Gitiles
Code Review Sign In
gerrit.named-data.net / ndncert / 0d1d11cda63a83c5ea4acaa1d6639176390d787f / . / tests / unit-tests / challenge-possession.t.cpp
blob: bfc48a69c8366a5cbd1a9623c9e77379415c752b [file] [log] [blame]
tylerliuf51e3162020-12-20 19:22:59 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]2/*
Davide Pesavento6f1a2ab2022-03-17 03:57:21 -0400[diff] [blame]3 * Copyright (c) 2017-2022, Regents of the University of California.
tylerliuf51e3162020-12-20 19:22:59 -0800[diff] [blame]4 *
5 * This file is part of ndncert, a certificate management system based on NDN.
6 *
7 * ndncert is free software: you can redistribute it and/or modify it under the terms
8 * of the GNU General Public License as published by the Free Software Foundation, either
9 * version 3 of the License, or (at your option) any later version.
10 *
11 * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License along with
16 * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
17 *
18 * See AUTHORS.md for complete list of ndncert authors and contributors.
19 */
20
21#include "challenge/challenge-possession.hpp"
tylerliuf51e3162020-12-20 19:22:59 -0800[diff] [blame]22#include "detail/challenge-encoder.hpp"
Davide Pesavento0d1d11c2022-04-11 22:11:34 -0400[diff] [blame^]23
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]24#include "test-common.hpp"
tylerliuf51e3162020-12-20 19:22:59 -0800[diff] [blame]25
Davide Pesavento0d1d11c2022-04-11 22:11:34 -0400[diff] [blame^]26namespace ndncert::tests {
tylerliuf51e3162020-12-20 19:22:59 -0800[diff] [blame]27
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]28BOOST_FIXTURE_TEST_SUITE(TestChallengePossession, IdentityManagementFixture)
tylerliuf51e3162020-12-20 19:22:59 -0800[diff] [blame]29
30BOOST_AUTO_TEST_CASE(LoadConfig)
31{
32 ChallengePossession challenge("./tests/unit-tests/config-files/config-challenge-possession");
33 BOOST_CHECK_EQUAL(challenge.CHALLENGE_TYPE, "Possession");
34
35 challenge.parseConfigFile();
36 BOOST_CHECK_EQUAL(challenge.m_trustAnchors.size(), 1);
37 auto cert = challenge.m_trustAnchors.front();
38 BOOST_CHECK_EQUAL(cert.getName(),
39 "/ndn/site1/KEY/%11%BC%22%F4c%15%FF%17/self/%FD%00%00%01Y%C8%14%D9%A5");
40}
41
42BOOST_AUTO_TEST_CASE(HandleChallengeRequest)
43{
44 // create trust anchor
45 ChallengePossession challenge("./tests/unit-tests/config-files/config-challenge-possession");
46 auto identity = addIdentity(Name("/trust"));
47 auto key = identity.getDefaultKey();
48 auto trustAnchor = key.getDefaultCertificate();
49 challenge.parseConfigFile();
50 challenge.m_trustAnchors.front() = trustAnchor;
51
52 // create certificate request
53 auto identityA = addIdentity(Name("/example"));
54 auto keyA = identityA.getDefaultKey();
55 auto certA = key.getDefaultCertificate();
56 RequestId requestId = {{101}};
57 ca::RequestState state;
58 state.caPrefix = Name("/example");
59 state.requestId = requestId;
60 state.requestType = RequestType::NEW;
61 state.cert = certA;
62
63 // create requester's credential
64 auto identityB = addIdentity(Name("/trust/cert"));
65 auto keyB = identityB.getDefaultKey();
66 auto credentialName = Name(keyB.getName()).append("Credential").appendVersion();
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]67 Certificate credential;
tylerliuf51e3162020-12-20 19:22:59 -0800[diff] [blame]68 credential.setName(credentialName);
Davide Pesavento6f1a2ab2022-03-17 03:57:21 -0400[diff] [blame]69 credential.setContent(keyB.getPublicKey());
tylerliuf51e3162020-12-20 19:22:59 -0800[diff] [blame]70 SignatureInfo signatureInfo;
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]71 signatureInfo.setValidityPeriod(ndn::security::ValidityPeriod(time::system_clock::now(),
72 time::system_clock::now() + time::minutes(1)));
tylerliuf51e3162020-12-20 19:22:59 -0800[diff] [blame]73 m_keyChain.sign(credential, signingByCertificate(trustAnchor).setSignatureInfo(signatureInfo));
74 m_keyChain.addCertificate(keyB, credential);
75
76 // using private key to sign cert request
77 auto params = challenge.getRequestedParameterList(state.status, "");
78 ChallengePossession::fulfillParameters(params, m_keyChain, credential.getName(), std::array<uint8_t, 16>{});
