Interface for validating data and interest packets. More...
#include <validator.hpp>
Public Member Functions | |
Validator (unique_ptr< ValidationPolicy > policy, unique_ptr< CertificateFetcher > certFetcher) | |
Validator constructor. More... | |
~Validator () | |
void | setMaxDepth (size_t depth) |
Set the maximum depth of the certificate chain. More... | |
size_t | getMaxDepth () const |
void | validate (const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb) |
Asynchronously validate data . More... | |
void | validate (const Interest &interest, const InterestValidationSuccessCallback &successCb, const InterestValidationFailureCallback &failureCb) |
Asynchronously validate interest . More... | |
void | loadAnchor (const std::string &groupId, Certificate &&cert) |
load static trust anchor. More... | |
void | loadAnchor (const std::string &groupId, const std::string &certfilePath, time::nanoseconds refreshPeriod, bool isDir=false) |
load dynamic trust anchors. More... | |
void | cacheVerifiedCertificate (Certificate &&cert) |
Cache verified cert a period of time (1 hour) More... | |
const Certificate * | findTrustedCert (const Interest &interestForCert) const |
Find a trusted certificate in trust anchor container or in verified cache. More... | |
bool | isCertKnown (const Name &certPrefix) const |
Check if certificate exists in verified, unverified cache, or in the set of trust anchors. More... | |
void | cacheUnverifiedCert (Certificate &&cert) |
Cache unverified certificate for a period of time (5 minutes) More... | |
const TrustAnchorContainer & | getTrustAnchors () const |
const CertificateCache & | getVerifiedCertCache () const |
const CertificateCache & | getUnverifiedCertCache () const |
Protected Member Functions | |
void | cacheVerifiedCert (Certificate &&cert) |
Cache verified certificate a period of time (1 hour) More... | |
Protected Attributes | |
TrustAnchorContainer | m_trustAnchors |
CertificateCache | m_verifiedCertCache |
CertificateCache | m_unverifiedCertCache |
Interface for validating data and interest packets.
Every time a validation process initiated, it creates a ValidationState that exist until validation finishes with either success or failure. This state serves several purposes:
During validation, policy and/or key fetcher can augment validation state with policy- and fetcher-specific information using ndn::Tag's.
A validator has a trust anchor cache to save static and dynamic trust anchors, a verified certificate cache for saving certificates that are already verified and an unverified certificate cache for saving prefetched but not yet verified certificates.
Limit the maximum time the validation process is allowed to run before declaring failure
Ability to customize maximum lifetime for trusted and untrusted certificate caches. Current implementation hard-codes them to be 1 hour and 5 minutes.
Definition at line 61 of file v2/validator.hpp.
ndn::security::v2::Validator::Validator | ( | unique_ptr< ValidationPolicy > | policy, |
unique_ptr< CertificateFetcher > | certFetcher | ||
) |
Validator constructor.
policy | Validation policy to be associated with the validator |
certFetcher | Certificate fetcher implementation. |
Definition at line 37 of file v2/validator.cpp.
|
default |
|
inherited |
Cache unverified certificate for a period of time (5 minutes)
cert | The certificate packet |
Definition at line 74 of file certificate-storage.cpp.
|
protectedinherited |
Cache verified certificate a period of time (1 hour)
cert | The certificate packet |
Definition at line 68 of file certificate-storage.cpp.
void ndn::security::v2::Validator::cacheVerifiedCertificate | ( | Certificate && | cert | ) |
Cache verified cert
a period of time (1 hour)
Definition at line 179 of file v2/validator.cpp.
|
inherited |
Find a trusted certificate in trust anchor container or in verified cache.
interestForCert | Interest for certificate |
Definition at line 35 of file certificate-storage.cpp.
size_t ndn::security::v2::Validator::getMaxDepth | ( | ) | const |
Definition at line 56 of file v2/validator.cpp.
|
inherited |
Definition at line 80 of file certificate-storage.cpp.
|
inherited |
Definition at line 92 of file certificate-storage.cpp.
|
inherited |
Definition at line 86 of file certificate-storage.cpp.
|
inherited |
Check if certificate exists in verified, unverified cache, or in the set of trust anchors.
Definition at line 47 of file certificate-storage.cpp.
void ndn::security::v2::Validator::loadAnchor | ( | const std::string & | groupId, |
Certificate && | cert | ||
) |
load static trust anchor.
Static trust anchors are permanently associated with the validator and never expire.
groupId | Certificate group id. |
cert | Certificate to load as a trust anchor. |
Definition at line 166 of file v2/validator.cpp.
void ndn::security::v2::Validator::loadAnchor | ( | const std::string & | groupId, |
const std::string & | certfilePath, | ||
time::nanoseconds | refreshPeriod, | ||
bool | isDir = false |
||
) |
load dynamic trust anchors.
Dynamic trust anchors are associated with the validator for as long as the underlying trust anchor file (set of files) exist(s).
groupId | Certificate group id, must not be empty. |
certfilePath | Specifies the path to load the trust anchors. |
refreshPeriod | Refresh period for the trust anchors, must be positive. |
isDir | Tells whether the path is a directory or a single file. |
Definition at line 172 of file v2/validator.cpp.
void ndn::security::v2::Validator::setMaxDepth | ( | size_t | depth | ) |
Set the maximum depth of the certificate chain.
Definition at line 50 of file v2/validator.cpp.
void ndn::security::v2::Validator::validate | ( | const Data & | data, |
const DataValidationSuccessCallback & | successCb, | ||
const DataValidationFailureCallback & | failureCb | ||
) |
Asynchronously validate data
.
successCb
and failureCb
must not be nullptr Definition at line 62 of file v2/validator.cpp.
void ndn::security::v2::Validator::validate | ( | const Interest & | interest, |
const InterestValidationSuccessCallback & | successCb, | ||
const InterestValidationFailureCallback & | failureCb | ||
) |
Asynchronously validate interest
.
successCb
and failureCb
must not be nullptr Definition at line 82 of file v2/validator.cpp.
|
protectedinherited |
Definition at line 122 of file certificate-storage.hpp.
|
protectedinherited |
Definition at line 124 of file certificate-storage.hpp.
|
protectedinherited |
Definition at line 123 of file certificate-storage.hpp.