NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.3: NDN, CCN, CCNx, content centric networks
API Documentation
validator-config.hpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
25 #ifndef NDN_SECURITY_VALIDATOR_CONFIG_HPP
26 #define NDN_SECURITY_VALIDATOR_CONFIG_HPP
27 
28 #include "validator.hpp"
29 #include "certificate-cache.hpp"
30 #include "conf/rule.hpp"
31 #include "conf/common.hpp"
32 
33 namespace ndn {
34 namespace security {
35 
39 class ValidatorConfig : public Validator
40 {
41 public:
42  class Error : public Validator::Error
43  {
44  public:
45  explicit
46  Error(const std::string& what)
47  : Validator::Error(what)
48  {
49  }
50  };
51 
56  explicit
57  ValidatorConfig(Face* face = nullptr,
58  const shared_ptr<CertificateCache>& certificateCache = DEFAULT_CERTIFICATE_CACHE,
59  const time::milliseconds& graceInterval = DEFAULT_GRACE_INTERVAL,
60  const size_t stepLimit = 10,
61  const size_t maxTrackedKeys = 1000,
63 
65  explicit
67  const shared_ptr<CertificateCache>& certificateCache = DEFAULT_CERTIFICATE_CACHE,
68  const time::milliseconds& graceInterval = DEFAULT_GRACE_INTERVAL,
69  const size_t stepLimit = 10,
70  const size_t maxTrackedKeys = 1000,
72 
73  void
74  load(const std::string& filename);
75 
76  void
77  load(const std::string& input, const std::string& filename);
78 
79  void
80  load(std::istream& input, const std::string& filename);
81 
82  void
83  load(const security::conf::ConfigSection& configSection,
84  const std::string& filename);
85 
86  void
87  reset();
88 
89  bool
90  isEmpty();
91 
92 protected:
93  virtual void
94  checkPolicy(const Data& data,
95  int nSteps,
96  const OnDataValidated& onValidated,
97  const OnDataValidationFailed& onValidationFailed,
98  std::vector<shared_ptr<ValidationRequest>>& nextSteps) override;
99 
100  virtual void
101  checkPolicy(const Interest& interest,
102  int nSteps,
103  const OnInterestValidated& onValidated,
104  const OnInterestValidationFailed& onValidationFailed,
105  std::vector<shared_ptr<ValidationRequest>>& nextSteps) override;
106 
107 private:
108  template<class Packet, class OnValidated, class OnFailed>
109  void
110  checkSignature(const Packet& packet,
111  const Signature& signature,
112  size_t nSteps,
113  const OnValidated& onValidated,
114  const OnFailed& onValidationFailed,
115  std::vector<shared_ptr<ValidationRequest>>& nextSteps);
116 
117  void
118  checkTimestamp(const shared_ptr<const Interest>& interest,
119  const Name& keyName,
120  const OnInterestValidated& onValidated,
121  const OnInterestValidationFailed& onValidationFailed);
122 
123  template<class Packet, class OnValidated, class OnFailed>
124  void
125  onCertValidated(const shared_ptr<const Data>& signCertificate,
126  const shared_ptr<const Packet>& packet,
127  const OnValidated& onValidated,
128  const OnFailed& onValidationFailed);
129 
130  template<class Packet, class OnFailed>
131  void
132  onCertFailed(const shared_ptr<const Data>& signCertificate,
133  const std::string& failureInfo,
134  const shared_ptr<const Packet>& packet,
135  const OnFailed& onValidationFailed);
136 
137  void
138  onConfigRule(const security::conf::ConfigSection& section,
139  const std::string& filename);
140 
141  void
142  onConfigTrustAnchor(const security::conf::ConfigSection& section,
143  const std::string& filename);
144 
145  time::nanoseconds
146  getRefreshPeriod(std::string refreshString);
147 
148  time::nanoseconds
149  getDefaultRefreshPeriod();
150 
151  void
152  refreshAnchors();
153 
154  void
155  cleanOldKeys();
156 
157  class TrustAnchorContainer
158  {
159  public:
160  const std::list<shared_ptr<v1::IdentityCertificate>>&
161  getAll() const
162  {
163  return m_certificates;
164  }
165 
166  void
167  add(shared_ptr<v1::IdentityCertificate> certificate)
168  {
169  m_certificates.push_back(certificate);
170  }
171 
172  protected:
173  std::list<shared_ptr<v1::IdentityCertificate>> m_certificates;
174  };
175 
176  class DynamicTrustAnchorContainer : public TrustAnchorContainer
177  {
178  public:
179  DynamicTrustAnchorContainer(const boost::filesystem::path& path, bool isDir,
180  time::nanoseconds refreshPeriod)
181  : m_path(path)
182  , m_isDir(isDir)
183  , m_refreshPeriod(refreshPeriod)
184  {
185  }
186 
187  void
188  setLastRefresh(const time::system_clock::TimePoint& lastRefresh)
189  {
190  m_lastRefresh = lastRefresh;
191  }
192 
194  getLastRefresh() const
195  {
196  return m_lastRefresh;
197  }
