NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.5: NDN, CCN, CCNx, content centric networks
API Documentation
ndn::security::v2::Validator Class Reference

Interface for validating data and interest packets. More...

#include <validator.hpp>

Inheritance diagram for ndn::security::v2::Validator:
Collaboration diagram for ndn::security::v2::Validator:

Public Member Functions

 Validator (unique_ptr< ValidationPolicy > policy, unique_ptr< CertificateFetcher > certFetcher)
 Validator constructor. More...
 
 ~Validator ()
 
ValidationPolicygetPolicy ()
 
CertificateFetchergetFetcher ()
 
void setMaxDepth (size_t depth)
 Set the maximum depth of the certificate chain. More...
 
size_t getMaxDepth () const
 
void validate (const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb)
 Asynchronously validate data. More...
 
void validate (const Interest &interest, const InterestValidationSuccessCallback &successCb, const InterestValidationFailureCallback &failureCb)
 Asynchronously validate interest. More...
 
void loadAnchor (const std::string &groupId, Certificate &&cert)
 load static trust anchor. More...
 
void loadAnchor (const std::string &groupId, const std::string &certfilePath, time::nanoseconds refreshPeriod, bool isDir=false)
 load dynamic trust anchors. More...
 
void resetAnchors ()
 remove any previously loaded static or dynamic trust anchor More...
 
void cacheVerifiedCertificate (Certificate &&cert)
 Cache verified cert a period of time (1 hour) More...
 
void resetVerifiedCertificates ()
 Remove any cached verified certificates. More...
 
- Public Member Functions inherited from ndn::security::v2::CertificateStorage
 CertificateStorage ()
 
const CertificatefindTrustedCert (const Interest &interestForCert) const
 Find a trusted certificate in trust anchor container or in verified cache. More...
 
bool isCertKnown (const Name &certPrefix) const
 Check if certificate exists in verified, unverified cache, or in the set of trust anchors. More...
 
void cacheUnverifiedCert (Certificate &&cert)
 Cache unverified certificate for a period of time (5 minutes) More...
 
const TrustAnchorContainergetTrustAnchors () const
 
const CertificateCachegetVerifiedCertCache () const
 
const CertificateCachegetUnverifiedCertCache () const
 

Additional Inherited Members

- Protected Member Functions inherited from ndn::security::v2::CertificateStorage
void loadAnchor (const std::string &groupId, Certificate &&cert)
 load static trust anchor. More...
 
void loadAnchor (const std::string &groupId, const std::string &certfilePath, time::nanoseconds refreshPeriod, bool isDir=false)
 load dynamic trust anchors. More...
 
void resetAnchors ()
 remove any previously loaded static or dynamic trust anchor More...
 
void cacheVerifiedCert (Certificate &&cert)
 Cache verified certificate a period of time (1 hour) More...
 
void resetVerifiedCerts ()
 Remove any cached verified certificates. More...
 
- Protected Attributes inherited from ndn::security::v2::CertificateStorage
TrustAnchorContainer m_trustAnchors
 
CertificateCache m_verifiedCertCache
 
CertificateCache m_unverifiedCertCache
 

Detailed Description

Interface for validating data and interest packets.

Every time a validation process initiated, it creates a ValidationState that exist until validation finishes with either success or failure. This state serves several purposes:

  • record Interest or Data packet being validated
  • record failure callback
  • record certificates in the certification chain for the Interest or Data packet being validated
  • record names of the requested certificates to detect loops in the certificate chain
  • keep track of the validation chain size (aka validation "depth")

During validation, policy and/or key fetcher can augment validation state with policy- and fetcher-specific information using ndn::Tag's.

A validator has a trust anchor cache to save static and dynamic trust anchors, a verified certificate cache for saving certificates that are already verified and an unverified certificate cache for saving prefetched but not yet verified certificates.

Todo:

Limit the maximum time the validation process is allowed to run before declaring failure

Ability to customize maximum lifetime for trusted and untrusted certificate caches. Current implementation hard-codes them to be 1 hour and 5 minutes.

