validation-policy-simple-hierarchy.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2023 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
23 
24 namespace ndn::security {
25 
26 void
27 ValidationPolicySimpleHierarchy::checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
28  const ValidationContinuation& continueValidation)
29 {
30  Name klName = getKeyLocatorName(data.getSignatureInfo(), *state);
31  if (!state->getOutcome()) { // already failed
32  return;
33  }
34 
35  Name identity;
36  try {
37  identity = extractIdentityNameFromKeyLocator(klName);
38  }
39  catch (const KeyLocator::Error& e) {
40  state->fail({ValidationError::INVALID_KEY_LOCATOR, e.what()});
41  return;
42  }
43 
44  if (!identity.isPrefixOf(data.getName())) {
45  state->fail({ValidationError::POLICY_ERROR,
46  "Data " + data.getName().toUri() + " signed by " + klName.toUri()});
47  return;
48  }
49 
50  continueValidation(make_shared<CertificateRequest>(klName), state);
51 }
52 
53 void
54 ValidationPolicySimpleHierarchy::checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
55  const ValidationContinuation& continueValidation)
56 {
57  auto sigInfo = getSignatureInfo(interest, *state);
58  if (!state->getOutcome()) { // already failed
59  return;
60  }
61  Name klName = getKeyLocatorName(sigInfo, *state);
62  if (!state->getOutcome()) { // already failed
63  return;
64  }
65 
66  Name identity;
67  try {
68  identity = extractIdentityNameFromKeyLocator(klName);
69  }
70  catch (const KeyLocator::Error& e) {
71  state->fail({ValidationError::INVALID_KEY_LOCATOR, e.what()});
72  return;
73  }
74 
75  if (!identity.isPrefixOf(interest.getName())) {
76  state->fail({ValidationError::POLICY_ERROR,
77  "Interest " + interest.getName().toUri() + " signed by " + klName.toUri()});
78  return;
79  }
80 
81  continueValidation(make_shared<CertificateRequest>(klName), state);
82 }
83 
84 } // namespace ndn::security
Represents a Data packet.
Definition: data.hpp:39
const SignatureInfo & getSignatureInfo() const noexcept
Get the SignatureInfo element.
Definition: data.hpp:243
const Name & getName() const noexcept
Get the Data name.
Definition: data.hpp:137
Represents an Interest packet.
Definition: interest.hpp:50
const Name & getName() const noexcept
Get the Interest name.
Definition: interest.hpp:179
Represents an absolute name.
Definition: name.hpp:45
void toUri(std::ostream &os, name::UriFormat format=name::UriFormat::DEFAULT) const
Write URI representation of the name to the output stream.
Definition: name.cpp:324
bool isPrefixOf(const Name &other) const noexcept
Check if this name is a prefix of another name.
Definition: name.cpp:275
@ INVALID_KEY_LOCATOR
The KeyLocator element is missing or has an invalid format.
@ POLICY_ERROR
The packet violates the validation rules enforced by the policy.
void checkPolicy(const Data &data, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation) override
Check data against the policy.
std::function< void(const shared_ptr< CertificateRequest > &certRequest, const shared_ptr< ValidationState > &state)> ValidationContinuation
Contains the ndn-cxx security framework.
Name extractIdentityNameFromKeyLocator(const Name &keyLocator)
Extract identity name from key, version-less certificate, or certificate name.
SignatureInfo getSignatureInfo(const Interest &interest, ValidationState &state)
Extract SignatureInfo from a signed Interest.
Name getKeyLocatorName(const SignatureInfo &si, ValidationState &state)
Extract the KeyLocator name from a SignatureInfo element.