The validator which can be set up via a configuration file.
More...
#include <validator-config.hpp>
|
| ValidatorConfig (Face *face=nullptr, const shared_ptr< CertificateCache > &certificateCache=DEFAULT_CERTIFICATE_CACHE, const time::milliseconds &graceInterval=DEFAULT_GRACE_INTERVAL, const size_t stepLimit=10, const size_t maxTrackedKeys=1000, const time::system_clock::Duration &keyTimestampTtl=DEFAULT_KEY_TIMESTAMP_TTL) |
|
| ValidatorConfig (Face &face, const shared_ptr< CertificateCache > &certificateCache=DEFAULT_CERTIFICATE_CACHE, const time::milliseconds &graceInterval=DEFAULT_GRACE_INTERVAL, const size_t stepLimit=10, const size_t maxTrackedKeys=1000, const time::system_clock::Duration &keyTimestampTtl=DEFAULT_KEY_TIMESTAMP_TTL) |
|
void | load (const std::string &filename) |
|
void | load (const std::string &input, const std::string &filename) |
|
void | load (std::istream &input, const std::string &filename) |
|
void | load (const security::conf::ConfigSection &configSection, const std::string &filename) |
|
void | reset () |
|
bool | isEmpty () |
|
void | validate (const Data &data, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed) |
| Validate Data and call either onValidated or onValidationFailed. More...
|
|
void | validate (const Interest &interest, const OnInterestValidated &onValidated, const OnInterestValidationFailed &onValidationFailed) |
| Validate Interest and call either onValidated or onValidationFailed. More...
|
|
void | setDirectCertFetchEnabled (bool isEnabled) |
| Enable or disable the direct certificate fetch feature. More...
|
|
|
static bool | verifySignature (const Data &data, const v1::PublicKey &publicKey) |
| Verify the data using the publicKey. More...
|
|
static bool | verifySignature (const Interest &interest, const v1::PublicKey &publicKey) |
| Verify the signed Interest using the publicKey. More...
|
|
static bool | verifySignature (const Buffer &blob, const Signature &sig, const v1::PublicKey &publicKey) |
| Verify the blob using the publicKey against the signature. More...
|
|
static bool | verifySignature (const Data &data, const Signature &sig, const v1::PublicKey &publicKey) |
| Verify the data using the publicKey against the SHA256-RSA signature. More...
|
|
static bool | verifySignature (const Interest &interest, const Signature &sig, const v1::PublicKey &publicKey) |
| Verify the interest using the publicKey against the SHA256-RSA signature. More...
|
|
static bool | verifySignature (const uint8_t *buf, const size_t size, const Signature &sig, const v1::PublicKey &publicKey) |
| Verify the blob using the publicKey against the SHA256-RSA signature. More...
|
|
static bool | verifySignature (const Data &data, const DigestSha256 &sig) |
| Verify the data against the SHA256 signature. More...
|
|
static bool | verifySignature (const Interest &interest, const DigestSha256 &sig) |
| Verify the interest against the SHA256 signature. More...
|
|
static bool | verifySignature (const Buffer &blob, const DigestSha256 &sig) |
| Verify the blob against the SHA256 signature. More...
|
|
static bool | verifySignature (const uint8_t *buf, const size_t size, const DigestSha256 &sig) |
| Verify the blob against the SHA256 signature. More...
|
|
|
typedef function< void(const std::string &)> | OnFailure |
|
|
void | checkPolicy (const Data &data, int nSteps, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed, std::vector< shared_ptr< ValidationRequest >> &nextSteps) override |
| Check the Data against policy and return the next validation step if necessary. More...
|
|
void | checkPolicy (const Interest &interest, int nSteps, const OnInterestValidated &onValidated, const OnInterestValidationFailed &onValidationFailed, std::vector< shared_ptr< ValidationRequest >> &nextSteps) override |
| Check the Interest against validation policy and return the next validation step if necessary. More...
|
|
void | validate (const Data &data, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed, int nSteps) |
|
void | validate (const Interest &interest, const OnInterestValidated &onValidated, const OnInterestValidationFailed &onValidationFailed, int nSteps) |
|
void | onData (const Interest &interest, const Data &data, const shared_ptr< ValidationRequest > &nextStep) |
| Process the received certificate. More...
|
|
virtual shared_ptr< const Data > | preCertificateValidation (const Data &data) |
| Hooks. More...
|
|
virtual void | onNack (const Interest &interest, const lp::Nack &nack, int nRemainingRetries, const OnFailure &onFailure, const shared_ptr< ValidationRequest > &validationRequest) |
| trigger when interest retrieves a Nack. More...
|
|
virtual void | onTimeout (const Interest &interest, int nRemainingRetries, const OnFailure &onFailure, const shared_ptr< ValidationRequest > &validationRequest) |
| trigger when interest for certificate times out. More...
|
|
virtual void | afterCheckPolicy (const std::vector< shared_ptr< ValidationRequest >> &nextSteps, const OnFailure &onFailure) |
| trigger after checkPolicy is done. More...
|
|
The validator which can be set up via a configuration file.
