Gitiles
Code Review Sign In
gerrit.named-data.net / ChronoChat / ed8cfc4809079af1ee23e206704a49708d29620b / . / src / invitation-policy-manager.cpp
blob: ca4ae5b1383650851c2d21055114f94a7cb009ce [file] [log] [blame]
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * Yingdi Yu
5 *
6 * BSD license, See the LICENSE file for more information
7 *
8 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
9 */
10
11#include "invitation-policy-manager.h"
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]12
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]13#include <ndn.cxx/security/cache/ttl-certificate-cache.h>
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]14
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]15#include "logging.h"
16
17using namespace std;
18using namespace ndn;
19using namespace ndn::security;
20
21INIT_LOGGER("InvitationPolicyManager");
22
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]23InvitationPolicyManager::InvitationPolicyManager(const string& chatroomName,
24 int stepLimit,
25 Ptr<CertificateCache> certificateCache)
26 : m_chatroomName(chatroomName)
27 , m_stepLimit(stepLimit)
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]28 , m_certificateCache(certificateCache)
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]29{
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]30 if(m_certificateCache == NULL)
31 m_certificateCache = Ptr<TTLCertificateCache>(new TTLCertificateCache());
32
33 m_invitationPolicyRule = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^<ndn><broadcast><chronos><invitation>([^<chatroom>]*)<chatroom>",
Yingdi Yued8cfc42013-11-01 17:37:51 -0700[diff] [blame^]34 "^([^<KEY>]*)<KEY>(<>*)[<dsk-.*><ksk-.*>]<ID-CERT>$",
35 "==", "\\1", "\\1\\2", true));
36
37 m_kskRegex = Ptr<Regex>(new Regex("^([^<KEY>]*)<KEY>(<>*<ksk-.*>)<ID-CERT><>$", "\\1\\2"));
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]38
39 m_dskRule = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY><dsk-.*><ID-CERT><>$",
40 "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$",
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]41 "==", "\\1", "\\1\\2", true));
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]42
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]43 m_keyNameRegex = Ptr<Regex>(new Regex("^([^<KEY>]*)<KEY>(<>*<ksk-.*>)<ID-CERT>$", "\\1\\2"));
44}
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]45
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]46InvitationPolicyManager::~InvitationPolicyManager()
47{}
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]48
49bool
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]50InvitationPolicyManager::skipVerifyAndTrust (const Data& data)
51{ return false; }
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]52
53bool
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]54InvitationPolicyManager::requireVerify (const Data& data)
55{ return true; }
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]56
57Ptr<ValidationRequest>
58InvitationPolicyManager::checkVerificationPolicy(Ptr<Data> data,
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]59 const int& stepCount,
60 const DataCallback& verifiedCallback,
61 const UnverifiedCallback& unverifiedCallback)
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]62{
63 if(m_stepLimit == stepCount)
64 {
65 _LOG_DEBUG("reach the maximum steps of verification");
66 unverifiedCallback(data);
67 return NULL;
68 }
69
70 Ptr<const signature::Sha256WithRsa> sha256sig = boost::dynamic_pointer_cast<const signature::Sha256WithRsa> (data->getSignature());
71
72 if(KeyLocator::KEYNAME != sha256sig->getKeyLocator().getType())
73 {
74 unverifiedCallback(data);
75 return NULL;
76 }
77
78 const Name & keyLocatorName = sha256sig->getKeyLocator().getKeyName();
79
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]80 if(m_invitationPolicyRule->satisfy(*data))
81 {
Yingdi Yued8cfc42013-11-01 17:37:51 -0700[diff] [blame^]82 // Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
83 // map<Name, Publickey>::iterator it = m_trustAnchors.find(keyName);
84 // if(m_trustAnchors.end() != it)
85 // {
86 // if(verifySignature(*data, it->second))
87 // verifiedCallback(data);
88 // else
89 // unverifiedCallback(data);
90
91 // return NULL;
92 // }
93
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]94 Ptr<const IdentityCertificate> trustedCert = m_certificateCache->getCertificate(keyLocatorName);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]95
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]96 if(NULL != trustedCert){
97 if(verifySignature(*data, trustedCert->getPublicKeyInfo()))
98 verifiedCallback(data);
99 else
100 unverifiedCallback(data);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]101
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]102 return NULL;
103 }
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]104
Yingdi Yued8cfc42013-11-01 17:37:51 -0700[diff] [blame^]105 _LOG_DEBUG("KeyLocator has not been cached and validated!");
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]106
Yingdi Yued8cfc42013-11-01 17:37:51 -0700[diff] [blame^]107 DataCallback recursiveVerifiedCallback = boost::bind(&InvitationPolicyManager::onDskCertificateVerified,
108 this,
109 _1,
110 data,
111 verifiedCallback,
112 unverifiedCallback);
113
114 UnverifiedCallback recursiveUnverifiedCallback = boost::bind(&InvitationPolicyManager::onDskCertificateUnverified,
115 this,
116 _1,
117 data,
