blob: 0bbeca95100752c9b4465ed3bb47340bdcfaae44 [file] [log] [blame]
Yingdi Yu77627ab2015-07-21 16:13:49 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Yingdi Yu0a312e52015-07-22 13:14:53 -07003 * Copyright (c) 2014-2015, Regents of the University of California.
Yingdi Yu77627ab2015-07-21 16:13:49 -07004 *
Yingdi Yu0a312e52015-07-22 13:14:53 -07005 * This file is part of ndn-tools (Named Data Networking Essential Tools).
6 * See AUTHORS.md for complete list of ndn-tools authors and contributors.
Yingdi Yu77627ab2015-07-21 16:13:49 -07007 *
Yingdi Yu0a312e52015-07-22 13:14:53 -07008 * ndn-tools is free software: you can redistribute it and/or modify it under the terms
9 * of the GNU General Public License as published by the Free Software Foundation,
10 * either version 3 of the License, or (at your option) any later version.
Yingdi Yu77627ab2015-07-21 16:13:49 -070011 *
Yingdi Yu0a312e52015-07-22 13:14:53 -070012 * ndn-tools is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
13 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
14 * PURPOSE. See the GNU General Public License for more details.
Yingdi Yu77627ab2015-07-21 16:13:49 -070015 *
Yingdi Yu0a312e52015-07-22 13:14:53 -070016 * You should have received a copy of the GNU General Public License along with
17 * ndn-tools, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
Yingdi Yu77627ab2015-07-21 16:13:49 -070018 *
Yingdi Yu0a312e52015-07-22 13:14:53 -070019 * @author Yingdi Yu <yingdi@cs.ucla.edu>
Yingdi Yu77627ab2015-07-21 16:13:49 -070020 */
21
22#include "tools/pib/pib.hpp"
Yingdi Yu0a312e52015-07-22 13:14:53 -070023#include "../identity-management-time-fixture.hpp"
Yingdi Yu77627ab2015-07-21 16:13:49 -070024#include <ndn-cxx/security/sec-tpm-file.hpp>
25#include "tools/pib/encoding/pib-encoding.hpp"
26#include <ndn-cxx/util/io.hpp>
27#include <ndn-cxx/util/dummy-client-face.hpp>
28
29#include <boost/filesystem.hpp>
30
31#include "tests/test-common.hpp"
32
33namespace ndn {
34namespace pib {
35namespace tests {
36
Yingdi Yu0a312e52015-07-22 13:14:53 -070037class PibTestFixture : public ndn::tests::IdentityManagementTimeFixture
Yingdi Yu77627ab2015-07-21 16:13:49 -070038{
39public:
40 PibTestFixture()
41 : tmpPath(boost::filesystem::path(TMP_TESTS_PATH) / "PibTest")
42 , face(util::makeDummyClientFace(io, {true, true}))
43 {
44 }
45
46 ~PibTestFixture()
47 {
48 boost::filesystem::remove_all(tmpPath);
49 }
50
51 template<class Param>
52 shared_ptr<Interest>
53 generateUnsignedInterest(Param& param, const std::string& user)
54 {
55 Name command("/localhost/pib");
56 command.append(user).append(Param::VERB).append(param.wireEncode());
57 shared_ptr<Interest> interest = make_shared<Interest>(command);
58
59 return interest;
60 }
61
62 template<class Param>
63 shared_ptr<Interest>
64 generateSignedInterest(Param& param, const std::string& user, const Name& certName)
65 {
66 shared_ptr<Interest> interest = generateUnsignedInterest(param, user);
67 m_keyChain.sign(*interest, certName);
68
69 return interest;
70 }
71
72 boost::asio::io_service io;
73 std::string owner;
74 boost::filesystem::path tmpPath;
75 shared_ptr<util::DummyClientFace> face;
76};
77
Yingdi Yu0a312e52015-07-22 13:14:53 -070078BOOST_FIXTURE_TEST_SUITE(PibPib, PibTestFixture)
Yingdi Yu77627ab2015-07-21 16:13:49 -070079
80BOOST_AUTO_TEST_CASE(InitCertTest1)
81{
82 // Create a PIB with full parameters
83 owner = "testUser";
84
85 Pib pib(*face,
86 tmpPath.string(),
87 m_keyChain.getTpm().getTpmLocator(),
88 owner);
89 advanceClocks(io, time::milliseconds(10), 10);
90
91 BOOST_CHECK_EQUAL(pib.getOwner(), owner);
92 BOOST_CHECK_EQUAL(pib.getDb().getOwnerName(), owner);
93
94 auto mgmtCert = pib.getMgmtCert();
95 BOOST_CHECK_EQUAL(mgmtCert.getName().getPrefix(-3),
96 Name("/localhost/pib/testUser/mgmt/KEY"));
97 BOOST_CHECK_EQUAL(mgmtCert.getName().get(5).toUri().substr(0, 4), "dsk-");
98
99 auto mgmtCert2 = pib.getDb().getMgmtCertificate();
100 BOOST_REQUIRE(mgmtCert2 != nullptr);
101 BOOST_CHECK(mgmtCert.wireEncode() == mgmtCert2->wireEncode());
102
103 BOOST_CHECK_EQUAL(pib.getDb().getTpmLocator(), m_keyChain.getTpm().getTpmLocator());
104
105 GetParam param01;
106 shared_ptr<Interest> interest01 = generateUnsignedInterest(param01, owner);
107
108 face->receive(*interest01);
109 advanceClocks(io, time::milliseconds(10), 10);
110
111 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
112 PibUser result01;
113 BOOST_REQUIRE_NO_THROW(result01.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
114 BOOST_CHECK(result01.getMgmtCert().wireEncode() == mgmtCert.wireEncode());
115 BOOST_CHECK_EQUAL(result01.getTpmLocator(), m_keyChain.getTpm().getTpmLocator());
116}
117
118BOOST_AUTO_TEST_CASE(InitCertTest2)
119{
120 // Create a PIB from a database (assume that the database is configured)
121 std::string dbDir = tmpPath.string();
122 std::string tpmLocator = m_keyChain.getTpm().getTpmLocator();
123 owner = "testUser";
124
125 Name testUser("/localhost/pib/testUser/mgmt");
126
127 addIdentity(testUser);
128 Name testUserCertName = m_keyChain.getDefaultCertificateNameForIdentity(testUser);
129 shared_ptr<IdentityCertificate> testUserCert = m_keyChain.getCertificate(testUserCertName);
130
131 PibDb db(tmpPath.string());
132 BOOST_CHECK_NO_THROW(Pib(*face, dbDir, tpmLocator, owner));
133
134 db.updateMgmtCertificate(*testUserCert);
135 BOOST_CHECK_NO_THROW(Pib(*face, dbDir, tpmLocator, owner));
136 BOOST_CHECK_THROW(Pib(*face, dbDir, tpmLocator, "wrongUser"), Pib::Error);
137
138 db.setTpmLocator(m_keyChain.getTpm().getTpmLocator());
139 BOOST_CHECK_NO_THROW(Pib(*face, dbDir, tpmLocator, owner));
140 BOOST_CHECK_THROW(Pib(*face, dbDir, "tpm-file:wrong", owner), Pib::Error);
141
142 advanceClocks(io, time::milliseconds(10));
143 m_keyChain.deleteIdentity(testUser);
144 BOOST_CHECK_NO_THROW(Pib(*face, dbDir, tpmLocator, owner));
145}
146
147BOOST_AUTO_TEST_CASE(InitCertTest3)
148{
149 std::string dbDir = tmpPath.string();
150 std::string tpmLocator = m_keyChain.getTpm().getTpmLocator();
151 owner = "testUser";
152
153 Name testUser("/localhost/pib/testUser/mgmt");
154 addIdentity(testUser);
155 Name testUserCertName = m_keyChain.getDefaultCertificateNameForIdentity(testUser);
156 shared_ptr<IdentityCertificate> testUserCert = m_keyChain.getCertificate(testUserCertName);
157
158 Pib pib1(*face, dbDir, tpmLocator, owner);
159 BOOST_CHECK_EQUAL(pib1.getMgmtCert().getName().getPrefix(-3),
160 Name("/localhost/pib/testUser/mgmt/KEY"));
161
162 PibDb db(tmpPath.string());
163 db.updateMgmtCertificate(*testUserCert);
164 Pib pib2(*face, dbDir, tpmLocator, owner);
165 BOOST_CHECK_EQUAL(pib2.getMgmtCert().getName(), testUserCertName);
166
167 advanceClocks(io, time::milliseconds(10));
168 m_keyChain.deleteIdentity(testUser);
169 Pib pib3(*face, dbDir, tpmLocator, owner);
170 BOOST_CHECK(pib3.getMgmtCert().getName() != testUserCertName);
171 BOOST_CHECK_EQUAL(pib3.getMgmtCert().getName().getPrefix(-3),
172 Name("/localhost/pib/testUser/mgmt/KEY"));
173}
174
175BOOST_AUTO_TEST_CASE(GetCommandTest)
176{
177 owner = "alice";
178
179 Pib pib(*face,
180 tmpPath.string(),
181 m_keyChain.getTpm().getTpmLocator(),
182 owner);
183 advanceClocks(io, time::milliseconds(10), 10);
184 util::InMemoryStoragePersistent& cache = pib.getResponseCache();
185 auto ownerMgmtCert = pib.getMgmtCert();
186 m_keyChain.addCertificate(ownerMgmtCert);
187
188 PibDb db(tmpPath.string());
189
190 Name testId("/test/identity");
191 Name testIdCertName00 = m_keyChain.createIdentity(testId);
192 shared_ptr<IdentityCertificate> cert00 = m_keyChain.getCertificate(testIdCertName00);
