Gitiles
Code Review Sign In
gerrit.named-data.net / ChronoChat / 7989eb288166575327b9010c76ff5d1e5dc2fc00 / . / src / invitation-policy-manager.cpp
blob: 10929e30a53009ef36a62ffe8fc86a457731f0ce [file] [log] [blame]
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * Yingdi Yu
5 *
6 * BSD license, See the LICENSE file for more information
7 *
8 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
9 */
10
11#include "invitation-policy-manager.h"
Yingdi Yu978b3ae2013-10-23 11:50:51 -0700[diff] [blame]12
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]13#include <ndn.cxx/security/cache/ttl-certificate-cache.h>
Yingdi Yu978b3ae2013-10-23 11:50:51 -0700[diff] [blame]14
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]15#include "logging.h"
16
17using namespace std;
18using namespace ndn;
19using namespace ndn::security;
20
21INIT_LOGGER("InvitationPolicyManager");
22
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]23InvitationPolicyManager::InvitationPolicyManager(const string& chatroomName,
24 int stepLimit,
25 Ptr<CertificateCache> certificateCache)
26 : m_chatroomName(chatroomName)
27 , m_stepLimit(stepLimit)
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]28 , m_certificateCache(certificateCache)
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]29{
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]30 if(m_certificateCache == NULL)
31 m_certificateCache = Ptr<TTLCertificateCache>(new TTLCertificateCache());
32
33 m_invitationPolicyRule = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^<ndn><broadcast><chronos><invitation>([^<chatroom>]*)<chatroom>",
34 "^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>$",
35 "==", "\\1", "\\1", true));
36
37 m_dskRule = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY><dsk-.*><ID-CERT><>$",
38 "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$",
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]39 "==", "\\1", "\\1\\2", true));
Yingdi Yu978b3ae2013-10-23 11:50:51 -0700[diff] [blame]40
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]41 m_keyNameRegex = Ptr<Regex>(new Regex("^([^<KEY>]*)<KEY>(<>*<ksk-.*>)<ID-CERT>$", "\\1\\2"));
42}
Yingdi Yu978b3ae2013-10-23 11:50:51 -0700[diff] [blame]43
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]44InvitationPolicyManager::~InvitationPolicyManager()
45{}
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]46
47bool
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]48InvitationPolicyManager::skipVerifyAndTrust (const Data& data)
49{ return false; }
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]50
51bool
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]52InvitationPolicyManager::requireVerify (const Data& data)
53{ return true; }
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]54
55Ptr<ValidationRequest>
56InvitationPolicyManager::checkVerificationPolicy(Ptr<Data> data,
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]57 const int& stepCount,
58 const DataCallback& verifiedCallback,
59 const UnverifiedCallback& unverifiedCallback)
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]60{
61 if(m_stepLimit == stepCount)
62 {
63 _LOG_DEBUG("reach the maximum steps of verification");
64 unverifiedCallback(data);
65 return NULL;
66 }
67
68 Ptr<const signature::Sha256WithRsa> sha256sig = boost::dynamic_pointer_cast<const signature::Sha256WithRsa> (data->getSignature());
69
70 if(KeyLocator::KEYNAME != sha256sig->getKeyLocator().getType())
71 {
72 unverifiedCallback(data);
73 return NULL;
74 }
75
76 const Name & keyLocatorName = sha256sig->getKeyLocator().getKeyName();
77
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]78 if(m_invitationPolicyRule->satisfy(*data))
79 {
80 Ptr<const IdentityCertificate> trustedCert = m_certificateCache->getCertificate(keyLocatorName);
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]81
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]82 if(NULL != trustedCert){
83 if(verifySignature(*data, trustedCert->getPublicKeyInfo()))
84 verifiedCallback(data);
85 else
86 unverifiedCallback(data);
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]87
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]88 return NULL;
89 }
90 else{
91 _LOG_DEBUG("KeyLocator has not been cached and validated!");
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]92
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]93 DataCallback recursiveVerifiedCallback = boost::bind(&InvitationPolicyManager::onDskCertificateVerified,
94 this,
95 _1,
96 data,
97 verifiedCallback,
98 unverifiedCallback);
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]99
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]100 UnverifiedCallback recursiveUnverifiedCallback = boost::bind(&InvitationPolicyManager::onDskCertificateUnverified,
101 this,
102 _1,
103 data,
104 unverifiedCallback);
