blob: 360b0562c9b9945adc11f68ae80dfe75c54e5baf [file] [log] [blame]
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
Yingdi Yu48e8c0c2014-03-19 12:01:55 -07002/**
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -07003 * Copyright (c) 2013-2014, Regents of the University of California.
4 * All rights reserved.
5 *
6 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
7 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
8 *
9 * This file licensed under New BSD License. See COPYING for detailed information about
10 * ndn-cxx library copyright, permissions, and redistribution restrictions.
11 *
12 * @author Yingdi Yu <yingdi0@cs.ucla.edu>
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070013 */
14
15#include "security/validator-config.hpp"
16
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070017#include "security/key-chain.hpp"
18#include "util/io.hpp"
19
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -070020#include "boost-test.hpp"
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070021
22using namespace std;
23
24namespace ndn {
25
26BOOST_AUTO_TEST_SUITE(TestValidatorConfig)
27
28void
29onValidated(const shared_ptr<const Data>& data)
30{
31 BOOST_CHECK(true);
32}
33
34void
35onValidationFailed(const shared_ptr<const Data>& data, const string& failureInfo)
36{
37 std::cerr << "Failure Info: " << failureInfo << std::endl;
38 BOOST_CHECK(false);
39}
40
41void
42onIntentionalFailureValidated(const shared_ptr<const Data>& data)
43{
44 BOOST_CHECK(false);
45}
46
47void
48onIntentionalFailureInvalidated(const shared_ptr<const Data>& data, const string& failureInfo)
49{
50 BOOST_CHECK(true);
51}
52
53void
54onValidated2(const shared_ptr<const Interest>& interest)
55{
56 BOOST_CHECK(true);
57}
58
59void
60onValidationFailed2(const shared_ptr<const Interest>& interest, const string& failureInfo)
61{
62 std::cerr << "Interest Name: " << interest->getName() << std::endl;
63 std::cerr << "Failure Info: " << failureInfo << std::endl;
64 BOOST_CHECK(false);
65}
66
67void
68onIntentionalFailureValidated2(const shared_ptr<const Interest>& interest)
69{
70 BOOST_CHECK(false);
71}
72
73void
74onIntentionalFailureInvalidated2(const shared_ptr<const Interest>& interest,
75 const string& failureInfo)
76{
77 BOOST_CHECK(true);
78}
79
80BOOST_AUTO_TEST_CASE(NameFilter)
81{
82 KeyChain keyChain;
83
84 Name identity("/TestValidatorConfig/NameFilter");
85 identity.appendVersion();
86 BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
87 Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
88 shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
89 io::save(*idCert, "trust-anchor-1.cert");
90
91 Name dataName1("/simple/equal");
92 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
93 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
94
95 Name dataName2("/simple/different");
96 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
97 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
98
99 std::string CONFIG_1 =
100 "rule\n"
101 "{\n"
102 " id \"Simple Rule\"\n"
103 " for data\n"
104 " filter"
105 " {\n"
106 " type name\n"
107 " name /simple/equal\n"
108 " relation equal\n"
109 " }\n"
110 " checker\n"
111 " {\n"
112 " type customized\n"
113 " sig-type rsa-sha256\n"
114 " key-locator\n"
115 " {\n"
116 " type name\n"
117 " name ";
118
119 std::string CONFIG_2 =
120 "\n"
121 " relation equal\n"
122 " }\n"
123 " }\n"
124 "}\n"
125 "trust-anchor\n"
126 "{\n"
127 " type file\n"
128 " file-name \"trust-anchor-1.cert\"\n"
129 "}\n";
130 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
131
132 const boost::filesystem::path CONFIG_PATH =
133 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
134
135
Yingdi Yu96e64062014-04-15 19:57:33 -0700136 Face face;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700137 ValidatorConfig validator(face);
