validation-state.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2021 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
25 #include "ndn-cxx/util/logger.hpp"
26 
27 namespace ndn {
28 namespace security {
29 inline namespace v2 {
30 
32 
33 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(this->getDepth() + 1, '>') << " " << x)
34 #define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(this->getDepth() + 1, '>') << " " << x)
35 
37  : m_outcome(boost::logic::indeterminate)
38 {
39 }
40 
42 {
43  NDN_LOG_TRACE(__func__);
44  BOOST_ASSERT(!boost::logic::indeterminate(m_outcome));
45 }
46 
47 size_t
49 {
50  return m_certificateChain.size();
51 }
52 
53 bool
55 {
56  return !m_seenCertificateNames.insert(certName).second;
57 }
58 
59 void
61 {
62  m_certificateChain.push_front(cert);
63 }
64 
65 const Certificate*
66 ValidationState::verifyCertificateChain(const Certificate& trustedCert)
67 {
68  const Certificate* validatedCert = &trustedCert;
69  for (auto it = m_certificateChain.begin(); it != m_certificateChain.end(); ++it) {
70  const auto& certToValidate = *it;
71 
72  if (!verifySignature(certToValidate, *validatedCert)) {
73  this->fail({ValidationError::Code::INVALID_SIGNATURE, "Invalid signature of certificate `" +
74  certToValidate.getName().toUri() + "`"});
75  m_certificateChain.erase(it, m_certificateChain.end());
76  return nullptr;
77  }
78  else {
79  NDN_LOG_TRACE_DEPTH("OK signature for certificate `" << certToValidate.getName() << "`");
80  validatedCert = &certToValidate;
81  }
82  }
83  return validatedCert;
84 }
85 
87 
89  const DataValidationSuccessCallback& successCb,
90  const DataValidationFailureCallback& failureCb)
91  : m_data(data)
92  , m_successCb(successCb)
93  , m_failureCb(failureCb)
94 {
95  BOOST_ASSERT(m_successCb != nullptr);
96  BOOST_ASSERT(m_failureCb != nullptr);
97 }
98 
100 {
101  if (boost::logic::indeterminate(m_outcome)) {
102  this->fail({ValidationError::Code::IMPLEMENTATION_ERROR,
103  "Validator/policy did not invoke success or failure callback"});
104  }
105 }
106 
107 void
108 DataValidationState::verifyOriginalPacket(const optional<Certificate>& trustedCert)
109 {
110  if (verifySignature(m_data, trustedCert)) {
111  NDN_LOG_TRACE_DEPTH("OK signature for data `" << m_data.getName() << "`");
112  m_successCb(m_data);
113  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
114  m_outcome = true;
115  }
116  else {
117  this->fail({ValidationError::Code::INVALID_SIGNATURE, "Invalid signature of data `" +
118  m_data.getName().toUri() + "`"});
119  }
120 }
121 
122 void
123 DataValidationState::bypassValidation()
124 {
125  NDN_LOG_TRACE_DEPTH("Signature verification bypassed for data `" << m_data.getName() << "`");
126  m_successCb(m_data);
127  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
128  m_outcome = true;
129 }
130 
131 void
133 {
134  NDN_LOG_DEBUG_DEPTH(error);
135  m_failureCb(m_data, error);
136  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
137  m_outcome = false;
138 }
139 
140 const Data&
142 {
143  return m_data;
144 }
145 
147 
149  const InterestValidationSuccessCallback& successCb,
150  const InterestValidationFailureCallback& failureCb)
151  : m_interest(interest)
152  , m_failureCb(failureCb)
153 {
154  afterSuccess.connect(successCb);
155  BOOST_ASSERT(successCb != nullptr);
156  BOOST_ASSERT(m_failureCb != nullptr);
157 }
158 
160 {
161  if (boost::logic::indeterminate(m_outcome)) {
162  this->fail({ValidationError::Code::IMPLEMENTATION_ERROR,
163  "Validator/policy did not invoke success or failure callback"});
164  }
165 }
166 
167 void
168 InterestValidationState::verifyOriginalPacket(const optional<Certificate>& trustedCert)
169 {
170  if (verifySignature(m_interest, trustedCert)) {
171  NDN_LOG_TRACE_DEPTH("OK signature for interest `" << m_interest.getName() << "`");
172  this->afterSuccess(m_interest);
173  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
174  m_outcome = true;
175  }
176  else {
177  this->fail({ValidationError::Code::INVALID_SIGNATURE, "Invalid signature of interest `" +
178  m_interest.getName().toUri() + "`"});
179  }
180 }
181 
182 void
183 InterestValidationState::bypassValidation()
184 {
185  NDN_LOG_TRACE_DEPTH("Signature verification bypassed for interest `" << m_interest.getName() << "`");
186  this->afterSuccess(m_interest);
187  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
188  m_outcome = true;
189 }
190 
191 void
193 {
194  NDN_LOG_DEBUG_DEPTH(error);
195  m_failureCb(m_interest, error);
196  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
197  m_outcome = false;
198 }
199 
200 const Interest&
202 {
203  return m_interest;
204 }
205 
206 } // inline namespace v2
207 } // namespace security
208 } // namespace ndn
Represents a Data packet.
Definition: data.hpp:38
const Name & getName() const noexcept
Get name.
Definition: data.hpp:127
Represents an Interest packet.
Definition: interest.hpp:50
const Name & getName() const noexcept
Definition: interest.hpp:173
Represents an absolute name.
Definition: name.hpp:46
Represents an NDN certificate following the version 2.0 format.
Definition: certificate.hpp:61
void fail(const ValidationError &error) final
Call the failure callback.
DataValidationState(const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb)
Create validation state for data.
InterestValidationState(const Interest &interest, const InterestValidationSuccessCallback &successCb, const InterestValidationFailureCallback &failureCb)
Create validation state for interest.
util::Signal< InterestValidationState, Interest > afterSuccess
void fail(const ValidationError &error) final
Call the failure callback.
Validation error code and optional detailed error message.
bool hasSeenCertificateName(const Name &certName)
Check if certName has been previously seen and record the supplied name.
ValidationState()
Create validation state.
virtual void fail(const ValidationError &error)=0
Call the failure callback.
void addCertificate(const Certificate &cert)
Add cert to the top of the certificate chain.
#define NDN_LOG_TRACE(expression)
Log at TRACE level.
Definition: logger.hpp:249
#define NDN_LOG_INIT(name)
Define a non-member log module.
Definition: logger.hpp:163
function< void(const Interest &interest, const ValidationError &error)> InterestValidationFailureCallback
Callback to report a failed Interest validation.
function< void(const Data &data)> DataValidationSuccessCallback
Callback to report a successful Data validation.
function< void(const Data &data, const ValidationError &error)> DataValidationFailureCallback
Callback to report a failed Data validation.
function< void(const Interest &interest)> InterestValidationSuccessCallback
Callback to report a successful Interest validation.
bool verifySignature(const InputBuffers &blobs, span< const uint8_t > sig, const transform::PublicKey &key)
Verify blobs using key against sig.
Definition: data.cpp:25
#define NDN_LOG_DEBUG_DEPTH(x)
#define NDN_LOG_TRACE_DEPTH(x)