Blame - src/security/v2/validation-policy.hpp - ndn-cxx

blob: d7a261b621ca2a5f602f59752515236ad8fb987a [file] [log] [blame]

Alexander Afanasyev	7e72141	2017-01-11 13:36:08 -0800	[diff] [blame]	1	/* -- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -- */
Alexander Afanasyev	e5a19b8	2017-01-30 22:30:46 -0800	[diff] [blame]	2	/*
Alexander Afanasyev	7e72141	2017-01-11 13:36:08 -0800	[diff] [blame]	3	* Copyright (c) 2013-2017 Regents of the University of California.
				4	*
				5	* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
				6	*
				7	* ndn-cxx library is free software: you can redistribute it and/or modify it under the
				8	* terms of the GNU Lesser General Public License as published by the Free Software
				9	* Foundation, either version 3 of the License, or (at your option) any later version.
				10	*
				11	* ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
				12	* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
				13	* PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
				14	*
				15	* You should have received copies of the GNU General Public License and GNU Lesser
				16	* General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
				17	* <http://www.gnu.org/licenses/>.
				18	*
				19	* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
				20	*/
				21
				22	#ifndef NDN_SECURITY_V2_VALIDATION_POLICY_HPP
				23	#define NDN_SECURITY_V2_VALIDATION_POLICY_HPP
				24
				25	#include "validation-state.hpp"
				26	#include "certificate-request.hpp"
				27	#include "../../data.hpp"
				28	#include "../../interest.hpp"
				29
				30	namespace ndn {
				31	namespace security {
				32	namespace v2 {
				33
				34	/**
				35	* @brief Abstraction that implements validation policy for Data and Interest packets
				36	*/
				37	class ValidationPolicy : noncopyable
				38	{
				39	public:
				40	using ValidationContinuation = std::function<void(const shared_ptr<CertificateRequest>& certRequest,
				41	const shared_ptr<ValidationState>& state)>;
				42
Alexander Afanasyev	b54aa57	2017-03-21 19:40:49 -0500	[diff] [blame]	43	ValidationPolicy()
				44	: m_validator(nullptr)
				45	{
				46	}
				47
Alexander Afanasyev	7e72141	2017-01-11 13:36:08 -0800	[diff] [blame]	48	virtual
				49	~ValidationPolicy() = default;
				50
				51	/**
Alexander Afanasyev	b54aa57	2017-03-21 19:40:49 -0500	[diff] [blame]	52	* @brief Set inner policy
				53	*
				54	* Multiple assignments of the inner policy will create a "chain" of linked policies.
				55	* The inner policy from the latest invocation of setInnerPolicy will be at the bottom
				56	* of the policy list.
				57	*
				58	* For example, sequence of `this->setInnerPolicy(policy1)` and
				59	* `this->setInnerPolicy(policy2)`, will result in `this->m_innerPolicy == policy1`,
				60	* this->m_innerPolicy->m_innerPolicy == policy2', and
				61	* `this->m_innerPolicy->m_innerPolicy->m_innerPolicy == nullptr`.
				62	*
				63	* @throw std::invalid_argument exception, if @p innerPolicy is nullptr.
				64	*/
				65	void
				66	setInnerPolicy(unique_ptr<ValidationPolicy> innerPolicy);
				67
Alexander Afanasyev	e5a19b8	2017-01-30 22:30:46 -0800	[diff] [blame]	68	/**
				69	* @brief Check if inner policy is set
				70	*/
				71	bool
				72	hasInnerPolicy() const
				73	{
				74	return m_innerPolicy != nullptr;
				75	}
				76
				77	/**
				78	* @brief Return the inner policy
				79	*
				80	* If the inner policy was not set, behavior is undefined.
