A ConfigPolicyManager manages trust according to a configuration file in the Validator Configuration File Format (http://redmine.named-data.net/projects/ndn-cxx/wiki/CommandValidatorConf)
More...
#include <config-policy-manager.hpp>
|
| ConfigPolicyManager (const std::string &configFileName="", const ptr_lib::shared_ptr< CertificateCache > &certificateCache=ptr_lib::shared_ptr< CertificateCache >(), int searchDepth=5, Milliseconds graceInterval=3000, Milliseconds keyTimestampTtl=3600000, int maxTrackedKeys=1000) |
| Create a new ConfigPolicyManager which will act on the rules specified in the configuration and download unknown certificates when necessary. More...
|
|
virtual | ~ConfigPolicyManager () |
| The virtual destructor.
|
|
void | reset () |
| Reset the certificate cache and other fields to the constructor state.
|
|
void | load (const std::string &configFileName) |
| Call reset() and load the configuration rules from the file. More...
|
|
void | load (const std::string &input, const std::string &inputName) |
| Call reset() and load the configuration rules from the input. More...
|
|
virtual bool | skipVerifyAndTrust (const Data &data) |
| Check if the received data packet can escape from verification and be trusted as valid. More...
|
|
virtual bool | skipVerifyAndTrust (const Interest &interest) |
| Check if the received signed interest can escape from verification and be trusted as valid. More...
|
|
virtual bool | requireVerify (const Data &data) |
| Check if this PolicyManager has a verification rule for the received data. More...
|
|
virtual bool | requireVerify (const Interest &interest) |
| Check if this PolicyManager has a verification rule for the received signed interest. More...
|
|
virtual ptr_lib::shared_ptr< ValidationRequest > | checkVerificationPolicy (const ptr_lib::shared_ptr< Data > &data, int stepCount, const OnVerified &onVerified, const OnVerifyFailed &onVerifyFailed) |
| Check whether the received data packet complies with the verification policy, and get the indication of the next verification step. More...
|
|
virtual ptr_lib::shared_ptr< ValidationRequest > | checkVerificationPolicy (const ptr_lib::shared_ptr< Interest > &interest, int stepCount, const OnVerifiedInterest &onVerified, const OnVerifyInterestFailed &onVerifyFailed, WireFormat &wireFormat) |
| Check whether the received signed interest complies with the verification policy, and get the indication of the next verification step. More...
|
|
virtual bool | checkSigningPolicy (const Name &dataName, const Name &certificateName) |
| Override to always indicate that the signing certificate name and data name satisfy the signing policy. More...
|
|
virtual Name | inferSigningIdentity (const Name &dataName) |
| Infer the signing identity name according to the policy. More...
|
|
virtual | ~PolicyManager () |
| The virtual destructor.
|
|
|
class | ::TestVerificationRulesFriend |
|
A ConfigPolicyManager manages trust according to a configuration file in the Validator Configuration File Format (http://redmine.named-data.net/projects/ndn-cxx/wiki/CommandValidatorConf)
Once a rule is matched, the ConfigPolicyManager looks in the CertificateCache for the IdentityCertificate matching the name in the KeyLocator and uses its public key to verify the data packet or signed interest. If the certificate can't be found, it is downloaded, verified and installed. A chain of certificates will be followed to a maximum depth. If the new certificate is accepted, it is used to complete the verification.
The KeyLocators of data packets and signed interests MUST contain a name for verification to succeed.
ndn::ConfigPolicyManager::ConfigPolicyManager |
( |
const std::string & |
configFileName = "" , |
|
|
const ptr_lib::shared_ptr< CertificateCache > & |
certificateCache = ptr_lib::shared_ptr< CertificateCache >() , |
|
|
int |
searchDepth = 5 , |
|
|
Milliseconds |
graceInterval = 3000 , |
|
|
Milliseconds |
keyTimestampTtl = 3600000 , |
|
|
int |
maxTrackedKeys = 1000 |
|
) |
| |
Create a new ConfigPolicyManager which will act on the rules specified in the configuration and download unknown certificates when necessary.
- Parameters
-
configFileName | (optional) If not empty, the path to the configuration file containing verification rules. Otherwise, you should separately call load(). |
certificateCache | (optional) A CertificateCache to hold known certificates. If this is null or omitted, then create an internal CertificateCache. |
searchDepth | (optional) The maximum number of links to follow when verifying a certificate chain. |
graceInterval | (optional) The window of time difference (in milliseconds) allowed between the timestamp of the first interest signed with a new public key and the validation time. If omitted, use a default value. |
keyTimestampTtl | (optional) How long a public key's last-used timestamp is kept in the store (milliseconds). If omitted, use a default value. |
maxTrackedKeys | The maximum number of public key use timestamps to track. |
virtual bool ndn::ConfigPolicyManager::checkSigningPolicy |
( |
const Name & |
dataName, |
|
|
const Name & |
certificateName |
|
) |
| |
|
virtual |
Override to always indicate that the signing certificate name and data name satisfy the signing policy.
