Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / cf9c6bb8d7239c324805d939899fa2a7cbcc3ac0 / . / tests / unit-tests / security / validator-config.t.cpp
blob: 005ca9bfec454bc2aed40bd95a28e3b5779e21bd [file] [log] [blame]
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]3 * Copyright (c) 2013-2016 Regents of the University of California.
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#include "security/validator-config.hpp"
23
24#include "security/key-chain.hpp"
25#include "util/io.hpp"
26#include "util/scheduler.hpp"
27#include "util/dummy-client-face.hpp"
28
29#include <boost/asio.hpp>
30
31#include "identity-management-fixture.hpp"
32#include "../identity-management-time-fixture.hpp"
33#include "boost-test.hpp"
34
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]35namespace ndn {
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]36namespace security {
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]37namespace tests {
38
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]39using namespace ndn::tests;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]40
Junxiao Shid5827ce2016-07-14 20:49:37 +0000[diff] [blame]41BOOST_AUTO_TEST_SUITE(Security)
42BOOST_FIXTURE_TEST_SUITE(TestValidatorConfig, IdentityManagementFixture)
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]43
44BOOST_AUTO_TEST_CASE(NameFilter)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]45{
46 Name identity("/TestValidatorConfig/NameFilter");
47 identity.appendVersion();
48 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
49 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
50 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
51 io::save(*idCert, "trust-anchor-1.cert");
52
53 Name dataName1("/simple/equal");
54 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]55 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
56 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
57 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]58
59 Name dataName2("/simple/different");
60 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]61 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
62 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
63 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]64
65 std::string CONFIG_1 =
66 "rule\n"
67 "{\n"
68 " id \"Simple Rule\"\n"
69 " for data\n"
70 " filter"
71 " {\n"
72 " type name\n"
73 " name /simple/equal\n"
74 " relation equal\n"
75 " }\n"
76 " checker\n"
77 " {\n"
78 " type customized\n"
79 " sig-type rsa-sha256\n"
80 " key-locator\n"
81 " {\n"
82 " type name\n"
83 " name ";
84
85 std::string CONFIG_2 =
86 "\n"
87 " relation equal\n"
88 " }\n"
89 " }\n"
90 "}\n"
91 "trust-anchor\n"
92 "{\n"
93 " type file\n"
94 " file-name \"trust-anchor-1.cert\"\n"
95 "}\n";
96 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
97
98 const boost::filesystem::path CONFIG_PATH =
99 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
100
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]101 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]102 ValidatorConfig validator(face);
103 validator.load(CONFIG, CONFIG_PATH.native());
104
105 validator.validate(*data1,
106 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]107 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]108
109 validator.validate(*data2,
110 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]111 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]112
113 const boost::filesystem::path CERT_PATH =
114 (boost::filesystem::current_path() / std::string("trust-anchor-1.cert"));
115 boost::filesystem::remove(CERT_PATH);
116}
117
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]118BOOST_AUTO_TEST_CASE(NameFilter2)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]119{
120 Name identity("/TestValidatorConfig/NameFilter2");
121 identity.appendVersion();
122 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
123 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
124 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
125 io::save(*idCert, "trust-anchor-2.cert");
126
127 Name dataName1("/simple/isPrefixOf");
128 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]129 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
130 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
131 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]132
133 Name dataName2("/simple/notPrefixOf");
134 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]135 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
136 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
137 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]138
139 Name dataName3("/simple/isPrefixOf/anotherLevel");
140 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]141 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
142 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
143 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]144
145 std::string CONFIG_1 =
146 "rule\n"
147 "{\n"
148 " id \"Simple2 Rule\"\n"
149 " for data\n"
150 " filter"
151 " {\n"
152 " type name\n"
153 " name /simple/isPrefixOf\n"
154 " relation is-prefix-of\n"
155 " }\n"
156 " checker\n"
157 " {\n"
158 " type customized\n"
159 " sig-type rsa-sha256\n"
160 " key-locator\n"
161 " {\n"
162 " type name\n"
163 " name ";
164
165 std::string CONFIG_2 =
166 "\n"
167 " relation equal\n"
168 " }\n"
169 " }\n"
170 "}\n"
171 "trust-anchor\n"
172 "{\n"
173 " type file\n"
174 " file-name \"trust-anchor-2.cert\"\n"
175 "}\n";
176 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
177
178 const boost::filesystem::path CONFIG_PATH =
179 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
180
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]181 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]182 ValidatorConfig validator(face);
183 validator.load(CONFIG, CONFIG_PATH.native());
184
185 validator.validate(*data1,
186 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]187 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]188
189 validator.validate(*data2,
190 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]191 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]192
193 validator.validate(*data3,
194 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]195 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]196
197 const boost::filesystem::path CERT_PATH =
198 (boost::filesystem::current_path() / std::string("trust-anchor-2.cert"));
199 boost::filesystem::remove(CERT_PATH);
200}
201
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]202BOOST_AUTO_TEST_CASE(NameFilter3)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]203{
204 Name identity("/TestValidatorConfig/NameFilter3");
205 identity.appendVersion();
206 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
207 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
208 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
209 io::save(*idCert, "trust-anchor-3.cert");
210
211 Name dataName1("/simple/isStrictPrefixOf");
212 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]213 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
