| /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| /** |
| * Copyright (C) 2013 Regents of the University of California. |
| * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
| * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
| * See COPYING for copyright and distribution information. |
| */ |
| |
| #include "../util/logging.hpp" |
| #include <ndn-cpp/security/security-exception.hpp> |
| #include <ndn-cpp/security/policy/policy-manager.hpp> |
| #include <ndn-cpp/security/key-chain.hpp> |
| |
| using namespace std; |
| using namespace ndn::ptr_lib; |
| using namespace ndn::func_lib; |
| #if NDN_CPP_HAVE_STD_FUNCTION |
| // In the std library, the placeholders are in a different namespace than boost. |
| using namespace ndn::func_lib::placeholders; |
| #endif |
| |
| namespace ndn { |
| |
| KeyChain::KeyChain(const shared_ptr<IdentityManager>& identityManager, const shared_ptr<PolicyManager>& policyManager) |
| : identityManager_(identityManager), policyManager_(policyManager), face_(0), maxSteps_(100) |
| { |
| } |
| |
| void |
| KeyChain::sign(Data& data, const Name& certificateName, WireFormat& wireFormat) |
| { |
| identityManager_->signByCertificate(data, certificateName, wireFormat); |
| } |
| |
| shared_ptr<Signature> |
| KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName) |
| { |
| return identityManager_->signByCertificate(buffer, bufferLength, certificateName); |
| } |
| |
| void |
| KeyChain::signByIdentity(Data& data, const Name& identityName, WireFormat& wireFormat) |
| { |
| Name signingCertificateName; |
| |
| if (identityName.getComponentCount() == 0) { |
| Name inferredIdentity = policyManager_->inferSigningIdentity(data.getName()); |
| if (inferredIdentity.getComponentCount() == 0) |
| signingCertificateName = identityManager_->getDefaultCertificateName(); |
| else |
| signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(inferredIdentity); |
| } |
| else |
| signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(identityName); |
| |
| if (signingCertificateName.getComponentCount() == 0) |
| throw SecurityException("No qualified certificate name found!"); |
| |
| if (!policyManager_->checkSigningPolicy(data.getName(), signingCertificateName)) |
| throw SecurityException("Signing Cert name does not comply with signing policy"); |
| |
| identityManager_->signByCertificate(data, signingCertificateName, wireFormat); |
| } |
| |
| shared_ptr<Signature> |
| KeyChain::signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName) |
| { |
| Name signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(identityName); |
| |
| if (signingCertificateName.size() == 0) |
| throw SecurityException("No qualified certificate name found!"); |
| |
| return identityManager_->signByCertificate(buffer, bufferLength, signingCertificateName); |
| } |
| |
| void |
| KeyChain::verifyData |
| (const shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount) |
| { |
| _LOG_TRACE("Enter Verify"); |
| |
| if (policyManager_->requireVerify(*data)) { |
| shared_ptr<ValidationRequest> nextStep = policyManager_->checkVerificationPolicy |
| (data, stepCount, onVerified, onVerifyFailed); |
| if (nextStep) |
| face_->expressInterest |
| (*nextStep->interest_, |
| bind(&KeyChain::onCertificateData, this, _1, _2, nextStep), |
| bind(&KeyChain::onCertificateInterestTimeout, this, _1, nextStep->retry_, onVerifyFailed, data, nextStep)); |
| } |
| else if (policyManager_->skipVerifyAndTrust(*data)) |
| onVerified(data); |
| else |
| onVerifyFailed(data); |
| } |
| |
| void |
| KeyChain::onCertificateData(const shared_ptr<const Interest> &interest, const shared_ptr<Data> &data, shared_ptr<ValidationRequest> nextStep) |
| { |
| // Try to verify the certificate (data) according to the parameters in nextStep. |
| verifyData(data, nextStep->onVerified_, nextStep->onVerifyFailed_, nextStep->stepCount_); |
| } |
| |
| void |
| KeyChain::onCertificateInterestTimeout |
| (const shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, const shared_ptr<Data> &data, |
| shared_ptr<ValidationRequest> nextStep) |
| { |
| if (retry > 0) |
| // Issue the same expressInterest as in verifyData except decrement retry. |
| face_->expressInterest |
| (*interest, |
| bind(&KeyChain::onCertificateData, this, _1, _2, nextStep), |
| bind(&KeyChain::onCertificateInterestTimeout, this, _1, retry - 1, onVerifyFailed, data, nextStep)); |
| else |
| onVerifyFailed(data); |
| } |
| |
| } |