security: Add failureInfo in ValidationFailed callback
Change-Id: I98e49fc88665ad7b7c268bd6a8fdddf6b7071021
diff --git a/src/security/validator-regex.cpp b/src/security/validator-regex.cpp
index 6569b58..85fb534 100644
--- a/src/security/validator-regex.cpp
+++ b/src/security/validator-regex.cpp
@@ -47,31 +47,26 @@
{
m_certificateCache->insertCertificate(certificate);
- try{
- if(verifySignature(*data, certificate->getPublicKeyInfo()))
- {
- onValidated(data);
- return;
- }
- }catch(Signature::Error &e){
- _LOG_DEBUG("ValidatorRegex Error: " << e.what());
- onValidationFailed(data);
- return;
- }
+ if(verifySignature(*data, certificate->getPublicKeyInfo()))
+ return onValidated(data);
+ else
+ return onValidationFailed(data,
+ "Cannot verify signature: " + data->getName().toUri());
}
else
{
_LOG_DEBUG("Wrong validity:");
- onValidationFailed(data);
- return;
+ return onValidationFailed(data,
+ "Signing certificate " + signCertificate->getName().toUri() + " is no longer valid.");
}
}
void
ValidatorRegex::onCertificateValidationFailed(const shared_ptr<const Data> &signCertificate,
+ const string& failureInfo,
const shared_ptr<const Data> &data,
const OnDataValidationFailed &onValidationFailed)
-{ onValidationFailed(data); }
+{ onValidationFailed(data, failureInfo); }
void
ValidatorRegex::checkPolicy(const Data& data,
@@ -80,73 +75,72 @@
const OnDataValidationFailed &onValidationFailed,
vector<shared_ptr<ValidationRequest> > &nextSteps)
{
- if(m_stepLimit == stepCount){
- _LOG_DEBUG("reach the maximum steps of verification");
- onValidationFailed(data.shared_from_this());
- return;
- }
-
+ if(m_stepLimit == stepCount)
+ return onValidationFailed(data.shared_from_this(),
+ "Maximum steps of validation reached: " + data.getName().toUri());
+
RuleList::iterator it = m_mustFailVerify.begin();
for(; it != m_mustFailVerify.end(); it++)
if((*it)->satisfy(data))
- {
- onValidationFailed(data.shared_from_this());
- return;
- }
+ return onValidationFailed(data.shared_from_this(),
+ "Comply with mustFail policy: " + data.getName().toUri());
it = m_verifyPolicies.begin();
for(; it != m_verifyPolicies.end(); it++)
{
if((*it)->satisfy(data))
{
- try{
- SignatureSha256WithRsa sig(data.getSignature());
+ try
+ {
+ SignatureSha256WithRsa sig(data.getSignature());
- Name keyLocatorName = sig.getKeyLocator().getName();
- shared_ptr<const Certificate> trustedCert;
- if(m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName))
- trustedCert = m_certificateCache->getCertificate(keyLocatorName);
- else
- trustedCert = m_trustAnchors[keyLocatorName];
-
- if(static_cast<bool>(trustedCert)){
- if(verifySignature(data, sig, trustedCert->getPublicKeyInfo()))
- onValidated(data.shared_from_this());
+ Name keyLocatorName = sig.getKeyLocator().getName();
+ shared_ptr<const Certificate> trustedCert;
+ if(m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName))
+ trustedCert = m_certificateCache->getCertificate(keyLocatorName);
else
- onValidationFailed(data.shared_from_this());
+ trustedCert = m_trustAnchors[keyLocatorName];
+
+ if(static_cast<bool>(trustedCert)){
+ if(verifySignature(data, sig, trustedCert->getPublicKeyInfo()))
+ return onValidated(data.shared_from_this());
+ else
+ return onValidationFailed(data.shared_from_this(),
+ "Cannot verify signature: " + data.getName().toUri());
+ }
+ else{
+ // _LOG_DEBUG("KeyLocator is not trust anchor");
+ OnDataValidated onKeyValidated = bind(&ValidatorRegex::onCertificateValidated, this,
+ _1, data.shared_from_this(), onValidated, onValidationFailed);
- return;
- }
- else{
- // _LOG_DEBUG("KeyLocator is not trust anchor");
- OnDataValidated onKeyValidated = bind(&ValidatorRegex::onCertificateValidated, this,
- _1, data.shared_from_this(), onValidated, onValidationFailed);
-
- OnDataValidationFailed onKeyValidationFailed = bind(&ValidatorRegex::onCertificateValidationFailed, this,
- _1, data.shared_from_this(), onValidationFailed);
+ OnDataValidationFailed onKeyValidationFailed = bind(&ValidatorRegex::onCertificateValidationFailed, this,
+ _1, _2, data.shared_from_this(), onValidationFailed);
- shared_ptr<ValidationRequest> nextStep = make_shared<ValidationRequest>(Interest(boost::cref(sig.getKeyLocator().getName())),
- onKeyValidated,
- onKeyValidationFailed,
- 3,
- stepCount + 1);
- nextSteps.push_back(nextStep);
- return;
+ shared_ptr<ValidationRequest> nextStep = make_shared<ValidationRequest>(Interest(boost::cref(sig.getKeyLocator().getName())),
+ onKeyValidated,
+ onKeyValidationFailed,
+ 3,
+ stepCount + 1);
+ nextSteps.push_back(nextStep);
+
+ return;
+ }
}
- }catch(SignatureSha256WithRsa::Error &e){
- _LOG_DEBUG("ValidatorRegex Error: " << e.what());
- onValidationFailed(data.shared_from_this());
- return;
- }catch(KeyLocator::Error &e){
- _LOG_DEBUG("ValidatorRegex Error: " << e.what());
- onValidationFailed(data.shared_from_this());
- return;
- }
+ catch(SignatureSha256WithRsa::Error &e)
+ {
+ return onValidationFailed(data.shared_from_this(),
+ "Not SignatureSha256WithRsa signature: " + data.getName().toUri());
+ }
+ catch(KeyLocator::Error &e)
+ {
+ return onValidationFailed(data.shared_from_this(),
+ "Key Locator is not a name: " + data.getName().toUri());
+ }
}
}
- onValidationFailed(data.shared_from_this());
- return;
+ return onValidationFailed(data.shared_from_this(),
+ "No policy found for data: " + data.getName().toUri());
}
} // namespace ndn