Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 2 | /** |
Zhiyi Zhang | 044bb7e | 2016-06-10 00:02:37 -0700 | [diff] [blame] | 3 | * Copyright (c) 2013-2016 Regents of the University of California. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 6 | * |
Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 7 | * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| 8 | * terms of the GNU Lesser General Public License as published by the Free Software |
| 9 | * Foundation, either version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License and GNU Lesser |
| 16 | * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| 17 | * <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 20 | * |
| 21 | * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/> |
Zhiyi Zhang | 044bb7e | 2016-06-10 00:02:37 -0700 | [diff] [blame] | 22 | * @author Zhiyi Zhang <zhangzhiyi1919@gmail.com> |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 23 | */ |
| 24 | |
| 25 | #ifndef NDN_SECURITY_VALIDATOR_CONFIG_HPP |
| 26 | #define NDN_SECURITY_VALIDATOR_CONFIG_HPP |
| 27 | |
| 28 | #include "validator.hpp" |
| 29 | #include "certificate-cache.hpp" |
| 30 | #include "conf/rule.hpp" |
| 31 | #include "conf/common.hpp" |
| 32 | |
| 33 | namespace ndn { |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 34 | namespace security { |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 35 | |
Zhiyi Zhang | 7ba99e1 | 2016-11-10 14:26:16 -0800 | [diff] [blame] | 36 | /** |
| 37 | * @brief The validator which can be set up via a configuration file. |
| 38 | */ |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 39 | class ValidatorConfig : public Validator |
| 40 | { |
| 41 | public: |
| 42 | class Error : public Validator::Error |
| 43 | { |
| 44 | public: |
| 45 | explicit |
| 46 | Error(const std::string& what) |
| 47 | : Validator::Error(what) |
| 48 | { |
| 49 | } |
| 50 | }; |
| 51 | |
Yingdi Yu | 4e9b069 | 2014-11-04 16:13:56 -0800 | [diff] [blame] | 52 | /** |
| 53 | * @note When both certificate cache and face are not supplied, no cache will be used. |
| 54 | * However, if only face is supplied, a default cache will be created and used. |
| 55 | */ |
| 56 | explicit |
| 57 | ValidatorConfig(Face* face = nullptr, |
| 58 | const shared_ptr<CertificateCache>& certificateCache = DEFAULT_CERTIFICATE_CACHE, |
| 59 | const time::milliseconds& graceInterval = DEFAULT_GRACE_INTERVAL, |
| 60 | const size_t stepLimit = 10, |
| 61 | const size_t maxTrackedKeys = 1000, |
| 62 | const time::system_clock::Duration& keyTimestampTtl = DEFAULT_KEY_TIMESTAMP_TTL); |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 63 | |
Yingdi Yu | 4e9b069 | 2014-11-04 16:13:56 -0800 | [diff] [blame] | 64 | /// @deprecated Use the constructor taking Face* as parameter. |
Yingdi Yu | 96e6406 | 2014-04-15 19:57:33 -0700 | [diff] [blame] | 65 | explicit |
| 66 | ValidatorConfig(Face& face, |
| 67 | const shared_ptr<CertificateCache>& certificateCache = DEFAULT_CERTIFICATE_CACHE, |
Yingdi Yu | 0f5fb69 | 2014-06-10 12:07:28 -0700 | [diff] [blame] | 68 | const time::milliseconds& graceInterval = DEFAULT_GRACE_INTERVAL, |
| 69 | const size_t stepLimit = 10, |
| 70 | const size_t maxTrackedKeys = 1000, |
| 71 | const time::system_clock::Duration& keyTimestampTtl = DEFAULT_KEY_TIMESTAMP_TTL); |
Yingdi Yu | 96e6406 | 2014-04-15 19:57:33 -0700 | [diff] [blame] | 72 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 73 | void |
| 74 | load(const std::string& filename); |
| 75 | |
| 76 | void |
| 77 | load(const std::string& input, const std::string& filename); |
| 78 | |
| 79 | void |
| 80 | load(std::istream& input, const std::string& filename); |
| 81 | |
Yingdi Yu | dfa9d73 | 2014-04-09 09:53:01 -0700 | [diff] [blame] | 82 | void |
| 83 | load(const security::conf::ConfigSection& configSection, |
| 84 | const std::string& filename); |
| 85 | |
Yingdi Yu | 4e9b069 | 2014-11-04 16:13:56 -0800 | [diff] [blame] | 86 | void |
Yingdi Yu | 58f3371 | 2014-04-16 16:57:47 -0700 | [diff] [blame] | 87 | reset(); |
| 88 | |
Yingdi Yu | 4e9b069 | 2014-11-04 16:13:56 -0800 | [diff] [blame] | 89 | bool |
Yingdi Yu | 58f3371 | 2014-04-16 16:57:47 -0700 | [diff] [blame] | 90 | isEmpty(); |
| 91 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 92 | protected: |
