All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
validator-config.hpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
7 #ifndef NDN_SECURITY_VALIDATOR_CONFIG_HPP
8 #define NDN_SECURITY_VALIDATOR_CONFIG_HPP
9 
10 #include "validator.hpp"
11 #include "certificate-cache.hpp"
12 #include "conf/rule.hpp"
13 #include "conf/common.hpp"
14 
15 namespace ndn {
16 
17 class ValidatorConfig : public Validator
18 {
19 public:
20  class Error : public Validator::Error
21  {
22  public:
23  explicit
24  Error(const std::string& what)
25  : Validator::Error(what)
26  {
27  }
28  };
29 
30  static const shared_ptr<CertificateCache> DEFAULT_CERTIFICATE_CACHE;
31 
32  explicit
33  ValidatorConfig(Face& face,
34  const shared_ptr<CertificateCache>& certificateCache = DEFAULT_CERTIFICATE_CACHE,
35  const int stepLimit = 10);
36 
40  ValidatorConfig(const shared_ptr<Face>& face,
41  const shared_ptr<CertificateCache>& certificateCache = DEFAULT_CERTIFICATE_CACHE,
42  const int stepLimit = 10);
43 
44  virtual
45  ~ValidatorConfig()
46  {
47  }
48 
49  void
50  load(const std::string& filename);
51 
52  void
53  load(const std::string& input, const std::string& filename);
54 
55  void
56  load(std::istream& input, const std::string& filename);
57 
58  void
59  load(const security::conf::ConfigSection& configSection,
60  const std::string& filename);
61 
62 protected:
63  virtual void
64  checkPolicy(const Data& data,
65  int nSteps,
66  const OnDataValidated& onValidated,
67  const OnDataValidationFailed& onValidationFailed,
68  std::vector<shared_ptr<ValidationRequest> >& nextSteps);
69 
70  virtual void
71  checkPolicy(const Interest& interest,
72  int nSteps,
73  const OnInterestValidated& onValidated,
74  const OnInterestValidationFailed& onValidationFailed,
75  std::vector<shared_ptr<ValidationRequest> >& nextSteps);
76 
77 private:
78  template<class Packet, class OnValidated, class OnFailed>
79  void
80  checkSignature(const Packet& packet,
81  const Signature& signature,
82  int nSteps,
83  const OnValidated& onValidated,
84  const OnFailed& onValidationFailed,
85  std::vector<shared_ptr<ValidationRequest> >& nextSteps);
86 
87  template<class Packet, class OnValidated, class OnFailed>
88  void
89  onCertValidated(const shared_ptr<const Data>& signCertificate,
90  const shared_ptr<const Packet>& packet,
91  const OnValidated& onValidated,
92  const OnFailed& onValidationFailed);
93 
94  template<class Packet, class OnFailed>
95  void
96  onCertFailed(const shared_ptr<const Data>& signCertificate,
97  const std::string& failureInfo,
98  const shared_ptr<const Packet>& packet,
99  const OnFailed& onValidationFailed);
100 
101  void
102  onConfigRule(const security::conf::ConfigSection& section,
103  const std::string& filename);
104 
105  void
106  onConfigTrustAnchor(const security::conf::ConfigSection& section,
107  const std::string& filename);
108 
109 private:
110  typedef security::conf::Rule<Interest> InterestRule;
111  typedef security::conf::Rule<Data> DataRule;
112  typedef std::vector<shared_ptr<InterestRule> > InterestRuleList;
113  typedef std::vector<shared_ptr<DataRule> > DataRuleList;
114  typedef std::map<Name, shared_ptr<IdentityCertificate> > AnchorList;
115 
116  int m_stepLimit;
117  shared_ptr<CertificateCache> m_certificateCache;
118 
119  InterestRuleList m_interestRules;
120  DataRuleList m_dataRules;
121  AnchorList m_anchors;
122 };
123 
124 template<class Packet, class OnValidated, class OnFailed>
125 void
126 ValidatorConfig::checkSignature(const Packet& packet,
127  const Signature& signature,
128  int nSteps,
129  const OnValidated& onValidated,
130  const OnFailed& onValidationFailed,
131  std::vector<shared_ptr<ValidationRequest> >& nextSteps)
132 {
133  if (signature.getType() == Signature::Sha256)
134  {
135  SignatureSha256 sigSha256(signature);
136 
137  if (verifySignature(packet, sigSha256))
138  return onValidated(packet.shared_from_this());
139  else
140  return onValidationFailed(packet.shared_from_this(),
141  "Sha256 Signature cannot be verified!");
142  }
143 
144  if (signature.getType() == Signature::Sha256WithRsa)
145  {
146  SignatureSha256WithRsa sigSha256Rsa(signature);
147  Name keyLocatorName = sigSha256Rsa.getKeyLocator().getName();
148 
149  shared_ptr<const Certificate> trustedCert;
150 
151  AnchorList::const_iterator it = m_anchors.find(keyLocatorName);
152  if (m_anchors.end() == it)
153  trustedCert = m_certificateCache->getCertificate(keyLocatorName);
154  else
155  trustedCert = it->second;
156 
157  if (static_cast<bool>(trustedCert))
158  {
159  if (verifySignature(packet, sigSha256Rsa, trustedCert->getPublicKeyInfo()))
