blob: 028d790eea5a005c57f3b211aece3a5ebec01429 [file] [log] [blame]
Yingdi Yu41546342014-11-30 23:37:53 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07003 * Copyright (c) 2013-2016 Regents of the University of California.
Yingdi Yu41546342014-11-30 23:37:53 -08004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#include "security/validator-config.hpp"
23
24#include "security/key-chain.hpp"
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -070025#include "security/signing-helpers.hpp"
Yingdi Yu41546342014-11-30 23:37:53 -080026#include "util/io.hpp"
27#include "util/scheduler.hpp"
28#include "util/dummy-client-face.hpp"
29
30#include <boost/asio.hpp>
31
32#include "identity-management-fixture.hpp"
33#include "../identity-management-time-fixture.hpp"
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -070034#include "../make-interest-data.hpp"
Yingdi Yu41546342014-11-30 23:37:53 -080035#include "boost-test.hpp"
36
Yingdi Yu41546342014-11-30 23:37:53 -080037namespace ndn {
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -070038namespace security {
Yingdi Yu41546342014-11-30 23:37:53 -080039namespace tests {
40
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -070041using namespace ndn::tests;
Yingdi Yu41546342014-11-30 23:37:53 -080042
Junxiao Shid5827ce2016-07-14 20:49:37 +000043BOOST_AUTO_TEST_SUITE(Security)
44BOOST_FIXTURE_TEST_SUITE(TestValidatorConfig, IdentityManagementFixture)
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -070045
46BOOST_AUTO_TEST_CASE(NameFilter)
Yingdi Yu41546342014-11-30 23:37:53 -080047{
48 Name identity("/TestValidatorConfig/NameFilter");
49 identity.appendVersion();
50 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
51 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
52 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
53 io::save(*idCert, "trust-anchor-1.cert");
54
55 Name dataName1("/simple/equal");
56 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -070057 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -080058
59 Name dataName2("/simple/different");
60 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -070061 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -080062
63 std::string CONFIG_1 =
64 "rule\n"
65 "{\n"
66 " id \"Simple Rule\"\n"
67 " for data\n"
68 " filter"
69 " {\n"
70 " type name\n"
71 " name /simple/equal\n"
72 " relation equal\n"
73 " }\n"
74 " checker\n"
75 " {\n"
76 " type customized\n"
77 " sig-type rsa-sha256\n"
78 " key-locator\n"
79 " {\n"
80 " type name\n"
81 " name ";
82
83 std::string CONFIG_2 =
84 "\n"
85 " relation equal\n"
86 " }\n"
87 " }\n"
88 "}\n"
89 "trust-anchor\n"
90 "{\n"
91 " type file\n"
92 " file-name \"trust-anchor-1.cert\"\n"
93 "}\n";
94 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
95
96 const boost::filesystem::path CONFIG_PATH =
97 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
98
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -070099 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800100 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700101 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800102
103 validator.validate(*data1,
104 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700105 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800106
107 validator.validate(*data2,
108 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700109 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800110
111 const boost::filesystem::path CERT_PATH =
112 (boost::filesystem::current_path() / std::string("trust-anchor-1.cert"));
113 boost::filesystem::remove(CERT_PATH);
114}
115
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700116BOOST_AUTO_TEST_CASE(NameFilter2)
Yingdi Yu41546342014-11-30 23:37:53 -0800117{
118 Name identity("/TestValidatorConfig/NameFilter2");
119 identity.appendVersion();
120 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
121 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
122 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
123 io::save(*idCert, "trust-anchor-2.cert");
124
125 Name dataName1("/simple/isPrefixOf");
126 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700127 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800128
129 Name dataName2("/simple/notPrefixOf");
130 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700131 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800132
133 Name dataName3("/simple/isPrefixOf/anotherLevel");
134 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700135 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800136
137 std::string CONFIG_1 =
138 "rule\n"
139 "{\n"
140 " id \"Simple2 Rule\"\n"
141 " for data\n"
142 " filter"
143 " {\n"
144 " type name\n"
145 " name /simple/isPrefixOf\n"
146 " relation is-prefix-of\n"
147 " }\n"
148 " checker\n"
149 " {\n"
150 " type customized\n"
151 " sig-type rsa-sha256\n"
152 " key-locator\n"
153 " {\n"
154 " type name\n"
155 " name ";
156
157 std::string CONFIG_2 =
158 "\n"
159 " relation equal\n"
160 " }\n"
161 " }\n"
162 "}\n"
163 "trust-anchor\n"
164 "{\n"
165 " type file\n"
166 " file-name \"trust-anchor-2.cert\"\n"
167 "}\n";
168 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
169
170 const boost::filesystem::path CONFIG_PATH =
171 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
172
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700173 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800174 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700175 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800176
177 validator.validate(*data1,
178 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700179 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800180
181 validator.validate(*data2,
182 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700183 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800184
185 validator.validate(*data3,
186 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700187 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800188
189 const boost::filesystem::path CERT_PATH =
190 (boost::filesystem::current_path() / std::string("trust-anchor-2.cert"));
191 boost::filesystem::remove(CERT_PATH);
192}
193
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700194BOOST_AUTO_TEST_CASE(NameFilter3)
Yingdi Yu41546342014-11-30 23:37:53 -0800195{
196 Name identity("/TestValidatorConfig/NameFilter3");
197 identity.appendVersion();
198 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
199 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
200 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
201 io::save(*idCert, "trust-anchor-3.cert");
202
203 Name dataName1("/simple/isStrictPrefixOf");
204 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700205 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800206
207 Name dataName2("/simple");
208 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700209 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800210
211 Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
212 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700213 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800214
215 std::string CONFIG_1 =
216 "rule\n"
217 "{\n"
218 " id \"Simple3 Rule\"\n"
219 " for data\n"
220 " filter"
221 " {\n"
222 " type name\n"
223 " name /simple/isStrictPrefixOf\n"
224 " relation is-strict-prefix-of\n"
225 " }\n"
226 " checker\n"
227 " {\n"
228 " type customized\n"
229 " sig-type rsa-sha256\n"
230 " key-locator\n"
231 " {\n"
232 " type name\n"
233 " name ";
234
235 std::string CONFIG_2 =
236 "\n"
237 " relation equal\n"
238 " }\n"
239 " }\n"
240 "}\n"
241 "trust-anchor\n"
242 "{\n"
243 " type file\n"
244 " file-name \"trust-anchor-3.cert\"\n"
245 "}\n";