214 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
215 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]216
217 Name dataName2("/simple");
218 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]219 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
220 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
221 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]222
223 Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
224 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]225 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
226 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
227 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]228
229 std::string CONFIG_1 =
230 "rule\n"
231 "{\n"
232 " id \"Simple3 Rule\"\n"
233 " for data\n"
234 " filter"
235 " {\n"
236 " type name\n"
237 " name /simple/isStrictPrefixOf\n"
238 " relation is-strict-prefix-of\n"
239 " }\n"
240 " checker\n"
241 " {\n"
242 " type customized\n"
243 " sig-type rsa-sha256\n"
244 " key-locator\n"
245 " {\n"
246 " type name\n"
247 " name ";
248
249 std::string CONFIG_2 =
250 "\n"
251 " relation equal\n"
252 " }\n"
253 " }\n"
254 "}\n"
255 "trust-anchor\n"
256 "{\n"
257 " type file\n"
258 " file-name \"trust-anchor-3.cert\"\n"
259 "}\n";
260 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
261
262 const boost::filesystem::path CONFIG_PATH =
263 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
264
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]265 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]266 ValidatorConfig validator(face);
267 validator.load(CONFIG, CONFIG_PATH.native());
268
269 validator.validate(*data1,
270 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]271 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]272
273 validator.validate(*data2,
274 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]275 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]276
277 validator.validate(*data3,
278 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]279 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]280
281 const boost::filesystem::path CERT_PATH =
282 (boost::filesystem::current_path() / std::string("trust-anchor-3.cert"));
283 boost::filesystem::remove(CERT_PATH);
284}
285
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]286BOOST_AUTO_TEST_CASE(NameFilter4)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]287{
288 Name identity("/TestValidatorConfig/NameFilter4");
289 identity.appendVersion();
290 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
291 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
292 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
293 io::save(*idCert, "trust-anchor-4.cert");
294
295 Name dataName1("/simple/regex");
296 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]297 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
298 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
299 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]300
301 Name dataName2("/simple/regex-wrong");
302 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]303 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
304 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
305 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]306
307 Name dataName3("/simple/regex/correct");
308 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]309 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
310 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
311 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]312
313 std::string CONFIG_1 =
314 "rule\n"
315 "{\n"
316 " id \"Simple3 Rule\"\n"
317 " for data\n"
318 " filter"
319 " {\n"
320 " type name\n"
321 " regex ^<simple><regex>\n"
322 " }\n"
323 " checker\n"
324 " {\n"
325 " type customized\n"
326 " sig-type rsa-sha256\n"
327 " key-locator\n"
328 " {\n"
329 " type name\n"
330 " name ";
331
332 std::string CONFIG_2 =
333 "\n"
334 " relation equal\n"
335 " }\n"
336 " }\n"
337 "}\n"
338 "trust-anchor\n"
339 "{\n"
340 " type file\n"
341 " file-name \"trust-anchor-4.cert\"\n"
342 "}\n";
343 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
344
345 const boost::filesystem::path CONFIG_PATH =
346 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
347
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]348 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]349 ValidatorConfig validator(face);
350 validator.load(CONFIG, CONFIG_PATH.native());
351
352 validator.validate(*data1,
353 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]354 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]355
356 validator.validate(*data2,
357 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]358 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]359
360 validator.validate(*data3,
361 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]362 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]363
364 const boost::filesystem::path CERT_PATH =
365 (boost::filesystem::current_path() / std::string("trust-anchor-4.cert"));
366 boost::filesystem::remove(CERT_PATH);
367}
368
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]369BOOST_AUTO_TEST_CASE(KeyLocatorNameChecker1)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]370{
371 Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
372 identity.appendVersion();
373 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
374 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
375 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
376 io::save(*idCert, "trust-anchor-5.cert");
377
378 Name dataName1 = identity;
379 dataName1.append("1");
380 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]381 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
382 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
383 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]384
385 Name dataName2 = identity;
386 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]387 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
388 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
389 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]390
391 Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
392 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]393 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
394 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
395 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]396
397 const std::string CONFIG =
398 "rule\n"
399 "{\n"
400 " id \"Simple3 Rule\"\n"
401 " for data\n"
402 " checker\n"
403 " {\n"
404 " type customized\n"
405 " sig-type rsa-sha256\n"
406 " key-locator\n"
407 " {\n"
408 " type name\n"
409 " hyper-relation\n"
410 " {\n"
411 " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
412 " k-expand \\\\1\\\\2\n"
413 " h-relation is-strict-prefix-of\n"
414 " p-regex ^(<>*)$\n"
415 " p-expand \\\\1\n"
416 " }\n"
417 " }\n"
418 " }\n"
419 "}\n"
420 "trust-anchor\n"
421 "{\n"
422 " type file\n"
423 " file-name \"trust-anchor-5.cert\"\n"
424 "}\n";
