def _registerPrefixHelper(self, registeredPrefixId, prefix, onInterest,
onRegisterFailed, flags, wireFormat):
"""
Do the work of registerPrefix to register with NDNx once we have an
ndndId_.
:param int registeredPrefixId: The
_RegisteredPrefix.getNextRegisteredPrefixId() which registerPrefix got
so it could return it to the caller. If this is 0, then don't add to
registeredPrefixTable_ (assuming it has already been done).
"""
# Create a ForwardingEntry.
# Note: ndnd ignores any freshness that is larger than 3600 seconds and
# sets 300 seconds instead. To register "forever", (=2000000000 sec),
# the freshness period must be omitted.
forwardingEntry = ForwardingEntry()
forwardingEntry.setAction("selfreg")
forwardingEntry.setPrefix(prefix)
forwardingEntry.setForwardingFlags(flags)
content = forwardingEntry.wireEncode(wireFormat)
# Set the ForwardingEntry as the content of a Data packet and sign.
data = Data()
data.setContent(content)
# Set the name to a random value so that each request is unique.
nonce = bytearray(4)
for i in range(len(nonce)):
nonce[i] = _systemRandom.randint(0, 0xff)
data.getName().append(nonce)
# The ndnd ignores the signature, so set to blank values.
data.getSignature().getKeyLocator().setType(
KeyLocatorType.KEY_LOCATOR_DIGEST)
data.getSignature().getKeyLocator().setKeyData(
Blob(bytearray(32), False))
data.getSignature().setSignature(Blob(bytearray(128), False))
encodedData = data.wireEncode(wireFormat)
# Create an interest where the name has the encoded Data packet.
interestName = Name().append("ndnx").append(
self._ndndId).append("selfreg").append(encodedData)
interest = Interest(interestName)
interest.setInterestLifetimeMilliseconds(4000.0)
interest.setScope(1)
encodedInterest = interest.wireEncode(wireFormat)
if registeredPrefixId != 0:
# Save the onInterest callback and send the registration interest.
self._registeredPrefixTable.append(
Node._RegisteredPrefix(registeredPrefixId, prefix, onInterest))
response = Node._RegisterResponse(self, prefix, onInterest,
onRegisterFailed, flags, wireFormat,
False)
self.expressInterest(interest, response.onData, response.onTimeout,
wireFormat)
def _registerPrefixHelper(
self, registeredPrefixId, prefix, onInterest, onRegisterFailed, flags,
wireFormat):
"""
Do the work of registerPrefix to register with NDNx once we have an
_ndndId.
:param int registeredPrefixId: The
_RegisteredPrefix.getNextRegisteredPrefixId() which registerPrefix got
so it could return it to the caller. If this is 0, then don't add to
_registeredPrefixTable (assuming it has already been done).
"""
# Create a ForwardingEntry.
# Note: ndnd ignores any freshness that is larger than 3600 seconds and
# sets 300 seconds instead. To register "forever", (=2000000000 sec),
# the freshness period must be omitted.
forwardingEntry = ForwardingEntry()
forwardingEntry.setAction("selfreg")
forwardingEntry.setPrefix(prefix)
forwardingEntry.setForwardingFlags(flags)
content = forwardingEntry.wireEncode(wireFormat)
# Set the ForwardingEntry as the content of a Data packet and sign.
data = Data()
data.setContent(content)
# Set the name to a random value so that each request is unique.
nonce = bytearray(4)
for i in range(len(nonce)):
nonce[i] = _systemRandom.randint(0, 0xff)
data.getName().append(nonce)
# The ndnd ignores the signature, so set to blank values.
data.getSignature().getKeyLocator().setType(
KeyLocatorType.KEY_LOCATOR_DIGEST)
data.getSignature().getKeyLocator().setKeyData(
Blob(bytearray(32), False))
data.getSignature().setSignature(Blob(bytearray(128), False))
encodedData = data.wireEncode(wireFormat)
# Create an interest where the name has the encoded Data packet.
interestName = Name().append("ndnx").append(self._ndndId).append(
"selfreg").append(encodedData)
interest = Interest(interestName)
interest.setInterestLifetimeMilliseconds(4000.0)
interest.setScope(1)
encodedInterest = interest.wireEncode(wireFormat)
if registeredPrefixId != 0:
# Save the onInterest callback and send the registration interest.
self._registeredPrefixTable.append(Node._RegisteredPrefix(
registeredPrefixId, prefix, onInterest))
response = Node._RegisterResponse(
self, prefix, onInterest, onRegisterFailed, flags, wireFormat, False)
self.expressInterest(
interest, response.onData, response.onTimeout, wireFormat)
def _broadcastSyncState(self, digest, syncMessage):
"""
Make a data packet with the syncMessage and with name
applicationBroadcastPrefix_ + digest. Sign and send.
