blob: 4171554b4b6eb895e96295e92b0a0ac8a1ac7b93 [file] [log] [blame]
Yingdi Yu41546342014-11-30 23:37:53 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Alexander Afanasyevaf99f462015-01-19 21:43:09 -08003 * Copyright (c) 2013-2015 Regents of the University of California.
Yingdi Yu41546342014-11-30 23:37:53 -08004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#include "security/validator-config.hpp"
23
24#include "security/key-chain.hpp"
25#include "util/io.hpp"
26#include "util/scheduler.hpp"
27#include "util/dummy-client-face.hpp"
28
29#include <boost/asio.hpp>
30
31#include "identity-management-fixture.hpp"
32#include "../identity-management-time-fixture.hpp"
33#include "boost-test.hpp"
34
35using namespace std;
36
37namespace ndn {
38namespace tests {
39
Spyridon Mastorakis429634f2015-02-19 17:35:33 -080040BOOST_AUTO_TEST_SUITE(SecurityValidatorConfig)
Yingdi Yu41546342014-11-30 23:37:53 -080041
42BOOST_FIXTURE_TEST_CASE(NameFilter, security::IdentityManagementFixture)
43{
44 Name identity("/TestValidatorConfig/NameFilter");
45 identity.appendVersion();
46 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
47 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
48 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
49 io::save(*idCert, "trust-anchor-1.cert");
50
51 Name dataName1("/simple/equal");
52 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
53 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
54
55 Name dataName2("/simple/different");
56 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
57 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
58
59 std::string CONFIG_1 =
60 "rule\n"
61 "{\n"
62 " id \"Simple Rule\"\n"
63 " for data\n"
64 " filter"
65 " {\n"
66 " type name\n"
67 " name /simple/equal\n"
68 " relation equal\n"
69 " }\n"
70 " checker\n"
71 " {\n"
72 " type customized\n"
73 " sig-type rsa-sha256\n"
74 " key-locator\n"
75 " {\n"
76 " type name\n"
77 " name ";
78
79 std::string CONFIG_2 =
80 "\n"
81 " relation equal\n"
82 " }\n"
83 " }\n"
84 "}\n"
85 "trust-anchor\n"
86 "{\n"
87 " type file\n"
88 " file-name \"trust-anchor-1.cert\"\n"
89 "}\n";
90 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
91
92 const boost::filesystem::path CONFIG_PATH =
93 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
94
95
96 Face face;
97 ValidatorConfig validator(face);
98 validator.load(CONFIG, CONFIG_PATH.native());
99
100 validator.validate(*data1,
101 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
102 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
103
104 validator.validate(*data2,
105 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
106 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
107
108 const boost::filesystem::path CERT_PATH =
109 (boost::filesystem::current_path() / std::string("trust-anchor-1.cert"));
110 boost::filesystem::remove(CERT_PATH);
111}
112
113BOOST_FIXTURE_TEST_CASE(NameFilter2, security::IdentityManagementFixture)
114{
115 Name identity("/TestValidatorConfig/NameFilter2");
116 identity.appendVersion();
117 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
118 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
119 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
120 io::save(*idCert, "trust-anchor-2.cert");
121
122 Name dataName1("/simple/isPrefixOf");
123 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
124 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
125
126 Name dataName2("/simple/notPrefixOf");
127 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
128 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
129
130 Name dataName3("/simple/isPrefixOf/anotherLevel");
131 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
132 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
133
134 std::string CONFIG_1 =
135 "rule\n"
136 "{\n"
137 " id \"Simple2 Rule\"\n"
138 " for data\n"
139 " filter"
140 " {\n"
141 " type name\n"
142 " name /simple/isPrefixOf\n"
143 " relation is-prefix-of\n"
144 " }\n"
145 " checker\n"
146 " {\n"
147 " type customized\n"
148 " sig-type rsa-sha256\n"
149 " key-locator\n"
150 " {\n"
151 " type name\n"
152 " name ";
153
154 std::string CONFIG_2 =
155 "\n"
156 " relation equal\n"
157 " }\n"
158 " }\n"
159 "}\n"
160 "trust-anchor\n"
161 "{\n"
162 " type file\n"
163 " file-name \"trust-anchor-2.cert\"\n"
164 "}\n";
165 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
166
167 const boost::filesystem::path CONFIG_PATH =
168 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
169
170
171 Face face;
172 ValidatorConfig validator(face);
173 validator.load(CONFIG, CONFIG_PATH.native());
174
175 validator.validate(*data1,
176 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
177 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
178
179 validator.validate(*data2,
180 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
181 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
182
183 validator.validate(*data3,
184 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
185 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
186
187 const boost::filesystem::path CERT_PATH =
188 (boost::filesystem::current_path() / std::string("trust-anchor-2.cert"));
189 boost::filesystem::remove(CERT_PATH);
190}
191
192BOOST_FIXTURE_TEST_CASE(NameFilter3, security::IdentityManagementFixture)
193{
194 Name identity("/TestValidatorConfig/NameFilter3");
195 identity.appendVersion();
196 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
197 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
198 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
199 io::save(*idCert, "trust-anchor-3.cert");
200
201 Name dataName1("/simple/isStrictPrefixOf");
202 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
203 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
204
205 Name dataName2("/simple");
206 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
