static void
onConfig(const ConfigSection& configSection,
bool isDryRun,
const std::string& filename)
{
// general
// {
// ; user "ndn-user"
// ; group "ndn-user"
// }
std::string user;
std::string group;
for (ConfigSection::const_iterator i = configSection.begin();
i != configSection.end();
++i)
{
if (i->first == "user")
{
try
{
user = i->second.get_value<std::string>("user");
if (user.empty())
{
throw ConfigFile::Error("Invalid value for \"user\""
" in \"general\" section");
}
}
catch (const boost::property_tree::ptree_error& error)
{
throw ConfigFile::Error("Invalid value for \"user\""
" in \"general\" section");
}
}
else if (i->first == "group")
{
try
{
group = i->second.get_value<std::string>("group");
if (group.empty())
{
throw ConfigFile::Error("Invalid value for \"group\""
" in \"general\" section");
}
}
catch (const boost::property_tree::ptree_error& error)
{
throw ConfigFile::Error("Invalid value for \"group\""
" in \"general\" section");
}
}
}
NFD_LOG_TRACE("using user \"" << user << "\" group \"" << group << "\"");
PrivilegeHelper::initialize(user, group);
}
static shared_ptr<Filter>
create(const ConfigSection& configSection)
{
ConfigSection::const_iterator propertyIt = configSection.begin();
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "type"))
throw Error("Expect <filter.type>!");
std::string type = propertyIt->second.data();
if (boost::iequals(type, "name"))
return createNameFilter(configSection);
else
throw Error("Unsupported filter.type: " + type);
}
static shared_ptr<KeyLocatorChecker>
create(const ConfigSection& configSection, const std::string& filename)
{
ConfigSection::const_iterator propertyIt = configSection.begin();
// Get checker.key-locator.type
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "type"))
BOOST_THROW_EXCEPTION(Error("Expect <checker.key-locator.type>!"));
std::string type = propertyIt->second.data();
if (boost::iequals(type, "name"))
return createKeyLocatorNameChecker(configSection, filename);
else
BOOST_THROW_EXCEPTION(Error("Unsupported checker.key-locator.type: " + type));
}
static shared_ptr<Filter>
createNameFilter(const ConfigSection& configSection)
{
ConfigSection::const_iterator propertyIt = configSection.begin();
propertyIt++;
if (propertyIt == configSection.end())
throw Error("Expect more properties for filter(name)");
if (boost::iequals(propertyIt->first, "name"))
{
// Get filter.name
Name name;
try
{
name = Name(propertyIt->second.data());
}
catch (Name::Error& e)
{
throw Error("Wrong filter.name: " + propertyIt->second.data());
}
propertyIt++;
// Get filter.relation
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "relation"))
throw Error("Expect <filter.relation>!");
std::string relationString = propertyIt->second.data();
propertyIt++;
RelationNameFilter::Relation relation;
if (boost::iequals(relationString, "equal"))
relation = RelationNameFilter::RELATION_EQUAL;
else if (boost::iequals(relationString, "is-prefix-of"))
relation = RelationNameFilter::RELATION_IS_PREFIX_OF;
else if (boost::iequals(relationString, "is-strict-prefix-of"))
relation = RelationNameFilter::RELATION_IS_STRICT_PREFIX_OF;
else
throw Error("Unsupported relation: " + relationString);
if (propertyIt != configSection.end())
throw Error("Expect the end of filter!");
return make_shared<RelationNameFilter>(name, relation);
}
else if (boost::iequals(propertyIt->first, "regex"))
{
std::string regexString = propertyIt->second.data();
propertyIt++;
if (propertyIt != configSection.end())
throw Error("Expect the end of filter!");
try
{
return shared_ptr<RegexNameFilter>(new RegexNameFilter(regexString));
}
catch (Regex::Error& e)
{
throw Error("Wrong filter.regex: " + regexString);
}
}
else
