tylerliu | f51e316 | 2020-12-20 19:22:59 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
Davide Pesavento | 0dc0201 | 2021-11-23 22:55:03 -0500 | [diff] [blame] | 2 | /* |
Davide Pesavento | 842f1f7 | 2024-02-21 21:27:25 -0500 | [diff] [blame] | 3 | * Copyright (c) 2017-2024, Regents of the University of California. |
tylerliu | f51e316 | 2020-12-20 19:22:59 -0800 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndncert, a certificate management system based on NDN. |
| 6 | * |
| 7 | * ndncert is free software: you can redistribute it and/or modify it under the terms |
| 8 | * of the GNU General Public License as published by the Free Software Foundation, either |
| 9 | * version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License along with |
| 16 | * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>. |
| 17 | * |
| 18 | * See AUTHORS.md for complete list of ndncert authors and contributors. |
| 19 | */ |
| 20 | |
| 21 | #include "challenge/challenge-possession.hpp" |
Davide Pesavento | 0d1d11c | 2022-04-11 22:11:34 -0400 | [diff] [blame] | 22 | |
Davide Pesavento | 829aff6 | 2022-05-15 20:30:34 -0400 | [diff] [blame] | 23 | #include "tests/boost-test.hpp" |
| 24 | #include "tests/key-chain-fixture.hpp" |
tylerliu | f51e316 | 2020-12-20 19:22:59 -0800 | [diff] [blame] | 25 | |
Davide Pesavento | 842f1f7 | 2024-02-21 21:27:25 -0500 | [diff] [blame] | 26 | #include <ndn-cxx/security/signing-helpers.hpp> |
| 27 | |
Davide Pesavento | 0d1d11c | 2022-04-11 22:11:34 -0400 | [diff] [blame] | 28 | namespace ndncert::tests { |
tylerliu | f51e316 | 2020-12-20 19:22:59 -0800 | [diff] [blame] | 29 | |
Davide Pesavento | 829aff6 | 2022-05-15 20:30:34 -0400 | [diff] [blame] | 30 | class ChallengePossessionFixture : public KeyChainFixture |
Junxiao Shi | bdcf52e | 2022-04-24 21:49:01 +0000 | [diff] [blame] | 31 | { |
| 32 | public: |
| 33 | void |
| 34 | createTrustAnchor() |
| 35 | { |
Davide Pesavento | 829aff6 | 2022-05-15 20:30:34 -0400 | [diff] [blame] | 36 | trustAnchor = m_keyChain.createIdentity("/trust").getDefaultKey().getDefaultCertificate(); |
Junxiao Shi | bdcf52e | 2022-04-24 21:49:01 +0000 | [diff] [blame] | 37 | challenge.parseConfigFile(); |
| 38 | challenge.m_trustAnchors.front() = trustAnchor; |
| 39 | } |
| 40 | |
| 41 | void |
| 42 | createCertificateRequest() |
| 43 | { |
| 44 | state.caPrefix = "/example"; |
| 45 | state.requestId = RequestId{{101}}; |
| 46 | state.requestType = RequestType::NEW; |
Davide Pesavento | 829aff6 | 2022-05-15 20:30:34 -0400 | [diff] [blame] | 47 | state.cert = m_keyChain.createIdentity("/example").getDefaultKey().getDefaultCertificate(); |
Junxiao Shi | bdcf52e | 2022-04-24 21:49:01 +0000 | [diff] [blame] | 48 | } |
| 49 | |
| 50 | void |
| 51 | createRequesterCredential() |
| 52 | { |
Davide Pesavento | 829aff6 | 2022-05-15 20:30:34 -0400 | [diff] [blame] | 53 | auto keyB = m_keyChain.createIdentity("/trust/cert").getDefaultKey(); |
Junxiao Shi | bdcf52e | 2022-04-24 21:49:01 +0000 | [diff] [blame] | 54 | ndn::security::MakeCertificateOptions opts; |
| 55 | opts.issuerId = ndn::name::Component("Credential"); |
| 56 | opts.validity.emplace(ndn::security::ValidityPeriod::makeRelative(-1_s, 1_min)); |
| 57 | credential = m_keyChain.makeCertificate(keyB, signingByCertificate(trustAnchor), opts); |
| 58 | m_keyChain.addCertificate(keyB, credential); |
| 59 | } |
| 60 | |
| 61 | void |
| 62 | signCertRequest() |
| 63 | { |
| 64 | auto params = challenge.getRequestedParameterList(state.status, ""); |
| 65 | ChallengePossession::fulfillParameters(params, m_keyChain, credential.getName(), std::array<uint8_t, 16>{}); |
| 66 | Block paramsTlv = challenge.genChallengeRequestTLV(state.status, "", params); |
