void SecurityManager::verifyPIB(dtn::data::Bundle &bundle) const throw (VerificationFailedException)
{
IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "verify signed bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
// iterate through all blocks
for (dtn::data::Bundle::iterator it = bundle.begin(); it != bundle.end();)
{
const dtn::data::Block &block = (**it);
if (block.getType() == dtn::security::PayloadConfidentialBlock::BLOCK_TYPE) {
// payload after a PCB can not verified until the payload is decrypted
break;
}
try {
const dtn::security::PayloadIntegrityBlock& pib = dynamic_cast<const dtn::security::PayloadIntegrityBlock&>(block);
const SecurityKey key = SecurityKeyManager::getInstance().get(pib.getSecuritySource(bundle), SecurityKey::KEY_PUBLIC);
// try to verify the bundle with the key for the current PIB
dtn::security::PayloadIntegrityBlock::verify(bundle, key);
// if we are the security destination
if (pib.isSecurityDestination(bundle, dtn::core::BundleCore::local)) {
// remove the valid PIB
bundle.erase(it++);
} else {
++it;
}
// set the verify bit, after verification
bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, true);
IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 5) << "Bundle " << bundle.toString() << " successfully verified" << IBRCOMMON_LOGGER_ENDL;
continue;
} catch (const dtn::security::VerificationSkippedException&) {
// un-set the verify bit
bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, false);
} catch (const SecurityKey::KeyNotFoundException&) {
// un-set the verify bit
bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, false);
} catch (const std::bad_cast&) {
// current block is not a PIB
}
++it;
}
}
void BundleAuthenticationBlock::strip(dtn::data::Bundle &bundle, const dtn::security::SecurityKey &key)
{
// store the correlator of the verified BABs
dtn::data::Number correlator;
// verify the babs of the bundle
verify(bundle, key, correlator);
// iterate over all BABs
dtn::data::Bundle::find_iterator it(bundle.begin(), BundleAuthenticationBlock::BLOCK_TYPE);
while (it.next(bundle.end()))
{
const BundleAuthenticationBlock &bab = dynamic_cast<const BundleAuthenticationBlock&>(**it);
// if the correlator is already authenticated, then remove the BAB
if ((bab._ciphersuite_flags & SecurityBlock::CONTAINS_CORRELATOR) && (bab._correlator == correlator))
{
bundle.erase(it);
}
}
}
void BundleAuthenticationBlock::strip(dtn::data::Bundle& bundle)
{
bundle.erase(std::remove(bundle.begin(), bundle.end(), BundleAuthenticationBlock::BLOCK_TYPE), bundle.end());
}
void PayloadIntegrityBlock::strip(dtn::data::Bundle& bundle)
{
bundle.erase(std::remove(bundle.begin(), bundle.end(), PayloadIntegrityBlock::BLOCK_TYPE), bundle.end());
}