security: Add failureInfo in ValidationFailed callback
Change-Id: I98e49fc88665ad7b7c268bd6a8fdddf6b7071021
diff --git a/src/security/validator.cpp b/src/security/validator.cpp
index d0c808b..cabd082 100644
--- a/src/security/validator.cpp
+++ b/src/security/validator.cpp
@@ -40,7 +40,7 @@
throw Error("Face should be set prior to verify method to call");
vector<shared_ptr<ValidationRequest> >::const_iterator it = nextSteps.begin();
- OnFailure onFailure = bind(onValidationFailed, interest.shared_from_this());
+ OnFailure onFailure = bind(onValidationFailed, interest.shared_from_this(), _1);
for(; it != nextSteps.end(); it++)
m_face->expressInterest((*it)->m_interest,
bind(&Validator::onData, this, _1, _2, *it),
@@ -71,7 +71,7 @@
throw Error("Face should be set prior to verify method to call");
vector<shared_ptr<ValidationRequest> >::const_iterator it = nextSteps.begin();
- OnFailure onFailure = bind(onValidationFailed, data.shared_from_this());
+ OnFailure onFailure = bind(onValidationFailed, data.shared_from_this(), _1);
for(; it != nextSteps.end(); it++)
m_face->expressInterest((*it)->m_interest,
bind(&Validator::onData, this, _1, _2, *it),
@@ -107,29 +107,32 @@
bind(&Validator::onData, this, _1, _2, nextStep),
bind(&Validator::onTimeout, this, _1, retry - 1, onFailure, nextStep));
else
- onFailure();
+ onFailure("Cannot fetch cert: " + interest.getName().toUri());
}
bool
Validator::verifySignature(const Data& data, const PublicKey& key)
{
- try{
- switch(data.getSignature().getType()){
- case Signature::Sha256WithRsa:
- {
- SignatureSha256WithRsa sigSha256Rsa(data.getSignature());
- return verifySignature(data, sigSha256Rsa, key);
- }
- default:
- {
- _LOG_DEBUG("verifySignature: Unknown signature type: " << data.getSignature().getType());
- return false;
+ try
+ {
+ switch(data.getSignature().getType()){
+ case Signature::Sha256WithRsa:
+ {
+ SignatureSha256WithRsa sigSha256Rsa(data.getSignature());
+ return verifySignature(data, sigSha256Rsa, key);
+ }
+ default:
+ {
+ _LOG_DEBUG("verifySignature: Unknown signature type: " << data.getSignature().getType());
+ return false;
+ }
}
}
- }catch(Signature::Error &e){
- _LOG_DEBUG("verifySignature: " << e.what());
- return false;
- }
+ catch(Signature::Error &e)
+ {
+ _LOG_DEBUG("verifySignature: " << e.what());
+ return false;
+ }
return false;
}
@@ -141,119 +144,89 @@
if(interestName.size() < 2)
return false;
- try{
- const Block& nameBlock = interestName.wireEncode();
+ try
+ {
+ const Block& nameBlock = interestName.wireEncode();
- Signature sig(interestName[-2].blockFromValue(),
- interestName[-1].blockFromValue());
+ Signature sig(interestName[-2].blockFromValue(),
+ interestName[-1].blockFromValue());
- switch(sig.getType()){
- case Signature::Sha256WithRsa:
- {
- SignatureSha256WithRsa sigSha256Rsa(sig);
+ switch(sig.getType()){
+ case Signature::Sha256WithRsa:
+ {
+ SignatureSha256WithRsa sigSha256Rsa(sig);
- return verifySignature(nameBlock.value(),
- nameBlock.value_size() - interestName[-1].size(),
- sigSha256Rsa, key);
- }
- default:
- {
- _LOG_DEBUG("verifySignature: Unknown signature type: " << sig.getType());
- return false;
+ return verifySignature(nameBlock.value(),
+ nameBlock.value_size() - interestName[-1].size(),
+ sigSha256Rsa, key);
+ }
+ default:
+ {
+ _LOG_DEBUG("verifySignature: Unknown signature type: " << sig.getType());
+ return false;
+ }
}
}
- }catch(Signature::Error &e){