				81	*/
Alexander Afanasyev	b54aa57	2017-03-21 19:40:49 -0500	[diff] [blame]	82	ValidationPolicy&
				83	getInnerPolicy();
				84
				85	/**
				86	* @brief Set validator to which the policy is associated
				87	*/
				88	void
				89	setValidator(Validator& validator);
				90
				91	/**
Alexander Afanasyev	7e72141	2017-01-11 13:36:08 -0800	[diff] [blame]	92	* @brief Check @p data against the policy
				93	*
				94	* Depending on implementation of the policy, this check can be done synchronously or
				95	* asynchronously.
				96	*
				97	* Semantics of checkPolicy has changed from v1::Validator
				98	* - If packet violates policy, the policy should call `state->fail` with appropriate error
				99	* code and error description.
				100	* - If packet conforms to the policy and no further key retrievals are necessary,
				101	* the policy should call continueValidation(state, nullptr)
				102	* - If packet conforms to the policy and a key needs to be fetched, the policy should call
				103	* continueValidation(state, <appropriate-key-request-instance>)
				104	*/
				105	virtual void
				106	checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
				107	const ValidationContinuation& continueValidation) = 0;
				108
				109	/**
				110	* @brief Check @p interest against the policy
				111	*
				112	* Depending on implementation of the policy, this check can be done synchronously or
				113	* asynchronously.
				114	*
				115	* Semantics of checkPolicy has changed from v1::Validator
				116	* - If packet violates policy, the policy should call `state->fail` with appropriate error
				117	* code and error description.
				118	* - If packet conforms to the policy and no further key retrievals are necessary,
				119	* the policy should call continueValidation(state, nullptr)
				120	* - If packet conforms to the policy and a key needs to be fetched, the policy should call
				121	* continueValidation(state, <appropriate-key-request-instance>)
				122	*/
				123	virtual void
				124	checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
				125	const ValidationContinuation& continueValidation) = 0;
				126
				127	/**
				128	* @brief Check @p certificate against the policy
				129	*
				130	* Unless overridden by the policy, this check defaults to `checkPolicy(const Data&, ...)`.
				131	*
				132	* Depending on implementation of the policy, this check can be done synchronously or
				133	* asynchronously.
				134	*
				135	* Semantics of checkPolicy has changed from v1::Validator
				136	* - If packet violates policy, the policy should call `state->fail` with appropriate error
				137	* code and error description.
				138	* - If packet conforms to the policy and no further key retrievals are necessary,
				139	* the policy should call continueValidation(state, nullptr)
				140	* - If packet conforms to the policy and a key needs to be fetched, the policy should call
				141	* continueValidation(state, <appropriate-key-request-instance>)
				142	*/
				143	virtual void
				144	checkPolicy(const Certificate& certificate, const shared_ptr<ValidationState>& state,
				145	const ValidationContinuation& continueValidation)
				146	{
				147	checkPolicy(static_cast<const Data&>(certificate), state, continueValidation);
				148	}
Alexander Afanasyev	b54aa57	2017-03-21 19:40:49 -0500	[diff] [blame]	149
				150	NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PROTECTED:
				151	Validator* m_validator;
				152	unique_ptr<ValidationPolicy> m_innerPolicy;
Alexander Afanasyev	7e72141	2017-01-11 13:36:08 -0800	[diff] [blame]	153	};
				154
Junxiao Shi	830ba97	2017-06-23 22:44:41 +0000	[diff] [blame]	155	/** \brief extract KeyLocator.Name from Data
				156	*
				157	* Data must contain a KeyLocator of Name type.
				158	* Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
				159	*/
				160	Name
				161	getKeyLocatorName(const Data& data, ValidationState& state);
				162
				163	/** \brief extract KeyLocator.Name from signed Interest
				164	*
				165	* Interest must have SignatureInfo and contain a KeyLocator of Name type.
				166	* Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
				167	*/
				168	Name
				169	getKeyLocatorName(const Interest& interest, ValidationState& state);
				170
Alexander Afanasyev	7e72141	2017-01-11 13:36:08 -0800	[diff] [blame]	171	} // namespace v2
				172	} // namespace security
				173	} // namespace ndn
				174
				175	#endif // NDN_SECURITY_V2_VALIDATION_POLICY_HPP