All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
validator-regex.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
8 #include "common.hpp"
9 
10 #include "validator-regex.hpp"
11 #include "signature-sha256-with-rsa.hpp"
12 #include "certificate-cache-ttl.hpp"
13 
14 #include "../util/logging.hpp"
15 
16 INIT_LOGGER("ndn.ValidatorRegex");
17 
18 using namespace std;
19 
20 namespace ndn {
21 
22 const shared_ptr<CertificateCache> ValidatorRegex::DEFAULT_CERTIFICATE_CACHE;
23 
24 ValidatorRegex::ValidatorRegex(Face& face,
25  shared_ptr<CertificateCache> certificateCache,
26  const int stepLimit)
27  : Validator(face)
28  , m_stepLimit(stepLimit)
29  , m_certificateCache(certificateCache)
30 {
31  if (!static_cast<bool>(m_certificateCache))
32  m_certificateCache = make_shared<CertificateCacheTtl>(m_face.ioService());
33 }
34 
35 ValidatorRegex::ValidatorRegex(const shared_ptr<Face>& face,
36  shared_ptr<CertificateCache> certificateCache,
37  const int stepLimit)
38  : Validator(*face)
39  , m_stepLimit(stepLimit)
40  , m_certificateCache(certificateCache)
41 {
42  if (!static_cast<bool>(m_certificateCache))
43  m_certificateCache = make_shared<CertificateCacheTtl>(m_face.ioService());
44 }
45 
46 void
47 ValidatorRegex::onCertificateValidated(const shared_ptr<const Data>& signCertificate,
48  const shared_ptr<const Data>& data,
49  const OnDataValidated& onValidated,
50  const OnDataValidationFailed& onValidationFailed)
51 {
52  shared_ptr<IdentityCertificate> certificate =
53  make_shared<IdentityCertificate>(boost::cref(*signCertificate));
54 
55  if (!certificate->isTooLate() && !certificate->isTooEarly())
56  {
57  m_certificateCache->insertCertificate(certificate);
58 
59  if (verifySignature(*data, certificate->getPublicKeyInfo()))
60  return onValidated(data);
61  else
62  return onValidationFailed(data,
63  "Cannot verify signature: " +
64  data->getName().toUri());
65  }
66  else
67  {
68  _LOG_DEBUG("Wrong validity:");
69  return onValidationFailed(data,
70  "Signing certificate " +
71  signCertificate->getName().toUri() +
72  " is no longer valid.");
73  }
74 }
75 
76 void
77 ValidatorRegex::onCertificateValidationFailed(const shared_ptr<const Data>& signCertificate,
78  const string& failureInfo,
79  const shared_ptr<const Data>& data,
80  const OnDataValidationFailed& onValidationFailed)
81 {
82  onValidationFailed(data, failureInfo);
83 }
84 
85 void
86 ValidatorRegex::checkPolicy(const Data& data,
87  int nSteps,
88  const OnDataValidated& onValidated,
89  const OnDataValidationFailed& onValidationFailed,
90  vector<shared_ptr<ValidationRequest> >& nextSteps)
91 {
92  if (m_stepLimit == nSteps)
93  return onValidationFailed(data.shared_from_this(),
94  "Maximum steps of validation reached: " +
95  data.getName().toUri());
96 
97  for (RuleList::iterator it = m_mustFailVerify.begin();
98  it != m_mustFailVerify.end();
99  it++)
100  if ((*it)->satisfy(data))
101  return onValidationFailed(data.shared_from_this(),
102  "Comply with mustFail policy: " +
103  data.getName().toUri());
104 
105  for (RuleList::iterator it = m_verifyPolicies.begin();
106  it != m_verifyPolicies.end();
107  it++)
108  {
109  if ((*it)->satisfy(data))
110  {
111  try
112  {
113  SignatureSha256WithRsa sig(data.getSignature());
114 
115  Name keyLocatorName = sig.getKeyLocator().getName();
116  shared_ptr<const Certificate> trustedCert;
117  if (m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName))
118  trustedCert = m_certificateCache->getCertificate(keyLocatorName);
119  else
120  trustedCert = m_trustAnchors[keyLocatorName];
121 
122  if (static_cast<bool>(trustedCert))
123  {
124  if (verifySignature(data, sig, trustedCert->getPublicKeyInfo()))
125  return onValidated(data.shared_from_this());
126  else
127  return onValidationFailed(data.shared_from_this(),
128  "Cannot verify signature: " +
129  data.getName().toUri());
130  }
131  else
132  {
133  // _LOG_DEBUG("KeyLocator is not trust anchor");
134  OnDataValidated onKeyValidated =
135  bind(&ValidatorRegex::onCertificateValidated, this, _1,
