security: Pair-up Tpm and Pib in KeyChain
In this commit, we also change the HOME setting for test cases.
Change-Id: I7fa15461555b3519d9d2005c6956c167ed07d66f
Refs: #2242
Refs: #2260
diff --git a/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf b/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf
index e69de29..ebc2bfd 100644
--- a/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf
+++ b/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf
@@ -0,0 +1,4 @@
+; Empty client.conf is unfeasible in automated tests,
+; see tests/unit-tests/security/config-file-readme.txt.
+; The test is broken into two: 1) missing pib and 2) missing tpm
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
\ No newline at end of file
diff --git a/tests/unit-tests/security/config-file-empty2-home/.ndn/client.conf b/tests/unit-tests/security/config-file-empty2-home/.ndn/client.conf
new file mode 100644
index 0000000..d50e5ac
--- /dev/null
+++ b/tests/unit-tests/security/config-file-empty2-home/.ndn/client.conf
@@ -0,0 +1,4 @@
+; Empty client.conf is unfeasible in automated tests,
+; see tests/unit-tests/security/config-file-readme.txt.
+; The test is broken into two: 1) missing pib and 2) missing tpm
+tpm=tpm-file:/tmp/test/ndn-cxx/keychain/empty-file/
\ No newline at end of file
diff --git a/tests/unit-tests/security/config-file-home/.ndn/client.conf b/tests/unit-tests/security/config-file-home/.ndn/client.conf
index cc05409..47c9406 100644
--- a/tests/unit-tests/security/config-file-home/.ndn/client.conf
+++ b/tests/unit-tests/security/config-file-home/.ndn/client.conf
@@ -1,2 +1,2 @@
-pib=sqlite3
-tpm=file
\ No newline at end of file
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-file/
+tpm=tpm-file:/tmp/test/ndn-cxx/keychain/sqlite3-file/
\ No newline at end of file
diff --git a/tests/unit-tests/security/config-file-malformed2-home/.ndn/client.conf b/tests/unit-tests/security/config-file-malformed2-home/.ndn/client.conf
index 3f7795d..2cfb7f6 100644
--- a/tests/unit-tests/security/config-file-malformed2-home/.ndn/client.conf
+++ b/tests/unit-tests/security/config-file-malformed2-home/.ndn/client.conf
@@ -1,2 +1,2 @@
-pib=sqlite3
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-just-wrong/
tpm=just-wrong
diff --git a/tests/unit-tests/security/config-file-readme.txt b/tests/unit-tests/security/config-file-readme.txt
new file mode 100644
index 0000000..44e5f61
--- /dev/null
+++ b/tests/unit-tests/security/config-file-readme.txt
@@ -0,0 +1,11 @@
+In test, we set a test-specific "HOME", which cause OS X keychain look for the
+default keychain of a "different" user. If the default keychain does not exist,
+all subsequent calls to OS X keychain will fail. User interaction (such as
+specifying password) is required to create a keychain. However, user interaction
+is not feasible in automated tests.
+
+This problem is caused by the OS X system assumption that one user must have a
+login keychain, which is also the user's default keychain, because a user
+account is always created with a login keychain as default. Thus OS X system
+infers a user according to the HOME env, and did not expect user to change the
+HOME env in normal use.
diff --git a/tests/unit-tests/security/identity-fixture.cpp b/tests/unit-tests/security/identity-fixture.cpp
index 38c85a8..0e543bf 100644
--- a/tests/unit-tests/security/identity-fixture.cpp
+++ b/tests/unit-tests/security/identity-fixture.cpp
@@ -21,6 +21,8 @@
#include "security/key-chain.hpp"
#include "../util/test-home-environment-fixture.hpp"
+#include <boost/filesystem.hpp>
+
#include "boost-test.hpp"
namespace ndn {
@@ -31,10 +33,18 @@
public:
IdentityFixture()
{
- // initialize KeyChain from TEST_HOME
- setenv("TEST_HOME", "tests/unit-tests/security/config-file-home", 1);
+ using namespace boost::filesystem;
- KeyChain keyChain("sqlite3", "file");
+ // initialize KeyChain from test specific HOME: tests/unit-tests/security/tmp-home
+ if (std::getenv("HOME"))
+ m_HOME = std::getenv("HOME");
+ if (std::getenv("OLD_HOME"))
+ m_OLD_HOME = std::getenv("OLD_HOME");
+
+ setenv("HOME", "tests/unit-tests/security/tmp-home", 1);
+ setenv("OLD_HOME", m_HOME.c_str(), 1);
+
+ KeyChain keyChain;
// save the old default identity
try {
@@ -58,7 +68,9 @@
~IdentityFixture()
{
- KeyChain keyChain("sqlite3", "file");
+ using namespace boost::filesystem;
+
+ KeyChain keyChain;
// recover the old default setting
if (m_hasOldDefaultIdentity) {
@@ -69,9 +81,30 @@
// XXX This has no effect if oldDefaultIdentity doesn't exist.
