24 #ifndef NDN_CONFIG_POLICY_MANAGER_HPP
25 #define NDN_CONFIG_POLICY_MANAGER_HPP
30 #include <ndn-cpp/security/policy/certificate-cache.hpp>
31 #include "policy-manager.hpp"
38 class BoostInfoParser;
39 class IdentityCertificate;
79 (
const std::string& configFileName =
"",
80 const ptr_lib::shared_ptr<CertificateCache>& certificateCache =
81 ptr_lib::shared_ptr<CertificateCache>(),
int searchDepth = 5,
83 int maxTrackedKeys = 1000);
103 load(
const std::string& configFileName);
112 load(
const std::string& input,
const std::string& inputName);
175 virtual ptr_lib::shared_ptr<ValidationRequest>
177 (
const ptr_lib::shared_ptr<Data>& data,
int stepCount,
198 virtual ptr_lib::shared_ptr<ValidationRequest>
200 (
const ptr_lib::shared_ptr<Interest>& interest,
int stepCount,
226 friend class ::TestVerificationRulesFriend;
232 class TrustAnchorRefreshManager {
234 TrustAnchorRefreshManager()
238 static ptr_lib::shared_ptr<IdentityCertificate>
239 loadIdentityCertificateFromFile(
const std::string& filename);
241 ptr_lib::shared_ptr<IdentityCertificate>
242 getCertificate(
Name certificateName)
const
245 return certificateCache_.getCertificate(certificateName);
249 addDirectory(
const std::string& directoryName,
Milliseconds refreshPeriod);
255 class DirectoryInfo {
258 (
const std::vector<std::string>& certificateNames,
260 : certificateNames_(certificateNames), nextRefresh_(nextRefresh),
261 refreshPeriod_(refreshPeriod)
265 std::vector<std::string> certificateNames_;
273 std::map<std::string, ptr_lib::shared_ptr<DirectoryInfo> > refreshDirectories_;
283 loadTrustAnchorCertificates();
309 ptr_lib::shared_ptr<IdentityCertificate>
310 lookupCertificate(
const std::string& certID,
bool isPath);
322 findMatchingRule(
const Name& objName,
const std::string& matchType)
const;
339 (
const Name& name,
const Name& matchName,
const std::string& matchRelation);
348 static ptr_lib::shared_ptr<Signature>
400 ptr_lib::shared_ptr<Interest>
401 getCertificateInterest
402 (
int stepCount,
const std::string& matchType,
const Name& objectName,
418 onCertificateDownloadComplete
419 (
const ptr_lib::shared_ptr<Data> &data,
420 const ptr_lib::shared_ptr<Data> &originalData,
int stepCount,
436 onCertificateDownloadCompleteForInterest
437 (
const ptr_lib::shared_ptr<Data> &data,
438 const ptr_lib::shared_ptr<Interest> &originalInterest,
int stepCount,
442 ptr_lib::shared_ptr<CertificateCache> certificateCache_;
449 std::map<std::string, std::string> fixedCertificateCache_;
453 std::map<std::string, MillisecondsSince1970> keyTimestamps_;
454 ptr_lib::shared_ptr<BoostInfoParser> config_;
455 bool requiresVerification_;
456 ptr_lib::shared_ptr<TrustAnchorRefreshManager> refreshManager_;
double Milliseconds
A time interval represented as the number of milliseconds.
Definition: common.hpp:111
A ConfigPolicyManager manages trust according to a configuration file in the Validator Configuration ...
Definition: config-policy-manager.hpp:56
func_lib::function< void(const ptr_lib::shared_ptr< Interest > &interest)> OnVerifyInterestFailed
An OnVerifyInterestFailed function object is used to pass a callback to verifyInterest to report a fa...
Definition: validation-request.hpp:52
Copyright (C) 2013-2016 Regents of the University of California.
Definition: common.hpp:35
func_lib::function< void(const ptr_lib::shared_ptr< Interest > &interest)> OnVerifiedInterest
An OnVerifiedInterest function object is used to pass a callback to verifyInterest to report a succes...
Definition: validation-request.hpp:45
virtual ptr_lib::shared_ptr< ValidationRequest > checkVerificationPolicy(const ptr_lib::shared_ptr< Data > &data, int stepCount, const OnVerified &onVerified, const OnVerifyFailed &onVerifyFailed)
Check whether the received data packet complies with the verification policy, and get the indication ...
virtual bool skipVerifyAndTrust(const Data &data)
Check if the received data packet can escape from verification and be trusted as valid.
void reset()
Reset the certificate cache and other fields to the constructor state.
virtual bool requireVerify(const Data &data)
Check if this PolicyManager has a verification rule for the received data.
ConfigPolicyManager(const std::string &configFileName="", const ptr_lib::shared_ptr< CertificateCache > &certificateCache=ptr_lib::shared_ptr< CertificateCache >(), int searchDepth=5, Milliseconds graceInterval=3000, Milliseconds keyTimestampTtl=3600000, int maxTrackedKeys=1000)
Create a new ConfigPolicyManager which will act on the rules specified in the configuration and downl...
func_lib::function< void(const ptr_lib::shared_ptr< Data > &data)> OnVerified
An OnVerified function object is used to pass a callback to verifyData to report a successful verific...
Definition: validation-request.hpp:33
BoostInfoTree is provided for compatibility with the Boost INFO property list format used in ndn-cxx...
Definition: boost-info-parser.hpp:46
virtual Name inferSigningIdentity(const Name &dataName)
Infer the signing identity name according to the policy.
virtual ~ConfigPolicyManager()
The virtual destructor.
A Name holds an array of Name::Component and represents an NDN name.
Definition: name.hpp:40
A Signature is an abstract base class providing methods to work with the signature information in a D...
Definition: signature.hpp:35
An Interest holds a Name and other fields for an interest.
Definition: interest.hpp:41
TestVerificationRulesFriend is a friend of ConfigPolicyManager so we can call its private members thr...
Definition: test-verification-rules.cpp:140
void load(const std::string &configFileName)
Call reset() and load the configuration rules from the file.
double MillisecondsSince1970
The calendar time represented as the number of milliseconds since 1/1/1970.
Definition: common.hpp:116
func_lib::function< void(const ptr_lib::shared_ptr< Data > &data)> OnVerifyFailed
An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verific...
Definition: validation-request.hpp:38
virtual bool checkSigningPolicy(const Name &dataName, const Name &certificateName)
Override to always indicate that the signing certificate name and data name satisfy the signing polic...
A SignedBlob extends Blob to keep the offsets of a signed portion (e.g., the bytes of Data packet)...
Definition: signed-blob.hpp:34
A PolicyManager is an abstract base class to represent the policy for verifying data packets...
Definition: policy-manager.hpp:37
A CertificateCache is used to save other users' certificate during verification.
Definition: certificate-cache.hpp:36