blob: 5622bc65d70f1b20bf67ddf2e502d7463dba995d [file] [log] [blame]
Yingdi Yufa4ce792014-02-06 18:09:22 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * Yingdi Yu
5 *
6 * BSD license, See the LICENSE file for more information
7 *
8 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
9 */
10
11#include "validator-panel.h"
12
13#include "logging.h"
14
15using namespace std;
16using namespace ndn;
17using namespace ndn::ptr_lib;
18
19INIT_LOGGER("ValidatorPanel");
20
21namespace chronos{
22
23const shared_ptr<CertificateCache> ValidatorPanel::DEFAULT_CERT_CACHE = shared_ptr<CertificateCache>();
24
25ValidatorPanel::ValidatorPanel(int stepLimit /* = 10 */,
26 const shared_ptr<CertificateCache> certificateCache/* = DEFAULT_CERT_CACHE */)
27 : m_stepLimit(stepLimit)
28 , m_certificateCache(certificateCache)
29{
30 m_endorseeRule = make_shared<SecRuleRelative>("^([^<DNS>]*)<DNS><>*<ENDORSEE><>$",
31 "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$",
32 "==", "\\1", "\\1\\2", true);
33}
34
35
36
37void
38ValidatorPanel::checkPolicy (const Data& data,
39 int stepCount,
40 const OnDataValidated& onValidated,
41 const OnDataValidationFailed& onValidationFailed,
42 vector<shared_ptr<ValidationRequest> >& nextSteps)
43{
44 if(m_stepLimit == stepCount)
45 {
46 _LOG_ERROR("Reach the maximum steps of verification!");
47 onValidationFailed(data.shared_from_this());
48 return;
49 }
50
51 try{
52 SignatureSha256WithRsa sig(data.getSignature());
53 const Name& keyLocatorName = sig.getKeyLocator().getName();
54
55 if(m_endorseeRule->satisfy(data.getName(), keyLocatorName))
56 {
57 Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
58
59 if(m_trustAnchors.end() != m_trustAnchors.find(keyName) && Validator::verifySignature(data, sig, m_trustAnchors[keyName]))
60 onValidated(data.shared_from_this());
61 else
62 onValidationFailed(data.shared_from_this());
63 }
64 else
65 onValidationFailed(data.shared_from_this());
66
67 return;
68
69 }catch(...){
70 onValidationFailed(data.shared_from_this());
71 return;
72 }
73}
74
75}//chronos