Gitiles
Code Review Sign In
gerrit.named-data.net / ChronoChat / c9ffa9fe5aa50c90843c96a120264bc0ad05dd50 / . / src / invitation-policy-manager.cpp
blob: dd7b33ccf9cd58ca20fb054b37cbe8af7c8b9988 [file] [log] [blame]
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * Yingdi Yu
5 *
6 * BSD license, See the LICENSE file for more information
7 *
8 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
9 */
10
11#include "invitation-policy-manager.h"
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]12#include "null-ptrs.h"
Yingdi Yuc9ffa9f2014-01-13 11:19:47 -0800[diff] [blame^]13#include <ndn-cpp/security/verifier.hpp>
14#include <ndn-cpp/security/signature/signature-sha256-with-rsa.hpp>
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]15
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]16#include "logging.h"
17
18using namespace std;
19using namespace ndn;
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]20using namespace ndn::ptr_lib;
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]21
22INIT_LOGGER("InvitationPolicyManager");
23
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]24InvitationPolicyManager::InvitationPolicyManager(const string& chatroomName,
Yingdi Yub35b8652013-11-07 11:32:40 -0800[diff] [blame]25 const Name& signingIdentity,
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]26 int stepLimit)
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]27 : m_chatroomName(chatroomName)
Yingdi Yub35b8652013-11-07 11:32:40 -0800[diff] [blame]28 , m_signingIdentity(signingIdentity)
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]29 , m_stepLimit(stepLimit)
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]30{
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]31 m_invitationPolicyRule = make_shared<IdentityPolicyRule>("^<ndn><broadcast><chronos><invitation>([^<chatroom>]*)<chatroom>",
32 "^([^<KEY>]*)<KEY>(<>*)[<dsk-.*><ksk-.*>]<ID-CERT>$",
33 "==", "\\1", "\\1\\2", true);
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]34
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]35 m_kskRegex = make_shared<Regex>("^([^<KEY>]*)<KEY>(<>*<ksk-.*>)<ID-CERT><>$", "\\1\\2");
Yingdi Yued8cfc42013-11-01 17:37:51 -0700[diff] [blame]36
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]37 m_dskRule = make_shared<IdentityPolicyRule>("^([^<KEY>]*)<KEY><dsk-.*><ID-CERT><>$",
38 "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$",
39 "==", "\\1", "\\1\\2", true);
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]40
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]41 m_keyNameRegex = make_shared<Regex>("^([^<KEY>]*)<KEY>(<>*<ksk-.*>)<ID-CERT>$", "\\1\\2");
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]42}
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]43
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]44InvitationPolicyManager::~InvitationPolicyManager()
45{}
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]46
47bool
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]48InvitationPolicyManager::skipVerifyAndTrust (const Data& data)
49{ return false; }
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]50
51bool
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]52InvitationPolicyManager::requireVerify (const Data& data)
53{ return true; }
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]54
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]55shared_ptr<ValidationRequest>
56InvitationPolicyManager::checkVerificationPolicy(const shared_ptr<Data>& data,
57 int stepCount,
58 const OnVerified& onVerified,
59 const OnVerifyFailed& onVerifyFailed)
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]60{
61 if(m_stepLimit == stepCount)
62 {
Yingdi Yub35b8652013-11-07 11:32:40 -0800[diff] [blame]63 _LOG_ERROR("Reach the maximum steps of verification!");
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]64 onVerifyFailed(data);
65 return CHRONOCHAT_NULL_VALIDATIONREQUEST_PTR;
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]66 }
67
Yingdi Yuc9ffa9f2014-01-13 11:19:47 -0800[diff] [blame^]68 try{
69 SignatureSha256WithRsa sig(data->getSignature());
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]70
Yingdi Yuc9ffa9f2014-01-13 11:19:47 -0800[diff] [blame^]71 const Name & keyLocatorName = sig.getKeyLocator().getName();
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]72
