Update validation related codes to security v2
Change-Id: I5467b87092820666c04f22623f0f1665ce9a1194
diff --git a/tests/unit/daemon/db-mgr.cpp b/tests/unit/daemon/db-mgr.cpp
index 09fdc9f..4f730b9 100644
--- a/tests/unit/daemon/db-mgr.cpp
+++ b/tests/unit/daemon/db-mgr.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2014-2016, Regents of the University of California.
+/*
+ * Copyright (c) 2014-2017, Regents of the University of California.
*
* This file is part of NDNS (Named Data Networking Domain Name Service).
* See AUTHORS.md for complete list of NDNS authors and contributors.
@@ -18,11 +18,10 @@
*/
#include "daemon/db-mgr.hpp"
+#include "test-common.hpp"
#include <algorithm>
-#include "test-common.hpp"
-
namespace ndn {
namespace ndns {
namespace tests {
@@ -81,6 +80,25 @@
BOOST_CHECK_EQUAL(zone2.getId(), 0);
}
+BOOST_FIXTURE_TEST_CASE(ZoneInfo, DbMgrFixture)
+{
+ Zone zone;
+ zone.setName("/net");
+ BOOST_CHECK_NO_THROW(session.insert(zone));
+
+ Name name1 = Name("/ndn/test");
+ Name name2 = Name("/ndn/zzzzz");
+
+ BOOST_CHECK_NO_THROW(session.setZoneInfo(zone, "dsk", name1.wireEncode()));
+ BOOST_CHECK_NO_THROW(session.setZoneInfo(zone, "ksk", name2.wireEncode()));
+
+ std::map<std::string, Block> zoneInfo;
+ zoneInfo = session.getZoneInfo(zone);
+
+ BOOST_CHECK_EQUAL(Name(zoneInfo["dsk"]), name1);
+ BOOST_CHECK_EQUAL(Name(zoneInfo["ksk"]), name2);
+}
+
BOOST_FIXTURE_TEST_CASE(Rrsets, DbMgrFixture)
{
Zone zone("/net");
@@ -89,7 +107,7 @@
// Add
rrset1.setLabel("/net/ksk-123");
- rrset1.setType(name::Component("ID-CERT"));
+ rrset1.setType(name::Component("CERT"));
rrset1.setVersion(name::Component::fromVersion(567));
rrset1.setTtl(time::seconds(4600));
@@ -105,7 +123,7 @@
Rrset rrset2(&zone);
rrset2.setLabel("/net/ksk-123");
- rrset2.setType(name::Component("ID-CERT"));
+ rrset2.setType(name::Component("CERT"));
bool isFound = false;
BOOST_CHECK_NO_THROW(isFound = session.find(rrset2));
@@ -128,7 +146,7 @@
rrset2 = Rrset(&zone);
rrset2.setLabel("/net/ksk-123");
- rrset2.setType(name::Component("ID-CERT"));
+ rrset2.setType(name::Component("CERT"));
isFound = false;
BOOST_CHECK_NO_THROW(isFound = session.find(rrset2));
@@ -147,7 +165,7 @@
rrset2 = Rrset(&zone);
rrset2.setLabel("/net/ksk-123");
- rrset2.setType(name::Component("ID-CERT"));
+ rrset2.setType(name::Component("CERT"));
isFound = false;
BOOST_CHECK_NO_THROW(isFound = session.find(rrset2));
@@ -209,7 +227,7 @@
Zone zone("/");
Rrset rrset1(&zone);
rrset1.setLabel("/net/ksk-123");
- rrset1.setType(name::Component("ID-CERT"));
+ rrset1.setType(name::Component("CERT"));
rrset1.setVersion(name::Component::fromVersion(567));
rrset1.setTtl(time::seconds(4600));
diff --git a/tests/unit/daemon/name-server.cpp b/tests/unit/daemon/name-server.cpp
index 581f3e0..9391cab 100644
--- a/tests/unit/daemon/name-server.cpp
+++ b/tests/unit/daemon/name-server.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2014-2016, Regents of the University of California.
+/*
+ * Copyright (c) 2014-2017, Regents of the University of California.
*
* This file is part of NDNS (Named Data Networking Domain Name Service).
* See AUTHORS.md for complete list of NDNS authors and contributors.
