24 #include "../../util/io.hpp" 26 #include <boost/algorithm/string.hpp> 27 #include <boost/filesystem.hpp> 28 #include <boost/lexical_cast.hpp> 29 #include <boost/property_tree/info_parser.hpp> 34 namespace validator_config {
37 : m_shouldBypass(false)
38 , m_isConfigured(false)
45 std::ifstream inputFile;
46 inputFile.open(filename.c_str());
47 if (!inputFile.good() || !inputFile.is_open()) {
48 std::string msg =
"Failed to read configuration file: ";
50 BOOST_THROW_EXCEPTION(
Error(msg));
52 load(inputFile, filename);
59 std::istringstream inputStream(input);
60 load(inputStream, filename);
68 boost::property_tree::read_info(input, tree);
70 catch (
const boost::property_tree::info_parser_error& error) {
71 std::stringstream msg;
72 msg <<
"Failed to parse configuration file";
73 msg <<
" " << filename;
74 msg <<
" " << error.message() <<
" line " << error.line();
75 BOOST_THROW_EXCEPTION(
Error(msg.str()));
83 const std::string& filename)
86 m_shouldBypass =
false;
88 m_interestRules.clear();
90 m_validator->resetAnchors();
91 m_validator->resetVerifiedCertificates();
93 m_isConfigured =
true;
95 BOOST_ASSERT(!filename.empty());
97 if (configSection.begin() == configSection.end()) {
98 std::string msg =
"Error processing configuration file";
102 BOOST_THROW_EXCEPTION(
Error(msg));
105 for (
const auto& subSection : configSection) {
106 const std::string& sectionName = subSection.first;
109 if (boost::iequals(sectionName,
"rule")) {
112 m_dataRules.push_back(std::move(rule));
115 m_interestRules.push_back(std::move(rule));
118 else if (boost::iequals(sectionName,
"trust-anchor")) {
119 processConfigTrustAnchor(section, filename);
122 std::string msg =
"Error processing configuration file";
125 msg +=
" unrecognized section: " + sectionName;
126 BOOST_THROW_EXCEPTION(
Error(msg));
132 ValidationPolicyConfig::processConfigTrustAnchor(
const ConfigSection& configSection,
const std::string& filename)
134 using namespace boost::filesystem;
136 ConfigSection::const_iterator propertyIt = configSection.begin();
139 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"type")) {
140 BOOST_THROW_EXCEPTION(
Error(
"Expecting <trust-anchor.type>"));
143 std::string type = propertyIt->second.data();
146 if (boost::iequals(type,
"file")) {
148 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"file-name")) {
149 BOOST_THROW_EXCEPTION(
Error(
"Expecting <trust-anchor.file-name>"));
152 std::string file = propertyIt->second.data();
155 time::nanoseconds refresh = getRefreshPeriod(propertyIt, configSection.end());
156 if (propertyIt != configSection.end()) {
157 BOOST_THROW_EXCEPTION(
Error(
"Expect the end of trust-anchor!"));
160 m_validator->loadAnchor(filename, absolute(file, path(filename).parent_path()).
string(),
164 else if (boost::iequals(type,
"base64")) {
166 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"base64-string"))
167 BOOST_THROW_EXCEPTION(
Error(
"Expecting <trust-anchor.base64-string>"));
169 std::stringstream ss(propertyIt->second.data());
173 if (propertyIt != configSection.end())
174 BOOST_THROW_EXCEPTION(
Error(
"Expecting the end of trust-anchor"));
176 auto idCert = io::load<Certificate>(ss);
177 if (idCert !=
nullptr) {
178 m_validator->loadAnchor(
"", std::move(*idCert));
181 BOOST_THROW_EXCEPTION(
Error(
"Cannot decode certificate from base64-string"));
186 else if (boost::iequals(type,
"dir")) {
187 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"dir"))
188 BOOST_THROW_EXCEPTION(
Error(
"Expect <trust-anchor.dir>"));
190 std::string dirString(propertyIt->second.data());
193 time::nanoseconds refresh = getRefreshPeriod(propertyIt, configSection.end());
194 if (propertyIt != configSection.end()) {
195 BOOST_THROW_EXCEPTION(
Error(
"Expecting the end of trust-anchor"));
198 path dirPath = absolute(dirString, path(filename).parent_path());
199 m_validator->loadAnchor(dirString, dirPath.string(), refresh,
true);
202 else if (boost::iequals(type,
"any")) {
203 m_shouldBypass =
true;
206 BOOST_THROW_EXCEPTION(
Error(
"Unsupported trust-anchor.type: " + type));
211 ValidationPolicyConfig::getRefreshPeriod(ConfigSection::const_iterator& it,
212 const ConfigSection::const_iterator& end)
214 time::nanoseconds refresh = time::nanoseconds::max();
219 if (!boost::iequals(it->first,
"refresh")) {
220 BOOST_THROW_EXCEPTION(
Error(
"Expecting <trust-anchor.refresh>"));
223 std::string inputString = it->second.data();
226 char unit = inputString[inputString.size() - 1];
227 std::string refreshString = inputString.substr(0, inputString.size() - 1);
229 uint32_t refreshPeriod = 0;
232 refreshPeriod = boost::lexical_cast<uint32_t>(refreshString);
234 catch (
const boost::bad_lexical_cast&) {
235 BOOST_THROW_EXCEPTION(
Error(
"Bad number: " + refreshString));
238 if (refreshPeriod == 0) {
239 return getDefaultRefreshPeriod();
244 return time::duration_cast<time::nanoseconds>(time::hours(refreshPeriod));
246 return time::duration_cast<time::nanoseconds>(time::minutes(refreshPeriod));
248 return time::duration_cast<time::nanoseconds>(time::seconds(refreshPeriod));
250 BOOST_THROW_EXCEPTION(
Error(std::string(
"Wrong time unit: ") + unit));
255 ValidationPolicyConfig::getDefaultRefreshPeriod()
257 return time::duration_cast<time::nanoseconds>(time::seconds(3600));
264 BOOST_ASSERT_MSG(!
hasInnerPolicy(),
"ValidationPolicyConfig must be a terminal inner policy");
266 if (m_shouldBypass) {
267 return continueValidation(
nullptr, state);
271 if (!state->getOutcome()) {
275 for (
const auto& rule : m_dataRules) {
278 return continueValidation(make_shared<CertificateRequest>(
Interest(klName)), state);
292 BOOST_ASSERT_MSG(!
hasInnerPolicy(),
"ValidationPolicyConfig must be a terminal inner policy");
294 if (m_shouldBypass) {
295 return continueValidation(
nullptr, state);
299 if (!state->getOutcome()) {
303 for (
const auto& rule : m_interestRules) {
306 return continueValidation(make_shared<CertificateRequest>(
Interest(klName)), state);
const Name & getName() const
Copyright (c) 2011-2015 Regents of the University of California.
static unique_ptr< Rule > create(const ConfigSection &configSection, const std::string &configFilename)
create a rule from configuration section
bool hasInnerPolicy() const
Check if inner policy is set.
represents an Interest packet
Catch-all error for security policy errors that don't fit in other categories.
std::string toUri() const
Get URI representation of the name.
std::function< void(const shared_ptr< CertificateRequest > &certRequest, const shared_ptr< ValidationState > &state)> ValidationContinuation
static Name getKeyLocatorName(const SignatureInfo &si, ValidationState &state)
Represents an absolute name.
boost::property_tree::ptree ConfigSection
const Name & getName() const
Get name.
void checkPolicy(const Data &data, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation) override
Check data against the policy.
Represents a Data packet.
void load(const std::string &filename)