28 #include <boost/algorithm/string/predicate.hpp>
33 namespace validator_config {
40 Checker::Result::Result(std::string error)
41 : m_error(std::move(error))
45 class Checker::NegativeResultBuilder
49 NegativeResultBuilder&
56 operator Checker::Result()
const
58 auto error = m_ss.str();
59 return Checker::Result(error.empty() ?
"checker failed" : std::move(error));
63 std::ostringstream m_ss;
66 Checker::NegativeResultBuilder
69 return NegativeResultBuilder();
79 return reject() <<
"signature type does not match the checker "
91 return reject() <<
"ParametersSha256DigestComponent missing";
97 return reject() <<
"name too short";
116 , m_relation(relation)
129 return reject() <<
"identity " << identity <<
" and packet name do not satisfy "
130 << m_relation <<
" relation";
142 if (m_regex.
match(klName)) {
146 return reject() <<
"KeyLocator does not match regex " << m_regex;
150 const std::string& pktNameExpr,
const std::string pktNameExpand,
151 const std::string& klNameExpr,
const std::string klNameExpand,
154 , m_hyperPRegex(pktNameExpr, pktNameExpand)
155 , m_hyperKRegex(klNameExpr, klNameExpand)
156 , m_hyperRelation(hyperRelation)
163 if (!m_hyperPRegex.
match(pktName)) {
164 return reject() <<
"packet name does not match p-regex " << m_hyperPRegex;
167 if (!m_hyperKRegex.
match(klName)) {
168 return reject() <<
"KeyLocator does not match k-regex " << m_hyperKRegex;
171 auto kExpand = m_hyperKRegex.
expand();
172 auto pExpand = m_hyperPRegex.
expand();
177 return reject() <<
"expanded names " << kExpand <<
" and " << pExpand
178 <<
" do not satisfy " << m_hyperRelation <<
" relation";
184 auto propertyIt = configSection.begin();
187 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"type")) {
191 std::string type = propertyIt->second.data();
192 if (boost::iequals(type,
"customized")) {
193 return createCustomizedChecker(configSection, configFilename);
195 else if (boost::iequals(type,
"hierarchical")) {
196 return createHierarchicalChecker(configSection, configFilename);
204 parseSigType(
const std::string& value)
206 if (boost::iequals(value,
"rsa-sha256")) {
209 else if (boost::iequals(value,
"ecdsa-sha256")) {
216 else if (boost::iequals(value,
"sha256")) {
220 NDN_THROW(Error(
"Unrecognized value of <checker.sig-type>: " + value));
225 Checker::createCustomizedChecker(
const ConfigSection& configSection,
226 const std::string& configFilename)
228 auto propertyIt = configSection.begin();
234 if (propertyIt != configSection.end() && boost::iequals(propertyIt->first,
"sig-type")) {
235 sigType = parseSigType(propertyIt->second.data());
239 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"key-locator")) {
242 return make_unique<Checker>(sigType);
244 NDN_THROW(Error(
"Expecting <checker.key-locator>"));
247 auto checker = createKeyLocatorChecker(sigType, propertyIt->second, configFilename);
250 if (propertyIt != configSection.end()) {
251 NDN_THROW(Error(
"Expecting end of <checker>"));
257 Checker::createHierarchicalChecker(
const ConfigSection& configSection,
258 const std::string& configFilename)
260 auto propertyIt = configSection.begin();
266 if (propertyIt != configSection.end() && boost::iequals(propertyIt->first,
"sig-type")) {
267 sigType = parseSigType(propertyIt->second.data());
271 if (propertyIt != configSection.end()) {
272 NDN_THROW(Error(
"Expecting end of <checker>"));
274 return make_unique<HyperRelationChecker>(sigType,
276 "^(<>*)<KEY><>{1,3}$",
"\\1",
282 const ConfigSection& configSection,
const std::string& configFilename)
284 auto propertyIt = configSection.begin();
287 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"type"))
288 NDN_THROW(Error(
"Expecting <checker.key-locator.type>"));
290 std::string type = propertyIt->second.data();
291 if (boost::iequals(type,
"name"))
292 return createKeyLocatorNameChecker(sigType, configSection, configFilename);
294 NDN_THROW(Error(
"Unrecognized <checker.key-locator.type>: " + type));
299 const ConfigSection& configSection,
const std::string& configFilename)
301 auto propertyIt = configSection.begin();
304 if (propertyIt == configSection.end())
305 NDN_THROW(Error(
"Unexpected end of <checker.key-locator>"));
307 if (boost::iequals(propertyIt->first,
"name")) {
310 name =
Name(propertyIt->second.data());
313 NDN_THROW_NESTED(Error(
"Invalid <checker.key-locator.name>: " + propertyIt->second.data()));
317 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"relation")) {
318 NDN_THROW(Error(
"Expecting <checker.key-locator.relation>"));
321 std::string relationString = propertyIt->second.data();
