Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / eee3e823c27283e7e758b4fcf2ec3e99ac3a4efc / . / tests / unit-tests / security / key-chain.t.cpp
blob: 8009daa0df689bf0693e989fc2ba4acc36c24e58 [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]2/**
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]3 * Copyright (c) 2013-2016 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]6 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]20 */
21
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]22#include "security/key-chain.hpp"
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]23#include "security/validator.hpp"
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]24#include "security/signing-helpers.hpp"
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]25
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]26#include "boost-test.hpp"
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]27#include "dummy-keychain.hpp"
Davide Pesaventoeee3e822016-11-26 19:19:34 +0100[diff] [blame^]28#include "../test-home-env-saver.hpp"
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]29#include "key-chain-fixture.hpp"
30#include "identity-management-fixture.hpp"
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]31
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]32#include <boost/algorithm/string.hpp>
Davide Pesaventoeee3e822016-11-26 19:19:34 +0100[diff] [blame^]33#include <boost/filesystem.hpp>
34#include <cstdlib>
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]35
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]36namespace ndn {
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]37namespace security {
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]38namespace tests {
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]39
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]40using namespace ndn::tests;
41
Davide Pesaventoeee3e822016-11-26 19:19:34 +0100[diff] [blame^]42BOOST_AUTO_TEST_SUITE(Security)
43BOOST_FIXTURE_TEST_SUITE(TestKeyChain, TestHomeEnvSaver)
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]44
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]45template<class Path>
Alexander Afanasyevcf490552016-06-27 22:51:36 -0700[diff] [blame]46class TestHomeAndPibFixture : public TestHomeFixture<Path>
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]47{
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]48public:
49 TestHomeAndPibFixture()
50 {
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]51 unsetenv("NDN_CLIENT_PIB");
52 unsetenv("NDN_CLIENT_TPM");
53 }
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]54};
55
56struct PibPathSqlite3File
57{
58 const std::string PATH = "build/keys-sqlite3-file/";
59};
60
61BOOST_FIXTURE_TEST_CASE(ConstructorNormalConfig, TestHomeAndPibFixture<PibPathSqlite3File>)
62{
63 createClientConf({"pib=pib-sqlite3:%PATH%", "tpm=tpm-file:%PATH%"});
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]64
65 BOOST_REQUIRE_NO_THROW(KeyChain());
66
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]67 KeyChain keyChain;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]68 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-sqlite3:" + m_pibDir);
69 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-file:" + m_pibDir);
70 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-file:" + m_pibDir);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]71}
72
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]73struct PibPathSqlite3Empty
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]74{
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]75 const std::string PATH = "build/keys-sqlite3-empty/";
76};
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]77
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]78BOOST_FIXTURE_TEST_CASE(ConstructorEmptyConfig, TestHomeAndPibFixture<PibPathSqlite3Empty>)
79{
80 createClientConf({"pib=pib-sqlite3:%PATH%"});
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]81
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]82#if defined(NDN_CXX_HAVE_OSX_SECURITY)
83 std::string oldHOME;
84 if (std::getenv("OLD_HOME"))
85 oldHOME = std::getenv("OLD_HOME");
86
87 std::string HOME;
88 if (std::getenv("HOME"))
89 HOME = std::getenv("HOME");
90
91 if (!oldHOME.empty())
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]92 setenv("HOME", oldHOME.c_str(), true);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]93 else
94 unsetenv("HOME");
95#endif
96
97 BOOST_REQUIRE_NO_THROW(KeyChain());
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]98 KeyChain keyChain;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]99 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-sqlite3:" + m_pibDir);
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]100
101#if defined(NDN_CXX_HAVE_OSX_SECURITY)
102 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-osxkeychain:");
103 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-osxkeychain:");
104#else
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]105 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-file:");
106 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-file:");
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]107#endif
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]108
109#if defined(NDN_CXX_HAVE_OSX_SECURITY)
110 if (!HOME.empty())
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]111 setenv("HOME", HOME.c_str(), true);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]112 else
113 unsetenv("HOME");
114#endif
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]115}
116
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]117struct PibPathEmptyFile
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]118{
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]119 const std::string PATH = "build/keys-empty-file/";
120};
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]121
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]122BOOST_FIXTURE_TEST_CASE(ConstructorEmpty2Config, TestHomeAndPibFixture<PibPathEmptyFile>)
123{
124 createClientConf({"tpm=tpm-file:%PATH%"});
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]125
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]126 BOOST_REQUIRE_NO_THROW(KeyChain());
127
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]128 KeyChain keyChain;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]129 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-sqlite3:");
130 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-file:" + m_pibDir);
131 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-file:" + m_pibDir);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]132}
133
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]134BOOST_FIXTURE_TEST_CASE(ConstructorMalConfig, TestHomeAndPibFixture<DefaultPibDir>)
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]135{
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]136 createClientConf({"pib=lord", "tpm=ring"});
