validator-config.hpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
22 #ifndef NDN_SECURITY_VALIDATOR_CONFIG_HPP
23 #define NDN_SECURITY_VALIDATOR_CONFIG_HPP
24 
25 #include "validator.hpp"
26 #include "certificate-cache.hpp"
27 #include "conf/rule.hpp"
28 #include "conf/common.hpp"
29 
30 namespace ndn {
31 namespace security {
32 
36 class ValidatorConfig : public Validator
37 {
38 public:
39  class Error : public Validator::Error
40  {
41  public:
42  explicit
43  Error(const std::string& what)
44  : Validator::Error(what)
45  {
46  }
47  };
48 
53  explicit
54  ValidatorConfig(Face* face = nullptr,
55  const shared_ptr<CertificateCache>& certificateCache = DEFAULT_CERTIFICATE_CACHE,
56  const time::milliseconds& graceInterval = DEFAULT_GRACE_INTERVAL,
57  const size_t stepLimit = 10,
58  const size_t maxTrackedKeys = 1000,
59  const time::system_clock::Duration& keyTimestampTtl = DEFAULT_KEY_TIMESTAMP_TTL);
60 
62  explicit
63  ValidatorConfig(Face& face,
64  const shared_ptr<CertificateCache>& certificateCache = DEFAULT_CERTIFICATE_CACHE,
65  const time::milliseconds& graceInterval = DEFAULT_GRACE_INTERVAL,
66  const size_t stepLimit = 10,
67  const size_t maxTrackedKeys = 1000,
68  const time::system_clock::Duration& keyTimestampTtl = DEFAULT_KEY_TIMESTAMP_TTL);
69 
70  void
71  load(const std::string& filename);
72 
73  void
74  load(const std::string& input, const std::string& filename);
75 
76  void
77  load(std::istream& input, const std::string& filename);
78 
79  void
80  load(const security::conf::ConfigSection& configSection,
81  const std::string& filename);
82 
83  void
84  reset();
85 
86  bool
87  isEmpty();
88 
89 protected:
90  void
91  checkPolicy(const Data& data,
92  int nSteps,
93  const OnDataValidated& onValidated,
94  const OnDataValidationFailed& onValidationFailed,
95  std::vector<shared_ptr<ValidationRequest>>& nextSteps) override;
96 
97  void
98  checkPolicy(const Interest& interest,
99  int nSteps,
100  const OnInterestValidated& onValidated,
101  const OnInterestValidationFailed& onValidationFailed,
102  std::vector<shared_ptr<ValidationRequest>>& nextSteps) override;
103 
104 private:
105  template<class Packet, class OnValidated, class OnFailed>
106  void
107  checkSignature(const Packet& packet,
108  const Signature& signature,
109  size_t nSteps,
110  const OnValidated& onValidated,
111  const OnFailed& onValidationFailed,
112  std::vector<shared_ptr<ValidationRequest>>& nextSteps);
113 
114  void
115  checkTimestamp(const shared_ptr<const Interest>& interest,
116  const Name& keyName,
117  const OnInterestValidated& onValidated,
118  const OnInterestValidationFailed& onValidationFailed);
119 
120  template<class Packet, class OnValidated, class OnFailed>
121  void
122  onCertValidated(const shared_ptr<const Data>& signCertificate,
123  const shared_ptr<const Packet>& packet,
124  const OnValidated& onValidated,
125  const OnFailed& onValidationFailed);
126 
127  template<class Packet, class OnFailed>
128  void
129  onCertFailed(const shared_ptr<const Data>& signCertificate,
130  const std::string& failureInfo,
131  const shared_ptr<const Packet>& packet,
132  const OnFailed& onValidationFailed);
133 
134  void
135  onConfigRule(const security::conf::ConfigSection& section,
136  const std::string& filename);
137 
138  void
139  onConfigTrustAnchor(const security::conf::ConfigSection& section,
140  const std::string& filename);
141 
142  time::nanoseconds
143  getRefreshPeriod(std::string refreshString);
144 
145  time::nanoseconds
146  getDefaultRefreshPeriod();
147 
148  void
149  refreshAnchors();
150 
151  void
152  cleanOldKeys();
153 
154  class TrustAnchorContainer
155  {
156  public:
157  const std::list<shared_ptr<v1::IdentityCertificate>>&
158  getAll() const
159  {
160  return m_certificates;
161  }
162 
163  void
164  add(shared_ptr<v1::IdentityCertificate> certificate)
165  {
166  m_certificates.push_back(certificate);
167  }
168 
169  protected:
170  std::list<shared_ptr<v1::IdentityCertificate>> m_certificates;
171  };
172 
173  class DynamicTrustAnchorContainer : public TrustAnchorContainer
174  {
175  public:
176  DynamicTrustAnchorContainer(const boost::filesystem::path& path, bool isDir,
177  time::nanoseconds refreshPeriod)
178  : m_path(path)
179  , m_isDir(isDir)
180  , m_refreshPeriod(refreshPeriod)
181  {
182  }
183 
184  void
185  setLastRefresh(const time::system_clock::TimePoint& lastRefresh)
186  {
187  m_lastRefresh = lastRefresh;
188  }
189 
190  const time::system_clock::TimePoint&
191  getLastRefresh() const
192  {
193  return m_lastRefresh;
194  }
195 
196  const time::nanoseconds&
197  getRefreshPeriod() const
198  {
199  return m_refreshPeriod;
200  }
201 
202  void
203  refresh();
204 
205  private:
206  boost::filesystem::path m_path;
207  bool m_isDir;
208 
209  time::system_clock::TimePoint m_lastRefresh;
210  time::nanoseconds m_refreshPeriod;
211  };
212 
213  static inline bool
214  compareDynamicContainer(const DynamicTrustAnchorContainer& containerA,
