|
NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.5: NDN, CCN, CCNx, content centric networks
|
API Documentation |
|
|
NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.5: NDN, CCN, CCNx, content centric networks
|
API Documentation |
Interface for validating data and interest packets. More...
#include <validator.hpp>
Public Member Functions | |
| Validator (unique_ptr< ValidationPolicy > policy, unique_ptr< CertificateFetcher > certFetcher) | |
| Validator constructor. More... | |
| ~Validator () | |
| ValidationPolicy & | getPolicy () |
| CertificateFetcher & | getFetcher () |
| void | setMaxDepth (size_t depth) |
| Set the maximum depth of the certificate chain. More... | |
| size_t | getMaxDepth () const |
| void | validate (const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb) |
Asynchronously validate data. More... | |
| void | validate (const Interest &interest, const InterestValidationSuccessCallback &successCb, const InterestValidationFailureCallback &failureCb) |
Asynchronously validate interest. More... | |
| void | loadAnchor (const std::string &groupId, Certificate &&cert) |
| load static trust anchor. More... | |
| void | loadAnchor (const std::string &groupId, const std::string &certfilePath, time::nanoseconds refreshPeriod, bool isDir=false) |
| load dynamic trust anchors. More... | |
| void | resetAnchors () |
| remove any previously loaded static or dynamic trust anchor More... | |
| void | cacheVerifiedCertificate (Certificate &&cert) |
Cache verified cert a period of time (1 hour) More... | |
| void | resetVerifiedCertificates () |
| Remove any cached verified certificates. More... | |
 Public Member Functions inherited from ndn::security::v2::CertificateStorage | |
| CertificateStorage () | |
| const Certificate * | findTrustedCert (const Interest &interestForCert) const |
| Find a trusted certificate in trust anchor container or in verified cache. More... | |
| bool | isCertKnown (const Name &certPrefix) const |
| Check if certificate exists in verified, unverified cache, or in the set of trust anchors. More... | |
| void | cacheUnverifiedCert (Certificate &&cert) |
| Cache unverified certificate for a period of time (5 minutes) More... | |
| const TrustAnchorContainer & | getTrustAnchors () const |
| const CertificateCache & | getVerifiedCertCache () const |
| const CertificateCache & | getUnverifiedCertCache () const |
Additional Inherited Members | |
| Protected Member Functions inherited from ndn::security::v2::CertificateStorage | |
| void | loadAnchor (const std::string &groupId, Certificate &&cert) |
| load static trust anchor. More... | |
| void | loadAnchor (const std::string &groupId, const std::string &certfilePath, time::nanoseconds refreshPeriod, bool isDir=false) |
| load dynamic trust anchors. More... | |
| void | resetAnchors () |
| remove any previously loaded static or dynamic trust anchor More... | |
| void | cacheVerifiedCert (Certificate &&cert) |
| Cache verified certificate a period of time (1 hour) More... | |
| void | resetVerifiedCerts () |
| Remove any cached verified certificates. More... | |
| Protected Attributes inherited from ndn::security::v2::CertificateStorage | |
| TrustAnchorContainer | m_trustAnchors |
| CertificateCache | m_verifiedCertCache |
| CertificateCache | m_unverifiedCertCache |
Interface for validating data and interest packets.
Every time a validation process initiated, it creates a ValidationState that exist until validation finishes with either success or failure. This state serves several purposes:
During validation, policy and/or key fetcher can augment validation state with policy- and fetcher-specific information using ndn::Tag's.
A validator has a trust anchor cache to save static and dynamic trust anchors, a verified certificate cache for saving certificates that are already verified and an unverified certificate cache for saving prefetched but not yet verified certificates.
Limit the maximum time the validation process is allowed to run before declaring failure
Ability to customize maximum lifetime for trusted and untrusted certificate caches. Current implementation hard-codes them to be 1 hour and 5 minutes.
