security: Remove ValidatorRegex
This type of Validator is largely unused in known software (except an
experimental code in ChronoChat) and will be eventually replaced with a
more general ValidatorTrustSchema.
Change-Id: I82256818cf4ad3c3bda3e57859c5d1d9809585bd
Refs: #3920
diff --git a/src/security/sec-rule-relative.cpp b/src/security/sec-rule-relative.cpp
deleted file mode 100644
index 7f8de8f..0000000
--- a/src/security/sec-rule-relative.cpp
+++ /dev/null
@@ -1,152 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2015 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
- */
-
-#include "common.hpp"
-
-#include "sec-rule-relative.hpp"
-
-#include "signature-sha256-with-rsa.hpp"
-#include "security-common.hpp"
-
-namespace ndn {
-
-using std::string;
-
-SecRuleRelative::SecRuleRelative(const string& dataRegex, const string& signerRegex,
- const string& op,
- const string& dataExpand, const string& signerExpand,
- bool isPositive)
- : SecRule(isPositive),
- m_dataRegex(dataRegex),
- m_signerRegex(signerRegex),
- m_op(op),
- m_dataExpand(dataExpand),
- m_signerExpand(signerExpand),
- m_dataNameRegex(dataRegex, dataExpand),
- m_signerNameRegex(signerRegex, signerExpand)
-{
- if (op != ">" && op != ">=" && op != "==")
- BOOST_THROW_EXCEPTION(Error("op is wrong"));
-}
-
-SecRuleRelative::~SecRuleRelative()
-{
-}
-
-bool
-SecRuleRelative::satisfy(const Data& data)
-{
- Name dataName = data.getName();
- try
- {
- if (!data.getSignature().hasKeyLocator())
- return false;
-
- const KeyLocator& keyLocator = data.getSignature().getKeyLocator();
- if (keyLocator.getType() != KeyLocator::KeyLocator_Name)
- return false;
-
- const Name& signerName = keyLocator.getName();
- return satisfy(dataName, signerName);
- }
- catch (tlv::Error& e)
- {
- return false;
- }
- catch (RegexMatcher::Error& e)
- {
- return false;
- }
-}
-
-bool
-SecRuleRelative::satisfy(const Name& dataName, const Name& signerName)
-{
- if (!m_dataNameRegex.match(dataName))
- return false;
- Name expandDataName = m_dataNameRegex.expand();
-
- if (!m_signerNameRegex.match(signerName))
- return false;
- Name expandSignerName = m_signerNameRegex.expand();
-
- bool matched = compare(expandDataName, expandSignerName);
-
- return matched;
-}
-
-bool
-SecRuleRelative::matchDataName(const Data& data)
-{
- return m_dataNameRegex.match(data.getName());
-}
-
-bool
-SecRuleRelative::matchSignerName(const Data& data)
-{
- try
- {
- if (!data.getSignature().hasKeyLocator())
- return false;
-
- const KeyLocator& keyLocator = data.getSignature().getKeyLocator();
- if (keyLocator.getType() != KeyLocator::KeyLocator_Name)
- return false;
-
- const Name& signerName = keyLocator.getName();
- return m_signerNameRegex.match(signerName);
- }
- catch (tlv::Error& e)
- {
- return false;
- }
- catch (RegexMatcher::Error& e)
- {
- return false;
- }
-}
-
-bool
-SecRuleRelative::compare(const Name& dataName, const Name& signerName)
-{
- if ((dataName == signerName) && ("==" == m_op || ">=" == m_op))
- return true;
-
- Name::const_iterator i = dataName.begin();
- Name::const_iterator j = signerName.begin();
-
- for (; i != dataName.end() && j != signerName.end(); i++, j++)
- {
- if (i->compare(*j) == 0)
- continue;
- else
- return false;
- }
-
- if (i == dataName.end())
- return false;
- else
- return true;
-}
-
-} // namespace ndn
diff --git a/src/security/sec-rule-relative.hpp b/src/security/sec-rule-relative.hpp
deleted file mode 100644
index 105c621..0000000
--- a/src/security/sec-rule-relative.hpp
+++ /dev/null
@@ -1,82 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2014 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
- */
-
-#ifndef NDN_SECURITY_SEC_RULE_RELATIVE_HPP
-#define NDN_SECURITY_SEC_RULE_RELATIVE_HPP
-
-#include "sec-rule.hpp"
-#include "../util/regex.hpp"
-
-namespace ndn {
-
-class SecRuleRelative : public SecRule
-{
-public:
- class Error : public SecRule::Error
- {
- public:
