A ConfigPolicyManager manages trust according to a configuration file in the Validator Configuration File Format (http://redmine.named-data.net/projects/ndn-cxx/wiki/CommandValidatorConf) More...
#include <config-policy-manager.hpp>
Public Member Functions | |
| ConfigPolicyManager (const std::string &configFileName, const ptr_lib::shared_ptr< CertificateCache > &certificateCache=ptr_lib::shared_ptr< CertificateCache >(), int searchDepth=5, Milliseconds graceInterval=3000, Milliseconds keyTimestampTtl=3600000, int maxTrackedKeys=1000) | |
| Create a new ConfigPolicyManager which acts on the rules specified in the configuration file and downloads unknown certificates when necessary. More... | |
| virtual | ~ConfigPolicyManager () |
| The virtual destructor. | |
| virtual bool | skipVerifyAndTrust (const Data &data) |
| Check if the received data packet can escape from verification and be trusted as valid. More... | |
| virtual bool | skipVerifyAndTrust (const Interest &interest) |
| Check if the received signed interest can escape from verification and be trusted as valid. More... | |
| virtual bool | requireVerify (const Data &data) |
| Check if this PolicyManager has a verification rule for the received data. More... | |
| virtual bool | requireVerify (const Interest &interest) |
| Check if this PolicyManager has a verification rule for the received signed interest. More... | |
| virtual ptr_lib::shared_ptr< ValidationRequest > | checkVerificationPolicy (const ptr_lib::shared_ptr< Data > &data, int stepCount, const OnVerified &onVerified, const OnVerifyFailed &onVerifyFailed) |
| Check whether the received data packet complies with the verification policy, and get the indication of the next verification step. More... | |
| virtual ptr_lib::shared_ptr< ValidationRequest > | checkVerificationPolicy (const ptr_lib::shared_ptr< Interest > &interest, int stepCount, const OnVerifiedInterest &onVerified, const OnVerifyInterestFailed &onVerifyFailed, WireFormat &wireFormat) |
| Check whether the received signed interest complies with the verification policy, and get the indication of the next verification step. More... | |
| virtual bool | checkSigningPolicy (const Name &dataName, const Name &certificateName) |
| Override to always indicate that the signing certificate name and data name satisfy the signing policy. More... | |
| virtual Name | inferSigningIdentity (const Name &dataName) |
| Infer the signing identity name according to the policy. More... | |
 Public Member Functions inherited from ndn::PolicyManager | |
| virtual | ~PolicyManager () |
| The virtual destructor. | |
Friends | |
| class | ::TestVerificationRulesFriend |
Additional Inherited Members | |
| Static Protected Member Functions inherited from ndn::PolicyManager | |
| static bool | verifySignature (const Signature *signature, const SignedBlob &signedBlob, const Blob &publicKeyDer) |
| Check the type of signature and use the publicKeyDer to verify the signedBlob using the appropriate signature algorithm. More... | |
| static bool | verifySha256WithEcdsaSignature (const Blob &signature, const SignedBlob &signedBlob, const Blob &publicKeyDer) |
| Verify the ECDSA signature on the SignedBlob using the given public key. More... | |
| static bool | verifySha256WithRsaSignature (const Blob &signature, const SignedBlob &signedBlob, const Blob &publicKeyDer) |
| Verify the RSA signature on the SignedBlob using the given public key. More... | |
| static bool | verifyDigestSha256Signature (const Blob &signature, const SignedBlob &signedBlob) |
| Verify the DigestSha256 signature on the SignedBlob by verifying that the digest of SignedBlob equals the signature. More... | |
A ConfigPolicyManager manages trust according to a configuration file in the Validator Configuration File Format (http://redmine.named-data.net/projects/ndn-cxx/wiki/CommandValidatorConf)
Once a rule is matched, the ConfigPolicyManager looks in the CertificateCache for the IdentityCertificate matching the name in the KeyLocator and uses its public key to verify the data packet or signed interest. If the certificate can't be found, it is downloaded, verified and installed. A chain of certificates will be followed to a maximum depth. If the new certificate is accepted, it is used to complete the verification.
The KeyLocators of data packets and signed interests MUST contain a name for verification to succeed.
| ndn::ConfigPolicyManager::ConfigPolicyManager | ( | const std::string & | configFileName, |
| const ptr_lib::shared_ptr< CertificateCache > & | certificateCache = ptr_lib::shared_ptr< CertificateCache >(), |
||
| int | searchDepth = 5, |
||
| Milliseconds | graceInterval = 3000, |
||
| Milliseconds | keyTimestampTtl = 3600000, |
||
| int | maxTrackedKeys = 1000 |
||
| ) |
Create a new ConfigPolicyManager which acts on the rules specified in the configuration file and downloads unknown certificates when necessary.
| configFileName | The path to the configuration file containing verification rules. |
| certificateCache | (optional) A CertificateCache to hold known certificates. If this is null or omitted, then create an internal CertificateCache. |
| searchDepth | (optional) The maximum number of links to follow when verifying a certificate chain. |
| graceInterval | (optional) The window of time difference (in milliseconds) allowed between the timestamp of the first interest signed with a new public key and the validation time. If omitted, use a default value. |
| keyTimestampTtl | (optional) How long a public key's last-used timestamp is kept in the store (milliseconds). If omitted, use a default value. |
| maxTrackedKeys | The maximum number of public key use timestamps to track. |
|
virtual |
Override to always indicate that the signing certificate name and data name satisfy the signing policy.
| dataName | The name of data to be signed. |
| certificateName | The name of signing certificate. |
Implements ndn::PolicyManager.
|
virtual |
Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.
| data | The Data object with the signature to check. |
| stepCount | The number of verification steps that have been done, used to track the verification progress. |
| onVerified | If the signature is verified, this calls onVerified(data). |
| onVerifyFailed | If the signature check fails, this calls onVerifyFailed(data). |
Implements ndn::PolicyManager.
|
virtual |
Check whether the received signed interest complies with the verification policy, and get the indication of the next verification step.
| interest | The interest with the signature to check. |
| stepCount | The number of verification steps that have been done, used to track the verification progress. |
| onVerified | If the signature is verified, this calls onVerified(interest). |
| onVerifyFailed | If the signature check fails, this calls onVerifyFailed(interest). |
Implements ndn::PolicyManager.
Infer the signing identity name according to the policy.
If the signing identity cannot be inferred, return an empty name.
| dataName | The name of data to be signed. |
Implements ndn::PolicyManager.
|
virtual |
Check if this PolicyManager has a verification rule for the received data.
If the configuration file contains the trust anchor 'any', nothing is verified.
| data | The received data packet. |
Implements ndn::PolicyManager.
|
virtual |
Check if this PolicyManager has a verification rule for the received signed interest.
If the configuration file contains the trust anchor 'any', nothing is verified.
| interest | The received interest. |
Implements ndn::PolicyManager.
|
virtual |
Check if the received data packet can escape from verification and be trusted as valid.
If the configuration file contains the trust anchor 'any', nothing is verified.
| data | The received data packet. |
Implements ndn::PolicyManager.
|
virtual |
Check if the received signed interest can escape from verification and be trusted as valid.
If the configuration file contains the trust anchor 'any', nothing is verified.
| interest | The received interest. |
Implements ndn::PolicyManager.
1.8.9.1