Definition at line 61 of file validator.hpp.
| Validator::Validator | ( | unique_ptr< ValidationPolicy > | policy, |
| unique_ptr< CertificateFetcher > | certFetcher | ||
| ) |
Validator constructor.
| policy | Validation policy to be associated with the validator |
| certFetcher | Certificate fetcher implementation. |
Definition at line 37 of file validator.cpp.
References ~Validator().
|
default |
Referenced by Validator().
| ValidationPolicy & Validator::getPolicy | ( | ) |
Definition at line 51 of file validator.cpp.
| CertificateFetcher & Validator::getFetcher | ( | ) |
Definition at line 57 of file validator.cpp.
| void Validator::setMaxDepth | ( | size_t | depth | ) |
Set the maximum depth of the certificate chain.
Definition at line 63 of file validator.cpp.
| size_t Validator::getMaxDepth | ( | ) | const |
Definition at line 69 of file validator.cpp.
| void Validator::validate | ( | const Data & | data, |
| const DataValidationSuccessCallback & | successCb, | ||
| const DataValidationFailureCallback & | failureCb | ||
| ) |
Asynchronously validate data.
successCb and failureCb must not be nullptr Definition at line 75 of file validator.cpp.
References NDN_LOG_DEBUG_DEPTH.
Referenced by validate().
| void Validator::validate | ( | const Interest & | interest, |
| const InterestValidationSuccessCallback & | successCb, | ||
| const InterestValidationFailureCallback & | failureCb | ||
| ) |
Asynchronously validate interest.
successCb and failureCb must not be nullptr Definition at line 95 of file validator.cpp.
References cacheVerifiedCertificate(), ndn::security::v2::CertificateStorage::findTrustedCert(), ndn::security::SigningInfo::getDigestSha256Identity(), ndn::Data::getName(), ndn::security::v2::Certificate::isValid(), NDN_LOG_DEBUG_DEPTH, NDN_LOG_TRACE_DEPTH, nonstd::optional_lite::nullopt, ndn::security::v2::ValidationError::POLICY_ERROR, ndn::to_string(), ndn::Name::toUri(), ndn::security::V02, ndn::security::V03, and validate().
| void Validator::loadAnchor | ( | const std::string & | groupId, |
| Certificate && | cert | ||
| ) |
load static trust anchor.
Static trust anchors are permanently associated with the validator and never expire.
| groupId | Certificate group id. |
| cert | Certificate to load as a trust anchor. |
Definition at line 194 of file validator.cpp.
References ndn::security::v2::CertificateStorage::loadAnchor(), and nonstd::optional_lite::std11::move().
| void Validator::loadAnchor | ( | const std::string & | groupId, |
| const std::string & | certfilePath, | ||
| time::nanoseconds | refreshPeriod, | ||
| bool | isDir = false |
||
| ) |
load dynamic trust anchors.
Dynamic trust anchors are associated with the validator for as long as the underlying trust anchor file (set of files) exist(s).
| groupId | Certificate group id, must not be empty. |
| certfilePath | Specifies the path to load the trust anchors. |
| refreshPeriod | Refresh period for the trust anchors, must be positive. |
| isDir | Tells whether the path is a directory or a single file. |
Definition at line 200 of file validator.cpp.
References ndn::security::v2::CertificateStorage::loadAnchor().
| void Validator::resetAnchors | ( | ) |
remove any previously loaded static or dynamic trust anchor
Definition at line 207 of file validator.cpp.
References ndn::security::v2::CertificateStorage::resetAnchors().
| void Validator::cacheVerifiedCertificate | ( | Certificate && | cert | ) |
Cache verified cert a period of time (1 hour)
Definition at line 213 of file validator.cpp.
References ndn::security::v2::CertificateStorage::cacheVerifiedCert(), and nonstd::optional_lite::std11::move().
Referenced by validate().
| void Validator::resetVerifiedCertificates | ( | ) |
Remove any cached verified certificates.
Definition at line 219 of file validator.cpp.
References ndn::security::v2::CertificateStorage::resetVerifiedCerts().
1.8.13