ndn-cxx: NDN C++ Library 0.9.0-33-g832ea91d
Loading...
Searching...
No Matches
validation-state.cpp
Go to the documentation of this file.
1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/*
3 * Copyright (c) 2013-2023 Regents of the University of California.
4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#include "ndn-cxx/security/validation-state.hpp"
23#include "ndn-cxx/security/validator.hpp"
24#include "ndn-cxx/security/verification-helpers.hpp"
25#include "ndn-cxx/util/logger.hpp"
26
27namespace ndn::security {
28
29NDN_LOG_INIT(ndn.security.ValidationState);
30
31#define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(this->getDepth() + 1, '>') << " " << x)
32#define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(this->getDepth() + 1, '>') << " " << x)
33
34ValidationState::~ValidationState()
35{
36 NDN_LOG_TRACE(__func__);
37 BOOST_ASSERT(!boost::logic::indeterminate(m_outcome));
38}
39
40bool
41ValidationState::hasSeenCertificateName(const Name& certName)
42{
43 return !m_seenCertificateNames.insert(certName).second;
44}
45
46void
47ValidationState::addCertificate(const Certificate& cert)
48{
49 m_certificateChain.push_front(cert);
50}
51
52const Certificate*
53ValidationState::verifyCertificateChain(const Certificate& trustedCert)
54{
55 const Certificate* validatedCert = &trustedCert;
56 for (auto it = m_certificateChain.begin(); it != m_certificateChain.end(); ++it) {
57 const auto& certToValidate = *it;
58
59 if (!verifySignature(certToValidate, *validatedCert)) {
60 this->fail({ValidationError::INVALID_SIGNATURE, "Certificate " + certToValidate.getName().toUri()});
61 m_certificateChain.erase(it, m_certificateChain.end());
62 return nullptr;
63 }
64
65 NDN_LOG_TRACE_DEPTH("OK signature for certificate `" << certToValidate.getName() << "`");
66 validatedCert = &certToValidate;
67 }
68 return validatedCert;
69}
70
72
73DataValidationState::DataValidationState(const Data& data,
74 const DataValidationSuccessCallback& successCb,
75 const DataValidationFailureCallback& failureCb)
76 : m_data(data)
77 , m_successCb(successCb)
78 , m_failureCb(failureCb)
79{
80 BOOST_ASSERT(m_successCb != nullptr);
81 BOOST_ASSERT(m_failureCb != nullptr);
82}
83
84DataValidationState::~DataValidationState()
85{
86 if (boost::logic::indeterminate(m_outcome)) {
87 this->fail({ValidationError::IMPLEMENTATION_ERROR,
88 "Validator/policy did not invoke success or failure callback"});
89 }
90}
91
92void
93DataValidationState::verifyOriginalPacket(const std::optional<Certificate>& trustedCert)
94{
95 if (verifySignature(m_data, trustedCert)) {
96 NDN_LOG_TRACE_DEPTH("OK signature for data `" << m_data.getName() << "`");
97 m_successCb(m_data);
98 BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
99 m_outcome = true;
100 }
101 else {
102 this->fail({ValidationError::INVALID_SIGNATURE, "Data " + m_data.getName().toUri()});
103 }
104}
105
106void
107DataValidationState::bypassValidation()
108{
109 NDN_LOG_TRACE_DEPTH("Signature verification bypassed for data `" << m_data.getName() << "`");
110 m_successCb(m_data);
111 BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
112 m_outcome = true;
113}
114
115void
116DataValidationState::fail(const ValidationError& error)
117{
118 NDN_LOG_DEBUG_DEPTH(error);
119 m_failureCb(m_data, error);
120 BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
121 m_outcome = false;
122}
123
125
126InterestValidationState::InterestValidationState(const Interest& interest,
127 const InterestValidationSuccessCallback& successCb,
128 const InterestValidationFailureCallback& failureCb)
129 : m_interest(interest)
130 , m_failureCb(failureCb)
131{
132 afterSuccess.connect(successCb);
133 BOOST_ASSERT(successCb != nullptr);
134 BOOST_ASSERT(m_failureCb != nullptr);
135}
136
137InterestValidationState::~InterestValidationState()
138{
139 if (boost::logic::indeterminate(m_outcome)) {
140 this->fail({ValidationError::IMPLEMENTATION_ERROR,
141 "Validator/policy did not invoke success or failure callback"});
142 }
143}
144
145void
146InterestValidationState::verifyOriginalPacket(const std::optional<Certificate>& trustedCert)
147{
148 if (verifySignature(m_interest, trustedCert)) {
149 NDN_LOG_TRACE_DEPTH("OK signature for interest `" << m_interest.getName() << "`");
150 this->afterSuccess(m_interest);
151 BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
152 m_outcome = true;
153 }
154 else {
155 this->fail({ValidationError::INVALID_SIGNATURE, "Interest " + m_interest.getName().toUri()});
156 }
157}
158
159void
160InterestValidationState::bypassValidation()
161{
162 NDN_LOG_TRACE_DEPTH("Signature verification bypassed for interest `" << m_interest.getName() << "`");
163 this->afterSuccess(m_interest);
164 BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
165 m_outcome = true;
166}
167
168void
169InterestValidationState::fail(const ValidationError& error)
170{
171 NDN_LOG_DEBUG_DEPTH(error);
172 m_failureCb(m_interest, error);
173 BOOST_ASSERT(boost::logic::indeterminate(m_outcome));
174 m_outcome = false;
175}
176
177} // namespace ndn::security
NDN_LOG_DEBUG_DEPTH
#define NDN_LOG_DEBUG_DEPTH(x)
Definition certificate-bundle-fetcher.cpp:30
NDN_LOG_TRACE_DEPTH
#define NDN_LOG_TRACE_DEPTH(x)
Definition certificate-fetcher-from-network.cpp:34
ndn::Data
Represents a Data packet.
