Blame - tests/unit-tests/challenge-possession.t.cpp - ndncert

blob: 84d05d5bc78d5a230a8d66a9c3fc21974004341d [file] [log] [blame]

tylerliu	f51e316	2020-12-20 19:22:59 -0800	[diff] [blame]	1	/* -- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -- */
				2	/**
				3	* Copyright (c) 2017-2020, Regents of the University of California.
				4	*
				5	* This file is part of ndncert, a certificate management system based on NDN.
				6	*
				7	* ndncert is free software: you can redistribute it and/or modify it under the terms
				8	* of the GNU General Public License as published by the Free Software Foundation, either
				9	* version 3 of the License, or (at your option) any later version.
				10	*
				11	* ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
				12	* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
				13	* PARTICULAR PURPOSE. See the GNU General Public License for more details.
				14	*
				15	* You should have received copies of the GNU General Public License along with
				16	* ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
				17	*
				18	* See AUTHORS.md for complete list of ndncert authors and contributors.
				19	*/
				20
				21	#include "challenge/challenge-possession.hpp"
				22	#include "test-common.hpp"
				23	#include "detail/challenge-encoder.hpp"
				24
				25	namespace ndn {
				26	namespace ndncert {
				27	namespace tests {
				28
				29	BOOST_FIXTURE_TEST_SUITE(TestChallengeCredential, IdentityManagementFixture)
				30
				31	BOOST_AUTO_TEST_CASE(LoadConfig)
				32	{
				33	ChallengePossession challenge("./tests/unit-tests/config-files/config-challenge-possession");
				34	BOOST_CHECK_EQUAL(challenge.CHALLENGE_TYPE, "Possession");
				35
				36	challenge.parseConfigFile();
				37	BOOST_CHECK_EQUAL(challenge.m_trustAnchors.size(), 1);
				38	auto cert = challenge.m_trustAnchors.front();
				39	BOOST_CHECK_EQUAL(cert.getName(),
				40	"/ndn/site1/KEY/%11%BC%22%F4c%15%FF%17/self/%FD%00%00%01Y%C8%14%D9%A5");
				41	}
				42
				43	BOOST_AUTO_TEST_CASE(HandleChallengeRequest)
				44	{
				45	// create trust anchor
				46	ChallengePossession challenge("./tests/unit-tests/config-files/config-challenge-possession");
				47	auto identity = addIdentity(Name("/trust"));
				48	auto key = identity.getDefaultKey();
				49	auto trustAnchor = key.getDefaultCertificate();
				50	challenge.parseConfigFile();
				51	challenge.m_trustAnchors.front() = trustAnchor;
				52
				53	// create certificate request
				54	auto identityA = addIdentity(Name("/example"));
				55	auto keyA = identityA.getDefaultKey();
				56	auto certA = key.getDefaultCertificate();
				57	RequestId requestId = {{101}};
				58	ca::RequestState state;
				59	state.caPrefix = Name("/example");
				60	state.requestId = requestId;
				61	state.requestType = RequestType::NEW;
				62	state.cert = certA;
				63
				64	// create requester's credential
				65	auto identityB = addIdentity(Name("/trust/cert"));
				66	auto keyB = identityB.getDefaultKey();
				67	auto credentialName = Name(keyB.getName()).append("Credential").appendVersion();
				68	security::Certificate credential;
				69	credential.setName(credentialName);
				70	credential.setContent(keyB.getPublicKey().data(), keyB.getPublicKey().size());
				71	SignatureInfo signatureInfo;
				72	signatureInfo.setValidityPeriod(security::ValidityPeriod(time::system_clock::now(), time::system_clock::now() +
				73	time::minutes(1)));
				74	m_keyChain.sign(credential, signingByCertificate(trustAnchor).setSignatureInfo(signatureInfo));
				75	m_keyChain.addCertificate(keyB, credential);
				76
				77	// using private key to sign cert request
				78	auto params = challenge.getRequestedParameterList(state.status, "");
				79	ChallengePossession::fulfillParameters(params, m_keyChain, credential.getName(), std::array<uint8_t, 16>{});
