Switch to new KeyChain where possible

signed_interest::POS_RANDOM_VAL and signed_interest::POS_TIMESTAMP
constants are deprecated. Use command_interest:: equivalents instead.

This commit also includes fix for the backward compatibility regression
due to move of deprecated TPM/PublicInfo header files.

Change-Id: Ic3b008fc6758f3ac83f191158b6ac0789483f90d
Refs: #3098
diff --git a/src/security/command-interest-validator.cpp b/src/security/command-interest-validator.cpp
index f877f41..73358bf 100644
--- a/src/security/command-interest-validator.cpp
+++ b/src/security/command-interest-validator.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -118,11 +118,11 @@
                                                uint64_t& timestamp) const
 {
   const Name& name = interest.getName();
-  if (name.size() < signed_interest::MIN_LENGTH) {
+  if (name.size() < command_interest::MIN_SIZE) {
     return ErrorCode::NAME_TOO_SHORT;
   }
 
-  const name::Component& timestampComp = name[signed_interest::POS_TIMESTAMP];
+  const name::Component& timestampComp = name.at(command_interest::POS_TIMESTAMP);
   if (!timestampComp.isNumber()) {
     return ErrorCode::BAD_TIMESTAMP;
   }
diff --git a/src/security/conf/checker.hpp b/src/security/conf/checker.hpp
index 0bed1a9..b928906 100644
--- a/src/security/conf/checker.hpp
+++ b/src/security/conf/checker.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -48,12 +48,6 @@
   typedef function<void(const shared_ptr<const Data>&)> OnDataChecked;
   typedef function<void(const shared_ptr<const Data>&, const std::string&)> OnDataCheckFailed;
 
-  enum {
-    INTEREST_SIG_VALUE = -1,
-    INTEREST_SIG_INFO = -2
-  };
-
-
   virtual
   ~Checker()
   {
@@ -115,8 +109,8 @@
   {
     try {
       const Name& interestName = interest.getName();
-      Signature signature(interestName[Checker::INTEREST_SIG_INFO].blockFromValue(),
-                          interestName[Checker::INTEREST_SIG_VALUE].blockFromValue());
+      Signature signature(interestName[command_interest::POS_SIG_INFO].blockFromValue(),
+                          interestName[command_interest::POS_SIG_VALUE].blockFromValue());
       return check(interest, signature);
     }
     catch (const Signature::Error& e) {
@@ -222,8 +216,8 @@
   {
     try {
       const Name& interestName = interest.getName();
-      Signature signature(interestName[Checker::INTEREST_SIG_INFO].blockFromValue(),
-                          interestName[Checker::INTEREST_SIG_VALUE].blockFromValue());
+      Signature signature(interestName[command_interest::POS_SIG_INFO].blockFromValue(),
+                          interestName[command_interest::POS_SIG_VALUE].blockFromValue());
       return check(interest, signature);
     }
     catch (const Signature::Error& e) {
diff --git a/src/security/conf/filter.hpp b/src/security/conf/filter.hpp
index d191b1b..2ebc4e6 100644
--- a/src/security/conf/filter.hpp
+++ b/src/security/conf/filter.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -63,10 +63,10 @@
   bool
   match(const Interest& interest)
   {
-    if (interest.getName().size() < signed_interest::MIN_LENGTH)
+    if (interest.getName().size() < command_interest::MIN_SIZE)
       return false;
 
-    Name unsignedName = interest.getName().getPrefix(-signed_interest::MIN_LENGTH);
+    Name unsignedName = interest.getName().getPrefix(-command_interest::MIN_SIZE);
     return matchName(unsignedName);
   }
 
diff --git a/src/security/conf/key-locator-checker.hpp b/src/security/conf/key-locator-checker.hpp
index 7a9ff0b..04f43e0 100644
--- a/src/security/conf/key-locator-checker.hpp
+++ b/src/security/conf/key-locator-checker.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -75,13 +75,13 @@
         const KeyLocator& keyLocator,
         std::string& failInfo)
   {
-    if (interest.getName().size() < signed_interest::MIN_LENGTH)
+    if (interest.getName().size() < command_interest::MIN_SIZE)
       {
         failInfo = "No Signature";
         return false;
       }
 
-    Name signedName = interest.getName().getPrefix(-signed_interest::MIN_LENGTH);
+    Name signedName = interest.getName().getPrefix(-command_interest::MIN_SIZE);
     return check(signedName, keyLocator, failInfo);
   }
 
diff --git a/src/security/sec-public-info-sqlite3.hpp b/src/security/sec-public-info-sqlite3.hpp
new file mode 100644
index 0000000..e5b061f
--- /dev/null
+++ b/src/security/sec-public-info-sqlite3.hpp
@@ -0,0 +1,33 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2017 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+/**
+ * @file security/sec-public-info-sqlite3.hpp
+ * @deprecated Use new PIB backed routines
+ */
+
+#include "security-common.hpp"
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+#include "v1/sec-public-info-sqlite3.hpp"
+#else
+#error "Deprecated. Use the new PIB backed routines"
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
diff --git a/src/security/sec-public-info.hpp b/src/security/sec-public-info.hpp
new file mode 100644
index 0000000..5101df5
--- /dev/null
+++ b/src/security/sec-public-info.hpp
@@ -0,0 +1,33 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2017 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+/**
+ * @file security/sec-public-info.hpp
+ * @deprecated Use new PIB backed routines
+ */
+
+#include "security-common.hpp"
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+#include "v1/sec-public-info.hpp"
+#else
+#error "Deprecated. Use the new PIB backed routines"
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
diff --git a/src/security/sec-tpm-file.hpp b/src/security/sec-tpm-file.hpp
new file mode 100644
index 0000000..d30e492
--- /dev/null
+++ b/src/security/sec-tpm-file.hpp
@@ -0,0 +1,33 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2017 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+/**
+ * @file security/sec-tpm-file.hpp
+ * @deprecated Use new TPM backed routines
+ */
+
+#include "security-common.hpp"
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+#include "v1/sec-tpm-file.hpp"
+#else
+#error "Deprecated. Use the new TPM backed routines"
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
diff --git a/src/security/sec-tpm-osx.hpp b/src/security/sec-tpm-osx.hpp
new file mode 100644
index 0000000..478e8cf
--- /dev/null
+++ b/src/security/sec-tpm-osx.hpp
@@ -0,0 +1,33 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2017 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+/**
+ * @file security/sec-tpm-osx.hpp
+ * @deprecated Use new TPM backed routines
+ */
+
+#include "security-common.hpp"
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+#include "v1/sec-tpm-osx.hpp"
+#else
+#error "Deprecated. Use the new TPM backed routines"
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
diff --git a/src/security/sec-tpm.hpp b/src/security/sec-tpm.hpp
new file mode 100644
index 0000000..a5fcb8b
--- /dev/null
+++ b/src/security/sec-tpm.hpp
@@ -0,0 +1,33 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2017 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+/**
+ * @file security/sec-tpm.hpp
+ * @deprecated Use new TPM backed routines
+ */
+
+#include "security-common.hpp"
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+#include "v1/sec-tpm.hpp"
+#else
+#error "Deprecated. Use the new TPM backed routines"
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
diff --git a/src/security/security-common.hpp b/src/security/security-common.hpp
index 7fec50b..04d2691 100644
--- a/src/security/security-common.hpp
+++ b/src/security/security-common.hpp
@@ -32,18 +32,48 @@
 