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]137
138 BOOST_REQUIRE_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected.
139}
140
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]141BOOST_FIXTURE_TEST_CASE(ConstructorMal2Config, TestHomeAndPibFixture<DefaultPibDir>)
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]142{
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]143 createClientConf({"pib=pib-sqlite3:%PATH%", "tpm=just-wrong"});
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]144 BOOST_REQUIRE_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected.
145}
146
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]147BOOST_FIXTURE_TEST_CASE(ExportIdentity, IdentityManagementFixture)
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]148{
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]149 Name identity("/TestKeyChain/ExportIdentity/");
150 identity.appendVersion();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]151 addIdentity(identity);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]152
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]153 shared_ptr<SecuredBag> exported = m_keyChain.exportIdentity(identity, "1234");
Yingdi Yu64c3fb42014-02-26 17:30:04 -0800[diff] [blame]154
155 Block block = exported->wireEncode();
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]156
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]157 Name keyName = m_keyChain.getDefaultKeyNameForIdentity(identity);
158 Name certName = m_keyChain.getDefaultCertificateNameForKey(keyName);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]159
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]160 m_keyChain.deleteIdentity(identity);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]161
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]162 BOOST_CHECK_EQUAL(m_keyChain.doesIdentityExist(identity), false);
163 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName), false);
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]164 BOOST_CHECK_EQUAL(m_keyChain.doesKeyExistInTpm(keyName, KeyClass::PRIVATE), false);
165 BOOST_CHECK_EQUAL(m_keyChain.doesKeyExistInTpm(keyName, KeyClass::PUBLIC), false);
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]166 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName), false);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]167
Yingdi Yu64c3fb42014-02-26 17:30:04 -0800[diff] [blame]168 SecuredBag imported;
169 imported.wireDecode(block);
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]170 m_keyChain.importIdentity(imported, "1234");
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]171
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]172 BOOST_CHECK(m_keyChain.doesIdentityExist(identity));
173 BOOST_CHECK(m_keyChain.doesPublicKeyExist(keyName));
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]174 BOOST_CHECK(m_keyChain.doesKeyExistInTpm(keyName, KeyClass::PRIVATE));
175 BOOST_CHECK(m_keyChain.doesKeyExistInTpm(keyName, KeyClass::PUBLIC));
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]176 BOOST_CHECK(m_keyChain.doesCertificateExist(certName));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]177}
178
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]179BOOST_FIXTURE_TEST_CASE(PrepareIdentityCertificate, IdentityManagementFixture)
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]180{
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]181 Name identity("/TestKeyChain/PrepareIdentityCertificate/");
182 identity.appendVersion();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]183 addIdentity(identity);
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]184
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]185 std::vector<v1::CertificateSubjectDescription> subjectDescription;
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]186 Name lowerIdentity = identity;
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]187 lowerIdentity.append("Lower").appendVersion();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]188 Name lowerKeyName = m_keyChain.generateRsaKeyPair(lowerIdentity, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]189 shared_ptr<v1::IdentityCertificate> idCert =
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]190 m_keyChain.prepareUnsignedIdentityCertificate(lowerKeyName, identity,
191 time::system_clock::now(),
192 time::system_clock::now() + time::days(365),
193 subjectDescription);
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]194 BOOST_CHECK(static_cast<bool>(idCert));
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]195 BOOST_CHECK_EQUAL(idCert->getName().getPrefix(5),
196 Name().append(identity).append("KEY").append("Lower"));
Junxiao Shi8ca43252015-06-11 21:29:43 -0700[diff] [blame]197 BOOST_CHECK(idCert->getFreshnessPeriod() >= time::milliseconds::zero());
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]198
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]199 shared_ptr<v1::IdentityCertificate> idCert11 =
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]200 m_keyChain.prepareUnsignedIdentityCertificate(lowerKeyName, identity,
201 time::system_clock::now(),
202 time::system_clock::now() + time::days(365),
203 subjectDescription,
204 lowerIdentity);
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]205 BOOST_CHECK(static_cast<bool>(idCert11));
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]206 BOOST_CHECK_EQUAL(idCert11->getName().getPrefix(6),
