NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.3: NDN, CCN, CCNx, content centric networks 		API Documentation
command-interest-validator.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
22 #include "command-interest-validator.hpp"
23 #include "v1/identity-certificate.hpp"
24 #include <boost/lexical_cast.hpp>
25 
26 namespace ndn {
27 namespace security {
28 
29 std::ostream&
30 operator<<(std::ostream& os, CommandInterestValidator::ErrorCode error)
31 {
32  switch (error) {
33  case CommandInterestValidator::ErrorCode::NONE:
34  return os << "OK";
35  case CommandInterestValidator::ErrorCode::NAME_TOO_SHORT:
36  return os << "command Interest name is too short";
37  case CommandInterestValidator::ErrorCode::BAD_TIMESTAMP:
38  return os << "cannot parse timestamp";
39  case CommandInterestValidator::ErrorCode::BAD_SIG_INFO:
40  return os << "cannot parse SignatureInfo";
41  case CommandInterestValidator::ErrorCode::MISSING_KEY_LOCATOR:
42  return os << "KeyLocator is missing";
43  case CommandInterestValidator::ErrorCode::BAD_KEY_LOCATOR_TYPE:
44  return os << "KeyLocator type is not Name";
45  case CommandInterestValidator::ErrorCode::BAD_CERT_NAME:
46  return os << "cannot parse certificate name";
47  case CommandInterestValidator::ErrorCode::TIMESTAMP_OUT_OF_GRACE:
48  return os << "timestamp is out of grace period";
49  case CommandInterestValidator::ErrorCode::TIMESTAMP_REORDER:
50  return os << "timestamp is less than or equal to last timestamp";
51  }
52  return os;
53 }
54 
55 static void
56 invokeReject(const OnInterestValidationFailed& reject, const Interest& interest,
57  CommandInterestValidator::ErrorCode error)
58 {
59  reject(interest.shared_from_this(), boost::lexical_cast<std::string>(error));
60 }
61 
62 CommandInterestValidator::CommandInterestValidator(unique_ptr<Validator> inner,
63  const Options& options)
64  : m_inner(std::move(inner))
65  , m_options(options)
66  , m_index(m_container.get<0>())
67  , m_queue(m_container.get<1>())
68 {
69  if (m_inner == nullptr) {
70  BOOST_THROW_EXCEPTION(std::invalid_argument("inner validator is nullptr"));
71  }
72 
73  m_options.gracePeriod = std::max(m_options.gracePeriod, time::nanoseconds::zero());
74 }
75 
76 void
77 CommandInterestValidator::checkPolicy(const Interest& interest, int nSteps,
78  const OnInterestValidated& accept,
79  const OnInterestValidationFailed& reject,
80  std::vector<shared_ptr<ValidationRequest>>& nextSteps)
81 {
82  BOOST_ASSERT(nSteps == 0);
83  this->cleanup();
84 
85  Name keyName;
86  uint64_t timestamp;
87  ErrorCode res = this->parseCommandInterest(interest, keyName, timestamp);
88  if (res != ErrorCode::NONE) {
89  return invokeReject(reject, interest, res);
90  }
91 
92  time::system_clock::TimePoint receiveTime = time::system_clock::now();
93 
94  m_inner->validate(interest,
95  [=] (const shared_ptr<const Interest>& interest) {
96  ErrorCode res = this->checkTimestamp(keyName, timestamp, receiveTime);
97  if (res != ErrorCode::NONE) {
98  return invokeReject(reject, *interest, res);
99  }
100  accept(interest);
101  }, reject);
102 }
103 
104 void
105 CommandInterestValidator::cleanup()
106 {
107  time::steady_clock::TimePoint expiring = time::steady_clock::now() - m_options.timestampTtl;
108 
109  while ((!m_queue.empty() && m_queue.front().lastRefreshed <= expiring) ||
110  (m_options.maxTimestamps >= 0 &&
111  m_queue.size() > static_cast<size_t>(m_options.maxTimestamps))) {
112  m_queue.pop_front();
113  }
114 }
115 
116 CommandInterestValidator::ErrorCode