425 const boost::filesystem::path CONFIG_PATH =
426 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
427
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]428 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]429 ValidatorConfig validator(face);
430 validator.load(CONFIG, CONFIG_PATH.native());
431
432 validator.validate(*data1,
433 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]434 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]435
436 validator.validate(*data2,
437 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]438 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]439
440 validator.validate(*data3,
441 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]442 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]443
444 const boost::filesystem::path CERT_PATH =
445 (boost::filesystem::current_path() / std::string("trust-anchor-5.cert"));
446 boost::filesystem::remove(CERT_PATH);
447}
448
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]449BOOST_AUTO_TEST_CASE(FixedSignerChecker)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]450{
451 Name identity("/TestValidatorConfig/FixedSignerChecker");
452
453 Name identity1 = identity;
454 identity1.append("1").appendVersion();
455 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
456 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
457 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
458 io::save(*idCert1, "trust-anchor-7.cert");
459
460 Name identity2 = identity;
461 identity2.append("2").appendVersion();
462 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
463
464 Name dataName1 = identity;
465 dataName1.append("data").appendVersion();
466 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]467 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
468 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
469 identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]470
471 Name dataName2 = identity;
472 dataName2.append("data").appendVersion();
473 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]474 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
475 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
476 identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]477
478 Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
479 shared_ptr<Interest> interest = make_shared<Interest>(interestName);
480
481 const std::string CONFIG =
482 "rule\n"
483 "{\n"
484 " id \"FixedSignerChecker Data Rule\"\n"
485 " for data\n"
486 " filter"
487 " {\n"
488 " type name\n"
489 " name /TestValidatorConfig/FixedSignerChecker\n"
490 " relation is-strict-prefix-of\n"
491 " }\n"
492 " checker\n"
493 " {\n"
494 " type fixed-signer\n"
495 " sig-type rsa-sha256\n"
496 " signer\n"
497 " {\n"
498 " type file\n"
499 " file-name \"trust-anchor-7.cert\"\n"
500 " }\n"
501 " }\n"
502 "}\n"
503 "rule\n"
504 "{\n"
505 " id \"FixedSignerChecker Interest Rule\"\n"
506 " for interest\n"
507 " filter"
508 " {\n"
509 " type name\n"
510 " name /TestValidatorConfig/FixedSignerChecker\n"
511 " relation is-strict-prefix-of\n"
512 " }\n"
513 " checker\n"
514 " {\n"
515 " type fixed-signer\n"
516 " sig-type rsa-sha256\n"
517 " signer\n"
518 " {\n"
519 " type file\n"
520 " file-name \"trust-anchor-7.cert\"\n"
521 " }\n"
522 " }\n"
523 "}\n";
524 const boost::filesystem::path CONFIG_PATH =
525 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
526
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]527 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]528 ValidatorConfig validator(face);
529 validator.load(CONFIG, CONFIG_PATH.native());
530
531 validator.validate(*data1,
532 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]533 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]534
535 validator.validate(*data2,
536 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]537 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]538
539 validator.validate(*interest,
540 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]541 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]542
543 const boost::filesystem::path CERT_PATH =
544 (boost::filesystem::current_path() / std::string("trust-anchor-7.cert"));
545 boost::filesystem::remove(CERT_PATH);
546}
547
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]548BOOST_AUTO_TEST_CASE(Reset)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]549{
550 Name root("/TestValidatorConfig/Reload");
551 BOOST_REQUIRE_NO_THROW(addIdentity(root));
552 Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
553 shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
554 io::save(*rootCert, "trust-anchor-8.cert");
555
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]556 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]557
558 const std::string CONFIG =
559 "rule\n"
560 "{\n"
561 " id \"NRD Prefix Registration Command Rule\"\n"
562 " for interest\n"
563 " filter\n"
564 " {\n"
565 " type name\n"
566 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
567 " }\n"
568 " checker\n"
569 " {\n"
570 " type customized\n"
571 " sig-type rsa-sha256\n"
572 " key-locator\n"
573 " {\n"
574 " type name\n"
575 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
576 " }\n"
577 " }\n"
578 "}\n"
579 "rule\n"
580 "{\n"
581 " id \"Testbed Hierarchy Rule\"\n"
582 " for data\n"
583 " filter\n"
584 " {\n"
585 " type name\n"
586 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
587 " }\n"
588 " checker\n"
589 " {\n"
590 " type hierarchical\n"
591 " sig-type rsa-sha256\n"
592 " }\n"
593 "}\n"
594 "trust-anchor\n"
595 "{\n"
596 " type file\n"
597 " file-name \"trust-anchor-8.cert\"\n"
598 "}\n";
599 const boost::filesystem::path CONFIG_PATH =
600 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
601
602
603 shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
604
605 validator->load(CONFIG, CONFIG_PATH.native());
606 BOOST_CHECK_EQUAL(validator->isEmpty(), false);
607
608 validator->reset();
609 BOOST_CHECK(validator->isEmpty());
610
611 const boost::filesystem::path CERT_PATH =
612 (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
613 boost::filesystem::remove(CERT_PATH);
614}
615
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]616BOOST_AUTO_TEST_CASE(TrustAnchorWildcard)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]617{
618 Name identity("/TestValidatorConfig/Wildcard");
619 identity.appendVersion();
620 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
621
622 Name dataName1("/any/data");
623 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]624 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
625 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
626 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]627
628 std::string CONFIG =
629 "trust-anchor\n"
630 "{\n"
631 " type any\n"
632 "}\n";
633
634 const boost::filesystem::path CONFIG_PATH =
635 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
636
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]637 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]638 ValidatorConfig validator(face);
639 validator.load(CONFIG, CONFIG_PATH.native());