- _LOG_DEBUG("verifySignature: " << e.what());
- return false;
- }catch(Block::Error &e){
- _LOG_DEBUG("verifySignature: " << e.what());
- return false;
- }
+ catch(Signature::Error &e)
+ {
+ _LOG_DEBUG("verifySignature: " << e.what());
+ return false;
+ }
+ catch(Block::Error &e)
+ {
+ _LOG_DEBUG("verifySignature: " << e.what());
+ return false;
+ }
return false;
}
bool
Validator::verifySignature(const Buffer &data, const Signature &sig, const PublicKey &key)
{
- try{
- switch(sig.getType()){
- case Signature::Sha256WithRsa:
- {
- SignatureSha256WithRsa sigSha256Rsa(sig);
- return verifySignature(data, sigSha256Rsa, key);
- }
- default:
- {
- _LOG_DEBUG("verifySignature: Unknown signature type: " << sig.getType());
- return false;
+ try
+ {
+ switch(sig.getType()){
+ case Signature::Sha256WithRsa:
+ {
+ SignatureSha256WithRsa sigSha256Rsa(sig);
+ return verifySignature(data, sigSha256Rsa, key);
+ }
+ default:
+ {
+ _LOG_DEBUG("verifySignature: Unknown signature type: " << sig.getType());
+ return false;
+ }
}
}
- }catch(Signature::Error &e){
- _LOG_DEBUG("verifySignature: " << e.what());
- return false;
- }
+ catch(Signature::Error &e)
+ {
+ _LOG_DEBUG("verifySignature: " << e.what());
+ return false;
+ }
return false;
}
bool
-Validator::verifySignature(const Data& data, const SignatureSha256WithRsa& sig, const PublicKey& key)
-{
- using namespace CryptoPP;
-
- bool result = false;
-
- RSA::PublicKey publicKey;
- ByteQueue queue;
-
- queue.Put(reinterpret_cast<const byte*>(key.get().buf()), key.get().size());
- publicKey.Load(queue);
-
- RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
- result = verifier.VerifyMessage(data.wireEncode().value(), data.wireEncode().value_size() - data.getSignature().getValue().size(),
- sig.getValue().value(), sig.getValue().value_size());
-
- _LOG_DEBUG("Signature verified? " << data.getName().toUri() << " " << boolalpha << result);
-
- return result;
-}
-
-bool
-Validator::verifySignature(const Buffer& data, const SignatureSha256WithRsa& sig, const PublicKey& key)
-{
- using namespace CryptoPP;
-
- bool result = false;
-
- RSA::PublicKey publicKey;
- ByteQueue queue;
-
- queue.Put(reinterpret_cast<const byte*>(key.get().buf()), key.get().size());
- publicKey.Load(queue);
-
- RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
- result = verifier.VerifyMessage(data.buf(), data.size(),
- sig.getValue().value(), sig.getValue().value_size());
-
- return result;
-}
-
-bool
Validator::verifySignature(const uint8_t* buf, const size_t size, const SignatureSha256WithRsa &sig, const PublicKey &key)
{
- using namespace CryptoPP;
+ try
+ {
+ using namespace CryptoPP;
- bool result = false;
-
- RSA::PublicKey publicKey;
- ByteQueue queue;
+ RSA::PublicKey publicKey;
+ ByteQueue queue;
- queue.Put(reinterpret_cast<const byte*>(key.get().buf()), key.get().size());
- publicKey.Load(queue);
+ queue.Put(reinterpret_cast<const byte*>(key.get().buf()), key.get().size());
+ publicKey.Load(queue);
- RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
- result = verifier.VerifyMessage(buf, size, sig.getValue().value(), sig.getValue().value_size());
-
- return result;
+ RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
+ return verifier.VerifyMessage(buf, size, sig.getValue().value(), sig.getValue().value_size());
+ }
+ catch(CryptoPP::Exception& e)
+ {
+ _LOG_DEBUG("verifySignature: " << e.what());
+ return false;
+ }
}
} // namespace ndn