Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
| 2 | /* |
Davide Pesavento | 51974f6 | 2024-12-21 20:42:45 -0500 | [diff] [blame] | 3 | * Copyright (c) 2013-2024 Regents of the University of California. |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
| 6 | * |
| 7 | * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| 8 | * terms of the GNU Lesser General Public License as published by the Free Software |
| 9 | * Foundation, either version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License and GNU Lesser |
| 16 | * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| 17 | * <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
| 20 | */ |
| 21 | |
Alexander Afanasyev | 09236c2 | 2020-06-03 13:42:38 -0400 | [diff] [blame] | 22 | #include "ndn-cxx/security/validation-policy-config.hpp" |
| 23 | #include "ndn-cxx/security/validator.hpp" |
Davide Pesavento | 7e78064 | 2018-11-24 15:51:34 -0500 | [diff] [blame] | 24 | #include "ndn-cxx/util/io.hpp" |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 25 | |
Davide Pesavento | 5df42a8 | 2018-03-08 20:06:51 -0500 | [diff] [blame] | 26 | #include <boost/algorithm/string/predicate.hpp> |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 27 | #include <boost/lexical_cast.hpp> |
| 28 | #include <boost/property_tree/info_parser.hpp> |
| 29 | |
Davide Pesavento | 51974f6 | 2024-12-21 20:42:45 -0500 | [diff] [blame] | 30 | #include <filesystem> |
Davide Pesavento | 5df42a8 | 2018-03-08 20:06:51 -0500 | [diff] [blame] | 31 | #include <fstream> |
| 32 | |
Davide Pesavento | 47ce2ee | 2023-05-09 01:33:33 -0400 | [diff] [blame] | 33 | namespace ndn::security::validator_config { |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 34 | |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 35 | void |
| 36 | ValidationPolicyConfig::load(const std::string& filename) |
| 37 | { |
Davide Pesavento | 5df42a8 | 2018-03-08 20:06:51 -0500 | [diff] [blame] | 38 | std::ifstream inputFile(filename); |
| 39 | if (!inputFile) { |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 40 | NDN_THROW(Error("Failed to read configuration file: " + filename)); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 41 | } |
| 42 | load(inputFile, filename); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 43 | } |
| 44 | |
| 45 | void |
| 46 | ValidationPolicyConfig::load(const std::string& input, const std::string& filename) |
| 47 | { |
| 48 | std::istringstream inputStream(input); |
| 49 | load(inputStream, filename); |
| 50 | } |
| 51 | |
| 52 | void |
| 53 | ValidationPolicyConfig::load(std::istream& input, const std::string& filename) |
| 54 | { |
| 55 | ConfigSection tree; |
| 56 | try { |
| 57 | boost::property_tree::read_info(input, tree); |
| 58 | } |
Davide Pesavento | 5df42a8 | 2018-03-08 20:06:51 -0500 | [diff] [blame] | 59 | catch (const boost::property_tree::info_parser_error& e) { |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 60 | NDN_THROW(Error("Failed to parse configuration file " + filename + |
| 61 | " line " + to_string(e.line()) + ": " + e.message())); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 62 | } |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 63 | load(tree, filename); |
| 64 | } |
| 65 | |
| 66 | void |
Davide Pesavento | 5df42a8 | 2018-03-08 20:06:51 -0500 | [diff] [blame] | 67 | ValidationPolicyConfig::load(const ConfigSection& configSection, const std::string& filename) |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 68 | { |
Davide Pesavento | 0a6456c | 2019-11-14 00:33:11 -0500 | [diff] [blame] | 69 | BOOST_ASSERT(!filename.empty()); |
| 70 | |
Alexander Afanasyev | 7b11246 | 2018-10-17 11:51:52 -0400 | [diff] [blame] | 71 | if (m_validator == nullptr) { |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 72 | NDN_THROW(Error("Validator instance not assigned on the policy")); |
Alexander Afanasyev | 7b11246 | 2018-10-17 11:51:52 -0400 | [diff] [blame] | 73 | } |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 74 | if (m_isConfigured) { |
Alexander Afanasyev | 6aff024 | 2017-08-29 17:14:44 -0400 | [diff] [blame] | 75 | m_shouldBypass = false; |
| 76 | m_dataRules.clear(); |
| 77 | m_interestRules.clear(); |
