NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.5: NDN, CCN, CCNx, content centric networks
API Documentation
ndn::security::v2::ValidationState Class Referenceabstract

Validation state. More...

#include <validation-state.hpp>

Inheritance diagram for ndn::security::v2::ValidationState:
Collaboration diagram for ndn::security::v2::ValidationState:

Public Member Functions

 ValidationState ()
 Create validation state. More...
 
virtual ~ValidationState ()
 
boost::logic::tribool getOutcome () const
 
virtual void fail (const ValidationError &error)=0
 Call the failure callback. More...
 
size_t getDepth () const
 
bool hasSeenCertificateName (const Name &certName)
 Check if certName has been previously seen and record the supplied name. More...
 
void addCertificate (const Certificate &cert)
 Add cert to the top of the certificate chain. More...
 
- Public Member Functions inherited from ndn::TagHost
template<typename T >
shared_ptr< T > getTag () const
 get a tag item More...
 
template<typename T >
void setTag (shared_ptr< T > tag) const
 set a tag item More...
 
template<typename T >
void removeTag () const
 remove tag item More...
 

Protected Attributes

boost::logic::tribool m_outcome
 

Detailed Description

Validation state.

One instance of the validation state is kept for the validation of the whole certificate chain.

The state collects the certificate chain that adheres to the selected validation policy to validate data or interest packets. Certificate, data, and interest packet signatures are verified only after the validator determines that the chain terminates with a trusted certificate (a trusted anchor or a previously validated certificate). This model allows filtering out invalid certificate chains without incurring (costly) cryptographic signature verification overhead and mitigates some forms of denial-of-service attacks.

Validation policy and/or key fetcher may add custom information associated with the validation state using tags (

See also
TagHost)
DataValidationState, InterestValidationState

Definition at line 59 of file validation-state.hpp.

Constructor & Destructor Documentation

◆ ValidationState()

ndn::security::v2::ValidationState::ValidationState ( )

Create validation state.

Definition at line 36 of file validation-state.cpp.

◆ ~ValidationState()

ndn::security::v2::ValidationState::~ValidationState ( )
virtual

Definition at line 41 of file validation-state.cpp.

References m_outcome, and NDN_LOG_TRACE.

Member Function Documentation

◆ getOutcome()

boost::logic::tribool ndn::security::v2::ValidationState::getOutcome ( ) const
inline

◆ fail()

virtual void ndn::security::v2::ValidationState::fail ( const ValidationError error)
pure virtual

◆ getDepth()

size_t ndn::security::v2::ValidationState::getDepth ( ) const
Returns
Depth of certificate chain

Definition at line 48 of file validation-state.cpp.

Referenced by getOutcome().

◆ hasSeenCertificateName()

bool ndn::security::v2::ValidationState::hasSeenCertificateName ( const Name certName)

Check if certName has been previously seen and record the supplied name.

Definition at line 54 of file validation-state.cpp.

Referenced by getOutcome().

◆ addCertificate()

void ndn::security::v2::ValidationState::addCertificate ( const Certificate cert)

Add cert to the top of the certificate chain.

If m_certificateChain is empty, cert should be the signer of the original packet. If m_certificateChain is not empty, cert should be the signer of m_certificateChain.front().

Postcondition
m_certificateChain.front() == cert
Note
This function does not verify the signature bits.

Definition at line 60 of file validation-state.cpp.

References fail(), NDN_LOG_TRACE_DEPTH, and ndn::security::verifySignature().

Referenced by getOutcome().

Member Data Documentation

◆ m_outcome


The documentation for this class was generated from the following files: