Gitiles
Code Review Sign In
gerrit.named-data.net / ndns / 0b165f4f684f2c5560db49467a11136243d7e82a / . / tests / unit / validator.cpp
blob: 26c25acd12f1251e3f3c064d73656e67782591b2 [file] [log] [blame]
Shock Jiang0b165f42014-10-24 09:08:09 -0700[diff] [blame^]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2014, Regents of the University of California.
4 *
5 * This file is part of NDNS (Named Data Networking Domain Name Service).
6 * See AUTHORS.md for complete list of NDNS authors and contributors.
7 *
8 * NDNS is free software: you can redistribute it and/or modify it under the terms
9 * of the GNU General Public License as published by the Free Software Foundation,
10 * either version 3 of the License, or (at your option) any later version.
11 *
12 * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
13 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
14 * PURPOSE. See the GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * NDNS, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20#include "validator.hpp"
21#include "dummy-client-face.hpp"
22#include <ndn-cxx/security/key-chain.hpp>
23#include "../boost-test.hpp"
24
25namespace ndn {
26namespace ndns {
27namespace tests {
28NDNS_LOG_INIT("ValidatorTest");
29
30BOOST_AUTO_TEST_SUITE(Validator)
31
32class Fixture
33{
34public:
35 Fixture()
36 : m_testId1("/test02")
37 , m_testId2("/test02/ndn")
38 , m_testId3("/test02/ndn/edu")
39 , m_randomId("/test03")
40 , m_version(name::Component::fromVersion(0))
41 , m_face(::ndn::tests::makeDummyClientFace())
42 {
43 m_keyChain.deleteIdentity(m_testId1);
44 m_keyChain.deleteIdentity(m_testId2);
45 m_keyChain.deleteIdentity(m_testId3);
46 m_keyChain.deleteIdentity(m_randomId);
47
48 m_randomDsk = createRoot(m_randomId); // generate a root cert
49
50 m_dsk1 = createRoot(m_testId1); // replace to root cert
51 m_dsk2 = createIdentity(m_testId2, m_dsk1);
52 m_dsk3 = createIdentity(m_testId3, m_dsk2);
53
54 m_selfSignCert = m_keyChain.generateRsaKeyPair(m_testId3, false);
55 shared_ptr<IdentityCertificate> cert = m_keyChain.selfSign(m_selfSignCert);
56 m_selfSignCert = cert->getName();
57 m_keyChain.addCertificate(*cert);
58 NDNS_LOG_TRACE("add cert: " << cert->getName() << " to KeyChain");
59
60 m_face->onInterest += bind(&Fixture::respondInterest, this, _1, _2);
61 }
62
63 ~Fixture()
64 {
65 m_face->getIoService().stop();
66 m_face->shutdown();
67 m_keyChain.deleteIdentity(m_testId1);
68 m_keyChain.deleteIdentity(m_testId2);
69 m_keyChain.deleteIdentity(m_testId3);
70 m_keyChain.deleteIdentity(m_randomId);
71 }
72
73 const Name
74 createIdentity(const Name& id, const Name& parentCertName)
75 {
76 Name kskCertName = m_keyChain.createIdentity(id);
77 Name kskName = m_keyChain.getDefaultKeyNameForIdentity(id);
78 m_keyChain.deleteCertificate(kskCertName);
79 auto kskCert = createCertificate(kskName, parentCertName);
80
81 Name dskName = m_keyChain.generateRsaKeyPair(id, false);
82 auto dskCert = createCertificate(dskName, kskCert);
83 return dskCert;
84 }
85
86 const Name
87 createRoot(const Name& root)
88 {
89 m_rootCert = m_keyChain.createIdentity(root);
90 ndn::io::save(*(m_keyChain.getCertificate(m_rootCert)), TEST_CONFIG_PATH "/anchors/root.cert");
91 NDNS_LOG_TRACE("save root cert "<< m_rootCert <<
92 " to: " << TEST_CONFIG_PATH "/anchors/root.cert");
93 Name dsk = m_keyChain.generateRsaKeyPair(root, false);
94 auto cert = createCertificate(dsk, m_rootCert);
95 return cert;
96 }
97
98
99 const Name
100 createCertificate(const Name& keyName, const Name& parentCertName)
101 {
102 std::vector<CertificateSubjectDescription> desc;
103 time::system_clock::TimePoint notBefore = time::system_clock::now();
104 time::system_clock::TimePoint notAfter = notBefore + time::days(365);
105 desc.push_back(CertificateSubjectDescription(oid::ATTRIBUTE_NAME,
106 "Signer: " + parentCertName.toUri()));
107 shared_ptr<IdentityCertificate> cert =
108 m_keyChain.prepareUnsignedIdentityCertificate(keyName, parentCertName,
109 notBefore, notAfter, desc);
110
111 Name tmp = cert->getName().getPrefix(-1).append(m_version);
112 cert->setName(tmp);