:param str digest: The root digest as a hex string for the data packet
name.
:param sync_state_pb2.SyncState syncMessage:
"""
data = Data(self._applicationBroadcastPrefix)
data.getName().append(digest)
# TODO: Check if this works in Python 3.
data.setContent(Blob(syncMessage.SerializeToString()))
self._keyChain.sign(data, self._certificateName)
self._contentCache.add(data)
def _broadcastSyncState(self, digest, syncMessage):
"""
Make a data packet with the syncMessage and with name
applicationBroadcastPrefix_ + digest. Sign and send.
:param str digest: The root digest as a hex string for the data packet
name.
:param sync_state_pb2.SyncState syncMessage:
"""
data = Data(self._applicationBroadcastPrefix)
data.getName().append(digest)
# TODO: Check if this works in Python 3.
data.setContent(Blob(syncMessage.SerializeToString()))
self._keyChain.sign(data, self._certificateName)
self._contentCache.add(data)
def onReceivedElement(self, element):
"""
This is called by the transport's ElementReader to process an
entire received Data or Interest element.
:param element: The bytes of the incoming element.
:type element: An array type with int elements
"""
# First, decode as Interest or Data.
interest = None
data = None
decoder = TlvDecoder(element)
if decoder.peekType(Tlv.Interest, len(element)):
interest = Interest()
interest.wireDecode(element, TlvWireFormat.get())
elif decoder.peekType(Tlv.Data, len(element)):
data = Data()
data.wireDecode(element, TlvWireFormat.get())
# Now process as Interest or Data.
if interest != None:
# Call all interest filter callbacks which match.
for i in range(len(self._interestFilterTable)):
entry = self._interestFilterTable[i]
if entry.getFilter().doesMatch(interest.getName()):
includeFilter = True
# Use getcallargs to test if onInterest accepts 5 args.
try:
inspect.getcallargs(entry.getOnInterest(),
None, None, None, None, None)
except TypeError:
# Assume onInterest is old-style with 4 arguments.
includeFilter = False
if includeFilter:
try:
entry.getOnInterest()(
entry.getFilter().getPrefix(), interest,
entry.getFace(), entry.getInterestFilterId(),
entry.getFilter())
except:
logging.exception("Error in onInterest")
else:
# Old-style onInterest without the filter argument. We
# still pass a Face instead of Transport since Face also
# has a send method.
try:
entry.getOnInterest()(
entry.getFilter().getPrefix(), interest,
entry.getFace(), entry.getInterestFilterId())
except:
logging.exception("Error in onInterest")
elif data != None:
pendingInterests = self._extractEntriesForExpressedInterest(
data.getName())
for pendingInterest in pendingInterests:
try:
pendingInterest.getOnData()(pendingInterest.getInterest(), data)
except:
logging.exception("Error in onData")
def _makeAndPublishCkData(self, onError):
"""
Make a CK Data packet for _ckName encrypted by the KEK in _kekData and
insert it in the _storage.
:param onError: On failure, this calls onError(errorCode, message) where
errorCode is from EncryptError.ErrorCode, and message is an error
string.
:type onError: function object
:return: True on success, else False.
:rtype: bool
"""
try:
kek = PublicKey(self._kekData.getContent())
content = EncryptedContent()
content.setPayload(
kek.encrypt(Blob(self._ckBits, False),
EncryptAlgorithmType.RsaOaep))
ckData = Data(
Name(self._ckName).append(
EncryptorV2.NAME_COMPONENT_ENCRYPTED_BY).append(
self._kekData.getName()))
ckData.setContent(content.wireEncodeV2())
# FreshnessPeriod can serve as a soft access control for revoking access.
ckData.getMetaInfo().setFreshnessPeriod(
EncryptorV2.DEFAULT_CK_FRESHNESS_PERIOD_MS)
self._keyChain.sign(ckData, self._ckDataSigningInfo)
self._storage.insert(ckData)
logging.getLogger(__name__).info("Publishing CK data: " +
ckData.getName().toUri())
return True
except Exception as ex:
onError(
EncryptError.ErrorCode.EncryptionFailure,
"Failed to encrypt generated CK with KEK " +
self._kekData.getName().toUri())
return False
def onReceivedElement(self, element):
"""
This is called by the transport's ElementReader to process an
entire received Data or Interest element.
