Gitiles
Code Review Sign In
gerrit.named-data.net / ChronoChat / f8f572d36b442d99bbd08908bf3e4633c467c099 / . / src / panel-policy-manager.cpp
blob: e60eb4f46265691074af0c02723a4c288c19d32b [file] [log] [blame]
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * Yingdi Yu
5 *
6 * BSD license, See the LICENSE file for more information
7 *
8 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
9 */
10
11#include "panel-policy-manager.h"
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]12#include "null-ptrs.h"
Yingdi Yuf8f572d2014-01-13 11:19:47 -0800[diff] [blame^]13#include <ndn-cpp/security/verifier.hpp>
14#include <ndn-cpp/security/signature/signature-sha256-with-rsa.hpp>
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]15// #include <boost/bind.hpp>
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]16
17#include "logging.h"
18
19using namespace std;
20using namespace ndn;
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]21using namespace ndn::ptr_lib;
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]22
23INIT_LOGGER("PanelPolicyManager");
24
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]25PanelPolicyManager::PanelPolicyManager(const int & stepLimit)
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]26 : m_stepLimit(stepLimit)
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]27 , m_certificateCache()
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]28{
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]29 m_localPrefixRegex = make_shared<Regex>("^<local><ndn><prefix><><>$");
Yingdi Yu9b34b1f2013-11-01 17:37:51 -0700[diff] [blame]30
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]31 m_invitationDataSigningRule = make_shared<IdentityPolicyRule>("^<ndn><broadcast><chronos><invitation>([^<chatroom>]*)<chatroom>",
32 "^([^<KEY>]*)<KEY>(<>*)<><ID-CERT><>$",
33 "==", "\\1", "\\1\\2", true);
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]34
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]35 m_dskRule = make_shared<IdentityPolicyRule>("^([^<KEY>]*)<KEY><dsk-.*><ID-CERT><>$",
36 "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$",
37 "==", "\\1", "\\1\\2", true);
Yingdi Yub2e747d2013-11-05 23:06:43 -0800[diff] [blame]38
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]39 m_endorseeRule = make_shared<IdentityPolicyRule>("^([^<DNS>]*)<DNS><>*<ENDORSEE><>$",
40 "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$",
41 "==", "\\1", "\\1\\2", true);
Yingdi Yub2e747d2013-11-05 23:06:43 -0800[diff] [blame]42
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]43 m_kskRegex = make_shared<Regex>("^([^<KEY>]*)<KEY>(<>*<ksk-.*>)<ID-CERT><>$", "\\1\\2");
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]44
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]45 m_keyNameRegex = make_shared<Regex>("^([^<KEY>]*)<KEY>(<>*<ksk-.*>)<ID-CERT>$", "\\1\\2");
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]46
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]47 m_signingCertificateRegex = make_shared<Regex>("^<ndn><broadcast><chronos><invitation>([^<chatroom>]*)<chatroom>", "\\1");
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]48}
49
50bool
51PanelPolicyManager::skipVerifyAndTrust (const Data & data)
52{
53 if(m_localPrefixRegex->match(data.getName()))
54 return true;
55
56 return false;
57}
58
59bool
60PanelPolicyManager::requireVerify (const Data & data)
61{
62 // if(m_invitationDataRule->matchDataName(data))
63 // return true;
Yingdi Yu9b34b1f2013-11-01 17:37:51 -0700[diff] [blame]64 if(m_kskRegex->match(data.getName()))
65 return true;
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]66 if(m_dskRule->matchDataName(data))
67 return true;
68
Yingdi Yub2e747d2013-11-05 23:06:43 -0800[diff] [blame]69 if(m_endorseeRule->matchDataName(data))
70 return true;
71
72
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]73 return false;
74}
75
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]76shared_ptr<ValidationRequest>
77PanelPolicyManager::checkVerificationPolicy(const shared_ptr<Data>& data,
78 int stepCount,
79 const OnVerified& onVerified,
80 const OnVerifyFailed& onVerifyFailed)
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]81{
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]82 if(m_stepLimit == stepCount)
83 {
Yingdi Yue35bdb82013-11-07 11:32:40 -0800[diff] [blame]84 _LOG_ERROR("Reach the maximum steps of verification!");
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]85 onVerifyFailed(data);
86 return CHRONOCHAT_NULL_VALIDATIONREQUEST_PTR;
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]87 }
88
Yingdi Yuf8f572d2014-01-13 11:19:47 -0800[diff] [blame^]89 try{
90 SignatureSha256WithRsa sig(data->getSignature());
91 const Name & keyLocatorName = sig.getKeyLocator().getName();
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]92
Yingdi Yuf8f572d2014-01-13 11:19:47 -0800[diff] [blame^]93 if(m_kskRegex->match(data->getName()))
