blob: 2197d66ca91cbaa4e70b66675e3d9201554986bf [file] [log] [blame]
Yingdi Yufa4ce792014-02-06 18:09:22 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * Yingdi Yu
5 *
6 * BSD license, See the LICENSE file for more information
7 *
8 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
9 */
10
11#include "validator-panel.h"
12
13#include "logging.h"
14
15using namespace std;
16using namespace ndn;
Yingdi Yufa4ce792014-02-06 18:09:22 -080017
18INIT_LOGGER("ValidatorPanel");
19
20namespace chronos{
21
Yingdi Yu17032f82014-03-25 15:48:23 -070022using ndn::shared_ptr;
23
Yingdi Yufa4ce792014-02-06 18:09:22 -080024const shared_ptr<CertificateCache> ValidatorPanel::DEFAULT_CERT_CACHE = shared_ptr<CertificateCache>();
25
26ValidatorPanel::ValidatorPanel(int stepLimit /* = 10 */,
27 const shared_ptr<CertificateCache> certificateCache/* = DEFAULT_CERT_CACHE */)
28 : m_stepLimit(stepLimit)
29 , m_certificateCache(certificateCache)
30{
31 m_endorseeRule = make_shared<SecRuleRelative>("^([^<DNS>]*)<DNS><>*<ENDORSEE><>$",
32 "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$",
33 "==", "\\1", "\\1\\2", true);
34}
35
36
37
38void
39ValidatorPanel::checkPolicy (const Data& data,
40 int stepCount,
41 const OnDataValidated& onValidated,
42 const OnDataValidationFailed& onValidationFailed,
Yingdi Yu17032f82014-03-25 15:48:23 -070043 std::vector<shared_ptr<ValidationRequest> >& nextSteps)
Yingdi Yufa4ce792014-02-06 18:09:22 -080044{
45 if(m_stepLimit == stepCount)
46 {
47 _LOG_ERROR("Reach the maximum steps of verification!");
Yingdi Yu348f5ea2014-03-01 14:47:25 -080048 onValidationFailed(data.shared_from_this(),
49 "Reach maximum validation steps: " + data.getName().toUri());
Yingdi Yufa4ce792014-02-06 18:09:22 -080050 return;
51 }
52
Yingdi Yu348f5ea2014-03-01 14:47:25 -080053 try
54 {
55 SignatureSha256WithRsa sig(data.getSignature());
56 const Name& keyLocatorName = sig.getKeyLocator().getName();
Yingdi Yufa4ce792014-02-06 18:09:22 -080057
Yingdi Yu348f5ea2014-03-01 14:47:25 -080058 if(m_endorseeRule->satisfy(data.getName(), keyLocatorName))
59 {
60 Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
Yingdi Yufa4ce792014-02-06 18:09:22 -080061
Yingdi Yu348f5ea2014-03-01 14:47:25 -080062 if(m_trustAnchors.end() != m_trustAnchors.find(keyName) && Validator::verifySignature(data, sig, m_trustAnchors[keyName]))
63 onValidated(data.shared_from_this());
64 else
65 onValidationFailed(data.shared_from_this(), "Cannot verify signature:" + data.getName().toUri());
66 }
67 else
68 onValidationFailed(data.shared_from_this(), "Does not satisfy rule: " + data.getName().toUri());
Yingdi Yufa4ce792014-02-06 18:09:22 -080069
Yingdi Yu348f5ea2014-03-01 14:47:25 -080070 return;
71 }
72 catch(SignatureSha256WithRsa::Error &e)
73 {
74 return onValidationFailed(data.shared_from_this(),
75 "Not SignatureSha256WithRsa signature: " + data.getName().toUri());
76 }
77 catch(KeyLocator::Error &e)
78 {
79 return onValidationFailed(data.shared_from_this(),
80 "Key Locator is not a name: " + data.getName().toUri());
81 }
Yingdi Yufa4ce792014-02-06 18:09:22 -080082}
83
84}//chronos