Actions
Bug #4339
closedIncorrect interpretation of checker.key-locator in v2:ValidatorConfig
Start date:
Due date:
% Done:
0%
Estimated time:
2.00 h
Tags:
Description
checker.key-locator
is incorrectly interpreted as identity name instead of, as the name suggests, name of the key.
This result in authentication failure with NLSR rules:
rule
{
id "NLSR ControlCommand Rule"
for interest
filter
{
type name
regex ^<localhost><nlsr><prefix-update>[<advertise><withdraw>]<><><>$
}
checker
{
type customized
sig-type rsa-sha256
key-locator
{
type name
regex ^<>*<KEY><>$ ; TODO: correct regex for key name
}
}
}
rule
{
id "NLSR Hierarchy Rule"
for data
filter
{
type name
regex ^[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
}
checker
{
type hierarchical
sig-type rsa-sha256
}
}
trust-anchor
{
type file
file-name "site.cert"
}
Expected: success to match command interests and then check against trust anchor
Actual: failure to pass the first checker
1507222563.583 DEBUG: [PrefixUpdateProcessor] reject /localhost/nlsr/prefix-update/advertise/h%19%07%17%08%06prefix%08%02to%08%09advertise/%00%00%01I%9DY%8C%AA/%BF%D0Xr%9B%AF%8E%FD/%16%3D%1B%01%03%1C8%076%08%03edu%08%09test-site%08%0A%C1.Operator%08%09%FD%00%00%01I%9DY%8C%A0%08%03KEY%08%08%C1R%20%29%87O%CF%FE/%17H0F%02%21%00%BB-ZG%0D%06%B6%89%E3%22t%FD%3A%B5%94.WGS%F7%C1%01%15%84%7D%F6%F5t%C4%A8%A5%B8%02%21%00%C8T%12%27%9C%2C%0D%060x%15%C4%DE%03P%B5%CD%88.%AE%B5%D8%5Cc%04_%A2%E2%8A%D9%F3%02 signer=? Validation policy error (KeyLocator check failed: regex ^<>*<KEY><>$ for packet /localhost/nlsr/prefix-update/advertise/h%19%07%17%08%06prefix%08%02to%08%09advertise/%00%00%01I%9DY%8C%AA/%BF%D0Xr%9B%AF%8E%FD is invalid (KeyLocator=/edu/test-site/%C1.Operator/%FD%00%00%01I%9DY%8C%A0/KEY/%C1R%20%29%87O%CF%FE, identity=/edu/test-site/%C1.Operator/%FD%00%00%01I%9DY%8C%A0))
Actions