 const ssize_t POS_SIG_VALUE = -1;
 const ssize_t POS_SIG_INFO = -2;
+
+/** \brief minimal number of components for Signed Interest
+ *  \sa https://redmine.named-data.net/projects/ndn-cxx/wiki/SignedInterest
+ */
+const size_t MIN_SIZE = 2;
+
+/** \deprecated To avoid a potentially breaking change, this value is kept based on the Command
+ *              Interest definition.  This value will be eliminated in favor of `MIN_SIZE=2`.
+ */
+const size_t MIN_LENGTH = 4;
+
+/** \deprecated Use `MIN_SIZE`
+ */
+const size_t MIN_LENGTH_SIG_ONLY = 2;
+
+} // namespace signed_interest
+
+namespace command_interest {
+
+using signed_interest::POS_SIG_VALUE;
+using signed_interest::POS_SIG_INFO;
 const ssize_t POS_RANDOM_VAL = -3;
 const ssize_t POS_TIMESTAMP = -4;
 
 /** \brief minimal number of components for Command Interest
  *  \sa https://redmine.named-data.net/projects/ndn-cxx/wiki/CommandInterest
  */
-const size_t MIN_LENGTH = 4;
+const size_t MIN_SIZE = 4;
 
-/** \brief minimal number of components for Signed Interest
- *  \sa https://redmine.named-data.net/projects/ndn-cxx/wiki/SignedInterest
+} // namespace command_interest
+
+namespace signed_interest {
+
+/**
+ * @deprecated Use command_interest::POS_RANDOM_VAL
  */
-const size_t MIN_LENGTH_SIG_ONLY = 2;
+using command_interest::POS_RANDOM_VAL;
+
+/**
+ * @deprecated Use command_interest::POS_TIMESTAMP
+ */
+using command_interest::POS_TIMESTAMP;
 
 } // namespace signed_interest
 
diff --git a/src/security/validator-config.cpp b/src/security/validator-config.cpp
index 64c0187..f267377 100644
--- a/src/security/validator-config.cpp
+++ b/src/security/validator-config.cpp
@@ -482,14 +482,14 @@
 
   // If interestName has less than 4 name components,
   // it is definitely not a signed interest.
-  if (interest.getName().size() < signed_interest::MIN_LENGTH)
+  if (interest.getName().size() < command_interest::MIN_SIZE)
     return onValidationFailed(interest.shared_from_this(),
                               "Interest is not signed: " + interest.getName().toUri());
 
   try {
     const Name& interestName = interest.getName();
-    Signature signature(interestName[signed_interest::POS_SIG_INFO].blockFromValue(),
-                        interestName[signed_interest::POS_SIG_VALUE].blockFromValue());
+    Signature signature(interestName[command_interest::POS_SIG_INFO].blockFromValue(),
+                        interestName[command_interest::POS_SIG_VALUE].blockFromValue());
 
     if (!signature.hasKeyLocator())
       return onValidationFailed(interest.shared_from_this(), "No valid KeyLocator");
@@ -552,7 +552,7 @@
 
   try {
     interestTime =
-      time::fromUnixTimestamp(time::milliseconds(interestName.get(-signed_interest::MIN_LENGTH).toNumber()));
+      time::fromUnixTimestamp(time::milliseconds(interestName.at(command_interest::POS_TIMESTAMP).toNumber()));
   }
   catch (const tlv::Error& e) {
     return onValidationFailed(interest,
diff --git a/src/security/validator.cpp b/src/security/validator.cpp
index d3af387..f0f87b7 100644
--- a/src/security/validator.cpp
+++ b/src/security/validator.cpp
@@ -117,7 +117,7 @@
 {
   const Name& name = interest.getName();
 
-  if (name.size() < signed_interest::MIN_LENGTH_SIG_ONLY)
+  if (name.size() < signed_interest::MIN_SIZE)
     return false;
 
   Signature sig;
diff --git a/tests/identity-management-fixture.hpp b/tests/identity-management-fixture.hpp
index d2d1473..5c55073 100644
--- a/tests/identity-management-fixture.hpp
+++ b/tests/identity-management-fixture.hpp
@@ -136,7 +136,7 @@
   security::v2::KeyChain m_keyChain;
 };
 
-using IdentityManagementFixture = IdentityManagementV1Fixture;
+using IdentityManagementFixture = IdentityManagementV2Fixture;
 
 } // namespace tests
 } // namespace ndn
diff --git a/tests/unit-tests/face.t.cpp b/tests/unit-tests/face.t.cpp
index 2813bd1..ebbede6 100644
--- a/tests/unit-tests/face.t.cpp
+++ b/tests/unit-tests/face.t.cpp
@@ -36,7 +36,7 @@
 
 using ndn::util::DummyClientFace;
 
-class FaceFixture : public IdentityManagementTimeFixture
+class FaceFixture : public IdentityManagementV1TimeFixture
 {
 public:
   explicit
diff --git a/tests/unit-tests/identity-management-time-fixture.hpp b/tests/unit-tests/identity-management-time-fixture.hpp
index 286c8d7..99278d0 100644
--- a/tests/unit-tests/identity-management-time-fixture.hpp
+++ b/tests/unit-tests/identity-management-time-fixture.hpp
@@ -38,7 +38,7 @@
 {
 };
 
-using IdentityManagementTimeFixture = IdentityManagementV1TimeFixture;
+using IdentityManagementTimeFixture = IdentityManagementV2TimeFixture;
 
 } // namespace tests
 } // namespace ndn
diff --git a/tests/unit-tests/mgmt/dispatcher.t.cpp b/tests/unit-tests/mgmt/dispatcher.t.cpp
index 76e5c6c..a1506a0 100644
--- a/tests/unit-tests/mgmt/dispatcher.t.cpp
+++ b/tests/unit-tests/mgmt/dispatcher.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -37,7 +37,7 @@
 BOOST_AUTO_TEST_SUITE(Mgmt)
 BOOST_AUTO_TEST_SUITE(TestDispatcher)
 
