NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.3: NDN, CCN, CCNx, content centric networks
API Documentation
validation-state.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
22 #include "validation-state.hpp"
23 #include "validator.hpp"
24 #include "../verification-helpers.hpp"
25 #include "util/logger.hpp"
26 
27 namespace ndn {
28 namespace security {
29 namespace v2 {
30 
32 
33 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(this->getDepth() + 1, '>') << " " << x)
34 #define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(this->getDepth() + 1, '>') << " " << x)
35 
37  : m_outcome(boost::logic::indeterminate)
38 {
39 }
40 
42 {
43  NDN_LOG_TRACE(__func__);
44  BOOST_ASSERT(!boost::logic::indeterminate(m_outcome));
45 }
46 
47 size_t
49 {
50  return m_certificateChain.size();
51 }
52 
53 bool
55 {
56  return !m_seenCertificateNames.insert(certName).second;
57 }
58 
59 void
61 {
62  m_certificateChain.push_front(cert);
63 }
64 
65 const Certificate*
66 ValidationState::verifyCertificateChain(const Certificate& trustedCert)
67 {
68  const Certificate* validatedCert = &trustedCert;
69  for (auto it = m_certificateChain.begin(); it != m_certificateChain.end(); ++it) {
70  const auto& certToValidate = *it;
71 
72  if (!verifySignature(certToValidate, *validatedCert)) {
73  this->fail({ValidationError::Code::INVALID_SIGNATURE, "Invalid signature of certificate `" +
74  certToValidate.getName().toUri() + "`"});
75  m_certificateChain.erase(it, m_certificateChain.end());
76  return nullptr;
77  }
78  else {
79  NDN_LOG_TRACE_DEPTH("OK signature for certificate `" << certToValidate.getName() << "`");
80  validatedCert = &certToValidate;
81  }
82  }
83  return validatedCert;
84 }
85 
87 
89  const DataValidationSuccessCallback& successCb,
90  const DataValidationFailureCallback& failureCb)
91  : m_data(data)
92  , m_successCb(successCb)
93  , m_failureCb(failureCb)
94 {
95  BOOST_ASSERT(m_successCb != nullptr);
96  BOOST_ASSERT(m_failureCb != nullptr);
97 }
98 
100 {
101  if (boost::logic::indeterminate(m_outcome)) {
102  this->fail({ValidationError::Code::IMPLEMENTATION_ERROR,
103  "Validator/policy did not invoke success or failure callback"});
104  }
105 }
106 
107 void
108 DataValidationState::verifyOriginalPacket(const Certificate& trustedCert)
109 {
110  if (verifySignature(m_data, trustedCert)) {
111  NDN_LOG_TRACE_DEPTH("OK signature for data `" << m_data.getName() << "`");
112  m_successCb(m_data);
113  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
114  m_outcome = true;
115  }
116  else {
117  this->fail({ValidationError::Code::INVALID_SIGNATURE, "Invalid signature of data `" +
118  m_data.getName().toUri() + "`"});
119  }
120 }
121 
122 void
123 DataValidationState::bypassValidation()
124 {
125  NDN_LOG_TRACE_DEPTH("Signature verification bypassed for data `" << m_data.getName() << "`");
126  m_successCb(m_data);
127  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
128  m_outcome = true;
129 }
130 
131 void
133 {
134  NDN_LOG_DEBUG_DEPTH(error);
135  m_failureCb(m_data, error);
136  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
137  m_outcome = false;
138 }
139 
140 const Data&
142 {
143  return m_data;
144 }
145 
147 
149  const InterestValidationSuccessCallback& successCb,
150  const InterestValidationFailureCallback& failureCb)
151  : m_interest(interest)
152  , m_failureCb(failureCb)
153 {
154  afterSuccess.connect(successCb);
155  BOOST_ASSERT(successCb != nullptr);
156  BOOST_ASSERT(m_failureCb != nullptr);
157 }
158 
160 {
161  if (boost::logic::indeterminate(m_outcome)) {
162  this->fail({ValidationError::Code::IMPLEMENTATION_ERROR,
163  "Validator/policy did not invoke success or failure callback"});
164  }
165 }
166 
167 void
168 InterestValidationState::verifyOriginalPacket(const Certificate& trustedCert)
169 {
170  if (verifySignature(m_interest, trustedCert)) {
171  NDN_LOG_TRACE_DEPTH("OK signature for interest `" << m_interest.getName() << "`");
172  this->afterSuccess(m_interest);
173  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
174  m_outcome = true;
175  }
176  else {
177  this->fail({ValidationError::Code::INVALID_SIGNATURE, "Invalid signature of interest `" +
178  m_interest.getName().toUri() + "`"});
179  }
180 }
181 
182 void
183 InterestValidationState::bypassValidation()
184 {
185  NDN_LOG_TRACE_DEPTH("Signature verification bypassed for interest `" << m_interest.getName() << "`");
186  this->afterSuccess(m_interest);
187  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
188  m_outcome = true;
189 }
190 
191 void
193 {
194  NDN_LOG_DEBUG_DEPTH(error);
195  m_failureCb(m_interest, error);
196  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
197  m_outcome = false;
198 }
199 
200 const Interest&
202 {
203  return m_interest;
204 }
205 
206 } // namespace v2
207 } // namespace security
208 } // namespace ndn
ValidationState()
Create validation state.
DataValidationState(const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb)
Create validation state for data.
const Name & getName() const
Definition: interest.hpp:139
Copyright (c) 2011-2015 Regents of the University of California.
The certificate following the certificate format naming convention.
Definition: certificate.hpp:81
void fail(const ValidationError &error) final
Call the failure callback.
function< void(const Data &data)> DataValidationSuccessCallback
Callback to report a successful Data validation.
bool hasSeenCertificateName(const Name &certName)
Check if certName has been previously seen and record the supplied name.
Copyright (c) 2013-2017 Regents of the University of California.
void addCertificate(const Certificate &cert)
Add cert to the top of the certificate chain.
represents an Interest packet
Definition: interest.hpp:42
#define NDN_LOG_DEBUG_DEPTH(x)
function< void(const Data &data, const ValidationError &error)> DataValidationFailureCallback
Callback to report a failed Data validation.
#define NDN_LOG_TRACE_DEPTH(x)
Catch-all error for security policy errors that don&#39;t fit in other categories.
Definition: base.hpp:79
std::string toUri() const
Get URI representation of the name.
Definition: name.cpp:122
#define NDN_LOG_INIT(name)
declare a log module
Definition: logger.hpp:32
util::Signal< InterestValidationState, Interest > afterSuccess
Represents an absolute name.
Definition: name.hpp:42
void fail(const ValidationError &error) final
Call the failure callback.
function< void(const Interest &interest, const ValidationError &error)> InterestValidationFailureCallback
Callback to report a failed Interest validation.
bool verifySignature(const uint8_t *blob, size_t blobLen, const uint8_t *sig, size_t sigLen, const v2::PublicKey &pKey)
Verify blob using key against sig.
const Name & getName() const
Get name.
Definition: data.hpp:121
InterestValidationState(const Interest &interest, const InterestValidationSuccessCallback &successCb, const InterestValidationFailureCallback &failureCb)
Create validation state for interest.
Validation error code and optional detailed error message.
#define NDN_LOG_TRACE(expression)
Definition: logger.hpp:34
virtual void fail(const ValidationError &error)=0
Call the failure callback.
Represents a Data packet.
Definition: data.hpp:35
function< void(const Interest &interest)> InterestValidationSuccessCallback
Callback to report a successful Interest validation.