blob: 271a541999d3ac4e7735fadec520147f1f6dbac7 [file] [log] [blame]
Yingdi Yu41546342014-11-30 23:37:53 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Zhiyi Zhang48becde2017-01-05 16:41:38 -08003 * Copyright (c) 2013-2017 Regents of the University of California.
Yingdi Yu41546342014-11-30 23:37:53 -08004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#include "security/validator-config.hpp"
23
Alexander Afanasyev4c9a3d52017-01-03 17:45:19 -080024#include "security/signing-helpers.hpp"
Yingdi Yu41546342014-11-30 23:37:53 -080025#include "util/io.hpp"
26#include "util/scheduler.hpp"
27#include "util/dummy-client-face.hpp"
Zhiyi Zhang48becde2017-01-05 16:41:38 -080028#include "lp/tags.hpp"
29#include "lp/nack.hpp"
Yingdi Yu41546342014-11-30 23:37:53 -080030
31#include <boost/asio.hpp>
Zhiyi Zhang48becde2017-01-05 16:41:38 -080032#include <boost/logic/tribool.hpp>
Yingdi Yu41546342014-11-30 23:37:53 -080033
34#include "identity-management-fixture.hpp"
35#include "../identity-management-time-fixture.hpp"
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -070036#include "../make-interest-data.hpp"
Yingdi Yu41546342014-11-30 23:37:53 -080037#include "boost-test.hpp"
38
Yingdi Yu41546342014-11-30 23:37:53 -080039namespace ndn {
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -070040namespace security {
Yingdi Yu41546342014-11-30 23:37:53 -080041namespace tests {
42
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -070043using namespace ndn::tests;
Yingdi Yu41546342014-11-30 23:37:53 -080044
Junxiao Shid5827ce2016-07-14 20:49:37 +000045BOOST_AUTO_TEST_SUITE(Security)
Alexander Afanasyev70244f42017-01-04 12:47:12 -080046
47// Needed to create Face instance
48class ValidatorConfigFixture : public IdentityManagementV1TimeFixture
49{
50public:
51 ValidatorConfigFixture()
52 : face(nullptr, m_keyChain)
53 , validator(face)
54 {
55 }
56
57public:
58 Face face;
59 ValidatorConfig validator;
60};
61
62BOOST_FIXTURE_TEST_SUITE(TestValidatorConfig, ValidatorConfigFixture)
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -070063
64BOOST_AUTO_TEST_CASE(NameFilter)
Yingdi Yu41546342014-11-30 23:37:53 -080065{
66 Name identity("/TestValidatorConfig/NameFilter");
67 identity.appendVersion();
Alexander Afanasyevfc99b512017-01-04 11:10:36 -080068 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity), "trust-anchor-1.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -080069 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -080070
71 Name dataName1("/simple/equal");
72 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -070073 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -080074
75 Name dataName2("/simple/different");
76 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -070077 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -080078
79 std::string CONFIG_1 =
80 "rule\n"
81 "{\n"
82 " id \"Simple Rule\"\n"
83 " for data\n"
84 " filter"
85 " {\n"
86 " type name\n"
87 " name /simple/equal\n"
88 " relation equal\n"
89 " }\n"
90 " checker\n"
91 " {\n"
92 " type customized\n"
93 " sig-type rsa-sha256\n"
94 " key-locator\n"
95 " {\n"
96 " type name\n"
97 " name ";
98
99 std::string CONFIG_2 =
100 "\n"
101 " relation equal\n"
102 " }\n"
103 " }\n"
104 "}\n"
105 "trust-anchor\n"
106 "{\n"
107 " type file\n"
108 " file-name \"trust-anchor-1.cert\"\n"
109 "}\n";
110 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
111
112 const boost::filesystem::path CONFIG_PATH =
113 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
114
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700115 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800116
117 validator.validate(*data1,
118 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700119 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800120
121 validator.validate(*data2,
122 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700123 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800124}
125
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700126BOOST_AUTO_TEST_CASE(NameFilter2)
Yingdi Yu41546342014-11-30 23:37:53 -0800127{
128 Name identity("/TestValidatorConfig/NameFilter2");
129 identity.appendVersion();
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800130 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity), "trust-anchor-2.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800131 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -0800132
133 Name dataName1("/simple/isPrefixOf");
134 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700135 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800136
137 Name dataName2("/simple/notPrefixOf");
138 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700139 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800140
141 Name dataName3("/simple/isPrefixOf/anotherLevel");
142 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700143 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800144
145 std::string CONFIG_1 =
146 "rule\n"
147 "{\n"
148 " id \"Simple2 Rule\"\n"
149 " for data\n"
150 " filter"
151 " {\n"
152 " type name\n"
153 " name /simple/isPrefixOf\n"
154 " relation is-prefix-of\n"
155 " }\n"
156 " checker\n"
157 " {\n"
158 " type customized\n"
159 " sig-type rsa-sha256\n"
160 " key-locator\n"
161 " {\n"
162 " type name\n"
163 " name ";
164
165 std::string CONFIG_2 =
166 "\n"
167 " relation equal\n"
168 " }\n"
169 " }\n"
170 "}\n"
171 "trust-anchor\n"
172 "{\n"
173 " type file\n"
174 " file-name \"trust-anchor-2.cert\"\n"
175 "}\n";
176 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
177
178 const boost::filesystem::path CONFIG_PATH =
179 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
180
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700181 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800182
183 validator.validate(*data1,
184 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700185 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800186
187 validator.validate(*data2,
188 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700189 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800190
191 validator.validate(*data3,
192 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700193 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800194}
195
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700196BOOST_AUTO_TEST_CASE(NameFilter3)
Yingdi Yu41546342014-11-30 23:37:53 -0800197{
198 Name identity("/TestValidatorConfig/NameFilter3");
199 identity.appendVersion();
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800200 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity), "trust-anchor-3.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800201 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -0800202
203 Name dataName1("/simple/isStrictPrefixOf");
204 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700205 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800206
207 Name dataName2("/simple");
208 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700209 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800210
211 Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
212 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700213 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800214
215 std::string CONFIG_1 =
216 "rule\n"
217 "{\n"
218 " id \"Simple3 Rule\"\n"
219 " for data\n"
220 " filter"
221 " {\n"
222 " type name\n"
223 " name /simple/isStrictPrefixOf\n"
224 " relation is-strict-prefix-of\n"
225 " }\n"
226 " checker\n"
227 " {\n"
228 " type customized\n"
229 " sig-type rsa-sha256\n"
230 " key-locator\n"
231 " {\n"
232 " type name\n"
233 " name ";
234
235 std::string CONFIG_2 =
236 "\n"
237 " relation equal\n"
238 " }\n"
239 " }\n"
240 "}\n"
241 "trust-anchor\n"
242 "{\n"
243 " type file\n"
244 " file-name \"trust-anchor-3.cert\"\n"
245 "}\n";
246 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
247
248 const boost::filesystem::path CONFIG_PATH =
249 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
250
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700251 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800252
253 validator.validate(*data1,
254 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700255 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800256
257 validator.validate(*data2,
258 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700259 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800260
261 validator.validate(*data3,
262 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700263 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800264}
265
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700266BOOST_AUTO_TEST_CASE(NameFilter4)
Yingdi Yu41546342014-11-30 23:37:53 -0800267{
268 Name identity("/TestValidatorConfig/NameFilter4");
269 identity.appendVersion();
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800270 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity), "trust-anchor-4.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800271 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -0800272