207 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
208
209 Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
210 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
211 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
212
213 std::string CONFIG_1 =
214 "rule\n"
215 "{\n"
216 " id \"Simple3 Rule\"\n"
217 " for data\n"
218 " filter"
219 " {\n"
220 " type name\n"
221 " name /simple/isStrictPrefixOf\n"
222 " relation is-strict-prefix-of\n"
223 " }\n"
224 " checker\n"
225 " {\n"
226 " type customized\n"
227 " sig-type rsa-sha256\n"
228 " key-locator\n"
229 " {\n"
230 " type name\n"
231 " name ";
232
233 std::string CONFIG_2 =
234 "\n"
235 " relation equal\n"
236 " }\n"
237 " }\n"
238 "}\n"
239 "trust-anchor\n"
240 "{\n"
241 " type file\n"
242 " file-name \"trust-anchor-3.cert\"\n"
243 "}\n";
244 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
245
246 const boost::filesystem::path CONFIG_PATH =
247 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
248
249
250 Face face;
251 ValidatorConfig validator(face);
252 validator.load(CONFIG, CONFIG_PATH.native());
253
254 validator.validate(*data1,
255 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
256 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
257
258 validator.validate(*data2,
259 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
260 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
261
262 validator.validate(*data3,
263 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
264 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
265
266 const boost::filesystem::path CERT_PATH =
267 (boost::filesystem::current_path() / std::string("trust-anchor-3.cert"));
268 boost::filesystem::remove(CERT_PATH);
269}
270
271BOOST_FIXTURE_TEST_CASE(NameFilter4, security::IdentityManagementFixture)
272{
273 Name identity("/TestValidatorConfig/NameFilter4");
274 identity.appendVersion();
275 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
276 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
277 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
278 io::save(*idCert, "trust-anchor-4.cert");
279
280 Name dataName1("/simple/regex");
281 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
282 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
283
284 Name dataName2("/simple/regex-wrong");
285 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
286 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
287
288 Name dataName3("/simple/regex/correct");
289 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
290 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
291
292 std::string CONFIG_1 =
293 "rule\n"
294 "{\n"
295 " id \"Simple3 Rule\"\n"
296 " for data\n"
297 " filter"
298 " {\n"
299 " type name\n"
300 " regex ^<simple><regex>\n"
301 " }\n"
302 " checker\n"
303 " {\n"
304 " type customized\n"
305 " sig-type rsa-sha256\n"
306 " key-locator\n"
307 " {\n"
308 " type name\n"
309 " name ";
310
311 std::string CONFIG_2 =
312 "\n"
313 " relation equal\n"
314 " }\n"
315 " }\n"
316 "}\n"
317 "trust-anchor\n"
318 "{\n"
319 " type file\n"
320 " file-name \"trust-anchor-4.cert\"\n"
321 "}\n";
322 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
323
324 const boost::filesystem::path CONFIG_PATH =
325 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
326
327
328 Face face;
329 ValidatorConfig validator(face);
330 validator.load(CONFIG, CONFIG_PATH.native());
331
332 validator.validate(*data1,
333 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
334 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
335
336 validator.validate(*data2,
337 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
338 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
339
340 validator.validate(*data3,
341 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
342 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
343
344 const boost::filesystem::path CERT_PATH =
345 (boost::filesystem::current_path() / std::string("trust-anchor-4.cert"));
346 boost::filesystem::remove(CERT_PATH);
347}
348
349BOOST_FIXTURE_TEST_CASE(KeyLocatorNameChecker1, security::IdentityManagementFixture)
350{
351 Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
352 identity.appendVersion();
353 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
354 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
355 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
356 io::save(*idCert, "trust-anchor-5.cert");
357
358 Name dataName1 = identity;
359 dataName1.append("1");
360 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
361 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
362
363 Name dataName2 = identity;
364 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
365 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
366
367 Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
368 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
369 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
370
371 const std::string CONFIG =
372 "rule\n"
373 "{\n"
374 " id \"Simple3 Rule\"\n"
375 " for data\n"
376 " checker\n"
377 " {\n"
378 " type customized\n"
379 " sig-type rsa-sha256\n"
380 " key-locator\n"
381 " {\n"
382 " type name\n"
383 " hyper-relation\n"
384 " {\n"
385 " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
386 " k-expand \\\\1\\\\2\n"
387 " h-relation is-strict-prefix-of\n"
388 " p-regex ^(<>*)$\n"
389 " p-expand \\\\1\n"
390 " }\n"
391 " }\n"
392 " }\n"
393 "}\n"
394 "trust-anchor\n"
395 "{\n"
396 " type file\n"
397 " file-name \"trust-anchor-5.cert\"\n"
398 "}\n";
399 const boost::filesystem::path CONFIG_PATH =
400 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
401
402
403 Face face;
404 ValidatorConfig validator(face);
405 validator.load(CONFIG, CONFIG_PATH.native());
406
407 validator.validate(*data1,
408 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
409 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