246 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
247
248 const boost::filesystem::path CONFIG_PATH =
249 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
250
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700251 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800252 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700253 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800254
255 validator.validate(*data1,
256 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700257 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800258
259 validator.validate(*data2,
260 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700261 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800262
263 validator.validate(*data3,
264 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700265 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800266
267 const boost::filesystem::path CERT_PATH =
268 (boost::filesystem::current_path() / std::string("trust-anchor-3.cert"));
269 boost::filesystem::remove(CERT_PATH);
270}
271
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700272BOOST_AUTO_TEST_CASE(NameFilter4)
Yingdi Yu41546342014-11-30 23:37:53 -0800273{
274 Name identity("/TestValidatorConfig/NameFilter4");
275 identity.appendVersion();
276 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
277 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
278 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
279 io::save(*idCert, "trust-anchor-4.cert");
280
281 Name dataName1("/simple/regex");
282 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700283 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800284
285 Name dataName2("/simple/regex-wrong");
286 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700287 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800288
289 Name dataName3("/simple/regex/correct");
290 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700291 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800292
293 std::string CONFIG_1 =
294 "rule\n"
295 "{\n"
296 " id \"Simple3 Rule\"\n"
297 " for data\n"
298 " filter"
299 " {\n"
300 " type name\n"
301 " regex ^<simple><regex>\n"
302 " }\n"
303 " checker\n"
304 " {\n"
305 " type customized\n"
306 " sig-type rsa-sha256\n"
307 " key-locator\n"
308 " {\n"
309 " type name\n"
310 " name ";
311
312 std::string CONFIG_2 =
313 "\n"
314 " relation equal\n"
315 " }\n"
316 " }\n"
317 "}\n"
318 "trust-anchor\n"
319 "{\n"
320 " type file\n"
321 " file-name \"trust-anchor-4.cert\"\n"
322 "}\n";
323 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
324
325 const boost::filesystem::path CONFIG_PATH =
326 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
327
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700328 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800329 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700330 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800331
332 validator.validate(*data1,
333 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700334 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800335
336 validator.validate(*data2,
337 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700338 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800339
340 validator.validate(*data3,
341 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700342 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800343
344 const boost::filesystem::path CERT_PATH =
345 (boost::filesystem::current_path() / std::string("trust-anchor-4.cert"));
346 boost::filesystem::remove(CERT_PATH);
347}
348
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700349BOOST_AUTO_TEST_CASE(KeyLocatorNameChecker1)
Yingdi Yu41546342014-11-30 23:37:53 -0800350{
351 Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
352 identity.appendVersion();
353 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
354 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
355 shared_ptr<IdentityCertificate> idCert = m_keyChain.getCertificate(certName);
356 io::save(*idCert, "trust-anchor-5.cert");
357
358 Name dataName1 = identity;
359 dataName1.append("1");
360 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700361 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800362
363 Name dataName2 = identity;
364 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700365 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800366
367 Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
368 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700369 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800370
371 const std::string CONFIG =
372 "rule\n"
373 "{\n"
374 " id \"Simple3 Rule\"\n"
375 " for data\n"
376 " checker\n"
377 " {\n"
378 " type customized\n"
379 " sig-type rsa-sha256\n"
380 " key-locator\n"
381 " {\n"
382 " type name\n"
383 " hyper-relation\n"
384 " {\n"
385 " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
386 " k-expand \\\\1\\\\2\n"
387 " h-relation is-strict-prefix-of\n"
388 " p-regex ^(<>*)$\n"
389 " p-expand \\\\1\n"
390 " }\n"
391 " }\n"
392 " }\n"
393 "}\n"
394 "trust-anchor\n"
395 "{\n"
396 " type file\n"
397 " file-name \"trust-anchor-5.cert\"\n"
398 "}\n";
399 const boost::filesystem::path CONFIG_PATH =
400 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
401
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700402 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800403 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700404 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800405
406 validator.validate(*data1,
407 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700408 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800409
410 validator.validate(*data2,
411 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700412 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800413
414 validator.validate(*data3,
415 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700416 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800417
418 const boost::filesystem::path CERT_PATH =
419 (boost::filesystem::current_path() / std::string("trust-anchor-5.cert"));
420 boost::filesystem::remove(CERT_PATH);
421}
422
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700423BOOST_AUTO_TEST_CASE(FixedSignerChecker)
Yingdi Yu41546342014-11-30 23:37:53 -0800424{
425 Name identity("/TestValidatorConfig/FixedSignerChecker");
426
427 Name identity1 = identity;
428 identity1.append("1").appendVersion();
429 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
430 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
431 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
432 io::save(*idCert1, "trust-anchor-7.cert");
433
434 Name identity2 = identity;
435 identity2.append("2").appendVersion();
436 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
437
438 Name dataName1 = identity;
439 dataName1.append("data").appendVersion();
440 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700441 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800442
443 Name dataName2 = identity;
444 dataName2.append("data").appendVersion();
445 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700446 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800447
448 Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
449 shared_ptr<Interest> interest = make_shared<Interest>(interestName);
450
451 const std::string CONFIG =
452 "rule\n"
453 "{\n"
454 " id \"FixedSignerChecker Data Rule\"\n"
455 " for data\n"
456 " filter"
457 " {\n"
458 " type name\n"
459 " name /TestValidatorConfig/FixedSignerChecker\n"
460 " relation is-strict-prefix-of\n"
461 " }\n"
462 " checker\n"
463 " {\n"
464 " type fixed-signer\n"
465 " sig-type rsa-sha256\n"
466 " signer\n"
467 " {\n"
468 " type file\n"
469 " file-name \"trust-anchor-7.cert\"\n"