:param element: The bytes of the incoming element.
:type element: An array type with int elements
"""
# The type codes for TLV Interest and Data packets are chosen to not
# conflict with the first byte of a binary XML packet, so we canjust
# look at the first byte.
if not (element[0] == Tlv.Interest or element[0] == Tlv.Data):
# Ignore non-TLV elements.
return
# First, decode as Interest or Data.
interest = None
data = None
decoder = TlvDecoder(element)
if decoder.peekType(Tlv.Interest, len(element)):
interest = Interest()
interest.wireDecode(element, TlvWireFormat.get())
elif decoder.peekType(Tlv.Data, len(element)):
data = Data()
data.wireDecode(element, TlvWireFormat.get())
# Now process as Interest or Data.
if interest != None:
entry = self._getEntryForRegisteredPrefix(interest.getName())
if entry != None:
entry.getOnInterest()(entry.getPrefix(), interest,
self._transport,
entry.getRegisteredPrefixId())
elif data != None:
pendingInterests = self._extractEntriesForExpressedInterest(
data.getName())
for pendingInterest in pendingInterests:
pendingInterest.getOnData()(pendingInterest.getInterest(),
data)
def onReceivedElement(self, element):
"""
This is called by the transport's ElementReader to process an
entire received Data or Interest element.
:param element: The bytes of the incoming element.
:type element: An array type with int elements
"""
# The type codes for TLV Interest and Data packets are chosen to not
# conflict with the first byte of a binary XML packet, so we canjust
# look at the first byte.
if not (element[0] == Tlv.Interest or element[0] == Tlv.Data):
# Ignore non-TLV elements.
return
# First, decode as Interest or Data.
interest = None
data = None
decoder = TlvDecoder(element)
if decoder.peekType(Tlv.Interest, len(element)):
interest = Interest()
interest.wireDecode(element, TlvWireFormat.get())
elif decoder.peekType(Tlv.Data, len(element)):
data = Data()
data.wireDecode(element, TlvWireFormat.get())
# Now process as Interest or Data.
if interest != None:
entry = self._getEntryForRegisteredPrefix(interest.getName())
if entry != None:
entry.getOnInterest()(
entry.getPrefix(), interest, self._transport,
entry.getRegisteredPrefixId())
elif data != None:
pendingInterests = self._extractEntriesForExpressedInterest(
data.getName())
for pendingInterest in pendingInterests:
pendingInterest.getOnData()(pendingInterest.getInterest(), data)
def _makeAndPublishCkData(self, onError):
"""
Make a CK Data packet for _ckName encrypted by the KEK in _kekData and
insert it in the _storage.
:param onError: On failure, this calls onError(errorCode, message) where
errorCode is from EncryptError.ErrorCode, and message is an error
string.
:type onError: function object
:return: True on success, else False.
:rtype: bool
"""
try:
kek = PublicKey(self._kekData.getContent())
content = EncryptedContent()
content.setPayload(kek.encrypt
(Blob(self._ckBits, False), EncryptAlgorithmType.RsaOaep))
ckData = Data(
Name(self._ckName).append(EncryptorV2.NAME_COMPONENT_ENCRYPTED_BY)
.append(self._kekData.getName()))
ckData.setContent(content.wireEncodeV2())
# FreshnessPeriod can serve as a soft access control for revoking access.
ckData.getMetaInfo().setFreshnessPeriod(
EncryptorV2.DEFAULT_CK_FRESHNESS_PERIOD_MS)
self._keyChain.sign(ckData, self._ckDataSigningInfo)
self._storage.insert(ckData)
logging.getLogger(__name__).info("Publishing CK data: " +
ckData.getName().toUri())
return True
except Exception as ex:
onError(EncryptError.ErrorCode.EncryptionFailure,
"Failed to encrypt generated CK with KEK " +
self._kekData.getName().toUri())
return False
class DataValidationState(ValidationState):
"""
Create a DataValidationState for the Data packet. The caller must ensure
that the state instance is valid until the validation finishes (i.e., until
validateCertificateChain() and validateOriginalPacket() have been called).
:param Data data: The Date packet being validated, which is copied.
:param successCallback: This calls successCallback(data) to report a
successful Data validation.
:type successCallback: function object
:param failureCallback: This calls failureCallback(data, error) to report a
failed Data validation, where error is a ValidationError.
