blob: 11f4da121bcc0929c425af73aee204275a6677b1 [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -04001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yu48e8c0c2014-03-19 12:01:55 -07002/**
Alexander Afanasyevc169a812014-05-20 20:37:29 -04003 * Copyright (c) 2013-2014 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -07004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -07006 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -04007 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -070020 *
21 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070022 */
23
24#ifndef NDN_SECURITY_CONF_CHECKER_HPP
25#define NDN_SECURITY_CONF_CHECKER_HPP
26
Alexander Afanasyev258ec2b2014-05-14 16:15:37 -070027#include "common.hpp"
28
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070029#include "key-locator-checker.hpp"
30#include "../../util/io.hpp"
Yingdi Yu5ec0ee32014-06-24 16:26:09 -070031#include "../validator.hpp"
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070032
Alexander Afanasyev258ec2b2014-05-14 16:15:37 -070033#include <boost/algorithm/string.hpp>
34#include <boost/filesystem.hpp>
35#include <boost/lexical_cast.hpp>
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070036
37namespace ndn {
38namespace security {
39namespace conf {
40
41class Checker
42{
43public:
44 typedef function<void(const shared_ptr<const Interest>&)> OnInterestChecked;
Yingdi Yu5ec0ee32014-06-24 16:26:09 -070045 typedef function<void(const shared_ptr<const Interest>&,
46 const std::string&)> OnInterestCheckFailed;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070047 typedef function<void(const shared_ptr<const Data>&)> OnDataChecked;
48 typedef function<void(const shared_ptr<const Data>&, const std::string&)> OnDataCheckFailed;
49
Yingdi Yu5ec0ee32014-06-24 16:26:09 -070050 enum {
51 INTEREST_SIG_VALUE = -1,
52 INTEREST_SIG_INFO = -2
53 };
54
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070055
56 virtual
57 ~Checker()
58 {
59 }
60
61 /**
62 * @brief check if data satisfies condition defined in the specific checker implementation
63 *
64 * @param data Data packet
65 * @param onValidated Callback function which is called when data is immediately valid
66 * @param onValidationFailed Call function which is called when data is immediately invalid
67 * @return -1 if data is immediately invalid (onValidationFailed has been called)
68 * 1 if data is immediately valid (onValidated has been called)
69 * 0 if further signature verification is needed.
70 */
71 virtual int8_t
72 check(const Data& data,
73 const OnDataChecked& onValidated,
74 const OnDataCheckFailed& onValidationFailed) = 0;
75
76 /**
77 * @brief check if interest satisfies condition defined in the specific checker implementation
78 *
79 * @param interest Interest packet
80 * @param onValidated Callback function which is called when interest is immediately valid
81 * @param onValidationFailed Call function which is called when interest is immediately invalid
82 * @return -1 if interest is immediately invalid (onValidationFailed has been called)
83 * 1 if interest is immediately valid (onValidated has been called)
84 * 0 if further signature verification is needed.
