blob: 351ffedef3789570b20c91d10156652d84b51245 [file] [log] [blame]
Alexander Afanasyev7e721412017-01-11 13:36:08 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2013-2017 Regents of the University of California.
4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#ifndef NDN_SECURITY_V2_VALIDATION_POLICY_HPP
23#define NDN_SECURITY_V2_VALIDATION_POLICY_HPP
24
25#include "validation-state.hpp"
26#include "certificate-request.hpp"
27#include "../../data.hpp"
28#include "../../interest.hpp"
29
30namespace ndn {
31namespace security {
32namespace v2 {
33
34/**
35 * @brief Abstraction that implements validation policy for Data and Interest packets
36 */
37class ValidationPolicy : noncopyable
38{
39public:
40 using ValidationContinuation = std::function<void(const shared_ptr<CertificateRequest>& certRequest,
41 const shared_ptr<ValidationState>& state)>;
42
Alexander Afanasyevb54aa572017-03-21 19:40:49 -050043 ValidationPolicy()
44 : m_validator(nullptr)
45 {
46 }
47
Alexander Afanasyev7e721412017-01-11 13:36:08 -080048 virtual
49 ~ValidationPolicy() = default;
50
51 /**
Alexander Afanasyevb54aa572017-03-21 19:40:49 -050052 * @brief Set inner policy
53 *
54 * Multiple assignments of the inner policy will create a "chain" of linked policies.
55 * The inner policy from the latest invocation of setInnerPolicy will be at the bottom
56 * of the policy list.
57 *
58 * For example, sequence of `this->setInnerPolicy(policy1)` and
59 * `this->setInnerPolicy(policy2)`, will result in `this->m_innerPolicy == policy1`,
60 * this->m_innerPolicy->m_innerPolicy == policy2', and
61 * `this->m_innerPolicy->m_innerPolicy->m_innerPolicy == nullptr`.
62 *
63 * @throw std::invalid_argument exception, if @p innerPolicy is nullptr.
64 */
65 void
66 setInnerPolicy(unique_ptr<ValidationPolicy> innerPolicy);
67
68 ValidationPolicy&
69 getInnerPolicy();
70
71 /**
72 * @brief Set validator to which the policy is associated
73 */
74 void
75 setValidator(Validator& validator);
76
77 /**
Alexander Afanasyev7e721412017-01-11 13:36:08 -080078 * @brief Check @p data against the policy
79 *
80 * Depending on implementation of the policy, this check can be done synchronously or
81 * asynchronously.
82 *
83 * Semantics of checkPolicy has changed from v1::Validator
84 * - If packet violates policy, the policy should call `state->fail` with appropriate error
85 * code and error description.
86 * - If packet conforms to the policy and no further key retrievals are necessary,
87 * the policy should call continueValidation(state, nullptr)
88 * - If packet conforms to the policy and a key needs to be fetched, the policy should call
89 * continueValidation(state, <appropriate-key-request-instance>)
90 */
91 virtual void
92 checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
93 const ValidationContinuation& continueValidation) = 0;
94
95 /**
96 * @brief Check @p interest against the policy
97 *
98 * Depending on implementation of the policy, this check can be done synchronously or
99 * asynchronously.
100 *
101 * Semantics of checkPolicy has changed from v1::Validator
102 * - If packet violates policy, the policy should call `state->fail` with appropriate error
103 * code and error description.
104 * - If packet conforms to the policy and no further key retrievals are necessary,
105 * the policy should call continueValidation(state, nullptr)
106 * - If packet conforms to the policy and a key needs to be fetched, the policy should call
107 * continueValidation(state, <appropriate-key-request-instance>)
108 */
109 virtual void
110 checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
111 const ValidationContinuation& continueValidation) = 0;
112
113 /**
114 * @brief Check @p certificate against the policy
115 *
116 * Unless overridden by the policy, this check defaults to `checkPolicy(const Data&, ...)`.
117 *
118 * Depending on implementation of the policy, this check can be done synchronously or
119 * asynchronously.
120 *
121 * Semantics of checkPolicy has changed from v1::Validator
122 * - If packet violates policy, the policy should call `state->fail` with appropriate error
123 * code and error description.
124 * - If packet conforms to the policy and no further key retrievals are necessary,
125 * the policy should call continueValidation(state, nullptr)
126 * - If packet conforms to the policy and a key needs to be fetched, the policy should call
127 * continueValidation(state, <appropriate-key-request-instance>)
128 */
129 virtual void
130 checkPolicy(const Certificate& certificate, const shared_ptr<ValidationState>& state,
131 const ValidationContinuation& continueValidation)
132 {
133 checkPolicy(static_cast<const Data&>(certificate), state, continueValidation);
134 }
Alexander Afanasyevb54aa572017-03-21 19:40:49 -0500135
136NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PROTECTED:
137 Validator* m_validator;
138 unique_ptr<ValidationPolicy> m_innerPolicy;
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800139};
140
Junxiao Shi830ba972017-06-23 22:44:41 +0000141/** \brief extract KeyLocator.Name from Data
142 *
143 * Data must contain a KeyLocator of Name type.
144 * Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
145 */
146Name
147getKeyLocatorName(const Data& data, ValidationState& state);
148
149/** \brief extract KeyLocator.Name from signed Interest
150 *
151 * Interest must have SignatureInfo and contain a KeyLocator of Name type.
152 * Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
153 */
154Name
155getKeyLocatorName(const Interest& interest, ValidationState& state);
156
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800157} // namespace v2
158} // namespace security
159} // namespace ndn
160
161#endif // NDN_SECURITY_V2_VALIDATION_POLICY_HPP