Gitiles
Code Review Sign In
gerrit.named-data.net / ChronoSync / 57fdb5f95e74479b506ad14a5604910b5955b743 / . / src / sec-policy-sync.cc
blob: 0f4db3e35d6482e1a37180ad5f88ea44114fbbf9 [file] [log] [blame]
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * Yingdi Yu
5 *
6 * BSD license, See the LICENSE file for more information
7 *
8 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
9 */
10
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]11#include "sync-intro-certificate.h"
12#include "sync-logging.h"
Yingdi Yue8154712014-01-21 10:20:14 -0800[diff] [blame]13#include <ndn-cpp-dev/security/verifier.hpp>
14#include <ndn-cpp-dev/security/signature-sha256-with-rsa.hpp>
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]15
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]16#include "sec-policy-sync.h"
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]17
18using namespace ndn;
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]19using namespace ndn::ptr_lib;
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]20using namespace std;
21
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]22INIT_LOGGER("SecPolicySync");
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]23
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]24SecPolicySync::SecPolicySync(const Name& signingIdentity,
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]25 const Name& signingCertificateName,
26 const Name& syncPrefix,
27 shared_ptr<Face> face,
28 int stepLimit)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]29 : m_signingIdentity(signingIdentity)
30 , m_signingCertificateName(signingCertificateName.getPrefix(signingCertificateName.size()-1))
31 , m_syncPrefix(syncPrefix)
32 , m_stepLimit(stepLimit)
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]33 , m_keyChain(new KeyChain())
34{
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]35 m_introCertPrefix = syncPrefix;
36 m_introCertPrefix.append("WOT");
37
38 m_syncDataPolicy = make_shared<SecRuleRelative>("^[^<%F0\\.>]*<%F0\\.>([^<chronos>]*)<chronos><>",
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]39 "^([^<KEY>]*)<KEY>(<>*)[<dsk-.*><ksk-.*>]<ID-CERT>$",
40 "==", "\\1", "\\1", true);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]41}
42
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]43SecPolicySync::~SecPolicySync()
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]44{}
45
46bool
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]47SecPolicySync::skipVerifyAndTrust (const Data& data)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]48{ return false; }
49
50bool
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]51SecPolicySync::requireVerify (const Data& data)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]52{ return true; }
53
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]54shared_ptr<ValidationRequest>
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]55SecPolicySync::checkVerificationPolicy(const shared_ptr<Data>& data,
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]56 int stepCount,
57 const OnVerified& onVerified,
58 const OnVerifyFailed& onVerifyFailed)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]59{
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]60 if(stepCount > m_stepLimit)
61 {
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]62 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]63 return shared_ptr<ValidationRequest>();
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]64 }
65
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]66 try{
67 SignatureSha256WithRsa sig(data->getSignature());
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]68 const Name& keyLocatorName = sig.getKeyLocator().getName();
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]69
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]70 // if data is intro cert
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]71 if(m_introCertPrefix.isPrefixOf(data->getName()))
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]72 {
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]73 Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]74 map<Name, PublicKey>::const_iterator it = m_trustedIntroducers.find(keyName);
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]75 if(m_trustedIntroducers.end() != it)
76 {
77 if(Verifier::verifySignature(*data, sig, it->second))
78 onVerified(data);
79 else
80 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]81 return shared_ptr<ValidationRequest>();
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]82 }
83 else
84 return prepareRequest(keyName, true, data, stepCount, onVerified, onVerifyFailed);
85 }
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]86
87 // if data is diff data or sync data
88 if(m_syncPrefix.isPrefixOf(data->getName()) || m_syncDataPolicy->satisfy(*data))
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]89 {
90 Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]91
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]92 map<Name, PublicKey>::const_iterator it = m_trustedIntroducers.find(keyName);
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]93 if(m_trustedIntroducers.end() != it)
94 {
95 if(Verifier::verifySignature(*data, sig, it->second))
96 onVerified(data);
97 else
98 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]99 return shared_ptr<ValidationRequest>();
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]100 }
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]101
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]102 it = m_trustedProducers.find(keyName);
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]103 if(m_trustedProducers.end() != it)
104 {
105 if(Verifier::verifySignature(*data, sig, it->second))
106 onVerified(data);
107 else
108 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]109 return shared_ptr<ValidationRequest>();
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]110 }
Yingdi Yu0b3bd482013-11-01 16:11:20 -0700[diff] [blame]111
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]112 return prepareRequest(keyName, false, data, stepCount, onVerified, onVerifyFailed);
113 }
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]114
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]115 }catch(SignatureSha256WithRsa::Error &e){
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]116 _LOG_DEBUG("SecPolicySync Error: " << e.what());
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]117 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]118 return shared_ptr<ValidationRequest>();
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]119 }catch(KeyLocator::Error &e){
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]120 _LOG_DEBUG("SecPolicySync Error: " << e.what());
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]121 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]122 return shared_ptr<ValidationRequest>();
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]123 }
124
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]125 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]126 return shared_ptr<ValidationRequest>();