117 CommandInterestValidator::parseCommandInterest(const Interest& interest, Name& keyName,
118  uint64_t& timestamp) const
119 {
120  const Name& name = interest.getName();
121  if (name.size() < signed_interest::MIN_LENGTH) {
122  return ErrorCode::NAME_TOO_SHORT;
123  }
124 
125  const name::Component& timestampComp = name[signed_interest::POS_TIMESTAMP];
126  if (!timestampComp.isNumber()) {
127  return ErrorCode::BAD_TIMESTAMP;
128  }
129  timestamp = timestampComp.toNumber();
130 
131  SignatureInfo sig;
132  try {
133  sig.wireDecode(name[signed_interest::POS_SIG_INFO].blockFromValue());
134  }
135  catch (const tlv::Error&) {
136  return ErrorCode::BAD_SIG_INFO;
137  }
138 
139  if (!sig.hasKeyLocator()) {
140  return ErrorCode::MISSING_KEY_LOCATOR;
141  }
142 
143  const KeyLocator& keyLocator = sig.getKeyLocator();
144  if (keyLocator.getType() != KeyLocator::KeyLocator_Name) {
145  return ErrorCode::BAD_KEY_LOCATOR_TYPE;
146  }
147 
148  try {
149  keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(keyLocator.getName());
150  }
151  catch (const v1::IdentityCertificate::Error&) {
152  return ErrorCode::BAD_CERT_NAME;
153  }
154 
155  return ErrorCode::NONE;
156 }
157 
158 CommandInterestValidator::ErrorCode
159 CommandInterestValidator::checkTimestamp(const Name& keyName, uint64_t timestamp,
160  time::system_clock::TimePoint receiveTime)
161 {
162  time::steady_clock::TimePoint now = time::steady_clock::now();
163 
164  // try to insert new record
165  Queue::iterator i = m_queue.end();
166  bool isNew = false;
167  std::tie(i, isNew) = m_queue.push_back({keyName, timestamp, now});
168 
169  if (isNew) {
170  // check grace period
171  time::system_clock::TimePoint sigTime = time::fromUnixTimestamp(time::milliseconds(timestamp));
172  if (time::abs(sigTime - receiveTime) > m_options.gracePeriod) {
173  // out of grace period, delete new record
174  m_queue.erase(i);
175  return ErrorCode::TIMESTAMP_OUT_OF_GRACE;
176  }
177  }
178  else {
179  BOOST_ASSERT(i->keyName == keyName);
180 
181  // compare timestamp with last timestamp
182  if (timestamp <= i->timestamp) {
183  return ErrorCode::TIMESTAMP_REORDER;
184  }
185 
186  // set lastRefreshed field, and move to queue tail
187  m_queue.erase(i);
188  isNew = m_queue.push_back({keyName, timestamp, now}).second;
189  BOOST_ASSERT(isNew);
190  }
191 
192  return ErrorCode::NONE;
193 }
194 
195 void
196 CommandInterestValidator::checkPolicy(const Data& data, int nSteps,
197  const OnDataValidated& accept,
198  const OnDataValidationFailed& reject,
199  std::vector<shared_ptr<ValidationRequest>>& nextSteps)
200 {
201  BOOST_ASSERT(nSteps == 0);
202  m_inner->validate(data, accept, reject);
203 }
204 
205 } // namespace security
206 } // namespace ndn
ndn::security::OnInterestValidationFailed
function< void(const shared_ptr< const Interest > &, const std::string &)> OnInterestValidationFailed
Callback to report a failed Interest validation.
Definition: validation-request.hpp:37
ndn::time::steady_clock::TimePoint
time_point TimePoint
Definition: time.hpp:120
ndn::security::v1::IdentityCertificate::certificateNameToPublicKeyName
static Name certificateNameToPublicKeyName(const Name &certificateName)
Get the public key name from the full certificate name.
Definition: identity-certificate.cpp:109
ndn
Copyright (c) 2011-2015 Regents of the University of California.
Definition: ndn-strategy-choice-helper.hpp:34
ndn::SignatureInfo::getKeyLocator
const KeyLocator & getKeyLocator() const
Get KeyLocator.
