net.named_data.jndn.security.policy

Class PolicyManager

java.lang.Object

net.named_data.jndn.security.policy.PolicyManager

Direct Known Subclasses:

ConfigPolicyManager, NoVerifyPolicyManager, SelfVerifyPolicyManager

public abstract class PolicyManager
extends Object

A PolicyManager is an abstract base class to represent the policy for verifying data packets. You must create an object of a subclass.

Constructor Summary

Constructors

Constructor and Description
PolicyManager()

Method Summary

Methods

Modifier and Type	Method and Description
abstract boolean	checkSigningPolicy(Name dataName, Name certificateName) Check if the signing certificate name and data name satisfy the signing policy.
abstract ValidationRequest	checkVerificationPolicy(Data data, int stepCount, OnVerified onVerified, OnVerifyFailed onVerifyFailed) Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.
ValidationRequest	checkVerificationPolicy(Interest interest, int stepCount, OnVerifiedInterest onVerified, OnVerifyInterestFailed onVerifyFailed)
abstract ValidationRequest	checkVerificationPolicy(Interest interest, int stepCount, OnVerifiedInterest onVerified, OnVerifyInterestFailed onVerifyFailed, WireFormat wireFormat) Check whether the received signed interest complies with the verification policy, and get the indication of the next verification step.
abstract Name	inferSigningIdentity(Name dataName) Infer the signing identity name according to the policy.
abstract boolean	requireVerify(Data data) Check if this PolicyManager has a verification rule for the received data.
abstract boolean	requireVerify(Interest interest) Check if this PolicyManager has a verification rule for the received interest.
abstract boolean	skipVerifyAndTrust(Data data) Check if the received data packet can escape from verification and be trusted as valid.
abstract boolean	skipVerifyAndTrust(Interest interest) Check if the received signed interest can escape from verification and be trusted as valid.
protected static boolean	verifyDigestSha256Signature(Blob signature, SignedBlob signedBlob) Verify the DigestSha256 signature on the SignedBlob by verifying that the digest of SignedBlob equals the signature.
protected static boolean	verifySha256WithEcdsaSignature(Blob signature, SignedBlob signedBlob, Blob publicKeyDer) Verify the ECDSA signature on the SignedBlob using the given public key.
protected static boolean	verifySha256WithRsaSignature(Blob signature, SignedBlob signedBlob, Blob publicKeyDer) Verify the RSA signature on the SignedBlob using the given public key.
protected static boolean	verifySignature(Signature signature, SignedBlob signedBlob, Blob publicKeyDer) Check the type of signature and use the publicKeyDer to verify the signedBlob using the appropriate signature algorithm.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PolicyManager

public PolicyManager()

Method Detail

skipVerifyAndTrust

public abstract boolean skipVerifyAndTrust(Data data)

Check if the received data packet can escape from verification and be trusted as valid.

Parameters:

data - The received data packet.

Returns:

true if the data does not need to be verified to be trusted as valid, otherwise false.

skipVerifyAndTrust

public abstract boolean skipVerifyAndTrust(Interest interest)

Check if the received signed interest can escape from verification and be trusted as valid.

Parameters:

interest - The received interest.

Returns:

true if the interest does not need to be verified to be trusted as valid, otherwise false.

requireVerify

public abstract boolean requireVerify(Data data)

Check if this PolicyManager has a verification rule for the received data.

Parameters:

data - The received data packet.

Returns:

true if the data must be verified, otherwise false.

requireVerify

public abstract boolean requireVerify(Interest interest)

Check if this PolicyManager has a verification rule for the received interest.

Parameters:

interest - The received interest.

Returns:

true if the interest must be verified, otherwise false.

checkVerificationPolicy

public abstract ValidationRequest checkVerificationPolicy(Data data,
                                        int stepCount,
                                        OnVerified onVerified,
                                        OnVerifyFailed onVerifyFailed)
                                                   throws SecurityException

Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.

