Add certificate fetcher of ndns-appcert and ndns-cert

Validators are updated accordingly

Change-Id: Ibdee00b8f20243448a2ba3011ca87f85ce1ea516
diff --git a/tests/dummy-forwarder.cpp b/tests/dummy-forwarder.cpp
new file mode 100644
index 0000000..61526cb
--- /dev/null
+++ b/tests/dummy-forwarder.cpp
@@ -0,0 +1,79 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2017,  Regents of the University of California,
+ *                           Arizona Board of Regents,
+ *                           Colorado State University,
+ *                           University Pierre & Marie Curie, Sorbonne University,
+ *                           Washington University in St. Louis,
+ *                           Beijing Institute of Technology,
+ *                           The University of Memphis.
+ *
+ * This file is part of NDNS (Named Data Networking Domain Name Service) and is
+ * based on the code written as part of NFD (Named Data Networking Daemon).
+ * See AUTHORS.md for complete list of NDNS authors and contributors.
+ *
+ * NDNS is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE.  See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * NDNS, e.g., in COPYING.md file.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "dummy-forwarder.hpp"
+
+#include <boost/asio/io_service.hpp>
+
+namespace ndn {
+namespace ndns {
+namespace tests {
+
+DummyForwarder::DummyForwarder(boost::asio::io_service& io, KeyChain& keyChain)
+  : m_io(io)
+  , m_keyChain(keyChain)
+{
+}
+
+Face&
+DummyForwarder::addFace()
+{
+  auto face = std::make_shared<util::DummyClientFace>(m_io, m_keyChain, util::
+                                                      DummyClientFace::Options{true, true});
+  face->onSendInterest.connect([this, face] (const Interest& interest) {
+      for (auto& otherFace : m_faces) {
+        if (&*face == &*otherFace) {
+          continue;
+        }
+        otherFace->receive(interest);
+      }
+    });
+
+  face->onSendData.connect([this, face] (const Data& data) {
+      for (auto& otherFace : m_faces) {
+        if (&*face == &*otherFace) {
+          continue;
+        }
+        otherFace->receive(data);
+      }
+    });
+
+  face->onSendNack.connect([this, face] (const lp::Nack& nack) {
+      for (auto& otherFace : m_faces) {
+        if (&*face == &*otherFace) {
+          continue;
+        }
+        otherFace->receive(nack);
+      }
+    });
+
+  m_faces.push_back(face);
+  return *face;
+}
+
+} // namespace tests
+} // namespace ndns
+} // namespace ndn
diff --git a/tests/dummy-forwarder.hpp b/tests/dummy-forwarder.hpp
new file mode 100644
index 0000000..481d257
--- /dev/null
+++ b/tests/dummy-forwarder.hpp
@@ -0,0 +1,70 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2017,  Regents of the University of California,
+ *                           Arizona Board of Regents,
+ *                           Colorado State University,
+ *                           University Pierre & Marie Curie, Sorbonne University,
+ *                           Washington University in St. Louis,
+ *                           Beijing Institute of Technology,
+ *                           The University of Memphis.
+ *
+ * This file is part of NDNS (Named Data Networking Domain Name Service) and is
+ * based on the code written as part of NFD (Named Data Networking Daemon).
+ * See AUTHORS.md for complete list of NDNS authors and contributors.
+ *
+ * NDNS is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE.  See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * NDNS, e.g., in COPYING.md file.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <ndn-cxx/interest.hpp>
+#include <ndn-cxx/data.hpp>
+#include <ndn-cxx/lp/nack.hpp>
+#include <ndn-cxx/util/dummy-client-face.hpp>
+#include <ndn-cxx/security/key-chain.hpp>
+
+#ifndef NDNS_TESTS_TEST_DUMMY_FORWARDER_HPP
+#define NDNS_TESTS_TEST_DUMMY_FORWARDER_HPP
+
+namespace ndn {
+namespace ndns {
+namespace tests {
+
+/**
+ * @brief Very basic implementation of the dummy forwarder
+ *
+ * Interests expressed by any added face, will be forwarded to all other faces.
+ * Similarly, any pushed data, will be pushed to all other faces.
+ */
+class DummyForwarder
+{
+public:
+  DummyForwarder(boost::asio::io_service& io, KeyChain& keyChain);
+
+  Face&
+  addFace();
+
+  Face&
+  getFace(size_t nFace)
+  {
+    return *m_faces.at(nFace);
+  }
+
+private:
+  boost::asio::io_service& m_io;
+  KeyChain& m_keyChain;
+  std::vector<shared_ptr<util::DummyClientFace>> m_faces;
+};
+
+} // namespace tests
+} // namespace ndns
+} // namespace ndn
+
+#endif // NDNS_TESTS_TEST_DUMMY_FORWARDER_HPP
diff --git a/tests/unit/daemon/name-server.cpp b/tests/unit/daemon/name-server.cpp
index 707ff95..a8dbd3b 100644
--- a/tests/unit/daemon/name-server.cpp
+++ b/tests/unit/daemon/name-server.cpp
@@ -44,6 +44,7 @@
   {
     // ensure prefix is registered
     run();
+    advanceClocks(time::milliseconds(10), 1);
   }
 
