0.3.2/ndn-cpp/config-policy-manager_8hpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */

 #ifndef NDN_CONFIG_POLICY_MANAGER_HPP

 #define NDN_CONFIG_POLICY_MANAGER_HPP


 #include <string>

 #include <vector>

 #include <map>

 #include <ndn-cpp/security/policy/certificate-cache.hpp>

 #include "policy-manager.hpp"


 class TestVerificationRulesFriend;


 namespace ndn {


 class BoostInfoTree;

 class BoostInfoParser;

 class IdentityCertificate;


 class ConfigPolicyManager : public PolicyManager {

 public:

   ConfigPolicyManager

     (const std::string& configFileName,

      const ptr_lib::shared_ptr<CertificateCache>& certificateCache =

      ptr_lib::shared_ptr<CertificateCache>(), int searchDepth = 5,

      Milliseconds graceInterval = 3000, Milliseconds keyTimestampTtl = 3600000,

      int maxTrackedKeys = 1000);


   virtual

   ~ConfigPolicyManager();


   virtual bool

   skipVerifyAndTrust(const Data& data);


   virtual bool

   skipVerifyAndTrust(const Interest& interest);


   virtual bool

   requireVerify(const Data& data);


   virtual bool

   requireVerify(const Interest& interest);


   virtual ptr_lib::shared_ptr<ValidationRequest>

   checkVerificationPolicy

     (const ptr_lib::shared_ptr<Data>& data, int stepCount,

      const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed);


   virtual ptr_lib::shared_ptr<ValidationRequest>

   checkVerificationPolicy

     (const ptr_lib::shared_ptr<Interest>& interest, int stepCount,

      const OnVerifiedInterest& onVerified,

      const OnVerifyInterestFailed& onVerifyFailed, WireFormat& wireFormat);


   virtual bool

   checkSigningPolicy(const Name& dataName, const Name& certificateName);


   virtual Name

   inferSigningIdentity(const Name& dataName);


 private:

   // Allow the unit tests to call private members.

   friend class ::TestVerificationRulesFriend;


   class TrustAnchorRefreshManager {

   public:

     TrustAnchorRefreshManager()

     {

     }


     static ptr_lib::shared_ptr<IdentityCertificate>

     loadIdentityCertificateFromFile(const std::string& filename);


     ptr_lib::shared_ptr<IdentityCertificate>

     getCertificate(Name certificateName) const

     {

       // Assume the timestamp is already removed.

       return certificateCache_.getCertificate(certificateName);

     }


     void

     addDirectory(const std::string& directoryName, Milliseconds refreshPeriod);


     void

     refreshAnchors();


   private:

     class DirectoryInfo {

     public:

       DirectoryInfo

         (const std::vector<std::string>& certificateNames,

          MillisecondsSince1970 nextRefresh, Milliseconds refreshPeriod)

       : certificateNames_(certificateNames), nextRefresh_(nextRefresh),

         refreshPeriod_(refreshPeriod)

       {

       }


       std::vector<std::string> certificateNames_;

       MillisecondsSince1970 nextRefresh_;

       Milliseconds refreshPeriod_;

     };


     CertificateCache certificateCache_;

     // refreshDirectories_ maps the directory name to certificate names so they

     //   can be deleted when necessary, and the next refresh time.

     std::map<std::string, ptr_lib::shared_ptr<DirectoryInfo> > refreshDirectories_;

   };


   void

   loadTrustAnchorCertificates();


   bool

   checkSignatureMatch

     (const Name& signatureName, const Name& objectName, const BoostInfoTree& rule);


   ptr_lib::shared_ptr<IdentityCertificate>

   lookupCertificate(const std::string& certID, bool isPath);


   const BoostInfoTree*

   findMatchingRule(const Name& objName, const std::string& matchType) const;


   static bool

   matchesRelation

     (const Name& name, const Name& matchName, const std::string& matchRelation);


   static ptr_lib::shared_ptr<Signature>

   extractSignature(const Interest& interest, WireFormat& wireFormat);


   bool

   interestTimestampIsFresh(const Name& keyName, MillisecondsSince1970 timestamp) const;


   void

   updateTimestampForKey(const Name& keyName, MillisecondsSince1970 timestamp);


   bool

   verify(const Signature* signatureInfo, const SignedBlob& signedBlob) const;


   ptr_lib::shared_ptr<Interest>

   getCertificateInterest

     (int stepCount, const std::string& matchType, const Name& objectName,

      const Signature* signature);


   void

   onCertificateDownloadComplete

     (const ptr_lib::shared_ptr<Data> &data,

      const ptr_lib::shared_ptr<Data> &originalData, int stepCount,

      const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed);


   void

   onCertificateDownloadCompleteForInterest

     (const ptr_lib::shared_ptr<Data> &data,

      const ptr_lib::shared_ptr<Interest> &originalInterest, int stepCount,

      const OnVerifiedInterest& onVerified,

      const OnVerifyInterestFailed& onVerifyFailed, WireFormat& wireFormat);


   ptr_lib::shared_ptr<CertificateCache> certificateCache_;

   int maxDepth_;

   Milliseconds keyGraceInterval_;

   Milliseconds keyTimestampTtl_;

   int maxTrackedKeys_;

   // fixedCertificateCache_ stores the fixed-signer certificate name associated with

   //    validation rules so we don't keep loading from files.

   std::map<std::string, std::string> fixedCertificateCache_;

   // keyTimestamps_ stores the timestamps for each public key used in command

   //   interests to avoid replay attacks.

