A ConfigPolicyManager manages trust according to a configuration file in the Validator Configuration File Format (http://redmine.named-data.net/projects/ndn-cxx/wiki/CommandValidatorConf) More...

#include <config-policy-manager.hpp>

Inheritance diagram for ndn::ConfigPolicyManager:

Public Member Functions
	ConfigPolicyManager (const std::string &configFileName="", const ptr_lib::shared_ptr< CertificateCache > &certificateCache=ptr_lib::shared_ptr< CertificateCache >(), int searchDepth=5, Milliseconds graceInterval=3000, Milliseconds keyTimestampTtl=3600000, int maxTrackedKeys=1000)
	Create a new ConfigPolicyManager which will act on the rules specified in the configuration and download unknown certificates when necessary. More...

virtual	~ConfigPolicyManager ()
	The virtual destructor.

void	reset ()
	Reset the certificate cache and other fields to the constructor state.

void	load (const std::string &configFileName)
	Call reset() and load the configuration rules from the file. More...

void	load (const std::string &input, const std::string &inputName)
	Call reset() and load the configuration rules from the input. More...

virtual bool	skipVerifyAndTrust (const Data &data)
	Check if the received data packet can escape from verification and be trusted as valid. More...

virtual bool	skipVerifyAndTrust (const Interest &interest)
	Check if the received signed interest can escape from verification and be trusted as valid. More...

virtual bool	requireVerify (const Data &data)
	Check if this PolicyManager has a verification rule for the received data. More...

virtual bool	requireVerify (const Interest &interest)
	Check if this PolicyManager has a verification rule for the received signed interest. More...

virtual ptr_lib::shared_ptr< ValidationRequest >	checkVerificationPolicy (const ptr_lib::shared_ptr< Data > &data, int stepCount, const OnVerified &onVerified, const OnVerifyFailed &onVerifyFailed)
	Check whether the received data packet complies with the verification policy, and get the indication of the next verification step. More...

virtual ptr_lib::shared_ptr< ValidationRequest >	checkVerificationPolicy (const ptr_lib::shared_ptr< Interest > &interest, int stepCount, const OnVerifiedInterest &onVerified, const OnVerifyInterestFailed &onVerifyFailed, WireFormat &wireFormat)
	Check whether the received signed interest complies with the verification policy, and get the indication of the next verification step. More...

virtual bool	checkSigningPolicy (const Name &dataName, const Name &certificateName)
	Override to always indicate that the signing certificate name and data name satisfy the signing policy. More...

virtual Name	inferSigningIdentity (const Name &dataName)
	Infer the signing identity name according to the policy. More...

Public Member Functions inherited from ndn::PolicyManager
virtual	~PolicyManager ()
	The virtual destructor.

Friends
class	::TestVerificationRulesFriend

Additional Inherited Members
Static Protected Member Functions inherited from ndn::PolicyManager
static bool	verifySignature (const Signature *signature, const SignedBlob &signedBlob, const Blob &publicKeyDer)
	Check the type of signature and use the publicKeyDer to verify the signedBlob using the appropriate signature algorithm. More...

static bool	verifySha256WithEcdsaSignature (const Blob &signature, const SignedBlob &signedBlob, const Blob &publicKeyDer)
	Verify the ECDSA signature on the SignedBlob using the given public key. More...

static bool	verifySha256WithRsaSignature (const Blob &signature, const SignedBlob &signedBlob, const Blob &publicKeyDer)
	Verify the RSA signature on the SignedBlob using the given public key. More...

static bool	verifyDigestSha256Signature (const Blob &signature, const SignedBlob &signedBlob)
	Verify the DigestSha256 signature on the SignedBlob by verifying that the digest of SignedBlob equals the signature. More...

Detailed Description

A ConfigPolicyManager manages trust according to a configuration file in the Validator Configuration File Format (http://redmine.named-data.net/projects/ndn-cxx/wiki/CommandValidatorConf)

Once a rule is matched, the ConfigPolicyManager looks in the CertificateCache for the IdentityCertificate matching the name in the KeyLocator and uses its public key to verify the data packet or signed interest. If the certificate can't be found, it is downloaded, verified and installed. A chain of certificates will be followed to a maximum depth. If the new certificate is accepted, it is used to complete the verification.

The KeyLocators of data packets and signed interests MUST contain a name for verification to succeed.

Constructor & Destructor Documentation

ndn::ConfigPolicyManager::ConfigPolicyManager	(	const std::string &	configFileName = `""`,
		const ptr_lib::shared_ptr< CertificateCache > &	certificateCache = `ptr_lib::shared_ptr< CertificateCache >()`,
		int	searchDepth = `5`,
		Milliseconds	graceInterval = `3000`,
		Milliseconds	keyTimestampTtl = `3600000`,
		int	maxTrackedKeys = `1000`
	)

Create a new ConfigPolicyManager which will act on the rules specified in the configuration and download unknown certificates when necessary.

