Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /* |
| 3 | * Copyright (c) 2013, Regents of the University of California |
| 4 | * Yingdi Yu |
| 5 | * |
| 6 | * BSD license, See the LICENSE file for more information |
| 7 | * |
| 8 | * Author: Yingdi Yu <yingdi@cs.ucla.edu> |
| 9 | */ |
| 10 | |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 11 | #include "sync-intro-certificate.h" |
| 12 | #include "sync-logging.h" |
Yingdi Yu | e815471 | 2014-01-21 10:20:14 -0800 | [diff] [blame] | 13 | #include <ndn-cpp-dev/security/verifier.hpp> |
| 14 | #include <ndn-cpp-dev/security/signature-sha256-with-rsa.hpp> |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 15 | |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 16 | #include "sec-policy-sync.h" |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 17 | |
| 18 | using namespace ndn; |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 19 | using namespace ndn::ptr_lib; |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 20 | using namespace std; |
| 21 | |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 22 | INIT_LOGGER("SecPolicySync"); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 23 | |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 24 | SecPolicySync::SecPolicySync(const Name& signingIdentity, |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 25 | const Name& signingCertificateName, |
| 26 | const Name& syncPrefix, |
| 27 | shared_ptr<Face> face, |
| 28 | int stepLimit) |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 29 | : m_signingIdentity(signingIdentity) |
| 30 | , m_signingCertificateName(signingCertificateName.getPrefix(signingCertificateName.size()-1)) |
| 31 | , m_syncPrefix(syncPrefix) |
| 32 | , m_stepLimit(stepLimit) |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 33 | , m_keyChain(new KeyChain()) |
| 34 | { |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 35 | m_introCertPrefix = syncPrefix; |
| 36 | m_introCertPrefix.append("WOT"); |
| 37 | |
| 38 | m_syncDataPolicy = make_shared<SecRuleRelative>("^[^<%F0\\.>]*<%F0\\.>([^<chronos>]*)<chronos><>", |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 39 | "^([^<KEY>]*)<KEY>(<>*)[<dsk-.*><ksk-.*>]<ID-CERT>$", |
| 40 | "==", "\\1", "\\1", true); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 41 | } |
| 42 | |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 43 | SecPolicySync::~SecPolicySync() |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 44 | {} |
| 45 | |
| 46 | bool |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 47 | SecPolicySync::skipVerifyAndTrust (const Data& data) |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 48 | { return false; } |
| 49 | |
| 50 | bool |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 51 | SecPolicySync::requireVerify (const Data& data) |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 52 | { return true; } |
| 53 | |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 54 | shared_ptr<ValidationRequest> |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 55 | SecPolicySync::checkVerificationPolicy(const shared_ptr<Data>& data, |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 56 | int stepCount, |
| 57 | const OnVerified& onVerified, |
| 58 | const OnVerifyFailed& onVerifyFailed) |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 59 | { |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 60 | if(stepCount > m_stepLimit) |
| 61 | { |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 62 | onVerifyFailed(data); |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 63 | return shared_ptr<ValidationRequest>(); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 64 | } |
| 65 | |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 66 | try{ |
| 67 | SignatureSha256WithRsa sig(data->getSignature()); |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 68 | const Name& keyLocatorName = sig.getKeyLocator().getName(); |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 69 | |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 70 | // if data is intro cert |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 71 | if(m_introCertPrefix.isPrefixOf(data->getName())) |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 72 | { |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 73 | Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName); |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 74 | map<Name, PublicKey>::const_iterator it = m_trustedIntroducers.find(keyName); |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 75 | if(m_trustedIntroducers.end() != it) |
| 76 | { |
| 77 | if(Verifier::verifySignature(*data, sig, it->second)) |
| 78 | onVerified(data); |
| 79 | else |
| 80 | onVerifyFailed(data); |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 81 | return shared_ptr<ValidationRequest>(); |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 82 | } |
| 83 | else |
| 84 | return prepareRequest(keyName, true, data, stepCount, onVerified, onVerifyFailed); |
| 85 | } |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 86 | |
| 87 | // if data is diff data or sync data |