Davide Pesavento | 57c07df | 2016-12-11 18:41:45 -0500 | [diff] [blame] | 93 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 94 | checkPolicy(const Data& data, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 95 | int nSteps, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 96 | const OnDataValidated& onValidated, |
| 97 | const OnDataValidationFailed& onValidationFailed, |
Zhiyi Zhang | 7ba99e1 | 2016-11-10 14:26:16 -0800 | [diff] [blame] | 98 | std::vector<shared_ptr<ValidationRequest>>& nextSteps) override; |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 99 | |
Davide Pesavento | 57c07df | 2016-12-11 18:41:45 -0500 | [diff] [blame] | 100 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 101 | checkPolicy(const Interest& interest, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 102 | int nSteps, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 103 | const OnInterestValidated& onValidated, |
| 104 | const OnInterestValidationFailed& onValidationFailed, |
Zhiyi Zhang | 7ba99e1 | 2016-11-10 14:26:16 -0800 | [diff] [blame] | 105 | std::vector<shared_ptr<ValidationRequest>>& nextSteps) override; |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 106 | |
| 107 | private: |
| 108 | template<class Packet, class OnValidated, class OnFailed> |
| 109 | void |
| 110 | checkSignature(const Packet& packet, |
| 111 | const Signature& signature, |
Yingdi Yu | 0f5fb69 | 2014-06-10 12:07:28 -0700 | [diff] [blame] | 112 | size_t nSteps, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 113 | const OnValidated& onValidated, |
| 114 | const OnFailed& onValidationFailed, |
Zhiyi Zhang | 044bb7e | 2016-06-10 00:02:37 -0700 | [diff] [blame] | 115 | std::vector<shared_ptr<ValidationRequest>>& nextSteps); |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 116 | |
Yingdi Yu | 0f5fb69 | 2014-06-10 12:07:28 -0700 | [diff] [blame] | 117 | void |
| 118 | checkTimestamp(const shared_ptr<const Interest>& interest, |
| 119 | const Name& keyName, |
| 120 | const OnInterestValidated& onValidated, |
| 121 | const OnInterestValidationFailed& onValidationFailed); |
| 122 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 123 | template<class Packet, class OnValidated, class OnFailed> |
| 124 | void |
| 125 | onCertValidated(const shared_ptr<const Data>& signCertificate, |
| 126 | const shared_ptr<const Packet>& packet, |
| 127 | const OnValidated& onValidated, |
| 128 | const OnFailed& onValidationFailed); |
| 129 | |
| 130 | template<class Packet, class OnFailed> |
| 131 | void |
| 132 | onCertFailed(const shared_ptr<const Data>& signCertificate, |
| 133 | const std::string& failureInfo, |
| 134 | const shared_ptr<const Packet>& packet, |
| 135 | const OnFailed& onValidationFailed); |
| 136 | |
| 137 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 138 | onConfigRule(const security::conf::ConfigSection& section, |
| 139 | const std::string& filename); |
| 140 | |
| 141 | void |
| 142 | onConfigTrustAnchor(const security::conf::ConfigSection& section, |
| 143 | const std::string& filename); |
| 144 | |
Yingdi Yu | b465065 | 2014-04-17 10:19:59 -0700 | [diff] [blame] | 145 | time::nanoseconds |
| 146 | getRefreshPeriod(std::string refreshString); |
| 147 | |
Yingdi Yu | 4e9b069 | 2014-11-04 16:13:56 -0800 | [diff] [blame] | 148 | time::nanoseconds |
Yingdi Yu | b465065 | 2014-04-17 10:19:59 -0700 | [diff] [blame] | 149 | getDefaultRefreshPeriod(); |
| 150 | |
| 151 | void |
| 152 | refreshAnchors(); |
| 153 | |
Yingdi Yu | 0f5fb69 | 2014-06-10 12:07:28 -0700 | [diff] [blame] | 154 | void |
| 155 | cleanOldKeys(); |
| 156 | |
Yingdi Yu | b465065 | 2014-04-17 10:19:59 -0700 | [diff] [blame] | 157 | class TrustAnchorContainer |
| 158 | { |
| 159 | public: |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 160 | const std::list<shared_ptr<v1::IdentityCertificate>>& |
Yingdi Yu | b465065 | 2014-04-17 10:19:59 -0700 | [diff] [blame] | 161 | getAll() const |
| 162 | { |
| 163 | return m_certificates; |
| 164 | } |
| 165 | |
| 166 | void |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 167 | add(shared_ptr<v1::IdentityCertificate> certificate) |
Yingdi Yu | b465065 | 2014-04-17 10:19:59 -0700 | [diff] [blame] | 168 | { |
| 169 | m_certificates.push_back(certificate); |
| 170 | } |
| 171 | |
| 172 | protected: |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 173 | std::list<shared_ptr<v1::IdentityCertificate>> m_certificates; |
