policy: Simplify SecPolicySync
diff --git a/src/sec-policy-sync.cc b/src/sec-policy-sync.cc
index 7c70208..0f4db3e 100644
--- a/src/sec-policy-sync.cc
+++ b/src/sec-policy-sync.cc
@@ -22,21 +22,20 @@
INIT_LOGGER("SecPolicySync");
SecPolicySync::SecPolicySync(const Name& signingIdentity,
- const Name& signingCertificateName,
- const Name& syncPrefix,
- shared_ptr<Face> face,
- int stepLimit)
+ const Name& signingCertificateName,
+ const Name& syncPrefix,
+ shared_ptr<Face> face,
+ int stepLimit)
: m_signingIdentity(signingIdentity)
, m_signingCertificateName(signingCertificateName.getPrefix(signingCertificateName.size()-1))
, m_syncPrefix(syncPrefix)
, m_stepLimit(stepLimit)
, m_keyChain(new KeyChain())
{
- Name wotPrefix = syncPrefix;
- wotPrefix.append("WOT");
- m_syncPrefixRegex = Regex::fromName(syncPrefix);
- m_wotPrefixRegex = Regex::fromName(wotPrefix);
- m_chatDataPolicy = make_shared<SecRuleIdentity>("^[^<%F0.>]*<%F0.>([^<chronos>]*)<chronos><>",
+ m_introCertPrefix = syncPrefix;
+ m_introCertPrefix.append("WOT");
+
+ m_syncDataPolicy = make_shared<SecRuleRelative>("^[^<%F0\\.>]*<%F0\\.>([^<chronos>]*)<chronos><>",
"^([^<KEY>]*)<KEY>(<>*)[<dsk-.*><ksk-.*>]<ID-CERT>$",
"==", "\\1", "\\1", true);
}
@@ -54,9 +53,9 @@
shared_ptr<ValidationRequest>
SecPolicySync::checkVerificationPolicy(const shared_ptr<Data>& data,
- int stepCount,
- const OnVerified& onVerified,
- const OnVerifyFailed& onVerifyFailed)
+ int stepCount,
+ const OnVerified& onVerified,
+ const OnVerifyFailed& onVerifyFailed)
{
if(stepCount > m_stepLimit)
{
@@ -66,15 +65,13 @@
try{
SignatureSha256WithRsa sig(data->getSignature());
-
const Name& keyLocatorName = sig.getKeyLocator().getName();
-
+
// if data is intro cert
- if(m_wotPrefixRegex->match(data->getName()))
+ if(m_introCertPrefix.isPrefixOf(data->getName()))
{
- // _LOG_DEBUG("Intro Cert");
Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
- map<string, PublicKey>::const_iterator it = m_trustedIntroducers.find(keyName.toUri());
+ map<Name, PublicKey>::const_iterator it = m_trustedIntroducers.find(keyName);
if(m_trustedIntroducers.end() != it)
{
if(Verifier::verifySignature(*data, sig, it->second))
@@ -86,13 +83,13 @@
else
return prepareRequest(keyName, true, data, stepCount, onVerified, onVerifyFailed);
}
-
- // if data is sync data or chat data
- if(m_syncPrefixRegex->match(data->getName()) || m_chatDataPolicy->satisfy(*data))
+
+ // if data is diff data or sync data
+ if(m_syncPrefix.isPrefixOf(data->getName()) || m_syncDataPolicy->satisfy(*data))
{
Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
- map<string, PublicKey>::const_iterator it = m_trustedIntroducers.find(keyName.toUri());
+ map<Name, PublicKey>::const_iterator it = m_trustedIntroducers.find(keyName);
if(m_trustedIntroducers.end() != it)
{
if(Verifier::verifySignature(*data, sig, it->second))
@@ -102,7 +99,7 @@
return shared_ptr<ValidationRequest>();
}
- it = m_trustedProducers.find(keyName.toUri());
+ it = m_trustedProducers.find(keyName);
if(m_trustedProducers.end() != it)
{
if(Verifier::verifySignature(*data, sig, it->second))
@@ -114,6 +111,7 @@
return prepareRequest(keyName, false, data, stepCount, onVerified, onVerifyFailed);
}
+
}catch(SignatureSha256WithRsa::Error &e){
_LOG_DEBUG("SecPolicySync Error: " << e.what());
onVerifyFailed(data);
@@ -130,7 +128,7 @@
bool
SecPolicySync::checkSigningPolicy(const Name& dataName,
- const Name& certificateName)
+ const Name& certificateName)