| 88 | if(m_syncPrefix.isPrefixOf(data->getName()) || m_syncDataPolicy->satisfy(*data)) |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 89 | { |
| 90 | Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 91 | |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 92 | map<Name, PublicKey>::const_iterator it = m_trustedIntroducers.find(keyName); |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 93 | if(m_trustedIntroducers.end() != it) |
| 94 | { |
| 95 | if(Verifier::verifySignature(*data, sig, it->second)) |
| 96 | onVerified(data); |
| 97 | else |
| 98 | onVerifyFailed(data); |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 99 | return shared_ptr<ValidationRequest>(); |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 100 | } |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 101 | |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 102 | it = m_trustedProducers.find(keyName); |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 103 | if(m_trustedProducers.end() != it) |
| 104 | { |
| 105 | if(Verifier::verifySignature(*data, sig, it->second)) |
| 106 | onVerified(data); |
| 107 | else |
| 108 | onVerifyFailed(data); |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 109 | return shared_ptr<ValidationRequest>(); |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 110 | } |
Yingdi Yu | 0b3bd48 | 2013-11-01 16:11:20 -0700 | [diff] [blame] | 111 | |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 112 | return prepareRequest(keyName, false, data, stepCount, onVerified, onVerifyFailed); |
| 113 | } |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 114 | |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 115 | }catch(SignatureSha256WithRsa::Error &e){ |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 116 | _LOG_DEBUG("SecPolicySync Error: " << e.what()); |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 117 | onVerifyFailed(data); |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 118 | return shared_ptr<ValidationRequest>(); |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 119 | }catch(KeyLocator::Error &e){ |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 120 | _LOG_DEBUG("SecPolicySync Error: " << e.what()); |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 121 | onVerifyFailed(data); |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 122 | return shared_ptr<ValidationRequest>(); |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 123 | } |
| 124 | |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 125 | onVerifyFailed(data); |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 126 | return shared_ptr<ValidationRequest>(); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 127 | } |
| 128 | |
| 129 | bool |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 130 | SecPolicySync::checkSigningPolicy(const Name& dataName, |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 131 | const Name& certificateName) |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 132 | { |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 133 | return true; |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 134 | } |
| 135 | |
| 136 | Name |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 137 | SecPolicySync::inferSigningIdentity(const ndn::Name& dataName) |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 138 | { return m_signingIdentity; } |
| 139 | |
| 140 | void |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 141 | SecPolicySync::addTrustAnchor(const IdentityCertificate& identityCertificate, bool isIntroducer) |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 142 | { |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 143 | Name publicKeyName = identityCertificate.getPublicKeyName(); |
| 144 | |
| 145 | _LOG_DEBUG("Add intro/producer: " << publicKeyName); |
| 146 | |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 147 | if(isIntroducer) |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 148 | m_trustedIntroducers[publicKeyName] = identityCertificate.getPublicKeyInfo(); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 149 | else |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 150 | m_trustedProducers[publicKeyName] = identityCertificate.getPublicKeyInfo(); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 151 | } |
| 152 | |
| 153 | void |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 154 | SecPolicySync::addSyncDataRule(const Name& prefix, |
| 155 | const IdentityCertificate& identityCertificate, |
| 156 | bool isIntroducer) |
| 157 | { addTrustAnchor(identityCertificate, isIntroducer); } |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 158 | |
| 159 | |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 160 | shared_ptr<const vector<Name> > |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 161 | SecPolicySync::getAllIntroducerName() |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 162 | { |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 163 | shared_ptr<vector<Name> > nameList = make_shared<vector<Name> >(); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 164 | |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 165 | map<Name, PublicKey>::iterator it = m_trustedIntroducers.begin(); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 166 | for(; it != m_trustedIntroducers.end(); it++) |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 167 | nameList->push_back(it->first); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 168 | |