193 Name testIdKeyName0 = cert00->getPublicKeyName();
194 advanceClocks(io, time::milliseconds(100));
195 shared_ptr<IdentityCertificate> cert01 = m_keyChain.selfSign(testIdKeyName0);
196 Name testIdCertName01 = cert01->getName();
197
198 advanceClocks(io, time::milliseconds(100));
199 Name testIdKeyName1 = m_keyChain.generateRsaKeyPair(testId);
200 shared_ptr<IdentityCertificate> cert10 = m_keyChain.selfSign(testIdKeyName1);
201 Name testIdCertName10 = cert10->getName();
202 advanceClocks(io, time::milliseconds(100));
203 shared_ptr<IdentityCertificate> cert11 = m_keyChain.selfSign(testIdKeyName1);
204 Name testIdCertName11 = cert11->getName();
205
206 BOOST_CHECK_EQUAL(db.hasIdentity(testId), false);
207 BOOST_CHECK_EQUAL(db.hasKey(testIdKeyName0), false);
208 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName00), false);
209 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName01), false);
210 BOOST_CHECK_EQUAL(db.hasKey(testIdKeyName1), false);
211 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName10), false);
212 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName11), false);
213
214 db.addCertificate(*cert00);
215 db.addCertificate(*cert01);
216 db.addCertificate(*cert10);
217 db.addCertificate(*cert11);
218 db.setDefaultIdentity(testId);
219 db.setDefaultKeyNameOfIdentity(testIdKeyName0);
220 db.setDefaultCertNameOfKey(testIdCertName00);
221
222 BOOST_CHECK_EQUAL(db.hasIdentity(testId), true);
223 BOOST_CHECK_EQUAL(db.hasKey(testIdKeyName0), true);
224 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName00), true);
225 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName01), true);
226 BOOST_CHECK_EQUAL(db.hasKey(testIdKeyName1), true);
227 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName10), true);
228 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName11), true);
229
230 // Get Param
231 GetParam param01;
232 shared_ptr<Interest> interest01 = generateUnsignedInterest(param01, owner);
233
234 face->sentDatas.clear();
235 face->receive(*interest01);
236 advanceClocks(io, time::milliseconds(10), 10);
237
238 BOOST_REQUIRE(cache.find(interest01->getName()) != nullptr);
239 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
240 PibUser result01;
241 BOOST_REQUIRE_NO_THROW(result01.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
242 BOOST_CHECK(result01.getMgmtCert().wireEncode() == ownerMgmtCert.wireEncode());
243
244
245 GetParam param02;
246 shared_ptr<Interest> interest02 = generateUnsignedInterest(param02, "non-existing");
247
248 face->sentDatas.clear();
249 face->receive(*interest02);
250 advanceClocks(io, time::milliseconds(10), 10);
251
252 BOOST_CHECK(cache.find(interest02->getName()) == nullptr);
253 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 0);
254
255
256 GetParam param03(TYPE_ID, testId);
257 shared_ptr<Interest> interest03 = generateUnsignedInterest(param03, owner);
258
259 face->sentDatas.clear();
260 face->receive(*interest03);
261 advanceClocks(io, time::milliseconds(10), 10);
262
263 BOOST_REQUIRE(cache.find(interest03->getName()) != nullptr);
264 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
265 PibIdentity result03;
266 BOOST_REQUIRE_NO_THROW(result03.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
267 BOOST_CHECK_EQUAL(result03.getIdentity(), testId);
268
269
270 Name wrongId("/wrong/id");
271 GetParam param04(TYPE_ID, wrongId);
272 shared_ptr<Interest> interest04 = generateUnsignedInterest(param04, owner);
273
274 face->sentDatas.clear();
275 face->receive(*interest04);
276 advanceClocks(io, time::milliseconds(10), 10);
277
278 BOOST_REQUIRE(cache.find(interest04->getName()) != nullptr);
279 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
280 PibError result04;
281 BOOST_REQUIRE_NO_THROW(result04.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
282 BOOST_CHECK_EQUAL(result04.getErrorCode(), ERR_NON_EXISTING_ID);
283
284
285 GetParam param05(TYPE_KEY, testIdKeyName1);
286 shared_ptr<Interest> interest05 = generateUnsignedInterest(param05, owner);
287
288 face->sentDatas.clear();
289 face->receive(*interest05);
290 advanceClocks(io, time::milliseconds(10), 10);
291
292 BOOST_REQUIRE(cache.find(interest05->getName()) != nullptr);
293 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
294 PibPublicKey result05;
295 BOOST_REQUIRE_NO_THROW(result05.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
296 BOOST_CHECK_EQUAL(result05.getKeyName(), testIdKeyName1);
297
298
299 Name wrongKeyName1("/wrong/key/name1");
300 GetParam param06(TYPE_KEY, wrongKeyName1);
301 shared_ptr<Interest> interest06 = generateUnsignedInterest(param06, owner);
302
303 face->sentDatas.clear();
304 face->receive(*interest06);
305 advanceClocks(io, time::milliseconds(10), 10);
306
307 BOOST_REQUIRE(cache.find(interest06->getName()) != nullptr);
308 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
309 PibError result06;
310 BOOST_REQUIRE_NO_THROW(result06.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
311 BOOST_CHECK_EQUAL(result06.getErrorCode(), ERR_NON_EXISTING_KEY);
312
313
314 GetParam param07(TYPE_CERT, testIdCertName00);
315 shared_ptr<Interest> interest07 = generateUnsignedInterest(param07, owner);
316
317 face->sentDatas.clear();
318 face->receive(*interest07);
319 advanceClocks(io, time::milliseconds(10), 10);
320
321 BOOST_REQUIRE(cache.find(interest07->getName()) != nullptr);
322 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
323 PibCertificate result07;
324 BOOST_REQUIRE_NO_THROW(result07.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
325 BOOST_CHECK_EQUAL(result07.getCertificate().getName(), testIdCertName00);
326
327
328 Name wrongCertName1("/wrong/cert/name1");
329 GetParam param08(TYPE_CERT, wrongCertName1);
330 shared_ptr<Interest> interest08 = generateUnsignedInterest(param08, owner);
331
332 face->sentDatas.clear();
333 face->receive(*interest08);
334 advanceClocks(io, time::milliseconds(10), 10);
335
336 BOOST_REQUIRE(cache.find(interest08->getName()) != nullptr);
337 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
338 PibError result08;
339 BOOST_REQUIRE_NO_THROW(result08.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
340 BOOST_CHECK_EQUAL(result08.getErrorCode(), ERR_NON_EXISTING_CERT);
341
342
343 Name wrongKeyName2;
344 GetParam param09(TYPE_KEY, wrongKeyName2);
345 shared_ptr<Interest> interest09 = generateUnsignedInterest(param09, owner);
346
347 face->sentDatas.clear();
348 face->receive(*interest09);
349 advanceClocks(io, time::milliseconds(10), 10);
350
351 BOOST_REQUIRE(cache.find(interest09->getName()) != nullptr);
352 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
353 PibError result09;
354 BOOST_REQUIRE_NO_THROW(result09.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
355 BOOST_CHECK_EQUAL(result09.getErrorCode(), ERR_WRONG_PARAM);
356}
357
358BOOST_AUTO_TEST_CASE(DefaultCommandTest)
359{
360 owner = "alice";
361
362 Pib pib(*face,
363 tmpPath.string(),
364 m_keyChain.getTpm().getTpmLocator(),
365 owner);
366 advanceClocks(io, time::milliseconds(10), 10);
367 util::InMemoryStoragePersistent& cache = pib.getResponseCache();
368 auto ownerMgmtCert = pib.getMgmtCert();
369 m_keyChain.addCertificate(ownerMgmtCert);
370
371 PibDb db(tmpPath.string());
372
373 Name testId("/test/identity");
374 Name testIdCertName00 = m_keyChain.createIdentity(testId);
375 shared_ptr<IdentityCertificate> cert00 = m_keyChain.getCertificate(testIdCertName00);
376 Name testIdKeyName0 = cert00->getPublicKeyName();
377 advanceClocks(io, time::milliseconds(100));
