
963 validator->reset();
964 BOOST_CHECK(validator->isEmpty());
965
966 keyChain.deleteIdentity(root);
967
968 const boost::filesystem::path CERT_PATH =
969 (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
970 boost::filesystem::remove(CERT_PATH);
971}
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]972
Yingdi Yu44d190c2014-04-16 17:05:46 -0700[diff] [blame]973BOOST_AUTO_TEST_CASE(Wildcard)
974{
975 KeyChain keyChain;
976
977 Name identity("/TestValidatorConfig/Wildcard");
978 identity.appendVersion();
979 BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
980
981 Name dataName1("/any/data");
982 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
983 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
984
985 std::string CONFIG =
986 "trust-anchor\n"
987 "{\n"
988 " type any\n"
989 "}\n";
990
991 const boost::filesystem::path CONFIG_PATH =
992 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
993
994
995 Face face;
996 ValidatorConfig validator(face);
997 validator.load(CONFIG, CONFIG_PATH.native());
998
999 validator.validate(*data1,
1000 bind(&onValidated, _1),
1001 bind(&onValidationFailed, _1, _2));
1002
1003 keyChain.deleteIdentity(identity);
1004}
1005
1006
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]1007BOOST_AUTO_TEST_SUITE_END()
1008
1009} // namespace ndn