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]207 Name().append(lowerIdentity).append("KEY"));
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]208
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]209 Name anotherIdentity("/TestKeyChain/PrepareIdentityCertificate/Another/");
210 anotherIdentity.appendVersion();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]211 Name anotherKeyName = m_keyChain.generateRsaKeyPair(anotherIdentity, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]212 shared_ptr<v1::IdentityCertificate> idCert2 =
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]213 m_keyChain.prepareUnsignedIdentityCertificate(anotherKeyName, identity,
214 time::system_clock::now(),
215 time::system_clock::now() + time::days(365),
216 subjectDescription);
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]217 BOOST_CHECK(static_cast<bool>(idCert2));
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]218 BOOST_CHECK_EQUAL(idCert2->getName().getPrefix(5), Name().append(anotherIdentity).append("KEY"));
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]219
220
221 Name wrongKeyName1;
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]222 shared_ptr<v1::IdentityCertificate> idCert3 =
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]223 m_keyChain.prepareUnsignedIdentityCertificate(wrongKeyName1, identity,
224 time::system_clock::now(),
225 time::system_clock::now() + time::days(365),
226 subjectDescription);
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]227 BOOST_CHECK_EQUAL(static_cast<bool>(idCert3), false);
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]228
229
230 Name wrongKeyName2("/TestKeyChain/PrepareIdentityCertificate");
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]231 shared_ptr<v1::IdentityCertificate> idCert4 =
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]232 m_keyChain.prepareUnsignedIdentityCertificate(wrongKeyName2, identity,
233 time::system_clock::now(),
234 time::system_clock::now() + time::days(365),
235 subjectDescription);
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]236 BOOST_CHECK_EQUAL(static_cast<bool>(idCert4), false);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]237
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]238
239 Name wrongKeyName3("/TestKeyChain/PrepareIdentityCertificate/ksk-1234");
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]240 shared_ptr<v1::IdentityCertificate> idCert5 =
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]241 m_keyChain.prepareUnsignedIdentityCertificate(wrongKeyName3, identity,
242 time::system_clock::now(),
243 time::system_clock::now() + time::days(365),
244 subjectDescription);
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]245 BOOST_CHECK_EQUAL(static_cast<bool>(idCert5), false);
Yingdi Yuc55680b2014-02-26 12:31:35 -0800[diff] [blame]246}
247
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]248BOOST_FIXTURE_TEST_CASE(Delete, IdentityManagementFixture)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]249{
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]250 Name identity("/TestSecPublicInfoSqlite3/Delete");
251 identity.appendVersion();
252
253 Name certName1;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]254 BOOST_REQUIRE_NO_THROW(certName1 = m_keyChain.createIdentity(identity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]255
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]256 Name keyName1 = v1::IdentityCertificate::certificateNameToPublicKeyName(certName1);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]257 Name keyName2;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]258 BOOST_REQUIRE_NO_THROW(keyName2 = m_keyChain.generateRsaKeyPairAsDefault(identity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]259
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]260 shared_ptr<v1::IdentityCertificate> cert2;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]261 BOOST_REQUIRE_NO_THROW(cert2 = m_keyChain.selfSign(keyName2));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]262 Name certName2 = cert2->getName();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]263 BOOST_REQUIRE_NO_THROW(m_keyChain.addCertificateAsKeyDefault(*cert2));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]264
265 Name keyName3;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]266 BOOST_REQUIRE_NO_THROW(keyName3 = m_keyChain.generateRsaKeyPairAsDefault(identity));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]267
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]268 shared_ptr<v1::IdentityCertificate> cert3;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]269 BOOST_REQUIRE_NO_THROW(cert3 = m_keyChain.selfSign(keyName3));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]270 Name certName3 = cert3->getName();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]271 BOOST_REQUIRE_NO_THROW(m_keyChain.addCertificateAsKeyDefault(*cert3));
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]272 shared_ptr<v1::IdentityCertificate> cert4;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]273 BOOST_REQUIRE_NO_THROW(cert4 = m_keyChain.selfSign(keyName3));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]274 Name certName4 = cert4->getName();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]275 BOOST_REQUIRE_NO_THROW(m_keyChain.addCertificateAsKeyDefault(*cert4));
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]276 shared_ptr<v1::IdentityCertificate> cert5;
