validation-state.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2023 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
22 #include "ndn-cxx/security/validation-state.hpp"
23 #include "ndn-cxx/security/validator.hpp"
24 #include "ndn-cxx/security/verification-helpers.hpp"
25 #include "ndn-cxx/util/logger.hpp"
26 
27 namespace ndn::security {
28 
29 NDN_LOG_INIT(ndn.security.ValidationState);
30 
31 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(this->getDepth() + 1, '>') << " " << x)
32 #define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(this->getDepth() + 1, '>') << " " << x)
33 
34 ValidationState::~ValidationState()
35 {
36  NDN_LOG_TRACE(__func__);
37  BOOST_ASSERT(!boost::logic::indeterminate(m_outcome));
38 }
39 
40 bool
41 ValidationState::hasSeenCertificateName(const Name& certName)
42 {
43  return !m_seenCertificateNames.insert(certName).second;
44 }
45 
46 void
47 ValidationState::addCertificate(const Certificate& cert)
48 {
49  m_certificateChain.push_front(cert);
50 }
51 
52 const Certificate*
53 ValidationState::verifyCertificateChain(const Certificate& trustedCert)
54 {
55  const Certificate* validatedCert = &trustedCert;
56  for (auto it = m_certificateChain.begin(); it != m_certificateChain.end(); ++it) {
57  const auto& certToValidate = *it;
58 
59  if (!verifySignature(certToValidate, *validatedCert)) {
60  this->fail({ValidationError::INVALID_SIGNATURE, "Certificate " + certToValidate.getName().toUri()});
61  m_certificateChain.erase(it, m_certificateChain.end());
62  return nullptr;
63  }
64 
65  NDN_LOG_TRACE_DEPTH("OK signature for certificate `" << certToValidate.getName() << "`");
66  validatedCert = &certToValidate;
67  }
68  return validatedCert;
69 }
70 
72 
73 DataValidationState::DataValidationState(const Data& data,
74  const DataValidationSuccessCallback& successCb,
75  const DataValidationFailureCallback& failureCb)
76  : m_data(data)
77  , m_successCb(successCb)
78  , m_failureCb(failureCb)
79 {
80  BOOST_ASSERT(m_successCb != nullptr);
81  BOOST_ASSERT(m_failureCb != nullptr);
82 }
83 
84 DataValidationState::~DataValidationState()
85 {
86  if (boost::logic::indeterminate(m_outcome)) {
87  this->fail({ValidationError::IMPLEMENTATION_ERROR,
88  "Validator/policy did not invoke success or failure callback"});
89  }
90 }
91 
92 void
93 DataValidationState::verifyOriginalPacket(const std::optional<Certificate>& trustedCert)
94 {
95  if (verifySignature(m_data, trustedCert)) {
96  NDN_LOG_TRACE_DEPTH("OK signature for data `" << m_data.getName() << "`");
97  m_successCb(m_data);
98  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
99  m_outcome = true;
100  }
101  else {
102  this->fail({ValidationError::INVALID_SIGNATURE, "Data " + m_data.getName().toUri()});
103  }
104 }
105 
106 void
107 DataValidationState::bypassValidation()
108 {
109  NDN_LOG_TRACE_DEPTH("Signature verification bypassed for data `" << m_data.getName() << "`");
110  m_successCb(m_data);
111  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
112  m_outcome = true;
113 }
114 
115 void
116 DataValidationState::fail(const ValidationError& error)
117 {
118  NDN_LOG_DEBUG_DEPTH(error);
119  m_failureCb(m_data, error);
120  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
121  m_outcome = false;
122 }
123 
125 
126 InterestValidationState::InterestValidationState(const Interest& interest,
127  const InterestValidationSuccessCallback& successCb,
128  const InterestValidationFailureCallback& failureCb)
129  : m_interest(interest)
130  , m_failureCb(failureCb)
131 {
132  afterSuccess.connect(successCb);
133  BOOST_ASSERT(successCb != nullptr);
134  BOOST_ASSERT(m_failureCb != nullptr);
135 }
136 
137 InterestValidationState::~InterestValidationState()
138 {
139  if (boost::logic::indeterminate(m_outcome)) {
140  this->fail({ValidationError::IMPLEMENTATION_ERROR,
141  "Validator/policy did not invoke success or failure callback"});
142  }
143 }
144 
145 void
146 InterestValidationState::verifyOriginalPacket(const std::optional<Certificate>& trustedCert)
147 {
148  if (verifySignature(m_interest, trustedCert)) {
149  NDN_LOG_TRACE_DEPTH("OK signature for interest `" << m_interest.getName() << "`");
150  this->afterSuccess(m_interest);
151  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
152  m_outcome = true;
153  }
154  else {
155  this->fail({ValidationError::INVALID_SIGNATURE, "Interest " + m_interest.getName().toUri()});
156  }
157 }
158 
159 void
160 InterestValidationState::bypassValidation()
161 {
162  NDN_LOG_TRACE_DEPTH("Signature verification bypassed for interest `" << m_interest.getName() << "`");
163  this->afterSuccess(m_interest);
164  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
165  m_outcome = true;
166 }
167 
168 void
169 InterestValidationState::fail(const ValidationError& error)
170 {
171  NDN_LOG_DEBUG_DEPTH(error);
172  m_failureCb(m_interest, error);
173  BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
174  m_outcome = false;
175 }
176 
177 } // namespace ndn::security
ndn::Data
Represents a Data packet.