| 169 | return nameList; |
| 170 | } |
| 171 | |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 172 | shared_ptr<ValidationRequest> |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 173 | SecPolicySync::prepareRequest(const Name& keyName, |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 174 | bool forIntroducer, |
| 175 | shared_ptr<Data> data, |
| 176 | const int & stepCount, |
| 177 | const OnVerified& onVerified, |
| 178 | const OnVerifyFailed& onVerifyFailed) |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 179 | { |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 180 | Name interestPrefix = m_syncPrefix; |
| 181 | interestPrefix.append("WOT").append(keyName.wireEncode()).append("INTRO-CERT"); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 182 | |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 183 | shared_ptr<const vector<Name> > nameList = getAllIntroducerName(); |
Yingdi Yu | 0b3bd48 | 2013-11-01 16:11:20 -0700 | [diff] [blame] | 184 | if(0 == nameList->size()) |
| 185 | { |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 186 | onVerifyFailed(data); |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 187 | return shared_ptr<ValidationRequest>(); |
Yingdi Yu | 0b3bd48 | 2013-11-01 16:11:20 -0700 | [diff] [blame] | 188 | } |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 189 | |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 190 | Name interestName = interestPrefix; |
| 191 | interestName.append(nameList->at(0).wireEncode()); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 192 | |
| 193 | if(forIntroducer) |
| 194 | interestName.append("INTRODUCER"); |
| 195 | |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 196 | shared_ptr<ndn::Interest> interest = make_shared<ndn::Interest>(interestName); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 197 | |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 198 | OnVerified introCertVerified = func_lib::bind(&SecPolicySync::onIntroCertVerified, |
| 199 | this, |
| 200 | _1, |
| 201 | forIntroducer, |
| 202 | data, |
| 203 | onVerified, |
| 204 | onVerifyFailed); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 205 | |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 206 | OnVerifyFailed introCertVerifyFailed = func_lib::bind(&SecPolicySync::onIntroCertVerifyFailed, |
| 207 | this, |
| 208 | _1, |
| 209 | interestPrefix, |
| 210 | forIntroducer, |
| 211 | nameList, |
| 212 | 1, |
| 213 | data, |
| 214 | onVerified, |
| 215 | onVerifyFailed); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 216 | |
| 217 | |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 218 | shared_ptr<ValidationRequest> nextStep = make_shared<ValidationRequest>(interest, |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 219 | introCertVerified, |
| 220 | introCertVerifyFailed, |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 221 | 1, |
| 222 | m_stepLimit-1); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 223 | return nextStep; |
| 224 | } |
| 225 | |
| 226 | void |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 227 | SecPolicySync::OnIntroCertInterest(const shared_ptr<const Name>& prefix, |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 228 | const shared_ptr<const ndn::Interest>& interest, |
| 229 | Transport& transport, |
| 230 | uint64_t registeredPrefixId) |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 231 | { |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 232 | map<Name, Data>::const_iterator it = m_introCert.find(*prefix); |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 233 | |
| 234 | if(m_introCert.end() != it) |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 235 | m_face->put(it->second); |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 236 | } |
| 237 | |
| 238 | void |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 239 | SecPolicySync::OnIntroCertRegisterFailed(const shared_ptr<const Name>& prefix) |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 240 | { |
| 241 | } |
| 242 | |
| 243 | void |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 244 | SecPolicySync::onIntroCertVerified(const shared_ptr<Data>& introCertificateData, |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 245 | bool forIntroducer, |
| 246 | shared_ptr<Data> originalData, |
| 247 | const OnVerified& onVerified, |
| 248 | const OnVerifyFailed& onVerifyFailed) |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 249 | { |
| 250 | shared_ptr<SyncIntroCertificate> introCertificate = make_shared<SyncIntroCertificate>(*introCertificateData); |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 251 | Name subjectKeyName = introCertificate->getPublicKeyName(); |
| 252 | |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 253 | if(forIntroducer) |
Yingdi Yu | 7bfcd65 | 2013-11-12 13:15:33 -0800 | [diff] [blame] | 254 | { |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 255 | //Add the intro cert subject as trusted introducer. |
