bool
IdentityCertificate::isCorrectName(const Name& name)
{
int i = name.size() - 1;
string idString("ID-CERT");
for (; i >= 0; i--) {
if(name.get(i).toEscapedString() == idString)
break;
}
if (i < 0)
return false;
int keyIdx = 0;
string keyString("KEY");
for (; keyIdx < name.size(); keyIdx++) {
if(name.get(keyIdx).toEscapedString() == keyString)
break;
}
if (keyIdx >= name.size())
return false;
return true;
}
bool
Interest::matchesName(const Name& name) const
{
if (name.size() < m_name.size())
return false;
if (!m_name.isPrefixOf(name))
return false;
if (getMinSuffixComponents() >= 0 &&
// name must include implicit digest
!(name.size() - m_name.size() >= static_cast<size_t>(getMinSuffixComponents())))
return false;
if (getMaxSuffixComponents() >= 0 &&
// name must include implicit digest
!(name.size() - m_name.size() <= static_cast<size_t>(getMaxSuffixComponents())))
return false;
if (!getExclude().empty() &&
name.size() > m_name.size() &&
getExclude().isExcluded(name[m_name.size()]))
return false;
return true;
}
inline size_t
calculateSkip(const Name& name,
const Name& hint, const Name& zone)
{
size_t skip = 0;
if (!hint.empty()) {
// These are only asserts. The caller should supply the right parameters
skip = hint.size() + 1 + zone.size();
BOOST_ASSERT(name.size() > skip);
BOOST_ASSERT(name.getPrefix(hint.size()) == hint);
BOOST_ASSERT(name.get(hint.size()) == FORWARDING_HINT_LABEL);
BOOST_ASSERT(name.getSubName(hint.size() + 1, zone.size()) == zone);
}
else {
skip = zone.size();
BOOST_ASSERT(name.size() > skip);
BOOST_ASSERT(name.getPrefix(zone.size()) == zone);
}
BOOST_ASSERT(name.get(skip) == NDNS_ITERATIVE_QUERY ||
name.get(skip) == NDNS_CERT_QUERY);
++skip;
return skip;
}
Name
IdentityCertificate::certificateNameToPublicKeyName(const Name& certificateName)
{
int i = certificateName.size() - 1;
string idString("ID-CERT");
bool foundIdString = false;
for (; i >= 0; i--) {
if (certificateName.get(i).toEscapedString() == idString)
{
foundIdString = true;
break;
}
}
if(!foundIdString)
throw Error("Incorrect identity certificate name " + certificateName.toUri());
Name tmpName = certificateName.getSubName(0, i);
string keyString("KEY");
bool foundKeyString = false;
for (i = 0; i < tmpName.size(); i++) {
if (tmpName.get(i).toEscapedString() == keyString)
{
foundKeyString = true;
break;
}
}
if(!foundKeyString)
throw Error("Incorrect identity certificate name " + certificateName.toUri());
return tmpName.getSubName(0, i).append(tmpName.getSubName(i + 1, tmpName.size() - i - 1));
}
bool
IdentityCertificate::isCorrectName(const Name& name)
{
string idString("ID-CERT");
int i = name.size() - 1;
for (; i >= 0; i--) {
if (name.get(i).toUri() == idString)
break;
}
if (i < 0)
return false;
string keyString("KEY");
size_t keyIndex = 0;
for (; keyIndex < name.size(); keyIndex++) {
if (name.get(keyIndex).toUri() == keyString)
break;
}
if (keyIndex >= name.size())
return false;
return true;
}
static void
extendName(Name& name, size_t length)
{
BOOST_ASSERT(length >= name.size());
for (size_t i = name.size(); i < length; i++) {
name.append("dup");
}
}
bool Name::operator<(const Name& name) const{
if (size() != name.size()) return size() < name.size();
for (std::size_t i = 0; i < size(); i++) {
if (at(i) != name.at(i)) {
return at(i) < name.at(i);
}
}
return false;
}
Name::Name(const Name& prefix, const Name& suffix)
: isAbsolute_(prefix.isAbsolute()) {
list_.reserve(prefix.size() + suffix.size());
for(std::size_t i = 0; i < prefix.size(); i++){
list_.push_back(prefix.at(i));
}
for(std::size_t i = 0; i < suffix.size(); i++){
list_.push_back(suffix.at(i));
}
}
Name::Name(const Name& prefix, const String& suffix)
: isAbsolute_(prefix.isAbsolute()) {
list_.reserve(prefix.size() + 1);
for (std::size_t i = 0; i < prefix.size(); i++) {
list_.push_back(prefix.at(i));
}
// No member of a name can be an empty string.