Definition at line 61 of file validator.hpp.

Constructor & Destructor Documentation

◆ Validator()

ndn::security::v2::Validator::Validator ( unique_ptr< ValidationPolicy policy,
unique_ptr< CertificateFetcher certFetcher 
)

Validator constructor.

Parameters
policyValidation policy to be associated with the validator
certFetcherCertificate fetcher implementation.

Definition at line 37 of file validator.cpp.

◆ ~Validator()

ndn::security::v2::Validator::~Validator ( )
default

Member Function Documentation

◆ getPolicy()

ValidationPolicy & ndn::security::v2::Validator::getPolicy ( )

Definition at line 51 of file validator.cpp.

◆ getFetcher()

CertificateFetcher & ndn::security::v2::Validator::getFetcher ( )

Definition at line 57 of file validator.cpp.

◆ setMaxDepth()

void ndn::security::v2::Validator::setMaxDepth ( size_t  depth)

Set the maximum depth of the certificate chain.

Definition at line 63 of file validator.cpp.

◆ getMaxDepth()

size_t ndn::security::v2::Validator::getMaxDepth ( ) const
Returns
The maximum depth of the certificate chain

Definition at line 69 of file validator.cpp.

◆ validate() [1/2]

void ndn::security::v2::Validator::validate ( const Data data,
const DataValidationSuccessCallback successCb,
const DataValidationFailureCallback failureCb 
)

Asynchronously validate data.

Note
successCb and failureCb must not be nullptr

Definition at line 75 of file validator.cpp.

References NDN_LOG_DEBUG_DEPTH.

◆ validate() [2/2]

void ndn::security::v2::Validator::validate ( const Interest interest,
const InterestValidationSuccessCallback successCb,
const InterestValidationFailureCallback failureCb 
)

Asynchronously validate interest.

Note
successCb and failureCb must not be nullptr

Definition at line 95 of file validator.cpp.

References NDN_LOG_DEBUG_DEPTH.

◆ loadAnchor() [1/2]

void ndn::security::v2::Validator::loadAnchor ( const std::string &  groupId,
Certificate &&  cert 
)

load static trust anchor.

Static trust anchors are permanently associated with the validator and never expire.

Parameters
groupIdCertificate group id.
certCertificate to load as a trust anchor.

Definition at line 185 of file validator.cpp.

References ndn::security::v2::CertificateStorage::loadAnchor().

◆ loadAnchor() [2/2]

void ndn::security::v2::Validator::loadAnchor ( const std::string &  groupId,
const std::string &  certfilePath,
time::nanoseconds  refreshPeriod,
bool  isDir = false 
)

load dynamic trust anchors.

Dynamic trust anchors are associated with the validator for as long as the underlying trust anchor file (set of files) exist(s).

Parameters
groupIdCertificate group id, must not be empty.
certfilePathSpecifies the path to load the trust anchors.
refreshPeriodRefresh period for the trust anchors, must be positive.
isDirTells whether the path is a directory or a single file.

Definition at line 191 of file validator.cpp.

References ndn::security::v2::CertificateStorage::loadAnchor().

◆ resetAnchors()

void ndn::security::v2::Validator::resetAnchors ( )

remove any previously loaded static or dynamic trust anchor

Definition at line 198 of file validator.cpp.

References ndn::security::v2::CertificateStorage::resetAnchors().

◆ cacheVerifiedCertificate()

void ndn::security::v2::Validator::cacheVerifiedCertificate ( Certificate &&  cert)

Cache verified cert a period of time (1 hour)

Todo:
Add ability to customize time period

Definition at line 204 of file validator.cpp.

References ndn::security::v2::CertificateStorage::cacheVerifiedCert().

◆ resetVerifiedCertificates()

void ndn::security::v2::Validator::resetVerifiedCertificates ( )

Remove any cached verified certificates.

Definition at line 210 of file validator.cpp.

References ndn::security::v2::CertificateStorage::resetVerifiedCerts().


The documentation for this class was generated from the following files: