SunnyQjm
/
ndn-cxx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

security: ValidatorConfig rule evaluates all checkers 

Also fix bug when target cert is not in anchors and cert cache is empty

Refs #3645

Change-Id: Ifb39e474c74611897ea28a1b8f26ed70750a1990
pull/6/head
Zhiyi Zhang 9 years ago
parent
cf9c6bb8d7
commit
044bb7e9e5
8 changed files with 468 additions and 618 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      AUTHORS.md
  2. 5
      docs/tutorials/security-validator-config.rst
  3. 433
      src/security/conf/checker.hpp
  4. 32
      src/security/conf/rule.hpp
  5. 15
      src/security/validator-config.cpp
  6. 35
      src/security/validator-config.hpp
  7. 227
      tests/unit-tests/security/conf/checker.t.cpp
  8. 338
      tests/unit-tests/security/validator-config.t.cpp

1
AUTHORS.md
Unescape View File

@ -39,3 +39,4 @@ in the library:
* Marcin Juszkiewicz <http://marcin.juszkiewicz.com.pl/>
* Susmit Shannigrahi <https://www.linkedin.com/in/susmit-shannigrahi-90433b8>
* José Quevedo <http://atnog.av.it.pt/members/jquevedo>
* Zhiyi Zhang <zhangzhiyi1919@cs.ucla.edu>

5
docs/tutorials/security-validator-config.rst
Unescape View File

@ -97,8 +97,9 @@ can be checked by a rule only if the packet satisfies all the filters.
**ATTENTION: A packet that satisfies all the filters may not be valid**.
The property **checker** defines the conditions that a matched packet must fulfill to be
treated as a valid packet. A rule must have at least one **checker** property, a packet is
treated as invalid if it cannot pass none of the checkers.
treated as a valid packet. A rule must have at least one **checker** property. A packet is
treated as valid if it can pass at least one of the checkers and as invalid when it cannot
pass any checkers.
**filter** and **checker** have their own properties. Next, we will introduce them
separately.

