24 #ifndef NDN_SECURITY_CONF_CHECKER_HPP 25 #define NDN_SECURITY_CONF_CHECKER_HPP 30 #include "../../util/io.hpp" 31 #include "../validator.hpp" 32 #include "../identity-certificate.hpp" 34 #include <boost/algorithm/string.hpp> 35 #include <boost/filesystem.hpp> 36 #include <boost/lexical_cast.hpp> 46 typedef function<void(const shared_ptr<const Interest>&,
49 typedef function<void(const shared_ptr<const Data>&,
const std::string&)>
OnDataCheckFailed;
97 shared_ptr<KeyLocatorChecker> keyLocatorChecker)
99 , m_keyLocatorChecker(keyLocatorChecker)
106 if (!static_cast<bool>(m_keyLocatorChecker))
107 BOOST_THROW_EXCEPTION(
Error(
"Strong signature requires KeyLocatorChecker"));
114 BOOST_THROW_EXCEPTION(
Error(
"Unsupported signature type"));
136 return check(interest, signature, onValidated, onValidationFailed);
140 onValidationFailed(interest.shared_from_this(),
"Invalid signature");
145 onValidationFailed(interest.shared_from_this(),
"Cannot decode signature related TLVs");
151 template<
class Packet,
class OnVal
idated,
class OnFailed>
154 const OnValidated& onValidated,
155 const OnFailed& onValidationFailed)
157 if (m_sigType != signature.
getType())
159 onValidationFailed(packet.shared_from_this(),
160 "Signature type does not match: " +
161 boost::lexical_cast<std::string>(m_sigType) +
163 boost::lexical_cast<std::string>(signature.
getType()));
178 onValidationFailed(packet.shared_from_this(),
179 "Missing KeyLocator in SignatureInfo");
185 onValidationFailed(packet.shared_from_this(),
186 "Unsupported signature type: " +
187 boost::lexical_cast<std::string>(signature.
getType()));
194 onValidationFailed(packet.shared_from_this(),
195 "Cannot decode KeyLocator");
200 onValidationFailed(packet.shared_from_this(),
201 "Cannot decode signature");
205 std::string failInfo;
206 if (m_keyLocatorChecker->check(packet, signature.
getKeyLocator(), failInfo))
210 onValidationFailed(packet.shared_from_this(), failInfo);
217 shared_ptr<KeyLocatorChecker> m_keyLocatorChecker;
227 "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$",
238 const std::vector<shared_ptr<IdentityCertificate> >& signers)
241 for (std::vector<shared_ptr<IdentityCertificate> >::const_iterator it = signers.begin();
242 it != signers.end(); it++)
243 m_signers[(*it)->getName().getPrefix(-1)] = (*it);
248 BOOST_THROW_EXCEPTION(
Error(
"FixedSigner is only meaningful for strong signature type"));
271 return check(interest, signature, onValidated, onValidationFailed);
275 onValidationFailed(interest.shared_from_this(),
"Invalid signature");
280 onValidationFailed(interest.shared_from_this(),
"Cannot decode signature related TLVs");
286 template<
class Packet,
class OnVal
idated,
class OnFailed>
289 const OnValidated& onValidated,
290 const OnFailed& onValidationFailed)
292 if (m_sigType != signature.
getType())
294 onValidationFailed(packet.shared_from_this(),
295 "Signature type does not match: " +
296 boost::lexical_cast<std::string>(m_sigType) +
298 boost::lexical_cast<std::string>(signature.
getType()));
304 onValidationFailed(packet.shared_from_this(),
305 "FixedSigner does not allow Sha256 signature type");
317 onValidationFailed(packet.shared_from_this(),
318 "Missing KeyLocator in SignatureInfo");
324 onValidationFailed(packet.shared_from_this(),
325 "Unsupported signature type: " +
326 boost::lexical_cast<std::string>(signature.
getType()));
333 if (m_signers.find(keyLocatorName) == m_signers.end())
335 onValidationFailed(packet.shared_from_this(),
336 "Signer is not in the fixed signer list: " +
337 keyLocatorName.