640
641 validator.validate(*data1,
642 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]643 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]644}
645
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]646BOOST_AUTO_TEST_CASE(SignedInterestTest)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]647{
648 Name identity("/TestValidatorConfig/SignedInterestTest");
649
650 Name identity1 = identity;
651 identity1.appendVersion();
652 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
653 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
654 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
655 io::save(*idCert1, "trust-anchor-9.cert");
656
657 Name interestName("/TestValidatorConfig/SignedInterestTest");
658 Name interestName1 = interestName;
659 interestName1.append("1");
660 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
661 Name interestName2 = interestName;
662 interestName2.append("2");
663 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
664
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]665 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
666 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
667 identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]668 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]669 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
670 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
671 identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]672
673 const std::string CONFIG =
674 "rule\n"
675 "{\n"
676 " id \"FixedSignerChecker Interest Rule\"\n"
677 " for interest\n"
678 " filter"
679 " {\n"
680 " type name\n"
681 " name /TestValidatorConfig/SignedInterestTest\n"
682 " relation is-strict-prefix-of\n"
683 " }\n"
684 " checker\n"
685 " {\n"
686 " type fixed-signer\n"
687 " sig-type rsa-sha256\n"
688 " signer\n"
689 " {\n"
690 " type file\n"
691 " file-name \"trust-anchor-9.cert\"\n"
692 " }\n"
693 " }\n"
694 "}\n";
695 const boost::filesystem::path CONFIG_PATH =
696 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
697
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]698 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]699 ValidatorConfig validator(face);
700 validator.load(CONFIG, CONFIG_PATH.native());
701
702 validator.validate(*interest1,
703 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]704 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]705
706 validator.validate(*interest2,
707 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]708 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]709
710 validator.validate(*interest1,
711 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]712 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]713
714 const boost::filesystem::path CERT_PATH =
715 (boost::filesystem::current_path() / std::string("trust-anchor-9.cert"));
716 boost::filesystem::remove(CERT_PATH);
717}
718
719
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]720BOOST_AUTO_TEST_CASE(MaxKeyTest)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]721{
722 Name identity("/TestValidatorConfig/MaxKeyTest");
723
724 Name identity1 = identity;
725 identity1.append("Key1");
726 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
727 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
728 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
729 io::save(*idCert1, "trust-anchor-10-1.cert");
730
731 Name identity2 = identity;
732 identity2.append("Key2");
733 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
734 Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
735 shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
736 io::save(*idCert2, "trust-anchor-10-2.cert");
737
738 Name identity3 = identity;
739 identity3.append("Key3");
740 BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
741 Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
742 shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
743 io::save(*idCert3, "trust-anchor-10-3.cert");
744
745
746 Name interestName("/TestValidatorConfig/MaxKeyTest");
747 Name interestName1 = interestName;
748 interestName1.append("1");
749 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
750 Name interestName2 = interestName;
751 interestName2.append("2");
752 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
753 Name interestName3 = interestName;
754 interestName3.append("3");
755 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
756
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]757 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
758 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
759 identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]760 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]761 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
762 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
763 identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]764 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]765 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
766 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
767 identity3)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]768
769 const std::string CONFIG =
770 "rule\n"
771 "{\n"
772 " id \"FixedSignerChecker Interest Rule\"\n"
773 " for interest\n"
774 " filter"
775 " {\n"
776 " type name\n"
777 " name /TestValidatorConfig/MaxKeyTest\n"
778 " relation is-strict-prefix-of\n"
779 " }\n"
780 " checker\n"
781 " {\n"
782 " type fixed-signer\n"
783 " sig-type rsa-sha256\n"
784 " signer\n"
785 " {\n"
786 " type file\n"
787 " file-name \"trust-anchor-10-1.cert\"\n"
788 " }\n"
789 " signer\n"
790 " {\n"
791 " type file\n"
792 " file-name \"trust-anchor-10-2.cert\"\n"
793 " }\n"
794 " signer\n"
795 " {\n"
796 " type file\n"
797 " file-name \"trust-anchor-10-3.cert\"\n"
798 " }\n"
799 " }\n"
800 "}\n";
801 const boost::filesystem::path CONFIG_PATH =
802 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
803
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]804 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]805 ValidatorConfig validator(face,
806 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
807 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
808 10,
809 2, // Two keys can be tracked
810 time::seconds(1)); // TTL is set to 1 sec
811 validator.load(CONFIG, CONFIG_PATH.native());
812
813 validator.validate(*interest1,
814 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]815 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]816
817 validator.validate(*interest2,
818 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]819 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]820
821 validator.validate(*interest1,
822 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]823 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]824
825 validator.validate(*interest3,
826 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]827 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]828
829 // Should succeed because identity1's key has been cleaned up due to space limit.
