| Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 2 | /** |
| Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 3 | * Copyright (C) 2013 Regents of the University of California. |
| Jeff Thompson | ba16b8f | 2013-12-16 13:11:47 -0800 | [diff] [blame] | 4 | * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
| Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 5 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
| Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 6 | * See COPYING for copyright and distribution information. |
| 7 | */ |
| 8 | |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 9 | #include "../util/logging.hpp" |
| Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame] | 10 | #include <ndn-cpp/security/security-exception.hpp> |
| 11 | #include <ndn-cpp/security/policy/policy-manager.hpp> |
| 12 | #include <ndn-cpp/security/key-chain.hpp> |
| Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 13 | |
| 14 | using namespace std; |
| Jeff Thompson | 2381da8 | 2013-11-06 14:34:09 -0800 | [diff] [blame] | 15 | using namespace ndn::func_lib; |
| Jeff Thompson | 9bdeb6d | 2013-11-06 14:30:07 -0800 | [diff] [blame] | 16 | #if NDN_CPP_HAVE_STD_FUNCTION |
| Jeff Thompson | 09324ed | 2013-11-06 14:40:35 -0800 | [diff] [blame] | 17 | // In the std library, the placeholders are in a different namespace than boost. |
| 18 | using namespace ndn::func_lib::placeholders; |
| Jeff Thompson | 9bdeb6d | 2013-11-06 14:30:07 -0800 | [diff] [blame] | 19 | #endif |
| Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 20 | |
| 21 | namespace ndn { |
| Jeff Thompson | 1596639 | 2013-12-04 17:37:17 -0800 | [diff] [blame] | 22 | |
| Jeff Thompson | ce11576 | 2013-12-18 14:59:56 -0800 | [diff] [blame] | 23 | KeyChain::KeyChain(const ptr_lib::shared_ptr<IdentityManager>& identityManager, const ptr_lib::shared_ptr<PolicyManager>& policyManager) |
| Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 24 | : identityManager_(identityManager), policyManager_(policyManager), face_(0), maxSteps_(100) |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 25 | { |
| 26 | } |
| 27 | |
| Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 28 | void |
| Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 29 | KeyChain::sign(Data& data, const Name& certificateName, WireFormat& wireFormat) |
| Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 30 | { |
| Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 31 | identityManager_->signByCertificate(data, certificateName, wireFormat); |
| 32 | } |
| 33 | |
| Jeff Thompson | ce11576 | 2013-12-18 14:59:56 -0800 | [diff] [blame] | 34 | ptr_lib::shared_ptr<Signature> |
| Jeff Thompson | c01e178 | 2013-10-21 14:08:42 -0700 | [diff] [blame] | 35 | KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName) |
| 36 | { |
| 37 | return identityManager_->signByCertificate(buffer, bufferLength, certificateName); |
| 38 | } |
| 39 | |
| Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 40 | void |
| 41 | KeyChain::signByIdentity(Data& data, const Name& identityName, WireFormat& wireFormat) |
| 42 | { |
| 43 | Name signingCertificateName; |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 44 | |
| Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 45 | if (identityName.getComponentCount() == 0) { |
| 46 | Name inferredIdentity = policyManager_->inferSigningIdentity(data.getName()); |
| 47 | if (inferredIdentity.getComponentCount() == 0) |
| 48 | signingCertificateName = identityManager_->getDefaultCertificateName(); |
| 49 | else |
| 50 | signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(inferredIdentity); |
| Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 51 | } |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 52 | else |
| Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 53 | signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(identityName); |
| 54 | |
| 55 | if (signingCertificateName.getComponentCount() == 0) |
| 56 | throw SecurityException("No qualified certificate name found!"); |
| 57 | |
| 58 | if (!policyManager_->checkSigningPolicy(data.getName(), signingCertificateName)) |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 59 | throw SecurityException("Signing Cert name does not comply with signing policy"); |
| Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 60 | |
