Gitiles
Code Review Sign In
gerrit.named-data.net / ChronoSync / 5e0af3eccea6958e51d148f6a2d168a309398d38 / . / src / sec-policy-sync.cc
blob: 5a07b5c1a9caf51123fc0bf3d992dc13ee33fc15 [file] [log] [blame]
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * Yingdi Yu
5 *
6 * BSD license, See the LICENSE file for more information
7 *
8 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
9 */
10
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]11#include "sync-intro-certificate.h"
12#include "sync-logging.h"
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]13#include <ndn-cpp/security/verifier.hpp>
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]14#include <ndn-cpp/security/signature-sha256-with-rsa.hpp>
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]15
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]16#include "sec-policy-sync.h"
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]17
18using namespace ndn;
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]19using namespace ndn::ptr_lib;
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]20using namespace std;
21
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]22INIT_LOGGER("SecPolicySync");
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]23
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]24SecPolicySync::SecPolicySync(const Name& signingIdentity,
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]25 const Name& signingCertificateName,
26 const Name& syncPrefix,
Yingdi Yu6e235db2013-12-27 08:40:53 +0800[diff] [blame]27 shared_ptr<Face> face,
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]28 int stepLimit)
29 : m_signingIdentity(signingIdentity)
30 , m_signingCertificateName(signingCertificateName.getPrefix(signingCertificateName.size()-1))
31 , m_syncPrefix(syncPrefix)
32 , m_stepLimit(stepLimit)
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]33 , m_keyChain(new KeyChain())
34{
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]35 Name wotPrefix = syncPrefix;
36 wotPrefix.append("WOT");
37 m_syncPrefixRegex = Regex::fromName(syncPrefix);
38 m_wotPrefixRegex = Regex::fromName(wotPrefix);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]39 m_chatDataPolicy = make_shared<SecRuleIdentity>("^[^<%F0.>]*<%F0.>([^<chronos>]*)<chronos><>",
40 "^([^<KEY>]*)<KEY>(<>*)[<dsk-.*><ksk-.*>]<ID-CERT>$",
41 "==", "\\1", "\\1", true);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]42}
43
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]44SecPolicySync::~SecPolicySync()
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]45{}
46
47bool
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]48SecPolicySync::skipVerifyAndTrust (const Data& data)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]49{ return false; }
50
51bool
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]52SecPolicySync::requireVerify (const Data& data)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]53{ return true; }
54
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]55shared_ptr<ValidationRequest>
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]56SecPolicySync::checkVerificationPolicy(const shared_ptr<Data>& data,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]57 int stepCount,
58 const OnVerified& onVerified,
59 const OnVerifyFailed& onVerifyFailed)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]60{
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]61 if(stepCount > m_stepLimit)
62 {
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]63 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]64 return shared_ptr<ValidationRequest>();
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]65 }
66
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]67 try{
68 SignatureSha256WithRsa sig(data->getSignature());
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]69
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]70 const Name& keyLocatorName = sig.getKeyLocator().getName();
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]71
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]72 // if data is intro cert
73 if(m_wotPrefixRegex->match(data->getName()))
74 {
75 // _LOG_DEBUG("Intro Cert");
76 Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
77 map<string, PublicKey>::const_iterator it = m_trustedIntroducers.find(keyName.toUri());
78 if(m_trustedIntroducers.end() != it)
79 {
80 if(Verifier::verifySignature(*data, sig, it->second))
81 onVerified(data);
82 else
83 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]84 return shared_ptr<ValidationRequest>();
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]85 }
86 else
87 return prepareRequest(keyName, true, data, stepCount, onVerified, onVerifyFailed);
88 }
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]89
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]90 // if data is sync data or chat data
91 if(m_syncPrefixRegex->match(data->getName()) || m_chatDataPolicy->satisfy(*data))
92 {
93 Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]94
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]95 map<string, PublicKey>::const_iterator it = m_trustedIntroducers.find(keyName.toUri());
96 if(m_trustedIntroducers.end() != it)
97 {
98 if(Verifier::verifySignature(*data, sig, it->second))
99 onVerified(data);
100 else
101 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]102 return shared_ptr<ValidationRequest>();
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]103 }
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]104
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]105 it = m_trustedProducers.find(keyName.toUri());
106 if(m_trustedProducers.end() != it)
107 {
108 if(Verifier::verifySignature(*data, sig, it->second))
109 onVerified(data);
110 else
111 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]112 return shared_ptr<ValidationRequest>();
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]113 }
Yingdi Yu0b3bd482013-11-01 16:11:20 -0700[diff] [blame]114
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]115 return prepareRequest(keyName, false, data, stepCount, onVerified, onVerifyFailed);