:type failureCallback: function object
"""
def __init__(self, data, successCallback, failureCallback):
super(DataValidationState, self).__init__()
# Make a copy.
self._data = Data(data)
self._successCallback = successCallback
self._failureCallback = failureCallback
if self._successCallback == None:
raise ValueError("The successCallback is None")
if self._failureCallback == None:
raise ValueError("The failureCallback is None")
def fail(self, error):
"""
Call the failure callback.
:param ValidationError error:
"""
logging.getLogger(__name__).info("" + str(error))
try:
self._failureCallback(self._data, error)
except:
logging.exception("Error in failureCallback")
self.setOutcome(False)
def getOriginalData(self):
"""
Get the original Data packet being validated which was given to the
constructor.
:return: The original Data packet.
:rtype: Data
"""
return self._data
def _verifyOriginalPacket(self, trustedCertificate):
"""
Verify the signature of the original packet. This is only called by the
Validator class.
:param CertificateV2 trustedCertificate: The certificate that signs the
original packet.
"""
if VerificationHelpers.verifyDataSignature(self._data, trustedCertificate):
logging.getLogger(__name__).info("OK signature for data `" +
self._data.getName().toUri() + "`")
try:
self._successCallback(self._data)
except:
logging.exception("Error in successCallback")
self.setOutcome(True)
else:
self.fail(ValidationError(ValidationError.INVALID_SIGNATURE,
"Invalid signature of data `" + self._data.getName().toUri() + "`"))
def _bypassValidation(self):
"""
Call the success callback of the original packet without signature
validation. This is only called by the Validator class.
"""
logging.getLogger(__name__).info("Signature verification bypassed for data `" +
self._data.getName().toUri() + "`")
try:
self._successCallback(self._data)
except:
logging.exception("Error in successCallback")
self.setOutcome(True)
def _registerPrefixHelper(
self, registeredPrefixId, prefix, onInterest, onRegisterFailed, flags,
wireFormat, face):
"""
Do the work of registerPrefix to register with NDNx once we have an
_ndndId.
:param int registeredPrefixId: The getNextEntryId() which registerPrefix
got so it could return it to the caller. If this is 0, then don't add
to _registeredPrefixTable (assuming it has already been done).
"""
if not WireFormat.ENABLE_NDNX:
# We can get here if the command signing info is set, but running NDNx.
raise RuntimeError(
"registerPrefix with NDNx is deprecated. To enable while you upgrade your code to use NFD, set WireFormat.ENABLE_NDNX = True")
# Create a ForwardingEntry.
# Note: ndnd ignores any freshness that is larger than 3600 seconds and
# sets 300 seconds instead. To register "forever", (=2000000000 sec),
# the freshness period must be omitted.
forwardingEntry = ForwardingEntry()
forwardingEntry.setAction("selfreg")
forwardingEntry.setPrefix(prefix)
forwardingEntry.setForwardingFlags(flags)
content = forwardingEntry.wireEncode(wireFormat)
# Set the ForwardingEntry as the content of a Data packet and sign.
data = Data()
data.setContent(content)
# Set the name to a random value so that each request is unique.
nonce = bytearray(4)
for i in range(len(nonce)):
nonce[i] = _systemRandom.randint(0, 0xff)
data.getName().append(nonce)
# The ndnd ignores the signature, so set to blank values.
data.getSignature().getKeyLocator().setType(
KeyLocatorType.KEY_LOCATOR_DIGEST)
data.getSignature().getKeyLocator().setKeyData(
Blob(bytearray(32), False))
data.getSignature().setSignature(Blob(bytearray(128), False))
encodedData = data.wireEncode(wireFormat)
# Create an interest where the name has the encoded Data packet.
interestName = Name().append("ndnx").append(self._ndndId).append(
"selfreg").append(encodedData)
interest = Interest(interestName)
interest.setInterestLifetimeMilliseconds(4000.0)
interest.setScope(1)
if registeredPrefixId != 0:
interestFilterId = 0
if onInterest != None:
# registerPrefix was called with the "combined" form that includes
# the callback, so add an InterestFilterEntry.
interestFilterId = self.getNextEntryId()
self.setInterestFilter(
interestFilterId, InterestFilter(prefix), onInterest, face)
self._registeredPrefixTable.append(Node._RegisteredPrefix(
registeredPrefixId, prefix, interestFilterId))
# Send the registration interest.
response = Node._RegisterResponse(
self, prefix, onInterest, onRegisterFailed, flags, wireFormat, False,
face)
self.expressInterest(
self.getNextEntryId(), interest, response.onData, response.onTimeout,
wireFormat, face)
def onReceivedElement(self, element):
"""
This is called by the transport's ElementReader to process an
entire received Data or Interest element.