326 if (propertyIt != configSection.end()) {
327 NDN_THROW(Error(
"Expecting end of <checker.key-locator>"));
329 return make_unique<NameRelationChecker>(sigType, name, relation);
331 else if (boost::iequals(propertyIt->first,
"regex")) {
332 std::string regexString = propertyIt->second.data();
335 if (propertyIt != configSection.end()) {
336 NDN_THROW(Error(
"Expecting end of <checker.key-locator>"));
340 return make_unique<RegexChecker>(sigType,
Regex(regexString));
342 catch (
const Regex::Error&) {
343 NDN_THROW_NESTED(Error(
"Invalid <checker.key-locator.regex>: " + regexString));
346 else if (boost::iequals(propertyIt->first,
"hyper-relation")) {
348 auto hPropertyIt = hSection.begin();
351 if (hPropertyIt == hSection.end() || !boost::iequals(hPropertyIt->first,
"k-regex")) {
352 NDN_THROW(Error(
"Expecting <checker.key-locator.hyper-relation.k-regex>"));
355 std::string kRegex = hPropertyIt->second.data();
359 if (hPropertyIt == hSection.end() || !boost::iequals(hPropertyIt->first,
"k-expand")) {
360 NDN_THROW(Error(
"Expecting <checker.key-locator.hyper-relation.k-expand>"));
363 std::string kExpand = hPropertyIt->second.data();
367 if (hPropertyIt == hSection.end() || !boost::iequals(hPropertyIt->first,
"h-relation")) {
368 NDN_THROW(Error(
"Expecting <checker.key-locator.hyper-relation.h-relation>"));
371 std::string hRelation = hPropertyIt->second.data();
375 if (hPropertyIt == hSection.end() || !boost::iequals(hPropertyIt->first,
"p-regex")) {
376 NDN_THROW(Error(
"Expecting <checker.key-locator.hyper-relation.p-regex>"));
379 std::string pRegex = hPropertyIt->second.data();
383 if (hPropertyIt == hSection.end() || !boost::iequals(hPropertyIt->first,
"p-expand")) {
384 NDN_THROW(Error(
"Expecting <checker.key-locator.hyper-relation.p-expand>"));
387 std::string pExpand = hPropertyIt->second.data();
390 if (hPropertyIt != hSection.end()) {
391 NDN_THROW(Error(
"Expecting end of <checker.key-locator.hyper-relation>"));
396 return make_unique<HyperRelationChecker>(sigType, pRegex, pExpand, kRegex, kExpand, relation);
398 catch (
const Regex::Error&) {
403 NDN_THROW(Error(
"Unrecognized <checker.key-locator>: " + propertyIt->first));
Represents an absolute name.
name::Component::Error Error
PartialName getPrefix(ssize_t nComponents) const
Returns a prefix of the name.
size_t size() const noexcept
Returns the number of components.
bool match(const Name &name)
virtual Name expand(const std::string &expand="")
Provides a tag type for simple types.
shared_ptr< T > getTag() const
Get a tag item.
static NegativeResultBuilder reject()
Checker(tlv::SignatureTypeValue sigType)
Result check(uint32_t pktType, tlv::SignatureTypeValue sigType, const Name &pktName, const Name &klName, const ValidationState &state)
Check if packet name and KeyLocator satisfy the checker's conditions.
tlv::SignatureTypeValue m_sigType
static unique_ptr< Checker > create(const ConfigSection &configSection, const std::string &configFilename)
Create a checker from configuration section.
virtual Result checkNames(const Name &pktName, const Name &klName)
Base version of name checking.
Result checkNames(const Name &pktName, const Name &klName) override
Base version of name checking.
HyperRelationChecker(tlv::SignatureTypeValue sigType, const std::string &pktNameExpr, const std::string pktNameExpand, const std::string &klNameExpr, const std::string klNameExpand, const NameRelation &hyperRelation)
Result checkNames(const Name &pktName, const Name &klName) override
Base version of name checking.
NameRelationChecker(tlv::SignatureTypeValue sigType, const Name &name, const NameRelation &relation)
RegexChecker(tlv::SignatureTypeValue sigType, const Regex ®ex)
Result checkNames(const Name &pktName, const Name &klName) override
Base version of name checking.
#define NDN_THROW_NESTED(e)
boost::property_tree::ptree ConfigSection
std::ostream & operator<<(std::ostream &os, NameRelation relation)
bool checkNameRelation(NameRelation relation, const Name &name1, const Name &name2)
Check whether name1 and name2 satisfies relation.
NameRelation getNameRelationFromString(const std::string &relationString)
Convert relationString to NameRelation.
Name extractIdentityNameFromKeyLocator(const Name &keyLocator)
Extract identity name from key, version-less certificate, or certificate name.
@ V03
Sign Interest using Packet Specification v0.3 semantics.
const size_t MIN_SIZE
Minimum number of name components for an old-style Signed Interest.
@ ParametersSha256DigestComponent
SignatureTypeValue
SignatureType values.
@ SignatureSha256WithEcdsa