validation-state.hpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2023 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
22 #ifndef NDN_CXX_SECURITY_VALIDATION_STATE_HPP
23 #define NDN_CXX_SECURITY_VALIDATION_STATE_HPP
24 
25 #include "ndn-cxx/detail/tag-host.hpp"
26 #include "ndn-cxx/security/certificate.hpp"
27 #include "ndn-cxx/security/signing-info.hpp"
28 #include "ndn-cxx/security/validation-callback.hpp"
29 #include "ndn-cxx/util/signal/signal.hpp"
30 
31 #include <list>
32 #include <unordered_set>
33 #include <boost/logic/tribool.hpp>
34 
35 namespace ndn::security {
36 
37 class Validator;
38 
57 class ValidationState : public TagHost, noncopyable
58 {
59 public:
60  virtual
61  ~ValidationState();
62 
63  boost::logic::tribool
64  getOutcome() const noexcept
65  {
66  return m_outcome;
67  }
68 
72  virtual void
73  fail(const ValidationError& error) = 0;
74 
78  size_t
79  getDepth() const noexcept
80  {
81  return m_certificateChain.size();
82  }
83 
87  bool
88  hasSeenCertificateName(const Name& certName);
89 
100  void
101  addCertificate(const Certificate& cert);
102 
103 private: // Interface intended to be used only by Validator class
111  virtual void
112  verifyOriginalPacket(const std::optional<Certificate>& trustedCert) = 0;
113 
117  virtual void
118  bypassValidation() = 0;
119 
134  const Certificate*
135  verifyCertificateChain(const Certificate& trustedCert);
136 
137 protected:
138  boost::logic::tribool m_outcome{boost::logic::indeterminate};
139 
140 private:
141  std::unordered_set<Name> m_seenCertificateNames;
142 
149  std::list<Certificate> m_certificateChain;
150 
151  friend Validator;
152 };
153 
157 class DataValidationState final : public ValidationState
158 {
159 public:
166  DataValidationState(const Data& data,
167  const DataValidationSuccessCallback& successCb,
168  const DataValidationFailureCallback& failureCb);
169 
176  ~DataValidationState() final;
177 
178  void
179  fail(const ValidationError& error) final;
180 
184  const Data&
185  getOriginalData() const
186  {
187  return m_data;
188  }
189 
190 private:
191  void
192  verifyOriginalPacket(const std::optional<Certificate>& trustedCert) final;
193 
194  void
195  bypassValidation() final;
196 
197 private:
198  Data m_data;
199  DataValidationSuccessCallback m_successCb;
200  DataValidationFailureCallback m_failureCb;
201 };
202 
206 class InterestValidationState final : public ValidationState
207 {
208 public:
215  InterestValidationState(const Interest& interest,
216  const InterestValidationSuccessCallback& successCb,
217  const InterestValidationFailureCallback& failureCb);
218 
225  ~InterestValidationState() final;
226 
227  void
228  fail(const ValidationError& error) final;
229 
233  const Interest&
234  getOriginalInterest() const
235  {
236  return m_interest;
237  }
238 
239 public:
240  signal::Signal<InterestValidationState, Interest> afterSuccess;
241 
242 private:
243  void
244  verifyOriginalPacket(const std::optional<Certificate>& trustedCert) final;
245 
246  void
247  bypassValidation() final;
248 
249 private:
250  Interest m_interest;
251  InterestValidationSuccessCallback m_successCb;
252  InterestValidationFailureCallback m_failureCb;
253 };
254 
255 using SignedInterestFormatTag = SimpleTag<SignedInterestFormat, 1002>;
256 
257 } // namespace ndn::security
258 
259 #endif // NDN_CXX_SECURITY_VALIDATION_STATE_HPP
ndn::Data
Represents a Data packet.
Definition: data.hpp:39
ndn::Interest
Represents an Interest packet.
Definition: interest.hpp:50
ndn::Name
Represents an absolute name.
Definition: name.hpp:45
ndn::SimpleTag
Provides a tag type for simple types.
Definition: tag.hpp:56
ndn::TagHost
Base class to store tag information, e.g., inside Interest and Data packets.
Definition: tag-host.hpp:37
ndn::security::Certificate
Represents an NDN certificate.
Definition: certificate.hpp:58
ndn::security::DataValidationState
Validation state for a data packet.
Definition: validation-state.hpp:158
ndn::security::DataValidationState::DataValidationState
DataValidationState(const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb)
Create validation state for data.
Definition: validation-state.cpp:73
ndn::security::DataValidationState::fail
void fail(const ValidationError &error) final
Call the failure callback.
Definition: validation-state.cpp:116
ndn::security::InterestValidationState
Validation state for an interest packet.
Definition: validation-state.hpp:207
ndn::security::InterestValidationState::getOriginalInterest
const Interest & getOriginalInterest() const
Definition: validation-state.hpp:234
ndn::security::InterestValidationState::afterSuccess
signal::Signal< InterestValidationState, Interest > afterSuccess
Definition: validation-state.hpp:240
ndn::security::ValidationError
Validation error code and optional detailed error message.
Definition: validation-error.hpp:35
ndn::security::ValidationState::getDepth
size_t getDepth() const noexcept
Definition: validation-state.hpp:79
ndn::security::ValidationState::getOutcome
boost::logic::tribool getOutcome() const noexcept
Definition: validation-state.hpp:64
ndn::security::ValidationState::hasSeenCertificateName
bool hasSeenCertificateName(const Name &certName)
Check if certName has been previously seen and record the supplied name.
Definition: validation-state.cpp:41
ndn::security::ValidationState::fail
virtual void fail(const ValidationError &error)=0
Call the failure callback.
ndn::security::ValidationState::addCertificate
void addCertificate(const Certificate &cert)
Add cert to the top of the certificate chain.
Definition: validation-state.cpp:47
ndn::security::Validator
Interface for validating data and interest packets.
Definition: validator.hpp:61
ndn::signal::Signal
Provides a lightweight signal / event system.
Definition: signal.hpp:51
ndn::security
Contains the ndn-cxx security framework.
Definition: additional-description.cpp:26
ndn::security::InterestValidationSuccessCallback
std::function< void(const Interest &)> InterestValidationSuccessCallback
Callback to report a successful Interest validation.
Definition: validation-callback.hpp:44
ndn::security::InterestValidationFailureCallback
std::function< void(const Interest &, const ValidationError &)> InterestValidationFailureCallback
Callback to report a failed Interest validation.
Definition: validation-callback.hpp:49
ndn::security::DataValidationSuccessCallback
std::function< void(const Data &)> DataValidationSuccessCallback
Callback to report a successful Data validation.
Definition: validation-callback.hpp:34
ndn::security::DataValidationFailureCallback
std::function< void(const Data &, const ValidationError &)> DataValidationFailureCallback
Callback to report a failed Data validation.
Definition: validation-callback.hpp:39