138 validator.load(CONFIG, CONFIG_PATH.native());
139
140 validator.validate(*data1,
141 bind(&onValidated, _1),
142 bind(&onValidationFailed, _1, _2));
143
144 validator.validate(*data2,
145 bind(&onIntentionalFailureValidated, _1),
146 bind(&onIntentionalFailureInvalidated, _1, _2));
147
148 keyChain.deleteIdentity(identity);
149
150 const boost::filesystem::path CERT_PATH =
151 (boost::filesystem::current_path() / std::string("trust-anchor-1.cert"));
152 boost::filesystem::remove(CERT_PATH);
153}
154
155BOOST_AUTO_TEST_CASE(NameFilter2)
156{
157 KeyChain keyChain;
158
159 Name identity("/TestValidatorConfig/NameFilter2");
160 identity.appendVersion();
161 BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
162 Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
163 shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
164 io::save(*idCert, "trust-anchor-2.cert");
165
166 Name dataName1("/simple/isPrefixOf");
167 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
168 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
169
170 Name dataName2("/simple/notPrefixOf");
171 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
172 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
173
174 Name dataName3("/simple/isPrefixOf/anotherLevel");
175 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
176 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
177
178 std::string CONFIG_1 =
179 "rule\n"
180 "{\n"
181 " id \"Simple2 Rule\"\n"
182 " for data\n"
183 " filter"
184 " {\n"
185 " type name\n"
186 " name /simple/isPrefixOf\n"
187 " relation is-prefix-of\n"
188 " }\n"
189 " checker\n"
190 " {\n"
191 " type customized\n"
192 " sig-type rsa-sha256\n"
193 " key-locator\n"
194 " {\n"
195 " type name\n"
196 " name ";
197
198 std::string CONFIG_2 =
199 "\n"
200 " relation equal\n"
201 " }\n"
202 " }\n"
203 "}\n"
204 "trust-anchor\n"
205 "{\n"
206 " type file\n"
207 " file-name \"trust-anchor-2.cert\"\n"
208 "}\n";
209 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
210
211 const boost::filesystem::path CONFIG_PATH =
212 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
213
214
Yingdi Yu96e64062014-04-15 19:57:33 -0700215 Face face;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700216 ValidatorConfig validator(face);
217 validator.load(CONFIG, CONFIG_PATH.native());
218
219 validator.validate(*data1,
220 bind(&onValidated, _1),
221 bind(&onValidationFailed, _1, _2));
222
223 validator.validate(*data2,
224 bind(&onIntentionalFailureValidated, _1),
225 bind(&onIntentionalFailureInvalidated, _1, _2));
226
227 validator.validate(*data3,
228 bind(&onValidated, _1),
229 bind(&onValidationFailed, _1, _2));
230
231 keyChain.deleteIdentity(identity);
232
233 const boost::filesystem::path CERT_PATH =
234 (boost::filesystem::current_path() / std::string("trust-anchor-2.cert"));
235 boost::filesystem::remove(CERT_PATH);
236}
237
238BOOST_AUTO_TEST_CASE(NameFilter3)
239{
240 KeyChain keyChain;
241
242 Name identity("/TestValidatorConfig/NameFilter3");
243 identity.appendVersion();
244 BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
245 Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
246 shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
247 io::save(*idCert, "trust-anchor-3.cert");
248
249 Name dataName1("/simple/isStrictPrefixOf");
250 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
251 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
252
253 Name dataName2("/simple");
254 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
255 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
256
257 Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
258 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
