command-interest-validator.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
22 #include "command-interest-validator.hpp"
23 #include <boost/lexical_cast.hpp>
24 
25 namespace ndn {
26 namespace security {
27 
28 std::ostream&
29 operator<<(std::ostream& os, CommandInterestValidator::ErrorCode error)
30 {
31  switch (error) {
32  case CommandInterestValidator::ErrorCode::NONE:
33  return os << "OK";
34  case CommandInterestValidator::ErrorCode::NAME_TOO_SHORT:
35  return os << "command Interest name is too short";
36  case CommandInterestValidator::ErrorCode::BAD_TIMESTAMP:
37  return os << "cannot parse timestamp";
38  case CommandInterestValidator::ErrorCode::BAD_SIG_INFO:
39  return os << "cannot parse SignatureInfo";
40  case CommandInterestValidator::ErrorCode::MISSING_KEY_LOCATOR:
41  return os << "KeyLocator is missing";
42  case CommandInterestValidator::ErrorCode::BAD_KEY_LOCATOR_TYPE:
43  return os << "KeyLocator type is not Name";
44  case CommandInterestValidator::ErrorCode::BAD_CERT_NAME:
45  return os << "cannot parse certificate name";
46  case CommandInterestValidator::ErrorCode::TIMESTAMP_OUT_OF_GRACE:
47  return os << "timestamp is out of grace period";
48  case CommandInterestValidator::ErrorCode::TIMESTAMP_REORDER:
49  return os << "timestamp is less than or equal to last timestamp";
50  }
51  return os;
52 }
53 
54 static void
55 invokeReject(const OnInterestValidationFailed& reject, const Interest& interest,
56  CommandInterestValidator::ErrorCode error)
57 {
58  reject(interest.shared_from_this(), boost::lexical_cast<std::string>(error));
59 }
60 
61 CommandInterestValidator::CommandInterestValidator(unique_ptr<Validator> inner,
62  const Options& options)
63  : m_inner(std::move(inner))
64  , m_options(options)
65  , m_index(m_container.get<0>())
66  , m_queue(m_container.get<1>())
67 {
68  if (m_inner == nullptr) {
69  BOOST_THROW_EXCEPTION(std::invalid_argument("inner validator is nullptr"));
70  }
71 
72  m_options.gracePeriod = std::max(m_options.gracePeriod, time::nanoseconds::zero());
73 }
74 
75 void
76 CommandInterestValidator::checkPolicy(const Interest& interest, int nSteps,
77  const OnInterestValidated& accept,
78  const OnInterestValidationFailed& reject,
79  std::vector<shared_ptr<ValidationRequest>>& nextSteps)
80 {
81  BOOST_ASSERT(nSteps == 0);
82  this->cleanup();
83 
84  Name keyName;
85  uint64_t timestamp;
86  ErrorCode res = this->parseCommandInterest(interest, keyName, timestamp);
87  if (res != ErrorCode::NONE) {
88  return invokeReject(reject, interest, res);
89  }
90 
91  time::system_clock::TimePoint receiveTime = time::system_clock::now();
92 
93  m_inner->validate(interest,
94  [=] (const shared_ptr<const Interest>& interest) {
95  ErrorCode res = this->checkTimestamp(keyName, timestamp, receiveTime);
96  if (res != ErrorCode::NONE) {
97  return invokeReject(reject, *interest, res);
98  }
99  accept(interest);
100  }, reject);
101 }
102 
103 void
104 CommandInterestValidator::cleanup()
105 {
106  time::steady_clock::TimePoint expiring = time::steady_clock::now() - m_options.timestampTtl;
107 
108  while ((!m_queue.empty() && m_queue.front().lastRefreshed <= expiring) ||
109  (m_options.maxTimestamps >= 0 &&
110  m_queue.size() > static_cast<size_t>(m_options.maxTimestamps))) {
111  m_queue.pop_front();
112  }
113 }
114 
115 CommandInterestValidator::ErrorCode
116 CommandInterestValidator::parseCommandInterest(const Interest& interest, Name& keyName,
117  uint64_t& timestamp) const
118 {
119  const Name& name = interest.getName();
120  if (name.size() < command_interest::MIN_SIZE) {
121  return ErrorCode::NAME_TOO_SHORT;
122  }
123 
124  const name::Component& timestampComp = name.at(command_interest::POS_TIMESTAMP);
