commit 3715f8d3f20bc865c2fe2d6039c2eb276f6e9fc0
author Yingdi Yu <yuyingdi@gmail.com> Thu Jan 30 00:32:20 2014 -0800
committer Alexander Afanasyev <alexander.afanasyev@ucla.edu> Thu Jan 30 13:17:52 2014 -0800
tree 9c3da053d21ffd24e617a5ca0116894fb64aff16
parent 52e79537dcbe991031e831f1eefbb78209254bda

security: Adding SecPolicyRegex and related rules

Change-Id: Ia9c709e849c405ed57f622b8afc442ce808991fb

src/security/sec-policy-regex.hpp

diff --git a/src/security/sec-policy-regex.hpp b/src/security/sec-policy-regex.hpp
new file mode 100644
index 0000000..a4d9190
--- /dev/null
+++ b/src/security/sec-policy-regex.hpp
@@ -0,0 +1,87 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_SEC_POLICY_REGEX_HPP
+#define NDN_SEC_POLICY_REGEX_HPP
+
+#include "sec-policy.hpp"
+#include "identity-certificate.hpp"
+#include "sec-rule-relative.hpp"
+#include "certificate-cache.hpp"
+#include "../util/regex.hpp"
+
+#include <map>
+
+
+
+
+namespace ndn {
+
+class SecPolicyRegex : public SecPolicy
+{
+public:
+  struct Error : public SecPolicy::Error { Error(const std::string &what) : SecPolicy::Error(what) {} };
+  
+  SecPolicyRegex(shared_ptr<CertificateCache> certificateCache, const int stepLimit = 10);
+  
+  virtual 
+  ~SecPolicyRegex() {}
+  
+  virtual shared_ptr<ValidationRequest>
+  checkVerificationPolicy(const shared_ptr<Data>& data, 
+                          int stepCount, 
+                          const OnVerified& onVerified, 
+                          const OnVerifyFailed& onVerifyFailed);
+      
+  /**
+   * @brief add a rule to check whether the data name and signing certificate name comply with the policy
+   * @param policy the verification policy
+   */
+  inline virtual void
+  addVerificationPolicyRule (shared_ptr<SecRuleRelative> rule);
+    
+  /**
+   * @brief add a trust anchor
+   * @param certificate the trust anchor 
+   */
+  inline virtual void 
+  addTrustAnchor(shared_ptr<IdentityCertificate> certificate);
+
+protected:
+  virtual void
+  onCertificateVerified(shared_ptr<Data> certificate, 
+                        shared_ptr<Data> data, 
+                        const OnVerified& onVerified, 
+                        const OnVerifyFailed& onVerifyFailed);
+  
+  virtual void
+  onCertificateVerifyFailed(shared_ptr<Data>signCertificate, 
+                            shared_ptr<Data>data, 
+                            const OnVerifyFailed& onVerifyFailed);
+  
+protected:
+  typedef std::vector< shared_ptr<SecRuleRelative> > RuleList;
+  typedef std::vector< shared_ptr<Regex> > RegexList;
+
+  int m_stepLimit;
+  shared_ptr<CertificateCache> m_certificateCache;
+  RuleList m_mustFailVerify;
+  RuleList m_verifyPolicies;
+  std::map<Name, shared_ptr<IdentityCertificate> > m_trustAnchors;
+};
+
+void 
+SecPolicyRegex::addVerificationPolicyRule (shared_ptr<SecRuleRelative> rule)
+{ rule->isPositive() ? m_verifyPolicies.push_back(rule) : m_mustFailVerify.push_back(rule); }
+      
+void  
+SecPolicyRegex::addTrustAnchor(shared_ptr<IdentityCertificate> certificate)
+{ m_trustAnchors[certificate->getName().getPrefix(-1)] = certificate; }
+
+}//ndn
+
+#endif