94 {
95 Name keyName = m_kskRegex->expand();
96 map<Name, PublicKey>::iterator it = m_trustAnchors.find(keyName);
97 if(m_trustAnchors.end() != it)
98 {
99 // _LOG_DEBUG("found key!");
100 IdentityCertificate identityCertificate(*data);
101 if(it->second == identityCertificate.getPublicKeyInfo())
102 onVerified(data);
103 else
104 onVerifyFailed(data);
105 }
106 else
107 onVerifyFailed(data);
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]108
Yingdi Yuf8f572d2014-01-13 11:19:47 -0800[diff] [blame^]109 return CHRONOCHAT_NULL_VALIDATIONREQUEST_PTR;
110 }
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]111
Yingdi Yuf8f572d2014-01-13 11:19:47 -0800[diff] [blame^]112 if(m_dskRule->satisfy(*data))
113 {
114 m_keyNameRegex->match(keyLocatorName);
115 Name keyName = m_keyNameRegex->expand();
116
117 if(m_trustAnchors.end() != m_trustAnchors.find(keyName))
118 if(Verifier::verifySignature(*data, sig, m_trustAnchors[keyName]))
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]119 onVerified(data);
Yingdi Yu9b34b1f2013-11-01 17:37:51 -0700[diff] [blame]120 else
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]121 onVerifyFailed(data);
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]122 else
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]123 onVerifyFailed(data);
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]124
Yingdi Yuf8f572d2014-01-13 11:19:47 -0800[diff] [blame^]125 return CHRONOCHAT_NULL_VALIDATIONREQUEST_PTR;
126 }
Yingdi Yub2e747d2013-11-05 23:06:43 -0800[diff] [blame]127
Yingdi Yuf8f572d2014-01-13 11:19:47 -0800[diff] [blame^]128 if(m_endorseeRule->satisfy(*data))
129 {
130 m_keyNameRegex->match(keyLocatorName);
131 Name keyName = m_keyNameRegex->expand();
132 if(m_trustAnchors.end() != m_trustAnchors.find(keyName))
133 if(Verifier::verifySignature(*data, sig, m_trustAnchors[keyName]))
134 onVerified(data);
135 else
136 onVerifyFailed(data);
Yingdi Yub2e747d2013-11-05 23:06:43 -0800[diff] [blame]137 else
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]138 onVerifyFailed(data);
Yingdi Yub2e747d2013-11-05 23:06:43 -0800[diff] [blame]139
Yingdi Yuf8f572d2014-01-13 11:19:47 -0800[diff] [blame^]140 return CHRONOCHAT_NULL_VALIDATIONREQUEST_PTR;
141 }
142 }catch(SignatureSha256WithRsa::Error &e){
143 _LOG_DEBUG("checkVerificationPolicy: " << e.what());
144 onVerifyFailed(data);
145 return CHRONOCHAT_NULL_VALIDATIONREQUEST_PTR;
146 }catch(KeyLocator::Error &e){
147 _LOG_DEBUG("checkVerificationPolicy: " << e.what());
148 onVerifyFailed(data);
149 return CHRONOCHAT_NULL_VALIDATIONREQUEST_PTR;
150 }
Yingdi Yub2e747d2013-11-05 23:06:43 -0800[diff] [blame]151
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]152 _LOG_DEBUG("Unverified!");
153
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]154 onVerifyFailed(data);
155 return CHRONOCHAT_NULL_VALIDATIONREQUEST_PTR;
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]156}
157
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]158bool
159PanelPolicyManager::checkSigningPolicy(const Name & dataName, const Name & certificateName)
160{
161 return m_invitationDataSigningRule->satisfy(dataName, certificateName);
162}
163
164Name
165PanelPolicyManager::inferSigningIdentity(const Name & dataName)
166{
167 if(m_signingCertificateRegex->match(dataName))
168 return m_signingCertificateRegex->expand();
169 else
170 return Name();
171}
172
173void
174PanelPolicyManager::addTrustAnchor(const EndorseCertificate& selfEndorseCertificate)
175{
Yingdi Yu6eabbd72013-12-27 08:44:12 +0800[diff] [blame]176 _LOG_DEBUG("Add Anchor: " << selfEndorseCertificate.getPublicKeyName().toUri());
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]177 m_trustAnchors.insert(pair <Name, PublicKey > (selfEndorseCertificate.getPublicKeyName(), selfEndorseCertificate.getPublicKeyInfo()));
Yingdi Yu7989eb22013-10-31 17:38:22 -0700[diff] [blame]178}
Yingdi Yuaf305d72013-11-10 11:54:02 -0800[diff] [blame]179
Yingdi Yu72232692013-11-12 17:50:21 -0800[diff] [blame]180void
181PanelPolicyManager::removeTrustAnchor(const Name& keyName)
182{
183 m_trustAnchors.erase(keyName);
184}
185
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]186shared_ptr<PublicKey>
187PanelPolicyManager::getTrustedKey(const Name& inviterCertName)
Yingdi Yuaf305d72013-11-10 11:54:02 -0800[diff] [blame]188{
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]189 Name keyLocatorName = inviterCertName.getPrefix(-1);
Yingdi Yu6eabbd72013-12-27 08:44:12 +0800[diff] [blame]190 _LOG_DEBUG("inviter cert name: " << inviterCertName.toUri());
Yingdi Yuaf305d72013-11-10 11:54:02 -0800[diff] [blame]191 m_keyNameRegex->match(keyLocatorName);
192 Name keyName = m_keyNameRegex->expand();
193
194 if(m_trustAnchors.end() != m_trustAnchors.find(keyName))
Yingdi Yu76dd8002013-12-24 11:16:32 +0800[diff] [blame]195 return make_shared<PublicKey>(m_trustAnchors[keyName]);
196 return CHRONOCHAT_NULL_PUBLICKEY_PTR;
197}