throw Error("Wrong filter(name) properties");
}
static shared_ptr<KeyLocatorChecker>
createKeyLocatorNameChecker(const ConfigSection& configSection,
const std::string& filename)
{
ConfigSection::const_iterator propertyIt = configSection.begin();
propertyIt++;
if (propertyIt == configSection.end())
BOOST_THROW_EXCEPTION(Error("Expect more checker.key-locator properties"));
if (boost::iequals(propertyIt->first, "name"))
{
Name name;
try
{
name = Name(propertyIt->second.data());
}
catch (Name::Error& e)
{
BOOST_THROW_EXCEPTION(Error("Invalid checker.key-locator.name: " +
propertyIt->second.data()));
}
propertyIt++;
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "relation"))
BOOST_THROW_EXCEPTION(Error("Expect <checker.key-locator.relation>!"));
std::string relationString = propertyIt->second.data();
propertyIt++;
KeyLocatorChecker::Relation relation;
if (boost::iequals(relationString, "equal"))
relation = KeyLocatorChecker::RELATION_EQUAL;
else if (boost::iequals(relationString, "is-prefix-of"))
relation = KeyLocatorChecker::RELATION_IS_PREFIX_OF;
else if (boost::iequals(relationString, "is-strict-prefix-of"))
relation = KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF;
else
BOOST_THROW_EXCEPTION(Error("Unsupported relation: " + relationString));
if (propertyIt != configSection.end())
BOOST_THROW_EXCEPTION(Error("Expect the end of checker.key-locator!"));
return shared_ptr<RelationKeyLocatorNameChecker>
(new RelationKeyLocatorNameChecker(name, relation));
}
else if (boost::iequals(propertyIt->first, "regex"))
{
std::string regexString = propertyIt->second.data();
propertyIt++;
if (propertyIt != configSection.end())
BOOST_THROW_EXCEPTION(Error("Expect the end of checker.key-locator!"));
try
{
return shared_ptr<RegexKeyLocatorNameChecker>
(new RegexKeyLocatorNameChecker(regexString));
}
catch (Regex::Error& e)
{
BOOST_THROW_EXCEPTION(Error("Invalid checker.key-locator.regex: " + regexString));
}
}
else if (boost::iequals(propertyIt->first, "hyper-relation"))
{
const ConfigSection& hSection = propertyIt->second;
ConfigSection::const_iterator hPropertyIt = hSection.begin();
// Get k-regex
if (hPropertyIt == hSection.end() || !boost::iequals(hPropertyIt->first, "k-regex"))
BOOST_THROW_EXCEPTION(Error("Expect <checker.key-locator.hyper-relation.k-regex>!"));
std::string kRegex = hPropertyIt->second.data();
hPropertyIt++;
// Get k-expand
if (hPropertyIt == hSection.end() || !boost::iequals(hPropertyIt->first, "k-expand"))
BOOST_THROW_EXCEPTION(Error("Expect <checker.key-locator.hyper-relation.k-expand>!"));
std::string kExpand = hPropertyIt->second.data();
hPropertyIt++;
// Get h-relation
if (hPropertyIt == hSection.end() || !boost::iequals(hPropertyIt->first, "h-relation"))
BOOST_THROW_EXCEPTION(Error("Expect <checker.key-locator.hyper-relation.h-relation>!"));
std::string hRelation = hPropertyIt->second.data();
hPropertyIt++;
// Get p-regex
if (hPropertyIt == hSection.end() || !boost::iequals(hPropertyIt->first, "p-regex"))
BOOST_THROW_EXCEPTION(Error("Expect <checker.key-locator.hyper-relation.p-regex>!"));
std::string pRegex = hPropertyIt->second.data();
hPropertyIt++;
// Get p-expand
if (hPropertyIt == hSection.end() || !boost::iequals(hPropertyIt->first, "p-expand"))
BOOST_THROW_EXCEPTION(Error("Expect <checker.key-locator.hyper-relation.p-expand>!"));
std::string pExpand = hPropertyIt->second.data();
hPropertyIt++;
if (hPropertyIt != hSection.end())
BOOST_THROW_EXCEPTION(Error("Expect the end of checker.key-locator.hyper-relation!"));
KeyLocatorChecker::Relation relation;
if (boost::iequals(hRelation, "equal"))
relation = KeyLocatorChecker::RELATION_EQUAL;
else if (boost::iequals(hRelation, "is-prefix-of"))
relation = KeyLocatorChecker::RELATION_IS_PREFIX_OF;
