Gitiles
Code Review Sign In
gerrit.named-data.net / ChronoChat / 678ca4b4e4e2eb117c7146088fbf279b70a2702c / . / src / invitation-policy-manager.cpp
blob: a8b75fb6b635f719cd95efcc270949497ca0791c [file] [log] [blame]
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * Yingdi Yu
5 *
6 * BSD license, See the LICENSE file for more information
7 *
8 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
9 */
10
11#include "invitation-policy-manager.h"
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]12
13#include <ndn.cxx/security/certificate/identity-certificate.h>
14#include <boost/bind.hpp>
15
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]16#include "logging.h"
17
18using namespace std;
19using namespace ndn;
20using namespace ndn::security;
21
22INIT_LOGGER("InvitationPolicyManager");
23
24InvitationPolicyManager::InvitationPolicyManager(const int & stepLimit,
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]25 Ptr<CertificateCache> certificateCache)
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]26 : m_stepLimit(stepLimit)
27 , m_certificateCache(certificateCache)
28 , m_localPrefixRegex(Ptr<Regex>(new Regex("^<local><ndn><prefix><><>$")))
29{
Yingdi Yuc4d08d22013-10-23 23:07:29 -0700[diff] [blame]30 m_invitationDataRule = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^<ndn><broadcast><chronos><invitation>([^<chatroom>]*)<chatroom>",
31 "^([^<KEY>]*)<KEY><DSK-.*><ID-CERT><>$",
32 "==", "\\1", "\\1", true));
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]33
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]34 m_dskRule = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY><DSK-.*><ID-CERT><>$",
35 "^([^<KEY>]*)<KEY>(<>*)<KSK-.*><ID-CERT><>$",
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]36 "==", "\\1", "\\1\\2", true));
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]37
38 m_keyNameRegex = Ptr<Regex>(new Regex("^([^<KEY>]*)<KEY>(<>*<KSK-.*>)<ID-CERT><>$", "\\1\\2"));
39
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]40 m_signingCertificateRegex = Ptr<Regex>(new Regex("^<ndn><broadcast><chronos><invitation>([^<chatroom>]*)<chatroom>", "\\1"));
41}
42
43bool
44InvitationPolicyManager::skipVerifyAndTrust (const Data & data)
45{
46 if(m_localPrefixRegex->match(data.getName()))
47 return true;
48
49 return false;
50}
51
52bool
53InvitationPolicyManager::requireVerify (const Data & data)
54{
Yingdi Yub6ea0022013-10-23 15:09:58 -0700[diff] [blame]55 // if(m_invitationDataRule->matchDataName(data))
56 // return true;
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]57
58 if(m_dskRule->matchDataName(data))
59 return true;
60
61 return false;
62}
63
64Ptr<ValidationRequest>
65InvitationPolicyManager::checkVerificationPolicy(Ptr<Data> data,
66 const int & stepCount,
67 const DataCallback& verifiedCallback,
68 const UnverifiedCallback& unverifiedCallback)
69{
70 if(m_stepLimit == stepCount)
71 {
72 _LOG_DEBUG("reach the maximum steps of verification");
73 unverifiedCallback(data);
74 return NULL;
75 }
76
77 Ptr<const signature::Sha256WithRsa> sha256sig = boost::dynamic_pointer_cast<const signature::Sha256WithRsa> (data->getSignature());
78
79 if(KeyLocator::KEYNAME != sha256sig->getKeyLocator().getType())
80 {
81 unverifiedCallback(data);
82 return NULL;
83 }
84
85 const Name & keyLocatorName = sha256sig->getKeyLocator().getKeyName();
86
Yingdi Yub6ea0022013-10-23 15:09:58 -0700[diff] [blame]87 // if(m_invitationDataRule->satisfy(*data))
88 // {
89 // Ptr<const IdentityCertificate> trustedCert = m_certificateCache->getCertificate(keyLocatorName);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]90
Yingdi Yub6ea0022013-10-23 15:09:58 -0700[diff] [blame]91 // if(NULL != trustedCert){
92 // if(verifySignature(*data, trustedCert->getPublicKeyInfo()))
93 // verifiedCallback(data);
94 // else
95 // unverifiedCallback(data);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]96
Yingdi Yub6ea0022013-10-23 15:09:58 -0700[diff] [blame]97 // return NULL;
98 // }
99 // else{
