master/doxygen/validation-policy-simple-hierarchy_8cpp_source.html

/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */

/*

 * Copyright (c) 2013-2023 Regents of the University of California.

 *

 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).

 *

 * ndn-cxx library is free software: you can redistribute it and/or modify it under the

 * terms of the GNU Lesser General Public License as published by the Free Software

 * Foundation, either version 3 of the License, or (at your option) any later version.

 *

 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY

 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A

 * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.

 *

 * You should have received copies of the GNU General Public License and GNU Lesser

 * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see

 * <http://www.gnu.org/licenses/>.

 *

 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.

 */


#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"


namespace ndn::security {


void


ValidationPolicySimpleHierarchy::checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,

                                             const ValidationContinuation& continueValidation)

{

  Name klName = getKeyLocatorName(data.getSignatureInfo(), *state);

  if (!state->getOutcome()) { // already failed

    return;

  }


  Name identity;

  try {

    identity = extractIdentityNameFromKeyLocator(klName);

  }

  catch (const KeyLocator::Error& e) {

    state->fail({ValidationError::INVALID_KEY_LOCATOR, e.what()});

    return;

  }


  if (!identity.isPrefixOf(data.getName())) {

    state->fail({ValidationError::POLICY_ERROR,

                 "Data " + data.getName().toUri() + " signed by " + klName.toUri()});

    return;

  }


  continueValidation(make_shared<CertificateRequest>(klName), state);

}


void


ValidationPolicySimpleHierarchy::checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,

                                             const ValidationContinuation& continueValidation)

{

  auto sigInfo = getSignatureInfo(interest, *state);

  if (!state->getOutcome()) { // already failed

    return;

  }

  Name klName = getKeyLocatorName(sigInfo, *state);

  if (!state->getOutcome()) { // already failed

    return;

  }


  Name identity;

  try {

    identity = extractIdentityNameFromKeyLocator(klName);

  }

  catch (const KeyLocator::Error& e) {

    state->fail({ValidationError::INVALID_KEY_LOCATOR, e.what()});

    return;

  }


  if (!identity.isPrefixOf(interest.getName())) {

    state->fail({ValidationError::POLICY_ERROR,

                 "Interest " + interest.getName().toUri() + " signed by " + klName.toUri()});

    return;

  }


  continueValidation(make_shared<CertificateRequest>(klName), state);

}


} // namespace ndn::security

ndn::Data
Represents a Data packet.
Definition data.hpp:39

ndn::Data::getName
const Name & getName() const noexcept
Get the Data name.
Definition data.hpp:137

ndn::Data::getSignatureInfo
const SignatureInfo & getSignatureInfo() const noexcept
Get the SignatureInfo element.
Definition data.hpp:243

ndn::Interest
Represents an Interest packet.
Definition interest.hpp:50

ndn::Interest::getName
const Name & getName() const noexcept
Get the Interest name.
Definition interest.hpp:179

ndn::KeyLocator::Error
Definition key-locator.hpp:35

ndn::Name
Represents an absolute name.
Definition name.hpp:45

ndn::Name::toUri
void toUri(std::ostream &os, name::UriFormat format=name::UriFormat::DEFAULT) const
Write URI representation of the name to the output stream.
Definition name.cpp:324

ndn::Name::isPrefixOf
bool isPrefixOf(const Name &other) const noexcept
Check if this name is a prefix of another name.
Definition name.cpp:275

ndn::security::ValidationError::INVALID_KEY_LOCATOR
@ INVALID_KEY_LOCATOR
The KeyLocator element is missing or has an invalid format.
Definition validation-error.hpp:60

ndn::security::ValidationError::POLICY_ERROR
@ POLICY_ERROR
The packet violates the validation rules enforced by the policy.
Definition validation-error.hpp:62

ndn::security::ValidationPolicySimpleHierarchy::checkPolicy
void checkPolicy(const Data &data, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation) override
Check data against the policy.
Definition validation-policy-simple-hierarchy.cpp:27

ndn::security::ValidationPolicy::ValidationContinuation
std::function< void(const shared_ptr< CertificateRequest > &certRequest, const shared_ptr< ValidationState > &state)> ValidationContinuation
Definition validation-policy.hpp:39

ndn::security
Contains the ndn-cxx security framework.
Definition additional-description.cpp:26

ndn::security::extractIdentityNameFromKeyLocator
Name extractIdentityNameFromKeyLocator(const Name &keyLocator)
Extract identity name from key, version-less certificate, or certificate name.
Definition validation-policy.cpp:112

ndn::security::getSignatureInfo
SignatureInfo getSignatureInfo(const Interest &interest, ValidationState &state)
Extract SignatureInfo from a signed Interest.
Definition validation-policy.cpp:83

ndn::security::getKeyLocatorName
Name getKeyLocatorName(const SignatureInfo &si, ValidationState &state)
Extract the KeyLocator name from a SignatureInfo element.
Definition validation-policy.cpp:62

validation-policy-simple-hierarchy.hpp