Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 4c9a3d59c4a2aebab71c46fff1327ce9e73d2266 / . / src / security / validator-regex.hpp
blob: 7d97f22e22062191dd114343f8077804ed4951db [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]2/**
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]3 * Copyright (c) 2013-2016 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]6 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]20 *
21 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]22 */
23
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]24#ifndef NDN_SECURITY_VALIDATOR_REGEX_HPP
25#define NDN_SECURITY_VALIDATOR_REGEX_HPP
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]26
27#include "validator.hpp"
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]28#include "v1/identity-certificate.hpp"
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]29#include "sec-rule-relative.hpp"
30#include "certificate-cache.hpp"
31#include "../util/regex.hpp"
32
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]33namespace ndn {
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]34namespace security {
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]35
36class ValidatorRegex : public Validator
37{
38public:
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]39 class Error : public Validator::Error
40 {
41 public:
42 explicit
43 Error(const std::string& what)
44 : Validator::Error(what)
45 {
46 }
47 };
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]48
Yingdi Yu4e9b0692014-11-04 16:13:56 -0800[diff] [blame]49 /**
50 * @note When both certificate cache and face are not supplied, no cache will be used.
51 * However, if only face is supplied, a default cache will be created and used.
52 */
53 explicit
54 ValidatorRegex(Face* face = nullptr,
55 shared_ptr<CertificateCache> certificateCache = DEFAULT_CERTIFICATE_CACHE,
56 const int stepLimit = 3);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]57
Yingdi Yu4e9b0692014-11-04 16:13:56 -0800[diff] [blame]58 /// @deprecated Use the constructor taking Face* as parameter.
Alexander Afanasyeva4297a62014-06-19 13:29:34 -0700[diff] [blame]59 explicit
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]60 ValidatorRegex(Face& face,
61 shared_ptr<CertificateCache> certificateCache = DEFAULT_CERTIFICATE_CACHE,
62 const int stepLimit = 3);
63
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]64 virtual
65 ~ValidatorRegex()
66 {
67 }
68
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]69 /**
70 * @brief Add a rule for data verification.
71 *
Alexander Afanasyev770827c2014-05-13 17:42:55 -0700[diff] [blame]72 * @param rule The verification rule
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]73 */
Yingdi Yu4e9b0692014-11-04 16:13:56 -0800[diff] [blame]74 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]75 addDataVerificationRule(shared_ptr<SecRuleRelative> rule);
76
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]77 /**
78 * @brief Add a trust anchor
79 *
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]80 * @param certificate The trust anchor
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]81 */
Yingdi Yu4e9b0692014-11-04 16:13:56 -0800[diff] [blame]82 void
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]83 addTrustAnchor(shared_ptr<v1::IdentityCertificate> certificate);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]84
85protected:
86 virtual void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]87 checkPolicy(const Data& data,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]88 int nSteps,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]89 const OnDataValidated& onValidated,
90 const OnDataValidationFailed& onValidationFailed,
91 std::vector<shared_ptr<ValidationRequest> >& nextSteps);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]92
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]93 virtual void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]94 checkPolicy(const Interest& interest,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]95 int nSteps,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]96 const OnInterestValidated& onValidated,
97 const OnInterestValidationFailed& onValidationFailed,
98 std::vector<shared_ptr<ValidationRequest> >& nextSteps)
99 {
100 onValidationFailed(interest.shared_from_this(), "No policy for signed interest checking");
101 }
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]102
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]103 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]104 onCertificateValidated(const shared_ptr<const Data>& signCertificate,
105 const shared_ptr<const Data>& data,
106 const OnDataValidated& onValidated,
107 const OnDataValidationFailed& onValidationFailed);
108
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]109 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]110 onCertificateValidationFailed(const shared_ptr<const Data>& signCertificate,
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]111 const std::string& failureInfo,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]112 const shared_ptr<const Data>& data,
113 const OnDataValidationFailed& onValidationFailed);
114
Yingdi Yu4e9b0692014-11-04 16:13:56 -0800[diff] [blame]115public:
116 static const shared_ptr<CertificateCache> DEFAULT_CERTIFICATE_CACHE;
117
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]118protected:
119 typedef std::vector< shared_ptr<SecRuleRelative> > RuleList;
120 typedef std::vector< shared_ptr<Regex> > RegexList;
121
122 int m_stepLimit;
123 shared_ptr<CertificateCache> m_certificateCache;
124 RuleList m_mustFailVerify;
125 RuleList m_verifyPolicies;
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]126 std::map<Name, shared_ptr<v1::IdentityCertificate> > m_trustAnchors;
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]127};
128
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]129} // namespace security
130
131using security::ValidatorRegex;
132
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]133} // namespace ndn
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]134
Yingdi Yu4e9b0692014-11-04 16:13:56 -0800[diff] [blame]135#endif // NDN_SECURITY_VALIDATOR_REGEX_HPP