433
src/security/conf/checker.hpp
Unescape View File

@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
* Copyright (c) 2013-2015 Regents of the University of California.
* Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@ -63,31 +63,23 @@ public:
* @brief check if data satisfies condition defined in the specific checker implementation
*
* @param data Data packet
* @param onValidated Callback function which is called when data is immediately valid
* @param onValidationFailed Call function which is called when data is immediately invalid
* @return -1 if data is immediately invalid (onValidationFailed has been called)
* 1 if data is immediately valid (onValidated has been called)
* 0 if further signature verification is needed.
* @retval -1 if data is immediately invalid
* @retval 1 if data is immediately valid
* @retval 0 if further signature verification is needed.
*/
virtual int8_t
check(const Data& data,
const OnDataChecked& onValidated,
const OnDataCheckFailed& onValidationFailed) = 0;
check(const Data& data) = 0;
/**
* @brief check if interest satisfies condition defined in the specific checker implementation
*
* @param interest Interest packet
* @param onValidated Callback function which is called when interest is immediately valid
* @param onValidationFailed Call function which is called when interest is immediately invalid
* @return -1 if interest is immediately invalid (onValidationFailed has been called)
* 1 if interest is immediately valid (onValidated has been called)
* 0 if further signature verification is needed.
* @retval -1 if interest is immediately invalid
* @retval 1 if interest is immediately valid
* @retval 0 if further signature verification is needed.
*/
virtual int8_t
check(const Interest& interest,
const OnInterestChecked& onValidated,
const OnInterestCheckFailed& onValidationFailed) = 0;
check(const Interest& interest) = 0;
};
class CustomizedChecker : public Checker
@ -98,118 +90,89 @@ public:
: m_sigType(sigType)
, m_keyLocatorChecker(keyLocatorChecker)
{
switch (sigType)
{
switch (sigType) {
case tlv::SignatureSha256WithRsa:
case tlv::SignatureSha256WithEcdsa:
{
if (!static_cast<bool>(m_keyLocatorChecker))
BOOST_THROW_EXCEPTION(Error("Strong signature requires KeyLocatorChecker"));
return;
}
case tlv::SignatureSha256WithEcdsa: {
if (!static_cast<bool>(m_keyLocatorChecker))
BOOST_THROW_EXCEPTION(Error("Strong signature requires KeyLocatorChecker"));
return;
}
case tlv::DigestSha256:
return;
default:
BOOST_THROW_EXCEPTION(Error("Unsupported signature type"));
}
}
}
virtual int8_t
check(const Data& data,
const OnDataChecked& onValidated,
const OnDataCheckFailed& onValidationFailed)
check(const Data& data) override
{
return check(data, data.getSignature(), onValidated, onValidationFailed);
return check(data, data.getSignature());
}
virtual int8_t
check(const Interest& interest,
const OnInterestChecked& onValidated,
const OnInterestCheckFailed& onValidationFailed)
check(const Interest& interest) override
{
try
{
const Name& interestName = interest.getName();
Signature signature(interestName[Checker::INTEREST_SIG_INFO].blockFromValue(),
interestName[Checker::INTEREST_SIG_VALUE].blockFromValue());
return check(interest, signature, onValidated, onValidationFailed);
}
catch (Signature::Error& e)
{
onValidationFailed(interest.shared_from_this(), "Invalid signature");
return -1;
}
catch (tlv::Error& e)
{
onValidationFailed(interest.shared_from_this(), "Cannot decode signature related TLVs");
return -1;
}
try {
const Name& interestName = interest.getName();
Signature signature(interestName[Checker::INTEREST_SIG_INFO].blockFromValue(),
interestName[Checker::INTEREST_SIG_VALUE].blockFromValue());
return check(interest, signature);
}
catch (const Signature::Error& e) {
// Invalid signature
return -1;
}
catch (const tlv::Error& e) {
// Cannot decode signature related TLVs
return -1;
}
}
private:
template<class Packet, class OnValidated, class OnFailed>
template<class Packet>
int8_t
check(const Packet& packet, const Signature& signature,
const OnValidated& onValidated,
const OnFailed& onValidationFailed)
check(const Packet& packet, const Signature& signature)
{
if (m_sigType != signature.getType())
{
onValidationFailed(packet.shared_from_this(),
"Signature type does not match: " +
boost::lexical_cast<std::string>(m_sigType) +
"!=" +
boost::lexical_cast<std::string>(signature.getType()));
return -1;
}
if (m_sigType != signature.getType()) {
// Signature type does not match
return -1;
}
if (signature.getType() == tlv::DigestSha256)
return 0;
try
{
switch (signature.getType())
{
case tlv::SignatureSha256WithRsa:
case tlv::SignatureSha256WithEcdsa:
{
if (!signature.hasKeyLocator()) {
onValidationFailed(packet.shared_from_this(),
"Missing KeyLocator in SignatureInfo");
}
break;
}
default:
{
onValidationFailed(packet.shared_from_this(),
"Unsupported signature type: " +
boost::lexical_cast<std::string>(signature.getType()));
return -1;
}
try {
switch (signature.getType()) {
case tlv::SignatureSha256WithRsa:
case tlv::SignatureSha256WithEcdsa: {
if (!signature.hasKeyLocator()) {
// Missing KeyLocator in SignatureInfo
return -1;
}
break;
}
default: {
// Unsupported signature type
return -1;
}
}
catch (KeyLocator::Error& e)
{
onValidationFailed(packet.shared_from_this(),
"Cannot decode KeyLocator");
return -1;
}
catch (tlv::Error& e)
{
onValidationFailed(packet.shared_from_this(),
"Cannot decode signature");
return -1;
}
}
catch (const KeyLocator::Error& e) {
// Cannot decode KeyLocator
return -1;
}
catch (const tlv::Error& e) {
// Cannot decode signature
return -1;
}
std::string failInfo;
if (m_keyLocatorChecker->check(packet, signature.getKeyLocator(), failInfo))
return 0;
else
{
onValidationFailed(packet.shared_from_this(), failInfo);
return -1;
}
else {
return -1;
}
}
private:
@ -235,139 +198,104 @@ class FixedSignerChecker : public Checker
{
public:
FixedSignerChecker(uint32_t sigType,
const std::vector<shared_ptr<IdentityCertificate> >& signers)
const std::vector<shared_ptr<IdentityCertificate>>& signers)
: m_sigType(sigType)
{
for (std::vector<shared_ptr<IdentityCertificate> >::const_iterator it = signers.begin();
for (std::vector<shared_ptr<IdentityCertificate>>::const_iterator it = signers.begin();
it != signers.end(); it++)
m_signers[(*it)->getName().getPrefix(-1)] = (*it);
if (sigType != tlv::SignatureSha256WithRsa &&
sigType != tlv::SignatureSha256WithEcdsa)
{
BOOST_THROW_EXCEPTION(Error("FixedSigner is only meaningful for strong signature type"));
}
sigType != tlv::SignatureSha256WithEcdsa) {
BOOST_THROW_EXCEPTION(Error("FixedSigner is only meaningful for strong signature type"));
}
}
virtual int8_t
check(const Data& data,
const OnDataChecked& onValidated,
const OnDataCheckFailed& onValidationFailed)
check(const Data& data) override
{
return check(data, data.getSignature(), onValidated, onValidationFailed);
return check(data, data.getSignature());
}
virtual int8_t
check(const Interest& interest,
const OnInterestChecked& onValidated,
const OnInterestCheckFailed& onValidationFailed)
check(const Interest& interest) override
{
try
{
const Name& interestName = interest.getName();
Signature signature(interestName[Checker::INTEREST_SIG_INFO].blockFromValue(),
