| Yingdi Yu | 42f6646 | 2013-10-31 17:38:22 -0700 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /* |
| 3 | * Copyright (c) 2013, Regents of the University of California |
| 4 | * Yingdi Yu |
| 5 | * |
| 6 | * BSD license, See the LICENSE file for more information |
| 7 | * |
| 8 | * Author: Yingdi Yu <yingdi@cs.ucla.edu> |
| 9 | */ |
| 10 | |
| Yingdi Yu | eaa84e2 | 2014-01-16 10:30:26 -0800 | [diff] [blame] | 11 | #ifndef SEC_POLICY_CHRONO_CHAT_PANEL_H |
| 12 | #define SEC_POLICY_CHRONO_CHAT_PANEL_H |
| Yingdi Yu | 42f6646 | 2013-10-31 17:38:22 -0700 | [diff] [blame] | 13 | |
| Yingdi Yu | 6df6125 | 2014-01-21 11:05:11 -0800 | [diff] [blame^] | 14 | #include <ndn-cpp-dev/security/sec-policy.hpp> |
| 15 | #include <ndn-cpp-et/policy/sec-rule-relative.hpp> |
| Yingdi Yu | 6420611 | 2013-12-24 11:16:32 +0800 | [diff] [blame] | 16 | #include <ndn-cpp-et/cache/ttl-certificate-cache.hpp> |
| Yingdi Yu | 42f6646 | 2013-10-31 17:38:22 -0700 | [diff] [blame] | 17 | #include <map> |
| 18 | |
| 19 | #include "endorse-certificate.h" |
| 20 | |
| Yingdi Yu | eaa84e2 | 2014-01-16 10:30:26 -0800 | [diff] [blame] | 21 | class SecPolicyChronoChatPanel : public ndn::SecPolicy |
| Yingdi Yu | 42f6646 | 2013-10-31 17:38:22 -0700 | [diff] [blame] | 22 | { |
| 23 | public: |
| Yingdi Yu | eaa84e2 | 2014-01-16 10:30:26 -0800 | [diff] [blame] | 24 | SecPolicyChronoChatPanel(const int & stepLimit = 10); |
| Yingdi Yu | 42f6646 | 2013-10-31 17:38:22 -0700 | [diff] [blame] | 25 | |
| Yingdi Yu | eaa84e2 | 2014-01-16 10:30:26 -0800 | [diff] [blame] | 26 | ~SecPolicyChronoChatPanel() |
| Yingdi Yu | 42f6646 | 2013-10-31 17:38:22 -0700 | [diff] [blame] | 27 | {} |
| 28 | |
| 29 | /** |
| 30 | * @brief check if the received data packet can escape from verification |
| 31 | * @param data the received data packet |
| 32 | * @return true if the data does not need to be verified, otherwise false |
| 33 | */ |
| 34 | bool |
| 35 | skipVerifyAndTrust (const ndn::Data & data); |
| 36 | |
| 37 | /** |
| 38 | * @brief check if PolicyManager has the verification rule for the received data |
| 39 | * @param data the received data packet |
| 40 | * @return true if the data must be verified, otherwise false |
| 41 | */ |
| 42 | bool |
| 43 | requireVerify (const ndn::Data & data); |
| 44 | |
| 45 | /** |
| 46 | * @brief check whether received data packet complies with the verification policy, and get the indication of next verification step |
| 47 | * @param data the received data packet |
| 48 | * @param stepCount the number of verification steps that have been done, used to track the verification progress |
| 49 | * @param verifiedCallback the callback function that will be called if the received data packet has been validated |
| 50 | * @param unverifiedCallback the callback function that will be called if the received data packet cannot be validated |
| 51 | * @return the indication of next verification step, NULL if there is no further step |
