aboutsummaryrefslogtreecommitdiffstats
path: root/libtransport/src/hicn/transport/protocols/verification_manager.h
diff options
context:
space:
mode:
Diffstat (limited to 'libtransport/src/hicn/transport/protocols/verification_manager.h')
-rw-r--r--libtransport/src/hicn/transport/protocols/verification_manager.h72
1 files changed, 72 insertions, 0 deletions
diff --git a/libtransport/src/hicn/transport/protocols/verification_manager.h b/libtransport/src/hicn/transport/protocols/verification_manager.h
new file mode 100644
index 000000000..da67e86f8
--- /dev/null
+++ b/libtransport/src/hicn/transport/protocols/verification_manager.h
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2017-2019 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <hicn/transport/interfaces/socket_consumer.h>
+
+#include <deque>
+
+namespace transport {
+
+namespace protocol {
+
+class VerificationManager {
+ public:
+ virtual ~VerificationManager() = default;
+ virtual bool onPacketToVerify(const Packet& packet) = 0;
+};
+
+class SignatureVerificationManager : public VerificationManager {
+ public:
+ SignatureVerificationManager(interface::ConsumerSocket* icn_socket)
+ : icn_socket_(icn_socket) {}
+
+ TRANSPORT_ALWAYS_INLINE bool onPacketToVerify(const Packet& packet) override {
+ using namespace interface;
+
+ bool verify_signature, ret = false;
+ icn_socket_->getSocketOption(GeneralTransportOptions::VERIFY_SIGNATURE,
+ verify_signature);
+
+ if (!verify_signature) {
+ return true;
+ }
+
+ std::shared_ptr<utils::Verifier> verifier;
+ icn_socket_->getSocketOption(GeneralTransportOptions::VERIFIER, verifier);
+
+ if (TRANSPORT_EXPECT_FALSE(!verifier)) {
+ throw errors::RuntimeException(
+ "No certificate provided by the application.");
+ }
+
+ ret = verifier->verify(packet);
+
+ if (!ret) {
+ throw errors::RuntimeException(
+ "Verification failure policy has to be implemented.");
+ }
+
+ return ret;
+ }
+
+ private:
+ interface::ConsumerSocket* icn_socket_;
+};
+
+} // end namespace protocol
+
+} // end namespace transport