validation-state.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2022 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
25 #include "ndn-cxx/util/logger.hpp"
26 
27 namespace ndn {
28 namespace security {
29 inline namespace v2 {
30 
32 
33 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(this->getDepth() + 1, '>') << " " << x)
34 #define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(this->getDepth() + 1, '>') << " " << x)
35 
37 {
38  NDN_LOG_TRACE(__func__);
39  BOOST_ASSERT(!boost::logic::indeterminate(m_outcome));
40 }
41 
42 bool
44 {
45  return !m_seenCertificateNames.insert(certName).second;
46 }
47 
48 void
50 {
51  m_certificateChain.push_front(cert);
52 }
53 
54 const Certificate*
55 ValidationState::verifyCertificateChain(const Certificate& trustedCert)
56 {
57  const Certificate* validatedCert = &trustedCert;
58  for (auto it = m_certificateChain.begin(); it != m_certificateChain.end(); ++it) {
59  const auto& certToValidate = *it;
60 
61  if (!verifySignature(certToValidate, *validatedCert)) {
62  this->fail({ValidationError::INVALID_SIGNATURE, "Certificate " + certToValidate.getName().toUri()});
63  m_certificateChain.erase(it, m_certificateChain.end());
64  return nullptr;
65  }
66 
67  NDN_LOG_TRACE_DEPTH("OK signature for certificate `" << certToValidate.getName() << "`");
68  validatedCert = &certToValidate;
69  }
70  return validatedCert;
71 }
72 
74 
76  const DataValidationSuccessCallback& successCb,
77  const DataValidationFailureCallback& failureCb)
78  : m_data(data)
79  , m_successCb(successCb)
80  , m_failureCb(failureCb)
81 {
82  BOOST_ASSERT(m_successCb != nullptr);
83  BOOST_ASSERT(m_failureCb != nullptr);
84 }
85 
87 {
88  if (boost::logic::indeterminate(m_outcome)) {
90  "Validator/policy did not invoke success or failure callback"});
91  }
92 }
93 
94 void
95 DataValidationState::verifyOriginalPacket(const optional<Certificate>& trustedCert)
96 {
97  if (verifySignature(m_data, trustedCert)) {
98  NDN_LOG_TRACE_DEPTH("OK signature for data `" << m_data.getName() << "`");
99  m_successCb(m_data);
100  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
101  m_outcome = true;
102  }
103  else {
104  this->fail({ValidationError::INVALID_SIGNATURE, "Data " + m_data.getName().toUri()});
105  }
106 }
107 
108 void
109 DataValidationState::bypassValidation()
110 {
111  NDN_LOG_TRACE_DEPTH("Signature verification bypassed for data `" << m_data.getName() << "`");
112  m_successCb(m_data);
113  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
114  m_outcome = true;
115 }
116 
117 void
119 {
120  NDN_LOG_DEBUG_DEPTH(error);
121  m_failureCb(m_data, error);
122  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
123  m_outcome = false;
124 }
125 
127 
129  const InterestValidationSuccessCallback& successCb,
130  const InterestValidationFailureCallback& failureCb)
131  : m_interest(interest)
132  , m_failureCb(failureCb)
133 {
134  afterSuccess.connect(successCb);
135  BOOST_ASSERT(successCb != nullptr);
136  BOOST_ASSERT(m_failureCb != nullptr);
137 }
138 
140 {
141  if (boost::logic::indeterminate(m_outcome)) {
143  "Validator/policy did not invoke success or failure callback"});
144  }
145 }
146 
147 void
148 InterestValidationState::verifyOriginalPacket(const optional<Certificate>& trustedCert)
149 {
150  if (verifySignature(m_interest, trustedCert)) {
151  NDN_LOG_TRACE_DEPTH("OK signature for interest `" << m_interest.getName() << "`");
152  this->afterSuccess(m_interest);
153  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
154  m_outcome = true;
155  }
156  else {
157  this->fail({ValidationError::INVALID_SIGNATURE, "Interest " + m_interest.getName().toUri()});
158  }
159 }
160 
161 void
162 InterestValidationState::bypassValidation()
163 {
164  NDN_LOG_TRACE_DEPTH("Signature verification bypassed for interest `" << m_interest.getName() << "`");
165  this->afterSuccess(m_interest);
166  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
167  m_outcome = true;
168 }
169 
170 void
172 {
173  NDN_LOG_DEBUG_DEPTH(error);
174  m_failureCb(m_interest, error);
175  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
176  m_outcome = false;
177 }
178 
179 } // inline namespace v2
180 } // namespace security
181 } // namespace ndn
Represents a Data packet.
Definition: data.hpp:39
const Name & getName() const noexcept
Get the data name.
Definition: data.hpp:129
Represents an Interest packet.
Definition: interest.hpp:50
const Name & getName() const noexcept
Definition: interest.hpp:173
Represents an absolute name.
Definition: name.hpp:44
Represents an NDN certificate.
Definition: certificate.hpp:60
void fail(const ValidationError &error) final
Call the failure callback.
DataValidationState(const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb)
Create validation state for data.
InterestValidationState(const Interest &interest, const InterestValidationSuccessCallback &successCb, const InterestValidationFailureCallback &failureCb)
Create validation state for interest.
util::Signal< InterestValidationState, Interest > afterSuccess
void fail(const ValidationError &error) final
Call the failure callback.
Validation error code and optional detailed error message.
@ IMPLEMENTATION_ERROR
Internal implementation error.
@ INVALID_SIGNATURE
Signature verification failed.
bool hasSeenCertificateName(const Name &certName)
Check if certName has been previously seen and record the supplied name.
virtual void fail(const ValidationError &error)=0
Call the failure callback.
void addCertificate(const Certificate &cert)
Add cert to the top of the certificate chain.
#define NDN_LOG_TRACE(expression)
Log at TRACE level.
Definition: logger.hpp:249
#define NDN_LOG_INIT(name)
Define a non-member log module.
Definition: logger.hpp:163
std::function< void(const Data &)> DataValidationSuccessCallback
Callback to report a successful Data validation.
std::function< void(const Data &, const ValidationError &)> DataValidationFailureCallback
Callback to report a failed Data validation.
std::function< void(const Interest &)> InterestValidationSuccessCallback
Callback to report a successful Interest validation.
std::function< void(const Interest &, const ValidationError &)> InterestValidationFailureCallback
Callback to report a failed Interest validation.
bool verifySignature(const InputBuffers &blobs, span< const uint8_t > sig, const transform::PublicKey &key)
Verify blobs using key against sig.
Definition: data.cpp:25
#define NDN_LOG_DEBUG_DEPTH(x)
#define NDN_LOG_TRACE_DEPTH(x)