blob: 55e48a115cfd39a77219a35c774745e106773ca0 [file] [log] [blame]
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/*
Alexander Afanasyev09236c22020-06-03 13:42:38 -04003 * Copyright (c) 2013-2020 Regents of the University of California.
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -08004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
Alexander Afanasyev09236c22020-06-03 13:42:38 -040022#include "ndn-cxx/security/validator-config/checker.hpp"
Davide Pesavento7e780642018-11-24 15:51:34 -050023#include "ndn-cxx/security/command-interest-signer.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -040024#include "ndn-cxx/security/validation-policy.hpp"
25#include "ndn-cxx/security/validation-state.hpp"
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080026
Davide Pesavento7e780642018-11-24 15:51:34 -050027#include "tests/boost-test.hpp"
Alexander Afanasyev09236c22020-06-03 13:42:38 -040028#include "tests/unit/security/validator-fixture.hpp"
29#include "tests/unit/security/validator-config/common.hpp"
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080030
31namespace ndn {
32namespace security {
Alexander Afanasyev09236c22020-06-03 13:42:38 -040033inline namespace v2 {
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080034namespace validator_config {
35namespace tests {
36
37using namespace ndn::tests;
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080038
39BOOST_AUTO_TEST_SUITE(Security)
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080040BOOST_AUTO_TEST_SUITE(ValidatorConfig)
41
42class CheckerFixture : public IdentityManagementFixture
43{
44public:
45 CheckerFixture()
46 {
47 names.push_back("/foo/bar");
48 names.push_back("/foo/bar/bar");
49 names.push_back("/foo");
50 names.push_back("/other/prefix");
51 }
52
Davide Pesavento5437aa22019-03-24 14:02:37 -040053 static Name
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080054 makeKeyLocatorName(const Name& name)
55 {
56 return Name(name).append("KEY").append("v=1");
57 }
58
59public:
60 std::vector<Name> names;
61};
62
63BOOST_FIXTURE_TEST_SUITE(TestChecker, CheckerFixture)
64
65class NameRelationEqual : public CheckerFixture
66{
67public:
68 NameRelationEqual()
69 : checker("/foo/bar", NameRelation::EQUAL)
70 {
71 }
72
73public:
74 NameRelationChecker checker;
75 std::vector<std::vector<bool>> outcomes = {{true, false, false, false},
76 {true, false, false, false},
77 {true, false, false, false},
78 {true, false, false, false}};
79};
80
81class NameRelationIsPrefixOf : public CheckerFixture
82{
83public:
84 NameRelationIsPrefixOf()
85 : checker("/foo/bar", NameRelation::IS_PREFIX_OF)
86 {
87 }
88
89public:
90 NameRelationChecker checker;
91 std::vector<std::vector<bool>> outcomes = {{true, true, false, false},
92 {true, true, false, false},
93 {true, true, false, false},
94 {true, true, false, false}};
95};
96
97class NameRelationIsStrictPrefixOf : public CheckerFixture
98{
99public:
100 NameRelationIsStrictPrefixOf()
101 : checker("/foo/bar", NameRelation::IS_STRICT_PREFIX_OF)
102 {
103 }
104
105public:
106 NameRelationChecker checker;
107 std::vector<std::vector<bool>> outcomes = {{false, true, false, false},
108 {false, true, false, false},
109 {false, true, false, false},
110 {false, true, false, false}};
111};
112
113class RegexEqual : public CheckerFixture
114{
115public:
116 RegexEqual()
Zhiyi Zhangc4a01762017-10-11 12:07:25 -0700117 : checker(Regex("^<foo><bar><KEY><>$"))
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800118 {
119 }
120
121public:
122 RegexChecker checker;
123 std::vector<std::vector<bool>> outcomes = {{true, false, false, false},
124 {true, false, false, false},
125 {true, false, false, false},
126 {true, false, false, false}};
127};
128
129class RegexIsPrefixOf : public CheckerFixture
130{
131public:
132 RegexIsPrefixOf()
Zhiyi Zhangc4a01762017-10-11 12:07:25 -0700133 : checker(Regex("^<foo><bar><>*<KEY><>$"))
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800134 {
135 }
136
137public:
138 RegexChecker checker;
139 std::vector<std::vector<bool>> outcomes = {{true, true, false, false},
140 {true, true, false, false},
141 {true, true, false, false},
142 {true, true, false, false}};
143};
144
145class RegexIsStrictPrefixOf : public CheckerFixture
