2.3/doxygen/validator-regex_8cpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 #include "common.hpp"

 #include "validator-regex.hpp"
 #include "signature-sha256-with-rsa.hpp"
 #include "certificate-cache-ttl.hpp"

 namespace ndn {
 namespace security {

 const shared_ptr<CertificateCache> ValidatorRegex::DEFAULT_CERTIFICATE_CACHE;

 ValidatorRegex::ValidatorRegex(Face* face,
                                shared_ptr<CertificateCache> certificateCache,
                                const int stepLimit)
   : Validator(face)
   , m_stepLimit(stepLimit)
   , m_certificateCache(certificateCache)
 {
   if (!static_cast<bool>(m_certificateCache) && face != nullptr)
     m_certificateCache = make_shared<CertificateCacheTtl>(ref(face->getIoService()));
 }

 ValidatorRegex::ValidatorRegex(Face& face,
                                shared_ptr<CertificateCache> certificateCache,
                                const int stepLimit)
   : Validator(face)
   , m_stepLimit(stepLimit)
   , m_certificateCache(certificateCache)
 {
   if (certificateCache == nullptr)
     m_certificateCache = make_shared<CertificateCacheTtl>(ref(face.getIoService()));
 }

 void
 ValidatorRegex::addDataVerificationRule(shared_ptr<SecRuleRelative> rule)
 {
   rule->isPositive() ? m_verifyPolicies.push_back(rule) : m_mustFailVerify.push_back(rule);
 }

 void
 ValidatorRegex::addTrustAnchor(shared_ptr<v1::IdentityCertificate> certificate)
 {
   m_trustAnchors[certificate->getName().getPrefix(-1)] = certificate;
 }

 void
 ValidatorRegex::onCertificateValidated(const shared_ptr<const Data>& signCertificate,
                                        const shared_ptr<const Data>& data,
                                        const OnDataValidated& onValidated,
                                        const OnDataValidationFailed& onValidationFailed)
 {
   shared_ptr<v1::IdentityCertificate> certificate =
     make_shared<v1::IdentityCertificate>(*signCertificate);

   if (!certificate->isTooLate() && !certificate->isTooEarly()) {
     if (m_certificateCache != nullptr)
       m_certificateCache->insertCertificate(certificate);

     if (verifySignature(*data, certificate->getPublicKeyInfo()))
       return onValidated(data);
     else
       return onValidationFailed(data,
                                 "Cannot verify signature: " +
                                 data->getName().toUri());
   }
   else {
     return onValidationFailed(data,
                               "Signing certificate " +
                               signCertificate->getName().toUri() +
                               " is no longer valid.");
   }
 }

 void
 ValidatorRegex::onCertificateValidationFailed(const shared_ptr<const Data>& signCertificate,
                                               const std::string& failureInfo,
                                               const shared_ptr<const Data>& data,
                                               const OnDataValidationFailed& onValidationFailed)
 {
   onValidationFailed(data, failureInfo);
 }

 void
 ValidatorRegex::checkPolicy(const Data& data,
                             int nSteps,
                             const OnDataValidated& onValidated,
                             const OnDataValidationFailed& onValidationFailed,
                             std::vector<shared_ptr<ValidationRequest> >& nextSteps)
 {
   if (m_stepLimit == nSteps)
     return onValidationFailed(data.shared_from_this(),
                               "Maximum steps of validation reached: " +
                               data.getName().toUri());

   for (RuleList::iterator it = m_mustFailVerify.begin();
        it != m_mustFailVerify.end();
        it++)
     if ((*it)->satisfy(data))
       return onValidationFailed(data.shared_from_this(),
                                 "Comply with mustFail policy: " +
                                 data.getName().toUri());

   for (RuleList::iterator it = m_verifyPolicies.begin();
        it != m_verifyPolicies.end();
        it++) {
     if ((*it)->satisfy(data)) {
       try {
         if (!data.getSignature().hasKeyLocator())
           return onValidationFailed(data.shared_from_this(),
                                     "Key Locator is missing in Data packet: " +
                                     data.getName().toUri());

         const KeyLocator& keyLocator = data.getSignature().getKeyLocator();
         if (keyLocator.getType() != KeyLocator::KeyLocator_Name)
           return onValidationFailed(data.shared_from_this(),
                                     "Key Locator is not a name: " +
                                     data.getName().toUri());


         const Name& keyLocatorName = keyLocator.getName();
         shared_ptr<const v1::Certificate> trustedCert;
         if (m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName) &&
             m_certificateCache != nullptr)
           trustedCert = m_certificateCache->getCertificate(keyLocatorName);
         else
           trustedCert = m_trustAnchors[keyLocatorName];

         if (trustedCert != nullptr) {
           if (verifySignature(data, data.getSignature(), trustedCert->getPublicKeyInfo()))
             return onValidated(data.shared_from_this());
           else
             return onValidationFailed(data.shared_from_this(),
                                       "Cannot verify signature: " +
                                       data.getName().toUri());
         }
         else {
           // KeyLocator is not a trust anchor

           OnDataValidated onKeyValidated =
             bind(&ValidatorRegex::onCertificateValidated, this, _1,
                  data.shared_from_this(), onValidated, onValidationFailed);

           OnDataValidationFailed onKeyValidationFailed =
             bind(&ValidatorRegex::onCertificateValidationFailed, this, _1, _2,
                  data.shared_from_this(), onValidationFailed);

