NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.5: NDN, CCN, CCNx, content centric networks
API Documentation
validation-state.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2018 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
25 #include "ndn-cxx/util/logger.hpp"
26 
27 namespace ndn {
28 namespace security {
29 namespace v2 {
30 
32 
33 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(this->getDepth() + 1, '>') << " " << x)
34 #define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(this->getDepth() + 1, '>') << " " << x)
35 
37  : m_outcome(boost::logic::indeterminate)
38 {
39 }
40 
42 {
43  NDN_LOG_TRACE(__func__);
44  BOOST_ASSERT(!boost::logic::indeterminate(m_outcome));
45 }
46 
47 size_t
49 {
50  return m_certificateChain.size();
51 }
52 
53 bool
55 {
56  return !m_seenCertificateNames.insert(certName).second;
57 }
58 
59 void
61 {
62  m_certificateChain.push_front(cert);
63 }
64 
65 const Certificate*
66 ValidationState::verifyCertificateChain(const Certificate& trustedCert)
67 {
68  const Certificate* validatedCert = &trustedCert;
69  for (auto it = m_certificateChain.begin(); it != m_certificateChain.end(); ++it) {
70  const auto& certToValidate = *it;
71 
72  if (!verifySignature(certToValidate, *validatedCert)) {
73  this->fail({ValidationError::Code::INVALID_SIGNATURE, "Invalid signature of certificate `" +
74  certToValidate.getName().toUri() + "`"});
75  m_certificateChain.erase(it, m_certificateChain.end());
76  return nullptr;
77  }
78  else {
79  NDN_LOG_TRACE_DEPTH("OK signature for certificate `" << certToValidate.getName() << "`");
80  validatedCert = &certToValidate;
81  }
82  }
83  return validatedCert;
84 }
85 
87 
89  const DataValidationSuccessCallback& successCb,
90  const DataValidationFailureCallback& failureCb)
91  : m_data(data)
92  , m_successCb(successCb)
93  , m_failureCb(failureCb)
94 {
95  BOOST_ASSERT(m_successCb != nullptr);
96  BOOST_ASSERT(m_failureCb != nullptr);
97 }
98 
100 {
101  if (boost::logic::indeterminate(m_outcome)) {
102  this->fail({ValidationError::Code::IMPLEMENTATION_ERROR,
103  "Validator/policy did not invoke success or failure callback"});
104  }
105 }
106 
107 void
108 DataValidationState::verifyOriginalPacket(const Certificate& trustedCert)
109 {
110  if (verifySignature(m_data, trustedCert)) {
111  NDN_LOG_TRACE_DEPTH("OK signature for data `" << m_data.getName() << "`");
112  m_successCb(m_data);
113  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
114  m_outcome = true;
115  }
116  else {
117  this->fail({ValidationError::Code::INVALID_SIGNATURE, "Invalid signature of data `" +
118  m_data.getName().toUri() + "`"});
119  }
120 }
121 
122 void
123 DataValidationState::bypassValidation()
124 {
125  NDN_LOG_TRACE_DEPTH("Signature verification bypassed for data `" << m_data.getName() << "`");
126  m_successCb(m_data);
127  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
128  m_outcome = true;
129 }
130 
131 void
133 {
134  NDN_LOG_DEBUG_DEPTH(error);
135  m_failureCb(m_data, error);
136  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
137  m_outcome = false;
138 }
139 
140 const Data&
142 {
143  return m_data;
144 }
145 
147 
149  const InterestValidationSuccessCallback& successCb,
150  const InterestValidationFailureCallback& failureCb)
151  : m_interest(interest)
152  , m_failureCb(failureCb)
153 {
154  afterSuccess.connect(successCb);
155  BOOST_ASSERT(successCb != nullptr);
156  BOOST_ASSERT(m_failureCb != nullptr);
157 }
158 
160 {
161  if (boost::logic::indeterminate(m_outcome)) {
162  this->fail({ValidationError::Code::IMPLEMENTATION_ERROR,
163  "Validator/policy did not invoke success or failure callback"});
164  }
165 }
166 
167 void
168 InterestValidationState::verifyOriginalPacket(const Certificate& trustedCert)
169 {
170  if (verifySignature(m_interest, trustedCert)) {
171  NDN_LOG_TRACE_DEPTH("OK signature for interest `" << m_interest.getName() << "`");
172  this->afterSuccess(m_interest);
173  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
174  m_outcome = true;
175  }
176  else {
177  this->fail({ValidationError::Code::INVALID_SIGNATURE, "Invalid signature of interest `" +
178  m_interest.getName().toUri() + "`"});
179  }
180 }
181 
182 void
183 InterestValidationState::bypassValidation()
184 {
185  NDN_LOG_TRACE_DEPTH("Signature verification bypassed for interest `" << m_interest.getName() << "`");
186  this->afterSuccess(m_interest);
187  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
188  m_outcome = true;
189 }
190 
191 void
193 {
194  NDN_LOG_DEBUG_DEPTH(error);
195  m_failureCb(m_interest, error);
196  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
197  m_outcome = false;
198 }
199 
200 const Interest&
202 {
203  return m_interest;
204 }
205 
206 } // namespace v2
207 } // namespace security
208 } // namespace ndn
ndn::security::v2::ValidationError
Validation error code and optional detailed error message.