// newIdentity would be kept as default.
keyChain.deleteIdentity(m_newIdentity);
+
+ path pibPath(absolute(std::getenv("HOME")));
+ pibPath /= ".ndn/ndnsec-public-info.db";
+
+ boost::filesystem::remove(pibPath);
+
+ path tpmPath(absolute(std::getenv("HOME")));
+ tpmPath /= ".ndn/ndnsec-tpm-file";
+
+ boost::filesystem::remove_all(tpmPath);
+
+ if (!m_HOME.empty())
+ setenv("HOME", m_HOME.c_str(), 1);
+ else
+ unsetenv("HOME");
+
+ if (!m_OLD_HOME.empty())
+ setenv("OLD_HOME", m_OLD_HOME.c_str(), 1);
+ else
+ unsetenv("OLD_HOME");
}
private:
+ std::string m_OLD_HOME;
std::string m_HOME;
bool m_hasOldDefaultIdentity;
diff --git a/tests/unit-tests/security/identity-management-fixture.cpp b/tests/unit-tests/security/identity-management-fixture.cpp
deleted file mode 100644
index 72c0cbe..0000000
--- a/tests/unit-tests/security/identity-management-fixture.cpp
+++ /dev/null
@@ -1,54 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2014 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- */
-
-#include "identity-management-fixture.hpp"
-
-namespace ndn {
-namespace security {
-
-IdentityManagementFixture::IdentityManagementFixture()
- : m_keyChain("sqlite3", "file")
-{
-}
-
-IdentityManagementFixture::~IdentityManagementFixture()
-{
- for (std::vector<Name>::iterator it = m_identities.begin();
- it != m_identities.end(); it++) {
- m_keyChain.deleteIdentity(*it);
- }
-}
-
-bool
-IdentityManagementFixture::addIdentity(const Name& identity, const KeyParams& params)
-{
- try {
- m_keyChain.createIdentity(identity, params);
- m_identities.push_back(identity);
- return true;
- }
- catch (std::runtime_error& e) {
- return false;
- }
-}
-
-} // namespace security
-} // namespace ndn
diff --git a/tests/unit-tests/security/identity-management-fixture.hpp b/tests/unit-tests/security/identity-management-fixture.hpp
deleted file mode 100644
index 268d2ea..0000000
--- a/tests/unit-tests/security/identity-management-fixture.hpp
+++ /dev/null
@@ -1,53 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2014 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- */
-
-#include "security/key-chain.hpp"
-#include <vector>
-
-#include "boost-test.hpp"
-
-namespace ndn {
-namespace security {
-
-/**
- * @brief IdentityManagementFixture is a test suite level fixture.
- * Test cases in the suite can use this fixture to create identities.
- * Identities added via addIdentity method are automatically deleted
- * during test teardown.
- */
-class IdentityManagementFixture
-{
-public:
- IdentityManagementFixture();
-
- ~IdentityManagementFixture();
-
- /// @brief add identity, return true if succeed.
- bool
- addIdentity(const Name& identity, const KeyParams& params = KeyChain::DEFAULT_KEY_PARAMS);
-
-protected:
- KeyChain m_keyChain;
- std::vector<Name> m_identities;
-};
-
-} // namespace security
-} // namespace ndn
diff --git a/tests/unit-tests/security/test-keychain.cpp b/tests/unit-tests/security/test-keychain.cpp
index bb3af0c..70e8e01 100644
--- a/tests/unit-tests/security/test-keychain.cpp
+++ b/tests/unit-tests/security/test-keychain.cpp
@@ -52,6 +52,42 @@
setenv("TEST_HOME", "tests/unit-tests/security/config-file-empty-home", 1);
+#if defined(NDN_CXX_HAVE_OSX_SECURITY)
+ std::string oldHOME;
+ if (std::getenv("OLD_HOME"))
+ oldHOME = std::getenv("OLD_HOME");
+
+ std::string HOME;
+ if (std::getenv("HOME"))
+ HOME = std::getenv("HOME");
+
+ if (!oldHOME.empty())
+ setenv("HOME", oldHOME.c_str(), 1);
+ else
+ unsetenv("HOME");
+#endif
+
+ BOOST_REQUIRE_NO_THROW(KeyChain());
+
+#if defined(NDN_CXX_HAVE_OSX_SECURITY)
+ if (!HOME.empty())
+ setenv("HOME", HOME.c_str(), 1);
+ else
+ unsetenv("HOME");
+#endif
+
+ path pibPath(absolute(std::getenv("TEST_HOME")));
+ pibPath /= ".ndn/ndnsec-public-info.db";
+
+ boost::filesystem::remove(pibPath);
+}
+
+BOOST_AUTO_TEST_CASE(ConstructorEmpty2Config)
+{
+ using namespace boost::filesystem;
+
+ setenv("TEST_HOME", "tests/unit-tests/security/config-file-empty2-home", 1);
+
BOOST_REQUIRE_NO_THROW(KeyChain());
path pibPath(absolute(std::getenv("TEST_HOME")));
@@ -80,8 +116,7 @@
BOOST_AUTO_TEST_CASE(ExportIdentity)
{
- BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
- KeyChain keyChain("sqlite3", "file");
+ KeyChain keyChain;
Name identity("/TestKeyChain/ExportIdentity/");
identity.appendVersion();
@@ -123,8 +158,7 @@
BOOST_AUTO_TEST_CASE(PrepareIdentityCertificate)
{
- BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
- KeyChain keyChain("sqlite3", "file");
+ KeyChain keyChain;
Name identity("/TestKeyChain/PrepareIdentityCertificate/");
identity.appendVersion();
@@ -196,6 +230,73 @@
keyChain.deleteIdentity(anotherIdentity);
}
+BOOST_AUTO_TEST_CASE(Delete)
+{
+ KeyChain keyChain;
+
+ Name identity("/TestSecPublicInfoSqlite3/Delete");
+ identity.appendVersion();
+
+ Name certName1;
+ BOOST_REQUIRE_NO_THROW(certName1 = keyChain.createIdentity(identity));
+
+ Name keyName1 = IdentityCertificate::certificateNameToPublicKeyName(certName1);
+ Name keyName2;
+ BOOST_REQUIRE_NO_THROW(keyName2 = keyChain.generateRsaKeyPairAsDefault(identity));
+
+ shared_ptr<IdentityCertificate> cert2;
+ BOOST_REQUIRE_NO_THROW(cert2 = keyChain.selfSign(keyName2));
+ Name certName2 = cert2->getName();
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert2));
+
+ Name keyName3;
+ BOOST_REQUIRE_NO_THROW(keyName3 = keyChain.generateRsaKeyPairAsDefault(identity));
+
+ shared_ptr<IdentityCertificate> cert3;
+ BOOST_REQUIRE_NO_THROW(cert3 = keyChain.selfSign(keyName3));
+ Name certName3 = cert3->getName();
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert3));
+ shared_ptr<IdentityCertificate> cert4;
+ BOOST_REQUIRE_NO_THROW(cert4 = keyChain.selfSign(keyName3));
+ Name certName4 = cert4->getName();
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert4));
+ shared_ptr<IdentityCertificate> cert5;
+ BOOST_REQUIRE_NO_THROW(cert5 = keyChain.selfSign(keyName3));
+ Name certName5 = cert5->getName();
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert5));
