net.named_data.jndn.security.policy
public class ConfigPolicyManager extends PolicyManager
Modifier and Type | Class and Description |
---|---|
static interface |
ConfigPolicyManager.Friend
A class implements Friend if it has a method
setConfigPolicyManagerFriendAccess which setFriendAccess calls to set
the FriendAccess object.
|
static class |
ConfigPolicyManager.FriendAccess
A friend class can call the methods of FriendAccess to access private
methods.
|
Constructor and Description |
---|
ConfigPolicyManager()
Create a new ConfigPolicyManager which will act on the rules specified in
the configuration and download unknown certificates when necessary.
|
ConfigPolicyManager(String configFileName) |
ConfigPolicyManager(String configFileName,
CertificateCache certificateCache) |
ConfigPolicyManager(String configFileName,
CertificateCache certificateCache,
int searchDepth) |
ConfigPolicyManager(String configFileName,
CertificateCache certificateCache,
int searchDepth,
double graceInterval) |
ConfigPolicyManager(String configFileName,
CertificateCache certificateCache,
int searchDepth,
double graceInterval,
double keyTimestampTtl) |
ConfigPolicyManager(String configFileName,
CertificateCache certificateCache,
int searchDepth,
double graceInterval,
double keyTimestampTtl,
int maxTrackedKeys)
Create a new ConfigPolicyManager which will act on the rules specified in
the configuration and download unknown certificates when necessary.
|
Modifier and Type | Method and Description |
---|---|
boolean |
checkSigningPolicy(Name dataName,
Name certificateName)
Override to always indicate that the signing certificate name and data name
satisfy the signing policy.
|
ValidationRequest |
checkVerificationPolicy(Data data,
int stepCount,
OnVerified onVerified,
OnVerifyFailed onVerifyFailed)
Check whether the received data packet complies with the verification policy,
and get the indication of the next verification step.
|
ValidationRequest |
checkVerificationPolicy(Interest interest,
int stepCount,
OnVerifiedInterest onVerified,
OnVerifyInterestFailed onVerifyFailed,
WireFormat wireFormat)
Check whether the received signed interest complies with the verification
policy, and get the indication of the next verification step.
|
Name |
inferSigningIdentity(Name dataName)
Infer the signing identity name according to the policy.
|
void |
load(String configFileName)
Call reset() and load the configuration rules from the file.
|
void |
load(String input,
String inputName)
Call reset() and load the configuration rules from the input.
|
boolean |
requireVerify(Data data)
Check if this PolicyManager has a verification rule for the received data.
|
boolean |
requireVerify(Interest interest)
Check if this PolicyManager has a verification rule for the received signed
interest.
|
void |
reset()
Reset the certificate cache and other fields to the constructor state.
|
static void |
setFriendAccess(ConfigPolicyManager.Friend friend)
Call friend.setConfigPolicyManagerFriendAccess to pass an instance of
a FriendAccess class to allow a friend class to call private methods.
|
boolean |
skipVerifyAndTrust(Data data)
Check if the received data packet can escape from verification and be
trusted as valid.
|
boolean |
skipVerifyAndTrust(Interest interest)
Check if the received signed interest can escape from verification and be
trusted as valid.
