UNPKG

ndn-js

Version:

A JavaScript client library for Named Data Networking

github.com/named-data/ndn-js

named-data/ndn-js

326 lines (308 loc) 11.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
/** * Copyright (C) 2014-2019 Regents of the University of California. * @author: Jeff Thompson <jefft0@remap.ucla.edu> * From ndn-cxx security by Yingdi Yu <yingdi@cs.ucla.edu>. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * A copy of the GNU Lesser General Public License is in the file COPYING. */ /** @ignore */ var Name = require('../../name.js').Name; /** @ignore */ var Interest = require('../../interest.js').Interest; /** @ignore */ var Data = require('../../data.js').Data; /** @ignore */ var Blob = require('../../util/blob.js').Blob; /** @ignore */ var IdentityCertificate = require('../certificate/identity-certificate.js').IdentityCertificate; /** @ignore */ var KeyLocator = require('../../key-locator.js').KeyLocator; /** @ignore */ var KeyLocatorType = require('../../key-locator.js').KeyLocatorType; /** @ignore */ var SecurityException = require('../security-exception.js').SecurityException; /** @ignore */ var WireFormat = require('../../encoding/wire-format.js').WireFormat; /** @ignore */ var SyncPromise = require('../../util/sync-promise.js').SyncPromise; /** @ignore */ var PolicyManager = require('./policy-manager.js').PolicyManager; /** @ignore */ var IdentityStorage = require('../identity/identity-storage.js').IdentityStorage; /** @ignore */ var NdnCommon = require('../../util/ndn-common.js').NdnCommon; /** * A SelfVerifyPolicyManager implements a PolicyManager to look up the public * key in the given storage. If the public key can't be found, the verification * fails. * * @param {IdentityStorage|PibImpl} storage (optional) The IdentityStorage or * PibImpl for looking up the public key. This object must remain valid during * the life of this SelfVerifyPolicyManager. If omitted, then don't look for a * public key with the name in the KeyLocator and rely on the KeyLocator having * the full public key DER. * @constructor */ var SelfVerifyPolicyManager = function SelfVerifyPolicyManager(storage) { // Call the base constructor. PolicyManager.call(this); if (storage instanceof IdentityStorage) { this.identityStorage_ = storage; this.pibImpl_ = null; } else { this.identityStorage_ = null; this.pibImpl_ = storage; } }; SelfVerifyPolicyManager.prototype = new PolicyManager(); SelfVerifyPolicyManager.prototype.name = "SelfVerifyPolicyManager"; exports.SelfVerifyPolicyManager = SelfVerifyPolicyManager; /** * Never skip verification. * * @param {Data|Interest} dataOrInterest The received data packet or interest. * @return {boolean} False. */ SelfVerifyPolicyManager.prototype.skipVerifyAndTrust = function(dataOrInterest) { return false; }; /** * Always return true to use the self-verification rule for the received data. * * @param {Data|Interest} dataOrInterest The received data packet or interest. * @return {boolean} True. */ SelfVerifyPolicyManager.prototype.requireVerify = function(dataOrInterest) { return true; }; /** * Look in the storage for the public key with the name in the KeyLocator (if * available) and use it to verify the data packet. If the public key can't be * found, call onValidationFailed. * * @param {Data|Interest} dataOrInterest The Data object or interest with the * signature to check. * @param {number} stepCount The number of verification steps that have been * done, used to track the verification progress. * @param {function} onVerified If the signature is verified, this calls * onVerified(dataOrInterest). * NOTE: The library will log any exceptions thrown by this callback, but for * better error handling the callback should catch and properly handle any * exceptions. * @param {function} onValidationFailed If the signature check fails, this calls * onValidationFailed(dataOrInterest, reason). * NOTE: The library will log any exceptions thrown by this callback, but for * better error handling the callback should catch and properly handle any * exceptions. * @param {WireFormat} wireFormat * @return {ValidationRequest} null for no further step for looking up a * certificate chain. */ SelfVerifyPolicyManager.prototype.checkVerificationPolicy = function (dataOrInterest, stepCount, onVerified, onValidationFailed, wireFormat) { wireFormat = (wireFormat || WireFormat.getDefaultWireFormat()); if (dataOrInterest instanceof Data) { var data = dataOrInterest; // wireEncode returns the cached encoding if available. this.verify(data.getSignature(), data.wireEncode(), function(verified, reason) { if (verified) { try { onVerified(data); } catch (ex) { console.log("Error in onVerified: " + NdnCommon.getErrorWithStackTrace(ex)); } } else { try { onValidationFailed(data, reason); } catch (ex) { console.log("Error in onValidationFailed: " + NdnCommon.getErrorWithStackTrace(ex)); } } }); } else if (dataOrInterest instanceof Interest) { var interest = dataOrInterest; if (interest.getName().size() < 2) { try { onValidationFailed (interest, "The signed interest has less than 2 components: " + interest.getName().toUri()); } catch (ex) { console.log("Error in onValidationFailed: " + NdnCommon.getErrorWithStackTrace(ex)); } return; } // Decode the last two name components of the signed interest var signature; try { signature = wireFormat.decodeSignatureInfoAndValue (interest.getName().get(-2).getValue().buf(), interest.getName().get(-1).getValue().buf(), false); } catch (ex) { try { onValidationFailed (interest, "Error decoding the signed interest signature: " + ex); } catch (ex) { console.log("Error in onValidationFailed: " + NdnCommon.getErrorWithStackTrace(ex)); } return; } // wireEncode returns the cached encoding if available. this.verify(signature, interest.wireEncode(), function(verified, reason) { if (verified) { try { onVerified(interest); } catch (ex) { console.log("Error in onVerified: " + NdnCommon.getErrorWithStackTrace(ex)); } } else { try { onValidationFailed(interest, reason); } catch (ex) { console.log("Error in onValidationFailed: " + NdnCommon.getErrorWithStackTrace(ex)); } } }); } else throw new SecurityException(new Error ("checkVerificationPolicy: unrecognized type for dataOrInterest")); // No more steps, so return null. return null; }; /** * Override to always indicate that the signing certificate name and data name * satisfy the signing policy. * * @param {Name} dataName The name of data to be signed. * @param {Name} certificateName The name of signing certificate. * @return {boolean} True to indicate that the signing certificate can be used * to sign the data. */ SelfVerifyPolicyManager.prototype.checkSigningPolicy = function (dataName, certificateName) { return true; }; /** * Override to indicate that the signing identity cannot be inferred. * * @param {Name} dataName The name of data to be signed. * @return {Name} An empty name because cannot infer. */ SelfVerifyPolicyManager.prototype.inferSigningIdentity = function(dataName) { return new Name(); }; /** * Check the type of signatureInfo to get the KeyLocator. Look in the storage * for the public key with the name in the KeyLocator (if available) and use it * to verify the signedBlob. If the public key can't be found, return false. * (This is a generalized method which can verify both a Data packet and an * Interest.) * @param {Signature} signatureInfo An object of a subclass of Signature, e.g. * Sha256WithRsaSignature. * @param {SignedBlob} signedBlob the SignedBlob with the signed portion to * verify. * @param {function} onComplete This calls onComplete(true, undefined) if the * signature verifies, otherwise onComplete(false, reason). */ SelfVerifyPolicyManager.prototype.verify = function (signatureInfo, signedBlob, onComplete) { if (KeyLocator.canGetFromSignature(signatureInfo)) { this.getPublicKeyDer (KeyLocator.getFromSignature(signatureInfo), function(publicKeyDer, reason) { if (publicKeyDer.isNull()) onComplete(false, reason); else { try { PolicyManager.verifySignature (signatureInfo, signedBlob, publicKeyDer, function(verified) { if (verified) onComplete(true); else onComplete (false, "The signature did not verify with the given public key"); }); } catch (ex) { onComplete(false, "Error in verifySignature: " + ex); } } }); } else { try { // Assume that the signature type does not require a public key. PolicyManager.verifySignature (signatureInfo, signedBlob, null, function(verified) { if (verified) onComplete(true); else onComplete (false, "The signature did not verify with the given public key"); }); } catch (ex) { onComplete(false, "Error in verifySignature: " + ex); } } }; /** * Look in the storage for the public key with the name in the KeyLocator (if * available). If the public key can't be found, return and empty Blob. * @param {KeyLocator} keyLocator The KeyLocator. * @param {function} onComplete This calls * onComplete(publicKeyDer, reason) where publicKeyDer is the public key * DER Blob or an isNull Blob if not found and reason is the reason * string if not found. */ SelfVerifyPolicyManager.prototype.getPublicKeyDer = function (keyLocator, onComplete) { if (keyLocator.getType() == KeyLocatorType.KEYNAME && this.identityStorage_ != null) { var keyName; try { // Assume the key name is a certificate name. keyName = IdentityCertificate.certificateNameToPublicKeyName (keyLocator.getKeyName()); } catch (ex) { onComplete (new Blob(), "Cannot get a public key name from the certificate named: " + keyLocator.getKeyName().toUri()); return; } SyncPromise.complete (onComplete, function(err) { // The storage doesn't have the key. onComplete (new Blob(), "The identityStorage doesn't have the key named " + keyName.toUri()); }, this.identityStorage_.getKeyPromise(keyName, !onComplete)); } else if (keyLocator.getType() == KeyLocatorType.KEYNAME && this.pibImpl_ != null) { SyncPromise.complete (onComplete, function(err) { // The storage doesn't have the key. onComplete (new Blob(), "The identityStorage doesn't have the key named " + keyName.toUri()); }, this.pibImpl_.getKeyBitsPromise(keyLocator.getKeyName(), !onComplete)); } else // Can't find a key to verify. onComplete(new Blob(), "The signature KeyLocator doesn't have a key name"); };