410
411 validator.validate(*data2,
412 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
413 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
414
415 validator.validate(*data3,
416 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
417 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
418
419 const boost::filesystem::path CERT_PATH =
420 (boost::filesystem::current_path() / std::string("trust-anchor-5.cert"));
421 boost::filesystem::remove(CERT_PATH);
422}
423
424BOOST_FIXTURE_TEST_CASE(FixedSignerChecker, security::IdentityManagementFixture)
425{
426 Name identity("/TestValidatorConfig/FixedSignerChecker");
427
428 Name identity1 = identity;
429 identity1.append("1").appendVersion();
430 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
431 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
432 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
433 io::save(*idCert1, "trust-anchor-7.cert");
434
435 Name identity2 = identity;
436 identity2.append("2").appendVersion();
437 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
438
439 Name dataName1 = identity;
440 dataName1.append("data").appendVersion();
441 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
442 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity1));
443
444 Name dataName2 = identity;
445 dataName2.append("data").appendVersion();
446 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
447 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity2));
448
449 Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
450 shared_ptr<Interest> interest = make_shared<Interest>(interestName);
451
452 const std::string CONFIG =
453 "rule\n"
454 "{\n"
455 " id \"FixedSignerChecker Data Rule\"\n"
456 " for data\n"
457 " filter"
458 " {\n"
459 " type name\n"
460 " name /TestValidatorConfig/FixedSignerChecker\n"
461 " relation is-strict-prefix-of\n"
462 " }\n"
463 " checker\n"
464 " {\n"
465 " type fixed-signer\n"
466 " sig-type rsa-sha256\n"
467 " signer\n"
468 " {\n"
469 " type file\n"
470 " file-name \"trust-anchor-7.cert\"\n"
471 " }\n"
472 " }\n"
473 "}\n"
474 "rule\n"
475 "{\n"
476 " id \"FixedSignerChecker Interest Rule\"\n"
477 " for interest\n"
478 " filter"
479 " {\n"
480 " type name\n"
481 " name /TestValidatorConfig/FixedSignerChecker\n"
482 " relation is-strict-prefix-of\n"
483 " }\n"
484 " checker\n"
485 " {\n"
486 " type fixed-signer\n"
487 " sig-type rsa-sha256\n"
488 " signer\n"
489 " {\n"
490 " type file\n"
491 " file-name \"trust-anchor-7.cert\"\n"
492 " }\n"
493 " }\n"
494 "}\n";
495 const boost::filesystem::path CONFIG_PATH =
496 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
497
498
499 Face face;
500 ValidatorConfig validator(face);
501 validator.load(CONFIG, CONFIG_PATH.native());
502
503 validator.validate(*data1,
504 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
505 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
506
507 validator.validate(*data2,
508 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
509 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
510
511 validator.validate(*interest,
512 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
513 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
514
515 const boost::filesystem::path CERT_PATH =
516 (boost::filesystem::current_path() / std::string("trust-anchor-7.cert"));
517 boost::filesystem::remove(CERT_PATH);
518}
519
520BOOST_FIXTURE_TEST_CASE(Reset, security::IdentityManagementFixture)
521{
522 Name root("/TestValidatorConfig/Reload");
523 BOOST_REQUIRE_NO_THROW(addIdentity(root));
524 Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
525 shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
526 io::save(*rootCert, "trust-anchor-8.cert");
527
528 Face face;
529
530 const std::string CONFIG =
531 "rule\n"
532 "{\n"
533 " id \"NRD Prefix Registration Command Rule\"\n"
534 " for interest\n"
535 " filter\n"
536 " {\n"
537 " type name\n"
538 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
539 " }\n"
540 " checker\n"
541 " {\n"
542 " type customized\n"
543 " sig-type rsa-sha256\n"
544 " key-locator\n"
545 " {\n"
546 " type name\n"
547 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
548 " }\n"
549 " }\n"
550 "}\n"
551 "rule\n"
552 "{\n"
553 " id \"Testbed Hierarchy Rule\"\n"
554 " for data\n"
555 " filter\n"
556 " {\n"
557 " type name\n"
558 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
559 " }\n"
560 " checker\n"
561 " {\n"
562 " type hierarchical\n"
563 " sig-type rsa-sha256\n"
564 " }\n"
565 "}\n"
566 "trust-anchor\n"
567 "{\n"
568 " type file\n"
569 " file-name \"trust-anchor-8.cert\"\n"
570 "}\n";
571 const boost::filesystem::path CONFIG_PATH =
572 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
573
574
575 shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
576
577 validator->load(CONFIG, CONFIG_PATH.native());
578 BOOST_CHECK_EQUAL(validator->isEmpty(), false);
579
580 validator->reset();
581 BOOST_CHECK(validator->isEmpty());
582
583 const boost::filesystem::path CERT_PATH =
584 (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
585 boost::filesystem::remove(CERT_PATH);
586}
587
588BOOST_FIXTURE_TEST_CASE(TrustAnchorWildcard, security::IdentityManagementFixture)
589{
590 Name identity("/TestValidatorConfig/Wildcard");
591 identity.appendVersion();
592 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
593
594 Name dataName1("/any/data");
595 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
596 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
597
598 std::string CONFIG =
599 "trust-anchor\n"
600 "{\n"
601 " type any\n"
602 "}\n";
603
604 const boost::filesystem::path CONFIG_PATH =
605 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
606
607
608 Face face;
609 ValidatorConfig validator(face);
610 validator.load(CONFIG, CONFIG_PATH.native());
611
612 validator.validate(*data1,
613 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
