commit 77627ab8ce1cdf3ed06e96dfb52f9da2655897e9
author Yingdi Yu <yuyingdi@gmail.com> Tue Jul 21 16:13:49 2015 -0700
committer Yingdi Yu <yuyingdi@gmail.com> Wed Jul 22 10:56:21 2015 -0700
tree 8a2fbe121599e9170c5886e2f8a6b6852cf7a276
parent 4bd28fc8394a53a49fc283ead2bdc6a77893da4c

Move pib service from ndn-cxx to ndn-tools

Code is copied from ndn-cxx:commit:e1c8c4cfffb33dca13c8ca7d7ef04c7401a7cbef,
(gerrit change-id Ieea485c0ebdce9fb9c876cad005cb95fd8e0c899)
with minor changes for changing include paths and building script.

Change-Id: I77b94fe69b20f04c338e7be7387125f709fa9e1a
Refs: #3018

tools/pib/delete-query-processor.cpp

diff --git a/tools/pib/delete-query-processor.cpp b/tools/pib/delete-query-processor.cpp
new file mode 100644
index 0000000..9174784
--- /dev/null
+++ b/tools/pib/delete-query-processor.cpp
@@ -0,0 +1,205 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2015 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "delete-query-processor.hpp"
+#include "encoding/pib-encoding.hpp"
+#include "pib.hpp"
+
+#include <boost/lexical_cast.hpp>
+
+namespace ndn {
+namespace pib {
+
+using std::string;
+
+const size_t DeleteQueryProcessor::DELETE_QUERY_LENGTH = 9;
+const Name DeleteQueryProcessor::PIB_PREFIX("/localhost/pib");
+
+DeleteQueryProcessor::DeleteQueryProcessor(PibDb& db)
+  : m_db(db)
+{
+}
+
+std::pair<bool, Block>
+DeleteQueryProcessor::operator()(const Interest& interest)
+{
+  const Name& interestName = interest.getName();
+
+  // handle pib query: /localhost/pib/[UserName]/delete/param/<signed_interest_related_components>
+  if (interestName.size() != DELETE_QUERY_LENGTH) {
+    // malformed interest, discard
+    return std::make_pair(false, Block());
+  }
+
+  try {
+    DeleteParam param;
+    param.wireDecode(interestName.get(OFFSET_PARAM).blockFromValue());
+
+    SignatureInfo sigInfo;
+    sigInfo.wireDecode(interestName.get(OFFSET_SIG_INFO).blockFromValue());
+
+    // sigInfo must have KeyLocator.Name if the interest passed validation.
+    Name signerName;
+    signerName = sigInfo.getKeyLocator().getName();
+
+    switch (param.getTargetType()) {
+    case TYPE_USER:
+      return std::make_pair(true, PibError(ERR_WRONG_PARAM, "not allowed to delete user").wireEncode());
+    case TYPE_ID:
+      return processDeleteIdQuery(param, signerName);
+    case TYPE_KEY:
+      return processDeleteKeyQuery(param, signerName);
+    case TYPE_CERT:
+      return processDeleteCertQuery(param, signerName);
+    default:
+      {
+        PibError error(ERR_WRONG_PARAM,
+                       "target type is not supported: " +
+                       boost::lexical_cast<string>(param.getTargetType()));
+        return std::make_pair(true, error.wireEncode());
+      }
+    }
+  }
+  catch (const PibDb::Error& e) {
+    PibError error(ERR_INTERNAL_ERROR, e.what());
+    return std::make_pair(true, error.wireEncode());
+  }
+  catch (const tlv::Error& e) {
+    PibError error(ERR_WRONG_PARAM, "error in parsing param: " + string(e.what()));
+    return std::make_pair(true, error.wireEncode());
+  }
+}
+
+std::pair<bool, Block>
+DeleteQueryProcessor::processDeleteIdQuery(const DeleteParam& param, const Name& signerName)
+{
+  Name identity = param.getTargetName();
+  if (!isDeleteAllowed(TYPE_ID, identity, signerName)) {
+    PibError error(ERR_WRONG_SIGNER, "signer is not trusted for this command");
+    return std::make_pair(true, error.wireEncode());
