Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-delorean / 49e2e4cbbf759d9fe7338e8ce95735a51e590768 / . / tests / core / policy-checker.t.cpp
blob: ed861aaeb12fa35044933314835d4019232904f8 [file] [log] [blame]
Yingdi Yu7d773322015-03-22 21:32:48 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Alexander Afanasyevbe998ac2017-05-06 13:11:42 -0700[diff] [blame]3 * Copyright (c) 2014-2017, Regents of the University of California
Yingdi Yu7d773322015-03-22 21:32:48 -0700[diff] [blame]4 *
Alexander Afanasyevbe998ac2017-05-06 13:11:42 -0700[diff] [blame]5 * This file is part of NDN DeLorean, An Authentication System for Data Archives in
6 * Named Data Networking. See AUTHORS.md for complete list of NDN DeLorean authors
7 * and contributors.
Yingdi Yu7d773322015-03-22 21:32:48 -0700[diff] [blame]8 *
Alexander Afanasyevbe998ac2017-05-06 13:11:42 -0700[diff] [blame]9 * NDN DeLorean is free software: you can redistribute it and/or modify it under
10 * the terms of the GNU General Public License as published by the Free Software
11 * Foundation, either version 3 of the License, or (at your option) any later
12 * version.
Yingdi Yu7d773322015-03-22 21:32:48 -0700[diff] [blame]13 *
Alexander Afanasyevbe998ac2017-05-06 13:11:42 -0700[diff] [blame]14 * NDN DeLorean is distributed in the hope that it will be useful, but WITHOUT ANY
15 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
16 * PARTICULAR PURPOSE. See the GNU General Public License for more details.
Yingdi Yu7d773322015-03-22 21:32:48 -0700[diff] [blame]17 *
Alexander Afanasyevbe998ac2017-05-06 13:11:42 -0700[diff] [blame]18 * You should have received a copy of the GNU General Public License along with NDN
19 * DeLorean, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
Yingdi Yu7d773322015-03-22 21:32:48 -0700[diff] [blame]20 */
21
22#include "policy-checker.hpp"
23#include "identity-fixture.hpp"
24#include <boost/property_tree/info_parser.hpp>
25
26#include "boost-test.hpp"
27
Alexander Afanasyev49e2e4c2017-05-06 13:42:57 -0700[diff] [blame^]28namespace ndn {
29namespace delorean {
Yingdi Yu7d773322015-03-22 21:32:48 -0700[diff] [blame]30namespace tests {
31
32BOOST_FIXTURE_TEST_SUITE(TestPolicyChecker, IdentityFixture)
33
34BOOST_AUTO_TEST_CASE(TimeCheck)
35{
36 const std::string CONFIG =
37 "rule \n"
38 "{ \n"
39 " id \"Simple Rule\" \n"
40 " for data \n"
41 " checker \n"
42 " { \n"
43 " type customized \n"
44 " sig-type rsa-sha256 \n"
45 " key-locator \n"
46 " { \n"
47 " type name \n"
48 " hyper-relation \n"
49 " { \n"
50 " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$ \n"
51 " k-expand \\\\1\\\\2 \n"
52 " h-relation is-strict-prefix-of \n"
53 " p-regex ^(<>*)$ \n"
54 " p-expand \\\\1 \n"
55 " } \n"
56 " } \n"
57 " } \n"
58 "} \n";
59
60 std::istringstream input(CONFIG);
61 conf::ConfigSection policy;
62 BOOST_REQUIRE_NO_THROW(boost::property_tree::read_info(input, policy));
63
64 PolicyChecker policyChecker;
65 policyChecker.loadPolicy(policy);
66
67 Name identity("/test/id");
68 addIdentity(identity);
69 Name selfSignedCertName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
70 auto selfSignedCert = m_keyChain.getCertificate(selfSignedCertName);
71
72 time::system_clock::TimePoint notBefore = time::system_clock::now();
73 time::system_clock::TimePoint notAfter = time::system_clock::now() + time::seconds(10);
74 std::vector<ndn::CertificateSubjectDescription> subDesc;
75
76 auto unsignedCert =
77 m_keyChain.prepareUnsignedIdentityCertificate(selfSignedCert->getPublicKeyName(),
78 selfSignedCert->getPublicKeyInfo(),
79 identity,
80 notBefore,
81 notAfter,
82 subDesc);
83
84 m_keyChain.sign(*unsignedCert, selfSignedCertName);
85 m_keyChain.addCertificate(*unsignedCert);
86
87 time::system_clock::TimePoint dataTs1 = time::system_clock::now() + time::seconds(5);
88 time::system_clock::TimePoint dataTs2 = time::system_clock::now() + time::seconds(1);
89 time::system_clock::TimePoint dataTs3 = time::system_clock::now() + time::seconds(15);
90 time::system_clock::TimePoint dataTs4 = time::system_clock::now() - time::seconds(1);
