示例#1
0
/*
	On send events, the security manager 
 
 */
void SecurityManager::onSendDataObject(Event *e)
{
	if (!e || !e->hasData())
		return;

	DataObjectRef dObj = e->getDataObject();
	
	if (dObj->isThisNodeDescription()) {
		// This is our node description. Piggy-back our certificate.
		if (myCert) {
			Metadata *m;

			m = dObj->getMetadata()->getMetadata("Security");
			
			if (m) {
				HAGGLE_ERR("Node description already has a Security tag!\n");
			} else {
				m = dObj->getMetadata()->addMetadata("Security");
				
				if (m) {
					m->addMetadata(myCert->toMetadata());
				}
			}
		}
	}
	
	// In most cases the data object is already signed here (e.g., if it is generated by a local
	// application, or was received from another node). The only reason to check if we should
	// sign the data object here, is if a data object was generated internally by Haggle -- in
	// which case the data object might not have a signature (e.g., the data object is a node
	// description).
	InterfaceRef iface = dObj->getRemoteInterface();
	
	if (dObj->shouldSign() && !(iface && iface->getType() == Interface::TYPE_APPLICATION_PORT)) {
		// FIXME: data objects should really be signed in the SecurityHelper thread since
		// it is a potentially CPU intensive operation. But it is currently not possible
		// to ensure that the signing operation has finished in the helper thread before
		// the data object is actually sent on the wire by the protocol manager.
		// To handle this situation, we probably need to add a new public event for 
		// security related operations, after which the security manager generates the
		// real send event.
		
		if (helper->signDataObject(dObj, privKey)) {
			HAGGLE_DBG("Successfully signed data object %s\n", dObj->getIdStr());
		} else {
			HAGGLE_DBG("Signing of data object %s failed!\n", dObj->getIdStr());
		}
	}	
}
示例#2
0
DataObjectRef Forwarder::createRoutingInformationDataObject()
{
	// No need to have a reference in this function because it won't be 
	// visible outside until this function is done with it.
	DataObjectRef dObj = DataObject::create();
	
	if (!dObj)
		return NULL;

	HAGGLE_DBG2("Creating routing info data object\n");

	dObj->setPersistent(false);
	dObj->addAttribute("Forwarding", getName());
	
	// Add the metric data to the forwarding section:
	Metadata *md = dObj->getMetadata()->addMetadata(getManager()->getName());
	
	md = md->addMetadata(getName());
	md->setParameter("node_id", getKernel()->getThisNode()->getIdStr());
	
	if (!addRoutingInformation(dObj, md)) {
        // SW: ERR->DBG, this is not fatal, we return false when we don't want
        // to add routing data.
	        // HAGGLE_DBG("Could not add routing information\n");
		return NULL;
	}

	return dObj;
}
示例#3
0
// CBMEN, HL, Begin
int
ReplicationOptimizer::getCost(DataObjectRef dObj, string node_id)
{
    int dataLen = 0;
    {
        dataLen = (int) dObj->getDataLen();
        // include metadata size
        Metadata *m = dObj->getMetadata();
        if (!m) {
            errorCount++;
            HAGGLE_ERR("Missing metadata.\n");
            return 0;
        }
        dataLen += m->getContent().size();
    }

    {
        node_map_t::iterator it = node_map.find(node_id);
        if (it == node_map.end()) {
            errorCount++;
            HAGGLE_ERR("Missing node: %s\n", node_id.c_str());
            return 0;
        }
    }

    return dataLen;
}
示例#4
0
bool Forwarder::hasRoutingInformation(const DataObjectRef& dObj)
{
	if (!dObj)
		return false;
	
	const Metadata *m = dObj->getMetadata()->getMetadata(getManager()->getName());
	
	if (m == NULL)
		return false;
		
	if (!m->getMetadata(getName()))
		return false;
	    
	return true;
}
示例#5
0
void Manager::_onConfig(Event *e)
{
	DataObjectRefList& dObjs = e->getDataObjectList();

	while (dObjs.size()) {
                DataObjectRef dObj = dObjs.pop();

		// Get the metadata matching the manager
		Metadata *m = dObj->getMetadata()->getMetadata(this->getName());

		if (m) {
			onConfig(m);
		}
	}
}
示例#6
0
const string Forwarder::getNodeIdFromRoutingInformation(const DataObjectRef& dObj) const
{
	if (!dObj)
		return (char *)NULL;
	
	const Metadata *m = dObj->getMetadata()->getMetadata(getManager()->getName());
	
	if (!m)
		return (char *)NULL;
	
	m = m->getMetadata(getName());
	
	if (!m)
		return (char *)NULL;
	
	return m->getParameter("node_id");
}
示例#7
0
/*
	Check incoming data objects for two reasons:
	1) whether they have an embedded certificate, in which case we verify 
	it and add it to our store in case it is not already there.
	2) sign any data objects that were generated by local applications.
 */
void SecurityManager::onIncomingDataObject(Event *e)
{
	DataObjectRef dObj;
	
	if (!e || !e->hasData())
		return;
	
	dObj = e->getDataObject();
	
	if (dObj->isDuplicate())
		return;

	Metadata *m = dObj->getMetadata()->getMetadata("Security");
	
	// Check if there is a certificate embedded that we do not already have stored
	if (m && m->getMetadata("Certificate")) {
		HAGGLE_DBG("Data object has embedded certificate, trying to verify it!\n");
		helper->addTask(new SecurityTask(SECURITY_TASK_VERIFY_CERTIFICATE, dObj));
	}
			
	InterfaceRef iface = dObj->getRemoteInterface();

	// Check if this data object came from an application, in that case we sign it.
	// In the future, the signing should potentially be handled by the application
	// itself. But this requires some major rethinking of how to manage certificates 
	// and keys, etc.
	if (iface && iface->getType() == Interface::TYPE_APPLICATION_PORT && dObj->shouldSign()) {
		HAGGLE_DBG("Data object should be signed\n");

		// FIXME: data objects should really be signed in the SecurityHelper thread since
		// it is a potentially CPU intensive operation. But it is currently not possible
		// to ensure that the signing operation has finished in the helper thread before
		// the data object is added to the data store.
		if (helper->signDataObject(dObj, privKey)) {
			HAGGLE_DBG("Successfully signed data object %s, which was added by an application.\n", 
				   dObj->getIdStr());
		} else {
			HAGGLE_DBG("Signing of data object %s, which was added by an application, failed!\n", 
				   dObj->getIdStr());
		}
	}
}
示例#8
0
void Manager::_onDynamicConfig(Event *e)
{
	if (!e || !e->hasData())
		return;

	DataObjectRef dObj = e->getDataObject();
	if (!dObj)
		return;

	Metadata *m = dObj->getMetadata();
	if (!m)
		return;

	m = m->getMetadata(DATAOBJECT_METADATA_APPLICATION_CONTROL_DYNAMIC_CONFIGURATION);
	if (!m)
		return;

	m = m->getMetadata(getName());
	if (!m)
		return;

	onDynamicConfig(m);

}