34 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(state->getDepth() + 1, '>') << " " << x) 35 #define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(state->getDepth() + 1, '>') << " " << x) 38 : m_policy(
std::move(policy))
39 , m_certFetcher(
std::move(certFetcher))
42 BOOST_ASSERT(m_policy !=
nullptr);
43 BOOST_ASSERT(m_certFetcher !=
nullptr);
44 m_policy->setValidator(*
this);
45 m_certFetcher->setCertificateStorage(*
this);
59 return *m_certFetcher;
79 auto state = make_shared<DataValidationState>(data, successCb, failureCb);
82 m_policy->checkPolicy(data, state,
83 [
this] (
const shared_ptr<CertificateRequest>& certRequest,
const shared_ptr<ValidationState>& state) {
84 if (certRequest ==
nullptr) {
85 state->bypassValidation();
89 requestCertificate(certRequest, state);
99 auto state = make_shared<InterestValidationState>(interest, successCb, failureCb);
102 m_policy->checkPolicy(interest, state,
103 [
this] (
const shared_ptr<CertificateRequest>& certRequest,
const shared_ptr<ValidationState>& state) {
104 if (certRequest ==
nullptr) {
105 state->bypassValidation();
109 requestCertificate(certRequest, state);
120 return state->fail({ValidationError::Code::EXPIRED_CERT,
"Retrieved certificate is not yet valid or expired " 124 m_policy->checkPolicy(cert, state,
125 [
this, cert] (
const shared_ptr<CertificateRequest>& certRequest,
const shared_ptr<ValidationState>& state) {
126 if (certRequest ==
nullptr) {
132 state->addCertificate(cert);
133 requestCertificate(certRequest, state);
139 Validator::requestCertificate(
const shared_ptr<CertificateRequest>& certRequest,
140 const shared_ptr<ValidationState>& state)
143 if (state->getDepth() >= m_maxDepth) {
144 state->fail({ValidationError::Code::EXCEEDED_DEPTH_LIMIT,
145 "Exceeded validation depth limit (" +
to_string(m_maxDepth) +
")"});
149 if (state->hasSeenCertificateName(certRequest->m_interest.getName())) {
150 state->fail({ValidationError::Code::LOOP_DETECTED,
151 "Validation loop detected for certificate `" + certRequest->m_interest.getName().toUri() +
"`"});
158 if (cert !=
nullptr) {
161 cert = state->verifyCertificateChain(*cert);
162 if (cert !=
nullptr) {
163 state->verifyOriginalPacket(*cert);
165 for (
auto trustedCert = std::make_move_iterator(state->m_certificateChain.begin());
166 trustedCert != std::make_move_iterator(state->m_certificateChain.end());
173 m_certFetcher->fetch(certRequest, state, [
this] (
const Certificate& cert,
const shared_ptr<ValidationState>& state) {
192 time::nanoseconds refreshPeriod,
bool isDir)
void loadAnchor(const std::string &groupId, Certificate &&cert)
load static trust anchor.
Copyright (c) 2011-2015 Regents of the University of California.
std::string toUri() const
Get URI representation of the name.
The certificate following the certificate format naming convention.
const Name & getName() const
Get name.
function< void(const Data &data)> DataValidationSuccessCallback
Callback to report a successful Data validation.
Interface used by the validator to fetch missing certificates.
#define NDN_LOG_DEBUG_DEPTH(x)
#define NDN_LOG_TRACE_DEPTH(x)
void cacheVerifiedCertificate(Certificate &&cert)
Cache verified cert a period of time (1 hour)
represents an Interest packet
function< void(const Data &data, const ValidationError &error)> DataValidationFailureCallback
Callback to report a failed Data validation.
void setMaxDepth(size_t depth)
Set the maximum depth of the certificate chain.
Abstraction that implements validation policy for Data and Interest packets.
CertificateFetcher & getFetcher()
const Certificate * findTrustedCert(const Interest &interestForCert) const
Find a trusted certificate in trust anchor container or in verified cache.
#define NDN_LOG_INIT(name)
declare a log module
ValidationPolicy & getPolicy()
void resetVerifiedCerts()
Remove any cached verified certificates.
void cacheVerifiedCert(Certificate &&cert)
Cache verified certificate a period of time (1 hour)
void validate(const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb)
Asynchronously validate data.
void loadAnchor(const std::string &groupId, Certificate &&cert)
load static trust anchor.
void resetAnchors()
remove any previously loaded static or dynamic trust anchor
void resetVerifiedCertificates()
Remove any cached verified certificates.
Validator(unique_ptr< ValidationPolicy > policy, unique_ptr< CertificateFetcher > certFetcher)
Validator constructor.
function< void(const Interest &interest, const ValidationError &error)> InterestValidationFailureCallback
Callback to report a failed Interest validation.
void resetAnchors()
remove any previously loaded static or dynamic trust anchor
std::string to_string(const V &v)
Represents a Data packet.
bool isValid(const time::system_clock::TimePoint &ts=time::system_clock::now()) const
Check if the certificate is valid at ts.
function< void(const Interest &interest)> InterestValidationSuccessCallback
Callback to report a successful Interest validation.
Interface for validating data and interest packets.
size_t getMaxDepth() const