378 shared_ptr<IdentityCertificate> cert01 = m_keyChain.selfSign(testIdKeyName0);
379 Name testIdCertName01 = cert01->getName();
380
381 advanceClocks(io, time::milliseconds(100));
382 Name testIdKeyName1 = m_keyChain.generateRsaKeyPair(testId);
383 shared_ptr<IdentityCertificate> cert10 = m_keyChain.selfSign(testIdKeyName1);
384 Name testIdCertName10 = cert10->getName();
385 advanceClocks(io, time::milliseconds(100));
386 shared_ptr<IdentityCertificate> cert11 = m_keyChain.selfSign(testIdKeyName1);
387 Name testIdCertName11 = cert11->getName();
388
389 BOOST_CHECK_EQUAL(db.hasIdentity(testId), false);
390 BOOST_CHECK_EQUAL(db.hasKey(testIdKeyName0), false);
391 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName00), false);
392 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName01), false);
393 BOOST_CHECK_EQUAL(db.hasKey(testIdKeyName1), false);
394 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName10), false);
395 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName11), false);
396
397 db.addCertificate(*cert00);
398 db.addCertificate(*cert01);
399 db.addCertificate(*cert10);
400 db.addCertificate(*cert11);
401 db.setDefaultIdentity(testId);
402 db.setDefaultKeyNameOfIdentity(testIdKeyName0);
403 db.setDefaultCertNameOfKey(testIdCertName00);
404
405 BOOST_CHECK_EQUAL(db.hasIdentity(testId), true);
406 BOOST_CHECK_EQUAL(db.hasKey(testIdKeyName0), true);
407 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName00), true);
408 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName01), true);
409 BOOST_CHECK_EQUAL(db.hasKey(testIdKeyName1), true);
410 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName10), true);
411 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName11), true);
412
413 // Default Param
414 DefaultParam param11(TYPE_ID, TYPE_USER);
415 shared_ptr<Interest> interest11 = generateUnsignedInterest(param11, owner);
416
417 face->sentDatas.clear();
418 face->receive(*interest11);
419 advanceClocks(io, time::milliseconds(10), 10);
420
421 BOOST_REQUIRE(cache.find(interest11->getName()) != nullptr);
422 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
423 PibIdentity result11;
424 BOOST_REQUIRE_NO_THROW(result11.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
425 BOOST_CHECK_EQUAL(result11.getIdentity(), testId);
426
427
428 DefaultParam param13(TYPE_ID, TYPE_ID);
429 shared_ptr<Interest> interest13 = generateUnsignedInterest(param13, owner);
430
431 face->sentDatas.clear();
432 face->receive(*interest13);
433 advanceClocks(io, time::milliseconds(10), 10);
434
435 BOOST_REQUIRE(cache.find(interest13->getName()) != nullptr);
436 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
437 PibError result13;
438 BOOST_REQUIRE_NO_THROW(result13.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
439 BOOST_CHECK_EQUAL(result13.getErrorCode(), ERR_WRONG_PARAM);
440
441
442 DefaultParam param14(TYPE_KEY, TYPE_ID, testId);
443 shared_ptr<Interest> interest14 = generateUnsignedInterest(param14, owner);
444
445 face->sentDatas.clear();
446 face->receive(*interest14);
447 advanceClocks(io, time::milliseconds(10), 10);
448
449 BOOST_REQUIRE(cache.find(interest14->getName()) != nullptr);
450 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
451 PibPublicKey result14;
452 BOOST_REQUIRE_NO_THROW(result14.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
453 BOOST_CHECK_EQUAL(result14.getKeyName(), testIdKeyName0);
454
455
456 DefaultParam param15(TYPE_CERT, TYPE_ID, testId);
457 shared_ptr<Interest> interest15 = generateUnsignedInterest(param15, owner);
458
459 face->sentDatas.clear();
460 face->receive(*interest15);
461 advanceClocks(io, time::milliseconds(10), 10);
462
463 BOOST_REQUIRE(cache.find(interest15->getName()) != nullptr);
464 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
465 PibCertificate result15;
466 BOOST_REQUIRE_NO_THROW(result15.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
467 BOOST_CHECK_EQUAL(result15.getCertificate().getName(), testIdCertName00);
468
469
470 DefaultParam param16(TYPE_CERT, TYPE_USER);
471 shared_ptr<Interest> interest16 = generateUnsignedInterest(param16, owner);
472
473 face->sentDatas.clear();
474 face->receive(*interest16);
475 advanceClocks(io, time::milliseconds(10), 10);
476
477 BOOST_REQUIRE(cache.find(interest16->getName()) != nullptr);
478 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
479 PibCertificate result16;
480 BOOST_REQUIRE_NO_THROW(result16.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
481 BOOST_CHECK_EQUAL(result16.getCertificate().getName(), testIdCertName00);
482
483
484 DefaultParam param17(TYPE_CERT, TYPE_KEY, testIdKeyName1);
485 shared_ptr<Interest> interest17 = generateUnsignedInterest(param17, owner);
486
487 face->sentDatas.clear();
488 face->receive(*interest17);
489 advanceClocks(io, time::milliseconds(10), 10);
490
491 BOOST_REQUIRE(cache.find(interest17->getName()) != nullptr);
492 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
493 PibCertificate result17;
494 BOOST_REQUIRE_NO_THROW(result17.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
495 BOOST_CHECK_EQUAL(result17.getCertificate().getName(), testIdCertName10);
496}
497
498BOOST_AUTO_TEST_CASE(ListCommandTest)
499{
500 owner = "alice";
501
502 Pib pib(*face,
503 tmpPath.string(),
504 m_keyChain.getTpm().getTpmLocator(),
505 owner);
506 advanceClocks(io, time::milliseconds(10), 10);
507 util::InMemoryStoragePersistent& cache = pib.getResponseCache();
508 auto ownerMgmtCert = pib.getMgmtCert();
509 m_keyChain.addCertificate(ownerMgmtCert);
510
511 PibDb db(tmpPath.string());
512
513 Name testId("/test/identity");
514 Name testIdCertName00 = m_keyChain.createIdentity(testId);
515 shared_ptr<IdentityCertificate> cert00 = m_keyChain.getCertificate(testIdCertName00);
516 Name testIdKeyName0 = cert00->getPublicKeyName();
517 advanceClocks(io, time::milliseconds(100));
518 shared_ptr<IdentityCertificate> cert01 = m_keyChain.selfSign(testIdKeyName0);
519 Name testIdCertName01 = cert01->getName();
520
521 advanceClocks(io, time::milliseconds(100));
522 Name testIdKeyName1 = m_keyChain.generateRsaKeyPair(testId);
523 shared_ptr<IdentityCertificate> cert10 = m_keyChain.selfSign(testIdKeyName1);
524 Name testIdCertName10 = cert10->getName();
525 advanceClocks(io, time::milliseconds(100));
526 shared_ptr<IdentityCertificate> cert11 = m_keyChain.selfSign(testIdKeyName1);
527 Name testIdCertName11 = cert11->getName();
528
529 BOOST_CHECK_EQUAL(db.hasIdentity(testId), false);
530 BOOST_CHECK_EQUAL(db.hasKey(testIdKeyName0), false);
531 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName00), false);
532 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName01), false);
533 BOOST_CHECK_EQUAL(db.hasKey(testIdKeyName1), false);
534 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName10), false);
535 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName11), false);
536
537 db.addCertificate(*cert00);
538 db.addCertificate(*cert01);
539 db.addCertificate(*cert10);
540 db.addCertificate(*cert11);
541 db.setDefaultIdentity(testId);
542 db.setDefaultKeyNameOfIdentity(testIdKeyName0);
543 db.setDefaultCertNameOfKey(testIdCertName00);
544
545 BOOST_CHECK_EQUAL(db.hasIdentity(testId), true);
546 BOOST_CHECK_EQUAL(db.hasKey(testIdKeyName0), true);
547 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName00), true);
548 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName01), true);
549 BOOST_CHECK_EQUAL(db.hasKey(testIdKeyName1), true);
550 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName10), true);