100 // _LOG_DEBUG("KeyLocator has not been cached and validated!");
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]101
Yingdi Yub6ea0022013-10-23 15:09:58 -0700[diff] [blame]102 // DataCallback recursiveVerifiedCallback = boost::bind(&InvitationPolicyManager::onCertificateVerified,
103 // this,
104 // _1,
105 // data,
106 // verifiedCallback,
107 // unverifiedCallback);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]108
Yingdi Yub6ea0022013-10-23 15:09:58 -0700[diff] [blame]109 // UnverifiedCallback recursiveUnverifiedCallback = boost::bind(&InvitationPolicyManager::onCertificateUnverified,
110 // this,
111 // _1,
112 // data,
113 // unverifiedCallback);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]114
115
Yingdi Yub6ea0022013-10-23 15:09:58 -0700[diff] [blame]116 // Ptr<Interest> interest = Ptr<Interest>(new Interest(sha256sig->getKeyLocator().getKeyName()));
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]117
Yingdi Yub6ea0022013-10-23 15:09:58 -0700[diff] [blame]118 // Ptr<ValidationRequest> nextStep = Ptr<ValidationRequest>(new ValidationRequest(interest,
119 // recursiveVerifiedCallback,
120 // recursiveUnverifiedCallback,
121 // 0,
122 // stepCount + 1)
123 // );
124 // return nextStep;
125 // }
126 // }
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]127
128 if(m_dskRule->satisfy(*data))
129 {
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]130 m_keyNameRegex->match(keyLocatorName);
131 Name keyName = m_keyNameRegex->expand();
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]132
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]133 if(m_trustAnchors.end() != m_trustAnchors.find(keyName))
134 if(verifySignature(*data, m_trustAnchors[keyName]))
135 verifiedCallback(data);
136 else
137 unverifiedCallback(data);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]138 else
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]139 unverifiedCallback(data);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]140
141 return NULL;
142 }
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]143
144 unverifiedCallback(data);
145 return NULL;
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]146}
147
Yingdi Yub6ea0022013-10-23 15:09:58 -0700[diff] [blame]148// void
149// InvitationPolicyManager::onCertificateVerified(Ptr<Data> certData,
150// Ptr<Data> originalData,
151// const DataCallback& verifiedCallback,
152// const UnverifiedCallback& unverifiedCallback)
153// {
154// IdentityCertificate certificate(*certData);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]155
Yingdi Yub6ea0022013-10-23 15:09:58 -0700[diff] [blame]156// if(verifySignature(*originalData, certificate.getPublicKeyInfo()))
157// verifiedCallback(originalData);
158// else
159// unverifiedCallback(originalData);
160// }
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]161
Yingdi Yub6ea0022013-10-23 15:09:58 -0700[diff] [blame]162// void
163// InvitationPolicyManager::onCertificateUnverified(Ptr<Data> certData,
164// Ptr<Data> originalData,
165// const UnverifiedCallback& unverifiedCallback)
166// { unverifiedCallback(originalData); }
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]167
168bool
169InvitationPolicyManager::checkSigningPolicy(const Name & dataName, const Name & certificateName)
170{
171 return m_invitationDataRule->satisfy(dataName, certificateName);
172}
173
174Name
175InvitationPolicyManager::inferSigningIdentity(const Name & dataName)
176{
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]177 if(m_signingCertificateRegex->match(dataName))
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]178 return m_signingCertificateRegex->expand();
179 else
180 return Name();
181}
182
183void
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]184InvitationPolicyManager::addTrustAnchor(const EndorseCertificate& selfEndorseCertificate)
185{ m_trustAnchors.insert(pair <Name, Publickey > (selfEndorseCertificate.getPublicKeyName(), selfEndorseCertificate.getPublicKeyInfo())); }