   void
diff --git a/tests/unit/database-test-data.cpp b/tests/unit/database-test-data.cpp
index ea55948..92865d4 100644
--- a/tests/unit/database-test-data.cpp
+++ b/tests/unit/database-test-data.cpp
@@ -43,7 +43,10 @@
 }
 
 DbTestData::DbTestData()
-  : m_session(TEST_DATABASE.string())
+  : m_session(TEST_DATABASE.string()),
+    m_testName("/test19"),
+    m_netName("/test19/net"),
+    m_ndnsimName("/test19/net/ndnsim")
 {
   NDNS_LOG_TRACE("start creating test data");
 
@@ -63,13 +66,13 @@
                           true);
   };
 
-  Name testName(TEST_IDENTITY_NAME);
+  Name testName(m_testName);
   m_test = tool.createZone(testName, ROOT_ZONE);
   // m_test's DKEY is not added to parent zone
-  Name netName = Name(testName).append("net");
+  Name netName(m_netName);
   m_net = tool.createZone(netName, testName);
   addDkeyCertToParent(m_net, m_test);
-  Name ndnsimName = Name(netName).append("ndnsim");
+  Name ndnsimName(m_ndnsimName);
   m_ndnsim = tool.createZone(ndnsimName, netName);
   addDkeyCertToParent(m_ndnsim, m_net);
 
diff --git a/tests/unit/database-test-data.hpp b/tests/unit/database-test-data.hpp
index 0db768c..f1ff278 100644
--- a/tests/unit/database-test-data.hpp
+++ b/tests/unit/database-test-data.hpp
@@ -31,7 +31,7 @@
 namespace ndns {
 namespace tests {
 
-class DbTestData : public IdentityManagementFixture
+class DbTestData : public IdentityManagementFixture, public UnitTestTimeFixture
 {
 public:
   static const boost::filesystem::path TEST_DATABASE;
@@ -48,6 +48,7 @@
   addRrset(Zone& zone, const Name& label, const name::Component& type,
            const time::seconds& ttl, const name::Component& version,
            const name::Component& qType, NdnsContentType contentType, const std::string& msg);
+
 public:
   class PreviousStateCleaner
   {
@@ -65,8 +66,16 @@
   Zone m_net;
   Zone m_ndnsim;
   DbMgr m_session;
+
+  // test zone identity
   Identity m_identity;
+
+  // test zone dsk
   Certificate m_cert;
+
+  Name m_testName;
+  Name m_netName;
+  Name m_ndnsimName;
 };
 
 } // namespace tests
diff --git a/tests/unit/mgmt/management-tool.cpp b/tests/unit/mgmt/management-tool.cpp
index 72e079d..f0a6c7d 100644
--- a/tests/unit/mgmt/management-tool.cpp
+++ b/tests/unit/mgmt/management-tool.cpp
@@ -564,9 +564,6 @@
   BOOST_CHECK_NO_THROW(m_tool.addRrset(rrset1));
   Rrset rrset2 = findRrSet(zone, "/l1", label::NS_RR_TYPE);
   BOOST_CHECK_EQUAL(rrset1, rrset2);
-
-  Rrset rrset3 = rf.generateNsRrset("/l1/l2/l3", 7654, ttl2, DelegationList());
-  BOOST_CHECK_THROW(m_tool.addRrset(rrset3), ndns::ManagementTool::Error);
 }
 