614 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
615}
616
617BOOST_FIXTURE_TEST_CASE(SignedInterestTest, security::IdentityManagementFixture)
618{
619 Name identity("/TestValidatorConfig/SignedInterestTest");
620
621 Name identity1 = identity;
622 identity1.appendVersion();
623 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
624 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
625 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
626 io::save(*idCert1, "trust-anchor-9.cert");
627
628 Name interestName("/TestValidatorConfig/SignedInterestTest");
629 Name interestName1 = interestName;
630 interestName1.append("1");
631 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
632 Name interestName2 = interestName;
633 interestName2.append("2");
634 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
635
636 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, identity1));
637 usleep(10000);
638 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, identity1));
639
640 const std::string CONFIG =
641 "rule\n"
642 "{\n"
643 " id \"FixedSignerChecker Interest Rule\"\n"
644 " for interest\n"
645 " filter"
646 " {\n"
647 " type name\n"
648 " name /TestValidatorConfig/SignedInterestTest\n"
649 " relation is-strict-prefix-of\n"
650 " }\n"
651 " checker\n"
652 " {\n"
653 " type fixed-signer\n"
654 " sig-type rsa-sha256\n"
655 " signer\n"
656 " {\n"
657 " type file\n"
658 " file-name \"trust-anchor-9.cert\"\n"
659 " }\n"
660 " }\n"
661 "}\n";
662 const boost::filesystem::path CONFIG_PATH =
663 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
664
665
666 Face face;
667 ValidatorConfig validator(face);
668 validator.load(CONFIG, CONFIG_PATH.native());
669
670 validator.validate(*interest1,
671 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
672 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
673
674 validator.validate(*interest2,
675 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
676 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
677
678 validator.validate(*interest1,
679 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
680 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
681
682 const boost::filesystem::path CERT_PATH =
683 (boost::filesystem::current_path() / std::string("trust-anchor-9.cert"));
684 boost::filesystem::remove(CERT_PATH);
685}
686
687
688BOOST_FIXTURE_TEST_CASE(MaxKeyTest, security::IdentityManagementFixture)
689{
690 Name identity("/TestValidatorConfig/MaxKeyTest");
691
692 Name identity1 = identity;
693 identity1.append("Key1");
694 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
695 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
696 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
697 io::save(*idCert1, "trust-anchor-10-1.cert");
698
699 Name identity2 = identity;
700 identity2.append("Key2");
701 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
702 Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
703 shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
704 io::save(*idCert2, "trust-anchor-10-2.cert");
705
706 Name identity3 = identity;
707 identity3.append("Key3");
708 BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
709 Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
710 shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
711 io::save(*idCert3, "trust-anchor-10-3.cert");
712
713
714 Name interestName("/TestValidatorConfig/MaxKeyTest");
715 Name interestName1 = interestName;
716 interestName1.append("1");
717 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
718 Name interestName2 = interestName;
719 interestName2.append("2");
720 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
721 Name interestName3 = interestName;
722 interestName3.append("3");
723 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
724
725 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, identity1));
726 usleep(10000);
727 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, identity2));
728 usleep(10000);
729 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest3, identity3));
730
731 const std::string CONFIG =
732 "rule\n"
733 "{\n"
734 " id \"FixedSignerChecker Interest Rule\"\n"
735 " for interest\n"
736 " filter"
737 " {\n"
738 " type name\n"
739 " name /TestValidatorConfig/MaxKeyTest\n"
740 " relation is-strict-prefix-of\n"
741 " }\n"
742 " checker\n"
743 " {\n"
744 " type fixed-signer\n"
745 " sig-type rsa-sha256\n"
746 " signer\n"
747 " {\n"
748 " type file\n"
749 " file-name \"trust-anchor-10-1.cert\"\n"
750 " }\n"
751 " signer\n"
752 " {\n"
753 " type file\n"
754 " file-name \"trust-anchor-10-2.cert\"\n"
755 " }\n"
756 " signer\n"
757 " {\n"
758 " type file\n"
759 " file-name \"trust-anchor-10-3.cert\"\n"
760 " }\n"
761 " }\n"
762 "}\n";
763 const boost::filesystem::path CONFIG_PATH =
764 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
765
766
767 Face face;
768 ValidatorConfig validator(face,
769 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
770 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
771 10,
772 2, // Two keys can be tracked
773 time::seconds(1)); // TTL is set to 1 sec
774 validator.load(CONFIG, CONFIG_PATH.native());
775
776 validator.validate(*interest1,
777 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
778 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
779
780 validator.validate(*interest2,
781 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
782 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
783
784 validator.validate(*interest1,
785 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
786 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
787
788 validator.validate(*interest3,
789 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
790 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
791
792 // Should succeed because identity1's key has been cleaned up due to space limit.