+
+ BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), true);
+
+ BOOST_REQUIRE_NO_THROW(keyChain.deleteCertificate(certName5));
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), false);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true);
+
+ BOOST_REQUIRE_NO_THROW(keyChain.deleteKey(keyName3));
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), false);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), false);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), false);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true);
+ BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true);
+
+ BOOST_REQUIRE_NO_THROW(keyChain.deleteIdentity(identity));
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), false);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), false);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), false);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), false);
+ BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), false);
+}
+
BOOST_AUTO_TEST_SUITE_END()
} // namespace tests
diff --git a/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp b/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp
index 6d44811..f7c4136 100644
--- a/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp
+++ b/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp
@@ -25,11 +25,32 @@
#include "encoding/buffer-stream.hpp"
#include "util/time.hpp"
+#include <boost/filesystem.hpp>
+#include <boost/lexical_cast.hpp>
#include "boost-test.hpp"
-using namespace std;
namespace ndn {
+class PibTmpPathFixture
+{
+public:
+ PibTmpPathFixture()
+ {
+ boost::system::error_code error;
+ tmpPath = boost::filesystem::temp_directory_path(error);
+ BOOST_REQUIRE(boost::system::errc::success == error.value());
+ tmpPath /= boost::lexical_cast<std::string>(random::generateWord32());
+ }
+
+ ~PibTmpPathFixture()
+ {
+ boost::filesystem::remove_all(tmpPath);
+ }
+
+public:
+ boost::filesystem::path tmpPath;
+};
+
BOOST_AUTO_TEST_SUITE(SecurityTestSecPublicInfoSqlite3)
const std::string RSA_DER("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFoDcNtffwbfFix64fw0\
@@ -42,72 +63,36 @@
const std::string ECDSA_DER("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENZpqkPJDj8uhSpffOiCbvSYMLsGB\
1Eo/WU6mrexjGvduQXjqwon/eSHFI6EgHZk8L9KfiV5XVtVsk2g5wIpJVg==");
-BOOST_AUTO_TEST_CASE(Delete)
+BOOST_FIXTURE_TEST_CASE(Basic, PibTmpPathFixture)
{
- BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
- KeyChain keyChain("sqlite3", "file");
+ SecPublicInfoSqlite3 pib(tmpPath.generic_string());
- Name identity("/TestSecPublicInfoSqlite3/Delete");
- identity.appendVersion();
+ BOOST_CHECK(pib.doesTableExist("Identity"));
+ BOOST_CHECK(pib.doesTableExist("Key"));
+ BOOST_CHECK(pib.doesTableExist("Certificate"));
+}
- Name certName1;
- BOOST_REQUIRE_NO_THROW(certName1 = keyChain.createIdentity(identity));
+BOOST_FIXTURE_TEST_CASE(TpmLocatorTest, PibTmpPathFixture)
+{
+ SecPublicInfoSqlite3 pib(tmpPath.generic_string());
- Name keyName1 = IdentityCertificate::certificateNameToPublicKeyName(certName1);
- Name keyName2;
- BOOST_REQUIRE_NO_THROW(keyName2 = keyChain.generateRsaKeyPairAsDefault(identity));
+ BOOST_REQUIRE_THROW(pib.getTpmLocator(), SecPublicInfo::Error);
+ pib.addIdentity("/test/id1");
+ BOOST_CHECK(pib.doesIdentityExist("/test/id1"));
- shared_ptr<IdentityCertificate> cert2;
- BOOST_REQUIRE_NO_THROW(cert2 = keyChain.selfSign(keyName2));
- Name certName2 = cert2->getName();
- BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert2));
+ // Pib does not have tpmInfo set yet, setTpmInfo simply set the tpmInfo.
+ std::string tpmLocator("tpm-file:");
+ tpmLocator.append((tmpPath / "tpm").generic_string());
+ pib.setTpmLocator(tpmLocator);
+ BOOST_CHECK(pib.doesIdentityExist("/test/id1"));
- Name keyName3;
- BOOST_REQUIRE_NO_THROW(keyName3 = keyChain.generateRsaKeyPairAsDefault(identity));
+ BOOST_REQUIRE_NO_THROW(pib.getTpmLocator());
+ BOOST_CHECK_EQUAL(tpmLocator, pib.getTpmLocator());
- shared_ptr<IdentityCertificate> cert3;
- BOOST_REQUIRE_NO_THROW(cert3 = keyChain.selfSign(keyName3));
- Name certName3 = cert3->getName();
- BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert3));
- shared_ptr<IdentityCertificate> cert4;
- BOOST_REQUIRE_NO_THROW(cert4 = keyChain.selfSign(keyName3));
- Name certName4 = cert4->getName();
- BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert4));
- shared_ptr<IdentityCertificate> cert5;
- BOOST_REQUIRE_NO_THROW(cert5 = keyChain.selfSign(keyName3));
- Name certName5 = cert5->getName();
- BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert5));
-
- BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), true);
-
- BOOST_REQUIRE_NO_THROW(keyChain.deleteCertificate(certName5));
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName5), false);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), true);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), true);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), true);
-
- BOOST_REQUIRE_NO_THROW(keyChain.deleteKey(keyName3));
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName4), false);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName3), false);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName3), false);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), true);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true);
- BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true);
-
- BOOST_REQUIRE_NO_THROW(keyChain.deleteIdentity(identity));
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName2), false);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName2), false);
- BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName1), false);
- BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), false);
- BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), false);
+ // Pib has tpmInfo set, set a different tpmInfo will reset Pib content.