Yingdi Yu | b465065 | 2014-04-17 10:19:59 -0700 | [diff] [blame] | 174 | }; |
| 175 | |
| 176 | class DynamicTrustAnchorContainer : public TrustAnchorContainer |
| 177 | { |
| 178 | public: |
| 179 | DynamicTrustAnchorContainer(const boost::filesystem::path& path, bool isDir, |
| 180 | time::nanoseconds refreshPeriod) |
| 181 | : m_path(path) |
| 182 | , m_isDir(isDir) |
| 183 | , m_refreshPeriod(refreshPeriod) |
| 184 | { |
| 185 | } |
| 186 | |
| 187 | void |
| 188 | setLastRefresh(const time::system_clock::TimePoint& lastRefresh) |
| 189 | { |
| 190 | m_lastRefresh = lastRefresh; |
| 191 | } |
| 192 | |
| 193 | const time::system_clock::TimePoint& |
| 194 | getLastRefresh() const |
| 195 | { |
| 196 | return m_lastRefresh; |
| 197 | } |
| 198 | |
| 199 | const time::nanoseconds& |
| 200 | getRefreshPeriod() const |
| 201 | { |
| 202 | return m_refreshPeriod; |
| 203 | } |
| 204 | |
| 205 | void |
| 206 | refresh(); |
| 207 | |
| 208 | private: |
| 209 | boost::filesystem::path m_path; |
| 210 | bool m_isDir; |
| 211 | |
| 212 | time::system_clock::TimePoint m_lastRefresh; |
| 213 | time::nanoseconds m_refreshPeriod; |
| 214 | }; |
| 215 | |
Yingdi Yu | 4e9b069 | 2014-11-04 16:13:56 -0800 | [diff] [blame] | 216 | static inline bool |
| 217 | compareDynamicContainer(const DynamicTrustAnchorContainer& containerA, |
| 218 | const DynamicTrustAnchorContainer& containerB) |
| 219 | { |
| 220 | return (containerA.getLastRefresh() < containerB.getLastRefresh()); |
| 221 | } |
| 222 | |
| 223 | public: |
| 224 | static const shared_ptr<CertificateCache> DEFAULT_CERTIFICATE_CACHE; |
| 225 | static const time::milliseconds DEFAULT_GRACE_INTERVAL; |
| 226 | static const time::system_clock::Duration DEFAULT_KEY_TIMESTAMP_TTL; |
| 227 | |
Zhiyi Zhang | 044bb7e | 2016-06-10 00:02:37 -0700 | [diff] [blame] | 228 | NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE: |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 229 | typedef security::conf::Rule<Interest> InterestRule; |
| 230 | typedef security::conf::Rule<Data> DataRule; |
Zhiyi Zhang | 044bb7e | 2016-06-10 00:02:37 -0700 | [diff] [blame] | 231 | typedef std::vector<shared_ptr<InterestRule>> InterestRuleList; |
| 232 | typedef std::vector<shared_ptr<DataRule>> DataRuleList; |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 233 | typedef std::map<Name, shared_ptr<v1::IdentityCertificate>> AnchorList; |
Yingdi Yu | b465065 | 2014-04-17 10:19:59 -0700 | [diff] [blame] | 234 | typedef std::list<DynamicTrustAnchorContainer> DynamicContainers; // sorted by m_lastRefresh |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 235 | typedef std::list<shared_ptr<v1::IdentityCertificate>> CertificateList; |
Yingdi Yu | b465065 | 2014-04-17 10:19:59 -0700 | [diff] [blame] | 236 | |
Yingdi Yu | 44d190c | 2014-04-16 17:05:46 -0700 | [diff] [blame] | 237 | /** |
| 238 | * @brief gives whether validation should be preformed |
| 239 | * |
| 240 | * If false, no validation occurs, and any packet is considered validated immediately. |
| 241 | */ |
| 242 | bool m_shouldValidate; |
| 243 | |
Yingdi Yu | 0f5fb69 | 2014-06-10 12:07:28 -0700 | [diff] [blame] | 244 | size_t m_stepLimit; |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 245 | shared_ptr<CertificateCache> m_certificateCache; |
| 246 | |
| 247 | InterestRuleList m_interestRules; |
| 248 | DataRuleList m_dataRules; |
Yingdi Yu | b465065 | 2014-04-17 10:19:59 -0700 | [diff] [blame] | 249 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 250 | AnchorList m_anchors; |
Yingdi Yu | b465065 | 2014-04-17 10:19:59 -0700 | [diff] [blame] | 251 | TrustAnchorContainer m_staticContainer; |
| 252 | DynamicContainers m_dynamicContainers; |
| 253 | |
Yingdi Yu | 0f5fb69 | 2014-06-10 12:07:28 -0700 | [diff] [blame] | 254 | time::milliseconds m_graceInterval; |
| 255 | size_t m_maxTrackedKeys; |
| 256 | typedef std::map<Name, time::system_clock::TimePoint> LastTimestampMap; |
| 257 | LastTimestampMap m_lastTimestamp; |
| 258 | const time::system_clock::Duration& m_keyTimestampTtl; |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 259 | }; |
| 260 | |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 261 | } // namespace security |
| 262 | |
| 263 | using security::ValidatorConfig; |
| 264 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 265 | } // namespace ndn |
| 266 | |
| 267 | #endif // NDN_SECURITY_VALIDATOR_CONFIG_HPP |