85 */
86 virtual int8_t
87 check(const Interest& interest,
88 const OnInterestChecked& onValidated,
89 const OnInterestCheckFailed& onValidationFailed) = 0;
90};
91
92class CustomizedChecker : public Checker
93{
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070094public:
95 CustomizedChecker(uint32_t sigType,
96 shared_ptr<KeyLocatorChecker> keyLocatorChecker)
97 : m_sigType(sigType)
98 , m_keyLocatorChecker(keyLocatorChecker)
99 {
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700100 switch (sigType)
101 {
102 case Tlv::SignatureSha256WithRsa:
103 case Tlv::SignatureSha256WithEcdsa:
104 {
105 if (!static_cast<bool>(m_keyLocatorChecker))
106 throw Error("Strong signature requires KeyLocatorChecker");
107
108 return;
109 }
110 case Tlv::DigestSha256:
111 return;
112 default:
113 throw Error("Unsupported signature type");
114 }
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700115 }
116
117 virtual int8_t
118 check(const Data& data,
119 const OnDataChecked& onValidated,
120 const OnDataCheckFailed& onValidationFailed)
121 {
122 return check(data, data.getSignature(), onValidated, onValidationFailed);
123 }
124
125 virtual int8_t
126 check(const Interest& interest,
127 const OnInterestChecked& onValidated,
128 const OnInterestCheckFailed& onValidationFailed)
129 {
Yingdi Yu20a06962014-04-17 12:56:04 -0700130 try
131 {
132 const Name& interestName = interest.getName();
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700133 Signature signature(interestName[Checker::INTEREST_SIG_INFO].blockFromValue(),
134 interestName[Checker::INTEREST_SIG_VALUE].blockFromValue());
Yingdi Yu20a06962014-04-17 12:56:04 -0700135 return check(interest, signature, onValidated, onValidationFailed);
136 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700137 catch (Signature::Error& e)
Yingdi Yu20a06962014-04-17 12:56:04 -0700138 {
Yingdi Yu96e64062014-04-15 19:57:33 -0700139 onValidationFailed(interest.shared_from_this(), "Invalid signature");
Yingdi Yu20a06962014-04-17 12:56:04 -0700140 return -1;
141 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700142 catch (Tlv::Error& e)
143 {
144 onValidationFailed(interest.shared_from_this(), "Cannot decode signature related TLVs");
145 return -1;
146 }
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700147 }
148
149private:
150 template<class Packet, class OnValidated, class OnFailed>
151 int8_t
152 check(const Packet& packet, const Signature& signature,
153 const OnValidated& onValidated,
154 const OnFailed& onValidationFailed)
155 {
156 if (m_sigType != signature.getType())
157 {
158 onValidationFailed(packet.shared_from_this(),
159 "Signature type does not match: " +
160 boost::lexical_cast<std::string>(m_sigType) +
161 "!=" +
162 boost::lexical_cast<std::string>(signature.getType()));
163 return -1;
164 }
165
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700166 if (signature.getType() == Tlv::DigestSha256)
167 return 0;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700168
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700169 shared_ptr<SignatureWithPublicKey> publicKeySig;
170
171 try
172 {
173 switch (signature.getType())
174 {
175 case Tlv::SignatureSha256WithRsa:
176 {
177 publicKeySig = make_shared<SignatureSha256WithRsa>(signature);
178 break;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700179 }
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700180 case Tlv::SignatureSha256WithEcdsa:
181 {
182 publicKeySig = make_shared<SignatureSha256WithEcdsa>(signature);
183 break;
184 }
185 default:
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700186 {
187 onValidationFailed(packet.shared_from_this(),
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700188 "Unsupported signature type: " +
189 boost::lexical_cast<std::string>(signature.getType()));
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700190 return -1;
191 }
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700192 }
193 }
194 catch (Tlv::Error& e)
195 {
196 onValidationFailed(packet.shared_from_this(),
197 "Cannot decode signature");
198 return -1;
199 }
200 catch (KeyLocator::Error& e)
201 {
202 onValidationFailed(packet.shared_from_this(),
203 "Cannot decode KeyLocator");
204 return -1;
205 }
206
207 std::string failInfo;
208 if (m_keyLocatorChecker->check(packet, publicKeySig->getKeyLocator(), failInfo))
209 return 0;
210 else
211 {
212 onValidationFailed(packet.shared_from_this(), failInfo);
213 return -1;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700214 }
215 }
216
217private:
218 uint32_t m_sigType;
219 shared_ptr<KeyLocatorChecker> m_keyLocatorChecker;
220};
221
222class HierarchicalChecker : public CustomizedChecker
