More work on tags and capabilities.

This commit is contained in:
Adam Ierymenko 2016-08-04 09:02:35 -07:00
parent 7e6e56e2bc
commit f057bb63cd
12 changed files with 397 additions and 54 deletions

View file

@ -130,11 +130,11 @@ public:
inline bool sign(const Identity &from,const Address &to)
{
try {
Buffer<(sizeof(Capability) * 2)> tmp;
for(unsigned int i=0;((i<_maxCustodyChainLength)&&(i<ZT_MAX_CAPABILITY_CUSTODY_CHAIN_LENGTH));++i) {
if (!(_custody[i].to)) {
_custody[i].to = to;
_custody[i].from = from.address();
Buffer<(sizeof(Capability) * 2)> tmp;
this->serialize(tmp,true);
_custody[i].signature = from.sign(tmp.data(),tmp.size());
return true;
@ -145,22 +145,12 @@ public:
}
/**
* Verify this capability's chain of custody
*
* This returns a tri-state result. A return value of zero indicates that
* the chain of custody is valid and all signatures are okay. A positive
* return value means at least one WHOIS was issued for a missing signing
* identity and we should retry later. A negative return value means that
* this chain or one of its signature is BAD and this capability should
* be discarded.
*
* Note that the entire chain is checked regardless of verifyInChain.
* Verify this capability's chain of custody and signatures
*
* @param RR Runtime environment to provide for peer lookup, etc.
* @param verifyInChain Also check to ensure that this capability was at some point properly issued to this peer (if non-null)
* @return 0 == OK, 1 == waiting for WHOIS, -1 == BAD signature or chain
*/
int verify(const RuntimeEnvironment *RR,const Address &verifyInChain) const;
int verify(const RuntimeEnvironment *RR) const;
template<unsigned int C>
static inline void serializeRules(Buffer<C> &b,const ZT_VirtualNetworkRule *rules,unsigned int ruleCount)
@ -403,9 +393,31 @@ public:
return (p - startAt);
}
/**
* Check to see if a given address is a 'to' address in the custody chain
*
* This does not actually do certificate checking. That must be done with verify().
*
* @param a Address to check
* @return True if address is present
*/
inline bool wasIssuedTo(const Address &a) const
{
for(unsigned int i=0;i<ZT_MAX_CAPABILITY_CUSTODY_CHAIN_LENGTH;++i) {
if (!_custody[i].to)
break;
else if (_custody[i].to == a)
return true;
}
return false;
}
// Provides natural sort order by ID
inline bool operator<(const Capability &c) const { return (_id < c._id); }
inline bool operator==(const Capability &c) const { return (memcmp(this,&c,sizeof(Capability)) == 0); }
inline bool operator!=(const Capability &c) const { return (memcmp(this,&c,sizeof(Capability)) != 0); }
private:
uint64_t _nwid;
uint64_t _expiration;