{
return true;
}
@@ -142,22 +140,21 @@
void
SecPolicySync::addTrustAnchor(const IdentityCertificate& identityCertificate, bool isIntroducer)
{
- // _LOG_DEBUG("Add intro/producer: " << identityCertificate.getPublicKeyName());
+ Name publicKeyName = identityCertificate.getPublicKeyName();
+
+ _LOG_DEBUG("Add intro/producer: " << publicKeyName);
+
if(isIntroducer)
- m_trustedIntroducers.insert(pair <string, PublicKey > (identityCertificate.getPublicKeyName().toUri(),
- identityCertificate.getPublicKeyInfo()));
+ m_trustedIntroducers[publicKeyName] = identityCertificate.getPublicKeyInfo();
else
- m_trustedProducers.insert(pair <string, PublicKey > (identityCertificate.getPublicKeyName().toUri(),
- identityCertificate.getPublicKeyInfo()));
+ m_trustedProducers[publicKeyName] = identityCertificate.getPublicKeyInfo();
}
void
-SecPolicySync::addChatDataRule(const Name& prefix,
- const IdentityCertificate& identityCertificate,
- bool isIntroducer)
-{
- addTrustAnchor(identityCertificate, isIntroducer);
-}
+SecPolicySync::addSyncDataRule(const Name& prefix,
+ const IdentityCertificate& identityCertificate,
+ bool isIntroducer)
+{ addTrustAnchor(identityCertificate, isIntroducer); }
shared_ptr<const vector<Name> >
@@ -165,23 +162,23 @@
{
shared_ptr<vector<Name> > nameList = make_shared<vector<Name> >();
- map<string, PublicKey>::iterator it = m_trustedIntroducers.begin();
+ map<Name, PublicKey>::iterator it = m_trustedIntroducers.begin();
for(; it != m_trustedIntroducers.end(); it++)
- nameList->push_back(Name(it->first));
+ nameList->push_back(it->first);
return nameList;
}
shared_ptr<ValidationRequest>
SecPolicySync::prepareRequest(const Name& keyName,
- bool forIntroducer,
- shared_ptr<Data> data,
- const int & stepCount,
- const OnVerified& onVerified,
- const OnVerifyFailed& onVerifyFailed)
+ bool forIntroducer,
+ shared_ptr<Data> data,
+ const int & stepCount,
+ const OnVerified& onVerified,
+ const OnVerifyFailed& onVerifyFailed)
{
- shared_ptr<Name> interestPrefixName = make_shared<Name>(m_syncPrefix);
- interestPrefixName->append("WOT").append(keyName).append("INTRO-CERT");
+ Name interestPrefix = m_syncPrefix;
+ interestPrefix.append("WOT").append(keyName.wireEncode()).append("INTRO-CERT");
shared_ptr<const vector<Name> > nameList = getAllIntroducerName();
if(0 == nameList->size())
@@ -190,38 +187,37 @@
return shared_ptr<ValidationRequest>();
}
- Name interestName = *interestPrefixName;
- interestName.append(nameList->at(0));
+ Name interestName = interestPrefix;
+ interestName.append(nameList->at(0).wireEncode());
if(forIntroducer)
interestName.append("INTRODUCER");
shared_ptr<ndn::Interest> interest = make_shared<ndn::Interest>(interestName);
- // _LOG_DEBUG("send interest for intro cert: " << interest->getName());
- OnVerified requestedCertVerifiedCallback = boost::bind(&SecPolicySync::onIntroCertVerified,
- this,
- _1,
- forIntroducer,
- data,
- onVerified,
- onVerifyFailed);
+ OnVerified introCertVerified = func_lib::bind(&SecPolicySync::onIntroCertVerified,
+ this,
+ _1,
+ forIntroducer,
+ data,
+ onVerified,
+ onVerifyFailed);
- OnVerifyFailed requestedCertUnverifiedCallback = boost::bind(&SecPolicySync::onIntroCertVerifyFailed,
- this,
- _1,
- interestPrefixName,
- forIntroducer,
- nameList,
- 1,
- data,
- onVerified,
- onVerifyFailed);
+ OnVerifyFailed introCertVerifyFailed = func_lib::bind(&SecPolicySync::onIntroCertVerifyFailed,
+ this,
+ _1,