+ std::string tpmLocator3("tpm-osxkeychain:");
+ pib.setTpmLocator(tpmLocator3);
+ BOOST_CHECK(!pib.doesIdentityExist("/test/id1"));
}
BOOST_AUTO_TEST_CASE(KeyTypeRsa)
@@ -123,7 +108,7 @@
os.buf()->size())));
Name rsaKeyName("/TestSecPublicInfoSqlite3/KeyType/RSA/ksk-123");
SecPublicInfoSqlite3 pib;
- pib.addPublicKey(rsaKeyName, rsaKey->getKeyType(), *rsaKey);
+ pib.addKey(rsaKeyName, *rsaKey);
BOOST_CHECK_EQUAL(KEY_TYPE_RSA, pib.getPublicKeyType(rsaKeyName));
@@ -143,7 +128,7 @@
os.buf()->size())));
Name ecdsaKeyName("/TestSecPublicInfoSqlite3/KeyType/ECDSA/ksk-123");
SecPublicInfoSqlite3 pib;
- pib.addPublicKey(ecdsaKeyName, ecdsaKey->getKeyType(), *ecdsaKey);
+ pib.addKey(ecdsaKeyName, *ecdsaKey);
BOOST_CHECK_EQUAL(KEY_TYPE_ECDSA, pib.getPublicKeyType(ecdsaKeyName));
pib.deleteIdentityInfo(Name("/TestSecPublicInfoSqlite3/KeyType/ECDSA"));
diff --git a/tests/unit-tests/security/test-sec-tpm-file.cpp b/tests/unit-tests/security/test-sec-tpm-file.cpp
index 0b900ed..727d0d4 100644
--- a/tests/unit-tests/security/test-sec-tpm-file.cpp
+++ b/tests/unit-tests/security/test-sec-tpm-file.cpp
@@ -25,8 +25,8 @@
#include "util/time.hpp"
+#include <boost/filesystem.hpp>
#include <boost/lexical_cast.hpp>
-
#include "boost-test.hpp"
namespace ndn {
diff --git a/tests/unit-tests/security/test-sec-tpm-osx.cpp b/tests/unit-tests/security/test-sec-tpm-osx.cpp
index a7d1d80..7b31a1a 100644
--- a/tests/unit-tests/security/test-sec-tpm-osx.cpp
+++ b/tests/unit-tests/security/test-sec-tpm-osx.cpp
@@ -31,7 +31,37 @@
namespace ndn {
-BOOST_AUTO_TEST_SUITE(SecurityTestSecTpmOsx)
+class OsxKeyChainTestFixture
+{
+public:
+ OsxKeyChainTestFixture()
+ {
+ std::string oldHOME;
+ if (std::getenv("OLD_HOME"))
+ oldHOME = std::getenv("OLD_HOME");
+
+ if (std::getenv("HOME"))
+ m_HOME = std::getenv("HOME");
+
+ if (!oldHOME.empty())
+ setenv("HOME", oldHOME.c_str(), 1);
+ else
+ unsetenv("HOME");
+ }
+
+ ~OsxKeyChainTestFixture()
+ {
+ if (!m_HOME.empty())
+ setenv("HOME", m_HOME.c_str(), 1);
+ else
+ unsetenv("HOME");
+ }
+
+protected:
+ std::string m_HOME;
+};
+
+BOOST_FIXTURE_TEST_SUITE(SecurityTestSecTpmOsx, OsxKeyChainTestFixture)
BOOST_AUTO_TEST_CASE(Delete)
{
diff --git a/tests/unit-tests/security/test-validator-config.cpp b/tests/unit-tests/security/test-validator-config.cpp
new file mode 100644
index 0000000..8bac80c
--- /dev/null
+++ b/tests/unit-tests/security/test-validator-config.cpp
@@ -0,0 +1,1512 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2014 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "security/validator-config.hpp"
+
+#include "security/key-chain.hpp"
+#include "util/io.hpp"
+#include "util/scheduler.hpp"
+#include "util/dummy-client-face.hpp"
+
+#include <boost/asio.hpp>
+
+#include "identity-management-fixture.hpp"
+#include "../identity-management-time-fixture.hpp"
+#include "boost-test.hpp"
+
+using namespace std;
+
+namespace ndn {
+namespace tests {
+
+BOOST_AUTO_TEST_SUITE(TestValidatorConfig)
+
+BOOST_FIXTURE_TEST_CASE(NameFilter, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/NameFilter");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+ Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
+ shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
+ io::save(*idCert, "trust-anchor-1.cert");
+
+ Name dataName1("/simple/equal");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ Name dataName2("/simple/different");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+
+ std::string CONFIG_1 =
+ "rule\n"
+ "{\n"
+ " id \"Simple Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /simple/equal\n"
+ " relation equal\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " name ";
+
+ std::string CONFIG_2 =
+ "\n"
+ " relation equal\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-1.cert\"\n"
+ "}\n";
+ const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-1.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(NameFilter2, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/NameFilter2");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+ Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
+ shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
+ io::save(*idCert, "trust-anchor-2.cert");
+
+ Name dataName1("/simple/isPrefixOf");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ Name dataName2("/simple/notPrefixOf");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+
+ Name dataName3("/simple/isPrefixOf/anotherLevel");
+ shared_ptr<Data> data3 = make_shared<Data>(dataName3);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+
+ std::string CONFIG_1 =
+ "rule\n"
+ "{\n"
+ " id \"Simple2 Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /simple/isPrefixOf\n"
+ " relation is-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " name ";
+
+ std::string CONFIG_2 =
+ "\n"
+ " relation equal\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-2.cert\"\n"
+ "}\n";
+ const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*data3,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-2.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(NameFilter3, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/NameFilter3");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+ Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
+ shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
+ io::save(*idCert, "trust-anchor-3.cert");
+
+ Name dataName1("/simple/isStrictPrefixOf");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ Name dataName2("/simple");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+
+ Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
+ shared_ptr<Data> data3 = make_shared<Data>(dataName3);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+
+ std::string CONFIG_1 =
+ "rule\n"
+ "{\n"
+ " id \"Simple3 Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /simple/isStrictPrefixOf\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " name ";
+
+ std::string CONFIG_2 =
+ "\n"
+ " relation equal\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-3.cert\"\n"
+ "}\n";
+ const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*data3,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-3.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(NameFilter4, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/NameFilter4");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+ Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
+ shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
+ io::save(*idCert, "trust-anchor-4.cert");
+
+ Name dataName1("/simple/regex");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ Name dataName2("/simple/regex-wrong");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+
+ Name dataName3("/simple/regex/correct");
+ shared_ptr<Data> data3 = make_shared<Data>(dataName3);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+
+ std::string CONFIG_1 =
+ "rule\n"
+ "{\n"
+ " id \"Simple3 Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " regex ^<simple><regex>\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " name ";
+
+ std::string CONFIG_2 =
+ "\n"
+ " relation equal\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-4.cert\"\n"
+ "}\n";
+ const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*data3,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-4.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(KeyLocatorNameChecker1, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+ Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
+ shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
+ io::save(*idCert, "trust-anchor-5.cert");
+
+ Name dataName1 = identity;
+ dataName1.append("1");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ Name dataName2 = identity;
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity));
+
+ Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
+ shared_ptr<Data> data3 = make_shared<Data>(dataName3);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data3, identity));
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"Simple3 Rule\"\n"
+ " for data\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " hyper-relation\n"
+ " {\n"
+ " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
+ " k-expand \\\\1\\\\2\n"
+ " h-relation is-strict-prefix-of\n"
+ " p-regex ^(<>*)$\n"
+ " p-expand \\\\1\n"
+ " }\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-5.cert\"\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*data3,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-5.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(FixedSignerChecker, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/FixedSignerChecker");
+
+ Name identity1 = identity;
+ identity1.append("1").appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
+ Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
+ shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
+ io::save(*idCert1, "trust-anchor-7.cert");
+
+ Name identity2 = identity;
+ identity2.append("2").appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
+
+ Name dataName1 = identity;
+ dataName1.append("data").appendVersion();
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity1));
+
+ Name dataName2 = identity;
+ dataName2.append("data").appendVersion();
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, identity2));
+
+ Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
+ shared_ptr<Interest> interest = make_shared<Interest>(interestName);
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Data Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/FixedSignerChecker\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-7.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/FixedSignerChecker\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-7.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*interest,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-7.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(Reset, security::IdentityManagementFixture)
+{
+ Name root("/TestValidatorConfig/Reload");
+ BOOST_REQUIRE_NO_THROW(addIdentity(root));
+ Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
+ shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
+ io::save(*rootCert, "trust-anchor-8.cert");
+
+ Face face;
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"NRD Prefix Registration Command Rule\"\n"
+ " for interest\n"
+ " filter\n"
+ " {\n"
+ " type name\n"
+ " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "rule\n"
+ "{\n"
+ " id \"Testbed Hierarchy Rule\"\n"
+ " for data\n"
+ " filter\n"
+ " {\n"
+ " type name\n"
+ " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type hierarchical\n"
+ " sig-type rsa-sha256\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-8.cert\"\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
+
+ validator->load(CONFIG, CONFIG_PATH.native());
+ BOOST_CHECK_EQUAL(validator->isEmpty(), false);
+
+ validator->reset();
+ BOOST_CHECK(validator->isEmpty());
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(TrustAnchorWildcard, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/Wildcard");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity));
+
+ Name dataName1("/any/data");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, identity));
+
+ std::string CONFIG =
+ "trust-anchor\n"
+ "{\n"
+ " type any\n"
+ "}\n";
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+}
+
+BOOST_FIXTURE_TEST_CASE(SignedInterestTest, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/SignedInterestTest");
+
+ Name identity1 = identity;
+ identity1.appendVersion();
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
+ Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
+ shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
+ io::save(*idCert1, "trust-anchor-9.cert");
+
+ Name interestName("/TestValidatorConfig/SignedInterestTest");
+ Name interestName1 = interestName;
+ interestName1.append("1");
+ shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
+ Name interestName2 = interestName;
+ interestName2.append("2");
+ shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
+
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, identity1));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, identity1));
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/SignedInterestTest\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-9.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-9.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+
+BOOST_FIXTURE_TEST_CASE(MaxKeyTest, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/MaxKeyTest");
+
+ Name identity1 = identity;
+ identity1.append("Key1");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
+ Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
+ shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
+ io::save(*idCert1, "trust-anchor-10-1.cert");
+
+ Name identity2 = identity;
+ identity2.append("Key2");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
+ Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
+ shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
+ io::save(*idCert2, "trust-anchor-10-2.cert");
+
+ Name identity3 = identity;
+ identity3.append("Key3");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
+ Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
+ shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
+ io::save(*idCert3, "trust-anchor-10-3.cert");
+
+
+ Name interestName("/TestValidatorConfig/MaxKeyTest");
+ Name interestName1 = interestName;
+ interestName1.append("1");
+ shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
+ Name interestName2 = interestName;
+ interestName2.append("2");
+ shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
+ Name interestName3 = interestName;
+ interestName3.append("3");
+ shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
+
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, identity1));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, identity2));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest3, identity3));
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/MaxKeyTest\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-1.cert\"\n"
+ " }\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-2.cert\"\n"
+ " }\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-3.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face,
+ ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
+ ValidatorConfig::DEFAULT_GRACE_INTERVAL,
+ 10,
+ 2, // Two keys can be tracked
+ time::seconds(1)); // TTL is set to 1 sec
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*interest3,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ // Should succeed because identity1's key has been cleaned up due to space limit.
