security: Convert ValidatorConfig to ValidationPolicyConfig
The security API also provides a convenience ValidatorConfig helper.
Change-Id: Ic86dec4904b917361cb4740204de4b6710d2a386
Refs: #3920
diff --git a/tests/unit-tests/security/validator-config.t.cpp b/tests/unit-tests/security/validator-config.t.cpp
index e2fbda1..37f2cff 100644
--- a/tests/unit-tests/security/validator-config.t.cpp
+++ b/tests/unit-tests/security/validator-config.t.cpp
@@ -20,18 +20,12 @@
*/
#include "security/validator-config.hpp"
-#include "security/signing-helpers.hpp"
+#include "security/v2/certificate-fetcher-offline.hpp"
#include "util/dummy-client-face.hpp"
-#include "util/io.hpp"
-#include "util/scheduler.hpp"
-#include "lp/nack.hpp"
-#include "lp/tags.hpp"
#include "boost-test.hpp"
-#include "make-interest-data.hpp"
-#include "../identity-management-time-fixture.hpp"
-
-#include <boost/logic/tribool.hpp>
+#include "identity-management-fixture.hpp"
+#include "v2/validator-config/common.hpp"
namespace ndn {
namespace security {
@@ -40,1597 +34,85 @@
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
+BOOST_FIXTURE_TEST_SUITE(TestValidatorConfig, IdentityManagementFixture)
-// Needed to create Face instance
-class ValidatorConfigFixture : public IdentityManagementV1TimeFixture
+// This test only for API, actual tests are in ValidationPolicyConfig and corresponding CertificateFetchers
+
+BOOST_AUTO_TEST_CASE(Construct)
+{
+ util::DummyClientFace face;
+
+ ValidatorConfig v1(face);
+ BOOST_CHECK_EQUAL(v1.m_policyConfig.m_isConfigured, false);
+
+ ValidatorConfig v2(make_unique<v2::CertificateFetcherOffline>());
+ BOOST_CHECK_EQUAL(v2.m_policyConfig.m_isConfigured, false);
+}
+
+class ValidatorConfigFixture : public IdentityManagementFixture
{
public:
ValidatorConfigFixture()
- : m_v2KeyChain("pib-memory:", "tpm-memory:")
- , face(nullptr, m_v2KeyChain)
- , validator(face)
+ : path(boost::filesystem::path(UNIT_TEST_CONFIG_PATH) / "security" / "validator-config")
+ , validator(make_unique<v2::CertificateFetcherOffline>())
{
+ boost::filesystem::create_directories(path);
+ config = R"CONF(
+ trust-anchor
+ {
+ type any
+ }
+ )CONF";
+ configFile = (this->path / "config.conf").string();
+ std::ofstream f(configFile.c_str());
+ f << config;
+ }
+
+ ~ValidatorConfigFixture()
+ {
+ boost::filesystem::remove_all(path);
}
public:
- v2::KeyChain m_v2KeyChain;
- Face face;
+ const boost::filesystem::path path;
+ std::string config;
+ std::string configFile;
ValidatorConfig validator;
};
-BOOST_FIXTURE_TEST_SUITE(TestValidatorConfig, ValidatorConfigFixture)
+BOOST_FIXTURE_TEST_SUITE(Loads, ValidatorConfigFixture)
-BOOST_AUTO_TEST_CASE(NameFilter)
+BOOST_AUTO_TEST_CASE(FromFile)
{
- Name identity("/TestValidatorConfig/NameFilter");
- identity.appendVersion();
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity), "trust-anchor-1.cert"));
- Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
-
- Name dataName1("/simple/equal");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
-
- Name dataName2("/simple/different");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
-
- std::string CONFIG_1 =
- "rule\n"
- "{\n"
- " id \"Simple Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /simple/equal\n"
- " relation equal\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " name ";
-
- std::string CONFIG_2 =
- "\n"
- " relation equal\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-1.cert\"\n"
- "}\n";
- const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
- validator.load(CONFIG, CONFIG_PATH.c_str());
-
- validator.validate(*data1,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
-
- validator.validate(*data2,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
+ validator.load(configFile);
+ BOOST_CHECK_EQUAL(validator.m_policyConfig.m_isConfigured, true);
+ BOOST_CHECK_THROW(validator.load(configFile), std::logic_error);
}
-BOOST_AUTO_TEST_CASE(NameFilter2)
+BOOST_AUTO_TEST_CASE(FromString)
{
- Name identity("/TestValidatorConfig/NameFilter2");
- identity.appendVersion();
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity), "trust-anchor-2.cert"));
- Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
-
- Name dataName1("/simple/isPrefixOf");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
-
- Name dataName2("/simple/notPrefixOf");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
-
- Name dataName3("/simple/isPrefixOf/anotherLevel");
- shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
-
- std::string CONFIG_1 =
- "rule\n"
- "{\n"
- " id \"Simple2 Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /simple/isPrefixOf\n"
- " relation is-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " name ";
-
- std::string CONFIG_2 =
- "\n"
- " relation equal\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-2.cert\"\n"
- "}\n";
- const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
