validator.hpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
22 #ifndef NDN_SECURITY_VALIDATOR_HPP
23 #define NDN_SECURITY_VALIDATOR_HPP
24 
25 #include "../face.hpp"
26 #include "signature-sha256-with-rsa.hpp"
27 #include "signature-sha256-with-ecdsa.hpp"
28 #include "digest-sha256.hpp"
29 #include "validation-request.hpp"
30 #include "v1/public-key.hpp"
31 #include "v1/identity-certificate.hpp"
32 
33 namespace ndn {
34 namespace security {
35 
39 class Validator
40 {
41 public:
42  class Error : public std::runtime_error
43  {
44  public:
45  explicit
46  Error(const std::string& what)
47  : std::runtime_error(what)
48  {
49  }
50  };
51 
60  explicit
61  Validator(Face* face = nullptr);
62 
64  explicit
65  Validator(Face& face);
66 
67  virtual
68  ~Validator();
69 
77  void
78  validate(const Data& data,
79  const OnDataValidated& onValidated,
80  const OnDataValidationFailed& onValidationFailed)
81  {
82  validate(data, onValidated, onValidationFailed, 0);
83  }
84 
92  void
93  validate(const Interest& interest,
94  const OnInterestValidated& onValidated,
95  const OnInterestValidationFailed& onValidationFailed)
96  {
97  validate(interest, onValidated, onValidationFailed, 0);
98  }
99 
118  void
119  setDirectCertFetchEnabled(bool isEnabled);
120 
121  /*****************************************
122  * verifySignature method set *
123  *****************************************/
124 
126  static bool
127  verifySignature(const Data& data, const v1::PublicKey& publicKey);
128 
134  static bool
135  verifySignature(const Interest& interest, const v1::PublicKey& publicKey);
136 
138  static bool
139  verifySignature(const Buffer& blob, const Signature& sig, const v1::PublicKey& publicKey)
140  {
141  return verifySignature(blob.buf(), blob.size(), sig, publicKey);
142  }
143 
145  static bool
146  verifySignature(const Data& data,
147  const Signature& sig,
148  const v1::PublicKey& publicKey)
149  {
150  return verifySignature(data.wireEncode().value(),
151  data.wireEncode().value_size() - data.getSignature().getValue().size(),
152  sig, publicKey);
153  }
154 
159  static bool
160  verifySignature(const Interest& interest,
161  const Signature& sig,
162  const v1::PublicKey& publicKey)
163  {
164  if (interest.getName().size() < 2)
165  return false;
166 
167  const Name& name = interest.getName();
168 
169  return verifySignature(name.wireEncode().value(),
170  name.wireEncode().value_size() - name[-1].size(),
171  sig, publicKey);
172  }
173 
175  static bool
176  verifySignature(const uint8_t* buf,
177  const size_t size,
178  const Signature& sig,
179  const v1::PublicKey& publicKey);
180 
181 
183  static bool
184  verifySignature(const Data& data, const DigestSha256& sig)
185  {
186  return verifySignature(data.wireEncode().value(),
187  data.wireEncode().value_size() -
188  data.getSignature().getValue().size(),
189  sig);
190  }
191 
196  static bool
197  verifySignature(const Interest& interest, const DigestSha256& sig)
198  {
199  if (interest.getName().size() < 2)
200  return false;
201 
202  const Name& name = interest.getName();
203 
204  return verifySignature(name.wireEncode().value(),
205  name.wireEncode().value_size() - name[-1].size(),
206  sig);
207  }
208 
210  static bool
211  verifySignature(const Buffer& blob, const DigestSha256& sig)
212  {
213  return verifySignature (blob.buf(), blob.size(), sig);
214  }
215 
217  static bool
218  verifySignature(const uint8_t* buf, const size_t size, const DigestSha256& sig);
219 
220 protected:
233  virtual void
234  checkPolicy(const Data& data,
235  int nSteps,
236  const OnDataValidated& onValidated,
237  const OnDataValidationFailed& onValidationFailed,
238  std::vector<shared_ptr<ValidationRequest>>& nextSteps) = 0;
239 
253  virtual void
254  checkPolicy(const Interest& interest,
255  int nSteps,
256  const OnInterestValidated& onValidated,