223{
224public:
Alexander Afanasyeva4297a62014-06-19 13:29:34 -0700225 explicit
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700226 HierarchicalChecker(uint32_t sigType)
227 : CustomizedChecker(sigType,
228 make_shared<HyperKeyLocatorNameChecker>("^(<>*)$", "\\1",
229 "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$",
230 "\\1\\2",
231 KeyLocatorChecker::RELATION_IS_PREFIX_OF))
232 {
233 }
234};
235
236class FixedSignerChecker : public Checker
237{
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700238public:
239 FixedSignerChecker(uint32_t sigType,
240 const std::vector<shared_ptr<IdentityCertificate> >& signers)
241 : m_sigType(sigType)
242 {
243 for (std::vector<shared_ptr<IdentityCertificate> >::const_iterator it = signers.begin();
244 it != signers.end(); it++)
245 m_signers[(*it)->getName().getPrefix(-1)] = (*it);
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700246
247 if (sigType != Tlv::SignatureSha256WithRsa &&
248 sigType != Tlv::SignatureSha256WithEcdsa)
249 {
250 throw Error("FixedSigner is only meaningful for strong signature type");
251 }
252
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700253 }
254
255 virtual int8_t
256 check(const Data& data,
257 const OnDataChecked& onValidated,
258 const OnDataCheckFailed& onValidationFailed)
259 {
260 return check(data, data.getSignature(), onValidated, onValidationFailed);
261 }
262
263 virtual int8_t
264 check(const Interest& interest,
265 const OnInterestChecked& onValidated,
266 const OnInterestCheckFailed& onValidationFailed)
267 {
Yingdi Yu20a06962014-04-17 12:56:04 -0700268 try
269 {
270 const Name& interestName = interest.getName();
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700271 Signature signature(interestName[Checker::INTEREST_SIG_INFO].blockFromValue(),
272 interestName[Checker::INTEREST_SIG_VALUE].blockFromValue());
Yingdi Yu20a06962014-04-17 12:56:04 -0700273 return check(interest, signature, onValidated, onValidationFailed);
274 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700275 catch (Signature::Error& e)
Yingdi Yu20a06962014-04-17 12:56:04 -0700276 {
Yingdi Yu96e64062014-04-15 19:57:33 -0700277 onValidationFailed(interest.shared_from_this(), "Invalid signature");
Yingdi Yu20a06962014-04-17 12:56:04 -0700278 return -1;
279 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700280 catch (Tlv::Error& e)
281 {
282 onValidationFailed(interest.shared_from_this(), "Cannot decode signature related TLVs");
283 return -1;
284 }
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700285 }
286
287private:
288 template<class Packet, class OnValidated, class OnFailed>
289 int8_t
290 check(const Packet& packet, const Signature& signature,
291 const OnValidated& onValidated,
292 const OnFailed& onValidationFailed)
293 {
294 if (m_sigType != signature.getType())
295 {
296 onValidationFailed(packet.shared_from_this(),
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700297 "Signature type does not match: " +
298 boost::lexical_cast<std::string>(m_sigType) +
299 "!=" +
300 boost::lexical_cast<std::string>(signature.getType()));
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700301 return -1;
302 }
303
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700304 if (signature.getType() == Tlv::DigestSha256)
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700305 {
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700306 onValidationFailed(packet.shared_from_this(),
307 "FixedSigner does not allow Sha256 signature type");
308 return -1;
309 }
310
311 shared_ptr<SignatureWithPublicKey> publicKeySig;
312
313 try
314 {
315 switch (signature.getType())
316 {
317 case Tlv::SignatureSha256WithRsa:
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700318 {
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700319 publicKeySig = make_shared<SignatureSha256WithRsa>(signature);
320 break;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700321 }
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700322 case Tlv::SignatureSha256WithEcdsa:
323 {
324 publicKeySig = make_shared<SignatureSha256WithEcdsa>(signature);
325 break;
326 }
327 default:
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700328 {
329 onValidationFailed(packet.shared_from_this(),
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700330 "Unsupported signature type: " +
331 boost::lexical_cast<std::string>(signature.getType()));
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700332 return -1;
333 }
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700334 }
335
336 const Name& keyLocatorName = publicKeySig->getKeyLocator().getName();
337
