commit cda349ec660da766c116c5c7fb0226e7fbda3dc3
author Jeff Thompson <jefft0@gmail.com> Tue Nov 05 17:37:39 2013 -0800
committer Jeff Thompson <jefft0@gmail.com> Tue Nov 05 17:37:39 2013 -0800
tree 05a41cc6bb0fa6f736ce1175aef026647a6a49f0
parent 7c4dab3a57e84b3e19481c140b9322301508e6da

security: Implement certificate checking in KeyChain::verifyData.

include/ndn-cpp/security/key-chain.hpp

diff --git a/include/ndn-cpp/security/key-chain.hpp b/include/ndn-cpp/security/key-chain.hpp
index 5d5f6ad..6cc4695 100644
--- a/include/ndn-cpp/security/key-chain.hpp
+++ b/include/ndn-cpp/security/key-chain.hpp
@@ -16,6 +16,7 @@
 namespace ndn {
 
 class PolicyManager;
+class ValidationRequest;
   
 /**
  * An OnVerified function object is used to pass a callback to verifyData to report a successful verification.
@@ -342,6 +343,15 @@
   setFace(Face* face) { face_ = face; }
 
 private:
+  void
+  onCertificateData
+    (const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
+  
+  void
+  onCertificateInterestTimeout
+    (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, 
+     const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
+
   ptr_lib::shared_ptr<IdentityManager> identityManager_;
   ptr_lib::shared_ptr<PolicyManager> policyManager_;
   ptr_lib::shared_ptr<EncryptionManager> encryptionManager_;

src/security/key-chain.cpp

diff --git a/src/security/key-chain.cpp b/src/security/key-chain.cpp
index 9350850..424a8e8 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/key-chain.cpp
@@ -20,20 +20,6 @@
 
 namespace ndn {
 
-#if 1
-static uint8_t DEFAULT_PUBLIC_KEY_DER[] = {
-0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81,
-0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xE1, 0x7D, 0x30, 0xA7, 0xD8, 0x28, 0xAB, 0x1B, 0x84, 0x0B, 0x17,
-0x54, 0x2D, 0xCA, 0xF6, 0x20, 0x7A, 0xFD, 0x22, 0x1E, 0x08, 0x6B, 0x2A, 0x60, 0xD1, 0x6C, 0xB7, 0xF5, 0x44, 0x48, 0xBA,
-0x9F, 0x3F, 0x08, 0xBC, 0xD0, 0x99, 0xDB, 0x21, 0xDD, 0x16, 0x2A, 0x77, 0x9E, 0x61, 0xAA, 0x89, 0xEE, 0xE5, 0x54, 0xD3,
-0xA4, 0x7D, 0xE2, 0x30, 0xBC, 0x7A, 0xC5, 0x90, 0xD5, 0x24, 0x06, 0x7C, 0x38, 0x98, 0xBB, 0xA6, 0xF5, 0xDC, 0x43, 0x60,
-0xB8, 0x45, 0xED, 0xA4, 0x8C, 0xBD, 0x9C, 0xF1, 0x26, 0xA7, 0x23, 0x44, 0x5F, 0x0E, 0x19, 0x52, 0xD7, 0x32, 0x5A, 0x75,
-0xFA, 0xF5, 0x56, 0x14, 0x4F, 0x9A, 0x98, 0xAF, 0x71, 0x86, 0xB0, 0x27, 0x86, 0x85, 0xB8, 0xE2, 0xC0, 0x8B, 0xEA, 0x87,
-0x17, 0x1B, 0x4D, 0xEE, 0x58, 0x5C, 0x18, 0x28, 0x29, 0x5B, 0x53, 0x95, 0xEB, 0x4A, 0x17, 0x77, 0x9F, 0x02, 0x03, 0x01,
-0x00, 01  
-};
-#endif
-
 KeyChain::KeyChain(const shared_ptr<IdentityManager>& identityManager, const shared_ptr<PolicyManager>& policyManager)
 : identityManager_(identityManager), policyManager_(policyManager), face_(0), maxSteps_(100)
 {  
@@ -95,25 +81,11 @@
   if (policyManager_->requireVerify(*data)) {
     shared_ptr<ValidationRequest> nextStep = policyManager_->checkVerificationPolicy
       (data, stepCount, onVerified, onVerifyFailed);
-    if (nextStep) {
-#if 0 // TODO: implement
-      Ptr<Closure> closure = Ptr<Closure> (new Closure(nextStep->m_verifiedCallback,
-                                                       boost::bind(&Keychain::onCertificateInterestTimeout, 
-                                                                   this, 
-                                                                   _1, 
-                                                                   _2, 
-                                                                   nextStep->m_retry,
-                                                                   unverifiedCallback,
-                                                                   data),
-                                                       nextStep->m_unverifiedCallback,
-                                                       nextStep->m_stepCount)
-                                           );
-            
-      face_->expressInterest(nextStep->m_interest, closure);
-#else
-      throw SecurityException("KeyChain::verifyData: Use of ValidationRequest not implemented.");
-#endif
-    }
+    if (nextStep)
+      face_->expressInterest
+        (*nextStep->interest_, 
+         bind(&KeyChain::onCertificateData, this, _1, _2, nextStep), 
+         bind(&KeyChain::onCertificateInterestTimeout, this, _1, nextStep->retry_, onVerifyFailed, data, nextStep));
   }
   else if (policyManager_->skipVerifyAndTrust(*data))
     onVerified(data);
@@ -121,4 +93,26 @@
     onVerifyFailed(data);
 }
 
+void
+KeyChain::onCertificateData(const shared_ptr<const Interest> &interest, const shared_ptr<Data> &data, shared_ptr<ValidationRequest> nextStep)
+{
+  // Try to verify the certificate (data) according to the parameters in nextStep.
+  verifyData(data, nextStep->onVerified_, nextStep->onVerifyFailed_, nextStep->stepCount_);
+}
+
+void
+KeyChain::onCertificateInterestTimeout
+  (const shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, const shared_ptr<Data> &data, 
+   shared_ptr<ValidationRequest> nextStep)
+{
+  if (retry > 0)
+    // Issue the same expressInterest as in verifyData except decrement retry.
+    face_->expressInterest
+      (*interest, 
+       bind(&KeyChain::onCertificateData, this, _1, _2, nextStep), 
+       bind(&KeyChain::onCertificateInterestTimeout, this, _1, retry - 1, onVerifyFailed, data, nextStep));
+  else
+    onVerifyFailed(data);
+}
+
 }