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]127}
128
129bool
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]130SecPolicySync::checkSigningPolicy(const Name& dataName,
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]131 const Name& certificateName)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]132{
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]133 return true;
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]134}
135
136Name
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]137SecPolicySync::inferSigningIdentity(const ndn::Name& dataName)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]138{ return m_signingIdentity; }
139
140void
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]141SecPolicySync::addTrustAnchor(const IdentityCertificate& identityCertificate, bool isIntroducer)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]142{
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]143 Name publicKeyName = identityCertificate.getPublicKeyName();
144
145 _LOG_DEBUG("Add intro/producer: " << publicKeyName);
146
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]147 if(isIntroducer)
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]148 m_trustedIntroducers[publicKeyName] = identityCertificate.getPublicKeyInfo();
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]149 else
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]150 m_trustedProducers[publicKeyName] = identityCertificate.getPublicKeyInfo();
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]151}
152
153void
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]154SecPolicySync::addSyncDataRule(const Name& prefix,
155 const IdentityCertificate& identityCertificate,
156 bool isIntroducer)
157{ addTrustAnchor(identityCertificate, isIntroducer); }
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]158
159
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]160shared_ptr<const vector<Name> >
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]161SecPolicySync::getAllIntroducerName()
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]162{
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]163 shared_ptr<vector<Name> > nameList = make_shared<vector<Name> >();
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]164
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]165 map<Name, PublicKey>::iterator it = m_trustedIntroducers.begin();
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]166 for(; it != m_trustedIntroducers.end(); it++)
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]167 nameList->push_back(it->first);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]168
169 return nameList;
170}
171
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]172shared_ptr<ValidationRequest>
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]173SecPolicySync::prepareRequest(const Name& keyName,
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]174 bool forIntroducer,
175 shared_ptr<Data> data,
176 const int & stepCount,
177 const OnVerified& onVerified,
178 const OnVerifyFailed& onVerifyFailed)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]179{
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]180 Name interestPrefix = m_syncPrefix;
181 interestPrefix.append("WOT").append(keyName.wireEncode()).append("INTRO-CERT");
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]182
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]183 shared_ptr<const vector<Name> > nameList = getAllIntroducerName();
Yingdi Yu0b3bd482013-11-01 16:11:20 -0700[diff] [blame]184 if(0 == nameList->size())
185 {
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]186 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]187 return shared_ptr<ValidationRequest>();
Yingdi Yu0b3bd482013-11-01 16:11:20 -0700[diff] [blame]188 }
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]189
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]190 Name interestName = interestPrefix;
191 interestName.append(nameList->at(0).wireEncode());
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]192
193 if(forIntroducer)
194 interestName.append("INTRODUCER");
195
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]196 shared_ptr<ndn::Interest> interest = make_shared<ndn::Interest>(interestName);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]197
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]198 OnVerified introCertVerified = func_lib::bind(&SecPolicySync::onIntroCertVerified,
199 this,
200 _1,
201 forIntroducer,
202 data,
203 onVerified,
204 onVerifyFailed);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]205
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]206 OnVerifyFailed introCertVerifyFailed = func_lib::bind(&SecPolicySync::onIntroCertVerifyFailed,
207 this,
208 _1,
209 interestPrefix,
210 forIntroducer,
211 nameList,
212 1,
213 data,
214 onVerified,
215 onVerifyFailed);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]216
217
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]218 shared_ptr<ValidationRequest> nextStep = make_shared<ValidationRequest>(interest,
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]219 introCertVerified,
220 introCertVerifyFailed,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]221 1,
222 m_stepLimit-1);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]223 return nextStep;
224}
225
226void
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]227SecPolicySync::OnIntroCertInterest(const shared_ptr<const Name>& prefix,
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]228 const shared_ptr<const ndn::Interest>& interest,
229 Transport& transport,
230 uint64_t registeredPrefixId)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]231{
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]232 map<Name, Data>::const_iterator it = m_introCert.find(*prefix);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]233
234 if(m_introCert.end() != it)
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]235 m_face->put(it->second);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]236}
237
238void
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]239SecPolicySync::OnIntroCertRegisterFailed(const shared_ptr<const Name>& prefix)
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]240{
241}
242
243void
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]244SecPolicySync::onIntroCertVerified(const shared_ptr<Data>& introCertificateData,
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]245 bool forIntroducer,
246 shared_ptr<Data> originalData,
247 const OnVerified& onVerified,
248 const OnVerifyFailed& onVerifyFailed)
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]249{
250 shared_ptr<SyncIntroCertificate> introCertificate = make_shared<SyncIntroCertificate>(*introCertificateData);
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]251 Name subjectKeyName = introCertificate->getPublicKeyName();
252
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]253 if(forIntroducer)
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]254 {
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]255 //Add the intro cert subject as trusted introducer.
