Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /* |
| 3 | * Copyright (c) 2013, Regents of the University of California |
| 4 | * Yingdi Yu |
| 5 | * |
| 6 | * BSD license, See the LICENSE file for more information |
| 7 | * |
| 8 | * Author: Yingdi Yu <yingdi@cs.ucla.edu> |
| 9 | */ |
| 10 | |
| 11 | #include "invitation-policy-manager.h" |
Yingdi Yu | 978b3ae | 2013-10-23 11:50:51 -0700 | [diff] [blame] | 12 | |
| 13 | #include <ndn.cxx/security/certificate/identity-certificate.h> |
| 14 | #include <boost/bind.hpp> |
| 15 | |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 16 | #include "logging.h" |
| 17 | |
| 18 | using namespace std; |
| 19 | using namespace ndn; |
| 20 | using namespace ndn::security; |
| 21 | |
| 22 | INIT_LOGGER("InvitationPolicyManager"); |
| 23 | |
| 24 | InvitationPolicyManager::InvitationPolicyManager(const int & stepLimit, |
Yingdi Yu | 978b3ae | 2013-10-23 11:50:51 -0700 | [diff] [blame] | 25 | Ptr<CertificateCache> certificateCache) |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 26 | : m_stepLimit(stepLimit) |
| 27 | , m_certificateCache(certificateCache) |
| 28 | , m_localPrefixRegex(Ptr<Regex>(new Regex("^<local><ndn><prefix><><>$"))) |
| 29 | { |
Yingdi Yu | eda39aa | 2013-10-23 23:07:29 -0700 | [diff] [blame^] | 30 | m_invitationDataRule = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^<ndn><broadcast><chronos><invitation>([^<chatroom>]*)<chatroom>", |
| 31 | "^([^<KEY>]*)<KEY><DSK-.*><ID-CERT><>$", |
| 32 | "==", "\\1", "\\1", true)); |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 33 | |
Yingdi Yu | 978b3ae | 2013-10-23 11:50:51 -0700 | [diff] [blame] | 34 | m_dskRule = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY><DSK-.*><ID-CERT><>$", |
| 35 | "^([^<KEY>]*)<KEY>(<>*)<KSK-.*><ID-CERT><>$", |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 36 | "==", "\\1", "\\1\\2", true)); |
Yingdi Yu | 978b3ae | 2013-10-23 11:50:51 -0700 | [diff] [blame] | 37 | |
| 38 | m_keyNameRegex = Ptr<Regex>(new Regex("^([^<KEY>]*)<KEY>(<>*<KSK-.*>)<ID-CERT><>$", "\\1\\2")); |
| 39 | |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 40 | m_signingCertificateRegex = Ptr<Regex>(new Regex("^<ndn><broadcast><chronos><invitation>([^<chatroom>]*)<chatroom>", "\\1")); |
| 41 | } |
| 42 | |
| 43 | bool |
| 44 | InvitationPolicyManager::skipVerifyAndTrust (const Data & data) |
| 45 | { |
| 46 | if(m_localPrefixRegex->match(data.getName())) |
| 47 | return true; |
| 48 | |
| 49 | return false; |
| 50 | } |
| 51 | |
| 52 | bool |
| 53 | InvitationPolicyManager::requireVerify (const Data & data) |
| 54 | { |
Yingdi Yu | a7f52f1 | 2013-10-23 15:09:58 -0700 | [diff] [blame] | 55 | // if(m_invitationDataRule->matchDataName(data)) |
| 56 | // return true; |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 57 | |
| 58 | if(m_dskRule->matchDataName(data)) |
| 59 | return true; |
| 60 | |
| 61 | return false; |
| 62 | } |
| 63 | |
| 64 | Ptr<ValidationRequest> |
| 65 | InvitationPolicyManager::checkVerificationPolicy(Ptr<Data> data, |
| 66 | const int & stepCount, |
| 67 | const DataCallback& verifiedCallback, |
| 68 | const UnverifiedCallback& unverifiedCallback) |
| 69 | { |
| 70 | if(m_stepLimit == stepCount) |
| 71 | { |
| 72 | _LOG_DEBUG("reach the maximum steps of verification"); |
| 73 | unverifiedCallback(data); |
| 74 | return NULL; |
| 75 | } |
| 76 | |
| 77 | Ptr<const signature::Sha256WithRsa> sha256sig = boost::dynamic_pointer_cast<const signature::Sha256WithRsa> (data->getSignature()); |
| 78 | |
| 79 | if(KeyLocator::KEYNAME != sha256sig->getKeyLocator().getType()) |
| 80 | { |
| 81 | unverifiedCallback(data); |
| 82 | return NULL; |
| 83 | } |
| 84 | |
| 85 | const Name & keyLocatorName = sha256sig->getKeyLocator().getKeyName(); |
| 86 | |
Yingdi Yu | a7f52f1 | 2013-10-23 15:09:58 -0700 | [diff] [blame] | 87 | // if(m_invitationDataRule->satisfy(*data)) |
| 88 | // { |
| 89 | // Ptr<const IdentityCertificate> trustedCert = m_certificateCache->getCertificate(keyLocatorName); |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 90 | |
Yingdi Yu | a7f52f1 | 2013-10-23 15:09:58 -0700 | [diff] [blame] | 91 | // if(NULL != trustedCert){ |
| 92 | // if(verifySignature(*data, trustedCert->getPublicKeyInfo())) |
| 93 | // verifiedCallback(data); |
| 94 | // else |
| 95 | // unverifiedCallback(data); |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 96 | |
Yingdi Yu | a7f52f1 | 2013-10-23 15:09:58 -0700 | [diff] [blame] | 97 | // return NULL; |
| 98 | // } |
| 99 | // else{ |