830 validator.validate(*interest1,
831 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]832 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]833
834 const boost::filesystem::path CERT_PATH1 =
835 (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
836 boost::filesystem::remove(CERT_PATH1);
837
838 const boost::filesystem::path CERT_PATH2 =
839 (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
840 boost::filesystem::remove(CERT_PATH2);
841
842 const boost::filesystem::path CERT_PATH3 =
843 (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
844 boost::filesystem::remove(CERT_PATH3);
845}
846
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]847BOOST_AUTO_TEST_CASE(MaxKeyTest2)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]848{
849 Name identity("/TestValidatorConfig/MaxKeyTest");
850
851 Name identity1 = identity;
852 identity1.append("Key1");
853 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
854 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
855 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
856 io::save(*idCert1, "trust-anchor-10-1.cert");
857
858 Name identity2 = identity;
859 identity2.append("Key2");
860 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
861 Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
862 shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
863 io::save(*idCert2, "trust-anchor-10-2.cert");
864
865 Name identity3 = identity;
866 identity3.append("Key3");
867 BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
868 Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
869 shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
870 io::save(*idCert3, "trust-anchor-10-3.cert");
871
872 Name identity4 = identity;
873 identity4.append("Key4");
874 BOOST_REQUIRE_NO_THROW(addIdentity(identity4));
875 Name certName4 = m_keyChain.getDefaultCertificateNameForIdentity(identity4);
876 shared_ptr<IdentityCertificate> idCert4 = m_keyChain.getCertificate(certName4);
877 io::save(*idCert4, "trust-anchor-10-4.cert");
878
879
880 Name interestName("/TestValidatorConfig/MaxKeyTest");
881 Name interestName1 = interestName;
882 interestName1.append("1");
883 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
884 Name interestName2 = interestName;
885 interestName2.append("2");
886 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
887 Name interestName3 = interestName;
888 interestName3.append("3");
889 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
890 Name interestName4 = interestName;
891 interestName4.append("4");
892 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
893
894
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]895 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
896 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
897 identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]898 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]899 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
900 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
901 identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]902 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]903 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
904 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
905 identity3)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]906 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]907 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest4,
908 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
909 identity4)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]910
911 const std::string CONFIG =
912 "rule\n"
913 "{\n"
914 " id \"FixedSignerChecker Interest Rule\"\n"
915 " for interest\n"
916 " filter"
917 " {\n"
918 " type name\n"
919 " name /TestValidatorConfig/MaxKeyTest\n"
920 " relation is-strict-prefix-of\n"
921 " }\n"
922 " checker\n"
923 " {\n"
924 " type fixed-signer\n"
925 " sig-type rsa-sha256\n"
926 " signer\n"
927 " {\n"
928 " type file\n"
929 " file-name \"trust-anchor-10-1.cert\"\n"
930 " }\n"
931 " signer\n"
932 " {\n"
933 " type file\n"
934 " file-name \"trust-anchor-10-2.cert\"\n"
935 " }\n"
936 " signer\n"
937 " {\n"
938 " type file\n"
939 " file-name \"trust-anchor-10-3.cert\"\n"
940 " }\n"
941 " signer\n"
942 " {\n"
943 " type file\n"
944 " file-name \"trust-anchor-10-4.cert\"\n"
945 " }\n"
946 " }\n"
947 "}\n";
948 const boost::filesystem::path CONFIG_PATH =
949 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
950
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]951 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]952 ValidatorConfig validator(face,
953 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
954 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
955 10,
956 3, // Two keys can be tracked
957 time::seconds(1)); // TTL is set to 1 sec
958 validator.load(CONFIG, CONFIG_PATH.native());
959
960 validator.validate(*interest1,
961 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]962 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]963
964 validator.validate(*interest2,
965 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]966 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]967
968 validator.validate(*interest3,
969 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]970 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]971
972 validator.validate(*interest1,
973 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]974 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]975
976 validator.validate(*interest2,
977 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]978 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]979
980 validator.validate(*interest3,
981 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]982 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]983
984 sleep(2);
985
986 validator.validate(*interest4,
987 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]988 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]989
990 // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
991 validator.validate(*interest1,
992 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]993 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]994
995 validator.validate(*interest2,
996 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]997 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]998
999 validator.validate(*interest3,
1000 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1001 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1002
1003
1004 const boost::filesystem::path CERT_PATH1 =
1005 (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
1006 boost::filesystem::remove(CERT_PATH1);
1007
1008 const boost::filesystem::path CERT_PATH2 =
1009 (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
1010 boost::filesystem::remove(CERT_PATH2);
1011
1012 const boost::filesystem::path CERT_PATH3 =
1013 (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
1014 boost::filesystem::remove(CERT_PATH3);
1015
