blob: 2a5fac97c4839755ed60f6d7fe1dea3db2cfb504 [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -04001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yu48e8c0c2014-03-19 12:01:55 -07002/**
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -07003 * Copyright (c) 2013-2016 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -07004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -07006 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -04007 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -070020 *
21 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -070022 * @author Zhiyi Zhang <zhangzhiyi1919@gmail.com>
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070023 */
24
25#ifndef NDN_SECURITY_VALIDATOR_CONFIG_HPP
26#define NDN_SECURITY_VALIDATOR_CONFIG_HPP
27
28#include "validator.hpp"
29#include "certificate-cache.hpp"
30#include "conf/rule.hpp"
31#include "conf/common.hpp"
32
33namespace ndn {
Alexander Afanasyev2fa59392016-07-29 17:24:23 -070034namespace security {
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070035
Zhiyi Zhang7ba99e12016-11-10 14:26:16 -080036/**
37 * @brief The validator which can be set up via a configuration file.
38 */
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070039class ValidatorConfig : public Validator
40{
41public:
42 class Error : public Validator::Error
43 {
44 public:
45 explicit
46 Error(const std::string& what)
47 : Validator::Error(what)
48 {
49 }
50 };
51
Yingdi Yu4e9b0692014-11-04 16:13:56 -080052 /**
53 * @note When both certificate cache and face are not supplied, no cache will be used.
54 * However, if only face is supplied, a default cache will be created and used.
55 */
56 explicit
57 ValidatorConfig(Face* face = nullptr,
58 const shared_ptr<CertificateCache>& certificateCache = DEFAULT_CERTIFICATE_CACHE,
59 const time::milliseconds& graceInterval = DEFAULT_GRACE_INTERVAL,
60 const size_t stepLimit = 10,
61 const size_t maxTrackedKeys = 1000,
62 const time::system_clock::Duration& keyTimestampTtl = DEFAULT_KEY_TIMESTAMP_TTL);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070063
Yingdi Yu4e9b0692014-11-04 16:13:56 -080064 /// @deprecated Use the constructor taking Face* as parameter.
Yingdi Yu96e64062014-04-15 19:57:33 -070065 explicit
66 ValidatorConfig(Face& face,
67 const shared_ptr<CertificateCache>& certificateCache = DEFAULT_CERTIFICATE_CACHE,
Yingdi Yu0f5fb692014-06-10 12:07:28 -070068 const time::milliseconds& graceInterval = DEFAULT_GRACE_INTERVAL,
69 const size_t stepLimit = 10,
70 const size_t maxTrackedKeys = 1000,
71 const time::system_clock::Duration& keyTimestampTtl = DEFAULT_KEY_TIMESTAMP_TTL);
Yingdi Yu96e64062014-04-15 19:57:33 -070072
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070073 void
74 load(const std::string& filename);
75
76 void
77 load(const std::string& input, const std::string& filename);
78
79 void
80 load(std::istream& input, const std::string& filename);
81
Yingdi Yudfa9d732014-04-09 09:53:01 -070082 void
83 load(const security::conf::ConfigSection& configSection,
84 const std::string& filename);
85
Yingdi Yu4e9b0692014-11-04 16:13:56 -080086 void
Yingdi Yu58f33712014-04-16 16:57:47 -070087 reset();
88
Yingdi Yu4e9b0692014-11-04 16:13:56 -080089 bool
Yingdi Yu58f33712014-04-16 16:57:47 -070090 isEmpty();
91
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070092protected:
Davide Pesavento57c07df2016-12-11 18:41:45 -050093 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070094 checkPolicy(const Data& data,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -070095 int nSteps,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070096 const OnDataValidated& onValidated,
97 const OnDataValidationFailed& onValidationFailed,
Zhiyi Zhang7ba99e12016-11-10 14:26:16 -080098 std::vector<shared_ptr<ValidationRequest>>& nextSteps) override;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -070099
Davide Pesavento57c07df2016-12-11 18:41:45 -0500100 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700101 checkPolicy(const Interest& interest,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700102 int nSteps,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700103 const OnInterestValidated& onValidated,
104 const OnInterestValidationFailed& onValidationFailed,
Zhiyi Zhang7ba99e12016-11-10 14:26:16 -0800105 std::vector<shared_ptr<ValidationRequest>>& nextSteps) override;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700106
107private:
108 template<class Packet, class OnValidated, class OnFailed>
109 void
110 checkSignature(const Packet& packet,
111 const Signature& signature,
Yingdi Yu0f5fb692014-06-10 12:07:28 -0700112 size_t nSteps,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700113 const OnValidated& onValidated,
114 const OnFailed& onValidationFailed,
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700115 std::vector<shared_ptr<ValidationRequest>>& nextSteps);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700116
Yingdi Yu0f5fb692014-06-10 12:07:28 -0700117 void
118 checkTimestamp(const shared_ptr<const Interest>& interest,
119 const Name& keyName,
120 const OnInterestValidated& onValidated,
121 const OnInterestValidationFailed& onValidationFailed);
122
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700123 template<class Packet, class OnValidated, class OnFailed>
