Gitiles
Code Review Sign In
gerrit.named-data.net / ChronoChat / 42f6646097d49fa39c48d447db44e6baee0c5f11 / . / src / panel-policy-manager.cpp
blob: d3c72605deeff4dc85f16a5c68ce26526c5df260 [file] [log] [blame]
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame^]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * Yingdi Yu
5 *
6 * BSD license, See the LICENSE file for more information
7 *
8 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
9 */
10
11#include "panel-policy-manager.h"
12
13#include <ndn.cxx/security/certificate/identity-certificate.h>
14#include <boost/bind.hpp>
15
16#include "logging.h"
17
18using namespace std;
19using namespace ndn;
20using namespace ndn::security;
21
22INIT_LOGGER("PanelPolicyManager");
23
24PanelPolicyManager::PanelPolicyManager(const int & stepLimit,
25 Ptr<CertificateCache> certificateCache)
26 : m_stepLimit(stepLimit)
27 , m_certificateCache(certificateCache)
28 , m_localPrefixRegex(Ptr<Regex>(new Regex("^<local><ndn><prefix><><>$")))
29{
30 m_invitationDataSigningRule = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^<ndn><broadcast><chronos><invitation>([^<chatroom>]*)<chatroom>",
31 "^([^<KEY>]*)<KEY><dsk-.*><ID-CERT><>$",
32 "==", "\\1", "\\1", true));
33
34 m_dskRule = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY><dsk-.*><ID-CERT><>$",
35 "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$",
36 "==", "\\1", "\\1\\2", true));
37
38 m_keyNameRegex = Ptr<Regex>(new Regex("^([^<KEY>]*)<KEY>(<>*<ksk-.*>)<ID-CERT>$", "\\1\\2"));
39
40 m_signingCertificateRegex = Ptr<Regex>(new Regex("^<ndn><broadcast><chronos><invitation>([^<chatroom>]*)<chatroom>", "\\1"));
41}
42
43bool
44PanelPolicyManager::skipVerifyAndTrust (const Data & data)
45{
46 if(m_localPrefixRegex->match(data.getName()))
47 return true;
48
49 return false;
50}
51
52bool
53PanelPolicyManager::requireVerify (const Data & data)
54{
55 // if(m_invitationDataRule->matchDataName(data))
56 // return true;
57
58 if(m_dskRule->matchDataName(data))
59 return true;
60
61 return false;
62}
63
64Ptr<ValidationRequest>
65PanelPolicyManager::checkVerificationPolicy(Ptr<Data> data,
66 const int & stepCount,
67 const DataCallback& verifiedCallback,
68 const UnverifiedCallback& unverifiedCallback)
69{
70 _LOG_DEBUG("checkVerificationPolicy");
71 if(m_stepLimit == stepCount)
72 {
73 _LOG_DEBUG("reach the maximum steps of verification");
74 unverifiedCallback(data);
75 return NULL;
76 }
77
78 Ptr<const signature::Sha256WithRsa> sha256sig = boost::dynamic_pointer_cast<const signature::Sha256WithRsa> (data->getSignature());
79
80 if(KeyLocator::KEYNAME != sha256sig->getKeyLocator().getType())
81 {
82 unverifiedCallback(data);
83 return NULL;
84 }
85
86 const Name & keyLocatorName = sha256sig->getKeyLocator().getKeyName();
87
88 // if(m_invitationDataRule->satisfy(*data))
89 // {
90 // Ptr<const IdentityCertificate> trustedCert = m_certificateCache->getCertificate(keyLocatorName);
91
92 // if(NULL != trustedCert){
93 // if(verifySignature(*data, trustedCert->getPublicKeyInfo()))
94 // verifiedCallback(data);
95 // else
96 // unverifiedCallback(data);
97
98 // return NULL;
99 // }
100 // else{
101 // _LOG_DEBUG("KeyLocator has not been cached and validated!");
102
103 // DataCallback recursiveVerifiedCallback = boost::bind(&PanelPolicyManager::onCertificateVerified,
104 // this,
105 // _1,
106 // data,
107 // verifiedCallback,
108 // unverifiedCallback);
109
110 // UnverifiedCallback recursiveUnverifiedCallback = boost::bind(&PanelPolicyManager::onCertificateUnverified,
111 // this,
112 // _1,
113 // data,
114 // unverifiedCallback);
115
116
117 // Ptr<Interest> interest = Ptr<Interest>(new Interest(sha256sig->getKeyLocator().getKeyName()));
118
119 // Ptr<ValidationRequest> nextStep = Ptr<ValidationRequest>(new ValidationRequest(interest,
120 // recursiveVerifiedCallback,
121 // recursiveUnverifiedCallback,
122 // 0,
123 // stepCount + 1)
124 // );
125 // return nextStep;
126 // }
127 // }
128
129 if(m_dskRule->satisfy(*data))
130 {
131 m_keyNameRegex->match(keyLocatorName);
132 Name keyName = m_keyNameRegex->expand();
133 _LOG_DEBUG(keyName.toUri());
134
135 if(m_trustAnchors.end() != m_trustAnchors.find(keyName))
136 if(verifySignature(*data, m_trustAnchors[keyName]))
137 verifiedCallback(data);
138 else
139 unverifiedCallback(data);
140 else
141 unverifiedCallback(data);
142
143 return NULL;
144 }
145 _LOG_DEBUG("Unverified!");
146
147 unverifiedCallback(data);
148 return NULL;
149}
150
151// void
152// PanelPolicyManager::onCertificateVerified(Ptr<Data> certData,
153// Ptr<Data> originalData,
154// const DataCallback& verifiedCallback,
155// const UnverifiedCallback& unverifiedCallback)
156// {
157// IdentityCertificate certificate(*certData);
158
159// if(verifySignature(*originalData, certificate.getPublicKeyInfo()))
160// verifiedCallback(originalData);
161// else
162// unverifiedCallback(originalData);
163// }
164
165// void
166// PanelPolicyManager::onCertificateUnverified(Ptr<Data> certData,
167// Ptr<Data> originalData,
168// const UnverifiedCallback& unverifiedCallback)
169// { unverifiedCallback(originalData); }
170
171bool
172PanelPolicyManager::checkSigningPolicy(const Name & dataName, const Name & certificateName)
173{
174 return m_invitationDataSigningRule->satisfy(dataName, certificateName);
175}
176
177Name
178PanelPolicyManager::inferSigningIdentity(const Name & dataName)
179{
180 if(m_signingCertificateRegex->match(dataName))
181 return m_signingCertificateRegex->expand();
182 else
183 return Name();
184}
185
186void
187PanelPolicyManager::addTrustAnchor(const EndorseCertificate& selfEndorseCertificate)
188{
189 _LOG_DEBUG(selfEndorseCertificate.getPublicKeyName().toUri());
190 m_trustAnchors.insert(pair <Name, Publickey > (selfEndorseCertificate.getPublicKeyName(), selfEndorseCertificate.getPublicKeyInfo()));
191}