private void checkPolicyHelper(Name keyName, ValidationState state, ValidationPolicy.ValidationContinuation continueValidation) { PibIdentity identity; try { identity = pib_.getIdentity(net.named_data.jndn.security.pib.PibKey .extractIdentityFromKeyName(keyName)); } catch (Exception ex) { state.fail(new ValidationError( net.named_data.jndn.security.v2.ValidationError.CANNOT_RETRIEVE_CERTIFICATE, "Cannot get the PIB identity for key " + keyName.toUri() + ": " + ex)); return; } PibKey key; try { key = identity.getKey(keyName); } catch (Exception ex_0) { state.fail(new ValidationError( net.named_data.jndn.security.v2.ValidationError.CANNOT_RETRIEVE_CERTIFICATE, "Cannot get the PIB key " + keyName.toUri() + ": " + ex_0)); return; } CertificateV2 certificate; try { certificate = key.getDefaultCertificate(); } catch (Exception ex_1) { state.fail(new ValidationError( net.named_data.jndn.security.v2.ValidationError.CANNOT_RETRIEVE_CERTIFICATE, "Cannot get the default certificate for key " + keyName.toUri() + ": " + ex_1)); return; } // Add the certificate as the temporary trust anchor. validator_.resetAnchors(); try { validator_.loadAnchor("", certificate); } catch (Exception ex_2) { // We don't expect this since we just retrieved the certificate. state.fail(new ValidationError( net.named_data.jndn.security.v2.ValidationError.CANNOT_RETRIEVE_CERTIFICATE, "Cannot load the trust anchor for key " + keyName.toUri() + ": " + ex_2)); return; } continueValidation.continueValidation(new CertificateRequest( new Interest(keyName)), state); // Clear the temporary trust anchor. validator_.resetAnchors(); }
public override void checkPolicy(Interest interest, ValidationState state, ValidationPolicy.ValidationContinuation continueValidation) { Name keyName = net.named_data.jndn.security.v2.ValidationPolicy.getKeyLocatorName(interest, state); if (state.isOutcomeFailed()) { // Already called state.fail() . return; } checkPolicyHelper(keyName, state, continueValidation); }
public override void checkPolicy(Interest interest, ValidationState state, ValidationPolicy.ValidationContinuation continueValidation) { if (hasInnerPolicy()) { throw new ValidatorConfigError( "ValidationPolicyConfig must be a terminal inner policy"); } if (shouldBypass_) { continueValidation.continueValidation(null, state); return; } Name keyLocatorName = net.named_data.jndn.security.v2.ValidationPolicy.getKeyLocatorName(interest, state); if (state.isOutcomeFailed()) { // Already called state.fail() . return; } for (int i = 0; i < interestRules_.Count; ++i) { ConfigRule rule = interestRules_[i]; if (rule.match(true, interest.getName())) { if (rule.check(true, interest.getName(), keyLocatorName, state)) { continueValidation .continueValidation(new CertificateRequest( new Interest(keyLocatorName)), state); return; } else { // rule.check failed and already called state.fail() . return; } } } state.fail(new ValidationError(net.named_data.jndn.security.v2.ValidationError.POLICY_ERROR, "No rule matched for interest `" + interest.getName().toUri() + "`")); }
public override void checkPolicy(Interest interest, ValidationState state, ValidationPolicy.ValidationContinuation continueValidation) { Name[] keyName_0 = new Name[1]; double[] timestamp_1 = new double[1]; if (!parseCommandInterest(interest, state, keyName_0, timestamp_1)) { return; } if (!checkTimestamp(state, keyName_0[0], timestamp_1[0])) { return; } getInnerPolicy().checkPolicy(interest, state, continueValidation); }
public override void checkPolicy(Interest interest, ValidationState state, ValidationPolicy.ValidationContinuation continueValidation) { Name keyLocatorName = net.named_data.jndn.security.v2.ValidationPolicy.getKeyLocatorName(interest, state); if (state.isOutcomeFailed()) { // Already called state.fail().) return; } if (keyLocatorName.getPrefix(-2).isPrefixOf(interest.getName())) { continueValidation.continueValidation(new CertificateRequest( new Interest(keyLocatorName)), state); } else { state.fail(new ValidationError(net.named_data.jndn.security.v2.ValidationError.INVALID_KEY_LOCATOR, "Interest signing policy violation for " + interest.getName().toUri() + " by " + keyLocatorName.toUri())); } }
/// <summary> /// Check the certificate against the policy. /// This base class implementation just calls checkPolicy(Data, ...). Your /// derived class may override. /// Depending on implementation of the policy, this check can be done /// synchronously or asynchronously. /// See the checkPolicy(Data) documentation for the semantics. /// </summary> /// /// <param name="certificate">The certificate to check.</param> /// <param name="state">The ValidationState of this validation.</param> /// <param name="continueValidation"></param> public void checkCertificatePolicy(CertificateV2 certificate, ValidationState state, ValidationPolicy.ValidationContinuation continueValidation) { checkPolicy(certificate, state, continueValidation); }
/// <summary> /// Check the Interest against the policy. /// Your derived class must implement this. /// Depending on implementation of the policy, this check can be done /// synchronously or asynchronously. /// See the checkPolicy(Data) documentation for the semantics. /// </summary> /// /// <param name="interest">The Interest packet to check.</param> /// <param name="state">The ValidationState of this validation.</param> /// <param name="continueValidation"></param> public abstract void checkPolicy(Interest interest, ValidationState state, ValidationPolicy.ValidationContinuation continueValidation);
/// <summary> /// Check the Data packet against the policy. /// Your derived class must implement this. /// Depending on the implementation of the policy, this check can be done /// synchronously or asynchronously. /// The semantics of checkPolicy are as follows: /// If the packet violates the policy, then the policy should call /// state.fail() with an appropriate error code and error description. /// If the packet conforms to the policy and no further key retrievals are /// necessary, then the policy should call /// continueValidation.continueValidation(null, state). /// If the packet conforms to the policy and a key needs to be fetched, then /// the policy should call /// continueValidation.continueValidation({appropriate-key-request-instance}, state). /// </summary> /// /// <param name="data">The Data packet to check.</param> /// <param name="state">The ValidationState of this validation.</param> /// <param name="continueValidation"></param> public abstract void checkPolicy(Data data, ValidationState state, ValidationPolicy.ValidationContinuation continueValidation);
public override void checkPolicy(Interest interest, ValidationState state, ValidationPolicy.ValidationContinuation continueValidation) { continueValidation.continueValidation(null, state); }
public override void checkPolicy(Data data, ValidationState state, ValidationPolicy.ValidationContinuation continueValidation) { getInnerPolicy().checkPolicy(data, state, continueValidation); }