124 void
125 onCertValidated(const shared_ptr<const Data>& signCertificate,
126 const shared_ptr<const Packet>& packet,
127 const OnValidated& onValidated,
128 const OnFailed& onValidationFailed);
129
130 template<class Packet, class OnFailed>
131 void
132 onCertFailed(const shared_ptr<const Data>& signCertificate,
133 const std::string& failureInfo,
134 const shared_ptr<const Packet>& packet,
135 const OnFailed& onValidationFailed);
136
137 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700138 onConfigRule(const security::conf::ConfigSection& section,
139 const std::string& filename);
140
141 void
142 onConfigTrustAnchor(const security::conf::ConfigSection& section,
143 const std::string& filename);
144
Yingdi Yub4650652014-04-17 10:19:59 -0700145 time::nanoseconds
146 getRefreshPeriod(std::string refreshString);
147
Yingdi Yu4e9b0692014-11-04 16:13:56 -0800148 time::nanoseconds
Yingdi Yub4650652014-04-17 10:19:59 -0700149 getDefaultRefreshPeriod();
150
151 void
152 refreshAnchors();
153
Yingdi Yu0f5fb692014-06-10 12:07:28 -0700154 void
155 cleanOldKeys();
156
Yingdi Yub4650652014-04-17 10:19:59 -0700157 class TrustAnchorContainer
158 {
159 public:
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700160 const std::list<shared_ptr<v1::IdentityCertificate>>&
Yingdi Yub4650652014-04-17 10:19:59 -0700161 getAll() const
162 {
163 return m_certificates;
164 }
165
166 void
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700167 add(shared_ptr<v1::IdentityCertificate> certificate)
Yingdi Yub4650652014-04-17 10:19:59 -0700168 {
169 m_certificates.push_back(certificate);
170 }
171
172 protected:
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700173 std::list<shared_ptr<v1::IdentityCertificate>> m_certificates;
Yingdi Yub4650652014-04-17 10:19:59 -0700174 };
175
176 class DynamicTrustAnchorContainer : public TrustAnchorContainer
177 {
178 public:
179 DynamicTrustAnchorContainer(const boost::filesystem::path& path, bool isDir,
180 time::nanoseconds refreshPeriod)
181 : m_path(path)
182 , m_isDir(isDir)
183 , m_refreshPeriod(refreshPeriod)
184 {
185 }
186
187 void
188 setLastRefresh(const time::system_clock::TimePoint& lastRefresh)
189 {
190 m_lastRefresh = lastRefresh;
191 }
192
193 const time::system_clock::TimePoint&
194 getLastRefresh() const
195 {
196 return m_lastRefresh;
197 }
198
199 const time::nanoseconds&
200 getRefreshPeriod() const
201 {
202 return m_refreshPeriod;
203 }
204
205 void
206 refresh();
207
208 private:
209 boost::filesystem::path m_path;
210 bool m_isDir;
211
212 time::system_clock::TimePoint m_lastRefresh;
213 time::nanoseconds m_refreshPeriod;
214 };
215
Yingdi Yu4e9b0692014-11-04 16:13:56 -0800216 static inline bool
217 compareDynamicContainer(const DynamicTrustAnchorContainer& containerA,
218 const DynamicTrustAnchorContainer& containerB)
219 {
220 return (containerA.getLastRefresh() < containerB.getLastRefresh());
221 }
222
223public:
224 static const shared_ptr<CertificateCache> DEFAULT_CERTIFICATE_CACHE;
225 static const time::milliseconds DEFAULT_GRACE_INTERVAL;
226 static const time::system_clock::Duration DEFAULT_KEY_TIMESTAMP_TTL;
227
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700228NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700229 typedef security::conf::Rule<Interest> InterestRule;
230 typedef security::conf::Rule<Data> DataRule;
Zhiyi Zhang044bb7e2016-06-10 00:02:37 -0700231 typedef std::vector<shared_ptr<InterestRule>> InterestRuleList;
232 typedef std::vector<shared_ptr<DataRule>> DataRuleList;
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700233 typedef std::map<Name, shared_ptr<v1::IdentityCertificate>> AnchorList;
Yingdi Yub4650652014-04-17 10:19:59 -0700234 typedef std::list<DynamicTrustAnchorContainer> DynamicContainers; // sorted by m_lastRefresh
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700235 typedef std::list<shared_ptr<v1::IdentityCertificate>> CertificateList;
Yingdi Yub4650652014-04-17 10:19:59 -0700236
Yingdi Yu44d190c2014-04-16 17:05:46 -0700237 /**
238 * @brief gives whether validation should be preformed
239 *
240 * If false, no validation occurs, and any packet is considered validated immediately.
241 */
242 bool m_shouldValidate;
243
Yingdi Yu0f5fb692014-06-10 12:07:28 -0700244 size_t m_stepLimit;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700245 shared_ptr<CertificateCache> m_certificateCache;
246
247 InterestRuleList m_interestRules;
248 DataRuleList m_dataRules;
Yingdi Yub4650652014-04-17 10:19:59 -0700249
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700250 AnchorList m_anchors;
Yingdi Yub4650652014-04-17 10:19:59 -0700251 TrustAnchorContainer m_staticContainer;
252 DynamicContainers m_dynamicContainers;
253
Yingdi Yu0f5fb692014-06-10 12:07:28 -0700254 time::milliseconds m_graceInterval;
255 size_t m_maxTrackedKeys;
256 typedef std::map<Name, time::system_clock::TimePoint> LastTimestampMap;
257 LastTimestampMap m_lastTimestamp;
258 const time::system_clock::Duration& m_keyTimestampTtl;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700259};
260
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700261} // namespace security
262
263using security::ValidatorConfig;
264
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700265} // namespace ndn
266
267#endif // NDN_SECURITY_VALIDATOR_CONFIG_HPP