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]105
106
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]107 Ptr<Interest> interest = Ptr<Interest>(new Interest(keyLocatorName));
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]108
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]109 Ptr<ValidationRequest> nextStep = Ptr<ValidationRequest>(new ValidationRequest(interest,
110 recursiveVerifiedCallback,
111 recursiveUnverifiedCallback,
112 0,
113 stepCount + 1)
114 );
115 return nextStep;
116 }
117 }
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]118
119 if(m_dskRule->satisfy(*data))
120 {
Yingdi Yu978b3ae2013-10-23 11:50:51 -0700[diff] [blame]121 m_keyNameRegex->match(keyLocatorName);
122 Name keyName = m_keyNameRegex->expand();
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]123
Yingdi Yu978b3ae2013-10-23 11:50:51 -0700[diff] [blame]124 if(m_trustAnchors.end() != m_trustAnchors.find(keyName))
125 if(verifySignature(*data, m_trustAnchors[keyName]))
126 verifiedCallback(data);
127 else
128 unverifiedCallback(data);
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]129 else
Yingdi Yu978b3ae2013-10-23 11:50:51 -0700[diff] [blame]130 unverifiedCallback(data);
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]131
132 return NULL;
133 }
Yingdi Yu978b3ae2013-10-23 11:50:51 -0700[diff] [blame]134
135 unverifiedCallback(data);
136 return NULL;
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]137}
138
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]139bool
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]140InvitationPolicyManager::checkSigningPolicy(const Name& dataName,
141 const Name& certificateName)
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]142{
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]143 //TODO:
144 return true;
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]145}
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]146
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]147Name
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]148InvitationPolicyManager::inferSigningIdentity(const Name& dataName)
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]149{
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]150 //TODO:
151 return Name();
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700[diff] [blame]152}
153
154void
Yingdi Yu978b3ae2013-10-23 11:50:51 -0700[diff] [blame]155InvitationPolicyManager::addTrustAnchor(const EndorseCertificate& selfEndorseCertificate)
156{ m_trustAnchors.insert(pair <Name, Publickey > (selfEndorseCertificate.getPublicKeyName(), selfEndorseCertificate.getPublicKeyInfo())); }
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame^]157
158
159// void
160// InvitationPolicyManager::addChatDataRule(const Name& prefix,
161// const IdentityCertificate identityCertificate)
162// {
163// Name dataPrefix = prefix;
164// dataPrefix.append("chronos").append(m_chatroomName);
165// Ptr<Regex> dataRegex = Regex::fromName(prefix);
166// Name certName = identityCertificate.getName();
167// Name signerName = certName.getPrefix(certName.size()-1);
168// Ptr<Regex> signerRegex = Regex::fromName(signerName, true);
169
170// ChatPolicyRule rule(dataRegex, signerRegex);
171// map<Name, ChatPolicyRule>::iterator it = m_chatDataRules.find(dataPrefix);
172// if(it != m_chatDataRules.end())
173// it->second = rule;
174// else
175// m_chatDataRules.insert(pair <Name, ChatPolicyRule > (dataPrefix, rule));
176// }
177
178
179void
180InvitationPolicyManager::onDskCertificateVerified(Ptr<Data> certData,
181 Ptr<Data> originalData,
182 const DataCallback& verifiedCallback,
183 const UnverifiedCallback& unverifiedCallback)
184{
185 Ptr<IdentityCertificate> certificate = Ptr<IdentityCertificate>(new IdentityCertificate(*certData));
186
187 if(!certificate->isTooLate() && !certificate->isTooEarly())
188 {
189 Name certName = certificate->getName().getPrefix(certificate->getName().size()-1);
190 map<Name, Ptr<IdentityCertificate> >::iterator it = m_dskCertificates.find(certName);
191 if(it == m_dskCertificates.end())
192 m_dskCertificates.insert(pair <Name, Ptr<IdentityCertificate> > (certName, certificate));
193
194 if(verifySignature(*originalData, certificate->getPublicKeyInfo()))
195 {
196 verifiedCallback(originalData);
197 return;
198 }
199 }
200 else
201 {
202 unverifiedCallback(originalData);
203 return;
204 }
205}
206
207void
208InvitationPolicyManager::onDskCertificateUnverified(Ptr<Data> certData,
209 Ptr<Data> originalData,
210 const UnverifiedCallback& unverifiedCallback)
211{ unverifiedCallback(originalData); }
212
213Ptr<IdentityCertificate>
214InvitationPolicyManager::getValidatedDskCertificate(const ndn::Name& certName)
215{
216 map<Name, Ptr<IdentityCertificate> >::iterator it = m_dskCertificates.find(certName);
217 if(m_dskCertificates.end() != it)
218 return it->second;
219 else
220 return NULL;
221}