NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.0: NDN, CCN, CCNx, content centric networks
API Documentation
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Groups Pages
command-validator.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
25 #include "command-validator.hpp"
26 #include "core/logger.hpp"
27 
28 #include <ndn-cxx/util/io.hpp>
29 #include <ndn-cxx/security/identity-certificate.hpp>
30 
31 #include <boost/filesystem.hpp>
32 #include <fstream>
33 
34 namespace nfd {
35 
36 NFD_LOG_INIT("CommandValidator");
37 
39 {
40 
41 }
42 
44 {
45 
46 }
47 
48 void
50 {
51  configFile.addSectionHandler("authorizations",
52  bind(&CommandValidator::onConfig, this, _1, _2, _3));
53 }
54 
55 static inline void
56 aggregateErrors(std::stringstream& ss, const std::string& msg)
57 {
58  if (!ss.str().empty())
59  {
60  ss << "\n";
61  }
62  ss << msg;
63 }
64 
65 void
67  bool isDryRun,
68  const std::string& filename)
69 {
70  using namespace boost::filesystem;
71 
72  const ConfigSection EMPTY_SECTION;
73 
74  m_validator.reset();
75 
76  if (section.begin() == section.end())
77  {
78  throw ConfigFile::Error("No authorize sections found");
79  }
80 
81  std::stringstream dryRunErrors;
82  ConfigSection::const_iterator authIt;
83  for (authIt = section.begin(); authIt != section.end(); authIt++)
84  {
85  std::string certfile;
86  try
87  {
88  certfile = authIt->second.get<std::string>("certfile");
89  }
90  catch (const std::runtime_error& e)
91  {
92  std::string msg = "No certfile specified";
93  if (!isDryRun)
94  {
95  throw ConfigFile::Error(msg);
96  }
97  aggregateErrors(dryRunErrors, msg);
98  continue;
99  }
100 
101  shared_ptr<ndn::IdentityCertificate> id;
102 
103  if (certfile != "any")
104  {
105  path certfilePath = absolute(certfile, path(filename).parent_path());
106  NFD_LOG_DEBUG("generated certfile path: " << certfilePath.native());
107 
108  std::ifstream in;
109  in.open(certfilePath.c_str());
110  if (!in.is_open())
111  {
112  std::string msg = "Unable to open certificate file " + certfilePath.native();
113  if (!isDryRun)
114  {
115  throw ConfigFile::Error(msg);
116  }
117  aggregateErrors(dryRunErrors, msg);
118  continue;
119  }
120 
121  try
122  {
123  id = ndn::io::load<ndn::IdentityCertificate>(in);
124  }
125  catch (const std::runtime_error& error)
126  {
127  // do nothing
128  }
129 
130  if (!static_cast<bool>(id)) {
131  std::string msg = "Malformed certificate file " + certfilePath.native();
132  if (!isDryRun)
133  {
134  throw ConfigFile::Error(msg);
135  }
136  aggregateErrors(dryRunErrors, msg);
137  continue;
138  }
139 
140  in.close();
141  }
142 
143  std::string keyNameForLogging;
144  if (static_cast<bool>(id))
145  keyNameForLogging = id->getPublicKeyName().toUri();
146  else
147  {
148  keyNameForLogging = "wildcard";
149  NFD_LOG_WARN("Wildcard identity is intended for demo purpose only and " <<
150  "SHOULD NOT be used in production environment");
151  }
152  const ConfigSection* privileges = 0;
153  try
154  {
155  privileges = &authIt->second.get_child("privileges");
156  }
157  catch (const std::runtime_error& error)
158  {
159  std::string msg = "No privileges section found for certificate file " +
160  certfile + " (" + keyNameForLogging + ")";
161  if (!isDryRun)
162  {
163  throw ConfigFile::Error(msg);
164  }
165  aggregateErrors(dryRunErrors, msg);
166  continue;
167  }
168 
169  if (privileges->begin() == privileges->end())
170  {
171  NFD_LOG_WARN("No privileges specified for certificate file " << certfile
172  << " (" << keyNameForLogging << ")");
173  }
174 
175  ConfigSection::const_iterator privIt;
176  for (privIt = privileges->begin(); privIt != privileges->end(); privIt++)
177  {
178  const std::string& privilegeName = privIt->first;
179  if (m_supportedPrivileges.find(privilegeName) != m_supportedPrivileges.end())
180  {
181  NFD_LOG_INFO("Giving privilege \"" << privilegeName
182  << "\" to identity " << keyNameForLogging);
183  if (!isDryRun)
184  {
185  const std::string regex = "^<localhost><nfd><" + privilegeName + ">";
186  if (static_cast<bool>(id))
187  m_validator.addInterestRule(regex, *id);
188  else
189  m_validator.addInterestBypassRule(regex);
190  }
191  }
192  else
193  {
194  // Invalid configuration
195  std::string msg = "Invalid privilege \"" + privilegeName +
196  "\" for certificate file " + certfile + " (" + keyNameForLogging + ")";
197  if (!isDryRun)
198  {
199  throw ConfigFile::Error(msg);
200  }
201  aggregateErrors(dryRunErrors, msg);
202  }
203  }
204  }
205 
206  if (!dryRunErrors.str().empty())
207  {
208  throw ConfigFile::Error(dryRunErrors.str());
209  }
210 }
211 
212 void
213 CommandValidator::addSupportedPrivilege(const std::string& privilege)
214 {
215  if (m_supportedPrivileges.find(privilege) != m_supportedPrivileges.end())
216  {
217  throw CommandValidator::Error("Duplicated privilege: " + privilege);
218  }
219  m_supportedPrivileges.insert(privilege);
220 }
221 
222 } // namespace nfd
void setConfigFile(ConfigFile &configFile)
#define NFD_LOG_DEBUG(expression)
Definition: logger.hpp:36
void onConfig(const ConfigSection &section, bool isDryRun, const std::string &filename)
#define NFD_LOG_WARN(expression)
Definition: logger.hpp:39
#define NFD_LOG_INFO(expression)
Definition: logger.hpp:37
void addSectionHandler(const std::string &sectionName, ConfigSectionHandler subscriber)
setup notification of configuration file sections
Definition: config-file.cpp:63
boost::property_tree::ptree ConfigSection
static void aggregateErrors(std::stringstream &ss, const std::string &msg)
#define NFD_LOG_INIT(name)
Definition: logger.hpp:33
void addSupportedPrivilege(const std::string &privilege)