259 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
260
261 std::string CONFIG_1 =
262 "rule\n"
263 "{\n"
264 " id \"Simple3 Rule\"\n"
265 " for data\n"
266 " filter"
267 " {\n"
268 " type name\n"
269 " name /simple/isStrictPrefixOf\n"
270 " relation is-strict-prefix-of\n"
271 " }\n"
272 " checker\n"
273 " {\n"
274 " type customized\n"
275 " sig-type rsa-sha256\n"
276 " key-locator\n"
277 " {\n"
278 " type name\n"
279 " name ";
280
281 std::string CONFIG_2 =
282 "\n"
283 " relation equal\n"
284 " }\n"
285 " }\n"
286 "}\n"
287 "trust-anchor\n"
288 "{\n"
289 " type file\n"
290 " file-name \"trust-anchor-3.cert\"\n"
291 "}\n";
292 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
293
294 const boost::filesystem::path CONFIG_PATH =
295 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
296
297
Yingdi Yu96e64062014-04-15 19:57:33 -0700298 Face face;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700299 ValidatorConfig validator(face);
300 validator.load(CONFIG, CONFIG_PATH.native());
301
302 validator.validate(*data1,
303 bind(&onIntentionalFailureValidated, _1),
304 bind(&onIntentionalFailureInvalidated, _1, _2));
305
306 validator.validate(*data2,
307 bind(&onIntentionalFailureValidated, _1),
308 bind(&onIntentionalFailureInvalidated, _1, _2));
309
310 validator.validate(*data3,
311 bind(&onValidated, _1),
312 bind(&onValidationFailed, _1, _2));
313
314 keyChain.deleteIdentity(identity);
315
316 const boost::filesystem::path CERT_PATH =
317 (boost::filesystem::current_path() / std::string("trust-anchor-3.cert"));
318 boost::filesystem::remove(CERT_PATH);
319}
320
321BOOST_AUTO_TEST_CASE(NameFilter4)
322{
323 KeyChain keyChain;
324
325 Name identity("/TestValidatorConfig/NameFilter4");
326 identity.appendVersion();
327 BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
328 Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
329 shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
330 io::save(*idCert, "trust-anchor-4.cert");
331
332 Name dataName1("/simple/regex");
333 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
334 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
335
336 Name dataName2("/simple/regex-wrong");
337 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
338 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
339
340 Name dataName3("/simple/regex/correct");
341 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
342 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
343
344 std::string CONFIG_1 =
345 "rule\n"
346 "{\n"
347 " id \"Simple3 Rule\"\n"
348 " for data\n"
349 " filter"
350 " {\n"
351 " type name\n"
352 " regex ^<simple><regex>\n"
353 " }\n"
354 " checker\n"
355 " {\n"
356 " type customized\n"
357 " sig-type rsa-sha256\n"
358 " key-locator\n"
359 " {\n"
360 " type name\n"
361 " name ";
362
363 std::string CONFIG_2 =
364 "\n"
365 " relation equal\n"
366 " }\n"
367 " }\n"
368 "}\n"
369 "trust-anchor\n"
370 "{\n"
371 " type file\n"
372 " file-name \"trust-anchor-4.cert\"\n"
373 "}\n";
374 const std::string CONFIG = CONFIG_1 + certName.getPrefix(-1).toUri() + CONFIG_2;
375
376 const boost::filesystem::path CONFIG_PATH =
377 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
378
379
Yingdi Yu96e64062014-04-15 19:57:33 -0700380 Face face;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700381 ValidatorConfig validator(face);
382 validator.load(CONFIG, CONFIG_PATH.native());
383
384 validator.validate(*data1,
385 bind(&onValidated, _1),
386 bind(&onValidationFailed, _1, _2));
387
388 validator.validate(*data2,
389 bind(&onIntentionalFailureValidated, _1),
390 bind(&onIntentionalFailureInvalidated, _1, _2));
391
392 validator.validate(*data3,
393 bind(&onValidated, _1),
394 bind(&onValidationFailed, _1, _2));
395
