Move validation-request.hpp to public API. Moved static verifySha256WithRsaSignature to new Sha256WithRsaHandler::verify.
diff --git a/src/security/key-chain.cpp b/src/security/key-chain.cpp
index 4d82f06..fc05969 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/key-chain.cpp
@@ -1,18 +1,14 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
/**
* Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
* @author: Jeff Thompson <jefft0@remap.ucla.edu>
* See COPYING for copyright and distribution information.
*/
-#include "../c/util/crypto.h"
-#include "../c/encoding/binary-xml-data.h"
-#include "../encoding/binary-xml-encoder.hpp"
-#include <ndn-cpp/sha256-with-rsa-signature.hpp>
#include "../util/logging.hpp"
#include <ndn-cpp/security/security-exception.hpp>
#include <ndn-cpp/security/policy/policy-manager.hpp>
-#include "policy/validation-request.hpp"
#include <ndn-cpp/security/key-chain.hpp>
using namespace std;
@@ -24,49 +20,6 @@
#endif
namespace ndn {
-
-/**
- * Verify the signature on the data packet using the given public key. If there is no data.getDefaultWireEncoding(),
- * this calls data.wireEncode() to set it.
- * @param data The data packet with the signed portion and the signature to verify. The data packet must have a
- * Sha256WithRsaSignature.
- * @param publicKey The public key used to verify the signature.
- * @return true if the signature verifies, false if not.
- * @throw SecurityException if data does not have a Sha256WithRsaSignature.
- */
-static bool
-verifySha256WithRsaSignature(const Data& data, const PublicKey& publicKey)
-{
- const Sha256WithRsaSignature *signature = dynamic_cast<const Sha256WithRsaSignature*>(data.getSignature());
- if (!signature)
- throw SecurityException("signature is not Sha256WithRsaSignature.");
-
- // Set the data packet's default wire encoding if it is not already there.
- if (signature->getDigestAlgorithm().size() != 0)
- // TODO: Allow a non-default digest algorithm.
- throw UnrecognizedDigestAlgorithmException("Cannot verify a data packet with a non-default digest algorithm.");
- if (!data.getDefaultWireEncoding())
- data.wireEncode();
-
- // Set signedPortionDigest to the digest of the signed portion of the wire encoding.
- uint8_t signedPortionDigest[SHA256_DIGEST_LENGTH];
- ndn_digestSha256(data.getDefaultWireEncoding().signedBuf(), data.getDefaultWireEncoding().signedSize(), signedPortionDigest);
-
- // Verify the signedPortionDigest.
- // Use a temporary pointer since d2i updates it.
- const uint8_t *derPointer = publicKey.getKeyDer().buf();
- RSA *rsaPublicKey = d2i_RSA_PUBKEY(NULL, &derPointer, publicKey.getKeyDer().size());
- if (!rsaPublicKey)
- throw UnrecognizedKeyFormatException("Error decoding public key in d2i_RSAPublicKey");
- int success = RSA_verify
- (NID_sha256, signedPortionDigest, sizeof(signedPortionDigest), (uint8_t *)signature->getSignature().buf(),
- signature->getSignature().size(), rsaPublicKey);
- // Free the public key before checking for success.
- RSA_free(rsaPublicKey);
-
- // RSA_verify returns 1 for a valid signature.
- return (success == 1);
-}
KeyChain::KeyChain(const shared_ptr<IdentityManager>& identityManager, const shared_ptr<PolicyManager>& policyManager)
: identityManager_(identityManager), policyManager_(policyManager), face_(0), maxSteps_(100)
diff --git a/src/security/policy/validation-request.hpp b/src/security/policy/validation-request.hpp
deleted file mode 100644
index 386b45d..0000000
--- a/src/security/policy/validation-request.hpp
+++ /dev/null
@@ -1,37 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_VALIDATION_REQUEST_HPP
-#define NDN_VALIDATION_REQUEST_HPP
-
-#include <ndn-cpp/security/key-chain.hpp>
-
-namespace ndn {
-
-class ValidationRequest {
-public:
- ValidationRequest
- (const ptr_lib::shared_ptr<Interest> &interest, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed,
- int retry, int stepCount)
- : interest_(interest), onVerified_(onVerified), onVerifyFailed_(onVerifyFailed), retry_(retry), stepCount_(stepCount)
- {
- }
-
- virtual
- ~ValidationRequest() {}
-
- ptr_lib::shared_ptr<Interest> interest_; // An interest packet to fetch the requested data.
- OnVerified onVerified_; // A callback function if the requested certificate has been validated.
- OnVerifyFailed onVerifyFailed_; // A callback function if the requested certificate cannot be validated.
- int retry_; // The number of retrials when there is an interest timeout.
- int stepCount_;
-};
-
-}
-
-#endif
diff --git a/src/security/signature/sha256-with-rsa-handler.cpp b/src/security/signature/sha256-with-rsa-handler.cpp
new file mode 100644
index 0000000..905fc3e
--- /dev/null
+++ b/src/security/signature/sha256-with-rsa-handler.cpp
@@ -0,0 +1,52 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#include "../../c/util/crypto.h"
+#include <ndn-cpp/sha256-with-rsa-signature.hpp>
+#include <ndn-cpp/security/security-exception.hpp>
+#include <ndn-cpp/security/signature/sha256-with-rsa-handler.hpp>
+
+using namespace std;
+using namespace ndn::ptr_lib;
+
+namespace ndn {
+
+bool
+Sha256WithRsaHandler::verify(const Data& data, const PublicKey& publicKey)
+{
+ const Sha256WithRsaSignature *signature = dynamic_cast<const Sha256WithRsaSignature*>(data.getSignature());
+ if (!signature)
+ throw SecurityException("signature is not Sha256WithRsaSignature.");
+
+ // Set the data packet's default wire encoding if it is not already there.
+ if (signature->getDigestAlgorithm().size() != 0)
+ // TODO: Allow a non-default digest algorithm.
+ throw UnrecognizedDigestAlgorithmException("Cannot verify a data packet with a non-default digest algorithm.");
+ if (!data.getDefaultWireEncoding())
+ data.wireEncode();
+
+ // Set signedPortionDigest to the digest of the signed portion of the wire encoding.
+ uint8_t signedPortionDigest[SHA256_DIGEST_LENGTH];
+ ndn_digestSha256(data.getDefaultWireEncoding().signedBuf(), data.getDefaultWireEncoding().signedSize(), signedPortionDigest);
+
+ // Verify the signedPortionDigest.
+ // Use a temporary pointer since d2i updates it.
+ const uint8_t *derPointer = publicKey.getKeyDer().buf();
+ RSA *rsaPublicKey = d2i_RSA_PUBKEY(NULL, &derPointer, publicKey.getKeyDer().size());
+ if (!rsaPublicKey)
+ throw UnrecognizedKeyFormatException("Error decoding public key in d2i_RSAPublicKey");
+ int success = RSA_verify
+ (NID_sha256, signedPortionDigest, sizeof(signedPortionDigest), (uint8_t *)signature->getSignature().buf(),
+ signature->getSignature().size(), rsaPublicKey);
+ // Free the public key before checking for success.
+ RSA_free(rsaPublicKey);
+
+ // RSA_verify returns 1 for a valid signature.
+ return (success == 1);
+}
+
+}