public void setUp()
{
// Don't show INFO log messages.
ILOG.J2CsMapping.Util.Logging.Logger.getLogger("").setLevel(ILOG.J2CsMapping.Util.Logging.Level.WARNING);
policyConfigDirectory_ = net.named_data.jndn.tests.integration_tests.IntegrationTestsCommon
.getPolicyConfigDirectory();
testCertFile_ = new FileInfo(System.IO.Path.Combine(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName, "certs")).FullName, "test.cert"));
pibImpl_ = new PibMemory();
tpmBackEnd_ = new TpmBackEndMemory();
policyManager_ = new ConfigPolicyManager(policyConfigDirectory_
+ "/simple_rules.conf", new CertificateCacheV2());
identityName_ = new Name("/TestConfigPolicyManager/temp");
// To match the anchor cert.
keyName_ = new Name(identityName_).append("KEY").append(
"ksk-1416010123");
pibImpl_.addKey(identityName_, keyName_, TEST_RSA_PUBLIC_KEY_DER);
// Set the password null since we have an unencrypted PKCS #8 private key.
tpmBackEnd_.importKey(keyName_, TEST_RSA_PRIVATE_KEY_PKCS8, null);
keyChain_ = new KeyChain(pibImpl_, tpmBackEnd_, policyManager_);
PibKey pibKey = keyChain_.getPib().getIdentity(identityName_)
.getKey(keyName_);
// selfSign adds to the PIB.
keyChain_.selfSign(pibKey);
}
public void testSimpleRegex()
{
ConfigPolicyManager policyManager = new ConfigPolicyManager(new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName, "regex_ruleset.conf")).FullName);
Name dataName1 = new Name("/SecurityTestSecRule/Basic");
Name dataName2 = new Name("/SecurityTestSecRule/Basic/More");
Name dataName3 = new Name("/SecurityTestSecRule/");
Name dataName4 = new Name("/SecurityTestSecRule/Other/TestData");
Name dataName5 = new Name("/Basic/Data");
BoostInfoTree matchedRule1 = friendAccess.findMatchingRule(
policyManager, dataName1, "data");
BoostInfoTree matchedRule2 = friendAccess.findMatchingRule(
policyManager, dataName2, "data");
BoostInfoTree matchedRule3 = friendAccess.findMatchingRule(
policyManager, dataName3, "data");
BoostInfoTree matchedRule4 = friendAccess.findMatchingRule(
policyManager, dataName4, "data");
BoostInfoTree matchedRule5 = friendAccess.findMatchingRule(
policyManager, dataName5, "data");
Assert.AssertNotNull(matchedRule1);
Assert.AssertNull(matchedRule2);
Assert.AssertNotNull(matchedRule3);
Assert.AssertNotSame("Rule regex matched extra components", matchedRule3,
matchedRule1);
Assert.AssertNotNull(matchedRule4);
Assert.AssertNotSame("Rule regex matched with missing component",
matchedRule4, matchedRule1);
Assert.AssertNull(matchedRule5);
}
public void testHierarchical()
{
ConfigPolicyManager policyManager = new ConfigPolicyManager(
new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName, "hierarchical_ruleset.conf")).FullName);
Name dataName1 = new Name("/SecurityTestSecRule/Basic/Data1");
Name dataName2 = new Name("/SecurityTestSecRule/Basic/Longer/Data2");
Data data1 = new Data(dataName1);
Data data2 = new Data(dataName2);
BoostInfoTree matchedRule = friendAccess.findMatchingRule(
policyManager, dataName1, "data");
Assert.AssertSame(matchedRule,
friendAccess.findMatchingRule(policyManager, dataName2, "data"));
keyChain.sign(data1, defaultCertName);
keyChain.sign(data2, defaultCertName);
Name signatureName1 = ((Sha256WithRsaSignature)data1.getSignature())
.getKeyLocator().getKeyName();
Name signatureName2 = ((Sha256WithRsaSignature)data2.getSignature())
.getKeyLocator().getKeyName();
String[] failureReason = new String[] { "unknown" };
Assert.AssertFalse(
"Hierarchical matcher matched short data name to long key name",
friendAccess.checkSignatureMatch(policyManager, signatureName1,
dataName1, matchedRule, failureReason));
Assert.AssertTrue(friendAccess.checkSignatureMatch(policyManager,
signatureName2, dataName2, matchedRule, failureReason));
keyChain.sign(data1, shortCertName);
keyChain.sign(data2, shortCertName);