| 52 | */ |
| Yingdi Yu | 6420611 | 2013-12-24 11:16:32 +0800 | [diff] [blame] | 53 | ndn::ptr_lib::shared_ptr<ndn::ValidationRequest> |
| 54 | checkVerificationPolicy(const ndn::ptr_lib::shared_ptr<ndn::Data>& data, |
| 55 | int stepCount, |
| 56 | const ndn::OnVerified& onVerified, |
| 57 | const ndn::OnVerifyFailed& onVerifyFailed); |
| Yingdi Yu | 42f6646 | 2013-10-31 17:38:22 -0700 | [diff] [blame] | 58 | |
| 59 | |
| 60 | /** |
| 61 | * @brief check if the signing certificate name and data name satify the signing policy |
| 62 | * @param dataName the name of data to be signed |
| 63 | * @param certificateName the name of signing certificate |
| 64 | * @return true if the signing certificate can be used to sign the data, otherwise false |
| 65 | */ |
| 66 | bool |
| 67 | checkSigningPolicy(const ndn::Name & dataName, const ndn::Name & certificateName); |
| 68 | |
| 69 | /** |
| 70 | * @brief Infer signing identity name according to policy, if the signing identity cannot be inferred, it should return empty name |
| 71 | * @param dataName, the name of data to be signed |
| 72 | * @return the signing identity. |
| 73 | */ |
| 74 | ndn::Name |
| 75 | inferSigningIdentity(const ndn::Name & dataName); |
| 76 | |
| 77 | |
| 78 | void |
| 79 | addTrustAnchor(const EndorseCertificate& selfEndorseCertificate); |
| 80 | |
| Yingdi Yu | 6ea54e4 | 2013-11-12 17:50:21 -0800 | [diff] [blame] | 81 | void |
| 82 | removeTrustAnchor(const ndn::Name& keyName); |
| 83 | |
| Yingdi Yu | 6420611 | 2013-12-24 11:16:32 +0800 | [diff] [blame] | 84 | ndn::ptr_lib::shared_ptr<ndn::PublicKey> |
| Yingdi Yu | 6b56f09 | 2013-11-10 11:54:02 -0800 | [diff] [blame] | 85 | getTrustedKey(const ndn::Name& inviterCertName); |
| 86 | |
| Yingdi Yu | 42f6646 | 2013-10-31 17:38:22 -0700 | [diff] [blame] | 87 | private: |
| 88 | int m_stepLimit; |
| Yingdi Yu | 6420611 | 2013-12-24 11:16:32 +0800 | [diff] [blame] | 89 | ndn::TTLCertificateCache m_certificateCache; |
| 90 | ndn::ptr_lib::shared_ptr<ndn::Regex> m_localPrefixRegex; |
| Yingdi Yu | 6df6125 | 2014-01-21 11:05:11 -0800 | [diff] [blame^] | 91 | ndn::ptr_lib::shared_ptr<ndn::SecRuleRelative> m_invitationDataSigningRule; |
| Yingdi Yu | 6420611 | 2013-12-24 11:16:32 +0800 | [diff] [blame] | 92 | ndn::ptr_lib::shared_ptr<ndn::Regex> m_kskRegex; |
| Yingdi Yu | 6df6125 | 2014-01-21 11:05:11 -0800 | [diff] [blame^] | 93 | ndn::ptr_lib::shared_ptr<ndn::SecRuleRelative> m_dskRule; |
| 94 | ndn::ptr_lib::shared_ptr<ndn::SecRuleRelative> m_endorseeRule; |
| Yingdi Yu | 6420611 | 2013-12-24 11:16:32 +0800 | [diff] [blame] | 95 | ndn::ptr_lib::shared_ptr<ndn::Regex> m_keyNameRegex; |
| 96 | ndn::ptr_lib::shared_ptr<ndn::Regex> m_signingCertificateRegex; |
| Yingdi Yu | 6df6125 | 2014-01-21 11:05:11 -0800 | [diff] [blame^] | 97 | std::map<ndn::Name, ndn::PublicKey> m_trustAnchors; |
| Yingdi Yu | 42f6646 | 2013-10-31 17:38:22 -0700 | [diff] [blame] | 98 | |
| 99 | }; |
| 100 | |
| 101 | #endif |