if (suffix.size() > 0) {
list_.push_back(suffix);
}
}
SearchResult performAliasSearch(AST::Alias& alias, const Name& name, size_t pos) {
const auto size = name.size() - pos;
if (size == 0) return SearchResult::Alias(alias);
return SearchResult::None();
}
SearchResult performFunctionSearch(AST::Function& function, const Name& name, size_t pos) {
const auto size = name.size() - pos;
if (size == 0) return SearchResult::Function(function);
return SearchResult::None();
}
bool
InterestFilter::doesMatch(const Name& name) const
{
if (name.size() < prefix_.size())
return false;
if (hasRegexFilter()) {
#if NDN_CPP_HAVE_REGEX_LIB
// Perform a prefix match and regular expression match for the remaining
// components.
if (!prefix_.match(name))
return false;
return regex_lib::sregex_iterator() != NdnRegexMatcher
(regexFilterPattern_, name.getSubName(prefix_.size())).iterator;
#else
// We should not reach this point because the constructors for regexFilter
// don't compile.
throw runtime_error("InterestFilter::regexFilter is not supported");
#endif
}
else
// Just perform a prefix match.
return prefix_.match(name);
}
/**
* Check if the last component in the name is a segment number.
* @param name The name to check.
* @return True if the name ends with a segment number, otherwise false.
*/
static bool
endsWithSegmentNumber(Name name)
{
return name.size() >= 1 &&
name.get(-1).getValue().size() >= 1 &&
name.get(-1).getValue().buf()[0] == 0;
}
ActionItemPtr
ActionLog::AddRemoteAction(shared_ptr<Data> actionData)
{
Name name = actionData->getName();
// action name: /<device_name>/<appname>/action/<shared-folder>/<action-seq>
uint64_t seqno = name.get(-1).toNumber();
std::string sharedFolder = name.get(-2).toUri();
if (sharedFolder != m_sharedFolderName) {
_LOG_ERROR("Action doesn't belong to this shared folder");
return ActionItemPtr();
}
if (name.get(-3).toUri() != "action") {
_LOG_ERROR("not an action");
return ActionItemPtr();
}
if (name.get(-4) != m_appName) {
_LOG_ERROR("Action doesn't belong to this application");
return ActionItemPtr();
}
Name deviceName = name.getSubName(0, name.size() - 4);
_LOG_DEBUG("From [" << name << "] extracted deviceName: " << deviceName << ", sharedFolder: "
<< sharedFolder
<< ", seqno: "
<< seqno);
return AddRemoteAction(deviceName, seqno, actionData);
}
void
signData(Data& data, Name certificateName = Name())
{
if (certificateName.size() == 0)
certificateName = defaultCertName_;
keyChain_.sign(data, certificateName);
}
int
Name::compare
(int iStartComponent, size_t nComponents, const Name& other,
int iOtherStartComponent, size_t nOtherComponents) const
{
if (iStartComponent < 0)
iStartComponent = components_.size() - (-iStartComponent);
if (iStartComponent < 0)
iOtherStartComponent = other.components_.size() - (-iOtherStartComponent);
nComponents = min(nComponents, size() - iStartComponent);
nOtherComponents = min(nOtherComponents, other.size() - iOtherStartComponent);
size_t count = min(nComponents, nOtherComponents);
for (size_t i = 0; i < count; ++i) {
int comparison = components_[iStartComponent + i].compare
(other.components_[iOtherStartComponent + i]);
if (comparison == 0)
// The components at this index are equal, so check the next components.
continue;
// Otherwise, the result is based on the components at this index.
return comparison;
}
// The components up to min(this.size(), other.size()) are equal, so the
// shorter name is less.
if (nComponents < nOtherComponents)
return -1;
else if (nComponents > nOtherComponents)
return 1;
else
return 0;
}
/**
* Use /localhost/nfd/rib/register to register the prefix to the faceId.
* @param prefix The prefix name to register.
* @param faceId The face ID.
* @param face The Face which is used to sign the command interest and call
* expressInterest.