273 Name dataName1("/simple/regex");
274 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700275 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800276
277 Name dataName2("/simple/regex-wrong");
278 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700279 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800280
281 Name dataName3("/simple/regex/correct");
282 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700283 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800284
285 std::string CONFIG_1 =
286 "rule\n"
287 "{\n"
288 " id \"Simple3 Rule\"\n"
289 " for data\n"
290 " filter"
291 " {\n"
292 " type name\n"
293 " regex ^<simple><regex>\n"
294 " }\n"
295 " checker\n"
296 " {\n"
297 " type customized\n"
298 " sig-type rsa-sha256\n"
299 " key-locator\n"
300 " {\n"
301 " type name\n"
302 " name ";
303
304 std::string CONFIG_2 =
305 "\n"
306 " relation equal\n"
307 " }\n"
308 " }\n"
309 "}\n"
310 "trust-anchor\n"
311 "{\n"
312 " type file\n"
313 " file-name \"trust-anchor-4.cert\"\n"
314 "}\n";
315 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
316
317 const boost::filesystem::path CONFIG_PATH =
318 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
319
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700320 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800321
322 validator.validate(*data1,
323 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700324 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800325
326 validator.validate(*data2,
327 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700328 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800329
330 validator.validate(*data3,
331 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700332 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800333}
334
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700335BOOST_AUTO_TEST_CASE(KeyLocatorNameChecker1)
Yingdi Yu41546342014-11-30 23:37:53 -0800336{
337 Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
338 identity.appendVersion();
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800339 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity), "trust-anchor-5.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800340
341 Name dataName1 = identity;
342 dataName1.append("1");
343 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700344 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800345
346 Name dataName2 = identity;
347 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700348 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800349
350 Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
351 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700352 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800353
354 const std::string CONFIG =
355 "rule\n"
356 "{\n"
357 " id \"Simple3 Rule\"\n"
358 " for data\n"
359 " checker\n"
360 " {\n"
361 " type customized\n"
362 " sig-type rsa-sha256\n"
363 " key-locator\n"
364 " {\n"
365 " type name\n"
366 " hyper-relation\n"
367 " {\n"
368 " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
369 " k-expand \\\\1\\\\2\n"
370 " h-relation is-strict-prefix-of\n"
371 " p-regex ^(<>*)$\n"
372 " p-expand \\\\1\n"
373 " }\n"
374 " }\n"
375 " }\n"
376 "}\n"
377 "trust-anchor\n"
378 "{\n"
379 " type file\n"
380 " file-name \"trust-anchor-5.cert\"\n"
381 "}\n";
382 const boost::filesystem::path CONFIG_PATH =
383 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
384
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700385 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800386
387 validator.validate(*data1,
388 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700389 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800390
391 validator.validate(*data2,
392 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700393 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800394
395 validator.validate(*data3,
396 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700397 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800398}
399
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700400BOOST_AUTO_TEST_CASE(FixedSignerChecker)
Yingdi Yu41546342014-11-30 23:37:53 -0800401{
402 Name identity("/TestValidatorConfig/FixedSignerChecker");
403
404 Name identity1 = identity;
405 identity1.append("1").appendVersion();
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800406 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity1), "trust-anchor-7.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800407
408 Name identity2 = identity;
409 identity2.append("2").appendVersion();
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800410 addIdentity(identity2);
Yingdi Yu41546342014-11-30 23:37:53 -0800411
412 Name dataName1 = identity;
413 dataName1.append("data").appendVersion();
414 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700415 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
Yingdi Yu41546342014-11-30 23:37:53 -0800416
417 Name dataName2 = identity;
418 dataName2.append("data").appendVersion();
419 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700420 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
Yingdi Yu41546342014-11-30 23:37:53 -0800421
422 Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
423 shared_ptr<Interest> interest = make_shared<Interest>(interestName);
424
425 const std::string CONFIG =
426 "rule\n"
427 "{\n"
428 " id \"FixedSignerChecker Data Rule\"\n"
429 " for data\n"
430 " filter"
431 " {\n"
432 " type name\n"
433 " name /TestValidatorConfig/FixedSignerChecker\n"
434 " relation is-strict-prefix-of\n"
435 " }\n"
436 " checker\n"
437 " {\n"
438 " type fixed-signer\n"
439 " sig-type rsa-sha256\n"
440 " signer\n"
441 " {\n"
442 " type file\n"
443 " file-name \"trust-anchor-7.cert\"\n"
444 " }\n"
445 " }\n"
446 "}\n"
447 "rule\n"
448 "{\n"
449 " id \"FixedSignerChecker Interest Rule\"\n"
450 " for interest\n"
451 " filter"
452 " {\n"
453 " type name\n"
454 " name /TestValidatorConfig/FixedSignerChecker\n"
455 " relation is-strict-prefix-of\n"
456 " }\n"
457 " checker\n"
458 " {\n"
459 " type fixed-signer\n"
460 " sig-type rsa-sha256\n"
461 " signer\n"
462 " {\n"
463 " type file\n"
464 " file-name \"trust-anchor-7.cert\"\n"
465 " }\n"
466 " }\n"
467 "}\n";
468 const boost::filesystem::path CONFIG_PATH =
469 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
470
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700471 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800472
473 validator.validate(*data1,
474 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700475 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800476
477 validator.validate(*data2,
478 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700479 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800480
481 validator.validate(*interest,
482 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700483 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800484}
485
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800486BOOST_AUTO_TEST_CASE(MultiCheckers)
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700487{
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700488 Name identity1("/TestValidatorConfig/MultiCheckers/");
489 identity1.appendVersion();
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800490 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity1), "trust-anchor-multi-1.cert"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700491
492 Name identity2("/TestValidatorConfig/");
493 identity2.appendVersion();
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800494 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity2), "trust-anchor-multi-2.cert"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700495
496 const std::string CONFIG =
497 "rule\n"
498 "{\n"
499 " id \"Simple Rule01\"\n"
500 " for data\n"
501 " filter"
502 " {\n"
503 " type name\n"
504 " name /\n"
505 " relation is-prefix-of\n"
506 " }\n"
507 " checker\n" // checker 1, signer should have prefix /TestValidatorConfig/MultiCheckers
508 " {\n"
509 " type customized\n"
510 " sig-type rsa-sha256\n"
511 " key-locator\n"
512 " {\n"
513 " type name\n"
514 " name /TestValidatorConfig/MultiCheckers/\n"
515 " relation is-prefix-of\n"
516 " }\n"
517 " }\n"
518 " checker\n" // checker 2, data should have same prefix of its signer
519 " {\n"
520 " type hierarchical\n"
521 " sig-type rsa-sha256\n"
522 " }\n"
523 " checker\n" // checker 3, the signer should be identity1
524 " {\n"
525 " type fixed-signer\n"
526 " sig-type rsa-sha256\n"
527 " signer\n"
528 " {\n"
529 " type file\n"
530 " file-name \"trust-anchor-multi-1.cert\"\n"
531 " }\n"
532 " }\n"
533 "}\n";
534
535 const boost::filesystem::path CONFIG_PATH =
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800536 (boost::filesystem::current_path() / std::string("unit-test-multicheckers.conf"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700537