- validator.load(CONFIG, CONFIG_PATH.c_str());
-
- validator.validate(*data1,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
-
- validator.validate(*data2,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
-
- validator.validate(*data3,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
+ validator.load(config, "config-file-from-string");
+ BOOST_CHECK_EQUAL(validator.m_policyConfig.m_isConfigured, true);
+ BOOST_CHECK_THROW(validator.load(configFile), std::logic_error);
}
-BOOST_AUTO_TEST_CASE(NameFilter3)
+BOOST_AUTO_TEST_CASE(FromIstream)
{
- Name identity("/TestValidatorConfig/NameFilter3");
- identity.appendVersion();
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity), "trust-anchor-3.cert"));
- Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
-
- Name dataName1("/simple/isStrictPrefixOf");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
-
- Name dataName2("/simple");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
-
- Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
- shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
-
- std::string CONFIG_1 =
- "rule\n"
- "{\n"
- " id \"Simple3 Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /simple/isStrictPrefixOf\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " name ";
-
- std::string CONFIG_2 =
- "\n"
- " relation equal\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-3.cert\"\n"
- "}\n";
- const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
- validator.load(CONFIG, CONFIG_PATH.c_str());
-
- validator.validate(*data1,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
-
- validator.validate(*data2,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
-
- validator.validate(*data3,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
+ std::istringstream is(config);
+ validator.load(is, "config-file-from-istream");
+ BOOST_CHECK_EQUAL(validator.m_policyConfig.m_isConfigured, true);
+ BOOST_CHECK_THROW(validator.load(configFile), std::logic_error);
}
-BOOST_AUTO_TEST_CASE(NameFilter4)
+BOOST_AUTO_TEST_CASE(FromSection)
{
- Name identity("/TestValidatorConfig/NameFilter4");
- identity.appendVersion();
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity), "trust-anchor-4.cert"));
- Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
-
- Name dataName1("/simple/regex");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
-
- Name dataName2("/simple/regex-wrong");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
-
- Name dataName3("/simple/regex/correct");
- shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
-
- std::string CONFIG_1 =
- "rule\n"
- "{\n"
- " id \"Simple3 Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " regex ^<simple><regex>\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " name ";
-
- std::string CONFIG_2 =
- "\n"
- " relation equal\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-4.cert\"\n"
- "}\n";
- const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
- validator.load(CONFIG, CONFIG_PATH.c_str());
-
- validator.validate(*data1,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
-
- validator.validate(*data2,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
-
- validator.validate(*data3,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
+ validator.load(v2::validator_config::tests::makeSection(config), "config-file-from-section");
+ BOOST_CHECK_EQUAL(validator.m_policyConfig.m_isConfigured, true);
+ BOOST_CHECK_THROW(validator.load(configFile), std::logic_error);
}
-BOOST_AUTO_TEST_CASE(KeyLocatorNameChecker1)
-{
- Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
- identity.appendVersion();
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity), "trust-anchor-5.cert"));
-
- Name dataName1 = identity;
- dataName1.append("1");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
-
- Name dataName2 = identity;
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
-
- Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
- shared_ptr<Data> data3 = make_shared<Data>(dataName3);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"Simple3 Rule\"\n"
- " for data\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " hyper-relation\n"
- " {\n"
- " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
- " k-expand \\\\1\\\\2\n"
- " h-relation is-strict-prefix-of\n"
- " p-regex ^(<>*)$\n"
- " p-expand \\\\1\n"
- " }\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-5.cert\"\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
- validator.load(CONFIG, CONFIG_PATH.c_str());
-
- validator.validate(*data1,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
-
- validator.validate(*data2,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
-
- validator.validate(*data3,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
-}
-
-BOOST_AUTO_TEST_CASE(FixedSignerChecker)
-{
- Name identity("/TestValidatorConfig/FixedSignerChecker");
-
- Name identity1 = identity;
