Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / e4f8c3bec24566cfe7bfcc505ab39b0bf124ba98 / . / tests / unit-tests / security / validator-config.t.cpp
blob: 1c72e69e58b277778b47af7b8a38ae8a0ebea94c [file] [log] [blame]
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]3 * Copyright (c) 2013-2016 Regents of the University of California.
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#include "security/validator-config.hpp"
23
24#include "security/key-chain.hpp"
25#include "util/io.hpp"
26#include "util/scheduler.hpp"
27#include "util/dummy-client-face.hpp"
28
29#include <boost/asio.hpp>
30
31#include "identity-management-fixture.hpp"
32#include "../identity-management-time-fixture.hpp"
33#include "boost-test.hpp"
34
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]35namespace ndn {
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]36namespace security {
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]37namespace tests {
38
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]39using namespace ndn::tests;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]40
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]41BOOST_FIXTURE_TEST_SUITE(SecurityValidatorConfig, IdentityManagementFixture)
42
43BOOST_AUTO_TEST_CASE(NameFilter)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]44{
45 Name identity("/TestValidatorConfig/NameFilter");
46 identity.appendVersion();
47 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
48 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
49 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
50 io::save(*idCert, "trust-anchor-1.cert");
51
52 Name dataName1("/simple/equal");
53 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]54 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
55 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
56 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]57
58 Name dataName2("/simple/different");
59 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]60 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
61 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
62 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]63
64 std::string CONFIG_1 =
65 "rule\n"
66 "{\n"
67 " id \"Simple Rule\"\n"
68 " for data\n"
69 " filter"
70 " {\n"
71 " type name\n"
72 " name /simple/equal\n"
73 " relation equal\n"
74 " }\n"
75 " checker\n"
76 " {\n"
77 " type customized\n"
78 " sig-type rsa-sha256\n"
79 " key-locator\n"
80 " {\n"
81 " type name\n"
82 " name ";
83
84 std::string CONFIG_2 =
85 "\n"
86 " relation equal\n"
87 " }\n"
88 " }\n"
89 "}\n"
90 "trust-anchor\n"
91 "{\n"
92 " type file\n"
93 " file-name \"trust-anchor-1.cert\"\n"
94 "}\n";
95 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
96
97 const boost::filesystem::path CONFIG_PATH =
98 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
99
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]100 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]101 ValidatorConfig validator(face);
102 validator.load(CONFIG, CONFIG_PATH.native());
103
104 validator.validate(*data1,
105 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]106 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]107
108 validator.validate(*data2,
109 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]110 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]111
112 const boost::filesystem::path CERT_PATH =
113 (boost::filesystem::current_path() / std::string("trust-anchor-1.cert"));
114 boost::filesystem::remove(CERT_PATH);
115}
116
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]117BOOST_AUTO_TEST_CASE(NameFilter2)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]118{
119 Name identity("/TestValidatorConfig/NameFilter2");
120 identity.appendVersion();
121 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
122 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
123 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
124 io::save(*idCert, "trust-anchor-2.cert");
125
126 Name dataName1("/simple/isPrefixOf");
127 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]128 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
129 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
130 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]131
132 Name dataName2("/simple/notPrefixOf");
133 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]134 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
135 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
136 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]137
138 Name dataName3("/simple/isPrefixOf/anotherLevel");
139 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]140 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
141 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
142 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]143
144 std::string CONFIG_1 =
145 "rule\n"
146 "{\n"
147 " id \"Simple2 Rule\"\n"
148 " for data\n"
149 " filter"
150 " {\n"
151 " type name\n"
152 " name /simple/isPrefixOf\n"
153 " relation is-prefix-of\n"
154 " }\n"
155 " checker\n"
156 " {\n"
157 " type customized\n"
158 " sig-type rsa-sha256\n"
159 " key-locator\n"
160 " {\n"
161 " type name\n"
162 " name ";
163
164 std::string CONFIG_2 =
165 "\n"
166 " relation equal\n"
167 " }\n"
168 " }\n"
169 "}\n"
170 "trust-anchor\n"
171 "{\n"
172 " type file\n"
173 " file-name \"trust-anchor-2.cert\"\n"
174 "}\n";
175 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
176
177 const boost::filesystem::path CONFIG_PATH =
178 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
179
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]180 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]181 ValidatorConfig validator(face);
182 validator.load(CONFIG, CONFIG_PATH.native());
183
184 validator.validate(*data1,
185 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]186 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]187
188 validator.validate(*data2,
189 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]190 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]191
192 validator.validate(*data3,
193 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]194 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]195
196 const boost::filesystem::path CERT_PATH =
197 (boost::filesystem::current_path() / std::string("trust-anchor-2.cert"));
198 boost::filesystem::remove(CERT_PATH);
199}
200
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]201BOOST_AUTO_TEST_CASE(NameFilter3)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]202{
203 Name identity("/TestValidatorConfig/NameFilter3");
204 identity.appendVersion();
205 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
206 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
207 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
208 io::save(*idCert, "trust-anchor-3.cert");
209
210 Name dataName1("/simple/isStrictPrefixOf");
211 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]212 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