Definition: validation-error.hpp:35
NDN_LOG_INIT
#define NDN_LOG_INIT(name)
declare a log module
Definition: logger.hpp:81
ndn::security::v2::DataValidationFailureCallback
function< void(const Data &data, const ValidationError &error)> DataValidationFailureCallback
Callback to report a failed Data validation.
Definition: validation-callback.hpp:42
validator.hpp
ndn::security::v2::DataValidationState::fail
void fail(const ValidationError &error) final
Call the failure callback.
Definition: validation-state.cpp:132
ndn::security::v2::ValidationState::getDepth
size_t getDepth() const
Definition: validation-state.cpp:48
NDN_LOG_TRACE_DEPTH
#define NDN_LOG_TRACE_DEPTH(x)
Definition: validation-state.cpp:34
ndn::security::v2::InterestValidationState::afterSuccess
util::Signal< InterestValidationState, Interest > afterSuccess
Definition: validation-state.hpp:235
ndn::security::v2::ValidationState::m_outcome
boost::logic::tribool m_outcome
Definition: validation-state.hpp:139
NDN_LOG_DEBUG_DEPTH
#define NDN_LOG_DEBUG_DEPTH(x)
Definition: validation-state.cpp:33
boost
Definition: block.hpp:31
ndn::security::v2::InterestValidationSuccessCallback
function< void(const Interest &interest)> InterestValidationSuccessCallback
Callback to report a successful Interest validation.
Definition: validation-callback.hpp:47
ndn::security::v2::InterestValidationState::fail
void fail(const ValidationError &error) final
Call the failure callback.
Definition: validation-state.cpp:192
ndn::Data::getName
const Name & getName() const
Get name.
Definition: data.hpp:124
ndn::security::v2::DataValidationState::~DataValidationState
~DataValidationState() final
Destructor.
Definition: validation-state.cpp:99
ndn::security::v2::InterestValidationState::getOriginalInterest
const Interest & getOriginalInterest() const
Definition: validation-state.cpp:201
ndn::security::verifySignature
bool verifySignature(const uint8_t *blob, size_t blobLen, const uint8_t *sig, size_t sigLen, const transform::PublicKey &key)
Verify blob using key against sig.
Definition: verification-helpers.cpp:56
ndn::Name
Represents an absolute name.
Definition: name.hpp:44
ndn::security::v2::InterestValidationState::InterestValidationState
InterestValidationState(const Interest &interest, const InterestValidationSuccessCallback &successCb, const InterestValidationFailureCallback &failureCb)
Create validation state for interest.
Definition: validation-state.cpp:148
ndn::security::v2::Certificate
The certificate following the certificate format naming convention.
Definition: certificate.hpp:82
ndn::security::v2::ValidationState::~ValidationState
virtual ~ValidationState()
Definition: validation-state.cpp:41
validation-state.hpp
ndn::security::v2::InterestValidationState::~InterestValidationState
~InterestValidationState() final
Destructor.
Definition: validation-state.cpp:159
ndn::security::v2::InterestValidationFailureCallback
function< void(const Interest &interest, const ValidationError &error)> InterestValidationFailureCallback
Callback to report a failed Interest validation.
Definition: validation-callback.hpp:52
ndn::security::v2::ValidationState::fail
virtual void fail(const ValidationError &error)=0
Call the failure callback.
ndn::security::v2::ValidationState
Validation state.
Definition: validation-state.hpp:59
verification-helpers.hpp
ndn::security::v2::ValidationState::addCertificate
void addCertificate(const Certificate &cert)
Add cert to the top of the certificate chain.
Definition: validation-state.cpp:60
ndn::Interest
Represents an Interest packet.
Definition: interest.hpp:44
logger.hpp
ndn::security::v2::ValidationState::ValidationState
ValidationState()
Create validation state.
Definition: validation-state.cpp:36
ndn::Data
Represents a Data packet.
Definition: data.hpp:36
ndn::security::v2::DataValidationSuccessCallback
function< void(const Data &data)> DataValidationSuccessCallback
Callback to report a successful Data validation.
Definition: validation-callback.hpp:37
ndn::security
Definition: dummy-keychain.cpp:28
ndn::security::v2::DataValidationState::getOriginalData
const Data & getOriginalData() const
Definition: validation-state.cpp:141
ndn::security::v2::DataValidationState::DataValidationState
DataValidationState(const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb)
Create validation state for data.
Definition: validation-state.cpp:88
ndn::Interest::getName
const Name & getName() const noexcept
Definition: interest.hpp:121
ndn::security::v2
Definition: command-authenticator.hpp:35
NDN_LOG_TRACE
#define NDN_LOG_TRACE(expression)
Definition: logger.hpp:98
ndn::security::v2::ValidationState::hasSeenCertificateName
bool hasSeenCertificateName(const Name &certName)
Check if certName has been previously seen and record the supplied name.
Definition: validation-state.cpp:54
ndn
Copyright (c) 2011-2015 Regents of the University of California.
Definition: ndn-strategy-choice-helper.hpp:34