Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 511712d86327ec1039b7e844978ed6aa33b76660 / . / src / security / v2 / validation-policy.hpp
blob: 6921984ef64ffd608b721ede9bef0ea61935c7df [file] [log] [blame]
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]2/*
Alexander Afanasyev31fd4672018-06-17 13:25:52 -0400[diff] [blame]3 * Copyright (c) 2013-2018 Regents of the University of California.
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#ifndef NDN_SECURITY_V2_VALIDATION_POLICY_HPP
23#define NDN_SECURITY_V2_VALIDATION_POLICY_HPP
24
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]25#include "certificate-request.hpp"
Junxiao Shi54d74c22018-07-18 07:38:54 -0600[diff] [blame]26#include "validation-state.hpp"
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]27#include "../../data.hpp"
28#include "../../interest.hpp"
29
30namespace ndn {
31namespace security {
32namespace v2 {
33
34/**
35 * @brief Abstraction that implements validation policy for Data and Interest packets
36 */
37class ValidationPolicy : noncopyable
38{
39public:
40 using ValidationContinuation = std::function<void(const shared_ptr<CertificateRequest>& certRequest,
41 const shared_ptr<ValidationState>& state)>;
42
43 virtual
44 ~ValidationPolicy() = default;
45
46 /**
Alexander Afanasyevb54aa572017-03-21 19:40:49 -0500[diff] [blame]47 * @brief Set inner policy
48 *
49 * Multiple assignments of the inner policy will create a "chain" of linked policies.
50 * The inner policy from the latest invocation of setInnerPolicy will be at the bottom
51 * of the policy list.
52 *
53 * For example, sequence of `this->setInnerPolicy(policy1)` and
54 * `this->setInnerPolicy(policy2)`, will result in `this->m_innerPolicy == policy1`,
55 * this->m_innerPolicy->m_innerPolicy == policy2', and
56 * `this->m_innerPolicy->m_innerPolicy->m_innerPolicy == nullptr`.
57 *
58 * @throw std::invalid_argument exception, if @p innerPolicy is nullptr.
59 */
60 void
61 setInnerPolicy(unique_ptr<ValidationPolicy> innerPolicy);
62
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]63 /**
64 * @brief Check if inner policy is set
65 */
66 bool
67 hasInnerPolicy() const
68 {
69 return m_innerPolicy != nullptr;
70 }
71
72 /**
73 * @brief Return the inner policy
74 *
75 * If the inner policy was not set, behavior is undefined.
76 */
Alexander Afanasyevb54aa572017-03-21 19:40:49 -0500[diff] [blame]77 ValidationPolicy&
78 getInnerPolicy();
79
80 /**
81 * @brief Set validator to which the policy is associated
82 */
83 void
84 setValidator(Validator& validator);
85
86 /**
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]87 * @brief Check @p data against the policy
88 *
89 * Depending on implementation of the policy, this check can be done synchronously or
90 * asynchronously.
91 *
92 * Semantics of checkPolicy has changed from v1::Validator
93 * - If packet violates policy, the policy should call `state->fail` with appropriate error
94 * code and error description.
Junxiao Shi54d74c22018-07-18 07:38:54 -0600[diff] [blame]95 * - If packet conforms to the policy and no further certificate retrievals are necessary,
96 * the policy should call continueValidation(nullptr, state)
97 * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
98 * call continueValidation(<appropriate-cert-request-instance>, state)
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]99 */
100 virtual void
101 checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
102 const ValidationContinuation& continueValidation) = 0;
103
104 /**
105 * @brief Check @p interest against the policy
106 *
107 * Depending on implementation of the policy, this check can be done synchronously or
108 * asynchronously.
109 *
110 * Semantics of checkPolicy has changed from v1::Validator
111 * - If packet violates policy, the policy should call `state->fail` with appropriate error
112 * code and error description.
Junxiao Shi54d74c22018-07-18 07:38:54 -0600[diff] [blame]113 * - If packet conforms to the policy and no further certificate retrievals are necessary,
114 * the policy should call continueValidation(nullptr, state)
115 * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
116 * call continueValidation(<appropriate-cert-request-instance>, state)
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]117 */
118 virtual void
119 checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
120 const ValidationContinuation& continueValidation) = 0;
121
122 /**
123 * @brief Check @p certificate against the policy
124 *
125 * Unless overridden by the policy, this check defaults to `checkPolicy(const Data&, ...)`.
126 *
127 * Depending on implementation of the policy, this check can be done synchronously or
128 * asynchronously.
129 *
130 * Semantics of checkPolicy has changed from v1::Validator
131 * - If packet violates policy, the policy should call `state->fail` with appropriate error
132 * code and error description.
Junxiao Shi54d74c22018-07-18 07:38:54 -0600[diff] [blame]133 * - If packet conforms to the policy and no further certificate retrievals are necessary,
134 * the policy should call continueValidation(nullptr, state)
135 * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
136 * call continueValidation(<appropriate-cert-request-instance>, state)
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]137 */
138 virtual void
139 checkPolicy(const Certificate& certificate, const shared_ptr<ValidationState>& state,
140 const ValidationContinuation& continueValidation)
141 {
142 checkPolicy(static_cast<const Data&>(certificate), state, continueValidation);
143 }
Alexander Afanasyevb54aa572017-03-21 19:40:49 -0500[diff] [blame]144
145NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PROTECTED:
Alexander Afanasyev7b112462018-10-17 11:51:52 -0400[diff] [blame]146 Validator* m_validator = nullptr;
Alexander Afanasyevb54aa572017-03-21 19:40:49 -0500[diff] [blame]147 unique_ptr<ValidationPolicy> m_innerPolicy;
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]148};
149
Junxiao Shi830ba972017-06-23 22:44:41 +0000[diff] [blame]150/** \brief extract KeyLocator.Name from Data
151 *
152 * Data must contain a KeyLocator of Name type.
153 * Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
154 */
155Name
156getKeyLocatorName(const Data& data, ValidationState& state);
157
158/** \brief extract KeyLocator.Name from signed Interest
159 *
160 * Interest must have SignatureInfo and contain a KeyLocator of Name type.
161 * Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
162 */
163Name
164getKeyLocatorName(const Interest& interest, ValidationState& state);
165
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]166} // namespace v2
167} // namespace security
168} // namespace ndn
169
170#endif // NDN_SECURITY_V2_VALIDATION_POLICY_HPP