256 m_trustedIntroducers[subjectKeyName] = introCertificate->getPublicKeyInfo();
257
258 //Generate another intro cert for the cert subject.
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]259 SyncIntroCertificate syncIntroCertificate(m_syncPrefix,
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]260 subjectKeyName,
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]261 m_keyChain->getDefaultKeyNameForIdentity(m_signingIdentity),
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]262 introCertificate->getNotBefore(),
263 introCertificate->getNotAfter(),
264 introCertificate->getPublicKeyInfo(),
265 SyncIntroCertificate::INTRODUCER);
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]266 m_keyChain->signByIdentity(syncIntroCertificate, m_signingIdentity);
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]267 m_face->put(syncIntroCertificate);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]268
269 // Name prefix = syncIntroCertificate.getName().getPrefix(syncIntroCertificate.getName().size()-1);
270
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]271 // map<string, Data>::const_iterator it = m_introCert.find(prefix);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]272 // if(m_introCert.end() != it)
273 // {
274 // it->second = syncIntroCertificate;
275 // }
276 // else
277 // {
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]278 // m_introCert.insert(pair <Name, Data> (prefix, syncIntroCertificate));
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]279 // m_face->registerPrefix(prefix,
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]280 // boost::bind(&SecPolicySync::onIntroCertInterest, this, _1, _2, _3, _4),
281 // boost::bind(&SecPolicySync::onIntroCertRegisterFailed, this, _1));
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]282 // }
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]283 }
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]284 else
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]285 {
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]286 //Add the intro cert subject as trusted producer.
287 m_trustedProducers[subjectKeyName] = introCertificate->getPublicKeyInfo();
288
289 //Generate another intro cert for the cert subject.
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]290 SyncIntroCertificate syncIntroCertificate(m_syncPrefix,
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]291 subjectKeyName,
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]292 m_keyChain->getDefaultKeyNameForIdentity(m_signingIdentity),
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]293 introCertificate->getNotBefore(),
294 introCertificate->getNotAfter(),
295 introCertificate->getPublicKeyInfo(),
296 SyncIntroCertificate::PRODUCER);
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]297 m_keyChain->signByIdentity(syncIntroCertificate, m_signingIdentity);
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]298 m_face->put(syncIntroCertificate);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]299
300 // Name prefix = syncIntroCertificate.getName().getPrefix(syncIntroCertificate.getName().size()-1);
301
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]302 // map<string, Data>::const_iterator it = m_introCert.find(prefix);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]303 // if(m_introCert.end() != it)
304 // {
305 // it->second = syncIntroCertificate;
306 // }
307 // else
308 // {
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]309 // m_introCert.insert(pair <Name, Data> (prefix, syncIntroCertificate));
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]310 // m_face->registerPrefix(prefix,
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]311 // boost::bind(&SecPolicySync::onIntroCertInterest, this, _1, _2, _3, _4),
312 // boost::bind(&SecPolicySync::onIntroCertRegisterFailed, this, _1));
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]313 // }
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]314 }
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]315
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]316 try{
317 SignatureSha256WithRsa sig(originalData->getSignature());
318 if(Verifier::verifySignature(*originalData, sig, introCertificate->getPublicKeyInfo()))
319 onVerified(originalData);
320 else
321 onVerifyFailed(originalData);
322 }catch(SignatureSha256WithRsa::Error &e){
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]323 onVerifyFailed(originalData);
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]324 }catch(KeyLocator::Error &e){
325 onVerifyFailed(originalData);
326 }