Parameters

configFileName	(optional) If not empty, the path to the configuration file containing verification rules. Otherwise, you should separately call load().
certificateCache	(optional) A CertificateCache to hold known certificates. If this is null or omitted, then create an internal CertificateCache.
searchDepth	(optional) The maximum number of links to follow when verifying a certificate chain.
graceInterval	(optional) The window of time difference (in milliseconds) allowed between the timestamp of the first interest signed with a new public key and the validation time. If omitted, use a default value.
keyTimestampTtl	(optional) How long a public key's last-used timestamp is kept in the store (milliseconds). If omitted, use a default value.
maxTrackedKeys	The maximum number of public key use timestamps to track.

Member Function Documentation

virtual bool ndn::ConfigPolicyManager::checkSigningPolicy	(	const Name &	dataName,
		const Name &	certificateName
	)

virtual

Override to always indicate that the signing certificate name and data name satisfy the signing policy.

Parameters

dataName	The name of data to be signed.
certificateName	The name of signing certificate.

Returns: true to indicate that the signing certificate can be used to sign the data.

Implements ndn::PolicyManager.

virtual ptr_lib::shared_ptr<ValidationRequest> ndn::ConfigPolicyManager::checkVerificationPolicy	(	const ptr_lib::shared_ptr< Data > &	data,
		int	stepCount,
		const OnVerified &	onVerified,
		const OnVerifyFailed &	onVerifyFailed
	)

virtual

Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.

Parameters

data	The Data object with the signature to check.
stepCount	The number of verification steps that have been done, used to track the verification progress.
onVerified	If the signature is verified, this calls onVerified(data). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.
onVerifyFailed	If the signature check fails, this calls onVerifyFailed(data). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.

Returns: the indication of next verification step, null if there is no further step.

Implements ndn::PolicyManager.

virtual ptr_lib::shared_ptr<ValidationRequest> ndn::ConfigPolicyManager::checkVerificationPolicy	(	const ptr_lib::shared_ptr< Interest > &	interest,
		int	stepCount,
		const OnVerifiedInterest &	onVerified,
		const OnVerifyInterestFailed &	onVerifyFailed,
		WireFormat &	wireFormat
	)

virtual

Check whether the received signed interest complies with the verification policy, and get the indication of the next verification step.

Parameters

interest	The interest with the signature to check.
stepCount	The number of verification steps that have been done, used to track the verification progress.
onVerified	If the signature is verified, this calls onVerified(interest). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.
onVerifyFailed	If the signature check fails, this calls onVerifyFailed(interest). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.

Returns: the indication of next verification step, null if there is no further step.

Implements ndn::PolicyManager.

virtual Name ndn::ConfigPolicyManager::inferSigningIdentity ( const Name & dataName )

virtual

Infer the signing identity name according to the policy.

If the signing identity cannot be inferred, return an empty name.

Parameters

dataName The name of data to be signed.

Returns: The signing identity or an empty name if cannot infer.

Implements ndn::PolicyManager.

void ndn::ConfigPolicyManager::load ( const std::string & configFileName )

Call reset() and load the configuration rules from the file.

Parameters

configFileName The path to the configuration file containing the verification rules.

void ndn::ConfigPolicyManager::load	(	const std::string &	input,
		const std::string &	inputName
	)

Call reset() and load the configuration rules from the input.

Parameters

input	The contents of the configuration rules, with lines separated by "\n" or "\r\n".
inputName	Used for log messages, etc.

virtual bool ndn::ConfigPolicyManager::requireVerify ( const Data & data )

virtual

Check if this PolicyManager has a verification rule for the received data.

If the configuration file contains the trust anchor 'any', nothing is verified.

Parameters

data	The received data packet.

Returns: true if the data must be verified, otherwise false.

Implements ndn::PolicyManager.

virtual bool ndn::ConfigPolicyManager::requireVerify ( const Interest & interest )

virtual

Check if this PolicyManager has a verification rule for the received signed interest.

If the configuration file contains the trust anchor 'any', nothing is verified.

Parameters

interest The received interest.

Returns: true if the interest must be verified, otherwise false.

Implements ndn::PolicyManager.

virtual bool ndn::ConfigPolicyManager::skipVerifyAndTrust ( const Data & data )

virtual

Check if the received data packet can escape from verification and be trusted as valid.

If the configuration file contains the trust anchor 'any', nothing is verified.

Parameters

data	The received data packet.

Returns: true if the data does not need to be verified to be trusted as valid, otherwise false.

Implements ndn::PolicyManager.

virtual bool ndn::ConfigPolicyManager::skipVerifyAndTrust ( const Interest & interest )

virtual

Check if the received signed interest can escape from verification and be trusted as valid.

If the configuration file contains the trust anchor 'any', nothing is verified.

Parameters

interest The received interest.

Returns: true if the interest does not need to be verified to be trusted as valid, otherwise false.

Implements ndn::PolicyManager.

The documentation for this class was generated from the following file:

include/ndn-cpp/security/policy/config-policy-manager.hpp

Public Member Functions

Friends

Additional Inherited Members

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation