Gitiles
Code Review Sign In
gerrit.named-data.net / ndns / 870b29b1e9f615ed932503a1528d0f0b647e6621 / . / tests / unit / mgmt / management-tool.cpp
blob: 2eefe15d83a24da18838089512b0019f47ca1cb3 [file] [log] [blame]
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame^]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2014, Regents of the University of California.
4 *
5 * This file is part of NDNS (Named Data Networking Domain Name Service).
6 * See AUTHORS.md for complete list of NDNS authors and contributors.
7 *
8 * NDNS is free software: you can redistribute it and/or modify it under the terms
9 * of the GNU General Public License as published by the Free Software Foundation,
10 * either version 3 of the License, or (at your option) any later version.
11 *
12 * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
13 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
14 * PURPOSE. See the GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * NDNS, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20#include "../../src/mgmt/management-tool.hpp"
21
22#include "../../boost-test.hpp"
23#include <boost/test/output_test_stream.hpp>
24using boost::test_tools::output_test_stream;
25
26#include "ndns-enum.hpp"
27#include "ndns-label.hpp"
28#include "ndns-tlv.hpp"
29
30#include <vector>
31#include <iostream>
32#include <fstream>
33#include <string>
34
35#include <boost/filesystem.hpp>
36#include <boost/algorithm/string/replace.hpp>
37
38#include <ndn-cxx/security/key-chain.hpp>
39#include <ndn-cxx/security/validator.hpp>
40#include <ndn-cxx/util/io.hpp>
41#include <ndn-cxx/util/regex.hpp>
42
43namespace ndn {
44namespace ndns {
45namespace tests {
46
47BOOST_AUTO_TEST_SUITE(ManagementTool)
48
49static const boost::filesystem::path TEST_DATABASE = TEST_CONFIG_PATH "/management_tool.db";
50static const boost::filesystem::path TEST_CERTDIR = TEST_CONFIG_PATH "/management_tool_certs";
51static const Name FAKE_ROOT("/fake-root/123456789");
52
53class ManagementToolFixture
54{
55public:
56 ManagementToolFixture()
57 : m_tool(TEST_DATABASE.string().c_str())
58 , m_keyChain("sqlite3", "file")
59 , m_dbMgr(TEST_DATABASE.string().c_str())
60 {
61 boost::filesystem::create_directory(TEST_CERTDIR);
62 }
63
64 ~ManagementToolFixture()
65 {
66 boost::filesystem::remove_all(TEST_CERTDIR);
67 boost::filesystem::remove(TEST_DATABASE);
68 }
69
70 void
71 getKeyList(const Name& identity, std::vector<Name>& keyList)
72 {
73 m_keyChain.getAllKeyNamesOfIdentity(identity, keyList, false);
74 m_keyChain.getAllKeyNamesOfIdentity(identity, keyList, true);
75 }
76
77 void
78 getCertList(const Name& identity, std::vector<Name>& certNameList)
79 {
80 std::vector<Name> keyList;
81 getKeyList(identity, keyList);
82 for (const Name& name : keyList) {
83 m_keyChain.getAllCertificateNamesOfKey(name, certNameList, false);
84 m_keyChain.getAllCertificateNamesOfKey(name, certNameList, true);
85 }
86 }
87
88 bool
89 checkIdCert(Zone& zone, const Name& certName)
90 {
91 Rrset rrset(&zone);
92 size_t size = zone.getName().size();
93 Name label = certName.getSubName(size+1, certName.size()-size-3);
94 rrset.setLabel(label);
95 rrset.setType(label::CERT_RR_TYPE);
96
97 if (!m_dbMgr.find(rrset))
98 return false;
99
100 Data data(rrset.getData());
101 IdentityCertificate cert(data);
102 return cert.getName() == certName;
103 }
104
105 bool
106 checkNs(Zone& zone, const Name& label, NdnsType ndnsType)
107 {
108 Rrset rrset(&zone);
109 rrset.setLabel(label);
110 rrset.setType(label::NS_RR_TYPE);
111
112 if (!m_dbMgr.find(rrset))
113 return false;
114
115 Data data(rrset.getData());
116 MetaInfo info = data.getMetaInfo();
117
118 const Block* block = info.findAppMetaInfo(tlv::NdnsType);
119 if (block == 0)
120 return false;
121
122 return static_cast<NdnsType>(readNonNegativeInteger(*block)) == ndnsType;
123 }
124
125 bool
126 checkVersion(Zone& zone, const Name& label, const name::Component& type, uint64_t version)
127 {
128 Rrset rrset(&zone);
129 rrset.setLabel(label);
130 rrset.setType(type);
131
132 if (!m_dbMgr.find(rrset))
133 return false;
134
135 name::Component tmp = name::Component::fromVersion(version);
136
