Blame - tests/core/policy-checker.t.cpp - ndn-delorean

blob: 75c2ef4bc02db1b6d4f7fab61dcc8a3dd97054e0 [file] [log] [blame]

Yingdi Yu	7d77332	2015-03-22 21:32:48 -0700	[diff] [blame]	1	/* -- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -- */
				2	/**
				3	* Copyright (c) 2014, Regents of the University of California
				4	*
				5	* This file is part of NSL (NDN Signature Logger).
				6	* See AUTHORS.md for complete list of NSL authors and contributors.
				7	*
				8	* NSL is free software: you can redistribute it and/or modify it under the terms
				9	* of the GNU General Public License as published by the Free Software Foundation,
				10	* either version 3 of the License, or (at your option) any later version.
				11	*
				12	* NSL is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
				13	* without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
				14	* PURPOSE. See the GNU General Public License for more details.
				15	*
				16	* You should have received a copy of the GNU General Public License along with
				17	* NSL, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
				18	*
				19	* See AUTHORS.md for complete list of nsl authors and contributors.
				20	*/
				21
				22	#include "policy-checker.hpp"
				23	#include "identity-fixture.hpp"
				24	#include <boost/property_tree/info_parser.hpp>
				25
				26	#include "boost-test.hpp"
				27
				28	namespace nsl {
				29	namespace tests {
				30
				31	BOOST_FIXTURE_TEST_SUITE(TestPolicyChecker, IdentityFixture)
				32
				33	BOOST_AUTO_TEST_CASE(TimeCheck)
				34	{
				35	const std::string CONFIG =
				36	"rule \n"
				37	"{ \n"
				38	" id \"Simple Rule\" \n"
				39	" for data \n"
				40	" checker \n"
				41	" { \n"
				42	" type customized \n"
				43	" sig-type rsa-sha256 \n"
				44	" key-locator \n"
				45	" { \n"
				46	" type name \n"
				47	" hyper-relation \n"
				48	" { \n"
				49	" k-regex ^([^<KEY>])<KEY>(<>)<><ID-CERT>$ \n"
				50	" k-expand \\\\1\\\\2 \n"
				51	" h-relation is-strict-prefix-of \n"
				52	" p-regex ^(<>*)$ \n"
				53	" p-expand \\\\1 \n"
				54	" } \n"
				55	" } \n"
				56	" } \n"
				57	"} \n";
				58
				59	std::istringstream input(CONFIG);
				60	conf::ConfigSection policy;
				61	BOOST_REQUIRE_NO_THROW(boost::property_tree::read_info(input, policy));
				62
				63	PolicyChecker policyChecker;
				64	policyChecker.loadPolicy(policy);
				65
				66	Name identity("/test/id");
				67	addIdentity(identity);
				68	Name selfSignedCertName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
				69	auto selfSignedCert = m_keyChain.getCertificate(selfSignedCertName);
				70
				71	time::system_clock::TimePoint notBefore = time::system_clock::now();
				72	time::system_clock::TimePoint notAfter = time::system_clock::now() + time::seconds(10);
				73	std::vector<ndn::CertificateSubjectDescription> subDesc;
				74
				75	auto unsignedCert =
				76	m_keyChain.prepareUnsignedIdentityCertificate(selfSignedCert->getPublicKeyName(),
				77	selfSignedCert->getPublicKeyInfo(),
				78	identity,
				79	notBefore,
				80	notAfter,
				81	subDesc);
				82
				83	m_keyChain.sign(*unsignedCert, selfSignedCertName);
				84	m_keyChain.addCertificate(*unsignedCert);
				85
				86	time::system_clock::TimePoint dataTs1 = time::system_clock::now() + time::seconds(5);
				87	time::system_clock::TimePoint dataTs2 = time::system_clock::now() + time::seconds(1);
				88	time::system_clock::TimePoint dataTs3 = time::system_clock::now() + time::seconds(15);
				89	time::system_clock::TimePoint dataTs4 = time::system_clock::now() - time::seconds(1);
				90	time::system_clock::TimePoint keyTs1 = time::system_clock::now() + time::seconds(2);
				91	time::system_clock::TimePoint keyTs2 = time::system_clock::now() - time::seconds(2);
				92	Timestamp dataTimestamp1 = time::toUnixTimestamp(dataTs1).count() / 1000;
				93	Timestamp dataTimestamp2 = time::toUnixTimestamp(dataTs2).count() / 1000;