160  return onValidated(packet.shared_from_this());
161  else
162  return onValidationFailed(packet.shared_from_this(),
163  "Cannot verify signature");
164  }
165  else
166  {
167  OnDataValidated onCertValidated =
168  bind(&ValidatorConfig::onCertValidated<Packet, OnValidated, OnFailed>,
169  this, _1, packet.shared_from_this(), onValidated, onValidationFailed);
170 
171  OnDataValidationFailed onCertValidationFailed =
172  bind(&ValidatorConfig::onCertFailed<Packet, OnFailed>,
173  this, _1, _2, packet.shared_from_this(), onValidationFailed);
174 
175  Interest certInterest(keyLocatorName);
176 
177  shared_ptr<ValidationRequest> nextStep =
178  make_shared<ValidationRequest>(boost::cref(certInterest),
179  onCertValidated,
180  onCertValidationFailed,
181  1, nSteps + 1);
182 
183  nextSteps.push_back(nextStep);
184  return;
185  }
186  }
187  return onValidationFailed(packet.shared_from_this(), "Unsupported Signature Type!");
188 }
189 
190 template<class Packet, class OnValidated, class OnFailed>
191 void
192 ValidatorConfig::onCertValidated(const shared_ptr<const Data>& signCertificate,
193  const shared_ptr<const Packet>& packet,
194  const OnValidated& onValidated,
195  const OnFailed& onValidationFailed)
196 {
197  shared_ptr<IdentityCertificate> certificate =
198  make_shared<IdentityCertificate>(boost::cref(*signCertificate));
199 
200  if (!certificate->isTooLate() && !certificate->isTooEarly())
201  {
202  m_certificateCache->insertCertificate(certificate);
203 
204  if (verifySignature(*packet, certificate->getPublicKeyInfo()))
205  return onValidated(packet);
206  else
207  return onValidationFailed(packet,
208  "Cannot verify signature: " +
209  packet->getName().toUri());
210  }
211  else
212  {
213  return onValidationFailed(packet,
214  "Signing certificate " +
215  signCertificate->getName().toUri() +
216  " is no longer valid.");
217  }
218 }
219 
220 template<class Packet, class OnFailed>
221 void
222 ValidatorConfig::onCertFailed(const shared_ptr<const Data>& signCertificate,
223  const std::string& failureInfo,
224  const shared_ptr<const Packet>& packet,
225  const OnFailed& onValidationFailed)
226 {
227  onValidationFailed(packet, failureInfo);
228 }
229 
230 } // namespace ndn
231 
232 #endif // NDN_SECURITY_VALIDATOR_CONFIG_HPP
ndn::ValidatorConfig::load
void load(const std::string &filename)
Definition: validator-config.cpp:43
ndn::ValidatorConfig::ValidatorConfig
ValidatorConfig(Face &face, const shared_ptr< CertificateCache > &certificateCache=DEFAULT_CERTIFICATE_CACHE, const int stepLimit=10)
Definition: validator-config.cpp:19
ndn::Interest
An Interest holds a Name and other fields for an interest.
Definition: interest.hpp:24
ndn::ValidatorConfig::checkPolicy
virtual void checkPolicy(const Data &data, int nSteps, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed, std::vector< shared_ptr< ValidationRequest > > &nextSteps)
Check the Data against policy and return the next validation step if necessary.
Definition: validator-config.cpp:285
ndn::ValidatorConfig::Error::Error
Error(const std::string &what)
Definition: validator-config.hpp:24
ndn::OnDataValidated
function< void(const shared_ptr< const Data > &)> OnDataValidated
Callback to report a successful Data validation.
Definition: validation-request.hpp:23
ndn::OnDataValidationFailed
function< void(const shared_ptr< const Data > &, const std::string &)> OnDataValidationFailed
Callback to report a failed Data validation.
Definition: validation-request.hpp:27
ndn::Face
Abstraction to communicate with local or remote NDN forwarder.
Definition: face.hpp:54
ndn::ValidatorConfig::DEFAULT_CERTIFICATE_CACHE
static const shared_ptr< CertificateCache > DEFAULT_CERTIFICATE_CACHE
Definition: validator-config.hpp:30
ndn::OnInterestValidationFailed
function< void(const shared_ptr< const Interest > &, const std::string &)> OnInterestValidationFailed
Callback to report a failed Interest validation.
Definition: validation-request.hpp:20
ndn::security::conf::ConfigSection
boost::property_tree::ptree ConfigSection
Definition: security/conf/common.hpp:18
ndn::Validator::verifySignature
static bool verifySignature(const Data &data, const PublicKey &publicKey)
Verify the data using the publicKey.
Definition: validator.cpp:128
ndn::Validator
Validator is one of the main classes of the security library.
Definition: validator.hpp:27
ndn::OnInterestValidated
function< void(const shared_ptr< const Interest > &)> OnInterestValidated
Callback to report a successful Interest validation.
Definition: validation-request.hpp:16
ndn::Signature
A Signature is storage for the signature-related information (info and value) in a Data packet...
Definition: signature.hpp:15