136  data.shared_from_this(), onValidated, onValidationFailed);
137 
138  OnDataValidationFailed onKeyValidationFailed =
139  bind(&ValidatorRegex::onCertificateValidationFailed, this, _1, _2,
140  data.shared_from_this(), onValidationFailed);
141 
142  Interest interest(sig.getKeyLocator().getName());
143  shared_ptr<ValidationRequest> nextStep =
144  make_shared<ValidationRequest>(boost::cref(interest),
145  onKeyValidated,
146  onKeyValidationFailed,
147  3,
148  nSteps + 1);
149 
150  nextSteps.push_back(nextStep);
151 
152  return;
153  }
154  }
155  catch (SignatureSha256WithRsa::Error& e)
156  {
157  return onValidationFailed(data.shared_from_this(),
158  "Not SignatureSha256WithRsa signature: " +
159  data.getName().toUri());
160  }
161  catch (KeyLocator::Error& e)
162  {
163  return onValidationFailed(data.shared_from_this(),
164  "Key Locator is not a name: " +
165  data.getName().toUri());
166  }
167  }
168  }
169 
170  return onValidationFailed(data.shared_from_this(),
171  "No policy found for data: " + data.getName().toUri());
172 }
173 
174 } // namespace ndn
ndn::SignatureSha256WithRsa
Representing of SHA256-with-RSA signature in a data packet.
Definition: signature-sha256-with-rsa.hpp:18
ndn::ValidatorRegex::onCertificateValidationFailed
void onCertificateValidationFailed(const shared_ptr< const Data > &signCertificate, const std::string &failureInfo, const shared_ptr< const Data > &data, const OnDataValidationFailed &onValidationFailed)
Definition: validator-regex.cpp:77
ndn::ValidatorRegex::onCertificateValidated
void onCertificateValidated(const shared_ptr< const Data > &signCertificate, const shared_ptr< const Data > &data, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed)
Definition: validator-regex.cpp:47
ndn::ValidatorRegex::m_certificateCache
shared_ptr< CertificateCache > m_certificateCache
Definition: validator-regex.hpp:101
_LOG_DEBUG
#define _LOG_DEBUG(x)
Definition: logging.hpp:73
ndn::ValidatorRegex::checkPolicy
virtual void checkPolicy(const Data &data, int nSteps, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed, std::vector< shared_ptr< ValidationRequest > > &nextSteps)
Check the Data against policy and return the next validation step if necessary.
Definition: validator-regex.cpp:86
ndn::Interest
An Interest holds a Name and other fields for an interest.
Definition: interest.hpp:24
ndn::Data::getName
const Name & getName() const
Definition: data.hpp:346
ndn::Name::toUri
std::string toUri() const
Encode this name as a URI.
Definition: name.hpp:536
ndn::OnDataValidated
function< void(const shared_ptr< const Data > &)> OnDataValidated
Callback to report a successful Data validation.
Definition: validation-request.hpp:23
ndn::ValidatorRegex::m_trustAnchors
std::map< Name, shared_ptr< IdentityCertificate > > m_trustAnchors
Definition: validator-regex.hpp:104
ndn::Face::ioService
shared_ptr< boost::asio::io_service > ioService()
Get shared_ptr of the IO service object.
Definition: face.hpp:279
ndn::OnDataValidationFailed
function< void(const shared_ptr< const Data > &, const std::string &)> OnDataValidationFailed
Callback to report a failed Data validation.
Definition: validation-request.hpp:27
ndn::ValidatorRegex::ValidatorRegex
ValidatorRegex(Face &face, shared_ptr< CertificateCache > certificateCache=DEFAULT_CERTIFICATE_CACHE, const int stepLimit=3)
Definition: validator-regex.cpp:24
ndn::Face
Abstraction to communicate with local or remote NDN forwarder.
Definition: face.hpp:54
ndn::Name
A Name holds an array of Name::Component and represents an NDN name.
Definition: name.hpp:26
INIT_LOGGER
#define INIT_LOGGER(name)
Copyright (C) 2013 Regents of the University of California.
Definition: logging.hpp:53
ndn::Data::getSignature
const Signature & getSignature() const
Definition: data.hpp:450
ndn::Validator::verifySignature
static bool verifySignature(const Data &data, const PublicKey &publicKey)
Verify the data using the publicKey.
Definition: validator.cpp:128
ndn::Validator
Validator is one of the main classes of the security library.
Definition: validator.hpp:27