blob: 4b9b8302ca1036fec8f4aa045e086481fa33baa4 [file] [log] [blame]
Yingdi Yu3715f8d2014-01-30 00:32:20 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -07003 * Copyright (c) 2013-2014, Regents of the University of California.
4 * All rights reserved.
5 *
6 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
7 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
8 *
9 * This file licensed under New BSD License. See COPYING for detailed information about
10 * ndn-cxx library copyright, permissions, and redistribution restrictions.
11 *
12 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
Yingdi Yu3715f8d2014-01-30 00:32:20 -080013 */
14
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -080015#include "common.hpp"
16
Yingdi Yu3715f8d2014-01-30 00:32:20 -080017#include "sec-rule-relative.hpp"
18
19#include "signature-sha256-with-rsa.hpp"
20#include "security-common.hpp"
21
22#include "../util/logging.hpp"
23
Yingdi Yu21157162014-02-28 13:02:34 -080024INIT_LOGGER ("ndn.SecRuleRelative");
Yingdi Yu3715f8d2014-01-30 00:32:20 -080025
26using namespace std;
27
Yingdi Yufc40d872014-02-18 12:56:04 -080028namespace ndn {
Yingdi Yu3715f8d2014-01-30 00:32:20 -080029
Yingdi Yu4b8c6a22014-04-15 23:00:54 -070030SecRuleRelative::SecRuleRelative (const string& dataRegex, const string& signerRegex,
31 const string& op,
32 const string& dataExpand, const string& signerExpand,
33 bool isPositive)
Yingdi Yu3715f8d2014-01-30 00:32:20 -080034 : SecRule(isPositive),
35 m_dataRegex(dataRegex),
36 m_signerRegex(signerRegex),
37 m_op(op),
38 m_dataExpand(dataExpand),
39 m_signerExpand(signerExpand),
40 m_dataNameRegex(dataRegex, dataExpand),
41 m_signerNameRegex(signerRegex, signerExpand)
42{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -070043 if (op != ">" && op != ">=" && op != "==")
Yingdi Yu3715f8d2014-01-30 00:32:20 -080044 throw Error("op is wrong!");
45}
46
47SecRuleRelative::~SecRuleRelative()
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -070048{
49}
Yingdi Yu3715f8d2014-01-30 00:32:20 -080050
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -070051bool
Yingdi Yu3715f8d2014-01-30 00:32:20 -080052SecRuleRelative::satisfy (const Data& data)
53{
54 Name dataName = data.getName();
Yingdi Yu4b8c6a22014-04-15 23:00:54 -070055 try
56 {
57 SignatureSha256WithRsa sig(data.getSignature());
58 Name signerName = sig.getKeyLocator().getName ();
59 return satisfy (dataName, signerName);
60 }
61 catch (std::runtime_error& e)
62 {
63 return false;
64 }
Yingdi Yu3715f8d2014-01-30 00:32:20 -080065}
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -070066
67bool
Yingdi Yu3715f8d2014-01-30 00:32:20 -080068SecRuleRelative::satisfy (const Name& dataName, const Name& signerName)
69{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -070070 if (!m_dataNameRegex.match(dataName))
Yingdi Yu3715f8d2014-01-30 00:32:20 -080071 return false;
72 Name expandDataName = m_dataNameRegex.expand();
73
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -070074 if (!m_signerNameRegex.match(signerName))
Yingdi Yu3715f8d2014-01-30 00:32:20 -080075 return false;
76 Name expandSignerName = m_signerNameRegex.expand();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -070077
Yingdi Yu3715f8d2014-01-30 00:32:20 -080078 bool matched = compare(expandDataName, expandSignerName);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -070079
Yingdi Yu3715f8d2014-01-30 00:32:20 -080080 return matched;
81}
82
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -070083bool
Yingdi Yu3715f8d2014-01-30 00:32:20 -080084SecRuleRelative::matchDataName (const Data& data)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -070085{
86 return m_dataNameRegex.match(data.getName());
87}
Yingdi Yu3715f8d2014-01-30 00:32:20 -080088
89bool
90SecRuleRelative::matchSignerName (const Data& data)
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -070091{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -070092 try
93 {
94 SignatureSha256WithRsa sig(data.getSignature());
95 Name signerName = sig.getKeyLocator().getName ();
96 return m_signerNameRegex.match(signerName);
97 }
98 catch (std::runtime_error& e)
99 {
100 return false;
101 }
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800102}
103
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700104bool
105SecRuleRelative::compare(const Name& dataName, const Name& signerName)
106{
107 if ((dataName == signerName) && ("==" == m_op || ">=" == m_op))
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800108 return true;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700109
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800110 Name::const_iterator i = dataName.begin ();
111 Name::const_iterator j = signerName.begin ();
112
113 for (; i != dataName.end () && j != signerName.end (); i++, j++)
114 {
115 if ((i->compare(*j)) == 0)
116 continue;
117 else
118 return false;
119 }
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700120
121 if (i == dataName.end())
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800122 return false;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700123 else
Yingdi Yu3715f8d2014-01-30 00:32:20 -0800124 return true;
125}
126
Yingdi Yufc40d872014-02-18 12:56:04 -0800127} // namespace ndn