blob: c8316cd4407781170c78950b9c2aa166f7800fd9 [file] [log] [blame]
Yingdi Yu1ec26de2013-10-22 16:59:43 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * Yingdi Yu
5 *
6 * BSD license, See the LICENSE file for more information
7 *
8 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
9 */
10
11#ifndef INVITATION_POLICY_MANAGER_H
12#define INVITATION_POLICY_MANAGER_H
13
14#include <ndn.cxx/security/policy/policy-manager.h>
15#include <ndn.cxx/security/policy/identity-policy-rule.h>
Yingdi Yu978b3ae2013-10-23 11:50:51 -070016#include <ndn.cxx/security/cache/certificate-cache.h>
Yingdi Yu1ec26de2013-10-22 16:59:43 -070017#include <map>
18
Yingdi Yu978b3ae2013-10-23 11:50:51 -070019#include "endorse-certificate.h"
20
21class InvitationPolicyManager : public ndn::security::PolicyManager
Yingdi Yu1ec26de2013-10-22 16:59:43 -070022{
23public:
Yingdi Yua7f52f12013-10-23 15:09:58 -070024 InvitationPolicyManager(const int & stepLimit = 10,
25 ndn::Ptr<ndn::security::CertificateCache> certificateCache = NULL);
Yingdi Yu1ec26de2013-10-22 16:59:43 -070026
27 ~InvitationPolicyManager()
28 {}
29
30 /**
31 * @brief check if the received data packet can escape from verification
32 * @param data the received data packet
33 * @return true if the data does not need to be verified, otherwise false
34 */
35 bool
36 skipVerifyAndTrust (const ndn::Data & data);
37
38 /**
39 * @brief check if PolicyManager has the verification rule for the received data
40 * @param data the received data packet
41 * @return true if the data must be verified, otherwise false
42 */
43 bool
44 requireVerify (const ndn::Data & data);
45
46 /**
47 * @brief check whether received data packet complies with the verification policy, and get the indication of next verification step
48 * @param data the received data packet
49 * @param stepCount the number of verification steps that have been done, used to track the verification progress
50 * @param verifiedCallback the callback function that will be called if the received data packet has been validated
51 * @param unverifiedCallback the callback function that will be called if the received data packet cannot be validated
52 * @return the indication of next verification step, NULL if there is no further step
53 */
Yingdi Yu978b3ae2013-10-23 11:50:51 -070054 ndn::Ptr<ndn::security::ValidationRequest>
Yingdi Yu1ec26de2013-10-22 16:59:43 -070055 checkVerificationPolicy(ndn::Ptr<ndn::Data> data,
56 const int & stepCount,
57 const ndn::DataCallback& verifiedCallback,
58 const ndn::UnverifiedCallback& unverifiedCallback);
59
60
61 /**
62 * @brief check if the signing certificate name and data name satify the signing policy
63 * @param dataName the name of data to be signed
64 * @param certificateName the name of signing certificate
65 * @return true if the signing certificate can be used to sign the data, otherwise false
66 */
67 bool
68 checkSigningPolicy(const ndn::Name & dataName, const ndn::Name & certificateName);
69
70 /**
71 * @brief Infer signing identity name according to policy, if the signing identity cannot be inferred, it should return empty name
72 * @param dataName, the name of data to be signed
73 * @return the signing identity.
74 */
Yingdi Yu978b3ae2013-10-23 11:50:51 -070075 ndn::Name
Yingdi Yu1ec26de2013-10-22 16:59:43 -070076 inferSigningIdentity(const ndn::Name & dataName);
77
78
79 void
Yingdi Yu978b3ae2013-10-23 11:50:51 -070080 addTrustAnchor(const EndorseCertificate& selfEndorseCertificate);
Yingdi Yu1ec26de2013-10-22 16:59:43 -070081
Yingdi Yua7f52f12013-10-23 15:09:58 -070082// private:
83// void
84// onCertificateVerified(ndn::Ptr<ndn::Data> certData,
85// ndn::Ptr<ndn::Data> originalData,
86// const ndn::DataCallback& verifiedCallback,
87// const ndn::UnverifiedCallback& unverifiedCallback);
Yingdi Yu1ec26de2013-10-22 16:59:43 -070088
Yingdi Yua7f52f12013-10-23 15:09:58 -070089// void
90// onCertificateUnverified(ndn::Ptr<ndn::Data> certData,
91// ndn::Ptr<ndn::Data> originalData,
92// const ndn::UnverifiedCallback& unverifiedCallback);
Yingdi Yu1ec26de2013-10-22 16:59:43 -070093
94private:
95 int m_stepLimit;
96 ndn::Ptr<ndn::security::CertificateCache> m_certificateCache;
97 ndn::Ptr<ndn::Regex> m_localPrefixRegex;
Yingdi Yu978b3ae2013-10-23 11:50:51 -070098 ndn::Ptr<ndn::security::IdentityPolicyRule> m_invitationDataRule;
99 ndn::Ptr<ndn::security::IdentityPolicyRule> m_dskRule;
100 ndn::Ptr<ndn::Regex> m_keyNameRegex;
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700101 ndn::Ptr<ndn::Regex> m_signingCertificateRegex;
Yingdi Yu978b3ae2013-10-23 11:50:51 -0700102 std::map<ndn::Name, ndn::security::Publickey> m_trustAnchors;
Yingdi Yu1ec26de2013-10-22 16:59:43 -0700103
104};
105
106#endif