diff options
| author | Adam Ierymenko <adam.ierymenko@gmail.com> | 2016-08-04 09:02:35 -0700 |
|---|---|---|
| committer | Adam Ierymenko <adam.ierymenko@gmail.com> | 2016-08-04 09:02:35 -0700 |
| commit | f057bb63cdc4bebc4608f4f2ed6da4656ddbc8a9 (patch) | |
| tree | 5cc5ca0eea2ddea5e06655c31292f906f53875a8 /node/Capability.hpp | |
| parent | 7e6e56e2bce240a8d3a4f2825d3f110109a541b6 (diff) | |
| download | infinitytier-f057bb63cdc4bebc4608f4f2ed6da4656ddbc8a9.tar.gz infinitytier-f057bb63cdc4bebc4608f4f2ed6da4656ddbc8a9.zip | |
More work on tags and capabilities.
Diffstat (limited to 'node/Capability.hpp')
| -rw-r--r-- | node/Capability.hpp | 38 |
1 files changed, 25 insertions, 13 deletions
diff --git a/node/Capability.hpp b/node/Capability.hpp index d050b2b8..48282708 100644 --- a/node/Capability.hpp +++ b/node/Capability.hpp @@ -130,11 +130,11 @@ public: inline bool sign(const Identity &from,const Address &to) { try { - Buffer<(sizeof(Capability) * 2)> tmp; for(unsigned int i=0;((i<_maxCustodyChainLength)&&(i<ZT_MAX_CAPABILITY_CUSTODY_CHAIN_LENGTH));++i) { if (!(_custody[i].to)) { _custody[i].to = to; _custody[i].from = from.address(); + Buffer<(sizeof(Capability) * 2)> tmp; this->serialize(tmp,true); _custody[i].signature = from.sign(tmp.data(),tmp.size()); return true; @@ -145,22 +145,12 @@ public: } /** - * Verify this capability's chain of custody - * - * This returns a tri-state result. A return value of zero indicates that - * the chain of custody is valid and all signatures are okay. A positive - * return value means at least one WHOIS was issued for a missing signing - * identity and we should retry later. A negative return value means that - * this chain or one of its signature is BAD and this capability should - * be discarded. - * - * Note that the entire chain is checked regardless of verifyInChain. + * Verify this capability's chain of custody and signatures * * @param RR Runtime environment to provide for peer lookup, etc. - * @param verifyInChain Also check to ensure that this capability was at some point properly issued to this peer (if non-null) * @return 0 == OK, 1 == waiting for WHOIS, -1 == BAD signature or chain */ - int verify(const RuntimeEnvironment *RR,const Address &verifyInChain) const; + int verify(const RuntimeEnvironment *RR) const; template<unsigned int C> static inline void serializeRules(Buffer<C> &b,const ZT_VirtualNetworkRule *rules,unsigned int ruleCount) @@ -403,9 +393,31 @@ public: return (p - startAt); } + /** + * Check to see if a given address is a 'to' address in the custody chain + * + * This does not actually do certificate checking. That must be done with verify(). + * + * @param a Address to check + * @return True if address is present + */ + inline bool wasIssuedTo(const Address &a) const + { + for(unsigned int i=0;i<ZT_MAX_CAPABILITY_CUSTODY_CHAIN_LENGTH;++i) { + if (!_custody[i].to) + break; + else if (_custody[i].to == a) + return true; + } + return false; + } + // Provides natural sort order by ID inline bool operator<(const Capability &c) const { return (_id < c._id); } + inline bool operator==(const Capability &c) const { return (memcmp(this,&c,sizeof(Capability)) == 0); } + inline bool operator!=(const Capability &c) const { return (memcmp(this,&c,sizeof(Capability)) != 0); } + private: uint64_t _nwid; uint64_t _expiration; |