blob: 120311b1f8853d5654e2003957186da7d1c4ef5f [file] [log] [blame]
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
* Copyright (c) 2014-2017, Regents of the University of California
*
* This file is part of NDN DeLorean, An Authentication System for Data Archives in
* Named Data Networking. See AUTHORS.md for complete list of NDN DeLorean authors
* and contributors.
*
* NDN DeLorean is free software: you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later
* version.
*
* NDN DeLorean is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with NDN
* DeLorean, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*/
#include "policy-checker.hpp"
#include "identity-fixture.hpp"
#include <boost/property_tree/info_parser.hpp>
#include "boost-test.hpp"
namespace nsl {
namespace tests {
BOOST_FIXTURE_TEST_SUITE(TestPolicyChecker, IdentityFixture)
BOOST_AUTO_TEST_CASE(TimeCheck)
{
const std::string CONFIG =
"rule \n"
"{ \n"
" id \"Simple Rule\" \n"
" for data \n"
" checker \n"
" { \n"
" type customized \n"
" sig-type rsa-sha256 \n"
" key-locator \n"
" { \n"
" type name \n"
" hyper-relation \n"
" { \n"
" k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$ \n"
" k-expand \\\\1\\\\2 \n"
" h-relation is-strict-prefix-of \n"
" p-regex ^(<>*)$ \n"
" p-expand \\\\1 \n"
" } \n"
" } \n"
" } \n"
"} \n";
std::istringstream input(CONFIG);
conf::ConfigSection policy;
BOOST_REQUIRE_NO_THROW(boost::property_tree::read_info(input, policy));
PolicyChecker policyChecker;
policyChecker.loadPolicy(policy);
Name identity("/test/id");
addIdentity(identity);
Name selfSignedCertName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
auto selfSignedCert = m_keyChain.getCertificate(selfSignedCertName);
time::system_clock::TimePoint notBefore = time::system_clock::now();
time::system_clock::TimePoint notAfter = time::system_clock::now() + time::seconds(10);
std::vector<ndn::CertificateSubjectDescription> subDesc;
auto unsignedCert =
m_keyChain.prepareUnsignedIdentityCertificate(selfSignedCert->getPublicKeyName(),
selfSignedCert->getPublicKeyInfo(),
identity,
notBefore,
notAfter,
subDesc);
m_keyChain.sign(*unsignedCert, selfSignedCertName);
m_keyChain.addCertificate(*unsignedCert);
time::system_clock::TimePoint dataTs1 = time::system_clock::now() + time::seconds(5);
time::system_clock::TimePoint dataTs2 = time::system_clock::now() + time::seconds(1);
time::system_clock::TimePoint dataTs3 = time::system_clock::now() + time::seconds(15);
time::system_clock::TimePoint dataTs4 = time::system_clock::now() - time::seconds(1);
time::system_clock::TimePoint keyTs1 = time::system_clock::now() + time::seconds(2);
time::system_clock::TimePoint keyTs2 = time::system_clock::now() - time::seconds(2);
Timestamp dataTimestamp1 = time::toUnixTimestamp(dataTs1).count() / 1000;
Timestamp dataTimestamp2 = time::toUnixTimestamp(dataTs2).count() / 1000;
Timestamp dataTimestamp3 = time::toUnixTimestamp(dataTs3).count() / 1000;
Timestamp dataTimestamp4 = time::toUnixTimestamp(dataTs4).count() / 1000;
Timestamp keyTimestamp1 = time::toUnixTimestamp(keyTs1).count() / 1000;
Timestamp keyTimestamp2 = time::toUnixTimestamp(keyTs2).count() / 1000;
Data data("/test/id/data");
m_keyChain.sign(data, unsignedCert->getName());
BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp1, data, keyTimestamp1, *unsignedCert), true);
BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp2, data, keyTimestamp1, *unsignedCert), false);
BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp3, data, keyTimestamp1, *unsignedCert), false);
BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp4, data, keyTimestamp2, *unsignedCert), false);
}
BOOST_AUTO_TEST_CASE(RuleCheck)
{
const std::string CONFIG =
"rule \n"
"{ \n"
" id \"Simple Rule\" \n"
" for data \n"
" checker \n"
" { \n"
" type customized \n"
" sig-type rsa-sha256 \n"
" key-locator \n"
" { \n"
" type name \n"
" hyper-relation \n"
" { \n"
" k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$ \n"
" k-expand \\\\1\\\\2 \n"
" h-relation is-strict-prefix-of \n"
" p-regex ^(<>*)$ \n"
" p-expand \\\\1 \n"
" } \n"
" } \n"
" } \n"
"} \n";
std::istringstream input(CONFIG);
conf::ConfigSection policy;
BOOST_REQUIRE_NO_THROW(boost::property_tree::read_info(input, policy));
PolicyChecker policyChecker;
policyChecker.loadPolicy(policy);
Name identity("/test/id");
addIdentity(identity);
Name selfSignedCertName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
auto selfSignedCert = m_keyChain.getCertificate(selfSignedCertName);
time::system_clock::TimePoint notBefore = time::system_clock::now();
time::system_clock::TimePoint notAfter = time::system_clock::now() + time::seconds(10);
std::vector<ndn::CertificateSubjectDescription> subDesc;
auto unsignedCert =
m_keyChain.prepareUnsignedIdentityCertificate(selfSignedCert->getPublicKeyName(),
selfSignedCert->getPublicKeyInfo(),
identity,
notBefore,
notAfter,
subDesc);
m_keyChain.sign(*unsignedCert, selfSignedCertName);
m_keyChain.addCertificate(*unsignedCert);
time::system_clock::TimePoint dataTs1 = time::system_clock::now() + time::seconds(5);
time::system_clock::TimePoint keyTs1 = time::system_clock::now() + time::seconds(2);
Timestamp dataTimestamp1 = time::toUnixTimestamp(dataTs1).count() / 1000;
Timestamp keyTimestamp1 = time::toUnixTimestamp(keyTs1).count() / 1000;
Data data1("/test/id/data");
m_keyChain.sign(data1, unsignedCert->getName());
BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp1, data1, keyTimestamp1, *unsignedCert),
true);
Data data2("/test/id");
m_keyChain.sign(data2, unsignedCert->getName());
BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp1, data2, keyTimestamp1, *unsignedCert),
false);
Data data3("/test/wrong");
m_keyChain.sign(data3, unsignedCert->getName());
BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp1, data3, keyTimestamp1, *unsignedCert),
false);
Data data4("/test");
m_keyChain.sign(data4, unsignedCert->getName());
BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp1, data4, keyTimestamp1, *unsignedCert),
false);
}
BOOST_AUTO_TEST_SUITE_END()
} // namespace tests
} // namespace nsl