public void setUp() { // Don't show INFO log messages. ILOG.J2CsMapping.Util.Logging.Logger.getLogger("").setLevel(ILOG.J2CsMapping.Util.Logging.Level.WARNING); policyConfigDirectory_ = net.named_data.jndn.tests.integration_tests.IntegrationTestsCommon .getPolicyConfigDirectory(); testCertFile_ = new FileInfo(System.IO.Path.Combine(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName, "certs")).FullName, "test.cert")); pibImpl_ = new PibMemory(); tpmBackEnd_ = new TpmBackEndMemory(); policyManager_ = new ConfigPolicyManager(policyConfigDirectory_ + "/simple_rules.conf", new CertificateCacheV2()); identityName_ = new Name("/TestConfigPolicyManager/temp"); // To match the anchor cert. keyName_ = new Name(identityName_).append("KEY").append( "ksk-1416010123"); pibImpl_.addKey(identityName_, keyName_, TEST_RSA_PUBLIC_KEY_DER); // Set the password null since we have an unencrypted PKCS #8 private key. tpmBackEnd_.importKey(keyName_, TEST_RSA_PRIVATE_KEY_PKCS8, null); keyChain_ = new KeyChain(pibImpl_, tpmBackEnd_, policyManager_); PibKey pibKey = keyChain_.getPib().getIdentity(identityName_) .getKey(keyName_); // selfSign adds to the PIB. keyChain_.selfSign(pibKey); }
public void testSimpleRegex() { ConfigPolicyManager policyManager = new ConfigPolicyManager(new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName, "regex_ruleset.conf")).FullName); Name dataName1 = new Name("/SecurityTestSecRule/Basic"); Name dataName2 = new Name("/SecurityTestSecRule/Basic/More"); Name dataName3 = new Name("/SecurityTestSecRule/"); Name dataName4 = new Name("/SecurityTestSecRule/Other/TestData"); Name dataName5 = new Name("/Basic/Data"); BoostInfoTree matchedRule1 = friendAccess.findMatchingRule( policyManager, dataName1, "data"); BoostInfoTree matchedRule2 = friendAccess.findMatchingRule( policyManager, dataName2, "data"); BoostInfoTree matchedRule3 = friendAccess.findMatchingRule( policyManager, dataName3, "data"); BoostInfoTree matchedRule4 = friendAccess.findMatchingRule( policyManager, dataName4, "data"); BoostInfoTree matchedRule5 = friendAccess.findMatchingRule( policyManager, dataName5, "data"); Assert.AssertNotNull(matchedRule1); Assert.AssertNull(matchedRule2); Assert.AssertNotNull(matchedRule3); Assert.AssertNotSame("Rule regex matched extra components", matchedRule3, matchedRule1); Assert.AssertNotNull(matchedRule4); Assert.AssertNotSame("Rule regex matched with missing component", matchedRule4, matchedRule1); Assert.AssertNull(matchedRule5); }
public void testHierarchical() { ConfigPolicyManager policyManager = new ConfigPolicyManager( new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName, "hierarchical_ruleset.conf")).FullName); Name dataName1 = new Name("/SecurityTestSecRule/Basic/Data1"); Name dataName2 = new Name("/SecurityTestSecRule/Basic/Longer/Data2"); Data data1 = new Data(dataName1); Data data2 = new Data(dataName2); BoostInfoTree matchedRule = friendAccess.findMatchingRule( policyManager, dataName1, "data"); Assert.AssertSame(matchedRule, friendAccess.findMatchingRule(policyManager, dataName2, "data")); keyChain.sign(data1, defaultCertName); keyChain.sign(data2, defaultCertName); Name signatureName1 = ((Sha256WithRsaSignature)data1.getSignature()) .getKeyLocator().getKeyName(); Name signatureName2 = ((Sha256WithRsaSignature)data2.getSignature()) .getKeyLocator().getKeyName(); String[] failureReason = new String[] { "unknown" }; Assert.AssertFalse( "Hierarchical matcher matched short data name to long key name", friendAccess.checkSignatureMatch(policyManager, signatureName1, dataName1, matchedRule, failureReason)); Assert.AssertTrue(friendAccess.checkSignatureMatch(policyManager, signatureName2, dataName2, matchedRule, failureReason)); keyChain.sign(data1, shortCertName); keyChain.sign(data2, shortCertName); signatureName1 = ((Sha256WithRsaSignature)data1.getSignature()) .getKeyLocator().getKeyName(); signatureName2 = ((Sha256WithRsaSignature)data1.getSignature()) .getKeyLocator().getKeyName(); Assert.AssertTrue(friendAccess.checkSignatureMatch(policyManager, signatureName1, dataName1, matchedRule, failureReason)); Assert.AssertTrue(friendAccess.checkSignatureMatch(policyManager, signatureName2, dataName2, matchedRule, failureReason)); }