396 keyChain.deleteIdentity(identity);
397
398 const boost::filesystem::path CERT_PATH =
399 (boost::filesystem::current_path() / std::string("trust-anchor-4.cert"));
400 boost::filesystem::remove(CERT_PATH);
401}
402
403BOOST_AUTO_TEST_CASE(KeyLocatorNameChecker1)
404{
405 KeyChain keyChain;
406
407 Name identity("/TestValidatorConfig/KeyLocatorNameChecker1");
408 identity.appendVersion();
409 BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
410 Name certName = keyChain.getDefaultCertificateNameForIdentity(identity);
411 shared_ptr<IdentityCertificate> idCert = keyChain.getCertificate(certName);
412 io::save(*idCert, "trust-anchor-5.cert");
413
414 Name dataName1 = identity;
415 dataName1.append("1");
416 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
417 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
418
419 Name dataName2 = identity;
420 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
421 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity));
422
423 Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
424 shared_ptr<Data> data3 = make_shared<Data>(dataName3);
425 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data3, identity));
426
427 const std::string CONFIG =
428 "rule\n"
429 "{\n"
430 " id \"Simple3 Rule\"\n"
431 " for data\n"
432 " checker\n"
433 " {\n"
434 " type customized\n"
435 " sig-type rsa-sha256\n"
436 " key-locator\n"
437 " {\n"
438 " type name\n"
439 " hyper-relation\n"
440 " {\n"
441 " k-regex ^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>$\n"
442 " k-expand \\\\1\\\\2\n"
443 " h-relation is-strict-prefix-of\n"
444 " p-regex ^(<>*)$\n"
445 " p-expand \\\\1\n"
446 " }\n"
447 " }\n"
448 " }\n"
449 "}\n"
450 "trust-anchor\n"
451 "{\n"
452 " type file\n"
453 " file-name \"trust-anchor-5.cert\"\n"
454 "}\n";
455 const boost::filesystem::path CONFIG_PATH =
456 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
457
458
Yingdi Yu96e64062014-04-15 19:57:33 -0700459 Face face;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700460 ValidatorConfig validator(face);
461 validator.load(CONFIG, CONFIG_PATH.native());
462
463 validator.validate(*data1,
464 bind(&onValidated, _1),
465 bind(&onValidationFailed, _1, _2));
466
467 validator.validate(*data2,
468 bind(&onIntentionalFailureValidated, _1),
469 bind(&onIntentionalFailureInvalidated, _1, _2));
470
471 validator.validate(*data3,
472 bind(&onIntentionalFailureValidated, _1),
473 bind(&onIntentionalFailureInvalidated, _1, _2));
474
475 keyChain.deleteIdentity(identity);
476
477 const boost::filesystem::path CERT_PATH =
478 (boost::filesystem::current_path() / std::string("trust-anchor-5.cert"));
479 boost::filesystem::remove(CERT_PATH);
480}
481
482struct FacesFixture
483{
484 FacesFixture()
485 : regPrefixId(0)
486 , regPrefixId2(0)
487 {}
488
489 void
490 onInterest(shared_ptr<Face> face, shared_ptr<Data> data)
491 {
492 face->put(*data);
493 face->unsetInterestFilter(regPrefixId);
494 }
495
496 void
497 onInterest2(shared_ptr<Face> face, shared_ptr<Data> data)
498 {
499 face->put(*data);
500 face->unsetInterestFilter(regPrefixId2);
501 }
502
503 void
504 onRegFailed()
505 {}
506
507 void
508 validate1(shared_ptr<ValidatorConfig> validator, shared_ptr<Data> data)
509 {
510 validator->validate(*data,
511 bind(&onValidated, _1),
512 bind(&onValidationFailed, _1, _2));
513 }
514
515 void
516 validate2(shared_ptr<ValidatorConfig> validator, shared_ptr<Data> data)
517 {
518 validator->validate(*data,
519 bind(&onIntentionalFailureValidated, _1),
520 bind(&onIntentionalFailureInvalidated, _1, _2));
521 }
522
523 void
524 validate3(shared_ptr<ValidatorConfig> validator, shared_ptr<Interest> interest)
525 {
526 validator->validate(*interest,
527 bind(&onValidated2, _1),
528 bind(&onValidationFailed2, _1, _2));