213 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
214 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]215
216 Name dataName2("/simple");
217 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]218 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
219 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
220 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]221
222 Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
223 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]224 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
225 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
226 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]227
228 std::string CONFIG_1 =
229 "rule\n"
230 "{\n"
231 " id \"Simple3 Rule\"\n"
232 " for data\n"
233 " filter"
234 " {\n"
235 " type name\n"
236 " name /simple/isStrictPrefixOf\n"
237 " relation is-strict-prefix-of\n"
238 " }\n"
239 " checker\n"
240 " {\n"
241 " type customized\n"
242 " sig-type rsa-sha256\n"
243 " key-locator\n"
244 " {\n"
245 " type name\n"
246 " name ";
247
248 std::string CONFIG_2 =
249 "\n"
250 " relation equal\n"
251 " }\n"
252 " }\n"
253 "}\n"
254 "trust-anchor\n"
255 "{\n"
256 " type file\n"
257 " file-name \"trust-anchor-3.cert\"\n"
258 "}\n";
259 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
260
261 const boost::filesystem::path CONFIG_PATH =
262 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
263
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]264 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]265 ValidatorConfig validator(face);
266 validator.load(CONFIG, CONFIG_PATH.native());
267
268 validator.validate(*data1,
269 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]270 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]271
272 validator.validate(*data2,
273 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]274 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]275
276 validator.validate(*data3,
277 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]278 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]279
280 const boost::filesystem::path CERT_PATH =
281 (boost::filesystem::current_path() / std::string("trust-anchor-3.cert"));
282 boost::filesystem::remove(CERT_PATH);
283}
284
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]285BOOST_AUTO_TEST_CASE(NameFilter4)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]286{
287 Name identity("/TestValidatorConfig/NameFilter4");
288 identity.appendVersion();
289 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
290 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
291 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
292 io::save(*idCert, "trust-anchor-4.cert");
293
294 Name dataName1("/simple/regex");
295 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]296 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
297 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
298 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]299
300 Name dataName2("/simple/regex-wrong");
301 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]302 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
303 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
304 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]305
306 Name dataName3("/simple/regex/correct");
307 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]308 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
309 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
310 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]311
312 std::string CONFIG_1 =
313 "rule\n"
314 "{\n"
315 " id \"Simple3 Rule\"\n"
316 " for data\n"
317 " filter"
318 " {\n"
319 " type name\n"
320 " regex ^<simple><regex>\n"
321 " }\n"
322 " checker\n"
323 " {\n"
324 " type customized\n"
325 " sig-type rsa-sha256\n"
326 " key-locator\n"
327 " {\n"
328 " type name\n"
329 " name ";
330
331 std::string CONFIG_2 =
332 "\n"
333 " relation equal\n"
334 " }\n"
335 " }\n"
336 "}\n"
337 "trust-anchor\n"
338 "{\n"
339 " type file\n"
340 " file-name \"trust-anchor-4.cert\"\n"
341 "}\n";
342 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
343
344 const boost::filesystem::path CONFIG_PATH =
345 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
346
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]347 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]348 ValidatorConfig validator(face);
349 validator.load(CONFIG, CONFIG_PATH.native());
350
351 validator.validate(*data1,
352 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]353 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]354
355 validator.validate(*data2,
356 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]357 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]358
359 validator.validate(*data3,
360 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]361 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]362
363 const boost::filesystem::path CERT_PATH =
364 (boost::filesystem::current_path() / std::string("trust-anchor-4.cert"));
365 boost::filesystem::remove(CERT_PATH);
366}
367
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]368BOOST_AUTO_TEST_CASE(KeyLocatorNameChecker1)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]369{
370 Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
371 identity.appendVersion();
372 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
373 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
374 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
375 io::save(*idCert, "trust-anchor-5.cert");
376
377 Name dataName1 = identity;
378 dataName1.append("1");
379 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]380 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
381 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
382 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]383
384 Name dataName2 = identity;
385 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]386 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
387 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
388 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]389
390 Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
391 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]392 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
393 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
394 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]395
396 const std::string CONFIG =
397 "rule\n"
398 "{\n"
399 " id \"Simple3 Rule\"\n"
400 " for data\n"
401 " checker\n"
402 " {\n"
403 " type customized\n"
404 " sig-type rsa-sha256\n"
405 " key-locator\n"
406 " {\n"
407 " type name\n"
408 " hyper-relation\n"
409 " {\n"
410 " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
411 " k-expand \\\\1\\\\2\n"
412 " h-relation is-strict-prefix-of\n"
413 " p-regex ^(<>*)$\n"
414 " p-expand \\\\1\n"
415 " }\n"
416 " }\n"
417 " }\n"
418 "}\n"
419 "trust-anchor\n"
420 "{\n"
421 " type file\n"
422 " file-name \"trust-anchor-5.cert\"\n"
423 "}\n";
424 const boost::filesystem::path CONFIG_PATH =