public void testNameRelation() { ConfigPolicyManager policyManagerPrefix = new ConfigPolicyManager( new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName, "relation_ruleset_prefix.conf")).FullName); ConfigPolicyManager policyManagerStrict = new ConfigPolicyManager( new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName, "relation_ruleset_strict.conf")).FullName); ConfigPolicyManager policyManagerEqual = new ConfigPolicyManager( new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName, "relation_ruleset_equal.conf")).FullName); Name dataName = new Name("/TestRule1"); Assert.AssertNotNull("Prefix relation should match prefix name", friendAccess.findMatchingRule(policyManagerPrefix, dataName, "data")); Assert.AssertNotNull("Equal relation should match prefix name", friendAccess.findMatchingRule(policyManagerEqual, dataName, "data")); Assert.AssertNull("Strict-prefix relation should not match prefix name", friendAccess.findMatchingRule(policyManagerStrict, dataName, "data")); dataName = new Name("/TestRule1/hi"); Assert.AssertNotNull("Prefix relation should match longer name", friendAccess.findMatchingRule(policyManagerPrefix, dataName, "data")); Assert.AssertNull("Equal relation should not match longer name", friendAccess.findMatchingRule(policyManagerEqual, dataName, "data")); Assert.AssertNotNull("Strict-prefix relation should match longer name", friendAccess.findMatchingRule(policyManagerStrict, dataName, "data")); dataName = new Name("/Bad/TestRule1/"); Assert.AssertNull("Prefix relation should not match inner components", friendAccess.findMatchingRule(policyManagerPrefix, dataName, "data")); Assert.AssertNull("Equal relation should not match inner components", friendAccess.findMatchingRule(policyManagerEqual, dataName, "data")); Assert.AssertNull("Strict-prefix relation should not match inner components", friendAccess.findMatchingRule(policyManagerStrict, dataName, "data")); }
public void setUp() { // Don't show INFO log messages. ILOG.J2CsMapping.Util.Logging.Logger.getLogger("").setLevel(ILOG.J2CsMapping.Util.Logging.Level.WARNING); policyConfigDirectory_ = net.named_data.jndn.tests.integration_tests.IntegrationTestsCommon .getPolicyConfigDirectory(); testCertFile_ = new FileInfo(System.IO.Path.Combine(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName, "certs")).FullName, "test.cert")); identityStorage_ = new MemoryIdentityStorage(); privateKeyStorage_ = new MemoryPrivateKeyStorage(); identityManager_ = new IdentityManager(identityStorage_, privateKeyStorage_); policyManager_ = new ConfigPolicyManager(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName, "simple_rules.conf")).FullName); identityName_ = new Name("/TestConfigPolicyManager/temp"); // To match the anchor cert. Name keyName = new Name(identityName_).append("ksk-1416010123"); identityStorage_.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob( DEFAULT_RSA_PUBLIC_KEY_DER, false)); privateKeyStorage_.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER); IdentityCertificate cert = identityManager_.selfSign(keyName); identityStorage_.setDefaultKeyNameForIdentity(keyName); identityManager_.addCertificateAsDefault(cert); face_ = new Face("localhost"); keyChain_ = new KeyChain(identityManager_, policyManager_); keyName_ = keyName; net.named_data.jndn.security.policy.ConfigPolicyManager.setFriendAccess(this); }