538 ValidatorConfig validator;
539 validator.load(CONFIG, CONFIG_PATH.c_str());
540 conf::Checker& checker0 = *validator.m_dataRules.front()->m_checkers[0];
541 conf::Checker& checker1 = *validator.m_dataRules.front()->m_checkers[1];
542 conf::Checker& checker2 = *validator.m_dataRules.front()->m_checkers[2];
543
Junxiao Shi85d90832016-08-04 03:19:46 +0000544 auto data1 = makeData(Name(identity1).append("Test"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700545 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
546 BOOST_CHECK_EQUAL(checker0.check(*data1), 0);
547 BOOST_CHECK_EQUAL(checker1.check(*data1), 0);
548 BOOST_CHECK_EQUAL(checker2.check(*data1), 1);
549
Junxiao Shi85d90832016-08-04 03:19:46 +0000550 auto data2 = makeData(Name(identity2).append("Data2"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700551 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
552 BOOST_CHECK_EQUAL(checker0.check(*data2), -1);
553 BOOST_CHECK_EQUAL(checker1.check(*data2), 0);
554 BOOST_CHECK_EQUAL(checker2.check(*data2), -1);
555
Junxiao Shi85d90832016-08-04 03:19:46 +0000556 auto data3 = makeData(Name(identity2).append("Data3"));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700557 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity1)));
558 BOOST_CHECK_EQUAL(checker0.check(*data3), 0);
559 BOOST_CHECK_EQUAL(checker1.check(*data3), -1);
560 BOOST_CHECK_EQUAL(checker2.check(*data3), 1);
561
Junxiao Shi85d90832016-08-04 03:19:46 +0000562 auto data4 = makeData("/Data4");
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700563 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data4, security::signingByIdentity(identity2)));
564 BOOST_CHECK_EQUAL(checker0.check(*data4), -1);
565 BOOST_CHECK_EQUAL(checker1.check(*data4), -1);
566 BOOST_CHECK_EQUAL(checker2.check(*data4), -1);
567
568 int count = 0;
569 validator.validate(*data1,
570 [&] (const shared_ptr<const Data>&) {
571 BOOST_CHECK(true);
572 count++;
573 },
574 [] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
575
576 validator.validate(*data2,
577 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
578 [&] (const shared_ptr<const Data>&, const std::string& str) {
579 BOOST_CHECK(true);
580 count++;
581 });
582
583 validator.validate(*data3,
584 [&] (const shared_ptr<const Data>&) {
585 BOOST_CHECK(true);
586 count++;
587 },
588 [] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
589
590 validator.validate(*data4,
591 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
592 [&] (const shared_ptr<const Data>&, const std::string& str) {
593 BOOST_CHECK(true);
594 count++;
595 });
596
597 BOOST_CHECK_EQUAL(count, 4);
598}
599
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700600BOOST_AUTO_TEST_CASE(Reset)
Yingdi Yu41546342014-11-30 23:37:53 -0800601{
602 Name root("/TestValidatorConfig/Reload");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800603 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(root), "trust-anchor-8.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800604
Yingdi Yu41546342014-11-30 23:37:53 -0800605 const std::string CONFIG =
606 "rule\n"
607 "{\n"
608 " id \"NRD Prefix Registration Command Rule\"\n"
609 " for interest\n"
610 " filter\n"
611 " {\n"
612 " type name\n"
613 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
614 " }\n"
615 " checker\n"
616 " {\n"
617 " type customized\n"
618 " sig-type rsa-sha256\n"
619 " key-locator\n"
620 " {\n"
621 " type name\n"
622 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
623 " }\n"
624 " }\n"
625 "}\n"
626 "rule\n"
627 "{\n"
628 " id \"Testbed Hierarchy Rule\"\n"
629 " for data\n"
630 " filter\n"
631 " {\n"
632 " type name\n"
633 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
634 " }\n"
635 " checker\n"
636 " {\n"
637 " type hierarchical\n"
638 " sig-type rsa-sha256\n"
639 " }\n"
640 "}\n"
641 "trust-anchor\n"
642 "{\n"
643 " type file\n"
644 " file-name \"trust-anchor-8.cert\"\n"
645 "}\n";
646 const boost::filesystem::path CONFIG_PATH =
647 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
648
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800649 validator.load(CONFIG, CONFIG_PATH.c_str());
650 BOOST_CHECK_EQUAL(validator.isEmpty(), false);
Yingdi Yu41546342014-11-30 23:37:53 -0800651
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800652 validator.reset();
653 BOOST_CHECK(validator.isEmpty());
Yingdi Yu41546342014-11-30 23:37:53 -0800654}
655
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700656BOOST_AUTO_TEST_CASE(TrustAnchorWildcard)
Yingdi Yu41546342014-11-30 23:37:53 -0800657{
658 Name identity("/TestValidatorConfig/Wildcard");
659 identity.appendVersion();
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800660 addIdentity(identity);
Yingdi Yu41546342014-11-30 23:37:53 -0800661
662 Name dataName1("/any/data");
663 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700664 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Yingdi Yu41546342014-11-30 23:37:53 -0800665
666 std::string CONFIG =
667 "trust-anchor\n"
668 "{\n"
669 " type any\n"
670 "}\n";
671
672 const boost::filesystem::path CONFIG_PATH =
673 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
674
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700675 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800676
677 validator.validate(*data1,
678 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700679 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -0800680}
681
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700682BOOST_AUTO_TEST_CASE(SignedInterestTest)
Yingdi Yu41546342014-11-30 23:37:53 -0800683{
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800684 Name certName = addIdentity("/TestValidatorConfig/SignedInterestTest");
685 BOOST_REQUIRE(saveIdentityCertificate(certName, "trust-anchor-9.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800686
687 Name interestName("/TestValidatorConfig/SignedInterestTest");
688 Name interestName1 = interestName;
689 interestName1.append("1");
690 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
691 Name interestName2 = interestName;
692 interestName2.append("2");
693 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
694
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800695 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByCertificate(certName)));
696 advanceClocks(time::milliseconds(10));
697 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByCertificate(certName)));
Yingdi Yu41546342014-11-30 23:37:53 -0800698
699 const std::string CONFIG =
700 "rule\n"
701 "{\n"
702 " id \"FixedSignerChecker Interest Rule\"\n"
703 " for interest\n"
704 " filter"
705 " {\n"
706 " type name\n"
707 " name /TestValidatorConfig/SignedInterestTest\n"
708 " relation is-strict-prefix-of\n"
709 " }\n"
710 " checker\n"
711 " {\n"
712 " type fixed-signer\n"
713 " sig-type rsa-sha256\n"
714 " signer\n"
715 " {\n"
716 " type file\n"
717 " file-name \"trust-anchor-9.cert\"\n"
718 " }\n"
719 " }\n"
720 "}\n";
721 const boost::filesystem::path CONFIG_PATH =
722 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
723
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700724 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800725
726 validator.validate(*interest1,
727 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700728 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800729 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800730
731 validator.validate(*interest2,
732 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700733 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800734 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800735
736 validator.validate(*interest1,
737 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700738 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800739 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800740}
741
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700742BOOST_AUTO_TEST_CASE(MaxKeyTest)
Yingdi Yu41546342014-11-30 23:37:53 -0800743{
744 Name identity("/TestValidatorConfig/MaxKeyTest");
745
746 Name identity1 = identity;
747 identity1.append("Key1");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800748 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity1), "trust-anchor-10-1.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800749
750 Name identity2 = identity;
751 identity2.append("Key2");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800752 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity2), "trust-anchor-10-2.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800753
754 Name identity3 = identity;
755 identity3.append("Key3");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800756 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity3), "trust-anchor-10-3.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800757
758
