Update the NDNCERT library to version NDNCERT v2
spec:[https://github.com/named-data/ndncert/wiki/NDNCERT-Protocol-new]
Change-Id: Ia480a8e70c4b38ca170dfe2fcf50d1265ab65f46
diff --git a/tests/unit-tests/ca-module.t.cpp b/tests/unit-tests/ca-module.t.cpp
index 5d23a9f..34e2721 100644
--- a/tests/unit-tests/ca-module.t.cpp
+++ b/tests/unit-tests/ca-module.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2017, Regents of the University of California.
+ * Copyright (c) 2017-2019, Regents of the University of California.
*
* This file is part of ndncert, a certificate management system based on NDN.
*
@@ -19,15 +19,16 @@
*/
#include "ca-module.hpp"
-
#include "database-fixture.hpp"
#include "client-module.hpp"
#include "challenge-module.hpp"
-
+#include "challenge-module/challenge-pin.hpp"
+#include "challenge-module/challenge-email.hpp"
#include <ndn-cxx/util/dummy-client-face.hpp>
#include <ndn-cxx/security/signing-helpers.hpp>
#include <ndn-cxx/security/transform/public-key.hpp>
#include <ndn-cxx/security/verification-helpers.hpp>
+#include <iostream>
namespace ndn {
namespace ndncert {
@@ -39,8 +40,7 @@
{
util::DummyClientFace face(m_io, {true, true});
CaModule ca(face, m_keyChain, "tests/unit-tests/ca.conf.test");
- BOOST_CHECK_EQUAL(ca.getCaConf().m_caItems.front().m_caName.toUri(), "/ndn");
- BOOST_CHECK_EQUAL(ca.getCaConf().m_caItems.back().m_caName.toUri(), "/ndn/site1");
+ BOOST_CHECK_EQUAL(ca.getCaConf().m_caName.toUri(), "/ndn");
auto identity = addIdentity(Name("/ndn/site2"));
auto key = identity.getDefaultKey();
@@ -49,34 +49,68 @@
BOOST_CHECK_EQUAL(ca.getCaStorage()->getCertificate("111").getIdentity(), Name("/ndn/site2"));
advanceClocks(time::milliseconds(20), 60);
- BOOST_CHECK_EQUAL(ca.m_registeredPrefixIds.size(), 4);
- BOOST_CHECK_EQUAL(ca.m_interestFilterIds.size(), 18);
+ BOOST_CHECK_EQUAL(ca.m_registeredPrefixHandles.size(), 2);
+ BOOST_CHECK_EQUAL(ca.m_interestFilterHandles.size(), 4);
}
BOOST_AUTO_TEST_CASE(HandleProbe)
{
- auto identity = addIdentity(Name("/ndn/site1"));
+ auto identity = addIdentity(Name("/ndn"));
auto key = identity.getDefaultKey();
auto cert = key.getDefaultCertificate();
util::DummyClientFace face(m_io, {true, true});
CaModule ca(face, m_keyChain, "tests/unit-tests/ca.conf.test");
- ca.setProbeHandler(Name("/ndn/site1"), [&] (const std::string& probeInfo) {
+ ca.setProbeHandler([&] (const std::string& probeInfo) {
return probeInfo + "example";
});
-
advanceClocks(time::milliseconds(20), 60);
- Name interestName("/ndn/site1/CA");
- interestName.append("_PROBE").append("zhiyi");
- Interest interest(interestName);
+ Interest interest("/ndn/CA/_PROBE");
+ interest.setCanBePrefix(false);
+ JsonSection paramJson;
+ paramJson.add(JSON_CLIENT_PROBE_INFO, "zhiyi");
+ interest.setApplicationParameters(ClientModule::paramFromJson(paramJson));
int count = 0;
face.onSendData.connect([&] (const Data& response) {
count++;
BOOST_CHECK(security::verifySignature(response, cert));
- JsonSection contentJson = ClientModule::getJsonFromData(response);
- BOOST_CHECK_EQUAL(contentJson.get(JSON_IDNENTIFIER, ""), "/ndn/site1/zhiyiexample");
+ auto contentJson = ClientModule::getJsonFromData(response);
+ BOOST_CHECK_EQUAL(contentJson.get<std::string>(JSON_CA_NAME), "/ndn/zhiyiexample");
+ });
+ face.receive(interest);
+
+ advanceClocks(time::milliseconds(20), 60);
+ BOOST_CHECK_EQUAL(count, 1);
+}
+
+BOOST_AUTO_TEST_CASE(HandleProbeInfo)
+{
+ auto identity = addIdentity(Name("/ndn"));
+ auto key = identity.getDefaultKey();
+ auto cert = key.getDefaultCertificate();
+
+ util::DummyClientFace face(m_io, {true, true});
+ CaModule ca(face, m_keyChain, "tests/unit-tests/ca.conf.test");