118 unverifiedCallback);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]119
120
Yingdi Yued8cfc42013-11-01 17:37:51 -0700[diff] [blame^]121 Ptr<Interest> interest = Ptr<Interest>(new Interest(keyLocatorName));
122
123 Ptr<ValidationRequest> nextStep = Ptr<ValidationRequest>(new ValidationRequest(interest,
124 recursiveVerifiedCallback,
125 recursiveUnverifiedCallback,
126 0,
127 stepCount + 1)
128 );
129 return nextStep;
130 }
131
132 if(m_kskRegex->match(data->getName()))
133 {
134 _LOG_DEBUG("is ksk");
135 Name keyName = m_kskRegex->expand();
136 _LOG_DEBUG("ksk name: " << keyName.toUri());
137 map<Name, Publickey>::iterator it = m_trustAnchors.find(keyName);
138 if(m_trustAnchors.end() != it)
139 {
140 _LOG_DEBUG("found key!");
141 Ptr<IdentityCertificate> identityCertificate = Ptr<IdentityCertificate>(new IdentityCertificate(*data));
142 if(it->second.getKeyBlob() == identityCertificate->getPublicKeyInfo().getKeyBlob())
143 {
144 _LOG_DEBUG("same key!");
145 verifiedCallback(data);
146 }
147 else
148 unverifiedCallback(data);
149 }
150 else
151 unverifiedCallback(data);
152
153 return NULL;
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]154 }
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]155
156 if(m_dskRule->satisfy(*data))
157 {
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]158 m_keyNameRegex->match(keyLocatorName);
159 Name keyName = m_keyNameRegex->expand();
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]160
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]161 if(m_trustAnchors.end() != m_trustAnchors.find(keyName))
162 if(verifySignature(*data, m_trustAnchors[keyName]))
163 verifiedCallback(data);
164 else
165 unverifiedCallback(data);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]166 else
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]167 unverifiedCallback(data);
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]168
169 return NULL;
170 }
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]171
172 unverifiedCallback(data);
173 return NULL;
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]174}
175
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]176bool
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]177InvitationPolicyManager::checkSigningPolicy(const Name& dataName,
178 const Name& certificateName)
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]179{
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]180 //TODO:
181 return true;
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]182}
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]183
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]184Name
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]185InvitationPolicyManager::inferSigningIdentity(const Name& dataName)
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]186{
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]187 //TODO:
188 return Name();
Yingdi Yuea5f1c62013-10-22 16:59:43 -0700[diff] [blame]189}
190
191void
Yingdi Yu53eb8a72013-10-23 11:50:51 -0700[diff] [blame]192InvitationPolicyManager::addTrustAnchor(const EndorseCertificate& selfEndorseCertificate)
193{ m_trustAnchors.insert(pair <Name, Publickey > (selfEndorseCertificate.getPublicKeyName(), selfEndorseCertificate.getPublicKeyInfo())); }
Yingdi Yu42f66462013-10-31 17:38:22 -0700[diff] [blame]194
195
196// void
197// InvitationPolicyManager::addChatDataRule(const Name& prefix,
198// const IdentityCertificate identityCertificate)
199// {
200// Name dataPrefix = prefix;
201// dataPrefix.append("chronos").append(m_chatroomName);
202// Ptr<Regex> dataRegex = Regex::fromName(prefix);
203// Name certName = identityCertificate.getName();
204// Name signerName = certName.getPrefix(certName.size()-1);
205// Ptr<Regex> signerRegex = Regex::fromName(signerName, true);
206
207// ChatPolicyRule rule(dataRegex, signerRegex);
208// map<Name, ChatPolicyRule>::iterator it = m_chatDataRules.find(dataPrefix);
209// if(it != m_chatDataRules.end())
210// it->second = rule;
211// else
212// m_chatDataRules.insert(pair <Name, ChatPolicyRule > (dataPrefix, rule));
213// }
214
215
216void
217InvitationPolicyManager::onDskCertificateVerified(Ptr<Data> certData,
218 Ptr<Data> originalData,
219 const DataCallback& verifiedCallback,
220 const UnverifiedCallback& unverifiedCallback)
221{
222 Ptr<IdentityCertificate> certificate = Ptr<IdentityCertificate>(new IdentityCertificate(*certData));
223
224 if(!certificate->isTooLate() && !certificate->isTooEarly())
225 {
226 Name certName = certificate->getName().getPrefix(certificate->getName().size()-1);
227 map<Name, Ptr<IdentityCertificate> >::iterator it = m_dskCertificates.find(certName);
228 if(it == m_dskCertificates.end())
229 m_dskCertificates.insert(pair <Name, Ptr<IdentityCertificate> > (certName, certificate));
230
231 if(verifySignature(*originalData, certificate->getPublicKeyInfo()))
232 {
233 verifiedCallback(originalData);
234 return;
235 }
236 }
237 else
238 {
239 unverifiedCallback(originalData);
240 return;
241 }
242}
243
244void
245InvitationPolicyManager::onDskCertificateUnverified(Ptr<Data> certData,
246 Ptr<Data> originalData,
247 const UnverifiedCallback& unverifiedCallback)
248{ unverifiedCallback(originalData); }
249
250Ptr<IdentityCertificate>
251InvitationPolicyManager::getValidatedDskCertificate(const ndn::Name& certName)
252{
253 map<Name, Ptr<IdentityCertificate> >::iterator it = m_dskCertificates.find(certName);
254 if(m_dskCertificates.end() != it)
255 return it->second;
256 else
257 return NULL;
258}