759 Name interestName("/TestValidatorConfig/MaxKeyTest");
760 Name interestName1 = interestName;
761 interestName1.append("1");
762 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
763 Name interestName2 = interestName;
764 interestName2.append("2");
765 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
766 Name interestName3 = interestName;
767 interestName3.append("3");
768 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
769
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700770 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800771 advanceClocks(time::milliseconds(10));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700772 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800773 advanceClocks(time::milliseconds(10));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700774 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800775 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800776
777 const std::string CONFIG =
778 "rule\n"
779 "{\n"
780 " id \"FixedSignerChecker Interest Rule\"\n"
781 " for interest\n"
782 " filter"
783 " {\n"
784 " type name\n"
785 " name /TestValidatorConfig/MaxKeyTest\n"
786 " relation is-strict-prefix-of\n"
787 " }\n"
788 " checker\n"
789 " {\n"
790 " type fixed-signer\n"
791 " sig-type rsa-sha256\n"
792 " signer\n"
793 " {\n"
794 " type file\n"
795 " file-name \"trust-anchor-10-1.cert\"\n"
796 " }\n"
797 " signer\n"
798 " {\n"
799 " type file\n"
800 " file-name \"trust-anchor-10-2.cert\"\n"
801 " }\n"
802 " signer\n"
803 " {\n"
804 " type file\n"
805 " file-name \"trust-anchor-10-3.cert\"\n"
806 " }\n"
807 " }\n"
808 "}\n";
809 const boost::filesystem::path CONFIG_PATH =
810 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
811
Yingdi Yu41546342014-11-30 23:37:53 -0800812 ValidatorConfig validator(face,
813 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
814 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
815 10,
816 2, // Two keys can be tracked
817 time::seconds(1)); // TTL is set to 1 sec
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700818 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800819
820 validator.validate(*interest1,
821 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700822 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800823 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800824
825 validator.validate(*interest2,
826 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700827 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800828 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800829
830 validator.validate(*interest1,
831 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700832 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800833 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800834
835 validator.validate(*interest3,
836 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700837 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800838 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800839
840 // Should succeed because identity1's key has been cleaned up due to space limit.
841 validator.validate(*interest1,
842 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700843 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800844 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800845}
846
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700847BOOST_AUTO_TEST_CASE(MaxKeyTest2)
Yingdi Yu41546342014-11-30 23:37:53 -0800848{
849 Name identity("/TestValidatorConfig/MaxKeyTest");
850
851 Name identity1 = identity;
852 identity1.append("Key1");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800853 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity1), "trust-anchor-10-1.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800854
855 Name identity2 = identity;
856 identity2.append("Key2");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800857 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity2), "trust-anchor-10-2.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800858
859 Name identity3 = identity;
860 identity3.append("Key3");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800861 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity3), "trust-anchor-10-3.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800862
863 Name identity4 = identity;
864 identity4.append("Key4");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800865 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(identity4), "trust-anchor-10-4.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -0800866
867
868 Name interestName("/TestValidatorConfig/MaxKeyTest");
869 Name interestName1 = interestName;
870 interestName1.append("1");
871 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
872 Name interestName2 = interestName;
873 interestName2.append("2");
874 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
875 Name interestName3 = interestName;
876 interestName3.append("3");
877 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
878 Name interestName4 = interestName;
879 interestName4.append("4");
880 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
881
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700882 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800883 advanceClocks(time::milliseconds(10));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700884 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800885 advanceClocks(time::milliseconds(10));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700886 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800887 advanceClocks(time::milliseconds(10));
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700888 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest4, security::signingByIdentity(identity4)));
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800889 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800890
891 const std::string CONFIG =
892 "rule\n"
893 "{\n"
894 " id \"FixedSignerChecker Interest Rule\"\n"
895 " for interest\n"
896 " filter"
897 " {\n"
898 " type name\n"
899 " name /TestValidatorConfig/MaxKeyTest\n"
900 " relation is-strict-prefix-of\n"
901 " }\n"
902 " checker\n"
903 " {\n"
904 " type fixed-signer\n"
905 " sig-type rsa-sha256\n"
906 " signer\n"
907 " {\n"
908 " type file\n"
909 " file-name \"trust-anchor-10-1.cert\"\n"
910 " }\n"
911 " signer\n"
912 " {\n"
913 " type file\n"
914 " file-name \"trust-anchor-10-2.cert\"\n"
915 " }\n"
916 " signer\n"
917 " {\n"
918 " type file\n"
919 " file-name \"trust-anchor-10-3.cert\"\n"
920 " }\n"
921 " signer\n"
922 " {\n"
923 " type file\n"
924 " file-name \"trust-anchor-10-4.cert\"\n"
925 " }\n"
926 " }\n"
927 "}\n";
928 const boost::filesystem::path CONFIG_PATH =
929 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
930
Yingdi Yu41546342014-11-30 23:37:53 -0800931 ValidatorConfig validator(face,
932 ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
933 ValidatorConfig::DEFAULT_GRACE_INTERVAL,
934 10,
Zhiyi Zhang433686c2016-11-18 10:18:30 -0800935 3, // Three keys can be tracked
Yingdi Yu41546342014-11-30 23:37:53 -0800936 time::seconds(1)); // TTL is set to 1 sec
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700937 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -0800938
939 validator.validate(*interest1,
940 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700941 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800942 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800943
944 validator.validate(*interest2,
945 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700946 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800947 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800948
949 validator.validate(*interest3,
950 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700951 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800952 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800953
954 validator.validate(*interest1,
955 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700956 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800957 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800958
959 validator.validate(*interest2,
960 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700961 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800962 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800963
964 validator.validate(*interest3,
965 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700966 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -0800967
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800968 advanceClocks(time::seconds(2));
Yingdi Yu41546342014-11-30 23:37:53 -0800969
970 validator.validate(*interest4,
971 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700972 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800973 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800974
975 // Should succeed because identity1 and identity2's key has been cleaned up due to ttl limit.
