Jeff Thompson | 3a2eb2f | 2013-12-11 11:00:27 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /** |
| 3 | * Copyright (C) 2013 Regents of the University of California. |
| 4 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
| 5 | * See COPYING for copyright and distribution information. |
| 6 | */ |
| 7 | |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 8 | #ifndef NDN_SEC_POLICY_SELF_VERIFY_HPP |
| 9 | #define NDN_SEC_POLICY_SELF_VERIFY_HPP |
Jeff Thompson | 3a2eb2f | 2013-12-11 11:00:27 -0800 | [diff] [blame] | 10 | |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 11 | #include "sec-policy.hpp" |
Jeff Thompson | 3a2eb2f | 2013-12-11 11:00:27 -0800 | [diff] [blame] | 12 | |
| 13 | namespace ndn { |
| 14 | |
Jeff Thompson | 3a2eb2f | 2013-12-11 11:00:27 -0800 | [diff] [blame] | 15 | /** |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 16 | * A SecPolicySelfVerify implements a PolicyManager to use the public key DER in the data packet's KeyLocator (if available) |
Jeff Thompson | 3a2eb2f | 2013-12-11 11:00:27 -0800 | [diff] [blame] | 17 | * or look in the IdentityStorage for the public key with the name in the KeyLocator (if available) and use |
| 18 | * it to verify the data packet, without searching a certificate chain. If the public key can't be found, the |
| 19 | * verification fails. |
| 20 | */ |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 21 | class SecPolicySelfVerify : public SecPolicy { |
Jeff Thompson | 3a2eb2f | 2013-12-11 11:00:27 -0800 | [diff] [blame] | 22 | public: |
| 23 | /** |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 24 | * Create a new SecPolicySelfVerify which will look up the public key in the given identityManager. |
Jeff Thompson | 3a2eb2f | 2013-12-11 11:00:27 -0800 | [diff] [blame] | 25 | * @param identityManager (optional) The IdentityManager for looking up the public key. This points to an object must which remain |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 26 | * valid during the life of this SecPolicySelfVerify. If omitted, then don't look for a public key with the name |
Jeff Thompson | 3a2eb2f | 2013-12-11 11:00:27 -0800 | [diff] [blame] | 27 | * in the KeyLocator and rely on the KeyLocator having the full public key DER. |
| 28 | */ |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 29 | SecPolicySelfVerify() |
Jeff Thompson | 3a2eb2f | 2013-12-11 11:00:27 -0800 | [diff] [blame] | 30 | { |
| 31 | } |
| 32 | |
| 33 | /** |
| 34 | * The virtual destructor. |
| 35 | */ |
| 36 | virtual |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 37 | ~SecPolicySelfVerify(); |
Jeff Thompson | 3a2eb2f | 2013-12-11 11:00:27 -0800 | [diff] [blame] | 38 | |
| 39 | /** |
| 40 | * Never skip verification. |
| 41 | * @param data The received data packet. |
| 42 | * @return false. |
| 43 | */ |
| 44 | virtual bool |
| 45 | skipVerifyAndTrust(const Data& data); |
| 46 | |
| 47 | /** |
| 48 | * Always return true to use the self-verification rule for the received data. |
| 49 | * @param data The received data packet. |
| 50 | * @return true. |
| 51 | */ |
| 52 | virtual bool |
| 53 | requireVerify(const Data& data); |
| 54 | |
| 55 | /** |
| 56 | * Use the public key DER in the data packet's KeyLocator (if available) or look in the IdentityStorage for the |
| 57 | * public key with the name in the KeyLocator (if available) and use it to verify the data packet. If the public key can't |
| 58 | * be found, call onVerifyFailed. |
| 59 | * @param data The Data object with the signature to check. |
| 60 | * @param stepCount The number of verification steps that have been done, used to track the verification progress. |
| 61 | * (stepCount is ignored.) |
| 62 | * @param onVerified If the signature is verified, this calls onVerified(data). |
| 63 | * @param onVerifyFailed If the signature check fails or can't find the public key, this calls onVerifyFailed(data). |
| 64 | * @return null for no further step for looking up a certificate chain. |
| 65 | */ |
| 66 | virtual ptr_lib::shared_ptr<ValidationRequest> |
| 67 | checkVerificationPolicy |
| 68 | (const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed); |
| 69 | |
| 70 | /** |
| 71 | * Override to always indicate that the signing certificate name and data name satisfy the signing policy. |
| 72 | * @param dataName The name of data to be signed. |
| 73 | * @param certificateName The name of signing certificate. |
| 74 | * @return true to indicate that the signing certificate can be used to sign the data. |
| 75 | */ |
| 76 | virtual bool |
| 77 | checkSigningPolicy(const Name& dataName, const Name& certificateName); |
| 78 | |
| 79 | /** |
| 80 | * Override to indicate that the signing identity cannot be inferred. |
| 81 | * @param dataName The name of data to be signed. |
| 82 | * @return An empty name because cannot infer. |
| 83 | */ |
| 84 | virtual Name |
| 85 | inferSigningIdentity(const Name& dataName); |
| 86 | |
Jeff Thompson | 3a2eb2f | 2013-12-11 11:00:27 -0800 | [diff] [blame] | 87 | }; |
| 88 | |
| 89 | } |
| 90 | |
| 91 | #endif |