+ ca.setProbeHandler([&] (const std::string& probeInfo) {
+ return probeInfo + "example";
+ });
+ advanceClocks(time::milliseconds(20), 60);
+
+ Interest interest("/ndn/CA/_PROBE/INFO");
+ interest.setCanBePrefix(false);
+
+ int count = 0;
+ face.onSendData.connect([&] (const Data& response) {
+ count++;
+ BOOST_CHECK(security::verifySignature(response, cert));
+ auto contentJson = ClientModule::getJsonFromData(response);
+ auto caItem = ClientConfig::extractCaItem(contentJson);
+ BOOST_CHECK_EQUAL(caItem.m_caName.toUri(), "/ndn");
+ BOOST_CHECK_EQUAL(caItem.m_probe, "input email address");
+ BOOST_CHECK_EQUAL(caItem.m_anchor.wireEncode(), cert.wireEncode());
+ BOOST_CHECK_EQUAL(caItem.m_caInfo, "ndn testbed ca");
});
face.receive(interest);
@@ -86,25 +120,26 @@
BOOST_AUTO_TEST_CASE(HandleProbeUsingDefaultHandler)
{
- auto identity = addIdentity(Name("/ndn/site1"));
+ auto identity = addIdentity(Name("/ndn"));
auto key = identity.getDefaultKey();
auto cert = key.getDefaultCertificate();
util::DummyClientFace face(m_io, {true, true});
CaModule ca(face, m_keyChain, "tests/unit-tests/ca.conf.test");
-
advanceClocks(time::milliseconds(20), 60);
- Name interestName("/ndn/site1/CA");
- interestName.append("_PROBE").append("zhiyi");
- Interest interest(interestName);
+ Interest interest("/ndn/CA/_PROBE");
+ interest.setCanBePrefix(false);
+ JsonSection paramJson;
+ paramJson.add(JSON_CLIENT_PROBE_INFO, "zhiyi");
+ interest.setApplicationParameters(ClientModule::paramFromJson(paramJson));
int count = 0;
face.onSendData.connect([&] (const Data& response) {
count++;
BOOST_CHECK(security::verifySignature(response, cert));
- JsonSection contentJson = ClientModule::getJsonFromData(response);
- BOOST_CHECK_EQUAL(contentJson.get(JSON_IDNENTIFIER, ""), "/ndn/site1/zhiyi");
+ auto contentJson = ClientModule::getJsonFromData(response);
+ BOOST_CHECK(contentJson.get<std::string>(JSON_CA_NAME) != "");
});
face.receive(interest);
@@ -114,140 +149,137 @@
BOOST_AUTO_TEST_CASE(HandleNew)
{
- auto identity = addIdentity(Name("/ndn/site1"));
+ auto identity = addIdentity(Name("/ndn"));
auto key = identity.getDefaultKey();
auto cert = key.getDefaultCertificate();
util::DummyClientFace face(m_io, {true, true});
- util::DummyClientFace face2(m_io, {true, true});
-
CaModule ca(face, m_keyChain, "tests/unit-tests/ca.conf.test");
advanceClocks(time::milliseconds(20), 60);
- Name identityName("/ndn/site1");
- identityName.append("zhiyi");
- ClientModule client(face2, m_keyChain);
+ ClientModule client(m_keyChain);
ClientCaItem item;
- item.m_caName = Name("/ndn/site1/CA");
+ item.m_caName = Name("/ndn");
item.m_anchor = cert;
client.getClientConf().m_caItems.push_back(item);
-
- int nClientInterest = 0;
- int nCaData = 0;
- int nClientCallback = 0;
-
- face.onSendData.connect([&] (const Data& data) {
- nCaData++;
- JsonSection contentJson = ClientModule::getJsonFromData(data);
- BOOST_CHECK(!contentJson.get(JSON_REQUEST_ID, "").empty());
- face2.receive(data);
- });
- face2.onSendInterest.connect([&] (const Interest& interest) {
- nClientInterest++;
- face.receive(interest);
- });
-
- client.sendNew(item, identityName,
- [&] (const shared_ptr<RequestState> state) {
- nClientCallback++;
- BOOST_CHECK(state->m_requestId != "");
- },
- [] (const std::string& s) { BOOST_CHECK(false); });
-
- advanceClocks(time::milliseconds(20), 60);
-
- BOOST_CHECK_EQUAL(nClientCallback, 1);
- BOOST_CHECK_EQUAL(nCaData, 1);
- BOOST_CHECK_EQUAL(nClientInterest, 1);
-}
-
-BOOST_AUTO_TEST_CASE(HandleLocalhostList)
-{
- auto identity0 = addIdentity(Name("/ndn"));
- auto identity1 = addIdentity(Name("/ndn/edu/ucla/cs/zhiyi"));
- auto identity2 = addIdentity(Name("/ndn/site1"));