116 }
117 }catch(SignatureSha256WithRsa::Error &e){
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]118 _LOG_DEBUG("SecPolicySync Error: " << e.what());
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]119 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]120 return shared_ptr<ValidationRequest>();
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]121 }catch(KeyLocator::Error &e){
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]122 _LOG_DEBUG("SecPolicySync Error: " << e.what());
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]123 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]124 return shared_ptr<ValidationRequest>();
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]125 }
126
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]127 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]128 return shared_ptr<ValidationRequest>();
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]129}
130
131bool
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]132SecPolicySync::checkSigningPolicy(const Name& dataName,
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]133 const Name& certificateName)
134{
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]135 return true;
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]136}
137
138Name
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]139SecPolicySync::inferSigningIdentity(const ndn::Name& dataName)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]140{ return m_signingIdentity; }
141
142void
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]143SecPolicySync::addTrustAnchor(const IdentityCertificate& identityCertificate, bool isIntroducer)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]144{
Yingdi Yu1baf6e02013-11-07 11:35:32 -0800[diff] [blame]145 // _LOG_DEBUG("Add intro/producer: " << identityCertificate.getPublicKeyName());
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]146 if(isIntroducer)
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]147 m_trustedIntroducers.insert(pair <string, PublicKey > (identityCertificate.getPublicKeyName().toUri(),
148 identityCertificate.getPublicKeyInfo()));
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]149 else
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]150 m_trustedProducers.insert(pair <string, PublicKey > (identityCertificate.getPublicKeyName().toUri(),
151 identityCertificate.getPublicKeyInfo()));
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]152}
153
154void
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]155SecPolicySync::addChatDataRule(const Name& prefix,
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]156 const IdentityCertificate& identityCertificate,
157 bool isIntroducer)
158{
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]159 addTrustAnchor(identityCertificate, isIntroducer);
160}
161
162
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]163shared_ptr<const vector<Name> >
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]164SecPolicySync::getAllIntroducerName()
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]165{
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]166 shared_ptr<vector<Name> > nameList = make_shared<vector<Name> >();
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]167
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]168 map<string, PublicKey>::iterator it = m_trustedIntroducers.begin();
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]169 for(; it != m_trustedIntroducers.end(); it++)
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]170 nameList->push_back(Name(it->first));
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]171
172 return nameList;
173}
174
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]175shared_ptr<ValidationRequest>
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]176SecPolicySync::prepareRequest(const Name& keyName,
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]177 bool forIntroducer,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]178 shared_ptr<Data> data,
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]179 const int & stepCount,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]180 const OnVerified& onVerified,
181 const OnVerifyFailed& onVerifyFailed)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]182{
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]183 shared_ptr<Name> interestPrefixName = make_shared<Name>(m_syncPrefix);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]184 interestPrefixName->append("WOT").append(keyName).append("INTRO-CERT");
185
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]186 shared_ptr<const vector<Name> > nameList = getAllIntroducerName();
Yingdi Yu0b3bd482013-11-01 16:11:20 -0700[diff] [blame]187 if(0 == nameList->size())
188 {
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]189 onVerifyFailed(data);
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]190 return shared_ptr<ValidationRequest>();
Yingdi Yu0b3bd482013-11-01 16:11:20 -0700[diff] [blame]191 }
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]192
193 Name interestName = *interestPrefixName;
194 interestName.append(nameList->at(0));
195
196 if(forIntroducer)
197 interestName.append("INTRODUCER");
198
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]199 shared_ptr<ndn::Interest> interest = make_shared<ndn::Interest>(interestName);
Yingdi Yu1baf6e02013-11-07 11:35:32 -0800[diff] [blame]200 // _LOG_DEBUG("send interest for intro cert: " << interest->getName());
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]201
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]202 OnVerified requestedCertVerifiedCallback = boost::bind(&SecPolicySync::onIntroCertVerified,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]203 this,
204 _1,
205 forIntroducer,
206 data,
207 onVerified,
208 onVerifyFailed);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]209
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]210 OnVerifyFailed requestedCertUnverifiedCallback = boost::bind(&SecPolicySync::onIntroCertVerifyFailed,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]211 this,