257  const OnInterestValidationFailed& onValidationFailed,
258  std::vector<shared_ptr<ValidationRequest>>& nextSteps) = 0;
259 
260  typedef function<void(const std::string&)> OnFailure;
261 
263  void
264  onData(const Interest& interest,
265  const Data& data,
266  const shared_ptr<ValidationRequest>& nextStep);
267 
268  void
269  validate(const Data& data,
270  const OnDataValidated& onValidated,
271  const OnDataValidationFailed& onValidationFailed,
272  int nSteps);
273 
274  void
275  validate(const Interest& interest,
276  const OnInterestValidated& onValidated,
277  const OnInterestValidationFailed& onValidationFailed,
278  int nSteps);
279 
281 
295  virtual shared_ptr<const Data>
296  preCertificateValidation(const Data& data)
297  {
298  return data.shared_from_this();
299  }
300 
312  virtual void
313  onNack(const Interest& interest,
314  const lp::Nack& nack,
315  int nRemainingRetries,
316  const OnFailure& onFailure,
317  const shared_ptr<ValidationRequest>& validationRequest);
318 
329  virtual void
330  onTimeout(const Interest& interest,
331  int nRemainingRetries,
332  const OnFailure& onFailure,
333  const shared_ptr<ValidationRequest>& validationRequest);
334 
344  virtual void
345  afterCheckPolicy(const std::vector<shared_ptr<ValidationRequest>>& nextSteps,
346  const OnFailure& onFailure);
347 
348 protected:
349  Face* m_face;
350  bool m_wantDirectCertFetch;
351 };
352 
353 } // namespace security
354 
355 using security::Validator;
356 
357 } // namespace ndn
358 
359 #endif // NDN_SECURITY_VALIDATOR_HPP
ndn::security::OnInterestValidationFailed
function< void(const shared_ptr< const Interest > &, const std::string &)> OnInterestValidationFailed
Callback to report a failed Interest validation.
Definition: validation-request.hpp:35
ndn::security::Validator::validate
void validate(const Data &data, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed)
Validate Data and call either onValidated or onValidationFailed.
Definition: validator.hpp:78
ndn::Interest::getName
const Name & getName() const
Definition: interest.hpp:226
ndn
Copyright (c) 2013-2016 Regents of the University of California.
Definition: common.hpp:74
ndn::security::v2::Validator
ndn security v2 Validator
Definition: v2/validator.cpp:32
ndn::security::Validator::validate
void validate(const Interest &interest, const OnInterestValidated &onValidated, const OnInterestValidationFailed &onValidationFailed)
Validate Interest and call either onValidated or onValidationFailed.
Definition: validator.hpp:93
ndn::security::Validator::preCertificateValidation
virtual shared_ptr< const Data > preCertificateValidation(const Data &data)
Hooks.
Definition: validator.hpp:296
ndn::security::Validator::Error::Error
Error(const std::string &what)
Definition: validator.hpp:46
ndn::security::Validator::checkPolicy
virtual void checkPolicy(const Data &data, int nSteps, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed, std::vector< shared_ptr< ValidationRequest >> &nextSteps)=0
Check the Data against policy and return the next validation step if necessary.
ndn::DigestSha256
Represent a SHA256 digest.
Definition: digest-sha256.hpp:33
ndn::security::Validator::afterCheckPolicy
virtual void afterCheckPolicy(const std::vector< shared_ptr< ValidationRequest >> &nextSteps, const OnFailure &onFailure)
trigger after checkPolicy is done.
Definition: validator.cpp:304
std
STL namespace.
ndn::Name::wireEncode
size_t wireEncode(EncodingImpl< TAG > &encoder) const
Fast encoding or block size estimation.
Definition: name.cpp:122
ndn::Interest
represents an Interest packet
Definition: interest.hpp:42
ndn::Signature::getValue
const Block & getValue() const
Get SignatureValue in the wire format.
Definition: signature.hpp:105
ndn::security::OnDataValidationFailed
function< void(const shared_ptr< const Data > &, const std::string &)> OnDataValidationFailed
Callback to report a failed Data validation.