- m_keyChain.setDefaultIdentity(identity0);
-
- util::DummyClientFace face(m_io, {true, true});
- CaModule ca(face, m_keyChain, "tests/unit-tests/ca.conf.test");
-
- advanceClocks(time::milliseconds(20), 60);
- Interest interest(Name("/localhost/CA/_LIST"));
+ auto interest = client.generateNewInterest(time::system_clock::now(),
+ time::system_clock::now() + time::days(10), Name("/ndn/zhiyi"));
int count = 0;
face.onSendData.connect([&] (const Data& response) {
count++;
- JsonSection contentJson = ClientModule::getJsonFromData(response);
- ClientConfig clientConf;
- clientConf.load(contentJson);
- BOOST_CHECK_EQUAL(clientConf.m_caItems.size(), 3);
+ BOOST_CHECK(security::verifySignature(response, cert));
+ auto contentJson = ClientModule::getJsonFromData(response);
+ BOOST_CHECK(contentJson.get<std::string>(JSON_CA_ECDH) != "");
+ BOOST_CHECK(contentJson.get<std::string>(JSON_CA_SALT) != "");
+ BOOST_CHECK(contentJson.get<std::string>(JSON_CA_EQUEST_ID) != "");
+ auto challengesJson = contentJson.get_child(JSON_CA_CHALLENGES);
+ BOOST_CHECK(challengesJson.size() != 0);
+
+ client.onNewResponse(response);
+ BOOST_CHECK_EQUAL_COLLECTIONS(client.m_aesKey, client.m_aesKey + 32, ca.m_aesKey, ca.m_aesKey + 32);
});
- face.receive(interest);
+ face.receive(*interest);
advanceClocks(time::milliseconds(20), 60);
BOOST_CHECK_EQUAL(count, 1);
}
-BOOST_AUTO_TEST_CASE(HandleList)
+BOOST_AUTO_TEST_CASE(HandleChallenge)
{
- auto identity0 = addIdentity(Name("/ndn"));
+ auto identity = addIdentity(Name("/ndn"));
+ auto key = identity.getDefaultKey();
+ auto cert = key.getDefaultCertificate();
+
util::DummyClientFace face(m_io, {true, true});
CaModule ca(face, m_keyChain, "tests/unit-tests/ca.conf.test");
-
advanceClocks(time::milliseconds(20), 60);
- Interest interest(Name("/ndn/CA/_LIST"));
+
+ // generate NEW Interest
+ ClientModule client(m_keyChain);
+ ClientCaItem item;
+ item.m_caName = Name("/ndn");
+ item.m_anchor = cert;
+ client.getClientConf().m_caItems.push_back(item);
+ auto newInterest = client.generateNewInterest(time::system_clock::now(),
+ time::system_clock::now() + time::days(10), Name("/ndn/zhiyi"));
+
+ // generate CHALLENGE Interest
+ ChallengePin pinChallenge;
+ shared_ptr<Interest> challengeInterest = nullptr;
+ shared_ptr<Interest> challengeInterest2 = nullptr;
+ shared_ptr<Interest> challengeInterest3 = nullptr;
int count = 0;
face.onSendData.connect([&] (const Data& response) {
- count++;
- JsonSection contentJson = ClientModule::getJsonFromData(response);
- BOOST_CHECK_EQUAL(contentJson.get_child("ca-list").size(), 2);
- std::string schemaDataName = contentJson.get<std::string>("trust-schema");
- BOOST_CHECK_EQUAL(schemaDataName, "TODO: add trust schema");
- });
- face.receive(interest);
+ if (Name("/ndn/CA/_NEW").isPrefixOf(response.getName())) {
+ auto contentJson = ClientModule::getJsonFromData(response);
+ std::cout << "Request ID " << contentJson.get<std::string>(JSON_CA_EQUEST_ID) << std::endl;
+ client.onNewResponse(response);
- advanceClocks(time::milliseconds(20), 60);
- BOOST_CHECK_EQUAL(count, 1);
-}
-
-BOOST_AUTO_TEST_CASE(HandleTargetList)
-{
- auto identity0 = addIdentity(Name("/ndn"));
- util::DummyClientFace face(m_io, {true, true});
- CaModule ca(face, m_keyChain, "tests/unit-tests/ca.conf.test");
- ca.setRecommendCaHandler(Name("/ndn"),
- [] (const std::string& input, const std::list<Name>& list) -> std::tuple<Name, std::string> {
- Name recommendedCa;
- std::string identity;
- for (auto caName : list) {
- std::string univName = readString(caName.get(-1));
- if (input.find(univName) != std::string::npos) {
- recommendedCa = caName;