@@ -25,6 +25,8 @@
#include "test-common.hpp"
#include "unit/database-test-data.hpp"
+#include <ndn-cxx/util/regex.hpp>
+
namespace ndn {
namespace ndns {
namespace tests {
@@ -36,9 +38,9 @@
public:
NameServerFixture()
: face({false, true})
- , zone(m_root.getName())
- , validator(face)
- , server(zone, m_certName, face, m_session, m_keyChain, validator)
+ , zone(m_test.getName())
+ , validator(NdnsValidatorBuilder::create(face))
+ , server(zone, m_certName, face, m_session, m_keyChain, *validator)
{
// ensure prefix is registered
run();
@@ -54,7 +56,7 @@
public:
ndn::util::DummyClientFace face;
const Name& zone;
- Validator validator;
+ unique_ptr<security::v2::Validator> validator;
ndns::NameServer server;
};
@@ -118,7 +120,9 @@
BOOST_CHECK_EQUAL(resp.getContentType(), NDNS_KEY);
});
- q.setRrLabel("dsk-1");
+ Response certResp;
+ certResp.fromData(zone, m_cert);
+ q.setRrLabel(certResp.getRrLabel());
face.receive(q.toInterest());
run();
@@ -126,7 +130,7 @@
BOOST_CHECK_EQUAL(nDataBack, 2);
// explicit interest with correct version
- face.receive(Interest("/test19/KEY/dsk-1/ID-CERT/%FDd"));
+ face.receive(Interest(m_cert.getName()));
face.onSendData.connectSingleShot([&] (const Data& data) {
++nDataBack;
@@ -140,7 +144,9 @@
BOOST_CHECK_EQUAL(nDataBack, 3);
// explicit interest with wrong version
- face.receive(Interest("/test19/KEY/dsk-1/ID-CERT/%FD010101010"));
+ Name wrongName = m_cert.getName().getPrefix(-1);
+ wrongName.appendVersion();
+ face.receive(Interest(wrongName));
face.onSendData.connectSingleShot([&] (const Data& data) {
++nDataBack;
@@ -169,7 +175,7 @@
re.addRr(makeBinaryBlock(ndns::tlv::RrData, str.c_str(), str.size()));
shared_ptr<Data> data = re.toData();
- m_keyChain.sign(*data, m_certName);
+ m_keyChain.sign(*data, security::signingByCertificate(m_cert));
Query q(Name(zone), ndns::label::NDNS_ITERATIVE_QUERY);
const Block& block = data->wireEncode();
@@ -199,7 +205,6 @@
ret = readNonNegativeInteger(*val);
BOOST_CHECK_EQUAL(ret, 0);
});
-
face.receive(q.toInterest());
run();
@@ -221,7 +226,7 @@
re.addRr(makeBinaryBlock(ndns::tlv::RrData, str.c_str(), str.size()));
shared_ptr<Data> data = re.toData();
- m_keyChain.sign(*data, m_certName);
+ m_keyChain.sign(*data, security::signingByCertificate(m_cert));
Query q(Name(zone), ndns::label::NDNS_ITERATIVE_QUERY);
const Block& block = data->wireEncode();
@@ -260,29 +265,38 @@
BOOST_AUTO_TEST_CASE(UpdateValidatorCannotFetchCert)
{
- Name dskName = m_keyChain.generateRsaKeyPair(TEST_IDENTITY_NAME, false);
- std::vector<CertificateSubjectDescription> desc;
- time::system_clock::TimePoint notBefore = time::system_clock::now();
- time::system_clock::TimePoint notAfter = notBefore + time::days(365);
- shared_ptr<IdentityCertificate> dskCert =
- m_keyChain.prepareUnsignedIdentityCertificate(dskName, m_certName,
- notBefore, notAfter, desc);
+ Identity zoneIdentity = m_keyChain.createIdentity(TEST_IDENTITY_NAME);
+ Key dsk = m_keyChain.createKey(zoneIdentity);
- m_keyChain.sign(*dskCert, m_certName);
- m_keyChain.addCertificateAsKeyDefault(*dskCert);
- NDNS_LOG_TRACE("KeyChain: add cert: " << dskCert->getName() << ". KeyLocator: "
- << dskCert->getSignature().getKeyLocator().getName());
+ Name dskCertName = dsk.getName();
+ dskCertName
+ .append("CERT")
+ .appendVersion();
+ Certificate dskCert;
+ dskCert.setName(dskCertName);
+ dskCert.setContentType(ndn::tlv::ContentType_Key);
+ dskCert.setFreshnessPeriod(time::hours(1));
+ dskCert.setContent(dsk.getPublicKey().data(), dsk.getPublicKey().size());
+ SignatureInfo info;
+ info.setValidityPeriod(security::ValidityPeriod(time::system_clock::now(),
+ time::system_clock::now() + time::days(365)));
- Rrset rrset(&m_root);
- Name label = dskCert->getName().getPrefix(-2).getSubName(m_root.getName().size() + 1);
+ m_keyChain.sign(dskCert, security::signingByCertificate(m_cert));
+ m_keyChain.setDefaultCertificate(dsk, dskCert);
+
+ NDNS_LOG_TRACE("KeyChain: add cert: " << dskCert.getName() << ". KeyLocator: "
+ << dskCert.getSignature().getKeyLocator().getName());