425 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
426
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]427 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]428 ValidatorConfig validator(face);
429 validator.load(CONFIG, CONFIG_PATH.native());
430
431 validator.validate(*data1,
432 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]433 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]434
435 validator.validate(*data2,
436 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]437 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]438
439 validator.validate(*data3,
440 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]441 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]442
443 const boost::filesystem::path CERT_PATH =
444 (boost::filesystem::current_path() / std::string("trust-anchor-5.cert"));
445 boost::filesystem::remove(CERT_PATH);
446}
447
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]448BOOST_AUTO_TEST_CASE(FixedSignerChecker)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]449{
450 Name identity("/TestValidatorConfig/FixedSignerChecker");
451
452 Name identity1 = identity;
453 identity1.append("1").appendVersion();
454 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
455 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
456 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
457 io::save(*idCert1, "trust-anchor-7.cert");
458
459 Name identity2 = identity;
460 identity2.append("2").appendVersion();
461 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
462
463 Name dataName1 = identity;
464 dataName1.append("data").appendVersion();
465 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]466 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
467 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
468 identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]469
470 Name dataName2 = identity;
471 dataName2.append("data").appendVersion();
472 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]473 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
474 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
475 identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]476
477 Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
478 shared_ptr<Interest> interest = make_shared<Interest>(interestName);
479
480 const std::string CONFIG =
481 "rule\n"
482 "{\n"
483 " id \"FixedSignerChecker Data Rule\"\n"
484 " for data\n"
485 " filter"
486 " {\n"
487 " type name\n"
488 " name /TestValidatorConfig/FixedSignerChecker\n"
489 " relation is-strict-prefix-of\n"
490 " }\n"
491 " checker\n"
492 " {\n"
493 " type fixed-signer\n"
494 " sig-type rsa-sha256\n"
495 " signer\n"
496 " {\n"
497 " type file\n"
498 " file-name \"trust-anchor-7.cert\"\n"
499 " }\n"
500 " }\n"
501 "}\n"
502 "rule\n"
503 "{\n"
504 " id \"FixedSignerChecker Interest Rule\"\n"
505 " for interest\n"
506 " filter"
507 " {\n"
508 " type name\n"
509 " name /TestValidatorConfig/FixedSignerChecker\n"
510 " relation is-strict-prefix-of\n"
511 " }\n"
512 " checker\n"
513 " {\n"
514 " type fixed-signer\n"
515 " sig-type rsa-sha256\n"
516 " signer\n"
517 " {\n"
518 " type file\n"
519 " file-name \"trust-anchor-7.cert\"\n"
520 " }\n"
521 " }\n"
522 "}\n";
523 const boost::filesystem::path CONFIG_PATH =
524 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
525
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]526 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]527 ValidatorConfig validator(face);
528 validator.load(CONFIG, CONFIG_PATH.native());
529
530 validator.validate(*data1,
531 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]532 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]533
534 validator.validate(*data2,
535 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]536 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]537
538 validator.validate(*interest,
539 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]540 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]541
542 const boost::filesystem::path CERT_PATH =
543 (boost::filesystem::current_path() / std::string("trust-anchor-7.cert"));
544 boost::filesystem::remove(CERT_PATH);
545}
546
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]547BOOST_AUTO_TEST_CASE(Reset)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]548{
549 Name root("/TestValidatorConfig/Reload");
550 BOOST_REQUIRE_NO_THROW(addIdentity(root));
551 Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
552 shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
553 io::save(*rootCert, "trust-anchor-8.cert");
554
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]555 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]556
557 const std::string CONFIG =
558 "rule\n"
559 "{\n"
560 " id \"NRD Prefix Registration Command Rule\"\n"
561 " for interest\n"
562 " filter\n"
563 " {\n"
564 " type name\n"
565 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
566 " }\n"
567 " checker\n"
568 " {\n"
569 " type customized\n"
570 " sig-type rsa-sha256\n"
571 " key-locator\n"
572 " {\n"
573 " type name\n"
574 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
575 " }\n"
576 " }\n"
577 "}\n"
578 "rule\n"
579 "{\n"
580 " id \"Testbed Hierarchy Rule\"\n"
581 " for data\n"
582 " filter\n"
583 " {\n"
584 " type name\n"
585 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
586 " }\n"
587 " checker\n"
588 " {\n"
589 " type hierarchical\n"
590 " sig-type rsa-sha256\n"
591 " }\n"
592 "}\n"
593 "trust-anchor\n"
594 "{\n"
595 " type file\n"
596 " file-name \"trust-anchor-8.cert\"\n"
597 "}\n";
598 const boost::filesystem::path CONFIG_PATH =
599 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
600
601
602 shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
603
604 validator->load(CONFIG, CONFIG_PATH.native());
605 BOOST_CHECK_EQUAL(validator->isEmpty(), false);
606
607 validator->reset();
608 BOOST_CHECK(validator->isEmpty());
609
610 const boost::filesystem::path CERT_PATH =
611 (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
612 boost::filesystem::remove(CERT_PATH);
613}
614
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]615BOOST_AUTO_TEST_CASE(TrustAnchorWildcard)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]616{
617 Name identity("/TestValidatorConfig/Wildcard");
618 identity.appendVersion();
619 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
620
621 Name dataName1("/any/data");
622 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]623 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
624 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
625 identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]626
627 std::string CONFIG =
628 "trust-anchor\n"
629 "{\n"
630 " type any\n"
631 "}\n";
632
633 const boost::filesystem::path CONFIG_PATH =
634 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
635
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]636 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]637 ValidatorConfig validator(face);
638 validator.load(CONFIG, CONFIG_PATH.native());