Definition: signature-info.cpp:85
ndn::time::steady_clock::now
static time_point now() noexcept
Definition: time.cpp:79
ndn::security::CommandInterestValidator::Options::timestampTtl
time::nanoseconds timestampTtl
max lifetime of a last timestamp record
Definition: command-interest-validator.hpp:90
ndn::KeyLocator::getName
const Name & getName() const
get Name element
Definition: key-locator.cpp:138
std
STL namespace.
ndn::Interest
represents an Interest packet
Definition: interest.hpp:42
ndn::signed_interest::POS_TIMESTAMP
const ssize_t POS_TIMESTAMP
Definition: security-common.hpp:36
ndn::KeyLocator::KeyLocator_Name
indicates KeyLocator contains a Name
Definition: key-locator.hpp:49
ndn::time::system_clock::now
static time_point now() noexcept
Definition: time.cpp:45
ndn::security::OnDataValidationFailed
function< void(const shared_ptr< const Data > &, const std::string &)> OnDataValidationFailed
Callback to report a failed Data validation.
Definition: validation-request.hpp:44
ndn::security::operator<<
std::ostream & operator<<(std::ostream &os, CommandInterestValidator::ErrorCode error)
Definition: command-interest-validator.cpp:30
ndn::time::abs
constexpr duration< Rep, Period > abs(duration< Rep, Period > d)
Definition: time.hpp:53
ndn::security::OnDataValidated
function< void(const shared_ptr< const Data > &)> OnDataValidated
Callback to report a successful Data validation.
Definition: validation-request.hpp:40
ndn::name::Component::isNumber
bool isNumber() const
Check if the component is nonNegativeInteger.
Definition: name-component.cpp:191
nfd::cs::iterator
Table::const_iterator iterator
Definition: cs-internal.hpp:41
ndn::security::OnInterestValidated
function< void(const shared_ptr< const Interest > &)> OnInterestValidated
Callback to report a successful Interest validation.
Definition: validation-request.hpp:33
ndn::signed_interest::MIN_LENGTH
const size_t MIN_LENGTH
minimal number of components for Command Interest
Definition: security-common.hpp:41
ndn::SignatureInfo::hasKeyLocator
bool hasKeyLocator() const
Check if KeyLocator is set.
Definition: signature-info.hpp:73
ndn::security::CommandInterestValidator::CommandInterestValidator
CommandInterestValidator(unique_ptr< Validator > inner, const Options &options=Options())
constructor
Definition: command-interest-validator.cpp:62
ndn::security::invokeReject
static void invokeReject(const OnInterestValidationFailed &reject, const Interest &interest, CommandInterestValidator::ErrorCode error)
Definition: command-interest-validator.cpp:56
ndn::security::CommandInterestValidator::checkPolicy
virtual void checkPolicy(const Interest &interest, int nSteps, const OnInterestValidated &accept, const OnInterestValidationFailed &reject, std::vector< shared_ptr< ValidationRequest >> &nextSteps) override
validate command Interest
Definition: command-interest-validator.cpp:77
ndn::security::CommandInterestValidator::Options::gracePeriod
time::nanoseconds gracePeriod
tolerance of initial timestamp
Definition: command-interest-validator.hpp:64
ndn::Name
Name abstraction to represent an absolute name.
Definition: name.hpp:46
ndn::Name::size
size_t size() const
Get the number of components.
Definition: name.hpp:400
ndn::name::Component::toNumber
uint64_t toNumber() const
Interpret this name component as nonNegativeInteger.
Definition: name-component.cpp:238
ndn::time::system_clock::TimePoint
time_point TimePoint
Definition: time.hpp:90
ndn::name::Component
Component holds a read-only name component value.
Definition: name-component.hpp:47
ndn::SignatureInfo::wireDecode
void wireDecode(const Block &wire)
Decode from a wire format.
Definition: signature-info.cpp:185
ndn::time::fromUnixTimestamp
system_clock::TimePoint fromUnixTimestamp(const milliseconds &duration)
Convert UNIX timestamp to system_clock::TimePoint.
Definition: time.cpp:124
ndn::signed_interest::POS_SIG_INFO
const ssize_t POS_SIG_INFO
Definition: security-common.hpp:34
ndn::KeyLocator::getType
Type getType() const
Definition: key-locator.hpp:101
ndn::security::CommandInterestValidator::Options::maxTimestamps
ssize_t maxTimestamps
max number of distinct public keys to record last timestamp
Definition: command-interest-validator.hpp:81
ndn::Data
represents a Data packet
Definition: data.hpp:37
ndn::tlv::Error
represents an error in TLV encoding or decoding
Definition: tlv.hpp:50
ndn::Interest::getName
const Name & getName() const
Definition: interest.hpp:215