793 validator.validate(*interest1,
794 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
795 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
796
797 const boost::filesystem::path CERT_PATH1 =
798 (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
799 boost::filesystem::remove(CERT_PATH1);
800
801 const boost::filesystem::path CERT_PATH2 =
802 (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
803 boost::filesystem::remove(CERT_PATH2);
804
805 const boost::filesystem::path CERT_PATH3 =
806 (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
807 boost::filesystem::remove(CERT_PATH3);
808}
809
810BOOST_FIXTURE_TEST_CASE(MaxKeyTest2, security::IdentityManagementFixture)
811{
812 Name identity("/TestValidatorConfig/MaxKeyTest");
813
814 Name identity1 = identity;
815 identity1.append("Key1");
816 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
817 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
818 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
819 io::save(*idCert1, "trust-anchor-10-1.cert");
820
821 Name identity2 = identity;
822 identity2.append("Key2");
823 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
824 Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
825 shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
826 io::save(*idCert2, "trust-anchor-10-2.cert");
827
828 Name identity3 = identity;
829 identity3.append("Key3");
830 BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
831 Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
832 shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
833 io::save(*idCert3, "trust-anchor-10-3.cert");
834
835 Name identity4 = identity;
836 identity4.append("Key4");
837 BOOST_REQUIRE_NO_THROW(addIdentity(identity4));
838 Name certName4 = m_keyChain.getDefaultCertificateNameForIdentity(identity4);
839 shared_ptr<IdentityCertificate> idCert4 = m_keyChain.getCertificate(certName4);
840 io::save(*idCert4, "trust-anchor-10-4.cert");
841
842
843 Name interestName("/TestValidatorConfig/MaxKeyTest");
844 Name interestName1 = interestName;
845 interestName1.append("1");
846 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
847 Name interestName2 = interestName;
848 interestName2.append("2");
849 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
850 Name interestName3 = interestName;
851 interestName3.append("3");
852 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
853 Name interestName4 = interestName;
854 interestName4.append("4");
855 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
856
857
858 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, identity1));
859 usleep(10000);
860 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, identity2));
861 usleep(10000);
862 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest3, identity3));
863 usleep(10000);
864 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest4, identity4));
865
866 const std::string CONFIG =
867 "rule\n"
868 "{\n"
869 " id \"FixedSignerChecker Interest Rule\"\n"
870 " for interest\n"
871 " filter"
872 " {\n"
873 " type name\n"
874 " name /TestValidatorConfig/MaxKeyTest\n"
875 " relation is-strict-prefix-of\n"
876 " }\n"
877 " checker\n"
878 " {\n"
879 " type fixed-signer\n"
880 " sig-type rsa-sha256\n"
881 " signer\n"
882 " {\n"
883 " type file\n"
884 " file-name \"trust-anchor-10-1.cert\"\n"
885 " }\n"
886 " signer\n"
887 " {\n"
888 " type file\n"
889 " file-name \"trust-anchor-10-2.cert\"\n"
890 " }\n"
891 " signer\n"
892 " {\n"
893 " type file\n"
894 " file-name \"trust-anchor-10-3.cert\"\n"
895 " }\n"
896 " signer\n"
897 " {\n"
898 " type file\n"
899 " file-name \"trust-anchor-10-4.cert\"\n"
900 " }\n"
901 " }\n"
902 "}\n";
903 const boost::filesystem::path CONFIG_PATH =
904 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
905
906
907 Face face;
908 ValidatorConfig validator(face,
909 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
910 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
911 10,
912 3, // Two keys can be tracked
913 time::seconds(1)); // TTL is set to 1 sec
914 validator.load(CONFIG, CONFIG_PATH.native());
915
916 validator.validate(*interest1,
917 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
918 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
919
920 validator.validate(*interest2,
921 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
922 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
923
924 validator.validate(*interest3,
925 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
926 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
927
928 validator.validate(*interest1,
929 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
930 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
931
932 validator.validate(*interest2,
933 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
934 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
935
936 validator.validate(*interest3,
937 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
938 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
939
940 sleep(2);
941
942 validator.validate(*interest4,
943 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
944 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
945
946 // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
947 validator.validate(*interest1,
948 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
949 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
950
951 validator.validate(*interest2,
952 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
953 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
954
955 validator.validate(*interest3,
956 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
957 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
958
959
960 const boost::filesystem::path CERT_PATH1 =
961 (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
962 boost::filesystem::remove(CERT_PATH1);
963
964 const boost::filesystem::path CERT_PATH2 =
965 (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
