blob: e3879bbc1eb3224b591df397b6807660a1588b29 [file] [log] [blame]
Jeff Thompson3f3cfd32013-09-27 11:46:52 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
3 * Copyright (C) 2013 Regents of the University of California.
4 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
5 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
6 * See COPYING for copyright and distribution information.
7 */
8
Yingdi Yu4f324632014-01-15 18:10:03 -08009#ifndef NDN_SEC_POLICY_HPP
10#define NDN_SEC_POLICY_HPP
Jeff Thompson3f3cfd32013-09-27 11:46:52 -070011
Yingdi Yu4f324632014-01-15 18:10:03 -080012#include "../data.hpp"
Yingdi Yu2abd73f2014-01-08 23:34:11 -080013#include "validation-request.hpp"
Jeff Thompson3f3cfd32013-09-27 11:46:52 -070014
15namespace ndn {
Jeff Thompson3f3cfd32013-09-27 11:46:52 -070016
17/**
Yingdi Yu4f324632014-01-15 18:10:03 -080018 * A SecPolicy is an abstract base class to represent the policy for verifying data packets.
Jeff Thompson3f3cfd32013-09-27 11:46:52 -070019 * You must create an object of a subclass.
20 */
Yingdi Yu4f324632014-01-15 18:10:03 -080021class SecPolicy {
Jeff Thompson3f3cfd32013-09-27 11:46:52 -070022public:
Yingdi Yu2abd73f2014-01-08 23:34:11 -080023 struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
24
Jeff Thompson3f3cfd32013-09-27 11:46:52 -070025 /**
26 * The virtual destructor.
27 */
28 virtual
Yingdi Yu4f324632014-01-15 18:10:03 -080029 ~SecPolicy() {}
Jeff Thompson3f3cfd32013-09-27 11:46:52 -070030
31 /**
32 * Check if the received data packet can escape from verification and be trusted as valid.
33 * @param data The received data packet.
34 * @return true if the data does not need to be verified to be trusted as valid, otherwise false.
35 */
36 virtual bool
37 skipVerifyAndTrust(const Data& data) = 0;
38
39 /**
Yingdi Yu4f324632014-01-15 18:10:03 -080040 * Check if this SecPolicy has a verification rule for the received data.
Jeff Thompson3f3cfd32013-09-27 11:46:52 -070041 * @param data The received data packet.
42 * @return true if the data must be verified, otherwise false.
43 */
44 virtual bool
45 requireVerify(const Data& data) = 0;
46
47 /**
48 * Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.
49 * @param data The Data object with the signature to check.
50 * @param stepCount The number of verification steps that have been done, used to track the verification progress.
51 * @param onVerified If the signature is verified, this calls onVerified(data).
52 * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
53 * @return the indication of next verification step, null if there is no further step.
54 */
55 virtual ptr_lib::shared_ptr<ValidationRequest>
56 checkVerificationPolicy
Jeff Thompson31aeed82013-11-25 15:44:45 -080057 (const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed) = 0;
Jeff Thompson3f3cfd32013-09-27 11:46:52 -070058
59 /**
60 * Check if the signing certificate name and data name satisfy the signing policy.
61 * @param dataName The name of data to be signed.
62 * @param certificateName The name of signing certificate.
63 * @return true if the signing certificate can be used to sign the data, otherwise false.
64 */
65 virtual bool
66 checkSigningPolicy(const Name& dataName, const Name& certificateName) = 0;
67
68 /**
69 * Infer the signing identity name according to the policy. If the signing identity cannot be inferred, return an empty name.
70 * @param dataName The name of data to be signed.
71 * @return The signing identity or an empty name if cannot infer.
72 */
73 virtual Name
74 inferSigningIdentity(const Name& dataName) = 0;
75};
76
77}
78
79#endif