interestName[Checker::INTEREST_SIG_VALUE].blockFromValue());
return check(interest, signature, onValidated, onValidationFailed);
}
catch (Signature::Error& e)
{
onValidationFailed(interest.shared_from_this(), "Invalid signature");
return -1;
}
catch (tlv::Error& e)
{
onValidationFailed(interest.shared_from_this(), "Cannot decode signature related TLVs");
return -1;
}
try {
const Name& interestName = interest.getName();
Signature signature(interestName[Checker::INTEREST_SIG_INFO].blockFromValue(),
interestName[Checker::INTEREST_SIG_VALUE].blockFromValue());
return check(interest, signature);
}
catch (const Signature::Error& e) {
// Invalid signature
return -1;
}
catch (const tlv::Error& e) {
// Cannot decode signature related TLVs
return -1;
}
}
private:
template<class Packet, class OnValidated, class OnFailed>
template<class Packet>
int8_t
check(const Packet& packet, const Signature& signature,
const OnValidated& onValidated,
const OnFailed& onValidationFailed)
check(const Packet& packet, const Signature& signature)
{
if (m_sigType != signature.getType())
{
onValidationFailed(packet.shared_from_this(),
"Signature type does not match: " +
boost::lexical_cast<std::string>(m_sigType) +
"!=" +
boost::lexical_cast<std::string>(signature.getType()));
return -1;
}
if (signature.getType() == tlv::DigestSha256)
{
onValidationFailed(packet.shared_from_this(),
"FixedSigner does not allow Sha256 signature type");
return -1;
}
try
{
switch (signature.getType())
{
case tlv::SignatureSha256WithRsa:
case tlv::SignatureSha256WithEcdsa:
{
if (!signature.hasKeyLocator()) {
onValidationFailed(packet.shared_from_this(),
"Missing KeyLocator in SignatureInfo");
}
break;
}
default:
{
onValidationFailed(packet.shared_from_this(),
"Unsupported signature type: " +
boost::lexical_cast<std::string>(signature.getType()));
return -1;
}
}
const Name& keyLocatorName = signature.getKeyLocator().getName();
if (m_signers.find(keyLocatorName) == m_signers.end())
{
onValidationFailed(packet.shared_from_this(),
"Signer is not in the fixed signer list: " +
keyLocatorName.toUri());
if (m_sigType != signature.getType()) {
// Signature type does not match
return -1;
}
if (signature.getType() == tlv::DigestSha256) {
// FixedSigner does not allow Sha256 signature type
return -1;
}
try {
switch (signature.getType()) {
case tlv::SignatureSha256WithRsa:
case tlv::SignatureSha256WithEcdsa: {
if (!signature.hasKeyLocator()) {
// Missing KeyLocator in SignatureInfo
return -1;
}
break;
}
if (Validator::verifySignature(packet, signature,
m_signers[keyLocatorName]->getPublicKeyInfo()))
{
onValidated(packet.shared_from_this());
return 1;
}
else
{
onValidationFailed(packet.shared_from_this(),
"Signature cannot be validated");
return -1;
}
default: {
// Unsupported signature type
return -1;
}
}
catch (KeyLocator::Error& e)
{
onValidationFailed(packet.shared_from_this(),
"KeyLocator does not have name");
const Name& keyLocatorName = signature.getKeyLocator().getName();
if (m_signers.find(keyLocatorName) == m_signers.end()) {
// Signer is not in the fixed signer list
return -1;
}
catch (tlv::Error& e)
{
onValidationFailed(packet.shared_from_this(),
"Cannot decode signature");
if (Validator::verifySignature(packet, signature,
m_signers[keyLocatorName]->getPublicKeyInfo())) {
return 1;
}
else {
// Signature cannot be validated
return -1;
}
}
catch (const KeyLocator::Error& e) {
// KeyLocator does not have name
return -1;
}
catch (const tlv::Error& e) {
// Cannot decode signature
return -1;
}
}
private:
typedef std::map<Name, shared_ptr<IdentityCertificate> > SignerList;
typedef std::map<Name, shared_ptr<IdentityCertificate>> SignerList;
uint32_t m_sigType;
SignerList m_signers;
};
@ -466,15 +394,14 @@ private:
std::string sigType = propertyIt->second.data();
propertyIt++;
std::vector<shared_ptr<IdentityCertificate> > signers;
for (; propertyIt != configSection.end(); propertyIt++)
{
if (!boost::iequals(propertyIt->first, "signer"))
BOOST_THROW_EXCEPTION(Error("Expect <checker.signer> but get <checker." +
propertyIt->first + ">"));
std::vector<shared_ptr<IdentityCertificate>> signers;
for (; propertyIt != configSection.end(); propertyIt++) {
if (!boost::iequals(propertyIt->first, "signer"))
BOOST_THROW_EXCEPTION(Error("Expect <checker.signer> but get <checker." +
propertyIt->first + ">"));
signers.push_back(getSigner(propertyIt->second, configFilename));
}
signers.push_back(getSigner(propertyIt->second, configFilename));
}
if (propertyIt != configSection.end())
BOOST_THROW_EXCEPTION(Error("Expect the end of checker"));
@ -497,48 +424,46 @@ private:
std::string type = propertyIt->second.data();
propertyIt++;
if (boost::iequals(type, "file"))
{
// Get checker.signer.file-name
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "file-name"))
BOOST_THROW_EXCEPTION(Error("Expect <checker.signer.file-name>"));
path certfilePath = absolute(propertyIt->second.data(),
path(configFilename).parent_path());
propertyIt++;
if (propertyIt != configSection.end())
BOOST_THROW_EXCEPTION(Error("Expect the end of checker.signer"));
shared_ptr<IdentityCertificate> idCert
= io::load<IdentityCertificate>(certfilePath.c_str());
if (static_cast<bool>(idCert))
return idCert;
else
BOOST_THROW_EXCEPTION(Error("Cannot read certificate from file: " +
certfilePath.native()));
}
else if (boost::iequals(type, "base64"))
{
// Get checker.signer.base64-string
if (propertyIt == configSection.end() ||
!boost::iequals(propertyIt->first, "base64-string"))
BOOST_THROW_EXCEPTION(Error("Expect <checker.signer.base64-string>"));
std::stringstream ss(propertyIt->second.data());
propertyIt++;
if (propertyIt != configSection.end())
BOOST_THROW_EXCEPTION(Error("Expect the end of checker.signer"));
shared_ptr<IdentityCertificate> idCert = io::load<IdentityCertificate>(ss);
if (static_cast<bool>(idCert))
return idCert;
else
BOOST_THROW_EXCEPTION(Error("Cannot decode certificate from string"));
}
if (boost::iequals(type, "file")) {
// Get checker.signer.file-name
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "file-name"))
BOOST_THROW_EXCEPTION(Error("Expect <checker.signer.file-name>"));
path certfilePath = absolute(propertyIt->second.data(),
path(configFilename).parent_path());
propertyIt++;
if (propertyIt != configSection.end())
BOOST_THROW_EXCEPTION(Error("Expect the end of checker.signer"));
shared_ptr<IdentityCertificate> idCert
= io::load<IdentityCertificate>(certfilePath.c_str());
if (static_cast<bool>(idCert))
return idCert;
else
BOOST_THROW_EXCEPTION(Error("Cannot read certificate from file: " +
certfilePath.native()));
}
else if (boost::iequals(type, "base64")) {
// Get checker.signer.base64-string
if (propertyIt == configSection.end() ||
!boost::iequals(propertyIt->first, "base64-string"))
BOOST_THROW_EXCEPTION(Error("Expect <checker.signer.base64-string>"));
std::stringstream ss(propertyIt->second.data());
propertyIt++;
if (propertyIt != configSection.end())
BOOST_THROW_EXCEPTION(Error("Expect the end of checker.signer"));
shared_ptr<IdentityCertificate> idCert = io::load<IdentityCertificate>(ss);
if (static_cast<bool>(idCert))
return idCert;
else
BOOST_THROW_EXCEPTION(Error("Cannot decode certificate from string"));
}
else
BOOST_THROW_EXCEPTION(Error("Unsupported checker.signer type: " + type));
}