-class DispatcherFixture : public IdentityManagementTimeFixture
+class DispatcherFixture : public IdentityManagementV1TimeFixture
 {
 public:
   DispatcherFixture()
diff --git a/tests/unit-tests/mgmt/nfd/controller-fixture.hpp b/tests/unit-tests/mgmt/nfd/controller-fixture.hpp
index e3eb36f..d64d77e 100644
--- a/tests/unit-tests/mgmt/nfd/controller-fixture.hpp
+++ b/tests/unit-tests/mgmt/nfd/controller-fixture.hpp
@@ -35,7 +35,7 @@
 
 using namespace ndn::tests;
 
-class ControllerFixture : public IdentityManagementTimeFixture
+class ControllerFixture : public IdentityManagementV1TimeFixture
 {
 protected:
   ControllerFixture()
diff --git a/tests/unit-tests/security/command-interest-signer.t.cpp b/tests/unit-tests/security/command-interest-signer.t.cpp
index fcfcaa2..33add93 100644
--- a/tests/unit-tests/security/command-interest-signer.t.cpp
+++ b/tests/unit-tests/security/command-interest-signer.t.cpp
@@ -38,29 +38,27 @@
 {
   addIdentity("/test");
 
-  // @TODO replace signed_interest::* with command_interest::*
-
   CommandInterestSigner signer(m_keyChain);
   Interest i1 = signer.makeCommandInterest("/hello/world");
   BOOST_CHECK_EQUAL(i1.getName().size(), 6);
-  BOOST_CHECK_EQUAL(i1.getName().at(signed_interest::POS_SIG_VALUE).blockFromValue().type(), tlv::SignatureValue);
-  BOOST_CHECK_EQUAL(i1.getName().at(signed_interest::POS_SIG_INFO).blockFromValue().type(), tlv::SignatureInfo);
+  BOOST_CHECK_EQUAL(i1.getName().at(command_interest::POS_SIG_VALUE).blockFromValue().type(), tlv::SignatureValue);
+  BOOST_CHECK_EQUAL(i1.getName().at(command_interest::POS_SIG_INFO).blockFromValue().type(), tlv::SignatureInfo);
 
   time::milliseconds timestamp = toUnixTimestamp(time::system_clock::now());
-  BOOST_CHECK_EQUAL(i1.getName().at(signed_interest::POS_TIMESTAMP).toNumber(), timestamp.count());
+  BOOST_CHECK_EQUAL(i1.getName().at(command_interest::POS_TIMESTAMP).toNumber(), timestamp.count());
 
   Interest i2 = signer.makeCommandInterest("/hello/world/!", signingByIdentity("/test"));
   BOOST_CHECK_EQUAL(i2.getName().size(), 7);
-  BOOST_CHECK_EQUAL(i2.getName().at(signed_interest::POS_SIG_VALUE).blockFromValue().type(), tlv::SignatureValue);
-  BOOST_CHECK_EQUAL(i2.getName().at(signed_interest::POS_SIG_INFO).blockFromValue().type(), tlv::SignatureInfo);
-  BOOST_CHECK_GT(i2.getName().at(signed_interest::POS_TIMESTAMP), i1.getName().at(signed_interest::POS_TIMESTAMP));
-  BOOST_CHECK_NE(i2.getName().at(signed_interest::POS_RANDOM_VAL),
-                 i1.getName().at(signed_interest::POS_RANDOM_VAL)); // this sometimes can fail
+  BOOST_CHECK_EQUAL(i2.getName().at(command_interest::POS_SIG_VALUE).blockFromValue().type(), tlv::SignatureValue);
+  BOOST_CHECK_EQUAL(i2.getName().at(command_interest::POS_SIG_INFO).blockFromValue().type(), tlv::SignatureInfo);
+  BOOST_CHECK_GT(i2.getName().at(command_interest::POS_TIMESTAMP), i1.getName().at(command_interest::POS_TIMESTAMP));
+  BOOST_CHECK_NE(i2.getName().at(command_interest::POS_RANDOM_VAL),
+                 i1.getName().at(command_interest::POS_RANDOM_VAL)); // this sometimes can fail
 
   advanceClocks(time::seconds(100));
 
   i2 = signer.makeCommandInterest("/hello/world/!");
-  BOOST_CHECK_GT(i2.getName().at(signed_interest::POS_TIMESTAMP), i1.getName().at(signed_interest::POS_TIMESTAMP));
+  BOOST_CHECK_GT(i2.getName().at(command_interest::POS_TIMESTAMP), i1.getName().at(command_interest::POS_TIMESTAMP));
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestCommandInterestSigner
diff --git a/tests/unit-tests/security/command-interest-validator.t.cpp b/tests/unit-tests/security/command-interest-validator.t.cpp
index 09ae2b9..cb01b36 100644
--- a/tests/unit-tests/security/command-interest-validator.t.cpp
+++ b/tests/unit-tests/security/command-interest-validator.t.cpp
@@ -35,7 +35,7 @@
 
 using namespace ndn::tests;
 
-class CommandInterestValidatorFixture : public IdentityManagementTimeFixture
+class CommandInterestValidatorFixture : public IdentityManagementV1TimeFixture
 {
 protected:
   CommandInterestValidatorFixture()
@@ -157,7 +157,7 @@
 BOOST_AUTO_TEST_CASE(BadTimestamp)
 {
   auto i1 = makeCommandInterest();
-  setNameComponent(*i1, signed_interest::POS_TIMESTAMP, "not-timestamp");
+  setNameComponent(*i1, command_interest::POS_TIMESTAMP, "not-timestamp");
   assertReject(*i1, CommandInterestValidator::ErrorCode::BAD_TIMESTAMP);
 }
 
@@ -251,8 +251,8 @@
   assertAccept(*i1);
 
   auto i2 = makeCommandInterest(); // signed at 0s
-  setNameComponent(*i2, signed_interest::POS_TIMESTAMP,
-                   i1->getName()[signed_interest::POS_TIMESTAMP]);
+  setNameComponent(*i2, command_interest::POS_TIMESTAMP,
+                   i1->getName()[command_interest::POS_TIMESTAMP]);
   assertReject(*i2, CommandInterestValidator::ErrorCode::TIMESTAMP_REORDER);
 
   advanceClocks(time::seconds(2));
@@ -302,7 +302,7 @@
   auto i1 = makeCommandInterest(1); // signed at 0ms
   auto i2 = makeCommandInterest(2); // signed at 0ms
   for (auto interest : {i1, i2}) {
-    setNameComponent(*interest, signed_interest::POS_TIMESTAMP,
+    setNameComponent(*interest, command_interest::POS_TIMESTAMP,
                      name::Component::fromNumber(time::toUnixTimestamp(time::system_clock::now()).count()));
   } // ensure timestamps are exactly 0ms
 
diff --git a/tests/unit-tests/security/conf/checker.t.cpp b/tests/unit-tests/security/conf/checker.t.cpp
index 493ac16..f43231b 100644
--- a/tests/unit-tests/security/conf/checker.t.cpp
+++ b/tests/unit-tests/security/conf/checker.t.cpp
@@ -33,7 +33,7 @@
 
 BOOST_AUTO_TEST_SUITE(Security)
 BOOST_AUTO_TEST_SUITE(Conf)
-BOOST_FIXTURE_TEST_SUITE(TestChecker, IdentityManagementFixture)
+BOOST_FIXTURE_TEST_SUITE(TestChecker, IdentityManagementV1Fixture)
 
 BOOST_AUTO_TEST_CASE(CustomizedCheckerTest1)
 {
diff --git a/tests/unit-tests/security/sec-rule-relative.t.cpp b/tests/unit-tests/security/sec-rule-relative.t.cpp
index 4209f28..492f2a6 100644
--- a/tests/unit-tests/security/sec-rule-relative.t.cpp
+++ b/tests/unit-tests/security/sec-rule-relative.t.cpp
@@ -29,7 +29,7 @@
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_FIXTURE_TEST_SUITE(TestSecRuleRelative, IdentityManagementFixture)
+BOOST_FIXTURE_TEST_SUITE(TestSecRuleRelative, IdentityManagementV1Fixture)
 
 BOOST_AUTO_TEST_CASE(Basic)
 {
diff --git a/tests/unit-tests/security/sec-rule-specific.t.cpp b/tests/unit-tests/security/sec-rule-specific.t.cpp
index 761b60f..5435394 100644
--- a/tests/unit-tests/security/sec-rule-specific.t.cpp
+++ b/tests/unit-tests/security/sec-rule-specific.t.cpp
@@ -31,7 +31,7 @@
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_FIXTURE_TEST_SUITE(TestSecRuleSpecific, IdentityManagementFixture)
+BOOST_FIXTURE_TEST_SUITE(TestSecRuleSpecific, IdentityManagementV1Fixture)
 
 BOOST_AUTO_TEST_CASE(Basic)
 {
diff --git a/tests/unit-tests/security/signature-sha256-with-ecdsa.t.cpp b/tests/unit-tests/security/signature-sha256-with-ecdsa.t.cpp
index 7f20981..cef4c22 100644
--- a/tests/unit-tests/security/signature-sha256-with-ecdsa.t.cpp
+++ b/tests/unit-tests/security/signature-sha256-with-ecdsa.t.cpp
@@ -20,15 +20,18 @@
  */
 
 #include "security/signature-sha256-with-ecdsa.hpp"
-#include "security/validator.hpp"
 #include "util/scheduler.hpp"
 
 #include "boost-test.hpp"
 #include "../identity-management-time-fixture.hpp"
+#include "v2/validator.hpp"
 
 namespace ndn {
+namespace security {
 namespace tests {
 
+using namespace ndn::tests;
+
 class SignatureSha256EcdsaTimeFixture : public IdentityManagementTimeFixture
 {
 public:
@@ -45,26 +48,26 @@
 BOOST_FIXTURE_TEST_SUITE(TestSignatureSha256WithEcdsa, SignatureSha256EcdsaTimeFixture)
 
 const uint8_t sigInfo[] = {
-0x16, 0x1b, // SignatureInfo
-  0x1b, 0x01, // SignatureType
-    0x03,
-  0x1c, 0x16, // KeyLocator
-    0x07, 0x14, // Name
-      0x08, 0x04,
-        0x74, 0x65, 0x73, 0x74,
-      0x08, 0x03,
-        0x6b, 0x65, 0x79,
-      0x08, 0x07,
-        0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72
+  0x16, 0x1b, // SignatureInfo
+    0x1b, 0x01, // SignatureType
+      0x03,
+    0x1c, 0x16, // KeyLocator
+      0x07, 0x14, // Name: /test/key/locator
+        0x08, 0x04,
+          0x74, 0x65, 0x73, 0x74,
+        0x08, 0x03,
+          0x6b, 0x65, 0x79,
+        0x08, 0x07,
+          0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72
 };
 
 const uint8_t sigValue[] = {
-0x17, 0x40, // SignatureValue
-  0x2f, 0xd6, 0xf1, 0x6e, 0x80, 0x6f, 0x10, 0xbe, 0xb1, 0x6f, 0x3e, 0x31, 0xec,
-  0xe3, 0xb9, 0xea, 0x83, 0x30, 0x40, 0x03, 0xfc, 0xa0, 0x13, 0xd9, 0xb3, 0xc6,
-  0x25, 0x16, 0x2d, 0xa6, 0x58, 0x41, 0x69, 0x62, 0x56, 0xd8, 0xb3, 0x6a, 0x38,
-  0x76, 0x56, 0xea, 0x61, 0xb2, 0x32, 0x70, 0x1c, 0xb6, 0x4d, 0x10, 0x1d, 0xdc,
-  0x92, 0x8e, 0x52, 0xa5, 0x8a, 0x1d, 0xd9, 0x96, 0x5e, 0xc0, 0x62, 0x0b
+  0x17, 0x40, // SignatureValue
+    0x2f, 0xd6, 0xf1, 0x6e, 0x80, 0x6f, 0x10, 0xbe, 0xb1, 0x6f, 0x3e, 0x31, 0xec,
+    0xe3, 0xb9, 0xea, 0x83, 0x30, 0x40, 0x03, 0xfc, 0xa0, 0x13, 0xd9, 0xb3, 0xc6,
+    0x25, 0x16, 0x2d, 0xa6, 0x58, 0x41, 0x69, 0x62, 0x56, 0xd8, 0xb3, 0x6a, 0x38,
+    0x76, 0x56, 0xea, 0x61, 0xb2, 0x32, 0x70, 0x1c, 0xb6, 0x4d, 0x10, 0x1d, 0xdc,
+    0x92, 0x8e, 0x52, 0xa5, 0x8a, 0x1d, 0xd9, 0x96, 0x5e, 0xc0, 0x62, 0x0b
 };
 
 
@@ -104,75 +107,47 @@
 
 BOOST_AUTO_TEST_CASE(DataSignature)
 {
-  Name identityName("/SecurityTestSignatureSha256WithEcdsa/DataSignature");
-  addIdentity(identityName, EcdsaKeyParams());
-  shared_ptr<security::v1::PublicKey> publicKey;
-  BOOST_REQUIRE_NO_THROW(publicKey = m_keyChain.getPublicKeyFromTpm(
-    m_keyChain.getDefaultKeyNameForIdentity(identityName)));
+  Identity identity = addIdentity("/SecurityTestSignatureSha256WithEcdsa/DataSignature", EcdsaKeyParams());
 
   Data testData("/SecurityTestSignatureSha256WithEcdsa/DataSignature/Data1");
   char content[5] = "1234";
   testData.setContent(reinterpret_cast<uint8_t*>(content), 5);
-  BOOST_CHECK_NO_THROW(m_keyChain.sign(testData,
-                                       security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
-                                                             identityName)));
+  BOOST_CHECK_NO_THROW(m_keyChain.sign(testData, security::SigningInfo(identity)));
   Block dataBlock(testData.wireEncode().wire(), testData.wireEncode().size());
 