639
640 validator.validate(*data1,
641 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]642 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]643}
644
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]645BOOST_AUTO_TEST_CASE(SignedInterestTest)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]646{
647 Name identity("/TestValidatorConfig/SignedInterestTest");
648
649 Name identity1 = identity;
650 identity1.appendVersion();
651 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
652 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
653 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
654 io::save(*idCert1, "trust-anchor-9.cert");
655
656 Name interestName("/TestValidatorConfig/SignedInterestTest");
657 Name interestName1 = interestName;
658 interestName1.append("1");
659 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
660 Name interestName2 = interestName;
661 interestName2.append("2");
662 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
663
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]664 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
665 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
666 identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]667 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]668 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
669 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
670 identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]671
672 const std::string CONFIG =
673 "rule\n"
674 "{\n"
675 " id \"FixedSignerChecker Interest Rule\"\n"
676 " for interest\n"
677 " filter"
678 " {\n"
679 " type name\n"
680 " name /TestValidatorConfig/SignedInterestTest\n"
681 " relation is-strict-prefix-of\n"
682 " }\n"
683 " checker\n"
684 " {\n"
685 " type fixed-signer\n"
686 " sig-type rsa-sha256\n"
687 " signer\n"
688 " {\n"
689 " type file\n"
690 " file-name \"trust-anchor-9.cert\"\n"
691 " }\n"
692 " }\n"
693 "}\n";
694 const boost::filesystem::path CONFIG_PATH =
695 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
696
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]697 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]698 ValidatorConfig validator(face);
699 validator.load(CONFIG, CONFIG_PATH.native());
700
701 validator.validate(*interest1,
702 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]703 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]704
705 validator.validate(*interest2,
706 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]707 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]708
709 validator.validate(*interest1,
710 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]711 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]712
713 const boost::filesystem::path CERT_PATH =
714 (boost::filesystem::current_path() / std::string("trust-anchor-9.cert"));
715 boost::filesystem::remove(CERT_PATH);
716}
717
718
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]719BOOST_AUTO_TEST_CASE(MaxKeyTest)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]720{
721 Name identity("/TestValidatorConfig/MaxKeyTest");
722
723 Name identity1 = identity;
724 identity1.append("Key1");
725 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
726 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
727 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
728 io::save(*idCert1, "trust-anchor-10-1.cert");
729
730 Name identity2 = identity;
731 identity2.append("Key2");
732 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
733 Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
734 shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
735 io::save(*idCert2, "trust-anchor-10-2.cert");
736
737 Name identity3 = identity;
738 identity3.append("Key3");
739 BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
740 Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
741 shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
742 io::save(*idCert3, "trust-anchor-10-3.cert");
743
744
745 Name interestName("/TestValidatorConfig/MaxKeyTest");
746 Name interestName1 = interestName;
747 interestName1.append("1");
748 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
749 Name interestName2 = interestName;
750 interestName2.append("2");
751 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
752 Name interestName3 = interestName;
753 interestName3.append("3");
754 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
755
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]756 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
757 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
758 identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]759 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]760 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
761 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
762 identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]763 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]764 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
765 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
766 identity3)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]767
768 const std::string CONFIG =
769 "rule\n"
770 "{\n"
771 " id \"FixedSignerChecker Interest Rule\"\n"
772 " for interest\n"
773 " filter"
774 " {\n"
775 " type name\n"
776 " name /TestValidatorConfig/MaxKeyTest\n"
777 " relation is-strict-prefix-of\n"
778 " }\n"
779 " checker\n"
780 " {\n"
781 " type fixed-signer\n"
782 " sig-type rsa-sha256\n"
783 " signer\n"
784 " {\n"
785 " type file\n"
786 " file-name \"trust-anchor-10-1.cert\"\n"
787 " }\n"
788 " signer\n"
789 " {\n"
790 " type file\n"
791 " file-name \"trust-anchor-10-2.cert\"\n"
792 " }\n"
793 " signer\n"
794 " {\n"
795 " type file\n"
796 " file-name \"trust-anchor-10-3.cert\"\n"
797 " }\n"
798 " }\n"
799 "}\n";
800 const boost::filesystem::path CONFIG_PATH =
801 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
802
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]803 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]804 ValidatorConfig validator(face,
805 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
806 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
807 10,
808 2, // Two keys can be tracked
809 time::seconds(1)); // TTL is set to 1 sec
810 validator.load(CONFIG, CONFIG_PATH.native());
811
812 validator.validate(*interest1,
813 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]814 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]815
816 validator.validate(*interest2,
817 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]818 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]819
820 validator.validate(*interest1,
821 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]822 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]823
824 validator.validate(*interest3,
825 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]826 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]827
828 // Should succeed because identity1's key has been cleaned up due to space limit.