91 time::system_clock::TimePoint keyTs1 = time::system_clock::now() + time::seconds(2);
92 time::system_clock::TimePoint keyTs2 = time::system_clock::now() - time::seconds(2);
93 Timestamp dataTimestamp1 = time::toUnixTimestamp(dataTs1).count() / 1000;
94 Timestamp dataTimestamp2 = time::toUnixTimestamp(dataTs2).count() / 1000;
95 Timestamp dataTimestamp3 = time::toUnixTimestamp(dataTs3).count() / 1000;
96 Timestamp dataTimestamp4 = time::toUnixTimestamp(dataTs4).count() / 1000;
97 Timestamp keyTimestamp1 = time::toUnixTimestamp(keyTs1).count() / 1000;
98 Timestamp keyTimestamp2 = time::toUnixTimestamp(keyTs2).count() / 1000;
99
100 Data data("/test/id/data");
101 m_keyChain.sign(data, unsignedCert->getName());
102
103 BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp1, data, keyTimestamp1, *unsignedCert), true);
104 BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp2, data, keyTimestamp1, *unsignedCert), false);
105 BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp3, data, keyTimestamp1, *unsignedCert), false);
106 BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp4, data, keyTimestamp2, *unsignedCert), false);
107}
108
109BOOST_AUTO_TEST_CASE(RuleCheck)
110{
111 const std::string CONFIG =
112 "rule \n"
113 "{ \n"
114 " id \"Simple Rule\" \n"
115 " for data \n"
116 " checker \n"
117 " { \n"
118 " type customized \n"
119 " sig-type rsa-sha256 \n"
120 " key-locator \n"
121 " { \n"
122 " type name \n"
123 " hyper-relation \n"
124 " { \n"
125 " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$ \n"
126 " k-expand \\\\1\\\\2 \n"
127 " h-relation is-strict-prefix-of \n"
128 " p-regex ^(<>*)$ \n"
129 " p-expand \\\\1 \n"
130 " } \n"
131 " } \n"
132 " } \n"
133 "} \n";
134
135 std::istringstream input(CONFIG);
136 conf::ConfigSection policy;
137 BOOST_REQUIRE_NO_THROW(boost::property_tree::read_info(input, policy));
138
139 PolicyChecker policyChecker;
140 policyChecker.loadPolicy(policy);
141
142
143 Name identity("/test/id");
144 addIdentity(identity);
145 Name selfSignedCertName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
146 auto selfSignedCert = m_keyChain.getCertificate(selfSignedCertName);
147
148 time::system_clock::TimePoint notBefore = time::system_clock::now();
149 time::system_clock::TimePoint notAfter = time::system_clock::now() + time::seconds(10);
150 std::vector<ndn::CertificateSubjectDescription> subDesc;
151
152 auto unsignedCert =
153 m_keyChain.prepareUnsignedIdentityCertificate(selfSignedCert->getPublicKeyName(),
154 selfSignedCert->getPublicKeyInfo(),
155 identity,
156 notBefore,
157 notAfter,
158 subDesc);
159
160 m_keyChain.sign(*unsignedCert, selfSignedCertName);
161 m_keyChain.addCertificate(*unsignedCert);
162
163 time::system_clock::TimePoint dataTs1 = time::system_clock::now() + time::seconds(5);
164 time::system_clock::TimePoint keyTs1 = time::system_clock::now() + time::seconds(2);
165 Timestamp dataTimestamp1 = time::toUnixTimestamp(dataTs1).count() / 1000;
166 Timestamp keyTimestamp1 = time::toUnixTimestamp(keyTs1).count() / 1000;
167
168
169 Data data1("/test/id/data");
170 m_keyChain.sign(data1, unsignedCert->getName());
171 BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp1, data1, keyTimestamp1, *unsignedCert),
172 true);
173
174 Data data2("/test/id");
175 m_keyChain.sign(data2, unsignedCert->getName());
176 BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp1, data2, keyTimestamp1, *unsignedCert),
177 false);
178
179 Data data3("/test/wrong");
180 m_keyChain.sign(data3, unsignedCert->getName());
181 BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp1, data3, keyTimestamp1, *unsignedCert),
182 false);
183
184 Data data4("/test");
185 m_keyChain.sign(data4, unsignedCert->getName());
186 BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp1, data4, keyTimestamp1, *unsignedCert),
187 false);
188}
189
190
191BOOST_AUTO_TEST_SUITE_END()
192
193} // namespace tests
Alexander Afanasyev49e2e4c2017-05-06 13:42:57 -0700[diff] [blame^]194} // namespace delorean
195} // namespace ndn