22 #ifndef NDN_UTIL_COMMAND_INTEREST_VALIDATOR_HPP 23 #define NDN_UTIL_COMMAND_INTEREST_VALIDATOR_HPP 25 #include "../security/validator.hpp" 26 #include "../security/identity-certificate.hpp" 27 #include "../security/sec-rule-specific.hpp" 58 : m_graceInterval(graceInterval <
time::milliseconds::zero() ?
108 std::vector<shared_ptr<ValidationRequest> >& nextSteps)
110 onValidationFailed(data.shared_from_this(),
"No policy for data checking");
118 std::vector<shared_ptr<ValidationRequest> >& nextSteps);
120 time::milliseconds m_graceInterval;
121 std::map<Name, PublicKey> m_trustAnchorsForInterest;
122 std::list<SecRuleSpecific> m_trustScopeForInterest;
124 typedef std::map<Name, time::system_clock::TimePoint> LastTimestampMap;
125 LastTimestampMap m_lastTimestamp;
141 m_trustAnchorsForInterest[keyName] = publicKey;
142 shared_ptr<Regex> interestRegex = make_shared<Regex>(regex);
144 m_trustScopeForInterest.push_back(
SecRuleSpecific(interestRegex, signerRegex));
150 shared_ptr<Regex> interestRegex = make_shared<Regex>(regex);
157 m_trustAnchorsForInterest.clear();
158 m_trustScopeForInterest.clear();
166 std::vector<shared_ptr<ValidationRequest> >& nextSteps)
172 return onValidationFailed(interest.shared_from_this(),
173 "Interest is not signed: " + interest.
getName().
toUri());
181 return onValidationFailed(interest.shared_from_this(),
182 "Require SignatureSha256WithRsa");
189 return onValidationFailed(interest.shared_from_this(),
190 "Key Locator is not a name");
195 bool isInScope =
false;
197 scopeIt != m_trustScopeForInterest.end();
200 if (scopeIt->satisfy(interestName, keyName))
202 if (scopeIt->isExempted())
204 return onValidated(interest.shared_from_this());
211 if (isInScope ==
false)
212 return onValidationFailed(interest.shared_from_this(),
213 "Signer cannot be authorized for the command: " +
219 interestName[-1].
size(),
220 sig, m_trustAnchorsForInterest[keyName]))
221 return onValidationFailed(interest.shared_from_this(),
222 "Signature cannot be validated: " +
232 if (timestampIt == m_lastTimestamp.end())
234 if (!(currentTime - m_graceInterval <= interestTime &&
235 interestTime <= currentTime + m_graceInterval))
236 return onValidationFailed(interest.shared_from_this(),
237 "The command is not in grace interval: " +
242 if (interestTime <= timestampIt->second)
243 return onValidationFailed(interest.shared_from_this(),
244 "The command is outdated: " +
249 if (timestampIt == m_lastTimestamp.end())
251 m_lastTimestamp[keyName] = interestTime;
255 timestampIt->second = interestTime;
260 return onValidationFailed(interest.shared_from_this(),
261 "No valid signature");
265 return onValidationFailed(interest.shared_from_this(),
266 "Cannot locate the signing key");
270 return onValidationFailed(interest.shared_from_this(),
271 "Cannot decode signature related TLVs");
274 return onValidated(interest.shared_from_this());
279 #endif // NDN_UTIL_COMMAND_INTEREST_VALIDATOR_HPP Represent a SHA256-with-RSA signature.
const Name & getName() const
Copyright (c) 2011-2015 Regents of the University of California.
Helper class to validate CommandInterests.
static shared_ptr< RegexTopMatcher > fromName(const Name &name, bool hasAnchor=false)
void addInterestRule(const std::string ®ex, const IdentityCertificate &certificate)
add an Interest rule that allows a specific certificate
static Name certificateNameToPublicKeyName(const Name &certificateName)
Get the public key name from the full certificate name.
const KeyLocator & getKeyLocator() const
Get KeyLocator.
size_t wireEncode(EncodingImpl< TAG > &encoder) const
Fast encoding or block size estimation.
represents an Interest packet
indicates KeyLocator contains a Name
static time_point now() noexcept
PublicKey & getPublicKeyInfo()
const Name & getName() const
Get name of the Data packet.
Table::const_iterator iterator
uint32_t getType() const
Get signature type.
void addInterestBypassRule(const std::string ®ex)
add an Interest rule that allows any signer
std::string toUri() const
Encode this name as a URI.
const Name & getName() const
get Name element
function< void(const shared_ptr< const Data > &)> OnDataValidated
Callback to report a successful Data validation.
virtual ~CommandInterestValidator()
function< void(const shared_ptr< const Data > &, const std::string &)> OnDataValidationFailed
Callback to report a failed Data validation.
size_t size() const
Get the number of components.
void reset()
Remove all installed Interest rules (e.g., when reinitialization needed)
Name abstraction to represent an absolute name.
CommandInterestValidator(const time::milliseconds &graceInterval=time::milliseconds(static_cast< int >(GRACE_INTERVAL)))
function< void(const shared_ptr< const Interest > &, const std::string &)> OnInterestValidationFailed
Callback to report a failed Interest validation.
system_clock::TimePoint fromUnixTimestamp(const milliseconds &duration)
Convert UNIX timestamp to system_clock::TimePoint.
static bool verifySignature(const Data &data, const PublicKey &publicKey)
Verify the data using the publicKey.
virtual void checkPolicy(const Data &data, int stepCount, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed, std::vector< shared_ptr< ValidationRequest > > &nextSteps)
Check the Data against policy and return the next validation step if necessary.
uint64_t toNumber() const
Interpret this name component as nonNegativeInteger.
Validator is one of the main classes of the security library.
function< void(const shared_ptr< const Interest > &)> OnInterestValidated
Callback to report a successful Interest validation.
const Component & get(ssize_t i) const
Get the component at the given index.
represents an error in TLV encoding or decoding
A Signature is storage for the signature-related information (info and value) in a Data packet...