blob: 01611259fb54f1617b7740a9081d22f1c1c28e00 [file] [log] [blame]
Shock Jiang0b165f42014-10-24 09:08:09 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yumin Xia2c509c22017-02-09 14:37:36 -08002/*
Alexander Afanasyev60514ec2020-06-03 14:18:53 -04003 * Copyright (c) 2014-2020, Regents of the University of California.
Shock Jiang0b165f42014-10-24 09:08:09 -07004 *
5 * This file is part of NDNS (Named Data Networking Domain Name Service).
6 * See AUTHORS.md for complete list of NDNS authors and contributors.
7 *
8 * NDNS is free software: you can redistribute it and/or modify it under the terms
9 * of the GNU General Public License as published by the Free Software Foundation,
10 * either version 3 of the License, or (at your option) any later version.
11 *
12 * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
13 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
14 * PURPOSE. See the GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * NDNS, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
18 */
19
Yumin Xia99c821a2017-04-07 11:01:08 -070020#include "validator/validator.hpp"
Yumin Xiafa2bce72017-04-09 16:20:25 -070021#include "ndns-label.hpp"
Yumin Xiafa2bce72017-04-09 16:20:25 -070022#include "daemon/name-server.hpp"
Davide Pesaventobdd88c12020-11-26 00:35:08 -050023#include "util/cert-helper.hpp"
Alexander Afanasyevfde570c2016-12-19 16:02:55 -080024
Davide Pesaventobdd88c12020-11-26 00:35:08 -050025#include "boost-test.hpp"
Yumin Xiafa2bce72017-04-09 16:20:25 -070026#include "unit/database-test-data.hpp"
Yumin Xia2c509c22017-02-09 14:37:36 -080027
Davide Pesaventobdd88c12020-11-26 00:35:08 -050028#include <ndn-cxx/util/dummy-client-face.hpp>
29
Shock Jiang0b165f42014-10-24 09:08:09 -070030namespace ndn {
31namespace ndns {
32namespace tests {
Alexander Afanasyevc7c99002015-10-09 17:27:30 -070033
Shock Jiang0b165f42014-10-24 09:08:09 -070034BOOST_AUTO_TEST_SUITE(Validator)
35
Yumin Xiafa2bce72017-04-09 16:20:25 -070036class ValidatorTestFixture : public DbTestData
Shock Jiang0b165f42014-10-24 09:08:09 -070037{
38public:
Yumin Xiafa2bce72017-04-09 16:20:25 -070039 ValidatorTestFixture()
Davide Pesavento2a3bb842019-03-22 17:39:29 -040040 : m_validatorFace(m_io, m_keyChain, {true, true})
41 , m_validator(NdnsValidatorBuilder::create(m_validatorFace, 500, 0,
Davide Pesaventobdd88c12020-11-26 00:35:08 -050042 UNIT_TESTS_TMPDIR "/validator.conf"))
Shock Jiang0b165f42014-10-24 09:08:09 -070043 {
Yumin Xiafa2bce72017-04-09 16:20:25 -070044 // generate a random cert
45 // check how does name-server test do
Davide Pesavento2a3bb842019-03-22 17:39:29 -040046 // initialize all servers
47 auto addServer = [this] (const Name& zoneName) {
48 m_serverFaces.push_back(make_unique<util::DummyClientFace>(m_io, m_keyChain,
49 util::DummyClientFace::Options{true, true}));
50 m_serverFaces.back()->linkTo(m_validatorFace);
51
Yumin Xiafa2bce72017-04-09 16:20:25 -070052 // validator is used only for check update signature
53 // no updates tested here, so validator will not be used
54 // passing m_validator is only for construct server
55 Name certName = CertHelper::getDefaultCertificateNameOfIdentity(m_keyChain,