 BOOST_AUTO_TEST_CASE(AddMultiLevelLabelRrset)
diff --git a/tests/unit/validator/certificate-fetcher-ndns-app-cert.cpp b/tests/unit/validator/certificate-fetcher-ndns-app-cert.cpp
new file mode 100644
index 0000000..2efe67c
--- /dev/null
+++ b/tests/unit/validator/certificate-fetcher-ndns-app-cert.cpp
@@ -0,0 +1,142 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2017, Regents of the University of California.
+ *
+ * This file is part of NDNS (Named Data Networking Domain Name Service).
+ * See AUTHORS.md for complete list of NDNS authors and contributors.
+ *
+ * NDNS is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE.  See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * NDNS, e.g., in COPYING.md file.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "validator/validator.hpp"
+#include "validator/certificate-fetcher-ndns-appcert.hpp"
+#include "ndns-label.hpp"
+#include "util/cert-helper.hpp"
+#include "daemon/name-server.hpp"
+#include "daemon/rrset-factory.hpp"
+#include "mgmt/management-tool.hpp"
+
+#include "test-common.hpp"
+#include "dummy-forwarder.hpp"
+#include "unit/database-test-data.hpp"
+
+#include <ndn-cxx/util/io.hpp>
+#include <ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp>
+
+namespace ndn {
+namespace ndns {
+namespace tests {
+
+NDNS_LOG_INIT("AppCertFetcher")
+
+BOOST_AUTO_TEST_SUITE(AppCertFetcher)
+
+unique_ptr<security::v2::Validator>
+CreateValidatorAppCert(Face& face)
+{
+  return make_unique<security::v2::Validator>(make_unique<::ndn::security::v2::ValidationPolicySimpleHierarchy>(),
+                                              make_unique<CertificateFetcherAppCert>(face));
+}
+
+class AppCertFetcherFixture : public DbTestData
+{
+public:
+  AppCertFetcherFixture()
+    : m_forwarder(m_io, m_keyChain)
+    , m_face(m_forwarder.addFace())
+    , m_validator(CreateValidatorAppCert(m_face))
+  {
+    // build the data and certificate for this test
+    buildAppCertAndData();
+
+    auto validatorOnlyForConstructServer = NdnsValidatorBuilder::create(m_face, 10, 0, TEST_CONFIG_PATH "/" "validator.conf");
+    // initlize all servers
+    auto addServer = [&] (const Name& zoneName) {
+      Face& face = m_forwarder.addFace();
+      // validator is used only for check update signature
+      // no updates tested here, so validator will not be used
+      // passing m_validator is only for construct server
+      Name certName = CertHelper::getDefaultCertificateNameOfIdentity(m_keyChain,
+                                                           Name(zoneName).append("NDNS"));
+      auto server = make_shared<NameServer>(zoneName, certName, face,
+                                            m_session, m_keyChain, *validatorOnlyForConstructServer);
+      m_servers.push_back(server);
+    };
+    addServer(m_testName);
+    addServer(m_netName);
+    addServer(m_ndnsimName);
+    advanceClocks(time::milliseconds(10), 1);
+  }
+
+  ~AppCertFetcherFixture()
+  {
+    m_face.getIoService().stop();
+    m_face.shutdown();
+  }
+
+private:
+  void
+  buildAppCertAndData()
+  {
+    // create NDNS-stored certificate and the signed data
+    Identity ndnsimIdentity = addIdentity(m_ndnsimName);
+    Key randomKey = m_keyChain.createKey(ndnsimIdentity);
+    Certificate ndnsStoredAppCert = randomKey.getDefaultCertificate();
+    RrsetFactory rf(TEST_DATABASE.string(), m_ndnsimName, m_keyChain,
+                    CertHelper::getIdentity(m_keyChain, Name(m_ndnsimName).append(label::NDNS_ITERATIVE_QUERY))
+                                                                          .getDefaultKey()
+                                                                          .getDefaultCertificate()
+                                                                          .getName());
+    rf.onlyCheckZone();
+    Rrset appCertRrset = rf.generateCertRrset(randomKey.getName().getSubName(-2),
+                                              VERSION_USE_UNIX_TIMESTAMP, DEFAULT_RR_TTL,
+                                              ndnsStoredAppCert);
+    ManagementTool tool(TEST_DATABASE.string(), m_keyChain);
+    tool.addRrset(appCertRrset);
+
+    m_appCertSignedData = Data(Name(m_ndnsimName).append("randomData"));
+    m_keyChain.sign(m_appCertSignedData, signingByCertificate(ndnsStoredAppCert));
+
+    // load this certificate as the trust anchor
+    m_validator->loadAnchor("", std::move(ndnsStoredAppCert));
+  }
+
+public:
+  DummyForwarder m_forwarder;
+  ndn::Face& m_face;
+  unique_ptr<security::v2::Validator> m_validator;
+  std::vector<shared_ptr<ndns::NameServer>> m_servers;
+  Data m_appCertSignedData;
+};
+
+
+BOOST_FIXTURE_TEST_CASE(Basic, AppCertFetcherFixture)
+{
+  bool hasValidated = false;
+  m_validator->validate(m_appCertSignedData,
+                       [&] (const Data& data) {
+                         hasValidated = true;
+                         BOOST_CHECK(true);
+                       },
+                       [&] (const Data& data, const security::v2::ValidationError& str) {
+                         hasValidated = true;
+                         BOOST_CHECK(false);
+                       });
+  advanceClocks(time::milliseconds(10), 1000);
+  BOOST_CHECK_EQUAL(hasValidated, true);
+}
+
+BOOST_AUTO_TEST_SUITE_END()
+
+} // namespace tests
+} // namespace ndns
+} // namespace ndn
diff --git a/tests/unit/validator/validator.cpp b/tests/unit/validator/validator.cpp
index 54d1dd8..3434916 100644
--- a/tests/unit/validator/validator.cpp
+++ b/tests/unit/validator/validator.cpp
@@ -18,9 +18,13 @@
  */
 
