src/security/sec-policy-regex.hpp - ndn-cxx - Gitiles

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
 /**
  * Copyright (C) 2013 Regents of the University of California.
  * @author: Yingdi Yu <yingdi@cs.ucla.edu>
  * See COPYING for copyright and distribution information.
  */

 #ifndef NDN_SEC_POLICY_REGEX_HPP
 #define NDN_SEC_POLICY_REGEX_HPP

 #include "sec-policy.hpp"
 #include "identity-certificate.hpp"
 #include "sec-rule-relative.hpp"
 #include "certificate-cache.hpp"
 #include "../util/regex.hpp"

 #include <map>


 namespace ndn {

 class SecPolicyRegex : public SecPolicy
 {
 public:
   struct Error : public SecPolicy::Error { Error(const std::string &what) : SecPolicy::Error(what) {} };

   SecPolicyRegex(shared_ptr<CertificateCache> certificateCache, const int stepLimit = 10);

   virtual
   ~SecPolicyRegex() {}

   virtual shared_ptr<ValidationRequest>
   checkVerificationPolicy(const shared_ptr<Data>& data,
                           int stepCount,
                           const OnVerified& onVerified,
                           const OnVerifyFailed& onVerifyFailed);

   /**
    * @brief add a rule to check whether the data name and signing certificate name comply with the policy
    * @param policy the verification policy
    */
   inline virtual void
   addVerificationPolicyRule (shared_ptr<SecRuleRelative> rule);

   /**
    * @brief add a trust anchor
    * @param certificate the trust anchor
    */
   inline virtual void
   addTrustAnchor(shared_ptr<IdentityCertificate> certificate);

 protected:
   virtual void
   onCertificateVerified(shared_ptr<Data> certificate,
                         shared_ptr<Data> data,
                         const OnVerified& onVerified,
                         const OnVerifyFailed& onVerifyFailed);

   virtual void
   onCertificateVerifyFailed(shared_ptr<Data>signCertificate,
                             shared_ptr<Data>data,
                             const OnVerifyFailed& onVerifyFailed);

 protected:
   typedef std::vector< shared_ptr<SecRuleRelative> > RuleList;
   typedef std::vector< shared_ptr<Regex> > RegexList;

   int m_stepLimit;
   shared_ptr<CertificateCache> m_certificateCache;
   RuleList m_mustFailVerify;
   RuleList m_verifyPolicies;
   std::map<Name, shared_ptr<IdentityCertificate> > m_trustAnchors;
 };

 void
 SecPolicyRegex::addVerificationPolicyRule (shared_ptr<SecRuleRelative> rule)
 { rule->isPositive() ? m_verifyPolicies.push_back(rule) : m_mustFailVerify.push_back(rule); }

 void
 SecPolicyRegex::addTrustAnchor(shared_ptr<IdentityCertificate> certificate)
 { m_trustAnchors[certificate->getName().getPrefix(-1)] = certificate; }

 }//ndn

 #endif
	/* -- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -- */
	/**
	* Copyright (C) 2013 Regents of the University of California.
	* @author: Yingdi Yu <yingdi@cs.ucla.edu>
	* See COPYING for copyright and distribution information.
	*/

	#ifndef NDN_SEC_POLICY_REGEX_HPP
	#define NDN_SEC_POLICY_REGEX_HPP

	#include "sec-policy.hpp"
	#include "identity-certificate.hpp"
	#include "sec-rule-relative.hpp"
	#include "certificate-cache.hpp"
	#include "../util/regex.hpp"

	#include <map>




	namespace ndn {

	class SecPolicyRegex : public SecPolicy
	{
	public:
	struct Error : public SecPolicy::Error { Error(const std::string &what) : SecPolicy::Error(what) {} };

	SecPolicyRegex(shared_ptr<CertificateCache> certificateCache, const int stepLimit = 10);

	virtual
	~SecPolicyRegex() {}

	virtual shared_ptr<ValidationRequest>
	checkVerificationPolicy(const shared_ptr<Data>& data,
	int stepCount,
	const OnVerified& onVerified,
	const OnVerifyFailed& onVerifyFailed);

	/**
	* @brief add a rule to check whether the data name and signing certificate name comply with the policy
	* @param policy the verification policy
	*/
	inline virtual void
	addVerificationPolicyRule (shared_ptr<SecRuleRelative> rule);

	/**
	* @brief add a trust anchor
	* @param certificate the trust anchor
	*/
	inline virtual void
	addTrustAnchor(shared_ptr<IdentityCertificate> certificate);

	protected:
	virtual void
	onCertificateVerified(shared_ptr<Data> certificate,
	shared_ptr<Data> data,
	const OnVerified& onVerified,
	const OnVerifyFailed& onVerifyFailed);

	virtual void
	onCertificateVerifyFailed(shared_ptr<Data>signCertificate,
	shared_ptr<Data>data,
	const OnVerifyFailed& onVerifyFailed);

	protected:
	typedef std::vector< shared_ptr<SecRuleRelative> > RuleList;
	typedef std::vector< shared_ptr<Regex> > RegexList;

	int m_stepLimit;
	shared_ptr<CertificateCache> m_certificateCache;
	RuleList m_mustFailVerify;
	RuleList m_verifyPolicies;
	std::map<Name, shared_ptr<IdentityCertificate> > m_trustAnchors;
	};

	void
	SecPolicyRegex::addVerificationPolicyRule (shared_ptr<SecRuleRelative> rule)
	{ rule->isPositive() ? m_verifyPolicies.push_back(rule) : m_mustFailVerify.push_back(rule); }

	void
	SecPolicyRegex::addTrustAnchor(shared_ptr<IdentityCertificate> certificate)
	{ m_trustAnchors[certificate->getName().getPrefix(-1)] = certificate; }

	}//ndn

	#endif