   Data testData2;
   testData2.wireDecode(dataBlock);
-  BOOST_CHECK(Validator::verifySignature(testData2, *publicKey));
+  BOOST_CHECK(v2::Validator::verifySignature(testData2, identity.getDefaultKey().getPublicKey()));
 }
 
 BOOST_AUTO_TEST_CASE(InterestSignature)
 {
-  Name identityName("/SecurityTestSignatureSha256WithEcdsa/InterestSignature");
-  addIdentity(identityName, EcdsaKeyParams());
-  shared_ptr<security::v1::PublicKey> publicKey;
-  BOOST_REQUIRE_NO_THROW(publicKey = m_keyChain.getPublicKeyFromTpm(
-    m_keyChain.getDefaultKeyNameForIdentity(identityName)));
-
+  Identity identity = addIdentity("/SecurityTestSignatureSha256WithEcdsa/InterestSignature", EcdsaKeyParams());
 
   Interest interest("/SecurityTestSignatureSha256WithEcdsa/InterestSignature/Interest1");
   Interest interest11("/SecurityTestSignatureSha256WithEcdsa/InterestSignature/Interest1");
 
   scheduler.scheduleEvent(time::milliseconds(100), [&] {
-      BOOST_CHECK_NO_THROW(m_keyChain.sign(interest,
-                                           security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
-                                                                 identityName)));
+      BOOST_CHECK_NO_THROW(m_keyChain.sign(interest, security::SigningInfo(identity)));
     });
 
   advanceClocks(time::milliseconds(100));
   scheduler.scheduleEvent(time::milliseconds(100), [&] {
-      BOOST_CHECK_NO_THROW(m_keyChain.sign(interest11,
-                                           security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
-                                                                 identityName)));
+      BOOST_CHECK_NO_THROW(m_keyChain.sign(interest11, security::SigningInfo(identity)));
     });
 
   advanceClocks(time::milliseconds(100));
 
-  time::system_clock::TimePoint timestamp1 =
-    time::fromUnixTimestamp(
-      time::milliseconds(interest.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
-
-  time::system_clock::TimePoint timestamp2 =
-    time::fromUnixTimestamp(
-      time::milliseconds(interest11.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
-
-  BOOST_CHECK_EQUAL(time::milliseconds(100), (timestamp2 - timestamp1));
-
-  uint64_t nonce1 = interest.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
-  uint64_t nonce2 = interest11.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
-  BOOST_WARN_NE(nonce1, nonce2);
-
   Block interestBlock(interest.wireEncode().wire(), interest.wireEncode().size());
 
   Interest interest2;
   interest2.wireDecode(interestBlock);
-  BOOST_CHECK(Validator::verifySignature(interest2, *publicKey));
+  BOOST_CHECK(v2::Validator::verifySignature(interest2, identity.getDefaultKey().getPublicKey()));
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestSignatureSha256WithEcdsa
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
+} // namespace security
 } // namespace ndn
diff --git a/tests/unit-tests/security/signature-sha256-with-rsa.t.cpp b/tests/unit-tests/security/signature-sha256-with-rsa.t.cpp
index 4944cbd..c6397ac 100644
--- a/tests/unit-tests/security/signature-sha256-with-rsa.t.cpp
+++ b/tests/unit-tests/security/signature-sha256-with-rsa.t.cpp
@@ -20,15 +20,18 @@
  */
 
 #include "security/signature-sha256-with-rsa.hpp"
-#include "security/validator.hpp"
 #include "util/scheduler.hpp"
 
 #include "boost-test.hpp"
 #include "../identity-management-time-fixture.hpp"
+#include "v2/validator.hpp"
 
 namespace ndn {
+namespace security {
 namespace tests {
 
+using namespace ndn::tests;
+
 class SignatureSha256RsaTimeFixture : public IdentityManagementTimeFixture
 {
 public:
@@ -45,17 +48,17 @@
 BOOST_FIXTURE_TEST_SUITE(TestSignatureSha256WithRsa, SignatureSha256RsaTimeFixture)
 
 const uint8_t sigInfo[] = {
-0x16, 0x1b, // SignatureInfo
-  0x1b, 0x01, // SignatureType
-    0x01,
-  0x1c, 0x16, // KeyLocator
-    0x07, 0x14, // Name
-      0x08, 0x04,
-        0x74, 0x65, 0x73, 0x74,
-      0x08, 0x03,
-        0x6b, 0x65, 0x79,
-      0x08, 0x07,
-        0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72
+  0x16, 0x1b, // SignatureInfo
+    0x1b, 0x01, // SignatureType
+      0x01,
+    0x1c, 0x16, // KeyLocator
+      0x07, 0x14, // Name
+        0x08, 0x04,
+          0x74, 0x65, 0x73, 0x74,
+        0x08, 0x03,
+          0x6b, 0x65, 0x79,
+        0x08, 0x07,
+          0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72
 };
 
 const uint8_t sigValue[] = {
@@ -109,74 +112,47 @@
 
 BOOST_AUTO_TEST_CASE(DataSignature)
 {
-  Name identityName("/SecurityTestSignatureSha256WithRsa/DataSignature");
-  addIdentity(identityName, RsaKeyParams());
-  shared_ptr<security::v1::PublicKey> publicKey;
-  BOOST_REQUIRE_NO_THROW(publicKey = m_keyChain.getPublicKeyFromTpm(
-    m_keyChain.getDefaultKeyNameForIdentity(identityName)));
+  Identity identity = addIdentity("/SecurityTestSignatureSha256WithRsa/DataSignature", RsaKeyParams());
 
   Data testData("/SecurityTestSignatureSha256WithRsa/DataSignature/Data1");
   char content[5] = "1234";
   testData.setContent(reinterpret_cast<uint8_t*>(content), 5);
-  BOOST_CHECK_NO_THROW(m_keyChain.sign(testData,
-                                       security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
-                                                             identityName)));
+  BOOST_CHECK_NO_THROW(m_keyChain.sign(testData, security::SigningInfo(identity)));
   Block dataBlock(testData.wireEncode().wire(), testData.wireEncode().size());
 
   Data testData2;
   testData2.wireDecode(dataBlock);
-  BOOST_CHECK(Validator::verifySignature(testData2, *publicKey));
+  BOOST_CHECK(v2::Validator::verifySignature(testData2, identity.getDefaultKey().getPublicKey()));
 }
 