- identity1.append("1").appendVersion();
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity1), "trust-anchor-7.cert"));
-
- Name identity2 = identity;
- identity2.append("2").appendVersion();
- addIdentity(identity2);
-
- Name dataName1 = identity;
- dataName1.append("data").appendVersion();
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
-
- Name dataName2 = identity;
- dataName2.append("data").appendVersion();
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
-
- Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
- shared_ptr<Interest> interest = make_shared<Interest>(interestName);
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Data Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/FixedSignerChecker\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-7.cert\"\n"
- " }\n"
- " }\n"
- "}\n"
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Interest Rule\"\n"
- " for interest\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/FixedSignerChecker\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-7.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
- validator.load(CONFIG, CONFIG_PATH.c_str());
-
- validator.validate(*data1,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
-
- validator.validate(*data2,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
-
- validator.validate(*interest,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
-}
-
-BOOST_AUTO_TEST_CASE(MultiCheckers)
-{
- Name identity1("/TestValidatorConfig/MultiCheckers/");
- identity1.appendVersion();
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity1), "trust-anchor-multi-1.cert"));
-
- Name identity2("/TestValidatorConfig/");
- identity2.appendVersion();
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity2), "trust-anchor-multi-2.cert"));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"Simple Rule01\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /\n"
- " relation is-prefix-of\n"
- " }\n"
- " checker\n" // checker 1, signer should have prefix /TestValidatorConfig/MultiCheckers
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/MultiCheckers/\n"
- " relation is-prefix-of\n"
- " }\n"
- " }\n"
- " checker\n" // checker 2, data should have same prefix of its signer
- " {\n"
- " type hierarchical\n"
- " sig-type rsa-sha256\n"
- " }\n"
- " checker\n" // checker 3, the signer should be identity1
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-multi-1.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-multicheckers.conf"));
-
- ValidatorConfig validator;
- validator.load(CONFIG, CONFIG_PATH.c_str());
- conf::Checker& checker0 = *validator.m_dataRules.front()->m_checkers[0];
- conf::Checker& checker1 = *validator.m_dataRules.front()->m_checkers[1];
- conf::Checker& checker2 = *validator.m_dataRules.front()->m_checkers[2];
-
- auto data1 = makeData(Name(identity1).append("Test"));
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
- BOOST_CHECK_EQUAL(checker0.check(*data1), 0);
- BOOST_CHECK_EQUAL(checker1.check(*data1), 0);
- BOOST_CHECK_EQUAL(checker2.check(*data1), 1);
-
- auto data2 = makeData(Name(identity2).append("Data2"));
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
- BOOST_CHECK_EQUAL(checker0.check(*data2), -1);
- BOOST_CHECK_EQUAL(checker1.check(*data2), 0);
- BOOST_CHECK_EQUAL(checker2.check(*data2), -1);
-
- auto data3 = makeData(Name(identity2).append("Data3"));
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity1)));
- BOOST_CHECK_EQUAL(checker0.check(*data3), 0);
- BOOST_CHECK_EQUAL(checker1.check(*data3), -1);
- BOOST_CHECK_EQUAL(checker2.check(*data3), 1);
-
- auto data4 = makeData("/Data4");
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data4, security::signingByIdentity(identity2)));
- BOOST_CHECK_EQUAL(checker0.check(*data4), -1);
- BOOST_CHECK_EQUAL(checker1.check(*data4), -1);
- BOOST_CHECK_EQUAL(checker2.check(*data4), -1);
-
- int count = 0;
- validator.validate(*data1,
- [&] (const shared_ptr<const Data>&) {
- BOOST_CHECK(true);
- count++;
- },
- [] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
-
- validator.validate(*data2,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
- [&] (const shared_ptr<const Data>&, const std::string& str) {
- BOOST_CHECK(true);
- count++;
- });
-
- validator.validate(*data3,
- [&] (const shared_ptr<const Data>&) {
- BOOST_CHECK(true);
- count++;
- },
- [] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
-
- validator.validate(*data4,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
- [&] (const shared_ptr<const Data>&, const std::string& str) {
- BOOST_CHECK(true);
- count++;
- });
-
- BOOST_CHECK_EQUAL(count, 4);
-}
-
-BOOST_AUTO_TEST_CASE(Reset)
-{
- Name root("/TestValidatorConfig/Reload");
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(root), "trust-anchor-8.cert"));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"NRD Prefix Registration Command Rule\"\n"
- " for interest\n"