Alexander Afanasyev | 6aff024 | 2017-08-29 17:14:44 -0400 | [diff] [blame] | 78 | m_validator->resetAnchors(); |
| 79 | m_validator->resetVerifiedCertificates(); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 80 | } |
| 81 | m_isConfigured = true; |
| 82 | |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 83 | for (const auto& subSection : configSection) { |
| 84 | const std::string& sectionName = subSection.first; |
| 85 | const ConfigSection& section = subSection.second; |
| 86 | |
| 87 | if (boost::iequals(sectionName, "rule")) { |
| 88 | auto rule = Rule::create(section, filename); |
| 89 | if (rule->getPktType() == tlv::Data) { |
| 90 | m_dataRules.push_back(std::move(rule)); |
| 91 | } |
| 92 | else if (rule->getPktType() == tlv::Interest) { |
| 93 | m_interestRules.push_back(std::move(rule)); |
| 94 | } |
| 95 | } |
| 96 | else if (boost::iequals(sectionName, "trust-anchor")) { |
| 97 | processConfigTrustAnchor(section, filename); |
| 98 | } |
| 99 | else { |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 100 | NDN_THROW(Error("Error processing configuration file " + filename + |
| 101 | ": unrecognized section " + sectionName)); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 102 | } |
| 103 | } |
| 104 | } |
| 105 | |
| 106 | void |
Davide Pesavento | 5df42a8 | 2018-03-08 20:06:51 -0500 | [diff] [blame] | 107 | ValidationPolicyConfig::processConfigTrustAnchor(const ConfigSection& configSection, |
| 108 | const std::string& filename) |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 109 | { |
Davide Pesavento | 5df42a8 | 2018-03-08 20:06:51 -0500 | [diff] [blame] | 110 | auto propertyIt = configSection.begin(); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 111 | |
| 112 | // Get trust-anchor.type |
| 113 | if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "type")) { |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 114 | NDN_THROW(Error("Expecting <trust-anchor.type>")); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 115 | } |
| 116 | |
Davide Pesavento | 51974f6 | 2024-12-21 20:42:45 -0500 | [diff] [blame] | 117 | auto baseDir = std::filesystem::absolute(filename).parent_path().lexically_normal(); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 118 | std::string type = propertyIt->second.data(); |
| 119 | propertyIt++; |
| 120 | |
| 121 | if (boost::iequals(type, "file")) { |
| 122 | // Get trust-anchor.file |
| 123 | if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "file-name")) { |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 124 | NDN_THROW(Error("Expecting <trust-anchor.file-name>")); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 125 | } |
| 126 | |
| 127 | std::string file = propertyIt->second.data(); |
| 128 | propertyIt++; |
| 129 | |
| 130 | time::nanoseconds refresh = getRefreshPeriod(propertyIt, configSection.end()); |
Davide Pesavento | 5df42a8 | 2018-03-08 20:06:51 -0500 | [diff] [blame] | 131 | if (propertyIt != configSection.end()) |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 132 | NDN_THROW(Error("Expecting end of <trust-anchor>")); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 133 | |
Davide Pesavento | 51974f6 | 2024-12-21 20:42:45 -0500 | [diff] [blame] | 134 | m_validator->loadAnchor(file, baseDir / file, refresh, false); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 135 | } |
| 136 | else if (boost::iequals(type, "base64")) { |
| 137 | // Get trust-anchor.base64-string |
| 138 | if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "base64-string")) |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 139 | NDN_THROW(Error("Expecting <trust-anchor.base64-string>")); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 140 | |
| 141 | std::stringstream ss(propertyIt->second.data()); |
| 142 | propertyIt++; |
| 143 | |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 144 | if (propertyIt != configSection.end()) |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 145 | NDN_THROW(Error("Expecting end of <trust-anchor>")); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 146 | |
| 147 | auto idCert = io::load<Certificate>(ss); |
| 148 | if (idCert != nullptr) { |
| 149 | m_validator->loadAnchor("", std::move(*idCert)); |