Parameters:

data - The Data object with the signature to check.

stepCount - The number of verification steps that have been done, used to track the verification progress.

onVerified - If the signature is verified, this calls onVerified(data).

onVerifyFailed - If the signature check fails, this calls onVerifyFailed(data).

Returns:

the indication of next verification step, null if there is no further step.

Throws:

SecurityException

checkVerificationPolicy

public abstract ValidationRequest checkVerificationPolicy(Interest interest,
                                        int stepCount,
                                        OnVerifiedInterest onVerified,
                                        OnVerifyInterestFailed onVerifyFailed,
                                        WireFormat wireFormat)
                                                   throws SecurityException

Check whether the received signed interest complies with the verification policy, and get the indication of the next verification step.

Parameters:

interest - The interest with the signature to check.

stepCount - The number of verification steps that have been done, used to track the verification progress.

onVerified - If the signature is verified, this calls onVerified.onVerifiedInterest(interest).

onVerifyFailed - If the signature check fails, this calls onVerifyFailed.onVerifyInterestFailed(interest).

Returns:

the indication of next verification step, null if there is no further step.

Throws:

SecurityException

checkVerificationPolicy

public ValidationRequest checkVerificationPolicy(Interest interest,
                                        int stepCount,
                                        OnVerifiedInterest onVerified,
                                        OnVerifyInterestFailed onVerifyFailed)
                                          throws SecurityException

Throws:

SecurityException

checkSigningPolicy

public abstract boolean checkSigningPolicy(Name dataName,
                         Name certificateName)

Check if the signing certificate name and data name satisfy the signing policy.

Parameters:

dataName - The name of data to be signed.

certificateName - The name of signing certificate.

Returns:

true if the signing certificate can be used to sign the data, otherwise false.

inferSigningIdentity

public abstract Name inferSigningIdentity(Name dataName)

Infer the signing identity name according to the policy. If the signing identity cannot be inferred, return an empty name.

Parameters:

dataName - The name of data to be signed.

Returns:

The signing identity or an empty name if cannot infer.

verifySignature

protected static boolean verifySignature(Signature signature,
                      SignedBlob signedBlob,
                      Blob publicKeyDer)
                                  throws SecurityException

Check the type of signature and use the publicKeyDer to verify the signedBlob using the appropriate signature algorithm.

Parameters:

signature - An object of a subclass of Signature, e.g. Sha256WithRsaSignature.

signedBlob - the SignedBlob with the signed portion to verify.

publicKeyDer - The DER-encoded public key used to verify the signature. This may be null if the signature type does not require a public key.

Returns:

True if the signature is verified, false if failed.

Throws:

SecurityException - if the signature type is not recognized or if publicKeyDer can't be decoded.

verifySha256WithRsaSignature

protected static boolean verifySha256WithRsaSignature(Blob signature,
                                   SignedBlob signedBlob,
                                   Blob publicKeyDer)
                                               throws SecurityException

Verify the RSA signature on the SignedBlob using the given public key.

Parameters:

signature - The signature bits.

signedBlob - the SignedBlob with the signed portion to verify.

publicKeyDer - The DER-encoded public key used to verify the signature.

Returns:

true if the signature verifies, false if not.

Throws:

SecurityException

verifySha256WithEcdsaSignature

protected static boolean verifySha256WithEcdsaSignature(Blob signature,
                                     SignedBlob signedBlob,
                                     Blob publicKeyDer)
                                                 throws SecurityException

Verify the ECDSA signature on the SignedBlob using the given public key.

Parameters:

signature - The signature bits.

signedBlob - the SignedBlob with the signed portion to verify.

publicKeyDer - The DER-encoded public key used to verify the signature.

Returns:

true if the signature verifies, false if not.

Throws:

SecurityException

verifyDigestSha256Signature

protected static boolean verifyDigestSha256Signature(Blob signature,
                                  SignedBlob signedBlob)

Verify the DigestSha256 signature on the SignedBlob by verifying that the digest of SignedBlob equals the signature.

Parameters:

signature - The signature bits.

signedBlob - the SignedBlob with the signed portion to verify.

Returns:

true if the signature verifies, false if not.