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ const boost::filesystem::path CERT_PATH1 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
+ boost::filesystem::remove(CERT_PATH1);
+
+ const boost::filesystem::path CERT_PATH2 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
+ boost::filesystem::remove(CERT_PATH2);
+
+ const boost::filesystem::path CERT_PATH3 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
+ boost::filesystem::remove(CERT_PATH3);
+}
+
+BOOST_FIXTURE_TEST_CASE(MaxKeyTest2, security::IdentityManagementFixture)
+{
+ Name identity("/TestValidatorConfig/MaxKeyTest");
+
+ Name identity1 = identity;
+ identity1.append("Key1");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
+ Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
+ shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
+ io::save(*idCert1, "trust-anchor-10-1.cert");
+
+ Name identity2 = identity;
+ identity2.append("Key2");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
+ Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
+ shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
+ io::save(*idCert2, "trust-anchor-10-2.cert");
+
+ Name identity3 = identity;
+ identity3.append("Key3");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
+ Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
+ shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
+ io::save(*idCert3, "trust-anchor-10-3.cert");
+
+ Name identity4 = identity;
+ identity4.append("Key4");
+ BOOST_REQUIRE_NO_THROW(addIdentity(identity4));
+ Name certName4 = m_keyChain.getDefaultCertificateNameForIdentity(identity4);
+ shared_ptr<IdentityCertificate> idCert4 = m_keyChain.getCertificate(certName4);
+ io::save(*idCert4, "trust-anchor-10-4.cert");
+
+
+ Name interestName("/TestValidatorConfig/MaxKeyTest");
+ Name interestName1 = interestName;
+ interestName1.append("1");
+ shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
+ Name interestName2 = interestName;
+ interestName2.append("2");
+ shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
+ Name interestName3 = interestName;
+ interestName3.append("3");
+ shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
+ Name interestName4 = interestName;
+ interestName4.append("4");
+ shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
+
+
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, identity1));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, identity2));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest3, identity3));
+ usleep(10000);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest4, identity4));
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/MaxKeyTest\n"
+ " relation is-strict-prefix-of\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type rsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-1.cert\"\n"
+ " }\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-2.cert\"\n"
+ " }\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-3.cert\"\n"
+ " }\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-10-4.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face,
+ ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
+ ValidatorConfig::DEFAULT_GRACE_INTERVAL,
+ 10,
+ 3, // Two keys can be tracked
+ time::seconds(1)); // TTL is set to 1 sec
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest3,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*interest3,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ sleep(2);
+
+ validator.validate(*interest4,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
+ validator.validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interest3,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+
+ const boost::filesystem::path CERT_PATH1 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
+ boost::filesystem::remove(CERT_PATH1);
+
+ const boost::filesystem::path CERT_PATH2 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
+ boost::filesystem::remove(CERT_PATH2);
+
+ const boost::filesystem::path CERT_PATH3 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
+ boost::filesystem::remove(CERT_PATH3);
+
+ const boost::filesystem::path CERT_PATH4 =
+ (boost::filesystem::current_path() / std::string("trust-anchor-10-4.cert"));
+ boost::filesystem::remove(CERT_PATH4);
+}
+
+BOOST_FIXTURE_TEST_CASE(FixedSignerChecker2, security::IdentityManagementFixture)
+{
+ Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
+ BOOST_REQUIRE_NO_THROW(addIdentity(rsaIdentity));
+ Name rsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(rsaIdentity);
+
+ Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
+ BOOST_REQUIRE_NO_THROW(addIdentity(ecdsaIdentity, EcdsaKeyParams()));
+ Name ecdsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(ecdsaIdentity);
+ shared_ptr<IdentityCertificate> ecdsaCert = m_keyChain.getCertificate(ecdsaCertName);
+ io::save(*ecdsaCert, "trust-anchor-11.cert");
+
+
+ Name dataName("/TestValidatorConfig/FixedSignerChecker2");
+ shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
+ m_keyChain.signByIdentity(*dataRsa, rsaIdentity);
+ shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
+ m_keyChain.signByIdentity(*dataEcdsa, ecdsaIdentity);
+
+ shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
+ m_keyChain.signByIdentity(*interestRsa, rsaIdentity);
+ shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
+ m_keyChain.signByIdentity(*interestEcdsa, ecdsaIdentity);
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Data Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/FixedSignerChecker2\n"
+ " relation equal\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type ecdsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-11.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/FixedSignerChecker2\n"