32
src/security/conf/rule.hpp
Unescape View File

@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
* Copyright (c) 2013-2014 Regents of the University of California.
* Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@ -19,6 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*
* @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
* @author Zhiyi Zhang <zhangzhiyi1919@gmail.com>
*/
#ifndef NDN_SECURITY_CONF_RULE_HPP
@ -97,19 +98,28 @@ public:
const ValidatedCallback& onValidated,
const ValidationFailureCallback& onValidationFailed)
{
for (CheckerList::iterator it = m_checkers.begin();
it != m_checkers.end(); it++)
{
int8_t result = (*it)->check(packet, onValidated, onValidationFailed);
if (result >= 0)
return result;
bool hasPendingResult = false;
for (CheckerList::iterator it = m_checkers.begin(); it != m_checkers.end(); it++) {
int8_t result = (*it)->check(packet);
if (result > 0) {
onValidated(packet.shared_from_this());
return result;
}
return -1;
else if (result == 0)
hasPendingResult = true;
}
if (hasPendingResult) {
return 0;
}
else {
onValidationFailed(packet.shared_from_this(), "Packet cannot pass any checkers.");
return -1;
}
}
private:
typedef std::vector<shared_ptr<Filter> > FilterList;
typedef std::vector<shared_ptr<Checker> > CheckerList;
NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
typedef std::vector<shared_ptr<Filter>> FilterList;
typedef std::vector<shared_ptr<Checker>> CheckerList;
std::string m_id;
FilterList m_filters;