 #include "validator/validator.hpp"
+#include "ndns-label.hpp"
+#include "util/cert-helper.hpp"
+#include "daemon/name-server.hpp"
 
 #include "test-common.hpp"
-#include "util/cert-helper.hpp"
+#include "dummy-forwarder.hpp"
+#include "unit/database-test-data.hpp"
 
 #include <ndn-cxx/util/io.hpp>
 
@@ -32,179 +36,135 @@
 
 BOOST_AUTO_TEST_SUITE(Validator)
 
-class Fixture : public IdentityManagementFixture
+class ValidatorTestFixture : public DbTestData
 {
 public:
-  Fixture()
-    : m_testId1("/test02")
-    , m_testId2("/test02/ndn")
-    , m_testId3("/test02/ndn/edu")
-    , m_randomId("/test03")
-    , m_face(m_keyChain, {false, true})
+  ValidatorTestFixture()
+    : m_forwarder(m_io, m_keyChain)
+    , m_face(m_forwarder.addFace())
+    , m_validator(NdnsValidatorBuilder::create(m_face, 500, 0, TEST_CONFIG_PATH "/" "validator.conf"))
   {
-    m_randomDsk = createRoot(Name(m_randomId).append("NDNS")); // generate a root cert
-
-    m_dsk1 = createRoot(Name(m_testId1).append("NDNS")); // replace to root cert
-    m_dsk2 = createIdentity(Name(m_testId2).append("NDNS"), m_dsk1);
-    m_dsk3 = createIdentity(Name(m_testId3).append("NDNS"), m_dsk2);
-
-    m_face.onSendInterest.connect(bind(&Fixture::respondInterest, this, _1));
+    // generate a random cert
+    // check how does name-server test do
+    // initlize all servers
+    auto addServer = [&] (const Name& zoneName) {
+      Face& face = m_forwarder.addFace();
+      // validator is used only for check update signature
+      // no updates tested here, so validator will not be used
+      // passing m_validator is only for construct server
+      Name certName = CertHelper::getDefaultCertificateNameOfIdentity(m_keyChain,
+                                                                      Name(zoneName).append("NDNS"));
+      auto server = make_shared<NameServer>(zoneName, certName, face,
+                                            m_session, m_keyChain, *m_validator);
+      m_servers.push_back(server);
+    };
+    addServer(m_testName);
+    addServer(m_netName);
+    addServer(m_ndnsimName);
+    m_ndnsimCert = CertHelper::getDefaultCertificateNameOfIdentity(m_keyChain,
+                                                        Name(m_ndnsimName).append("NDNS"));
+    m_randomCert = m_keyChain.createIdentity("/random/identity").getDefaultKey()
+    .getDefaultCertificate().getName();
+    advanceClocks(time::milliseconds(10), 1);
   }
 