Definition at line 36 of file validator-config.hpp.
- Note
- When both certificate cache and face are not supplied, no cache will be used. However, if only face is supplied, a default cache will be created and used.
Definition at line 38 of file validator-config.cpp.
void ndn::security::Validator::afterCheckPolicy |
( |
const std::vector< shared_ptr< ValidationRequest >> & |
nextSteps, |
|
|
const OnFailure & |
onFailure |
|
) |
| |
|
protectedvirtualinherited |
trigger after checkPolicy is done.
Validator can decide how to handle the set of validation requests according to the trust model.
- Parameters
-
nextSteps | A set of validation request made by checkPolicy. |
onFailure | Failure callback when errors happen in processing nextSteps. |
Definition at line 304 of file validator.cpp.
Check the Data against policy and return the next validation step if necessary.
If there is no next validation step, that validation MUST have been done. i.e., either onValidated or onValidationFailed callback is invoked.
- Parameters
-
data | The Data to check. |
nSteps | The number of validation steps that have been done. |
onValidated | If the Data is validated, this calls onValidated(data) |
onValidationFailed | If validation fails, this calls onValidationFailed(data) |
nextSteps | On return, contains the next validation step |
Implements ndn::security::Validator.
Definition at line 443 of file validator-config.cpp.
Check the Interest against validation policy and return the next validation step if necessary.
If there is no next validation step, that validation MUST have been done. i.e., either onValidated or onValidationFailed callback is invoked.
- Parameters
-
interest | The Interest to check. |
nSteps | The number of validation steps that have been done. |
onValidated | If the Interest is validated, this calls onValidated(data) |
onValidationFailed | If validation fails, this calls onValidationFailed(data) |
nextSteps | On return, contains the next validation step |
Implements ndn::security::Validator.
Definition at line 474 of file validator-config.cpp.
bool ndn::security::ValidatorConfig::isEmpty |
( |
| ) |
|
void ndn::security::ValidatorConfig::load |
( |
const std::string & |
filename | ) |
|
void ndn::security::ValidatorConfig::load |
( |
const std::string & |
input, |
|
|
const std::string & |
filename |
|
) |
| |
void ndn::security::ValidatorConfig::load |
( |
std::istream & |
input, |
|
|
const std::string & |
filename |
|
) |
| |
Process the received certificate.
Definition at line 88 of file validator.cpp.
|
protectedvirtualinherited |
trigger when interest retrieves a Nack.
Validator can decide how to handle a Nack, either call onFailure, or retry.
- Parameters
-
interest | The interest that retrieves a Nack. |
nack | The Nack that is retrieved. |
nRemainingRetries | The number of retries left. |
onFailure | Failure callback when there is no more retries remaining. |
validationRequest | The validationRequest containing the context of the interest. |
Definition at line 257 of file validator.cpp.
void ndn::security::Validator::onTimeout |
( |
const Interest & |
interest, |
|
|
int |
nRemainingRetries, |
|
|
const OnFailure & |
onFailure, |
|
|
const shared_ptr< ValidationRequest > & |
validationRequest |
|
) |
| |
|
protectedvirtualinherited |
trigger when interest for certificate times out.
Validator can decide how to handle the timeout, either call onFailure, or retry.
- Parameters
-
interest | The interest that times out. |
nRemainingRetries | The number of retries left. |
onFailure | Failure callback when there is no more retries remaining. |
validationRequest | The validationRequest containing the context of the interest. |
Definition at line 281 of file validator.cpp.
virtual shared_ptr<const Data> ndn::security::Validator::preCertificateValidation |
( |
const Data & |
data | ) |
|
|
inlineprotectedvirtualinherited |
Hooks.
trigger before validating requested certificate.
The Data:
- matches the interest in the validation-request.
- may be certificate or a data encapsulating certificate.
This method returns a data (actually certificate) that is will be passed as Data into: Validator::validate(const Data& data, const OnDataValidated& onValidated, const OnDataValidationFailed& onValidationFailed, int nSteps);
Definition at line 296 of file validator.hpp.
void ndn::security::ValidatorConfig::reset |
( |
| ) |
|
void ndn::security::Validator::setDirectCertFetchEnabled |
( |
bool |
isEnabled | ) |
|
|
inherited |
Enable or disable the direct certificate fetch feature.
