NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.3: NDN, CCN, CCNx, content centric networks 		API Documentation
validation-policy-command-interest.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
22 #include "validation-policy-command-interest.hpp"
23 #include "../pib/key.hpp"
24 
25 namespace ndn {
26 namespace security {
27 namespace v2 {
28 
29 ValidationPolicyCommandInterest::ValidationPolicyCommandInterest(unique_ptr<ValidationPolicy> inner,
30  const Options& options)
31  : m_options(options)
32  , m_index(m_container.get<0>())
33  , m_queue(m_container.get<1>())
34 {
35  if (inner == nullptr) {
36  BOOST_THROW_EXCEPTION(std::invalid_argument("inner policy is missing"));
37  }
38  setInnerPolicy(std::move(inner));
39 
40  m_options.gracePeriod = std::max(m_options.gracePeriod, time::nanoseconds::zero());
41 }
42 
43 void
44 ValidationPolicyCommandInterest::checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
45  const ValidationContinuation& continueValidation)
46 {
47  getInnerPolicy().checkPolicy(data, state, continueValidation);
48 }
49 
50 void
51 ValidationPolicyCommandInterest::checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
52  const ValidationContinuation& continueValidation)
53 {
54  bool isOk = false;
55  Name keyName;
56  uint64_t timestamp = 0;
57  std::tie(isOk, keyName, timestamp) = parseCommandInterest(interest, state);
58  if (!isOk) {
59  return;
60  }
61 
62  if (!checkTimestamp(state, keyName, timestamp)) {
63  return;
64  }
65  getInnerPolicy().checkPolicy(interest, state, std::bind(continueValidation, _1, _2));
66 }
67 
68 void
69 ValidationPolicyCommandInterest::cleanup()
70 {
71  time::steady_clock::TimePoint expiring = time::steady_clock::now() - m_options.recordLifetime;
72 
73  while ((!m_queue.empty() && m_queue.front().lastRefreshed <= expiring) ||
74  (m_options.maxRecords >= 0 &&
75  m_queue.size() > static_cast<size_t>(m_options.maxRecords))) {
76  m_queue.pop_front();
77  }
78 }
79 
80 std::tuple<bool, Name, uint64_t>
81 ValidationPolicyCommandInterest::parseCommandInterest(const Interest& interest,
82  const shared_ptr<ValidationState>& state) const
83 {
84  const Name& name = interest.getName();
85  if (name.size() < command_interest::MIN_SIZE) {
86  state->fail({ValidationError::POLICY_ERROR, "Command interest name `" +
87  interest.getName().toUri() + "` is too short"});
88  return std::make_tuple(false, Name(), 0);
89  }
90 
91  const name::Component& timestampComp = name.at(command_interest::POS_TIMESTAMP);
92  if (!timestampComp.isNumber()) {
93  state->fail({ValidationError::POLICY_ERROR, "Command interest `" +
94  interest.getName().toUri() + "` doesn't include timestamp component"});
95  return std::make_tuple(false, Name(), 0);
96  }
97 
98  Name klName = getKeyLocatorName(interest, *state);
99  if (!state->getOutcome()) { // already failed
100  return std::make_tuple(false, Name(), 0);
101  }
102 
103  return std::make_tuple(true, klName, timestampComp.toNumber());
104 }
105 
106 bool
107 ValidationPolicyCommandInterest::checkTimestamp(const shared_ptr<ValidationState>& state,
108  const Name& keyName, uint64_t timestamp)
109 {
110  this->cleanup();
111 
112  time::system_clock::TimePoint now = time::system_clock::now();
113  time::system_clock::TimePoint timestampPoint = time::fromUnixTimestamp(time::milliseconds(timestamp));
114  if (timestampPoint < now - m_options.gracePeriod || timestampPoint > now + m_options.gracePeriod) {
115  state->fail({ValidationError::POLICY_ERROR, "Timestamp is outside the grace period for key " + keyName.toUri()});
116  return false;
117  }
118  auto it = m_index.find(keyName);
119  if (it != m_index.end()) {
120  if (timestamp <= it->timestamp) {
121  state->fail({ValidationError::POLICY_ERROR, "Timestamp is reordered for key " + keyName.toUri()});
122  return false;
123  }
124  }
125 
126  shared_ptr<InterestValidationState> interestState = std::dynamic_pointer_cast<InterestValidationState>(state);
127  interestState->afterSuccess.connect(bind(&ValidationPolicyCommandInterest::insertNewRecord,
128  this, _1, keyName, timestamp));
129  return true;
130 }
131 
132 void
133 ValidationPolicyCommandInterest::insertNewRecord(const Interest& interest, const Name& keyName,
134  uint64_t timestamp)
135 {
136  // try to insert new record
137  time::steady_clock::TimePoint now = time::steady_clock::now();
138  Queue::iterator i = m_queue.end();
139  bool isNew = false;
140  LastTimestampRecord newRecord{keyName, timestamp, now};
141  std::tie(i, isNew) = m_queue.push_back(newRecord);
142 
143  if (!isNew) {
144  BOOST_ASSERT(i->keyName == keyName);
145 
146  // set lastRefreshed field, and move to queue tail
147  m_queue.erase(i);
148  isNew = m_queue.push_back(newRecord).second;
149  BOOST_VERIFY(isNew);
150  }
151 }
152 
153 } // namespace v2
154 } // namespace security
155 } // namespace ndn
ndn::security::v2::ValidationPolicy::setInnerPolicy
void setInnerPolicy(unique_ptr< ValidationPolicy > innerPolicy)
Set inner policy.