551 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName11), true);
552
553 Name wrongId("/wrong/id");
554
555 // List Param
556 ListParam param21;
557 shared_ptr<Interest> interest21 = generateUnsignedInterest(param21, owner);
558
559 face->sentDatas.clear();
560 face->receive(*interest21);
561 advanceClocks(io, time::milliseconds(10), 10);
562
563 BOOST_REQUIRE(cache.find(interest21->getName()) != nullptr);
564 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
565 PibNameList result21;
566 BOOST_REQUIRE_NO_THROW(result21.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
567 BOOST_CHECK_EQUAL(result21.getNameList().size(), 1);
568
569
570 ListParam param22(TYPE_ID, testId);
571 shared_ptr<Interest> interest22 = generateUnsignedInterest(param22, owner);
572
573 face->sentDatas.clear();
574 face->receive(*interest22);
575 advanceClocks(io, time::milliseconds(10), 10);
576
577 BOOST_REQUIRE(cache.find(interest22->getName()) != nullptr);
578 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
579 PibNameList result22;
580 BOOST_REQUIRE_NO_THROW(result22.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
581 BOOST_CHECK_EQUAL(result22.getNameList().size(), 2);
582
583
584 ListParam param23(TYPE_ID, wrongId);
585 shared_ptr<Interest> interest23 = generateUnsignedInterest(param23, owner);
586
587 face->sentDatas.clear();
588 face->receive(*interest23);
589 advanceClocks(io, time::milliseconds(10), 10);
590
591 BOOST_REQUIRE(cache.find(interest23->getName()) != nullptr);
592 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
593 PibNameList result23;
594 BOOST_REQUIRE_NO_THROW(result23.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
595 BOOST_CHECK_EQUAL(result23.getNameList().size(), 0);
596}
597
598BOOST_AUTO_TEST_CASE(IsUpdateAllowedTest1)
599{
600 // This test case is to check the access control of local management key
601 owner = "alice";
602
603 Pib pib(*face,
604 tmpPath.string(),
605 m_keyChain.getTpm().getTpmLocator(),
606 owner);
607
608 UpdateQueryProcessor& pro = pib.m_updateProcessor;
609
610 Name target01("/localhost/pib");
611 Name target02("/localhost/pib/alice/mgmt");
612 Name target03("/localhost/pib/alice/mgmt/ok");
613 Name target04("/localhost/pib/alice");
614 Name target05("/test/id");
615 Name target06("/test/id/ksk-123");
616 Name target07("/test/id/KEY/ksk-123/ID-CERT/version");
617 Name signer01 = pib.getMgmtCert().getName().getPrefix(-1);
618 Name signer02("/localhost/pib/bob/mgmt/KEY/ksk-1234/ID-CERT");
619
620 // TYPE_USER is handled separately, isUpdatedAllowed simply returns false
621 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_USER, target02, signer01, DEFAULT_OPT_NO), false);
622
623 // Test access control of local management key
624 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_ID, target01, signer01, DEFAULT_OPT_NO), false);
625 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_ID, target02, signer01, DEFAULT_OPT_NO), false);
626 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_ID, target03, signer01, DEFAULT_OPT_NO), false);
627 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_ID, target04, signer01, DEFAULT_OPT_NO), false);
628 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_ID, target05, signer01, DEFAULT_OPT_NO), true);
629 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_ID, target05, signer02, DEFAULT_OPT_NO), false);
630 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_KEY, target06, signer01, DEFAULT_OPT_NO), true);
631 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_KEY, target06, signer02, DEFAULT_OPT_NO), false);
632 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_CERT, target07, signer01, DEFAULT_OPT_NO), true);
633 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_CERT, target07, signer02, DEFAULT_OPT_NO), false);
634}
635
636BOOST_AUTO_TEST_CASE(IsUpdateAllowedTest2)
637{
638 // This test case is to check the access control of regular key
639
640 owner = "alice";
641
642 Pib pib(*face,
643 tmpPath.string(),
644 m_keyChain.getTpm().getTpmLocator(),
645 owner);
646 PibDb db(tmpPath.string());
647
648 UpdateQueryProcessor& pro = pib.m_updateProcessor;
649
650 Name parent("/test");
651 addIdentity(parent);
652 Name parentCertName = m_keyChain.getDefaultCertificateNameForIdentity(parent);
653 shared_ptr<IdentityCertificate> parentCert = m_keyChain.getCertificate(parentCertName);
654 Name parentSigner = parentCertName.getPrefix(-1);
655
656 advanceClocks(io, time::milliseconds(100));
657 Name parentKeyName2 = m_keyChain.generateRsaKeyPair(parent);
658 shared_ptr<IdentityCertificate> parentCert2 = m_keyChain.selfSign(parentKeyName2);
659 Name parentSigner2 = parentCert2->getName().getPrefix(-1);
660
661 db.addIdentity(parent);
662 db.addKey(parentCert->getPublicKeyName(), parentCert->getPublicKeyInfo());
663 db.addKey(parentCert2->getPublicKeyName(), parentCert2->getPublicKeyInfo());
664 db.setDefaultKeyNameOfIdentity(parentCert->getPublicKeyName());
665 db.addCertificate(*parentCert);
666 db.setDefaultCertNameOfKey(parentCert->getName());
667 db.addCertificate(*parentCert2);
668 db.setDefaultCertNameOfKey(parentCert2->getName());
669
670 Name testId("/test/id");
671 addIdentity(testId);
672 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(testId);
673 shared_ptr<IdentityCertificate> testCert = m_keyChain.getCertificate(certName);
674 Name testKeyName = testCert->getPublicKeyName();
675 Name testSigner = certName.getPrefix(-1);
676
677 advanceClocks(io, time::milliseconds(100));
678 Name secondKeyName = m_keyChain.generateRsaKeyPair(testId);
679 shared_ptr<IdentityCertificate> secondCert = m_keyChain.selfSign(secondKeyName);
680 Name secondCertName = secondCert->getName();
681 Name secondSigner = secondCertName.getPrefix(-1);
682
683 db.addIdentity(testId);
684 db.addKey(testKeyName, testCert->getPublicKeyInfo());
685 db.addKey(secondKeyName, secondCert->getPublicKeyInfo());
686 db.setDefaultKeyNameOfIdentity(testKeyName);
687 db.addCertificate(*testCert);
688 db.setDefaultCertNameOfKey(testCert->getName());
689 db.addCertificate(*secondCert);
690 db.setDefaultCertNameOfKey(secondCert->getName());
691
692 Name nonSigner("/non-signer/KEY/ksk-123/ID-CERT");
693
694 // for target type = TYPE_ID
695 // one cannot add non-child
696 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_ID, testId, nonSigner, DEFAULT_OPT_NO), false);
697 // parent can add child
698 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_ID, testId, parentSigner, DEFAULT_OPT_NO), true);
699 // non-default parent key cannot add a child
700 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_ID, testId, parentSigner2, DEFAULT_OPT_NO), false);
701 // only DEFAULT_OPT_NO is allowed if target type is TYPE_ID
702 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_ID, testId, parentSigner, DEFAULT_OPT_ID), false);
703 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_ID, testId, parentSigner, DEFAULT_OPT_KEY), false);
704 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_ID, testId, parentSigner, DEFAULT_OPT_USER), false);
705
706 // for target type = TYPE_KEY
707 // one can add its own key
708 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_KEY, testKeyName, testSigner, DEFAULT_OPT_NO),
709 true);
710 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_KEY, secondKeyName, testSigner, DEFAULT_OPT_NO),
711 true);
712 // one can set its default key
713 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_KEY, testKeyName, testSigner, DEFAULT_OPT_ID),
714 true);
715 // non-default key cannot add its own key