- identity = input.substr(0, input.find("@"));
- }
+ auto paramJson = pinChallenge.getRequirementForChallenge(client.m_status, client.m_challengeStatus);
+ for (auto& item : paramJson) {
+ std::cout << "JSON attribute" << item.first;
+ std::cout << " : " << item.second.get<std::string>("") << std::endl;
}
- return std::make_tuple(recommendedCa, identity);
- });
-
- advanceClocks(time::milliseconds(20), 60);
- Interest interest(Name("/ndn/CA/_LIST/example@memphis.edu"));
-
- int count = 0;
- face.onSendData.connect([&] (const Data& response) {
+ challengeInterest = client.generateChallengeInterest(pinChallenge.genChallengeRequestJson(client.m_status,
+ client.m_challengeStatus,
+ paramJson));
+ }
+ else if (Name("/ndn/CA/_CHALLENGE").isPrefixOf(response.getName()) && count == 0) {
count++;
- JsonSection contentJson = ClientModule::getJsonFromData(response);
- std::string recommendedCA = contentJson.get<std::string>("recommended-ca");
- std::string recommendedIdentity = contentJson.get<std::string>("recommended-identity");
- std::string schemaDataName = contentJson.get<std::string>("trust-schema");
- BOOST_CHECK_EQUAL(recommendedCA, "/ndn/edu/memphis");
- BOOST_CHECK_EQUAL(recommendedIdentity, "example");
- BOOST_CHECK_EQUAL(schemaDataName, "TODO: add trust schema");
- });
- face.receive(interest);
+ BOOST_CHECK(security::verifySignature(response, cert));
+ client.onChallengeResponse(response);
+ BOOST_CHECK_EQUAL(client.m_status, STATUS_CHALLENGE);
+ BOOST_CHECK_EQUAL(client.m_challengeStatus, ChallengePin::NEED_CODE);
+ auto paramJson = pinChallenge.getRequirementForChallenge(client.m_status, client.m_challengeStatus);
+ for (auto& item : paramJson) {
+ std::cout << "JSON attribute" << item.first;
+ std::cout << " : " << item.second.get<std::string>("") << std::endl;
+ }
+ challengeInterest2 = client.generateChallengeInterest(pinChallenge.genChallengeRequestJson(client.m_status,
+ client.m_challengeStatus,
+ paramJson));
+ }
+ else if (Name("/ndn/CA/_CHALLENGE").isPrefixOf(response.getName()) && count == 1) {
+ count++;
+ BOOST_CHECK(security::verifySignature(response, cert));
+
+ client.onChallengeResponse(response);
+ BOOST_CHECK_EQUAL(client.m_status, STATUS_CHALLENGE);
+ BOOST_CHECK_EQUAL(client.m_challengeStatus, ChallengePin::WRONG_CODE);
+ auto paramJson = pinChallenge.getRequirementForChallenge(client.m_status, client.m_challengeStatus);
+ auto request = ca.getCertificateRequest(*challengeInterest2);
+ auto secret = request.m_challengeSecrets.get(ChallengePin::JSON_PIN_CODE, "");
+ for (auto& item : paramJson) {
+ std::cout << "JSON attribute" << item.first;
+ std::cout << " : " << item.second.get<std::string>("") << std::endl;
+ if (item.first == ChallengePin::JSON_PIN_CODE)
+ item.second.put("", secret);
+ }
+ challengeInterest3 = client.generateChallengeInterest(pinChallenge.genChallengeRequestJson(client.m_status,
+ client.m_challengeStatus,
+ paramJson));
+ }
+ else if (Name("/ndn/CA/_CHALLENGE").isPrefixOf(response.getName()) && count == 2) {
+ count++;
+ BOOST_CHECK(security::verifySignature(response, cert));
+
+ client.onChallengeResponse(response);
+ BOOST_CHECK_EQUAL(client.m_status, STATUS_SUCCESS);
+ BOOST_CHECK_EQUAL(client.m_challengeStatus, CHALLENGE_STATUS_SUCCESS);
+ }
+ });
+ face.receive(*newInterest);
advanceClocks(time::milliseconds(20), 60);
- BOOST_CHECK_EQUAL(count, 1);
+ face.receive(*challengeInterest);
+ advanceClocks(time::milliseconds(20), 60);
+ face.receive(*challengeInterest2);
+ advanceClocks(time::milliseconds(20), 60);
+ face.receive(*challengeInterest3);
+ advanceClocks(time::milliseconds(20), 60);
+ BOOST_CHECK_EQUAL(count, 3);
}
BOOST_AUTO_TEST_SUITE_END() // TestCaModule