+ " relation equal\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type ecdsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-11.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*dataEcdsa,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*dataRsa,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ validator.validate(*interestEcdsa,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ validator.validate(*interestRsa,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-11.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+
+struct FacesFixture : public security::IdentityManagementTimeFixture
+{
+ FacesFixture()
+ : face1(util::makeDummyClientFace(io, {true, true}))
+ , face2(util::makeDummyClientFace(io, {true, true}))
+ , readInterestOffset1(0)
+ , readDataOffset1(0)
+ , readInterestOffset2(0)
+ , readDataOffset2(0)
+ {
+ }
+
+ bool
+ passPacket()
+ {
+ bool hasPassed = false;
+
+ checkFace(face1->sentInterests, readInterestOffset1, *face2, hasPassed);
+ checkFace(face1->sentDatas, readDataOffset1, *face2, hasPassed);
+ checkFace(face2->sentInterests, readInterestOffset2, *face1, hasPassed);
+ checkFace(face2->sentInterests, readDataOffset2, *face1, hasPassed);
+
+ return hasPassed;
+ }
+
+ template<typename Packet>
+ void
+ checkFace(std::vector<Packet>& receivedPackets,
+ size_t& readPacketOffset,
+ util::DummyClientFace& receiver,
+ bool& hasPassed)
+ {
+ while (receivedPackets.size() > readPacketOffset) {
+ receiver.receive(receivedPackets[readPacketOffset]);
+ readPacketOffset++;
+ hasPassed = true;
+ }
+ }
+
+ ~FacesFixture()
+ {
+ }
+
+public:
+ shared_ptr<util::DummyClientFace> face1;
+ shared_ptr<util::DummyClientFace> face2;
+
+ size_t readInterestOffset1;
+ size_t readDataOffset1;
+ size_t readInterestOffset2;
+ size_t readDataOffset2;
+};
+
+BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
+{
+ std::vector<CertificateSubjectDescription> subjectDescription;
+
+ Name root("/TestValidatorConfig");
+ BOOST_REQUIRE_NO_THROW(addIdentity(root));
+ Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
+ shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
+ io::save(*rootCert, "trust-anchor-6.cert");
+
+
+ Name sld("/TestValidatorConfig/HierarchicalChecker");
+ BOOST_REQUIRE_NO_THROW(addIdentity(sld));
+ advanceClocks(time::milliseconds(100));
+ Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
+ shared_ptr<IdentityCertificate> sldCert =
+ m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
+ root,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(7300),
+ subjectDescription);
+ m_keyChain.signByIdentity(*sldCert, root);
+ m_keyChain.addCertificateAsIdentityDefault(*sldCert);
+
+ Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
+ BOOST_REQUIRE_NO_THROW(addIdentity(nld));
+ advanceClocks(time::milliseconds(100));
+ Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
+ shared_ptr<IdentityCertificate> nldCert =
+ m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
+ sld,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(7300),
+ subjectDescription);
+ m_keyChain.signByIdentity(*nldCert, sld);
+ m_keyChain.addCertificateAsIdentityDefault(*nldCert);
+
+ face1->setInterestFilter(sldCert->getName().getPrefix(-1),
+ [&] (const InterestFilter&, const Interest&) { face1->put(*sldCert); },
+ RegisterPrefixSuccessCallback(),
+ [] (const Name&, const std::string&) {});
+
+ face1->setInterestFilter(nldCert->getName().getPrefix(-1),
+ [&] (const InterestFilter&, const Interest&) { face1->put(*nldCert); },
+ RegisterPrefixSuccessCallback(),
+ [] (const Name&, const std::string&) {});
+
+ Name dataName1 = nld;
+ dataName1.append("data1");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, nld));
+
+ Name dataName2("/ConfValidatorTest");
+ dataName2.append("data1");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, nld));
+
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"Simple3 Rule\"\n"
+ " for data\n"
+ " checker\n"
+ " {\n"
+ " type hierarchical\n"
+ " sig-type rsa-sha256\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-6.cert\"\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ auto validator = make_shared<ValidatorConfig>(face2.get());
+ validator->load(CONFIG, CONFIG_PATH.native());
+
+ advanceClocks(time::milliseconds(2), 100);
+ validator->validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ validator->validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-6.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
+{
+ advanceClocks(time::milliseconds(0));
+
+ std::vector<CertificateSubjectDescription> subjectDescription;
+
+ Name root("/TestValidatorConfig");
+ BOOST_REQUIRE_NO_THROW(addIdentity(root));
+ Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
+ shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
+ io::save(*rootCert, "trust-anchor-8.cert");
+
+
+ Name sld("/TestValidatorConfig/Nrd-1");
+ BOOST_REQUIRE_NO_THROW(addIdentity(sld));
+ advanceClocks(time::milliseconds(100));
+ Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
+ shared_ptr<IdentityCertificate> sldCert =
+ m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
+ root,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(7300),
+ subjectDescription);
+ m_keyChain.signByIdentity(*sldCert, root);
+ m_keyChain.addCertificateAsIdentityDefault(*sldCert);
+
+ Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
+ BOOST_REQUIRE_NO_THROW(addIdentity(nld));
+ advanceClocks(time::milliseconds(100));
+ Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
+ shared_ptr<IdentityCertificate> nldCert =
+ m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
+ sld,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(7300),
+ subjectDescription);
+ m_keyChain.signByIdentity(*nldCert, sld);
+ m_keyChain.addCertificateAsIdentityDefault(*nldCert);
+
+ face1->setInterestFilter(sldCert->getName().getPrefix(-1),
+ [&] (const InterestFilter&, const Interest&) { face1->put(*sldCert); },
+ RegisterPrefixSuccessCallback(),
+ [] (const Name&, const std::string&) {});
+
