security: Add security switch in SyncSocket
Change-Id: I65b8fb17ff1794cfdb0ffc6e724b743e6b1945bb
diff --git a/src/sync-socket.cc b/src/sync-socket.cc
index 9d3dc77..1188441 100644
--- a/src/sync-socket.cc
+++ b/src/sync-socket.cc
@@ -33,9 +33,9 @@
SyncSocket::SyncSocket (const Name& syncPrefix,
const ndn::Name& dataPrefix,
uint64_t dataSession,
+ shared_ptr<Face> face,
const IdentityCertificate& myCertificate,
shared_ptr<SecRuleRelative> dataRule,
- shared_ptr<Face> face,
NewDataCallback dataCallback,
RemoveCallback rmCallback )
: m_dataPrefix(dataPrefix)
@@ -44,18 +44,30 @@
, m_myCertificate(myCertificate)
, m_face(face)
, m_ioService(face->ioService())
- , m_syncValidator(new SyncValidator(syncPrefix,
- m_myCertificate,
- m_face,
- bind(&SyncSocket::publishData, this, _1, _2, _3, true),
- dataRule))
- , m_syncLogic (syncPrefix,
- myCertificate,
- m_syncValidator,
- face,
- bind(&SyncSocket::passCallback, this, _1),
- rmCallback)
-{}
+{
+ if(static_cast<bool>(dataRule))
+ {
+ m_withSecurity = true;
+ m_syncValidator = shared_ptr<Validator>(new SyncValidator(syncPrefix,
+ m_myCertificate,
+ m_face,
+ bind(&SyncSocket::publishData, this, _1, _2, _3, true),
+ dataRule));
+ }
+ else
+ {
+ m_withSecurity = false;
+ m_syncValidator = shared_ptr<Validator>(new ValidatorNull());
+ }
+
+
+ m_syncLogic = shared_ptr<SyncLogic>(new SyncLogic(syncPrefix,
+ myCertificate,
+ m_syncValidator,
+ m_face,
+ bind(&SyncSocket::passCallback, this, _1),
+ rmCallback));
+}
SyncSocket::~SyncSocket()
{
@@ -88,7 +100,7 @@
SeqNo s(session, sequence + 1);
m_sequenceLog[prefix] = s;
- m_syncLogic.addLocalNames (prefix, session, sequence);
+ m_syncLogic->addLocalNames (prefix, session, sequence);
}
void
@@ -153,10 +165,13 @@
if(data->getName().size() > interestNameSize
&& data->getName().get(interestNameSize).toEscapedString() == "INTRO-CERT")
{
+ if(!m_withSecurity)
+ return;
+
Data rawData;
rawData.wireDecode(data->getContent().blockFromValue());
IntroCertificate introCert(rawData);
- m_syncValidator->addParticipant(introCert);
+ dynamic_pointer_cast<SyncValidator>(m_syncValidator)->addParticipant(introCert);
}
else
{
diff --git a/src/sync-socket.h b/src/sync-socket.h
index 72df7ab..19fac0d 100644
--- a/src/sync-socket.h
+++ b/src/sync-socket.h
@@ -23,6 +23,7 @@
#include <ndn-cpp-dev/face.hpp>
#include <ndn-cpp-dev/security/validator.hpp>
+#include <ndn-cpp-dev/security/validator-null.hpp>
#include <ndn-cpp-dev/security/key-chain.hpp>
#include "sync-logic.h"
@@ -43,15 +44,17 @@
class SyncSocket
{
public:
+ struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+
typedef ndn::function< void (const std::vector<MissingDataInfo> &, SyncSocket * ) > NewDataCallback;
typedef ndn::function< void (const std::string &/*prefix*/ ) > RemoveCallback;
SyncSocket (const ndn::Name& syncPrefix,
const ndn::Name& dataPrefix,
uint64_t dataSession,
+ ndn::shared_ptr<ndn::Face> face,
const ndn::IdentityCertificate& myCertificate,
ndn::shared_ptr<ndn::SecRuleRelative> dataRule,
- ndn::shared_ptr<ndn::Face> face,
NewDataCallback dataCallback,
RemoveCallback rmCallback);
@@ -63,7 +66,7 @@
void
remove (const ndn::Name &prefix)
{
- m_syncLogic.remove(prefix);
+ m_syncLogic->remove(prefix);
}
void
@@ -72,7 +75,7 @@
std::string
getRootDigest()
{
- return m_syncLogic.getRootDigest();
+ return m_syncLogic->getRootDigest();
}
uint64_t
@@ -92,13 +95,44 @@
SyncLogic &
getLogic ()
{
- return m_syncLogic;
