blob: 394f8ee9f4ce664761baa7202a8648650f3bb7a1 [file] [log] [blame]
Yingdi Yuad3f6cd2013-10-23 15:09:15 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * Yingdi Yu
5 *
6 * BSD license, See the LICENSE file for more information
7 *
8 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
9 */
10
11#include "chatroom-policy-manager.h"
12
13#include <ndn.cxx/security/cache/ttl-certificate-cache.h>
14
15#include "logging.h"
16
17using namespace std;
18using namespace ndn;
19using namespace ndn::security;
20
21INIT_LOGGER("ChatroomPolicyManager");
22
23ChatroomPolicyManager::ChatroomPolicyManager(int stepLimit,
24 Ptr<CertificateCache> certificateCache)
25 : m_stepLimit(stepLimit)
26 , m_certificateCache(certificateCache)
27{
28 if(m_certificateCache == NULL)
29 m_certificateCache = Ptr<TTLCertificateCache>(new TTLCertificateCache());
30
31 m_invitationPolicyRule = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^<ndn><broadcast><chronos><invitation>([^<chatroom>]*)<chatroom>",
32 "^([^<KEY>]*)<KEY><DSK-.*><ID-CERT><>$",
33 "==", "\\1", "\\1", true));
34
35 m_dskRule = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY><DSK-.*><ID-CERT><>$",
36 "^([^<KEY>]*)<KEY>(<>*)<KSK-.*><ID-CERT><>$",
37 "==", "\\1", "\\1\\2", true));
38
39 m_keyNameRegex = Ptr<Regex>(new Regex("^([^<KEY>]*)<KEY>(<>*<KSK-.*>)<ID-CERT><>$", "\\1\\2"));
40}
41
42ChatroomPolicyManager::~ChatroomPolicyManager()
43{}
44
45bool
46ChatroomPolicyManager::skipVerifyAndTrust (const Data& data)
47{ return false; }
48
49bool
50ChatroomPolicyManager::requireVerify (const Data& data)
51{ return true; }
52
53Ptr<ValidationRequest>
54ChatroomPolicyManager::checkVerificationPolicy(Ptr<Data> data,
55 const int& stepCount,
56 const DataCallback& verifiedCallback,
57 const UnverifiedCallback& unverifiedCallback)
58{
59 if(m_stepLimit == stepCount)
60 {
61 _LOG_DEBUG("reach the maximum steps of verification");
62 unverifiedCallback(data);
63 return NULL;
64 }
65
66 Ptr<const signature::Sha256WithRsa> sha256sig = boost::dynamic_pointer_cast<const signature::Sha256WithRsa> (data->getSignature());
67
68 if(KeyLocator::KEYNAME != sha256sig->getKeyLocator().getType())
69 {
70 unverifiedCallback(data);
71 return NULL;
72 }
73
74 const Name & keyLocatorName = sha256sig->getKeyLocator().getKeyName();
75
76 if(m_invitationPolicyRule->satisfy(*data))
77 {
78 Ptr<const IdentityCertificate> trustedCert = m_certificateCache->getCertificate(keyLocatorName);
79
80 if(NULL != trustedCert){
81 if(verifySignature(*data, trustedCert->getPublicKeyInfo()))
82 verifiedCallback(data);
83 else
84 unverifiedCallback(data);
85
86 return NULL;
87 }
88 else{
89 _LOG_DEBUG("KeyLocator has not been cached and validated!");
90
91 DataCallback recursiveVerifiedCallback = boost::bind(&ChatroomPolicyManager::onCertificateVerified,
92 this,
93 _1,
94 data,
95 verifiedCallback,
96 unverifiedCallback);
97
98 UnverifiedCallback recursiveUnverifiedCallback = boost::bind(&ChatroomPolicyManager::onCertificateUnverified,
99 this,
100 _1,
101 data,
102 unverifiedCallback);
103
104
105 Ptr<Interest> interest = Ptr<Interest>(new Interest(keyLocatorName));
106
107 Ptr<ValidationRequest> nextStep = Ptr<ValidationRequest>(new ValidationRequest(interest,
108 recursiveVerifiedCallback,
109 recursiveUnverifiedCallback,
110 0,
111 stepCount + 1)
112 );
113 return nextStep;
114 }
115 }
116
117 if(m_dskRule->satisfy(*data))
118 {
119 m_keyNameRegex->match(keyLocatorName);
120 Name keyName = m_keyNameRegex->expand();
121
122 if(m_trustAnchors.end() != m_trustAnchors.find(keyName))
123 if(verifySignature(*data, m_trustAnchors[keyName]))
124 verifiedCallback(data);
125 else
126 unverifiedCallback(data);
127 else
128 unverifiedCallback(data);
129
130 return NULL;
131 }
132
133 unverifiedCallback(data);
134 return NULL;
135}
136
137bool
138ChatroomPolicyManager::checkSigningPolicy(const Name& dataName,
139 const Name& certificateName)
140{
141 //TODO:
142}
143
144Name
145ChatroomPolicyManager::inferSigningIdentity(const Name& dataName)
146{
147 //TODO:
148}
149
150void
151ChatroomPolicyManager::addTrustAnchor(const EndorseCertificate& selfEndorseCertificate)
152{ m_trustAnchors.insert(pair <Name, Publickey > (selfEndorseCertificate.getPublicKeyName(), selfEndorseCertificate.getPublicKeyInfo())); }
153
154void
155ChatroomPolicyManager::onCertificateVerified(Ptr<Data> certData,
156 Ptr<Data> originalData,
157 const DataCallback& verifiedCallback,
158 const UnverifiedCallback& unverifiedCallback)
159{
160 Ptr<IdentityCertificate> certificate = Ptr<IdentityCertificate>(new IdentityCertificate(*certData));
161 m_certificateCache->insertCertificate(certificate);
162
163 if(verifySignature(*originalData, certificate->getPublicKeyInfo()))
164 verifiedCallback(originalData);
165 else
166 unverifiedCallback(originalData);
167}
168
169void
170ChatroomPolicyManager::onCertificateUnverified(Ptr<Data> certData,
171 Ptr<Data> originalData,
172 const UnverifiedCallback& unverifiedCallback)
173{ unverifiedCallback(originalData); }
174