| Yingdi Yu | 17bc301 | 2014-02-10 17:37:12 -0800 | [diff] [blame^] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /** |
| 3 | * Copyright (C) 2013 Regents of the University of California. |
| 4 | * See COPYING for copyright and distribution information. |
| 5 | */ |
| 6 | |
| 7 | #include "command-interest-validator.hpp" |
| 8 | |
| 9 | namespace ndn |
| 10 | { |
| 11 | const ssize_t CommandInterestValidator::POS_SIG_VALUE = -1; |
| 12 | const ssize_t CommandInterestValidator::POS_SIG_INFO = -2; |
| 13 | const ssize_t CommandInterestValidator::POS_RANDOM_VAL = -3; |
| 14 | const ssize_t CommandInterestValidator::POS_TIMESTAMP = -4; |
| 15 | const int64_t CommandInterestValidator::GRACE_INTERVAL = 3000; |
| 16 | |
| 17 | void |
| 18 | CommandInterestValidator::checkPolicy (const Interest& interest, |
| 19 | int stepCount, |
| 20 | const OnInterestValidated &onValidated, |
| 21 | const OnInterestValidationFailed &onValidationFailed, |
| 22 | std::vector<shared_ptr<ValidationRequest> > &nextSteps) |
| 23 | { |
| 24 | try{ |
| 25 | Name interestName = interest.getName(); |
| 26 | |
| 27 | Signature signature(interestName.get(POS_SIG_INFO).blockFromValue(), |
| 28 | interestName.get(POS_SIG_VALUE).blockFromValue()); |
| 29 | |
| 30 | SignatureSha256WithRsa sig(signature); |
| 31 | const Name & keyLocatorName = sig.getKeyLocator().getName(); |
| 32 | Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName); |
| 33 | |
| 34 | //Check if command is in the trusted scope |
| 35 | bool inScope = false; |
| 36 | std::list<SecRuleSpecific>::iterator scopeIt = m_trustScopeForInterest.begin(); |
| 37 | for(; scopeIt != m_trustScopeForInterest.end(); scopeIt++) |
| 38 | { |
| 39 | if(scopeIt->satisfy(interestName, keyName)) |
| 40 | { |
| 41 | inScope = true; |
| 42 | break; |
| 43 | } |
| 44 | } |
| 45 | if(inScope == false) |
| 46 | { |
| 47 | onValidationFailed(interest.shared_from_this()); |
| 48 | return; |
| 49 | } |
| 50 | |
| 51 | //Check if timestamp is valid |
| 52 | uint64_t timestamp = interestName.get(POS_TIMESTAMP).toNumber(); |
| 53 | uint64_t current = static_cast<uint64_t>(time::now()/1000000); |
| 54 | std::map<Name, uint64_t>::const_iterator timestampIt = m_lastTimestamp.find(keyName); |
| 55 | if(timestampIt == m_lastTimestamp.end()) |
| 56 | { |
| 57 | if(timestamp > (current + m_graceInterval) || (timestamp + m_graceInterval) < current) |
| 58 | { |
| 59 | onValidationFailed(interest.shared_from_this()); |
| 60 | return; |
| 61 | } |
| 62 | } |
| 63 | else if(m_lastTimestamp[keyName] >= timestamp) |
| 64 | { |
| 65 | onValidationFailed(interest.shared_from_this()); |
| 66 | return; |
| 67 | } |
| 68 | |
| 69 | //Check if signature can be verified |
| 70 | Name signedName = interestName.getPrefix(-1); |
| 71 | Buffer signedBlob = Buffer(signedName.wireEncode().value(), signedName.wireEncode().value_size()); //These two lines could be optimized |
| 72 | if(!Validator::verifySignature(signedBlob.buf(), signedBlob.size(), sig, m_trustAnchorsForInterest[keyName])) |
| 73 | { |
| 74 | onValidationFailed(interest.shared_from_this()); |
| 75 | return; |
| 76 | } |
| 77 | |
| 78 | m_lastTimestamp[keyName] = timestamp; |
| 79 | onValidated(interest.shared_from_this()); |
| 80 | return; |
| 81 | |
| 82 | }catch(...){ |
| 83 | onValidationFailed(interest.shared_from_this()); |
| 84 | } |
| 85 | } |
| 86 | |
| 87 | }//ndn |