Jeff Thompson | 3f3cfd3 | 2013-09-27 11:46:52 -0700 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /** |
| 3 | * Copyright (C) 2013 Regents of the University of California. |
| 4 | * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
| 5 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
| 6 | * See COPYING for copyright and distribution information. |
| 7 | */ |
| 8 | |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 9 | #ifndef NDN_SEC_POLICY_HPP |
| 10 | #define NDN_SEC_POLICY_HPP |
Jeff Thompson | 3f3cfd3 | 2013-09-27 11:46:52 -0700 | [diff] [blame] | 11 | |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 12 | #include "../data.hpp" |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 13 | #include "validation-request.hpp" |
Jeff Thompson | 3f3cfd3 | 2013-09-27 11:46:52 -0700 | [diff] [blame] | 14 | |
| 15 | namespace ndn { |
Jeff Thompson | 3f3cfd3 | 2013-09-27 11:46:52 -0700 | [diff] [blame] | 16 | |
| 17 | /** |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 18 | * A SecPolicy is an abstract base class to represent the policy for verifying data packets. |
Jeff Thompson | 3f3cfd3 | 2013-09-27 11:46:52 -0700 | [diff] [blame] | 19 | * You must create an object of a subclass. |
| 20 | */ |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 21 | class SecPolicy { |
Jeff Thompson | 3f3cfd3 | 2013-09-27 11:46:52 -0700 | [diff] [blame] | 22 | public: |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 23 | struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} }; |
| 24 | |
Jeff Thompson | 3f3cfd3 | 2013-09-27 11:46:52 -0700 | [diff] [blame] | 25 | /** |
| 26 | * The virtual destructor. |
| 27 | */ |
| 28 | virtual |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 29 | ~SecPolicy() {} |
Jeff Thompson | 3f3cfd3 | 2013-09-27 11:46:52 -0700 | [diff] [blame] | 30 | |
| 31 | /** |
| 32 | * Check if the received data packet can escape from verification and be trusted as valid. |
| 33 | * @param data The received data packet. |
| 34 | * @return true if the data does not need to be verified to be trusted as valid, otherwise false. |
| 35 | */ |
| 36 | virtual bool |
| 37 | skipVerifyAndTrust(const Data& data) = 0; |
| 38 | |
| 39 | /** |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 40 | * Check if this SecPolicy has a verification rule for the received data. |
Jeff Thompson | 3f3cfd3 | 2013-09-27 11:46:52 -0700 | [diff] [blame] | 41 | * @param data The received data packet. |
| 42 | * @return true if the data must be verified, otherwise false. |
| 43 | */ |
| 44 | virtual bool |
| 45 | requireVerify(const Data& data) = 0; |
| 46 | |
| 47 | /** |
| 48 | * Check whether the received data packet complies with the verification policy, and get the indication of the next verification step. |
| 49 | * @param data The Data object with the signature to check. |
| 50 | * @param stepCount The number of verification steps that have been done, used to track the verification progress. |
| 51 | * @param onVerified If the signature is verified, this calls onVerified(data). |
| 52 | * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data). |
| 53 | * @return the indication of next verification step, null if there is no further step. |
| 54 | */ |
| 55 | virtual ptr_lib::shared_ptr<ValidationRequest> |
| 56 | checkVerificationPolicy |
Jeff Thompson | 31aeed8 | 2013-11-25 15:44:45 -0800 | [diff] [blame] | 57 | (const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed) = 0; |
Jeff Thompson | 3f3cfd3 | 2013-09-27 11:46:52 -0700 | [diff] [blame] | 58 | |
| 59 | /** |
| 60 | * Check if the signing certificate name and data name satisfy the signing policy. |
| 61 | * @param dataName The name of data to be signed. |
| 62 | * @param certificateName The name of signing certificate. |
| 63 | * @return true if the signing certificate can be used to sign the data, otherwise false. |
| 64 | */ |
| 65 | virtual bool |
| 66 | checkSigningPolicy(const Name& dataName, const Name& certificateName) = 0; |
| 67 | |
| 68 | /** |
| 69 | * Infer the signing identity name according to the policy. If the signing identity cannot be inferred, return an empty name. |
| 70 | * @param dataName The name of data to be signed. |
| 71 | * @return The signing identity or an empty name if cannot infer. |
| 72 | */ |
| 73 | virtual Name |
| 74 | inferSigningIdentity(const Name& dataName) = 0; |
| 75 | }; |
| 76 | |
| 77 | } |
| 78 | |
| 79 | #endif |