976 validator.validate(*interest1,
977 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700978 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800979 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800980
981 validator.validate(*interest2,
982 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700983 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800984 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800985
986 validator.validate(*interest3,
987 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700988 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800989 advanceClocks(time::milliseconds(10));
Yingdi Yu41546342014-11-30 23:37:53 -0800990}
991
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700992BOOST_AUTO_TEST_CASE(FixedSignerChecker2)
Yingdi Yu41546342014-11-30 23:37:53 -0800993{
994 Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
Alexander Afanasyev70244f42017-01-04 12:47:12 -0800995 addIdentity(rsaIdentity, RsaKeyParams());
Yingdi Yu41546342014-11-30 23:37:53 -0800996
997 Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -0800998 auto identity = addIdentity(ecdsaIdentity, EcdsaKeyParams());
999 BOOST_REQUIRE(saveIdentityCertificate(identity, "trust-anchor-11.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -08001000
1001 Name dataName("/TestValidatorConfig/FixedSignerChecker2");
1002 shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001003 m_keyChain.sign(*dataRsa, security::signingByIdentity(rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -08001004 shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001005 m_keyChain.sign(*dataEcdsa, security::signingByIdentity(ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -08001006
1007 shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001008 m_keyChain.sign(*interestRsa, security::signingByIdentity(rsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -08001009 shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001010 m_keyChain.sign(*interestEcdsa, security::signingByIdentity(ecdsaIdentity));
Yingdi Yu41546342014-11-30 23:37:53 -08001011
1012 const std::string CONFIG =
1013 "rule\n"
1014 "{\n"
1015 " id \"FixedSignerChecker Data Rule\"\n"
1016 " for data\n"
1017 " filter"
1018 " {\n"
1019 " type name\n"
1020 " name /TestValidatorConfig/FixedSignerChecker2\n"
1021 " relation equal\n"
1022 " }\n"
1023 " checker\n"
1024 " {\n"
1025 " type fixed-signer\n"
1026 " sig-type ecdsa-sha256\n"
1027 " signer\n"
1028 " {\n"
1029 " type file\n"
1030 " file-name \"trust-anchor-11.cert\"\n"
1031 " }\n"
1032 " }\n"
1033 "}\n"
1034 "rule\n"
1035 "{\n"
1036 " id \"FixedSignerChecker Interest Rule\"\n"
1037 " for interest\n"
1038 " filter"
1039 " {\n"
1040 " type name\n"
1041 " name /TestValidatorConfig/FixedSignerChecker2\n"
1042 " relation equal\n"
1043 " }\n"
1044 " checker\n"
1045 " {\n"
1046 " type fixed-signer\n"
1047 " sig-type ecdsa-sha256\n"
1048 " signer\n"
1049 " {\n"
1050 " type file\n"
1051 " file-name \"trust-anchor-11.cert\"\n"
1052 " }\n"
1053 " }\n"
1054 "}\n";
1055 const boost::filesystem::path CONFIG_PATH =
1056 (boost::filesystem::current_path() / std::string("unit-test.conf"));
1057
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001058 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -08001059
1060 validator.validate(*dataEcdsa,
1061 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001062 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001063
1064 validator.validate(*dataRsa,
1065 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001066 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001067
1068 validator.validate(*interestEcdsa,
1069 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001070 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001071
1072 validator.validate(*interestRsa,
1073 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001074 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001075}
1076
1077
Alexander Afanasyev70244f42017-01-04 12:47:12 -08001078struct FacesFixture : public ValidatorConfigFixture
Yingdi Yu41546342014-11-30 23:37:53 -08001079{
1080 FacesFixture()
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001081 : face1(io, m_keyChain, {true, true})
1082 , face2(io, m_keyChain, {true, true})
Yingdi Yu41546342014-11-30 23:37:53 -08001083 , readInterestOffset1(0)
1084 , readDataOffset1(0)
1085 , readInterestOffset2(0)
1086 , readDataOffset2(0)
1087 {
1088 }
1089
1090 bool
1091 passPacket()
1092 {
1093 bool hasPassed = false;
1094
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001095 checkFace(face1.sentInterests, readInterestOffset1, face2, hasPassed);
1096 checkFace(face1.sentData, readDataOffset1, face2, hasPassed);
1097 checkFace(face2.sentInterests, readInterestOffset2, face1, hasPassed);
Zhiyi Zhang99832d42016-11-18 10:03:49 -08001098 checkFace(face2.sentData, readDataOffset2, face1, hasPassed);
Yingdi Yu41546342014-11-30 23:37:53 -08001099
1100 return hasPassed;
1101 }
1102
1103 template<typename Packet>
1104 void
1105 checkFace(std::vector<Packet>& receivedPackets,
1106 size_t& readPacketOffset,
1107 util::DummyClientFace& receiver,
1108 bool& hasPassed)
1109 {
1110 while (receivedPackets.size() > readPacketOffset) {
1111 receiver.receive(receivedPackets[readPacketOffset]);
1112 readPacketOffset++;
1113 hasPassed = true;
1114 }
1115 }
1116
Yingdi Yu41546342014-11-30 23:37:53 -08001117public:
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001118 util::DummyClientFace face1;
1119 util::DummyClientFace face2;
Yingdi Yu41546342014-11-30 23:37:53 -08001120
1121 size_t readInterestOffset1;
1122 size_t readDataOffset1;
1123 size_t readInterestOffset2;
1124 size_t readDataOffset2;
1125};
1126
1127BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
1128{
Alexander Afanasyev2fa59392016-07-29 17:24:23 -07001129 std::vector<v1::CertificateSubjectDescription> subjectDescription;
Yingdi Yu41546342014-11-30 23:37:53 -08001130
1131 Name root("/TestValidatorConfig");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -08001132 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(root), "trust-anchor-6.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -08001133
1134
1135 Name sld("/TestValidatorConfig/HierarchicalChecker");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -08001136 addIdentity(sld);
Yingdi Yu41546342014-11-30 23:37:53 -08001137 advanceClocks(time::milliseconds(100));
1138 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -07001139 shared_ptr<v1::IdentityCertificate> sldCert =