470 " }\n"
471 " }\n"
472 "}\n"
473 "rule\n"
474 "{\n"
475 " id \"FixedSignerChecker Interest Rule\"\n"
476 " for interest\n"
477 " filter"
478 " {\n"
479 " type name\n"
480 " name /TestValidatorConfig/FixedSignerChecker\n"
481 " relation is-strict-prefix-of\n"
482 " }\n"
483 " checker\n"
484 " {\n"
485 " type fixed-signer\n"
486 " sig-type rsa-sha256\n"
487 " signer\n"
488 " {\n"
489 " type file\n"
490 " file-name \"trust-anchor-7.cert\"\n"
491 " }\n"
492 " }\n"
493 "}\n";
494 const boost::filesystem::path CONFIG_PATH =
495 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
496
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700497 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800498 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700499 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800500
501 validator.validate(*data1,
502 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700503 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800504
505 validator.validate(*data2,
506 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700507 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800508
509 validator.validate(*interest,
510 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700511 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800512
513 const boost::filesystem::path CERT_PATH =
514 (boost::filesystem::current_path() / std::string("trust-anchor-7.cert"));
515 boost::filesystem::remove(CERT_PATH);
516}
517
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700518struct CertCleanFixture : public IdentityManagementTimeFixture
519{
520public:
521 CertCleanFixture()
522 : tmpPath(boost::filesystem::path(UNIT_TEST_CONFIG_PATH))
523 {
524 boost::filesystem::create_directories(tmpPath);
525 }
526
527 ~CertCleanFixture()
528 {
529 boost::filesystem::remove_all(tmpPath);
530 }
531
532public:
533 boost::filesystem::path tmpPath;
534};
535
536BOOST_FIXTURE_TEST_CASE(MultiCheckers, CertCleanFixture)
537{
538 std::string certDir = tmpPath.c_str();
539
540 Name identity1("/TestValidatorConfig/MultiCheckers/");
541 identity1.appendVersion();
542 addIdentity(identity1);
543 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
544 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
545 std::string certDir1 = certDir + "trust-anchor-multi-1.cert";
546 io::save(*idCert1, certDir1);
547
548 Name identity2("/TestValidatorConfig/");
549 identity2.appendVersion();
550 addIdentity(identity2);
551 Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
552 shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
553 std::string certDir2 = certDir + "trust-anchor-multi-2.cert";
554 io::save(*idCert2, certDir2);
555
556 const std::string CONFIG =
557 "rule\n"
558 "{\n"
559 " id \"Simple Rule01\"\n"
560 " for data\n"
561 " filter"
562 " {\n"
563 " type name\n"
564 " name /\n"
565 " relation is-prefix-of\n"
566 " }\n"
567 " checker\n" // checker 1, signer should have prefix /TestValidatorConfig/MultiCheckers
568 " {\n"
569 " type customized\n"
570 " sig-type rsa-sha256\n"
571 " key-locator\n"
572 " {\n"
573 " type name\n"
574 " name /TestValidatorConfig/MultiCheckers/\n"
575 " relation is-prefix-of\n"
576 " }\n"
577 " }\n"
578 " checker\n" // checker 2, data should have same prefix of its signer
579 " {\n"
580 " type hierarchical\n"
581 " sig-type rsa-sha256\n"
582 " }\n"
583 " checker\n" // checker 3, the signer should be identity1
584 " {\n"
585 " type fixed-signer\n"
586 " sig-type rsa-sha256\n"
587 " signer\n"
588 " {\n"
589 " type file\n"
590 " file-name \"trust-anchor-multi-1.cert\"\n"
591 " }\n"
592 " }\n"
593 "}\n";
594
595 const boost::filesystem::path CONFIG_PATH =
596 (tmpPath / std::string("unit-test-multicheckers.conf"));
597
598 ValidatorConfig validator;
599 validator.load(CONFIG, CONFIG_PATH.c_str());
600 conf::Checker& checker0 = *validator.m_dataRules.front()->m_checkers[0];
601 conf::Checker& checker1 = *validator.m_dataRules.front()->m_checkers[1];
602 conf::Checker& checker2 = *validator.m_dataRules.front()->m_checkers[2];
603
604 auto data1 = util::makeData(Name(identity1).append("Test"));
605 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
606 BOOST_CHECK_EQUAL(checker0.check(*data1), 0);
607 BOOST_CHECK_EQUAL(checker1.check(*data1), 0);
608 BOOST_CHECK_EQUAL(checker2.check(*data1), 1);
609
610 auto data2 = util::makeData(Name(identity2).append("Data2"));
611 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
612 BOOST_CHECK_EQUAL(checker0.check(*data2), -1);
613 BOOST_CHECK_EQUAL(checker1.check(*data2), 0);
614 BOOST_CHECK_EQUAL(checker2.check(*data2), -1);
615
616 auto data3 = util::makeData(Name(identity2).append("Data3"));
617 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity1)));
618 BOOST_CHECK_EQUAL(checker0.check(*data3), 0);
619 BOOST_CHECK_EQUAL(checker1.check(*data3), -1);
620 BOOST_CHECK_EQUAL(checker2.check(*data3), 1);
621
622 auto data4 = util::makeData("/Data4");
623 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data4, security::signingByIdentity(identity2)));
624 BOOST_CHECK_EQUAL(checker0.check(*data4), -1);
625 BOOST_CHECK_EQUAL(checker1.check(*data4), -1);
626 BOOST_CHECK_EQUAL(checker2.check(*data4), -1);
627
628 int count = 0;
629 validator.validate(*data1,
630 [&] (const shared_ptr<const Data>&) {
631 BOOST_CHECK(true);
632 count++;
633 },
634 [] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
635
636 validator.validate(*data2,
637 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
638 [&] (const shared_ptr<const Data>&, const std::string& str) {
639 BOOST_CHECK(true);
640 count++;
641 });
642
643 validator.validate(*data3,
644 [&] (const shared_ptr<const Data>&) {
645 BOOST_CHECK(true);
646 count++;
647 },
648 [] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
649
650 validator.validate(*data4,
651 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
652 [&] (const shared_ptr<const Data>&, const std::string& str) {
653 BOOST_CHECK(true);
654 count++;
655 });
656
657 BOOST_CHECK_EQUAL(count, 4);
658}
659
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700660BOOST_AUTO_TEST_CASE(Reset)
Yingdi Yu41546342014-11-30 23:37:53 -0800661{
662 Name root("/TestValidatorConfig/Reload");
663 BOOST_REQUIRE_NO_THROW(addIdentity(root));
664 Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
665 shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
666 io::save(*rootCert, "trust-anchor-8.cert");
667
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700668 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800669
670 const std::string CONFIG =
671 "rule\n"
672 "{\n"
673 " id \"NRD Prefix Registration Command Rule\"\n"
674 " for interest\n"
675 " filter\n"
676 " {\n"
677 " type name\n"
678 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
679 " }\n"
680 " checker\n"
681 " {\n"
682 " type customized\n"
683 " sig-type rsa-sha256\n"
684 " key-locator\n"
685 " {\n"
686 " type name\n"
687 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
688 " }\n"
689 " }\n"
690 "}\n"
691 "rule\n"
692 "{\n"
693 " id \"Testbed Hierarchy Rule\"\n"
694 " for data\n"
695 " filter\n"
696 " {\n"
697 " type name\n"
698 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
699 " }\n"
700 " checker\n"
701 " {\n"
702 " type hierarchical\n"
703 " sig-type rsa-sha256\n"
704 " }\n"
705 "}\n"
706 "trust-anchor\n"
707 "{\n"
708 " type file\n"
709 " file-name \"trust-anchor-8.cert\"\n"
710 "}\n";
711 const boost::filesystem::path CONFIG_PATH =
712 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
713
714
715 shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
716
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700717 validator->load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800718 BOOST_CHECK_EQUAL(validator->isEmpty(), false);
