blob: 5684138babd1981a76d610df293e978c75a77a5a [file] [log] [blame]
Yingdi Yu1ec26de2013-10-22 16:59:43 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * Yingdi Yu
5 *
6 * BSD license, See the LICENSE file for more information
7 *
8 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
9 */
10
11#ifndef INVITATION_POLICY_MANAGER_H
12#define INVITATION_POLICY_MANAGER_H
13
14#include <ndn.cxx/security/policy/policy-manager.h>
15#include <ndn.cxx/security/policy/identity-policy-rule.h>
16#include <map>
17
18class InvitationPolicyManager : ndn::security::PolicyManager
19{
20public:
21 InvitationPolicyManager(const int & stepLimit,
22 ndn::Ptr<ndn::security::CertificateCache> certificateCache,
23 ndn::Name signingIdentity);
24
25 ~InvitationPolicyManager()
26 {}
27
28 /**
29 * @brief check if the received data packet can escape from verification
30 * @param data the received data packet
31 * @return true if the data does not need to be verified, otherwise false
32 */
33 bool
34 skipVerifyAndTrust (const ndn::Data & data);
35
36 /**
37 * @brief check if PolicyManager has the verification rule for the received data
38 * @param data the received data packet
39 * @return true if the data must be verified, otherwise false
40 */
41 bool
42 requireVerify (const ndn::Data & data);
43
44 /**
45 * @brief check whether received data packet complies with the verification policy, and get the indication of next verification step
46 * @param data the received data packet
47 * @param stepCount the number of verification steps that have been done, used to track the verification progress
48 * @param verifiedCallback the callback function that will be called if the received data packet has been validated
49 * @param unverifiedCallback the callback function that will be called if the received data packet cannot be validated
50 * @return the indication of next verification step, NULL if there is no further step
51 */
52 Ptr<ValidationRequest>
53 checkVerificationPolicy(ndn::Ptr<ndn::Data> data,
54 const int & stepCount,
55 const ndn::DataCallback& verifiedCallback,
56 const ndn::UnverifiedCallback& unverifiedCallback);
57
58
59 /**
60 * @brief check if the signing certificate name and data name satify the signing policy
61 * @param dataName the name of data to be signed
62 * @param certificateName the name of signing certificate
63 * @return true if the signing certificate can be used to sign the data, otherwise false
64 */
65 bool
66 checkSigningPolicy(const ndn::Name & dataName, const ndn::Name & certificateName);
67
68 /**
69 * @brief Infer signing identity name according to policy, if the signing identity cannot be inferred, it should return empty name
70 * @param dataName, the name of data to be signed
71 * @return the signing identity.
72 */
73 Name
74 inferSigningIdentity(const ndn::Name & dataName);
75
76
77 void
78 addTrustAnchor(ndn::Ptr<ndn::security::IdentityCertificate> ksk);
79
80private:
81 void
82 onCertificateVerified(ndn::Ptr<ndn::Data> certData,
83 ndn::Ptr<ndn::Data> originalData,
84 const ndn::DataCallback& verifiedCallback,
85 const ndn::UnverifiedCallback& unverifiedCallback);
86
87 void
88 onCertificateUnverified(ndn::Ptr<ndn::Data> certData,
89 ndn::Ptr<ndn::Data> originalData,
90 const ndn::UnverifiedCallback& unverifiedCallback);
91
92private:
93 int m_stepLimit;
94 ndn::Ptr<ndn::security::CertificateCache> m_certificateCache;
95 ndn::Ptr<ndn::Regex> m_localPrefixRegex;
96 ndn::Ptr<ndn::IdentityPolicyRule> m_invitationDataRule;
97 ndn::Ptr<ndn::IdentityPolicyRule> m_dskRule;
98 ndn::Ptr<ndn::Regex> m_signingCertificateRegex;
99 std::map<ndn::Name, ndn::Ptr<ndn::security::IdentityCertificate> > m_trustAnchors;
100
101};
102
103#endif