toUri());
342 m_signers[keyLocatorName]->getPublicKeyInfo()))
344 onValidated(packet.shared_from_this());
349 onValidationFailed(packet.shared_from_this(),
350 "Signature cannot be validated");
356 onValidationFailed(packet.shared_from_this(),
357 "KeyLocator does not have name");
362 onValidationFailed(packet.shared_from_this(),
363 "Cannot decode signature");
369 typedef std::map<Name, shared_ptr<IdentityCertificate> > SignerList;
372 SignerList m_signers;
385 static shared_ptr<Checker>
388 ConfigSection::const_iterator propertyIt = configSection.begin();
391 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"type"))
392 BOOST_THROW_EXCEPTION(
Error(
"Expect <checker.type>"));
394 std::string type = propertyIt->second.data();
396 if (boost::iequals(type,
"customized"))
397 return createCustomizedChecker(configSection, configFilename);
398 else if (boost::iequals(type,
"hierarchical"))
399 return createHierarchicalChecker(configSection, configFilename);
400 else if (boost::iequals(type,
"fixed-signer"))
401 return createFixedSignerChecker(configSection, configFilename);
403 BOOST_THROW_EXCEPTION(
Error(
"Unsupported checker type: " + type));
407 static shared_ptr<Checker>
409 const std::string& configFilename)
411 ConfigSection::const_iterator propertyIt = configSection.begin();
415 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"sig-type"))
416 BOOST_THROW_EXCEPTION(
Error(
"Expect <checker.sig-type>"));
418 std::string sigType = propertyIt->second.data();
422 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"key-locator"))
423 BOOST_THROW_EXCEPTION(
Error(
"Expect <checker.key-locator>"));
425 shared_ptr<KeyLocatorChecker> keyLocatorChecker =
429 if (propertyIt != configSection.end())
430 BOOST_THROW_EXCEPTION(
Error(
"Expect the end of checker"));
432 return make_shared<CustomizedChecker>(getSigType(sigType), keyLocatorChecker);
435 static shared_ptr<Checker>
436 createHierarchicalChecker(
const ConfigSection& configSection,
437 const std::string& configFilename)
439 ConfigSection::const_iterator propertyIt = configSection.begin();
443 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"sig-type"))
444 BOOST_THROW_EXCEPTION(
Error(
"Expect <checker.sig-type>"));
446 std::string sigType = propertyIt->second.data();
449 if (propertyIt != configSection.end())
450 BOOST_THROW_EXCEPTION(
Error(
"Expect the end of checker"));
452 return make_shared<HierarchicalChecker>(getSigType(sigType));
455 static shared_ptr<Checker>
457 const std::string& configFilename)
459 ConfigSection::const_iterator propertyIt = configSection.begin();
463 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"sig-type"))
464 BOOST_THROW_EXCEPTION(
Error(
"Expect <checker.sig-type>"));
466 std::string sigType = propertyIt->second.data();
469 std::vector<shared_ptr<IdentityCertificate> > signers;
470 for (; propertyIt != configSection.end(); propertyIt++)
472 if (!boost::iequals(propertyIt->first,
"signer"))
473 BOOST_THROW_EXCEPTION(
Error(
"Expect <checker.signer> but get <checker." +
474 propertyIt->first +
">"));
476 signers.push_back(getSigner(propertyIt->second, configFilename));
479 if (propertyIt != configSection.end())
480 BOOST_THROW_EXCEPTION(
Error(
"Expect the end of checker"));
486 static shared_ptr<IdentityCertificate>
487 getSigner(
const ConfigSection& configSection,
const std::string& configFilename)
489 using namespace boost::filesystem;
491 ConfigSection::const_iterator propertyIt = configSection.begin();
494 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"type"))
495 BOOST_THROW_EXCEPTION(
Error(
"Expect <checker.signer.type>"));
497 std::string type = propertyIt->second.data();
500 if (boost::iequals(type,
"file"))
503 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"file-name"))
504 BOOST_THROW_EXCEPTION(
Error(
"Expect <checker.signer.file-name>"));
506 path certfilePath = absolute(propertyIt->second.data(),
507 path(configFilename).parent_path());
510 if (propertyIt != configSection.end())