+ return *m_syncLogic;
}
void
addParticipant(const ndn::IdentityCertificate& introducee)
{
- ndn::shared_ptr<const IntroCertificate> introCert = m_syncValidator->addParticipant(introducee);
+ if(m_withSecurity)
+ {
+ ndn::dynamic_pointer_cast<SyncValidator>(m_syncValidator)->addParticipant(introducee);
+ }
+ }
+
+ void
+ addParticipant(const IntroCertificate& introCert)
+ {
+ if(m_withSecurity)
+ {
+ ndn::dynamic_pointer_cast<SyncValidator>(m_syncValidator)->addParticipant(introCert);
+ }
+ }
+
+ void
+ getIntroCertNames(std::vector<ndn::Name>& list)
+ {
+ if(m_withSecurity)
+ {
+ ndn::dynamic_pointer_cast<SyncValidator>(m_syncValidator)->getIntroCertNames(list);
+ }
+ }
+
+ const IntroCertificate&
+ getIntroCertificate(const ndn::Name& name)
+ {
+ if(m_withSecurity)
+ {
+ return ndn::dynamic_pointer_cast<SyncValidator>(m_syncValidator)->getIntroCertificate(name);
+ }
+ throw Error("You are running SyncSocket without security!");
}
// // make this a static function so we don't have to create socket instance without
@@ -150,8 +184,9 @@
ndn::KeyChain m_keyChain;
ndn::shared_ptr<ndn::Face> m_face;
ndn::shared_ptr<boost::asio::io_service> m_ioService;
- ndn::shared_ptr<SyncValidator> m_syncValidator;
- SyncLogic m_syncLogic;
+ bool m_withSecurity;
+ ndn::shared_ptr<ndn::Validator> m_syncValidator;
+ ndn::shared_ptr<SyncLogic> m_syncLogic;
};
} // Sync
diff --git a/src/sync-validator.h b/src/sync-validator.h
index 7a6fc8f..00c92c8 100644
--- a/src/sync-validator.h
+++ b/src/sync-validator.h
@@ -80,6 +80,9 @@
inline void
getIntroCertNames(std::vector<ndn::Name>& list);
+ inline const IntroCertificate&
+ getIntroCertificate(const ndn::Name& name);
+
#ifdef _TEST
bool
canTrust(const ndn::Name& certName)
@@ -312,6 +315,16 @@
list.push_back(it->first);
}
+inline const IntroCertificate&
+SyncValidator::getIntroCertificate(const ndn::Name& name)
+{
+ Edges::const_iterator it = m_introCerts.find(name);
+ if(it != m_introCerts.end())
+ return it->second;
+ else
+ throw Error("No cert");
+}
+
} // namespace Sync
#endif //SYNC_VALIDATOR_H
diff --git a/tests/test-socket.cc b/tests/test-socket.cc
index a10a2f1..400e289 100644
--- a/tests/test-socket.cc
+++ b/tests/test-socket.cc
@@ -163,9 +163,9 @@
m_s1 = ndn::make_shared<SyncSocket>("/let/us/sync",
"/irl.cs.ucla.edu",
0,
+ m_face1,
*m_id1,
m_rule,
- m_face1,
bind(&TestSocketApp::fetchAll, &m_a1, _1, _2),
bind(&TestSocketApp::pass, &m_a1, _1));
m_s1->addParticipant(*m_id2);
@@ -179,9 +179,9 @@
m_s2 = ndn::make_shared<SyncSocket>("/let/us/sync",
"/yakshi.org",
0,
+ m_face2,
*m_id2,
m_rule,
- m_face2,
bind(&TestSocketApp::fetchAll, &m_a2, _1, _2),
bind(&TestSocketApp::pass, &m_a2, _1));
m_s2->addParticipant(*m_id1);
@@ -196,9 +196,9 @@
m_s3 = ndn::make_shared<SyncSocket>("/let/us/sync",
"/google.com",
0,
+ m_face3,
*m_id3,
- m_rule,
- m_face3,
+ m_rule,
bind(&TestSocketApp::fetchAll, &m_a3, _1, _2),
bind(&TestSocketApp::pass, &m_a3, _1));
m_s3->addParticipant(*m_id2);
@@ -306,9 +306,9 @@
m_s1 = ndn::make_shared<SyncSocket>("/this/is/the/prefix",
"/xiaonei.com",
0,
+ m_face1,
*m_id1,
m_rule,
- m_face1,
bind(&TestSocketApp::fetchNumbers, &m_a1, _1, _2),
bind(&TestSocketApp::pass, &m_a1, _1));
@@ -323,9 +323,9 @@
m_s2 = ndn::make_shared<SyncSocket>("/this/is/the/prefix",
"/mitbbs.com",
0,
+ m_face2,
*m_id2,
m_rule,
- m_face2,
bind(&TestSocketApp::fetchNumbers, &m_a2, _1, _2),
bind(&TestSocketApp::pass, &m_a2, _1));