- " filter\n"
- " {\n"
- " type name\n"
- " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
- " }\n"
- " }\n"
- "}\n"
- "rule\n"
- "{\n"
- " id \"Testbed Hierarchy Rule\"\n"
- " for data\n"
- " filter\n"
- " {\n"
- " type name\n"
- " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
- " }\n"
- " checker\n"
- " {\n"
- " type hierarchical\n"
- " sig-type rsa-sha256\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-8.cert\"\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
- validator.load(CONFIG, CONFIG_PATH.c_str());
- BOOST_CHECK_EQUAL(validator.isEmpty(), false);
-
- validator.reset();
- BOOST_CHECK(validator.isEmpty());
-}
-
-BOOST_AUTO_TEST_CASE(TrustAnchorWildcard)
-{
- Name identity("/TestValidatorConfig/Wildcard");
- identity.appendVersion();
- addIdentity(identity);
-
- Name dataName1("/any/data");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
-
- std::string CONFIG =
- "trust-anchor\n"
- "{\n"
- " type any\n"
- "}\n";
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
- validator.load(CONFIG, CONFIG_PATH.c_str());
-
- validator.validate(*data1,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
-}
-
-BOOST_AUTO_TEST_CASE(SignedInterestTest)
-{
- Name certName = addIdentity("/TestValidatorConfig/SignedInterestTest");
- BOOST_REQUIRE(saveIdentityCertificate(certName, "trust-anchor-9.cert"));
-
- Name interestName("/TestValidatorConfig/SignedInterestTest");
- Name interestName1 = interestName;
- interestName1.append("1");
- shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
- Name interestName2 = interestName;
- interestName2.append("2");
- shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
-
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByCertificate(certName)));
- advanceClocks(time::milliseconds(10));
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByCertificate(certName)));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Interest Rule\"\n"
- " for interest\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/SignedInterestTest\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-9.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
- validator.load(CONFIG, CONFIG_PATH.c_str());
-
- validator.validate(*interest1,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10));
-
- validator.validate(*interest2,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10));
-
- validator.validate(*interest1,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
- advanceClocks(time::milliseconds(10));
-}
-
-BOOST_AUTO_TEST_CASE(MaxKeyTest)
-{
- Name identity("/TestValidatorConfig/MaxKeyTest");
-
- Name identity1 = identity;
- identity1.append("Key1");
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity1), "trust-anchor-10-1.cert"));
-
- Name identity2 = identity;
- identity2.append("Key2");
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity2), "trust-anchor-10-2.cert"));
-
- Name identity3 = identity;
- identity3.append("Key3");
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity3), "trust-anchor-10-3.cert"));
-
-
- Name interestName("/TestValidatorConfig/MaxKeyTest");
- Name interestName1 = interestName;
- interestName1.append("1");
- shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
- Name interestName2 = interestName;
- interestName2.append("2");
- shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
- Name interestName3 = interestName;
- interestName3.append("3");
- shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
-
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
- advanceClocks(time::milliseconds(10));
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
- advanceClocks(time::milliseconds(10));
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
- advanceClocks(time::milliseconds(10));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Interest Rule\"\n"
- " for interest\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/MaxKeyTest\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-1.cert\"\n"
- " }\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-2.cert\"\n"
- " }\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-3.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
- ValidatorConfig validator(face,
- ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
- ValidatorConfig::DEFAULT_GRACE_INTERVAL,
- 10,
- 2, // Two keys can be tracked
- time::seconds(1)); // TTL is set to 1 sec
- validator.load(CONFIG, CONFIG_PATH.c_str());
-
- validator.validate(*interest1,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10));
-
- validator.validate(*interest2,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10));
-
- validator.validate(*interest1,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
- advanceClocks(time::milliseconds(10));
-
- validator.validate(*interest3,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10));
-
- // Should succeed because identity1's key has been cleaned up due to space limit.
