rule.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2021 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
24 #include "ndn-cxx/util/logger.hpp"
25 
26 #include <boost/algorithm/string/predicate.hpp>
27 
29 
30 namespace ndn {
31 namespace security {
32 inline namespace v2 {
33 namespace validator_config {
34 
35 Rule::Rule(const std::string& id, uint32_t pktType)
36  : m_id(id)
37  , m_pktType(pktType)
38 {
39 }
40 
41 void
42 Rule::addFilter(unique_ptr<Filter> filter)
43 {
44  m_filters.push_back(std::move(filter));
45 }
46 
47 void
48 Rule::addChecker(unique_ptr<Checker> checker)
49 {
50  m_checkers.push_back(std::move(checker));
51 }
52 
53 bool
54 Rule::match(uint32_t pktType, const Name& pktName, const shared_ptr<ValidationState>& state) const
55 {
56  NDN_LOG_TRACE("Trying to match " << pktName);
57  if (pktType != m_pktType) {
58  NDN_THROW(Error("Invalid packet type supplied (" + to_string(pktType) +
59  " != " + to_string(m_pktType) + ")"));
60  }
61 
62  if (m_filters.empty()) {
63  return true;
64  }
65 
66  bool retval = false;
67  for (const auto& filter : m_filters) {
68  retval |= filter->match(pktType, pktName, state);
69  if (retval) {
70  break;
71  }
72  }
73  return retval;
74 }
75 
76 bool
77 Rule::check(uint32_t pktType, tlv::SignatureTypeValue sigType, const Name& pktName, const Name& klName,
78  const shared_ptr<ValidationState>& state) const
79 {
80  NDN_LOG_TRACE("Trying to check " << pktName << " with KeyLocator " << klName);
81 
82  if (pktType != m_pktType) {
83  NDN_THROW(Error("Invalid packet type supplied (" + to_string(pktType) +
84  " != " + to_string(m_pktType) + ")"));
85  }
86 
87  std::vector<Checker::Result> checkerResults;
88  checkerResults.reserve(m_checkers.size());
89  for (const auto& checker : m_checkers) {
90  auto result = checker->check(pktType, sigType, pktName, klName, *state);
91  if (result) {
92  return true;
93  }
94  checkerResults.push_back(std::move(result));
95  }
96 
97  std::ostringstream err;
98  err << "Packet " << pktName << " (KeyLocator=" << klName << ") cannot pass any checker.";
99  for (size_t i = 0; i < checkerResults.size(); ++i) {
100  err << "\nChecker " << i << ": " << checkerResults[i].getErrorMessage();
101  }
102  state->fail({ValidationError::POLICY_ERROR, err.str()});
103  return false;
104 }
105 
106 unique_ptr<Rule>
107 Rule::create(const ConfigSection& configSection, const std::string& configFilename)
108 {
109  auto propertyIt = configSection.begin();
110 
111  // Get rule.id
112  if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "id")) {
113  NDN_THROW(Error("Expecting <rule.id>"));
114  }
115 
116  std::string ruleId = propertyIt->second.data();
117  propertyIt++;
118 
119  // Get rule.for
120  if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "for")) {
121  NDN_THROW(Error("Expecting <rule.for> in rule: " + ruleId));
122  }
123 
124  std::string usage = propertyIt->second.data();
125  propertyIt++;
126 
127  bool isForData = false;
128  if (boost::iequals(usage, "data")) {
129  isForData = true;
130  }
131  else if (boost::iequals(usage, "interest")) {
132  isForData = false;
133  }
134  else {
135  NDN_THROW(Error("Unrecognized <rule.for>: " + usage + " in rule: " + ruleId));
136  }
137 
138  auto rule = make_unique<Rule>(ruleId, isForData ? tlv::Data : tlv::Interest);
139 
140  // Get rule.filter(s)
141  for (; propertyIt != configSection.end(); propertyIt++) {
142  if (!boost::iequals(propertyIt->first, "filter")) {
143  if (boost::iequals(propertyIt->first, "checker")) {
144  break;
145  }
146  NDN_THROW(Error("Expecting <rule.filter> in rule: " + ruleId));
147  }
148 
149  rule->addFilter(Filter::create(propertyIt->second, configFilename));
150  }
151 
152  // Get rule.checker(s)
153  bool hasCheckers = false;
154  for (; propertyIt != configSection.end(); propertyIt++) {
155  if (!boost::iequals(propertyIt->first, "checker")) {
156  NDN_THROW(Error("Expecting <rule.checker> in rule: " + ruleId));
157  }
158 
159  rule->addChecker(Checker::create(propertyIt->second, configFilename));
160  hasCheckers = true;
161  }
162 
163  if (propertyIt != configSection.end()) {
164  NDN_THROW(Error("Expecting end of <rule>: " + ruleId));
165  }
166 
167  if (!hasCheckers) {
168  NDN_THROW(Error("No <rule.checker> is specified in rule: " + ruleId));
169  }
170 
171  return rule;
172 }
173 
174 } // namespace validator_config
175 } // inline namespace v2
176 } // namespace security
177 } // namespace ndn
Represents an absolute name.
Definition: name.hpp:44
@ POLICY_ERROR
The packet violates the validation rules enforced by the policy.
static unique_ptr< Checker > create(const ConfigSection &configSection, const std::string &configFilename)
Create a checker from configuration section.
Definition: checker.cpp:182
static unique_ptr< Filter > create(const ConfigSection &configSection, const std::string &configFilename)
Create a filter from the configuration section.
Definition: filter.cpp:91
void addChecker(unique_ptr< Checker > checker)
Definition: rule.cpp:48
static unique_ptr< Rule > create(const ConfigSection &configSection, const std::string &configFilename)
Create a rule from configuration section.
Definition: rule.cpp:107
bool match(uint32_t pktType, const Name &pktName, const shared_ptr< ValidationState > &state) const
Check if the packet name matches rule's filter.
Definition: rule.cpp:54
Rule(const std::string &id, uint32_t pktType)
Definition: rule.cpp:35
bool check(uint32_t pktType, tlv::SignatureTypeValue sigType, const Name &pktName, const Name &klName, const shared_ptr< ValidationState > &state) const
Check if packet satisfies rule's condition.
Definition: rule.cpp:77
void addFilter(unique_ptr< Filter > filter)
Definition: rule.cpp:42
#define NDN_THROW(e)
Definition: exception.hpp:61
#define NDN_LOG_TRACE(expression)
Log at TRACE level.
Definition: logger.hpp:249
#define NDN_LOG_INIT(name)
Define a non-member log module.
Definition: logger.hpp:163
std::string to_string(const errinfo_stacktrace &x)
Definition: exception.cpp:31
boost::property_tree::ptree ConfigSection
Definition: common.hpp:36
@ Data
Definition: tlv.hpp:69
@ Interest
Definition: tlv.hpp:68
SignatureTypeValue
SignatureType values.
Definition: tlv.hpp:127
Definition: data.cpp:25