blob: 01b22f6261b5ee5d39237c131e1f7910cc52a54c [file] [log] [blame]
Yingdi Yu43e71612013-10-30 22:19:31 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * Yingdi Yu
5 *
6 * BSD license, See the LICENSE file for more information
7 *
8 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
9 */
10
Yingdi Yu5e0af3e2014-01-15 19:33:25 -080011#ifndef SEC_POLICY_SYNC_H
12#define SEC_POLICY_SYNC_H
Yingdi Yu43e71612013-10-30 22:19:31 -070013
Yingdi Yu46c9f1a2013-12-18 15:15:46 +080014#include <ndn-cpp/face.hpp>
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -080015#include <ndn-cpp/security/key-chain.hpp>
16#include <ndn-cpp/security/verifier.hpp>
Yingdi Yu5e0af3e2014-01-15 19:33:25 -080017#include <ndn-cpp/security/sec-policy.hpp>
18#include <ndn-cpp/security/identity-certificate.hpp>
Yingdi Yu46c9f1a2013-12-18 15:15:46 +080019#include <ndn-cpp-et/regex/regex.hpp>
Yingdi Yu5e0af3e2014-01-15 19:33:25 -080020#include <ndn-cpp-et/policy/sec-rule-identity.hpp>
Yingdi Yu46c9f1a2013-12-18 15:15:46 +080021#include <map>
22
Yingdi Yu5e0af3e2014-01-15 19:33:25 -080023#include "sec-rule-sync-specific.h"
Yingdi Yu43e71612013-10-30 22:19:31 -070024
Yingdi Yu5e0af3e2014-01-15 19:33:25 -080025class SecPolicySync : public ndn::SecPolicy
Yingdi Yu43e71612013-10-30 22:19:31 -070026{
27public:
Yingdi Yu5e0af3e2014-01-15 19:33:25 -080028 SecPolicySync(const ndn::Name& signingIdentity,
Yingdi Yu43e71612013-10-30 22:19:31 -070029 const ndn::Name& signingCertificateName,
30 const ndn::Name& syncPrefix,
Yingdi Yu6e235db2013-12-27 08:40:53 +080031 ndn::ptr_lib::shared_ptr<ndn::Face> face,
Yingdi Yu43e71612013-10-30 22:19:31 -070032 int m_stepLimit = 3);
33
34 virtual
Yingdi Yu5e0af3e2014-01-15 19:33:25 -080035 ~SecPolicySync();
Yingdi Yu43e71612013-10-30 22:19:31 -070036
37 bool
38 skipVerifyAndTrust (const ndn::Data& data);
39
40 bool
41 requireVerify (const ndn::Data& data);
42
Yingdi Yu46c9f1a2013-12-18 15:15:46 +080043 ndn::ptr_lib::shared_ptr<ndn::ValidationRequest>
44 checkVerificationPolicy(const ndn::ptr_lib::shared_ptr<ndn::Data>& data,
45 int stepCount,
46 const ndn::OnVerified& onVerified,
47 const ndn::OnVerifyFailed& onVerifyFailed);
Yingdi Yu43e71612013-10-30 22:19:31 -070048
49 bool
50 checkSigningPolicy(const ndn::Name& dataName,
51 const ndn::Name& certificateName);
52
53 ndn::Name
54 inferSigningIdentity(const ndn::Name& dataName);
55
56 void
Yingdi Yu46c9f1a2013-12-18 15:15:46 +080057 addTrustAnchor(const ndn::IdentityCertificate& identityCertificate, bool isIntroducer);
Yingdi Yu43e71612013-10-30 22:19:31 -070058
59 void
60 addChatDataRule(const ndn::Name& prefix,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +080061 const ndn::IdentityCertificate& identityCertificate,
Yingdi Yu43e71612013-10-30 22:19:31 -070062 bool isIntroducer);
63
Yingdi Yu43e71612013-10-30 22:19:31 -070064private:
Yingdi Yu46c9f1a2013-12-18 15:15:46 +080065
66 ndn::ptr_lib::shared_ptr<ndn::ValidationRequest>
Yingdi Yu43e71612013-10-30 22:19:31 -070067 prepareIntroducerRequest(const ndn::Name& keyName,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +080068 ndn::ptr_lib::shared_ptr<ndn::Data> data,
Yingdi Yu43e71612013-10-30 22:19:31 -070069 const int & stepCount,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +080070 const ndn::OnVerified& onVerified,
71 const ndn::OnVerifyFailed& onVerifyFailed);
Yingdi Yu43e71612013-10-30 22:19:31 -070072
Yingdi Yu46c9f1a2013-12-18 15:15:46 +080073 ndn::ptr_lib::shared_ptr<const std::vector<ndn::Name> >
Yingdi Yu43e71612013-10-30 22:19:31 -070074 getAllIntroducerName();
75
Yingdi Yu46c9f1a2013-12-18 15:15:46 +080076 ndn::ptr_lib::shared_ptr<ndn::ValidationRequest>
Yingdi Yu43e71612013-10-30 22:19:31 -070077 prepareRequest(const ndn::Name& keyName,