966 boost::filesystem::remove(CERT_PATH2);
967
968 const boost::filesystem::path CERT_PATH3 =
969 (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
970 boost::filesystem::remove(CERT_PATH3);
971
972 const boost::filesystem::path CERT_PATH4 =
973 (boost::filesystem::current_path() / std::string("trust-anchor-10-4.cert"));
974 boost::filesystem::remove(CERT_PATH4);
975}
976
977BOOST_FIXTURE_TEST_CASE(FixedSignerChecker2, security::IdentityManagementFixture)
978{
979 Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
980 BOOST_REQUIRE_NO_THROW(addIdentity(rsaIdentity));
981 Name rsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(rsaIdentity);
982
983 Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
984 BOOST_REQUIRE_NO_THROW(addIdentity(ecdsaIdentity, EcdsaKeyParams()));
985 Name ecdsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(ecdsaIdentity);
986 shared_ptr<IdentityCertificate> ecdsaCert = m_keyChain.getCertificate(ecdsaCertName);
987 io::save(*ecdsaCert, "trust-anchor-11.cert");
988
989
990 Name dataName("/TestValidatorConfig/FixedSignerChecker2");
991 shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
992 m_keyChain.signByIdentity(*dataRsa, rsaIdentity);
993 shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
994 m_keyChain.signByIdentity(*dataEcdsa, ecdsaIdentity);
995
996 shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
997 m_keyChain.signByIdentity(*interestRsa, rsaIdentity);
998 shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
999 m_keyChain.signByIdentity(*interestEcdsa, ecdsaIdentity);
1000
1001 const std::string CONFIG =
1002 "rule\n"
1003 "{\n"
1004 " id \"FixedSignerChecker Data Rule\"\n"
1005 " for data\n"
1006 " filter"
1007 " {\n"
1008 " type name\n"
1009 " name /TestValidatorConfig/FixedSignerChecker2\n"
1010 " relation equal\n"
1011 " }\n"
1012 " checker\n"
1013 " {\n"
1014 " type fixed-signer\n"
1015 " sig-type ecdsa-sha256\n"
1016 " signer\n"
1017 " {\n"
1018 " type file\n"
1019 " file-name \"trust-anchor-11.cert\"\n"
1020 " }\n"
1021 " }\n"
1022 "}\n"
1023 "rule\n"
1024 "{\n"
1025 " id \"FixedSignerChecker Interest Rule\"\n"
1026 " for interest\n"
1027 " filter"
1028 " {\n"
1029 " type name\n"
1030 " name /TestValidatorConfig/FixedSignerChecker2\n"
1031 " relation equal\n"
1032 " }\n"
1033 " checker\n"
1034 " {\n"
1035 " type fixed-signer\n"
1036 " sig-type ecdsa-sha256\n"
1037 " signer\n"
1038 " {\n"
1039 " type file\n"
1040 " file-name \"trust-anchor-11.cert\"\n"
1041 " }\n"
1042 " }\n"
1043 "}\n";
1044 const boost::filesystem::path CONFIG_PATH =
1045 (boost::filesystem::current_path() / std::string("unit-test.conf"));
1046
1047
1048 Face face;
1049 ValidatorConfig validator(face);
1050 validator.load(CONFIG, CONFIG_PATH.native());
1051
1052 validator.validate(*dataEcdsa,
1053 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
1054 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
1055
1056 validator.validate(*dataRsa,
1057 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
1058 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
1059
1060 validator.validate(*interestEcdsa,
1061 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
1062 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
1063
1064 validator.validate(*interestRsa,
1065 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
1066 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
1067
1068 const boost::filesystem::path CERT_PATH =
1069 (boost::filesystem::current_path() / std::string("trust-anchor-11.cert"));
1070 boost::filesystem::remove(CERT_PATH);
1071}
1072
1073
1074struct FacesFixture : public security::IdentityManagementTimeFixture
1075{
1076 FacesFixture()
1077 : face1(util::makeDummyClientFace(io, {true, true}))
1078 , face2(util::makeDummyClientFace(io, {true, true}))
1079 , readInterestOffset1(0)
1080 , readDataOffset1(0)
1081 , readInterestOffset2(0)
1082 , readDataOffset2(0)
1083 {
1084 }
1085
1086 bool
1087 passPacket()
1088 {
1089 bool hasPassed = false;
1090
1091 checkFace(face1->sentInterests, readInterestOffset1, *face2, hasPassed);
1092 checkFace(face1->sentDatas, readDataOffset1, *face2, hasPassed);
1093 checkFace(face2->sentInterests, readInterestOffset2, *face1, hasPassed);
1094 checkFace(face2->sentInterests, readDataOffset2, *face1, hasPassed);
1095
1096 return hasPassed;
1097 }
1098
1099 template<typename Packet>
1100 void
1101 checkFace(std::vector<Packet>& receivedPackets,
1102 size_t& readPacketOffset,
1103 util::DummyClientFace& receiver,
1104 bool& hasPassed)
1105 {
1106 while (receivedPackets.size() > readPacketOffset) {
1107 receiver.receive(receivedPackets[readPacketOffset]);
1108 readPacketOffset++;
1109 hasPassed = true;
1110 }
1111 }
1112
1113 ~FacesFixture()
1114 {
1115 }
1116
1117public:
1118 shared_ptr<util::DummyClientFace> face1;
1119 shared_ptr<util::DummyClientFace> face2;
1120
1121 size_t readInterestOffset1;
1122 size_t readDataOffset1;
1123 size_t readInterestOffset2;
1124 size_t readDataOffset2;
1125};
1126
1127BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
1128{
1129 std::vector<CertificateSubjectDescription> subjectDescription;
1130
1131 Name root("/TestValidatorConfig");
1132 BOOST_REQUIRE_NO_THROW(addIdentity(root));
1133 Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
1134 shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
1135 io::save(*rootCert, "trust-anchor-6.cert");
1136
1137
1138 Name sld("/TestValidatorConfig/HierarchicalChecker");
1139 BOOST_REQUIRE_NO_THROW(addIdentity(sld));
1140 advanceClocks(time::milliseconds(100));
1141 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
1142 shared_ptr<IdentityCertificate> sldCert =
1143 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1144 root,
1145 time::system_clock::now(),
1146 time::system_clock::now() + time::days(7300),
1147 subjectDescription);
1148 m_keyChain.signByIdentity(*sldCert, root);
1149 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1150
1151 Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
