Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /** |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame^] | 3 | * Copyright (c) 2013-2014, Regents of the University of California. |
| 4 | * All rights reserved. |
| 5 | * |
| 6 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
| 7 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
| 8 | * |
| 9 | * This file licensed under New BSD License. See COPYING for detailed information about |
| 10 | * ndn-cxx library copyright, permissions, and redistribution restrictions. |
| 11 | * |
| 12 | * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/> |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 13 | */ |
| 14 | |
Alexander Afanasyev | e2dcdfd | 2014-02-07 15:53:28 -0800 | [diff] [blame] | 15 | #include "common.hpp" |
| 16 | |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 17 | #include "sec-rule-relative.hpp" |
| 18 | |
| 19 | #include "signature-sha256-with-rsa.hpp" |
| 20 | #include "security-common.hpp" |
| 21 | |
| 22 | #include "../util/logging.hpp" |
| 23 | |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 24 | INIT_LOGGER ("ndn.SecRuleRelative"); |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 25 | |
| 26 | using namespace std; |
| 27 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 28 | namespace ndn { |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 29 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 30 | SecRuleRelative::SecRuleRelative (const string& dataRegex, const string& signerRegex, |
| 31 | const string& op, |
| 32 | const string& dataExpand, const string& signerExpand, |
| 33 | bool isPositive) |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 34 | : SecRule(isPositive), |
| 35 | m_dataRegex(dataRegex), |
| 36 | m_signerRegex(signerRegex), |
| 37 | m_op(op), |
| 38 | m_dataExpand(dataExpand), |
| 39 | m_signerExpand(signerExpand), |
| 40 | m_dataNameRegex(dataRegex, dataExpand), |
| 41 | m_signerNameRegex(signerRegex, signerExpand) |
| 42 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 43 | if (op != ">" && op != ">=" && op != "==") |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 44 | throw Error("op is wrong!"); |
| 45 | } |
| 46 | |
| 47 | SecRuleRelative::~SecRuleRelative() |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 48 | { |
| 49 | } |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 50 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 51 | bool |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 52 | SecRuleRelative::satisfy (const Data& data) |
| 53 | { |
| 54 | Name dataName = data.getName(); |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 55 | try |
| 56 | { |
| 57 | SignatureSha256WithRsa sig(data.getSignature()); |
| 58 | Name signerName = sig.getKeyLocator().getName (); |
| 59 | return satisfy (dataName, signerName); |
| 60 | } |
| 61 | catch (std::runtime_error& e) |
| 62 | { |
| 63 | return false; |
| 64 | } |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 65 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 66 | |
| 67 | bool |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 68 | SecRuleRelative::satisfy (const Name& dataName, const Name& signerName) |
| 69 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 70 | if (!m_dataNameRegex.match(dataName)) |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 71 | return false; |
| 72 | Name expandDataName = m_dataNameRegex.expand(); |
| 73 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 74 | if (!m_signerNameRegex.match(signerName)) |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 75 | return false; |
| 76 | Name expandSignerName = m_signerNameRegex.expand(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 77 | |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 78 | bool matched = compare(expandDataName, expandSignerName); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 79 | |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 80 | return matched; |
| 81 | } |
| 82 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 83 | bool |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 84 | SecRuleRelative::matchDataName (const Data& data) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 85 | { |
| 86 | return m_dataNameRegex.match(data.getName()); |
| 87 | } |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 88 | |
| 89 | bool |
| 90 | SecRuleRelative::matchSignerName (const Data& data) |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 91 | { |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 92 | try |
| 93 | { |
| 94 | SignatureSha256WithRsa sig(data.getSignature()); |
| 95 | Name signerName = sig.getKeyLocator().getName (); |
| 96 | return m_signerNameRegex.match(signerName); |
| 97 | } |
| 98 | catch (std::runtime_error& e) |
| 99 | { |
| 100 | return false; |
| 101 | } |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 102 | } |
| 103 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 104 | bool |
| 105 | SecRuleRelative::compare(const Name& dataName, const Name& signerName) |
| 106 | { |
| 107 | if ((dataName == signerName) && ("==" == m_op || ">=" == m_op)) |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 108 | return true; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 109 | |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 110 | Name::const_iterator i = dataName.begin (); |
| 111 | Name::const_iterator j = signerName.begin (); |
| 112 | |
| 113 | for (; i != dataName.end () && j != signerName.end (); i++, j++) |
| 114 | { |
| 115 | if ((i->compare(*j)) == 0) |
| 116 | continue; |
| 117 | else |
| 118 | return false; |
| 119 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 120 | |
| 121 | if (i == dataName.end()) |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 122 | return false; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 123 | else |
Yingdi Yu | 3715f8d | 2014-01-30 00:32:20 -0800 | [diff] [blame] | 124 | return true; |
| 125 | } |
| 126 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 127 | } // namespace ndn |