Yingdi Yu41546342014-11-30 23:37:53 -08001140 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1141 root,
1142 time::system_clock::now(),
1143 time::system_clock::now() + time::days(7300),
1144 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001145 m_keyChain.sign(*sldCert, security::signingByIdentity(root));
Yingdi Yu41546342014-11-30 23:37:53 -08001146 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1147
1148 Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -08001149 addIdentity(nld);
Yingdi Yu41546342014-11-30 23:37:53 -08001150 advanceClocks(time::milliseconds(100));
1151 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -07001152 shared_ptr<v1::IdentityCertificate> nldCert =
Yingdi Yu41546342014-11-30 23:37:53 -08001153 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1154 sld,
1155 time::system_clock::now(),
1156 time::system_clock::now() + time::days(7300),
1157 subjectDescription);
Zhiyi Zhang433686c2016-11-18 10:18:30 -08001158 m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -08001159 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1160
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001161 face1.setInterestFilter(sldCert->getName().getPrefix(-1),
1162 [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -08001163 RegisterPrefixSuccessCallback(),
1164 [] (const Name&, const std::string&) {});
1165
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001166 face1.setInterestFilter(nldCert->getName().getPrefix(-1),
1167 [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -08001168 RegisterPrefixSuccessCallback(),
1169 [] (const Name&, const std::string&) {});
1170
1171 Name dataName1 = nld;
1172 dataName1.append("data1");
1173 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001174 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -08001175
1176 Name dataName2("/ConfValidatorTest");
1177 dataName2.append("data1");
1178 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001179 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -08001180
Yingdi Yu41546342014-11-30 23:37:53 -08001181 const std::string CONFIG =
1182 "rule\n"
1183 "{\n"
1184 " id \"Simple3 Rule\"\n"
1185 " for data\n"
1186 " checker\n"
1187 " {\n"
1188 " type hierarchical\n"
1189 " sig-type rsa-sha256\n"
1190 " }\n"
1191 "}\n"
1192 "trust-anchor\n"
1193 "{\n"
1194 " type file\n"
1195 " file-name \"trust-anchor-6.cert\"\n"
1196 "}\n";
1197 const boost::filesystem::path CONFIG_PATH =
1198 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1199
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001200 auto validator = make_shared<ValidatorConfig>(&face2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001201 validator->load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -08001202
1203 advanceClocks(time::milliseconds(2), 100);
1204 validator->validate(*data1,
1205 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001206 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001207
1208 do {
1209 advanceClocks(time::milliseconds(2), 10);
1210 } while (passPacket());
1211
1212 validator->validate(*data2,
1213 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001214 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001215
1216 do {
1217 advanceClocks(time::milliseconds(2), 10);
1218 } while (passPacket());
Yingdi Yu41546342014-11-30 23:37:53 -08001219}
1220
1221BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
1222{
Junxiao Shid5827ce2016-07-14 20:49:37 +00001223 advanceClocks(time::nanoseconds(1));
Yingdi Yu41546342014-11-30 23:37:53 -08001224
Alexander Afanasyev2fa59392016-07-29 17:24:23 -07001225 std::vector<v1::CertificateSubjectDescription> subjectDescription;
Yingdi Yu41546342014-11-30 23:37:53 -08001226
1227 Name root("/TestValidatorConfig");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -08001228 BOOST_REQUIRE(saveIdentityCertificate(addIdentity(root), "trust-anchor-8.cert"));
Yingdi Yu41546342014-11-30 23:37:53 -08001229
Yingdi Yu41546342014-11-30 23:37:53 -08001230 Name sld("/TestValidatorConfig/Nrd-1");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -08001231 addIdentity(sld);
Yingdi Yu41546342014-11-30 23:37:53 -08001232 advanceClocks(time::milliseconds(100));
1233 Name sldKeyName = m_keyChain.generateRsaKeyPairAsDefault(sld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -07001234 shared_ptr<v1::IdentityCertificate> sldCert =
Yingdi Yu41546342014-11-30 23:37:53 -08001235 m_keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
1236 root,
1237 time::system_clock::now(),
1238 time::system_clock::now() + time::days(7300),
1239 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001240 m_keyChain.sign(*sldCert, security::signingByIdentity(root));
Yingdi Yu41546342014-11-30 23:37:53 -08001241 m_keyChain.addCertificateAsIdentityDefault(*sldCert);
1242
1243 Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -08001244 addIdentity(nld);
Yingdi Yu41546342014-11-30 23:37:53 -08001245 advanceClocks(time::milliseconds(100));
1246 Name nldKeyName = m_keyChain.generateRsaKeyPairAsDefault(nld, true);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -07001247 shared_ptr<v1::IdentityCertificate> nldCert =
Yingdi Yu41546342014-11-30 23:37:53 -08001248 m_keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
1249 sld,
1250 time::system_clock::now(),
1251 time::system_clock::now() + time::days(7300),
1252 subjectDescription);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001253 m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
Yingdi Yu41546342014-11-30 23:37:53 -08001254 m_keyChain.addCertificateAsIdentityDefault(*nldCert);
1255
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001256 face1.setInterestFilter(sldCert->getName().getPrefix(-1),
1257 [&] (const InterestFilter&, const Interest&) { face1.put(*sldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -08001258 RegisterPrefixSuccessCallback(),
1259 [] (const Name&, const std::string&) {});
1260
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001261 face1.setInterestFilter(nldCert->getName().getPrefix(-1),
1262 [&] (const InterestFilter&, const Interest&) { face1.put(*nldCert); },
Yingdi Yu41546342014-11-30 23:37:53 -08001263 RegisterPrefixSuccessCallback(),
1264 [] (const Name&, const std::string&) {});
1265
1266 advanceClocks(time::milliseconds(10));
1267 Name interestName1("/localhost/nrd/register/option");
1268 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001269 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -08001270