716 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_KEY, secondKeyName, secondSigner, DEFAULT_OPT_NO),
717 false);
718 // non-default key cannot set its default key
719 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_KEY, testKeyName, secondSigner, DEFAULT_OPT_ID),
720 false);
721 // one can add its child's key
722 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_KEY, secondKeyName, parentSigner, DEFAULT_OPT_NO),
723 true);
724 // one can set its child's default key
725 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_KEY, testKeyName, parentSigner, DEFAULT_OPT_ID),
726 true);
727 // non-default key cannot add its child's key
728 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_KEY, secondKeyName, parentSigner2, DEFAULT_OPT_NO),
729 false);
730 // non-default parent key cannot set its child's default key
731 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_KEY, testKeyName, parentSigner2, DEFAULT_OPT_ID),
732 false);
733 // DEFAULT_OPT_KEY is not allowed if target type is TYPE_KEY
734 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_KEY, testKeyName, testSigner, DEFAULT_OPT_KEY),
735 false);
736 // DEFAULT_OPT_USER is not allowed if signer is no local management key
737 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_KEY, testKeyName, testSigner, DEFAULT_OPT_USER),
738 false);
739
740 // for target type = TYPE_CERT
741 // one can add its own certificate
742 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_CERT, certName, testSigner, DEFAULT_OPT_NO),
743 true);
744 // one can set its own default certificate
745 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_CERT, certName, testSigner, DEFAULT_OPT_ID),
746 true);
747 // one can set its own key's default certificate
748 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_CERT, certName, testSigner, DEFAULT_OPT_KEY),
749 true);
750 // DEFAULT_OPT_USER is not allowed if signer is no local management key
751 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_CERT, certName, testSigner, DEFAULT_OPT_USER),
752 false);
753 // non-default key can add other key's certificate
754 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_CERT, certName, secondSigner, DEFAULT_OPT_NO),
755 false);
756 // non-default key can add its own certificate
757 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_CERT, secondCertName, secondSigner, DEFAULT_OPT_NO),
758 true);
759 // one can add its child's certificate
760 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_CERT, certName, parentSigner, DEFAULT_OPT_NO),
761 true);
762 // non-default key cannot add its child's certificate
763 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_CERT, certName, parentSigner2, DEFAULT_OPT_NO),
764 false);
765 // non-default key cannot set add its identity default certificate
766 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_CERT, secondCertName, secondSigner, DEFAULT_OPT_ID),
767 false);
768 // non-default key can set add its own default certificate
769 BOOST_CHECK_EQUAL(pro.isUpdateAllowed(TYPE_CERT, secondCertName, secondSigner, DEFAULT_OPT_KEY),
770 true);
771}
772
773BOOST_AUTO_TEST_CASE(IsDeleteAllowedTest1)
774{
775 // This test case is to check the access control of local management key
776
777 owner = "alice";
778
779 Pib pib(*face,
780 tmpPath.string(),
781 m_keyChain.getTpm().getTpmLocator(),
782 owner);
783
784 DeleteQueryProcessor& pro = pib.m_deleteProcessor;
785
786 Name target01("/localhost/pib");
787 Name target02("/localhost/pib/alice/Mgmt");
788 Name target03("/localhost/pib/alice/Mgmt/ok");
789 Name target04("/localhost/pib/alice");
790 Name target05("/test/id");
791 Name target06("/test/id/ksk-123");
792 Name target07("/test/id/KEY/ksk-123/ID-CERT/version");
793 Name signer01 = pib.getMgmtCert().getName().getPrefix(-1);
794 Name signer02("/localhost/pib/bob/Mgmt/KEY/ksk-1234/ID-CERT");
795
796 // TYPE_USER is handled separately
797 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_USER, target02, signer01), false);
798
799 // Test access control of local management key
800 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_ID, target01, signer01), false);
801 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_ID, target02, signer01), false);
802 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_ID, target03, signer01), false);
803 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_ID, target04, signer01), false);
804 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_ID, target05, signer01), true);
805 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_KEY, target06, signer01), true);
806 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_CERT, target07, signer01), true);
807 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_ID, target05, signer02), false);
808 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_KEY, target06, signer02), false);
809 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_CERT, target07, signer02), false);
810}
811
812BOOST_AUTO_TEST_CASE(IsDeleteAllowedTest2)
813{
814 // This test case is to check the access control of regular key
815 owner = "alice";
816
817 Pib pib(*face,
818 tmpPath.string(),
819 m_keyChain.getTpm().getTpmLocator(),
820 owner);
821 PibDb db(tmpPath.string());
822 DeleteQueryProcessor& pro = pib.m_deleteProcessor;
823
824 Name parent("/test");
825 addIdentity(parent);
826 Name parentCertName = m_keyChain.getDefaultCertificateNameForIdentity(parent);
827 shared_ptr<IdentityCertificate> parentCert = m_keyChain.getCertificate(parentCertName);
828 Name parentSigner = parentCertName.getPrefix(-1);
829
830 advanceClocks(io, time::milliseconds(100));
831 Name parentKeyName2 = m_keyChain.generateRsaKeyPair(parent);
832 shared_ptr<IdentityCertificate> parentCert2 = m_keyChain.selfSign(parentKeyName2);
833 Name parentSigner2 = parentCert2->getName().getPrefix(-1);
834
835 db.addIdentity(parent);
836 db.addKey(parentCert->getPublicKeyName(), parentCert->getPublicKeyInfo());
837 db.addKey(parentCert2->getPublicKeyName(), parentCert2->getPublicKeyInfo());
838 db.setDefaultKeyNameOfIdentity(parentCert->getPublicKeyName());
839 db.addCertificate(*parentCert);
840 db.setDefaultCertNameOfKey(parentCert->getName());
841 db.addCertificate(*parentCert2);
842 db.setDefaultCertNameOfKey(parentCert2->getName());
843
844 Name testId("/test/id");
845 addIdentity(testId);
846 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(testId);
847 shared_ptr<IdentityCertificate> testCert = m_keyChain.getCertificate(certName);
848 Name testKeyName = testCert->getPublicKeyName();
849 Name testSigner = certName.getPrefix(-1);
850
851 advanceClocks(io, time::milliseconds(100));
852 Name secondKeyName = m_keyChain.generateRsaKeyPair(testId);
853 shared_ptr<IdentityCertificate> secondCert = m_keyChain.selfSign(secondKeyName);
854 Name secondCertName = secondCert->getName();
855 Name secondSigner = secondCertName.getPrefix(-1);
856
857 db.addIdentity(testId);
858 db.addKey(testKeyName, testCert->getPublicKeyInfo());
859 db.addKey(secondKeyName, secondCert->getPublicKeyInfo());
860 db.setDefaultKeyNameOfIdentity(testKeyName);
861 db.addCertificate(*testCert);
862 db.setDefaultCertNameOfKey(testCert->getName());
863 db.addCertificate(*secondCert);
864 db.setDefaultCertNameOfKey(secondCert->getName());
865
866 Name nonSigner("/non-signer/KEY/ksk-123/ID-CERT");
867
868 // one can delete itself
869 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_ID, testId, testSigner), true);
870 // parent can delete its child
871 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_ID, testId, parentSigner), true);