Definition: data.hpp:39
ndn::Data::getName
const Name & getName() const noexcept
Get the Data name.
Definition: data.hpp:137
ndn::Interest
Represents an Interest packet.
Definition: interest.hpp:50
ndn::Interest::getName
const Name & getName() const noexcept
Get the Interest name.
Definition: interest.hpp:179
ndn::Name
Represents an absolute name.
Definition: name.hpp:45
ndn::security::Certificate
Represents an NDN certificate.
Definition: certificate.hpp:58
ndn::security::DataValidationState::DataValidationState
DataValidationState(const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb)
Create validation state for data.
Definition: validation-state.cpp:73
ndn::security::DataValidationState::fail
void fail(const ValidationError &error) final
Call the failure callback.
Definition: validation-state.cpp:116
ndn::security::InterestValidationState::fail
void fail(const ValidationError &error) final
Call the failure callback.
Definition: validation-state.cpp:169
ndn::security::InterestValidationState::afterSuccess
signal::Signal< InterestValidationState, Interest > afterSuccess
Definition: validation-state.hpp:240
ndn::security::InterestValidationState::InterestValidationState
InterestValidationState(const Interest &interest, const InterestValidationSuccessCallback &successCb, const InterestValidationFailureCallback &failureCb)
Create validation state for interest.
Definition: validation-state.cpp:126
ndn::security::ValidationError
Validation error code and optional detailed error message.
Definition: validation-error.hpp:35
ndn::security::ValidationError::INVALID_SIGNATURE
@ INVALID_SIGNATURE
Signature verification failed.
Definition: validation-error.hpp:46
ndn::security::ValidationError::IMPLEMENTATION_ERROR
@ IMPLEMENTATION_ERROR
Internal implementation error.
Definition: validation-error.hpp:64
ndn::security::ValidationState::hasSeenCertificateName
bool hasSeenCertificateName(const Name &certName)
Check if certName has been previously seen and record the supplied name.
Definition: validation-state.cpp:41
ndn::security::ValidationState::fail
virtual void fail(const ValidationError &error)=0
Call the failure callback.
ndn::security::ValidationState::addCertificate
void addCertificate(const Certificate &cert)
Add cert to the top of the certificate chain.
Definition: validation-state.cpp:47
NDN_LOG_TRACE
#define NDN_LOG_TRACE(expression)
Log at TRACE level.
Definition: logger.hpp:255
NDN_LOG_INIT
#define NDN_LOG_INIT(name)
Define a non-member log module.
Definition: logger.hpp:169
ndn::security
Contains the ndn-cxx security framework.
Definition: additional-description.cpp:26
ndn::security::InterestValidationSuccessCallback
std::function< void(const Interest &)> InterestValidationSuccessCallback
Callback to report a successful Interest validation.
Definition: validation-callback.hpp:44
ndn::security::verifySignature
bool verifySignature(const InputBuffers &blobs, span< const uint8_t > sig, const transform::PublicKey &key)
Verify blobs using key against sig.
Definition: verification-helpers.cpp:64
ndn::security::InterestValidationFailureCallback
std::function< void(const Interest &, const ValidationError &)> InterestValidationFailureCallback
Callback to report a failed Interest validation.
Definition: validation-callback.hpp:49
ndn::security::DataValidationSuccessCallback
std::function< void(const Data &)> DataValidationSuccessCallback
Callback to report a successful Data validation.
Definition: validation-callback.hpp:34
ndn::security::DataValidationFailureCallback
std::function< void(const Data &, const ValidationError &)> DataValidationFailureCallback
Callback to report a failed Data validation.
Definition: validation-callback.hpp:39
ndn
Definition: data.cpp:25
NDN_LOG_DEBUG_DEPTH
#define NDN_LOG_DEBUG_DEPTH(x)
Definition: validation-state.cpp:31
NDN_LOG_TRACE_DEPTH
#define NDN_LOG_TRACE_DEPTH(x)
Definition: validation-state.cpp:32