146{
147public:
148 RegexIsStrictPrefixOf()
Zhiyi Zhangc4a01762017-10-11 12:07:25 -0700149 : checker(Regex("^<foo><bar><>+<KEY><>$"))
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800150 {
151 }
152
153public:
154 RegexChecker checker;
155 std::vector<std::vector<bool>> outcomes = {{false, true, false, false},
156 {false, true, false, false},
157 {false, true, false, false},
158 {false, true, false, false}};
159};
160
161class HyperRelationEqual : public CheckerFixture
162{
163public:
164 HyperRelationEqual()
165 : checker("^(<>+)$", "\\1", "^(<>+)<KEY><>$", "\\1", NameRelation::EQUAL)
166 {
167 }
168
169public:
170 HyperRelationChecker checker;
171 std::vector<std::vector<bool>> outcomes = {{true, false, false, false},
172 {false, true, false, false},
173 {false, false, true, false},
174 {false, false, false, true}};
175};
176
177class HyperRelationIsPrefixOf : public CheckerFixture
178{
179public:
180 HyperRelationIsPrefixOf()
181 : checker("^(<>+)$", "\\1", "^(<>+)<KEY><>$", "\\1", NameRelation::IS_PREFIX_OF)
182 {
183 }
184
185public:
186 HyperRelationChecker checker;
187 std::vector<std::vector<bool>> outcomes = {{true, false, true, false},
188 {true, true, true, false},
189 {false, false, true, false},
190 {false, false, false, true}};
191};
192
193class HyperRelationIsStrictPrefixOf : public CheckerFixture
194{
195public:
196 HyperRelationIsStrictPrefixOf()
197 : checker("^(<>+)$", "\\1", "^(<>+)<KEY><>$", "\\1", NameRelation::IS_STRICT_PREFIX_OF)
198 {
199 }
200
201public:
202 HyperRelationChecker checker;
203 std::vector<std::vector<bool>> outcomes = {{false, false, true, false},
204 {true, false, true, false},
205 {false, false, false, false},
206 {false, false, false, false}};
207};
208
209class Hierarchical : public CheckerFixture
210{
211public:
212 Hierarchical()
213 : checkerPtr(Checker::create(makeSection(R"CONF(
214 type hierarchical
215 sig-type rsa-sha256
216 )CONF"), "test-config"))
217 , checker(*checkerPtr)
218 {
219 }
220
221public:
222 std::unique_ptr<Checker> checkerPtr;
223 Checker& checker;
224
225 std::vector<std::vector<bool>> outcomes = {{true, false, true, false},
226 {true, true, true, false},
227 {false, false, true, false},
228 {false, false, false, true}};
229};
230
231class CustomizedNameRelation : public CheckerFixture
232{
233public:
234 CustomizedNameRelation()
235 : checkerPtr(Checker::create(makeSection(R"CONF(
236 type customized
237 sig-type rsa-sha256
238 key-locator
239 {
240 type name
241 name /foo/bar
242 relation equal
243 }
244 )CONF"), "test-config"))
245 , checker(*checkerPtr)
246 {
247 }
248
249public:
250 std::unique_ptr<Checker> checkerPtr;
251 Checker& checker;
252
253 std::vector<std::vector<bool>> outcomes = {{true, false, false, false},
254 {true, false, false, false},
255 {true, false, false, false},
256 {true, false, false, false}};
257};
258
259class CustomizedRegex : public CheckerFixture
260{
261public:
262 CustomizedRegex()
263 : checkerPtr(Checker::create(makeSection(R"CONF(
264 type customized
265 sig-type rsa-sha256
266 key-locator
267 {
268 type name
Zhiyi Zhangc4a01762017-10-11 12:07:25 -0700269 regex ^<foo><bar><KEY><>$
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800270 }
271 )CONF"), "test-config"))
272 , checker(*checkerPtr)
273 {
274 }
275
276public:
277 std::unique_ptr<Checker> checkerPtr;
278 Checker& checker;
279
280 std::vector<std::vector<bool>> outcomes = {{true, false, false, false},
281 {true, false, false, false},
282 {true, false, false, false},
283 {true, false, false, false}};
284};
285
286class CustomizedHyperRelation : public CheckerFixture
287{
288public:
289 CustomizedHyperRelation()
290 : checkerPtr(Checker::create(makeSection(R"CONF(
291 type customized
292 sig-type rsa-sha256
293 key-locator
294 {
295 type name
296 hyper-relation
297 {
298 k-regex ^(<>+)<KEY><>$
299 k-expand \\1
300 h-relation is-prefix-of
301 p-regex ^(<>+)$
302 p-expand \\1
303 }
304 }
305 )CONF"), "test-config"))
306 , checker(*checkerPtr)
307 {
308 }
309
310public:
311 std::unique_ptr<Checker> checkerPtr;
312 Checker& checker;
313
314 std::vector<std::vector<bool>> outcomes = {{true, false, true, false},
315 {true, true, true, false},
316 {false, false, true, false},
317 {false, false, false, true}};
