35 shared_ptr<CertificateCache> certificateCache,
38 , m_stepLimit(stepLimit)
39 , m_certificateCache(certificateCache)
46 shared_ptr<CertificateCache> certificateCache,
49 , m_stepLimit(stepLimit)
50 , m_certificateCache(certificateCache)
65 m_trustAnchors[certificate->getName().getPrefix(-1)] = certificate;
70 const shared_ptr<const Data>& data,
74 shared_ptr<IdentityCertificate> certificate =
75 make_shared<IdentityCertificate>(*signCertificate);
77 if (!certificate->isTooLate() && !certificate->isTooEarly())
83 return onValidated(data);
85 return onValidationFailed(data,
86 "Cannot verify signature: " +
87 data->getName().toUri());
91 return onValidationFailed(data,
92 "Signing certificate " +
93 signCertificate->getName().toUri() +
94 " is no longer valid.");
100 const std::string& failureInfo,
101 const shared_ptr<const Data>& data,
104 onValidationFailed(data, failureInfo);
112 std::vector<shared_ptr<ValidationRequest> >& nextSteps)
115 return onValidationFailed(data.shared_from_this(),
116 "Maximum steps of validation reached: " +
122 if ((*it)->satisfy(data))
123 return onValidationFailed(data.shared_from_this(),
124 "Comply with mustFail policy: " +
131 if ((*it)->satisfy(data))
136 return onValidationFailed(data.shared_from_this(),
137 "Key Locator is missing in Data packet: " +
142 return onValidationFailed(data.shared_from_this(),
143 "Key Locator is not a name: " +
148 shared_ptr<const Certificate> trustedCert;
155 if (static_cast<bool>(trustedCert))
158 return onValidated(data.shared_from_this());
160 return onValidationFailed(data.shared_from_this(),
161 "Cannot verify signature: " +
170 data.shared_from_this(), onValidated, onValidationFailed);
174 data.shared_from_this(), onValidationFailed);
177 shared_ptr<ValidationRequest> nextStep =
178 make_shared<ValidationRequest>(interest,
180 onKeyValidationFailed,
184 nextSteps.push_back(nextStep);
191 return onValidationFailed(data.shared_from_this(),
192 "Key Locator is not a name: " +
197 return onValidationFailed(data.shared_from_this(),
198 "Cannot decode signature");
203 return onValidationFailed(data.shared_from_this(),
Copyright (c) 2011-2015 Regents of the University of California.
std::string toUri() const
Encode this name as a URI.
void onCertificateValidationFailed(const shared_ptr< const Data > &signCertificate, const std::string &failureInfo, const shared_ptr< const Data > &data, const OnDataValidationFailed &onValidationFailed)
void onCertificateValidated(const shared_ptr< const Data > &signCertificate, const shared_ptr< const Data > &data, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed)
shared_ptr< CertificateCache > m_certificateCache
const Name & getName() const
Get name of the Data packet.
virtual void checkPolicy(const Data &data, int nSteps, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed, std::vector< shared_ptr< ValidationRequest > > &nextSteps)
Check the Data against policy and return the next validation step if necessary.
const Name & getName() const
get Name element
represents an Interest packet
indicates KeyLocator contains a Name
bool hasKeyLocator() const
Check if SignatureInfo block has a KeyLocator.
Table::const_iterator iterator
function< void(const shared_ptr< const Data > &)> OnDataValidated
Callback to report a successful Data validation.
ValidatorRegex(Face *face=nullptr, shared_ptr< CertificateCache > certificateCache=DEFAULT_CERTIFICATE_CACHE, const int stepLimit=3)
static const shared_ptr< CertificateCache > DEFAULT_CERTIFICATE_CACHE
RuleList m_verifyPolicies
std::map< Name, shared_ptr< IdentityCertificate > > m_trustAnchors
function< void(const shared_ptr< const Data > &, const std::string &)> OnDataValidationFailed
Callback to report a failed Data validation.
Abstraction to communicate with local or remote NDN forwarder.
Name abstraction to represent an absolute name.
boost::asio::io_service & getIoService()
Return nullptr (kept for compatibility)
void addDataVerificationRule(shared_ptr< SecRuleRelative > rule)
Add a rule for data verification.
void addTrustAnchor(shared_ptr< IdentityCertificate > certificate)
Add a trust anchor.
static bool verifySignature(const Data &data, const PublicKey &publicKey)
Verify the data using the publicKey.
const Signature & getSignature() const
const KeyLocator & getKeyLocator() const
Get KeyLocator.
Validator is one of the main classes of the security library.
RuleList m_mustFailVerify
represents an error in TLV encoding or decoding