 BOOST_AUTO_TEST_CASE(InterestSignature)
 {
-  Name identityName("/SecurityTestSignatureSha256WithRsa/InterestSignature");
-  addIdentity(identityName, RsaKeyParams());
-  shared_ptr<security::v1::PublicKey> publicKey;
-  BOOST_REQUIRE_NO_THROW(publicKey = m_keyChain.getPublicKeyFromTpm(
-    m_keyChain.getDefaultKeyNameForIdentity(identityName)));
+  Identity identity = addIdentity("/SecurityTestSignatureSha256WithRsa/InterestSignature", RsaKeyParams());
 
   Interest interest("/SecurityTestSignatureSha256WithRsa/InterestSignature/Interest1");
   Interest interest11("/SecurityTestSignatureSha256WithRsa/InterestSignature/Interest1");
 
   scheduler.scheduleEvent(time::milliseconds(100), [&] {
-      BOOST_CHECK_NO_THROW(m_keyChain.sign(interest,
-                                           security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
-                                                                 identityName)));
+      BOOST_CHECK_NO_THROW(m_keyChain.sign(interest, security::SigningInfo(identity)));
     });
 
   advanceClocks(time::milliseconds(100));
   scheduler.scheduleEvent(time::milliseconds(100), [&] {
-      BOOST_CHECK_NO_THROW(m_keyChain.sign(interest11,
-                                           security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
-                                                                 identityName)));
+      BOOST_CHECK_NO_THROW(m_keyChain.sign(interest11, security::SigningInfo(identity)));
     });
 
   advanceClocks(time::milliseconds(100));
 
-  time::system_clock::TimePoint timestamp1 =
-    time::fromUnixTimestamp(
-      time::milliseconds(interest.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
-
-  time::system_clock::TimePoint timestamp2 =
-    time::fromUnixTimestamp(
-      time::milliseconds(interest11.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
-
-  BOOST_CHECK_EQUAL(time::milliseconds(100), (timestamp2 - timestamp1));
-
-  uint64_t nonce1 = interest.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
-  uint64_t nonce2 = interest11.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
-  BOOST_WARN_NE(nonce1, nonce2);
-
   Block interestBlock(interest.wireEncode().wire(), interest.wireEncode().size());
 
   Interest interest2;
   interest2.wireDecode(interestBlock);
-  BOOST_CHECK(Validator::verifySignature(interest2, *publicKey));
+  BOOST_CHECK(v2::Validator::verifySignature(interest2, identity.getDefaultKey().getPublicKey()));
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestSignatureSha256WithRsa
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
+} // namespace security
 } // namespace ndn
diff --git a/tests/unit-tests/security/v1/key-chain.t.cpp b/tests/unit-tests/security/v1/key-chain.t.cpp
index 36dac9c..4caba4f 100644
--- a/tests/unit-tests/security/v1/key-chain.t.cpp
+++ b/tests/unit-tests/security/v1/key-chain.t.cpp
@@ -146,7 +146,7 @@
   BOOST_REQUIRE_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected.
 }
 
-BOOST_FIXTURE_TEST_CASE(ExportIdentity, IdentityManagementFixture)
+BOOST_FIXTURE_TEST_CASE(ExportIdentity, IdentityManagementV1Fixture)
 {
   Name identity("/TestKeyChain/ExportIdentity/");
   identity.appendVersion();
@@ -178,7 +178,7 @@
   BOOST_CHECK(m_keyChain.doesCertificateExist(certName));
 }
 
-BOOST_FIXTURE_TEST_CASE(PrepareIdentityCertificate, IdentityManagementFixture)
+BOOST_FIXTURE_TEST_CASE(PrepareIdentityCertificate, IdentityManagementV1Fixture)
 {
   Name identity("/TestKeyChain/PrepareIdentityCertificate/");
   identity.appendVersion();
@@ -247,7 +247,7 @@
   BOOST_CHECK_EQUAL(static_cast<bool>(idCert5), false);
 }
 
-BOOST_FIXTURE_TEST_CASE(Delete, IdentityManagementFixture)
+BOOST_FIXTURE_TEST_CASE(Delete, IdentityManagementV1Fixture)
 {
   Name identity("/TestSecPublicInfoSqlite3/Delete");
   identity.appendVersion();
@@ -327,7 +327,7 @@
   BOOST_CHECK_EQUAL(keyChain.getDefaultIdentity(), "/dummy/key");
 }
 
-BOOST_FIXTURE_TEST_CASE(GeneralSigningInterface, IdentityManagementFixture)
+BOOST_FIXTURE_TEST_CASE(GeneralSigningInterface, IdentityManagementV1Fixture)
 {
   Name id("/id");
   Name certName = m_keyChain.createIdentity(id);
@@ -400,7 +400,7 @@
                                                                 interest5.getName()[-1].blockFromValue()))));
 }
 
-BOOST_FIXTURE_TEST_CASE(EcdsaSigningByIdentityNoCert, IdentityManagementFixture)
+BOOST_FIXTURE_TEST_CASE(EcdsaSigningByIdentityNoCert, IdentityManagementV1Fixture)
 {
   Data data("/test/data");
 
diff --git a/tests/unit-tests/security/validator-config.t.cpp b/tests/unit-tests/security/validator-config.t.cpp
index 022e80b..271a541 100644
--- a/tests/unit-tests/security/validator-config.t.cpp
+++ b/tests/unit-tests/security/validator-config.t.cpp
@@ -43,7 +43,23 @@
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_FIXTURE_TEST_SUITE(TestValidatorConfig, IdentityManagementFixture)
+
+// Needed to create Face instance
+class ValidatorConfigFixture : public IdentityManagementV1TimeFixture
+{
+public:
+  ValidatorConfigFixture()
+    : face(nullptr, m_keyChain)
+    , validator(face)
+  {
+  }
+
+public:
+  Face face;
+  ValidatorConfig validator;
+};
+
+BOOST_FIXTURE_TEST_SUITE(TestValidatorConfig, ValidatorConfigFixture)
 
 BOOST_AUTO_TEST_CASE(NameFilter)
 {
@@ -96,8 +112,6 @@
   const boost::filesystem::path CONFIG_PATH =
     (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
 
-  Face face(nullptr, m_keyChain);
-  ValidatorConfig validator(face);
   validator.load(CONFIG, CONFIG_PATH.c_str());
 
   validator.validate(*data1,
@@ -164,8 +178,6 @@
   const boost::filesystem::path CONFIG_PATH =
     (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
 
-  Face face(nullptr, m_keyChain);
-  ValidatorConfig validator(face);
   validator.load(CONFIG, CONFIG_PATH.c_str());
 
   validator.validate(*data1,
@@ -236,8 +248,6 @@
   const boost::filesystem::path CONFIG_PATH =
     (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
 
-  Face face(nullptr, m_keyChain);
-  ValidatorConfig validator(face);
   validator.load(CONFIG, CONFIG_PATH.c_str());
 
   validator.validate(*data1,
@@ -307,8 +317,6 @@
   const boost::filesystem::path CONFIG_PATH =
     (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
 
