Blame - src/security/validator-config.hpp - ndn-cxx

blob: feea4bfb68f2d79465356d80261b083dd333f31e [file] [log] [blame]

Yingdi Yu	48e8c0c	2014-03-19 12:01:55 -0700	[diff] [blame]	1	/* -- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -- */
				2	/**
				3	* Copyright (C) 2013 Regents of the University of California.
				4	* See COPYING for copyright and distribution information.
				5	*/
				6
				7	#ifndef NDN_SECURITY_VALIDATOR_CONFIG_HPP
				8	#define NDN_SECURITY_VALIDATOR_CONFIG_HPP
				9
				10	#include "validator.hpp"
				11	#include "certificate-cache.hpp"
				12	#include "conf/rule.hpp"
				13	#include "conf/common.hpp"
				14
				15	namespace ndn {
				16
				17	class ValidatorConfig : public Validator
				18	{
				19	public:
				20	class Error : public Validator::Error
				21	{
				22	public:
				23	explicit
				24	Error(const std::string& what)
				25	: Validator::Error(what)
				26	{
				27	}
				28	};
				29
				30	static const shared_ptr<CertificateCache> DEFAULT_CERTIFICATE_CACHE;
				31
				32	ValidatorConfig(shared_ptr<Face> face,
				33	shared_ptr<CertificateCache> certificateCache = DEFAULT_CERTIFICATE_CACHE,
				34	const int stepLimit = 10);
				35
				36	virtual
				37	~ValidatorConfig()
				38	{
				39	}
				40
				41	void
				42	load(const std::string& filename);
				43
				44	void
				45	load(const std::string& input, const std::string& filename);
				46
				47	void
				48	load(std::istream& input, const std::string& filename);
				49
Yingdi Yu	dfa9d73	2014-04-09 09:53:01 -0700	[diff] [blame]	50	void
				51	load(const security::conf::ConfigSection& configSection,
				52	const std::string& filename);
				53
Yingdi Yu	48e8c0c	2014-03-19 12:01:55 -0700	[diff] [blame]	54	protected:
				55	virtual void
				56	checkPolicy(const Data& data,
				57	int stepCount,
				58	const OnDataValidated& onValidated,
				59	const OnDataValidationFailed& onValidationFailed,
				60	std::vector<shared_ptr<ValidationRequest> >& nextSteps);
				61
				62	virtual void
				63	checkPolicy(const Interest& interest,
				64	int stepCount,
				65	const OnInterestValidated& onValidated,
				66	const OnInterestValidationFailed& onValidationFailed,
				67	std::vector<shared_ptr<ValidationRequest> >& nextSteps);
				68
				69	private:
				70	template<class Packet, class OnValidated, class OnFailed>
				71	void
				72	checkSignature(const Packet& packet,
				73	const Signature& signature,
				74	int stepCount,
				75	const OnValidated& onValidated,
				76	const OnFailed& onValidationFailed,
				77	std::vector<shared_ptr<ValidationRequest> >& nextSteps);
				78
				79	template<class Packet, class OnValidated, class OnFailed>
				80	void
				81	onCertValidated(const shared_ptr<const Data>& signCertificate,
				82	const shared_ptr<const Packet>& packet,
				83	const OnValidated& onValidated,
				84	const OnFailed& onValidationFailed);
				85
				86	template<class Packet, class OnFailed>
				87	void
				88	onCertFailed(const shared_ptr<const Data>& signCertificate,
				89	const std::string& failureInfo,
				90	const shared_ptr<const Packet>& packet,
				91	const OnFailed& onValidationFailed);
				92
				93	void
Yingdi Yu	48e8c0c	2014-03-19 12:01:55 -0700	[diff] [blame]	94	onConfigRule(const security::conf::ConfigSection& section,
				95	const std::string& filename);
				96
				97	void
				98	onConfigTrustAnchor(const security::conf::ConfigSection& section,
				99	const std::string& filename);
				100
				101	private:
				102	typedef security::conf::Rule<Interest> InterestRule;
				103	typedef security::conf::Rule<Data> DataRule;
				104	typedef std::vector<shared_ptr<InterestRule> > InterestRuleList;
				105	typedef std::vector<shared_ptr<DataRule> > DataRuleList;
				106	typedef std::map<Name, shared_ptr<IdentityCertificate> > AnchorList;
				107
				108	int m_stepLimit;
				109	shared_ptr<CertificateCache> m_certificateCache;
				110
				111	InterestRuleList m_interestRules;
