net.named_data.jndn.security.policy

Class SelfVerifyPolicyManager

java.lang.Object

net.named_data.jndn.security.policy.PolicyManager

net.named_data.jndn.security.policy.SelfVerifyPolicyManager

public class SelfVerifyPolicyManager
extends PolicyManager

A SelfVerifyPolicyManager implements a PolicyManager to look in the IdentityStorage for the public key with the name in the KeyLocator (if available) and use it to verify the data packet, without searching a certificate chain. If the public key can't be found, the verification fails.

Constructor Summary

Constructors

Constructor and Description
SelfVerifyPolicyManager() Create a new SelfVerifyPolicyManager which will look up the public key in the given identityStorage.
SelfVerifyPolicyManager(IdentityStorage identityStorage) Create a new SelfVerifyPolicyManager which will look up the public key in the given identityStorage.

Method Summary

Methods

Modifier and Type	Method and Description
boolean	checkSigningPolicy(Name dataName, Name certificateName) Override to always indicate that the signing certificate name and data name satisfy the signing policy.
ValidationRequest	checkVerificationPolicy(Data data, int stepCount, OnVerified onVerified, OnDataValidationFailed onValidationFailed) Look in the IdentityStorage for the public key with the name in the KeyLocator (if available) and use it to verify the data packet.
ValidationRequest	checkVerificationPolicy(Interest interest, int stepCount, OnVerifiedInterest onVerified, OnInterestValidationFailed onValidationFailed, WireFormat wireFormat) Use wireFormat.decodeSignatureInfoAndValue to decode the last two name components of the signed interest.
Name	inferSigningIdentity(Name dataName) Override to indicate that the signing identity cannot be inferred.
boolean	requireVerify(Data data) Always return true to use the self-verification rule for the received data.
boolean	requireVerify(Interest interest) Always return true to use the self-verification rule for the received interest.
boolean	skipVerifyAndTrust(Data data) Never skip verification.
boolean	skipVerifyAndTrust(Interest interest) Never skip verification.

Methods inherited from class net.named_data.jndn.security.policy.PolicyManager

checkVerificationPolicy, verifyDigestSha256Signature, verifySha256WithEcdsaSignature, verifySha256WithRsaSignature, verifySignature

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SelfVerifyPolicyManager

public SelfVerifyPolicyManager(IdentityStorage identityStorage)

Create a new SelfVerifyPolicyManager which will look up the public key in the given identityStorage.

Parameters:

identityStorage - The IdentityStorage for looking up the public key. This points to an object which must remain valid during the life of this SelfVerifyPolicyManager.

SelfVerifyPolicyManager

public SelfVerifyPolicyManager()

Create a new SelfVerifyPolicyManager which will look up the public key in the given identityStorage. Since there is no IdentotyStorage, don't look for a public key with the name in the KeyLocator and rely on the KeyLocator having the full public key DER.

Method Detail

skipVerifyAndTrust

public boolean skipVerifyAndTrust(Data data)

Never skip verification.

Specified by:

skipVerifyAndTrust in class PolicyManager

Parameters:

data - The received data packet.

Returns:

false.

skipVerifyAndTrust

public boolean skipVerifyAndTrust(Interest interest)

Never skip verification.

Specified by:

skipVerifyAndTrust in class PolicyManager

Parameters:

interest - The received interest.

Returns:

false.

requireVerify

public boolean requireVerify(Data data)

Always return true to use the self-verification rule for the received data.

Specified by:

requireVerify in class PolicyManager

Parameters:

data - The received data packet.

Returns:

true.

requireVerify

public boolean requireVerify(Interest interest)

Always return true to use the self-verification rule for the received interest.

Specified by:

requireVerify in class PolicyManager

Parameters:

interest - The received interest.

Returns:

true.

checkVerificationPolicy

public ValidationRequest checkVerificationPolicy(Data data,
                                        int stepCount,
                                        OnVerified onVerified,
                                        OnDataValidationFailed onValidationFailed)
                                          throws SecurityException

Look in the IdentityStorage for the public key with the name in the KeyLocator (if available) and use it to verify the data packet. If the public key can't be found, call onValidationFailed.onDataValidationFailed.

Specified by:

checkVerificationPolicy in class PolicyManager

Parameters:

data - The Data object with the signature to check.

stepCount - The number of verification steps that have been done, used to track the verification progress. (stepCount is ignored.)

onVerified - If the signature is verified, this calls onVerified(data). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.

onValidationFailed - If the signature check fails, this calls onValidationFailed.onDataValidationFailed(data, reason). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.

Returns:

null for no further step for looking up a certificate chain.

Throws:

SecurityException

checkVerificationPolicy

public ValidationRequest checkVerificationPolicy(Interest interest,
                                        int stepCount,
                                        OnVerifiedInterest onVerified,
                                        OnInterestValidationFailed onValidationFailed,
                                        WireFormat wireFormat)
                                          throws SecurityException

Use wireFormat.decodeSignatureInfoAndValue to decode the last two name components of the signed interest. Look in the IdentityStorage for the public key with the name in the KeyLocator (if available) and use it to verify the interest. If the public key can't be found, call onValidationFailed.onInterestValidationFailed.

Specified by:

checkVerificationPolicy in class PolicyManager

Parameters:

interest - The interest with the signature to check.

stepCount - The number of verification steps that have been done, used to track the verification progress. (stepCount is ignored.)

onVerified - If the signature is verified, this calls onVerified.onVerifiedInterest(interest). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.

onValidationFailed - If the signature check fails or can't find the public key, this calls onValidationFailed.onInterestValidationFailed(interest, reason). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.

Returns:

null for no further step for looking up a certificate chain.

Throws:

SecurityException

checkSigningPolicy

public boolean checkSigningPolicy(Name dataName,
                         Name certificateName)

Override to always indicate that the signing certificate name and data name satisfy the signing policy.

Specified by:

checkSigningPolicy in class PolicyManager

Parameters:

dataName - The name of data to be signed.

certificateName - The name of signing certificate.

Returns:

true to indicate that the signing certificate can be used to sign the data.

inferSigningIdentity

public Name inferSigningIdentity(Name dataName)

Override to indicate that the signing identity cannot be inferred.

Specified by:

inferSigningIdentity in class PolicyManager

Parameters:

dataName - The name of data to be signed.

Returns:

An empty name because cannot infer.