blob: d00bb3482735a6e5b62286bf84db8fc75cdb2499 [file] [log] [blame]
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
* Copyright (c) 2014-2017, Regents of the University of California
*
* This file is part of NDN DeLorean, An Authentication System for Data Archives in
* Named Data Networking. See AUTHORS.md for complete list of NDN DeLorean authors
* and contributors.
*
* NDN DeLorean is free software: you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later
* version.
*
* NDN DeLorean is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with NDN
* DeLorean, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*/
#include "checker.hpp"
#include <boost/algorithm/string.hpp>
namespace nsl {
namespace conf {
Checker::~Checker()
{
}
CustomizedChecker::CustomizedChecker(uint32_t sigType,
shared_ptr<KeyLocatorChecker> keyLocatorChecker)
: m_sigType(sigType)
, m_keyLocatorChecker(keyLocatorChecker)
{
switch (sigType) {
case tlv::SignatureSha256WithRsa:
case tlv::SignatureSha256WithEcdsa:
{
if (!static_cast<bool>(m_keyLocatorChecker))
throw Error("Strong signature requires KeyLocatorChecker");
return;
}
case tlv::DigestSha256:
return;
default:
throw Error("Unsupported signature type");
}
}
bool
CustomizedChecker::check(const Data& data)
{
const Signature signature = data.getSignature();
if (m_sigType != signature.getType())
return false;
if (signature.getType() == tlv::DigestSha256)
return true;
try {
switch (signature.getType()) {
case tlv::SignatureSha256WithRsa:
case tlv::SignatureSha256WithEcdsa:
{
if (!signature.hasKeyLocator())
return false;
break;
}
default:
return false;
}
}
catch (KeyLocator::Error&) {
return false;
}
catch (tlv::Error& e) {
return false;
}
std::string failInfo;
return m_keyLocatorChecker->check(data, signature.getKeyLocator(), failInfo);
}
HierarchicalChecker::HierarchicalChecker(uint32_t sigType)
: CustomizedChecker(sigType,
make_shared<HyperKeyLocatorNameChecker>("^(<>*)$", "\\1",
"^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$",
"\\1\\2",
KeyLocatorChecker::RELATION_IS_PREFIX_OF))
{
}
shared_ptr<Checker>
CheckerFactory::create(const ConfigSection& configSection)
{
ConfigSection::const_iterator propertyIt = configSection.begin();
// Get checker.type
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "type"))
throw Error("Expect <checker.type>");
std::string type = propertyIt->second.data();
if (boost::iequals(type, "customized"))
return createCustomizedChecker(configSection);
else if (boost::iequals(type, "hierarchical"))
return createHierarchicalChecker(configSection);
else
throw Error("Unsupported checker type: " + type);
}
shared_ptr<Checker>
CheckerFactory::createCustomizedChecker(const ConfigSection& configSection)
{
ConfigSection::const_iterator propertyIt = configSection.begin();
propertyIt++;
// Get checker.sig-type
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "sig-type"))
throw Error("Expect <checker.sig-type>");
std::string sigType = propertyIt->second.data();
propertyIt++;
// Get checker.key-locator
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "key-locator"))
throw Error("Expect <checker.key-locator>");
shared_ptr<KeyLocatorChecker> keyLocatorChecker =
KeyLocatorCheckerFactory::create(propertyIt->second);
propertyIt++;
if (propertyIt != configSection.end())
throw Error("Expect the end of checker");
return make_shared<CustomizedChecker>(getSigType(sigType), keyLocatorChecker);
}
shared_ptr<Checker>
CheckerFactory::createHierarchicalChecker(const ConfigSection& configSection)
{
ConfigSection::const_iterator propertyIt = configSection.begin();
propertyIt++;
// Get checker.sig-type
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "sig-type"))
throw Error("Expect <checker.sig-type>");
std::string sigType = propertyIt->second.data();
propertyIt++;
if (propertyIt != configSection.end())
throw Error("Expect the end of checker");
return make_shared<HierarchicalChecker>(getSigType(sigType));
}
uint32_t
CheckerFactory::getSigType(const std::string& sigType)
{
if (boost::iequals(sigType, "rsa-sha256"))
return tlv::SignatureSha256WithRsa;
else if (boost::iequals(sigType, "ecdsa-sha256"))
return tlv::SignatureSha256WithEcdsa;
else if (boost::iequals(sigType, "sha256"))
return tlv::DigestSha256;
else
throw Error("Unsupported signature type");
}
} // namespace conf
} // namespace nsl