+  }
+
+  m_db.deleteIdentity(identity);
+
+  return std::make_pair(true, PibError(ERR_SUCCESS).wireEncode());
+}
+
+std::pair<bool, Block>
+DeleteQueryProcessor::processDeleteKeyQuery(const DeleteParam& param, const Name& signerName)
+{
+  const Name& keyName = param.getTargetName();
+  if (!isDeleteAllowed(TYPE_KEY, keyName, signerName)) {
+    PibError error(ERR_WRONG_SIGNER, "signer is not trusted for this command");
+    return std::make_pair(true, error.wireEncode());
+  }
+
+  m_db.deleteKey(keyName);
+
+  return std::make_pair(true, PibError(ERR_SUCCESS).wireEncode());
+}
+
+std::pair<bool, Block>
+DeleteQueryProcessor::processDeleteCertQuery(const DeleteParam& param, const Name& signerName)
+{
+  const Name& certName = param.getTargetName();
+  if (!isDeleteAllowed(TYPE_CERT, certName, signerName)) {
+    PibError error(ERR_WRONG_SIGNER, "signer is not trusted for this command");
+    return std::make_pair(true, error.wireEncode());
+  }
+
+  m_db.deleteCertificate(certName);
+
+  return std::make_pair(true, PibError(ERR_SUCCESS).wireEncode());
+}
+
+bool
+DeleteQueryProcessor::isDeleteAllowed(const pib::Type targetType,
+                                      const Name& targetName,
+                                      const Name& signer) const
+{
+  // sanity checking, user cannot be deleted.
+  if (targetType == TYPE_USER)
+    return false;
+
+  // Any identity with prefix /localhost/pib is reserved. Any operation with a targetName under
+  // that prefix will be rejected.
+  if (PIB_PREFIX.isPrefixOf(targetName))
+    return false;
+
+  // Rules for other items:
+  //
+  //    signer                   | deleting privilege
+  //    =========================+===============================================
+  //    local mgmt key           | any id, key, and cert
+  //    -------------------------+-----------------------------------------------
+  //    default key of an id     | any id, key, and cert under the id's namespace
+  //    -------------------------+-----------------------------------------------
+  //    non-default key of an id | any cert of the key
+
+  const Name& signerKeyName = IdentityCertificate::certificateNameToPublicKeyName(signer);
+  const Name& signerId = signerKeyName.getPrefix(-1);
+
+  bool hasSignerDefaultKey = true;
+  Name signerDefaultKeyName;
+  try {
+    signerDefaultKeyName = m_db.getDefaultKeyNameOfIdentity(signerId);
+  }
+  catch (PibDb::Error&) {
+    hasSignerDefaultKey = false;
+  }
+
+  Name mgmtCertName;
+  try {
+    mgmtCertName = m_db.getMgmtCertificate()->getName().getPrefix(-1);
+  }
+  catch (PibDb::Error&) {
+    return false;
+  }
+
+  if (signer == mgmtCertName) {
+    // signer is current management key, anything is allowed.
+    return true;
+  }
+  else if (hasSignerDefaultKey && signerDefaultKeyName == signerKeyName) {
+    // signer is an identity's default key
+    if (!signerId.isPrefixOf(targetName))
+      return false;
+    else
+      return true;
+  }
+  else {
+    // non-default key
+    if (targetType == TYPE_CERT) {
+      // check if it is for the key's cert
+      if (IdentityCertificate::certificateNameToPublicKeyName(targetName) == signerKeyName)
+        return true;
+    }
+    else if (targetType == TYPE_KEY) {
+      // check if it is for the key itself
+      if (targetName == signerKeyName)
+        return true;
+    }
+    return false;
+  }
+}
+
+} // namespace pib
+} // namespace ndn