| 100 | // _LOG_DEBUG("KeyLocator has not been cached and validated!"); |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 101 | |
Yingdi Yu | a7f52f1 | 2013-10-23 15:09:58 -0700 | [diff] [blame] | 102 | // DataCallback recursiveVerifiedCallback = boost::bind(&InvitationPolicyManager::onCertificateVerified, |
| 103 | // this, |
| 104 | // _1, |
| 105 | // data, |
| 106 | // verifiedCallback, |
| 107 | // unverifiedCallback); |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 108 | |
Yingdi Yu | a7f52f1 | 2013-10-23 15:09:58 -0700 | [diff] [blame] | 109 | // UnverifiedCallback recursiveUnverifiedCallback = boost::bind(&InvitationPolicyManager::onCertificateUnverified, |
| 110 | // this, |
| 111 | // _1, |
| 112 | // data, |
| 113 | // unverifiedCallback); |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 114 | |
| 115 | |
Yingdi Yu | a7f52f1 | 2013-10-23 15:09:58 -0700 | [diff] [blame] | 116 | // Ptr<Interest> interest = Ptr<Interest>(new Interest(sha256sig->getKeyLocator().getKeyName())); |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 117 | |
Yingdi Yu | a7f52f1 | 2013-10-23 15:09:58 -0700 | [diff] [blame] | 118 | // Ptr<ValidationRequest> nextStep = Ptr<ValidationRequest>(new ValidationRequest(interest, |
| 119 | // recursiveVerifiedCallback, |
| 120 | // recursiveUnverifiedCallback, |
| 121 | // 0, |
| 122 | // stepCount + 1) |
| 123 | // ); |
| 124 | // return nextStep; |
| 125 | // } |
| 126 | // } |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 127 | |
| 128 | if(m_dskRule->satisfy(*data)) |
| 129 | { |
Yingdi Yu | 978b3ae | 2013-10-23 11:50:51 -0700 | [diff] [blame] | 130 | m_keyNameRegex->match(keyLocatorName); |
| 131 | Name keyName = m_keyNameRegex->expand(); |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 132 | |
Yingdi Yu | 978b3ae | 2013-10-23 11:50:51 -0700 | [diff] [blame] | 133 | if(m_trustAnchors.end() != m_trustAnchors.find(keyName)) |
| 134 | if(verifySignature(*data, m_trustAnchors[keyName])) |
| 135 | verifiedCallback(data); |
| 136 | else |
| 137 | unverifiedCallback(data); |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 138 | else |
Yingdi Yu | 978b3ae | 2013-10-23 11:50:51 -0700 | [diff] [blame] | 139 | unverifiedCallback(data); |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 140 | |
| 141 | return NULL; |
| 142 | } |
Yingdi Yu | 978b3ae | 2013-10-23 11:50:51 -0700 | [diff] [blame] | 143 | |
| 144 | unverifiedCallback(data); |
| 145 | return NULL; |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 146 | } |
| 147 | |
Yingdi Yu | a7f52f1 | 2013-10-23 15:09:58 -0700 | [diff] [blame] | 148 | // void |
| 149 | // InvitationPolicyManager::onCertificateVerified(Ptr<Data> certData, |
| 150 | // Ptr<Data> originalData, |
| 151 | // const DataCallback& verifiedCallback, |
| 152 | // const UnverifiedCallback& unverifiedCallback) |
| 153 | // { |
| 154 | // IdentityCertificate certificate(*certData); |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 155 | |
Yingdi Yu | a7f52f1 | 2013-10-23 15:09:58 -0700 | [diff] [blame] | 156 | // if(verifySignature(*originalData, certificate.getPublicKeyInfo())) |
| 157 | // verifiedCallback(originalData); |
| 158 | // else |
| 159 | // unverifiedCallback(originalData); |
| 160 | // } |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 161 | |
Yingdi Yu | a7f52f1 | 2013-10-23 15:09:58 -0700 | [diff] [blame] | 162 | // void |
| 163 | // InvitationPolicyManager::onCertificateUnverified(Ptr<Data> certData, |
| 164 | // Ptr<Data> originalData, |
| 165 | // const UnverifiedCallback& unverifiedCallback) |
| 166 | // { unverifiedCallback(originalData); } |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 167 | |
| 168 | bool |
| 169 | InvitationPolicyManager::checkSigningPolicy(const Name & dataName, const Name & certificateName) |
| 170 | { |
| 171 | return m_invitationDataRule->satisfy(dataName, certificateName); |
| 172 | } |
| 173 | |
| 174 | Name |
| 175 | InvitationPolicyManager::inferSigningIdentity(const Name & dataName) |
| 176 | { |
Yingdi Yu | 978b3ae | 2013-10-23 11:50:51 -0700 | [diff] [blame] | 177 | if(m_signingCertificateRegex->match(dataName)) |
Yingdi Yu | 1ec26de | 2013-10-22 16:59:43 -0700 | [diff] [blame] | 178 | return m_signingCertificateRegex->expand(); |
| 179 | else |
| 180 | return Name(); |
| 181 | } |
| 182 | |
| 183 | void |
Yingdi Yu | 978b3ae | 2013-10-23 11:50:51 -0700 | [diff] [blame] | 184 | InvitationPolicyManager::addTrustAnchor(const EndorseCertificate& selfEndorseCertificate) |
| 185 | { m_trustAnchors.insert(pair <Name, Publickey > (selfEndorseCertificate.getPublicKeyName(), selfEndorseCertificate.getPublicKeyInfo())); } |