- validator.validate(*interest1,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10));
-}
-
-BOOST_AUTO_TEST_CASE(MaxKeyTest2)
-{
- Name identity("/TestValidatorConfig/MaxKeyTest");
-
- Name identity1 = identity;
- identity1.append("Key1");
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity1), "trust-anchor-10-1.cert"));
-
- Name identity2 = identity;
- identity2.append("Key2");
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity2), "trust-anchor-10-2.cert"));
-
- Name identity3 = identity;
- identity3.append("Key3");
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity3), "trust-anchor-10-3.cert"));
-
- Name identity4 = identity;
- identity4.append("Key4");
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity4), "trust-anchor-10-4.cert"));
-
-
- Name interestName("/TestValidatorConfig/MaxKeyTest");
- Name interestName1 = interestName;
- interestName1.append("1");
- shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
- Name interestName2 = interestName;
- interestName2.append("2");
- shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
- Name interestName3 = interestName;
- interestName3.append("3");
- shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
- Name interestName4 = interestName;
- interestName4.append("4");
- shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
-
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
- advanceClocks(time::milliseconds(10));
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
- advanceClocks(time::milliseconds(10));
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
- advanceClocks(time::milliseconds(10));
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest4, security::signingByIdentity(identity4)));
- advanceClocks(time::milliseconds(10));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Interest Rule\"\n"
- " for interest\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/MaxKeyTest\n"
- " relation is-strict-prefix-of\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type rsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-1.cert\"\n"
- " }\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-2.cert\"\n"
- " }\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-3.cert\"\n"
- " }\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-10-4.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
- ValidatorConfig validator(face,
- ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
- ValidatorConfig::DEFAULT_GRACE_INTERVAL,
- 10,
- 3, // Three keys can be tracked
- time::seconds(1)); // TTL is set to 1 sec
- validator.load(CONFIG, CONFIG_PATH.c_str());
-
- validator.validate(*interest1,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10));
-
- validator.validate(*interest2,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10));
-
- validator.validate(*interest3,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10));
-
- validator.validate(*interest1,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
- advanceClocks(time::milliseconds(10));
-
- validator.validate(*interest2,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
- advanceClocks(time::milliseconds(10));
-
- validator.validate(*interest3,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
-
- advanceClocks(time::seconds(2));
-
- validator.validate(*interest4,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10));
-
- // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
- validator.validate(*interest1,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10));
-
- validator.validate(*interest2,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10));
-
- validator.validate(*interest3,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10));
-}
-
-BOOST_AUTO_TEST_CASE(FixedSignerChecker2)
-{
- Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
- addIdentity(rsaIdentity, RsaKeyParams());
-
- Name ecIdentity("/TestValidatorConfig/FixedSignerChecker2/Ec");
- auto identity = addIdentity(ecIdentity, EcKeyParams());
- BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-11.cert"));
-
- Name dataName("/TestValidatorConfig/FixedSignerChecker2");
- shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
- m_keyChain.sign(*dataRsa, security::signingByIdentity(rsaIdentity));
- shared_ptr<Data> dataEc = make_shared<Data>(dataName);
- m_keyChain.sign(*dataEc, security::signingByIdentity(ecIdentity));
-
- shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
- m_keyChain.sign(*interestRsa, security::signingByIdentity(rsaIdentity));
- shared_ptr<Interest> interestEc = make_shared<Interest>(dataName);
- m_keyChain.sign(*interestEc, security::signingByIdentity(ecIdentity));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Data Rule\"\n"
- " for data\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/FixedSignerChecker2\n"
- " relation equal\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type ecdsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-11.cert\"\n"
- " }\n"
- " }\n"
- "}\n"
- "rule\n"
- "{\n"
- " id \"FixedSignerChecker Interest Rule\"\n"
- " for interest\n"
- " filter"
- " {\n"
- " type name\n"
- " name /TestValidatorConfig/FixedSignerChecker2\n"
- " relation equal\n"
- " }\n"
- " checker\n"
- " {\n"
- " type fixed-signer\n"