* @param enabled On success or error, set enabled[0] = false;
*/
static void
registerRoute(const Name& prefix, boost::uint64_t faceId, Face* face, bool* enabled)
{
// Use default values;
boost::uint64_t origin = 255;
boost::uint64_t cost = 0;
const boost::uint64_t CHILD_INHERIT = 1;
boost::uint64_t flags = CHILD_INHERIT;
ndn_message::ControlParametersTypes_ControlParametersMessage parameters;
for (size_t i = 0; i < prefix.size(); ++i)
parameters.mutable_control_parameters()->mutable_name()->add_component
(prefix.get(i).getValue().buf(), prefix.get(i).getValue().size());
parameters.mutable_control_parameters()->set_face_id(faceId);
parameters.mutable_control_parameters()->set_origin(origin);
parameters.mutable_control_parameters()->set_cost(cost);
parameters.mutable_control_parameters()->set_flags(flags);
Blob encodedControlParameters = ProtobufTlv::encode(parameters);
Interest interest(Name("/localhost/nfd/rib/register"));
interest.getName().append(encodedControlParameters);
interest.setInterestLifetimeMilliseconds(10000);
// Sign and express the interest.
face->makeCommandInterest(interest);
face->expressInterest
(interest,
bind(&processRegisterResponse, _1, _2, enabled),
bind(&onTimeout, _1, "Register route command timed out.", enabled));
}
BOOST_FIXTURE_TEST_CASE(FullName, IdentityManagementFixture)
{
Data d(Name("/local/ndn/prefix"));
d.setContentType(tlv::ContentType_Blob);
d.setFreshnessPeriod(10_s);
d.setContent(CONTENT1, sizeof(CONTENT1));
BOOST_CHECK_THROW(d.getFullName(), Data::Error); // FullName is unavailable without signing
m_keyChain.sign(d);
BOOST_CHECK_EQUAL(d.hasWire(), true);
Name fullName = d.getFullName(); // FullName is available after signing
BOOST_CHECK_EQUAL(d.getName().size() + 1, fullName.size());
BOOST_CHECK_EQUAL_COLLECTIONS(d.getName().begin(), d.getName().end(),
fullName.begin(), fullName.end() - 1);
BOOST_CHECK_EQUAL(fullName.get(-1).value_size(), util::Sha256::DIGEST_SIZE);
// FullName should be cached, so value() pointer points to same memory location
BOOST_CHECK_EQUAL(fullName.get(-1).value(), d.getFullName().get(-1).value());
d.setFreshnessPeriod(100_s); // invalidates FullName
BOOST_CHECK_THROW(d.getFullName(), Data::Error);
Data d1(Block(DATA1, sizeof(DATA1)));
BOOST_CHECK_EQUAL(d1.getFullName(),
"/local/ndn/prefix/"
"sha256digest=28bad4b5275bd392dbb670c75cf0b66f13f7942b21e80f55c0e86b374753a548");
}
Name::Name(const Name& name, size_t substrSize)
: isAbsolute_(name.isAbsolute()) {
assert(substrSize <= name.size());
list_.reserve(substrSize);
for(std::size_t i = 0; i < substrSize; i++){
list_.push_back(name.at(i));
}
}
std::pair<bool, Block>
DefaultQueryProcessor::processDefaultCertQuery(const DefaultParam& param)
{
Name identity;
if (param.getOriginType() == TYPE_USER) {
try {
identity = m_db.getDefaultIdentity();
}
catch (PibDb::Error&) {
PibError error(ERR_NO_DEFAULT_ID, "default identity does not exist");
return std::make_pair(true, error.wireEncode());
}
}
else if (param.getOriginType() == TYPE_ID)
identity = param.getOriginName();
else if (param.getOriginType() != TYPE_KEY) {
PibError error(ERR_WRONG_PARAM,
"origin type of cert target must be KEY(2), ID(1) or USER(0), but gets: " +
boost::lexical_cast<string>(param.getOriginType()));
return std::make_pair(true, error.wireEncode());
}
Name keyName;
if (param.getOriginType() == TYPE_KEY) {
keyName = param.getOriginName();
if (keyName.size() < 1) {
PibError error(ERR_WRONG_PARAM,
"key name must contain key id component");
return std::make_pair(true, error.wireEncode());
}
}
else {
try {
keyName = m_db.getDefaultKeyNameOfIdentity(identity);
}
catch (PibDb::Error&) {
PibError error(ERR_NO_DEFAULT_KEY, "default key does not exist");
return std::make_pair(true, error.wireEncode());
}
}
try {
Name certName = m_db.getDefaultCertNameOfKey(keyName);
shared_ptr<IdentityCertificate> certificate = m_db.getCertificate(certName);
if (certificate == nullptr) {
PibError error (ERR_NO_DEFAULT_CERT, "default cert does not exist");
return std::make_pair(true, error.wireEncode());