56 Name(zoneName).append("NDNS"));
Davide Pesavento2a3bb842019-03-22 17:39:29 -040057 auto server = make_shared<NameServer>(zoneName, certName, *m_serverFaces.back(),
Yumin Xiafa2bce72017-04-09 16:20:25 -070058 m_session, m_keyChain, *m_validator);
Davide Pesavento2a3bb842019-03-22 17:39:29 -040059 m_servers.push_back(std::move(server));
Yumin Xiafa2bce72017-04-09 16:20:25 -070060 };
61 addServer(m_testName);
62 addServer(m_netName);
63 addServer(m_ndnsimName);
Davide Pesavento2a3bb842019-03-22 17:39:29 -040064
Yumin Xiafa2bce72017-04-09 16:20:25 -070065 m_ndnsimCert = CertHelper::getDefaultCertificateNameOfIdentity(m_keyChain,
Davide Pesavento2a3bb842019-03-22 17:39:29 -040066 Name(m_ndnsimName).append("NDNS"));
Yumin Xiafa2bce72017-04-09 16:20:25 -070067 m_randomCert = m_keyChain.createIdentity("/random/identity").getDefaultKey()
Davide Pesavento2a3bb842019-03-22 17:39:29 -040068 .getDefaultCertificate().getName();
Yumin Xiafa2bce72017-04-09 16:20:25 -070069 advanceClocks(time::milliseconds(10), 1);
Shock Jiang0b165f42014-10-24 09:08:09 -070070 }
71
Shock Jiang0b165f42014-10-24 09:08:09 -070072public:
Davide Pesavento2a3bb842019-03-22 17:39:29 -040073 util::DummyClientFace m_validatorFace;
Alexander Afanasyev60514ec2020-06-03 14:18:53 -040074 unique_ptr<security::Validator> m_validator;
Davide Pesavento2a3bb842019-03-22 17:39:29 -040075 std::vector<unique_ptr<util::DummyClientFace>> m_serverFaces;
Yumin Xiafa2bce72017-04-09 16:20:25 -070076 std::vector<shared_ptr<ndns::NameServer>> m_servers;
77 Name m_ndnsimCert;
78 Name m_randomCert;
Shock Jiang0b165f42014-10-24 09:08:09 -070079};
80
Yumin Xiafa2bce72017-04-09 16:20:25 -070081BOOST_FIXTURE_TEST_CASE(Basic, ValidatorTestFixture)
Shock Jiang0b165f42014-10-24 09:08:09 -070082{
Yumin Xiafa2bce72017-04-09 16:20:25 -070083 SignatureInfo info;
84 info.setValidityPeriod(security::ValidityPeriod(time::system_clock::TimePoint::min(),
85 time::system_clock::now() + time::days(10)));
Shock Jiang0b165f42014-10-24 09:08:09 -070086
Yumin Xia2c509c22017-02-09 14:37:36 -080087 // case1: record of testId3, signed by its dsk, should be successful validated.
Alexander Afanasyevfde570c2016-12-19 16:02:55 -080088 Name dataName;
89 dataName
Yumin Xiafa2bce72017-04-09 16:20:25 -070090 .append(m_ndnsimName)
Alexander Afanasyevfde570c2016-12-19 16:02:55 -080091 .append("NDNS")
Shock Jiang0b165f42014-10-24 09:08:09 -070092 .append("rrLabel")
93 .append("rrType")
94 .appendVersion();
95 shared_ptr<Data> data = make_shared<Data>(dataName);
Yumin Xiafa2bce72017-04-09 16:20:25 -070096 m_keyChain.sign(*data, signingByCertificate(m_ndnsimCert).setSignatureInfo(info));
Shock Jiang0b165f42014-10-24 09:08:09 -070097
98 bool hasValidated = false;
Yumin Xiafa2bce72017-04-09 16:20:25 -070099 m_validator->validate(*data,
100 [&] (const Data& data) {
101 hasValidated = true;
102 BOOST_CHECK(true);
103 },
Alexander Afanasyev60514ec2020-06-03 14:18:53 -0400104 [&] (const Data& data, const security::ValidationError& str) {
Yumin Xiafa2bce72017-04-09 16:20:25 -0700105 hasValidated = true;
106 BOOST_CHECK(false);
107 });
Shock Jiang0b165f42014-10-24 09:08:09 -0700108
