blob: 6a1b7428b64c6387b74bb7bc2e74598a2447d309 [file] [log] [blame]
Yingdi Yu6ac97982014-01-30 14:49:21 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -07003 * Copyright (c) 2013-2014, Regents of the University of California.
4 * All rights reserved.
5 *
6 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
7 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
8 *
9 * This file licensed under New BSD License. See COPYING for detailed information about
10 * ndn-cxx library copyright, permissions, and redistribution restrictions.
11 *
12 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
Yingdi Yu6ac97982014-01-30 14:49:21 -080013 */
14
Yingdi Yufc40d872014-02-18 12:56:04 -080015#ifndef NDN_SECURITY_VALIDATOR_REGEX_HPP
16#define NDN_SECURITY_VALIDATOR_REGEX_HPP
Yingdi Yu6ac97982014-01-30 14:49:21 -080017
18#include "validator.hpp"
19#include "identity-certificate.hpp"
20#include "sec-rule-relative.hpp"
21#include "certificate-cache.hpp"
22#include "../util/regex.hpp"
23
Yingdi Yu6ac97982014-01-30 14:49:21 -080024namespace ndn {
25
26class ValidatorRegex : public Validator
27{
28public:
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070029 class Error : public Validator::Error
30 {
31 public:
32 explicit
33 Error(const std::string& what)
34 : Validator::Error(what)
35 {
36 }
37 };
Yingdi Yu6ac97982014-01-30 14:49:21 -080038
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070039 static const shared_ptr<CertificateCache> DEFAULT_CERTIFICATE_CACHE;
40
Yingdi Yu96e64062014-04-15 19:57:33 -070041 ValidatorRegex(Face& face,
42 shared_ptr<CertificateCache> certificateCache = DEFAULT_CERTIFICATE_CACHE,
43 const int stepLimit = 3);
44
45 /**
46 * \deprecated Use the other version of the constructor
47 */
48 ValidatorRegex(const shared_ptr<Face>& face,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070049 shared_ptr<CertificateCache> certificateCache = DEFAULT_CERTIFICATE_CACHE,
Yingdi Yu6ac97982014-01-30 14:49:21 -080050 const int stepLimit = 3);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070051
52 virtual
53 ~ValidatorRegex()
54 {
55 }
56
Yingdi Yu6ac97982014-01-30 14:49:21 -080057 /**
58 * @brief Add a rule for data verification.
59 *
60 * @param policy The verification rule
61 */
62 inline void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070063 addDataVerificationRule(shared_ptr<SecRuleRelative> rule);
64
Yingdi Yu6ac97982014-01-30 14:49:21 -080065 /**
66 * @brief Add a trust anchor
67 *
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070068 * @param certificate The trust anchor
Yingdi Yu6ac97982014-01-30 14:49:21 -080069 */
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070070 inline void
Yingdi Yu6ac97982014-01-30 14:49:21 -080071 addTrustAnchor(shared_ptr<IdentityCertificate> certificate);
72
73protected:
74 virtual void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070075 checkPolicy(const Data& data,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -070076 int nSteps,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070077 const OnDataValidated& onValidated,
78 const OnDataValidationFailed& onValidationFailed,
79 std::vector<shared_ptr<ValidationRequest> >& nextSteps);
Yingdi Yu6ac97982014-01-30 14:49:21 -080080
Yingdi Yu9a335352014-01-31 11:57:46 -080081 virtual void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070082 checkPolicy(const Interest& interest,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -070083 int nSteps,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070084 const OnInterestValidated& onValidated,
85 const OnInterestValidationFailed& onValidationFailed,
86 std::vector<shared_ptr<ValidationRequest> >& nextSteps)
87 {
88 onValidationFailed(interest.shared_from_this(), "No policy for signed interest checking");
89 }
Yingdi Yu9a335352014-01-31 11:57:46 -080090
Yingdi Yu6ac97982014-01-30 14:49:21 -080091 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070092 onCertificateValidated(const shared_ptr<const Data>& signCertificate,
93 const shared_ptr<const Data>& data,
94 const OnDataValidated& onValidated,
95 const OnDataValidationFailed& onValidationFailed);
96
Yingdi Yu6ac97982014-01-30 14:49:21 -080097 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070098 onCertificateValidationFailed(const shared_ptr<const Data>& signCertificate,
Yingdi Yu40587c02014-02-21 16:40:48 -080099 const std::string& failureInfo,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700100 const shared_ptr<const Data>& data,
101 const OnDataValidationFailed& onValidationFailed);
102
Yingdi Yu6ac97982014-01-30 14:49:21 -0800103protected:
104 typedef std::vector< shared_ptr<SecRuleRelative> > RuleList;
105 typedef std::vector< shared_ptr<Regex> > RegexList;
106
107 int m_stepLimit;
108 shared_ptr<CertificateCache> m_certificateCache;
109 RuleList m_mustFailVerify;
110 RuleList m_verifyPolicies;
111 std::map<Name, shared_ptr<IdentityCertificate> > m_trustAnchors;
112};
113
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700114inline void
115ValidatorRegex::addDataVerificationRule(shared_ptr<SecRuleRelative> rule)
116{
117 rule->isPositive() ? m_verifyPolicies.push_back(rule) : m_mustFailVerify.push_back(rule);
118}
119
120inline void
Yingdi Yu6ac97982014-01-30 14:49:21 -0800121ValidatorRegex::addTrustAnchor(shared_ptr<IdentityCertificate> certificate)
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700122{
123 m_trustAnchors[certificate->getName().getPrefix(-1)] = certificate;
124}
Yingdi Yu6ac97982014-01-30 14:49:21 -0800125
Yingdi Yufc40d872014-02-18 12:56:04 -0800126} // namespace ndn
Yingdi Yu6ac97982014-01-30 14:49:21 -0800127
Yingdi Yufc40d872014-02-18 12:56:04 -0800128#endif //NDN_SECURITY_VALIDATOR_REGEX_HPP