NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.0: NDN, CCN, CCNx, content centric networks 		API Documentation
validator-config.hpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
24 #ifndef NDN_SECURITY_VALIDATOR_CONFIG_HPP
25 #define NDN_SECURITY_VALIDATOR_CONFIG_HPP
26 
27 #include "validator.hpp"
28 #include "certificate-cache.hpp"
29 #include "conf/rule.hpp"
30 #include "conf/common.hpp"
31 
32 namespace ndn {
33 
34 class ValidatorConfig : public Validator
35 {
36 public:
37  class Error : public Validator::Error
38  {
39  public:
40  explicit
41  Error(const std::string& what)
42  : Validator::Error(what)
43  {
44  }
45  };
46 
51  explicit
52  ValidatorConfig(Face* face = nullptr,
53  const shared_ptr<CertificateCache>& certificateCache = DEFAULT_CERTIFICATE_CACHE,
54  const time::milliseconds& graceInterval = DEFAULT_GRACE_INTERVAL,
55  const size_t stepLimit = 10,
56  const size_t maxTrackedKeys = 1000,
57  const time::system_clock::Duration& keyTimestampTtl = DEFAULT_KEY_TIMESTAMP_TTL);
58 
60  explicit
61  ValidatorConfig(Face& face,
62  const shared_ptr<CertificateCache>& certificateCache = DEFAULT_CERTIFICATE_CACHE,
63  const time::milliseconds& graceInterval = DEFAULT_GRACE_INTERVAL,
64  const size_t stepLimit = 10,
65  const size_t maxTrackedKeys = 1000,
66  const time::system_clock::Duration& keyTimestampTtl = DEFAULT_KEY_TIMESTAMP_TTL);
67 
68  virtual
69  ~ValidatorConfig()
70  {
71  }
72 
73  void
74  load(const std::string& filename);
75 
76  void
77  load(const std::string& input, const std::string& filename);
78 
79  void
80  load(std::istream& input, const std::string& filename);
81 
82  void
83  load(const security::conf::ConfigSection& configSection,
84  const std::string& filename);
85 
86  void
87  reset();
88 
89  bool
90  isEmpty();
91 
92 protected:
93  virtual void
94  checkPolicy(const Data& data,
95  int nSteps,
96  const OnDataValidated& onValidated,
97  const OnDataValidationFailed& onValidationFailed,
98  std::vector<shared_ptr<ValidationRequest> >& nextSteps);
99 
100  virtual void
101  checkPolicy(const Interest& interest,
102  int nSteps,
103  const OnInterestValidated& onValidated,
104  const OnInterestValidationFailed& onValidationFailed,
105  std::vector<shared_ptr<ValidationRequest> >& nextSteps);
106 
107 private:
108  template<class Packet, class OnValidated, class OnFailed>
109  void
110  checkSignature(const Packet& packet,
111  const Signature& signature,
112  size_t nSteps,
113  const OnValidated& onValidated,
114  const OnFailed& onValidationFailed,
115  std::vector<shared_ptr<ValidationRequest> >& nextSteps);
116 
117  void
118  checkTimestamp(const shared_ptr<const Interest>& interest,
119  const Name& keyName,
120  const OnInterestValidated& onValidated,
121  const OnInterestValidationFailed& onValidationFailed);
122 
123  template<class Packet, class OnValidated, class OnFailed>
124  void
125  onCertValidated(const shared_ptr<const Data>& signCertificate,
126  const shared_ptr<const Packet>& packet,
127  const OnValidated& onValidated,
128  const OnFailed& onValidationFailed);
129 
130  template<class Packet, class OnFailed>
131  void
132  onCertFailed(const shared_ptr<const Data>& signCertificate,
133  const std::string& failureInfo,
134  const shared_ptr<const Packet>& packet,
135  const OnFailed& onValidationFailed);
136 
137  void
138  onConfigRule(const security::conf::ConfigSection& section,
139  const std::string& filename);
140 
141  void
142  onConfigTrustAnchor(const security::conf::ConfigSection& section,
143  const std::string& filename);
144 
145  time::nanoseconds
146  getRefreshPeriod(std::string refreshString);
147 
148  time::nanoseconds
149  getDefaultRefreshPeriod();
150 
151  void
152  refreshAnchors();
153 
154  void
155  cleanOldKeys();
156 
157 #ifdef NDN_CXX_HAVE_TESTS
158  size_t
159  getTimestampMapSize()
160  {
161  return m_lastTimestamp.size();
162  }
163 #endif
164 
165  class TrustAnchorContainer
166  {
167  public:
168  TrustAnchorContainer()
169  {
170  }
171 
172  const std::list<shared_ptr<IdentityCertificate> >&
173  getAll() const
174  {
175  return m_certificates;
176  }
177 
178  void
179  add(shared_ptr<IdentityCertificate> certificate)
180  {
181  m_certificates.push_back(certificate);
182  }
183 
184  protected:
185  std::list<shared_ptr<IdentityCertificate> > m_certificates;
186  };
187 
188  class DynamicTrustAnchorContainer : public TrustAnchorContainer
189  {
190  public:
191  DynamicTrustAnchorContainer(const boost::filesystem::path& path, bool isDir,
192  time::nanoseconds refreshPeriod)
193  : m_path(path)
194  , m_isDir(isDir)
195  , m_refreshPeriod(refreshPeriod)
196  {
197  }
198 
199  void
200  setLastRefresh(const time::system_clock::TimePoint& lastRefresh)
201  {
202  m_lastRefresh = lastRefresh;
203  }
204 
205  const time::system_clock::TimePoint&
206  getLastRefresh() const
207  {
208  return m_lastRefresh;
209  }
210 
211  const time::nanoseconds&
212  getRefreshPeriod() const