- explicit
- Error(const std::string& what)
- : SecRule::Error(what)
- {
- }
- };
-
- SecRuleRelative(const std::string& dataRegex, const std::string& signerRegex,
- const std::string& op,
- const std::string& dataExpand, const std::string& signerExpand,
- bool isPositive);
-
- virtual
- ~SecRuleRelative();
-
- virtual bool
- matchDataName(const Data& data);
-
- virtual bool
- matchSignerName(const Data& data);
-
- virtual bool
- satisfy(const Data& data);
-
- virtual bool
- satisfy(const Name& dataName, const Name& signerName);
-
-private:
- bool
- compare(const Name& dataName, const Name& signerName);
-
-private:
- const std::string m_dataRegex;
- const std::string m_signerRegex;
- const std::string m_op;
- const std::string m_dataExpand;
- const std::string m_signerExpand;
-
- Regex m_dataNameRegex;
- Regex m_signerNameRegex;
-};
-
-} // namespace ndn
-
-#endif //NDN_SECURITY_SEC_RULE_RELATIVE_HPP
diff --git a/src/security/sec-rule-specific.cpp b/src/security/sec-rule-specific.cpp
deleted file mode 100644
index 061132f..0000000
--- a/src/security/sec-rule-specific.cpp
+++ /dev/null
@@ -1,102 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2014 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
- */
-
-#include "common.hpp"
-
-#include "sec-rule-specific.hpp"
-#include "signature-sha256-with-rsa.hpp"
-
-namespace ndn {
-
-SecRuleSpecific::SecRuleSpecific(shared_ptr<Regex> dataRegex,
- shared_ptr<Regex> signerRegex)
- : SecRule(true)
- , m_dataRegex(dataRegex)
- , m_signerRegex(signerRegex)
- , m_isExempted(false)
-{
-}
-
-SecRuleSpecific::SecRuleSpecific(shared_ptr<Regex> dataRegex)
- : SecRule(true)
- , m_dataRegex(dataRegex)
- , m_isExempted(true)
-{
-}
-
-SecRuleSpecific::SecRuleSpecific(const SecRuleSpecific& rule)
- : SecRule(true)
- , m_dataRegex(rule.m_dataRegex)
- , m_signerRegex(rule.m_signerRegex)
- , m_isExempted(rule.m_isExempted)
-{
-}
-
-bool
-SecRuleSpecific::matchDataName(const Data& data)
-{
- return m_dataRegex->match(data.getName());
-}
-
-bool
-SecRuleSpecific::matchSignerName(const Data& data)
-{
- if (m_isExempted)
- return true;
-
- try
- {
- if (!data.getSignature().hasKeyLocator())
- return false;
-
- const KeyLocator& keyLocator = data.getSignature().getKeyLocator();
- if (keyLocator.getType() != KeyLocator::KeyLocator_Name)
- return false;
-
- const Name& signerName = keyLocator.getName();
- return m_signerRegex->match(signerName);
- }
- catch (tlv::Error& e)
- {
- return false;
- }
- catch (RegexMatcher::Error& e)
- {
- return false;
- }
-}
-
-bool
-SecRuleSpecific::satisfy(const Data& data)
-{
- return (matchDataName(data) && matchSignerName(data)) ? true : false;
-}
-
-bool
-SecRuleSpecific::satisfy(const Name& dataName, const Name& signerName)
-{
- bool isSignerMatched = m_isExempted || m_signerRegex->match(signerName);
- return m_dataRegex->match(dataName) && isSignerMatched;
-}
-
-} // namespace ndn
diff --git a/src/security/sec-rule-specific.hpp b/src/security/sec-rule-specific.hpp
deleted file mode 100644
index ade4b0c..0000000
--- a/src/security/sec-rule-specific.hpp
+++ /dev/null
@@ -1,75 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2014 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
- */
-
-#ifndef NDN_SECURITY_SEC_RULE_SPECIFIC_H
-#define NDN_SECURITY_SEC_RULE_SPECIFIC_H
-
-#include "../common.hpp"
-#include "sec-rule.hpp"
-#include "../util/regex.hpp"
-
-namespace ndn {
-
-class SecRuleSpecific : public SecRule
-{
-
-public:
- SecRuleSpecific(shared_ptr<Regex> dataRegex,
- shared_ptr<Regex> signerRegex);
-
- explicit
- SecRuleSpecific(shared_ptr<Regex> dataRegex);
-
- explicit
- SecRuleSpecific(const SecRuleSpecific& rule);
-
- virtual
- ~SecRuleSpecific() {};
-
- bool
- matchDataName(const Data& data);
-
- bool
- matchSignerName(const Data& data);
-
- bool
- satisfy(const Data& data);
-
- bool
- satisfy(const Name& dataName, const Name& signerName);
-
- bool
