Yingdi Yu
0a312e5126
Changes include: 1. license boilerplate 2. include guards 3. test suite names 4. return value of main function 5. README.md Change-Id: I14289402475b591d7cdce7390cec5e3c0b6befe5 Refs: #3018
206 lines
6.6 KiB
C++
206 lines
6.6 KiB
C++
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
|
|
/**
|
|
* Copyright (c) 2014-2015, Regents of the University of California.
|
|
*
|
|
* This file is part of ndn-tools (Named Data Networking Essential Tools).
|
|
* See AUTHORS.md for complete list of ndn-tools authors and contributors.
|
|
*
|
|
* ndn-tools is free software: you can redistribute it and/or modify it under the terms
|
|
* of the GNU General Public License as published by the Free Software Foundation,
|
|
* either version 3 of the License, or (at your option) any later version.
|
|
*
|
|
* ndn-tools is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
|
|
* without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
* PURPOSE. See the GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along with
|
|
* ndn-tools, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
* @author Yingdi Yu <yingdi@cs.ucla.edu>
|
|
*/
|
|
|
|
#include "delete-query-processor.hpp"
|
|
#include "encoding/pib-encoding.hpp"
|
|
#include "pib.hpp"
|
|
|
|
#include <boost/lexical_cast.hpp>
|
|
|
|
namespace ndn {
|
|
namespace pib {
|
|
|
|
using std::string;
|
|
|
|
const size_t DeleteQueryProcessor::DELETE_QUERY_LENGTH = 9;
|
|
const Name DeleteQueryProcessor::PIB_PREFIX("/localhost/pib");
|
|
|
|
DeleteQueryProcessor::DeleteQueryProcessor(PibDb& db)
|
|
: m_db(db)
|
|
{
|
|
}
|
|
|
|
std::pair<bool, Block>
|
|
DeleteQueryProcessor::operator()(const Interest& interest)
|
|
{
|
|
const Name& interestName = interest.getName();
|
|
|
|
// handle pib query: /localhost/pib/[UserName]/delete/param/<signed_interest_related_components>
|
|
if (interestName.size() != DELETE_QUERY_LENGTH) {
|
|
// malformed interest, discard
|
|
return std::make_pair(false, Block());
|
|
}
|
|
|
|
try {
|
|
DeleteParam param;
|
|
param.wireDecode(interestName.get(OFFSET_PARAM).blockFromValue());
|
|
|
|
SignatureInfo sigInfo;
|
|
sigInfo.wireDecode(interestName.get(OFFSET_SIG_INFO).blockFromValue());
|
|
|
|
// sigInfo must have KeyLocator.Name if the interest passed validation.
|
|
Name signerName;
|
|
signerName = sigInfo.getKeyLocator().getName();
|
|
|
|
switch (param.getTargetType()) {
|
|
case TYPE_USER:
|
|
return std::make_pair(true, PibError(ERR_WRONG_PARAM, "not allowed to delete user").wireEncode());
|
|
case TYPE_ID:
|
|
return processDeleteIdQuery(param, signerName);
|
|
case TYPE_KEY:
|
|
return processDeleteKeyQuery(param, signerName);
|
|
case TYPE_CERT:
|
|
return processDeleteCertQuery(param, signerName);
|
|
default:
|
|
{
|
|
PibError error(ERR_WRONG_PARAM,
|
|
"target type is not supported: " +
|
|
boost::lexical_cast<string>(param.getTargetType()));
|
|
return std::make_pair(true, error.wireEncode());
|
|
}
|
|
}
|
|
}
|
|
catch (const PibDb::Error& e) {
|
|
PibError error(ERR_INTERNAL_ERROR, e.what());
|
|
return std::make_pair(true, error.wireEncode());
|
|
}
|
|
catch (const tlv::Error& e) {
|
|
PibError error(ERR_WRONG_PARAM, "error in parsing param: " + string(e.what()));
|
|
return std::make_pair(true, error.wireEncode());
|
|
}
|
|
}
|
|
|
|
std::pair<bool, Block>
|
|
DeleteQueryProcessor::processDeleteIdQuery(const DeleteParam& param, const Name& signerName)
|
|
{
|
|
Name identity = param.getTargetName();
|
|
if (!isDeleteAllowed(TYPE_ID, identity, signerName)) {
