commit eaa84e27cf8441aa73dcca988b93314460c063d0
author Yingdi Yu <yuyingdi@gmail.com> Thu Jan 16 10:30:26 2014 -0800
committer Yingdi Yu <yuyingdi@gmail.com> Thu Jan 16 14:27:19 2014 -0800
tree 9dcbdd1f18a81c41b9fa03237b449b8438535fb1
parent c9ffa9fe5aa50c90843c96a120264bc0ad05dd50

security: using new security interfaces of ndn-cpp, such as SecPolicy

Change-Id: Id22c8e711bee7c3723076eda7a3f96c72ca7707c

src/sec-policy-chrono-chat-invitation.h

diff --git a/src/sec-policy-chrono-chat-invitation.h b/src/sec-policy-chrono-chat-invitation.h
new file mode 100644
index 0000000..8d9e898
--- /dev/null
+++ b/src/sec-policy-chrono-chat-invitation.h
@@ -0,0 +1,95 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013, Regents of the University of California
+ *                     Yingdi Yu
+ *
+ * BSD license, See the LICENSE file for more information
+ *
+ * Author: Yingdi Yu <yingdi@cs.ucla.edu>
+ */
+
+#ifndef SEC_POLICY_CHRONO_CHAT_INVITATION_H
+#define SEC_POLICY_CHRONO_CHAT_INVITATION_H
+
+#include <ndn-cpp/security/sec-policy.hpp>
+#include <ndn-cpp-et/policy/sec-rule-identity.hpp>
+#include <ndn-cpp-et/cache/ttl-certificate-cache.hpp>
+#include <ndn-cpp-et/regex/regex.hpp>
+#include <map>
+
+#include "endorse-certificate.h"
+#include "sec-rule-chrono-chat.h"
+
+class SecPolicyChronoChatInvitation : public ndn::SecPolicy
+{
+public:
+  SecPolicyChronoChatInvitation(const std::string& chatroomName,
+                                const ndn::Name& signingIdentity,
+                                int stepLimit = 10);
+  
+  virtual
+  ~SecPolicyChronoChatInvitation();
+
+  bool 
+  skipVerifyAndTrust (const ndn::Data& data);
+
+  bool
+  requireVerify (const ndn::Data& data);
+
+  ndn::ptr_lib::shared_ptr<ndn::ValidationRequest>
+  checkVerificationPolicy(const ndn::ptr_lib::shared_ptr<ndn::Data>& data, 
+                          int stepCount, 
+                          const ndn::OnVerified& onVerified,
+                          const ndn::OnVerifyFailed& onVerifyFailed);
+
+  bool 
+  checkSigningPolicy(const ndn::Name& dataName, 
+                     const ndn::Name& certificateName);
+    
+  ndn::Name 
+  inferSigningIdentity(const ndn::Name& dataName);
+
+  void
+  addTrustAnchor(const EndorseCertificate& selfEndorseCertificate);
+  
+  // void 
+  // addChatDataRule(const ndn::Name& prefix, 
+  //                 const ndn::security::IdentityCertificate identityCertificate);
+
+  ndn::ptr_lib::shared_ptr<ndn::IdentityCertificate> 
+  getValidatedDskCertificate(const ndn::Name& certName);
+
+private:
+  void 
+  onDskCertificateVerified(const ndn::ptr_lib::shared_ptr<ndn::Data>& certData, 
+                           ndn::ptr_lib::shared_ptr<ndn::Data> originalData,
+                           const ndn::OnVerified& onVerified, 
+                           const ndn::OnVerifyFailed& onVerifyFailed);
+
+  void
+  onDskCertificateVerifyFailed(const ndn::ptr_lib::shared_ptr<ndn::Data>& certData, 
+                               ndn::ptr_lib::shared_ptr<ndn::Data> originalData,
+                               const ndn::OnVerifyFailed& onVerifyFailed);
+
+private:
+  std::string m_chatroomName;
+  ndn::Name m_signingIdentity;
+
+  int m_stepLimit;
+
+  ndn::TTLCertificateCache m_certificateCache;
+
+  ndn::ptr_lib::shared_ptr<ndn::SecRuleIdentity> m_invitationPolicyRule;
+  ndn::ptr_lib::shared_ptr<ndn::SecRuleIdentity> m_dskRule;
+  std::map<ndn::Name, SecRuleChronoChat, ndn::Name::BreadthFirstLess> m_chatDataRules;
+
+  ndn::ptr_lib::shared_ptr<ndn::Regex> m_kskRegex;
+  ndn::ptr_lib::shared_ptr<ndn::Regex> m_keyNameRegex;
+
+  std::map<ndn::Name, ndn::PublicKey, ndn::Name::BreadthFirstLess> m_trustAnchors;
+
+  std::map<ndn::Name, ndn::ptr_lib::shared_ptr<ndn::IdentityCertificate>, ndn::Name::BreadthFirstLess> m_dskCertificates;
+
+};
+
+#endif //CHATROOM_POLICY_MANAGER_H