Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / fc40d878d99d636009659329c614cf38c31039e6 / . / src / security / validator-regex.cpp
blob: 6569b5826d547b21231fba0269ba8ff2a8a6cf97 [file] [log] [blame]
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
3 * Copyright (C) 2013 Regents of the University of California.
4 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
5 * See COPYING for copyright and distribution information.
6 */
7
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]8#include "common.hpp"
9
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]10#include "validator-regex.hpp"
11#include "signature-sha256-with-rsa.hpp"
12#include "certificate-cache-ttl.hpp"
13
14#include "../util/logging.hpp"
15
16INIT_LOGGER("ndn::ValidatorRegex");
17
18using namespace std;
19
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame^]20namespace ndn {
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]21
22const shared_ptr<CertificateCache> ValidatorRegex::DefaultCertificateCache = shared_ptr<CertificateCache>();
23
24ValidatorRegex::ValidatorRegex(shared_ptr<Face> face,
25 shared_ptr<CertificateCache> certificateCache /* = DefaultCertificateCache */,
26 const int stepLimit /* = 3 */)
27 : Validator(face)
28 , m_stepLimit(stepLimit)
29 , m_certificateCache(certificateCache)
30{
31 if(!static_cast<bool>(face))
32 throw Error("Face is not set!");
33
34 if(!static_cast<bool>(m_certificateCache))
35 m_certificateCache = make_shared<CertificateCacheTtl>(m_face->ioService());
36}
37
38void
39ValidatorRegex::onCertificateValidated(const shared_ptr<const Data> &signCertificate,
40 const shared_ptr<const Data> &data,
41 const OnDataValidated &onValidated,
42 const OnDataValidationFailed &onValidationFailed)
43{
44 shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>(*signCertificate);
45
46 if(!certificate->isTooLate() && !certificate->isTooEarly())
47 {
48 m_certificateCache->insertCertificate(certificate);
49
50 try{
51 if(verifySignature(*data, certificate->getPublicKeyInfo()))
52 {
53 onValidated(data);
54 return;
55 }
56 }catch(Signature::Error &e){
57 _LOG_DEBUG("ValidatorRegex Error: " << e.what());
58 onValidationFailed(data);
59 return;
60 }
61 }
62 else
63 {
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame^]64 _LOG_DEBUG("Wrong validity:");
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]65 onValidationFailed(data);
66 return;
67 }
68}
69
70void
71ValidatorRegex::onCertificateValidationFailed(const shared_ptr<const Data> &signCertificate,
72 const shared_ptr<const Data> &data,
73 const OnDataValidationFailed &onValidationFailed)
74{ onValidationFailed(data); }
75
76void
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]77ValidatorRegex::checkPolicy(const Data& data,
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]78 int stepCount,
79 const OnDataValidated &onValidated,
80 const OnDataValidationFailed &onValidationFailed,
81 vector<shared_ptr<ValidationRequest> > &nextSteps)
82{
83 if(m_stepLimit == stepCount){
84 _LOG_DEBUG("reach the maximum steps of verification");
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]85 onValidationFailed(data.shared_from_this());
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]86 return;
87 }
88
89 RuleList::iterator it = m_mustFailVerify.begin();
90 for(; it != m_mustFailVerify.end(); it++)
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]91 if((*it)->satisfy(data))
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]92 {
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]93 onValidationFailed(data.shared_from_this());
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]94 return;
95 }
96
97 it = m_verifyPolicies.begin();
98 for(; it != m_verifyPolicies.end(); it++)
99 {
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]100 if((*it)->satisfy(data))
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]101 {
102 try{
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]103 SignatureSha256WithRsa sig(data.getSignature());
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]104
105 Name keyLocatorName = sig.getKeyLocator().getName();
106 shared_ptr<const Certificate> trustedCert;
107 if(m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName))
108 trustedCert = m_certificateCache->getCertificate(keyLocatorName);
109 else
110 trustedCert = m_trustAnchors[keyLocatorName];
111
112 if(static_cast<bool>(trustedCert)){
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]113 if(verifySignature(data, sig, trustedCert->getPublicKeyInfo()))
114 onValidated(data.shared_from_this());
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]115 else
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]116 onValidationFailed(data.shared_from_this());
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]117
118 return;
119 }
120 else{
121 // _LOG_DEBUG("KeyLocator is not trust anchor");
122 OnDataValidated onKeyValidated = bind(&ValidatorRegex::onCertificateValidated, this,
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]123 _1, data.shared_from_this(), onValidated, onValidationFailed);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]124
125 OnDataValidationFailed onKeyValidationFailed = bind(&ValidatorRegex::onCertificateValidationFailed, this,
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]126 _1, data.shared_from_this(), onValidationFailed);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]127
128 shared_ptr<ValidationRequest> nextStep = make_shared<ValidationRequest>(Interest(boost::cref(sig.getKeyLocator().getName())),
129 onKeyValidated,
130 onKeyValidationFailed,
131 3,
132 stepCount + 1);
133 nextSteps.push_back(nextStep);
134 return;
135 }
136 }catch(SignatureSha256WithRsa::Error &e){
137 _LOG_DEBUG("ValidatorRegex Error: " << e.what());
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]138 onValidationFailed(data.shared_from_this());
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]139 return;
140 }catch(KeyLocator::Error &e){
141 _LOG_DEBUG("ValidatorRegex Error: " << e.what());
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]142 onValidationFailed(data.shared_from_this());
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]143 return;
144 }
145 }
146 }
147
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]148 onValidationFailed(data.shared_from_this());
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]149 return;
150}
151
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame^]152} // namespace ndn