Yumin Xiafa2bce72017-04-09 16:20:25 -0700109 advanceClocks(time::seconds(3), 100);
110 // m_io.run();
Shock Jiang0b165f42014-10-24 09:08:09 -0700111 BOOST_CHECK_EQUAL(hasValidated, true);
112
Yumin Xia2c509c22017-02-09 14:37:36 -0800113 // case2: signing testId2's data by testId3's key, which should failed in validation
Alexander Afanasyevfde570c2016-12-19 16:02:55 -0800114 dataName = Name();
115 dataName
Yumin Xiafa2bce72017-04-09 16:20:25 -0700116 .append(m_netName)
Yumin Xia2c509c22017-02-09 14:37:36 -0800117 .append("NDNS")
Shock Jiang0b165f42014-10-24 09:08:09 -0700118 .append("rrLabel")
Yumin Xia2c509c22017-02-09 14:37:36 -0800119 .append("CERT")
Shock Jiang0b165f42014-10-24 09:08:09 -0700120 .appendVersion();
121 data = make_shared<Data>(dataName);
Yumin Xiafa2bce72017-04-09 16:20:25 -0700122 m_keyChain.sign(*data, signingByCertificate(m_ndnsimCert)); // key's owner's name is longer than data owner's
Shock Jiang0b165f42014-10-24 09:08:09 -0700123
124 hasValidated = false;
Yumin Xiafa2bce72017-04-09 16:20:25 -0700125 m_validator->validate(*data,
126 [&] (const Data& data) {
127 hasValidated = true;
128 BOOST_CHECK(false);
129 },
Alexander Afanasyev60514ec2020-06-03 14:18:53 -0400130 [&] (const Data& data, const security::ValidationError& str) {
Yumin Xiafa2bce72017-04-09 16:20:25 -0700131 hasValidated = true;
132 BOOST_CHECK(true);
133 });
Shock Jiang0b165f42014-10-24 09:08:09 -0700134
Yumin Xiafa2bce72017-04-09 16:20:25 -0700135 advanceClocks(time::seconds(3), 100);
Shock Jiang0b165f42014-10-24 09:08:09 -0700136 // cannot pass verification due to key's owner's name is longer than data owner's
137 BOOST_CHECK_EQUAL(hasValidated, true);
138
Yumin Xiafa2bce72017-04-09 16:20:25 -0700139 // case3: totally wrong key to sign
Alexander Afanasyevfde570c2016-12-19 16:02:55 -0800140 dataName = Name();
141 dataName
Yumin Xiafa2bce72017-04-09 16:20:25 -0700142 .append(m_ndnsimName)
Yumin Xia918343d2017-03-17 19:04:55 -0700143 .append("NDNS")
Shock Jiang0b165f42014-10-24 09:08:09 -0700144 .append("rrLabel")
Yumin Xia2c509c22017-02-09 14:37:36 -0800145 .append("CERT")
Shock Jiang0b165f42014-10-24 09:08:09 -0700146 .appendVersion();
147 data = make_shared<Data>(dataName);
Yumin Xiafa2bce72017-04-09 16:20:25 -0700148 m_keyChain.sign(*data, signingByCertificate(m_randomCert));
Shock Jiang0b165f42014-10-24 09:08:09 -0700149
150 hasValidated = false;
Yumin Xiafa2bce72017-04-09 16:20:25 -0700151 m_validator->validate(*data,
152 [&] (const Data& data) {
153 hasValidated = true;
154 BOOST_CHECK(false);
155 },
Alexander Afanasyev60514ec2020-06-03 14:18:53 -0400156 [&] (const Data& data, const security::ValidationError& str) {
Yumin Xiafa2bce72017-04-09 16:20:25 -0700157 hasValidated = true;
158 BOOST_CHECK(true);
159 });
Shock Jiang0b165f42014-10-24 09:08:09 -0700160
Yumin Xiafa2bce72017-04-09 16:20:25 -0700161 advanceClocks(time::seconds(3), 100);
Shock Jiang0b165f42014-10-24 09:08:09 -0700162 // cannot pass due to a totally mismatched key
163 BOOST_CHECK_EQUAL(hasValidated, true);
164}
165
166BOOST_AUTO_TEST_SUITE_END()
167
168} // namespace tests
169} // namespace ndns
170} // namespace ndn