318};
319
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800320using Tests = boost::mpl::vector<NameRelationEqual, NameRelationIsPrefixOf, NameRelationIsStrictPrefixOf,
321 RegexEqual, RegexIsPrefixOf, RegexIsStrictPrefixOf,
322 HyperRelationEqual, HyperRelationIsPrefixOf, HyperRelationIsStrictPrefixOf,
323 Hierarchical,
324 CustomizedNameRelation, CustomizedRegex, CustomizedHyperRelation>;
325
Eric Newberry17d7c472020-06-18 21:29:22 -0700326BOOST_FIXTURE_TEST_CASE_TEMPLATE(DataChecks, T, Tests, T)
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800327{
Davide Pesavento5437aa22019-03-24 14:02:37 -0400328 using namespace ndn::security::v2::tests;
Eric Newberry17d7c472020-06-18 21:29:22 -0700329 using PktType = DataPkt;
Davide Pesavento5437aa22019-03-24 14:02:37 -0400330
331 BOOST_REQUIRE_EQUAL(this->outcomes.size(), this->names.size());
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800332 for (size_t i = 0; i < this->names.size(); ++i) {
Davide Pesavento5437aa22019-03-24 14:02:37 -0400333 BOOST_REQUIRE_EQUAL(this->outcomes[i].size(), this->names.size());
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800334 for (size_t j = 0; j < this->names.size(); ++j) {
Eric Newberry17d7c472020-06-18 21:29:22 -0700335 auto pktName = PktType::makeName(this->names[i], this->m_keyChain);
336 auto klName = this->makeKeyLocatorName(this->names[j]);
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800337 bool expectedOutcome = this->outcomes[i][j];
338
Eric Newberry17d7c472020-06-18 21:29:22 -0700339 auto state = PktType::makeState();
340 BOOST_CHECK_EQUAL(this->checker.check(PktType::getType(), pktName, klName, state), expectedOutcome);
341 BOOST_CHECK_EQUAL(boost::logic::indeterminate(state->getOutcome()), expectedOutcome);
342 BOOST_CHECK_EQUAL(bool(state->getOutcome()), false);
343 }
344 }
345}
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800346
Eric Newberry17d7c472020-06-18 21:29:22 -0700347BOOST_FIXTURE_TEST_CASE_TEMPLATE(InterestV02Checks, T, Tests, T)
348{
349 using namespace ndn::security::v2::tests;
350 using PktType = InterestV02Pkt;
351
352 BOOST_REQUIRE_EQUAL(this->outcomes.size(), this->names.size());
353 for (size_t i = 0; i < this->names.size(); ++i) {
354 BOOST_REQUIRE_EQUAL(this->outcomes[i].size(), this->names.size());
355 for (size_t j = 0; j < this->names.size(); ++j) {
356 auto pktName = PktType::makeName(this->names[i], this->m_keyChain);
357 auto klName = this->makeKeyLocatorName(this->names[j]);
358 bool expectedOutcome = this->outcomes[i][j];
359
360 auto state = PktType::makeState();
361 BOOST_CHECK_EQUAL(this->checker.check(PktType::getType(), pktName, klName, state), expectedOutcome);
362 BOOST_CHECK_EQUAL(boost::logic::indeterminate(state->getOutcome()), expectedOutcome);
363 BOOST_CHECK_EQUAL(bool(state->getOutcome()), false);
364 }
365 }
366}
367
368BOOST_FIXTURE_TEST_CASE_TEMPLATE(InterestV03Checks, T, Tests, T)
369{
370 using namespace ndn::security::v2::tests;
371 using PktType = InterestV03Pkt;
372
373 BOOST_REQUIRE_EQUAL(this->outcomes.size(), this->names.size());
374 for (size_t i = 0; i < this->names.size(); ++i) {
375 BOOST_REQUIRE_EQUAL(this->outcomes[i].size(), this->names.size());
376 for (size_t j = 0; j < this->names.size(); ++j) {
377 auto pktName = PktType::makeName(this->names[i], this->m_keyChain);
378 auto klName = this->makeKeyLocatorName(this->names[j]);
379 bool expectedOutcome = this->outcomes[i][j];
380
381 auto state = PktType::makeState();
382 BOOST_CHECK_EQUAL(this->checker.check(PktType::getType(), pktName, klName, state), expectedOutcome);
383 BOOST_CHECK_EQUAL(boost::logic::indeterminate(state->getOutcome()), expectedOutcome);
384 BOOST_CHECK_EQUAL(bool(state->getOutcome()), false);
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800385 }
386 }
387}
388
389BOOST_AUTO_TEST_SUITE_END() // TestChecker
390BOOST_AUTO_TEST_SUITE_END() // ValidatorConfig
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800391BOOST_AUTO_TEST_SUITE_END() // Security
392
393} // namespace tests
394} // namespace validator_config
Alexander Afanasyev09236c22020-06-03 13:42:38 -0400395} // inline namespace v2
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800396} // namespace security
397} // namespace ndn