529 }
530
531 void
532 validate4(shared_ptr<ValidatorConfig> validator, shared_ptr<Interest> interest)
533 {
534 validator->validate(*interest,
535 bind(&onIntentionalFailureValidated2, _1),
536 bind(&onIntentionalFailureInvalidated2, _1, _2));
537 }
538
539 void
540 terminate(shared_ptr<Face> face)
541 {
542 face->ioService()->stop();
543 }
544
545 const RegisteredPrefixId* regPrefixId;
546 const RegisteredPrefixId* regPrefixId2;
547};
548
549BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
550{
551 KeyChain keyChain;
552 std::vector<CertificateSubjectDescription> subjectDescription;
553
554 Name root("/TestValidatorConfig");
555 Name rootCertName = keyChain.createIdentity(root);
556 shared_ptr<IdentityCertificate> rootCert =
557 keyChain.getCertificate(rootCertName);
558 io::save(*rootCert, "trust-anchor-6.cert");
559
560
561 Name sld("/TestValidatorConfig/HierarchicalChecker");
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700562 Name sldKeyName = keyChain.generateRsaKeyPairAsDefault(sld, true);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700563 shared_ptr<IdentityCertificate> sldCert =
564 keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
565 root,
566 time::system_clock::now(),
567 time::system_clock::now() + time::days(7300),
568 subjectDescription);
569 keyChain.signByIdentity(*sldCert, root);
570 keyChain.addCertificateAsIdentityDefault(*sldCert);
571
572 Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700573 Name nldKeyName = keyChain.generateRsaKeyPairAsDefault(nld, true);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700574 shared_ptr<IdentityCertificate> nldCert =
575 keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
576 sld,
577 time::system_clock::now(),
578 time::system_clock::now() + time::days(7300),
579 subjectDescription);
580 keyChain.signByIdentity(*nldCert, sld);
581 keyChain.addCertificateAsIdentityDefault(*nldCert);
582
583 shared_ptr<Face> face = make_shared<Face>();
Yingdi Yu96e64062014-04-15 19:57:33 -0700584 Face face2(face->ioService());
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700585 Scheduler scheduler(*face->ioService());
586
587 scheduler.scheduleEvent(time::seconds(1),
588 bind(&FacesFixture::terminate, this, face));
589
590 regPrefixId = face->setInterestFilter(sldCert->getName().getPrefix(-1),
591 bind(&FacesFixture::onInterest, this, face, sldCert),
592 bind(&FacesFixture::onRegFailed, this));
593
594 regPrefixId2 = face->setInterestFilter(nldCert->getName().getPrefix(-1),
595 bind(&FacesFixture::onInterest2, this, face, nldCert),
596 bind(&FacesFixture::onRegFailed, this));
597
598 Name dataName1 = nld;
599 dataName1.append("data1");
600 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
601 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, nld));
602
603 Name dataName2("/ConfValidatorTest");
604 dataName2.append("data1");
605 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
606 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, nld));
607
608
609 const std::string CONFIG =
610 "rule\n"
611 "{\n"
612 " id \"Simple3 Rule\"\n"
613 " for data\n"
614 " checker\n"
615 " {\n"
616 " type hierarchical\n"
617 " sig-type rsa-sha256\n"
618 " }\n"
619 "}\n"
620 "trust-anchor\n"
621 "{\n"
622 " type file\n"
623 " file-name \"trust-anchor-6.cert\"\n"
624 "}\n";
625 const boost::filesystem::path CONFIG_PATH =
626 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
627
628
629 shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face2));
630 validator->load(CONFIG, CONFIG_PATH.native());
631
632 scheduler.scheduleEvent(time::milliseconds(200),
633 bind(&FacesFixture::validate1, this,
634 validator, data1));
635
636 scheduler.scheduleEvent(time::milliseconds(400),
637 bind(&FacesFixture::validate2, this,