1016 const boost::filesystem::path CERT_PATH4 =
1017 (boost::filesystem::current_path() / std::string("trust-anchor-10-4.cert"));
1018 boost::filesystem::remove(CERT_PATH4);
1019}
1020
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1021BOOST_AUTO_TEST_CASE(FixedSignerChecker2)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1022{
1023 Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
1024 BOOST_REQUIRE_NO_THROW(addIdentity(rsaIdentity));
1025 Name rsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(rsaIdentity);
1026
1027 Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
1028 BOOST_REQUIRE_NO_THROW(addIdentity(ecdsaIdentity, EcdsaKeyParams()));
1029 Name ecdsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(ecdsaIdentity);
1030 shared_ptr<IdentityCertificate> ecdsaCert = m_keyChain.getCertificate(ecdsaCertName);
1031 io::save(*ecdsaCert, "trust-anchor-11.cert");
1032
1033
1034 Name dataName("/TestValidatorConfig/FixedSignerChecker2");
1035 shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1036 m_keyChain.sign(*dataRsa,
1037 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1038 rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1039 shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1040 m_keyChain.sign(*dataEcdsa,
1041 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1042 ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1043
1044 shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1045 m_keyChain.sign(*interestRsa,
1046 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1047 rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1048 shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1049 m_keyChain.sign(*interestEcdsa,
1050 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1051 ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1052
1053 const std::string CONFIG =
1054 "rule\n"
1055 "{\n"
1056 " id \"FixedSignerChecker Data Rule\"\n"
1057 " for data\n"
1058 " filter"
1059 " {\n"
1060 " type name\n"
1061 " name /TestValidatorConfig/FixedSignerChecker2\n"
1062 " relation equal\n"
1063 " }\n"
1064 " checker\n"
1065 " {\n"
1066 " type fixed-signer\n"
1067 " sig-type ecdsa-sha256\n"
1068 " signer\n"
1069 " {\n"
1070 " type file\n"
1071 " file-name \"trust-anchor-11.cert\"\n"
1072 " }\n"
1073 " }\n"
1074 "}\n"
1075 "rule\n"
1076 "{\n"
1077 " id \"FixedSignerChecker Interest Rule\"\n"
1078 " for interest\n"
1079 " filter"
1080 " {\n"
1081 " type name\n"
1082 " name /TestValidatorConfig/FixedSignerChecker2\n"
1083 " relation equal\n"
1084 " }\n"
1085 " checker\n"
1086 " {\n"
1087 " type fixed-signer\n"
1088 " sig-type ecdsa-sha256\n"
1089 " signer\n"
1090 " {\n"
1091 " type file\n"
1092 " file-name \"trust-anchor-11.cert\"\n"
1093 " }\n"
1094 " }\n"
1095 "}\n";
1096 const boost::filesystem::path CONFIG_PATH =
1097 (boost::filesystem::current_path() / std::string("unit-test.conf"));
1098
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1099 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1100 ValidatorConfig validator(face);
1101 validator.load(CONFIG, CONFIG_PATH.native());
1102
1103 validator.validate(*dataEcdsa,
1104 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1105 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1106
1107 validator.validate(*dataRsa,
1108 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1109 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1110
1111 validator.validate(*interestEcdsa,
1112 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1113 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1114
1115 validator.validate(*interestRsa,
1116 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1117 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1118
1119 const boost::filesystem::path CERT_PATH =
1120 (boost::filesystem::current_path() / std::string("trust-anchor-11.cert"));
1121 boost::filesystem::remove(CERT_PATH);
1122}
1123
1124
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1125struct FacesFixture : public IdentityManagementTimeFixture
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1126{
1127 FacesFixture()
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1128 : face1(io, m_keyChain, {true, true})
1129 , face2(io, m_keyChain, {true, true})
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1130 , readInterestOffset1(0)
1131 , readDataOffset1(0)
1132 , readInterestOffset2(0)
1133 , readDataOffset2(0)
1134 {
1135 }
1136
1137 bool
1138 passPacket()
1139 {
1140 bool hasPassed = false;
1141
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1142 checkFace(face1.sentInterests, readInterestOffset1, face2, hasPassed);
1143 checkFace(face1.sentData, readDataOffset1, face2, hasPassed);
1144 checkFace(face2.sentInterests, readInterestOffset2, face1, hasPassed);
1145 checkFace(face2.sentInterests, readDataOffset2, face1, hasPassed);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1146
1147 return hasPassed;
1148 }
1149
1150 template<typename Packet>
1151 void
1152 checkFace(std::vector<Packet>& receivedPackets,
1153 size_t& readPacketOffset,
1154 util::DummyClientFace& receiver,
1155 bool& hasPassed)
1156 {
1157 while (receivedPackets.size() > readPacketOffset) {
1158 receiver.receive(receivedPackets[readPacketOffset]);
1159 readPacketOffset++;
1160 hasPassed = true;
1161 }
1162 }
1163
1164 ~FacesFixture()
1165 {
1166 }
1167
1168public:
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1169 util::DummyClientFace face1;
1170 util::DummyClientFace face2;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1171
1172 size_t readInterestOffset1;
1173 size_t readDataOffset1;
1174 size_t readInterestOffset2;
1175 size_t readDataOffset2;
1176};
1177
1178BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
1179{
1180 std::vector<CertificateSubjectDescription> subjectDescription;
1181
1182 Name root("/TestValidatorConfig");
1183 BOOST_REQUIRE_NO_THROW(addIdentity(root));
1184 Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
1185 shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
1186 io::save(*rootCert, "trust-anchor-6.cert");
1187
1188
1189 Name sld("/TestValidatorConfig/HierarchicalChecker");
1190 BOOST_REQUIRE_NO_THROW(addIdentity(sld));
1191 advanceClocks(time::milliseconds(100));
1192 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
1193 shared_ptr<IdentityCertificate> sldCert =
1194 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1195 root,
1196 time::system_clock::now(),
1197 time::system_clock::now() + time::days(7300),
1198 subjectDescription);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1199 m_keyChain.sign(*sldCert,
1200 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1201 root));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1202 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1203
1204 Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
1205 BOOST_REQUIRE_NO_THROW(addIdentity(nld));
1206 advanceClocks(time::milliseconds(100));
1207 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