+
+ Rrset rrset(&m_test);
+ Name label = dskCert.getName().getPrefix(-2).getSubName(m_test.getName().size() + 1);
rrset.setLabel(label);
rrset.setType(label::CERT_RR_TYPE);
- rrset.setVersion(dskCert->getName().get(-1));
- rrset.setTtl(m_root.getTtl());
- rrset.setData(dskCert->wireEncode());
+ rrset.setVersion(dskCert.getName().get(-1));
+ rrset.setTtl(m_test.getTtl());
+ rrset.setData(dskCert.wireEncode());
m_session.insert(rrset);
- NDNS_LOG_TRACE("DB: zone " << m_root << " add a ID-CERT RR with name="
- << dskCert->getName() << " rrLabel=" << label);
+ NDNS_LOG_TRACE("DB: zone " << m_test << " add a CERT RR with name="
+ << dskCert.getName() << " rrLabel=" << label);
Response re;
re.setZone(zone);
@@ -297,7 +311,7 @@
re.addRr(makeBinaryBlock(ndns::tlv::RrData, str.c_str(), str.size()));
shared_ptr<Data> data = re.toData();
- m_keyChain.sign(*data, dskCert->getName());
+ m_keyChain.sign(*data, security::signingByCertificate(dskCert));
Query q(Name(zone), ndns::label::NDNS_ITERATIVE_QUERY);
const Block& block = data->wireEncode();
@@ -327,9 +341,9 @@
NameServerFixture2()
: face(io, m_keyChain, {false, true})
, validatorFace(io, m_keyChain, {false, true})
- , zone(m_root.getName())
- , validator(validatorFace) // different face for validator
- , server(zone, m_certName, face, m_session, m_keyChain, validator)
+ , zone(m_test.getName())
+ , validator(NdnsValidatorBuilder::create(validatorFace)) // different face for validator
+ , server(zone, m_certName, face, m_session, m_keyChain, *validator)
{
// ensure prefix is registered
run();
@@ -356,36 +370,12 @@
ndn::util::DummyClientFace face;
ndn::util::DummyClientFace validatorFace;
const Name& zone;
- Validator validator;
+ unique_ptr<security::v2::Validator> validator;
ndns::NameServer server;
};
BOOST_FIXTURE_TEST_CASE(UpdateValidatorFetchCert, NameServerFixture2)
{
- Name dskName = m_keyChain.generateRsaKeyPair(TEST_IDENTITY_NAME, false);
- std::vector<CertificateSubjectDescription> desc;
- time::system_clock::TimePoint notBefore = time::system_clock::now();
- time::system_clock::TimePoint notAfter = notBefore + time::days(365);
- shared_ptr<IdentityCertificate> dskCert =
- m_keyChain.prepareUnsignedIdentityCertificate(dskName, m_certName,
- notBefore, notAfter, desc);
-
- m_keyChain.sign(*dskCert, m_certName);
- m_keyChain.addCertificateAsKeyDefault(*dskCert);
- NDNS_LOG_TRACE("KeyChain: add cert: " << dskCert->getName() << ". KeyLocator: "
- << dskCert->getSignature().getKeyLocator().getName());
-
- Rrset rrset(&m_root);
- Name label = dskCert->getName().getPrefix(-2).getSubName(m_root.getName().size() + 1);
- rrset.setLabel(label);
- rrset.setType(label::CERT_RR_TYPE);
- rrset.setVersion(dskCert->getName().get(-1));
- rrset.setTtl(m_root.getTtl());
- rrset.setData(dskCert->wireEncode());
- m_session.insert(rrset);
- NDNS_LOG_TRACE("DB: zone " << m_root << " add a ID-CERT RR with name="
- << dskCert->getName() << " rrLabel=" << label);
-
Response re;
re.setZone(zone);
re.setQueryType(label::NDNS_ITERATIVE_QUERY);
@@ -399,7 +389,7 @@
re.addRr(makeBinaryBlock(ndns::tlv::RrData, str.c_str(), str.size()));
shared_ptr<Data> data = re.toData();
- m_keyChain.sign(*data, dskCert->getName());
+ m_keyChain.sign(*data, security::signingByCertificate(m_cert));
Query q(Name(zone), ndns::label::NDNS_ITERATIVE_QUERY);
const Block& block = data->wireEncode();
@@ -411,7 +401,7 @@
bool hasDataBack = false;
- shared_ptr<Regex> regex = make_shared<Regex>("(<>*)<KEY>(<>+)<ID-CERT><>");
+ shared_ptr<Regex> regex = make_shared<Regex>("(<>*)<NDNS><KEY>(<>+)<CERT><>");
face.onSendData.connect([&] (const Data& data) {
if (regex->match(data.getName())) {
shared_ptr<const Data> d = data.shared_from_this();
diff --git a/tests/unit/daemon/rrset-factory.cpp b/tests/unit/daemon/rrset-factory.cpp
index 39476ec..5e71a47 100644
--- a/tests/unit/daemon/rrset-factory.cpp
+++ b/tests/unit/daemon/rrset-factory.cpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2014-2017, Regents of the University of California.
