blob: fc059693de68917193d63dbd2364cd9158518f82 [file] [log] [blame]
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
/**
* Copyright (C) 2013 Regents of the University of California.
* @author: Yingdi Yu <yingdi@cs.ucla.edu>
* @author: Jeff Thompson <jefft0@remap.ucla.edu>
* See COPYING for copyright and distribution information.
*/
#include "../util/logging.hpp"
#include <ndn-cpp/security/security-exception.hpp>
#include <ndn-cpp/security/policy/policy-manager.hpp>
#include <ndn-cpp/security/key-chain.hpp>
using namespace std;
using namespace ndn::ptr_lib;
using namespace ndn::func_lib;
#if NDN_CPP_HAVE_STD_FUNCTION
// In the std library, the placeholders are in a different namespace than boost.
using namespace ndn::func_lib::placeholders;
#endif
namespace ndn {
KeyChain::KeyChain(const shared_ptr<IdentityManager>& identityManager, const shared_ptr<PolicyManager>& policyManager)
: identityManager_(identityManager), policyManager_(policyManager), face_(0), maxSteps_(100)
{
}
void
KeyChain::sign(Data& data, const Name& certificateName, WireFormat& wireFormat)
{
identityManager_->signByCertificate(data, certificateName, wireFormat);
}
shared_ptr<Signature>
KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
{
return identityManager_->signByCertificate(buffer, bufferLength, certificateName);
}
void
KeyChain::signByIdentity(Data& data, const Name& identityName, WireFormat& wireFormat)
{
Name signingCertificateName;
if (identityName.getComponentCount() == 0) {
Name inferredIdentity = policyManager_->inferSigningIdentity(data.getName());
if (inferredIdentity.getComponentCount() == 0)
signingCertificateName = identityManager_->getDefaultCertificateName();
else
signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(inferredIdentity);
}
else
signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(identityName);
if (signingCertificateName.getComponentCount() == 0)
throw SecurityException("No qualified certificate name found!");
if (!policyManager_->checkSigningPolicy(data.getName(), signingCertificateName))
throw SecurityException("Signing Cert name does not comply with signing policy");
identityManager_->signByCertificate(data, signingCertificateName, wireFormat);
}
shared_ptr<Signature>
KeyChain::signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName)
{
Name signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(identityName);
if (signingCertificateName.size() == 0)
throw SecurityException("No qualified certificate name found!");
return identityManager_->signByCertificate(buffer, bufferLength, signingCertificateName);
}
void
KeyChain::verifyData
(const shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount)
{
_LOG_TRACE("Enter Verify");
if (policyManager_->requireVerify(*data)) {
shared_ptr<ValidationRequest> nextStep = policyManager_->checkVerificationPolicy
(data, stepCount, onVerified, onVerifyFailed);
if (nextStep)
face_->expressInterest
(*nextStep->interest_,
bind(&KeyChain::onCertificateData, this, _1, _2, nextStep),
bind(&KeyChain::onCertificateInterestTimeout, this, _1, nextStep->retry_, onVerifyFailed, data, nextStep));
}
else if (policyManager_->skipVerifyAndTrust(*data))
onVerified(data);
else
onVerifyFailed(data);
}
void
KeyChain::onCertificateData(const shared_ptr<const Interest> &interest, const shared_ptr<Data> &data, shared_ptr<ValidationRequest> nextStep)
{
// Try to verify the certificate (data) according to the parameters in nextStep.
verifyData(data, nextStep->onVerified_, nextStep->onVerifyFailed_, nextStep->stepCount_);
}
void
KeyChain::onCertificateInterestTimeout
(const shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, const shared_ptr<Data> &data,
shared_ptr<ValidationRequest> nextStep)
{
if (retry > 0)
// Issue the same expressInterest as in verifyData except decrement retry.
face_->expressInterest
(*interest,
bind(&KeyChain::onCertificateData, this, _1, _2, nextStep),
bind(&KeyChain::onCertificateInterestTimeout, this, _1, retry - 1, onVerifyFailed, data, nextStep));
else
onVerifyFailed(data);
}
}