Definition data.hpp:39
ndn::Data::getName
const Name & getName() const noexcept
Get the Data name.
Definition data.hpp:137
ndn::Interest
Represents an Interest packet.
Definition interest.hpp:50
ndn::Interest::getName
const Name & getName() const noexcept
Get the Interest name.
Definition interest.hpp:179
ndn::Name
Represents an absolute name.
Definition name.hpp:45
ndn::security::Certificate
Represents an NDN certificate.
Definition certificate.hpp:58
ndn::security::DataValidationState::DataValidationState
DataValidationState(const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb)
Create validation state for data.
Definition validation-state.cpp:73
ndn::security::DataValidationState::fail
void fail(const ValidationError &error) final
Call the failure callback.
Definition validation-state.cpp:116
ndn::security::InterestValidationState::fail
void fail(const ValidationError &error) final
Call the failure callback.
Definition validation-state.cpp:169
ndn::security::InterestValidationState::afterSuccess
signal::Signal< InterestValidationState, Interest > afterSuccess
Definition validation-state.hpp:240
ndn::security::InterestValidationState::InterestValidationState
InterestValidationState(const Interest &interest, const InterestValidationSuccessCallback &successCb, const InterestValidationFailureCallback &failureCb)
Create validation state for interest.
Definition validation-state.cpp:126
ndn::security::ValidationError
Validation error code and optional detailed error message.
Definition validation-error.hpp:35
ndn::security::ValidationError::INVALID_SIGNATURE
@ INVALID_SIGNATURE
Signature verification failed.
Definition validation-error.hpp:46
ndn::security::ValidationError::IMPLEMENTATION_ERROR
@ IMPLEMENTATION_ERROR
Internal implementation error.
Definition validation-error.hpp:64
ndn::security::ValidationState::hasSeenCertificateName
bool hasSeenCertificateName(const Name &certName)
Check if certName has been previously seen and record the supplied name.
Definition validation-state.cpp:41
ndn::security::ValidationState::fail
virtual void fail(const ValidationError &error)=0
Call the failure callback.
ndn::security::ValidationState::addCertificate
void addCertificate(const Certificate &cert)
Add cert to the top of the certificate chain.
Definition validation-state.cpp:47
NDN_LOG_TRACE
#define NDN_LOG_TRACE(expression)
Log at TRACE level.
Definition logger.hpp:255
NDN_LOG_INIT
#define NDN_LOG_INIT(name)
Define a non-member log module.
Definition logger.hpp:169
ndn::security
Contains the ndn-cxx security framework.
Definition additional-description.cpp:26
ndn::security::InterestValidationSuccessCallback
std::function< void(const Interest &)> InterestValidationSuccessCallback
Callback to report a successful Interest validation.
Definition validation-callback.hpp:44
ndn::security::verifySignature
bool verifySignature(const InputBuffers &blobs, span< const uint8_t > sig, const transform::PublicKey &key)
Verify blobs using key against sig.
Definition verification-helpers.cpp:64
ndn::security::InterestValidationFailureCallback
std::function< void(const Interest &, const ValidationError &)> InterestValidationFailureCallback
Callback to report a failed Interest validation.
Definition validation-callback.hpp:49
ndn::security::DataValidationSuccessCallback
std::function< void(const Data &)> DataValidationSuccessCallback
Callback to report a successful Data validation.
Definition validation-callback.hpp:34
ndn::security::DataValidationFailureCallback
std::function< void(const Data &, const ValidationError &)> DataValidationFailureCallback
Callback to report a failed Data validation.
Definition validation-callback.hpp:39
ndn
Definition data.cpp:25