1208 shared_ptr<IdentityCertificate> nldCert =
1209 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1210 sld,
1211 time::system_clock::now(),
1212 time::system_clock::now() + time::days(7300),
1213 subjectDescription);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1214 m_keyChain.sign(*nldCert,
1215 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1216 sld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1217 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1218
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1219 face1.setInterestFilter(sldCert->getName().getPrefix(-1),
1220 [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1221 RegisterPrefixSuccessCallback(),
1222 [] (const Name&, const std::string&) {});
1223
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1224 face1.setInterestFilter(nldCert->getName().getPrefix(-1),
1225 [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1226 RegisterPrefixSuccessCallback(),
1227 [] (const Name&, const std::string&) {});
1228
1229 Name dataName1 = nld;
1230 dataName1.append("data1");
1231 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1232 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
1233 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1234 nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1235
1236 Name dataName2("/ConfValidatorTest");
1237 dataName2.append("data1");
1238 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1239 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
1240 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1241 nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1242
1243
1244 const std::string CONFIG =
1245 "rule\n"
1246 "{\n"
1247 " id \"Simple3 Rule\"\n"
1248 " for data\n"
1249 " checker\n"
1250 " {\n"
1251 " type hierarchical\n"
1252 " sig-type rsa-sha256\n"
1253 " }\n"
1254 "}\n"
1255 "trust-anchor\n"
1256 "{\n"
1257 " type file\n"
1258 " file-name \"trust-anchor-6.cert\"\n"
1259 "}\n";
1260 const boost::filesystem::path CONFIG_PATH =
1261 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1262
1263
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1264 auto validator = make_shared<ValidatorConfig>(&face2);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1265 validator->load(CONFIG, CONFIG_PATH.native());
1266
1267 advanceClocks(time::milliseconds(2), 100);
1268 validator->validate(*data1,
1269 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1270 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1271
1272 do {
1273 advanceClocks(time::milliseconds(2), 10);
1274 } while (passPacket());
1275
1276 validator->validate(*data2,
1277 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1278 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1279
1280 do {
1281 advanceClocks(time::milliseconds(2), 10);
1282 } while (passPacket());
1283
1284 const boost::filesystem::path CERT_PATH =
1285 (boost::filesystem::current_path() / std::string("trust-anchor-6.cert"));
1286 boost::filesystem::remove(CERT_PATH);
1287}
1288
1289BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
1290{
Junxiao Shid5827ce2016-07-14 20:49:37 +0000[diff] [blame]1291 advanceClocks(time::nanoseconds(1));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1292
1293 std::vector<CertificateSubjectDescription> subjectDescription;
1294
1295 Name root("/TestValidatorConfig");
1296 BOOST_REQUIRE_NO_THROW(addIdentity(root));
1297 Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
1298 shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
1299 io::save(*rootCert, "trust-anchor-8.cert");
1300
1301
1302 Name sld("/TestValidatorConfig/Nrd-1");
1303 BOOST_REQUIRE_NO_THROW(addIdentity(sld));
1304 advanceClocks(time::milliseconds(100));
1305 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
1306 shared_ptr<IdentityCertificate> sldCert =
1307 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1308 root,
1309 time::system_clock::now(),
1310 time::system_clock::now() + time::days(7300),
1311 subjectDescription);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1312 m_keyChain.sign(*sldCert,
1313 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1314 root));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1315 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1316
1317 Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
1318 BOOST_REQUIRE_NO_THROW(addIdentity(nld));
1319 advanceClocks(time::milliseconds(100));
1320 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
1321 shared_ptr<IdentityCertificate> nldCert =
1322 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1323 sld,
1324 time::system_clock::now(),
1325 time::system_clock::now() + time::days(7300),
1326 subjectDescription);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1327 m_keyChain.sign(*nldCert,
1328 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1329 sld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1330 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1331
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1332 face1.setInterestFilter(sldCert->getName().getPrefix(-1),
1333 [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1334 RegisterPrefixSuccessCallback(),
1335 [] (const Name&, const std::string&) {});
1336
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1337 face1.setInterestFilter(nldCert->getName().getPrefix(-1),
1338 [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1339 RegisterPrefixSuccessCallback(),
1340 [] (const Name&, const std::string&) {});
1341
1342 advanceClocks(time::milliseconds(10));
1343 Name interestName1("/localhost/nrd/register/option");
1344 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1345 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
1346 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1347 nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1348
1349 advanceClocks(time::milliseconds(10));
1350 Name interestName2("/localhost/nrd/non-register");
1351 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1352 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
1353 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1354 nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1355
1356 advanceClocks(time::milliseconds(10));
1357 Name interestName3("/localhost/nrd/register/option");
1358 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1359 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
1360 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1361 root)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1362
1363 advanceClocks(time::milliseconds(10));
1364 Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
1365 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
1366
1367 const std::string CONFIG =
1368 "rule\n"
1369 "{\n"
1370 " id \"NRD Prefix Registration Command Rule\"\n"
1371 " for interest\n"
1372 " filter\n"
1373 " {\n"
1374 " type name\n"
1375 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
1376 " }\n"
1377 " checker\n"
1378 " {\n"
1379 " type customized\n"
1380 " sig-type rsa-sha256\n"