829 validator.validate(*interest1,
830 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]831 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]832
833 const boost::filesystem::path CERT_PATH1 =
834 (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
835 boost::filesystem::remove(CERT_PATH1);
836
837 const boost::filesystem::path CERT_PATH2 =
838 (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
839 boost::filesystem::remove(CERT_PATH2);
840
841 const boost::filesystem::path CERT_PATH3 =
842 (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
843 boost::filesystem::remove(CERT_PATH3);
844}
845
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]846BOOST_AUTO_TEST_CASE(MaxKeyTest2)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]847{
848 Name identity("/TestValidatorConfig/MaxKeyTest");
849
850 Name identity1 = identity;
851 identity1.append("Key1");
852 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
853 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
854 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
855 io::save(*idCert1, "trust-anchor-10-1.cert");
856
857 Name identity2 = identity;
858 identity2.append("Key2");
859 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
860 Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
861 shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
862 io::save(*idCert2, "trust-anchor-10-2.cert");
863
864 Name identity3 = identity;
865 identity3.append("Key3");
866 BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
867 Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
868 shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
869 io::save(*idCert3, "trust-anchor-10-3.cert");
870
871 Name identity4 = identity;
872 identity4.append("Key4");
873 BOOST_REQUIRE_NO_THROW(addIdentity(identity4));
874 Name certName4 = m_keyChain.getDefaultCertificateNameForIdentity(identity4);
875 shared_ptr<IdentityCertificate> idCert4 = m_keyChain.getCertificate(certName4);
876 io::save(*idCert4, "trust-anchor-10-4.cert");
877
878
879 Name interestName("/TestValidatorConfig/MaxKeyTest");
880 Name interestName1 = interestName;
881 interestName1.append("1");
882 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
883 Name interestName2 = interestName;
884 interestName2.append("2");
885 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
886 Name interestName3 = interestName;
887 interestName3.append("3");
888 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
889 Name interestName4 = interestName;
890 interestName4.append("4");
891 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
892
893
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]894 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
895 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
896 identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]897 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]898 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
899 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
900 identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]901 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]902 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
903 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
904 identity3)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]905 usleep(10000);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]906 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest4,
907 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
908 identity4)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]909
910 const std::string CONFIG =
911 "rule\n"
912 "{\n"
913 " id \"FixedSignerChecker Interest Rule\"\n"
914 " for interest\n"
915 " filter"
916 " {\n"
917 " type name\n"
918 " name /TestValidatorConfig/MaxKeyTest\n"
919 " relation is-strict-prefix-of\n"
920 " }\n"
921 " checker\n"
922 " {\n"
923 " type fixed-signer\n"
924 " sig-type rsa-sha256\n"
925 " signer\n"
926 " {\n"
927 " type file\n"
928 " file-name \"trust-anchor-10-1.cert\"\n"
929 " }\n"
930 " signer\n"
931 " {\n"
932 " type file\n"
933 " file-name \"trust-anchor-10-2.cert\"\n"
934 " }\n"
935 " signer\n"
936 " {\n"
937 " type file\n"
938 " file-name \"trust-anchor-10-3.cert\"\n"
939 " }\n"
940 " signer\n"
941 " {\n"
942 " type file\n"
943 " file-name \"trust-anchor-10-4.cert\"\n"
944 " }\n"
945 " }\n"
946 "}\n";
947 const boost::filesystem::path CONFIG_PATH =
948 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
949
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]950 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]951 ValidatorConfig validator(face,
952 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
953 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
954 10,
955 3, // Two keys can be tracked
956 time::seconds(1)); // TTL is set to 1 sec
957 validator.load(CONFIG, CONFIG_PATH.native());
958
959 validator.validate(*interest1,
960 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]961 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]962
963 validator.validate(*interest2,
964 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]965 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]966
967 validator.validate(*interest3,
968 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]969 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]970
971 validator.validate(*interest1,
972 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]973 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]974
975 validator.validate(*interest2,
976 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]977 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]978
979 validator.validate(*interest3,
980 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]981 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]982
983 sleep(2);
984
985 validator.validate(*interest4,
986 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]987 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]988
989 // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
990 validator.validate(*interest1,
991 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]992 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]993
994 validator.validate(*interest2,
995 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]996 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]997
998 validator.validate(*interest3,
999 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1000 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1001
1002
1003 const boost::filesystem::path CERT_PATH1 =
1004 (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
1005 boost::filesystem::remove(CERT_PATH1);
1006
1007 const boost::filesystem::path CERT_PATH2 =
1008 (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
1009 boost::filesystem::remove(CERT_PATH2);
1010
1011 const boost::filesystem::path CERT_PATH3 =
1012 (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
