blob: ad3443c1b142aac8b7d1eaebd84e001c3c8cda24 [file] [log] [blame]
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Alexander Afanasyev9bcbc7c2014-04-06 19:37:37 -07003 * Copyright (c) 2014 Regents of the University of California,
4 * Arizona Board of Regents,
5 * Colorado State University,
6 * University Pierre & Marie Curie, Sorbonne University,
7 * Washington University in St. Louis,
8 * Beijing Institute of Technology
9 *
10 * This file is part of NFD (Named Data Networking Forwarding Daemon).
11 * See AUTHORS.md for complete list of NFD authors and contributors.
12 *
13 * NFD is free software: you can redistribute it and/or modify it under the terms
14 * of the GNU General Public License as published by the Free Software Foundation,
15 * either version 3 of the License, or (at your option) any later version.
16 *
17 * NFD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
18 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
19 * PURPOSE. See the GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along with
22 * NFD, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
23 **/
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -070024
25#include "command-validator.hpp"
Steve DiBenedettobf6a93d2014-03-21 14:03:02 -060026#include "core/logger.hpp"
27
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -070028#include <ndn-cpp-dev/util/io.hpp>
29#include <ndn-cpp-dev/security/identity-certificate.hpp>
30
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -060031#include <boost/filesystem.hpp>
Davide Pesavento52a18f92014-04-10 00:55:01 +020032#include <fstream>
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -060033
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -070034namespace nfd {
35
36NFD_LOG_INIT("CommandValidator");
37
38CommandValidator::CommandValidator()
39{
40
41}
42
43CommandValidator::~CommandValidator()
44{
45
46}
47
48void
49CommandValidator::setConfigFile(ConfigFile& configFile)
50{
51 configFile.addSectionHandler("authorizations",
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -060052 bind(&CommandValidator::onConfig, this, _1, _2, _3));
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -070053}
54
55static inline void
56aggregateErrors(std::stringstream& ss, const std::string& msg)
57{
58 if (!ss.str().empty())
59 {
60 ss << "\n";
61 }
62 ss << msg;
63}
64
65void
66CommandValidator::onConfig(const ConfigSection& section,
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -060067 bool isDryRun,
68 const std::string& filename)
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -070069{
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -060070 using namespace boost::filesystem;
71
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -070072 const ConfigSection EMPTY_SECTION;
73
74 if (section.begin() == section.end())
75 {
76 throw ConfigFile::Error("No authorize sections found");
77 }
78
79 std::stringstream dryRunErrors;
80 ConfigSection::const_iterator authIt;
81 for (authIt = section.begin(); authIt != section.end(); authIt++)
82 {
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -060083 std::string certfile;
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -070084 try
85 {
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -060086 certfile = authIt->second.get<std::string>("certfile");
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -070087 }
88 catch (const std::runtime_error& e)
89 {
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -060090 std::string msg = "No certfile specified";
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -070091 if (!isDryRun)
92 {
93 throw ConfigFile::Error(msg);
94 }
95 aggregateErrors(dryRunErrors, msg);
96 continue;
97 }
98
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -060099 path certfilePath = absolute(certfile, path(filename).parent_path());
100 NFD_LOG_DEBUG("generated certfile path: " << certfilePath.native());
101
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -0700102 std::ifstream in;
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -0600103 in.open(certfilePath.c_str());
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -0700104 if (!in.is_open())
105 {
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -0600106 std::string msg = "Unable to open certificate file " + certfilePath.native();
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -0700107 if (!isDryRun)
108 {
109 throw ConfigFile::Error(msg);
110 }
111 aggregateErrors(dryRunErrors, msg);
112 continue;
113 }
114
115 shared_ptr<ndn::IdentityCertificate> id;
116 try
117 {
118 id = ndn::io::load<ndn::IdentityCertificate>(in);
119 }
120 catch(const std::runtime_error& error)
121 {
Alexander Afanasyev5d2820d2014-04-24 00:10:31 -0700122 // do nothing
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -0700123 }
124
Alexander Afanasyev5d2820d2014-04-24 00:10:31 -0700125 if (!static_cast<bool>(id)) {
126 std::string msg = "Malformed certificate file " + certfilePath.native();
127 if (!isDryRun)
128 {
129 throw ConfigFile::Error(msg);
130 }
131 aggregateErrors(dryRunErrors, msg);
132 continue;
133 }
134
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -0700135 in.close();
136
137 const ConfigSection* privileges = 0;
138
139 try
140 {
141 privileges = &authIt->second.get_child("privileges");
142 }
143 catch (const std::runtime_error& error)
144 {
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -0600145 std::string msg = "No privileges section found for certificate file " +
146 certfile + " (" + id->getPublicKeyName().toUri() + ")";
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -0700147 if (!isDryRun)
148 {
149 throw ConfigFile::Error(msg);
150 }
151 aggregateErrors(dryRunErrors, msg);
152 continue;
153 }
154
155 if (privileges->begin() == privileges->end())
156 {
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -0600157 NFD_LOG_WARN("No privileges specified for certificate file " << certfile
158 << " (" << id->getPublicKeyName().toUri() << ")");
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -0700159 }
160
161 ConfigSection::const_iterator privIt;
162 for (privIt = privileges->begin(); privIt != privileges->end(); privIt++)
163 {
164 const std::string& privilegeName = privIt->first;
165 if (m_supportedPrivileges.find(privilegeName) != m_supportedPrivileges.end())
166 {
167 NFD_LOG_INFO("Giving privilege \"" << privilegeName
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -0600168 << "\" to identity " << id->getPublicKeyName());
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -0700169 if (!isDryRun)
170 {
171 const std::string regex = "^<localhost><nfd><" + privilegeName + ">";
172 m_validator.addInterestRule(regex, *id);
173 }
174 }
175 else
176 {
177 // Invalid configuration
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -0600178 std::string msg = "Invalid privilege \"" + privilegeName + "\" for certificate file " +
179 certfile + " (" + id->getPublicKeyName().toUri() + ")";
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -0700180 if (!isDryRun)
181 {
182 throw ConfigFile::Error(msg);
183 }
184 aggregateErrors(dryRunErrors, msg);
185 }
186 }
187 }
188
189 if (!dryRunErrors.str().empty())
190 {
191 throw ConfigFile::Error(dryRunErrors.str());
192 }
193}
194
195void
196CommandValidator::addSupportedPrivilege(const std::string& privilege)
197{
198 if (m_supportedPrivileges.find(privilege) != m_supportedPrivileges.end())
199 {
Steve DiBenedetto1a3c6732014-03-13 06:44:05 -0600200 throw CommandValidator::Error("Duplicated privilege: " + privilege);
Steve DiBenedetto2c2b8892014-02-27 11:46:48 -0700201 }
202 m_supportedPrivileges.insert(privilege);
203}
204
205} // namespace nfd