Yingdi Yuc9ffa9f2014-01-13 11:19:47 -0800[diff] [blame^]73 if(m_invitationPolicyRule->satisfy(*data))
74 {
75 // Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
76 // map<Name, PublicKey>::iterator it = m_trustAnchors.find(keyName);
77 // if(m_trustAnchors.end() != it)
78 // {
79 // if(Sha256WithRsaHandler::verifySignature(*data, it->second))
80 // onVerified(data);
81 // else
82 // onVerifyFailed(data);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]83
Yingdi Yuc9ffa9f2014-01-13 11:19:47 -0800[diff] [blame^]84 // return CHRONOCHAT_NULL_VALIDATIONREQUEST_PTR;
85 // }
Yingdi Yued8cfc42013-11-01 17:37:51 -0700[diff] [blame]86
Yingdi Yuc9ffa9f2014-01-13 11:19:47 -0800[diff] [blame^]87 shared_ptr<const Certificate> trustedCert = m_certificateCache.getCertificate(keyLocatorName);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]88
Yingdi Yuc9ffa9f2014-01-13 11:19:47 -0800[diff] [blame^]89 if(trustedCert != ndn::TCC_NULL_CERTIFICATE_PTR){
90 if(Verifier::verifySignature(*data, sig, trustedCert->getPublicKeyInfo()))
91 onVerified(data);
Yingdi Yued8cfc42013-11-01 17:37:51 -0700[diff] [blame]92 else
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]93 onVerifyFailed(data);
Yingdi Yuc9ffa9f2014-01-13 11:19:47 -0800[diff] [blame^]94
95 return CHRONOCHAT_NULL_VALIDATIONREQUEST_PTR;
Yingdi Yued8cfc42013-11-01 17:37:51 -0700[diff] [blame]96 }
Yingdi Yued8cfc42013-11-01 17:37:51 -0700[diff] [blame]97
Yingdi Yuc9ffa9f2014-01-13 11:19:47 -0800[diff] [blame^]98 OnVerified recursiveVerifiedCallback = boost::bind(&InvitationPolicyManager::onDskCertificateVerified,
99 this,
100 _1,
101 data,
102 onVerified,
103 onVerifyFailed);
104
105 OnVerifyFailed recursiveUnverifiedCallback = boost::bind(&InvitationPolicyManager::onDskCertificateVerifyFailed,
106 this,
107 _1,
108 data,
109 onVerifyFailed);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]110
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]111
Yingdi Yuc9ffa9f2014-01-13 11:19:47 -0800[diff] [blame^]112 shared_ptr<Interest> interest = make_shared<Interest>(keyLocatorName);
113
114 shared_ptr<ValidationRequest> nextStep = make_shared<ValidationRequest>(interest,
115 recursiveVerifiedCallback,
116 recursiveUnverifiedCallback,
117 0,
118 stepCount + 1);
119 return nextStep;
120 }
121
122 if(m_kskRegex->match(data->getName()))
123 {
124 Name keyName = m_kskRegex->expand();
125 map<Name, PublicKey>::iterator it = m_trustAnchors.find(keyName);
126 if(m_trustAnchors.end() != it)
127 {
128 IdentityCertificate identityCertificate(*data);
129 if(it->second == identityCertificate.getPublicKeyInfo())
130 {
131 onVerified(data);
132 }
133 else
134 onVerifyFailed(data);
135 }
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]136 else
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]137 onVerifyFailed(data);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]138
Yingdi Yuc9ffa9f2014-01-13 11:19:47 -0800[diff] [blame^]139 return CHRONOCHAT_NULL_VALIDATIONREQUEST_PTR;
140 }
141
142 if(m_dskRule->satisfy(*data))
143 {
144 m_keyNameRegex->match(keyLocatorName);
145 Name keyName = m_keyNameRegex->expand();
146
147 if(m_trustAnchors.end() != m_trustAnchors.find(keyName))
148 if(Verifier::verifySignature(*data, sig, m_trustAnchors[keyName]))
149 onVerified(data);
150 else
151 onVerifyFailed(data);
152 else
153 onVerifyFailed(data);
154
155 return CHRONOCHAT_NULL_VALIDATIONREQUEST_PTR;
156 }
157 }catch(SignatureSha256WithRsa::Error &e){
158 _LOG_DEBUG("checkVerificationPolicy " << e.what());
159 onVerifyFailed(data);
160 return CHRONOCHAT_NULL_VALIDATIONREQUEST_PTR;
161 }catch(KeyLocator::Error &e){
162 _LOG_DEBUG("checkVerificationPolicy " << e.what());
163 onVerifyFailed(data);
164 return CHRONOCHAT_NULL_VALIDATIONREQUEST_PTR;
165 }
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]166
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]167 onVerifyFailed(data);
168 return CHRONOCHAT_NULL_VALIDATIONREQUEST_PTR;
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]169}
170
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]171bool
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]172InvitationPolicyManager::checkSigningPolicy(const Name& dataName,
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]173 const Name& certificateName)
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]174{