1013 boost::filesystem::remove(CERT_PATH3);
1014
1015 const boost::filesystem::path CERT_PATH4 =
1016 (boost::filesystem::current_path() / std::string("trust-anchor-10-4.cert"));
1017 boost::filesystem::remove(CERT_PATH4);
1018}
1019
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1020BOOST_AUTO_TEST_CASE(FixedSignerChecker2)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1021{
1022 Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
1023 BOOST_REQUIRE_NO_THROW(addIdentity(rsaIdentity));
1024 Name rsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(rsaIdentity);
1025
1026 Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
1027 BOOST_REQUIRE_NO_THROW(addIdentity(ecdsaIdentity, EcdsaKeyParams()));
1028 Name ecdsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(ecdsaIdentity);
1029 shared_ptr<IdentityCertificate> ecdsaCert = m_keyChain.getCertificate(ecdsaCertName);
1030 io::save(*ecdsaCert, "trust-anchor-11.cert");
1031
1032
1033 Name dataName("/TestValidatorConfig/FixedSignerChecker2");
1034 shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1035 m_keyChain.sign(*dataRsa,
1036 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1037 rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1038 shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1039 m_keyChain.sign(*dataEcdsa,
1040 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1041 ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1042
1043 shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1044 m_keyChain.sign(*interestRsa,
1045 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1046 rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1047 shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1048 m_keyChain.sign(*interestEcdsa,
1049 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1050 ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1051
1052 const std::string CONFIG =
1053 "rule\n"
1054 "{\n"
1055 " id \"FixedSignerChecker Data Rule\"\n"
1056 " for data\n"
1057 " filter"
1058 " {\n"
1059 " type name\n"
1060 " name /TestValidatorConfig/FixedSignerChecker2\n"
1061 " relation equal\n"
1062 " }\n"
1063 " checker\n"
1064 " {\n"
1065 " type fixed-signer\n"
1066 " sig-type ecdsa-sha256\n"
1067 " signer\n"
1068 " {\n"
1069 " type file\n"
1070 " file-name \"trust-anchor-11.cert\"\n"
1071 " }\n"
1072 " }\n"
1073 "}\n"
1074 "rule\n"
1075 "{\n"
1076 " id \"FixedSignerChecker Interest Rule\"\n"
1077 " for interest\n"
1078 " filter"
1079 " {\n"
1080 " type name\n"
1081 " name /TestValidatorConfig/FixedSignerChecker2\n"
1082 " relation equal\n"
1083 " }\n"
1084 " checker\n"
1085 " {\n"
1086 " type fixed-signer\n"
1087 " sig-type ecdsa-sha256\n"
1088 " signer\n"
1089 " {\n"
1090 " type file\n"
1091 " file-name \"trust-anchor-11.cert\"\n"
1092 " }\n"
1093 " }\n"
1094 "}\n";
1095 const boost::filesystem::path CONFIG_PATH =
1096 (boost::filesystem::current_path() / std::string("unit-test.conf"));
1097
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1098 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1099 ValidatorConfig validator(face);
1100 validator.load(CONFIG, CONFIG_PATH.native());
1101
1102 validator.validate(*dataEcdsa,
1103 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1104 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1105
1106 validator.validate(*dataRsa,
1107 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1108 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1109
1110 validator.validate(*interestEcdsa,
1111 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1112 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1113
1114 validator.validate(*interestRsa,
1115 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1116 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1117
1118 const boost::filesystem::path CERT_PATH =
1119 (boost::filesystem::current_path() / std::string("trust-anchor-11.cert"));
1120 boost::filesystem::remove(CERT_PATH);
1121}
1122
1123
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1124struct FacesFixture : public IdentityManagementTimeFixture
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1125{
1126 FacesFixture()
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1127 : face1(io, m_keyChain, {true, true})
1128 , face2(io, m_keyChain, {true, true})
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1129 , readInterestOffset1(0)
1130 , readDataOffset1(0)
1131 , readInterestOffset2(0)
1132 , readDataOffset2(0)
1133 {
1134 }
1135
1136 bool
1137 passPacket()
1138 {
1139 bool hasPassed = false;
1140
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1141 checkFace(face1.sentInterests, readInterestOffset1, face2, hasPassed);
1142 checkFace(face1.sentData, readDataOffset1, face2, hasPassed);
1143 checkFace(face2.sentInterests, readInterestOffset2, face1, hasPassed);
1144 checkFace(face2.sentInterests, readDataOffset2, face1, hasPassed);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1145
1146 return hasPassed;
1147 }
1148
1149 template<typename Packet>
1150 void
1151 checkFace(std::vector<Packet>& receivedPackets,
1152 size_t& readPacketOffset,
1153 util::DummyClientFace& receiver,
1154 bool& hasPassed)
1155 {
1156 while (receivedPackets.size() > readPacketOffset) {
1157 receiver.receive(receivedPackets[readPacketOffset]);
1158 readPacketOffset++;
1159 hasPassed = true;
1160 }
1161 }
1162
1163 ~FacesFixture()
1164 {
1165 }
1166
1167public:
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1168 util::DummyClientFace face1;
1169 util::DummyClientFace face2;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1170
1171 size_t readInterestOffset1;
1172 size_t readDataOffset1;
1173 size_t readInterestOffset2;
1174 size_t readDataOffset2;
1175};
1176
1177BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
1178{
1179 std::vector<CertificateSubjectDescription> subjectDescription;
1180
1181 Name root("/TestValidatorConfig");
1182 BOOST_REQUIRE_NO_THROW(addIdentity(root));
1183 Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
1184 shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
1185 io::save(*rootCert, "trust-anchor-6.cert");
1186
1187
1188 Name sld("/TestValidatorConfig/HierarchicalChecker");
1189 BOOST_REQUIRE_NO_THROW(addIdentity(sld));
1190 advanceClocks(time::milliseconds(100));
1191 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
1192 shared_ptr<IdentityCertificate> sldCert =
1193 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1194 root,
1195 time::system_clock::now(),
1196 time::system_clock::now() + time::days(7300),
1197 subjectDescription);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1198 m_keyChain.sign(*sldCert,
1199 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1200 root));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1201 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1202
1203 Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
1204 BOOST_REQUIRE_NO_THROW(addIdentity(nld));