212 _1,
213 interestPrefixName,
214 forIntroducer,
215 nameList,
216 1,
217 data,
218 onVerified,
219 onVerifyFailed);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]220
221
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]222 shared_ptr<ValidationRequest> nextStep = make_shared<ValidationRequest>(interest,
223 requestedCertVerifiedCallback,
224 requestedCertUnverifiedCallback,
225 1,
226 m_stepLimit-1);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]227 return nextStep;
228}
229
230void
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]231SecPolicySync::OnIntroCertInterest(const shared_ptr<const Name>& prefix,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]232 const shared_ptr<const ndn::Interest>& interest,
233 Transport& transport,
234 uint64_t registeredPrefixId)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]235{
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]236 map<string, Data>::const_iterator it = m_introCert.find(prefix->toUri());
237
238 if(m_introCert.end() != it)
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]239 m_face->put(it->second);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]240}
241
242void
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]243SecPolicySync::OnIntroCertRegisterFailed(const shared_ptr<const Name>& prefix)
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]244{
245}
246
247void
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]248SecPolicySync::onIntroCertVerified(const shared_ptr<Data>& introCertificateData,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]249 bool forIntroducer,
250 shared_ptr<Data> originalData,
251 const OnVerified& onVerified,
252 const OnVerifyFailed& onVerifyFailed)
253{
254 shared_ptr<SyncIntroCertificate> introCertificate = make_shared<SyncIntroCertificate>(*introCertificateData);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]255 if(forIntroducer)
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]256 {
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]257 m_trustedIntroducers.insert(pair <string, PublicKey > (introCertificate->getPublicKeyName().toUri(),
258 introCertificate->getPublicKeyInfo()));
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]259 SyncIntroCertificate syncIntroCertificate(m_syncPrefix,
260 introCertificate->getPublicKeyName(),
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]261 m_keyChain->getDefaultKeyNameForIdentity(m_signingIdentity),
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]262 introCertificate->getNotBefore(),
263 introCertificate->getNotAfter(),
264 introCertificate->getPublicKeyInfo(),
265 SyncIntroCertificate::INTRODUCER);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]266
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]267 Name certName = m_keyChain->getDefaultCertificateNameForIdentity(m_signingIdentity);
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]268 _LOG_DEBUG("Publish Intro Certificate on Verified: " << syncIntroCertificate.getName());
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]269 m_keyChain->sign(syncIntroCertificate, certName);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]270
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]271 m_face->put(syncIntroCertificate);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]272
273 // Name prefix = syncIntroCertificate.getName().getPrefix(syncIntroCertificate.getName().size()-1);
274
275 // map<string, Data>::const_iterator it = m_introCert.find(prefix.toEscapedString());
276 // if(m_introCert.end() != it)
277 // {
278 // it->second = syncIntroCertificate;
279 // }
280 // else
281 // {
282 // m_introCert.insert(pair <string, Data> (prefix.toEscapedString(), syncIntroCertificate));
283 // m_face->registerPrefix(prefix,
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]284 // boost::bind(&SecPolicySync::onIntroCertInterest, this, _1, _2, _3, _4),
285 // boost::bind(&SecPolicySync::onIntroCertRegisterFailed, this, _1));
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]286 // }
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]287 }
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]288 else
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]289 {
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]290 m_trustedProducers.insert(pair <string, PublicKey > (introCertificate->getPublicKeyName().toUri(),
291 introCertificate->getPublicKeyInfo()));
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]292 SyncIntroCertificate syncIntroCertificate(m_syncPrefix,
293 introCertificate->getPublicKeyName(),
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]294 m_keyChain->getDefaultKeyNameForIdentity(m_signingIdentity),
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]295 introCertificate->getNotBefore(),
296 introCertificate->getNotAfter(),
297 introCertificate->getPublicKeyInfo(),
298 SyncIntroCertificate::PRODUCER);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]299
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]300 Name certName = m_keyChain->getDefaultCertificateNameForIdentity(m_signingIdentity);
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]301 _LOG_DEBUG("Publish Intro Certificate on Verified: " << syncIntroCertificate.getName());
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]302 m_keyChain->sign(syncIntroCertificate, certName);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]303
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]304 m_face->put(syncIntroCertificate);
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]305
306 // Name prefix = syncIntroCertificate.getName().getPrefix(syncIntroCertificate.getName().size()-1);
307
308 // map<string, Data>::const_iterator it = m_introCert.find(prefix.toEscapedString());
309 // if(m_introCert.end() != it)
310 // {
311 // it->second = syncIntroCertificate;
312 // }
313 // else
314 // {
315 // m_introCert.insert(pair <string, Data> (prefix.toEscapedString(), syncIntroCertificate));
316 // m_face->registerPrefix(prefix,
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]317 // boost::bind(&SecPolicySync::onIntroCertInterest, this, _1, _2, _3, _4),