| 256 | m_trustedIntroducers[subjectKeyName] = introCertificate->getPublicKeyInfo(); |
| 257 | |
| 258 | //Generate another intro cert for the cert subject. |
Yingdi Yu | 7bfcd65 | 2013-11-12 13:15:33 -0800 | [diff] [blame] | 259 | SyncIntroCertificate syncIntroCertificate(m_syncPrefix, |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 260 | subjectKeyName, |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 261 | m_keyChain->getDefaultKeyNameForIdentity(m_signingIdentity), |
Yingdi Yu | 7bfcd65 | 2013-11-12 13:15:33 -0800 | [diff] [blame] | 262 | introCertificate->getNotBefore(), |
| 263 | introCertificate->getNotAfter(), |
| 264 | introCertificate->getPublicKeyInfo(), |
| 265 | SyncIntroCertificate::INTRODUCER); |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 266 | m_keyChain->signByIdentity(syncIntroCertificate, m_signingIdentity); |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 267 | m_face->put(syncIntroCertificate); |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 268 | |
| 269 | // Name prefix = syncIntroCertificate.getName().getPrefix(syncIntroCertificate.getName().size()-1); |
| 270 | |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 271 | // map<string, Data>::const_iterator it = m_introCert.find(prefix); |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 272 | // if(m_introCert.end() != it) |
| 273 | // { |
| 274 | // it->second = syncIntroCertificate; |
| 275 | // } |
| 276 | // else |
| 277 | // { |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 278 | // m_introCert.insert(pair <Name, Data> (prefix, syncIntroCertificate)); |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 279 | // m_face->registerPrefix(prefix, |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 280 | // boost::bind(&SecPolicySync::onIntroCertInterest, this, _1, _2, _3, _4), |
| 281 | // boost::bind(&SecPolicySync::onIntroCertRegisterFailed, this, _1)); |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 282 | // } |
Yingdi Yu | 7bfcd65 | 2013-11-12 13:15:33 -0800 | [diff] [blame] | 283 | } |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 284 | else |
Yingdi Yu | 7bfcd65 | 2013-11-12 13:15:33 -0800 | [diff] [blame] | 285 | { |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 286 | //Add the intro cert subject as trusted producer. |
| 287 | m_trustedProducers[subjectKeyName] = introCertificate->getPublicKeyInfo(); |
| 288 | |
| 289 | //Generate another intro cert for the cert subject. |
Yingdi Yu | 7bfcd65 | 2013-11-12 13:15:33 -0800 | [diff] [blame] | 290 | SyncIntroCertificate syncIntroCertificate(m_syncPrefix, |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 291 | subjectKeyName, |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 292 | m_keyChain->getDefaultKeyNameForIdentity(m_signingIdentity), |
Yingdi Yu | 7bfcd65 | 2013-11-12 13:15:33 -0800 | [diff] [blame] | 293 | introCertificate->getNotBefore(), |
| 294 | introCertificate->getNotAfter(), |
| 295 | introCertificate->getPublicKeyInfo(), |
| 296 | SyncIntroCertificate::PRODUCER); |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 297 | m_keyChain->signByIdentity(syncIntroCertificate, m_signingIdentity); |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 298 | m_face->put(syncIntroCertificate); |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 299 | |
| 300 | // Name prefix = syncIntroCertificate.getName().getPrefix(syncIntroCertificate.getName().size()-1); |
| 301 | |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 302 | // map<string, Data>::const_iterator it = m_introCert.find(prefix); |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 303 | // if(m_introCert.end() != it) |
| 304 | // { |
| 305 | // it->second = syncIntroCertificate; |
| 306 | // } |
| 307 | // else |
| 308 | // { |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 309 | // m_introCert.insert(pair <Name, Data> (prefix, syncIntroCertificate)); |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 310 | // m_face->registerPrefix(prefix, |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 311 | // boost::bind(&SecPolicySync::onIntroCertInterest, this, _1, _2, _3, _4), |
| 312 | // boost::bind(&SecPolicySync::onIntroCertRegisterFailed, this, _1)); |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 313 | // } |
Yingdi Yu | 7bfcd65 | 2013-11-12 13:15:33 -0800 | [diff] [blame] | 314 | } |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 315 | |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 316 | try{ |
| 317 | SignatureSha256WithRsa sig(originalData->getSignature()); |
| 318 | if(Verifier::verifySignature(*originalData, sig, introCertificate->getPublicKeyInfo())) |
| 319 | onVerified(originalData); |
| 320 | else |
| 321 | onVerifyFailed(originalData); |
| 322 | }catch(SignatureSha256WithRsa::Error &e){ |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 323 | onVerifyFailed(originalData); |
Yingdi Yu | 0cb0f2b | 2014-01-09 13:51:16 -0800 | [diff] [blame] | 324 | }catch(KeyLocator::Error &e){ |
| 325 | onVerifyFailed(originalData); |
| 326 | } |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 327 | } |
| 328 | |
