Gitiles
Code Review Sign In
gerrit.named-data.net / ChronoChat / e0dfa3994632ca592c9e788c1b53b48afc752dc1 / . / src / validator-panel.cpp
blob: c3c429db6ea38d885d82accbb05cc5465d5fed7b [file] [log] [blame]
Yingdi Yufa4ce792014-02-06 18:09:22 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * Yingdi Yu
5 *
6 * BSD license, See the LICENSE file for more information
7 *
8 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
9 */
10
Yingdi Yu0b0a7362014-08-05 16:31:30 -0700[diff] [blame]11#include "validator-panel.hpp"
Yingdi Yufa4ce792014-02-06 18:09:22 -0800[diff] [blame]12
13#include "logging.h"
14
Yingdi Yueb692ac2015-02-10 18:46:18 -0800[diff] [blame]15namespace chronochat {
Yingdi Yufa4ce792014-02-06 18:09:22 -0800[diff] [blame]16
Yingdi Yu0b0a7362014-08-05 16:31:30 -0700[diff] [blame]17using std::vector;
Yingdi Yufa4ce792014-02-06 18:09:22 -0800[diff] [blame]18
Yingdi Yu0b0a7362014-08-05 16:31:30 -0700[diff] [blame]19using ndn::CertificateCache;
20using ndn::SecRuleRelative;
21using ndn::OnDataValidated;
22using ndn::OnDataValidationFailed;
23using ndn::ValidationRequest;
24using ndn::IdentityCertificate;
Yingdi Yufa4ce792014-02-06 18:09:22 -0800[diff] [blame]25
Yingdi Yu0b0a7362014-08-05 16:31:30 -0700[diff] [blame]26const shared_ptr<CertificateCache> ValidatorPanel::DEFAULT_CERT_CACHE =
27 shared_ptr<CertificateCache>();
Yingdi Yu17032f82014-03-25 15:48:23 -0700[diff] [blame]28
Yingdi Yu0b0a7362014-08-05 16:31:30 -0700[diff] [blame]29ValidatorPanel::ValidatorPanel(int stepLimit,
30 const shared_ptr<CertificateCache> certificateCache)
Yingdi Yufa4ce792014-02-06 18:09:22 -0800[diff] [blame]31 : m_stepLimit(stepLimit)
32 , m_certificateCache(certificateCache)
Yingdi Yufa0b6a02014-04-30 14:26:42 -0700[diff] [blame]33{
34 m_endorseeRule = make_shared<SecRuleRelative>("^([^<DNS>]*)<DNS><>*<ENDORSEE><>$",
35 "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$",
Yingdi Yufa4ce792014-02-06 18:09:22 -0800[diff] [blame]36 "==", "\\1", "\\1\\2", true);
37}
38
Yingdi Yu0b0a7362014-08-05 16:31:30 -0700[diff] [blame]39void
40ValidatorPanel::addTrustAnchor(const EndorseCertificate& cert)
41{
42 m_trustAnchors[cert.getPublicKeyName()] = cert.getPublicKeyInfo();
43}
Yingdi Yufa4ce792014-02-06 18:09:22 -0800[diff] [blame]44
Yingdi Yu0b0a7362014-08-05 16:31:30 -0700[diff] [blame]45void
46ValidatorPanel::removeTrustAnchor(const Name& keyName)
47{
48 m_trustAnchors.erase(keyName);
49}
Yingdi Yufa4ce792014-02-06 18:09:22 -0800[diff] [blame]50
51void
Yingdi Yufa0b6a02014-04-30 14:26:42 -0700[diff] [blame]52ValidatorPanel::checkPolicy (const Data& data,
53 int stepCount,
54 const OnDataValidated& onValidated,
Yingdi Yufa4ce792014-02-06 18:09:22 -0800[diff] [blame]55 const OnDataValidationFailed& onValidationFailed,
Yingdi Yu0b0a7362014-08-05 16:31:30 -0700[diff] [blame]56 vector<shared_ptr<ValidationRequest> >& nextSteps)
Yingdi Yufa4ce792014-02-06 18:09:22 -0800[diff] [blame]57{
Yingdi Yu0b0a7362014-08-05 16:31:30 -0700[diff] [blame]58 if (m_stepLimit == stepCount) {
59 onValidationFailed(data.shared_from_this(),
60 "Reach maximum validation steps: " + data.getName().toUri());
61 return;
62 }
63
64 const KeyLocator& keyLocator = data.getSignature().getKeyLocator();
65
66 if (keyLocator.getType() != KeyLocator::KeyLocator_Name)
67 return onValidationFailed(data.shared_from_this(),
68 "Key Locator is not a name: " + data.getName().toUri());
69
70 const Name& keyLocatorName = keyLocator.getName();
71
72 if (m_endorseeRule->satisfy(data.getName(), keyLocatorName)) {
73 Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
74
75 if (m_trustAnchors.end() != m_trustAnchors.find(keyName) &&
76 Validator::verifySignature(data, data.getSignature(), m_trustAnchors[keyName]))
77 onValidated(data.shared_from_this());
78 else
Yingdi Yufa0b6a02014-04-30 14:26:42 -0700[diff] [blame]79 onValidationFailed(data.shared_from_this(),
Yingdi Yu0b0a7362014-08-05 16:31:30 -0700[diff] [blame]80 "Cannot verify signature:" + data.getName().toUri());
81 }
82 else
83 onValidationFailed(data.shared_from_this(),
84 "Does not satisfy rule: " + data.getName().toUri());
Yingdi Yufa4ce792014-02-06 18:09:22 -0800[diff] [blame]85
Yingdi Yu0b0a7362014-08-05 16:31:30 -0700[diff] [blame]86 return;
Yingdi Yufa4ce792014-02-06 18:09:22 -0800[diff] [blame]87}
88
Yingdi Yueb692ac2015-02-10 18:46:18 -0800[diff] [blame]89} // namespace chronochat