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]327}
328
329void
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]330SecPolicySync::onIntroCertVerifyFailed(const shared_ptr<Data>& introCertificateData,
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]331 Name interestPrefix,
332 bool forIntroducer,
333 shared_ptr<const vector<Name> > introNameList,
334 int nextIntroducerIndex,
335 shared_ptr<Data> originalData,
336 const OnVerified& onVerified,
337 const OnVerifyFailed& onVerifyFailed)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]338{
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]339 Name interestName = interestPrefix;
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]340 if(nextIntroducerIndex < introNameList->size())
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]341 interestName.append(introNameList->at(nextIntroducerIndex).wireEncode());
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]342 else
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]343 onVerifyFailed(originalData);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]344
345 if(forIntroducer)
346 interestName.append("INTRODUCER");
347
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]348 ndn::Interest interest(interestName);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]349
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]350 OnVerified introCertVerified = func_lib::bind(&SecPolicySync::onIntroCertVerified,
351 this,
352 _1,
353 forIntroducer,
354 originalData,
355 onVerified,
356 onVerifyFailed);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]357
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]358 OnVerifyFailed introCertVerifyFailed = func_lib::bind(&SecPolicySync::onIntroCertVerifyFailed,
359 this,
360 _1,
361 interestPrefix,
362 forIntroducer,
363 introNameList,
364 nextIntroducerIndex + 1,
365 originalData,
366 onVerified,
367 onVerifyFailed);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]368
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]369 m_face->expressInterest(interest,
370 func_lib::bind(&SecPolicySync::onIntroCertData,
371 this,
372 _1,
373 _2,
374 m_stepLimit-1,
375 introCertVerified,
376 introCertVerifyFailed),
377 func_lib::bind(&SecPolicySync::onIntroCertTimeout,
378 this,
379 _1,
380 1,
381 m_stepLimit-1,
382 introCertVerified,
383 introCertVerifyFailed)
384 );
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]385}
386
387void
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]388SecPolicySync::onIntroCertData(const shared_ptr<const ndn::Interest> &interest,
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]389 const shared_ptr<Data>& introCertificateData,
390 int stepCount,
391 const OnVerified& introCertVerified,
392 const OnVerifyFailed& introCertVerifyFailed)
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]393{
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]394 shared_ptr<ValidationRequest> nextStep = checkVerificationPolicy(introCertificateData, stepCount, introCertVerified, introCertVerifyFailed);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]395 if (nextStep)
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]396 m_face->expressInterest(*nextStep->interest_,
397 func_lib::bind(&SecPolicySync::onIntroCertData,
398 this,
399 _1,
400 _2,
401 nextStep->stepCount_,
402 nextStep->onVerified_,
403 nextStep->onVerifyFailed_),
404 func_lib::bind(&SecPolicySync::onIntroCertTimeout,
405 this,
406 _1,
407 nextStep->retry_,
408 nextStep->stepCount_,
409 nextStep->onVerified_,
410 nextStep->onVerifyFailed_)
411 );
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]412}
413
414void
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame]415SecPolicySync::onIntroCertTimeout(const shared_ptr<const ndn::Interest>& interest,
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]416 int retry,
417 int stepCount,
418 const OnVerified& introCertVerified,
419 const OnVerifyFailed& introCertVerifyFailed)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]420{
421 if(retry > 0)
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]422 m_face->expressInterest(*interest,
423 func_lib::bind(&SecPolicySync::onIntroCertData,
424 this,
425 _1,
426 _2,
427 stepCount,
428 introCertVerified,
429 introCertVerifyFailed),
430 func_lib::bind(&SecPolicySync::onIntroCertTimeout,
431 this,
432 _1,
433 retry - 1,
434 stepCount,
435 introCertVerified,
436 introCertVerifyFailed)
437 );
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]438 else
Yingdi Yu57fdb5f2014-01-23 22:33:43 -0800[diff] [blame^]439 introCertVerifyFailed(shared_ptr<Data>());
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]440}