511 BOOST_THROW_EXCEPTION(
Error(
"Expect the end of checker.signer"));
513 shared_ptr<IdentityCertificate> idCert
514 = io::load<IdentityCertificate>(certfilePath.c_str());
516 if (static_cast<bool>(idCert))
519 BOOST_THROW_EXCEPTION(
Error(
"Cannot read certificate from file: " +
520 certfilePath.native()));
522 else if (boost::iequals(type,
"base64"))
525 if (propertyIt == configSection.end() ||
526 !boost::iequals(propertyIt->first,
"base64-string"))
527 BOOST_THROW_EXCEPTION(
Error(
"Expect <checker.signer.base64-string>"));
529 std::stringstream ss(propertyIt->second.data());
532 if (propertyIt != configSection.end())
533 BOOST_THROW_EXCEPTION(
Error(
"Expect the end of checker.signer"));
535 shared_ptr<IdentityCertificate> idCert = io::load<IdentityCertificate>(ss);
537 if (static_cast<bool>(idCert))
540 BOOST_THROW_EXCEPTION(
Error(
"Cannot decode certificate from string"));
543 BOOST_THROW_EXCEPTION(
Error(
"Unsupported checker.signer type: " + type));
547 getSigType(
const std::string& sigType)
549 if (boost::iequals(sigType,
"rsa-sha256"))
551 else if (boost::iequals(sigType,
"ecdsa-sha256"))
553 else if (boost::iequals(sigType,
"sha256"))
556 BOOST_THROW_EXCEPTION(
Error(
"Unsupported signature type"));
564 #endif // NDN_SECURITY_CONF_CHECKER_HPP
Copyright (c) 2011-2015 Regents of the University of California.
std::string toUri() const
Encode this name as a URI.
function< void(const shared_ptr< const Interest > &, const std::string &)> OnInterestCheckFailed
FixedSignerChecker(uint32_t sigType, const std::vector< shared_ptr< IdentityCertificate > > &signers)
virtual int8_t check(const Data &data, const OnDataChecked &onValidated, const OnDataCheckFailed &onValidationFailed)
check if data satisfies condition defined in the specific checker implementation
const Name & getName() const
get Name element
HierarchicalChecker(uint32_t sigType)
represents an Interest packet
virtual int8_t check(const Data &data, const OnDataChecked &onValidated, const OnDataCheckFailed &onValidationFailed)=0
check if data satisfies condition defined in the specific checker implementation
bool hasKeyLocator() const
Check if SignatureInfo block has a KeyLocator.
virtual int8_t check(const Interest &interest, const OnInterestChecked &onValidated, const OnInterestCheckFailed &onValidationFailed)
check if interest satisfies condition defined in the specific checker implementation ...
KeyLocatorChecker is one of the classes used by ValidatorConfig.
function< void(const shared_ptr< const Interest > &)> OnInterestChecked
virtual int8_t check(const Interest &interest, const OnInterestChecked &onValidated, const OnInterestCheckFailed &onValidationFailed)
check if interest satisfies condition defined in the specific checker implementation ...
static shared_ptr< KeyLocatorChecker > create(const ConfigSection &configSection, const std::string &filename)
Name abstraction to represent an absolute name.
CustomizedChecker(uint32_t sigType, shared_ptr< KeyLocatorChecker > keyLocatorChecker)
virtual int8_t check(const Data &data, const OnDataChecked &onValidated, const OnDataCheckFailed &onValidationFailed)
check if data satisfies condition defined in the specific checker implementation
boost::property_tree::ptree ConfigSection
static bool verifySignature(const Data &data, const PublicKey &publicKey)
Verify the data using the publicKey.
function< void(const shared_ptr< const Data > &)> OnDataChecked
uint32_t getType() const
Get signature type.
static shared_ptr< Checker > create(const ConfigSection &configSection, const std::string &configFilename)
create a checker from configuration file.
const Signature & getSignature() const
const KeyLocator & getKeyLocator() const
Get KeyLocator.
function< void(const shared_ptr< const Data > &, const std::string &)> OnDataCheckFailed
represents an error in TLV encoding or decoding
const Name & getName() const
A Signature is storage for the signature-related information (info and value) in a Data packet...