else if (boost::iequals(hRelation, "is-strict-prefix-of"))
relation = KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF;
else
BOOST_THROW_EXCEPTION(Error("Unsupported checker.key-locator.hyper-relation.h-relation: "
+ hRelation));
try
{
return shared_ptr<HyperKeyLocatorNameChecker>
(new HyperKeyLocatorNameChecker(pRegex, pExpand,
kRegex, kExpand,
relation));
}
catch (Regex::Error& e)
{
BOOST_THROW_EXCEPTION(Error("Invalid regex for key-locator.hyper-relation"));
}
}
else
BOOST_THROW_EXCEPTION(Error("Unsupported checker.key-locator"));
}
void
CommandValidator::onConfig(const ConfigSection& section,
bool isDryRun,
const std::string& filename)
{
using namespace boost::filesystem;
const ConfigSection EMPTY_SECTION;
m_validator.reset();
if (section.begin() == section.end())
{
throw ConfigFile::Error("No authorize sections found");
}
std::stringstream dryRunErrors;
ConfigSection::const_iterator authIt;
for (authIt = section.begin(); authIt != section.end(); authIt++)
{
std::string certfile;
try
{
certfile = authIt->second.get<std::string>("certfile");
}
catch (const std::runtime_error& e)
{
std::string msg = "No certfile specified";
if (!isDryRun)
{
throw ConfigFile::Error(msg);
}
aggregateErrors(dryRunErrors, msg);
continue;
}
shared_ptr<ndn::IdentityCertificate> id;
if (certfile != "any")
{
path certfilePath = absolute(certfile, path(filename).parent_path());
NFD_LOG_DEBUG("generated certfile path: " << certfilePath.native());
std::ifstream in;
in.open(certfilePath.c_str());
if (!in.is_open())
{
std::string msg = "Unable to open certificate file " + certfilePath.native();
if (!isDryRun)
{
throw ConfigFile::Error(msg);
}
aggregateErrors(dryRunErrors, msg);
continue;
}
try
{
id = ndn::io::load<ndn::IdentityCertificate>(in);
}
catch (const std::runtime_error& error)
{
// do nothing
}
if (!static_cast<bool>(id)) {
std::string msg = "Malformed certificate file " + certfilePath.native();
if (!isDryRun)
{
throw ConfigFile::Error(msg);
}
aggregateErrors(dryRunErrors, msg);
continue;
}
in.close();
}
std::string keyNameForLogging;
if (static_cast<bool>(id))
keyNameForLogging = id->getPublicKeyName().toUri();
else
{
keyNameForLogging = "wildcard";
NFD_LOG_WARN("Wildcard identity is intended for demo purpose only and " <<
"SHOULD NOT be used in production environment");
}
const ConfigSection* privileges = 0;
try
{
privileges = &authIt->second.get_child("privileges");
}
catch (const std::runtime_error& error)
{
std::string msg = "No privileges section found for certificate file " +
certfile + " (" + keyNameForLogging + ")";
if (!isDryRun)
{
throw ConfigFile::Error(msg);
}
aggregateErrors(dryRunErrors, msg);
continue;
}
if (privileges->begin() == privileges->end())
{
NFD_LOG_WARN("No privileges specified for certificate file " << certfile
<< " (" << keyNameForLogging << ")");
}
ConfigSection::const_iterator privIt;
for (privIt = privileges->begin(); privIt != privileges->end(); privIt++)
{
const std::string& privilegeName = privIt->first;
if (m_supportedPrivileges.find(privilegeName) != m_supportedPrivileges.end())
{
NFD_LOG_INFO("Giving privilege \"" << privilegeName
<< "\" to identity " << keyNameForLogging);
if (!isDryRun)
{
const std::string regex = "^<localhost><nfd><" + privilegeName + ">";
if (static_cast<bool>(id))
m_validator.addInterestRule(regex, *id);
else
m_validator.addInterestBypassRule(regex);
}
}
else
{
// Invalid configuration
std::string msg = "Invalid privilege \"" + privilegeName +
"\" for certificate file " + certfile + " (" + keyNameForLogging + ")";
if (!isDryRun)
{
throw ConfigFile::Error(msg);
}
aggregateErrors(dryRunErrors, msg);
}
}
}
if (!dryRunErrors.str().empty())
{
throw ConfigFile::Error(dryRunErrors.str());
}
}