1271 advanceClocks(time::milliseconds(10));
1272 Name interestName2("/localhost/nrd/non-register");
1273 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001274 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(nld)));
Yingdi Yu41546342014-11-30 23:37:53 -08001275
1276 advanceClocks(time::milliseconds(10));
1277 Name interestName3("/localhost/nrd/register/option");
1278 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001279 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(root)));
Yingdi Yu41546342014-11-30 23:37:53 -08001280
1281 advanceClocks(time::milliseconds(10));
1282 Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
1283 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
1284
1285 const std::string CONFIG =
1286 "rule\n"
1287 "{\n"
1288 " id \"NRD Prefix Registration Command Rule\"\n"
1289 " for interest\n"
1290 " filter\n"
1291 " {\n"
1292 " type name\n"
1293 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>$\n"
1294 " }\n"
1295 " checker\n"
1296 " {\n"
1297 " type customized\n"
1298 " sig-type rsa-sha256\n"
1299 " key-locator\n"
1300 " {\n"
1301 " type name\n"
1302 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
1303 " }\n"
1304 " }\n"
1305 "}\n"
1306 "rule\n"
1307 "{\n"
1308 " id \"Testbed Hierarchy Rule\"\n"
1309 " for data\n"
1310 " filter\n"
1311 " {\n"
1312 " type name\n"
1313 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
1314 " }\n"
1315 " checker\n"
1316 " {\n"
1317 " type hierarchical\n"
1318 " sig-type rsa-sha256\n"
1319 " }\n"
1320 "}\n"
1321 "trust-anchor\n"
1322 "{\n"
1323 " type file\n"
1324 " file-name \"trust-anchor-8.cert\"\n"
1325 "}\n";
1326 const boost::filesystem::path CONFIG_PATH =
1327 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1328
Alexander Afanasyev9bdbb832015-12-30 12:54:22 -08001329 auto validator = make_shared<ValidatorConfig>(&face2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001330 validator->load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -08001331
1332 advanceClocks(time::milliseconds(2), 100);
1333
1334 // should succeed
1335 validator->validate(*interest1,
1336 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001337 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001338
1339 do {
1340 advanceClocks(time::milliseconds(2), 10);
1341 } while (passPacket());
1342
1343 // should fail
1344 validator->validate(*interest2,
1345 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001346 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001347
1348 do {
1349 advanceClocks(time::milliseconds(2), 10);
1350 } while (passPacket());
1351
1352 // should succeed
1353 validator->validate(*interest3,
1354 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001355 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001356
1357 do {
1358 advanceClocks(time::milliseconds(2), 10);
1359 } while (passPacket());
1360
1361 // should fail
1362 validator->validate(*interest4,
1363 [] (const shared_ptr<const Interest>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001364 [] (const shared_ptr<const Interest>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001365
1366 do {
1367 advanceClocks(time::milliseconds(2), 10);
1368 } while (passPacket());
Yingdi Yu41546342014-11-30 23:37:53 -08001369}
1370
Alexander Afanasyev70244f42017-01-04 12:47:12 -08001371struct DirTestFixture : public ValidatorConfigFixture
Yingdi Yu41546342014-11-30 23:37:53 -08001372{
1373 DirTestFixture()
Alexander Afanasyev70244f42017-01-04 12:47:12 -08001374 : validator(&face, ValidatorConfig::DEFAULT_CERTIFICATE_CACHE,
Yingdi Yu41546342014-11-30 23:37:53 -08001375 ValidatorConfig::DEFAULT_GRACE_INTERVAL, 0)
1376 {
1377 certDirPath = (boost::filesystem::current_path() / std::string("test-cert-dir"));
1378 boost::filesystem::create_directory(certDirPath);
1379
1380 firstCertPath = (boost::filesystem::current_path() /
1381 std::string("test-cert-dir") /
1382 std::string("trust-anchor-1.cert"));
1383
1384 secondCertPath = (boost::filesystem::current_path() /
1385 std::string("test-cert-dir") /
1386 std::string("trust-anchor-2.cert"));
1387
1388 firstIdentity = Name("/TestValidatorConfig/Dir/First");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -08001389 addIdentity(firstIdentity);
Yingdi Yu41546342014-11-30 23:37:53 -08001390 Name firstCertName = m_keyChain.getDefaultCertificateNameForIdentity(firstIdentity);
1391 firstCert = m_keyChain.getCertificate(firstCertName);
1392 io::save(*firstCert, firstCertPath.string());
1393
1394 secondIdentity = Name("/TestValidatorConfig/Dir/Second");
Alexander Afanasyevfc99b512017-01-04 11:10:36 -08001395 addIdentity(secondIdentity);
Yingdi Yu41546342014-11-30 23:37:53 -08001396 Name secondCertName = m_keyChain.getDefaultCertificateNameForIdentity(secondIdentity);
1397 secondCert = m_keyChain.getCertificate(secondCertName);
1398 }
1399
1400 ~DirTestFixture()
1401 {
1402 boost::filesystem::remove_all(certDirPath);
1403 }
1404
1405public:
1406 boost::filesystem::path certDirPath;
1407 boost::filesystem::path firstCertPath;
1408 boost::filesystem::path secondCertPath;
1409
1410 Name firstIdentity;
1411 Name secondIdentity;
1412
Alexander Afanasyev2fa59392016-07-29 17:24:23 -07001413 shared_ptr<v1::IdentityCertificate> firstCert;
1414 shared_ptr<v1::IdentityCertificate> secondCert;
Yingdi Yu41546342014-11-30 23:37:53 -08001415
Yingdi Yu41546342014-11-30 23:37:53 -08001416 ValidatorConfig validator;
1417};
1418
1419BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
1420{
1421 advanceClocks(time::milliseconds(10));
1422
1423 Name dataName1("/any/data/1");
1424 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001425 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(firstIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -08001426
1427 Name dataName2("/any/data/2");
1428 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001429 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(secondIdentity)));
Yingdi Yu41546342014-11-30 23:37:53 -08001430
1431 std::string CONFIG =
1432 "rule\n"
1433 "{\n"
1434 " id \"Any Rule\"\n"
1435 " for data\n"
1436 " filter\n"
1437 " {\n"
1438 " type name\n"
1439 " regex ^<>*$\n"
1440 " }\n"
1441 " checker\n"
1442 " {\n"
1443 " type customized\n"
1444 " sig-type rsa-sha256\n"
1445 " key-locator\n"
1446 " {\n"
1447 " type name\n"
1448 " regex ^<>*$\n"
1449 " }\n"
1450 " }\n"
1451 "}\n"
1452 "trust-anchor\n"
1453 "{\n"
1454 " type dir\n"
1455 " dir test-cert-dir\n"