125  if (!timestampComp.isNumber()) {
126  return ErrorCode::BAD_TIMESTAMP;
127  }
128  timestamp = timestampComp.toNumber();
129 
130  SignatureInfo sig;
131  try {
132  sig.wireDecode(name[signed_interest::POS_SIG_INFO].blockFromValue());
133  }
134  catch (const tlv::Error&) {
135  return ErrorCode::BAD_SIG_INFO;
136  }
137 
138  if (!sig.hasKeyLocator()) {
139  return ErrorCode::MISSING_KEY_LOCATOR;
140  }
141 
142  const KeyLocator& keyLocator = sig.getKeyLocator();
143  if (keyLocator.getType() != KeyLocator::KeyLocator_Name) {
144  return ErrorCode::BAD_KEY_LOCATOR_TYPE;
145  }
146 
147  try {
148  v2::extractIdentityFromKeyName(keyLocator.getName());
149  }
150  catch (const std::invalid_argument&) {
151  return ErrorCode::BAD_CERT_NAME;
152  }
153 
154  keyName = keyLocator.getName();
155 
156  return ErrorCode::NONE;
157 }
158 
159 CommandInterestValidator::ErrorCode
160 CommandInterestValidator::checkTimestamp(const Name& keyName, uint64_t timestamp,
161  time::system_clock::TimePoint receiveTime)
162 {
163  time::steady_clock::TimePoint now = time::steady_clock::now();
164 
165  // try to insert new record
166  Queue::iterator i = m_queue.end();
167  bool isNew = false;
168  std::tie(i, isNew) = m_queue.push_back({keyName, timestamp, now});
169 
170  if (isNew) {
171  // check grace period
172  time::system_clock::TimePoint sigTime = time::fromUnixTimestamp(time::milliseconds(timestamp));
173  if (time::abs(sigTime - receiveTime) > m_options.gracePeriod) {
174  // out of grace period, delete new record
175  m_queue.erase(i);
176  return ErrorCode::TIMESTAMP_OUT_OF_GRACE;
177  }
178  }
179  else {
180  BOOST_ASSERT(i->keyName == keyName);
181 
182  // compare timestamp with last timestamp
183  if (timestamp <= i->timestamp) {
184  return ErrorCode::TIMESTAMP_REORDER;
185  }
186 
187  // set lastRefreshed field, and move to queue tail
188  m_queue.erase(i);
189  isNew = m_queue.push_back({keyName, timestamp, now}).second;
190  BOOST_ASSERT(isNew);
191  }
192 
193  return ErrorCode::NONE;
194 }
195 
196 void
197 CommandInterestValidator::checkPolicy(const Data& data, int nSteps,
198  const OnDataValidated& accept,
199  const OnDataValidationFailed& reject,
200  std::vector<shared_ptr<ValidationRequest>>& nextSteps)
201 {
202  BOOST_ASSERT(nSteps == 0);
203  m_inner->validate(data, accept, reject);
204 }
205 
206 } // namespace security
207 } // namespace ndn
ndn::security::OnInterestValidationFailed
function< void(const shared_ptr< const Interest > &, const std::string &)> OnInterestValidationFailed
Callback to report a failed Interest validation.
Definition: validation-request.hpp:35
ndn::time::steady_clock::TimePoint
time_point TimePoint
Definition: time.hpp:120
ndn::Interest::getName
const Name & getName() const
Definition: interest.hpp:139
ndn
Copyright (c) 2013-2017 Regents of the University of California.
Definition: common.hpp:75
ndn::SignatureInfo
Represents a SignatureInfo TLV element.
Definition: signature-info.hpp:33
ndn::time::steady_clock::now
static time_point now() noexcept
Definition: time.cpp:80
ndn::security::CommandInterestValidator::Options::timestampTtl
time::nanoseconds timestampTtl
max lifetime of a last timestamp record
Definition: command-interest-validator.hpp:90
std
STL namespace.
ndn::Interest
represents an Interest packet
Definition: interest.hpp:42
ndn::KeyLocator::KeyLocator_Name
indicates KeyLocator contains a Name
Definition: key-locator.hpp:49
ndn::time::system_clock::now
static time_point now() noexcept
Definition: time.cpp:46
ndn::security::OnDataValidationFailed
function< void(const shared_ptr< const Data > &, const std::string &)> OnDataValidationFailed
Callback to report a failed Data validation.