+ interestPrefix,
+ forIntroducer,
+ nameList,
+ 1,
+ data,
+ onVerified,
+ onVerifyFailed);
shared_ptr<ValidationRequest> nextStep = make_shared<ValidationRequest>(interest,
- requestedCertVerifiedCallback,
- requestedCertUnverifiedCallback,
+ introCertVerified,
+ introCertVerifyFailed,
1,
m_stepLimit-1);
return nextStep;
@@ -229,11 +225,11 @@
void
SecPolicySync::OnIntroCertInterest(const shared_ptr<const Name>& prefix,
- const shared_ptr<const ndn::Interest>& interest,
- Transport& transport,
- uint64_t registeredPrefixId)
+ const shared_ptr<const ndn::Interest>& interest,
+ Transport& transport,
+ uint64_t registeredPrefixId)
{
- map<string, Data>::const_iterator it = m_introCert.find(prefix->toUri());
+ map<Name, Data>::const_iterator it = m_introCert.find(*prefix);
if(m_introCert.end() != it)
m_face->put(it->second);
@@ -246,40 +242,40 @@
void
SecPolicySync::onIntroCertVerified(const shared_ptr<Data>& introCertificateData,
- bool forIntroducer,
- shared_ptr<Data> originalData,
- const OnVerified& onVerified,
- const OnVerifyFailed& onVerifyFailed)
+ bool forIntroducer,
+ shared_ptr<Data> originalData,
+ const OnVerified& onVerified,
+ const OnVerifyFailed& onVerifyFailed)
{
shared_ptr<SyncIntroCertificate> introCertificate = make_shared<SyncIntroCertificate>(*introCertificateData);
+ Name subjectKeyName = introCertificate->getPublicKeyName();
+
if(forIntroducer)
{
- m_trustedIntroducers.insert(pair <string, PublicKey > (introCertificate->getPublicKeyName().toUri(),
- introCertificate->getPublicKeyInfo()));
+ //Add the intro cert subject as trusted introducer.
+ m_trustedIntroducers[subjectKeyName] = introCertificate->getPublicKeyInfo();
+
+ //Generate another intro cert for the cert subject.
SyncIntroCertificate syncIntroCertificate(m_syncPrefix,
- introCertificate->getPublicKeyName(),
+ subjectKeyName,
m_keyChain->getDefaultKeyNameForIdentity(m_signingIdentity),
introCertificate->getNotBefore(),
introCertificate->getNotAfter(),
introCertificate->getPublicKeyInfo(),
SyncIntroCertificate::INTRODUCER);
-
- Name certName = m_keyChain->getDefaultCertificateNameForIdentity(m_signingIdentity);
- _LOG_DEBUG("Publish Intro Certificate on Verified: " << syncIntroCertificate.getName());
- m_keyChain->sign(syncIntroCertificate, certName);
-
+ m_keyChain->signByIdentity(syncIntroCertificate, m_signingIdentity);
m_face->put(syncIntroCertificate);
// Name prefix = syncIntroCertificate.getName().getPrefix(syncIntroCertificate.getName().size()-1);
- // map<string, Data>::const_iterator it = m_introCert.find(prefix.toEscapedString());
+ // map<string, Data>::const_iterator it = m_introCert.find(prefix);
// if(m_introCert.end() != it)
// {
// it->second = syncIntroCertificate;
// }
// else
// {
- // m_introCert.insert(pair <string, Data> (prefix.toEscapedString(), syncIntroCertificate));
+ // m_introCert.insert(pair <Name, Data> (prefix, syncIntroCertificate));
// m_face->registerPrefix(prefix,
// boost::bind(&SecPolicySync::onIntroCertInterest, this, _1, _2, _3, _4),
// boost::bind(&SecPolicySync::onIntroCertRegisterFailed, this, _1));
@@ -287,32 +283,30 @@
}
else
{
- m_trustedProducers.insert(pair <string, PublicKey > (introCertificate->getPublicKeyName().toUri(),
- introCertificate->getPublicKeyInfo()));
+ //Add the intro cert subject as trusted producer.
+ m_trustedProducers[subjectKeyName] = introCertificate->getPublicKeyInfo();
+
+ //Generate another intro cert for the cert subject.