           Interest interest(keyLocatorName);
           shared_ptr<ValidationRequest> nextStep =
             make_shared<ValidationRequest>(interest,
                                            onKeyValidated,
                                            onKeyValidationFailed,
                                            3,
                                            nSteps + 1);

           nextSteps.push_back(nextStep);

           return;
         }
       }
       catch (const KeyLocator::Error& e) {
         return onValidationFailed(data.shared_from_this(),
                                   "Key Locator is not a name: " +
                                   data.getName().toUri());
       }
       catch (const tlv::Error& e) {
         return onValidationFailed(data.shared_from_this(),
                                   "Cannot decode signature");
       }
     }
   }

   return onValidationFailed(data.shared_from_this(),
                             "No policy found for data: " + data.getName().toUri());
 }

 } // namespace security
 } // namespace ndn
ndn
Copyright (c) 2011-2015 Regents of the University of California.
Definition: ndn-strategy-choice-helper.hpp:34

ndn::Name::toUri
std::string toUri() const
Encode this name as a URI.
Definition: name.cpp:171

ndn::security::ValidatorRegex::m_mustFailVerify
RuleList m_mustFailVerify
Definition: validator-regex.hpp:124

signature-sha256-with-rsa.hpp

ndn::security::ValidatorRegex::m_verifyPolicies
RuleList m_verifyPolicies
Definition: validator-regex.hpp:125

ndn::security::ValidatorRegex::addDataVerificationRule
void addDataVerificationRule(shared_ptr< SecRuleRelative > rule)
Add a rule for data verification.
Definition: validator-regex.cpp:58

ndn::Data::getName
const Name & getName() const
Get name of the Data packet.
Definition: data.hpp:318

ndn::KeyLocator::getName
const Name & getName() const
get Name element
Definition: key-locator.cpp:138

ndn::Interest
represents an Interest packet
Definition: interest.hpp:42

ndn::security::ValidatorRegex::addTrustAnchor
void addTrustAnchor(shared_ptr< v1::IdentityCertificate > certificate)
Add a trust anchor.
Definition: validator-regex.cpp:64

ndn::KeyLocator::KeyLocator_Name
indicates KeyLocator contains a Name
Definition: key-locator.hpp:49

ndn::security::OnDataValidationFailed
function< void(const shared_ptr< const Data > &, const std::string &)> OnDataValidationFailed
Callback to report a failed Data validation.
Definition: validation-request.hpp:44

ndn::Signature::hasKeyLocator
bool hasKeyLocator() const
Check if SignatureInfo block has a KeyLocator.
Definition: signature.hpp:132

ndn::security::OnDataValidated
function< void(const shared_ptr< const Data > &)> OnDataValidated
Callback to report a successful Data validation.
Definition: validation-request.hpp:40

nfd::cs::iterator
Table::const_iterator iterator
Definition: cs-internal.hpp:41

ndn::security::ValidatorRegex::DEFAULT_CERTIFICATE_CACHE
static const shared_ptr< CertificateCache > DEFAULT_CERTIFICATE_CACHE
Definition: validator-regex.hpp:116

ndn::security::ValidatorRegex::checkPolicy
virtual void checkPolicy(const Data &data, int nSteps, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed, std::vector< shared_ptr< ValidationRequest > > &nextSteps)
Definition: validator-regex.cpp:107

ndn::security::ValidatorRegex::onCertificateValidated
void onCertificateValidated(const shared_ptr< const Data > &signCertificate, const shared_ptr< const Data > &data, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed)
Definition: validator-regex.cpp:70

ndn::security::Validator
provides the interfaces for packet validation.
Definition: validator.hpp:42

ndn::Face
Provide a communication channel with local or remote NDN forwarder.
Definition: face.hpp:125

ndn::security::ValidatorRegex::m_trustAnchors
std::map< Name, shared_ptr< v1::IdentityCertificate > > m_trustAnchors
Definition: validator-regex.hpp:126

face

certificate-cache-ttl.hpp

ndn::Name
Name abstraction to represent an absolute name.
Definition: name.hpp:46

ndn::security::ValidatorRegex::m_certificateCache
shared_ptr< CertificateCache > m_certificateCache
Definition: validator-regex.hpp:123

ndn::KeyLocator::Error
Definition: key-locator.hpp:33

ndn::Face::getIoService
boost::asio::io_service & getIoService()
Return nullptr (cannot use IoService in simulations), preserved for API compatibility.
Definition: face.hpp:690

ndn::KeyLocator
Definition: key-locator.hpp:30

ndn::security::ValidatorRegex::onCertificateValidationFailed
void onCertificateValidationFailed(const shared_ptr< const Data > &signCertificate, const std::string &failureInfo, const shared_ptr< const Data > &data, const OnDataValidationFailed &onValidationFailed)
Definition: validator-regex.cpp:98

validator-regex.hpp

ndn::KeyLocator::getType
Type getType() const
Definition: key-locator.hpp:101

ndn::security::ValidatorRegex::m_stepLimit
int m_stepLimit
Definition: validator-regex.hpp:122

ndn::security::Validator::verifySignature
static bool verifySignature(const Data &data, const v1::PublicKey &publicKey)
Verify the data using the publicKey.
Definition: validator.cpp:105

ndn::Data::getSignature
const Signature & getSignature() const
Definition: data.hpp:348

ndn::Signature::getKeyLocator
const KeyLocator & getKeyLocator() const
Get KeyLocator.
Definition: signature.hpp:143

ndn::Data
represents a Data packet
Definition: data.hpp:37

ndn::security::ValidatorRegex::ValidatorRegex
ValidatorRegex(Face *face=nullptr, shared_ptr< CertificateCache > certificateCache=DEFAULT_CERTIFICATE_CACHE, const int stepLimit=3)
Definition: validator-regex.cpp:35

security

ndn::tlv::Error
represents an error in TLV encoding or decoding
Definition: tlv.hpp:50