137 return rrset.getVersion() == tmp;
138 }
139
140 bool
141 checkTtl(Zone& zone, const Name& label, const name::Component& type, time::seconds ttl)
142 {
143 Rrset rrset(&zone);
144 rrset.setLabel(label);
145 rrset.setType(type);
146
147 if (!m_dbMgr.find(rrset))
148 return false;
149
150 return rrset.getTtl() == ttl;
151 }
152
153 // function to get a verified public key of a given data
154 PublicKey
155 getPublicKeyOfData(const Data& data) {
156 // first extract certificate name of the signing key
157 Signature sig = data.getSignature();
158 KeyLocator kl = sig.getKeyLocator();
159 Name klName = kl.getName();
160
161 //base case, return root key to verify ROOT DSK certificate
162 shared_ptr<Regex> regex1 = make_shared<Regex>(
163 "<KEY><fake-root><123456789><ksk-[0-9]+><ID-CERT>");
164 if (regex1->match(klName)) {
165 std::vector<Name> keyList1;
166 m_keyChain.getAllKeyNamesOfIdentity(FAKE_ROOT, keyList1, false);
167 shared_ptr<PublicKey> rootKey = m_keyChain.getPublicKey(keyList1.front());
168
169 // return root key
170 return *rootKey;
171 }
172
173 // second extract the certificate from local NDNS database
174 // extract zone name and label
175 shared_ptr<Regex> regex2 = make_shared<Regex>("(<>*)<KEY>(<>+)<ID-CERT>");
176 BOOST_ASSERT(regex2->match(klName) == true);
177 Name zoneName = regex2->expand("\\1");
178 Name label = regex2->expand("\\2");
179
180 // get ID-CERT from local NDNS database
181 Zone zone(zoneName);
182 Rrset rrset(&zone);
183 rrset.setLabel(label);
184 rrset.setType(label::CERT_RR_TYPE);
185
186 BOOST_CHECK_EQUAL(m_dbMgr.find(rrset), true);
187
188 // get public key siging the ID-CERT
189 Data tmp(rrset.getData());
190 PublicKey pk = getPublicKeyOfData(tmp);
191
192 // verified the ID-CERT
193 BOOST_CHECK_EQUAL(Validator::verifySignature(tmp, pk), true);
194 IdentityCertificate cert(tmp);
195
196 // third return public key
197 return cert.getPublicKeyInfo();
198 }
199
200public:
201 ndns::ManagementTool m_tool;
202 ndn::KeyChain m_keyChain;
203 ndns::DbMgr m_dbMgr;
204};
205
206BOOST_FIXTURE_TEST_CASE(CreateZone1, ManagementToolFixture)
207{
208 //create root zone with supplied certificates
209 bool isRoot = m_keyChain.doesIdentityExist(ROOT_ZONE);
210 size_t iniKey = 0;
211 size_t iniCert = 0;
212 if (isRoot) {
213 std::vector<Name> keyList;
214 getKeyList(ROOT_ZONE, keyList);
215 iniKey = keyList.size();
216
217 std::vector<Name> certList;
218 getCertList(ROOT_ZONE, certList);
219 iniCert = certList.size();
220 }
221
222 time::system_clock::TimePoint notBefore = time::system_clock::now();
223 time::system_clock::TimePoint notAfter = notBefore + DEFAULT_CERT_TTL;
224
225 Name kskName = m_keyChain.generateRsaKeyPair(ROOT_ZONE, true);
226 std::vector<CertificateSubjectDescription> kskDesc;
227 shared_ptr<IdentityCertificate> kskCert = m_keyChain.prepareUnsignedIdentityCertificate(kskName,
228 ROOT_ZONE, notBefore, notAfter, kskDesc);
229 m_keyChain.selfSign(*kskCert);
230 m_keyChain.addCertificate(*kskCert);
231
232 Name dskName = m_keyChain.generateRsaKeyPair(ROOT_ZONE, false);
233 std::vector<CertificateSubjectDescription> dskDesc;
234 shared_ptr<IdentityCertificate> dskCert = m_keyChain.prepareUnsignedIdentityCertificate(
235 dskName, ROOT_ZONE, notBefore, notAfter, dskDesc);
236 m_keyChain.sign(*dskCert, kskCert->getName());
237 m_keyChain.addCertificate(*dskCert);
238
239 m_tool.createZone(ROOT_ZONE, ROOT_ZONE, time::seconds(4600), time::seconds(4600),
240 kskCert->getName(), dskCert->getName());
241
242 BOOST_CHECK_EQUAL(m_keyChain.doesIdentityExist(ROOT_ZONE), true);
243
244 std::vector<Name> keyList;
245 getKeyList(ROOT_ZONE, keyList);
246 BOOST_CHECK_EQUAL(keyList.size(), 2 + iniKey);
247
248 std::vector<Name> certList;
249 getCertList(ROOT_ZONE, certList);
250 BOOST_CHECK_EQUAL(certList.size(), 2 + iniCert);
251
252 Zone zone(ROOT_ZONE);
253 BOOST_CHECK_EQUAL(m_dbMgr.find(zone), true);
254 BOOST_CHECK_EQUAL(checkIdCert(zone, dskCert->getName()), true);
255
256 if (isRoot) {
257 // will leave the identity in KeyChain
258 m_keyChain.deleteCertificate(kskCert->getName());
259 m_keyChain.deleteCertificate(dskCert->getName());
260
261 m_keyChain.deleteKey(kskName);
262 m_keyChain.deleteKey(dskName);
263 }
264 else {
265 m_tool.deleteZone(ROOT_ZONE);
266 }
267}
268
269BOOST_FIXTURE_TEST_CASE(CreateZone2, ManagementToolFixture)
270{
271 //create normal zone
272 Name parentZoneName("/ndns-test");
273 parentZoneName.appendVersion();
274 Name zoneName = parentZoneName;
275 zoneName.append("child-zone");
276
277
278 m_tool.createZone(zoneName, parentZoneName);
279
280 BOOST_CHECK_EQUAL(m_keyChain.doesIdentityExist(zoneName), true);
281
282 std::vector<Name> keyList;
283 getKeyList(zoneName, keyList);
284 BOOST_CHECK_EQUAL(keyList.size(), 2);
285
286 std::vector<Name> certList;
287 getCertList(zoneName, certList);
288 BOOST_CHECK_EQUAL(certList.size(), 2);
289
290 Name dskName;
291 Name kskName;
292 for (std::vector<Name>::iterator it = certList.begin();
293 it != certList.end();
294 it++) {
295 std::string temp = (*it).toUri();
296 size_t found = temp.find("dsk");
297 if (found != std::string::npos) {
298 dskName = *it;
299 }
300 else {
301 kskName = *it;
302 }
303 }
304
305 Zone zone(zoneName);
306 BOOST_CHECK_EQUAL(m_dbMgr.find(zone), true);
307 BOOST_CHECK_EQUAL(checkIdCert(zone, dskName), true);
308
309 m_tool.deleteZone(zoneName);
310}
311
312BOOST_FIXTURE_TEST_CASE(CreateZone3, ManagementToolFixture)
313{
314 //create normal zone with TTL
315 Name parentZoneName("/ndns-test");
316 parentZoneName.appendVersion();
317 Name zoneName = parentZoneName;
318 zoneName.append("child-zone");
319
320 time::seconds ttl = time::seconds(4200);
321 m_tool.createZone(zoneName, parentZoneName, ttl, ttl);
322
323 BOOST_CHECK_EQUAL(m_keyChain.doesIdentityExist(zoneName), true);
324
325 std::vector<Name> keyList;
326 getKeyList(zoneName, keyList);
327 BOOST_CHECK_EQUAL(keyList.size(), 2);
328
329 std::vector<Name> certList;
330 getCertList(zoneName, certList);
331 BOOST_CHECK_EQUAL(certList.size(), 2);
332
333 Name dskName;
334 for (std::vector<Name>::iterator it = certList.begin();
335 it != certList.end();
336 it++) {
337 std::string temp = (*it).toUri();
338 size_t found = temp.find("dsk");
339 if (found != std::string::npos) {
340 dskName = *it;
341 }
342 }
343
344 //check zone ttl
345 Zone zone(zoneName);
346 BOOST_CHECK_EQUAL(m_dbMgr.find(zone), true);
347 BOOST_CHECK_EQUAL(zone.getTtl(), ttl);
348
349 //check dsk rrset ttl
350 Rrset rrset(&zone);
351 size_t size = zone.getName().size();
352 Name label = dskName.getSubName(size+1, dskName.size()-size-3);
353 rrset.setLabel(label);
354 rrset.setType(label::CERT_RR_TYPE);
355 BOOST_CHECK_EQUAL(m_dbMgr.find(rrset), true);
356 BOOST_CHECK_EQUAL(rrset.getTtl(), ttl);
357
358 //check certificate ttl
359 shared_ptr<IdentityCertificate> dskCert = m_keyChain.getCertificate(dskName);
360 time::system_clock::Duration tmp = dskCert->getNotAfter() - dskCert->getNotBefore();
361 BOOST_CHECK_EQUAL(ttl, tmp);
362
363 m_tool.deleteZone(zoneName);
364}
365
366BOOST_FIXTURE_TEST_CASE(CreateZone4, ManagementToolFixture)
367{
368 //check pre-condition
369 Name zoneName("/net/ndnsim");
370 Name parentZoneName("/net");
371
372 Zone zone(zoneName);
373 m_dbMgr.insert(zone);
374 BOOST_CHECK_THROW(m_tool.createZone(zoneName, parentZoneName), ndns::ManagementTool::Error);
375 m_dbMgr.remove(zone);
376
377 time::seconds ttl = time::seconds(4200);
378 BOOST_CHECK_THROW(m_tool.createZone(zoneName, zoneName), ndns::ManagementTool::Error);
379
380 Name fake1("/com");
381 BOOST_CHECK_THROW(m_tool.createZone(zoneName, fake1), ndns::ManagementTool::Error);
382
383 Name fake2("/com/ndnsim");
384 BOOST_CHECK_THROW(m_tool.createZone(zoneName, parentZoneName, ttl, ttl, fake2),
385 ndns::ManagementTool::Error);
386 Name cert2 = m_keyChain.createIdentity(fake2);
387 BOOST_CHECK_THROW(m_tool.createZone(zoneName, parentZoneName, ttl, ttl, cert2),
388 ndns::ManagementTool::Error);
389 m_keyChain.deleteIdentity(fake2);
390
391 Name fake3("/net/ndnsim/www");
392 Name cert3 = m_keyChain.createIdentity(fake3);
393 BOOST_CHECK_THROW(m_tool.createZone(zoneName, parentZoneName, ttl, ttl, cert3),
394 ndns::ManagementTool::Error);
395 m_keyChain.deleteIdentity(fake3);
396
397 Name cert4 = m_keyChain.createIdentity(zoneName);
398 shared_ptr<IdentityCertificate> cert = m_keyChain.getCertificate(cert4);
399 //delete keys in tpm
400 m_keyChain.deleteKeyPairInTpm(cert->getPublicKeyName());
401 BOOST_CHECK_THROW(m_tool.createZone(zoneName, parentZoneName, ttl, ttl, cert4),
402 ndns::ManagementTool::Error);
403 m_keyChain.deleteIdentity(zoneName);
404
405 //for root zone special case
406 BOOST_CHECK_THROW(m_tool.createZone(ROOT_ZONE, ROOT_ZONE), ndns::ManagementTool::Error);
407}
408
409BOOST_FIXTURE_TEST_CASE(DeleteZone1, ManagementToolFixture)
410{
411 Name zoneName("/ndns-test");
412 zoneName.appendVersion();
413
414 m_tool.createZone(zoneName, ROOT_ZONE);
415
416 std::vector<Name> keyList;
417 getKeyList(zoneName, keyList);
418 std::vector<Name> certList;
419 getCertList(zoneName, certList);
420
421 m_tool.deleteZone(zoneName);
422
423 BOOST_CHECK_EQUAL(m_keyChain.doesIdentityExist(zoneName), false);
424
425 for (std::vector<Name>::iterator it = keyList.begin(); it != keyList.end(); it++) {
426 BOOST_CHECK_EQUAL(m_keyChain.doesKeyExistInTpm(*it, KEY_CLASS_PUBLIC), false);
427 BOOST_CHECK_EQUAL(m_keyChain.doesKeyExistInTpm(*it, KEY_CLASS_PRIVATE), false);
428 }
429
430 Name dskName;
431 for (std::vector<Name>::iterator it = certList.begin();
432 it != certList.end();
433 it++) {
434 BOOST_CHECK_EQUAL(m_keyChain.doesCertificateExist(*it), false);
435 std::string temp = (*it).toUri();
436 size_t found = temp.find("dsk");
437 if (found != std::string::npos) {
438 dskName = *it;
439 }
440 }
441
442 Zone zone(zoneName);
443 BOOST_CHECK_EQUAL(m_dbMgr.find(zone), false);
444 BOOST_CHECK_EQUAL(checkIdCert(zone, dskName), false);
445}
446
447BOOST_FIXTURE_TEST_CASE(DeleteZone2, ManagementToolFixture)
448{
449 Name zoneName("/net/ndnsim");
450
451 BOOST_CHECK_THROW(m_tool.deleteZone(zoneName), ndns::ManagementTool::Error);
452}
453
454class OutputTester
455{
456public:
457 OutputTester()
458 : savedBuf(std::clog.rdbuf())
459 {
460 std::cout.rdbuf(buffer.rdbuf());
461 }
462
463 ~OutputTester()
464 {
465 std::cout.rdbuf(savedBuf);
466 }
467
468public:
469 std::stringstream buffer;
470 std::streambuf* savedBuf;
471};
472
473BOOST_FIXTURE_TEST_CASE(ExportCertificate, ManagementToolFixture)
474{
475 Name zoneName("/ndns-test");
476 zoneName.appendVersion();
477 std::string output = TEST_CERTDIR.string() + "/ss.cert";
478
479 /// @todo Do not generate anything in root zone. Use some prefix for testing, e.g. /test
480
481 //check precondition
482 Name certName("/net/KEY/ksk-123/ID-CERT/123");
483 BOOST_CHECK_THROW(m_tool.exportCertificate(certName, output), ndns::ManagementTool::Error);
484
485 //get certificate from KeyChain
486 m_tool.createZone(zoneName, ROOT_ZONE);
487 std::vector<Name> certList;
488 getCertList(zoneName, certList);
489 Name kskCertName;
490 Name dskCertName;
491 for (const auto& cert : certList) {
492 std::string temp = cert.toUri();
493 size_t found = temp.find("ksk");
494 if (found != std::string::npos) {
495 kskCertName = cert;
496 }
497 else {
498 dskCertName = cert;
499 }
500 }
501 m_tool.exportCertificate(kskCertName, output);
502 BOOST_CHECK_EQUAL(boost::filesystem::exists(output), true);
503
504 //get certificate from ndns database
505 boost::filesystem::remove(output);
506 m_keyChain.deleteCertificate(dskCertName);
507 m_tool.exportCertificate(dskCertName, output);
508 BOOST_CHECK_EQUAL(boost::filesystem::exists(output), true);
509
510 //output to std::cout
511 std::string acutalOutput;
512 {
513 OutputTester tester;
514 m_tool.exportCertificate(dskCertName, "-");
515 acutalOutput = tester.buffer.str();
516 }
517 // BOOST_CHECK_EQUAL(acutalOutput,
518 // "Bv0DDAdCCAluZG5zLXRlc3QICf0AAAFJ6RF8OggDS0VZCBFkc2stMTQxNjk1NDQ3\n"
519 // "NzcxNQgHSUQtQ0VSVAgJ/QAAAUnpEXzcFAMYAQIV/QF7MIIBdzAiGA8yMDE0MTEy\n"
520 // "NTIyMjc1N1oYDzIwMTUxMTI1MjIyNzU3WjAtMCsGA1UEKRMkL25kbnMtdGVzdC8l\n"
521 // "RkQlMDAlMDAlMDFJJUU5JTExJTdDJTNBMIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0A\n"
522 // "MIIBCAKCAQEAvRAQ0iLGmoUCNFQjtD6ClA6BzmtViWywDRU7eDXHHqz1BmXNGS28\n"
523 // "dmVbk6C8ZiQxVh5IoN2psxU1avC2lLM7HXHnyUtmfu9/zkxdBSFq8B+8FchFpPWe\n"
524 // "9M/TSFmEemcFLdMgYEJOurF3osASZ70/kJJ7f1yiFRm1dtO2pl5eVUuiZPcgVwMU\n"
525 // "nCUDT/wZ6l2LDr4K7wo6p5F8PYiIddS6zT38gZsRNwCeR5JDwCPY3u5x21aVSSY7\n"
526 // "8PS/wdSG0vmjI/kQEWhjaV7ibyTc6ygrbq5RiLD+18CkEF+ECLKjvLnyIO8DkbbM\n"
527 // "iMVyc6QSiKnq7bLCyqbBVpZqNpBjdMvDuQIBERY+GwEBHDkHNwgDS0VZCAluZG5z\n"
528 // "LXRlc3QICf0AAAFJ6RF8OggRa3NrLTE0MTY5NTQ0Nzc2MjcIB0lELUNFUlQX/QEA\n"
529 // "BKchd4m2kpI7N376Z8yRAKA3epcUlGI5E1Xs7pKTFwA16ZQ+dTThBQSzzVaJcOC2\n"
530 // "UIc2WVRG5wCxcCLou4bxnbuPaQORyeRnmoodTPoIYsDrWVPxeVY1xJSKCbGoY8dh\n"
531 // "BuXmo9nl4X2wk/gZx6//afATgzQCliQK/J9PwigqirJqH6aD+3Ji209FbP57tv0g\n"
532 // "aL0Dy5IA6LrJI1Dxq0MXCRv3bNtdGNQZT0AfHIgCrhPe6MMLGn+C9UTDP2nzMqbX\n"
533 // "4MaAdshgUFj0mI2iPL3Bep9pYI6zxbU3hJ25UQegjJdC3qoFjz2sp/D6J8wAlCPX\n"
534 // "gGH3iewd94xFpPcdrhxtHQ==\n");
535
536 m_tool.deleteZone(zoneName);
537}
538
539BOOST_FIXTURE_TEST_CASE(AddRrSet1, ManagementToolFixture)
540{
541 // check pre-condition
542 BOOST_CHECK_THROW(m_tool.addRrSet(ROOT_ZONE, ROOT_ZONE, label::NS_RR_TYPE, NDNS_RESP),
543 ndns::ManagementTool::Error);
544
545 Name zoneName("/ndns-test");
546 zoneName.appendVersion();
547 Zone zone(zoneName);
548 m_dbMgr.insert(zone);
549
550 BOOST_CHECK_THROW(m_tool.addRrSet(ROOT_ZONE, ROOT_ZONE, label::NS_RR_TYPE, NDNS_UNKNOWN),
551 ndns::ManagementTool::Error);
552 BOOST_CHECK_THROW(m_tool.addRrSet(zoneName, zoneName, label::CERT_RR_TYPE, NDNS_RAW),
553 ndns::ManagementTool::Error);
554 BOOST_CHECK_THROW(m_tool.addRrSet(ROOT_ZONE, ROOT_ZONE, label::NS_RR_TYPE, NDNS_RAW),
555 ndns::ManagementTool::Error);
556 BOOST_CHECK_THROW(m_tool.addRrSet(ROOT_ZONE, ROOT_ZONE, label::TXT_RR_TYPE, NDNS_RAW),
557 ndns::ManagementTool::Error);
558
559 m_dbMgr.remove(zone);
560}
561
562BOOST_FIXTURE_TEST_CASE(AddRrSet2, ManagementToolFixture)
563{
564 Name zoneName("/ndns-test");
565 zoneName.appendVersion();
566 Zone zone(zoneName);
567 uint64_t version = 1234;
568 time::seconds ttl1(4200);
569 time::seconds ttl2(4500);
570 m_tool.createZone(zoneName, ROOT_ZONE, ttl1);
571
572 //add NS NDNS_AUTH and check user-defined ttl
573 Name label1("/net/ndnsim1");
574 BOOST_CHECK_NO_THROW(m_tool.addRrSet(zoneName, label1, label::NS_RR_TYPE, NDNS_AUTH, version,
575 {}, DEFAULT_CERT, ttl2));
576 BOOST_CHECK_EQUAL(checkNs(zone, label1, NDNS_AUTH), true);
577 BOOST_CHECK_EQUAL(checkVersion(zone, label1, label::NS_RR_TYPE, version), true);
578 BOOST_CHECK_EQUAL(checkTtl(zone, label1, label::NS_RR_TYPE, ttl2), true);
579
580 //add NS NDNS_RESP and check default ttl
581 Name label2("/net/ndnsim2");
582 BOOST_CHECK_NO_THROW(m_tool.addRrSet(zoneName, label2, label::NS_RR_TYPE, NDNS_RESP, version));
583 BOOST_CHECK_EQUAL(checkNs(zone, label2, NDNS_RESP), true);
584 BOOST_CHECK_EQUAL(checkVersion(zone, label2, label::NS_RR_TYPE, version), true);
585 BOOST_CHECK_EQUAL(checkTtl(zone, label2, label::NS_RR_TYPE, ttl1), true);
586
587 //add TXT NDNS_RESP and check rr
588 std::string test = "oops";
589 BOOST_CHECK_NO_THROW(m_tool.addRrSet(zoneName, label2, label::TXT_RR_TYPE, NDNS_RESP, version,
590 {test}));
591 Rrset rrset1(&zone);
592 rrset1.setLabel(label2);
593 rrset1.setType(label::TXT_RR_TYPE);
594 BOOST_CHECK_EQUAL(m_dbMgr.find(rrset1), true);
595
596 Data data1(rrset1.getData());
597 Response re1;
598 Name hint1;
599 BOOST_CHECK_EQUAL(re1.fromData(hint1, zoneName, data1), true);
600 const Block &block = re1.getRrs().front();
601 std::string someString(reinterpret_cast<const char*>(block.value()), block.value_size());
602 BOOST_CHECK_EQUAL(test, someString);
603
604 //add user defined type
605 Name label3("/net/ndnsim3");
606 name::Component type("A");
607 std::string content = "10.10.0.1";
608 m_tool.addRrSet(zoneName, label3, type, NDNS_RAW, version, {content});
609 BOOST_CHECK_EQUAL(checkVersion(zone, label3, type, version), true);
610
611 Rrset rrset2(&zone);
612 rrset2.setLabel(label3);
613 rrset2.setType(type);
614 BOOST_CHECK_EQUAL(m_dbMgr.find(rrset2), true);
615
616 Data data2(rrset2.getData());
617 Response re2;
618 Name hint2;
619 BOOST_CHECK_EQUAL(re2.fromData(hint2, zoneName, data2), true);
620 Block tmp = ndn::dataBlock(ndn::tlv::Content, content.c_str(), content.length());
621 tmp.encode();
622 BOOST_REQUIRE(tmp == re2.getAppContent());
623
624 m_tool.deleteZone(zoneName);
625}
626
627BOOST_FIXTURE_TEST_CASE(AddRrSet3, ManagementToolFixture)