872 // non-default key cannot delete its identity
873 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_ID, testId, secondSigner), false);
874 // non-default key cannot delete its child
875 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_ID, testId, parentSigner2), false);
876 // one cannot delete its parent
877 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_ID, parent, testSigner), false);
878
879 // one can delete its own key
880 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_KEY, testKeyName, testSigner), true);
881 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_KEY, secondKeyName, testSigner), true);
882 // parent can delete its child's key
883 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_KEY, testKeyName, parentSigner), true);
884 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_KEY, secondKeyName, parentSigner), true);
885 // non-default key cannot delete other key
886 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_KEY, testKeyName, secondSigner), false);
887 // non-default key can delete itself
888 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_KEY, secondKeyName, secondSigner), true);
889 // non-default key cannot delete its child's key
890 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_KEY, testKeyName, parentSigner2), false);
891
892 // one can delete its own certificate
893 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_CERT, certName, testSigner), true);
894 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_CERT, secondCertName, testSigner), true);
895 // non-default key cannot delete other's certificate
896 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_CERT, certName, secondSigner), false);
897 // non-default key can delete its own certificate
898 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_CERT, secondCertName, secondSigner), true);
899 // parent can delete its child's certificate
900 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_CERT, certName, parentSigner), true);
901 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_CERT, secondCertName, parentSigner), true);
902 // non-default parent cannot delete its child's certificate
903 BOOST_CHECK_EQUAL(pro.isDeleteAllowed(TYPE_CERT, certName, parentSigner2), false);
904}
905
906
907BOOST_AUTO_TEST_CASE(UpdateUserTest)
908{
909 owner = "alice";
910
911 Pib pib(*face,
912 tmpPath.string(),
913 m_keyChain.getTpm().getTpmLocator(),
914 owner);
915
916 advanceClocks(io, time::milliseconds(10), 10);
917 util::InMemoryStoragePersistent& cache = pib.getResponseCache();
918
919 m_keyChain.addCertificate(pib.getMgmtCert());
920
921 PibDb db(tmpPath.string());
922
923 Name bob("/localhost/pib/bob/mgmt");
924 addIdentity(bob);
925 Name bobCertName = m_keyChain.getDefaultCertificateNameForIdentity(bob);
926 shared_ptr<IdentityCertificate> bobCert = m_keyChain.getCertificate(bobCertName);
927
928 // signer is correct, but user name is wrong, should fall
929 PibUser pibUser1;
930 pibUser1.setMgmtCert(*bobCert);
931 UpdateParam param1(pibUser1);
932 auto interest1 = generateSignedInterest(param1, owner, db.getMgmtCertificate()->getName());
933
934 face->sentDatas.clear();
935 face->receive(*interest1);
936 advanceClocks(io, time::milliseconds(10), 10);
937
938 BOOST_REQUIRE(cache.find(interest1->getName()) != nullptr);
939 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
940 PibError result;
941 BOOST_REQUIRE_NO_THROW(result.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
942 BOOST_CHECK_EQUAL(result.getErrorCode(), ERR_WRONG_PARAM);
943
944 // user name is correct, but signer is wrong, should fail
945 PibUser pibUser2;
946 pibUser2.setMgmtCert(pib.getMgmtCert());
947 UpdateParam param2(pibUser2);
948 auto interest2 = generateSignedInterest(param2, owner, bobCertName);
949
950 face->sentDatas.clear();
951 face->receive(*interest2);
952 advanceClocks(io, time::milliseconds(10), 10);
953
954 BOOST_CHECK(cache.find(interest2->getName()) == nullptr); // verification should fail, no response
955 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 0);
956
957 // update an existing user with a new mgmt key, signed by the old mgmt key.
958 advanceClocks(io, time::milliseconds(100));
959 Name ownerSecondKeyName =
960 m_keyChain.generateRsaKeyPair(Name("/localhost/pib/alice/mgmt"), false);
961 shared_ptr<IdentityCertificate> ownerSecondCert = m_keyChain.selfSign(ownerSecondKeyName);
962 m_keyChain.addCertificate(*ownerSecondCert);
963
964 PibUser pibUser3;
965 pibUser3.setMgmtCert(*ownerSecondCert);
966 UpdateParam param3(pibUser3);
967 auto interest3 = generateSignedInterest(param3, owner, db.getMgmtCertificate()->getName());
968
969 face->sentDatas.clear();
970 face->receive(*interest3);
971 advanceClocks(io, time::milliseconds(10), 10);
972
973 BOOST_REQUIRE(cache.find(interest3->getName()) != nullptr);
974 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
975 PibError result3;
976 BOOST_REQUIRE_NO_THROW(result3.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
977 BOOST_CHECK_EQUAL(result3.getErrorCode(), ERR_SUCCESS);
978 BOOST_CHECK(db.getMgmtCertificate()->wireEncode() == ownerSecondCert->wireEncode());
979
980 // Add an cert and set it as user default cert.
981 Name testId("/test/id");
982 Name testIdCertName = m_keyChain.createIdentity(testId);
983 shared_ptr<IdentityCertificate> testIdCert = m_keyChain.getCertificate(testIdCertName);
984 Name testIdKeyName = testIdCert->getPublicKeyName();
985 UpdateParam updateParam(*testIdCert, DEFAULT_OPT_USER);
986 auto interest4 = generateSignedInterest(updateParam, owner, ownerSecondCert->getName());
987
988 face->sentDatas.clear();
989 face->receive(*interest4);
990 advanceClocks(io, time::milliseconds(10), 10);
991
992 BOOST_REQUIRE(cache.find(interest4->getName()) != nullptr);
993 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
994 PibError result4;
995 BOOST_REQUIRE_NO_THROW(result4.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
996 BOOST_CHECK_EQUAL(result4.getErrorCode(), ERR_SUCCESS);
997
998 BOOST_CHECK(pib.getDb().hasCertificate(testIdCertName));
999 BOOST_CHECK(pib.getDb().hasKey(testIdKeyName));
1000 BOOST_CHECK(pib.getDb().hasIdentity(testId));
1001
1002 BOOST_REQUIRE_NO_THROW(pib.getDb().getDefaultCertNameOfKey(testIdKeyName));
1003 BOOST_REQUIRE_NO_THROW(pib.getDb().getDefaultKeyNameOfIdentity(testId));
1004 BOOST_REQUIRE_NO_THROW(pib.getDb().getDefaultIdentity());
1005
1006 BOOST_CHECK_EQUAL(pib.getDb().getDefaultCertNameOfKey(testIdKeyName), testIdCertName);
1007 BOOST_CHECK_EQUAL(pib.getDb().getDefaultKeyNameOfIdentity(testId), testIdKeyName);
1008 BOOST_CHECK_EQUAL(pib.getDb().getDefaultIdentity(), testId);
1009}
1010
1011BOOST_AUTO_TEST_CASE(UpdateRegularKeyTest)
1012{
1013 owner = "alice";
1014
1015 Pib pib(*face,
1016 tmpPath.string(),
1017 m_keyChain.getTpm().getTpmLocator(),
1018 owner);
1019
1020 advanceClocks(io, time::milliseconds(10), 10);
1021 util::InMemoryStoragePersistent& cache = pib.getResponseCache();
1022 auto ownerMgmtCert = pib.getMgmtCert();
1023 m_keyChain.addCertificate(ownerMgmtCert);
1024
1025 PibDb db(tmpPath.string());
1026
1027 Name id0("/test/identity0");
1028 Name certName000 = m_keyChain.createIdentity(id0);
1029 shared_ptr<IdentityCertificate> cert000 = m_keyChain.getCertificate(certName000);
1030 Name keyName00 = cert000->getPublicKeyName();
1031 advanceClocks(io, time::milliseconds(100));
1032 shared_ptr<IdentityCertificate> cert001 = m_keyChain.selfSign(keyName00);
1033 Name certName001 = cert001->getName();
1034
1035 advanceClocks(io, time::milliseconds(100));