- isExempted() const
- {
- return m_isExempted;
- }
-
-private:
- shared_ptr<Regex> m_dataRegex;
- shared_ptr<Regex> m_signerRegex;
- bool m_isExempted;
-};
-
-} // namespace ndn
-
-#endif //NDN_SECURITY_SEC_RULE_SPECIFIC_H
diff --git a/src/security/sec-rule.hpp b/src/security/sec-rule.hpp
deleted file mode 100644
index 43f504c..0000000
--- a/src/security/sec-rule.hpp
+++ /dev/null
@@ -1,83 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2014 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
- */
-
-#ifndef NDN_SECURITY_SEC_RULE_HPP
-#define NDN_SECURITY_SEC_RULE_HPP
-
-#include "../common.hpp"
-#include "../data.hpp"
-
-namespace ndn {
-
-class SecRule
-{
-public:
- class Error : public std::runtime_error
- {
- public:
- explicit
- Error(const std::string& what)
- : std::runtime_error(what)
- {
- }
- };
-
- explicit
- SecRule(bool isPositive)
- : m_isPositive(isPositive)
- {
- }
-
- virtual
- ~SecRule()
- {
- }
-
- virtual bool
- matchDataName(const Data& data) = 0;
-
- virtual bool
- matchSignerName(const Data& data) = 0;
-
- virtual bool
- satisfy(const Data& data) = 0;
-
- virtual bool
- satisfy(const Name& dataName, const Name& signerName) = 0;
-
- inline bool
- isPositive();
-
-protected:
- bool m_isPositive;
-};
-
-bool
-SecRule::isPositive()
-{
- return m_isPositive;
-}
-
-} // namespace ndn
-
-#endif //NDN_SECURITY_SEC_RULE_HPP
diff --git a/src/security/validator-regex.cpp b/src/security/validator-regex.cpp
deleted file mode 100644
index caa2e6c..0000000
--- a/src/security/validator-regex.cpp
+++ /dev/null
@@ -1,200 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2016 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
- */
-
-#include "common.hpp"
-
-#include "validator-regex.hpp"
-#include "signature-sha256-with-rsa.hpp"
-#include "certificate-cache-ttl.hpp"
-
-namespace ndn {
-namespace security {
-
-const shared_ptr<CertificateCache> ValidatorRegex::DEFAULT_CERTIFICATE_CACHE;
-
-ValidatorRegex::ValidatorRegex(Face* face,
- shared_ptr<CertificateCache> certificateCache,
- const int stepLimit)
- : Validator(face)
- , m_stepLimit(stepLimit)
- , m_certificateCache(certificateCache)
-{
- if (!static_cast<bool>(m_certificateCache) && face != nullptr)
- m_certificateCache = make_shared<CertificateCacheTtl>(ref(face->getIoService()));
-}
-
-ValidatorRegex::ValidatorRegex(Face& face,
- shared_ptr<CertificateCache> certificateCache,
- const int stepLimit)
- : Validator(face)
- , m_stepLimit(stepLimit)
- , m_certificateCache(certificateCache)
-{
- if (certificateCache == nullptr)
- m_certificateCache = make_shared<CertificateCacheTtl>(ref(face.getIoService()));
-}
-
-void
-ValidatorRegex::addDataVerificationRule(shared_ptr<SecRuleRelative> rule)
-{
- rule->isPositive() ? m_verifyPolicies.push_back(rule) : m_mustFailVerify.push_back(rule);
-}
-
-void
-ValidatorRegex::addTrustAnchor(shared_ptr<v1::IdentityCertificate> certificate)
-{
- m_trustAnchors[certificate->getName().getPrefix(-1)] = certificate;
-}
-
-void
-ValidatorRegex::onCertificateValidated(const shared_ptr<const Data>& signCertificate,
- const shared_ptr<const Data>& data,
- const OnDataValidated& onValidated,
- const OnDataValidationFailed& onValidationFailed)
-{
- shared_ptr<v1::IdentityCertificate> certificate =
- make_shared<v1::IdentityCertificate>(*signCertificate);
-
- if (!certificate->isTooLate() && !certificate->isTooEarly()) {
- if (m_certificateCache != nullptr)
- m_certificateCache->insertCertificate(certificate);
-
- if (verifySignature(*data, certificate->getPublicKeyInfo()))
- return onValidated(data);
- else
- return onValidationFailed(data,
- "Cannot verify signature: " +
- data->getName().toUri());
- }
- else {
- return onValidationFailed(data,
- "Signing certificate " +
- signCertificate->getName().toUri() +
- " is no longer valid.");
- }
-}
-
-void
-ValidatorRegex::onCertificateValidationFailed(const shared_ptr<const Data>& signCertificate,