638 validator, data2));
639
640 BOOST_REQUIRE_NO_THROW(face->processEvents());
641
642 keyChain.deleteIdentity(root);
643 keyChain.deleteIdentity(sld);
644 keyChain.deleteIdentity(nld);
645
646 const boost::filesystem::path CERT_PATH =
647 (boost::filesystem::current_path() / std::string("trust-anchor-6.cert"));
648 boost::filesystem::remove(CERT_PATH);
649}
650
651BOOST_AUTO_TEST_CASE(FixedSingerChecker)
652{
653 KeyChain keyChain;
654
655 Name identity("/TestValidatorConfig/FixedSingerChecker");
656
657 Name identity1 = identity;
658 identity1.append("1").appendVersion();
659 BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity1));
660 Name certName1 = keyChain.getDefaultCertificateNameForIdentity(identity1);
661 shared_ptr<IdentityCertificate> idCert1 = keyChain.getCertificate(certName1);
662 io::save(*idCert1, "trust-anchor-7.cert");
663
664 Name identity2 = identity;
665 identity2.append("2").appendVersion();
666 BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity2));
667
668 Name dataName1 = identity;
669 dataName1.append("data").appendVersion();
670 shared_ptr<Data> data1 = make_shared<Data>(dataName1);
671 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity1));
672
673 Name dataName2 = identity;
674 dataName2.append("data").appendVersion();
675 shared_ptr<Data> data2 = make_shared<Data>(dataName2);
676 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data2, identity2));
677
Yingdi Yu20a06962014-04-17 12:56:04 -0700678 Name interestName("/TestValidatorConfig/FixedSingerChecker/fakeSigInfo/fakeSigValue");
679 shared_ptr<Interest> interest = make_shared<Interest>(interestName);
680
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700681 const std::string CONFIG =
682 "rule\n"
683 "{\n"
Yingdi Yu20a06962014-04-17 12:56:04 -0700684 " id \"FixedSingerChecker Data Rule\"\n"
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700685 " for data\n"
686 " filter"
687 " {\n"
688 " type name\n"
689 " name /TestValidatorConfig/FixedSingerChecker\n"
690 " relation is-strict-prefix-of\n"
691 " }\n"
692 " checker\n"
693 " {\n"
694 " type fixed-signer\n"
695 " sig-type rsa-sha256\n"
696 " signer\n"
697 " {\n"
698 " type file\n"
699 " file-name \"trust-anchor-7.cert\"\n"
700 " }\n"
701 " }\n"
Yingdi Yu20a06962014-04-17 12:56:04 -0700702 "}\n"
703 "rule\n"
704 "{\n"
705 " id \"FixedSingerChecker Interest Rule\"\n"
706 " for interest\n"
707 " filter"
708 " {\n"
709 " type name\n"
710 " name /TestValidatorConfig/FixedSingerChecker\n"
711 " relation is-strict-prefix-of\n"
712 " }\n"
713 " checker\n"
714 " {\n"
715 " type fixed-signer\n"
716 " sig-type rsa-sha256\n"
717 " signer\n"
718 " {\n"
719 " type file\n"
720 " file-name \"trust-anchor-7.cert\"\n"
721 " }\n"
722 " }\n"
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700723 "}\n";
724 const boost::filesystem::path CONFIG_PATH =
725 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
726
727
Yingdi Yu96e64062014-04-15 19:57:33 -0700728 Face face;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700729 ValidatorConfig validator(face);
730 validator.load(CONFIG, CONFIG_PATH.native());
731
732 validator.validate(*data1,
733 bind(&onValidated, _1),
734 bind(&onValidationFailed, _1, _2));
735
736 validator.validate(*data2,
737 bind(&onIntentionalFailureValidated, _1),
738 bind(&onIntentionalFailureInvalidated, _1, _2));
739
Yingdi Yu20a06962014-04-17 12:56:04 -0700740 validator.validate(*interest,
741 bind(&onIntentionalFailureValidated2, _1),
742 bind(&onIntentionalFailureInvalidated2, _1, _2));
743
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700744
745 keyChain.deleteIdentity(identity1);
746 keyChain.deleteIdentity(identity2);
747
748 const boost::filesystem::path CERT_PATH =
749 (boost::filesystem::current_path() / std::string("trust-anchor-7.cert"));