719
720 validator->reset();
721 BOOST_CHECK(validator->isEmpty());
722
723 const boost::filesystem::path CERT_PATH =
724 (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
725 boost::filesystem::remove(CERT_PATH);
726}
727
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700728BOOST_AUTO_TEST_CASE(TrustAnchorWildcard)
Yingdi Yu41546342014-11-30 23:37:53 -0800729{
730 Name identity("/TestValidatorConfig/Wildcard");
731 identity.appendVersion();
732 BOOST_REQUIRE_NO_THROW(addIdentity(identity));
733
734 Name dataName1("/any/data");
735 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700736 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800737
738 std::string CONFIG =
739 "trust-anchor\n"
740 "{\n"
741 " type any\n"
742 "}\n";
743
744 const boost::filesystem::path CONFIG_PATH =
745 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
746
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700747 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800748 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700749 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800750
751 validator.validate(*data1,
752 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700753 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800754}
755
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700756BOOST_AUTO_TEST_CASE(SignedInterestTest)
Yingdi Yu41546342014-11-30 23:37:53 -0800757{
758 Name identity("/TestValidatorConfig/SignedInterestTest");
759
760 Name identity1 = identity;
761 identity1.appendVersion();
762 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
763 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
764 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
765 io::save(*idCert1, "trust-anchor-9.cert");
766
767 Name interestName("/TestValidatorConfig/SignedInterestTest");
768 Name interestName1 = interestName;
769 interestName1.append("1");
770 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
771 Name interestName2 = interestName;
772 interestName2.append("2");
773 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
774
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700775 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800776 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700777 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800778
779 const std::string CONFIG =
780 "rule\n"
781 "{\n"
782 " id \"FixedSignerChecker Interest Rule\"\n"
783 " for interest\n"
784 " filter"
785 " {\n"
786 " type name\n"
787 " name /TestValidatorConfig/SignedInterestTest\n"
788 " relation is-strict-prefix-of\n"
789 " }\n"
790 " checker\n"
791 " {\n"
792 " type fixed-signer\n"
793 " sig-type rsa-sha256\n"
794 " signer\n"
795 " {\n"
796 " type file\n"
797 " file-name \"trust-anchor-9.cert\"\n"
798 " }\n"
799 " }\n"
800 "}\n";
801 const boost::filesystem::path CONFIG_PATH =
802 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
803
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700804 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800805 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700806 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800807
808 validator.validate(*interest1,
809 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700810 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800811
812 validator.validate(*interest2,
813 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700814 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800815
816 validator.validate(*interest1,
817 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700818 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800819
820 const boost::filesystem::path CERT_PATH =
821 (boost::filesystem::current_path() / std::string("trust-anchor-9.cert"));
822 boost::filesystem::remove(CERT_PATH);
823}
824
825
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700826BOOST_AUTO_TEST_CASE(MaxKeyTest)
Yingdi Yu41546342014-11-30 23:37:53 -0800827{
828 Name identity("/TestValidatorConfig/MaxKeyTest");
829
830 Name identity1 = identity;
831 identity1.append("Key1");
832 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
833 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
834 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
835 io::save(*idCert1, "trust-anchor-10-1.cert");
836
837 Name identity2 = identity;
838 identity2.append("Key2");
839 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
840 Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
841 shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
842 io::save(*idCert2, "trust-anchor-10-2.cert");
843
844 Name identity3 = identity;
845 identity3.append("Key3");
846 BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
847 Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
848 shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
849 io::save(*idCert3, "trust-anchor-10-3.cert");
850
851
852 Name interestName("/TestValidatorConfig/MaxKeyTest");
853 Name interestName1 = interestName;
854 interestName1.append("1");
855 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
856 Name interestName2 = interestName;
857 interestName2.append("2");
858 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
859 Name interestName3 = interestName;
860 interestName3.append("3");
861 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
862
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700863 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800864 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700865 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800866 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700867 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
Yingdi Yu41546342014-11-30 23:37:53 -0800868
869 const std::string CONFIG =
870 "rule\n"
871 "{\n"
872 " id \"FixedSignerChecker Interest Rule\"\n"
873 " for interest\n"
874 " filter"
875 " {\n"
876 " type name\n"
877 " name /TestValidatorConfig/MaxKeyTest\n"
878 " relation is-strict-prefix-of\n"
879 " }\n"
880 " checker\n"
881 " {\n"
882 " type fixed-signer\n"
883 " sig-type rsa-sha256\n"
884 " signer\n"
885 " {\n"
886 " type file\n"
887 " file-name \"trust-anchor-10-1.cert\"\n"
888 " }\n"
889 " signer\n"
890 " {\n"
891 " type file\n"
892 " file-name \"trust-anchor-10-2.cert\"\n"
893 " }\n"
894 " signer\n"
895 " {\n"
896 " type file\n"
897 " file-name \"trust-anchor-10-3.cert\"\n"
898 " }\n"
899 " }\n"
900 "}\n";
901 const boost::filesystem::path CONFIG_PATH =
902 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
903
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700904 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -0800905 ValidatorConfig validator(face,
906 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
907 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
908 10,
909 2, // Two keys can be tracked
910 time::seconds(1)); // TTL is set to 1 sec
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700911 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800912
913 validator.validate(*interest1,
914 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700915 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800916
917 validator.validate(*interest2,
918 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700919 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800920
921 validator.validate(*interest1,
922 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700923 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800924
925 validator.validate(*interest3,
926 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700927 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800928
929 // Should succeed because identity1's key has been cleaned up due to space limit.