338 if (m_signers.find(keyLocatorName) == m_signers.end())
339 {
340 onValidationFailed(packet.shared_from_this(),
341 "Signer is not in the fixed signer list: " +
342 keyLocatorName.toUri());
343 return -1;
344 }
345
346 if (Validator::verifySignature(packet, *publicKeySig,
347 m_signers[keyLocatorName]->getPublicKeyInfo()))
348 {
349 onValidated(packet.shared_from_this());
350 return 1;
351 }
352 else
353 {
354 onValidationFailed(packet.shared_from_this(),
355 "Signature cannot be validated");
356 return -1;
357 }
358 }
359 catch (KeyLocator::Error& e)
360 {
361 onValidationFailed(packet.shared_from_this(),
362 "KeyLocator does not have name");
363 return -1;
364 }
365 catch (Tlv::Error& e)
366 {
367 onValidationFailed(packet.shared_from_this(),
368 "Cannot decode signature");
369 return -1;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700370 }
371 }
372
373private:
374 typedef std::map<Name, shared_ptr<IdentityCertificate> > SignerList;
375
376 uint32_t m_sigType;
377 SignerList m_signers;
378};
379
380class CheckerFactory
381{
382public:
383 /**
384 * @brief create a checker from configuration file.
385 *
386 * @param configSection The section containing the definition of checker.
387 * @param configFilename The configuration file name.
388 * @return a shared pointer to the created checker.
389 */
390 static shared_ptr<Checker>
391 create(const ConfigSection& configSection, const std::string& configFilename)
392 {
393 ConfigSection::const_iterator propertyIt = configSection.begin();
394
395 // Get checker.type
396 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "type"))
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700397 throw Error("Expect <checker.type>");
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700398
399 std::string type = propertyIt->second.data();
400
401 if (boost::iequals(type, "customized"))
402 return createCustomizedChecker(configSection, configFilename);
403 else if (boost::iequals(type, "hierarchical"))
404 return createHierarchicalChecker(configSection, configFilename);
405 else if (boost::iequals(type, "fixed-signer"))
406 return createFixedSignerChecker(configSection, configFilename);
407 else
408 throw Error("Unsupported checker type: " + type);
409 }
410
411private:
412 static shared_ptr<Checker>
413 createCustomizedChecker(const ConfigSection& configSection,
414 const std::string& configFilename)
415 {
416 ConfigSection::const_iterator propertyIt = configSection.begin();
417 propertyIt++;
418
419 // Get checker.sig-type
420 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "sig-type"))
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700421 throw Error("Expect <checker.sig-type>");
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700422
423 std::string sigType = propertyIt->second.data();
424 propertyIt++;
425
426 // Get checker.key-locator
427 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "key-locator"))
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700428 throw Error("Expect <checker.key-locator>");
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700429
430 shared_ptr<KeyLocatorChecker> keyLocatorChecker =
431 KeyLocatorCheckerFactory::create(propertyIt->second, configFilename);
432 propertyIt++;
433
434 if (propertyIt != configSection.end())
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700435 throw Error("Expect the end of checker");
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700436
Alexander Afanasyevf73f0632014-05-12 18:02:37 -0700437 return make_shared<CustomizedChecker>(getSigType(sigType), keyLocatorChecker);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700438 }
439
440 static shared_ptr<Checker>
441 createHierarchicalChecker(const ConfigSection& configSection,
442 const std::string& configFilename)
443 {
444 ConfigSection::const_iterator propertyIt = configSection.begin();
445 propertyIt++;
446
447 // Get checker.sig-type
448 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "sig-type"))
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700449 throw Error("Expect <checker.sig-type>");
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700450
451 std::string sigType = propertyIt->second.data();
452 propertyIt++;
453
454 if (propertyIt != configSection.end())
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700455 throw Error("Expect the end of checker");
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700456
Alexander Afanasyevb67090a2014-04-29 22:31:01 -0700457 return make_shared<HierarchicalChecker>(getSigType(sigType));
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700458 }
459
460 static shared_ptr<Checker>