1205 advanceClocks(time::milliseconds(100));
1206 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
1207 shared_ptr<IdentityCertificate> nldCert =
1208 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1209 sld,
1210 time::system_clock::now(),
1211 time::system_clock::now() + time::days(7300),
1212 subjectDescription);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1213 m_keyChain.sign(*nldCert,
1214 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1215 sld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1216 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1217
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1218 face1.setInterestFilter(sldCert->getName().getPrefix(-1),
1219 [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1220 RegisterPrefixSuccessCallback(),
1221 [] (const Name&, const std::string&) {});
1222
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1223 face1.setInterestFilter(nldCert->getName().getPrefix(-1),
1224 [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1225 RegisterPrefixSuccessCallback(),
1226 [] (const Name&, const std::string&) {});
1227
1228 Name dataName1 = nld;
1229 dataName1.append("data1");
1230 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1231 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
1232 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1233 nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1234
1235 Name dataName2("/ConfValidatorTest");
1236 dataName2.append("data1");
1237 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1238 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
1239 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1240 nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1241
1242
1243 const std::string CONFIG =
1244 "rule\n"
1245 "{\n"
1246 " id \"Simple3 Rule\"\n"
1247 " for data\n"
1248 " checker\n"
1249 " {\n"
1250 " type hierarchical\n"
1251 " sig-type rsa-sha256\n"
1252 " }\n"
1253 "}\n"
1254 "trust-anchor\n"
1255 "{\n"
1256 " type file\n"
1257 " file-name \"trust-anchor-6.cert\"\n"
1258 "}\n";
1259 const boost::filesystem::path CONFIG_PATH =
1260 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1261
1262
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1263 auto validator = make_shared<ValidatorConfig>(&face2);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1264 validator->load(CONFIG, CONFIG_PATH.native());
1265
1266 advanceClocks(time::milliseconds(2), 100);
1267 validator->validate(*data1,
1268 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1269 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1270
1271 do {
1272 advanceClocks(time::milliseconds(2), 10);
1273 } while (passPacket());
1274
1275 validator->validate(*data2,
1276 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1277 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1278
1279 do {
1280 advanceClocks(time::milliseconds(2), 10);
1281 } while (passPacket());
1282
1283 const boost::filesystem::path CERT_PATH =
1284 (boost::filesystem::current_path() / std::string("trust-anchor-6.cert"));
1285 boost::filesystem::remove(CERT_PATH);
1286}
1287
1288BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
1289{
1290 advanceClocks(time::milliseconds(0));
1291
1292 std::vector<CertificateSubjectDescription> subjectDescription;
1293
1294 Name root("/TestValidatorConfig");
1295 BOOST_REQUIRE_NO_THROW(addIdentity(root));
1296 Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
1297 shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
1298 io::save(*rootCert, "trust-anchor-8.cert");
1299
1300
1301 Name sld("/TestValidatorConfig/Nrd-1");
1302 BOOST_REQUIRE_NO_THROW(addIdentity(sld));
1303 advanceClocks(time::milliseconds(100));
1304 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
1305 shared_ptr<IdentityCertificate> sldCert =
1306 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1307 root,
1308 time::system_clock::now(),
1309 time::system_clock::now() + time::days(7300),
1310 subjectDescription);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1311 m_keyChain.sign(*sldCert,
1312 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1313 root));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1314 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1315
1316 Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
1317 BOOST_REQUIRE_NO_THROW(addIdentity(nld));
1318 advanceClocks(time::milliseconds(100));
1319 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
1320 shared_ptr<IdentityCertificate> nldCert =
1321 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1322 sld,
1323 time::system_clock::now(),
1324 time::system_clock::now() + time::days(7300),
1325 subjectDescription);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1326 m_keyChain.sign(*nldCert,
1327 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1328 sld));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1329 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1330
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1331 face1.setInterestFilter(sldCert->getName().getPrefix(-1),
1332 [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1333 RegisterPrefixSuccessCallback(),
1334 [] (const Name&, const std::string&) {});
1335
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1336 face1.setInterestFilter(nldCert->getName().getPrefix(-1),
1337 [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1338 RegisterPrefixSuccessCallback(),
1339 [] (const Name&, const std::string&) {});
1340
1341 advanceClocks(time::milliseconds(10));
1342 Name interestName1("/localhost/nrd/register/option");
1343 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1344 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
1345 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1346 nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1347
1348 advanceClocks(time::milliseconds(10));
1349 Name interestName2("/localhost/nrd/non-register");
1350 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1351 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
1352 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1353 nld)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1354
1355 advanceClocks(time::milliseconds(10));
1356 Name interestName3("/localhost/nrd/register/option");
1357 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1358 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
1359 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1360 root)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1361
1362 advanceClocks(time::milliseconds(10));
1363 Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
1364 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
1365
1366 const std::string CONFIG =
1367 "rule\n"
1368 "{\n"
1369 " id \"NRD Prefix Registration Command Rule\"\n"
1370 " for interest\n"
1371 " filter\n"
1372 " {\n"
1373 " type name\n"
1374 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