930 validator.validate(*interest1,
931 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700932 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800933
934 const boost::filesystem::path CERT_PATH1 =
935 (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
936 boost::filesystem::remove(CERT_PATH1);
937
938 const boost::filesystem::path CERT_PATH2 =
939 (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
940 boost::filesystem::remove(CERT_PATH2);
941
942 const boost::filesystem::path CERT_PATH3 =
943 (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
944 boost::filesystem::remove(CERT_PATH3);
945}
946
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700947BOOST_AUTO_TEST_CASE(MaxKeyTest2)
Yingdi Yu41546342014-11-30 23:37:53 -0800948{
949 Name identity("/TestValidatorConfig/MaxKeyTest");
950
951 Name identity1 = identity;
952 identity1.append("Key1");
953 BOOST_REQUIRE_NO_THROW(addIdentity(identity1));
954 Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
955 shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
956 io::save(*idCert1, "trust-anchor-10-1.cert");
957
958 Name identity2 = identity;
959 identity2.append("Key2");
960 BOOST_REQUIRE_NO_THROW(addIdentity(identity2));
961 Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
962 shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
963 io::save(*idCert2, "trust-anchor-10-2.cert");
964
965 Name identity3 = identity;
966 identity3.append("Key3");
967 BOOST_REQUIRE_NO_THROW(addIdentity(identity3));
968 Name certName3 = m_keyChain.getDefaultCertificateNameForIdentity(identity3);
969 shared_ptr<IdentityCertificate> idCert3 = m_keyChain.getCertificate(certName3);
970 io::save(*idCert3, "trust-anchor-10-3.cert");
971
972 Name identity4 = identity;
973 identity4.append("Key4");
974 BOOST_REQUIRE_NO_THROW(addIdentity(identity4));
975 Name certName4 = m_keyChain.getDefaultCertificateNameForIdentity(identity4);
976 shared_ptr<IdentityCertificate> idCert4 = m_keyChain.getCertificate(certName4);
977 io::save(*idCert4, "trust-anchor-10-4.cert");
978
979
980 Name interestName("/TestValidatorConfig/MaxKeyTest");
981 Name interestName1 = interestName;
982 interestName1.append("1");
983 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
984 Name interestName2 = interestName;
985 interestName2.append("2");
986 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
987 Name interestName3 = interestName;
988 interestName3.append("3");
989 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
990 Name interestName4 = interestName;
991 interestName4.append("4");
992 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
993
994
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700995 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800996 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700997 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800998 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700999 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
Yingdi Yu41546342014-11-30 23:37:53 -08001000 usleep(10000);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001001 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest4, security::signingByIdentity(identity4)));
Yingdi Yu41546342014-11-30 23:37:53 -08001002
1003 const std::string CONFIG =
1004 "rule\n"
1005 "{\n"
1006 " id \"FixedSignerChecker Interest Rule\"\n"
1007 " for interest\n"
1008 " filter"
1009 " {\n"
1010 " type name\n"
1011 " name /TestValidatorConfig/MaxKeyTest\n"
1012 " relation is-strict-prefix-of\n"
1013 " }\n"
1014 " checker\n"
1015 " {\n"
1016 " type fixed-signer\n"
1017 " sig-type rsa-sha256\n"
1018 " signer\n"
1019 " {\n"
1020 " type file\n"
1021 " file-name \"trust-anchor-10-1.cert\"\n"
1022 " }\n"
1023 " signer\n"
1024 " {\n"
1025 " type file\n"
1026 " file-name \"trust-anchor-10-2.cert\"\n"
1027 " }\n"
1028 " signer\n"
1029 " {\n"
1030 " type file\n"
1031 " file-name \"trust-anchor-10-3.cert\"\n"
1032 " }\n"
1033 " signer\n"
1034 " {\n"
1035 " type file\n"
1036 " file-name \"trust-anchor-10-4.cert\"\n"
1037 " }\n"
1038 " }\n"
1039 "}\n";
1040 const boost::filesystem::path CONFIG_PATH =
1041 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1042
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001043 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -08001044 ValidatorConfig validator(face,
1045 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
1046 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
1047 10,
1048 3, // Two keys can be tracked
1049 time::seconds(1)); // TTL is set to 1 sec
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001050 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -08001051
1052 validator.validate(*interest1,
1053 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001054 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001055
1056 validator.validate(*interest2,
1057 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001058 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001059
1060 validator.validate(*interest3,
1061 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001062 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001063
1064 validator.validate(*interest1,
1065 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001066 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001067
1068 validator.validate(*interest2,
1069 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001070 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001071
1072 validator.validate(*interest3,
1073 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001074 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001075
1076 sleep(2);
1077
1078 validator.validate(*interest4,
1079 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001080 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001081
1082 // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
1083 validator.validate(*interest1,
1084 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001085 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001086
1087 validator.validate(*interest2,
1088 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001089 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001090
1091 validator.validate(*interest3,
1092 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001093 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001094
1095
1096 const boost::filesystem::path CERT_PATH1 =
1097 (boost::filesystem::current_path() / std::string("trust-anchor-10-1.cert"));
1098 boost::filesystem::remove(CERT_PATH1);
1099
1100 const boost::filesystem::path CERT_PATH2 =
1101 (boost::filesystem::current_path() / std::string("trust-anchor-10-2.cert"));
1102 boost::filesystem::remove(CERT_PATH2);
1103
1104 const boost::filesystem::path CERT_PATH3 =
