blob: d4258322eb97f0756846ef1fd9ac2b49105b8629 [file] [log] [blame]
Yumin Xiafa2bce72017-04-09 16:20:25 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Alexander Afanasyev08d18742018-03-15 16:31:28 -04002/*
Alexander Afanasyev60514ec2020-06-03 14:18:53 -04003 * Copyright (c) 2014-2020, Regents of the University of California.
Yumin Xiafa2bce72017-04-09 16:20:25 -07004 *
5 * This file is part of NDNS (Named Data Networking Domain Name Service).
6 * See AUTHORS.md for complete list of NDNS authors and contributors.
7 *
8 * NDNS is free software: you can redistribute it and/or modify it under the terms
9 * of the GNU General Public License as published by the Free Software Foundation,
10 * either version 3 of the License, or (at your option) any later version.
11 *
12 * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
13 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
14 * PURPOSE. See the GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * NDNS, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20#include "validator/validator.hpp"
21#include "validator/certificate-fetcher-ndns-appcert.hpp"
22#include "ndns-label.hpp"
23#include "util/cert-helper.hpp"
24#include "daemon/name-server.hpp"
25#include "daemon/rrset-factory.hpp"
26#include "mgmt/management-tool.hpp"
27
28#include "test-common.hpp"
Yumin Xiafa2bce72017-04-09 16:20:25 -070029#include "unit/database-test-data.hpp"
30
Alexander Afanasyev60514ec2020-06-03 14:18:53 -040031#include <ndn-cxx/security/validation-policy-simple-hierarchy.hpp>
Yumin Xiafa2bce72017-04-09 16:20:25 -070032
33namespace ndn {
34namespace ndns {
35namespace tests {
36
Yumin Xiafa2bce72017-04-09 16:20:25 -070037BOOST_AUTO_TEST_SUITE(AppCertFetcher)
38
Alexander Afanasyev60514ec2020-06-03 14:18:53 -040039static unique_ptr<security::Validator>
Davide Pesavento2a3bb842019-03-22 17:39:29 -040040makeValidatorAppCert(Face& face)
Yumin Xiafa2bce72017-04-09 16:20:25 -070041{
Alexander Afanasyev60514ec2020-06-03 14:18:53 -040042 return make_unique<security::Validator>(make_unique<::ndn::security::ValidationPolicySimpleHierarchy>(),
43 make_unique<CertificateFetcherAppCert>(face));
Yumin Xiafa2bce72017-04-09 16:20:25 -070044}
45
46class AppCertFetcherFixture : public DbTestData
47{
48public:
49 AppCertFetcherFixture()
Davide Pesavento2a3bb842019-03-22 17:39:29 -040050 : m_validatorFace(m_io, m_keyChain, {true, true})
51 , m_validator(makeValidatorAppCert(m_validatorFace))
Yumin Xiafa2bce72017-04-09 16:20:25 -070052 {
53 // build the data and certificate for this test
54 buildAppCertAndData();
55
Davide Pesavento2a3bb842019-03-22 17:39:29 -040056 auto serverValidator = NdnsValidatorBuilder::create(m_validatorFace, 10, 0,
57 TEST_CONFIG_PATH "/validator.conf");
58 // initialize all servers
59 auto addServer = [this, &serverValidator] (const Name& zoneName) {
60 m_serverFaces.push_back(make_unique<util::DummyClientFace>(m_io, m_keyChain,
61 util::DummyClientFace::Options{true, true}));
62 m_serverFaces.back()->linkTo(m_validatorFace);
63
Yumin Xiafa2bce72017-04-09 16:20:25 -070064 // validator is used only for check update signature
65 // no updates tested here, so validator will not be used
66 // passing m_validator is only for construct server
67 Name certName = CertHelper::getDefaultCertificateNameOfIdentity(m_keyChain,
Davide Pesavento2a3bb842019-03-22 17:39:29 -040068 Name(zoneName).append("NDNS"));
69 auto server = make_shared<NameServer>(zoneName, certName, *m_serverFaces.back(),
70 m_session, m_keyChain, *serverValidator);
71 m_servers.push_back(std::move(server));
Yumin Xiafa2bce72017-04-09 16:20:25 -070072 };
73 addServer(m_testName);
74 addServer(m_netName);
75 addServer(m_ndnsimName);
76 advanceClocks(time::milliseconds(10), 1);
77 }
78
Yumin Xiafa2bce72017-04-09 16:20:25 -070079private:
80 void
81 buildAppCertAndData()
82 {
83 // create NDNS-stored certificate and the signed data
84 Identity ndnsimIdentity = addIdentity(m_ndnsimName);
85 Key randomKey = m_keyChain.createKey(ndnsimIdentity);
86 Certificate ndnsStoredAppCert = randomKey.getDefaultCertificate();
87 RrsetFactory rf(TEST_DATABASE.string(), m_ndnsimName, m_keyChain,
88 CertHelper::getIdentity(m_keyChain, Name(m_ndnsimName).append(label::NDNS_ITERATIVE_QUERY))
89 .getDefaultKey()
90 .getDefaultCertificate()
91 .getName());
92 rf.onlyCheckZone();
93 Rrset appCertRrset = rf.generateCertRrset(randomKey.getName().getSubName(-2),
94 VERSION_USE_UNIX_TIMESTAMP, DEFAULT_RR_TTL,
95 ndnsStoredAppCert);
96 ManagementTool tool(TEST_DATABASE.string(), m_keyChain);
97 tool.addRrset(appCertRrset);
98
99 m_appCertSignedData = Data(Name(m_ndnsimName).append("randomData"));
100 m_keyChain.sign(m_appCertSignedData, signingByCertificate(ndnsStoredAppCert));
101
102 // load this certificate as the trust anchor
103 m_validator->loadAnchor("", std::move(ndnsStoredAppCert));
104 }
105
106public:
Davide Pesavento2a3bb842019-03-22 17:39:29 -0400107 util::DummyClientFace m_validatorFace;
Alexander Afanasyev60514ec2020-06-03 14:18:53 -0400108 unique_ptr<security::Validator> m_validator;
Davide Pesavento2a3bb842019-03-22 17:39:29 -0400109 std::vector<unique_ptr<util::DummyClientFace>> m_serverFaces;
Yumin Xiafa2bce72017-04-09 16:20:25 -0700110 std::vector<shared_ptr<ndns::NameServer>> m_servers;
111 Data m_appCertSignedData;
112};
113
Yumin Xiafa2bce72017-04-09 16:20:25 -0700114BOOST_FIXTURE_TEST_CASE(Basic, AppCertFetcherFixture)
115{
116 bool hasValidated = false;
117 m_validator->validate(m_appCertSignedData,
118 [&] (const Data& data) {
119 hasValidated = true;
120 BOOST_CHECK(true);
121 },
Alexander Afanasyev60514ec2020-06-03 14:18:53 -0400122 [&] (const Data& data, const security::ValidationError& str) {
Yumin Xiafa2bce72017-04-09 16:20:25 -0700123 hasValidated = true;
124 BOOST_CHECK(false);
125 });
126 advanceClocks(time::milliseconds(10), 1000);
127 BOOST_CHECK_EQUAL(hasValidated, true);
128}
129
130BOOST_AUTO_TEST_SUITE_END()
131
132} // namespace tests
133} // namespace ndns
134} // namespace ndn