-  Face face(nullptr, m_keyChain);
-  ValidatorConfig validator(face);
   validator.load(CONFIG, CONFIG_PATH.c_str());
 
   validator.validate(*data1,
@@ -374,8 +382,6 @@
   const boost::filesystem::path CONFIG_PATH =
     (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
 
-  Face face(nullptr, m_keyChain);
-  ValidatorConfig validator(face);
   validator.load(CONFIG, CONFIG_PATH.c_str());
 
   validator.validate(*data1,
@@ -462,8 +468,6 @@
   const boost::filesystem::path CONFIG_PATH =
     (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
 
-  Face face(nullptr, m_keyChain);
-  ValidatorConfig validator(face);
   validator.load(CONFIG, CONFIG_PATH.c_str());
 
   validator.validate(*data1,
@@ -598,8 +602,6 @@
   Name root("/TestValidatorConfig/Reload");
   BOOST_REQUIRE(saveIdentityCertificate(addIdentity(root), "trust-anchor-8.cert"));
 
-  Face face(nullptr, m_keyChain);
-
   const std::string CONFIG =
     "rule\n"
     "{\n"
@@ -644,13 +646,11 @@
   const boost::filesystem::path CONFIG_PATH =
     (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
 
-  shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
+  validator.load(CONFIG, CONFIG_PATH.c_str());
+  BOOST_CHECK_EQUAL(validator.isEmpty(), false);
 
-  validator->load(CONFIG, CONFIG_PATH.c_str());
-  BOOST_CHECK_EQUAL(validator->isEmpty(), false);
-
-  validator->reset();
-  BOOST_CHECK(validator->isEmpty());
+  validator.reset();
+  BOOST_CHECK(validator.isEmpty());
 }
 
 BOOST_AUTO_TEST_CASE(TrustAnchorWildcard)
@@ -672,8 +672,6 @@
   const boost::filesystem::path CONFIG_PATH =
     (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
 
-  Face face(nullptr, m_keyChain);
-  ValidatorConfig validator(face);
   validator.load(CONFIG, CONFIG_PATH.c_str());
 
   validator.validate(*data1,
@@ -683,11 +681,8 @@
 
 BOOST_AUTO_TEST_CASE(SignedInterestTest)
 {
-  Name identity("/TestValidatorConfig/SignedInterestTest");
-
-  Name identity1 = identity;
-  identity1.appendVersion();
-  BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity1), "trust-anchor-9.cert"));
+  Name certName = addIdentity("/TestValidatorConfig/SignedInterestTest");
+  BOOST_REQUIRE(saveIdentityCertificate(certName, "trust-anchor-9.cert"));
 
   Name interestName("/TestValidatorConfig/SignedInterestTest");
   Name interestName1 = interestName;
@@ -697,9 +692,9 @@
   interestName2.append("2");
   shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
 
-  BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
-  usleep(10000);
-  BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity1)));
+  BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByCertificate(certName)));
+  advanceClocks(time::milliseconds(10));
+  BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByCertificate(certName)));
 
   const std::string CONFIG =
     "rule\n"
@@ -726,24 +721,24 @@
   const boost::filesystem::path CONFIG_PATH =
     (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
 
-  Face face(nullptr, m_keyChain);
-  ValidatorConfig validator(face);
   validator.load(CONFIG, CONFIG_PATH.c_str());
 
   validator.validate(*interest1,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
+  advanceClocks(time::milliseconds(10));
 
   validator.validate(*interest2,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
+  advanceClocks(time::milliseconds(10));
 
   validator.validate(*interest1,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
+  advanceClocks(time::milliseconds(10));
 }
 
-
 BOOST_AUTO_TEST_CASE(MaxKeyTest)
 {
   Name identity("/TestValidatorConfig/MaxKeyTest");
@@ -773,10 +768,11 @@
   shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
 
   BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
-  usleep(10000);
+  advanceClocks(time::milliseconds(10));
   BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
-  usleep(10000);
+  advanceClocks(time::milliseconds(10));
   BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
+  advanceClocks(time::milliseconds(10));
 
   const std::string CONFIG =
     "rule\n"
@@ -813,7 +809,6 @@
   const boost::filesystem::path CONFIG_PATH =
     (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
 
-  Face face(nullptr, m_keyChain);
   ValidatorConfig validator(face,
                             ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
                             ValidatorConfig::DEFAULT_GRACE_INTERVAL,
@@ -825,23 +820,28 @@
   validator.validate(*interest1,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
+  advanceClocks(time::milliseconds(10));
 
   validator.validate(*interest2,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
+  advanceClocks(time::milliseconds(10));
 
   validator.validate(*interest1,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
+  advanceClocks(time::milliseconds(10));
 
   validator.validate(*interest3,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
+  advanceClocks(time::milliseconds(10));
 
   // Should succeed because identity1's key has been cleaned up due to space limit.
   validator.validate(*interest1,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
+  advanceClocks(time::milliseconds(10));
 }
 
 BOOST_AUTO_TEST_CASE(MaxKeyTest2)
@@ -880,12 +880,13 @@
   shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
 
   BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
-  usleep(10000);
+  advanceClocks(time::milliseconds(10));
   BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
-  usleep(10000);
+  advanceClocks(time::milliseconds(10));
   BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
-  usleep(10000);
+  advanceClocks(time::milliseconds(10));
   BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest4, security::signingByIdentity(identity4)));
+  advanceClocks(time::milliseconds(10));
 
   const std::string CONFIG =
     "rule\n"
@@ -927,7 +928,6 @@
   const boost::filesystem::path CONFIG_PATH =
     (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
 
-  Face face(nullptr, m_keyChain);
   ValidatorConfig validator(face,
                             ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
                             ValidatorConfig::DEFAULT_GRACE_INTERVAL,
@@ -939,52 +939,60 @@
   validator.validate(*interest1,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
+  advanceClocks(time::milliseconds(10));
 
   validator.validate(*interest2,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
+  advanceClocks(time::milliseconds(10));
 
   validator.validate(*interest3,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
+  advanceClocks(time::milliseconds(10));
 
   validator.validate(*interest1,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
+  advanceClocks(time::milliseconds(10));
 
   validator.validate(*interest2,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
+  advanceClocks(time::milliseconds(10));
 
   validator.validate(*interest3,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
 
-  sleep(2);
+  advanceClocks(time::seconds(2));
 
   validator.validate(*interest4,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
+  advanceClocks(time::milliseconds(10));
 
   // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
   validator.validate(*interest1,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
+  advanceClocks(time::milliseconds(10));
 
   validator.validate(*interest2,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
+  advanceClocks(time::milliseconds(10));
 
   validator.validate(*interest3,
     [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
     [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
+  advanceClocks(time::milliseconds(10));
 }
 