- const std::string& failureInfo,
- const shared_ptr<const Data>& data,
- const OnDataValidationFailed& onValidationFailed)
-{
- onValidationFailed(data, failureInfo);
-}
-
-void
-ValidatorRegex::checkPolicy(const Data& data,
- int nSteps,
- const OnDataValidated& onValidated,
- const OnDataValidationFailed& onValidationFailed,
- std::vector<shared_ptr<ValidationRequest> >& nextSteps)
-{
- if (m_stepLimit == nSteps)
- return onValidationFailed(data.shared_from_this(),
- "Maximum steps of validation reached: " +
- data.getName().toUri());
-
- for (RuleList::iterator it = m_mustFailVerify.begin();
- it != m_mustFailVerify.end();
- it++)
- if ((*it)->satisfy(data))
- return onValidationFailed(data.shared_from_this(),
- "Comply with mustFail policy: " +
- data.getName().toUri());
-
- for (RuleList::iterator it = m_verifyPolicies.begin();
- it != m_verifyPolicies.end();
- it++) {
- if ((*it)->satisfy(data)) {
- try {
- if (!data.getSignature().hasKeyLocator())
- return onValidationFailed(data.shared_from_this(),
- "Key Locator is missing in Data packet: " +
- data.getName().toUri());
-
- const KeyLocator& keyLocator = data.getSignature().getKeyLocator();
- if (keyLocator.getType() != KeyLocator::KeyLocator_Name)
- return onValidationFailed(data.shared_from_this(),
- "Key Locator is not a name: " +
- data.getName().toUri());
-
-
- const Name& keyLocatorName = keyLocator.getName();
- shared_ptr<const v1::Certificate> trustedCert;
- if (m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName) &&
- m_certificateCache != nullptr)
- trustedCert = m_certificateCache->getCertificate(keyLocatorName);
- else
- trustedCert = m_trustAnchors[keyLocatorName];
-
- if (trustedCert != nullptr) {
- if (verifySignature(data, data.getSignature(), trustedCert->getPublicKeyInfo()))
- return onValidated(data.shared_from_this());
- else
- return onValidationFailed(data.shared_from_this(),
- "Cannot verify signature: " +
- data.getName().toUri());
- }
- else {
- // KeyLocator is not a trust anchor
-
- OnDataValidated onKeyValidated =
- bind(&ValidatorRegex::onCertificateValidated, this, _1,
- data.shared_from_this(), onValidated, onValidationFailed);
-
- OnDataValidationFailed onKeyValidationFailed =
- bind(&ValidatorRegex::onCertificateValidationFailed, this, _1, _2,
- data.shared_from_this(), onValidationFailed);
-
- Interest interest(keyLocatorName);
- shared_ptr<ValidationRequest> nextStep =
- make_shared<ValidationRequest>(interest,
- onKeyValidated,
- onKeyValidationFailed,
- 3,
- nSteps + 1);
-
- nextSteps.push_back(nextStep);
-
- return;
- }
- }
- catch (const KeyLocator::Error& e) {
- return onValidationFailed(data.shared_from_this(),
- "Key Locator is not a name: " +
- data.getName().toUri());
- }
- catch (const tlv::Error& e) {
- return onValidationFailed(data.shared_from_this(),
- "Cannot decode signature");
- }
- }
- }
-
- return onValidationFailed(data.shared_from_this(),
- "No policy found for data: " + data.getName().toUri());
-}
-
-} // namespace security
-} // namespace ndn
diff --git a/src/security/validator-regex.hpp b/src/security/validator-regex.hpp
deleted file mode 100644
index 7d97f22..0000000
--- a/src/security/validator-regex.hpp
+++ /dev/null
@@ -1,135 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2016 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
- */
-
-#ifndef NDN_SECURITY_VALIDATOR_REGEX_HPP
-#define NDN_SECURITY_VALIDATOR_REGEX_HPP
-
-#include "validator.hpp"
-#include "v1/identity-certificate.hpp"
-#include "sec-rule-relative.hpp"
-#include "certificate-cache.hpp"
-#include "../util/regex.hpp"
-
-namespace ndn {
-namespace security {
-
-class ValidatorRegex : public Validator
-{
-public:
- class Error : public Validator::Error
- {
- public:
- explicit
- Error(const std::string& what)
- : Validator::Error(what)
- {
- }
- };
-
- /**
- * @note When both certificate cache and face are not supplied, no cache will be used.