SyncIntroCertificate syncIntroCertificate(m_syncPrefix,
- introCertificate->getPublicKeyName(),
+ subjectKeyName,
m_keyChain->getDefaultKeyNameForIdentity(m_signingIdentity),
introCertificate->getNotBefore(),
introCertificate->getNotAfter(),
introCertificate->getPublicKeyInfo(),
SyncIntroCertificate::PRODUCER);
-
- Name certName = m_keyChain->getDefaultCertificateNameForIdentity(m_signingIdentity);
- _LOG_DEBUG("Publish Intro Certificate on Verified: " << syncIntroCertificate.getName());
- m_keyChain->sign(syncIntroCertificate, certName);
-
+ m_keyChain->signByIdentity(syncIntroCertificate, m_signingIdentity);
m_face->put(syncIntroCertificate);
// Name prefix = syncIntroCertificate.getName().getPrefix(syncIntroCertificate.getName().size()-1);
- // map<string, Data>::const_iterator it = m_introCert.find(prefix.toEscapedString());
+ // map<string, Data>::const_iterator it = m_introCert.find(prefix);
// if(m_introCert.end() != it)
// {
// it->second = syncIntroCertificate;
// }
// else
// {
- // m_introCert.insert(pair <string, Data> (prefix.toEscapedString(), syncIntroCertificate));
+ // m_introCert.insert(pair <Name, Data> (prefix, syncIntroCertificate));
// m_face->registerPrefix(prefix,
// boost::bind(&SecPolicySync::onIntroCertInterest, this, _1, _2, _3, _4),
// boost::bind(&SecPolicySync::onIntroCertRegisterFailed, this, _1));
@@ -334,129 +328,113 @@
void
SecPolicySync::onIntroCertVerifyFailed(const shared_ptr<Data>& introCertificateData,
- shared_ptr<Name> interestPrefixName,
- bool forIntroducer,
- shared_ptr<const vector<Name> > introNameList,
- int nextIntroducerIndex,
- shared_ptr<Data> originalData,
- const OnVerified& onVerified,
- const OnVerifyFailed& onVerifyFailed)
+ Name interestPrefix,
+ bool forIntroducer,
+ shared_ptr<const vector<Name> > introNameList,
+ int nextIntroducerIndex,
+ shared_ptr<Data> originalData,
+ const OnVerified& onVerified,
+ const OnVerifyFailed& onVerifyFailed)
{
- Name interestName = *interestPrefixName;
+ Name interestName = interestPrefix;
if(nextIntroducerIndex < introNameList->size())
- interestName.append(introNameList->at(nextIntroducerIndex));
+ interestName.append(introNameList->at(nextIntroducerIndex).wireEncode());
else
onVerifyFailed(originalData);
if(forIntroducer)
interestName.append("INTRODUCER");
- shared_ptr<ndn::Interest> interest = make_shared<ndn::Interest>(interestName);
+ ndn::Interest interest(interestName);
- OnVerified onRecursiveVerified = boost::bind(&SecPolicySync::onIntroCertVerified,
- this,
- _1,
- forIntroducer,
- originalData,
- onVerified,
- onVerifyFailed);
+ OnVerified introCertVerified = func_lib::bind(&SecPolicySync::onIntroCertVerified,
+ this,
+ _1,
+ forIntroducer,
+ originalData,
+ onVerified,
+ onVerifyFailed);
- OnVerifyFailed onRecursiveVerifyFailed = boost::bind(&SecPolicySync::onIntroCertVerifyFailed,
- this,
- _1,
- interestPrefixName,
- forIntroducer,
- introNameList,
- nextIntroducerIndex + 1,
- originalData,
- onVerified,
- onVerifyFailed);
+ OnVerifyFailed introCertVerifyFailed = func_lib::bind(&SecPolicySync::onIntroCertVerifyFailed,
+ this,
+ _1,
+ interestPrefix,
+ forIntroducer,
+ introNameList,
+ nextIntroducerIndex + 1,
+ originalData,
+ onVerified,
+ onVerifyFailed);
- m_face->expressInterest(*interest,