-  ~Fixture()
+  ~ValidatorTestFixture()
   {
     m_face.getIoService().stop();
     m_face.shutdown();
   }
 
-  const Key
-  createIdentity(const Name& id, const Key& parentKey)
-  {
-    Identity identity = addIdentity(id);
-    Key defaultKey = identity.getDefaultKey();
-    m_keyChain.deleteKey(identity, defaultKey);
-
-    Key ksk = m_keyChain.createKey(identity);
-    Name defaultKskCert = ksk.getDefaultCertificate().getName();
-    m_keyChain.deleteCertificate(ksk, defaultKskCert);
-
-    Key dsk = m_keyChain.createKey(identity);
-    Name defaultDskCert = dsk.getDefaultCertificate().getName();
-    m_keyChain.deleteCertificate(dsk, defaultDskCert);
-
-    auto kskCert = CertHelper::createCertificate(m_keyChain, ksk, parentKey, "CERT", time::days(100));
-    auto dskCert = CertHelper::createCertificate(m_keyChain, dsk, ksk, "CERT", time::days(100));
-
-    m_keyChain.addCertificate(ksk, kskCert);
-    m_keyChain.addCertificate(dsk, dskCert);
-
-    m_keyChain.setDefaultKey(identity, dsk);
-    return dsk;
-  }
-
-  const Key
-  createRoot(const Name& root)
-  {
-    Identity rootIdentity = addIdentity(root);
-    auto cert = rootIdentity.getDefaultKey().getDefaultCertificate();
-    ndn::io::save(cert, TEST_CONFIG_PATH "/anchors/root.cert");
-    NDNS_LOG_TRACE("save root cert "<< m_rootCert <<
-                  " to: " << TEST_CONFIG_PATH "/anchors/root.cert");
-    return rootIdentity.getDefaultKey();
-  }
-
-  void
-  respondInterest(const Interest& interest)
-  {
-    Name keyName = interest.getName();
-    Name identityName = keyName.getPrefix(-2);
-    NDNS_LOG_TRACE("validator needs cert of KEY: " << keyName);
-    auto cert = m_keyChain.getPib().getIdentity(identityName)
-                                   .getKey(keyName)
-                                   .getDefaultCertificate();
-    m_face.getIoService().post([this, cert] {
-        m_face.receive(cert);
-      });
-  }
-
 public:
-  Name m_testId1;
-  Name m_testId2;
-  Name m_testId3;
-  Name m_randomId;
-
-  Name m_rootCert;
-
-  Key m_dsk1;
-  Key m_dsk2;
-  Key m_dsk3;
-
-  Key m_randomDsk;
-
-  ndn::util::DummyClientFace m_face;
+  DummyForwarder m_forwarder;
+  ndn::Face& m_face;
+  unique_ptr<security::v2::Validator> m_validator;
+  std::vector<shared_ptr<ndns::NameServer>> m_servers;
+  Name m_ndnsimCert;
+  Name m_randomCert;
 };
 
 
-BOOST_FIXTURE_TEST_CASE(Basic, Fixture)
+BOOST_FIXTURE_TEST_CASE(Basic, ValidatorTestFixture)
 {
-  // validator must be created after root key is saved to the target
-  auto validator = NdnsValidatorBuilder::create(m_face, TEST_CONFIG_PATH "/" "validator.conf");
+  SignatureInfo info;
+  info.setValidityPeriod(security::ValidityPeriod(time::system_clock::TimePoint::min(),
+                                                  time::system_clock::now() + time::days(10)));
 