215  const DynamicTrustAnchorContainer& containerB)
216  {
217  return (containerA.getLastRefresh() < containerB.getLastRefresh());
218  }
219 
220 public:
221  static const shared_ptr<CertificateCache> DEFAULT_CERTIFICATE_CACHE;
222  static const time::milliseconds DEFAULT_GRACE_INTERVAL;
223  static const time::system_clock::Duration DEFAULT_KEY_TIMESTAMP_TTL;
224 
225 NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
226  typedef security::conf::Rule<Interest> InterestRule;
227  typedef security::conf::Rule<Data> DataRule;
228  typedef std::vector<shared_ptr<InterestRule>> InterestRuleList;
229  typedef std::vector<shared_ptr<DataRule>> DataRuleList;
230  typedef std::map<Name, shared_ptr<v1::IdentityCertificate>> AnchorList;
231  typedef std::list<DynamicTrustAnchorContainer> DynamicContainers; // sorted by m_lastRefresh
232  typedef std::list<shared_ptr<v1::IdentityCertificate>> CertificateList;
233 
239  bool m_shouldValidate;
240 
241  size_t m_stepLimit;
242  shared_ptr<CertificateCache> m_certificateCache;
243 
244  InterestRuleList m_interestRules;
245  DataRuleList m_dataRules;
246 
247  AnchorList m_anchors;
248  TrustAnchorContainer m_staticContainer;
249  DynamicContainers m_dynamicContainers;
250 
251  time::milliseconds m_graceInterval;
252  size_t m_maxTrackedKeys;
253  typedef std::map<Name, time::system_clock::TimePoint> LastTimestampMap;
254  LastTimestampMap m_lastTimestamp;
255  const time::system_clock::Duration& m_keyTimestampTtl;
256 };
257 
258 } // namespace security
259 
260 using security::ValidatorConfig;
261 
262 } // namespace ndn
263 
264 #endif // NDN_SECURITY_VALIDATOR_CONFIG_HPP
ndn::security::OnInterestValidationFailed
function< void(const shared_ptr< const Interest > &, const std::string &)> OnInterestValidationFailed
Callback to report a failed Interest validation.
Definition: validation-request.hpp:35
ndn
Copyright (c) 2013-2016 Regents of the University of California.
Definition: common.hpp:74
ndn::security::ValidatorConfig::load
void load(const std::string &filename)
Definition: validator-config.cpp:77
ndn::time::system_clock::Duration
duration Duration
Definition: time.hpp:91
NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE
#define NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE
Definition: common.hpp:43
ndn::security::ValidatorConfig
The validator which can be set up via a configuration file.
Definition: validator-config.hpp:36
ndn::Interest
represents an Interest packet
Definition: interest.hpp:42
ndn::security::ValidatorConfig::ValidatorConfig
ValidatorConfig(Face *face=nullptr, const shared_ptr< CertificateCache > &certificateCache=DEFAULT_CERTIFICATE_CACHE, const time::milliseconds &graceInterval=DEFAULT_GRACE_INTERVAL, const size_t stepLimit=10, const size_t maxTrackedKeys=1000, const time::system_clock::Duration &keyTimestampTtl=DEFAULT_KEY_TIMESTAMP_TTL)
Definition: validator-config.cpp:38
ndn::security::OnDataValidationFailed
function< void(const shared_ptr< const Data > &, const std::string &)> OnDataValidationFailed
Callback to report a failed Data validation.
Definition: validation-request.hpp:42
ndn::security::ValidatorConfig::DEFAULT_GRACE_INTERVAL
static const time::milliseconds DEFAULT_GRACE_INTERVAL
Definition: validator-config.hpp:222
ndn::security::OnDataValidated
function< void(const shared_ptr< const Data > &)> OnDataValidated
Callback to report a successful Data validation.
Definition: validation-request.hpp:38
ndn::security::OnInterestValidated
function< void(const shared_ptr< const Interest > &)> OnInterestValidated
Callback to report a successful Interest validation.
Definition: validation-request.hpp:31
ndn::security::ValidatorConfig::DEFAULT_CERTIFICATE_CACHE
static const shared_ptr< CertificateCache > DEFAULT_CERTIFICATE_CACHE
Definition: validator-config.hpp:221
ndn::security::Validator
provides the interfaces for packet validation.
Definition: validator.hpp:39
ndn::Face
Provide a communication channel with local or remote NDN forwarder.
Definition: face.hpp:121
ndn::Name
Name abstraction to represent an absolute name.
Definition: name.hpp:46
ndn::security::ValidatorConfig::checkPolicy
void checkPolicy(const Data &data, int nSteps, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed, std::vector< shared_ptr< ValidationRequest >> &nextSteps) override
Check the Data against policy and return the next validation step if necessary.
Definition: validator-config.cpp:443
ndn::time::system_clock::TimePoint
time_point TimePoint
Definition: time.hpp:90
ndn::security::conf::ConfigSection
boost::property_tree::ptree ConfigSection
Definition: security/conf/common.hpp:35
ndn::security::ValidatorConfig::DEFAULT_KEY_TIMESTAMP_TTL
static const time::system_clock::Duration DEFAULT_KEY_TIMESTAMP_TTL
Definition: validator-config.hpp:223
ndn::Data
represents a Data packet
Definition: data.hpp:37
ndn::Signature
A Signature is storage for the signature-related information (info and value) in a Data packet...
Definition: signature.hpp:33