|
|
PibError error(ERR_WRONG_SIGNER, "signer is not trusted for this command");
|
|
return std::make_pair(true, error.wireEncode());
|
|
}
|
|
|
|
m_db.deleteIdentity(identity);
|
|
|
|
return std::make_pair(true, PibError(ERR_SUCCESS).wireEncode());
|
|
}
|
|
|
|
std::pair<bool, Block>
|
|
DeleteQueryProcessor::processDeleteKeyQuery(const DeleteParam& param, const Name& signerName)
|
|
{
|
|
const Name& keyName = param.getTargetName();
|
|
if (!isDeleteAllowed(TYPE_KEY, keyName, signerName)) {
|
|
PibError error(ERR_WRONG_SIGNER, "signer is not trusted for this command");
|
|
return std::make_pair(true, error.wireEncode());
|
|
}
|
|
|
|
m_db.deleteKey(keyName);
|
|
|
|
return std::make_pair(true, PibError(ERR_SUCCESS).wireEncode());
|
|
}
|
|
|
|
std::pair<bool, Block>
|
|
DeleteQueryProcessor::processDeleteCertQuery(const DeleteParam& param, const Name& signerName)
|
|
{
|
|
const Name& certName = param.getTargetName();
|
|
if (!isDeleteAllowed(TYPE_CERT, certName, signerName)) {
|
|
PibError error(ERR_WRONG_SIGNER, "signer is not trusted for this command");
|
|
return std::make_pair(true, error.wireEncode());
|
|
}
|
|
|
|
m_db.deleteCertificate(certName);
|
|
|
|
return std::make_pair(true, PibError(ERR_SUCCESS).wireEncode());
|
|
}
|
|
|
|
bool
|
|
DeleteQueryProcessor::isDeleteAllowed(const pib::Type targetType,
|
|
const Name& targetName,
|
|
const Name& signer) const
|
|
{
|
|
// sanity checking, user cannot be deleted.
|
|
if (targetType == TYPE_USER)
|
|
return false;
|
|
|
|
// Any identity with prefix /localhost/pib is reserved. Any operation with a targetName under
|
|
// that prefix will be rejected.
|
|
if (PIB_PREFIX.isPrefixOf(targetName))
|
|
return false;
|
|
|
|
// Rules for other items:
|
|
//
|
|
// signer | deleting privilege
|
|
// =========================+===============================================
|
|
// local mgmt key | any id, key, and cert
|
|
// -------------------------+-----------------------------------------------
|
|
// default key of an id | any id, key, and cert under the id's namespace
|
|
// -------------------------+-----------------------------------------------
|
|
// non-default key of an id | any cert of the key
|
|
|
|
const Name& signerKeyName = IdentityCertificate::certificateNameToPublicKeyName(signer);
|
|
const Name& signerId = signerKeyName.getPrefix(-1);
|
|
|
|
bool hasSignerDefaultKey = true;
|
|
Name signerDefaultKeyName;
|
|
try {
|
|
signerDefaultKeyName = m_db.getDefaultKeyNameOfIdentity(signerId);
|
|
}
|
|
catch (PibDb::Error&) {
|
|
hasSignerDefaultKey = false;
|
|
}
|
|
|
|
Name mgmtCertName;
|
|
try {
|
|
mgmtCertName = m_db.getMgmtCertificate()->getName().getPrefix(-1);
|
|
}
|
|
catch (PibDb::Error&) {
|
|
return false;
|
|
}
|
|
|
|
if (signer == mgmtCertName) {
|
|
// signer is current management key, anything is allowed.
|
|
return true;
|
|
}
|
|
else if (hasSignerDefaultKey && signerDefaultKeyName == signerKeyName) {
|
|
// signer is an identity's default key
|
|
if (!signerId.isPrefixOf(targetName))
|
|
return false;
|
|
else
|
|
return true;
|
|
}
|
|
else {
|
|
// non-default key
|
|
if (targetType == TYPE_CERT) {
|
|
// check if it is for the key's cert
|
|
if (IdentityCertificate::certificateNameToPublicKeyName(targetName) == signerKeyName)
|
|
return true;
|
|
}
|
|
else if (targetType == TYPE_KEY) {
|
|
// check if it is for the key itself
|
|
if (targetName == signerKeyName)
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
}
|
|
|
|
} // namespace pib
|
|
} // namespace ndn
|