78 bool forIntroducer,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +080079 ndn::ptr_lib::shared_ptr<ndn::Data> data,
Yingdi Yu43e71612013-10-30 22:19:31 -070080 const int & stepCount,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +080081 const ndn::OnVerified& onVerified,
82 const ndn::OnVerifyFailed& onVerifyFailed);
Yingdi Yu43e71612013-10-30 22:19:31 -070083
84 void
Yingdi Yu46c9f1a2013-12-18 15:15:46 +080085 OnIntroCertInterest(const ndn::ptr_lib::shared_ptr<const ndn::Name>& prefix,
86 const ndn::ptr_lib::shared_ptr<const ndn::Interest>& interest,
87 ndn::Transport& transport,
88 uint64_t registeredPrefixId);
89
90 void
91 OnIntroCertRegisterFailed(const ndn::ptr_lib::shared_ptr<const ndn::Name>& prefix);
92
93 void
94 onIntroCertVerified(const ndn::ptr_lib::shared_ptr<ndn::Data>& introCertificateData,
Yingdi Yu43e71612013-10-30 22:19:31 -070095 bool forIntroducer,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +080096 ndn::ptr_lib::shared_ptr<ndn::Data> originalData,
97 const ndn::OnVerified& onVerified,
98 const ndn::OnVerifyFailed& onVerifyFailed);
Yingdi Yu43e71612013-10-30 22:19:31 -070099
100 void
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800101 onIntroCertVerifyFailed(const ndn::ptr_lib::shared_ptr<ndn::Data>& introCertificateData,
102 ndn::ptr_lib::shared_ptr<ndn::Name> interestPrefixName,
103 bool forIntroducer,
104 ndn::ptr_lib::shared_ptr<const std::vector<ndn::Name> > introNameList,
105 int nextIntroducerIndex,
106 ndn::ptr_lib::shared_ptr<ndn::Data> originalData,
107 const ndn::OnVerified& onVerified,
108 const ndn::OnVerifyFailed& onVerifyFailed);
109
110 void
111 onIntroCertData(const ndn::ptr_lib::shared_ptr<const ndn::Interest> &interest,
112 const ndn::ptr_lib::shared_ptr<ndn::Data>& introCertificateData,
113 int stepCount,
114 const ndn::OnVerified& onRecursiveVerified,
115 const ndn::OnVerifyFailed& onRecursiveVerifyFailed,
116 ndn::ptr_lib::shared_ptr<ndn::Data> originalData,
117 const ndn::OnVerifyFailed& onVerifyFailed);
Yingdi Yu43e71612013-10-30 22:19:31 -0700118
119 void
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800120 onIntroCertTimeout(const ndn::ptr_lib::shared_ptr<const ndn::Interest>& interest,
121 int retry,
122 int stepCount,
123 const ndn::OnVerified& onRecursiveVerified,
124 const ndn::OnVerifyFailed& onRecursiveVerifyFailed,
125 ndn::ptr_lib::shared_ptr<ndn::Data> originalData,
126 const ndn::OnVerifyFailed& onVerifyFailed);
Yingdi Yu43e71612013-10-30 22:19:31 -0700127
128
129
130private:
131 ndn::Name m_signingIdentity;
132 ndn::Name m_signingCertificateName;
133 ndn::Name m_syncPrefix;
134 int m_stepLimit;
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800135 ndn::ptr_lib::shared_ptr<ndn::Regex> m_syncPrefixRegex;
136 ndn::ptr_lib::shared_ptr<ndn::Regex> m_wotPrefixRegex;
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800137 ndn::ptr_lib::shared_ptr<ndn::SecRuleIdentity> m_chatDataPolicy;
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800138 std::map<std::string, ndn::PublicKey> m_trustedIntroducers;
139 std::map<std::string, ndn::PublicKey> m_trustedProducers;
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800140 std::map<std::string, SecRuleSyncSpecific> m_chatDataRules;
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800141 std::map<std::string, ndn::Data> m_introCert;
Yingdi Yu43e71612013-10-30 22:19:31 -0700142
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800143 ndn::ptr_lib::shared_ptr<ndn::KeyChain> m_keyChain;
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800144 ndn::ptr_lib::shared_ptr<ndn::Face> m_face;
145
Yingdi Yu43e71612013-10-30 22:19:31 -0700146};
147
148#endif