| Jeff Thompson | 56e6265 | 2013-10-31 16:13:25 -0700 | [diff] [blame] | 61 | identityManager_->signByCertificate(data, signingCertificateName, wireFormat); |
| Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 62 | } |
| 63 | |
| Jeff Thompson | ce11576 | 2013-12-18 14:59:56 -0800 | [diff] [blame] | 64 | ptr_lib::shared_ptr<Signature> |
| Jeff Thompson | e9ffe79 | 2013-10-22 10:58:48 -0700 | [diff] [blame] | 65 | KeyChain::signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName) |
| 66 | { |
| 67 | Name signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(identityName); |
| Jeff Thompson | c01e178 | 2013-10-21 14:08:42 -0700 | [diff] [blame] | 68 | |
| Jeff Thompson | e9ffe79 | 2013-10-22 10:58:48 -0700 | [diff] [blame] | 69 | if (signingCertificateName.size() == 0) |
| 70 | throw SecurityException("No qualified certificate name found!"); |
| Jeff Thompson | c01e178 | 2013-10-21 14:08:42 -0700 | [diff] [blame] | 71 | |
| Jeff Thompson | e9ffe79 | 2013-10-22 10:58:48 -0700 | [diff] [blame] | 72 | return identityManager_->signByCertificate(buffer, bufferLength, signingCertificateName); |
| 73 | } |
| Jeff Thompson | c01e178 | 2013-10-21 14:08:42 -0700 | [diff] [blame] | 74 | |
| Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 75 | void |
| Jeff Thompson | 7c5d231 | 2013-09-25 16:07:15 -0700 | [diff] [blame] | 76 | KeyChain::verifyData |
| Jeff Thompson | ce11576 | 2013-12-18 14:59:56 -0800 | [diff] [blame] | 77 | (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount) |
| Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 78 | { |
| Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 79 | _LOG_TRACE("Enter Verify"); |
| Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 80 | |
| Jeff Thompson | f309aa6 | 2013-10-31 17:03:54 -0700 | [diff] [blame] | 81 | if (policyManager_->requireVerify(*data)) { |
| Jeff Thompson | ce11576 | 2013-12-18 14:59:56 -0800 | [diff] [blame] | 82 | ptr_lib::shared_ptr<ValidationRequest> nextStep = policyManager_->checkVerificationPolicy |
| Jeff Thompson | f309aa6 | 2013-10-31 17:03:54 -0700 | [diff] [blame] | 83 | (data, stepCount, onVerified, onVerifyFailed); |
| Jeff Thompson | cda349e | 2013-11-05 17:37:39 -0800 | [diff] [blame] | 84 | if (nextStep) |
| 85 | face_->expressInterest |
| 86 | (*nextStep->interest_, |
| 87 | bind(&KeyChain::onCertificateData, this, _1, _2, nextStep), |
| 88 | bind(&KeyChain::onCertificateInterestTimeout, this, _1, nextStep->retry_, onVerifyFailed, data, nextStep)); |
| Jeff Thompson | f309aa6 | 2013-10-31 17:03:54 -0700 | [diff] [blame] | 89 | } |
| 90 | else if (policyManager_->skipVerifyAndTrust(*data)) |
| Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 91 | onVerified(data); |
| 92 | else |
| Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 93 | onVerifyFailed(data); |
| Jeff Thompson | 1e90d8c | 2013-08-12 16:09:25 -0700 | [diff] [blame] | 94 | } |
| 95 | |
| Jeff Thompson | cda349e | 2013-11-05 17:37:39 -0800 | [diff] [blame] | 96 | void |
| Jeff Thompson | ce11576 | 2013-12-18 14:59:56 -0800 | [diff] [blame] | 97 | KeyChain::onCertificateData(const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep) |
| Jeff Thompson | cda349e | 2013-11-05 17:37:39 -0800 | [diff] [blame] | 98 | { |
| 99 | // Try to verify the certificate (data) according to the parameters in nextStep. |
| 100 | verifyData(data, nextStep->onVerified_, nextStep->onVerifyFailed_, nextStep->stepCount_); |
| 101 | } |
| 102 | |
| 103 | void |
| 104 | KeyChain::onCertificateInterestTimeout |
| Jeff Thompson | ce11576 | 2013-12-18 14:59:56 -0800 | [diff] [blame] | 105 | (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, const ptr_lib::shared_ptr<Data> &data, |
| 106 | ptr_lib::shared_ptr<ValidationRequest> nextStep) |
| Jeff Thompson | cda349e | 2013-11-05 17:37:39 -0800 | [diff] [blame] | 107 | { |
| 108 | if (retry > 0) |
| 109 | // Issue the same expressInterest as in verifyData except decrement retry. |
| 110 | face_->expressInterest |
| 111 | (*interest, |
| 112 | bind(&KeyChain::onCertificateData, this, _1, _2, nextStep), |
| 113 | bind(&KeyChain::onCertificateInterestTimeout, this, _1, retry - 1, onVerifyFailed, data, nextStep)); |
| 114 | else |
| 115 | onVerifyFailed(data); |
| 116 | } |
| 117 | |
| Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 118 | } |