*
* This file is part of NDNS (Named Data Networking Domain Name Service).
@@ -23,7 +23,7 @@
#include "mgmt/management-tool.hpp"
#include <boost/lexical_cast.hpp>
-#include <ndn-cxx/security/validator.hpp>
+#include <ndn-cxx/security/verification-helpers.hpp>
namespace ndn {
namespace ndns {
@@ -46,9 +46,12 @@
zone1.setTtl(time::seconds(4600));
BOOST_CHECK_NO_THROW(m_session.insert(zone1));
- this->addIdentity(TEST_IDENTITY_NAME);
- m_certName = m_keyChain.getDefaultCertificateNameForIdentity(TEST_IDENTITY_NAME);
- ndn::io::save(*(m_keyChain.getCertificate(m_certName)), TEST_CERT.string());
+ Name identityName = Name(TEST_IDENTITY_NAME).append("NDNS");
+
+ m_identity = this->addIdentity(identityName);
+ m_cert = m_identity.getDefaultKey().getDefaultCertificate();
+ m_certName = m_cert.getName();
+ saveIdentityCertificate(m_identity, TEST_CERT.string());
NDNS_LOG_INFO("save test root cert " << m_certName << " to: " << TEST_CERT.string());
BOOST_CHECK_GT(m_certName.size(), 0);
@@ -70,6 +73,8 @@
ndns::DbMgr m_session;
Name m_zoneName;
Name m_certName;
+ Identity m_identity;
+ Certificate m_cert;
};
BOOST_FIXTURE_TEST_SUITE(RrsetFactoryTest, RrsetFactoryFixture)
@@ -82,7 +87,7 @@
// cert throws check: !matchCertificate
RrsetFactory rf2(TEST_DATABASE2, m_zoneName, m_keyChain, "wrongCert");
- BOOST_CHECK_THROW(rf2.checkZoneKey(), ndns::RrsetFactory::Error);
+ BOOST_CHECK_THROW(rf2.checkZoneKey(), std::runtime_error);
RrsetFactory rf3(TEST_DATABASE2, m_zoneName, m_keyChain, m_certName);
BOOST_CHECK_NO_THROW(rf3.checkZoneKey());
@@ -100,14 +105,14 @@
RrsetFactory rf(TEST_DATABASE2, m_zoneName, m_keyChain, m_certName);
// rf without checkZoneKey: throw.
- ndn::Link::DelegationSet delegations;
+ ndn::DelegationList delegations;
BOOST_CHECK_THROW(rf.generateNsRrset(label, type, version, ttl, delegations),
ndns::RrsetFactory::Error);
rf.checkZoneKey();
for (int i = 1; i <= 4; i++) {
Name name("/delegation/" + std::to_string(i));
- delegations.insert(std::pair<uint32_t, Name>(i, name));
+ delegations.insert(i, name);
}
Rrset rrset = rf.generateNsRrset(label, type, version, ttl, delegations);
@@ -126,10 +131,10 @@
BOOST_CHECK_EQUAL(link.getName(), linkName);
BOOST_CHECK_EQUAL(link.getContentType(), NDNS_LINK);
- BOOST_CHECK(link.getDelegations() == delegations);
+ BOOST_CHECK(link.getDelegationList() == delegations);
- shared_ptr<IdentityCertificate> cert = m_keyChain.getCertificate(m_certName);
- BOOST_CHECK_EQUAL(Validator::verifySignature(link, cert->getPublicKeyInfo()), true);
+ // BOOST_CHECK_EQUAL(Validator::verifySignature(link, m_cert.getPublicKeyInfo()), true);
+ security::verifySignature(link, m_cert);
}
BOOST_AUTO_TEST_CASE(GenerateTxtRrset)
@@ -177,8 +182,9 @@
BOOST_CHECK(txts == RrsetFactory::wireDecodeTxt(data.getContent()));
- shared_ptr<IdentityCertificate> cert = m_keyChain.getCertificate(m_certName);
- BOOST_CHECK(Validator::verifySignature(data, cert->getPublicKeyInfo()));
+ // shared_ptr<IdentityCertificate> cert = m_keyChain.getCertificate(m_certName);
+ // BOOST_CHECK(Validator::verifySignature(data, cert->getPublicKeyInfo()));
+ security::verifySignature(data, m_cert);
}
BOOST_AUTO_TEST_SUITE_END()