|
checkVerificationPolicy, verifyDigestSha256Signature, verifySha256WithEcdsaSignature, verifySha256WithRsaSignature, verifySignature
public ConfigPolicyManager(String configFileName, CertificateCache certificateCache, int searchDepth, double graceInterval, double keyTimestampTtl, int maxTrackedKeys) throws IOException, SecurityException
configFileName
- (optional) If not null or empty, the path to the
configuration file containing verification rules. Otherwise, you should
separately call load().certificateCache
- (optional) A CertificateCache to hold known
certificates. If this is null or omitted, then create an internal
CertificateCache.searchDepth
- (optional) The maximum number of links to follow when
verifying a certificate chain.graceInterval
- (optional) The window of time difference (in milliseconds)
allowed between the timestamp of the first interest signed with a new
public key and the validation time. If omitted, use a default value.keyTimestampTtl
- (optional) How long a public key's last-used
timestamp is kept in the store (milliseconds). If omitted, use a default
value.maxTrackedKeys
- The maximum number of public key use timestamps to
track.IOException
SecurityException
public ConfigPolicyManager(String configFileName, CertificateCache certificateCache, int searchDepth, double graceInterval, double keyTimestampTtl) throws IOException, SecurityException
IOException
SecurityException
public ConfigPolicyManager(String configFileName, CertificateCache certificateCache, int searchDepth, double graceInterval) throws IOException, SecurityException
IOException
SecurityException
public ConfigPolicyManager(String configFileName, CertificateCache certificateCache, int searchDepth) throws IOException, SecurityException
IOException
SecurityException
public ConfigPolicyManager(String configFileName, CertificateCache certificateCache) throws IOException, SecurityException
IOException
SecurityException
public ConfigPolicyManager(String configFileName) throws IOException, SecurityException
IOException
SecurityException
public ConfigPolicyManager()
public final void reset()
public final void load(String configFileName) throws IOException, SecurityException
configFileName
- The path to the configuration file containing the
verification rules.IOException
SecurityException
public void load(String input, String inputName) throws IOException, SecurityException
input
- The contents of the configuration rules, with lines separated
by "\n" or "\r\n".inputName
- Used for log messages, etc.IOException
SecurityException
public final boolean skipVerifyAndTrust(Data data)
skipVerifyAndTrust
in class PolicyManager
data
- The received data packet.public final boolean skipVerifyAndTrust(Interest interest)
skipVerifyAndTrust
in class PolicyManager
interest
- The received interest.public final boolean requireVerify(Data data)
requireVerify
in class PolicyManager
data
- The received data packet.public final boolean requireVerify(Interest interest)
requireVerify
in class PolicyManager
interest
- The received interest.public final ValidationRequest checkVerificationPolicy(Data data, int stepCount, OnVerified onVerified, OnVerifyFailed onVerifyFailed) throws SecurityException
checkVerificationPolicy
in class PolicyManager
data
- The Data object with the signature to check.stepCount
- The number of verification steps that have been done, used
to track the verification progress.onVerified
- If the signature is verified, this calls
onVerified.onVerified(data).
NOTE: The library will log any exceptions thrown by this callback, but for
better error handling the callback should catch and properly handle any
exceptions.onVerifyFailed
- If the signature check fails, this calls
onVerifyFailed.onVerifyFailed(data).
NOTE: The library will log any exceptions thrown by this callback, but for
better error handling the callback should catch and properly handle any
exceptions.SecurityException
public final ValidationRequest checkVerificationPolicy(Interest interest, int stepCount, OnVerifiedInterest onVerified, OnVerifyInterestFailed onVerifyFailed, WireFormat wireFormat) throws SecurityException
checkVerificationPolicy
in class PolicyManager
interest
- The interest with the signature to check.stepCount
- The number of verification steps that have been done, used
to track the verification progress.onVerified
- If the signature is verified, this calls onVerified(interest).
NOTE: The library will log any exceptions thrown by this callback, but for
better error handling the callback should catch and properly handle any
exceptions.onVerifyFailed
- If the signature check fails, this calls
onVerifyFailed(interest).
NOTE: The library will log any exceptions thrown by this callback, but for
better error handling the callback should catch and properly handle any
exceptions.SecurityException
public final boolean checkSigningPolicy(Name dataName, Name certificateName)
checkSigningPolicy
in class PolicyManager
dataName
- The name of data to be signed.certificateName
- The name of signing certificate.public final Name inferSigningIdentity(Name dataName)
inferSigningIdentity
in class PolicyManager
dataName
- The name of data to be signed.public static void setFriendAccess(ConfigPolicyManager.Friend friend)
friend
- The friend class for calling setConfigPolicyManagerFriendAccess.
This uses friend.getClass() to make sure that it is a friend class.
Therefore, only a friend class gets an implementation of FriendAccess.Copyright © 2016. All rights reserved.