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]277 BOOST_REQUIRE_NO_THROW(cert5 = m_keyChain.selfSign(keyName3));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]278 Name certName5 = cert5->getName();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]279 BOOST_REQUIRE_NO_THROW(m_keyChain.addCertificateAsKeyDefault(*cert5));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]280
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]281 BOOST_CHECK_EQUAL(m_keyChain.doesIdentityExist(identity), true);
282 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName1), true);
283 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName2), true);
284 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName3), true);
285 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName1), true);
286 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName2), true);
287 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName3), true);
288 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName4), true);
289 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName5), true);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]290
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]291 BOOST_REQUIRE_NO_THROW(m_keyChain.deleteCertificate(certName5));
292 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName5), false);
293 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName3), true);
294 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName4), true);
295 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName3), true);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]296
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]297 BOOST_REQUIRE_NO_THROW(m_keyChain.deleteKey(keyName3));
298 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName4), false);
299 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName3), false);
300 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName3), false);
301 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName2), true);
302 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName1), true);
303 BOOST_CHECK_EQUAL(m_keyChain.doesIdentityExist(identity), true);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]304
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]305 BOOST_REQUIRE_NO_THROW(m_keyChain.deleteIdentity(identity));
306 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName2), false);
307 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName2), false);
308 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName1), false);
309 BOOST_CHECK_EQUAL(m_keyChain.doesPublicKeyExist(keyName1), false);
310 BOOST_CHECK_EQUAL(m_keyChain.doesIdentityExist(identity), false);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]311}
312
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]313BOOST_AUTO_TEST_CASE(KeyChainWithCustomTpmAndPib)
314{
315 BOOST_REQUIRE_NO_THROW((KeyChain("pib-dummy", "tpm-dummy")));
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800[diff] [blame]316 BOOST_REQUIRE_NO_THROW((KeyChain("pib-dummy2", "tpm-dummy2")));
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]317 BOOST_REQUIRE_NO_THROW((KeyChain("dummy", "dummy")));
318 BOOST_REQUIRE_NO_THROW((KeyChain("dummy:", "dummy:")));
319 BOOST_REQUIRE_NO_THROW((KeyChain("dummy:/something", "dummy:/something")));
320
321 KeyChain keyChain("dummy", "dummy");
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800[diff] [blame]322 BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-dummy:");
323 BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-dummy:");
324 BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-dummy:");
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]325 BOOST_CHECK_EQUAL(keyChain.getDefaultIdentity(), "/dummy/key");
326}
327
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]328BOOST_FIXTURE_TEST_CASE(GeneralSigningInterface, IdentityManagementFixture)
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]329{
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]330 Name id("/id");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]331 Name certName = m_keyChain.createIdentity(id);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]332 shared_ptr<v1::IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]333 Name keyName = idCert->getPublicKeyName();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]334 m_keyChain.setDefaultIdentity(id);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]335
336 Name id2("/id2");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]337 Name cert2Name = m_keyChain.createIdentity(id2);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]338 shared_ptr<v1::IdentityCertificate> id2Cert = m_keyChain.getCertificate(cert2Name);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]339
340 // SigningInfo is set to default
341 Data data1("/data1");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]342 m_keyChain.sign(data1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]343 BOOST_CHECK(Validator::verifySignature(data1, idCert->getPublicKeyInfo()));
344 BOOST_CHECK_EQUAL(data1.getSignature().getKeyLocator().getName(), certName.getPrefix(-1));
345
346 Interest interest1("/interest1");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]347 m_keyChain.sign(interest1);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]348 BOOST_CHECK(Validator::verifySignature(interest1, idCert->getPublicKeyInfo()));
349 SignatureInfo sigInfo1(interest1.getName()[-2].blockFromValue());