1381 " key-locator\n"
1382 " {\n"
1383 " type name\n"
1384 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
1385 " }\n"
1386 " }\n"
1387 "}\n"
1388 "rule\n"
1389 "{\n"
1390 " id \"Testbed Hierarchy Rule\"\n"
1391 " for data\n"
1392 " filter\n"
1393 " {\n"
1394 " type name\n"
1395 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
1396 " }\n"
1397 " checker\n"
1398 " {\n"
1399 " type hierarchical\n"
1400 " sig-type rsa-sha256\n"
1401 " }\n"
1402 "}\n"
1403 "trust-anchor\n"
1404 "{\n"
1405 " type file\n"
1406 " file-name \"trust-anchor-8.cert\"\n"
1407 "}\n";
1408 const boost::filesystem::path CONFIG_PATH =
1409 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1410
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1411 auto validator = make_shared<ValidatorConfig>(&face2);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1412 validator->load(CONFIG, CONFIG_PATH.native());
1413
1414 advanceClocks(time::milliseconds(2), 100);
1415
1416 // should succeed
1417 validator->validate(*interest1,
1418 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1419 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1420
1421 do {
1422 advanceClocks(time::milliseconds(2), 10);
1423 } while (passPacket());
1424
1425 // should fail
1426 validator->validate(*interest2,
1427 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1428 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1429
1430 do {
1431 advanceClocks(time::milliseconds(2), 10);
1432 } while (passPacket());
1433
1434 // should succeed
1435 validator->validate(*interest3,
1436 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1437 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1438
1439 do {
1440 advanceClocks(time::milliseconds(2), 10);
1441 } while (passPacket());
1442
1443 // should fail
1444 validator->validate(*interest4,
1445 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1446 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1447
1448 do {
1449 advanceClocks(time::milliseconds(2), 10);
1450 } while (passPacket());
1451
1452 const boost::filesystem::path CERT_PATH =
1453 (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
1454 boost::filesystem::remove(CERT_PATH);
1455}
1456
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1457struct DirTestFixture : public IdentityManagementTimeFixture
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1458{
1459 DirTestFixture()
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1460 : face(io, m_keyChain, {true, true})
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1461 , validator(&face, ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1462 ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
1463 {
1464 certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
1465 boost::filesystem::create_directory(certDirPath);
1466
1467 firstCertPath = (boost::filesystem::current_path() /
1468 std::string("test-cert-dir") /
1469 std::string("trust-anchor-1.cert"));
1470
1471 secondCertPath = (boost::filesystem::current_path() /
1472 std::string("test-cert-dir") /
1473 std::string("trust-anchor-2.cert"));
1474
1475 firstIdentity = Name("/TestValidatorConfig/Dir/First");
1476 BOOST_REQUIRE_NO_THROW(addIdentity(firstIdentity));
1477 Name firstCertName = m_keyChain.getDefaultCertificateNameForIdentity(firstIdentity);
1478 firstCert = m_keyChain.getCertificate(firstCertName);
1479 io::save(*firstCert, firstCertPath.string());
1480
1481 secondIdentity = Name("/TestValidatorConfig/Dir/Second");
1482 BOOST_REQUIRE_NO_THROW(addIdentity(secondIdentity));
1483 Name secondCertName = m_keyChain.getDefaultCertificateNameForIdentity(secondIdentity);
1484 secondCert = m_keyChain.getCertificate(secondCertName);
1485 }
1486
1487 ~DirTestFixture()
1488 {
1489 boost::filesystem::remove_all(certDirPath);
1490 }
1491
1492public:
1493 boost::filesystem::path certDirPath;
1494 boost::filesystem::path firstCertPath;
1495 boost::filesystem::path secondCertPath;
1496
1497 Name firstIdentity;
1498 Name secondIdentity;
1499
1500 shared_ptr<IdentityCertificate> firstCert;
1501 shared_ptr<IdentityCertificate> secondCert;
1502
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1503 util::DummyClientFace face;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1504 ValidatorConfig validator;
1505};
1506
1507BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
1508{
1509 advanceClocks(time::milliseconds(10));
1510
1511 Name dataName1("/any/data/1");
1512 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1513 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
1514 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1515 firstIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1516
1517 Name dataName2("/any/data/2");
1518 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1519 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
1520 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1521 secondIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1522
1523 std::string CONFIG =
1524 "rule\n"
1525 "{\n"
1526 " id \"Any Rule\"\n"
1527 " for data\n"
1528 " filter\n"
1529 " {\n"
1530 " type name\n"
1531 " regex ^<>*$\n"
1532 " }\n"
1533 " checker\n"
1534 " {\n"
1535 " type customized\n"
1536 " sig-type rsa-sha256\n"
1537 " key-locator\n"
1538 " {\n"
1539 " type name\n"
1540 " regex ^<>*$\n"
1541 " }\n"
1542 " }\n"
1543 "}\n"
1544 "trust-anchor\n"
1545 "{\n"
1546 " type dir\n"
1547 " dir test-cert-dir\n"
1548 " refresh 1s\n"
1549 "}\n";
1550
1551 const boost::filesystem::path CONFIG_PATH =
1552 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1553
1554 validator.load(CONFIG, CONFIG_PATH.native());
1555
1556 advanceClocks(time::milliseconds(10), 20);
1557 validator.validate(*data1,
1558 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1559 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1560 advanceClocks(time::milliseconds(10), 20);
1561
1562 validator.validate(*data2,
1563 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1564 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1565 advanceClocks(time::milliseconds(10), 20);
1566
1567 io::save(*secondCert, secondCertPath.string());
1568 advanceClocks(time::milliseconds(10), 200);
1569
1570 validator.validate(*data1,
1571 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1572 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1573 advanceClocks(time::milliseconds(10), 20);
1574
1575 validator.validate(*data2,
1576 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1577 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1578 advanceClocks(time::milliseconds(10), 20);
1579}
1580
Junxiao Shid5827ce2016-07-14 20:49:37 +0000[diff] [blame]1581BOOST_AUTO_TEST_SUITE_END() // TestValidatorConfig
1582BOOST_AUTO_TEST_SUITE_END() // Security
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1583
1584} // namespace tests
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]1585} // namespace security
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1586} // namespace ndn