- Parameters
-
dataName | The name of data to be signed. |
certificateName | The name of signing certificate. |
- Returns
- true to indicate that the signing certificate can be used to sign the data.
Implements ndn::PolicyManager.
virtual ptr_lib::shared_ptr<ValidationRequest> ndn::ConfigPolicyManager::checkVerificationPolicy |
( |
const ptr_lib::shared_ptr< Data > & |
data, |
|
|
int |
stepCount, |
|
|
const OnVerified & |
onVerified, |
|
|
const OnVerifyFailed & |
onVerifyFailed |
|
) |
| |
|
virtual |
Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.
- Parameters
-
data | The Data object with the signature to check. |
stepCount | The number of verification steps that have been done, used to track the verification progress. |
onVerified | If the signature is verified, this calls onVerified(data). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions. |
onVerifyFailed | If the signature check fails, this calls onVerifyFailed(data). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions. |
- Returns
- the indication of next verification step, null if there is no further step.
Implements ndn::PolicyManager.
Check whether the received signed interest complies with the verification policy, and get the indication of the next verification step.
- Parameters
-
interest | The interest with the signature to check. |
stepCount | The number of verification steps that have been done, used to track the verification progress. |
onVerified | If the signature is verified, this calls onVerified(interest). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions. |
onVerifyFailed | If the signature check fails, this calls onVerifyFailed(interest). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions. |
- Returns
- the indication of next verification step, null if there is no further step.
Implements ndn::PolicyManager.
virtual Name ndn::ConfigPolicyManager::inferSigningIdentity |
( |
const Name & |
dataName | ) |
|
|
virtual |
Infer the signing identity name according to the policy.
If the signing identity cannot be inferred, return an empty name.
- Parameters
-
dataName | The name of data to be signed. |
- Returns
- The signing identity or an empty name if cannot infer.
Implements ndn::PolicyManager.
void ndn::ConfigPolicyManager::load |
( |
const std::string & |
configFileName | ) |
|
Call reset() and load the configuration rules from the file.
- Parameters
-
configFileName | The path to the configuration file containing the verification rules. |
void ndn::ConfigPolicyManager::load |
( |
const std::string & |
input, |
|
|
const std::string & |
inputName |
|
) |
| |
Call reset() and load the configuration rules from the input.
- Parameters
-
input | The contents of the configuration rules, with lines separated by "\n" or "\r\n". |
inputName | Used for log messages, etc. |
virtual bool ndn::ConfigPolicyManager::requireVerify |
( |
const Data & |
data | ) |
|
|
virtual |
Check if this PolicyManager has a verification rule for the received data.
If the configuration file contains the trust anchor 'any', nothing is verified.
- Parameters
-
data | The received data packet. |
- Returns
- true if the data must be verified, otherwise false.
Implements ndn::PolicyManager.
virtual bool ndn::ConfigPolicyManager::requireVerify |
( |
const Interest & |
interest | ) |
|
|
virtual |
Check if this PolicyManager has a verification rule for the received signed interest.
If the configuration file contains the trust anchor 'any', nothing is verified.
- Parameters
-
interest | The received interest. |
- Returns
- true if the interest must be verified, otherwise false.
Implements ndn::PolicyManager.
virtual bool ndn::ConfigPolicyManager::skipVerifyAndTrust |
( |
const Data & |
data | ) |
|
|
virtual |
Check if the received data packet can escape from verification and be trusted as valid.
If the configuration file contains the trust anchor 'any', nothing is verified.
- Parameters
-
data | The received data packet. |
- Returns
- true if the data does not need to be verified to be trusted as valid, otherwise false.
Implements ndn::PolicyManager.
virtual bool ndn::ConfigPolicyManager::skipVerifyAndTrust |
( |
const Interest & |
interest | ) |
|
|
virtual |
Check if the received signed interest can escape from verification and be trusted as valid.
If the configuration file contains the trust anchor 'any', nothing is verified.
- Parameters
-
interest | The received interest. |
- Returns
- true if the interest does not need to be verified to be trusted as valid, otherwise false.
Implements ndn::PolicyManager.
The documentation for this class was generated from the following file: