[Ndn-interest] How to add the SecRuleRelative Rules in validator-regex?

Chengyu Fan chengy.fan at gmail.com
Mon Mar 2 10:19:30 PST 2015 

Hi Alex,

I wrote a toy example to use the SecRuleRelative (the code is listed
below ) .

I thought the data should satisfy the rule, but I always get "unsatisfied"
on my ubuntu 14.04.1 ... Could you tell me what's wrong with the code?

=================
    Name dataName("/test/site2/user2");
    dataName.append("testApp"); // the *data name* is
*/test/site2/user2/testApp*

    // Create Data packet
    static const std::string content = "HELLO WORLD";
    shared_ptr<Data> data = make_shared<Data>();
    data->setName(dataName);
    data->setFreshnessPeriod(time::seconds(10));
    data->setContent(reinterpret_cast<const uint8_t*>(content.c_str()),
content.size());

    Name producerId("/test/site2/user2");
    m_keyChain.signByIdentity(*data, producerId); // now the *keyLocator*
is */test/site2/user2/KEY/ksk-1425277773626/ID-CERT*

    SecRuleRelative rule("*^(<>*)$*",
                         "*^([^<KEY>]*)<KEY>(<>*)<dsk-.*><ID-CERT>$*",
                         *">", "\\1", "\\1\\2", true*);
    /*  */test/site2/user2/testApp *should match the packetRegex "*^(<>*)$,
*expand is */test/site2/user2/testApp*
        */test/site2/user2/KEY/ksk-1425277773626/ID-CERT* should match the
signerRegex, expand is */test/site2/user2/*
        The data name* /test/site2/user2/testApp *is* under *the signer's
namespace */test/site2/user2/*
*    */*

    if (rule.satisfy(*data))
      std::cout << "satisfied" << std::endl;
    else {
      std::cout << "unsatisfied" << std::endl;
    }
=================

On Mon, Mar 2, 2015 at 9:48 AM, Chengyu Fan <chengy.fan at gmail.com> wrote:

> Hi Alex,
>
> Thanks for the reply.
>
> Further questions in line.
>
> On Sat, Feb 28, 2015 at 4:45 PM, Alex Afanasyev <
> alexander.afanasyev at ucla.edu> wrote:
>
>> Hi Chengyu,
>>
>> I assumed there is a documentation for this method, but the commit that
>> adds it is not yet merged.  Here is the description we will have soon:
>>
>>   /**
>>    * @brief Construct the rule
>>    * @param packetRegex regular expression to match the packet name that
>> is qualified for the
>>    *                    the rule (e.g., `^(<.*>)$`)
>>    * @param signerRegex regular expression to match the the KeyLocator of
>> the packet (e.g.,
>>    *                    `^(<.*>)<KEY>(<.*>)<ID-CERT><>$`)
>>    * @param comparator Defines the way expanded signer's name is matched
>> against expanded
>>    *                   packet's name.  Possible values are:
>>    *                     - "is-prefix-of"
>>    *                     - "is-strict-prefix-of"
>>    *                     - "equal"
>>
>
> Which symbol refers to which value?
>
>
>>    * @param packetExpand Expansion rule for packet's name (e.g., `\1`)
>>    * @param signerExpand Expansion rule for signer's name (e.g., `\1\2`)
>>    * @param isPositive flag denoting whether the rule is positive or
>> negative
>>    *
>>    * @note A packet complies with the rule only if both \p packetRegex
>> matches the packet name
>>    *       and \p signerRegex matches the KeyLocator name
>>
>
> According to the comparator description, I think this function also needs
> to test if the expanded signer's name matched against the expanded packet's
> name?
>
>
>>    */
>>
>>
>> On Feb 27, 2015, at 7:59 PM, Chengyu Fan <chengy.fan at gmail.com> wrote:
>>
>> Could you tell me how the SecRuleRelative Rule works?
>>
>> Specifically, what's the meaning of each parameter? What conditions the
>> rule will test to make a incoming data satisfy the rule?
>> ndn::SecRuleRelative::SecRuleRelative
>> <http://named-data.net/doc/ndn-cxx/0.2.0/doxygen/d6/de6/classndn_1_1SecRuleRelative.html#ae75d154107abd094ad47b9195aa3f896>
>> (const std::string & dataRegex,const std::string & signerRegex,const
>> std::string & op,const std::string & dataExpand,const std::string &
>> signerExpand,bool isPositive )
>>
>>
>>
>> On Fri, Feb 27, 2015 at 1:59 PM, Alex Afanasyev <
>> alexander.afanasyev at ucla.edu> wrote:
>>
>>>
>>> On Feb 27, 2015, at 12:10 PM, Chengyu Fan <chengy.fan at gmail.com> wrote:
>>>
>>> Hi,
>>>
>>> I'm trying to use the validator-regex to validate the incoming data, but
>>> I stuck at how to add the SecRuleRelative Rule.
>>>
>>> Can somebody tell me some clues?
>>>
>>> Specifically, I find the example in SecurityLibrary(
>>> http://redmine.named-data.net/projects/ndn-cxx/wiki/SecurityLibrary),
>>> but I don't understand the RuleRelative rule below ...
>>>
>>> SecRuleRelative rule("^(<>*)$", "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$",
>>>                      ">", "\\1", "\\1\\2", true);
>>>
>>> What's the meaning of ">", "\\1", "\\1\\2" ? Can someone give me an
>>> example?
>>>
>>>
>>> This is just a regular expression rules.  \\1 (\1, it’s just \ needs to
>>> be escaped in c++) refer to th first group of the regular expression,
>>> \\2 refer to the second group, etc.
>>>
>>> There are many documentation sources about regexps, e.g.,
>>> http://www.boost.org/doc/libs/1_57_0/libs/regex/doc/html/boost_regex/syntax/perl_syntax.html
>>> .
>>>
>>> The only difference in our regular expressions is the fact that it is
>>> defined over name components, not just strings.  There is a documentation
>>> for this at
>>> http://named-data.net/doc/ndn-cxx/current/tutorials/utils-ndn-regex.html
>>>
>>>>>> Alex
>>>
>>>
>>>
>>
>>
>> --
>> Thanks,
>>
>> Chengyu
>>
>>
>>
>
>
> --
> Thanks,
>
> Chengyu
>



-- 
Thanks,

Chengyu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20150302/3dbd3213/attachment.html>

More information about the Ndn-interest mailing list