blob: 0f86c20c7c76a8796458d7086ff86515d9848685 [file] [log] [blame]
Alexander Afanasyev7e721412017-01-11 13:36:08 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -08002/*
Alexander Afanasyev31fd4672018-06-17 13:25:52 -04003 * Copyright (c) 2013-2018 Regents of the University of California.
Alexander Afanasyev7e721412017-01-11 13:36:08 -08004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#ifndef NDN_SECURITY_V2_VALIDATION_POLICY_HPP
23#define NDN_SECURITY_V2_VALIDATION_POLICY_HPP
24
Alexander Afanasyev7e721412017-01-11 13:36:08 -080025#include "certificate-request.hpp"
Junxiao Shi54d74c22018-07-18 07:38:54 -060026#include "validation-state.hpp"
Alexander Afanasyev7e721412017-01-11 13:36:08 -080027#include "../../data.hpp"
28#include "../../interest.hpp"
29
30namespace ndn {
31namespace security {
32namespace v2 {
33
34/**
35 * @brief Abstraction that implements validation policy for Data and Interest packets
36 */
37class ValidationPolicy : noncopyable
38{
39public:
40 using ValidationContinuation = std::function<void(const shared_ptr<CertificateRequest>& certRequest,
41 const shared_ptr<ValidationState>& state)>;
42
Alexander Afanasyevb54aa572017-03-21 19:40:49 -050043 ValidationPolicy()
44 : m_validator(nullptr)
45 {
46 }
47
Alexander Afanasyev7e721412017-01-11 13:36:08 -080048 virtual
49 ~ValidationPolicy() = default;
50
51 /**
Alexander Afanasyevb54aa572017-03-21 19:40:49 -050052 * @brief Set inner policy
53 *
54 * Multiple assignments of the inner policy will create a "chain" of linked policies.
55 * The inner policy from the latest invocation of setInnerPolicy will be at the bottom
56 * of the policy list.
57 *
58 * For example, sequence of `this->setInnerPolicy(policy1)` and
59 * `this->setInnerPolicy(policy2)`, will result in `this->m_innerPolicy == policy1`,
60 * this->m_innerPolicy->m_innerPolicy == policy2', and
61 * `this->m_innerPolicy->m_innerPolicy->m_innerPolicy == nullptr`.
62 *
63 * @throw std::invalid_argument exception, if @p innerPolicy is nullptr.
64 */
65 void
66 setInnerPolicy(unique_ptr<ValidationPolicy> innerPolicy);
67
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -080068 /**
69 * @brief Check if inner policy is set
70 */
71 bool
72 hasInnerPolicy() const
73 {
74 return m_innerPolicy != nullptr;
75 }
76
77 /**
78 * @brief Return the inner policy
79 *
80 * If the inner policy was not set, behavior is undefined.
81 */
Alexander Afanasyevb54aa572017-03-21 19:40:49 -050082 ValidationPolicy&
83 getInnerPolicy();
84
85 /**
86 * @brief Set validator to which the policy is associated
87 */
88 void
89 setValidator(Validator& validator);
90
91 /**
Alexander Afanasyev7e721412017-01-11 13:36:08 -080092 * @brief Check @p data against the policy
93 *
94 * Depending on implementation of the policy, this check can be done synchronously or
95 * asynchronously.
96 *
97 * Semantics of checkPolicy has changed from v1::Validator
98 * - If packet violates policy, the policy should call `state->fail` with appropriate error
99 * code and error description.
Junxiao Shi54d74c22018-07-18 07:38:54 -0600100 * - If packet conforms to the policy and no further certificate retrievals are necessary,
101 * the policy should call continueValidation(nullptr, state)
102 * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
103 * call continueValidation(<appropriate-cert-request-instance>, state)
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800104 */
105 virtual void
106 checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
107 const ValidationContinuation& continueValidation) = 0;
108
109 /**
110 * @brief Check @p interest against the policy
111 *
112 * Depending on implementation of the policy, this check can be done synchronously or
113 * asynchronously.
114 *
115 * Semantics of checkPolicy has changed from v1::Validator
116 * - If packet violates policy, the policy should call `state->fail` with appropriate error
117 * code and error description.
Junxiao Shi54d74c22018-07-18 07:38:54 -0600118 * - If packet conforms to the policy and no further certificate retrievals are necessary,
119 * the policy should call continueValidation(nullptr, state)
120 * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
121 * call continueValidation(<appropriate-cert-request-instance>, state)
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800122 */
123 virtual void
124 checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
125 const ValidationContinuation& continueValidation) = 0;
126
127 /**
128 * @brief Check @p certificate against the policy
129 *
130 * Unless overridden by the policy, this check defaults to `checkPolicy(const Data&, ...)`.
131 *
132 * Depending on implementation of the policy, this check can be done synchronously or
133 * asynchronously.
134 *
135 * Semantics of checkPolicy has changed from v1::Validator
136 * - If packet violates policy, the policy should call `state->fail` with appropriate error
137 * code and error description.
Junxiao Shi54d74c22018-07-18 07:38:54 -0600138 * - If packet conforms to the policy and no further certificate retrievals are necessary,
139 * the policy should call continueValidation(nullptr, state)
140 * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
141 * call continueValidation(<appropriate-cert-request-instance>, state)
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800142 */
143 virtual void
144 checkPolicy(const Certificate& certificate, const shared_ptr<ValidationState>& state,
145 const ValidationContinuation& continueValidation)
146 {
147 checkPolicy(static_cast<const Data&>(certificate), state, continueValidation);
148 }
Alexander Afanasyevb54aa572017-03-21 19:40:49 -0500149
150NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PROTECTED:
151 Validator* m_validator;
152 unique_ptr<ValidationPolicy> m_innerPolicy;
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800153};
154
Junxiao Shi830ba972017-06-23 22:44:41 +0000155/** \brief extract KeyLocator.Name from Data
156 *
157 * Data must contain a KeyLocator of Name type.
158 * Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
159 */
160Name
161getKeyLocatorName(const Data& data, ValidationState& state);
162
163/** \brief extract KeyLocator.Name from signed Interest
164 *
165 * Interest must have SignatureInfo and contain a KeyLocator of Name type.
166 * Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
167 */
168Name
169getKeyLocatorName(const Interest& interest, ValidationState& state);
170
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800171} // namespace v2
172} // namespace security
173} // namespace ndn
174
175#endif // NDN_SECURITY_V2_VALIDATION_POLICY_HPP