validation-policy-simple-hierarchy.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2020 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
23 
24 namespace ndn {
25 namespace security {
26 inline namespace v2 {
27 
28 void
29 ValidationPolicySimpleHierarchy::checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
30  const ValidationContinuation& continueValidation)
31 {
32  Name klName = getKeyLocatorName(data, *state);
33  if (!state->getOutcome()) { // already failed
34  return;
35  }
36 
37  try {
38  if (extractIdentityNameFromKeyLocator(klName).isPrefixOf(data.getName())) {
39  continueValidation(make_shared<CertificateRequest>(klName), state);
40  return;
41  }
42  }
43  catch (const KeyLocator::Error& e) {
44  state->fail({ValidationError::Code::INVALID_KEY_LOCATOR, e.what()});
45  return;
46  }
47 
48  state->fail({ValidationError::Code::INVALID_KEY_LOCATOR, "Data signing policy violation for " +
49  data.getName().toUri() + " by " + klName.toUri()});
50 }
51 
52 void
53 ValidationPolicySimpleHierarchy::checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
54  const ValidationContinuation& continueValidation)
55 {
56  Name klName = getKeyLocatorName(interest, *state);
57  if (!state->getOutcome()) { // already failed
58  return;
59  }
60 
61  try {
62  if (extractIdentityNameFromKeyLocator(klName).isPrefixOf(interest.getName())) {
63  continueValidation(make_shared<CertificateRequest>(klName), state);
64  return;
65  }
66  }
67  catch (const KeyLocator::Error& e) {
68  state->fail({ValidationError::Code::INVALID_KEY_LOCATOR, e.what()});
69  return;
70  }
71 
72  state->fail({ValidationError::Code::INVALID_KEY_LOCATOR, "Interest signing policy violation for " +
73  interest.getName().toUri() + " by " + klName.toUri()});
74 }
75 
76 } // inline namespace v2
77 } // namespace security
78 } // namespace ndn
Represents a Data packet.
Definition: data.hpp:38
const Name & getName() const noexcept
Get name.
Definition: data.hpp:127
Represents an Interest packet.
Definition: interest.hpp:50
const Name & getName() const noexcept
Definition: interest.hpp:173
Represents an absolute name.
Definition: name.hpp:46
void toUri(std::ostream &os, name::UriFormat format=name::UriFormat::DEFAULT) const
Write URI representation of the name to the output stream.
Definition: name.cpp:348
void checkPolicy(const Data &data, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation) override
Check data against the policy.
std::function< void(const shared_ptr< CertificateRequest > &certRequest, const shared_ptr< ValidationState > &state)> ValidationContinuation
Name getKeyLocatorName(const Data &data, ValidationState &state)
extract KeyLocator.Name from a Data packet
Name extractIdentityNameFromKeyLocator(const Name &keyLocator)
Extract identity name from key, version-less certificate, or certificate name.
Definition: data.cpp:25