signatureName1 = ((Sha256WithRsaSignature)data1.getSignature())
.getKeyLocator().getKeyName();
signatureName2 = ((Sha256WithRsaSignature)data1.getSignature())
.getKeyLocator().getKeyName();
Assert.AssertTrue(friendAccess.checkSignatureMatch(policyManager,
signatureName1, dataName1, matchedRule, failureReason));
Assert.AssertTrue(friendAccess.checkSignatureMatch(policyManager,
signatureName2, dataName2, matchedRule, failureReason));
}
public void testNameRelation()
{
ConfigPolicyManager policyManagerPrefix = new ConfigPolicyManager(
new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName, "relation_ruleset_prefix.conf")).FullName);
ConfigPolicyManager policyManagerStrict = new ConfigPolicyManager(
new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName, "relation_ruleset_strict.conf")).FullName);
ConfigPolicyManager policyManagerEqual = new ConfigPolicyManager(
new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName, "relation_ruleset_equal.conf")).FullName);
Name dataName = new Name("/TestRule1");
Assert.AssertNotNull("Prefix relation should match prefix name",
friendAccess.findMatchingRule(policyManagerPrefix, dataName,
"data"));
Assert.AssertNotNull("Equal relation should match prefix name",
friendAccess.findMatchingRule(policyManagerEqual, dataName,
"data"));
Assert.AssertNull("Strict-prefix relation should not match prefix name",
friendAccess.findMatchingRule(policyManagerStrict, dataName,
"data"));
dataName = new Name("/TestRule1/hi");
Assert.AssertNotNull("Prefix relation should match longer name",
friendAccess.findMatchingRule(policyManagerPrefix, dataName,
"data"));
Assert.AssertNull("Equal relation should not match longer name",
friendAccess.findMatchingRule(policyManagerEqual, dataName,
"data"));
Assert.AssertNotNull("Strict-prefix relation should match longer name",
friendAccess.findMatchingRule(policyManagerStrict, dataName,
"data"));
dataName = new Name("/Bad/TestRule1/");
Assert.AssertNull("Prefix relation should not match inner components",
friendAccess.findMatchingRule(policyManagerPrefix, dataName,
"data"));
Assert.AssertNull("Equal relation should not match inner components",
friendAccess.findMatchingRule(policyManagerEqual, dataName,
"data"));
Assert.AssertNull("Strict-prefix relation should not match inner components",
friendAccess.findMatchingRule(policyManagerStrict, dataName,
"data"));
}
public void setUp()
{
// Don't show INFO log messages.
ILOG.J2CsMapping.Util.Logging.Logger.getLogger("").setLevel(ILOG.J2CsMapping.Util.Logging.Level.WARNING);
policyConfigDirectory_ = net.named_data.jndn.tests.integration_tests.IntegrationTestsCommon
.getPolicyConfigDirectory();
testCertFile_ = new FileInfo(System.IO.Path.Combine(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName, "certs")).FullName, "test.cert"));
identityStorage_ = new MemoryIdentityStorage();
privateKeyStorage_ = new MemoryPrivateKeyStorage();
identityManager_ = new IdentityManager(identityStorage_,
privateKeyStorage_);
policyManager_ = new ConfigPolicyManager(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName, "simple_rules.conf")).FullName);
identityName_ = new Name("/TestConfigPolicyManager/temp");
// To match the anchor cert.
Name keyName = new Name(identityName_).append("ksk-1416010123");
identityStorage_.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob(
DEFAULT_RSA_PUBLIC_KEY_DER, false));
privateKeyStorage_.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER);
IdentityCertificate cert = identityManager_.selfSign(keyName);
identityStorage_.setDefaultKeyNameForIdentity(keyName);
identityManager_.addCertificateAsDefault(cert);
face_ = new Face("localhost");
keyChain_ = new KeyChain(identityManager_, policyManager_);
keyName_ = keyName;
net.named_data.jndn.security.policy.ConfigPolicyManager.setFriendAccess(this);
}