1105 (boost::filesystem::current_path() / std::string("trust-anchor-10-3.cert"));
1106 boost::filesystem::remove(CERT_PATH3);
1107
1108 const boost::filesystem::path CERT_PATH4 =
1109 (boost::filesystem::current_path() / std::string("trust-anchor-10-4.cert"));
1110 boost::filesystem::remove(CERT_PATH4);
1111}
1112
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001113BOOST_AUTO_TEST_CASE(FixedSignerChecker2)
Yingdi Yu41546342014-11-30 23:37:53 -08001114{
1115 Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
1116 BOOST_REQUIRE_NO_THROW(addIdentity(rsaIdentity));
1117 Name rsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(rsaIdentity);
1118
1119 Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
1120 BOOST_REQUIRE_NO_THROW(addIdentity(ecdsaIdentity, EcdsaKeyParams()));
1121 Name ecdsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(ecdsaIdentity);
1122 shared_ptr<IdentityCertificate> ecdsaCert = m_keyChain.getCertificate(ecdsaCertName);
1123 io::save(*ecdsaCert, "trust-anchor-11.cert");
1124
1125
1126 Name dataName("/TestValidatorConfig/FixedSignerChecker2");
1127 shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001128 m_keyChain.sign(*dataRsa, security::signingByIdentity(rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -08001129 shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001130 m_keyChain.sign(*dataEcdsa, security::signingByIdentity(ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -08001131
1132 shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001133 m_keyChain.sign(*interestRsa, security::signingByIdentity(rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -08001134 shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001135 m_keyChain.sign(*interestEcdsa, security::signingByIdentity(ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -08001136
1137 const std::string CONFIG =
1138 "rule\n"
1139 "{\n"
1140 " id \"FixedSignerChecker Data Rule\"\n"
1141 " for data\n"
1142 " filter"
1143 " {\n"
1144 " type name\n"
1145 " name /TestValidatorConfig/FixedSignerChecker2\n"
1146 " relation equal\n"
1147 " }\n"
1148 " checker\n"
1149 " {\n"
1150 " type fixed-signer\n"
1151 " sig-type ecdsa-sha256\n"
1152 " signer\n"
1153 " {\n"
1154 " type file\n"
1155 " file-name \"trust-anchor-11.cert\"\n"
1156 " }\n"
1157 " }\n"
1158 "}\n"
1159 "rule\n"
1160 "{\n"
1161 " id \"FixedSignerChecker Interest Rule\"\n"
1162 " for interest\n"
1163 " filter"
1164 " {\n"
1165 " type name\n"
1166 " name /TestValidatorConfig/FixedSignerChecker2\n"
1167 " relation equal\n"
1168 " }\n"
1169 " checker\n"
1170 " {\n"
1171 " type fixed-signer\n"
1172 " sig-type ecdsa-sha256\n"
1173 " signer\n"
1174 " {\n"
1175 " type file\n"
1176 " file-name \"trust-anchor-11.cert\"\n"
1177 " }\n"
1178 " }\n"
1179 "}\n";
1180 const boost::filesystem::path CONFIG_PATH =
1181 (boost::filesystem::current_path() / std::string("unit-test.conf"));
1182
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001183 Face face(nullptr, m_keyChain);
Yingdi Yu41546342014-11-30 23:37:53 -08001184 ValidatorConfig validator(face);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001185 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -08001186
1187 validator.validate(*dataEcdsa,
1188 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001189 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001190
1191 validator.validate(*dataRsa,
1192 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001193 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001194
1195 validator.validate(*interestEcdsa,
1196 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001197 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001198
1199 validator.validate(*interestRsa,
1200 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001201 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001202
1203 const boost::filesystem::path CERT_PATH =
1204 (boost::filesystem::current_path() / std::string("trust-anchor-11.cert"));
1205 boost::filesystem::remove(CERT_PATH);
1206}
1207
1208
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001209struct FacesFixture : public IdentityManagementTimeFixture
Yingdi Yu41546342014-11-30 23:37:53 -08001210{
1211 FacesFixture()
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001212 : face1(io, m_keyChain, {true, true})
1213 , face2(io, m_keyChain, {true, true})
Yingdi Yu41546342014-11-30 23:37:53 -08001214 , readInterestOffset1(0)
1215 , readDataOffset1(0)
1216 , readInterestOffset2(0)
1217 , readDataOffset2(0)
1218 {
1219 }
1220
1221 bool
1222 passPacket()
1223 {
1224 bool hasPassed = false;
1225
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001226 checkFace(face1.sentInterests, readInterestOffset1, face2, hasPassed);
1227 checkFace(face1.sentData, readDataOffset1, face2, hasPassed);
1228 checkFace(face2.sentInterests, readInterestOffset2, face1, hasPassed);
1229 checkFace(face2.sentInterests, readDataOffset2, face1, hasPassed);
Yingdi Yu41546342014-11-30 23:37:53 -08001230
1231 return hasPassed;
1232 }
1233
1234 template<typename Packet>
1235 void
1236 checkFace(std::vector<Packet>& receivedPackets,
1237 size_t& readPacketOffset,
1238 util::DummyClientFace& receiver,
1239 bool& hasPassed)
1240 {
1241 while (receivedPackets.size() > readPacketOffset) {
1242 receiver.receive(receivedPackets[readPacketOffset]);
1243 readPacketOffset++;
1244 hasPassed = true;
1245 }
1246 }
1247
1248 ~FacesFixture()
1249 {
1250 }
1251
1252public:
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001253 util::DummyClientFace face1;
1254 util::DummyClientFace face2;
Yingdi Yu41546342014-11-30 23:37:53 -08001255
1256 size_t readInterestOffset1;
1257 size_t readDataOffset1;
1258 size_t readInterestOffset2;
1259 size_t readDataOffset2;
1260};
1261
1262BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
1263{
1264 std::vector<CertificateSubjectDescription> subjectDescription;
1265
1266 Name root("/TestValidatorConfig");
1267 BOOST_REQUIRE_NO_THROW(addIdentity(root));
1268 Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
1269 shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
1270 io::save(*rootCert, "trust-anchor-6.cert");
1271
1272
1273 Name sld("/TestValidatorConfig/HierarchicalChecker");
1274 BOOST_REQUIRE_NO_THROW(addIdentity(sld));
1275 advanceClocks(time::milliseconds(100));
1276 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
1277 shared_ptr<IdentityCertificate> sldCert =
1278 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1279 root,
1280 time::system_clock::now(),
1281 time::system_clock::now() + time::days(7300),
1282 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001283 m_keyChain.sign(*sldCert, security::signingByIdentity(root));
Yingdi Yu41546342014-11-30 23:37:53 -08001284 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1285