1036 Name keyName01 = m_keyChain.generateRsaKeyPair(id0);
1037 shared_ptr<IdentityCertificate> cert010 = m_keyChain.selfSign(keyName01);
1038 Name certName010 = cert010->getName();
1039 advanceClocks(io, time::milliseconds(100));
1040 shared_ptr<IdentityCertificate> cert011 = m_keyChain.selfSign(keyName01);
1041 Name certName011 = cert011->getName();
1042 m_keyChain.addCertificate(*cert010);
1043
1044 advanceClocks(io, time::milliseconds(100));
1045 Name id1("/test/identity1");
1046 Name certName100 = m_keyChain.createIdentity(id1);
1047 shared_ptr<IdentityCertificate> cert100 = m_keyChain.getCertificate(certName100);
1048 Name keyName10 = cert100->getPublicKeyName();
1049 advanceClocks(io, time::milliseconds(100));
1050 shared_ptr<IdentityCertificate> cert101 = m_keyChain.selfSign(keyName10);
1051 Name certName101 = cert101->getName();
1052
1053 advanceClocks(io, time::milliseconds(100));
1054 Name keyName11 = m_keyChain.generateRsaKeyPair(id1);
1055 shared_ptr<IdentityCertificate> cert110 = m_keyChain.selfSign(keyName11);
1056 Name certName110 = cert110->getName();
1057 advanceClocks(io, time::milliseconds(100));
1058 shared_ptr<IdentityCertificate> cert111 = m_keyChain.selfSign(keyName11);
1059 Name certName111 = cert111->getName();
1060 m_keyChain.addCertificate(*cert111);
1061
1062
1063 // Add a cert
1064 BOOST_CHECK_EQUAL(db.hasIdentity(id0), false);
1065 BOOST_CHECK_EQUAL(db.hasKey(keyName00), false);
1066 BOOST_CHECK_EQUAL(db.hasCertificate(certName000), false);
1067 UpdateParam param1(*cert000);
1068 auto interest1 = generateSignedInterest(param1, owner, ownerMgmtCert.getName());
1069
1070 face->sentDatas.clear();
1071 face->receive(*interest1);
1072 advanceClocks(io, time::milliseconds(10), 10);
1073
1074 BOOST_CHECK(cache.find(interest1->getName()) != nullptr);
1075 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
1076 PibError result1;
1077 BOOST_REQUIRE_NO_THROW(result1.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
1078 BOOST_CHECK_EQUAL(result1.getErrorCode(), ERR_SUCCESS);
1079 BOOST_CHECK_EQUAL(db.hasIdentity(id0), true);
1080 BOOST_CHECK_EQUAL(db.hasKey(keyName00), true);
1081 BOOST_CHECK_EQUAL(db.hasCertificate(certName000), true);
1082
1083 db.addCertificate(*cert100);
1084 BOOST_CHECK_EQUAL(db.hasIdentity(id1), true);
1085 BOOST_CHECK_EQUAL(db.hasKey(keyName10), true);
1086 BOOST_CHECK_EQUAL(db.hasCertificate(certName100), true);
1087
1088 // Set default
1089 BOOST_CHECK_EQUAL(db.getDefaultIdentity(), id0);
1090 BOOST_CHECK_EQUAL(db.getDefaultKeyNameOfIdentity(id0), keyName00);
1091 BOOST_CHECK_EQUAL(db.getDefaultCertNameOfKey(keyName00), certName000);
1092
1093 UpdateParam param2(id1, DEFAULT_OPT_USER);
1094 auto interest2 = generateSignedInterest(param2, owner, ownerMgmtCert.getName());
1095
1096 face->sentDatas.clear();
1097 face->receive(*interest2);
1098 advanceClocks(io, time::milliseconds(10), 10);
1099
1100 BOOST_CHECK(cache.find(interest2->getName()) != nullptr);
1101 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
1102 PibError result2;
1103 BOOST_REQUIRE_NO_THROW(result2.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
1104 BOOST_CHECK_EQUAL(result2.getErrorCode(), ERR_SUCCESS);
1105 BOOST_CHECK_EQUAL(db.getDefaultIdentity(), id1);
1106
1107 db.addCertificate(*cert010);
1108 UpdateParam param3(keyName01, cert010->getPublicKeyInfo(), DEFAULT_OPT_ID);
1109 auto interest3 = generateSignedInterest(param3, owner, ownerMgmtCert.getName());
1110
1111 face->sentDatas.clear();
1112 face->receive(*interest3);
1113 advanceClocks(io, time::milliseconds(10), 10);
1114
1115 BOOST_CHECK(cache.find(interest3->getName()) != nullptr);
1116 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
1117 PibError result3;
1118 BOOST_REQUIRE_NO_THROW(result3.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
1119 BOOST_CHECK_EQUAL(result3.getErrorCode(), ERR_SUCCESS);
1120 BOOST_CHECK_EQUAL(db.getDefaultKeyNameOfIdentity(id0), keyName01);
1121
1122 db.addCertificate(*cert011);
1123 UpdateParam param4(*cert011, DEFAULT_OPT_KEY);
1124 auto interest4 = generateSignedInterest(param4, owner, ownerMgmtCert.getName());
1125
1126 face->sentDatas.clear();
1127 face->receive(*interest4);
1128 advanceClocks(io, time::milliseconds(10), 10);
1129
1130 BOOST_CHECK(cache.find(interest4->getName()) != nullptr);
1131 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
1132 PibError result4;
1133 BOOST_REQUIRE_NO_THROW(result4.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
1134 BOOST_CHECK_EQUAL(result4.getErrorCode(), ERR_SUCCESS);
1135 BOOST_CHECK_EQUAL(db.getDefaultCertNameOfKey(keyName01), certName011);
1136
1137 // add key and certificate using regular keys.
1138 BOOST_CHECK_EQUAL(db.hasKey(keyName11), false);
1139 UpdateParam param5(keyName11, cert110->getPublicKeyInfo());
1140 auto interest5 = generateSignedInterest(param5, owner, cert100->getName());
1141
1142 face->sentDatas.clear();
1143 face->receive(*interest5);
1144 advanceClocks(io, time::milliseconds(10), 10);
1145
1146 BOOST_CHECK(cache.find(interest5->getName()) != nullptr);
1147 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
1148 PibError result5;
1149 BOOST_REQUIRE_NO_THROW(result5.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
1150 BOOST_CHECK_EQUAL(result5.getErrorCode(), ERR_SUCCESS);
1151 BOOST_CHECK_EQUAL(db.hasKey(keyName11), true);
1152
1153 // add cert using its own key which has been added before
1154 BOOST_CHECK_EQUAL(db.hasCertificate(cert101->getName()), false);
1155 UpdateParam param6(*cert101);
1156 auto interest6 = generateSignedInterest(param6, owner, cert100->getName());
1157
1158 face->sentDatas.clear();
1159 face->receive(*interest6);
1160 advanceClocks(io, time::milliseconds(10), 10);
1161
1162 BOOST_CHECK(cache.find(interest6->getName()) != nullptr);
1163 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
1164 PibError result6;
1165 BOOST_REQUIRE_NO_THROW(result6.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
1166 BOOST_CHECK_EQUAL(result6.getErrorCode(), ERR_SUCCESS);
1167 BOOST_CHECK_EQUAL(db.hasCertificate(cert101->getName()), true);
1168}
1169
1170BOOST_AUTO_TEST_CASE(DeleteUserTest)
1171{
1172 owner = "alice";
1173
1174 Pib pib(*face,
1175 tmpPath.string(),
1176 m_keyChain.getTpm().getTpmLocator(),
1177 owner);
1178 advanceClocks(io, time::milliseconds(10), 10);
1179 util::InMemoryStoragePersistent& cache = pib.getResponseCache();
1180 auto ownerMgmtCert = pib.getMgmtCert();
1181 m_keyChain.addCertificate(ownerMgmtCert);
1182
1183 PibDb db(tmpPath.string());
1184
1185 // Delete user should fail
1186 DeleteParam param(Name(), TYPE_USER);
1187 auto interest = generateSignedInterest(param, owner, ownerMgmtCert.getName());
1188
1189 face->receive(*interest);
1190 advanceClocks(io, time::milliseconds(10), 10);
1191
1192 BOOST_CHECK(cache.find(interest->getName()) != nullptr);
1193 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
1194 PibError result;
1195 BOOST_REQUIRE_NO_THROW(result.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
1196 BOOST_CHECK_EQUAL(result.getErrorCode(), ERR_WRONG_PARAM);
1197}
1198
1199BOOST_AUTO_TEST_CASE(DeleteRegularKeyTest)
1200{
1201 owner = "alice";
1202
1203 Pib pib(*face,
1204 tmpPath.string(),
1205 m_keyChain.getTpm().getTpmLocator(),
1206 owner);
1207 advanceClocks(io, time::milliseconds(10), 10);
1208 util::InMemoryStoragePersistent& cache = pib.getResponseCache();
1209 auto ownerMgmtCert = pib.getMgmtCert();
1210 m_keyChain.addCertificate(ownerMgmtCert);
1211
1212 PibDb& db = pib.getDb();
1213
1214 Name testId("/test/identity");