+ face1->setInterestFilter(nldCert->getName().getPrefix(-1),
+ [&] (const InterestFilter&, const Interest&) { face1->put(*nldCert); },
+ RegisterPrefixSuccessCallback(),
+ [] (const Name&, const std::string&) {});
+
+ advanceClocks(time::milliseconds(10));
+ Name interestName1("/localhost/nrd/register/option");
+ shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest1, nld));
+
+ advanceClocks(time::milliseconds(10));
+ Name interestName2("/localhost/nrd/non-register");
+ shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest2, nld));
+
+ advanceClocks(time::milliseconds(10));
+ Name interestName3("/localhost/nrd/register/option");
+ shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*interest3, root));
+
+ advanceClocks(time::milliseconds(10));
+ Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
+ shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"NRD Prefix Registration Command Rule\"\n"
+ " for interest\n"
+ " filter\n"
+ " {\n"
+ " type name\n"
+ " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "rule\n"
+ "{\n"
+ " id \"Testbed Hierarchy Rule\"\n"
+ " for data\n"
+ " filter\n"
+ " {\n"
+ " type name\n"
+ " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type hierarchical\n"
+ " sig-type rsa-sha256\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type file\n"
+ " file-name \"trust-anchor-8.cert\"\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ auto validator = make_shared<ValidatorConfig>(face2.get());
+ validator->load(CONFIG, CONFIG_PATH.native());
+
+ advanceClocks(time::milliseconds(2), 100);
+
+ // should succeed
+ validator->validate(*interest1,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ // should fail
+ validator->validate(*interest2,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ // should succeed
+ validator->validate(*interest3,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(false); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ // should fail
+ validator->validate(*interest4,
+ [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Interest>&, const string&) { BOOST_CHECK(true); });
+
+ do {
+ advanceClocks(time::milliseconds(2), 10);
+ } while (passPacket());
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
+struct DirTestFixture : public security::IdentityManagementTimeFixture
+{
+ DirTestFixture()
+ : face(util::makeDummyClientFace(io, {true, true}))
+ , validator(face.get(), ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
+ ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
+ {
+ certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
+ boost::filesystem::create_directory(certDirPath);
+
+ firstCertPath = (boost::filesystem::current_path() /
+ std::string("test-cert-dir") /
+ std::string("trust-anchor-1.cert"));
+
+ secondCertPath = (boost::filesystem::current_path() /
+ std::string("test-cert-dir") /
+ std::string("trust-anchor-2.cert"));
+
+ firstIdentity = Name("/TestValidatorConfig/Dir/First");
+ BOOST_REQUIRE_NO_THROW(addIdentity(firstIdentity));
+ Name firstCertName = m_keyChain.getDefaultCertificateNameForIdentity(firstIdentity);
+ firstCert = m_keyChain.getCertificate(firstCertName);
+ io::save(*firstCert, firstCertPath.string());
+
+ secondIdentity = Name("/TestValidatorConfig/Dir/Second");
+ BOOST_REQUIRE_NO_THROW(addIdentity(secondIdentity));
+ Name secondCertName = m_keyChain.getDefaultCertificateNameForIdentity(secondIdentity);
+ secondCert = m_keyChain.getCertificate(secondCertName);
+ }
+
+ ~DirTestFixture()
+ {
+ boost::filesystem::remove_all(certDirPath);
+ }
+
+public:
+ boost::filesystem::path certDirPath;
+ boost::filesystem::path firstCertPath;
+ boost::filesystem::path secondCertPath;
+
+ Name firstIdentity;
+ Name secondIdentity;
+
+ shared_ptr<IdentityCertificate> firstCert;
+ shared_ptr<IdentityCertificate> secondCert;
+
+ shared_ptr<util::DummyClientFace> face;
+ ValidatorConfig validator;
+};
+
+BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
+{
+ advanceClocks(time::milliseconds(10));
+
+ Name dataName1("/any/data/1");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data1, firstIdentity));
+
+ Name dataName2("/any/data/2");
+ shared_ptr<Data> data2 = make_shared<Data>(dataName2);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(*data2, secondIdentity));
+
+ std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"Any Rule\"\n"
+ " for data\n"
+ " filter\n"
+ " {\n"
+ " type name\n"
+ " regex ^<>*$\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type customized\n"
+ " sig-type rsa-sha256\n"
+ " key-locator\n"
+ " {\n"
+ " type name\n"
+ " regex ^<>*$\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "trust-anchor\n"
+ "{\n"
+ " type dir\n"
+ " dir test-cert-dir\n"
+ " refresh 1s\n"
+ "}\n";
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ advanceClocks(time::milliseconds(10), 20);
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+ advanceClocks(time::milliseconds(10), 20);
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(true); });
+ advanceClocks(time::milliseconds(10), 20);
+
+ io::save(*secondCert, secondCertPath.string());
+ advanceClocks(time::milliseconds(10), 200);
+
+ validator.validate(*data1,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+ advanceClocks(time::milliseconds(10), 20);
+
+ validator.validate(*data2,
+ [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
+ [] (const shared_ptr<const Data>&, const string&) { BOOST_CHECK(false); });
+ advanceClocks(time::milliseconds(10), 20);
+}
+
+BOOST_AUTO_TEST_SUITE_END()
+
+} // namespace tests
+} // namespace ndn
diff --git a/tests/unit-tests/security/tmp-home/.ndn/client.conf b/tests/unit-tests/security/tmp-home/.ndn/client.conf
new file mode 100644
index 0000000..b832cfc
--- /dev/null
+++ b/tests/unit-tests/security/tmp-home/.ndn/client.conf
@@ -0,0 +1,2 @@
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain
+tpm=tpm-file:/tmp/test/ndn-cxx/keychain
\ No newline at end of file