Vanetza
Loading...
Searching...
No Matches
certificate_validator.cpp
1#include <vanetza/common/position_provider.hpp>
2#include <vanetza/common/runtime.hpp>
3#include <vanetza/security/v3/certificate.hpp>
4#include <vanetza/security/v3/certificate_cache.hpp>
5#include <vanetza/security/v3/certificate_validator.hpp>
6
7
8namespace vanetza
9{
10namespace security
11{
12namespace v3
13{
14
15auto DefaultCertificateValidator::valid_for_signing(const CertificateView& signing_cert, ItsAid its_aid) -> Verdict
16{
17 if (!m_disable_time_checks && !m_runtime) {
18 return Verdict::Misconfiguration;
19 } else if (!m_disable_location_checks && (!m_position_provider || !m_location_checker)) {
20 return Verdict::Misconfiguration;
21 } else if (!signing_cert.valid_for_application(its_aid)) {
22 return Verdict::InsufficientPermission;
23 } else if (m_runtime && !signing_cert.valid_at_timepoint(m_runtime->now())) {
24 return Verdict::Expired;
25 } else {
26 Verdict verdict = Verdict::Valid;
27 if (!m_disable_location_checks) {
28 if (m_position_provider) {
29 auto location = m_position_provider->position_fix();
30 if (signing_cert.has_region_restriction()) {
31 if (!signing_cert.valid_at_location(location, m_location_checker)) {
32 verdict = Verdict::OutsideRegion;
33 }
34 } else {
35 auto issuing_cert = find_issuer_certificate(signing_cert);
36 if (issuing_cert && !issuing_cert->valid_at_location(location, m_location_checker)) {
37 verdict = Verdict::OutsideRegion;
38 }
39 }
40 }
41 }
42 return verdict;
43 }
44}
45
46void DefaultCertificateValidator::use_runtime(const Runtime* runtime)
47{
48 m_runtime = runtime;
49}
50
51void DefaultCertificateValidator::use_position_provider(PositionProvider* pp)
52{
53 m_position_provider = pp;
54}
55
56void DefaultCertificateValidator::use_certificate_cache(const CertificateCache* cache)
57{
58 m_certificate_cache = cache;
59}
60
61void DefaultCertificateValidator::use_location_checker(const LocationChecker* checker)
62{
63 m_location_checker = checker;
64}
65
66void DefaultCertificateValidator::disable_time_checks(bool flag)
67{
68 m_disable_time_checks = flag;
69}
70
71void DefaultCertificateValidator::disable_location_checks(bool flag)
72{
73 m_disable_location_checks = flag;
74}
75
76const Certificate* DefaultCertificateValidator::find_issuer_certificate(const CertificateView& at_cert) const
77{
78 if (m_certificate_cache) {
79 auto maybe_issuer_digest = at_cert.issuer_digest();
80 if (maybe_issuer_digest) {
81 return m_certificate_cache->lookup(*maybe_issuer_digest);
82 }
83 }
84
85 return nullptr;
86}
87
88} // namespace v3
89} // namespace security
90} // namespace vanetza
vanetza::PositionProvider::position_fix
virtual const PositionFix & position_fix()=0
vanetza::Runtime::now
virtual Clock::time_point now() const =0
vanetza::security::v3::CertificateView::valid_at_timepoint
bool valid_at_timepoint(const Clock::time_point &time_point) const
Definition certificate.cpp:98
vanetza::security::v3::CertificateView::valid_for_application
bool valid_for_application(ItsAid aid) const
Definition certificate.cpp:141
vanetza::security::v3::CertificateView::valid_at_location
bool valid_at_location(const PositionFix &location, const LocationChecker *lc) const
Definition certificate.cpp:93
vanetza::security::v3::CertificateView::issuer_digest
boost::optional< HashedId8 > issuer_digest() const
Definition certificate.cpp:161
vanetza::security::v3::DefaultCertificateValidator::valid_for_signing
Verdict valid_for_signing(const CertificateView &, ItsAid) override
Definition certificate_validator.cpp:15