1286 Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
1287 BOOST_REQUIRE_NO_THROW(addIdentity(nld));
1288 advanceClocks(time::milliseconds(100));
1289 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
1290 shared_ptr<IdentityCertificate> nldCert =
1291 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1292 sld,
1293 time::system_clock::now(),
1294 time::system_clock::now() + time::days(7300),
1295 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001296m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -08001297 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1298
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001299 face1.setInterestFilter(sldCert->getName().getPrefix(-1),
1300 [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -08001301 RegisterPrefixSuccessCallback(),
1302 [] (const Name&, const std::string&) {});
1303
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001304 face1.setInterestFilter(nldCert->getName().getPrefix(-1),
1305 [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -08001306 RegisterPrefixSuccessCallback(),
1307 [] (const Name&, const std::string&) {});
1308
1309 Name dataName1 = nld;
1310 dataName1.append("data1");
1311 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001312 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -08001313
1314 Name dataName2("/ConfValidatorTest");
1315 dataName2.append("data1");
1316 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001317 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -08001318
1319
1320 const std::string CONFIG =
1321 "rule\n"
1322 "{\n"
1323 " id \"Simple3 Rule\"\n"
1324 " for data\n"
1325 " checker\n"
1326 " {\n"
1327 " type hierarchical\n"
1328 " sig-type rsa-sha256\n"
1329 " }\n"
1330 "}\n"
1331 "trust-anchor\n"
1332 "{\n"
1333 " type file\n"
1334 " file-name \"trust-anchor-6.cert\"\n"
1335 "}\n";
1336 const boost::filesystem::path CONFIG_PATH =
1337 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1338
1339
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001340 auto validator = make_shared<ValidatorConfig>(&face2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001341 validator->load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -08001342
1343 advanceClocks(time::milliseconds(2), 100);
1344 validator->validate(*data1,
1345 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001346 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001347
1348 do {
1349 advanceClocks(time::milliseconds(2), 10);
1350 } while (passPacket());
1351
1352 validator->validate(*data2,
1353 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001354 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001355
1356 do {
1357 advanceClocks(time::milliseconds(2), 10);
1358 } while (passPacket());
1359
1360 const boost::filesystem::path CERT_PATH =
1361 (boost::filesystem::current_path() / std::string("trust-anchor-6.cert"));
1362 boost::filesystem::remove(CERT_PATH);
1363}
1364
1365BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
1366{
Junxiao Shid5827ce2016-07-14 20:49:37 +00001367 advanceClocks(time::nanoseconds(1));
Yingdi Yu41546342014-11-30 23:37:53 -08001368
1369 std::vector<CertificateSubjectDescription> subjectDescription;
1370
1371 Name root("/TestValidatorConfig");
1372 BOOST_REQUIRE_NO_THROW(addIdentity(root));
1373 Name rootCertName = m_keyChain.getDefaultCertificateNameForIdentity(root);
1374 shared_ptr<IdentityCertificate> rootCert = m_keyChain.getCertificate(rootCertName);
1375 io::save(*rootCert, "trust-anchor-8.cert");
1376
1377
1378 Name sld("/TestValidatorConfig/Nrd-1");
1379 BOOST_REQUIRE_NO_THROW(addIdentity(sld));
1380 advanceClocks(time::milliseconds(100));
1381 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
1382 shared_ptr<IdentityCertificate> sldCert =
1383 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1384 root,
1385 time::system_clock::now(),
1386 time::system_clock::now() + time::days(7300),
1387 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001388 m_keyChain.sign(*sldCert, security::signingByIdentity(root));
Yingdi Yu41546342014-11-30 23:37:53 -08001389 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1390
1391 Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
1392 BOOST_REQUIRE_NO_THROW(addIdentity(nld));
1393 advanceClocks(time::milliseconds(100));
1394 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
1395 shared_ptr<IdentityCertificate> nldCert =
1396 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1397 sld,
1398 time::system_clock::now(),
1399 time::system_clock::now() + time::days(7300),
1400 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001401 m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -08001402 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1403
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001404 face1.setInterestFilter(sldCert->getName().getPrefix(-1),
1405 [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -08001406 RegisterPrefixSuccessCallback(),
1407 [] (const Name&, const std::string&) {});
1408
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001409 face1.setInterestFilter(nldCert->getName().getPrefix(-1),
1410 [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -08001411 RegisterPrefixSuccessCallback(),
1412 [] (const Name&, const std::string&) {});
1413
1414 advanceClocks(time::milliseconds(10));
1415 Name interestName1("/localhost/nrd/register/option");
1416 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001417 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -08001418
1419 advanceClocks(time::milliseconds(10));
1420 Name interestName2("/localhost/nrd/non-register");
1421 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001422 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -08001423
1424 advanceClocks(time::milliseconds(10));
1425 Name interestName3("/localhost/nrd/register/option");
1426 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001427 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(root)));
Yingdi Yu41546342014-11-30 23:37:53 -08001428
1429 advanceClocks(time::milliseconds(10));
1430 Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
1431 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
1432
1433 const std::string CONFIG =
1434 "rule\n"
1435 "{\n"
1436 " id \"NRD Prefix Registration Command Rule\"\n"
1437 " for interest\n"
1438 " filter\n"
1439 " {\n"
1440 " type name\n"
1441 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
1442 " }\n"
1443 " checker\n"
1444 " {\n"
1445 " type customized\n"
1446 " sig-type rsa-sha256\n"
1447 " key-locator\n"
1448 " {\n"
1449 " type name\n"
1450 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
1451 " }\n"
1452 " }\n"
1453 "}\n"
1454 "rule\n"
1455 "{\n"
1456 " id \"Testbed Hierarchy Rule\"\n"
