[Ndn-interest] How to add the SecRuleRelative Rules in validator-regex?
Chengyu Fan
chengy.fan at gmail.com
Mon Mar 2 11:34:44 PST 2015
Oh, I didn't notice it.
I run the code on another machine that didn't install the correct key.
Thanks Yingdi.
On Mon, Mar 2, 2015 at 12:19 PM, Yingdi Yu <yingdi at cs.ucla.edu> wrote:
> The regex for key locator require “dsk-…” but the signing key is “ksk-…”.
>
> Yingdi
>
>
>
>
> On Mar 2, 2015, at 10:19 AM, Chengyu Fan <chengy.fan at gmail.com> wrote:
>
> Hi Alex,
>
> I wrote a toy example to use the SecRuleRelative (the code is listed
> below ) .
>
> I thought the data should satisfy the rule, but I always get "unsatisfied"
> on my ubuntu 14.04.1 ... Could you tell me what's wrong with the code?
>
> =================
> Name dataName("/test/site2/user2");
> dataName.append("testApp"); // the *data name* is
> */test/site2/user2/testApp*
>
> // Create Data packet
> static const std::string content = "HELLO WORLD";
> shared_ptr<Data> data = make_shared<Data>();
> data->setName(dataName);
> data->setFreshnessPeriod(time::seconds(10));
> data->setContent(reinterpret_cast<const uint8_t*>(content.c_str()),
> content.size());
>
> Name producerId("/test/site2/user2");
> m_keyChain.signByIdentity(*data, producerId); // now the *keyLocator*
> is */test/site2/user2/KEY/ksk-1425277773626/ID-CERT*
>
> SecRuleRelative rule("*^(<>*)$*",
> "*^([^<KEY>]*)<KEY>(<>*)<dsk-.*><ID-CERT>$*",
> *">", "\\1", "\\1\\2", true*);
> /* */test/site2/user2/testApp *should match the packetRegex "
> *^(<>*)$, *expand is */test/site2/user2/testApp*
> */test/site2/user2/KEY/ksk-1425277773626/ID-CERT* should match
> the signerRegex, expand is */test/site2/user2/*
> The data name* /test/site2/user2/testApp *is* under *the signer's
> namespace */test/site2/user2/*
> * */*
>
> if (rule.satisfy(*data))
> std::cout << "satisfied" << std::endl;
> else {
> std::cout << "unsatisfied" << std::endl;
> }
> =================
>
> On Mon, Mar 2, 2015 at 9:48 AM, Chengyu Fan <chengy.fan at gmail.com> wrote:
>
>> Hi Alex,
>>
>> Thanks for the reply.
>>
>> Further questions in line.
>>
>> On Sat, Feb 28, 2015 at 4:45 PM, Alex Afanasyev <
>> alexander.afanasyev at ucla.edu> wrote:
>>
>>> Hi Chengyu,
>>>
>>> I assumed there is a documentation for this method, but the commit that
>>> adds it is not yet merged. Here is the description we will have soon:
>>>
>>> /**
>>> * @brief Construct the rule
>>> * @param packetRegex regular expression to match the packet name that
>>> is qualified for the
>>> * the rule (e.g., `^(<.*>)$`)
>>> * @param signerRegex regular expression to match the the KeyLocator
>>> of the packet (e.g.,
>>> * `^(<.*>)<KEY>(<.*>)<ID-CERT><>$`)
>>> * @param comparator Defines the way expanded signer's name is matched
>>> against expanded
>>> * packet's name. Possible values are:
>>> * - "is-prefix-of"
>>> * - "is-strict-prefix-of"
>>> * - "equal"
>>>
>>
>> Which symbol refers to which value?
>>
>>
>>> * @param packetExpand Expansion rule for packet's name (e.g., `\1`)
>>> * @param signerExpand Expansion rule for signer's name (e.g., `\1\2`)
>>> * @param isPositive flag denoting whether the rule is positive or
>>> negative
>>> *
>>> * @note A packet complies with the rule only if both \p packetRegex
>>> matches the packet name
>>> * and \p signerRegex matches the KeyLocator name
>>>
>>
>> According to the comparator description, I think this function also needs
>> to test if the expanded signer's name matched against the expanded packet's
>> name?
>>
>>
>>> */
>>>
>>>
>>> On Feb 27, 2015, at 7:59 PM, Chengyu Fan <chengy.fan at gmail.com> wrote:
>>>
>>> Could you tell me how the SecRuleRelative Rule works?
>>>
>>> Specifically, what's the meaning of each parameter? What conditions the
>>> rule will test to make a incoming data satisfy the rule?
>>> ndn::SecRuleRelative::SecRuleRelative
>>> <http://named-data.net/doc/ndn-cxx/0.2.0/doxygen/d6/de6/classndn_1_1SecRuleRelative.html#ae75d154107abd094ad47b9195aa3f896>
>>> (const std::string & dataRegex,const std::string & signerRegex,const
>>> std::string & op,const std::string & dataExpand,const std::string &
>>> signerExpand,bool isPositive )
>>>
>>>
>>>
>>> On Fri, Feb 27, 2015 at 1:59 PM, Alex Afanasyev <
>>> alexander.afanasyev at ucla.edu> wrote:
>>>
>>>>
>>>> On Feb 27, 2015, at 12:10 PM, Chengyu Fan <chengy.fan at gmail.com> wrote:
>>>>
>>>> Hi,
>>>>
>>>> I'm trying to use the validator-regex to validate the incoming data,
>>>> but I stuck at how to add the SecRuleRelative Rule.
>>>>
>>>> Can somebody tell me some clues?
>>>>
>>>> Specifically, I find the example in SecurityLibrary(
>>>> http://redmine.named-data.net/projects/ndn-cxx/wiki/SecurityLibrary),
>>>> but I don't understand the RuleRelative rule below ...
>>>>
>>>> SecRuleRelative rule("^(<>*)$", "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$",
>>>> ">", "\\1", "\\1\\2", true);
>>>>
>>>> What's the meaning of ">", "\\1", "\\1\\2" ? Can someone give me an
>>>> example?
>>>>
>>>>
>>>> This is just a regular expression rules. \\1 (\1, it’s just \ needs
>>>> to be escaped in c++) refer to th first group of the regular expression,
>>>> \\2 refer to the second group, etc.
>>>>
>>>> There are many documentation sources about regexps, e.g.,
>>>> http://www.boost.org/doc/libs/1_57_0/libs/regex/doc/html/boost_regex/syntax/perl_syntax.html
>>>> .
>>>>
>>>> The only difference in our regular expressions is the fact that it is
>>>> defined over name components, not just strings. There is a documentation
>>>> for this at
>>>> http://named-data.net/doc/ndn-cxx/current/tutorials/utils-ndn-regex.html
>>>>
>>>> —
>>>> Alex
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Thanks,
>>>
>>> Chengyu
>>>
>>>
>>>
>>
>>
>> --
>> Thanks,
>>
>> Chengyu
>>
>
>
>
> --
> Thanks,
>
> Chengyu
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>
>
>
--
Thanks,
Chengyu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20150302/4288230c/attachment.html>
More information about the Ndn-interest
mailing list