- * However, if only face is supplied, a default cache will be created and used.
- */
- explicit
- ValidatorRegex(Face* face = nullptr,
- shared_ptr<CertificateCache> certificateCache = DEFAULT_CERTIFICATE_CACHE,
- const int stepLimit = 3);
-
- /// @deprecated Use the constructor taking Face* as parameter.
- explicit
- ValidatorRegex(Face& face,
- shared_ptr<CertificateCache> certificateCache = DEFAULT_CERTIFICATE_CACHE,
- const int stepLimit = 3);
-
- virtual
- ~ValidatorRegex()
- {
- }
-
- /**
- * @brief Add a rule for data verification.
- *
- * @param rule The verification rule
- */
- void
- addDataVerificationRule(shared_ptr<SecRuleRelative> rule);
-
- /**
- * @brief Add a trust anchor
- *
- * @param certificate The trust anchor
- */
- void
- addTrustAnchor(shared_ptr<v1::IdentityCertificate> certificate);
-
-protected:
- virtual void
- checkPolicy(const Data& data,
- int nSteps,
- const OnDataValidated& onValidated,
- const OnDataValidationFailed& onValidationFailed,
- std::vector<shared_ptr<ValidationRequest> >& nextSteps);
-
- virtual void
- checkPolicy(const Interest& interest,
- int nSteps,
- const OnInterestValidated& onValidated,
- const OnInterestValidationFailed& onValidationFailed,
- std::vector<shared_ptr<ValidationRequest> >& nextSteps)
- {
- onValidationFailed(interest.shared_from_this(), "No policy for signed interest checking");
- }
-
- void
- onCertificateValidated(const shared_ptr<const Data>& signCertificate,
- const shared_ptr<const Data>& data,
- const OnDataValidated& onValidated,
- const OnDataValidationFailed& onValidationFailed);
-
- void
- onCertificateValidationFailed(const shared_ptr<const Data>& signCertificate,
- const std::string& failureInfo,
- const shared_ptr<const Data>& data,
- const OnDataValidationFailed& onValidationFailed);
-
-public:
- static const shared_ptr<CertificateCache> DEFAULT_CERTIFICATE_CACHE;
-
-protected:
- typedef std::vector< shared_ptr<SecRuleRelative> > RuleList;
- typedef std::vector< shared_ptr<Regex> > RegexList;
-
- int m_stepLimit;
- shared_ptr<CertificateCache> m_certificateCache;
- RuleList m_mustFailVerify;
- RuleList m_verifyPolicies;
- std::map<Name, shared_ptr<v1::IdentityCertificate> > m_trustAnchors;
-};
-
-} // namespace security
-
-using security::ValidatorRegex;
-
-} // namespace ndn
-
-#endif // NDN_SECURITY_VALIDATOR_REGEX_HPP
diff --git a/tests/unit-tests/security/sec-rule-relative.t.cpp b/tests/unit-tests/security/sec-rule-relative.t.cpp
deleted file mode 100644
index 79f8831..0000000
--- a/tests/unit-tests/security/sec-rule-relative.t.cpp
+++ /dev/null
@@ -1,70 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2017 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- */
-
-#include "security/sec-rule-relative.hpp"
-#include "identity-management-fixture.hpp"
-
-namespace ndn {
-namespace security {
-namespace tests {
-
-using namespace ndn::tests;
-
-BOOST_AUTO_TEST_SUITE(Security)
-BOOST_FIXTURE_TEST_SUITE(TestSecRuleRelative, IdentityManagementV1Fixture)
-
-BOOST_AUTO_TEST_CASE(Basic)
-{