113 m_keyChain.sign(*cert, parentCertName);
114 m_keyChain.addCertificateAsKeyDefault(*cert);
115 NDNS_LOG_TRACE("add cert: " << cert->getName() << " to KeyChain");
116 return cert->getName();
117 }
118
119
120 void
121 respondInterest(const Interest& interest, ndn::tests::DummyClientTransport* transport)
122 {
123 Name certName = interest.getName();
124 if (certName.isPrefixOf(m_selfSignCert)) {
125 // self-sign cert's version number is not m_version
126 certName = m_selfSignCert;
127 } else {
128 certName.append(m_version);
129 }
130 NDNS_LOG_TRACE("validator needs: " << certName);
131 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(certName), true);
132 auto cert = m_keyChain.getCertificate(certName);
133 transport->receive(cert->wireEncode());
134 }
135
136public:
137 Name m_testId1;
138 Name m_testId2;
139 Name m_testId3;
140 Name m_randomId;
141
142 Name m_rootCert;
143
144 KeyChain m_keyChain;
145
146 Name m_dsk1;
147 Name m_dsk2;
148 Name m_dsk3;
149
150 Name m_selfSignCert;
151
152 Name m_randomDsk;
153
154 name::Component m_version;
155
156 shared_ptr<ndn::tests::DummyClientFace> m_face;
157};
158
159
160BOOST_FIXTURE_TEST_CASE(Basic, Fixture)
161{
162 // validator must be created after root key is saved to the target
163 ndns::Validator validator(*m_face, TEST_CONFIG_PATH "/" "validator.conf");
164
165 Name dataName(m_testId3);
166 dataName.append("NDNS")
167 .append("rrLabel")
168 .append("rrType")
169 .appendVersion();
170 shared_ptr<Data> data = make_shared<Data>(dataName);
171 m_keyChain.sign(*data, m_dsk3);
172
173 bool hasValidated = false;
174 validator.validate(*data,
175 [&] (const shared_ptr<const Data>& data) {
176 hasValidated = true;
177 BOOST_CHECK(true);
178 },
179 [&] (const shared_ptr<const Data>& data, const std::string& str) {
180 hasValidated = true;
181 BOOST_CHECK(false);
182 });
183
184 m_face->processEvents(time::milliseconds(-1));
185
186 BOOST_CHECK_EQUAL(hasValidated, true);
187
188
189 dataName = m_testId2;
190 dataName.append("KEY")
191 .append("rrLabel")
192 .append("ID-CERT")
193 .appendVersion();
194 data = make_shared<Data>(dataName);
195 m_keyChain.sign(*data, m_dsk3); // key's owner's name is longer than data owner's
196
197 hasValidated = false;
198 validator.validate(*data,
199 [&] (const shared_ptr<const Data>& data) {
200 hasValidated = true;
201 BOOST_CHECK(false);
202 },
203 [&] (const shared_ptr<const Data>& data, const std::string& str) {
204 hasValidated = true;
205 BOOST_CHECK(true);
206 });
207
208 m_face->processEvents(time::milliseconds(-1));
209 // cannot pass verification due to key's owner's name is longer than data owner's
210 BOOST_CHECK_EQUAL(hasValidated, true);
211
212
213 dataName = m_testId3;
214 dataName.append("KEY")
215 .append("rrLabel")
216 .append("ID-CERT")
217 .appendVersion();
218 data = make_shared<Data>(dataName);
219 m_keyChain.sign(*data, m_selfSignCert);
220
221 hasValidated = false;
222 validator.validate(*data,
223 [&] (const shared_ptr<const Data>& data) {
224 hasValidated = true;
225 BOOST_CHECK(false);
226 },
227 [&] (const shared_ptr<const Data>& data, const std::string& str) {
228 hasValidated = true;
229 BOOST_CHECK(true);
230 });
231
232 m_face->processEvents(time::milliseconds(-1));
233 // cannot pass due to self-sign cert is used
234 BOOST_CHECK_EQUAL(hasValidated, true);
235
236 dataName = m_testId2;
237 dataName.append("KEY")
238 .append("rrLabel")
239 .append("ID-CERT")
240 .appendVersion();
241 data = make_shared<Data>(dataName);
242 m_keyChain.sign(*data, m_randomDsk);
243
244 hasValidated = false;
245 validator.validate(*data,
246 [&] (const shared_ptr<const Data>& data) {
247 hasValidated = true;
248 BOOST_CHECK(false);
249 },
250 [&] (const shared_ptr<const Data>& data, const std::string& str) {
251 hasValidated = true;
252 BOOST_CHECK(true);
253 });
254
255 m_face->processEvents(time::milliseconds(-1));
256 // cannot pass due to a totally mismatched key
257 BOOST_CHECK_EQUAL(hasValidated, true);
258}
259
260BOOST_AUTO_TEST_SUITE_END()
261
262} // namespace tests
263} // namespace ndns
264} // namespace ndn