| 150 | } |
| 151 | else { |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 152 | NDN_THROW(Error("Cannot decode certificate from base64-string")); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 153 | } |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 154 | } |
| 155 | else if (boost::iequals(type, "dir")) { |
| 156 | if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "dir")) |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 157 | NDN_THROW(Error("Expecting <trust-anchor.dir>")); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 158 | |
| 159 | std::string dirString(propertyIt->second.data()); |
| 160 | propertyIt++; |
| 161 | |
| 162 | time::nanoseconds refresh = getRefreshPeriod(propertyIt, configSection.end()); |
Davide Pesavento | 5df42a8 | 2018-03-08 20:06:51 -0500 | [diff] [blame] | 163 | if (propertyIt != configSection.end()) |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 164 | NDN_THROW(Error("Expecting end of <trust-anchor>")); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 165 | |
Davide Pesavento | 51974f6 | 2024-12-21 20:42:45 -0500 | [diff] [blame] | 166 | m_validator->loadAnchor(dirString, baseDir / dirString, refresh, true); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 167 | } |
| 168 | else if (boost::iequals(type, "any")) { |
| 169 | m_shouldBypass = true; |
| 170 | } |
| 171 | else { |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 172 | NDN_THROW(Error("Unrecognized <trust-anchor.type>: " + type)); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 173 | } |
| 174 | } |
| 175 | |
| 176 | time::nanoseconds |
| 177 | ValidationPolicyConfig::getRefreshPeriod(ConfigSection::const_iterator& it, |
| 178 | const ConfigSection::const_iterator& end) |
| 179 | { |
Davide Pesavento | 5df42a8 | 2018-03-08 20:06:51 -0500 | [diff] [blame] | 180 | auto refresh = time::nanoseconds::max(); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 181 | if (it == end) { |
| 182 | return refresh; |
| 183 | } |
| 184 | |
| 185 | if (!boost::iequals(it->first, "refresh")) { |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 186 | NDN_THROW(Error("Expecting <trust-anchor.refresh>")); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 187 | } |
| 188 | |
| 189 | std::string inputString = it->second.data(); |
| 190 | ++it; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 191 | char unit = inputString[inputString.size() - 1]; |
| 192 | std::string refreshString = inputString.substr(0, inputString.size() - 1); |
| 193 | |
Davide Pesavento | 5df42a8 | 2018-03-08 20:06:51 -0500 | [diff] [blame] | 194 | int32_t refreshPeriod = -1; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 195 | try { |
Davide Pesavento | 5df42a8 | 2018-03-08 20:06:51 -0500 | [diff] [blame] | 196 | refreshPeriod = boost::lexical_cast<int32_t>(refreshString); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 197 | } |
| 198 | catch (const boost::bad_lexical_cast&) { |
Davide Pesavento | 5df42a8 | 2018-03-08 20:06:51 -0500 | [diff] [blame] | 199 | // pass |
| 200 | } |
| 201 | if (refreshPeriod < 0) { |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 202 | NDN_THROW(Error("Bad refresh value: " + refreshString)); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 203 | } |
| 204 | |
| 205 | if (refreshPeriod == 0) { |
| 206 | return getDefaultRefreshPeriod(); |
| 207 | } |
| 208 | |
| 209 | switch (unit) { |
| 210 | case 'h': |
Davide Pesavento | 0f83080 | 2018-01-16 23:58:58 -0500 | [diff] [blame] | 211 | return time::hours(refreshPeriod); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 212 | case 'm': |
Davide Pesavento | 0f83080 | 2018-01-16 23:58:58 -0500 | [diff] [blame] | 213 | return time::minutes(refreshPeriod); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 214 | case 's': |
Davide Pesavento | 0f83080 | 2018-01-16 23:58:58 -0500 | [diff] [blame] | 215 | return time::seconds(refreshPeriod); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 216 | default: |
Davide Pesavento | 923ba44 | 2019-02-12 22:00:38 -0500 | [diff] [blame] | 217 | NDN_THROW(Error("Bad refresh time unit: "s + unit)); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 218 | } |
| 219 | } |
| 220 | |
| 221 | time::nanoseconds |