				94	Timestamp dataTimestamp3 = time::toUnixTimestamp(dataTs3).count() / 1000;
				95	Timestamp dataTimestamp4 = time::toUnixTimestamp(dataTs4).count() / 1000;
				96	Timestamp keyTimestamp1 = time::toUnixTimestamp(keyTs1).count() / 1000;
				97	Timestamp keyTimestamp2 = time::toUnixTimestamp(keyTs2).count() / 1000;
				98
				99	Data data("/test/id/data");
				100	m_keyChain.sign(data, unsignedCert->getName());
				101
				102	BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp1, data, keyTimestamp1, *unsignedCert), true);
				103	BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp2, data, keyTimestamp1, *unsignedCert), false);
				104	BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp3, data, keyTimestamp1, *unsignedCert), false);
				105	BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp4, data, keyTimestamp2, *unsignedCert), false);
				106	}
				107
				108	BOOST_AUTO_TEST_CASE(RuleCheck)
				109	{
				110	const std::string CONFIG =
				111	"rule \n"
				112	"{ \n"
				113	" id \"Simple Rule\" \n"
				114	" for data \n"
				115	" checker \n"
				116	" { \n"
				117	" type customized \n"
				118	" sig-type rsa-sha256 \n"
				119	" key-locator \n"
				120	" { \n"
				121	" type name \n"
				122	" hyper-relation \n"
				123	" { \n"
				124	" k-regex ^([^<KEY>])<KEY>(<>)<><ID-CERT>$ \n"
				125	" k-expand \\\\1\\\\2 \n"
				126	" h-relation is-strict-prefix-of \n"
				127	" p-regex ^(<>*)$ \n"
				128	" p-expand \\\\1 \n"
				129	" } \n"
				130	" } \n"
				131	" } \n"
				132	"} \n";
				133
				134	std::istringstream input(CONFIG);
				135	conf::ConfigSection policy;
				136	BOOST_REQUIRE_NO_THROW(boost::property_tree::read_info(input, policy));
				137
				138	PolicyChecker policyChecker;
				139	policyChecker.loadPolicy(policy);
				140
				141
				142	Name identity("/test/id");
				143	addIdentity(identity);
				144	Name selfSignedCertName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
				145	auto selfSignedCert = m_keyChain.getCertificate(selfSignedCertName);
				146
				147	time::system_clock::TimePoint notBefore = time::system_clock::now();
				148	time::system_clock::TimePoint notAfter = time::system_clock::now() + time::seconds(10);
				149	std::vector<ndn::CertificateSubjectDescription> subDesc;
				150
				151	auto unsignedCert =
				152	m_keyChain.prepareUnsignedIdentityCertificate(selfSignedCert->getPublicKeyName(),
				153	selfSignedCert->getPublicKeyInfo(),
				154	identity,
				155	notBefore,
				156	notAfter,
				157	subDesc);
				158
				159	m_keyChain.sign(*unsignedCert, selfSignedCertName);
				160	m_keyChain.addCertificate(*unsignedCert);
				161
				162	time::system_clock::TimePoint dataTs1 = time::system_clock::now() + time::seconds(5);
				163	time::system_clock::TimePoint keyTs1 = time::system_clock::now() + time::seconds(2);
				164	Timestamp dataTimestamp1 = time::toUnixTimestamp(dataTs1).count() / 1000;
				165	Timestamp keyTimestamp1 = time::toUnixTimestamp(keyTs1).count() / 1000;
				166
				167
				168	Data data1("/test/id/data");
				169	m_keyChain.sign(data1, unsignedCert->getName());
				170	BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp1, data1, keyTimestamp1, *unsignedCert),
				171	true);
				172
				173	Data data2("/test/id");
				174	m_keyChain.sign(data2, unsignedCert->getName());
				175	BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp1, data2, keyTimestamp1, *unsignedCert),
				176	false);
				177
				178	Data data3("/test/wrong");
				179	m_keyChain.sign(data3, unsignedCert->getName());
				180	BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp1, data3, keyTimestamp1, *unsignedCert),
				181	false);
				182
				183	Data data4("/test");
				184	m_keyChain.sign(data4, unsignedCert->getName());
				185	BOOST_CHECK_EQUAL(policyChecker.check(dataTimestamp1, data4, keyTimestamp1, *unsignedCert),
				186	false);
				187	}
				188
				189
				190	BOOST_AUTO_TEST_SUITE_END()
				191
				192	} // namespace tests
				193	} // namespace nsl