1375 " }\n"
1376 " checker\n"
1377 " {\n"
1378 " type customized\n"
1379 " sig-type rsa-sha256\n"
1380 " key-locator\n"
1381 " {\n"
1382 " type name\n"
1383 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
1384 " }\n"
1385 " }\n"
1386 "}\n"
1387 "rule\n"
1388 "{\n"
1389 " id \"Testbed Hierarchy Rule\"\n"
1390 " for data\n"
1391 " filter\n"
1392 " {\n"
1393 " type name\n"
1394 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
1395 " }\n"
1396 " checker\n"
1397 " {\n"
1398 " type hierarchical\n"
1399 " sig-type rsa-sha256\n"
1400 " }\n"
1401 "}\n"
1402 "trust-anchor\n"
1403 "{\n"
1404 " type file\n"
1405 " file-name \"trust-anchor-8.cert\"\n"
1406 "}\n";
1407 const boost::filesystem::path CONFIG_PATH =
1408 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1409
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1410 auto validator = make_shared<ValidatorConfig>(&face2);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1411 validator->load(CONFIG, CONFIG_PATH.native());
1412
1413 advanceClocks(time::milliseconds(2), 100);
1414
1415 // should succeed
1416 validator->validate(*interest1,
1417 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1418 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1419
1420 do {
1421 advanceClocks(time::milliseconds(2), 10);
1422 } while (passPacket());
1423
1424 // should fail
1425 validator->validate(*interest2,
1426 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1427 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1428
1429 do {
1430 advanceClocks(time::milliseconds(2), 10);
1431 } while (passPacket());
1432
1433 // should succeed
1434 validator->validate(*interest3,
1435 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1436 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1437
1438 do {
1439 advanceClocks(time::milliseconds(2), 10);
1440 } while (passPacket());
1441
1442 // should fail
1443 validator->validate(*interest4,
1444 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1445 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1446
1447 do {
1448 advanceClocks(time::milliseconds(2), 10);
1449 } while (passPacket());
1450
1451 const boost::filesystem::path CERT_PATH =
1452 (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
1453 boost::filesystem::remove(CERT_PATH);
1454}
1455
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1456struct DirTestFixture : public IdentityManagementTimeFixture
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1457{
1458 DirTestFixture()
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1459 : face(io, m_keyChain, {true, true})
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1460 , validator(&face, ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1461 ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
1462 {
1463 certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
1464 boost::filesystem::create_directory(certDirPath);
1465
1466 firstCertPath = (boost::filesystem::current_path() /
1467 std::string("test-cert-dir") /
1468 std::string("trust-anchor-1.cert"));
1469
1470 secondCertPath = (boost::filesystem::current_path() /
1471 std::string("test-cert-dir") /
1472 std::string("trust-anchor-2.cert"));
1473
1474 firstIdentity = Name("/TestValidatorConfig/Dir/First");
1475 BOOST_REQUIRE_NO_THROW(addIdentity(firstIdentity));
1476 Name firstCertName = m_keyChain.getDefaultCertificateNameForIdentity(firstIdentity);
1477 firstCert = m_keyChain.getCertificate(firstCertName);
1478 io::save(*firstCert, firstCertPath.string());
1479
1480 secondIdentity = Name("/TestValidatorConfig/Dir/Second");
1481 BOOST_REQUIRE_NO_THROW(addIdentity(secondIdentity));
1482 Name secondCertName = m_keyChain.getDefaultCertificateNameForIdentity(secondIdentity);
1483 secondCert = m_keyChain.getCertificate(secondCertName);
1484 }
1485
1486 ~DirTestFixture()
1487 {
1488 boost::filesystem::remove_all(certDirPath);
1489 }
1490
1491public:
1492 boost::filesystem::path certDirPath;
1493 boost::filesystem::path firstCertPath;
1494 boost::filesystem::path secondCertPath;
1495
1496 Name firstIdentity;
1497 Name secondIdentity;
1498
1499 shared_ptr<IdentityCertificate> firstCert;
1500 shared_ptr<IdentityCertificate> secondCert;
1501
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -0800[diff] [blame]1502 util::DummyClientFace face;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1503 ValidatorConfig validator;
1504};
1505
1506BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
1507{
1508 advanceClocks(time::milliseconds(10));
1509
1510 Name dataName1("/any/data/1");
1511 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1512 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
1513 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1514 firstIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1515
1516 Name dataName2("/any/data/2");
1517 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]1518 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
1519 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
1520 secondIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1521
1522 std::string CONFIG =
1523 "rule\n"
1524 "{\n"
1525 " id \"Any Rule\"\n"
1526 " for data\n"
1527 " filter\n"
1528 " {\n"
1529 " type name\n"
1530 " regex ^<>*$\n"
1531 " }\n"
1532 " checker\n"
1533 " {\n"
1534 " type customized\n"
1535 " sig-type rsa-sha256\n"
1536 " key-locator\n"
1537 " {\n"
1538 " type name\n"
1539 " regex ^<>*$\n"
1540 " }\n"
1541 " }\n"
1542 "}\n"
1543 "trust-anchor\n"
1544 "{\n"
1545 " type dir\n"
1546 " dir test-cert-dir\n"
1547 " refresh 1s\n"
1548 "}\n";
1549
1550 const boost::filesystem::path CONFIG_PATH =
1551 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1552
1553 validator.load(CONFIG, CONFIG_PATH.native());
1554
1555 advanceClocks(time::milliseconds(10), 20);
1556 validator.validate(*data1,
1557 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1558 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1559 advanceClocks(time::milliseconds(10), 20);
1560
1561 validator.validate(*data2,
1562 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1563 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1564 advanceClocks(time::milliseconds(10), 20);
1565
1566 io::save(*secondCert, secondCertPath.string());
1567 advanceClocks(time::milliseconds(10), 200);
1568
1569 validator.validate(*data1,
1570 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1571 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1572 advanceClocks(time::milliseconds(10), 20);
1573
1574 validator.validate(*data2,
1575 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1576 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1577 advanceClocks(time::milliseconds(10), 20);
1578}
1579
1580BOOST_AUTO_TEST_SUITE_END()
1581
1582} // namespace tests
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame^]1583} // namespace security
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]1584} // namespace ndn