24 #ifndef NDN_SECURITY_CONF_CHECKER_HPP
25 #define NDN_SECURITY_CONF_CHECKER_HPP
30 #include "../../util/io.hpp"
31 #include "../validator.hpp"
32 #include "../v1/identity-certificate.hpp"
34 #include <boost/algorithm/string.hpp>
35 #include <boost/filesystem.hpp>
36 #include <boost/lexical_cast.hpp>
46 typedef function<void(const shared_ptr<const Interest>&,
49 typedef function<void(const shared_ptr<const Data>&,
const std::string&)>
OnDataCheckFailed;
83 shared_ptr<KeyLocatorChecker> keyLocatorChecker)
85 , m_keyLocatorChecker(keyLocatorChecker)
90 if (!static_cast<bool>(m_keyLocatorChecker))
91 BOOST_THROW_EXCEPTION(
Error(
"Strong signature requires KeyLocatorChecker"));
97 BOOST_THROW_EXCEPTION(
Error(
"Unsupported signature type"));
114 return check(interest, signature);
127 template<
class Packet>
131 if (m_sigType != signature.
getType()) {
155 catch (
const KeyLocator::Error& e) {
159 catch (
const tlv::Error& e) {
164 std::string failInfo;
165 if (m_keyLocatorChecker->check(packet, signature.
getKeyLocator(), failInfo))
174 shared_ptr<KeyLocatorChecker> m_keyLocatorChecker;
184 "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$",
195 const std::vector<shared_ptr<v1::IdentityCertificate>>& signers)
198 for (std::vector<shared_ptr<v1::IdentityCertificate>>::const_iterator it = signers.begin();
199 it != signers.end(); it++)
200 m_signers[(*it)->getName().getPrefix(-1)] = (*it);
204 BOOST_THROW_EXCEPTION(
Error(
"FixedSigner is only meaningful for strong signature type"));
221 return check(interest, signature);
234 template<
class Packet>
238 if (m_sigType != signature.
getType()) {
267 if (m_signers.find(keyLocatorName) == m_signers.end()) {
273 m_signers[keyLocatorName]->getPublicKeyInfo())) {
281 catch (
const KeyLocator::Error& e) {
285 catch (
const tlv::Error& e) {
292 typedef std::map<Name, shared_ptr<v1::IdentityCertificate>> SignerList;
294 SignerList m_signers;
307 static shared_ptr<Checker>
310 ConfigSection::const_iterator propertyIt = configSection.begin();
313 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"type"))
314 BOOST_THROW_EXCEPTION(
Error(
"Expect <checker.type>"));
316 std::string type = propertyIt->second.data();
318 if (boost::iequals(type,
"customized"))
319 return createCustomizedChecker(configSection, configFilename);
320 else if (boost::iequals(type,
"hierarchical"))
321 return createHierarchicalChecker(configSection, configFilename);
322 else if (boost::iequals(type,
"fixed-signer"))
323 return createFixedSignerChecker(configSection, configFilename);
325 BOOST_THROW_EXCEPTION(
Error(
"Unsupported checker type: " + type));
329 static shared_ptr<Checker>
331 const std::string& configFilename)
333 ConfigSection::const_iterator propertyIt = configSection.begin();
337 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"sig-type"))
338 BOOST_THROW_EXCEPTION(
Error(
"Expect <checker.sig-type>"));
340 std::string sigType = propertyIt->second.data();
344 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"key-locator"))
345 BOOST_THROW_EXCEPTION(
Error(
"Expect <checker.key-locator>"));
347 shared_ptr<KeyLocatorChecker> keyLocatorChecker =
351 if (propertyIt != configSection.end())
352 BOOST_THROW_EXCEPTION(
Error(
"Expect the end of checker"));
354 return make_shared<CustomizedChecker>(getSigType(sigType), keyLocatorChecker);
357 static shared_ptr<Checker>
358 createHierarchicalChecker(
const ConfigSection& configSection,
359 const std::string& configFilename)
361 ConfigSection::const_iterator propertyIt = configSection.begin();
365 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"sig-type"))
366 BOOST_THROW_EXCEPTION(Error(
"Expect <checker.sig-type>"));
368 std::string sigType = propertyIt->second.data();
371 if (propertyIt != configSection.end())
372 BOOST_THROW_EXCEPTION(Error(
"Expect the end of checker"));
374 return make_shared<HierarchicalChecker>(getSigType(sigType));
377 static shared_ptr<Checker>
379 const std::string& configFilename)
381 ConfigSection::const_iterator propertyIt = configSection.begin();
385 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"sig-type"))
386 BOOST_THROW_EXCEPTION(Error(
"Expect <checker.sig-type>"));
388 std::string sigType = propertyIt->second.data();
391 std::vector<shared_ptr<v1::IdentityCertificate>> signers;
392 for (; propertyIt != configSection.end(); propertyIt++) {
393 if (!boost::iequals(propertyIt->first,
"signer"))
394 BOOST_THROW_EXCEPTION(Error(
"Expect <checker.signer> but get <checker." +
395 propertyIt->first +
">"));
397 signers.push_back(getSigner(propertyIt->second, configFilename));
