private void checkPolicyHelper(Name keyName, ValidationState state,
ValidationPolicy.ValidationContinuation continueValidation)
{
PibIdentity identity;
try {
identity = pib_.getIdentity(net.named_data.jndn.security.pib.PibKey
.extractIdentityFromKeyName(keyName));
} catch (Exception ex) {
state.fail(new ValidationError(
net.named_data.jndn.security.v2.ValidationError.CANNOT_RETRIEVE_CERTIFICATE,
"Cannot get the PIB identity for key " + keyName.toUri()
+ ": " + ex));
return;
}
PibKey key;
try {
key = identity.getKey(keyName);
} catch (Exception ex_0) {
state.fail(new ValidationError(
net.named_data.jndn.security.v2.ValidationError.CANNOT_RETRIEVE_CERTIFICATE,
"Cannot get the PIB key " + keyName.toUri() + ": " + ex_0));
return;
}
CertificateV2 certificate;
try {
certificate = key.getDefaultCertificate();
} catch (Exception ex_1) {
state.fail(new ValidationError(
net.named_data.jndn.security.v2.ValidationError.CANNOT_RETRIEVE_CERTIFICATE,
"Cannot get the default certificate for key "
+ keyName.toUri() + ": " + ex_1));
return;
}
// Add the certificate as the temporary trust anchor.
validator_.resetAnchors();
try {
validator_.loadAnchor("", certificate);
} catch (Exception ex_2) {
// We don't expect this since we just retrieved the certificate.
state.fail(new ValidationError(
net.named_data.jndn.security.v2.ValidationError.CANNOT_RETRIEVE_CERTIFICATE,
"Cannot load the trust anchor for key " + keyName.toUri()
+ ": " + ex_2));
return;
}
continueValidation.continueValidation(new CertificateRequest(
new Interest(keyName)), state);
// Clear the temporary trust anchor.
validator_.resetAnchors();
}
public override void checkPolicy(Interest interest, ValidationState state,
ValidationPolicy.ValidationContinuation continueValidation)
{
Name keyName = net.named_data.jndn.security.v2.ValidationPolicy.getKeyLocatorName(interest, state);
if (state.isOutcomeFailed())
{
// Already called state.fail() .
return;
}
checkPolicyHelper(keyName, state, continueValidation);
}
public override void checkPolicy(Interest interest, ValidationState state,
ValidationPolicy.ValidationContinuation continueValidation)
{
if (hasInnerPolicy())
{
throw new ValidatorConfigError(
"ValidationPolicyConfig must be a terminal inner policy");
}
if (shouldBypass_)
{
continueValidation.continueValidation(null, state);
return;
}
Name keyLocatorName = net.named_data.jndn.security.v2.ValidationPolicy.getKeyLocatorName(interest, state);
if (state.isOutcomeFailed())
{
// Already called state.fail() .
return;
}
for (int i = 0; i < interestRules_.Count; ++i)
{
ConfigRule rule = interestRules_[i];
if (rule.match(true, interest.getName()))
{
if (rule.check(true, interest.getName(), keyLocatorName, state))
{
continueValidation
.continueValidation(new CertificateRequest(
new Interest(keyLocatorName)), state);
return;
}
else
{
// rule.check failed and already called state.fail() .
return;
}
}
}
state.fail(new ValidationError(net.named_data.jndn.security.v2.ValidationError.POLICY_ERROR,
"No rule matched for interest `" + interest.getName().toUri()
+ "`"));
}
public override void checkPolicy(Interest interest, ValidationState state,
ValidationPolicy.ValidationContinuation continueValidation)
{
Name[] keyName_0 = new Name[1];
double[] timestamp_1 = new double[1];
if (!parseCommandInterest(interest, state, keyName_0, timestamp_1))
{
return;
}
if (!checkTimestamp(state, keyName_0[0], timestamp_1[0]))
{
return;
}
getInnerPolicy().checkPolicy(interest, state, continueValidation);
}
public override void checkPolicy(Interest interest, ValidationState state,
ValidationPolicy.ValidationContinuation continueValidation)
{
Name keyLocatorName = net.named_data.jndn.security.v2.ValidationPolicy.getKeyLocatorName(interest, state);
if (state.isOutcomeFailed())
{
// Already called state.fail().)
return;
}
if (keyLocatorName.getPrefix(-2).isPrefixOf(interest.getName()))
{
continueValidation.continueValidation(new CertificateRequest(
new Interest(keyLocatorName)), state);
}
else
{
state.fail(new ValidationError(net.named_data.jndn.security.v2.ValidationError.INVALID_KEY_LOCATOR,
"Interest signing policy violation for "
+ interest.getName().toUri() + " by "
+ keyLocatorName.toUri()));
}
}
/// <summary>
/// Check the certificate against the policy.
/// This base class implementation just calls checkPolicy(Data, ...). Your
/// derived class may override.
/// Depending on implementation of the policy, this check can be done
/// synchronously or asynchronously.
/// See the checkPolicy(Data) documentation for the semantics.
/// </summary>
///
/// <param name="certificate">The certificate to check.</param>
/// <param name="state">The ValidationState of this validation.</param>
/// <param name="continueValidation"></param>
public void checkCertificatePolicy(CertificateV2 certificate,
ValidationState state, ValidationPolicy.ValidationContinuation continueValidation)
{
checkPolicy(certificate, state, continueValidation);
}
/// <summary>
/// Check the Interest against the policy.
/// Your derived class must implement this.
/// Depending on implementation of the policy, this check can be done
/// synchronously or asynchronously.
/// See the checkPolicy(Data) documentation for the semantics.
/// </summary>
///
/// <param name="interest">The Interest packet to check.</param>
/// <param name="state">The ValidationState of this validation.</param>
/// <param name="continueValidation"></param>
public abstract void checkPolicy(Interest interest, ValidationState state,
ValidationPolicy.ValidationContinuation continueValidation);
/// <summary>
/// Check the Data packet against the policy.
/// Your derived class must implement this.
/// Depending on the implementation of the policy, this check can be done
/// synchronously or asynchronously.
/// The semantics of checkPolicy are as follows:
/// If the packet violates the policy, then the policy should call
/// state.fail() with an appropriate error code and error description.
/// If the packet conforms to the policy and no further key retrievals are
/// necessary, then the policy should call
/// continueValidation.continueValidation(null, state).
/// If the packet conforms to the policy and a key needs to be fetched, then
/// the policy should call
/// continueValidation.continueValidation({appropriate-key-request-instance}, state).
/// </summary>
///
/// <param name="data">The Data packet to check.</param>
/// <param name="state">The ValidationState of this validation.</param>
/// <param name="continueValidation"></param>
public abstract void checkPolicy(Data data, ValidationState state,
ValidationPolicy.ValidationContinuation continueValidation);
public override void checkPolicy(Interest interest, ValidationState state,
ValidationPolicy.ValidationContinuation continueValidation)
{
continueValidation.continueValidation(null, state);
}
public override void checkPolicy(Data data, ValidationState state,
ValidationPolicy.ValidationContinuation continueValidation)
{
getInnerPolicy().checkPolicy(data, state, continueValidation);
}