- Name rsaIdentity("/SecurityTestSecRule/Basic/Rsa");
- addIdentity(rsaIdentity, RsaKeyParams());
- Name ecIdentity("/SecurityTestSecRule/Basic/Ec");
- addIdentity(ecIdentity, EcKeyParams());
-
- Name dataName("SecurityTestSecRule/Basic");
- Data rsaData(dataName);
- m_keyChain.sign(rsaData,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- rsaIdentity));
- Data ecData(dataName);
- m_keyChain.sign(ecData,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
- ecIdentity));
- Data sha256Data(dataName);
- m_keyChain.sign(sha256Data, security::SigningInfo(security::SigningInfo::SIGNER_TYPE_SHA256));
-
- SecRuleRelative rule("^(<SecurityTestSecRule><Basic>)$",
- "^(<SecurityTestSecRule><Basic>)<><KEY><><>$",
- "==", "\\1", "\\1", true);
- BOOST_CHECK(rule.satisfy(rsaData));
- BOOST_CHECK(rule.satisfy(ecData));
- BOOST_CHECK_EQUAL(rule.satisfy(sha256Data), false);
-
- BOOST_CHECK(rule.matchSignerName(rsaData));
- BOOST_CHECK(rule.matchSignerName(ecData));
- BOOST_CHECK_EQUAL(rule.matchSignerName(sha256Data), false);
-}
-
-BOOST_AUTO_TEST_SUITE_END() // TestSecRuleRelative
-BOOST_AUTO_TEST_SUITE_END() // Security
-
-} // namespace tests
-} // namespace security
-} // namespace ndn
diff --git a/tests/unit-tests/security/sec-rule-specific.t.cpp b/tests/unit-tests/security/sec-rule-specific.t.cpp
deleted file mode 100644
index 6b9275a..0000000
--- a/tests/unit-tests/security/sec-rule-specific.t.cpp
+++ /dev/null
@@ -1,68 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2017 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- */
-
-#include "security/sec-rule-specific.hpp"
-#include "security/signing-helpers.hpp"
-
-#include "boost-test.hpp"
-#include "identity-management-fixture.hpp"
-
-namespace ndn {
-namespace security {
-namespace tests {
-
-using namespace ndn::tests;
-
-BOOST_AUTO_TEST_SUITE(Security)
-BOOST_FIXTURE_TEST_SUITE(TestSecRuleSpecific, IdentityManagementFixture)
-
-BOOST_AUTO_TEST_CASE(Basic)
-{
- auto rsaIdentity = addIdentity("/SecurityTestSecRule/Basic/Rsa", RsaKeyParams());
- auto ecIdentity = addIdentity("/SecurityTestSecRule/Basic/Ec", EcKeyParams());
-
- Name dataName("/SecurityTestSecRule/Basic");
- Data rsaData(dataName);
- m_keyChain.sign(rsaData, signingByIdentity(rsaIdentity));
- Data ecData(dataName);
- m_keyChain.sign(ecData, signingByIdentity(ecIdentity));
- Data sha256Data(dataName);
- m_keyChain.sign(sha256Data, security::signingWithSha256());
-
- auto dataRegex = make_shared<Regex>("^<SecurityTestSecRule><Basic>$");
- auto signerRegex = make_shared<Regex>("^<SecurityTestSecRule><Basic><><KEY><>$");
-
- SecRuleSpecific rule(dataRegex, signerRegex);
- BOOST_CHECK(rule.satisfy(rsaData));
- BOOST_CHECK(rule.satisfy(ecData));
- BOOST_CHECK_EQUAL(rule.satisfy(sha256Data), false);
-
- BOOST_CHECK(rule.matchSignerName(rsaData));
- BOOST_CHECK(rule.matchSignerName(ecData));
- BOOST_CHECK_EQUAL(rule.matchSignerName(sha256Data), false);
-}
-
-BOOST_AUTO_TEST_SUITE_END() // TestSecRuleSpecific
-BOOST_AUTO_TEST_SUITE_END() // Security
-
-} // namespace tests
-} // namespace security
-} // namespace ndn