Definition: validation-request.hpp:42
ndn::security::Validator::verifySignature
static bool verifySignature(const Interest &interest, const Signature &sig, const v1::PublicKey &publicKey)
Verify the interest using the publicKey against the SHA256-RSA signature.
Definition: validator.hpp:160
ndn::security::OnDataValidated
function< void(const shared_ptr< const Data > &)> OnDataValidated
Callback to report a successful Data validation.
Definition: validation-request.hpp:38
ndn::lp::Nack
represents a Network Nack
Definition: nack.hpp:40
ndn::security::OnInterestValidated
function< void(const shared_ptr< const Interest > &)> OnInterestValidated
Callback to report a successful Interest validation.
Definition: validation-request.hpp:31
ndn::Block::size
size_t size() const
Definition: block.cpp:504
ndn::Data::wireEncode
size_t wireEncode(EncodingImpl< TAG > &encoder, bool wantUnsignedPortionOnly=false) const
Fast encoding or block size estimation.
Definition: data.cpp:52
ndn::security::Validator::Validator
Validator(Face *face=nullptr)
Validator constructor.
Definition: validator.cpp:34
ndn::security::Validator::verifySignature
static bool verifySignature(const Buffer &blob, const Signature &sig, const v1::PublicKey &publicKey)
Verify the blob using the publicKey against the signature.
Definition: validator.hpp:139
ndn::Buffer::buf
uint8_t * buf()
Definition: buffer.hpp:87
ndn::security::Validator
provides the interfaces for packet validation.
Definition: validator.hpp:39
ndn::Face
Provide a communication channel with local or remote NDN forwarder.
Definition: face.hpp:121
ndn::Name::size
size_t size() const
Get the number of components.
Definition: name.hpp:400
ndn::Name
Name abstraction to represent an absolute name.
Definition: name.hpp:46
ndn::security::Validator::OnFailure
function< void(const std::string &)> OnFailure
Definition: validator.hpp:260
ndn::security::Validator::onData
void onData(const Interest &interest, const Data &data, const shared_ptr< ValidationRequest > &nextStep)
Process the received certificate.
Definition: validator.cpp:88
ndn::Data::getSignature
const Signature & getSignature() const
Definition: data.hpp:348
ndn::security::Validator::verifySignature
static bool verifySignature(const Buffer &blob, const DigestSha256 &sig)
Verify the blob against the SHA256 signature.
Definition: validator.hpp:211
ndn::security::Validator::verifySignature
static bool verifySignature(const Data &data, const Signature &sig, const v1::PublicKey &publicKey)
Verify the data using the publicKey against the SHA256-RSA signature.
Definition: validator.hpp:146
ndn::security::Validator::verifySignature
static bool verifySignature(const Data &data, const DigestSha256 &sig)
Verify the data against the SHA256 signature.
Definition: validator.hpp:184
ndn::security::Validator::verifySignature
static bool verifySignature(const Interest &interest, const DigestSha256 &sig)
Verify the interest against the SHA256 signature.
Definition: validator.hpp:197
ndn::security::Validator::onNack
virtual void onNack(const Interest &interest, const lp::Nack &nack, int nRemainingRetries, const OnFailure &onFailure, const shared_ptr< ValidationRequest > &validationRequest)
trigger when interest retrieves a Nack.
Definition: validator.cpp:257
ndn::security::Validator::verifySignature
static bool verifySignature(const Data &data, const v1::PublicKey &publicKey)
Verify the data using the publicKey.
Definition: validator.cpp:104
ndn::security::Validator::setDirectCertFetchEnabled
void setDirectCertFetchEnabled(bool isEnabled)
Enable or disable the direct certificate fetch feature.
Definition: validator.cpp:331
ndn::Data
represents a Data packet
Definition: data.hpp:37
ndn::Buffer
Class representing a general-use automatically managed/resized buffer.
Definition: buffer.hpp:44
ndn::Signature
A Signature is storage for the signature-related information (info and value) in a Data packet...
Definition: signature.hpp:33
ndn::security::Validator::onTimeout
virtual void onTimeout(const Interest &interest, int nRemainingRetries, const OnFailure &onFailure, const shared_ptr< ValidationRequest > &validationRequest)
trigger when interest for certificate times out.
Definition: validator.cpp:281