validation-policy-simple-hierarchy.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
22 #include "validation-policy-simple-hierarchy.hpp"
23 
24 namespace ndn {
25 namespace security {
26 namespace v2 {
27 
28 void
29 ValidationPolicySimpleHierarchy::checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
30  const ValidationContinuation& continueValidation)
31 {
32  if (!data.getSignature().hasKeyLocator()) {
33  return state->fail({ValidationError::Code::INVALID_KEY_LOCATOR, "Required key locator is missing"});
34  }
35  const KeyLocator& locator = data.getSignature().getKeyLocator();
36  if (locator.getType() != KeyLocator::KeyLocator_Name) {
37  return state->fail({ValidationError::Code::INVALID_KEY_LOCATOR, "Key locator not Name"});
38  }
39  if (locator.getName().getPrefix(-2).isPrefixOf(data.getName())) {
40  continueValidation(make_shared<CertificateRequest>(Interest(locator.getName())), state);
41  }
42  else {
43  state->fail({ValidationError::Code::INVALID_KEY_LOCATOR, "Data signing policy violation for " +
44  data.getName().toUri() + " by " + locator.getName().toUri()});
45  }
46 }
47 
48 void
49 ValidationPolicySimpleHierarchy::checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
50  const ValidationContinuation& continueValidation)
51 {
52  SignatureInfo info;
53  try {
54  info.wireDecode(interest.getName().at(signed_interest::POS_SIG_INFO).blockFromValue());
55  }
56  catch (const tlv::Error& e) {
57  return state->fail({ValidationError::Code::INVALID_KEY_LOCATOR, "Invalid signed interest (" +
58  std::string(e.what()) + ")"});
59  }
60  if (!info.hasKeyLocator()) {
61  return state->fail({ValidationError::Code::INVALID_KEY_LOCATOR, "Required key locator is missing"});
62  }
63  const KeyLocator& locator = info.getKeyLocator();
64  if (locator.getType() != KeyLocator::KeyLocator_Name) {
65  return state->fail({ValidationError::Code::INVALID_KEY_LOCATOR, "Key locator not Name"});
66  }
67  if (locator.getName().getPrefix(-2).isPrefixOf(interest.getName())) {
68  continueValidation(make_shared<CertificateRequest>(Interest(locator.getName())), state);
69  }
70  else {
71  state->fail({ValidationError::Code::INVALID_KEY_LOCATOR, "Interest signing policy violation for " +
72  interest.getName().toUri() + " by " + locator.getName().toUri()});
73  }
74 }
75 
76 } // namespace v2
77 } // namespace security
78 } // namespace ndn
ndn::Interest::getName
const Name & getName() const
Definition: interest.hpp:226
ndn
Copyright (c) 2013-2016 Regents of the University of California.
Definition: common.hpp:74
ndn::Signature::hasKeyLocator
bool hasKeyLocator() const
Check if SignatureInfo block has a KeyLocator.
Definition: signature.hpp:132
ndn::Signature::getKeyLocator
const KeyLocator & getKeyLocator() const
Get KeyLocator.
Definition: signature.hpp:143
ndn::Interest
represents an Interest packet
Definition: interest.hpp:42
ndn::KeyLocator::KeyLocator_Name
indicates KeyLocator contains a Name
Definition: key-locator.hpp:49
ndn::SignatureInfo::getKeyLocator
const KeyLocator & getKeyLocator() const
Get KeyLocator.
Definition: signature-info.cpp:85
ndn::Data::getName
const Name & getName() const
Get name of the Data packet.
Definition: data.hpp:318
ndn::Name::toUri
std::string toUri() const
Encode this name as a URI.
Definition: name.cpp:171
ndn::KeyLocator::getName
const Name & getName() const
get Name element
Definition: key-locator.cpp:139
ndn::security::v2::ValidationPolicySimpleHierarchy::checkPolicy
void checkPolicy(const Data &data, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation) override
Check data against the policy.
Definition: validation-policy-simple-hierarchy.cpp:29
ndn::security::v2::ValidationPolicy::ValidationContinuation
std::function< void(const shared_ptr< CertificateRequest > &certRequest, const shared_ptr< ValidationState > &state)> ValidationContinuation
Definition: validation-policy.hpp:41
ndn::Block::blockFromValue
Block blockFromValue() const
Definition: block.cpp:437
ndn::KeyLocator::getType
Type getType() const
Definition: key-locator.hpp:101
ndn::Data::getSignature
const Signature & getSignature() const
Definition: data.hpp:348
ndn::SignatureInfo::wireDecode
void wireDecode(const Block &wire)
Decode from a wire format.
Definition: signature-info.cpp:185
ndn::signed_interest::POS_SIG_INFO
const ssize_t POS_SIG_INFO
Definition: security-common.hpp:34
ndn::SignatureInfo::hasKeyLocator
bool hasKeyLocator() const
Check if KeyLocator is set.
Definition: signature-info.hpp:73
ndn::Name::isPrefixOf
bool isPrefixOf(const Name &name) const
Check if the N components of this name are the same as the first N components of the given name...
Definition: name.cpp:308
ndn::Name::getPrefix
PartialName getPrefix(ssize_t nComponents) const
Extract a prefix (PartialName) of the name, containing first nComponents components.
Definition: name.hpp:241
ndn::Data
represents a Data packet
Definition: data.hpp:37
ndn::Name::at
const Component & at(ssize_t i) const
Get component at the specified index.
Definition: name.hpp:434
ndn::tlv::Error
represents an error in TLV encoding or decoding
Definition: encoding/tlv.hpp:50