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]175 return true;
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]176}
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]177
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]178Name
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]179InvitationPolicyManager::inferSigningIdentity(const Name& dataName)
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]180{
Yingdi Yub35b8652013-11-07 11:32:40 -0800[diff] [blame]181 return m_signingIdentity;
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]182}
183
184void
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]185InvitationPolicyManager::addTrustAnchor(const EndorseCertificate& selfEndorseCertificate)
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]186{ m_trustAnchors.insert(pair <Name, PublicKey > (selfEndorseCertificate.getPublicKeyName(), selfEndorseCertificate.getPublicKeyInfo())); }
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]187
188
189// void
190// InvitationPolicyManager::addChatDataRule(const Name& prefix,
191// const IdentityCertificate identityCertificate)
192// {
193// Name dataPrefix = prefix;
194// dataPrefix.append("chronos").append(m_chatroomName);
195// Ptr<Regex> dataRegex = Regex::fromName(prefix);
196// Name certName = identityCertificate.getName();
197// Name signerName = certName.getPrefix(certName.size()-1);
198// Ptr<Regex> signerRegex = Regex::fromName(signerName, true);
199
200// ChatPolicyRule rule(dataRegex, signerRegex);
201// map<Name, ChatPolicyRule>::iterator it = m_chatDataRules.find(dataPrefix);
202// if(it != m_chatDataRules.end())
203// it->second = rule;
204// else
205// m_chatDataRules.insert(pair <Name, ChatPolicyRule > (dataPrefix, rule));
206// }
207
208
209void
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]210InvitationPolicyManager::onDskCertificateVerified(const shared_ptr<Data>& certData,
211 shared_ptr<Data> originalData,
212 const OnVerified& onVerified,
213 const OnVerifyFailed& onVerifyFailed)
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]214{
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]215 shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>(*certData);
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]216
217 if(!certificate->isTooLate() && !certificate->isTooEarly())
218 {
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]219 Name certName = certificate->getName().getPrefix(-1);
220 map<Name, shared_ptr<IdentityCertificate> >::iterator it = m_dskCertificates.find(certName);
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]221 if(it == m_dskCertificates.end())
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]222 m_dskCertificates.insert(pair <Name, shared_ptr<IdentityCertificate> > (certName, certificate));
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]223
Yingdi Yuc9ffa9f2014-01-13 11:19:47 -0800[diff] [blame^]224 if(Verifier::verifySignature(*originalData, originalData->getSignature(), certificate->getPublicKeyInfo()))
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]225 {
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]226 onVerified(originalData);
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]227 return;
228 }
229 }
230 else
231 {
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]232 onVerifyFailed(originalData);
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]233 return;
234 }
235}
236
237void
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]238InvitationPolicyManager::onDskCertificateVerifyFailed(const shared_ptr<Data>& certData,
239 shared_ptr<Data> originalData,
240 const OnVerifyFailed& onVerifyFailed)
241{ onVerifyFailed(originalData); }
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]242
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]243shared_ptr<IdentityCertificate>
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]244InvitationPolicyManager::getValidatedDskCertificate(const ndn::Name& certName)
245{
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]246 map<Name, shared_ptr<IdentityCertificate> >::iterator it = m_dskCertificates.find(certName);
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]247 if(m_dskCertificates.end() != it)
248 return it->second;
249 else
Yingdi Yu64206112013-12-24 11:16:32 +0800[diff] [blame]250 return CHRONOCHAT_NULL_IDENTITYCERTIFICATE_PTR;
251}