34 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(state->getDepth() + 1, '>') << " " << x) 35 #define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(state->getDepth() + 1, '>') << " " << x) 39 , m_certFetcher(
std::
move(certFetcher))
42 BOOST_ASSERT(m_policy !=
nullptr);
43 BOOST_ASSERT(m_certFetcher !=
nullptr);
44 m_policy->setValidator(*
this);
45 m_certFetcher->setCertificateStorage(*
this);
59 return *m_certFetcher;
79 auto state = make_shared<DataValidationState>(data, successCb, failureCb);
82 m_policy->checkPolicy(data, state,
83 [
this] (
const shared_ptr<CertificateRequest>& certRequest,
const shared_ptr<ValidationState>& state) {
84 if (certRequest ==
nullptr) {
85 state->bypassValidation();
89 requestCertificate(certRequest, state);
99 auto state = make_shared<InterestValidationState>(interest, successCb, failureCb);
102 state->setTag(make_shared<SignedInterestFormatTag>(fmt));
106 m_policy->checkPolicy(interest, state,
107 [
this] (
const shared_ptr<CertificateRequest>& certRequest,
const shared_ptr<ValidationState>& state) {
108 if (certRequest ==
nullptr) {
109 state->bypassValidation();
113 requestCertificate(certRequest, state);
124 return state->fail({ValidationError::Code::EXPIRED_CERT,
"Retrieved certificate is not yet valid or expired " 128 m_policy->checkPolicy(cert, state,
129 [
this, cert] (
const shared_ptr<CertificateRequest>& certRequest,
const shared_ptr<ValidationState>& state) {
130 if (certRequest ==
nullptr) {
136 state->addCertificate(cert);
137 requestCertificate(certRequest, state);
143 Validator::requestCertificate(
const shared_ptr<CertificateRequest>& certRequest,
144 const shared_ptr<ValidationState>& state)
147 if (state->getDepth() >= m_maxDepth) {
148 state->fail({ValidationError::Code::EXCEEDED_DEPTH_LIMIT,
149 "Exceeded validation depth limit (" +
to_string(m_maxDepth) +
")"});
154 state->verifyOriginalPacket(
nullopt);
158 if (state->hasSeenCertificateName(certRequest->interest.getName())) {
159 state->fail({ValidationError::Code::LOOP_DETECTED,
160 "Validation loop detected for certificate `" + certRequest->interest.getName().toUri() +
"`"});
167 if (cert !=
nullptr) {
170 cert = state->verifyCertificateChain(*cert);
171 if (cert !=
nullptr) {
172 state->verifyOriginalPacket(*cert);
174 for (
auto trustedCert = std::make_move_iterator(state->m_certificateChain.begin());
175 trustedCert != std::make_move_iterator(state->m_certificateChain.end());
182 m_certFetcher->fetch(certRequest, state, [
this] (
const Certificate& cert,
const shared_ptr<ValidationState>& state) {
void loadAnchor(const std::string &groupId, Certificate &&cert)
load static trust anchor.
void loadAnchor(const std::string &groupId, Certificate &&cert)
load static trust anchor.
Sign Interest using Packet Specification v0.3 semantics.
void validate(const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb)
Asynchronously validate data.
Copyright (c) 2011-2015 Regents of the University of California.
Represents an NDN certificate following the version 2.0 format.
function< void(const Data &data)> DataValidationSuccessCallback
Callback to report a successful Data validation.
Interface used by the validator to fetch missing certificates.
#define NDN_LOG_DEBUG_DEPTH(x)
std::string to_string(const T &val)
#define NDN_LOG_TRACE_DEPTH(x)
Validator(unique_ptr< ValidationPolicy > policy, unique_ptr< CertificateFetcher > certFetcher)
Validator constructor.
Represents an Interest packet.
function< void(const Data &data, const ValidationError &error)> DataValidationFailureCallback
Callback to report a failed Data validation.
Sign Interest using Packet Specification v0.2 semantics.
Abstraction that implements validation policy for Data and Interest packets.
const Certificate * findTrustedCert(const Interest &interestForCert) const
Find a trusted certificate in trust anchor container or in verified cache.
size_t getMaxDepth() const
void resetVerifiedCerts()
Remove any cached verified certificates.
void cacheVerifiedCert(Certificate &&cert)
Cache verified certificate a period of time (1 hour)
const Name & getName() const noexcept
Get name.
static const Name & getDigestSha256Identity()
A localhost identity to indicate that the signature is generated using SHA-256.
void resetAnchors()
remove any previously loaded static or dynamic trust anchor
function< void(const Interest &interest, const ValidationError &error)> InterestValidationFailureCallback
Callback to report a failed Interest validation.
ValidationPolicy & getPolicy()
void resetAnchors()
remove any previously loaded static or dynamic trust anchor
void toUri(std::ostream &os, name::UriFormat format=name::UriFormat::DEFAULT) const
Write URI representation of the name to the output stream.
#define NDN_LOG_INIT(name)
declare a log module
void cacheVerifiedCertificate(Certificate &&cert)
Cache verified cert a period of time (1 hour)
Represents a Data packet.
bool isValid(const time::system_clock::TimePoint &ts=time::system_clock::now()) const
Check if the certificate is valid at ts.
void resetVerifiedCertificates()
Remove any cached verified certificates.
function< void(const Interest &interest)> InterestValidationSuccessCallback
Callback to report a successful Interest validation.
const nullopt_t nullopt((nullopt_t::init()))
boost::chrono::nanoseconds nanoseconds
CertificateFetcher & getFetcher()
void setMaxDepth(size_t depth)
Set the maximum depth of the certificate chain.