350 BOOST_CHECK_EQUAL(sigInfo1.getKeyLocator().getName(), certName.getPrefix(-1));
351
352 // SigningInfo is set to Identity
353 Data data2("/data2");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]354 m_keyChain.sign(data2, SigningInfo(SigningInfo::SIGNER_TYPE_ID, id2));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]355 BOOST_CHECK(Validator::verifySignature(data2, id2Cert->getPublicKeyInfo()));
356 BOOST_CHECK_EQUAL(data2.getSignature().getKeyLocator().getName(), cert2Name.getPrefix(-1));
357
358 Interest interest2("/interest2");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]359 m_keyChain.sign(interest2, SigningInfo(SigningInfo::SIGNER_TYPE_ID, id2));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]360 BOOST_CHECK(Validator::verifySignature(interest2, id2Cert->getPublicKeyInfo()));
361 SignatureInfo sigInfo2(interest2.getName()[-2].blockFromValue());
362 BOOST_CHECK_EQUAL(sigInfo2.getKeyLocator().getName(), cert2Name.getPrefix(-1));
363
364 // SigningInfo is set to Key
365 Data data3("/data3");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]366 m_keyChain.sign(data3, SigningInfo(SigningInfo::SIGNER_TYPE_KEY, keyName));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]367 BOOST_CHECK(Validator::verifySignature(data3, idCert->getPublicKeyInfo()));
368 BOOST_CHECK_EQUAL(data3.getSignature().getKeyLocator().getName(), certName.getPrefix(-1));
369
370 Interest interest3("/interest3");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]371 m_keyChain.sign(interest3);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]372 BOOST_CHECK(Validator::verifySignature(interest3, idCert->getPublicKeyInfo()));
373 SignatureInfo sigInfo3(interest1.getName()[-2].blockFromValue());
374 BOOST_CHECK_EQUAL(sigInfo3.getKeyLocator().getName(), certName.getPrefix(-1));
375
376 // SigningInfo is set to Cert
377 Data data4("/data4");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]378 m_keyChain.sign(data4, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certName));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]379 BOOST_CHECK(Validator::verifySignature(data4, idCert->getPublicKeyInfo()));
380 BOOST_CHECK_EQUAL(data4.getSignature().getKeyLocator().getName(), certName.getPrefix(-1));
381
382 Interest interest4("/interest4");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]383 m_keyChain.sign(interest4, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certName));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]384 BOOST_CHECK(Validator::verifySignature(interest4, idCert->getPublicKeyInfo()));
385 SignatureInfo sigInfo4(interest4.getName()[-2].blockFromValue());
386 BOOST_CHECK_EQUAL(sigInfo4.getKeyLocator().getName(), certName.getPrefix(-1));
387
388
389 // SigningInfo is set to DigestSha256
390 Data data5("/data5");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]391 m_keyChain.sign(data5, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]392 BOOST_CHECK(Validator::verifySignature(data5, DigestSha256(data5.getSignature())));
393
394 Interest interest5("/interest4");
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]395 m_keyChain.sign(interest5, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]396 BOOST_CHECK(Validator::verifySignature(interest5,
397 DigestSha256(Signature(interest5.getName()[-2].blockFromValue(),
398 interest5.getName()[-1].blockFromValue()))));
399}
400
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]401BOOST_FIXTURE_TEST_CASE(EcdsaSigningByIdentityNoCert, IdentityManagementFixture)
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]402{
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]403 Data data("/test/data");
404
405 Name nonExistingIdentity = Name("/non-existing/identity").appendVersion();
406
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]407 BOOST_CHECK_NO_THROW(m_keyChain.sign(data, signingByIdentity(nonExistingIdentity)));
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]408 BOOST_CHECK_EQUAL(data.getSignature().getType(),
409 KeyChain::getSignatureType(KeyChain::DEFAULT_KEY_PARAMS.getKeyType(),
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]410 DigestAlgorithm::SHA256));
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]411 BOOST_CHECK(nonExistingIdentity.isPrefixOf(data.getSignature().getKeyLocator().getName()));
412
413 Name ecdsaIdentity = Name("/ndn/test/ecdsa").appendVersion();
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]414 Name ecdsaKeyName = m_keyChain.generateEcdsaKeyPairAsDefault(ecdsaIdentity, false, 256);
415 BOOST_CHECK_NO_THROW(m_keyChain.sign(data, signingByIdentity(ecdsaIdentity)));
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]416 BOOST_CHECK_EQUAL(data.getSignature().getType(),
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]417 KeyChain::getSignatureType(EcdsaKeyParams().getKeyType(), DigestAlgorithm::SHA256));
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]418 BOOST_CHECK(ecdsaIdentity.isPrefixOf(data.getSignature().getKeyLocator().getName()));
419}
420
Davide Pesaventoeee3e822016-11-26 19:19:34 +0100[diff] [blame^]421BOOST_AUTO_TEST_SUITE_END() // TestKeyChain
422BOOST_AUTO_TEST_SUITE_END() // Security
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]423
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]424} // namespace tests
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]425} // namespace security
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]426} // namespace ndn