}
PibCertificate result(*certificate);
return std::make_pair(true, result.wireEncode());
}
catch (PibDb::Error&) {
PibError error(ERR_NO_DEFAULT_CERT, "default cert does not exist");
return std::make_pair(true, error.wireEncode());
}
}
bool Name::isPrefixOf(const Name& name) const{
if(size() >= name.size()) return false;
for(std::size_t i = 0; i < size(); i++){
if(at(i) != name.at(i)){
return false;
}
}
return true;
}
ptr_lib::shared_ptr<Signature>
KeyChain::signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName)
{
Name signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(identityName);
if (signingCertificateName.size() == 0)
throw SecurityException("No qualified certificate name found!");
return identityManager_->signByCertificate(buffer, bufferLength, signingCertificateName);
}
SearchResult performInnerTypeInstanceSearch(AST::TypeInstance& typeInstance, const Name& name) {
if (name.size() != 1 || name.isAbsolute()) return SearchResult::None();
const auto iterator = typeInstance.namedTemplateVariables().find(name.at(0));
if (iterator != typeInstance.namedTemplateVariables().end()) {
return SearchResult::TemplateVar(*(iterator->second));
}
return SearchResult::None();
}
Strategy::ParsedInstanceName
Strategy::parseInstanceName(const Name& input)
{
for (ssize_t i = input.size() - 1; i > 0; --i) {
if (input[i].isVersion()) {
return {input.getPrefix(i + 1), input[i].toVersion(), input.getSubName(i + 1)};
}
}
return {input, nullopt, PartialName()};
}
SearchResult performInnerCatchClauseSearch(AST::CatchClause* catchClause, const Name& name) {
if (name.size() != 1 || name.isAbsolute()) return SearchResult::None();
const auto iterator = catchClause->namedVariables().find(name.at(0));
if (iterator != catchClause->namedVariables().end()) {
return SearchResult::Var(*(iterator->second));
}
return SearchResult::None();
}
SearchResult performInnerAliasSearch(AST::Alias& alias, const Name& name) {
if (name.size() != 1 || name.isAbsolute()) return SearchResult::None();
const auto iterator = alias.namedTemplateVariables().find(name.at(0));
if (iterator != alias.namedTemplateVariables().end()) {
return SearchResult::TemplateVar(*(iterator->second));
}
return SearchResult::None();
}
Name
IdentityCertificate::certificateNameToPublicKeyName(const Name& certificateName)
{
int i = certificateName.size() - 1;
string idString("ID-CERT");
for (; i >= 0; i--) {
if (certificateName.get(i).toEscapedString() == idString)
break;
}
Name tmpName = certificateName.getSubName(0, i);
string keyString("KEY");
for (i = 0; i < tmpName.size(); i++) {
if (tmpName.get(i).toEscapedString() == keyString)
break;
}
return tmpName.getSubName(0, i).append(tmpName.getSubName(i + 1, tmpName.size() - i - 1));
}
Name
IdentityManager::getKeyNameFromCertificatePrefix(const Name & certificatePrefix)
{
Name result;
string keyString("KEY");
int i = 0;
for(; i < certificatePrefix.size(); i++) {
if (certificatePrefix.get(i).toEscapedString() == keyString)
break;
}
if (i >= certificatePrefix.size())
throw SecurityException("Identity Certificate Prefix does not have a KEY component");
result.append(certificatePrefix.getSubName(0, i));
result.append(certificatePrefix.getSubName(i + 1, certificatePrefix.size()-i-1));
return result;
}
static security::SigningInfo
makeSigningInfoFromIdentityCertificate(const Name& certificateName)
{
// A valid IdentityCertificate has at least 4 name components,
// as it follows `<...>/KEY/<...>/<key-id>/ID-CERT/<version>` naming model.
if (certificateName.size() < 4) {
BOOST_THROW_EXCEPTION(std::invalid_argument("Certificate is invalid"));
}
return security::signingByCertificate(certificateName);
}
void
MemoryIdentityStorage::addKey(const Name& keyName, KeyType keyType, const Blob& publicKeyDer)
{
Name identityName = keyName.getSubName(0, keyName.size() - 1);
addIdentity(identityName);
if (doesKeyExist(keyName))
throw SecurityException("a key with the same name already exists!");
keyStore_[keyName.toUri()] = ptr_lib::make_shared<KeyRecord>(keyType, publicKeyDer);
}