461 createFixedSignerChecker(const ConfigSection& configSection,
462 const std::string& configFilename)
463 {
464 ConfigSection::const_iterator propertyIt = configSection.begin();
465 propertyIt++;
466
467 // Get checker.sig-type
468 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "sig-type"))
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700469 throw Error("Expect <checker.sig-type>");
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700470
471 std::string sigType = propertyIt->second.data();
472 propertyIt++;
473
474 std::vector<shared_ptr<IdentityCertificate> > signers;
475 for (; propertyIt != configSection.end(); propertyIt++)
476 {
477 if (!boost::iequals(propertyIt->first, "signer"))
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700478 throw Error("Expect <checker.signer> but get <checker." +
479 propertyIt->first + ">");
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700480
481 signers.push_back(getSigner(propertyIt->second, configFilename));
482 }
483
484 if (propertyIt != configSection.end())
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700485 throw Error("Expect the end of checker");
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700486
487 return shared_ptr<FixedSignerChecker>(new FixedSignerChecker(getSigType(sigType),
488 signers));
489 }
490
491 static shared_ptr<IdentityCertificate>
492 getSigner(const ConfigSection& configSection, const std::string& configFilename)
493 {
494 using namespace boost::filesystem;
495
496 ConfigSection::const_iterator propertyIt = configSection.begin();
497
498 // Get checker.signer.type
499 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "type"))
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700500 throw Error("Expect <checker.signer.type>");
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700501
502 std::string type = propertyIt->second.data();
503 propertyIt++;
504
505 if (boost::iequals(type, "file"))
506 {
507 // Get checker.signer.file-name
508 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "file-name"))
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700509 throw Error("Expect <checker.signer.file-name>");
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700510
511 path certfilePath = absolute(propertyIt->second.data(),
512 path(configFilename).parent_path());
513 propertyIt++;
514
515 if (propertyIt != configSection.end())
516 throw Error("Expect the end of checker.signer");
517
518 shared_ptr<IdentityCertificate> idCert
519 = io::load<IdentityCertificate>(certfilePath.c_str());
520
521 if (static_cast<bool>(idCert))
522 return idCert;
523 else
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700524 throw Error("Cannot read certificate from file: " +
525 certfilePath.native());
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700526 }
527 else if (boost::iequals(type, "base64"))
528 {
529 // Get checker.signer.base64-string
530 if (propertyIt == configSection.end() ||
531 !boost::iequals(propertyIt->first, "base64-string"))
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700532 throw Error("Expect <checker.signer.base64-string>");
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700533
534 std::stringstream ss(propertyIt->second.data());
535 propertyIt++;
536
537 if (propertyIt != configSection.end())
538 throw Error("Expect the end of checker.signer");
539
540 shared_ptr<IdentityCertificate> idCert = io::load<IdentityCertificate>(ss);
541
542 if (static_cast<bool>(idCert))
543 return idCert;
544 else
545 throw Error("Cannot decode certificate from string");
546 }
547 else
548 throw Error("Unsupported checker.signer type: " + type);
549 }
550
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700551 static uint32_t
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700552 getSigType(const std::string& sigType)
553 {
554 if (boost::iequals(sigType, "rsa-sha256"))
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700555 return Tlv::SignatureSha256WithRsa;
556 else if (boost::iequals(sigType, "ecdsa-sha256"))
557 return Tlv::SignatureSha256WithEcdsa;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700558 else if (boost::iequals(sigType, "sha256"))
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700559 return Tlv::DigestSha256;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700560 else
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700561 throw Error("Unsupported signature type");
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700562 }
563};
564
565} // namespace conf
566} // namespace security
567} // namespace ndn
568
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700569#endif // NDN_SECURITY_CONF_CHECKER_HPP