198 
199  const time::nanoseconds&
200  getRefreshPeriod() const
201  {
202  return m_refreshPeriod;
203  }
204 
205  void
206  refresh();
207 
208  private:
209  boost::filesystem::path m_path;
210  bool m_isDir;
211 
212  time::system_clock::TimePoint m_lastRefresh;
213  time::nanoseconds m_refreshPeriod;
214  };
215 
216  static inline bool
217  compareDynamicContainer(const DynamicTrustAnchorContainer& containerA,
218  const DynamicTrustAnchorContainer& containerB)
219  {
220  return (containerA.getLastRefresh() < containerB.getLastRefresh());
221  }
222 
223 public:
224  static const shared_ptr<CertificateCache> DEFAULT_CERTIFICATE_CACHE;
225  static const time::milliseconds DEFAULT_GRACE_INTERVAL;
227 
229  typedef security::conf::Rule<Interest> InterestRule;
231  typedef std::vector<shared_ptr<InterestRule>> InterestRuleList;
232  typedef std::vector<shared_ptr<DataRule>> DataRuleList;
233  typedef std::map<Name, shared_ptr<v1::IdentityCertificate>> AnchorList;
234  typedef std::list<DynamicTrustAnchorContainer> DynamicContainers; // sorted by m_lastRefresh
235  typedef std::list<shared_ptr<v1::IdentityCertificate>> CertificateList;
236 
243 
244  size_t m_stepLimit;
245  shared_ptr<CertificateCache> m_certificateCache;
246 
247  InterestRuleList m_interestRules;
248  DataRuleList m_dataRules;
249 
250  AnchorList m_anchors;
251  TrustAnchorContainer m_staticContainer;
252  DynamicContainers m_dynamicContainers;
253 
254  time::milliseconds m_graceInterval;
256  typedef std::map<Name, time::system_clock::TimePoint> LastTimestampMap;
257  LastTimestampMap m_lastTimestamp;
259 };
260 
261 } // namespace security
262 
264 
265 } // namespace ndn
266 
267 #endif // NDN_SECURITY_VALIDATOR_CONFIG_HPP
std::vector< shared_ptr< InterestRule > > InterestRuleList
function< void(const shared_ptr< const Interest > &, const std::string &)> OnInterestValidationFailed
Callback to report a failed Interest validation.
Copyright (c) 2011-2015 Regents of the University of California.
void load(const std::string &filename)
#define NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE
Definition: common.hpp:43
The validator which can be set up via a configuration file.
represents an Interest packet
Definition: interest.hpp:42
ValidatorConfig(Face *face=nullptr, const shared_ptr< CertificateCache > &certificateCache=DEFAULT_CERTIFICATE_CACHE, const time::milliseconds &graceInterval=DEFAULT_GRACE_INTERVAL, const size_t stepLimit=10, const size_t maxTrackedKeys=1000, const time::system_clock::Duration &keyTimestampTtl=DEFAULT_KEY_TIMESTAMP_TTL)
function< void(const shared_ptr< const Data > &, const std::string &)> OnDataValidationFailed
Callback to report a failed Data validation.
static const time::milliseconds DEFAULT_GRACE_INTERVAL
std::vector< shared_ptr< DataRule > > DataRuleList
security::conf::Rule< Data > DataRule
function< void(const shared_ptr< const Data > &)> OnDataValidated
Callback to report a successful Data validation.
TrustAnchorContainer m_staticContainer
function< void(const shared_ptr< const Interest > &)> OnInterestValidated
Callback to report a successful Interest validation.
static const shared_ptr< CertificateCache > DEFAULT_CERTIFICATE_CACHE
shared_ptr< CertificateCache > m_certificateCache
std::list< shared_ptr< v1::IdentityCertificate > > CertificateList
provides the interfaces for packet validation.
Definition: validator.hpp:42
Provide a communication channel with local or remote NDN forwarder.
Definition: face.hpp:125
Name abstraction to represent an absolute name.
Definition: name.hpp:46
virtual void checkPolicy(const Data &data, int nSteps, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed, std::vector< shared_ptr< ValidationRequest >> &nextSteps) override
Check the Data against policy and return the next validation step if necessary.
std::map< Name, time::system_clock::TimePoint > LastTimestampMap
const time::system_clock::Duration & m_keyTimestampTtl
time_point TimePoint
Definition: time.hpp:90
boost::property_tree::ptree ConfigSection
Definition: common.hpp:35
static const time::system_clock::Duration DEFAULT_KEY_TIMESTAMP_TTL
std::list< DynamicTrustAnchorContainer > DynamicContainers
bool m_shouldValidate
gives whether validation should be preformed
represents a Data packet
Definition: data.hpp:37
std::map< Name, shared_ptr< v1::IdentityCertificate > > AnchorList
A Signature is storage for the signature-related information (info and value) in a Data packet...
Definition: signature.hpp:33