Definition: validation-request.hpp:42
ndn::SignatureInfo::getKeyLocator
const KeyLocator & getKeyLocator() const
Get KeyLocator.
Definition: signature-info.cpp:147
ndn::security::operator<<
std::ostream & operator<<(std::ostream &os, CommandInterestValidator::ErrorCode error)
Definition: command-interest-validator.cpp:29
ndn::time::abs
constexpr duration< Rep, Period > abs(duration< Rep, Period > d)
Definition: time.hpp:53
ndn::security::OnDataValidated
function< void(const shared_ptr< const Data > &)> OnDataValidated
Callback to report a successful Data validation.
Definition: validation-request.hpp:38
ndn::security::OnInterestValidated
function< void(const shared_ptr< const Interest > &)> OnInterestValidated
Callback to report a successful Interest validation.
Definition: validation-request.hpp:31
ndn::KeyLocator::getName
const Name & getName() const
get Name element
Definition: key-locator.cpp:135
ndn::KeyLocator::getType
Type getType() const
Definition: key-locator.hpp:101
ndn::security::CommandInterestValidator::CommandInterestValidator
CommandInterestValidator(unique_ptr< Validator > inner, const Options &options=Options())
constructor
Definition: command-interest-validator.cpp:61
ndn::security::invokeReject
static void invokeReject(const OnInterestValidationFailed &reject, const Interest &interest, CommandInterestValidator::ErrorCode error)
Definition: command-interest-validator.cpp:55
ndn::security::CommandInterestValidator::checkPolicy
void checkPolicy(const Interest &interest, int nSteps, const OnInterestValidated &accept, const OnInterestValidationFailed &reject, std::vector< shared_ptr< ValidationRequest >> &nextSteps) override
validate command Interest
Definition: command-interest-validator.cpp:76
ndn::security::CommandInterestValidator::Options::gracePeriod
time::nanoseconds gracePeriod
tolerance of initial timestamp
Definition: command-interest-validator.hpp:64
ndn::Name::size
size_t size() const
Get number of components.
Definition: name.hpp:154
ndn::command_interest::MIN_SIZE
const size_t MIN_SIZE
minimal number of components for Command Interest
Definition: security-common.hpp:53
ndn::Name
Represents an absolute name.
Definition: name.hpp:42
ndn::Name::at
const Component & at(ssize_t i) const
Get the component at the given index.
Definition: name.cpp:185
ndn::time::system_clock::TimePoint
time_point TimePoint
Definition: time.hpp:90
ndn::name::Component
Component holds a read-only name component value.
Definition: name-component.hpp:47
ndn::SignatureInfo::wireDecode
void wireDecode(const Block &wire)
Decode from wire format.
Definition: signature-info.cpp:104
ndn::command_interest::POS_TIMESTAMP
const ssize_t POS_TIMESTAMP
Definition: security-common.hpp:48
ndn::time::fromUnixTimestamp
system_clock::TimePoint fromUnixTimestamp(const milliseconds &duration)
Convert UNIX timestamp to system_clock::TimePoint.
Definition: time.cpp:125
ndn::signed_interest::POS_SIG_INFO
const ssize_t POS_SIG_INFO
Definition: security-common.hpp:34
ndn::name::Component::isNumber
bool isNumber() const
Check if the component is nonNegativeInteger.
Definition: name-component.cpp:191
ndn::security::CommandInterestValidator::Options::maxTimestamps
ssize_t maxTimestamps
max number of distinct public keys to record last timestamp
Definition: command-interest-validator.hpp:81
ndn::SignatureInfo::hasKeyLocator
bool hasKeyLocator() const
Check if KeyLocator exists.
Definition: signature-info.hpp:101
ndn::Data
Represents a Data packet.
Definition: data.hpp:35
ndn::name::Component::toNumber
uint64_t toNumber() const
Interpret this name component as nonNegativeInteger.
Definition: name-component.cpp:238
ndn::security::v2::extractIdentityFromKeyName
Name extractIdentityFromKeyName(const Name &keyName)
Extract identity namespace from the key name keyName.
Definition: key.cpp:148
ndn::tlv::Error
represents an error in TLV encoding or decoding
Definition: encoding/tlv.hpp:50