commit 5ec0ee3b1e90f0b3c44f74430cd080fa583e16dc
author Yingdi Yu <yuyingdi@gmail.com> Tue Jun 24 16:26:09 2014 -0700
committer Yingdi Yu <yuyingdi@gmail.com> Thu Jun 26 22:12:50 2014 -0700
tree b9a9894b1732c2d0b549bf1dd12e2fb2a8ddf514
parent fe4a91880533579a5bb95c8039736258a1a5c338

security: Support ECDSA verification in all related classes.

This commit also addresses some old issues, such as "using namespace std".

Change-Id: I62b8ff97fb2b6f6cfe04b0ad5866bc0797e6e43b
Refs: #1660

src/security/validator-config.hpp

diff --git a/src/security/validator-config.hpp b/src/security/validator-config.hpp
index f5882d6..4a2ce58 100644
--- a/src/security/validator-config.hpp
+++ b/src/security/validator-config.hpp
@@ -293,7 +293,7 @@
                                 const OnFailed& onValidationFailed,
                                 std::vector<shared_ptr<ValidationRequest> >& nextSteps)
 {
-  if (signature.getType() == Signature::Sha256)
+  if (signature.getType() == Tlv::DigestSha256)
     {
       DigestSha256 sigSha256(signature);
 
@@ -304,55 +304,81 @@
                                   "Sha256 Signature cannot be verified!");
     }
 
-  if (signature.getType() == Signature::Sha256WithRsa)
-    {
-      SignatureSha256WithRsa sigSha256Rsa(signature);
-      Name keyLocatorName = sigSha256Rsa.getKeyLocator().getName();
+  shared_ptr<SignatureWithPublicKey> publicKeySig;
 
-      shared_ptr<const Certificate> trustedCert;
-
-      refreshAnchors();
-
-      AnchorList::const_iterator it = m_anchors.find(keyLocatorName);
-      if (m_anchors.end() == it)
-        trustedCert = m_certificateCache->getCertificate(keyLocatorName);
-      else
-        trustedCert = it->second;
-
-      if (static_cast<bool>(trustedCert))
-        {
-          if (verifySignature(packet, sigSha256Rsa, trustedCert->getPublicKeyInfo()))
-            return onValidated(packet.shared_from_this());
-          else
-            return onValidationFailed(packet.shared_from_this(),
-                                      "Cannot verify signature");
-        }
-      else
-        {
-          if (m_stepLimit == nSteps)
-            return onValidationFailed(packet.shared_from_this(),
-                                      "Maximum steps of validation reached");
-
-          OnDataValidated onCertValidated =
-            bind(&ValidatorConfig::onCertValidated<Packet, OnValidated, OnFailed>,
-                 this, _1, packet.shared_from_this(), onValidated, onValidationFailed);
-
-          OnDataValidationFailed onCertValidationFailed =
-            bind(&ValidatorConfig::onCertFailed<Packet, OnFailed>,
-                 this, _1, _2, packet.shared_from_this(), onValidationFailed);
-
-          Interest certInterest(keyLocatorName);
-
-          shared_ptr<ValidationRequest> nextStep =
-            make_shared<ValidationRequest>(certInterest,
-                                           onCertValidated,
-                                           onCertValidationFailed,
-                                           1, nSteps + 1);
-
-          nextSteps.push_back(nextStep);
-          return;
-        }
+  try {
+    switch (signature.getType()) {
+    case Tlv::SignatureSha256WithRsa:
+      {
+        publicKeySig = make_shared<SignatureSha256WithRsa>(signature);
+        break;
+      }
+    case Tlv::SignatureSha256WithEcdsa:
+      {
+        publicKeySig = make_shared<SignatureSha256WithEcdsa>(signature);
+        break;
+      }
+    default:
+      return onValidationFailed(packet.shared_from_this(),
+                              "Unsupported signature type");
     }
+  }
+  catch (Tlv::Error& e) {
+    return onValidationFailed(packet.shared_from_this(),
+                              "Cannot decode public key signature");
+  }
+  catch (KeyLocator::Error& e) {
+    return onValidationFailed(packet.shared_from_this(),
+                              "Cannot decode KeyLocator in public key signature");
+  }
+
+
+  Name keyLocatorName = publicKeySig->getKeyLocator().getName();
+
+  shared_ptr<const Certificate> trustedCert;
+
+  refreshAnchors();
+
+  AnchorList::const_iterator it = m_anchors.find(keyLocatorName);
+  if (m_anchors.end() == it)
+    trustedCert = m_certificateCache->getCertificate(keyLocatorName);
+  else
+    trustedCert = it->second;
+
+  if (static_cast<bool>(trustedCert))
+    {
+      if (verifySignature(packet, *publicKeySig, trustedCert->getPublicKeyInfo()))
+        return onValidated(packet.shared_from_this());
+      else
+        return onValidationFailed(packet.shared_from_this(),
+                                  "Cannot verify signature");
+    }
+  else
+    {
+      if (m_stepLimit == nSteps)
+        return onValidationFailed(packet.shared_from_this(),
+                                  "Maximum steps of validation reached");
+
+      OnDataValidated onCertValidated =
+        bind(&ValidatorConfig::onCertValidated<Packet, OnValidated, OnFailed>,
+             this, _1, packet.shared_from_this(), onValidated, onValidationFailed);
+
+      OnDataValidationFailed onCertValidationFailed =
+        bind(&ValidatorConfig::onCertFailed<Packet, OnFailed>,
+             this, _1, _2, packet.shared_from_this(), onValidationFailed);
+
+      Interest certInterest(keyLocatorName);
+
+      shared_ptr<ValidationRequest> nextStep =
+        make_shared<ValidationRequest>(certInterest,
+                                       onCertValidated,
+                                       onCertValidationFailed,
+                                       1, nSteps + 1);
+
+      nextSteps.push_back(nextStep);
+      return;
+    }
+
   return onValidationFailed(packet.shared_from_this(), "Unsupported Signature Type!");
 }