1457 " for data\n"
1458 " filter\n"
1459 " {\n"
1460 " type name\n"
1461 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
1462 " }\n"
1463 " checker\n"
1464 " {\n"
1465 " type hierarchical\n"
1466 " sig-type rsa-sha256\n"
1467 " }\n"
1468 "}\n"
1469 "trust-anchor\n"
1470 "{\n"
1471 " type file\n"
1472 " file-name \"trust-anchor-8.cert\"\n"
1473 "}\n";
1474 const boost::filesystem::path CONFIG_PATH =
1475 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1476
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001477 auto validator = make_shared<ValidatorConfig>(&face2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001478 validator->load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -08001479
1480 advanceClocks(time::milliseconds(2), 100);
1481
1482 // should succeed
1483 validator->validate(*interest1,
1484 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001485 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001486
1487 do {
1488 advanceClocks(time::milliseconds(2), 10);
1489 } while (passPacket());
1490
1491 // should fail
1492 validator->validate(*interest2,
1493 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001494 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001495
1496 do {
1497 advanceClocks(time::milliseconds(2), 10);
1498 } while (passPacket());
1499
1500 // should succeed
1501 validator->validate(*interest3,
1502 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001503 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001504
1505 do {
1506 advanceClocks(time::milliseconds(2), 10);
1507 } while (passPacket());
1508
1509 // should fail
1510 validator->validate(*interest4,
1511 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001512 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001513
1514 do {
1515 advanceClocks(time::milliseconds(2), 10);
1516 } while (passPacket());
1517
1518 const boost::filesystem::path CERT_PATH =
1519 (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
1520 boost::filesystem::remove(CERT_PATH);
1521}
1522
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001523struct DirTestFixture : public IdentityManagementTimeFixture
Yingdi Yu41546342014-11-30 23:37:53 -08001524{
1525 DirTestFixture()
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001526 : face(io, m_keyChain, {true, true})
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001527 , validator(&face, ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
Yingdi Yu41546342014-11-30 23:37:53 -08001528 ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
1529 {
1530 certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
1531 boost::filesystem::create_directory(certDirPath);
1532
1533 firstCertPath = (boost::filesystem::current_path() /
1534 std::string("test-cert-dir") /
1535 std::string("trust-anchor-1.cert"));
1536
1537 secondCertPath = (boost::filesystem::current_path() /
1538 std::string("test-cert-dir") /
1539 std::string("trust-anchor-2.cert"));
1540
1541 firstIdentity = Name("/TestValidatorConfig/Dir/First");
1542 BOOST_REQUIRE_NO_THROW(addIdentity(firstIdentity));
1543 Name firstCertName = m_keyChain.getDefaultCertificateNameForIdentity(firstIdentity);
1544 firstCert = m_keyChain.getCertificate(firstCertName);
1545 io::save(*firstCert, firstCertPath.string());
1546
1547 secondIdentity = Name("/TestValidatorConfig/Dir/Second");
1548 BOOST_REQUIRE_NO_THROW(addIdentity(secondIdentity));
1549 Name secondCertName = m_keyChain.getDefaultCertificateNameForIdentity(secondIdentity);
1550 secondCert = m_keyChain.getCertificate(secondCertName);
1551 }
1552
1553 ~DirTestFixture()
1554 {
1555 boost::filesystem::remove_all(certDirPath);
1556 }
1557
1558public:
1559 boost::filesystem::path certDirPath;
1560 boost::filesystem::path firstCertPath;
1561 boost::filesystem::path secondCertPath;
1562
1563 Name firstIdentity;
1564 Name secondIdentity;
1565
1566 shared_ptr<IdentityCertificate> firstCert;
1567 shared_ptr<IdentityCertificate> secondCert;
1568
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001569 util::DummyClientFace face;
Yingdi Yu41546342014-11-30 23:37:53 -08001570 ValidatorConfig validator;
1571};
1572
1573BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
1574{
1575 advanceClocks(time::milliseconds(10));
1576
1577 Name dataName1("/any/data/1");
1578 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001579 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(firstIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -08001580
1581 Name dataName2("/any/data/2");
1582 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001583 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(secondIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -08001584
1585 std::string CONFIG =
1586 "rule\n"
1587 "{\n"
1588 " id \"Any Rule\"\n"
1589 " for data\n"
1590 " filter\n"
1591 " {\n"
1592 " type name\n"
1593 " regex ^<>*$\n"
1594 " }\n"
1595 " checker\n"
1596 " {\n"
1597 " type customized\n"
1598 " sig-type rsa-sha256\n"
1599 " key-locator\n"
1600 " {\n"
1601 " type name\n"
1602 " regex ^<>*$\n"
1603 " }\n"
1604 " }\n"
1605 "}\n"
1606 "trust-anchor\n"
1607 "{\n"
1608 " type dir\n"
1609 " dir test-cert-dir\n"
1610 " refresh 1s\n"
1611 "}\n";
1612
1613 const boost::filesystem::path CONFIG_PATH =
1614 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1615
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001616 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -08001617
1618 advanceClocks(time::milliseconds(10), 20);
1619 validator.validate(*data1,
1620 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001621 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001622 advanceClocks(time::milliseconds(10), 20);
1623
1624 validator.validate(*data2,
1625 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001626 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001627 advanceClocks(time::milliseconds(10), 20);
1628
1629 io::save(*secondCert, secondCertPath.string());
1630 advanceClocks(time::milliseconds(10), 200);
1631
1632 validator.validate(*data1,
1633 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001634 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001635 advanceClocks(time::milliseconds(10), 20);
1636
1637 validator.validate(*data2,
1638 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001639 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001640 advanceClocks(time::milliseconds(10), 20);
1641}
1642
Junxiao Shid5827ce2016-07-14 20:49:37 +00001643BOOST_AUTO_TEST_SUITE_END() // TestValidatorConfig
1644BOOST_AUTO_TEST_SUITE_END() // Security
Yingdi Yu41546342014-11-30 23:37:53 -08001645
1646} // namespace tests
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001647} // namespace security
Yingdi Yu41546342014-11-30 23:37:53 -08001648} // namespace ndn