Definition: validation-policy.cpp:29
ndn::time::steady_clock::TimePoint
time_point TimePoint
Definition: time.hpp:120
ndn::Interest::getName
const Name & getName() const
Definition: interest.hpp:139
ndn
Copyright (c) 2011-2015 Regents of the University of California.
Definition: ndn-strategy-choice-helper.hpp:34
ndn::time::steady_clock::now
static time_point now() noexcept
Definition: time.cpp:80
websocketpp::lib::asio::milliseconds
boost::posix_time::time_duration milliseconds(long duration)
Definition: asio.hpp:117
ndn::Interest
represents an Interest packet
Definition: interest.hpp:42
ndn::security::v2::ValidationPolicy::getInnerPolicy
ValidationPolicy & getInnerPolicy()
Return the inner policy.
Definition: validation-policy.cpp:48
ndn::security::v2::ValidationPolicyCommandInterest::checkPolicy
void checkPolicy(const Data &data, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation) override
Check data against the policy.
Definition: validation-policy-command-interest.cpp:44
ndn::time::system_clock::now
static time_point now() noexcept
Definition: time.cpp:46
websocketpp::transport::asio::socket::error::security
Catch-all error for security policy errors that don&#39;t fit in other categories.
Definition: base.hpp:79
nfd::cs::iterator
Table::const_iterator iterator
Definition: cs-internal.hpp:41
ndn::Name::toUri
std::string toUri() const
Get URI representation of the name.
Definition: name.cpp:122
ndn::security::v2::ValidationPolicy::ValidationContinuation
std::function< void(const shared_ptr< CertificateRequest > &certRequest, const shared_ptr< ValidationState > &state)> ValidationContinuation
Definition: validation-policy.hpp:41
ndn::security::v2::getKeyLocatorName
static Name getKeyLocatorName(const SignatureInfo &si, ValidationState &state)
Definition: validation-policy.cpp:63
ndn::security::v2::InterestValidationState
Validation state for an interest packet.
Definition: validation-state.hpp:204
ndn::security::v2::InterestValidationState::afterSuccess
util::Signal< InterestValidationState, Interest > afterSuccess
Definition: validation-state.hpp:235
ndn::Name::size
size_t size() const
Get number of components.
Definition: name.hpp:154
ndn::command_interest::MIN_SIZE
const size_t MIN_SIZE
minimal number of components for Command Interest
Definition: security-common.hpp:51
ndn::Name
Represents an absolute name.
Definition: name.hpp:42
ndn::Name::at
const Component & at(ssize_t i) const
Get the component at the given index.
Definition: name.cpp:185
ndn::security::v2::ValidationPolicyCommandInterest::Options::recordLifetime
time::nanoseconds recordLifetime
max lifetime of a last timestamp record
Definition: validation-policy-command-interest.hpp:91
ndn::time::system_clock::TimePoint
time_point TimePoint
Definition: time.hpp:90
ndn::security::v2::ValidationPolicyCommandInterest::Options::maxRecords
ssize_t maxRecords
max number of distinct public keys of which to record the last timestamp
Definition: validation-policy-command-interest.hpp:82
ndn::name::Component
Component holds a read-only name component value.
Definition: name-component.hpp:47
ndn::command_interest::POS_TIMESTAMP
const ssize_t POS_TIMESTAMP
Definition: security-common.hpp:46
ndn::time::fromUnixTimestamp
system_clock::TimePoint fromUnixTimestamp(const milliseconds &duration)
Convert UNIX timestamp to system_clock::TimePoint.
Definition: time.cpp:125
ndn::name::Component::isNumber
bool isNumber() const
Check if the component is nonNegativeInteger.
Definition: name-component.cpp:191
ndn::security::v2::ValidationPolicy::checkPolicy
virtual void checkPolicy(const Data &data, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation)=0
Check data against the policy.
ndn::Data
Represents a Data packet.
Definition: data.hpp:35
ndn::name::Component::toNumber
uint64_t toNumber() const
Interpret this name component as nonNegativeInteger.
Definition: name-component.cpp:238
ndn::security::v2::ValidationPolicyCommandInterest::ValidationPolicyCommandInterest
ValidationPolicyCommandInterest(unique_ptr< ValidationPolicy > inner, const Options &options={})
constructor
Definition: validation-policy-command-interest.cpp:29