750 boost::filesystem::remove(CERT_PATH);
751}
752
753
754BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
755{
756 KeyChain keyChain;
757 std::vector<CertificateSubjectDescription> subjectDescription;
758
759 Name root("/TestValidatorConfig");
760 Name rootCertName = keyChain.createIdentity(root);
761 shared_ptr<IdentityCertificate> rootCert =
762 keyChain.getCertificate(rootCertName);
763 io::save(*rootCert, "trust-anchor-8.cert");
764
765
766 Name sld("/TestValidatorConfig/Nrd-1");
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700767 Name sldKeyName = keyChain.generateRsaKeyPairAsDefault(sld, true);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700768 shared_ptr<IdentityCertificate> sldCert =
769 keyChain.prepareUnsignedIdentityCertificate(sldKeyName,
770 root,
771 time::system_clock::now(),
772 time::system_clock::now() + time::days(7300),
773 subjectDescription);
774 keyChain.signByIdentity(*sldCert, root);
775 keyChain.addCertificateAsIdentityDefault(*sldCert);
776
777 Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700778 Name nldKeyName = keyChain.generateRsaKeyPairAsDefault(nld, true);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700779 shared_ptr<IdentityCertificate> nldCert =
780 keyChain.prepareUnsignedIdentityCertificate(nldKeyName,
781 sld,
782 time::system_clock::now(),
783 time::system_clock::now() + time::days(7300),
784 subjectDescription);
785 keyChain.signByIdentity(*nldCert, sld);
786 keyChain.addCertificateAsIdentityDefault(*nldCert);
787
788 shared_ptr<Face> face = make_shared<Face>();
Yingdi Yu96e64062014-04-15 19:57:33 -0700789 Face face2(face->ioService());
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700790 Scheduler scheduler(*face->ioService());
791
792 scheduler.scheduleEvent(time::seconds(1),
793 bind(&FacesFixture::terminate, this, face));
794
795 regPrefixId = face->setInterestFilter(sldCert->getName().getPrefix(-1),
796 bind(&FacesFixture::onInterest, this, face, sldCert),
797 bind(&FacesFixture::onRegFailed, this));
798
799 regPrefixId2 = face->setInterestFilter(nldCert->getName().getPrefix(-1),
800 bind(&FacesFixture::onInterest2, this, face, nldCert),
801 bind(&FacesFixture::onRegFailed, this));
802
803 Name interestName1("/localhost/nrd/register/option/timestamp/nonce");
804 shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
805 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest1, nld));
806
807 Name interestName2("/localhost/nrd/non-register");
808 shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
809 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest2, nld));
810
Yingdi Yu3cca4ab2014-04-11 12:46:53 -0700811 Name interestName3("/localhost/nrd/register/option/timestamp/nonce");
812 shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
813 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*interest3, root));
814
Yingdi Yu20a06962014-04-17 12:56:04 -0700815 Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
816 shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700817
818 const std::string CONFIG =
819 "rule\n"
820 "{\n"
821 " id \"NRD Prefix Registration Command Rule\"\n"
822 " for interest\n"
823 " filter\n"
824 " {\n"
825 " type name\n"
826 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>{3}$\n"
827 " }\n"
828 " checker\n"
829 " {\n"
830 " type customized\n"
831 " sig-type rsa-sha256\n"
832 " key-locator\n"
833 " {\n"
834 " type name\n"
835 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
836 " }\n"
837 " }\n"
838 "}\n"
839 "rule\n"
840 "{\n"
841 " id \"Testbed Hierarchy Rule\"\n"
842 " for data\n"
843 " filter\n"
844 " {\n"
845 " type name\n"
846 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
847 " }\n"
848 " checker\n"
849 " {\n"