- boost::bind(&SecPolicySync::onIntroCertData,
- this,
- _1,
- _2,
- m_stepLimit-1,
- onRecursiveVerified,
- onRecursiveVerifyFailed,
- originalData,
- onVerifyFailed),
- boost::bind(&SecPolicySync::onIntroCertTimeout,
- this,
- _1,
- 1,
- m_stepLimit-1,
- onRecursiveVerified,
- onRecursiveVerifyFailed,
- originalData,
- onVerifyFailed));
+ m_face->expressInterest(interest,
+ func_lib::bind(&SecPolicySync::onIntroCertData,
+ this,
+ _1,
+ _2,
+ m_stepLimit-1,
+ introCertVerified,
+ introCertVerifyFailed),
+ func_lib::bind(&SecPolicySync::onIntroCertTimeout,
+ this,
+ _1,
+ 1,
+ m_stepLimit-1,
+ introCertVerified,
+ introCertVerifyFailed)
+ );
}
void
SecPolicySync::onIntroCertData(const shared_ptr<const ndn::Interest> &interest,
- const shared_ptr<Data>& introCertificateData,
- int stepCount,
- const OnVerified& onRecursiveVerified,
- const OnVerifyFailed& onRecursiveVerifyFailed,
- shared_ptr<Data> originalData,
- const OnVerifyFailed& onVerifyFailed)
+ const shared_ptr<Data>& introCertificateData,
+ int stepCount,
+ const OnVerified& introCertVerified,
+ const OnVerifyFailed& introCertVerifyFailed)
{
- shared_ptr<ValidationRequest> nextStep = checkVerificationPolicy(introCertificateData, stepCount, onRecursiveVerified, onRecursiveVerifyFailed);
+ shared_ptr<ValidationRequest> nextStep = checkVerificationPolicy(introCertificateData, stepCount, introCertVerified, introCertVerifyFailed);
if (nextStep)
- m_face->expressInterest
- (*nextStep->interest_,
- boost::bind(&SecPolicySync::onIntroCertData,
- this,
- _1,
- _2,
- nextStep->stepCount_,
- nextStep->onVerified_,
- nextStep->onVerifyFailed_,
- introCertificateData,
- onRecursiveVerifyFailed),
- boost::bind(&SecPolicySync::onIntroCertTimeout,
- this,
- _1,
- nextStep->retry_,
- nextStep->stepCount_,
- nextStep->onVerified_,
- nextStep->onVerifyFailed_,
- introCertificateData,
- onRecursiveVerifyFailed));
+ m_face->expressInterest(*nextStep->interest_,
+ func_lib::bind(&SecPolicySync::onIntroCertData,
+ this,
+ _1,
+ _2,
+ nextStep->stepCount_,
+ nextStep->onVerified_,
+ nextStep->onVerifyFailed_),
+ func_lib::bind(&SecPolicySync::onIntroCertTimeout,
+ this,
+ _1,
+ nextStep->retry_,
+ nextStep->stepCount_,
+ nextStep->onVerified_,
+ nextStep->onVerifyFailed_)
+ );
}
void
SecPolicySync::onIntroCertTimeout(const shared_ptr<const ndn::Interest>& interest,
- int retry,
- int stepCount,
- const OnVerified& onRecursiveVerified,
- const OnVerifyFailed& onRecursiveVerifyFailed,
- shared_ptr<Data> originalData,
- const OnVerifyFailed& onVerifyFailed)
+ int retry,
+ int stepCount,
+ const OnVerified& introCertVerified,
+ const OnVerifyFailed& introCertVerifyFailed)
{
if(retry > 0)
- {
- m_face->expressInterest(*interest,
- boost::bind(&SecPolicySync::onIntroCertData,
- this,
- _1,
- _2,
- stepCount,
- onRecursiveVerified,
- onRecursiveVerifyFailed,
- originalData,
- onVerifyFailed),
- boost::bind(&SecPolicySync::onIntroCertTimeout,
- this,
- _1,
- retry - 1,
- stepCount,
- onRecursiveVerified,
- onRecursiveVerifyFailed,
- originalData,
- onVerifyFailed));
- }
+ m_face->expressInterest(*interest,
+ func_lib::bind(&SecPolicySync::onIntroCertData,
+ this,
+ _1,
+ _2,
+ stepCount,
+ introCertVerified,
+ introCertVerifyFailed),
+ func_lib::bind(&SecPolicySync::onIntroCertTimeout,
