Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /** |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 3 | * Copyright (c) 2013-2014, Regents of the University of California. |
| 4 | * All rights reserved. |
| 5 | * |
| 6 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
| 7 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
| 8 | * |
| 9 | * This file licensed under New BSD License. See COPYING for detailed information about |
| 10 | * ndn-cxx library copyright, permissions, and redistribution restrictions. |
| 11 | * |
| 12 | * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/> |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 13 | */ |
| 14 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 15 | #ifndef NDN_SECURITY_VALIDATOR_REGEX_HPP |
| 16 | #define NDN_SECURITY_VALIDATOR_REGEX_HPP |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 17 | |
| 18 | #include "validator.hpp" |
| 19 | #include "identity-certificate.hpp" |
| 20 | #include "sec-rule-relative.hpp" |
| 21 | #include "certificate-cache.hpp" |
| 22 | #include "../util/regex.hpp" |
| 23 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 24 | namespace ndn { |
| 25 | |
| 26 | class ValidatorRegex : public Validator |
| 27 | { |
| 28 | public: |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 29 | class Error : public Validator::Error |
| 30 | { |
| 31 | public: |
| 32 | explicit |
| 33 | Error(const std::string& what) |
| 34 | : Validator::Error(what) |
| 35 | { |
| 36 | } |
| 37 | }; |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 38 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 39 | static const shared_ptr<CertificateCache> DEFAULT_CERTIFICATE_CACHE; |
| 40 | |
Yingdi Yu | 96e6406 | 2014-04-15 19:57:33 -0700 | [diff] [blame] | 41 | ValidatorRegex(Face& face, |
| 42 | shared_ptr<CertificateCache> certificateCache = DEFAULT_CERTIFICATE_CACHE, |
| 43 | const int stepLimit = 3); |
| 44 | |
| 45 | /** |
| 46 | * \deprecated Use the other version of the constructor |
| 47 | */ |
| 48 | ValidatorRegex(const shared_ptr<Face>& face, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 49 | shared_ptr<CertificateCache> certificateCache = DEFAULT_CERTIFICATE_CACHE, |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 50 | const int stepLimit = 3); |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 51 | |
| 52 | virtual |
| 53 | ~ValidatorRegex() |
| 54 | { |
| 55 | } |
| 56 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 57 | /** |
| 58 | * @brief Add a rule for data verification. |
| 59 | * |
| 60 | * @param policy The verification rule |
| 61 | */ |
| 62 | inline void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 63 | addDataVerificationRule(shared_ptr<SecRuleRelative> rule); |
| 64 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 65 | /** |
| 66 | * @brief Add a trust anchor |
| 67 | * |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 68 | * @param certificate The trust anchor |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 69 | */ |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 70 | inline void |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 71 | addTrustAnchor(shared_ptr<IdentityCertificate> certificate); |
| 72 | |
| 73 | protected: |
| 74 | virtual void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 75 | checkPolicy(const Data& data, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 76 | int nSteps, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 77 | const OnDataValidated& onValidated, |
| 78 | const OnDataValidationFailed& onValidationFailed, |
| 79 | std::vector<shared_ptr<ValidationRequest> >& nextSteps); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 80 | |
Yingdi Yu | 9a33535 | 2014-01-31 11:57:46 -0800 | [diff] [blame] | 81 | virtual void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 82 | checkPolicy(const Interest& interest, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 83 | int nSteps, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 84 | const OnInterestValidated& onValidated, |
| 85 | const OnInterestValidationFailed& onValidationFailed, |
| 86 | std::vector<shared_ptr<ValidationRequest> >& nextSteps) |
| 87 | { |
| 88 | onValidationFailed(interest.shared_from_this(), "No policy for signed interest checking"); |
| 89 | } |
Yingdi Yu | 9a33535 | 2014-01-31 11:57:46 -0800 | [diff] [blame] | 90 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 91 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 92 | onCertificateValidated(const shared_ptr<const Data>& signCertificate, |
| 93 | const shared_ptr<const Data>& data, |
| 94 | const OnDataValidated& onValidated, |
| 95 | const OnDataValidationFailed& onValidationFailed); |
| 96 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 97 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 98 | onCertificateValidationFailed(const shared_ptr<const Data>& signCertificate, |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 99 | const std::string& failureInfo, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 100 | const shared_ptr<const Data>& data, |
| 101 | const OnDataValidationFailed& onValidationFailed); |
| 102 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 103 | protected: |
| 104 | typedef std::vector< shared_ptr<SecRuleRelative> > RuleList; |
| 105 | typedef std::vector< shared_ptr<Regex> > RegexList; |
| 106 | |
| 107 | int m_stepLimit; |
| 108 | shared_ptr<CertificateCache> m_certificateCache; |
| 109 | RuleList m_mustFailVerify; |
| 110 | RuleList m_verifyPolicies; |
| 111 | std::map<Name, shared_ptr<IdentityCertificate> > m_trustAnchors; |
| 112 | }; |
| 113 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 114 | inline void |
| 115 | ValidatorRegex::addDataVerificationRule(shared_ptr<SecRuleRelative> rule) |
| 116 | { |
| 117 | rule->isPositive() ? m_verifyPolicies.push_back(rule) : m_mustFailVerify.push_back(rule); |
| 118 | } |
| 119 | |
| 120 | inline void |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 121 | ValidatorRegex::addTrustAnchor(shared_ptr<IdentityCertificate> certificate) |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 122 | { |
| 123 | m_trustAnchors[certificate->getName().getPrefix(-1)] = certificate; |
| 124 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 125 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 126 | } // namespace ndn |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 127 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 128 | #endif //NDN_SECURITY_VALIDATOR_REGEX_HPP |