15
src/security/validator-config.cpp
Unescape View File

@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
* Copyright (c) 2013-2015 Regents of the University of California.
* Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@ -19,6 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*
* @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
* @author Zhiyi Zhang <zhangzhiyi1919@gmail.com>
*/
#include "validator-config.hpp"
@ -190,7 +191,7 @@ ValidatorConfig::onConfigRule(const security::conf::ConfigSection& configSection
+ " in rule: " + ruleId));
// Get rule.filter(s)
std::vector<shared_ptr<Filter> > filters;
std::vector<shared_ptr<Filter>> filters;
for (; propertyIt != configSection.end(); propertyIt++)
{
if (!boost::iequals(propertyIt->first, "filter"))
@ -205,7 +206,7 @@ ValidatorConfig::onConfigRule(const security::conf::ConfigSection& configSection
}
// Get rule.checker(s)
std::vector<shared_ptr<Checker> > checkers;
std::vector<shared_ptr<Checker>> checkers;
for (; propertyIt != configSection.end(); propertyIt++)
{
if (!boost::iequals(propertyIt->first, "checker"))
@ -489,7 +490,7 @@ ValidatorConfig::checkPolicy(const Data& data,
int nSteps,
const OnDataValidated& onValidated,
const OnDataValidationFailed& onValidationFailed,
std::vector<shared_ptr<ValidationRequest> >& nextSteps)
std::vector<shared_ptr<ValidationRequest>>& nextSteps)
{
if (!m_shouldValidate)
return onValidated(data.shared_from_this());
@ -524,7 +525,7 @@ ValidatorConfig::checkPolicy(const Interest& interest,
int nSteps,
const OnInterestValidated& onValidated,
const OnInterestValidationFailed& onValidationFailed,
std::vector<shared_ptr<ValidationRequest> >& nextSteps)
std::vector<shared_ptr<ValidationRequest>>& nextSteps)
{
if (!m_shouldValidate)
return onValidated(interest.shared_from_this());
@ -733,7 +734,7 @@ ValidatorConfig::checkSignature(const Packet& packet,
size_t nSteps,
const OnValidated& onValidated,
const OnFailed& onValidationFailed,
std::vector<shared_ptr<ValidationRequest> >& nextSteps)
std::vector<shared_ptr<ValidationRequest>>& nextSteps)
{
if (signature.getType() == tlv::DigestSha256)
{
@ -785,7 +786,7 @@ ValidatorConfig::checkSignature(const Packet& packet,
AnchorList::const_iterator it = m_anchors.find(keyLocatorName);
if (m_anchors.end() == it && static_cast<bool>(m_certificateCache))
trustedCert = m_certificateCache->getCertificate(keyLocatorName);
else
else if (m_anchors.end() != it)
trustedCert = it->second;
if (static_cast<bool>(trustedCert))

35
src/security/validator-config.hpp
Unescape View File

@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
* Copyright (c) 2013-2014 Regents of the University of California.
* Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@ -19,6 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*
* @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
* @author Zhiyi Zhang <zhangzhiyi1919@gmail.com>
*/
#ifndef NDN_SECURITY_VALIDATOR_CONFIG_HPP
@ -66,9 +67,7 @@ public:
const time::system_clock::Duration& keyTimestampTtl = DEFAULT_KEY_TIMESTAMP_TTL);
virtual
~ValidatorConfig()
{
}
~ValidatorConfig() = default;
void
load(const std::string& filename);
@ -95,14 +94,14 @@ protected:
int nSteps,
const OnDataValidated& onValidated,
const OnDataValidationFailed& onValidationFailed,
std::vector<shared_ptr<ValidationRequest> >& nextSteps);
std::vector<shared_ptr<ValidationRequest>>& nextSteps);
virtual void
checkPolicy(const Interest& interest,
int nSteps,
const OnInterestValidated& onValidated,
const OnInterestValidationFailed& onValidationFailed,
std::vector<shared_ptr<ValidationRequest> >& nextSteps);
std::vector<shared_ptr<ValidationRequest>>& nextSteps);
private:
template<class Packet, class OnValidated, class OnFailed>
@ -112,7 +111,7 @@ private:
size_t nSteps,
const OnValidated& onValidated,
const OnFailed& onValidationFailed,
std::vector<shared_ptr<ValidationRequest> >& nextSteps);
std::vector<shared_ptr<ValidationRequest>>& nextSteps);
void
checkTimestamp(const shared_ptr<const Interest>& interest,
@ -154,14 +153,6 @@ private:
void
cleanOldKeys();
#ifdef NDN_CXX_HAVE_TESTS
size_t
getTimestampMapSize()
{
return m_lastTimestamp.size();
}
#endif
class TrustAnchorContainer
{
public:
@ -169,7 +160,7 @@ private:
{
}
const std::list<shared_ptr<IdentityCertificate> >&
const std::list<shared_ptr<IdentityCertificate>>&
getAll() const
{
return m_certificates;
@ -182,7 +173,7 @@ private:
}
protected:
std::list<shared_ptr<IdentityCertificate> > m_certificates;
std::list<shared_ptr<IdentityCertificate>> m_certificates;
};
class DynamicTrustAnchorContainer : public TrustAnchorContainer
@ -237,14 +228,14 @@ public:
static const time::milliseconds DEFAULT_GRACE_INTERVAL;
static const time::system_clock::Duration DEFAULT_KEY_TIMESTAMP_TTL;
private:
NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
typedef security::conf::Rule<Interest> InterestRule;
typedef security::conf::Rule<Data> DataRule;
typedef std::vector<shared_ptr<InterestRule> > InterestRuleList;
typedef std::vector<shared_ptr<DataRule> > DataRuleList;
typedef std::map<Name, shared_ptr<IdentityCertificate> > AnchorList;
typedef std::vector<shared_ptr<InterestRule>> InterestRuleList;
typedef std::vector<shared_ptr<DataRule>> DataRuleList;
typedef std::map<Name, shared_ptr<IdentityCertificate>> AnchorList;
typedef std::list<DynamicTrustAnchorContainer> DynamicContainers; // sorted by m_lastRefresh
typedef std::list<shared_ptr<IdentityCertificate> > CertificateList;
typedef std::list<shared_ptr<IdentityCertificate>> CertificateList;
/**

