blob: 56b05f92db924ad017a3ad8db9eb021d9463656f [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -04001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yu4270f202014-01-28 14:19:16 -08002/**
Alexander Afanasyevc169a812014-05-20 20:37:29 -04003 * Copyright (c) 2013-2014 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -07004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -07006 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -04007 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Yingdi Yu4270f202014-01-28 14:19:16 -080020 */
21
Yingdi Yu4270f202014-01-28 14:19:16 -080022#include "security/key-chain.hpp"
Yingdi Yu6ac97982014-01-30 14:49:21 -080023#include "security/validator.hpp"
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080024
Yingdi Yuc4f6fd72014-02-26 12:48:44 -080025#include "util/command-interest-generator.hpp"
26#include "util/command-interest-validator.hpp"
Yingdi Yu4270f202014-01-28 14:19:16 -080027
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -070028#include "boost-test.hpp"
29
Yingdi Yu4270f202014-01-28 14:19:16 -080030using namespace std;
Alexander Afanasyev0abb2da2014-01-30 18:07:57 -080031namespace ndn {
Yingdi Yu4270f202014-01-28 14:19:16 -080032
Alexander Afanasyevd1b5c412014-03-27 15:03:51 -070033BOOST_AUTO_TEST_SUITE(SecurityTestSignedInterest)
Yingdi Yu4270f202014-01-28 14:19:16 -080034
Yingdi Yuf56c68f2014-04-24 21:50:13 -070035BOOST_AUTO_TEST_CASE(SignedInterest)
Yingdi Yu4270f202014-01-28 14:19:16 -080036{
Yingdi Yuf56c68f2014-04-24 21:50:13 -070037 BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
38 KeyChain keyChain("sqlite3", "file");
Yingdi Yu4270f202014-01-28 14:19:16 -080039
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070040 Name identityName("/TestSignedInterest/SignVerify");
41 identityName.appendVersion();
42
Yingdi Yu17bc3012014-02-10 17:37:12 -080043 Name certificateName;
44 BOOST_REQUIRE_NO_THROW(certificateName = keyChain.createIdentity(identityName));
Yingdi Yu4270f202014-01-28 14:19:16 -080045
Yingdi Yu17bc3012014-02-10 17:37:12 -080046 Interest interest("/TestSignedInterest/SignVerify/Interest1");
Yingdi Yu2e57a582014-02-20 23:34:43 -080047 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(interest, identityName));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070048
Yingdi Yu4270f202014-01-28 14:19:16 -080049 Block interestBlock(interest.wireEncode().wire(), interest.wireEncode().size());
50
51 Interest interest2;
52 interest2.wireDecode(interestBlock);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070053
Yingdi Yu2e57a582014-02-20 23:34:43 -080054 shared_ptr<PublicKey> publicKey;
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -070055 BOOST_REQUIRE_NO_THROW(publicKey = keyChain.getPublicKeyFromTpm(
56 keyChain.getDefaultKeyNameForIdentity(identityName)));
Yingdi Yu6ac97982014-01-30 14:49:21 -080057 bool result = Validator::verifySignature(interest2, *publicKey);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070058
Yingdi Yu17bc3012014-02-10 17:37:12 -080059 BOOST_CHECK_EQUAL(result, true);
60
Yingdi Yu2e57a582014-02-20 23:34:43 -080061 keyChain.deleteIdentity(identityName);
Yingdi Yu4270f202014-01-28 14:19:16 -080062}
63
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080064class CommandInterestFixture
65{
66public:
67 CommandInterestFixture()
68 : m_validity(false)
69 {}
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070070
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080071 void
72 validated(const shared_ptr<const Interest>& interest)
73 { m_validity = true; }
74
75 void
Yingdi Yu40587c02014-02-21 16:40:48 -080076 validationFailed(const shared_ptr<const Interest>& interest, const string& failureInfo)
77 {
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070078 m_validity = false;
Yingdi Yu40587c02014-02-21 16:40:48 -080079 }
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080080
81 void
82 reset()
83 { m_validity = false; }
84
85 bool m_validity;
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070086};
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080087
Yingdi Yu0fc447c2014-04-29 19:38:32 -070088BOOST_FIXTURE_TEST_CASE(CommandInterest, CommandInterestFixture)
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080089{
90 KeyChain keyChain;
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -070091 Name identity("/TestCommandInterest/Validation");
92 identity.appendVersion();
93
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -080094 Name certName;
95 BOOST_REQUIRE_NO_THROW(certName = keyChain.createIdentity(identity));
96
97 CommandInterestGenerator generator;
98 CommandInterestValidator validator;
99
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700100 validator.addInterestRule("^<TestCommandInterest><Validation>",
101 *keyChain.getCertificate(certName));
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800102
103 //Test a legitimate command
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700104 shared_ptr<Interest> commandInterest1 =