318 // boost::bind(&SecPolicySync::onIntroCertRegisterFailed, this, _1));
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]319 // }
Yingdi Yu7bfcd652013-11-12 13:15:33 -0800[diff] [blame]320 }
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]321
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]322 try{
323 SignatureSha256WithRsa sig(originalData->getSignature());
324 if(Verifier::verifySignature(*originalData, sig, introCertificate->getPublicKeyInfo()))
325 onVerified(originalData);
326 else
327 onVerifyFailed(originalData);
328 }catch(SignatureSha256WithRsa::Error &e){
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]329 onVerifyFailed(originalData);
Yingdi Yu0cb0f2b2014-01-09 13:51:16 -0800[diff] [blame]330 }catch(KeyLocator::Error &e){
331 onVerifyFailed(originalData);
332 }
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]333}
334
335void
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]336SecPolicySync::onIntroCertVerifyFailed(const shared_ptr<Data>& introCertificateData,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]337 shared_ptr<Name> interestPrefixName,
338 bool forIntroducer,
339 shared_ptr<const vector<Name> > introNameList,
340 int nextIntroducerIndex,
341 shared_ptr<Data> originalData,
342 const OnVerified& onVerified,
343 const OnVerifyFailed& onVerifyFailed)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]344{
345 Name interestName = *interestPrefixName;
346 if(nextIntroducerIndex < introNameList->size())
347 interestName.append(introNameList->at(nextIntroducerIndex));
348 else
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]349 onVerifyFailed(originalData);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]350
351 if(forIntroducer)
352 interestName.append("INTRODUCER");
353
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]354 shared_ptr<ndn::Interest> interest = make_shared<ndn::Interest>(interestName);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]355
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]356 OnVerified onRecursiveVerified = boost::bind(&SecPolicySync::onIntroCertVerified,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]357 this,
358 _1,
359 forIntroducer,
360 originalData,
361 onVerified,
362 onVerifyFailed);
363
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]364 OnVerifyFailed onRecursiveVerifyFailed = boost::bind(&SecPolicySync::onIntroCertVerifyFailed,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]365 this,
366 _1,
367 interestPrefixName,
368 forIntroducer,
369 introNameList,
370 nextIntroducerIndex + 1,
371 originalData,
372 onVerified,
373 onVerifyFailed);
374
375 m_face->expressInterest(*interest,
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]376 boost::bind(&SecPolicySync::onIntroCertData,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]377 this,
378 _1,
379 _2,
380 m_stepLimit-1,
381 onRecursiveVerified,
382 onRecursiveVerifyFailed,
383 originalData,
384 onVerifyFailed),
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]385 boost::bind(&SecPolicySync::onIntroCertTimeout,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]386 this,
387 _1,
388 1,
389 m_stepLimit-1,
390 onRecursiveVerified,
391 onRecursiveVerifyFailed,
392 originalData,
393 onVerifyFailed));
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]394}
395
396void
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]397SecPolicySync::onIntroCertData(const shared_ptr<const ndn::Interest> &interest,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]398 const shared_ptr<Data>& introCertificateData,
399 int stepCount,
400 const OnVerified& onRecursiveVerified,
401 const OnVerifyFailed& onRecursiveVerifyFailed,
402 shared_ptr<Data> originalData,
403 const OnVerifyFailed& onVerifyFailed)
404{
405 shared_ptr<ValidationRequest> nextStep = checkVerificationPolicy(introCertificateData, stepCount, onRecursiveVerified, onRecursiveVerifyFailed);
406 if (nextStep)
407 m_face->expressInterest
408 (*nextStep->interest_,
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]409 boost::bind(&SecPolicySync::onIntroCertData,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]410 this,
411 _1,
412 _2,
413 nextStep->stepCount_,
414 nextStep->onVerified_,
415 nextStep->onVerifyFailed_,
416 introCertificateData,
417 onRecursiveVerifyFailed),
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]418 boost::bind(&SecPolicySync::onIntroCertTimeout,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]419 this,
420 _1,
421 nextStep->retry_,
422 nextStep->stepCount_,
423 nextStep->onVerified_,
424 nextStep->onVerifyFailed_,
425 introCertificateData,
426 onRecursiveVerifyFailed));
427}
428
429void
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]430SecPolicySync::onIntroCertTimeout(const shared_ptr<const ndn::Interest>& interest,
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]431 int retry,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]432 int stepCount,
433 const OnVerified& onRecursiveVerified,
434 const OnVerifyFailed& onRecursiveVerifyFailed,
435 shared_ptr<Data> originalData,
436 const OnVerifyFailed& onVerifyFailed)
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]437{
438 if(retry > 0)
439 {
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]440 m_face->expressInterest(*interest,
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]441 boost::bind(&SecPolicySync::onIntroCertData,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]442 this,
443 _1,
444 _2,
445 stepCount,
446 onRecursiveVerified,
447 onRecursiveVerifyFailed,
448 originalData,
449 onVerifyFailed),
Yingdi Yu5e0af3e2014-01-15 19:33:25 -0800[diff] [blame^]450 boost::bind(&SecPolicySync::onIntroCertTimeout,
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]451 this,
452 _1,
453 retry - 1,
454 stepCount,
455 onRecursiveVerified,
456 onRecursiveVerifyFailed,
457 originalData,
458 onVerifyFailed));
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]459 }
460 else
Yingdi Yu46c9f1a2013-12-18 15:15:46 +0800[diff] [blame]461 onVerifyFailed(originalData);
Yingdi Yu43e71612013-10-30 22:19:31 -0700[diff] [blame]462}