blob: a656c1eeb56f97eb87569ffcd581894d54dcba10 [file] [log] [blame]
tylerliuf51e3162020-12-20 19:22:59 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Davide Pesavento0dc02012021-11-23 22:55:03 -05002/*
Davide Pesavento842f1f72024-02-21 21:27:25 -05003 * Copyright (c) 2017-2024, Regents of the University of California.
tylerliuf51e3162020-12-20 19:22:59 -08004 *
5 * This file is part of ndncert, a certificate management system based on NDN.
6 *
7 * ndncert is free software: you can redistribute it and/or modify it under the terms
8 * of the GNU General Public License as published by the Free Software Foundation, either
9 * version 3 of the License, or (at your option) any later version.
10 *
11 * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License along with
16 * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
17 *
18 * See AUTHORS.md for complete list of ndncert authors and contributors.
19 */
20
21#include "challenge/challenge-possession.hpp"
Davide Pesavento0d1d11c2022-04-11 22:11:34 -040022
Davide Pesavento829aff62022-05-15 20:30:34 -040023#include "tests/boost-test.hpp"
24#include "tests/key-chain-fixture.hpp"
tylerliuf51e3162020-12-20 19:22:59 -080025
Davide Pesavento842f1f72024-02-21 21:27:25 -050026#include <ndn-cxx/security/signing-helpers.hpp>
27
Davide Pesavento0d1d11c2022-04-11 22:11:34 -040028namespace ndncert::tests {
tylerliuf51e3162020-12-20 19:22:59 -080029
Davide Pesavento829aff62022-05-15 20:30:34 -040030class ChallengePossessionFixture : public KeyChainFixture
Junxiao Shibdcf52e2022-04-24 21:49:01 +000031{
32public:
33 void
34 createTrustAnchor()
35 {
Davide Pesavento829aff62022-05-15 20:30:34 -040036 trustAnchor = m_keyChain.createIdentity("/trust").getDefaultKey().getDefaultCertificate();
Junxiao Shibdcf52e2022-04-24 21:49:01 +000037 challenge.parseConfigFile();
38 challenge.m_trustAnchors.front() = trustAnchor;
39 }
40
41 void
42 createCertificateRequest()
43 {
44 state.caPrefix = "/example";
45 state.requestId = RequestId{{101}};
46 state.requestType = RequestType::NEW;
Davide Pesavento829aff62022-05-15 20:30:34 -040047 state.cert = m_keyChain.createIdentity("/example").getDefaultKey().getDefaultCertificate();
Junxiao Shibdcf52e2022-04-24 21:49:01 +000048 }
49
50 void
51 createRequesterCredential()
52 {
Davide Pesavento829aff62022-05-15 20:30:34 -040053 auto keyB = m_keyChain.createIdentity("/trust/cert").getDefaultKey();
Junxiao Shibdcf52e2022-04-24 21:49:01 +000054 ndn::security::MakeCertificateOptions opts;
55 opts.issuerId = ndn::name::Component("Credential");
56 opts.validity.emplace(ndn::security::ValidityPeriod::makeRelative(-1_s, 1_min));
57 credential = m_keyChain.makeCertificate(keyB, signingByCertificate(trustAnchor), opts);
58 m_keyChain.addCertificate(keyB, credential);
59 }
60
61 void
62 signCertRequest()
63 {
64 auto params = challenge.getRequestedParameterList(state.status, "");
65 ChallengePossession::fulfillParameters(params, m_keyChain, credential.getName(), std::array<uint8_t, 16>{});
66 Block paramsTlv = challenge.genChallengeRequestTLV(state.status, "", params);
67 challenge.handleChallengeRequest(paramsTlv, state);
68 BOOST_CHECK_EQUAL(statusToString(state.status), statusToString(Status::CHALLENGE));
69 BOOST_REQUIRE(state.challengeState.has_value());
70 BOOST_CHECK_EQUAL(state.challengeState->challengeStatus, "need-proof");
71 }
72
73 void
74 replyFromServer(ndn::span<const uint8_t, 16> nonce)
75 {
76 auto params2 = challenge.getRequestedParameterList(state.status, state.challengeState->challengeStatus);
77 ChallengePossession::fulfillParameters(params2, m_keyChain, credential.getName(), nonce);
78 Block paramsTlv2 = challenge.genChallengeRequestTLV(state.status, state.challengeState->challengeStatus, params2);
79 challenge.handleChallengeRequest(paramsTlv2, state);
80 }
81
82public:
83 ChallengePossession challenge{"tests/unit-tests/config-files/config-challenge-possession"};
84 Certificate trustAnchor;
85 ca::RequestState state;
86 Certificate credential;
87};
88
89BOOST_FIXTURE_TEST_SUITE(TestChallengePossession, ChallengePossessionFixture)
tylerliuf51e3162020-12-20 19:22:59 -080090
91BOOST_AUTO_TEST_CASE(LoadConfig)
92{
tylerliuf51e3162020-12-20 19:22:59 -080093 BOOST_CHECK_EQUAL(challenge.CHALLENGE_TYPE, "Possession");
94
95 challenge.parseConfigFile();
96 BOOST_CHECK_EQUAL(challenge.m_trustAnchors.size(), 1);
97 auto cert = challenge.m_trustAnchors.front();
98 BOOST_CHECK_EQUAL(cert.getName(),
99 "/ndn/site1/KEY/%11%BC%22%F4c%15%FF%17/self/%FD%00%00%01Y%C8%14%D9%A5");
100}
101
102BOOST_AUTO_TEST_CASE(HandleChallengeRequest)
103{
Junxiao Shibdcf52e2022-04-24 21:49:01 +0000104 createTrustAnchor();
105 createCertificateRequest();
106 createRequesterCredential();
107 signCertRequest();
tylerliuf51e3162020-12-20 19:22:59 -0800108
Davide Pesavento0dc02012021-11-23 22:55:03 -0500109 auto nonceBuf = ndn::fromHex(state.challengeState->secrets.get("nonce", ""));
tylerliuf51e3162020-12-20 19:22:59 -0800110 std::array<uint8_t, 16> nonce{};
111 memcpy(nonce.data(), nonceBuf->data(), 16);
Junxiao Shibdcf52e2022-04-24 21:49:01 +0000112 replyFromServer(nonce);
tylerliuf51e3162020-12-20 19:22:59 -0800113 BOOST_CHECK_EQUAL(statusToString(state.status), statusToString(Status::PENDING));
114}
115
116BOOST_AUTO_TEST_CASE(HandleChallengeRequestProofFail)
117{
Junxiao Shibdcf52e2022-04-24 21:49:01 +0000118 createTrustAnchor();
119 createCertificateRequest();
120 createRequesterCredential();
121 signCertRequest();
tylerliuf51e3162020-12-20 19:22:59 -0800122
tylerliuf51e3162020-12-20 19:22:59 -0800123 std::array<uint8_t, 16> nonce{};
Junxiao Shibdcf52e2022-04-24 21:49:01 +0000124 replyFromServer(nonce);
tylerliuf51e3162020-12-20 19:22:59 -0800125 BOOST_CHECK_EQUAL(statusToString(state.status), statusToString(Status::FAILURE));
126}
127
Davide Pesavento0dc02012021-11-23 22:55:03 -0500128BOOST_AUTO_TEST_SUITE_END() // TestChallengePossession
tylerliuf51e3162020-12-20 19:22:59 -0800129
Davide Pesavento0d1d11c2022-04-11 22:11:34 -0400130} // namespace ndncert::tests