+ this,
+ _1,
+ retry - 1,
+ stepCount,
+ introCertVerified,
+ introCertVerifyFailed)
+ );
else
- onVerifyFailed(originalData);
+ introCertVerifyFailed(shared_ptr<Data>());
}
diff --git a/src/sec-policy-sync.h b/src/sec-policy-sync.h
index 4df53c8..2ecac0f 100644
--- a/src/sec-policy-sync.h
+++ b/src/sec-policy-sync.h
@@ -16,20 +16,18 @@
#include <ndn-cpp-dev/security/verifier.hpp>
#include <ndn-cpp-dev/security/sec-policy.hpp>
#include <ndn-cpp-dev/security/identity-certificate.hpp>
-#include <ndn-cpp-et/regex/regex.hpp>
-#include <ndn-cpp-et/policy/sec-rule-identity.hpp>
+#include <ndn-cpp-et/policy/sec-rule-relative.hpp>
+// #include <ndn-cpp-et/policy/sec-rule-specific.hpp>
#include <map>
-#include "sec-rule-sync-specific.h"
-
class SecPolicySync : public ndn::SecPolicy
{
public:
SecPolicySync(const ndn::Name& signingIdentity,
- const ndn::Name& signingCertificateName,
- const ndn::Name& syncPrefix,
- ndn::ptr_lib::shared_ptr<ndn::Face> face,
- int m_stepLimit = 3);
+ const ndn::Name& signingCertificateName,
+ const ndn::Name& syncPrefix,
+ ndn::ptr_lib::shared_ptr<ndn::Face> face,
+ int m_stepLimit = 3);
virtual
~SecPolicySync();
@@ -57,7 +55,7 @@
addTrustAnchor(const ndn::IdentityCertificate& identityCertificate, bool isIntroducer);
void
- addChatDataRule(const ndn::Name& prefix,
+ addSyncDataRule(const ndn::Name& prefix,
const ndn::IdentityCertificate& identityCertificate,
bool isIntroducer);
@@ -99,7 +97,7 @@
void
onIntroCertVerifyFailed(const ndn::ptr_lib::shared_ptr<ndn::Data>& introCertificateData,
- ndn::ptr_lib::shared_ptr<ndn::Name> interestPrefixName,
+ ndn::Name interestPrefix,
bool forIntroducer,
ndn::ptr_lib::shared_ptr<const std::vector<ndn::Name> > introNameList,
int nextIntroducerIndex,
@@ -111,19 +109,15 @@
onIntroCertData(const ndn::ptr_lib::shared_ptr<const ndn::Interest> &interest,
const ndn::ptr_lib::shared_ptr<ndn::Data>& introCertificateData,
int stepCount,
- const ndn::OnVerified& onRecursiveVerified,
- const ndn::OnVerifyFailed& onRecursiveVerifyFailed,
- ndn::ptr_lib::shared_ptr<ndn::Data> originalData,
- const ndn::OnVerifyFailed& onVerifyFailed);
+ const ndn::OnVerified& introCertVerified,
+ const ndn::OnVerifyFailed& introCertVerifyFailed);
void
onIntroCertTimeout(const ndn::ptr_lib::shared_ptr<const ndn::Interest>& interest,
int retry,
int stepCount,
- const ndn::OnVerified& onRecursiveVerified,
- const ndn::OnVerifyFailed& onRecursiveVerifyFailed,
- ndn::ptr_lib::shared_ptr<ndn::Data> originalData,
- const ndn::OnVerifyFailed& onVerifyFailed);
+ const ndn::OnVerified& introCertVerified,
+ const ndn::OnVerifyFailed& introCertVerifyFailed);
@@ -131,14 +125,13 @@
ndn::Name m_signingIdentity;
ndn::Name m_signingCertificateName;
ndn::Name m_syncPrefix;
+ ndn::Name m_introCertPrefix;
int m_stepLimit;
- ndn::ptr_lib::shared_ptr<ndn::Regex> m_syncPrefixRegex;
- ndn::ptr_lib::shared_ptr<ndn::Regex> m_wotPrefixRegex;
- ndn::ptr_lib::shared_ptr<ndn::SecRuleIdentity> m_chatDataPolicy;
- std::map<std::string, ndn::PublicKey> m_trustedIntroducers;
- std::map<std::string, ndn::PublicKey> m_trustedProducers;
- std::map<std::string, SecRuleSyncSpecific> m_chatDataRules;
- std::map<std::string, ndn::Data> m_introCert;
+ ndn::ptr_lib::shared_ptr<ndn::SecRuleRelative> m_syncDataPolicy;
