Add InvitationPolicyManager
diff --git a/src/invitation-policy-manager.cpp b/src/invitation-policy-manager.cpp
new file mode 100644
index 0000000..3c87c46
--- /dev/null
+++ b/src/invitation-policy-manager.cpp
@@ -0,0 +1,184 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013, Regents of the University of California
+ * Yingdi Yu
+ *
+ * BSD license, See the LICENSE file for more information
+ *
+ * Author: Yingdi Yu <yingdi@cs.ucla.edu>
+ */
+
+#include "invitation-policy-manager.h"
+#include "logging.h"
+
+using namespace std;
+using namespace ndn;
+using namespace ndn::security;
+
+INIT_LOGGER("InvitationPolicyManager");
+
+InvitationPolicyManager::InvitationPolicyManager(const int & stepLimit,
+ Ptr<CertificateCache> certificateCache,
+ Name signingIdentity)
+ : m_stepLimit(stepLimit)
+ , m_certificateCache(certificateCache)
+ , m_localPrefixRegex(Ptr<Regex>(new Regex("^<local><ndn><prefix><><>$")))
+{
+ m_invitationDataRule = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^<ndn><broadcast><chronos><invitation>([^<chatroom>]*)<chatroom>",
+ "^([^<KEY>]*)<KEY><DSK-.*><ID-CERT>$",
+ "==", "\\1", "\\1", true));
+
+ m_dskRule = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY><DSK-.*><ID-CERT>$",
+ "^([^<KEY>]*)<KEY>(<>*)<KSK-.*><ID-CERT>$",
+ "==", "\\1", "\\1\\2", true));
+ m_signingCertificateRegex = Ptr<Regex>(new Regex("^<ndn><broadcast><chronos><invitation>([^<chatroom>]*)<chatroom>", "\\1"));
+}
+
+bool
+InvitationPolicyManager::skipVerifyAndTrust (const Data & data)
+{
+ if(m_localPrefixRegex->match(data.getName()))
+ return true;
+
+ return false;
+}
+
+bool
+InvitationPolicyManager::requireVerify (const Data & data)
+{
+ if(m_invitationDataRule->matchDataName(data))
+ return true;
+
+ if(m_dskRule->matchDataName(data))
+ return true;
+
+ return false;
+}
+
+Ptr<ValidationRequest>
+InvitationPolicyManager::checkVerificationPolicy(Ptr<Data> data,
+ const int & stepCount,
+ const DataCallback& verifiedCallback,
+ const UnverifiedCallback& unverifiedCallback)
+{
+ if(m_stepLimit == stepCount)
+ {
+ _LOG_DEBUG("reach the maximum steps of verification");
+ unverifiedCallback(data);
+ return NULL;
+ }
+
+ Ptr<const signature::Sha256WithRsa> sha256sig = boost::dynamic_pointer_cast<const signature::Sha256WithRsa> (data->getSignature());
+
+ if(KeyLocator::KEYNAME != sha256sig->getKeyLocator().getType())
+ {
+ unverifiedCallback(data);
+ return NULL;
+ }
+
+ const Name & keyLocatorName = sha256sig->getKeyLocator().getKeyName();
+
+ if(m_invitationDataRule->satisfy(*data))
+ {
+ Ptr<const IdentityCertificate> trustedCert = m_certificateCache->getCertificate(keyLocatorName);
+
+ if(NULL != trustedCert){
+ if(verifySignature(*data, trustedCert->getPublicKeyInfo()))
+ verifiedCallback(data);
+ else
+ unverifiedCallback(data);
+
+ return NULL;
+ }
+ else{
+ _LOG_DEBUG("KeyLocator has not been cached and validated!");
+
+ DataCallback recursiveVerifiedCallback = boost::bind(&InvitationPolicyManager::onCertificateVerified,
+ this,
+ _1,
+ data,
+ verifiedCallback,
+ unverifiedCallback);
+
+ UnverifiedCallback recursiveUnverifiedCallback = boost::bind(&InvitationPolicyManager::onCertificateUnverified,
+ this,
+ _1,
+ data,
+ unverifiedCallback);
+
+
+ Ptr<Interest> interest = Ptr<Interest>(new Interest(sha256sig->getKeyLocator().getKeyName()));
+
+ Ptr<ValidationRequest> nextStep = Ptr<ValidationRequest>(new ValidationRequest(interest,
+ recursiveVerifiedCallback,
+ recursiveUnverifiedCallback,
+ 0,
+ stepCount + 1)
+ );
+ return nextStep;
+ }
+ }
+
+ if(m_dskRule->satisfy(*data))
+ {
+ Ptr<IdentityCertificate> trustedCert;
+ if(m_trustAnchors.end() != m_trustAnchors.find(keyLocatorName))
+ trustedCert = m_trustAnchors[keyLocatorName];
+ else
+ {
+ unverifiedCallback(data);
+ return NULL;
+ }
+
+ if(verifySignature(*data, trustedCert->getPublicKeyInfo()))
+ verifiedCallback(data);
+ else
+ unverifiedCallback(data);
+
+ return NULL;
+ }
+}
+
+void
+InvitationPolicyManager::onCertificateVerified(Ptr<Data> certData,
+ Ptr<Data> originalData,
+ const DataCallback& verifiedCallback,
+ const UnverifiedCallback& unverifiedCallback)
+{
+ IdentityCertificate certificate(*certData);
+
+ if(verifySignature(*originalData, certificate.getPublicKeyInfo()))
+ verifiedCallback(originalData);
+ else
+ unverifiedCallback(originalData);
+
+ return NULL;
+}
+
+void
+InvitationPolicyManager::onCertificateUnverified(Ptr<Data> certData,