   // case1: record of testId3, signed by its dsk, should be successful validated.
   Name dataName;
   dataName
-    .append(m_testId3)
+    .append(m_ndnsimName)
     .append("NDNS")
     .append("rrLabel")
     .append("rrType")
     .appendVersion();
   shared_ptr<Data> data = make_shared<Data>(dataName);
-  m_keyChain.sign(*data, signingByKey(m_dsk3));
+  m_keyChain.sign(*data, signingByCertificate(m_ndnsimCert).setSignatureInfo(info));
 
   bool hasValidated = false;
-  validator->validate(*data,
-                     [&] (const Data& data) {
-                       hasValidated = true;
-                       BOOST_CHECK(true);
-                     },
-                     [&] (const Data& data, const security::v2::ValidationError& str) {
-                       hasValidated = true;
-                       BOOST_CHECK(false);
-                     });
+  m_validator->validate(*data,
+                        [&] (const Data& data) {
+                          hasValidated = true;
+                          BOOST_CHECK(true);
+                        },
+                        [&] (const Data& data, const security::v2::ValidationError& str) {
+                          hasValidated = true;
+                          BOOST_CHECK(false);
+                        });
 
-  m_face.processEvents(time::milliseconds(-1));
-
+  advanceClocks(time::seconds(3), 100);
+  // m_io.run();
   BOOST_CHECK_EQUAL(hasValidated, true);
 
   // case2: signing testId2's data by testId3's key, which should failed in validation
   dataName = Name();
   dataName
-    .append(m_testId2)
+    .append(m_netName)
     .append("NDNS")
     .append("rrLabel")
     .append("CERT")
     .appendVersion();
   data = make_shared<Data>(dataName);
-  m_keyChain.sign(*data, signingByKey(m_dsk3)); // key's owner's name is longer than data owner's
+  m_keyChain.sign(*data, signingByCertificate(m_ndnsimCert)); // key's owner's name is longer than data owner's
 
   hasValidated = false;
-  validator->validate(*data,
-                     [&] (const Data& data) {
-                       hasValidated = true;
-                       BOOST_CHECK(false);
-                     },
-                     [&] (const Data& data, const security::v2::ValidationError& str) {
-                       hasValidated = true;
-                       BOOST_CHECK(true);
-                     });
+  m_validator->validate(*data,
+                        [&] (const Data& data) {
+                          hasValidated = true;
+                          BOOST_CHECK(false);
+                        },
+                        [&] (const Data& data, const security::v2::ValidationError& str) {
+                          hasValidated = true;
+                          BOOST_CHECK(true);
+                        });
 
-  m_face.processEvents(time::milliseconds(-1));
+  advanceClocks(time::seconds(3), 100);
   // cannot pass verification due to key's owner's name is longer than data owner's
   BOOST_CHECK_EQUAL(hasValidated, true);
 
-  // case4: totally wrong key to sign
+  // case3: totally wrong key to sign
   dataName = Name();
   dataName
-    .append(m_testId2)
+    .append(m_ndnsimName)
     .append("NDNS")
     .append("rrLabel")
     .append("CERT")
     .appendVersion();
   data = make_shared<Data>(dataName);
-  m_keyChain.sign(*data, signingByKey(m_randomDsk));
+  m_keyChain.sign(*data, signingByCertificate(m_randomCert));
 
   hasValidated = false;
-  validator->validate(*data,
-                     [&] (const Data& data) {
-                       hasValidated = true;
-                       BOOST_CHECK(false);
-                     },
-                     [&] (const Data& data, const security::v2::ValidationError& str) {
-                       hasValidated = true;
-                       BOOST_CHECK(true);
-                     });
+  m_validator->validate(*data,
+                        [&] (const Data& data) {
+                          hasValidated = true;
+                          BOOST_CHECK(false);
+                        },
+                        [&] (const Data& data, const security::v2::ValidationError& str) {
+                          hasValidated = true;
+                          BOOST_CHECK(true);
+                        });
 
-  m_face.processEvents(time::milliseconds(-1));
+  advanceClocks(time::seconds(3), 100);
   // cannot pass due to a totally mismatched key
   BOOST_CHECK_EQUAL(hasValidated, true);
 }