security: using new security interfaces of ndn-cpp, such as SecPolicy
Change-Id: Id22c8e711bee7c3723076eda7a3f96c72ca7707c
diff --git a/src/sec-policy-chrono-chat-panel.h b/src/sec-policy-chrono-chat-panel.h
new file mode 100644
index 0000000..991195f
--- /dev/null
+++ b/src/sec-policy-chrono-chat-panel.h
@@ -0,0 +1,101 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013, Regents of the University of California
+ * Yingdi Yu
+ *
+ * BSD license, See the LICENSE file for more information
+ *
+ * Author: Yingdi Yu <yingdi@cs.ucla.edu>
+ */
+
+#ifndef SEC_POLICY_CHRONO_CHAT_PANEL_H
+#define SEC_POLICY_CHRONO_CHAT_PANEL_H
+
+#include <ndn-cpp/security/sec-policy.hpp>
+#include <ndn-cpp-et/policy/sec-rule-identity.hpp>
+#include <ndn-cpp-et/cache/ttl-certificate-cache.hpp>
+#include <map>
+
+#include "endorse-certificate.h"
+
+class SecPolicyChronoChatPanel : public ndn::SecPolicy
+{
+public:
+ SecPolicyChronoChatPanel(const int & stepLimit = 10);
+
+ ~SecPolicyChronoChatPanel()
+ {}
+
+ /**
+ * @brief check if the received data packet can escape from verification
+ * @param data the received data packet
+ * @return true if the data does not need to be verified, otherwise false
+ */
+ bool
+ skipVerifyAndTrust (const ndn::Data & data);
+
+ /**
+ * @brief check if PolicyManager has the verification rule for the received data
+ * @param data the received data packet
+ * @return true if the data must be verified, otherwise false
+ */
+ bool
+ requireVerify (const ndn::Data & data);
+
+ /**
+ * @brief check whether received data packet complies with the verification policy, and get the indication of next verification step
+ * @param data the received data packet
+ * @param stepCount the number of verification steps that have been done, used to track the verification progress
+ * @param verifiedCallback the callback function that will be called if the received data packet has been validated
+ * @param unverifiedCallback the callback function that will be called if the received data packet cannot be validated
+ * @return the indication of next verification step, NULL if there is no further step
+ */
+ ndn::ptr_lib::shared_ptr<ndn::ValidationRequest>
+ checkVerificationPolicy(const ndn::ptr_lib::shared_ptr<ndn::Data>& data,
+ int stepCount,
+ const ndn::OnVerified& onVerified,
+ const ndn::OnVerifyFailed& onVerifyFailed);
+
+
+ /**
+ * @brief check if the signing certificate name and data name satify the signing policy
+ * @param dataName the name of data to be signed
+ * @param certificateName the name of signing certificate
+ * @return true if the signing certificate can be used to sign the data, otherwise false
+ */
+ bool
+ checkSigningPolicy(const ndn::Name & dataName, const ndn::Name & certificateName);
+
+ /**
+ * @brief Infer signing identity name according to policy, if the signing identity cannot be inferred, it should return empty name
+ * @param dataName, the name of data to be signed
+ * @return the signing identity.
+ */
+ ndn::Name
+ inferSigningIdentity(const ndn::Name & dataName);
+
+
+ void
+ addTrustAnchor(const EndorseCertificate& selfEndorseCertificate);
+
+ void
+ removeTrustAnchor(const ndn::Name& keyName);
+
+ ndn::ptr_lib::shared_ptr<ndn::PublicKey>
+ getTrustedKey(const ndn::Name& inviterCertName);
+
+private:
+ int m_stepLimit;
+ ndn::TTLCertificateCache m_certificateCache;
+ ndn::ptr_lib::shared_ptr<ndn::Regex> m_localPrefixRegex;
+ ndn::ptr_lib::shared_ptr<ndn::SecRuleIdentity> m_invitationDataSigningRule;
+ ndn::ptr_lib::shared_ptr<ndn::Regex> m_kskRegex;
+ ndn::ptr_lib::shared_ptr<ndn::SecRuleIdentity> m_dskRule;
+ ndn::ptr_lib::shared_ptr<ndn::SecRuleIdentity> m_endorseeRule;
+ ndn::ptr_lib::shared_ptr<ndn::Regex> m_keyNameRegex;
+ ndn::ptr_lib::shared_ptr<ndn::Regex> m_signingCertificateRegex;
+ std::map<ndn::Name, ndn::PublicKey, ndn::Name::BreadthFirstLess> m_trustAnchors;
+
+};
+
+#endif