+ Ptr<Data> originalData,
+ const UnverifiedCallback& unverifiedCallback)
+{ unverifiedCallback(originalData); }
+
+bool
+InvitationPolicyManager::checkSigningPolicy(const Name & dataName, const Name & certificateName)
+{
+ return m_invitationDataRule->satisfy(dataName, certificateName);
+}
+
+Name
+InvitationPolicyManager::inferSigningIdentity(const Name & dataName)
+{
+ if(m_signingCertificateRegex->match(data))
+ return m_signingCertificateRegex->expand();
+ else
+ return Name();
+}
+
+void
+InvitationPolicyManager::addTrustAnchor(Ptr<IdentityCertificate> ksk)
+{
+ Name name = ksk->getName();
+ m_cache.insert(pair <Name, Ptr<IdentityCertificate> > (name, ksk));
+}
diff --git a/src/invitation-policy-manager.h b/src/invitation-policy-manager.h
new file mode 100644
index 0000000..5684138
--- /dev/null
+++ b/src/invitation-policy-manager.h
@@ -0,0 +1,103 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013, Regents of the University of California
+ * Yingdi Yu
+ *
+ * BSD license, See the LICENSE file for more information
+ *
+ * Author: Yingdi Yu <yingdi@cs.ucla.edu>
+ */
+
+#ifndef INVITATION_POLICY_MANAGER_H
+#define INVITATION_POLICY_MANAGER_H
+
+#include <ndn.cxx/security/policy/policy-manager.h>
+#include <ndn.cxx/security/policy/identity-policy-rule.h>
+#include <map>
+
+class InvitationPolicyManager : ndn::security::PolicyManager
+{
+public:
+ InvitationPolicyManager(const int & stepLimit,
+ ndn::Ptr<ndn::security::CertificateCache> certificateCache,
+ ndn::Name signingIdentity);
+
+ ~InvitationPolicyManager()
+ {}
+
+ /**
+ * @brief check if the received data packet can escape from verification
+ * @param data the received data packet
+ * @return true if the data does not need to be verified, otherwise false
+ */
+ bool
+ skipVerifyAndTrust (const ndn::Data & data);
+
+ /**
+ * @brief check if PolicyManager has the verification rule for the received data
+ * @param data the received data packet
+ * @return true if the data must be verified, otherwise false
+ */
+ bool
+ requireVerify (const ndn::Data & data);
+
+ /**
+ * @brief check whether received data packet complies with the verification policy, and get the indication of next verification step
+ * @param data the received data packet
+ * @param stepCount the number of verification steps that have been done, used to track the verification progress
+ * @param verifiedCallback the callback function that will be called if the received data packet has been validated
+ * @param unverifiedCallback the callback function that will be called if the received data packet cannot be validated
+ * @return the indication of next verification step, NULL if there is no further step
+ */
+ Ptr<ValidationRequest>
+ checkVerificationPolicy(ndn::Ptr<ndn::Data> data,
+ const int & stepCount,
+ const ndn::DataCallback& verifiedCallback,
+ const ndn::UnverifiedCallback& unverifiedCallback);
+
+
+ /**
+ * @brief check if the signing certificate name and data name satify the signing policy
+ * @param dataName the name of data to be signed
+ * @param certificateName the name of signing certificate
+ * @return true if the signing certificate can be used to sign the data, otherwise false
+ */
+ bool
+ checkSigningPolicy(const ndn::Name & dataName, const ndn::Name & certificateName);
+
+ /**
+ * @brief Infer signing identity name according to policy, if the signing identity cannot be inferred, it should return empty name
+ * @param dataName, the name of data to be signed
+ * @return the signing identity.
+ */
+ Name
+ inferSigningIdentity(const ndn::Name & dataName);
+
+
+ void
+ addTrustAnchor(ndn::Ptr<ndn::security::IdentityCertificate> ksk);
+
+private:
+ void
+ onCertificateVerified(ndn::Ptr<ndn::Data> certData,
+ ndn::Ptr<ndn::Data> originalData,
+ const ndn::DataCallback& verifiedCallback,
+ const ndn::UnverifiedCallback& unverifiedCallback);
+
+ void
+ onCertificateUnverified(ndn::Ptr<ndn::Data> certData,
+ ndn::Ptr<ndn::Data> originalData,
+ const ndn::UnverifiedCallback& unverifiedCallback);
+
+private:
+ int m_stepLimit;
+ ndn::Ptr<ndn::security::CertificateCache> m_certificateCache;
+ ndn::Ptr<ndn::Regex> m_localPrefixRegex;
+ ndn::Ptr<ndn::IdentityPolicyRule> m_invitationDataRule;
+ ndn::Ptr<ndn::IdentityPolicyRule> m_dskRule;
+ ndn::Ptr<ndn::Regex> m_signingCertificateRegex;
+ std::map<ndn::Name, ndn::Ptr<ndn::security::IdentityCertificate> > m_trustAnchors;
+
+};
+
+#endif