1215 Name testIdCertName00 = m_keyChain.createIdentity(testId);
1216 shared_ptr<IdentityCertificate> cert00 = m_keyChain.getCertificate(testIdCertName00);
1217 Name testIdKeyName0 = cert00->getPublicKeyName();
1218 advanceClocks(io, time::milliseconds(100));
1219 shared_ptr<IdentityCertificate> cert01 = m_keyChain.selfSign(testIdKeyName0);
1220 Name testIdCertName01 = cert01->getName();
1221
1222 advanceClocks(io, time::milliseconds(100));
1223 Name testIdKeyName1 = m_keyChain.generateRsaKeyPair(testId);
1224 shared_ptr<IdentityCertificate> cert10 = m_keyChain.selfSign(testIdKeyName1);
1225 Name testIdCertName10 = cert10->getName();
1226 advanceClocks(io, time::milliseconds(100));
1227 shared_ptr<IdentityCertificate> cert11 = m_keyChain.selfSign(testIdKeyName1);
1228 Name testIdCertName11 = cert11->getName();
1229 m_keyChain.addCertificate(*cert11);
1230
1231 db.addCertificate(*cert00);
1232 db.addCertificate(*cert01);
1233 db.addCertificate(*cert10);
1234 db.addCertificate(*cert11);
1235 db.setDefaultIdentity(testId);
1236 db.setDefaultKeyNameOfIdentity(testIdKeyName0);
1237 db.setDefaultCertNameOfKey(testIdCertName00);
1238 db.setDefaultCertNameOfKey(testIdCertName10);
1239
1240 // delete a certificate itself
1241 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName11), true);
1242 DeleteParam param1(testIdCertName11, TYPE_CERT);
1243 auto interest1 = generateSignedInterest(param1, owner, testIdCertName11);
1244
1245 face->sentDatas.clear();
1246 face->receive(*interest1);
1247 advanceClocks(io, time::milliseconds(10), 10);
1248
1249 BOOST_CHECK(cache.find(interest1->getName()) != nullptr);
1250 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
1251 PibError result1;
1252 BOOST_REQUIRE_NO_THROW(result1.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
1253 BOOST_CHECK_EQUAL(result1.getErrorCode(), ERR_SUCCESS);
1254 BOOST_CHECK_EQUAL(db.hasCertificate(testIdCertName11), false);
1255
1256 // delete a key itself
1257 BOOST_CHECK_EQUAL(db.hasKey(testIdKeyName1), true);
1258 DeleteParam param2(testIdKeyName1, TYPE_KEY);
1259 auto interest2 = generateSignedInterest(param2, owner, testIdCertName11);
1260
1261 face->sentDatas.clear();
1262 face->receive(*interest2);
1263 advanceClocks(io, time::milliseconds(10), 10);
1264
1265 BOOST_CHECK(cache.find(interest2->getName()) != nullptr);
1266 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
1267 PibError result2;
1268 BOOST_REQUIRE_NO_THROW(result2.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
1269 BOOST_CHECK_EQUAL(result2.getErrorCode(), ERR_SUCCESS);
1270 BOOST_CHECK_EQUAL(db.hasKey(testIdKeyName1), false);
1271
1272 // delete an identity using non-default key, should fail
1273 db.addCertificate(*cert11);
1274 BOOST_CHECK_EQUAL(db.hasIdentity(testId), true);
1275 DeleteParam param3(testId, TYPE_ID);
1276 auto interest3 = generateSignedInterest(param3, owner, testIdCertName11);
1277
1278 face->sentDatas.clear();
1279 face->receive(*interest3);
1280 advanceClocks(io, time::milliseconds(10), 10);
1281
1282 BOOST_CHECK(cache.find(interest3->getName()) != nullptr);
1283 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
1284 PibError result3;
1285 BOOST_REQUIRE_NO_THROW(result3.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
1286 BOOST_CHECK_EQUAL(result3.getErrorCode(), ERR_WRONG_SIGNER);
1287 BOOST_CHECK_EQUAL(db.hasIdentity(testId), true);
1288
1289 // delete an identity using identity default key, should succeed
1290 DeleteParam param4(testId, TYPE_ID);
1291 auto interest4 = generateSignedInterest(param4, owner, testIdCertName00);
1292
1293 face->sentDatas.clear();
1294 face->receive(*interest4);
1295 advanceClocks(io, time::milliseconds(10), 10);
1296
1297 BOOST_CHECK(cache.find(interest4->getName()) != nullptr);
1298 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
1299 PibError result4;
1300 BOOST_REQUIRE_NO_THROW(result4.wireDecode(face->sentDatas[0].getContent().blockFromValue()));
1301 BOOST_CHECK_EQUAL(result4.getErrorCode(), ERR_SUCCESS);
1302 BOOST_CHECK_EQUAL(db.hasIdentity(testId), false);
1303}
1304
1305BOOST_AUTO_TEST_CASE(ReadCommandTest2)
1306{
1307 // Read Certificates;
1308 owner = "alice";
1309
1310 Pib pib(*face,
1311 tmpPath.string(),
1312 m_keyChain.getTpm().getTpmLocator(),
1313 owner);
1314
1315 advanceClocks(io, time::milliseconds(10), 100);
1316 auto ownerMgmtCert = pib.getMgmtCert();
1317 m_keyChain.addCertificate(ownerMgmtCert);
1318
1319 Name testId("/test/identity");
1320 Name testIdCertName00 = m_keyChain.createIdentity(testId);
1321 shared_ptr<IdentityCertificate> cert00 = m_keyChain.getCertificate(testIdCertName00);
1322 Name testIdKeyName0 = cert00->getPublicKeyName();
1323 advanceClocks(io, time::milliseconds(100));
1324 shared_ptr<IdentityCertificate> cert01 = m_keyChain.selfSign(testIdKeyName0);
1325 Name testIdCertName01 = cert01->getName();
1326
1327 advanceClocks(io, time::milliseconds(100));
1328 Name testIdKeyName1 = m_keyChain.generateRsaKeyPair(testId);
1329 shared_ptr<IdentityCertificate> cert10 = m_keyChain.selfSign(testIdKeyName1);
1330 Name testIdCertName10 = cert10->getName();
1331 advanceClocks(io, time::milliseconds(100));
1332 shared_ptr<IdentityCertificate> cert11 = m_keyChain.selfSign(testIdKeyName1);
1333 Name testIdCertName11 = cert11->getName();
1334
1335
1336 UpdateParam param00(*cert00);
1337 UpdateParam param01(*cert01);
1338 UpdateParam param10(*cert10);
1339 UpdateParam param11(*cert11);
1340 auto interest00 = generateSignedInterest(param00, owner, ownerMgmtCert.getName());
1341 auto interest01 = generateSignedInterest(param01, owner, ownerMgmtCert.getName());
1342 auto interest10 = generateSignedInterest(param10, owner, ownerMgmtCert.getName());
1343 auto interest11 = generateSignedInterest(param11, owner, ownerMgmtCert.getName());
1344
1345 face->sentDatas.clear();
1346 face->receive(*interest00);
1347 advanceClocks(io, time::milliseconds(10), 10);
1348 face->receive(*interest01);
1349 advanceClocks(io, time::milliseconds(10), 10);
1350 face->receive(*interest10);
1351 advanceClocks(io, time::milliseconds(10), 10);
1352 face->receive(*interest11);
1353 advanceClocks(io, time::milliseconds(10), 10);
1354
1355 auto interest1 = make_shared<Interest>(testIdCertName11);
1356 face->sentDatas.clear();
1357 face->receive(*interest1);
1358 advanceClocks(io, time::milliseconds(10), 10);
1359 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
1360 BOOST_CHECK(face->sentDatas[0].wireEncode() == cert11->wireEncode());
1361
1362 auto interest2 = make_shared<Interest>(testIdCertName11.getPrefix(-1));
1363 face->sentDatas.clear();
1364 face->receive(*interest2);
1365 advanceClocks(io, time::milliseconds(10), 10);
1366 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
1367 BOOST_CHECK_EQUAL(face->sentDatas[0].getName().getPrefix(-1),
1368 cert11->getName().getPrefix(-1));
1369
1370 auto interest3 = make_shared<Interest>(testIdCertName11.getPrefix(-1));
1371 pib.getDb().deleteCertificate(testIdCertName11);
1372 face->sentDatas.clear();
1373 face->receive(*interest3);
1374 advanceClocks(io, time::milliseconds(10), 10);
1375 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 1);
1376 BOOST_CHECK(face->sentDatas[0].wireEncode() == cert10->wireEncode());
1377
1378 auto interest4 = make_shared<Interest>(testIdCertName11);
1379 face->sentDatas.clear();
1380 face->receive(*interest4);
1381 advanceClocks(io, time::milliseconds(10), 10);
1382 BOOST_REQUIRE_EQUAL(face->sentDatas.size(), 0);
1383}
1384
1385BOOST_AUTO_TEST_SUITE_END()
1386
1387} // namespace tests
1388} // namespace pib
1389} // namespace ndn