| 67 | challenge.handleChallengeRequest(paramsTlv, state); |
| 68 | BOOST_CHECK_EQUAL(statusToString(state.status), statusToString(Status::CHALLENGE)); |
| 69 | BOOST_REQUIRE(state.challengeState.has_value()); |
| 70 | BOOST_CHECK_EQUAL(state.challengeState->challengeStatus, "need-proof"); |
| 71 | } |
| 72 | |
| 73 | void |
| 74 | replyFromServer(ndn::span<const uint8_t, 16> nonce) |
| 75 | { |
| 76 | auto params2 = challenge.getRequestedParameterList(state.status, state.challengeState->challengeStatus); |
| 77 | ChallengePossession::fulfillParameters(params2, m_keyChain, credential.getName(), nonce); |
| 78 | Block paramsTlv2 = challenge.genChallengeRequestTLV(state.status, state.challengeState->challengeStatus, params2); |
| 79 | challenge.handleChallengeRequest(paramsTlv2, state); |
| 80 | } |
| 81 | |
| 82 | public: |
| 83 | ChallengePossession challenge{"tests/unit-tests/config-files/config-challenge-possession"}; |
| 84 | Certificate trustAnchor; |
| 85 | ca::RequestState state; |
| 86 | Certificate credential; |
| 87 | }; |
| 88 | |
| 89 | BOOST_FIXTURE_TEST_SUITE(TestChallengePossession, ChallengePossessionFixture) |
tylerliu | f51e316 | 2020-12-20 19:22:59 -0800 | [diff] [blame] | 90 | |
| 91 | BOOST_AUTO_TEST_CASE(LoadConfig) |
| 92 | { |
tylerliu | f51e316 | 2020-12-20 19:22:59 -0800 | [diff] [blame] | 93 | BOOST_CHECK_EQUAL(challenge.CHALLENGE_TYPE, "Possession"); |
| 94 | |
| 95 | challenge.parseConfigFile(); |
| 96 | BOOST_CHECK_EQUAL(challenge.m_trustAnchors.size(), 1); |
| 97 | auto cert = challenge.m_trustAnchors.front(); |
| 98 | BOOST_CHECK_EQUAL(cert.getName(), |
| 99 | "/ndn/site1/KEY/%11%BC%22%F4c%15%FF%17/self/%FD%00%00%01Y%C8%14%D9%A5"); |
| 100 | } |
| 101 | |
| 102 | BOOST_AUTO_TEST_CASE(HandleChallengeRequest) |
| 103 | { |
Junxiao Shi | bdcf52e | 2022-04-24 21:49:01 +0000 | [diff] [blame] | 104 | createTrustAnchor(); |
| 105 | createCertificateRequest(); |
| 106 | createRequesterCredential(); |
| 107 | signCertRequest(); |
tylerliu | f51e316 | 2020-12-20 19:22:59 -0800 | [diff] [blame] | 108 | |
Davide Pesavento | 0dc0201 | 2021-11-23 22:55:03 -0500 | [diff] [blame] | 109 | auto nonceBuf = ndn::fromHex(state.challengeState->secrets.get("nonce", "")); |
tylerliu | f51e316 | 2020-12-20 19:22:59 -0800 | [diff] [blame] | 110 | std::array<uint8_t, 16> nonce{}; |
| 111 | memcpy(nonce.data(), nonceBuf->data(), 16); |
Junxiao Shi | bdcf52e | 2022-04-24 21:49:01 +0000 | [diff] [blame] | 112 | replyFromServer(nonce); |
tylerliu | f51e316 | 2020-12-20 19:22:59 -0800 | [diff] [blame] | 113 | BOOST_CHECK_EQUAL(statusToString(state.status), statusToString(Status::PENDING)); |
| 114 | } |
| 115 | |
| 116 | BOOST_AUTO_TEST_CASE(HandleChallengeRequestProofFail) |
| 117 | { |
Junxiao Shi | bdcf52e | 2022-04-24 21:49:01 +0000 | [diff] [blame] | 118 | createTrustAnchor(); |
| 119 | createCertificateRequest(); |
| 120 | createRequesterCredential(); |
| 121 | signCertRequest(); |
tylerliu | f51e316 | 2020-12-20 19:22:59 -0800 | [diff] [blame] | 122 | |
tylerliu | f51e316 | 2020-12-20 19:22:59 -0800 | [diff] [blame] | 123 | std::array<uint8_t, 16> nonce{}; |
Junxiao Shi | bdcf52e | 2022-04-24 21:49:01 +0000 | [diff] [blame] | 124 | replyFromServer(nonce); |
tylerliu | f51e316 | 2020-12-20 19:22:59 -0800 | [diff] [blame] | 125 | BOOST_CHECK_EQUAL(statusToString(state.status), statusToString(Status::FAILURE)); |
| 126 | } |
| 127 | |
Davide Pesavento | 0dc0201 | 2021-11-23 22:55:03 -0500 | [diff] [blame] | 128 | BOOST_AUTO_TEST_SUITE_END() // TestChallengePossession |
tylerliu | f51e316 | 2020-12-20 19:22:59 -0800 | [diff] [blame] | 129 | |
Davide Pesavento | 0d1d11c | 2022-04-11 22:11:34 -0400 | [diff] [blame] | 130 | } // namespace ndncert::tests |