1456 " refresh 1s\n"
1457 "}\n";
1458
1459 const boost::filesystem::path CONFIG_PATH =
1460 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
1461
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07001462 validator.load(CONFIG, CONFIG_PATH.c_str());
Yingdi Yu41546342014-11-30 23:37:53 -08001463
1464 advanceClocks(time::milliseconds(10), 20);
1465 validator.validate(*data1,
1466 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001467 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001468 advanceClocks(time::milliseconds(10), 20);
1469
1470 validator.validate(*data2,
1471 [] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001472 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(true); });
Yingdi Yu41546342014-11-30 23:37:53 -08001473 advanceClocks(time::milliseconds(10), 20);
1474
1475 io::save(*secondCert, secondCertPath.string());
1476 advanceClocks(time::milliseconds(10), 200);
1477
1478 validator.validate(*data1,
1479 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001480 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001481 advanceClocks(time::milliseconds(10), 20);
1482
1483 validator.validate(*data2,
1484 [] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001485 [] (const shared_ptr<const Data>&, const std::string&) { BOOST_CHECK(false); });
Yingdi Yu41546342014-11-30 23:37:53 -08001486 advanceClocks(time::milliseconds(10), 20);
1487}
1488
Alexander Afanasyev70244f42017-01-04 12:47:12 -08001489class DirectCertFetchFixture : public IdentityManagementV1TimeFixture
Zhiyi Zhang48becde2017-01-05 16:41:38 -08001490{
1491public:
1492 DirectCertFetchFixture()
1493 : clientFace(io, m_keyChain, {true, true})
1494 , validationResult(boost::logic::indeterminate)
1495 {
Alexander Afanasyevfc99b512017-01-04 11:10:36 -08001496 auto certName = addIdentity(ca);
1497 saveIdentityCertificate(certName, "trust-anchor-1.cert");
1498 addSubCertificate(user, ca);
Zhiyi Zhang48becde2017-01-05 16:41:38 -08001499
1500 userCertName = m_keyChain.getDefaultCertificateNameForIdentity(user);
1501 userCert = m_keyChain.getCertificate(userCertName);
1502 }
1503
1504protected:
1505 void
1506 runTest(const std::function<void(const Interest&, const Interest&)> respond)
1507 {
1508 optional<Interest> directInterest;
1509 optional<Interest> infrastructureInterest;
1510 clientFace.onSendInterest.connect([&] (const Interest& interest) {
1511 const Name& interestName = interest.getName();
1512 if (interestName == userCert->getName().getPrefix(-1)) {
1513 auto nextHopFaceIdTag = interest.getTag<lp::NextHopFaceIdTag>();
1514 if (nextHopFaceIdTag != nullptr) {
1515 BOOST_CHECK(!directInterest);
1516 directInterest = interest;
1517 }
1518 else {
1519 BOOST_CHECK(!infrastructureInterest);
1520 infrastructureInterest = interest;
1521 }
1522 if (static_cast<bool>(directInterest) && static_cast<bool>(infrastructureInterest)) {
1523 io.post([directInterest, infrastructureInterest, respond] {
1524 respond(directInterest.value(), infrastructureInterest.value());
1525 });
1526 directInterest = nullopt;
1527 infrastructureInterest = nullopt;
1528 }
1529 }
1530 });
1531
1532 const boost::filesystem::path CONFIG_PATH =
1533 (boost::filesystem::current_path() / std::string("unit-test-direct.conf"));
1534 ValidatorConfig validator(&clientFace);
1535 validator.load(CONFIG, CONFIG_PATH.c_str());
1536 validator.setDirectCertFetchEnabled(true);
1537
1538 shared_ptr<Interest> interest = make_shared<Interest>(interestName);
1539 interest->setTag(make_shared<lp::IncomingFaceIdTag>(123));
1540 BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest, security::signingByIdentity(user)));
1541
1542 validator.validate(*interest,
1543 [&] (const shared_ptr<const Interest>&) {
1544 BOOST_CHECK(boost::logic::indeterminate(validationResult));
1545 validationResult = true;
1546 },
1547 [&] (const shared_ptr<const Interest>&, const std::string& s) {
1548 BOOST_CHECK(boost::logic::indeterminate(validationResult));
1549 validationResult = false;
1550 });
1551
1552 advanceClocks(time::milliseconds(200), 60);
1553
1554 BOOST_CHECK(!boost::logic::indeterminate(validationResult));
1555 }
1556
1557public:
1558 util::DummyClientFace clientFace;
1559 const Name ca = Name("/DirectCertFetch");
1560 const Name user = Name("/DirectCertFetch/user");
1561 const Name interestName = Name("/DirectCertFetch/user/tag-interest");
1562 const std::string CONFIG = R"_TEXT_(
1563 rule
1564 {
1565 id "RuleForInterest"
1566 for interest
1567 checker
1568 {
1569 type hierarchical
1570 sig-type rsa-sha256
1571 }
1572 }
1573 rule
1574 {
1575 id "RuleForData"
1576 for data
1577 filter
1578 {
1579 type name
1580 regex ^<>*$
1581 }
1582 checker
1583 {
1584 type customized
1585 sig-type rsa-sha256
1586 key-locator
1587 {
1588 type name
1589 regex ^<>*$
1590 }
1591 }
1592 }
1593 trust-anchor
1594 {
1595 type file
1596 file-name "trust-anchor-1.cert"
1597 }
1598 )_TEXT_";
1599 boost::logic::tribool validationResult;
1600 Name userCertName;
1601 shared_ptr<v1::IdentityCertificate> userCert;
1602};
1603
1604BOOST_FIXTURE_TEST_SUITE(DirectCertFetch, DirectCertFetchFixture)
1605
1606BOOST_AUTO_TEST_CASE(CertFetchSuccess)
1607{
1608 runTest([this] (const Interest& directInterest, const Interest& infrastructureInterest) {
1609 this->clientFace.receive(*userCert);
1610 });
1611
1612 BOOST_CHECK_EQUAL(validationResult, true);
1613}
1614
1615BOOST_AUTO_TEST_CASE(CertFetchTimeout)
1616{
1617 // In this test case, certificate request would time out
1618 runTest([this] (const Interest& directInterest, const Interest& infrastructureInterest) { });
1619
1620 BOOST_CHECK_EQUAL(validationResult, false);
1621}
1622
1623BOOST_AUTO_TEST_CASE(CertFetchNack)
1624{
1625 runTest([this] (const Interest& directInterest, const Interest& infrastructureInterest) {
1626 lp::Nack nackInfrastructureInterest(infrastructureInterest);
1627 nackInfrastructureInterest.setHeader(lp::NackHeader().setReason(lp::NackReason::NO_ROUTE));
1628 this->clientFace.receive(nackInfrastructureInterest);
1629 });
1630
1631 BOOST_CHECK_EQUAL(validationResult, false);
1632}
1633
1634BOOST_AUTO_TEST_SUITE_END() // DirectCertFetch
Junxiao Shid5827ce2016-07-14 20:49:37 +00001635BOOST_AUTO_TEST_SUITE_END() // TestValidatorConfig
1636BOOST_AUTO_TEST_SUITE_END() // Security
Yingdi Yu41546342014-11-30 23:37:53 -08001637
1638} // namespace tests
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -07001639} // namespace security
Yingdi Yu41546342014-11-30 23:37:53 -08001640} // namespace ndn