:param element: The bytes of the incoming element.
:type element: An array type with int elements
"""
# The type codes for TLV Interest and Data packets are chosen to not
# conflict with the first byte of a binary XML packet, so we canjust
# look at the first byte.
if not (element[0] == Tlv.Interest or element[0] == Tlv.Data):
# Ignore non-TLV elements.
# Assume it is Binary XML.
if not WireFormat.ENABLE_NDNX:
raise RuntimeError(
"BinaryXmlWireFormat (NDNx) is deprecated. To enable while you upgrade your network to use NDN-TLV, set WireFormat.ENABLE_NDNX = True")
return
# First, decode as Interest or Data.
interest = None
data = None
decoder = TlvDecoder(element)
if decoder.peekType(Tlv.Interest, len(element)):
interest = Interest()
interest.wireDecode(element, TlvWireFormat.get())
elif decoder.peekType(Tlv.Data, len(element)):
data = Data()
data.wireDecode(element, TlvWireFormat.get())
# Now process as Interest or Data.
if interest != None:
# Call all interest filter callbacks which match.
for i in range(len(self._interestFilterTable)):
entry = self._interestFilterTable[i]
if entry.getFilter().doesMatch(interest.getName()):
includeFilter = True
# Use getcallargs to test if onInterest accepts 5 args.
try:
inspect.getcallargs(entry.getOnInterest(),
None, None, None, None, None)
except TypeError:
# Assume onInterest is old-style with 4 arguments.
includeFilter = False
if includeFilter:
entry.getOnInterest()(
entry.getFilter().getPrefix(), interest,
entry.getFace(), entry.getInterestFilterId(),
entry.getFilter())
else:
# Old-style onInterest without the filter argument. We
# still pass a Face instead of Transport since Face also
# has a send method.
entry.getOnInterest()(
entry.getFilter().getPrefix(), interest,
entry.getFace(), entry.getInterestFilterId())
elif data != None:
pendingInterests = self._extractEntriesForExpressedInterest(
data.getName())
for pendingInterest in pendingInterests:
pendingInterest.getOnData()(pendingInterest.getInterest(), data)
class DataValidationState(ValidationState):
"""
Create a DataValidationState for the Data packet. The caller must ensure
that the state instance is valid until the validation finishes (i.e., until
validateCertificateChain() and validateOriginalPacket() have been called).
:param Data data: The Date packet being validated, which is copied.
:param successCallback: This calls successCallback(data) to report a
successful Data validation.
:type successCallback: function object
:param failureCallback: This calls failureCallback(data, error) to report a
failed Data validation, where error is a ValidationError.
:type failureCallback: function object
"""
def __init__(self, data, successCallback, failureCallback):
super(DataValidationState, self).__init__()
# Make a copy.
self._data = Data(data)
self._successCallback = successCallback
self._failureCallback = failureCallback
if self._successCallback == None:
raise ValueError("The successCallback is None")
if self._failureCallback == None:
raise ValueError("The failureCallback is None")
def fail(self, error):
"""
Call the failure callback.
:param ValidationError error:
"""
logging.getLogger(__name__).info("" + str(error))
try:
self._failureCallback(self._data, error)
except:
logging.exception("Error in failureCallback")
self.setOutcome(False)
def getOriginalData(self):
"""
Get the original Data packet being validated which was given to the
constructor.
:return: The original Data packet.
:rtype: Data
"""
return self._data
def _verifyOriginalPacket(self, trustedCertificate):
"""
Verify the signature of the original packet. This is only called by the
Validator class.
:param CertificateV2 trustedCertificate: The certificate that signs the
original packet.
"""
if VerificationHelpers.verifyDataSignature(self._data,
trustedCertificate):
logging.getLogger(__name__).info("OK signature for data `" +
self._data.getName().toUri() +
"`")
try:
self._successCallback(self._data)
except:
logging.exception("Error in successCallback")
self.setOutcome(True)
else:
self.fail(
ValidationError(
ValidationError.INVALID_SIGNATURE,
"Invalid signature of data `" +
self._data.getName().toUri() + "`"))
def _bypassValidation(self):
"""
Call the success callback of the original packet without signature
validation. This is only called by the Validator class.
"""
logging.getLogger(
__name__).info("Signature verification bypassed for data `" +
self._data.getName().toUri() + "`")
try:
self._successCallback(self._data)
except:
logging.exception("Error in successCallback")
self.setOutcome(True)