79 Block paramsTlv = challenge.genChallengeRequestTLV(state.status, "", params);
80 challenge.handleChallengeRequest(paramsTlv, state);
81 BOOST_CHECK_EQUAL(statusToString(state.status), statusToString(Status::CHALLENGE));
82 BOOST_CHECK_EQUAL(state.challengeState->challengeStatus, "need-proof");
83
84 // reply from server
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]85 auto nonceBuf = ndn::fromHex(state.challengeState->secrets.get("nonce", ""));
tylerliuf51e3162020-12-20 19:22:59 -0800[diff] [blame]86 std::array<uint8_t, 16> nonce{};
87 memcpy(nonce.data(), nonceBuf->data(), 16);
88 auto params2 = challenge.getRequestedParameterList(state.status, state.challengeState->challengeStatus);
89 ChallengePossession::fulfillParameters(params2, m_keyChain, credential.getName(), nonce);
90 Block paramsTlv2 = challenge.genChallengeRequestTLV(state.status, state.challengeState->challengeStatus, params2);
91 challenge.handleChallengeRequest(paramsTlv2, state);
92 BOOST_CHECK_EQUAL(statusToString(state.status), statusToString(Status::PENDING));
93}
94
95BOOST_AUTO_TEST_CASE(HandleChallengeRequestProofFail)
96{
97 // create trust anchor
98 ChallengePossession challenge("./tests/unit-tests/config-files/config-challenge-possession");
99 auto identity = addIdentity(Name("/trust"));
100 auto key = identity.getDefaultKey();
101 auto trustAnchor = key.getDefaultCertificate();
102 challenge.parseConfigFile();
103 challenge.m_trustAnchors.front() = trustAnchor;
104
105 // create certificate request
106 auto identityA = addIdentity(Name("/example"));
107 auto keyA = identityA.getDefaultKey();
108 auto certA = key.getDefaultCertificate();
109 RequestId requestId = {{101}};
110 ca::RequestState state;
111 state.caPrefix = Name("/example");
112 state.requestId = requestId;
113 state.requestType = RequestType::NEW;
114 state.cert = certA;
115
116 // create requester's credential
117 auto identityB = addIdentity(Name("/trust/cert"));
118 auto keyB = identityB.getDefaultKey();
119 auto credentialName = Name(keyB.getName()).append("Credential").appendVersion();
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]120 Certificate credential;
tylerliuf51e3162020-12-20 19:22:59 -0800[diff] [blame]121 credential.setName(credentialName);
Davide Pesavento6f1a2ab2022-03-17 03:57:21 -0400[diff] [blame]122 credential.setContent(keyB.getPublicKey());
tylerliuf51e3162020-12-20 19:22:59 -0800[diff] [blame]123 SignatureInfo signatureInfo;
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]124 signatureInfo.setValidityPeriod(ndn::security::ValidityPeriod(time::system_clock::now(),
125 time::system_clock::now() + time::minutes(1)));
tylerliuf51e3162020-12-20 19:22:59 -0800[diff] [blame]126 m_keyChain.sign(credential, signingByCertificate(trustAnchor).setSignatureInfo(signatureInfo));
127 m_keyChain.addCertificate(keyB, credential);
128
129 // using private key to sign cert request
130 auto params = challenge.getRequestedParameterList(state.status, "");
131 ChallengePossession::fulfillParameters(params, m_keyChain, credential.getName(), std::array<uint8_t, 16>{});
132 Block paramsTlv = challenge.genChallengeRequestTLV(state.status, "", params);
133 challenge.handleChallengeRequest(paramsTlv, state);
134 BOOST_CHECK_EQUAL(statusToString(state.status), statusToString(Status::CHALLENGE));
135 BOOST_CHECK_EQUAL(state.challengeState->challengeStatus, "need-proof");
136
137 // reply from server
138 std::array<uint8_t, 16> nonce{};
139 auto params2 = challenge.getRequestedParameterList(state.status, state.challengeState->challengeStatus);
140 ChallengePossession::fulfillParameters(params2, m_keyChain, credential.getName(), nonce);
141 Block paramsTlv2 = challenge.genChallengeRequestTLV(state.status, state.challengeState->challengeStatus, params2);
142 challenge.handleChallengeRequest(paramsTlv2, state);
143 BOOST_CHECK_EQUAL(statusToString(state.status), statusToString(Status::FAILURE));
144}
145
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]146BOOST_AUTO_TEST_SUITE_END() // TestChallengePossession
tylerliuf51e3162020-12-20 19:22:59 -0800[diff] [blame]147
Davide Pesavento0d1d11c2022-04-11 22:11:34 -0400[diff] [blame^]148} // namespace ndncert::tests