1152 BOOST_REQUIRE_NO_THROW(addIdentity(nld));
1153 advanceClocks(time::milliseconds(100));
1154 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
1155 shared_ptr<IdentityCertificate> nldCert =
1156 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1157 sld,
1158 time::system_clock::now(),
1159 time::system_clock::now() + time::days(7300),
1160 subjectDescription);
1161 m_keyChain.signByIdentity(*nldCert, sld);
1162 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1163
1164 face1->setInterestFilter(sldCert->getName().getPrefix(-1),
1165 [&] (const InterestFilter&, const Interest&) { face1->put(*sldCert); },
1166 RegisterPrefixSuccessCallback(),
1167 [] (const Name&, const std::string&) {});
1168
1169 face1->setInterestFilter(nldCert->getName().getPrefix(-1),
1170 [&] (const InterestFilter&, const Interest&) { face1->put(*nldCert); },
1171 RegisterPrefixSuccessCallback(),
1172 [] (const Name&, const std::string&) {});
1173
1174 Name dataName1 = nld;
1175 dataName1.append("data1");
1176 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
1177 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, nld));
1178
1179 Name dataName2("/ConfValidatorTest");
1180 dataName2.append("data1");
1181 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
1182 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, nld));
1183
1184
1185 const std::string CONFIG =
1186 "rule\n"
1187 "{\n"
1188 " id \"Simple3 Rule\"\n"
1189 " for data\n"
1190 " checker\n"
1191 " {\n"
1192 " type hierarchical\n"
1193 " sig-type rsa-sha256\n"
1194 " }\n"
1195 "}\n"
1196 "trust-anchor\n"
1197 "{\n"
1198 " type file\n"
1199 " file-name \"trust-anchor-6.cert\"\n"
1200 "}\n";
1201 const boost::filesystem::path CONFIG_PATH =
1202 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1203
1204
1205 auto validator = make_shared<ValidatorConfig>(face2.get());
1206 validator->load(CONFIG, CONFIG_PATH.native());
1207
1208 advanceClocks(time::milliseconds(2), 100);
1209 validator->validate(*data1,
1210 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
1211 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
1212
1213 do {
1214 advanceClocks(time::milliseconds(2), 10);
1215 } while (passPacket());
1216
1217 validator->validate(*data2,
1218 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
1219 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
1220
1221 do {
1222 advanceClocks(time::milliseconds(2), 10);
1223 } while (passPacket());
1224
1225 const boost::filesystem::path CERT_PATH =
1226 (boost::filesystem::current_path() / std::string("trust-anchor-6.cert"));
1227 boost::filesystem::remove(CERT_PATH);
1228}
1229
1230BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
1231{
1232 advanceClocks(time::milliseconds(0));
1233
1234 std::vector<CertificateSubjectDescription> subjectDescription;
1235
1236 Name root("/TestValidatorConfig");
1237 BOOST_REQUIRE_NO_THROW(addIdentity(root));
1238 Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
1239 shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
1240 io::save(*rootCert, "trust-anchor-8.cert");
1241
1242
1243 Name sld("/TestValidatorConfig/Nrd-1");
1244 BOOST_REQUIRE_NO_THROW(addIdentity(sld));
1245 advanceClocks(time::milliseconds(100));
1246 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
1247 shared_ptr<IdentityCertificate> sldCert =
1248 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1249 root,
1250 time::system_clock::now(),
1251 time::system_clock::now() + time::days(7300),
1252 subjectDescription);
1253 m_keyChain.signByIdentity(*sldCert, root);
1254 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1255
1256 Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
1257 BOOST_REQUIRE_NO_THROW(addIdentity(nld));
1258 advanceClocks(time::milliseconds(100));
1259 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
1260 shared_ptr<IdentityCertificate> nldCert =
1261 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1262 sld,
1263 time::system_clock::now(),
1264 time::system_clock::now() + time::days(7300),
1265 subjectDescription);
1266 m_keyChain.signByIdentity(*nldCert, sld);
1267 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1268
1269 face1->setInterestFilter(sldCert->getName().getPrefix(-1),
1270 [&] (const InterestFilter&, const Interest&) { face1->put(*sldCert); },
1271 RegisterPrefixSuccessCallback(),
1272 [] (const Name&, const std::string&) {});
1273
1274 face1->setInterestFilter(nldCert->getName().getPrefix(-1),
1275 [&] (const InterestFilter&, const Interest&) { face1->put(*nldCert); },
1276 RegisterPrefixSuccessCallback(),
1277 [] (const Name&, const std::string&) {});
1278
1279 advanceClocks(time::milliseconds(10));
1280 Name interestName1("/localhost/nrd/register/option");
1281 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
1282 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, nld));
1283
1284 advanceClocks(time::milliseconds(10));
1285 Name interestName2("/localhost/nrd/non-register");
1286 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
1287 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, nld));
1288
1289 advanceClocks(time::milliseconds(10));
1290 Name interestName3("/localhost/nrd/register/option");
1291 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
1292 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest3, root));
1293
1294 advanceClocks(time::milliseconds(10));
1295 Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
1296 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
1297
1298 const std::string CONFIG =
1299 "rule\n"
1300 "{\n"
1301 " id \"NRD Prefix Registration Command Rule\"\n"
1302 " for interest\n"
1303 " filter\n"
1304 " {\n"
1305 " type name\n"
1306 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
1307 " }\n"
1308 " checker\n"
1309 " {\n"
1310 " type customized\n"
1311 " sig-type rsa-sha256\n"
1312 " key-locator\n"
1313 " {\n"
1314 " type name\n"
1315 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
1316 " }\n"