227
tests/unit-tests/security/conf/checker.t.cpp
Unescape View File

@ -33,61 +33,6 @@ using namespace ndn::tests;
BOOST_FIXTURE_TEST_SUITE(SecurityConfChecker, IdentityManagementFixture)
void
interestChecked(const shared_ptr<const Interest>& interest)
{
BOOST_CHECK(true);
}
void
interestCheckFailed(const shared_ptr<const Interest>& interest,
const std::string& failureInfo)
{
std::cerr << failureInfo << std::endl;
BOOST_CHECK(false);
}
void
interestCheckedFalse(const shared_ptr<const Interest>& interest)
{
BOOST_CHECK(false);
}
void
interestCheckFailedFalse(const shared_ptr<const Interest>& interest,
const std::string& failureInfo)
{
BOOST_CHECK(true);
}
void
dataChecked(const shared_ptr<const Data>& interest)
{
BOOST_CHECK(true);
}
void
dataCheckFailed(const shared_ptr<const Data>& interest,
const std::string& failureInfo)
{
std::cerr << failureInfo << std::endl;
BOOST_CHECK(false);
}
void
dataCheckedFalse(const shared_ptr<const Data>& interest)
{
BOOST_CHECK(false);
}
void
dataCheckFailedFalse(const shared_ptr<const Data>& interest,
const std::string& failureInfo)
{
BOOST_CHECK(true);
}
BOOST_AUTO_TEST_CASE(CustomizedCheckerTest1)
{
using security::conf::CustomizedChecker;
@ -131,24 +76,16 @@ BOOST_AUTO_TEST_CASE(CustomizedCheckerTest1)
KeyLocatorChecker::RELATION_EQUAL);
CustomizedChecker checker1(tlv::SignatureSha256WithRsa, keyLocatorCheckerEqual1);
result = checker1.check(*data1,
bind(dataChecked, _1),
bind(dataCheckFailed, _1, _2));
result = checker1.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*data2,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker1.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
result = checker1.check(*interest1,
bind(interestChecked, _1),
bind(interestCheckFailed, _1, _2));
result = checker1.check(*interest1);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*interest2,
bind(interestCheckedFalse, _1),
bind(interestCheckFailedFalse, _1, _2));
result = checker1.check(*interest2);
BOOST_CHECK_EQUAL(result, -1);
@ -157,14 +94,10 @@ BOOST_AUTO_TEST_CASE(CustomizedCheckerTest1)
KeyLocatorChecker::RELATION_EQUAL);
CustomizedChecker checker2(tlv::SignatureSha256WithRsa, keyLocatorCheckerEqual2);
result = checker2.check(*data1,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker2.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
result = checker2.check(*interest1,
bind(interestCheckedFalse, _1),
bind(interestCheckFailedFalse, _1, _2));
result = checker2.check(*interest1);
BOOST_CHECK_EQUAL(result, -1);
@ -173,14 +106,10 @@ BOOST_AUTO_TEST_CASE(CustomizedCheckerTest1)
KeyLocatorChecker::RELATION_IS_PREFIX_OF);
CustomizedChecker checker3(tlv::SignatureSha256WithRsa, keyLocatorCheckerPrefix1);
result = checker3.check(*data1,
bind(dataChecked, _1),
bind(dataCheckFailed, _1, _2));
result = checker3.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
result = checker3.check(*data2,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker3.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
@ -189,14 +118,10 @@ BOOST_AUTO_TEST_CASE(CustomizedCheckerTest1)
KeyLocatorChecker::RELATION_IS_PREFIX_OF);
CustomizedChecker checker4(tlv::SignatureSha256WithRsa, keyLocatorCheckerPrefix2);
result = checker4.check(*data1,
bind(dataChecked, _1),
bind(dataCheckFailed, _1, _2));
result = checker4.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
result = checker4.check(*data2,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker4.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
@ -205,14 +130,10 @@ BOOST_AUTO_TEST_CASE(CustomizedCheckerTest1)
KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF);
CustomizedChecker checker5(tlv::SignatureSha256WithRsa, keyLocatorCheckerStrict1);
result = checker5.check(*data1,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker5.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
result = checker5.check(*data2,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker5.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerStrict2 =
@ -220,14 +141,10 @@ BOOST_AUTO_TEST_CASE(CustomizedCheckerTest1)
KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF);
CustomizedChecker checker6(tlv::SignatureSha256WithRsa, keyLocatorCheckerStrict2);
result = checker6.check(*data1,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker6.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
result = checker6.check(*data2,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker6.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
}
@ -274,24 +191,16 @@ BOOST_AUTO_TEST_CASE(CustomizedCheckerTest2)
Regex("^<SecurityTestConfChecker><CustomizedCheckerTest2>"));
CustomizedChecker checker1(tlv::SignatureSha256WithRsa, keyLocatorCheckerRegex1);
result = checker1.check(*data1,
bind(dataChecked, _1),
bind(dataCheckFailed, _1, _2));
result = checker1.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*data2,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker1.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
result = checker1.check(*interest1,
bind(interestChecked, _1),
bind(interestCheckFailed, _1, _2));
result = checker1.check(*interest1);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*interest2,
bind(interestCheckedFalse, _1),
bind(interestCheckFailedFalse, _1, _2));
result = checker1.check(*interest2);
BOOST_CHECK_EQUAL(result, -1);
}
@ -338,32 +247,22 @@ BOOST_AUTO_TEST_CASE(CustomizedCheckerTest3)
Regex("^<SecurityTestConfChecker><CustomizedCheckerTest3>"));
CustomizedChecker checker1(tlv::SignatureSha256WithEcdsa, keyLocatorCheckerRegex1);
result = checker1.check(*data1,
bind(dataChecked, _1),
bind(dataCheckFailed, _1, _2));
result = checker1.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*data2,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker1.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
result = checker1.check(*interest1,
bind(interestChecked, _1),
bind(interestCheckFailed, _1, _2));
result = checker1.check(*interest1);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*interest2,
bind(interestCheckedFalse, _1),
bind(interestCheckFailedFalse, _1, _2));
result = checker1.check(*interest2);
BOOST_CHECK_EQUAL(result, -1);
CustomizedChecker checker2(tlv::SignatureSha256WithRsa, keyLocatorCheckerRegex1);
result = checker2.check(*data1,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker2.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
}
@ -417,67 +316,43 @@ BOOST_AUTO_TEST_CASE(HierarchicalCheckerTest1)
HierarchicalChecker checker1(tlv::SignatureSha256WithEcdsa);
result = checker1.check(*data1,
bind(dataChecked, _1),
bind(dataCheckFailed, _1, _2));
result = checker1.check(*data1);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*data2,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker1.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
result = checker1.check(*data3,
bind(dataChecked, _1),
bind(dataCheckFailed, _1, _2));
result = checker1.check(*data3);
BOOST_CHECK_EQUAL(result, 0);
result = checker1.check(*data4,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker1.check(*data4);
BOOST_CHECK_EQUAL(result, -1);
result = checker1.check(*data5,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker1.check(*data5);
BOOST_CHECK_EQUAL(result, -1);
result = checker1.check(*data6,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker1.check(*data6);
BOOST_CHECK_EQUAL(result, -1);
HierarchicalChecker checker2(tlv::SignatureSha256WithRsa);
result = checker2.check(*data1,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker2.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
result = checker2.check(*data2,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker2.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
result = checker2.check(*data3,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker2.check(*data3);
BOOST_CHECK_EQUAL(result, -1);
result = checker2.check(*data4,
bind(dataChecked, _1),
bind(dataCheckFailed, _1, _2));
result = checker2.check(*data4);
BOOST_CHECK_EQUAL(result, 0);
result = checker2.check(*data5,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker2.check(*data5);
BOOST_CHECK_EQUAL(result, -1);
result = checker2.check(*data6,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker2.check(*data6);
BOOST_CHECK_EQUAL(result, -1);
}
@ -518,53 +393,37 @@ BOOST_AUTO_TEST_CASE(FixedSignerCheckerTest1)
FixedSignerChecker checker1(tlv::SignatureSha256WithEcdsa, certSet1);
result = checker1.check(*data1,
bind(dataChecked, _1),
bind(dataCheckFailed, _1, _2));
result = checker1.check(*data1);
BOOST_CHECK_EQUAL(result, 1);
result = checker1.check(*data2,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker1.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
FixedSignerChecker checker2(tlv::SignatureSha256WithRsa, certSet1);
result = checker2.check(*data1,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker2.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
result = checker2.check(*data2,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker2.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
FixedSignerChecker checker3(tlv::SignatureSha256WithEcdsa, certSet2);
result = checker3.check(*data1,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker3.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
result = checker3.check(*data2,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker3.check(*data2);
BOOST_CHECK_EQUAL(result, -1);
FixedSignerChecker checker4(tlv::SignatureSha256WithRsa, certSet2);
result = checker4.check(*data1,
bind(dataCheckedFalse, _1),
bind(dataCheckFailedFalse, _1, _2));
result = checker4.check(*data1);
BOOST_CHECK_EQUAL(result, -1);
result = checker4.check(*data2,
bind(dataChecked, _1),
bind(dataCheckFailed, _1, _2));
result = checker4.check(*data2);
BOOST_CHECK_EQUAL(result, 1);
}