				80	Block paramsTlv = challenge.genChallengeRequestTLV(state.status, "", params);
				81	challenge.handleChallengeRequest(paramsTlv, state);
				82	BOOST_CHECK_EQUAL(statusToString(state.status), statusToString(Status::CHALLENGE));
				83	BOOST_CHECK_EQUAL(state.challengeState->challengeStatus, "need-proof");
				84
				85	// reply from server
				86	auto nonceBuf = fromHex(state.challengeState->secrets.get("nonce", ""));
				87	std::array<uint8_t, 16> nonce{};
				88	memcpy(nonce.data(), nonceBuf->data(), 16);
				89	auto params2 = challenge.getRequestedParameterList(state.status, state.challengeState->challengeStatus);
				90	ChallengePossession::fulfillParameters(params2, m_keyChain, credential.getName(), nonce);
				91	Block paramsTlv2 = challenge.genChallengeRequestTLV(state.status, state.challengeState->challengeStatus, params2);
				92	challenge.handleChallengeRequest(paramsTlv2, state);
				93	BOOST_CHECK_EQUAL(statusToString(state.status), statusToString(Status::PENDING));
				94	}
				95
				96	BOOST_AUTO_TEST_CASE(HandleChallengeRequestProofFail)
				97	{
				98	// create trust anchor
				99	ChallengePossession challenge("./tests/unit-tests/config-files/config-challenge-possession");
				100	auto identity = addIdentity(Name("/trust"));
				101	auto key = identity.getDefaultKey();
				102	auto trustAnchor = key.getDefaultCertificate();
				103	challenge.parseConfigFile();
				104	challenge.m_trustAnchors.front() = trustAnchor;
				105
				106	// create certificate request
				107	auto identityA = addIdentity(Name("/example"));
				108	auto keyA = identityA.getDefaultKey();
				109	auto certA = key.getDefaultCertificate();
				110	RequestId requestId = {{101}};
				111	ca::RequestState state;
				112	state.caPrefix = Name("/example");
				113	state.requestId = requestId;
				114	state.requestType = RequestType::NEW;
				115	state.cert = certA;
				116
				117	// create requester's credential
				118	auto identityB = addIdentity(Name("/trust/cert"));
				119	auto keyB = identityB.getDefaultKey();
				120	auto credentialName = Name(keyB.getName()).append("Credential").appendVersion();
				121	security::Certificate credential;
				122	credential.setName(credentialName);
				123	credential.setContent(keyB.getPublicKey().data(), keyB.getPublicKey().size());
				124	SignatureInfo signatureInfo;
				125	signatureInfo.setValidityPeriod(security::ValidityPeriod(time::system_clock::now(), time::system_clock::now() +
				126	time::minutes(1)));
				127	m_keyChain.sign(credential, signingByCertificate(trustAnchor).setSignatureInfo(signatureInfo));
				128	m_keyChain.addCertificate(keyB, credential);
				129
				130	// using private key to sign cert request
				131	auto params = challenge.getRequestedParameterList(state.status, "");
				132	ChallengePossession::fulfillParameters(params, m_keyChain, credential.getName(), std::array<uint8_t, 16>{});
				133	Block paramsTlv = challenge.genChallengeRequestTLV(state.status, "", params);
				134	challenge.handleChallengeRequest(paramsTlv, state);
				135	BOOST_CHECK_EQUAL(statusToString(state.status), statusToString(Status::CHALLENGE));
				136	BOOST_CHECK_EQUAL(state.challengeState->challengeStatus, "need-proof");
				137
				138	// reply from server
				139	std::array<uint8_t, 16> nonce{};
				140	auto params2 = challenge.getRequestedParameterList(state.status, state.challengeState->challengeStatus);
				141	ChallengePossession::fulfillParameters(params2, m_keyChain, credential.getName(), nonce);
				142	Block paramsTlv2 = challenge.genChallengeRequestTLV(state.status, state.challengeState->challengeStatus, params2);
				143	challenge.handleChallengeRequest(paramsTlv2, state);
				144	BOOST_CHECK_EQUAL(statusToString(state.status), statusToString(Status::FAILURE));
				145	}
				146
				147	BOOST_AUTO_TEST_SUITE_END()
				148
				149	} // namespace tests
				150	} // namespace ndncert
				151	} // namespace ndn