Validation state. More...
#include <validation-state.hpp>
Public Member Functions | |
ValidationState () | |
Create validation state. More... | |
virtual | ~ValidationState () |
boost::logic::tribool | getOutcome () const |
virtual void | fail (const ValidationError &error)=0 |
Call the failure callback. More... | |
size_t | getDepth () const |
bool | hasSeenCertificateName (const Name &certName) |
Check if certName has been previously seen and record the supplied name. More... | |
void | addCertificate (const Certificate &cert) |
Add cert to the top of the certificate chain. More... | |
Public Member Functions inherited from ndn::TagHost | |
template<typename T > | |
shared_ptr< T > | getTag () const |
get a tag item More... | |
template<typename T > | |
void | setTag (shared_ptr< T > tag) const |
set a tag item More... | |
template<typename T > | |
void | removeTag () const |
remove tag item More... | |
Protected Attributes | |
boost::logic::tribool | m_outcome |
Friends | |
class | Validator |
Validation state.
One instance of the validation state is kept for the validation of the whole certificate chain.
The state collects the certificate chain that adheres to the selected validation policy to validate data or interest packets. Certificate, data, and interest packet signatures are verified only after the validator determines that the chain terminates with a trusted certificate (a trusted anchor or a previously validated certificate). This model allows filtering out invalid certificate chains without incurring (costly) cryptographic signature verification overhead and mitigates some forms of denial-of-service attacks.
Validation policy and/or key fetcher may add custom information associated with the validation state using tags (
Definition at line 58 of file validation-state.hpp.
ndn::security::v2::ValidationState::ValidationState | ( | ) |
Create validation state.
Definition at line 36 of file validation-state.cpp.
|
virtual |
Definition at line 41 of file validation-state.cpp.
References m_outcome, and NDN_LOG_TRACE.
|
inline |
Definition at line 70 of file validation-state.hpp.
References addCertificate(), fail(), getDepth(), hasSeenCertificateName(), and m_outcome.
|
pure virtual |
Call the failure callback.
Implemented in ndn::security::v2::InterestValidationState, and ndn::security::v2::DataValidationState.
Referenced by addCertificate(), ndn::security::v2::getKeyLocatorName(), and getOutcome().
size_t ndn::security::v2::ValidationState::getDepth | ( | ) | const |
Definition at line 48 of file validation-state.cpp.
Referenced by getOutcome().
bool ndn::security::v2::ValidationState::hasSeenCertificateName | ( | const Name & | certName | ) |
Check if certName
has been previously seen and record the supplied name.
Definition at line 54 of file validation-state.cpp.
Referenced by getOutcome().
void ndn::security::v2::ValidationState::addCertificate | ( | const Certificate & | cert | ) |
Add cert
to the top of the certificate chain.
If m_certificateChain is empty, cert
should be the signer of the original packet. If m_certificateChain is not empty, cert
should be the signer of m_certificateChain.front().
Definition at line 60 of file validation-state.cpp.
References fail(), NDN_LOG_TRACE_DEPTH, and ndn::security::verifySignature().
Referenced by getOutcome().
|
friend |
Definition at line 152 of file validation-state.hpp.
|
protected |
Definition at line 139 of file validation-state.hpp.
Referenced by ndn::security::v2::DataValidationState::fail(), ndn::security::v2::InterestValidationState::fail(), getOutcome(), ndn::security::v2::DataValidationState::~DataValidationState(), ndn::security::v2::InterestValidationState::~InterestValidationState(), and ~ValidationState().