338
tests/unit-tests/security/validator-config.t.cpp
Unescape View File

@ -22,6 +22,7 @@
#include "security/validator-config.hpp"
#include "security/key-chain.hpp"
#include "security/signing-helpers.hpp"
#include "util/io.hpp"
#include "util/scheduler.hpp"
#include "util/dummy-client-face.hpp"
@ -30,6 +31,7 @@
#include "identity-management-fixture.hpp"
#include "../identity-management-time-fixture.hpp"
#include "../make-interest-data.hpp"
#include "boost-test.hpp"
namespace ndn {
@ -52,15 +54,11 @@ BOOST_AUTO_TEST_CASE(NameFilter)
Name dataName1("/simple/equal");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Name dataName2("/simple/different");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
std::string CONFIG_1 =
"rule\n"
@ -100,7 +98,7 @@ BOOST_AUTO_TEST_CASE(NameFilter)
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
validator.load(CONFIG, CONFIG_PATH.native());
validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*data1,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
@ -126,21 +124,15 @@ BOOST_AUTO_TEST_CASE(NameFilter2)
Name dataName1("/simple/isPrefixOf");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Name dataName2("/simple/notPrefixOf");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Name dataName3("/simple/isPrefixOf/anotherLevel");
shared_ptr<Data> data3 = make_shared<Data>(dataName3);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
std::string CONFIG_1 =
"rule\n"
@ -180,7 +172,7 @@ BOOST_AUTO_TEST_CASE(NameFilter2)
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
validator.load(CONFIG, CONFIG_PATH.native());
validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*data1,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
@ -210,21 +202,15 @@ BOOST_AUTO_TEST_CASE(NameFilter3)
Name dataName1("/simple/isStrictPrefixOf");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Name dataName2("/simple");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Name dataName3("/simple/isStrictPrefixOf/anotherLevel");
shared_ptr<Data> data3 = make_shared<Data>(dataName3);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
std::string CONFIG_1 =
"rule\n"
@ -264,7 +250,7 @@ BOOST_AUTO_TEST_CASE(NameFilter3)
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
validator.load(CONFIG, CONFIG_PATH.native());
validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*data1,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
@ -294,21 +280,15 @@ BOOST_AUTO_TEST_CASE(NameFilter4)
Name dataName1("/simple/regex");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Name dataName2("/simple/regex-wrong");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Name dataName3("/simple/regex/correct");
shared_ptr<Data> data3 = make_shared<Data>(dataName3);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
std::string CONFIG_1 =
"rule\n"
@ -347,7 +327,7 @@ BOOST_AUTO_TEST_CASE(NameFilter4)
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
validator.load(CONFIG, CONFIG_PATH.native());
validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*data1,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
@ -378,21 +358,15 @@ BOOST_AUTO_TEST_CASE(KeyLocatorNameChecker1)
Name dataName1 = identity;
dataName1.append("1");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
Name dataName2 = identity;
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity)));
Name dataName3("/TestValidatorConfig/KeyLocatorNameChecker1");
shared_ptr<Data> data3 = make_shared<Data>(dataName3);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity)));
const std::string CONFIG =
"rule\n"
@ -427,7 +401,7 @@ BOOST_AUTO_TEST_CASE(KeyLocatorNameChecker1)
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
validator.load(CONFIG, CONFIG_PATH.native());
validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*data1,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
@ -464,16 +438,12 @@ BOOST_AUTO_TEST_CASE(FixedSignerChecker)
Name dataName1 = identity;
dataName1.append("data").appendVersion();
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity1)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
Name dataName2 = identity;
dataName2.append("data").appendVersion();
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity2)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
Name interestName("/TestValidatorConfig/FixedSignerChecker/fakeSigInfo/fakeSigValue");
shared_ptr<Interest> interest = make_shared<Interest>(interestName);
@ -526,7 +496,7 @@ BOOST_AUTO_TEST_CASE(FixedSignerChecker)
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
validator.load(CONFIG, CONFIG_PATH.native());
validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*data1,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
@ -545,6 +515,148 @@ BOOST_AUTO_TEST_CASE(FixedSignerChecker)
boost::filesystem::remove(CERT_PATH);
}
struct CertCleanFixture : public IdentityManagementTimeFixture
{
public:
CertCleanFixture()
: tmpPath(boost::filesystem::path(UNIT_TEST_CONFIG_PATH))
{
boost::filesystem::create_directories(tmpPath);
}
~CertCleanFixture()
{
boost::filesystem::remove_all(tmpPath);
}
public:
boost::filesystem::path tmpPath;
};
BOOST_FIXTURE_TEST_CASE(MultiCheckers, CertCleanFixture)
{
std::string certDir = tmpPath.c_str();
Name identity1("/TestValidatorConfig/MultiCheckers/");
identity1.appendVersion();
addIdentity(identity1);
Name certName1 = m_keyChain.getDefaultCertificateNameForIdentity(identity1);
shared_ptr<IdentityCertificate> idCert1 = m_keyChain.getCertificate(certName1);
std::string certDir1 = certDir + "trust-anchor-multi-1.cert";
io::save(*idCert1, certDir1);
Name identity2("/TestValidatorConfig/");
identity2.appendVersion();
addIdentity(identity2);
Name certName2 = m_keyChain.getDefaultCertificateNameForIdentity(identity2);
shared_ptr<IdentityCertificate> idCert2 = m_keyChain.getCertificate(certName2);
std::string certDir2 = certDir + "trust-anchor-multi-2.cert";
io::save(*idCert2, certDir2);
const std::string CONFIG =
"rule\n"
"{\n"
" id \"Simple Rule01\"\n"
" for data\n"
" filter"
" {\n"
" type name\n"
" name /\n"
" relation is-prefix-of\n"
" }\n"
" checker\n" // checker 1, signer should have prefix /TestValidatorConfig/MultiCheckers
" {\n"
" type customized\n"
" sig-type rsa-sha256\n"
" key-locator\n"
" {\n"
" type name\n"
" name /TestValidatorConfig/MultiCheckers/\n"
" relation is-prefix-of\n"
" }\n"
" }\n"
" checker\n" // checker 2, data should have same prefix of its signer
" {\n"
" type hierarchical\n"
" sig-type rsa-sha256\n"
" }\n"
" checker\n" // checker 3, the signer should be identity1
" {\n"
" type fixed-signer\n"
" sig-type rsa-sha256\n"
" signer\n"
" {\n"
" type file\n"
" file-name \"trust-anchor-multi-1.cert\"\n"
" }\n"
" }\n"
"}\n";
const boost::filesystem::path CONFIG_PATH =
(tmpPath / std::string("unit-test-multicheckers.conf"));
ValidatorConfig validator;
validator.load(CONFIG, CONFIG_PATH.c_str());
conf::Checker& checker0 = *validator.m_dataRules.front()->m_checkers[0];
conf::Checker& checker1 = *validator.m_dataRules.front()->m_checkers[1];
conf::Checker& checker2 = *validator.m_dataRules.front()->m_checkers[2];
auto data1 = util::makeData(Name(identity1).append("Test"));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity1)));
BOOST_CHECK_EQUAL(checker0.check(*data1), 0);
BOOST_CHECK_EQUAL(checker1.check(*data1), 0);
BOOST_CHECK_EQUAL(checker2.check(*data1), 1);
auto data2 = util::makeData(Name(identity2).append("Data2"));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(identity2)));
BOOST_CHECK_EQUAL(checker0.check(*data2), -1);
BOOST_CHECK_EQUAL(checker1.check(*data2), 0);
BOOST_CHECK_EQUAL(checker2.check(*data2), -1);
auto data3 = util::makeData(Name(identity2).append("Data3"));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data3, security::signingByIdentity(identity1)));
BOOST_CHECK_EQUAL(checker0.check(*data3), 0);
BOOST_CHECK_EQUAL(checker1.check(*data3), -1);
BOOST_CHECK_EQUAL(checker2.check(*data3), 1);
auto data4 = util::makeData("/Data4");
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data4, security::signingByIdentity(identity2)));
BOOST_CHECK_EQUAL(checker0.check(*data4), -1);
BOOST_CHECK_EQUAL(checker1.check(*data4), -1);
BOOST_CHECK_EQUAL(checker2.check(*data4), -1);
int count = 0;
validator.validate(*data1,
[&] (const shared_ptr<const Data>&) {
BOOST_CHECK(true);
count++;
},
[] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
validator.validate(*data2,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
[&] (const shared_ptr<const Data>&, const std::string& str) {
BOOST_CHECK(true);
count++;
});
validator.validate(*data3,
[&] (const shared_ptr<const Data>&) {
BOOST_CHECK(true);
count++;
},
[] (const shared_ptr<const Data>&, const std::string& str) { BOOST_CHECK(false); });
validator.validate(*data4,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(false); },
[&] (const shared_ptr<const Data>&, const std::string& str) {
BOOST_CHECK(true);
count++;
});
BOOST_CHECK_EQUAL(count, 4);
}
BOOST_AUTO_TEST_CASE(Reset)
{
Name root("/TestValidatorConfig/Reload");
@ -602,7 +714,7 @@ BOOST_AUTO_TEST_CASE(Reset)
shared_ptr<ValidatorConfig> validator = shared_ptr<ValidatorConfig>(new ValidatorConfig(face));
validator->load(CONFIG, CONFIG_PATH.native());
validator->load(CONFIG, CONFIG_PATH.c_str());
BOOST_CHECK_EQUAL(validator->isEmpty(), false);
validator->reset();