105 make_shared<Interest>("/TestCommandInterest/Validation/Command1");
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800106 generator.generateWithIdentity(*commandInterest1, identity);
107 validator.validate(*commandInterest1,
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700108 bind(&CommandInterestFixture::validated, this, _1),
109 bind(&CommandInterestFixture::validationFailed, this, _1, _2));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700110
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800111 BOOST_CHECK_EQUAL(m_validity, true);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700112
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800113 //Test an outdated command
114 reset();
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700115 shared_ptr<Interest> commandInterest2 =
116 make_shared<Interest>("/TestCommandInterest/Validation/Command2");
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700117 time::milliseconds timestamp = time::toUnixTimestamp(time::system_clock::now());
118 timestamp -= time::seconds(5);
119
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800120 Name commandName = commandInterest2->getName();
121 commandName
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700122 .appendNumber(timestamp.count())
123 .appendNumber(random::generateWord64());
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800124 commandInterest2->setName(commandName);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700125
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800126 keyChain.signByIdentity(*commandInterest2, identity);
127 validator.validate(*commandInterest2,
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700128 bind(&CommandInterestFixture::validated, this, _1),
129 bind(&CommandInterestFixture::validationFailed, this, _1, _2));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700130
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800131 BOOST_CHECK_EQUAL(m_validity, false);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700132
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800133 //Test an unauthorized command
134 Name identity2("/TestCommandInterest/Validation2");
135 Name certName2;
136 BOOST_REQUIRE_NO_THROW(certName2 = keyChain.createIdentity(identity2));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700137
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700138 shared_ptr<Interest> commandInterest3 =
139 make_shared<Interest>("/TestCommandInterest/Validation/Command3");
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800140 generator.generateWithIdentity(*commandInterest3, identity2);
141 validator.validate(*commandInterest3,
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700142 bind(&CommandInterestFixture::validated, this, _1),
143 bind(&CommandInterestFixture::validationFailed, this, _1, _2));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700144
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800145 BOOST_CHECK_EQUAL(m_validity, false);
146
147 //Test another unauthorized command
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700148 shared_ptr<Interest> commandInterest4 =
149 make_shared<Interest>("/TestCommandInterest/Validation2/Command");
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800150 generator.generateWithIdentity(*commandInterest4, identity);
151 validator.validate(*commandInterest4,
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700152 bind(&CommandInterestFixture::validated, this, _1),
153 bind(&CommandInterestFixture::validationFailed, this, _1, _2));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700154
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800155 BOOST_CHECK_EQUAL(m_validity, false);
156
157 BOOST_CHECK_NO_THROW(keyChain.deleteIdentity(identity));
158 BOOST_CHECK_NO_THROW(keyChain.deleteIdentity(identity2));
159}
160
Yingdi Yu0fc447c2014-04-29 19:38:32 -0700161BOOST_FIXTURE_TEST_CASE(Exemption, CommandInterestFixture)
162{
163 KeyChain keyChain;
164 Name identity("/TestCommandInterest/AnyKey");
165
166 Name certName;
167 BOOST_REQUIRE_NO_THROW(certName = keyChain.createIdentity(identity));
168
169 CommandInterestGenerator generator;
170 CommandInterestValidator validator;
171
172 validator.addInterestBypassRule("^<TestCommandInterest><Exemption>");
173
174 //Test a legitimate command
175 shared_ptr<Interest> commandInterest1 =
176 make_shared<Interest>("/TestCommandInterest/Exemption/Command1");
177 generator.generateWithIdentity(*commandInterest1, identity);
178 validator.validate(*commandInterest1,
179 bind(&CommandInterestFixture::validated, this, _1),
180 bind(&CommandInterestFixture::validationFailed, this, _1, _2));
181
182 BOOST_CHECK_EQUAL(m_validity, true);
183
184 BOOST_CHECK_NO_THROW(keyChain.deleteIdentity(identity));
185}
186
187
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800188
Yingdi Yu4270f202014-01-28 14:19:16 -0800189BOOST_AUTO_TEST_SUITE_END()
Alexander Afanasyev0abb2da2014-01-30 18:07:57 -0800190
191} // namespace ndn