 BOOST_AUTO_TEST_CASE(FixedSignerChecker2)
 {
   Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
-  addIdentity(rsaIdentity);
-  // Name rsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(rsaIdentity);
+  addIdentity(rsaIdentity, RsaKeyParams());
 
   Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
   auto identity = addIdentity(ecdsaIdentity, EcdsaKeyParams());
@@ -1047,8 +1055,6 @@
   const boost::filesystem::path CONFIG_PATH =
     (boost::filesystem::current_path() / std::string("unit-test.conf"));
 
-  Face face(nullptr, m_keyChain);
-  ValidatorConfig validator(face);
   validator.load(CONFIG, CONFIG_PATH.c_str());
 
   validator.validate(*dataEcdsa,
@@ -1069,7 +1075,7 @@
 }
 
 
-struct FacesFixture : public IdentityManagementTimeFixture
+struct FacesFixture : public ValidatorConfigFixture
 {
   FacesFixture()
     : face1(io, m_keyChain, {true, true})
@@ -1108,10 +1114,6 @@
     }
   }
 
-  ~FacesFixture()
-  {
-  }
-
 public:
   util::DummyClientFace face1;
   util::DummyClientFace face2;
@@ -1195,7 +1197,6 @@
   const boost::filesystem::path CONFIG_PATH =
     (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
 
-
   auto validator = make_shared<ValidatorConfig>(&face2);
   validator->load(CONFIG, CONFIG_PATH.c_str());
 
@@ -1367,11 +1368,10 @@
   } while (passPacket());
 }
 
-struct DirTestFixture : public IdentityManagementTimeFixture
+struct DirTestFixture : public ValidatorConfigFixture
 {
   DirTestFixture()
-    : face(io, m_keyChain, {true, true})
-    , validator(&face, ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
+    : validator(&face, ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
                 ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
   {
     certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
@@ -1413,7 +1413,6 @@
   shared_ptr<v1::IdentityCertificate> firstCert;
   shared_ptr<v1::IdentityCertificate> secondCert;
 
-  util::DummyClientFace face;
   ValidatorConfig validator;
 };
 
@@ -1487,7 +1486,7 @@
   advanceClocks(time::milliseconds(10), 20);
 }
 
-class DirectCertFetchFixture : public IdentityManagementTimeFixture
+class DirectCertFetchFixture : public IdentityManagementV1TimeFixture
 {
 public:
   DirectCertFetchFixture()
diff --git a/tests/unit-tests/security/validator.t.cpp b/tests/unit-tests/security/validator.t.cpp
index 0b7cda2..68bed61 100644
--- a/tests/unit-tests/security/validator.t.cpp
+++ b/tests/unit-tests/security/validator.t.cpp
@@ -32,7 +32,7 @@
 using namespace ndn::tests;
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_FIXTURE_TEST_SUITE(TestValidator, IdentityManagementFixture)
+BOOST_FIXTURE_TEST_SUITE(TestValidator, IdentityManagementV1Fixture)
 
 void
 onValidated(const shared_ptr<const Data>& data)
diff --git a/tests/unit-tests/util/io.t.cpp b/tests/unit-tests/util/io.t.cpp
index e4dfa63..20e9412 100644
--- a/tests/unit-tests/util/io.t.cpp
+++ b/tests/unit-tests/util/io.t.cpp
@@ -267,18 +267,14 @@
 
 BOOST_FIXTURE_TEST_CASE(IdCert, IdCertFixture)
 {
-  Name identity("/TestIo/IdCert");
-  identity.appendVersion();
-  addIdentity(identity, RsaKeyParams());
-  Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
-  shared_ptr<security::v1::IdentityCertificate> idCert;
-  BOOST_REQUIRE_NO_THROW(idCert = m_keyChain.getCertificate(certName));
+  auto identity = addIdentity("/TestIo/IdCert", RsaKeyParams());
+  const auto& cert = identity.getDefaultKey().getDefaultCertificate();
+  io::save(cert, filename);
 
-  io::save(*idCert, filename);
-  shared_ptr<security::v1::IdentityCertificate> readCert = io::load<security::v1::IdentityCertificate>(filename);
+  auto readCert = io::load<security::v2::Certificate>(filename);
 
   BOOST_REQUIRE(readCert != nullptr);
-  BOOST_CHECK_EQUAL(idCert->getName(), readCert->getName());
+  BOOST_CHECK_EQUAL(cert.getName(), readCert->getName());
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestIo
diff --git a/tests/unit-tests/util/notification-stream.t.cpp b/tests/unit-tests/util/notification-stream.t.cpp
index 8ec6c6f..65522b0 100644
--- a/tests/unit-tests/util/notification-stream.t.cpp
+++ b/tests/unit-tests/util/notification-stream.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016, Regents of the University of California,
+ * Copyright (c) 2013-2017, Regents of the University of California,
  *                          Arizona Board of Regents,
  *                          Colorado State University,
  *                          University Pierre & Marie Curie, Sorbonne University,
@@ -37,7 +37,7 @@
 namespace tests {
 
 BOOST_AUTO_TEST_SUITE(Util)
-BOOST_FIXTURE_TEST_SUITE(TestNotificationStream, ndn::tests::IdentityManagementTimeFixture)
+BOOST_FIXTURE_TEST_SUITE(TestNotificationStream, ndn::tests::IdentityManagementV1TimeFixture)
 
 BOOST_AUTO_TEST_CASE(Post)
 {
diff --git a/tests/unit-tests/util/notification-subscriber.t.cpp b/tests/unit-tests/util/notification-subscriber.t.cpp
index 309afad..5b22e48 100644
--- a/tests/unit-tests/util/notification-subscriber.t.cpp
+++ b/tests/unit-tests/util/notification-subscriber.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California,
+ * Copyright (c) 2013-2017 Regents of the University of California,
  *                         Arizona Board of Regents,
  *                         Colorado State University,
  *                         University Pierre & Marie Curie, Sorbonne University,
@@ -39,7 +39,7 @@
 
 using namespace ndn::tests;
 
-class NotificationSubscriberFixture : public IdentityManagementTimeFixture
+class NotificationSubscriberFixture : public IdentityManagementV1TimeFixture
 {
 public:
   NotificationSubscriberFixture()
diff --git a/tests/unit-tests/util/segment-fetcher.t.cpp b/tests/unit-tests/util/segment-fetcher.t.cpp
index 02ef85b..6d9ea36 100644
--- a/tests/unit-tests/util/segment-fetcher.t.cpp
+++ b/tests/unit-tests/util/segment-fetcher.t.cpp
@@ -40,7 +40,7 @@
 BOOST_AUTO_TEST_SUITE(Util)
 BOOST_AUTO_TEST_SUITE(TestSegmentFetcher)
 
-class Fixture : public IdentityManagementTimeFixture
+class Fixture : public IdentityManagementV1TimeFixture
 {
 public:
   Fixture()