628{
629 // check pre-condition
630 Name zoneName("/ndns-test");
631 zoneName.appendVersion();
632 std::string certPath = TEST_CERTDIR.string();
633 BOOST_CHECK_THROW(m_tool.addRrSet(zoneName, certPath), ndns::ManagementTool::Error);
634
635 m_tool.createZone(zoneName, ROOT_ZONE);
636 BOOST_CHECK_THROW(m_tool.addRrSet(zoneName, certPath), ndns::ManagementTool::Error);
637 m_tool.deleteZone(zoneName);
638}
639
640BOOST_FIXTURE_TEST_CASE(AddRrSet4, ManagementToolFixture)
641{
642 Name parentZoneName("/ndns-test");
643 parentZoneName.appendVersion();
644 Name zoneName = parentZoneName;
645 zoneName.append("/child-zone");
646 Zone zone(parentZoneName);
647 time::seconds ttl1(4200);
648 time::seconds ttl2(4500);
649 m_tool.createZone(zoneName, parentZoneName);
650 m_tool.createZone(parentZoneName, ROOT_ZONE, ttl1);
651
652 //add KSK ID-CERT
653 std::string output = TEST_CERTDIR.string() + "/ss.cert";
654 std::vector<Name> certList;
655 getCertList(zoneName, certList);
656 Name kskCertName;
657 for (std::vector<Name>::iterator it = certList.begin();
658 it != certList.end();
659 it++) {
660 std::string temp = (*it).toUri();
661 size_t found = temp.find("ksk");
662 if (found != std::string::npos) {
663 kskCertName = *it;
664 break;
665 }
666 }
667 m_tool.exportCertificate(kskCertName, output);
668
669 BOOST_CHECK_NO_THROW(m_tool.addRrSet(parentZoneName, output, ttl2));
670 BOOST_CHECK_EQUAL(checkIdCert(zone, kskCertName), true);
671
672 //add data
673 Response re;
674 re.setZone(parentZoneName);
675 re.setQueryType(label::NDNS_ITERATIVE_QUERY);
676 re.setRrLabel(zoneName);
677 re.setRrType(label::NS_RR_TYPE);
678 re.setNdnsType(NDNS_RESP);
679 shared_ptr<Data> data1 = re.toData();
680 m_keyChain.sign(*data1, kskCertName);
681 ndn::io::save(*data1, output);
682
683 //check user-defined ttl and default ttl
684 BOOST_CHECK_NO_THROW(m_tool.addRrSet(parentZoneName, output));
685 BOOST_CHECK_EQUAL(checkTtl(zone, zoneName, label::NS_RR_TYPE, ttl1), true);
686 m_tool.removeRrSet(parentZoneName, zoneName, label::NS_RR_TYPE);
687 BOOST_CHECK_NO_THROW(m_tool.addRrSet(parentZoneName, output, ttl2));
688 BOOST_CHECK_EQUAL(checkTtl(zone, zoneName, label::NS_RR_TYPE, ttl2), true);
689
690 Rrset rrset(&zone);
691 rrset.setLabel(zoneName);
692 rrset.setType(label::NS_RR_TYPE);
693 BOOST_CHECK_EQUAL(m_dbMgr.find(rrset), true);
694
695 Data data2(rrset.getData());
696 BOOST_REQUIRE(*data1 == data2);
697
698 //add KSK ID-CERT with illegal name and convert it
699 Name iZoneName = parentZoneName;
700 iZoneName.append("illegal");
701 Name illegalCertName = m_keyChain.createIdentity(iZoneName);
702 m_tool.exportCertificate(illegalCertName, output);
703 BOOST_CHECK_NO_THROW(m_tool.addRrSet(parentZoneName, output, ttl2));
704
705 Name legalCertName = parentZoneName;
706 legalCertName.append("KEY");
707 legalCertName.append("illegal");
708 legalCertName.append(illegalCertName.getSubName(4));
709 BOOST_CHECK_EQUAL(checkIdCert(zone, legalCertName), true);
710 m_keyChain.deleteIdentity(iZoneName);
711
712 m_tool.deleteZone(zoneName);
713 m_tool.deleteZone(parentZoneName);
714}
715
716BOOST_FIXTURE_TEST_CASE(AddRrSet5, ManagementToolFixture)
717{
718 //check using user provided certificate
719 Name parentZoneName("/ndns-test");
720 parentZoneName.appendVersion();
721 Name zoneName = parentZoneName;
722 zoneName.append("child-zone");
723
724 Name dskName = m_keyChain.generateRsaKeyPair(parentZoneName, false);
725 shared_ptr<IdentityCertificate> dskCert = m_keyChain.selfSign(dskName);
726 m_keyChain.addCertificateAsKeyDefault(*dskCert);
727
728 //check addRrSet1
729 m_tool.createZone(zoneName, parentZoneName);
730 m_tool.createZone(parentZoneName, ROOT_ZONE);
731
732 //add KSK ID-CERT
733 std::string output = TEST_CERTDIR.string() + "/ss.cert";
734 std::vector<Name> certList;
735 getCertList(zoneName, certList);
736 Name kskCertName;
737 for (std::vector<Name>::iterator it = certList.begin();
738 it != certList.end();
739 it++) {
740 std::string temp = (*it).toUri();
741 size_t found = temp.find("ksk");
742 if (found != std::string::npos) {
743 kskCertName = *it;
744 break;
745 }
746 }
