Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / caac54eb94693a62718d9c7bf4f67bb1145924fd / . / src / security / sec-rule-relative.cpp
blob: cc333209736d2fe7a83ebd67e8d8429741828866 [file] [log] [blame]
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]3 * Copyright (c) 2013-2014, Regents of the University of California.
4 * All rights reserved.
5 *
6 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
7 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
8 *
9 * This file licensed under New BSD License. See COPYING for detailed information about
10 * ndn-cxx library copyright, permissions, and redistribution restrictions.
11 *
12 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]13 */
14
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]15#include "common.hpp"
16
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]17#include "sec-rule-relative.hpp"
18
19#include "signature-sha256-with-rsa.hpp"
20#include "security-common.hpp"
21
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]22using namespace std;
23
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]24namespace ndn {
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]25
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]26SecRuleRelative::SecRuleRelative (const string& dataRegex, const string& signerRegex,
27 const string& op,
28 const string& dataExpand, const string& signerExpand,
29 bool isPositive)
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]30 : SecRule(isPositive),
31 m_dataRegex(dataRegex),
32 m_signerRegex(signerRegex),
33 m_op(op),
34 m_dataExpand(dataExpand),
35 m_signerExpand(signerExpand),
36 m_dataNameRegex(dataRegex, dataExpand),
37 m_signerNameRegex(signerRegex, signerExpand)
38{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]39 if (op != ">" && op != ">=" && op != "==")
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]40 throw Error("op is wrong!");
41}
42
43SecRuleRelative::~SecRuleRelative()
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]44{
45}
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]46
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]47bool
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]48SecRuleRelative::satisfy (const Data& data)
49{
50 Name dataName = data.getName();
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]51 try
52 {
53 SignatureSha256WithRsa sig(data.getSignature());
54 Name signerName = sig.getKeyLocator().getName ();
55 return satisfy (dataName, signerName);
56 }
57 catch (std::runtime_error& e)
58 {
59 return false;
60 }
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]61}
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]62
63bool
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]64SecRuleRelative::satisfy (const Name& dataName, const Name& signerName)
65{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]66 if (!m_dataNameRegex.match(dataName))
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]67 return false;
68 Name expandDataName = m_dataNameRegex.expand();
69
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]70 if (!m_signerNameRegex.match(signerName))
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]71 return false;
72 Name expandSignerName = m_signerNameRegex.expand();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]73
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]74 bool matched = compare(expandDataName, expandSignerName);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]75
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]76 return matched;
77}
78
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]79bool
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]80SecRuleRelative::matchDataName (const Data& data)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]81{
82 return m_dataNameRegex.match(data.getName());
83}
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]84
85bool
86SecRuleRelative::matchSignerName (const Data& data)
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]87{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]88 try
89 {
90 SignatureSha256WithRsa sig(data.getSignature());
91 Name signerName = sig.getKeyLocator().getName ();
92 return m_signerNameRegex.match(signerName);
93 }
94 catch (std::runtime_error& e)
95 {
96 return false;
97 }
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]98}
99
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]100bool
101SecRuleRelative::compare(const Name& dataName, const Name& signerName)
102{
103 if ((dataName == signerName) && ("==" == m_op || ">=" == m_op))
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]104 return true;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]105
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]106 Name::const_iterator i = dataName.begin ();
107 Name::const_iterator j = signerName.begin ();
108
109 for (; i != dataName.end () && j != signerName.end (); i++, j++)
110 {
111 if ((i->compare(*j)) == 0)
112 continue;
113 else
114 return false;
115 }
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]116
117 if (i == dataName.end())
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]118 return false;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]119 else
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800[diff] [blame]120 return true;
121}
122
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]123} // namespace ndn