When enabled, the validator will attempt to fetch the certificate that signs an Interest from the sender of that Interest, as identified by IncomingFaceId field, in addition to fetching from the infrastructure.
Prior to enabling this feature, the application must enable NextHopFaceId privilege on the face used by this validator.
- Note
- Current implementation can only fetch the Interest signer certificate from the Interest sender; the issuer certificate of that certificate is only fetched from the infrastructure.
-
Currently, this feature can only be used with ValidatorConfig.
- Parameters
-
isEnabled | Set true to enable the feature or false to disable. |
Definition at line 331 of file validator.cpp.
Validate Data and call either onValidated or onValidationFailed.
- Parameters
-
data | The Data with the signature to check. |
onValidated | If the Data is validated, this calls onValidated(data). |
onValidationFailed | If validation fails, this calls onValidationFailed(data). |
Definition at line 78 of file validator.hpp.
Validate Interest and call either onValidated or onValidationFailed.
- Parameters
-
interest | The Interest with the signature to check. |
onValidated | If the Interest is validated, this calls onValidated(interest). |
onValidationFailed | If validation fails, this calls onValidationFailed(interest). |
Definition at line 93 of file validator.hpp.
bool ndn::security::Validator::verifySignature |
( |
const Data & |
data, |
|
|
const v1::PublicKey & |
publicKey |
|
) |
| |
|
staticinherited |
Verify the data using the publicKey.
Definition at line 104 of file validator.cpp.
bool ndn::security::Validator::verifySignature |
( |
const Interest & |
interest, |
|
|
const v1::PublicKey & |
publicKey |
|
) |
| |
|
staticinherited |
Verify the signed Interest using the publicKey.
(Note the signature covers the first n-2 name components).
Definition at line 116 of file validator.cpp.
Verify the blob using the publicKey against the signature.
Definition at line 139 of file validator.hpp.
static bool ndn::security::Validator::verifySignature |
( |
const Data & |
data, |
|
|
const Signature & |
sig, |
|
|
const v1::PublicKey & |
publicKey |
|
) |
| |
|
inlinestaticinherited |
Verify the data using the publicKey against the SHA256-RSA signature.
Definition at line 146 of file validator.hpp.
Verify the interest using the publicKey against the SHA256-RSA signature.
(Note the signature covers the first n-2 name components).
Definition at line 160 of file validator.hpp.
bool ndn::security::Validator::verifySignature |
( |
const uint8_t * |
buf, |
|
|
const size_t |
size, |
|
|
const Signature & |
sig, |
|
|
const v1::PublicKey & |
publicKey |
|
) |
| |
|
staticinherited |
Verify the blob using the publicKey against the SHA256-RSA signature.
Definition at line 142 of file validator.cpp.
static bool ndn::security::Validator::verifySignature |
( |
const Data & |
data, |
|
|
const DigestSha256 & |
sig |
|
) |
| |
|
inlinestaticinherited |
Verify the data against the SHA256 signature.
Definition at line 184 of file validator.hpp.
static bool ndn::security::Validator::verifySignature |
( |
const Interest & |
interest, |
|
|
const DigestSha256 & |
sig |
|
) |
| |
|
inlinestaticinherited |
Verify the interest against the SHA256 signature.
(Note the signature covers the first n-2 name components).
Definition at line 197 of file validator.hpp.
static bool ndn::security::Validator::verifySignature |
( |
const Buffer & |
blob, |
|
|
const DigestSha256 & |
sig |
|
) |
| |
|
inlinestaticinherited |
Verify the blob against the SHA256 signature.
Definition at line 211 of file validator.hpp.
bool ndn::security::Validator::verifySignature |
( |
const uint8_t * |
buf, |
|
|
const size_t |
size, |
|
|
const DigestSha256 & |
sig |
|
) |
| |
|
staticinherited |
Verify the blob against the SHA256 signature.
Definition at line 234 of file validator.cpp.
const shared_ptr< CertificateCache > ndn::security::ValidatorConfig::DEFAULT_CERTIFICATE_CACHE |
|
static |
const time::milliseconds ndn::security::ValidatorConfig::DEFAULT_GRACE_INTERVAL |
|
static |
Face* ndn::security::Validator::m_face |
|
protectedinherited |
bool ndn::security::Validator::m_wantDirectCertFetch |
|
protectedinherited |