213  {
214  return m_refreshPeriod;
215  }
216 
217  void
218  refresh();
219 
220  private:
221  boost::filesystem::path m_path;
222  bool m_isDir;
223 
224  time::system_clock::TimePoint m_lastRefresh;
225  time::nanoseconds m_refreshPeriod;
226  };
227 
228  static inline bool
229  compareDynamicContainer(const DynamicTrustAnchorContainer& containerA,
230  const DynamicTrustAnchorContainer& containerB)
231  {
232  return (containerA.getLastRefresh() < containerB.getLastRefresh());
233  }
234 
235 public:
236  static const shared_ptr<CertificateCache> DEFAULT_CERTIFICATE_CACHE;
237  static const time::milliseconds DEFAULT_GRACE_INTERVAL;
238  static const time::system_clock::Duration DEFAULT_KEY_TIMESTAMP_TTL;
239 
240 private:
241  typedef security::conf::Rule<Interest> InterestRule;
242  typedef security::conf::Rule<Data> DataRule;
243  typedef std::vector<shared_ptr<InterestRule> > InterestRuleList;
244  typedef std::vector<shared_ptr<DataRule> > DataRuleList;
245  typedef std::map<Name, shared_ptr<IdentityCertificate> > AnchorList;
246  typedef std::list<DynamicTrustAnchorContainer> DynamicContainers; // sorted by m_lastRefresh
247  typedef std::list<shared_ptr<IdentityCertificate> > CertificateList;
248 
249 
255  bool m_shouldValidate;
256 
257  size_t m_stepLimit;
258  shared_ptr<CertificateCache> m_certificateCache;
259 
260  InterestRuleList m_interestRules;
261  DataRuleList m_dataRules;
262 
263  AnchorList m_anchors;
264  TrustAnchorContainer m_staticContainer;
265  DynamicContainers m_dynamicContainers;
266 
267  time::milliseconds m_graceInterval;
268  size_t m_maxTrackedKeys;
269  typedef std::map<Name, time::system_clock::TimePoint> LastTimestampMap;
270  LastTimestampMap m_lastTimestamp;
271  const time::system_clock::Duration& m_keyTimestampTtl;
272 };
273 
274 } // namespace ndn
275 
276 #endif // NDN_SECURITY_VALIDATOR_CONFIG_HPP
ndn
Copyright (c) 2011-2015 Regents of the University of California.
Definition: ndn-strategy-choice-helper.hpp:34
ndn::ValidatorConfig::load
void load(const std::string &filename)
Definition: validator-config.cpp:77
ndn::time::system_clock::Duration
duration Duration
Definition: time.hpp:79
ndn::ValidatorConfig::DEFAULT_KEY_TIMESTAMP_TTL
static const time::system_clock::Duration DEFAULT_KEY_TIMESTAMP_TTL
Definition: validator-config.hpp:238
ndn::Interest
represents an Interest packet
Definition: interest.hpp:45
ndn::ValidatorConfig::checkPolicy
virtual void checkPolicy(const Data &data, int nSteps, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed, std::vector< shared_ptr< ValidationRequest > > &nextSteps)
Check the Data against policy and return the next validation step if necessary.
Definition: validator-config.cpp:488
ndn::ValidatorConfig::Error::Error
Error(const std::string &what)
Definition: validator-config.hpp:41
ndn::OnDataValidated
function< void(const shared_ptr< const Data > &)> OnDataValidated
Callback to report a successful Data validation.
Definition: validation-request.hpp:38
ndn::ValidatorConfig::ValidatorConfig
ValidatorConfig(Face *face=nullptr, const shared_ptr< CertificateCache > &certificateCache=DEFAULT_CERTIFICATE_CACHE, const time::milliseconds &graceInterval=DEFAULT_GRACE_INTERVAL, const size_t stepLimit=10, const size_t maxTrackedKeys=1000, const time::system_clock::Duration &keyTimestampTtl=DEFAULT_KEY_TIMESTAMP_TTL)
Definition: validator-config.cpp:38
ndn::OnDataValidationFailed
function< void(const shared_ptr< const Data > &, const std::string &)> OnDataValidationFailed
Callback to report a failed Data validation.
Definition: validation-request.hpp:42
ndn::Face
Abstraction to communicate with local or remote NDN forwarder.
Definition: face.hpp:100
ndn::ValidatorConfig::DEFAULT_CERTIFICATE_CACHE
static const shared_ptr< CertificateCache > DEFAULT_CERTIFICATE_CACHE
Definition: validator-config.hpp:236
ndn::Name
Name abstraction to represent an absolute name.
Definition: name.hpp:46
ndn::time::system_clock::TimePoint
time_point TimePoint
Definition: time.hpp:78
ndn::ValidatorConfig::DEFAULT_GRACE_INTERVAL
static const time::milliseconds DEFAULT_GRACE_INTERVAL
Definition: validator-config.hpp:237
ndn::OnInterestValidationFailed
function< void(const shared_ptr< const Interest > &, const std::string &)> OnInterestValidationFailed
Callback to report a failed Interest validation.
Definition: validation-request.hpp:35
ndn::security::conf::ConfigSection
boost::property_tree::ptree ConfigSection
Definition: common.hpp:35
ndn::Data
represents a Data packet
Definition: data.hpp:39
ndn::Validator
Validator is one of the main classes of the security library.
Definition: validator.hpp:46
ndn::OnInterestValidated
function< void(const shared_ptr< const Interest > &)> OnInterestValidated
Callback to report a successful Interest validation.
Definition: validation-request.hpp:31
ndn::Signature
A Signature is storage for the signature-related information (info and value) in a Data packet...
Definition: signature.hpp:33