| 222 | ValidationPolicyConfig::getDefaultRefreshPeriod() |
| 223 | { |
Davide Pesavento | 0f83080 | 2018-01-16 23:58:58 -0500 | [diff] [blame] | 224 | return 1_h; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 225 | } |
| 226 | |
| 227 | void |
| 228 | ValidationPolicyConfig::checkPolicy(const Data& data, const shared_ptr<ValidationState>& state, |
| 229 | const ValidationContinuation& continueValidation) |
| 230 | { |
| 231 | BOOST_ASSERT_MSG(!hasInnerPolicy(), "ValidationPolicyConfig must be a terminal inner policy"); |
| 232 | |
| 233 | if (m_shouldBypass) { |
| 234 | return continueValidation(nullptr, state); |
| 235 | } |
| 236 | |
Davide Pesavento | 2acce25 | 2022-09-08 22:03:03 -0400 | [diff] [blame] | 237 | Name klName = getKeyLocatorName(data.getSignatureInfo(), *state); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 238 | if (!state->getOutcome()) { // already failed |
| 239 | return; |
| 240 | } |
| 241 | |
Davide Pesavento | 2acce25 | 2022-09-08 22:03:03 -0400 | [diff] [blame] | 242 | auto sigType = tlv::SignatureTypeValue(data.getSignatureType()); |
| 243 | |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 244 | for (const auto& rule : m_dataRules) { |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 245 | if (rule->match(tlv::Data, data.getName(), state)) { |
Davide Pesavento | 2acce25 | 2022-09-08 22:03:03 -0400 | [diff] [blame] | 246 | if (rule->check(tlv::Data, sigType, data.getName(), klName, state)) { |
Junxiao Shi | b55e5d3 | 2018-07-18 13:32:00 -0600 | [diff] [blame] | 247 | return continueValidation(make_shared<CertificateRequest>(klName), state); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 248 | } |
| 249 | // rule->check calls state->fail(...) if the check fails |
| 250 | return; |
| 251 | } |
| 252 | } |
| 253 | |
Davide Pesavento | 5df42a8 | 2018-03-08 20:06:51 -0500 | [diff] [blame] | 254 | return state->fail({ValidationError::POLICY_ERROR, |
| 255 | "No rule matched for data `" + data.getName().toUri() + "`"}); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 256 | } |
| 257 | |
| 258 | void |
| 259 | ValidationPolicyConfig::checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state, |
| 260 | const ValidationContinuation& continueValidation) |
| 261 | { |
| 262 | BOOST_ASSERT_MSG(!hasInnerPolicy(), "ValidationPolicyConfig must be a terminal inner policy"); |
| 263 | |
| 264 | if (m_shouldBypass) { |
| 265 | return continueValidation(nullptr, state); |
| 266 | } |
| 267 | |
Davide Pesavento | 2acce25 | 2022-09-08 22:03:03 -0400 | [diff] [blame] | 268 | auto sigInfo = getSignatureInfo(interest, *state); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 269 | if (!state->getOutcome()) { // already failed |
| 270 | return; |
| 271 | } |
| 272 | |
Davide Pesavento | 2acce25 | 2022-09-08 22:03:03 -0400 | [diff] [blame] | 273 | Name klName = getKeyLocatorName(sigInfo, *state); |
| 274 | if (!state->getOutcome()) { // already failed |
| 275 | return; |
| 276 | } |
| 277 | |
| 278 | auto sigType = tlv::SignatureTypeValue(sigInfo.getSignatureType()); |
| 279 | |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 280 | for (const auto& rule : m_interestRules) { |
Eric Newberry | 17d7c47 | 2020-06-18 21:29:22 -0700 | [diff] [blame] | 281 | if (rule->match(tlv::Interest, interest.getName(), state)) { |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame] | 282 | if (rule->check(tlv::Interest, sigType, interest.getName(), klName, state)) { |
Junxiao Shi | b55e5d3 | 2018-07-18 13:32:00 -0600 | [diff] [blame] | 283 | return continueValidation(make_shared<CertificateRequest>(klName), state); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 284 | } |
| 285 | // rule->check calls state->fail(...) if the check fails |
| 286 | return; |
| 287 | } |
| 288 | } |
| 289 | |
Davide Pesavento | 5df42a8 | 2018-03-08 20:06:51 -0500 | [diff] [blame] | 290 | return state->fail({ValidationError::POLICY_ERROR, |
| 291 | "No rule matched for interest `" + interest.getName().toUri() + "`"}); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 292 | } |
| 293 | |
Davide Pesavento | 47ce2ee | 2023-05-09 01:33:33 -0400 | [diff] [blame] | 294 | } // namespace ndn::security::validator_config |