850 " type hierarchical\n"
851 " sig-type rsa-sha256\n"
852 " }\n"
853 "}\n"
854 "trust-anchor\n"
855 "{\n"
856 " type file\n"
857 " file-name \"trust-anchor-8.cert\"\n"
858 "}\n";
859 const boost::filesystem::path CONFIG_PATH =
860 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
861
862
863 shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face2));
864 validator->load(CONFIG, CONFIG_PATH.native());
865
Yingdi Yu20a06962014-04-17 12:56:04 -0700866 // should succeed
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700867 scheduler.scheduleEvent(time::milliseconds(200),
868 bind(&FacesFixture::validate3, this,
869 validator, interest1));
Yingdi Yu20a06962014-04-17 12:56:04 -0700870 // should fail
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700871 scheduler.scheduleEvent(time::milliseconds(400),
872 bind(&FacesFixture::validate4, this,
873 validator, interest2));
Yingdi Yu20a06962014-04-17 12:56:04 -0700874 // should succeed
Yingdi Yu3cca4ab2014-04-11 12:46:53 -0700875 scheduler.scheduleEvent(time::milliseconds(600),
876 bind(&FacesFixture::validate3, this,
877 validator, interest3));
Yingdi Yu20a06962014-04-17 12:56:04 -0700878 // should fail
879 scheduler.scheduleEvent(time::milliseconds(600),
880 bind(&FacesFixture::validate4, this,
881 validator, interest4));
Yingdi Yu3cca4ab2014-04-11 12:46:53 -0700882
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700883 BOOST_REQUIRE_NO_THROW(face->processEvents());
884
885 keyChain.deleteIdentity(root);
886 keyChain.deleteIdentity(sld);
887 keyChain.deleteIdentity(nld);
888
889 const boost::filesystem::path CERT_PATH =
890 (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
891 boost::filesystem::remove(CERT_PATH);
892}
893
Yingdi Yu58f33712014-04-16 16:57:47 -0700894BOOST_AUTO_TEST_CASE(Reset)
895{
896 KeyChain keyChain;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700897
Yingdi Yu58f33712014-04-16 16:57:47 -0700898 Name root("/TestValidatorConfig/Reload");
899 Name rootCertName = keyChain.createIdentity(root);
900 shared_ptr<IdentityCertificate> rootCert =
901 keyChain.getCertificate(rootCertName);
902 io::save(*rootCert, "trust-anchor-8.cert");
903
904 Face face;
905
906 const std::string CONFIG =
907 "rule\n"
908 "{\n"
909 " id \"NRD Prefix Registration Command Rule\"\n"
910 " for interest\n"
911 " filter\n"
912 " {\n"
913 " type name\n"
914 " regex ^<localhost><nrd>[<register><unregister><advertise><withdraw>]<>{3}$\n"
915 " }\n"
916 " checker\n"
917 " {\n"
918 " type customized\n"
919 " sig-type rsa-sha256\n"
920 " key-locator\n"
921 " {\n"
922 " type name\n"
923 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$\n"
924 " }\n"
925 " }\n"
926 "}\n"
927 "rule\n"
928 "{\n"
929 " id \"Testbed Hierarchy Rule\"\n"
930 " for data\n"
931 " filter\n"
932 " {\n"
933 " type name\n"
934 " regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$\n"
935 " }\n"
936 " checker\n"
937 " {\n"
938 " type hierarchical\n"
939 " sig-type rsa-sha256\n"
940 " }\n"
941 "}\n"
942 "trust-anchor\n"
943 "{\n"
944 " type file\n"
945 " file-name \"trust-anchor-8.cert\"\n"
946 "}\n";
947 const boost::filesystem::path CONFIG_PATH =
948 (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
949
950
951 shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
952
953 validator->load(CONFIG, CONFIG_PATH.native());
954 BOOST_CHECK_EQUAL(validator->isEmpty(), false);
955
956 validator->reset();
957 BOOST_CHECK(validator->isEmpty());
958
959 keyChain.deleteIdentity(root);
960
961 const boost::filesystem::path CERT_PATH =
962 (boost::filesystem::current_path() / std::string("trust-anchor-8.cert"));
963 boost::filesystem::remove(CERT_PATH);
964}
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700965
966BOOST_AUTO_TEST_SUITE_END()
967
968} // namespace ndn