- " sig-type ecdsa-sha256\n"
- " signer\n"
- " {\n"
- " type file\n"
- " file-name \"trust-anchor-11.cert\"\n"
- " }\n"
- " }\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test.conf"));
-
- validator.load(CONFIG, CONFIG_PATH.c_str());
-
- validator.validate(*dataEc,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
-
- validator.validate(*dataRsa,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
-
- validator.validate(*interestEc,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
-
- validator.validate(*interestRsa,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
-}
-
-
-struct FacesFixture : public ValidatorConfigFixture
-{
- FacesFixture()
- : face1(io, m_v2KeyChain, {true, true})
- , face2(io, m_v2KeyChain, {true, true})
- , readInterestOffset1(0)
- , readDataOffset1(0)
- , readInterestOffset2(0)
- , readDataOffset2(0)
- {
- }
-
- bool
- passPacket()
- {
- bool hasPassed = false;
-
- checkFace(face1.sentInterests, readInterestOffset1, face2, hasPassed);
- checkFace(face1.sentData, readDataOffset1, face2, hasPassed);
- checkFace(face2.sentInterests, readInterestOffset2, face1, hasPassed);
- checkFace(face2.sentData, readDataOffset2, face1, hasPassed);
-
- return hasPassed;
- }
-
- template<typename Packet>
- void
- checkFace(std::vector<Packet>& receivedPackets,
- size_t& readPacketOffset,
- util::DummyClientFace& receiver,
- bool& hasPassed)
- {
- while (receivedPackets.size() > readPacketOffset) {
- receiver.receive(receivedPackets[readPacketOffset]);
- readPacketOffset++;
- hasPassed = true;
- }
- }
-
-public:
- util::DummyClientFace face1;
- util::DummyClientFace face2;
-
- size_t readInterestOffset1;
- size_t readDataOffset1;
- size_t readInterestOffset2;
- size_t readDataOffset2;
-};
-
-BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
-{
- std::vector<v1::CertificateSubjectDescription> subjectDescription;
-
- Name root("/TestValidatorConfig");
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(root), "trust-anchor-6.cert"));
-
-
- Name sld("/TestValidatorConfig/HierarchicalChecker");
- addIdentity(sld);
- advanceClocks(time::milliseconds(100));
- Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
- shared_ptr<v1::IdentityCertificate> sldCert =
- m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
- root,
- time::system_clock::now(),
- time::system_clock::now() + time::days(7300),
- subjectDescription);
- m_keyChain.sign(*sldCert, security::signingByIdentity(root));
- m_keyChain.addCertificateAsIdentityDefault(*sldCert);
-
- Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
- addIdentity(nld);
- advanceClocks(time::milliseconds(100));
- Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
- shared_ptr<v1::IdentityCertificate> nldCert =
- m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
- sld,
- time::system_clock::now(),
- time::system_clock::now() + time::days(7300),
- subjectDescription);
- m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
- m_keyChain.addCertificateAsIdentityDefault(*nldCert);
-
- face1.setInterestFilter(sldCert->getName().getPrefix(-1),
- [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
- RegisterPrefixSuccessCallback(),
- [] (const Name&, const std::string&) {});
-
- face1.setInterestFilter(nldCert->getName().getPrefix(-1),
- [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
- RegisterPrefixSuccessCallback(),
- [] (const Name&, const std::string&) {});
-
- Name dataName1 = nld;
- dataName1.append("data1");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(nld)));
-
- Name dataName2("/ConfValidatorTest");
- dataName2.append("data1");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(nld)));
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"Simple3 Rule\"\n"
- " for data\n"
- " checker\n"
- " {\n"
- " type hierarchical\n"
- " sig-type rsa-sha256\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-6.cert\"\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
- auto validator = make_shared<ValidatorConfig>(&face2);
- validator->load(CONFIG, CONFIG_PATH.c_str());
-
- advanceClocks(time::milliseconds(2), 100);
- validator->validate(*data1,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
-
- do {
- advanceClocks(time::milliseconds(2), 10);
- } while (passPacket());
-
- validator->validate(*data2,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
-
- do {
- advanceClocks(time::milliseconds(2), 10);
- } while (passPacket());
-}
-
-BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
-{
- advanceClocks(time::nanoseconds(1));
-
- std::vector<v1::CertificateSubjectDescription> subjectDescription;
-
- Name root("/TestValidatorConfig");
- BOOST_REQUIRE(saveIdentityCertificate(addIdentity(root), "trust-anchor-8.cert"));
-
- Name sld("/TestValidatorConfig/Nrd-1");
- addIdentity(sld);
- advanceClocks(time::milliseconds(100));
- Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
- shared_ptr<v1::IdentityCertificate> sldCert =
- m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
- root,
- time::system_clock::now(),
- time::system_clock::now() + time::days(7300),
- subjectDescription);
- m_keyChain.sign(*sldCert, security::signingByIdentity(root));
- m_keyChain.addCertificateAsIdentityDefault(*sldCert);
-
- Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
- addIdentity(nld);
- advanceClocks(time::milliseconds(100));
- Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
- shared_ptr<v1::IdentityCertificate> nldCert =
- m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
- sld,
- time::system_clock::now(),
- time::system_clock::now() + time::days(7300),
- subjectDescription);
- m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
- m_keyChain.addCertificateAsIdentityDefault(*nldCert);
-
- face1.setInterestFilter(sldCert->getName().getPrefix(-1),
- [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
- RegisterPrefixSuccessCallback(),
- [] (const Name&, const std::string&) {});
-
- face1.setInterestFilter(nldCert->getName().getPrefix(-1),
- [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
- RegisterPrefixSuccessCallback(),
- [] (const Name&, const std::string&) {});
-
- advanceClocks(time::milliseconds(10));
- Name interestName1("/localhost/nrd/register/option");
- shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(nld)));
-
- advanceClocks(time::milliseconds(10));
- Name interestName2("/localhost/nrd/non-register");
- shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(nld)));
-
- advanceClocks(time::milliseconds(10));
- Name interestName3("/localhost/nrd/register/option");
- shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(root)));
-
- advanceClocks(time::milliseconds(10));
- Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
- shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
-
- const std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"NRD Prefix Registration Command Rule\"\n"
- " for interest\n"
- " filter\n"
- " {\n"
- " type name\n"
- " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
- " }\n"
- " }\n"
- "}\n"
- "rule\n"
- "{\n"
- " id \"Testbed Hierarchy Rule\"\n"
- " for data\n"
- " filter\n"
- " {\n"
- " type name\n"
- " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
- " }\n"
- " checker\n"
- " {\n"
- " type hierarchical\n"
- " sig-type rsa-sha256\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type file\n"
- " file-name \"trust-anchor-8.cert\"\n"
- "}\n";
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
- auto validator = make_shared<ValidatorConfig>(&face2);
- validator->load(CONFIG, CONFIG_PATH.c_str());
-
- advanceClocks(time::milliseconds(2), 100);
-
- // should succeed
- validator->validate(*interest1,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
-
- do {
- advanceClocks(time::milliseconds(2), 10);
- } while (passPacket());
-
- // should fail
- validator->validate(*interest2,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
-
- do {
- advanceClocks(time::milliseconds(2), 10);
- } while (passPacket());
-
- // should succeed
- validator->validate(*interest3,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
-
- do {
- advanceClocks(time::milliseconds(2), 10);
- } while (passPacket());
-
- // should fail
- validator->validate(*interest4,
- [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
-
- do {
- advanceClocks(time::milliseconds(2), 10);
- } while (passPacket());
-}
-
-struct DirTestFixture : public ValidatorConfigFixture
-{
- DirTestFixture()
- : validator(&face, ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
- ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
- {
- certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
- boost::filesystem::create_directory(certDirPath);
-
- firstCertPath = (boost::filesystem::current_path() /
- std::string("test-cert-dir") /
- std::string("trust-anchor-1.cert"));
-
- secondCertPath = (boost::filesystem::current_path() /
- std::string("test-cert-dir") /
- std::string("trust-anchor-2.cert"));
-
- firstIdentity = Name("/TestValidatorConfig/Dir/First");
- addIdentity(firstIdentity);
- Name firstCertName = m_keyChain.getDefaultCertificateNameForIdentity(firstIdentity);
- firstCert = m_keyChain.getCertificate(firstCertName);
- io::save(*firstCert, firstCertPath.string());
-
- secondIdentity = Name("/TestValidatorConfig/Dir/Second");
- addIdentity(secondIdentity);
- Name secondCertName = m_keyChain.getDefaultCertificateNameForIdentity(secondIdentity);
- secondCert = m_keyChain.getCertificate(secondCertName);
- }
-
- ~DirTestFixture()
- {
- boost::filesystem::remove_all(certDirPath);
- }
-
-public:
- boost::filesystem::path certDirPath;
- boost::filesystem::path firstCertPath;
- boost::filesystem::path secondCertPath;
-
- Name firstIdentity;
- Name secondIdentity;
-
- shared_ptr<v1::IdentityCertificate> firstCert;
- shared_ptr<v1::IdentityCertificate> secondCert;
-
- ValidatorConfig validator;
-};
-
-BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
-{
- advanceClocks(time::milliseconds(10));
-
- Name dataName1("/any/data/1");
- shared_ptr<Data> data1 = make_shared<Data>(dataName1);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(firstIdentity)));
-
- Name dataName2("/any/data/2");
- shared_ptr<Data> data2 = make_shared<Data>(dataName2);
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(secondIdentity)));
-
- std::string CONFIG =
- "rule\n"
- "{\n"
- " id \"Any Rule\"\n"
- " for data\n"
- " filter\n"
- " {\n"
- " type name\n"
- " regex ^<>*$\n"
- " }\n"
- " checker\n"
- " {\n"
- " type customized\n"
- " sig-type rsa-sha256\n"
- " key-locator\n"
- " {\n"
- " type name\n"
- " regex ^<>*$\n"
- " }\n"
- " }\n"
- "}\n"
- "trust-anchor\n"
- "{\n"
- " type dir\n"
- " dir test-cert-dir\n"
- " refresh 1s\n"
- "}\n";
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
-
- validator.load(CONFIG, CONFIG_PATH.c_str());
-
- advanceClocks(time::milliseconds(10), 20);
- validator.validate(*data1,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10), 20);
-
- validator.validate(*data2,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
- advanceClocks(time::milliseconds(10), 20);
-
- io::save(*secondCert, secondCertPath.string());
- advanceClocks(time::milliseconds(10), 200);
-
- validator.validate(*data1,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10), 20);
-
- validator.validate(*data2,
- [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
- [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
- advanceClocks(time::milliseconds(10), 20);
-}
-
-class DirectCertFetchFixture : public ValidatorConfigFixture
-{
-public:
- DirectCertFetchFixture()
- : clientFace(io, m_v2KeyChain, {true, true})
- , validationResult(boost::logic::indeterminate)
- {
- auto certName = addIdentity(ca);
- saveIdentityCertificate(certName, "trust-anchor-1.cert");
- addSubCertificate(user, ca);
-
- userCertName = m_keyChain.getDefaultCertificateNameForIdentity(user);
- userCert = m_keyChain.getCertificate(userCertName);
- }
-
-protected:
- void
- runTest(const std::function<void(const Interest&, const Interest&)> respond)
- {
- optional<Interest> directInterest;
- optional<Interest> infrastructureInterest;
- clientFace.onSendInterest.connect([&] (const Interest& interest) {
- const Name& interestName = interest.getName();
- if (interestName == userCert->getName().getPrefix(-1)) {
- auto nextHopFaceIdTag = interest.getTag<lp::NextHopFaceIdTag>();
- if (nextHopFaceIdTag != nullptr) {
- BOOST_CHECK(!directInterest);
- directInterest = interest;
- }
- else {
- BOOST_CHECK(!infrastructureInterest);
- infrastructureInterest = interest;
- }
- if (static_cast<bool>(directInterest) && static_cast<bool>(infrastructureInterest)) {
- io.post([directInterest, infrastructureInterest, respond] {
- respond(directInterest.value(), infrastructureInterest.value());
- });
- directInterest = nullopt;
- infrastructureInterest = nullopt;
- }
- }
- });
-
- const boost::filesystem::path CONFIG_PATH =
- (boost::filesystem::current_path() / std::string("unit-test-direct.conf"));
- ValidatorConfig validator(&clientFace);
- validator.load(CONFIG, CONFIG_PATH.c_str());
- validator.setDirectCertFetchEnabled(true);
-
- shared_ptr<Interest> interest = make_shared<Interest>(interestName);
- interest->setTag(make_shared<lp::IncomingFaceIdTag>(123));
- BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest, security::signingByIdentity(user)));
-
- validator.validate(*interest,
- [&] (const shared_ptr<const Interest>&) {
- BOOST_CHECK(boost::logic::indeterminate(validationResult));
- validationResult = true;
- },
- [&] (const shared_ptr<const Interest>&, const std::string& s) {
- BOOST_CHECK(boost::logic::indeterminate(validationResult));
- validationResult = false;
- });
-
- advanceClocks(time::milliseconds(200), 60);
-
- BOOST_CHECK(!boost::logic::indeterminate(validationResult));
- }
-
-public:
- util::DummyClientFace clientFace;
- const Name ca = Name("/DirectCertFetch");
- const Name user = Name("/DirectCertFetch/user");
- const Name interestName = Name("/DirectCertFetch/user/tag-interest");
- const std::string CONFIG = R"_TEXT_(
- rule
- {
- id "RuleForInterest"
- for interest
- checker
- {
- type hierarchical
- sig-type rsa-sha256
- }
- }
- rule
- {
- id "RuleForData"
- for data
- filter
- {
- type name
- regex ^<>*$
- }
- checker
- {
- type customized
- sig-type rsa-sha256
- key-locator
- {
- type name
- regex ^<>*$
- }
- }
- }
- trust-anchor
- {
- type file
- file-name "trust-anchor-1.cert"
- }
- )_TEXT_";
- boost::logic::tribool validationResult;
- Name userCertName;
- shared_ptr<v1::IdentityCertificate> userCert;
-};
-
-BOOST_FIXTURE_TEST_SUITE(DirectCertFetch, DirectCertFetchFixture)
-
-BOOST_AUTO_TEST_CASE(CertFetchSuccess)
-{
- runTest([this] (const Interest& directInterest, const Interest& infrastructureInterest) {
- this->clientFace.receive(*userCert);
- });
-
- BOOST_CHECK_EQUAL(validationResult, true);
-}
-
-BOOST_AUTO_TEST_CASE(CertFetchTimeout)
-{
- // In this test case, certificate request would time out
- runTest([this] (const Interest& directInterest, const Interest& infrastructureInterest) { });
-
- BOOST_CHECK_EQUAL(validationResult, false);
-}
-
-BOOST_AUTO_TEST_CASE(CertFetchNack)
-{
- runTest([this] (const Interest& directInterest, const Interest& infrastructureInterest) {
- lp::Nack nackInfrastructureInterest(infrastructureInterest);
- nackInfrastructureInterest.setHeader(lp::NackHeader().setReason(lp::NackReason::NO_ROUTE));
- this->clientFace.receive(nackInfrastructureInterest);
- });
-
- BOOST_CHECK_EQUAL(validationResult, false);
-}
+BOOST_AUTO_TEST_SUITE_END() // Loads
-BOOST_AUTO_TEST_SUITE_END() // DirectCertFetch
BOOST_AUTO_TEST_SUITE_END() // TestValidatorConfig
BOOST_AUTO_TEST_SUITE_END() // Security