@ -621,9 +733,7 @@ BOOST_AUTO_TEST_CASE(TrustAnchorWildcard)
Name dataName1("/any/data");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(identity)));
std::string CONFIG =
"trust-anchor\n"
@ -636,7 +746,7 @@ BOOST_AUTO_TEST_CASE(TrustAnchorWildcard)
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
validator.load(CONFIG, CONFIG_PATH.native());
validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*data1,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
@ -662,13 +772,9 @@ BOOST_AUTO_TEST_CASE(SignedInterestTest)
interestName2.append("2");
shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity1)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
usleep(10000);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity1)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity1)));
const std::string CONFIG =
"rule\n"
@ -697,7 +803,7 @@ BOOST_AUTO_TEST_CASE(SignedInterestTest)
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
validator.load(CONFIG, CONFIG_PATH.native());
validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*interest1,
[] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
@ -754,17 +860,11 @@ BOOST_AUTO_TEST_CASE(MaxKeyTest)
interestName3.append("3");
shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity1)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
usleep(10000);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity2)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
usleep(10000);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity3)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
const std::string CONFIG =
"rule\n"
@ -808,7 +908,7 @@ BOOST_AUTO_TEST_CASE(MaxKeyTest)
10,
2, // Two keys can be tracked
time::seconds(1)); // TTL is set to 1 sec
validator.load(CONFIG, CONFIG_PATH.native());
validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*interest1,
[] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
@ -892,21 +992,13 @@ BOOST_AUTO_TEST_CASE(MaxKeyTest2)
shared_ptr<Interest> interest4 = make_shared<Interest>(interestName4);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity1)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(identity1)));
usleep(10000);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity2)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(identity2)));
usleep(10000);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity3)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(identity3)));
usleep(10000);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest4,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
identity4)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest4, security::signingByIdentity(identity4)));
const std::string CONFIG =
"rule\n"
@ -955,7 +1047,7 @@ BOOST_AUTO_TEST_CASE(MaxKeyTest2)
10,
3, // Two keys can be tracked
time::seconds(1)); // TTL is set to 1 sec
validator.load(CONFIG, CONFIG_PATH.native());
validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*interest1,
[] (const shared_ptr<const Interest>&) { BOOST_CHECK(true); },
@ -1033,22 +1125,14 @@ BOOST_AUTO_TEST_CASE(FixedSignerChecker2)
Name dataName("/TestValidatorConfig/FixedSignerChecker2");
shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
m_keyChain.sign(*dataRsa,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
rsaIdentity));
m_keyChain.sign(*dataRsa, security::signingByIdentity(rsaIdentity));
shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
m_keyChain.sign(*dataEcdsa,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
ecdsaIdentity));
m_keyChain.sign(*dataEcdsa, security::signingByIdentity(ecdsaIdentity));
shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
m_keyChain.sign(*interestRsa,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
rsaIdentity));
m_keyChain.sign(*interestRsa, security::signingByIdentity(rsaIdentity));
shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
m_keyChain.sign(*interestEcdsa,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
ecdsaIdentity));
m_keyChain.sign(*interestEcdsa, security::signingByIdentity(ecdsaIdentity));
const std::string CONFIG =
"rule\n"
@ -1098,7 +1182,7 @@ BOOST_AUTO_TEST_CASE(FixedSignerChecker2)
Face face(nullptr, m_keyChain);
ValidatorConfig validator(face);
validator.load(CONFIG, CONFIG_PATH.native());
validator.load(CONFIG, CONFIG_PATH.c_str());
validator.validate(*dataEcdsa,
[] (const shared_ptr<const Data>&) { BOOST_CHECK(true); },
@ -1196,9 +1280,7 @@ BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
time::system_clock::now(),
time::system_clock::now() + time::days(7300),
subjectDescription);
m_keyChain.sign(*sldCert,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
root));
m_keyChain.sign(*sldCert, security::signingByIdentity(root));
m_keyChain.addCertificateAsIdentityDefault(*sldCert);
Name nld("/TestValidatorConfig/HierarchicalChecker/NextLevel");
@ -1211,9 +1293,7 @@ BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
time::system_clock::now(),
time::system_clock::now() + time::days(7300),
subjectDescription);
m_keyChain.sign(*nldCert,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
sld));
m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
m_keyChain.addCertificateAsIdentityDefault(*nldCert);
face1.setInterestFilter(sldCert->getName().getPrefix(-1),
@ -1229,16 +1309,12 @@ BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
Name dataName1 = nld;
dataName1.append("data1");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
nld)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(nld)));
Name dataName2("/ConfValidatorTest");
dataName2.append("data1");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
nld)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(nld)));
const std::string CONFIG =
@ -1262,7 +1338,7 @@ BOOST_FIXTURE_TEST_CASE(HierarchicalChecker, FacesFixture)
auto validator = make_shared<ValidatorConfig>(&face2);
validator->load(CONFIG, CONFIG_PATH.native());
validator->load(CONFIG, CONFIG_PATH.c_str());
advanceClocks(time::milliseconds(2), 100);
validator->validate(*data1,
@ -1309,9 +1385,7 @@ BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
time::system_clock::now(),
time::system_clock::now() + time::days(7300),
subjectDescription);
m_keyChain.sign(*sldCert,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
root));
m_keyChain.sign(*sldCert, security::signingByIdentity(root));
m_keyChain.addCertificateAsIdentityDefault(*sldCert);
Name nld("/TestValidatorConfig/Nrd-1/Nrd-2");
@ -1324,9 +1398,7 @@ BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
time::system_clock::now(),
time::system_clock::now() + time::days(7300),
subjectDescription);
m_keyChain.sign(*nldCert,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
sld));
m_keyChain.sign(*nldCert, security::signingByIdentity(sld));
m_keyChain.addCertificateAsIdentityDefault(*nldCert);
face1.setInterestFilter(sldCert->getName().getPrefix(-1),
@ -1342,23 +1414,17 @@ BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
advanceClocks(time::milliseconds(10));
Name interestName1("/localhost/nrd/register/option");
shared_ptr<Interest> interest1 = make_shared<Interest>(interestName1);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
nld)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest1, security::signingByIdentity(nld)));
advanceClocks(time::milliseconds(10));
Name interestName2("/localhost/nrd/non-register");
shared_ptr<Interest> interest2 = make_shared<Interest>(interestName2);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
nld)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest2, security::signingByIdentity(nld)));
advanceClocks(time::milliseconds(10));
Name interestName3("/localhost/nrd/register/option");
shared_ptr<Interest> interest3 = make_shared<Interest>(interestName3);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
root)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*interest3, security::signingByIdentity(root)));
advanceClocks(time::milliseconds(10));
Name interestName4("/localhost/nrd/register/option/timestamp/nonce/fakeSigInfo/fakeSigValue");
@ -1409,7 +1475,7 @@ BOOST_FIXTURE_TEST_CASE(Nrd, FacesFixture)
(boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
auto validator = make_shared<ValidatorConfig>(&face2);
validator->load(CONFIG, CONFIG_PATH.native());
validator->load(CONFIG, CONFIG_PATH.c_str());
advanceClocks(time::milliseconds(2), 100);
@ -1510,15 +1576,11 @@ BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
Name dataName1("/any/data/1");
shared_ptr<Data> data1 = make_shared<Data>(dataName1);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
firstIdentity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data1, security::signingByIdentity(firstIdentity)));
Name dataName2("/any/data/2");
shared_ptr<Data> data2 = make_shared<Data>(dataName2);
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
secondIdentity)));
BOOST_CHECK_NO_THROW(m_keyChain.sign(*data2, security::signingByIdentity(secondIdentity)));
std::string CONFIG =
"rule\n"
@ -1551,7 +1613,7 @@ BOOST_FIXTURE_TEST_CASE(TrustAnchorDir, DirTestFixture)
const boost::filesystem::path CONFIG_PATH =
(boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
validator.load(CONFIG, CONFIG_PATH.native());
validator.load(CONFIG, CONFIG_PATH.c_str());
advanceClocks(time::milliseconds(10), 20);
validator.validate(*data1,

Write Preview
Loading…
Cancel
Save