				112	DataRuleList m_dataRules;
				113	AnchorList m_anchors;
				114	};
				115
				116	template<class Packet, class OnValidated, class OnFailed>
				117	void
				118	ValidatorConfig::checkSignature(const Packet& packet,
				119	const Signature& signature,
				120	int stepCount,
				121	const OnValidated& onValidated,
				122	const OnFailed& onValidationFailed,
				123	std::vector<shared_ptr<ValidationRequest> >& nextSteps)
				124	{
				125	if (signature.getType() == Signature::Sha256)
				126	{
				127	SignatureSha256 sigSha256(signature);
				128
				129	if (verifySignature(packet, sigSha256))
				130	return onValidated(packet.shared_from_this());
				131	else
				132	return onValidationFailed(packet.shared_from_this(),
				133	"Sha256 Signature cannot be verified!");
				134	}
				135
				136	if (signature.getType() == Signature::Sha256WithRsa)
				137	{
				138	SignatureSha256WithRsa sigSha256Rsa(signature);
				139	Name keyLocatorName = sigSha256Rsa.getKeyLocator().getName();
				140
				141	shared_ptr<const Certificate> trustedCert;
				142
				143	AnchorList::const_iterator it = m_anchors.find(keyLocatorName);
				144	if (m_anchors.end() == it)
				145	trustedCert = m_certificateCache->getCertificate(keyLocatorName);
				146	else
				147	trustedCert = it->second;
				148
				149	if (static_cast<bool>(trustedCert))
				150	{
				151	if (verifySignature(packet, sigSha256Rsa, trustedCert->getPublicKeyInfo()))
				152	return onValidated(packet.shared_from_this());
				153	else
				154	return onValidationFailed(packet.shared_from_this(),
				155	"Cannot verify signature");
				156	}
				157	else
				158	{
				159	OnDataValidated onCertValidated =
				160	bind(&ValidatorConfig::onCertValidated<Packet, OnValidated, OnFailed>,
				161	this, _1, packet.shared_from_this(), onValidated, onValidationFailed);
				162
				163	OnDataValidationFailed onCertValidationFailed =
				164	bind(&ValidatorConfig::onCertFailed<Packet, OnFailed>,
				165	this, _1, _2, packet.shared_from_this(), onValidationFailed);
				166
				167	Interest certInterest(keyLocatorName);
				168
				169	shared_ptr<ValidationRequest> nextStep =
				170	make_shared<ValidationRequest>(boost::cref(certInterest),
				171	onCertValidated,
				172	onCertValidationFailed,
				173	1, stepCount + 1);
				174
				175	nextSteps.push_back(nextStep);
				176	return;
				177	}
				178	}
				179	return onValidationFailed(packet.shared_from_this(), "Unsupported Signature Type!");
				180	}
				181
				182	template<class Packet, class OnValidated, class OnFailed>
				183	void
				184	ValidatorConfig::onCertValidated(const shared_ptr<const Data>& signCertificate,
				185	const shared_ptr<const Packet>& packet,
				186	const OnValidated& onValidated,
				187	const OnFailed& onValidationFailed)
				188	{
				189	shared_ptr<IdentityCertificate> certificate =
				190	make_shared<IdentityCertificate>(boost::cref(*signCertificate));
				191
				192	if (!certificate->isTooLate() && !certificate->isTooEarly())
				193	{
				194	m_certificateCache->insertCertificate(certificate);
				195
				196	if (verifySignature(*packet, certificate->getPublicKeyInfo()))
				197	return onValidated(packet);
				198	else
				199	return onValidationFailed(packet,
				200	"Cannot verify signature: " +
				201	packet->getName().toUri());
				202	}
				203	else
				204	{
				205	return onValidationFailed(packet,
				206	"Signing certificate " +
				207	signCertificate->getName().toUri() +
				208	" is no longer valid.");
				209	}
				210	}
				211
				212	template<class Packet, class OnFailed>
				213	void
				214	ValidatorConfig::onCertFailed(const shared_ptr<const Data>& signCertificate,
				215	const std::string& failureInfo,
				216	const shared_ptr<const Packet>& packet,
				217	const OnFailed& onValidationFailed)
				218	{
				219	onValidationFailed(packet, failureInfo);
				220	}
				221
				222	} // namespace ndn
				223
				224	#endif // NDN_SECURITY_VALIDATOR_CONFIG_HPP