blob: 11246208840ae7c46379b28afd876afe65e1ef30 [file] [log] [blame]
Yingdi Yu6ac97982014-01-30 14:49:21 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
3 * Copyright (C) 2013 Regents of the University of California.
4 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
5 * See COPYING for copyright and distribution information.
6 */
7
Yingdi Yufc40d872014-02-18 12:56:04 -08008#ifndef NDN_SECURITY_VALIDATOR_REGEX_HPP
9#define NDN_SECURITY_VALIDATOR_REGEX_HPP
Yingdi Yu6ac97982014-01-30 14:49:21 -080010
11#include "validator.hpp"
12#include "identity-certificate.hpp"
13#include "sec-rule-relative.hpp"
14#include "certificate-cache.hpp"
15#include "../util/regex.hpp"
16
Yingdi Yu6ac97982014-01-30 14:49:21 -080017namespace ndn {
18
19class ValidatorRegex : public Validator
20{
21public:
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070022 class Error : public Validator::Error
23 {
24 public:
25 explicit
26 Error(const std::string& what)
27 : Validator::Error(what)
28 {
29 }
30 };
Yingdi Yu6ac97982014-01-30 14:49:21 -080031
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070032 static const shared_ptr<CertificateCache> DEFAULT_CERTIFICATE_CACHE;
33
Yingdi Yu6ac97982014-01-30 14:49:21 -080034 ValidatorRegex(shared_ptr<Face> face,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070035 shared_ptr<CertificateCache> certificateCache = DEFAULT_CERTIFICATE_CACHE,
Yingdi Yu6ac97982014-01-30 14:49:21 -080036 const int stepLimit = 3);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070037
38 virtual
39 ~ValidatorRegex()
40 {
41 }
42
Yingdi Yu6ac97982014-01-30 14:49:21 -080043 /**
44 * @brief Add a rule for data verification.
45 *
46 * @param policy The verification rule
47 */
48 inline void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070049 addDataVerificationRule(shared_ptr<SecRuleRelative> rule);
50
Yingdi Yu6ac97982014-01-30 14:49:21 -080051 /**
52 * @brief Add a trust anchor
53 *
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070054 * @param certificate The trust anchor
Yingdi Yu6ac97982014-01-30 14:49:21 -080055 */
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070056 inline void
Yingdi Yu6ac97982014-01-30 14:49:21 -080057 addTrustAnchor(shared_ptr<IdentityCertificate> certificate);
58
59protected:
60 virtual void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070061 checkPolicy(const Data& data,
62 int stepCount,
63 const OnDataValidated& onValidated,
64 const OnDataValidationFailed& onValidationFailed,
65 std::vector<shared_ptr<ValidationRequest> >& nextSteps);
Yingdi Yu6ac97982014-01-30 14:49:21 -080066
Yingdi Yu9a335352014-01-31 11:57:46 -080067 virtual void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070068 checkPolicy(const Interest& interest,
69 int stepCount,
70 const OnInterestValidated& onValidated,
71 const OnInterestValidationFailed& onValidationFailed,
72 std::vector<shared_ptr<ValidationRequest> >& nextSteps)
73 {
74 onValidationFailed(interest.shared_from_this(), "No policy for signed interest checking");
75 }
Yingdi Yu9a335352014-01-31 11:57:46 -080076
Yingdi Yu6ac97982014-01-30 14:49:21 -080077 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070078 onCertificateValidated(const shared_ptr<const Data>& signCertificate,
79 const shared_ptr<const Data>& data,
80 const OnDataValidated& onValidated,
81 const OnDataValidationFailed& onValidationFailed);
82
Yingdi Yu6ac97982014-01-30 14:49:21 -080083 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070084 onCertificateValidationFailed(const shared_ptr<const Data>& signCertificate,
Yingdi Yu40587c02014-02-21 16:40:48 -080085 const std::string& failureInfo,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070086 const shared_ptr<const Data>& data,
87 const OnDataValidationFailed& onValidationFailed);
88
Yingdi Yu6ac97982014-01-30 14:49:21 -080089protected:
90 typedef std::vector< shared_ptr<SecRuleRelative> > RuleList;
91 typedef std::vector< shared_ptr<Regex> > RegexList;
92
93 int m_stepLimit;
94 shared_ptr<CertificateCache> m_certificateCache;
95 RuleList m_mustFailVerify;
96 RuleList m_verifyPolicies;
97 std::map<Name, shared_ptr<IdentityCertificate> > m_trustAnchors;
98};
99
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700100inline void
101ValidatorRegex::addDataVerificationRule(shared_ptr<SecRuleRelative> rule)
102{
103 rule->isPositive() ? m_verifyPolicies.push_back(rule) : m_mustFailVerify.push_back(rule);
104}
105
106inline void
Yingdi Yu6ac97982014-01-30 14:49:21 -0800107ValidatorRegex::addTrustAnchor(shared_ptr<IdentityCertificate> certificate)
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700108{
109 m_trustAnchors[certificate->getName().getPrefix(-1)] = certificate;
110}
Yingdi Yu6ac97982014-01-30 14:49:21 -0800111
Yingdi Yufc40d872014-02-18 12:56:04 -0800112} // namespace ndn
Yingdi Yu6ac97982014-01-30 14:49:21 -0800113
Yingdi Yufc40d872014-02-18 12:56:04 -0800114#endif //NDN_SECURITY_VALIDATOR_REGEX_HPP