| 329 | void |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 330 | SecPolicySync::onIntroCertVerifyFailed(const shared_ptr<Data>& introCertificateData, |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 331 | Name interestPrefix, |
| 332 | bool forIntroducer, |
| 333 | shared_ptr<const vector<Name> > introNameList, |
| 334 | int nextIntroducerIndex, |
| 335 | shared_ptr<Data> originalData, |
| 336 | const OnVerified& onVerified, |
| 337 | const OnVerifyFailed& onVerifyFailed) |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 338 | { |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 339 | Name interestName = interestPrefix; |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 340 | if(nextIntroducerIndex < introNameList->size()) |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 341 | interestName.append(introNameList->at(nextIntroducerIndex).wireEncode()); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 342 | else |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 343 | onVerifyFailed(originalData); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 344 | |
| 345 | if(forIntroducer) |
| 346 | interestName.append("INTRODUCER"); |
| 347 | |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 348 | ndn::Interest interest(interestName); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 349 | |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 350 | OnVerified introCertVerified = func_lib::bind(&SecPolicySync::onIntroCertVerified, |
| 351 | this, |
| 352 | _1, |
| 353 | forIntroducer, |
| 354 | originalData, |
| 355 | onVerified, |
| 356 | onVerifyFailed); |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 357 | |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 358 | OnVerifyFailed introCertVerifyFailed = func_lib::bind(&SecPolicySync::onIntroCertVerifyFailed, |
| 359 | this, |
| 360 | _1, |
| 361 | interestPrefix, |
| 362 | forIntroducer, |
| 363 | introNameList, |
| 364 | nextIntroducerIndex + 1, |
| 365 | originalData, |
| 366 | onVerified, |
| 367 | onVerifyFailed); |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 368 | |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 369 | m_face->expressInterest(interest, |
| 370 | func_lib::bind(&SecPolicySync::onIntroCertData, |
| 371 | this, |
| 372 | _1, |
| 373 | _2, |
| 374 | m_stepLimit-1, |
| 375 | introCertVerified, |
| 376 | introCertVerifyFailed), |
| 377 | func_lib::bind(&SecPolicySync::onIntroCertTimeout, |
| 378 | this, |
| 379 | _1, |
| 380 | 1, |
| 381 | m_stepLimit-1, |
| 382 | introCertVerified, |
| 383 | introCertVerifyFailed) |
| 384 | ); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 385 | } |
| 386 | |
| 387 | void |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 388 | SecPolicySync::onIntroCertData(const shared_ptr<const ndn::Interest> &interest, |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 389 | const shared_ptr<Data>& introCertificateData, |
| 390 | int stepCount, |
| 391 | const OnVerified& introCertVerified, |
| 392 | const OnVerifyFailed& introCertVerifyFailed) |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 393 | { |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 394 | shared_ptr<ValidationRequest> nextStep = checkVerificationPolicy(introCertificateData, stepCount, introCertVerified, introCertVerifyFailed); |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 395 | if (nextStep) |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 396 | m_face->expressInterest(*nextStep->interest_, |
| 397 | func_lib::bind(&SecPolicySync::onIntroCertData, |
| 398 | this, |
| 399 | _1, |
| 400 | _2, |
| 401 | nextStep->stepCount_, |
| 402 | nextStep->onVerified_, |
| 403 | nextStep->onVerifyFailed_), |
| 404 | func_lib::bind(&SecPolicySync::onIntroCertTimeout, |
| 405 | this, |
| 406 | _1, |
| 407 | nextStep->retry_, |
| 408 | nextStep->stepCount_, |
| 409 | nextStep->onVerified_, |
| 410 | nextStep->onVerifyFailed_) |
| 411 | ); |
Yingdi Yu | 46c9f1a | 2013-12-18 15:15:46 +0800 | [diff] [blame] | 412 | } |
| 413 | |
| 414 | void |
Yingdi Yu | 5e0af3e | 2014-01-15 19:33:25 -0800 | [diff] [blame] | 415 | SecPolicySync::onIntroCertTimeout(const shared_ptr<const ndn::Interest>& interest, |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 416 | int retry, |
| 417 | int stepCount, |
| 418 | const OnVerified& introCertVerified, |
| 419 | const OnVerifyFailed& introCertVerifyFailed) |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 420 | { |
| 421 | if(retry > 0) |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 422 | m_face->expressInterest(*interest, |
| 423 | func_lib::bind(&SecPolicySync::onIntroCertData, |
| 424 | this, |
| 425 | _1, |
| 426 | _2, |
| 427 | stepCount, |
| 428 | introCertVerified, |
| 429 | introCertVerifyFailed), |
| 430 | func_lib::bind(&SecPolicySync::onIntroCertTimeout, |
| 431 | this, |
| 432 | _1, |
| 433 | retry - 1, |
| 434 | stepCount, |
| 435 | introCertVerified, |
| 436 | introCertVerifyFailed) |
| 437 | ); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 438 | else |
Yingdi Yu | 57fdb5f | 2014-01-23 22:33:43 -0800 | [diff] [blame] | 439 | introCertVerifyFailed(shared_ptr<Data>()); |
Yingdi Yu | 43e7161 | 2013-10-30 22:19:31 -0700 | [diff] [blame] | 440 | } |