747 m_tool.exportCertificate(kskCertName, output);
748
749 BOOST_CHECK_NO_THROW(m_tool.addRrSet(parentZoneName, output, time::seconds(4600),
750 dskCert->getName()));
751
752 //check addRrSet2
753 Name label1("/net/ndnsim1");
754 BOOST_CHECK_NO_THROW(m_tool.addRrSet(parentZoneName, label1, label::NS_RR_TYPE, NDNS_AUTH, -1, {},
755 dskCert->getName()));
756
757 m_tool.deleteZone(zoneName);
758 m_tool.deleteZone(parentZoneName);
759}
760
761BOOST_FIXTURE_TEST_CASE(ListZone, ManagementToolFixture)
762{
763 Name zoneName("/ndns-test/mgmt/123456789");
764
765 m_tool.createZone(zoneName, ROOT_ZONE);
766 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(zoneName);
767 shared_ptr<IdentityCertificate> cert = m_keyChain.getCertificate(certName);
768
769 //add NS with NDNS_RESP
770 Name label2("/ndnsim");
771 uint64_t version = 1234;
772 m_tool.addRrSet(zoneName, label2, label::NS_RR_TYPE, NDNS_RESP, version);
773
774 //add NS with NDNS_AUTH
775 Name label3("/ndnsim/oops");
776 m_tool.addRrSet(zoneName, label3, label::NS_RR_TYPE, NDNS_AUTH, version);
777
778 //add TXT
779 std::string output = TEST_CERTDIR.string() + "/a.rrset";
780 Response re1;
781 re1.setZone(zoneName);
782 re1.setQueryType(label::NDNS_ITERATIVE_QUERY);
783 re1.setRrLabel(label2);
784 re1.setRrType(label::TXT_RR_TYPE);
785 re1.setNdnsType(NDNS_RESP);
786 re1.setVersion(name::Component::fromVersion(version));
787 re1.addRr("First RR");
788 re1.addRr("Second RR");
789 re1.addRr("Last RR");
790 shared_ptr<Data> data1= re1.toData();
791 m_keyChain.sign(*data1, certName);
792 ndn::io::save(*data1, output);
793 m_tool.addRrSet(zoneName, output);
794
795 //add User-Defined
796 name::Component type("A");
797 Response re2;
798 re2.setZone(zoneName);
799 re2.setQueryType(label::NDNS_ITERATIVE_QUERY);
800 re2.setRrLabel(label2);
801 re2.setRrType(type);
802 re2.setNdnsType(NDNS_RESP);
803 re2.setVersion(name::Component::fromVersion(version));
804 re2.addRr("First RR");
805 re2.addRr("Second RR");
806 re2.addRr("Last RR");
807 shared_ptr<Data> data2= re2.toData();
808 m_keyChain.sign(*data2, certName);
809 ndn::io::save(*data2, output);
810 m_tool.addRrSet(zoneName, output);
811
812 output_test_stream testOutput;
813 m_tool.listZone(zoneName, testOutput, true);
814
815 /// @todo check the output
816
817 // BOOST_CHECK(testOutput.
818 // is_equal(
819 // "; Zone /ndns-test/mgmt/123456789\n"
820 // "\n"
821 // "; rrset=/ndnsim type=A version=%FD%04%D2 signed-by=*\n"
822 // "/ndnsim 3600 A vwhGaXJzdCBSUg==\n"
823 // "/ndnsim 3600 A vwlTZWNvbmQgUlI=\n"
824 // "/ndnsim 3600 A vwdMYXN0IFJS\n"
825 // "\n"
826 // "; rrset=/ndnsim type=NS version=%FD%04%D2 signed-by=*\n"
827 // "/ndnsim 3600 NS\n"
828 // "\n"
829 // "; rrset=/ndnsim type=TXT version=%FD%04%D2 signed-by=*\n"
830 // "/ndnsim 3600 TXT First RR\n"
831 // "/ndnsim 3600 TXT Second RR\n"
832 // "/ndnsim 3600 TXT Last RR\n"
833 // ""
834 // "/ndnsim/oops 3600 NS ; content-type=NDNS-Auth version=* signed-by=*\n"
835 // "/dsk-1416888156106 3600 ID-CERT ; content-type=NDNS-Raw version=* signed-by=*\n"
836 // "; Ff0BcjCCAW4wIhgPMjAxNDExMjUwNDAyMzVaGA8yMDE1MTEyNTA0MDIzNVowIjAg\n"
837 // "; BgNVBCkTGS9uZG5zLXRlc3QvbWdtdC8xMjM0NTY3ODkwggEiMA0GCSqGSIb3DQEB\n"
838 // "; AQUAA4IBDwAwggEKAoIBAQD8Lsd/kKdcdXTKEhcJpy7M0cnZgpZ3lpQX2Nz8InXN\n"
839 // "; BkF3b6TsuMSokmDQ78xXNTx0jGUM1g47kQNsk2WTjYgDZUOfpBWz5PZcaO35dUz8\n"
840 // "; wNGc1lED9A/PbFB4t5NPbZsrThCPw+IvzTYN6A/Dxg9h69zLEEsLWD2PzCkyHQ+F\n"
841 // "; JjRgzhJPsrl1CoVFSP/bu70xMJVqOwj3GMej6mm0gXXmMv4aEI22jot7+fO07jIy\n"
842 // "; WUl0fhY33Cgo50YvDeeRsdo+At29OMN8Dd/s2z/6olH0P7IK1/cn++DWcO5zMd1x\n"
843 // "; zWm+6IoZA6mV1J2O5U0AkbllRVZ+vZPI/lWGzCtXK6jfAgMBAAE=\n"
844 // ));
845
846 m_tool.deleteZone(zoneName);
847}
848
849BOOST_FIXTURE_TEST_CASE(ListAllZones, ManagementToolFixture)
850{
851 Name zoneName1("/ndns-test1/mgmt/123456789");
852 m_tool.createZone(zoneName1, ROOT_ZONE);
853
854 Name zoneName2("/ndns-test2/mgmt/123456789");
855 m_tool.createZone(zoneName2, ROOT_ZONE);
856
857 Name zoneName3("/ndns-test3/mgmt/123456789");
858 m_tool.createZone(zoneName3, ROOT_ZONE);
859
860 //TODO Check the output
861 // a sample output is like this