+ std::map<ndn::Name, ndn::PublicKey> m_trustedIntroducers;
+ std::map<ndn::Name, ndn::PublicKey> m_trustedProducers;
+ // std::map<ndn::Name, SecRuleSyncSpecific> m_chatDataRules;
+ std::map<ndn::Name, ndn::Data> m_introCert;
ndn::ptr_lib::shared_ptr<ndn::KeyChain> m_keyChain;
ndn::ptr_lib::shared_ptr<ndn::Face> m_face;
diff --git a/src/sec-rule-sync-specific.cc b/src/sec-rule-sync-specific.cc
deleted file mode 100644
index 60d8708..0000000
--- a/src/sec-rule-sync-specific.cc
+++ /dev/null
@@ -1,56 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/*
- * Copyright (c) 2013, Regents of the University of California
- * Yingdi Yu
- *
- * BSD license, See the LICENSE file for more information
- *
- * Author: Yingdi Yu <yingdi@cs.ucla.edu>
- */
-
-#include "sec-rule-sync-specific.h"
-#include <ndn-cpp-dev/security/signature-sha256-with-rsa.hpp>
-
-using namespace ndn;
-using namespace ndn::ptr_lib;
-using namespace std;
-
-
-SecRuleSyncSpecific::SecRuleSyncSpecific(shared_ptr<Regex> dataRegex,
- shared_ptr<Regex> signerRegex)
- : SecRule(SecRule::IDENTITY_RULE, true)
- , m_dataRegex(dataRegex)
- , m_signerRegex(signerRegex)
-{}
-
-SecRuleSyncSpecific::SecRuleSyncSpecific(const SecRuleSyncSpecific& rule)
- : SecRule(SecRule::IDENTITY_RULE, true)
- , m_dataRegex(rule.m_dataRegex)
- , m_signerRegex(rule.m_signerRegex)
-{}
-
-bool
-SecRuleSyncSpecific::matchDataName(const Data& data)
-{ return m_dataRegex->match(data.getName()); }
-
-bool
-SecRuleSyncSpecific::matchSignerName(const Data& data)
-{
- try{
- SignatureSha256WithRsa sig(data.getSignature());
- Name signerName = sig.getKeyLocator().getName ();
- return m_signerRegex->match(signerName);
- }catch(SignatureSha256WithRsa::Error &e){
- return false;
- }catch(KeyLocator::Error &e){
- return false;
- }
-}
-
-bool
-SecRuleSyncSpecific::satisfy(const Data & data)
-{ return (matchDataName(data) && matchSignerName(data)) ? true : false ; }
-
-bool
-SecRuleSyncSpecific::satisfy(const Name & dataName, const Name & signerName)
-{ return (m_dataRegex->match(dataName) && m_signerRegex->match(signerName)); }
diff --git a/src/sec-rule-sync-specific.h b/src/sec-rule-sync-specific.h
deleted file mode 100644
index 25e4e28..0000000
--- a/src/sec-rule-sync-specific.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/*
- * Copyright (c) 2013, Regents of the University of California
- * Yingdi Yu
- *
- * BSD license, See the LICENSE file for more information
- *
- * Author: Yingdi Yu <yingdi@cs.ucla.edu>
- */
-
-#ifndef SEC_RULE_SYNC_SPECIFIC_H
-#define SEC_RULE_SYNC_SPECIFIC_H
-
-#include <ndn-cpp-et/policy/sec-rule.hpp>
-#include <ndn-cpp-et/regex/regex.hpp>
-
-class SecRuleSyncSpecific : public ndn::SecRule
-{
-
-public:
- SecRuleSyncSpecific(ndn::ptr_lib::shared_ptr<ndn::Regex> dataRegex,
- ndn::ptr_lib::shared_ptr<ndn::Regex> signerRegex);
-
- SecRuleSyncSpecific(const SecRuleSyncSpecific& rule);
-
- virtual
- ~SecRuleSyncSpecific() {};
-
- bool
- matchDataName(const ndn::Data& data);
-
- bool
- matchSignerName(const ndn::Data& data);
-
- bool
- satisfy(const ndn::Data& data);
-
- bool
- satisfy(const ndn::Name& dataName, const ndn::Name& signerName);
-
-private:
- ndn::ptr_lib::shared_ptr<ndn::Regex> m_dataRegex;
- ndn::ptr_lib::shared_ptr<ndn::Regex> m_signerRegex;
-};
-
-#endif