400 if (propertyIt != configSection.end())
401 BOOST_THROW_EXCEPTION(Error(
"Expect the end of checker"));
403 return shared_ptr<FixedSignerChecker>(
new FixedSignerChecker(getSigType(sigType),
407 static shared_ptr<v1::IdentityCertificate>
408 getSigner(
const ConfigSection& configSection,
const std::string& configFilename)
410 using namespace boost::filesystem;
412 ConfigSection::const_iterator propertyIt = configSection.begin();
415 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"type"))
416 BOOST_THROW_EXCEPTION(Error(
"Expect <checker.signer.type>"));
418 std::string type = propertyIt->second.data();
421 if (boost::iequals(type,
"file")) {
423 if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,
"file-name"))
424 BOOST_THROW_EXCEPTION(Error(
"Expect <checker.signer.file-name>"));
426 path certfilePath = absolute(propertyIt->second.data(),
427 path(configFilename).parent_path());
430 if (propertyIt != configSection.end())
431 BOOST_THROW_EXCEPTION(Error(
"Expect the end of checker.signer"));
433 shared_ptr<v1::IdentityCertificate> idCert
434 = io::load<v1::IdentityCertificate>(certfilePath.c_str());
436 if (static_cast<bool>(idCert))
439 BOOST_THROW_EXCEPTION(Error(
"Cannot read certificate from file: " +
440 certfilePath.native()));
442 else if (boost::iequals(type,
"base64")) {
444 if (propertyIt == configSection.end() ||
445 !boost::iequals(propertyIt->first,
"base64-string"))
446 BOOST_THROW_EXCEPTION(Error(
"Expect <checker.signer.base64-string>"));
448 std::stringstream ss(propertyIt->second.data());
451 if (propertyIt != configSection.end())
452 BOOST_THROW_EXCEPTION(Error(
"Expect the end of checker.signer"));
454 shared_ptr<v1::IdentityCertificate> idCert = io::load<v1::IdentityCertificate>(ss);
456 if (static_cast<bool>(idCert))
459 BOOST_THROW_EXCEPTION(Error(
"Cannot decode certificate from string"));
462 BOOST_THROW_EXCEPTION(Error(
"Unsupported checker.signer type: " + type));
466 getSigType(
const std::string& sigType)
468 if (boost::iequals(sigType,
"rsa-sha256"))
470 else if (boost::iequals(sigType,
"ecdsa-sha256"))
472 else if (boost::iequals(sigType,
"sha256"))
475 BOOST_THROW_EXCEPTION(Error(
"Unsupported signature type"));
483 #endif // NDN_SECURITY_CONF_CHECKER_HPP
int8_t check(const Interest &interest) override
check if interest satisfies condition defined in the specific checker implementation ...
const Name & getName() const
Copyright (c) 2013-2016 Regents of the University of California.
function< void(const shared_ptr< const Interest > &, const std::string &)> OnInterestCheckFailed
HierarchicalChecker(uint32_t sigType)
bool hasKeyLocator() const
Check if SignatureInfo block has a KeyLocator.
const KeyLocator & getKeyLocator() const
Get KeyLocator.
represents an Interest packet
int8_t check(const Data &data) override
check if data satisfies condition defined in the specific checker implementation
KeyLocatorChecker is one of the classes used by ValidatorConfig.
function< void(const shared_ptr< const Interest > &)> OnInterestChecked
virtual int8_t check(const Data &data)=0
check if data satisfies condition defined in the specific checker implementation
static shared_ptr< KeyLocatorChecker > create(const ConfigSection &configSection, const std::string &filename)
uint32_t getType() const
Get signature type.
const Name & getName() const
get Name element
Name abstraction to represent an absolute name.
const ssize_t POS_SIG_VALUE
int8_t check(const Interest &interest) override
check if interest satisfies condition defined in the specific checker implementation ...
CustomizedChecker(uint32_t sigType, shared_ptr< KeyLocatorChecker > keyLocatorChecker)
FixedSignerChecker(uint32_t sigType, const std::vector< shared_ptr< v1::IdentityCertificate >> &signers)
const Signature & getSignature() const
boost::property_tree::ptree ConfigSection
const ssize_t POS_SIG_INFO
int8_t check(const Data &data) override
check if data satisfies condition defined in the specific checker implementation
function< void(const shared_ptr< const Data > &)> OnDataChecked
static bool verifySignature(const Data &data, const v1::PublicKey &publicKey)
Verify the data using the publicKey.
static shared_ptr< Checker > create(const ConfigSection &configSection, const std::string &configFilename)
create a checker from configuration file.
function< void(const shared_ptr< const Data > &, const std::string &)> OnDataCheckFailed
represents an error in TLV encoding or decoding
A Signature is storage for the signature-related information (info and value) in a Data packet...