Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / fc7d33a98ef48da679a5cec0d0c44767ec137053 / . / src / security / validator-regex.hpp
blob: fd006c48458efd9b2389b8418021f4040c42fa35 [file] [log] [blame]
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]3 * Copyright (c) 2013-2014, Regents of the University of California.
4 * All rights reserved.
5 *
6 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
7 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
8 *
9 * This file licensed under New BSD License. See COPYING for detailed information about
10 * ndn-cxx library copyright, permissions, and redistribution restrictions.
11 *
12 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]13 */
14
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]15#ifndef NDN_SECURITY_VALIDATOR_REGEX_HPP
16#define NDN_SECURITY_VALIDATOR_REGEX_HPP
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]17
18#include "validator.hpp"
19#include "identity-certificate.hpp"
20#include "sec-rule-relative.hpp"
21#include "certificate-cache.hpp"
22#include "../util/regex.hpp"
23
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]24namespace ndn {
25
26class ValidatorRegex : public Validator
27{
28public:
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]29 class Error : public Validator::Error
30 {
31 public:
32 explicit
33 Error(const std::string& what)
34 : Validator::Error(what)
35 {
36 }
37 };
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]38
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]39 static const shared_ptr<CertificateCache> DEFAULT_CERTIFICATE_CACHE;
40
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]41 ValidatorRegex(Face& face,
42 shared_ptr<CertificateCache> certificateCache = DEFAULT_CERTIFICATE_CACHE,
43 const int stepLimit = 3);
44
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]45 virtual
46 ~ValidatorRegex()
47 {
48 }
49
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]50 /**
51 * @brief Add a rule for data verification.
52 *
53 * @param policy The verification rule
54 */
55 inline void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]56 addDataVerificationRule(shared_ptr<SecRuleRelative> rule);
57
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]58 /**
59 * @brief Add a trust anchor
60 *
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]61 * @param certificate The trust anchor
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]62 */
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]63 inline void
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]64 addTrustAnchor(shared_ptr<IdentityCertificate> certificate);
65
66protected:
67 virtual void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]68 checkPolicy(const Data& data,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]69 int nSteps,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]70 const OnDataValidated& onValidated,
71 const OnDataValidationFailed& onValidationFailed,
72 std::vector<shared_ptr<ValidationRequest> >& nextSteps);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]73
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]74 virtual void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]75 checkPolicy(const Interest& interest,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]76 int nSteps,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]77 const OnInterestValidated& onValidated,
78 const OnInterestValidationFailed& onValidationFailed,
79 std::vector<shared_ptr<ValidationRequest> >& nextSteps)
80 {
81 onValidationFailed(interest.shared_from_this(), "No policy for signed interest checking");
82 }
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]83
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]84 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]85 onCertificateValidated(const shared_ptr<const Data>& signCertificate,
86 const shared_ptr<const Data>& data,
87 const OnDataValidated& onValidated,
88 const OnDataValidationFailed& onValidationFailed);
89
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]90 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]91 onCertificateValidationFailed(const shared_ptr<const Data>& signCertificate,
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]92 const std::string& failureInfo,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]93 const shared_ptr<const Data>& data,
94 const OnDataValidationFailed& onValidationFailed);
95
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]96protected:
97 typedef std::vector< shared_ptr<SecRuleRelative> > RuleList;
98 typedef std::vector< shared_ptr<Regex> > RegexList;
99
100 int m_stepLimit;
101 shared_ptr<CertificateCache> m_certificateCache;
102 RuleList m_mustFailVerify;
103 RuleList m_verifyPolicies;
104 std::map<Name, shared_ptr<IdentityCertificate> > m_trustAnchors;
105};
106
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]107inline void
108ValidatorRegex::addDataVerificationRule(shared_ptr<SecRuleRelative> rule)
109{
110 rule->isPositive() ? m_verifyPolicies.push_back(rule) : m_mustFailVerify.push_back(rule);
111}
112
113inline void
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]114ValidatorRegex::addTrustAnchor(shared_ptr<IdentityCertificate> certificate)
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]115{
116 m_trustAnchors[certificate->getName().getPrefix(-1)] = certificate;
117}
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]118
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]119} // namespace ndn
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]120
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]121#endif //NDN_SECURITY_VALIDATOR_REGEX_HPP