blob: 111b61ad6c72f61c03ec51349b29dbc39a048365 [file] [log] [blame]
Jeff Thompson3a2eb2f2013-12-11 11:00:27 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
3 * Copyright (C) 2013 Regents of the University of California.
4 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
5 * See COPYING for copyright and distribution information.
6 */
7
Yingdi Yu4f324632014-01-15 18:10:03 -08008#ifndef NDN_SEC_POLICY_SELF_VERIFY_HPP
9#define NDN_SEC_POLICY_SELF_VERIFY_HPP
Jeff Thompson3a2eb2f2013-12-11 11:00:27 -080010
Yingdi Yu4f324632014-01-15 18:10:03 -080011#include "sec-policy.hpp"
Jeff Thompson3a2eb2f2013-12-11 11:00:27 -080012
13namespace ndn {
14
Jeff Thompson3a2eb2f2013-12-11 11:00:27 -080015/**
Yingdi Yu4f324632014-01-15 18:10:03 -080016 * A SecPolicySelfVerify implements a PolicyManager to use the public key DER in the data packet's KeyLocator (if available)
Jeff Thompson3a2eb2f2013-12-11 11:00:27 -080017 * or look in the IdentityStorage for the public key with the name in the KeyLocator (if available) and use
18 * it to verify the data packet, without searching a certificate chain. If the public key can't be found, the
19 * verification fails.
20 */
Yingdi Yu4f324632014-01-15 18:10:03 -080021class SecPolicySelfVerify : public SecPolicy {
Jeff Thompson3a2eb2f2013-12-11 11:00:27 -080022public:
23 /**
Yingdi Yu4f324632014-01-15 18:10:03 -080024 * Create a new SecPolicySelfVerify which will look up the public key in the given identityManager.
Jeff Thompson3a2eb2f2013-12-11 11:00:27 -080025 * @param identityManager (optional) The IdentityManager for looking up the public key. This points to an object must which remain
Yingdi Yu4f324632014-01-15 18:10:03 -080026 * valid during the life of this SecPolicySelfVerify. If omitted, then don't look for a public key with the name
Jeff Thompson3a2eb2f2013-12-11 11:00:27 -080027 * in the KeyLocator and rely on the KeyLocator having the full public key DER.
28 */
Yingdi Yu4f324632014-01-15 18:10:03 -080029 SecPolicySelfVerify()
Jeff Thompson3a2eb2f2013-12-11 11:00:27 -080030 {
31 }
32
33 /**
34 * The virtual destructor.
35 */
36 virtual
Yingdi Yu4f324632014-01-15 18:10:03 -080037 ~SecPolicySelfVerify();
Jeff Thompson3a2eb2f2013-12-11 11:00:27 -080038
39 /**
40 * Never skip verification.
41 * @param data The received data packet.
42 * @return false.
43 */
44 virtual bool
45 skipVerifyAndTrust(const Data& data);
46
47 /**
48 * Always return true to use the self-verification rule for the received data.
49 * @param data The received data packet.
50 * @return true.
51 */
52 virtual bool
53 requireVerify(const Data& data);
54
55 /**
56 * Use the public key DER in the data packet's KeyLocator (if available) or look in the IdentityStorage for the
57 * public key with the name in the KeyLocator (if available) and use it to verify the data packet. If the public key can't
58 * be found, call onVerifyFailed.
59 * @param data The Data object with the signature to check.
60 * @param stepCount The number of verification steps that have been done, used to track the verification progress.
61 * (stepCount is ignored.)
62 * @param onVerified If the signature is verified, this calls onVerified(data).
63 * @param onVerifyFailed If the signature check fails or can't find the public key, this calls onVerifyFailed(data).
64 * @return null for no further step for looking up a certificate chain.
65 */
66 virtual ptr_lib::shared_ptr<ValidationRequest>
67 checkVerificationPolicy
68 (const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed);
69
70 /**
71 * Override to always indicate that the signing certificate name and data name satisfy the signing policy.
72 * @param dataName The name of data to be signed.
73 * @param certificateName The name of signing certificate.
74 * @return true to indicate that the signing certificate can be used to sign the data.
75 */
76 virtual bool
77 checkSigningPolicy(const Name& dataName, const Name& certificateName);
78
79 /**
80 * Override to indicate that the signing identity cannot be inferred.
81 * @param dataName The name of data to be signed.
82 * @return An empty name because cannot infer.
83 */
84 virtual Name
85 inferSigningIdentity(const Name& dataName);
86
Jeff Thompson3a2eb2f2013-12-11 11:00:27 -080087};
88
89}
90
91#endif