862 // /ndns-test1/mgmt/123456789 ; default-ttl=* default-key=* default-certificate=*
863 // /ndns-test2/mgmt/123456789 ; default-ttl=* default-key=* default-certificate=*
864 // /ndns-test3/mgmt/123456789 ; default-ttl=* default-key=* default-certificate=*
865 output_test_stream testOutput;
866 m_tool.listAllZones(testOutput);
867
868 m_tool.deleteZone(zoneName1);
869 m_tool.deleteZone(zoneName2);
870 m_tool.deleteZone(zoneName3);
871}
872
873BOOST_FIXTURE_TEST_CASE(GetRrSet, ManagementToolFixture)
874{
875 Name zoneName("/ndns-test");
876 zoneName.appendVersion();
877 m_tool.createZone(zoneName, ROOT_ZONE);
878
879 Name label("/net/ndnsim2");
880
881 m_tool.addRrSet(zoneName, label, label::NS_RR_TYPE, NDNS_RESP);
882
883 // a sample output is like this
884// Bv0Bjgc5CAluZG5zLXRlc3QICf0AAAFJ5Sn8HwgETkROUwgDbmV0CAduZG5zaW0y
885// CAJOUwgJ/QAAAUnlKgXYFAkZBAA27oC0AQEVAr8AFj4bAQEcOQc3CAluZG5zLXRl
886// c3QICf0AAAFJ5Sn8HwgDS0VZCBFkc2stMTQxNjg4ODk3NTY0NAgHSUQtQ0VSVBf9
887// AQBj8QOr3vPo1wzuTAwwdF6UEfHmHYxkMor5bw/5Lc6Wpt6SkTb7Ku92/MHedtRD
888// 2UsIhQV+JR7jUGzLVLUuktmrBTT7G9tSioTOVpbtJ7EEYYhcDCV0h1Kefz01AS1O
889// bUuZbxAWboZCzW6OluTq9Db2c2xEmzE8EzmMQ5zflIL7vQxEigH1kBsvGoMZThOb
890// aKrfcACfKU3kZQBzyPVbur5PER3dgBjVcdu5aIEXhO3Nf7b22OrPSP8AztZGvkz0
891// 5TSBf7wwxtB6V/aMlDPaKFPgI2mXan729e1JGYZ0OmKhvuPnhT9ApOh9UNSJuhO8
892// puPJKCOSQHspQHOhnEy9Ee9U
893 output_test_stream testOutput;
894 m_tool.getRrSet(zoneName, label, label::NS_RR_TYPE, testOutput);
895
896 m_tool.deleteZone(zoneName);
897}
898
899BOOST_FIXTURE_TEST_CASE(RemoveRrSet, ManagementToolFixture)
900{
901 Name zoneName("/ndns-test");
902 zoneName.appendVersion();
903 m_tool.createZone(zoneName, ROOT_ZONE);
904 Name label2("/net/ndnsim2");
905 m_tool.addRrSet(zoneName, label2, label::NS_RR_TYPE, NDNS_RESP);
906
907 m_tool.removeRrSet(zoneName, label2, label::NS_RR_TYPE);
908 Zone zone(zoneName);
909 BOOST_CHECK_EQUAL(checkNs(zone, label2, NDNS_RESP), false);
910
911 m_tool.deleteZone(zoneName);
912}
913
914BOOST_FIXTURE_TEST_CASE(DataValidation, ManagementToolFixture)
915{
916 Name subZoneName1 = FAKE_ROOT;
917 subZoneName1.append("net");
918 Name subZoneName2 = subZoneName1;
919 subZoneName2.append("ndnsim");
920
921 // create fake-root zone
922 m_tool.createZone(FAKE_ROOT, ROOT_ZONE);
923
924 // create subZone1 by creating zone, delegating it to ROOT zone
925 m_tool.createZone(subZoneName1, FAKE_ROOT);
926
927 std::string output1 = TEST_CERTDIR.string() + "/ss1.cert";
928 std::vector<Name> certList1;
929 getCertList(subZoneName1, certList1);
930 Name kskCertName1;
931 for (std::vector<Name>::iterator it = certList1.begin();
932 it != certList1.end();
933 it++) {
934 std::string temp = (*it).toUri();
935 size_t found = temp.find("ksk");
936 if (found != std::string::npos) {
937 kskCertName1 = *it;
938 break;
939 }
940 }
941 m_tool.exportCertificate(kskCertName1, output1);
942 m_tool.addRrSet(FAKE_ROOT, output1, time::seconds(4600));
943
944 // create subZone2 by creating zone, delegating it to subZone1
945 m_tool.createZone(subZoneName2, subZoneName1);
946
947 std::string output2 = TEST_CERTDIR.string() + "/ss2.cert";
948 std::vector<Name> certList2;
949 getCertList(subZoneName2, certList2);
950 Name kskCertName2;
951 for (std::vector<Name>::iterator it = certList2.begin();
952 it != certList2.end();
953 it++) {
954 std::string temp = (*it).toUri();
955 size_t found = temp.find("ksk");
956 if (found != std::string::npos) {
957 kskCertName2 = *it;
958 break;
959 }
960 }
961 m_tool.exportCertificate(kskCertName2, output2);
962 m_tool.addRrSet(subZoneName1, output2, time::seconds(4600));
963
964 //simulate the trust chain
965 Data data("test");
966 Name certName = m_keyChain.getDefaultCertificateNameForIdentity(subZoneName2);
967 m_keyChain.sign(data, certName);
968
969 //details of the verification please see the getPublicKeyOfData() function
970 PublicKey pk = getPublicKeyOfData(data);
971 BOOST_CHECK_EQUAL(Validator::verifySignature(data, pk), true);
972
973 m_tool.deleteZone(subZoneName2);
974 m_tool.deleteZone(subZoneName1);
975 m_tool.deleteZone(FAKE_ROOT);
976}
977
978BOOST_AUTO_TEST_SUITE_END()
979
980} // namespace tests
981} // namespace ndns
982} // namespace ndn