1317 " }\n"
1318 "}\n"
1319 "rule\n"
1320 "{\n"
1321 " id \"Testbed Hierarchy Rule\"\n"
1322 " for data\n"
1323 " filter\n"
1324 " {\n"
1325 " type name\n"
1326 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
1327 " }\n"
1328 " checker\n"
1329 " {\n"
1330 " type hierarchical\n"
1331 " sig-type rsa-sha256\n"
1332 " }\n"
1333 "}\n"
1334 "trust-anchor\n"
1335 "{\n"
1336 " type file\n"
1337 " file-name \"trust-anchor-8.cert\"\n"
1338 "}\n";
1339 const boost::filesystem::path CONFIG_PATH =
1340 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1341
1342
1343 auto validator = make_shared<ValidatorConfig>(face2.get());
1344 validator->load(CONFIG, CONFIG_PATH.native());
1345
1346 advanceClocks(time::milliseconds(2), 100);
1347
1348 // should succeed
1349 validator->validate(*interest1,
1350 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
1351 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
1352
1353 do {
1354 advanceClocks(time::milliseconds(2), 10);
1355 } while (passPacket());
1356
1357 // should fail
1358 validator->validate(*interest2,
1359 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
1360 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
1361
1362 do {
1363 advanceClocks(time::milliseconds(2), 10);
1364 } while (passPacket());
1365
1366 // should succeed
1367 validator->validate(*interest3,
1368 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
1369 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
1370
1371 do {
1372 advanceClocks(time::milliseconds(2), 10);
1373 } while (passPacket());
1374
1375 // should fail
1376 validator->validate(*interest4,
1377 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
1378 [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
1379
1380 do {
1381 advanceClocks(time::milliseconds(2), 10);
1382 } while (passPacket());
1383
1384 const boost::filesystem::path CERT_PATH =
1385 (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
1386 boost::filesystem::remove(CERT_PATH);
1387}
1388
1389struct DirTestFixture : public security::IdentityManagementTimeFixture
1390{
1391 DirTestFixture()
1392 : face(util::makeDummyClientFace(io, {true, true}))
1393 , validator(face.get(), ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
1394 ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
1395 {
1396 certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
1397 boost::filesystem::create_directory(certDirPath);
1398
1399 firstCertPath = (boost::filesystem::current_path() /
1400 std::string("test-cert-dir") /
1401 std::string("trust-anchor-1.cert"));
1402
1403 secondCertPath = (boost::filesystem::current_path() /
1404 std::string("test-cert-dir") /
1405 std::string("trust-anchor-2.cert"));
1406
1407 firstIdentity = Name("/TestValidatorConfig/Dir/First");
1408 BOOST_REQUIRE_NO_THROW(addIdentity(firstIdentity));
1409 Name firstCertName = m_keyChain.getDefaultCertificateNameForIdentity(firstIdentity);
1410 firstCert = m_keyChain.getCertificate(firstCertName);
1411 io::save(*firstCert, firstCertPath.string());
1412
1413 secondIdentity = Name("/TestValidatorConfig/Dir/Second");
1414 BOOST_REQUIRE_NO_THROW(addIdentity(secondIdentity));
1415 Name secondCertName = m_keyChain.getDefaultCertificateNameForIdentity(secondIdentity);
1416 secondCert = m_keyChain.getCertificate(secondCertName);
1417 }
1418
1419 ~DirTestFixture()
1420 {
1421 boost::filesystem::remove_all(certDirPath);
1422 }
1423
1424public:
1425 boost::filesystem::path certDirPath;
1426 boost::filesystem::path firstCertPath;
1427 boost::filesystem::path secondCertPath;
1428
1429 Name firstIdentity;
1430 Name secondIdentity;
1431
1432 shared_ptr<IdentityCertificate> firstCert;
1433 shared_ptr<IdentityCertificate> secondCert;
1434
1435 shared_ptr<util::DummyClientFace> face;
1436 ValidatorConfig validator;
1437};
1438
1439BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
1440{
1441 advanceClocks(time::milliseconds(10));
1442
1443 Name dataName1("/any/data/1");
1444 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
1445 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, firstIdentity));
1446
1447 Name dataName2("/any/data/2");
1448 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
1449 BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, secondIdentity));
1450
1451 std::string CONFIG =
1452 "rule\n"
1453 "{\n"
1454 " id \"Any Rule\"\n"
1455 " for data\n"
1456 " filter\n"
1457 " {\n"
1458 " type name\n"
1459 " regex ^<>*$\n"
1460 " }\n"
1461 " checker\n"
1462 " {\n"
1463 " type customized\n"
1464 " sig-type rsa-sha256\n"
1465 " key-locator\n"
1466 " {\n"
1467 " type name\n"
1468 " regex ^<>*$\n"
1469 " }\n"
1470 " }\n"
1471 "}\n"
1472 "trust-anchor\n"
1473 "{\n"
1474 " type dir\n"
1475 " dir test-cert-dir\n"
1476 " refresh 1s\n"
1477 "}\n";
1478
1479 const boost::filesystem::path CONFIG_PATH =
1480 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1481
1482 validator.load(CONFIG, CONFIG_PATH.native());
1483
1484 advanceClocks(time::milliseconds(10), 20);
1485 validator.validate(*data1,
1486 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
1487 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
1488 advanceClocks(time::milliseconds(10), 20);
1489
1490 validator.validate(*data2,
1491 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
1492 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
1493 advanceClocks(time::milliseconds(10), 20);
1494
1495 io::save(*secondCert, secondCertPath.string());
1496 advanceClocks(time::milliseconds(10), 200);
1497
1498 validator.validate(*data1,
1499 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
1500 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
1501 advanceClocks(time::milliseconds(10), 20);
1502
1503 validator.validate(*data2,
1504 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
1505 [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
1506 advanceClocks(time::milliseconds(10), 20);
1507}
1508
1509BOOST_AUTO_TEST_SUITE_END()
1510
1511} // namespace tests
1512} // namespace ndn