   // key is the public key name, value is the last timestamp.

   std::map<std::string, MillisecondsSince1970> keyTimestamps_;

   ptr_lib::shared_ptr<BoostInfoParser> config_;

   bool requiresVerification_;

   TrustAnchorRefreshManager refreshManager_;

 };


 }


 #endif

ndn::Milliseconds
double Milliseconds
A time interval represented as the number of milliseconds.
Definition: common.hpp:111

ndn::ConfigPolicyManager
A ConfigPolicyManager manages trust according to a configuration file in the Validator Configuration ...
Definition: config-policy-manager.hpp:56

ndn::OnVerifyInterestFailed
func_lib::function< void(const ptr_lib::shared_ptr< Interest > &interest)> OnVerifyInterestFailed
An OnVerifyInterestFailed function object is used to pass a callback to verifyInterest to report a fa...
Definition: validation-request.hpp:52

ndn
Copyright (C) 2013-2015 Regents of the University of California.
Definition: common.hpp:35

ndn::OnVerifiedInterest
func_lib::function< void(const ptr_lib::shared_ptr< Interest > &interest)> OnVerifiedInterest
An OnVerifiedInterest function object is used to pass a callback to verifyInterest to report a succes...
Definition: validation-request.hpp:45

ndn::ConfigPolicyManager::checkVerificationPolicy
virtual ptr_lib::shared_ptr< ValidationRequest > checkVerificationPolicy(const ptr_lib::shared_ptr< Data > &data, int stepCount, const OnVerified &onVerified, const OnVerifyFailed &onVerifyFailed)
Check whether the received data packet complies with the verification policy, and get the indication ...

ndn::ConfigPolicyManager::skipVerifyAndTrust
virtual bool skipVerifyAndTrust(const Data &data)
Check if the received data packet can escape from verification and be trusted as valid.

ndn::Data
Definition: data.hpp:36

ndn::ConfigPolicyManager::requireVerify
virtual bool requireVerify(const Data &data)
Check if this PolicyManager has a verification rule for the received data.

ndn::OnVerified
func_lib::function< void(const ptr_lib::shared_ptr< Data > &data)> OnVerified
An OnVerified function object is used to pass a callback to verifyData to report a successful verific...
Definition: validation-request.hpp:33

ndn::BoostInfoTree
BoostInfoTree is provided for compatibility with the Boost INFO property list format used in ndn-cxx...
Definition: boost-info-parser.hpp:45

ndn::ConfigPolicyManager::ConfigPolicyManager
ConfigPolicyManager(const std::string &configFileName, const ptr_lib::shared_ptr< CertificateCache > &certificateCache=ptr_lib::shared_ptr< CertificateCache >(), int searchDepth=5, Milliseconds graceInterval=3000, Milliseconds keyTimestampTtl=3600000, int maxTrackedKeys=1000)
Create a new ConfigPolicyManager which acts on the rules specified in the configuration file and down...

ndn::ConfigPolicyManager::inferSigningIdentity
virtual Name inferSigningIdentity(const Name &dataName)
Infer the signing identity name according to the policy.

ndn::ConfigPolicyManager::~ConfigPolicyManager
virtual ~ConfigPolicyManager()
The virtual destructor.

ndn::Name
A Name holds an array of Name::Component and represents an NDN name.
Definition: name.hpp:42

ndn::Signature
A Signature is an abstract base class providing methods to work with the signature information in a D...
Definition: signature.hpp:36

ndn::Interest
An Interest holds a Name and other fields for an interest.
Definition: interest.hpp:41

TestVerificationRulesFriend
TestVerificationRulesFriend is a friend of ConfigPolicyManager so we can call its private members thr...
Definition: test-verification-rules.cpp:140

ndn::MillisecondsSince1970
double MillisecondsSince1970
The calendar time represented as the number of milliseconds since 1/1/1970.
Definition: common.hpp:116

ndn::OnVerifyFailed
func_lib::function< void(const ptr_lib::shared_ptr< Data > &data)> OnVerifyFailed
An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verific...
Definition: validation-request.hpp:38

ndn::ConfigPolicyManager::checkSigningPolicy
virtual bool checkSigningPolicy(const Name &dataName, const Name &certificateName)
Override to always indicate that the signing certificate name and data name satisfy the signing polic...

ndn::SignedBlob
A SignedBlob extends Blob to keep the offsets of a signed portion (e.g., the bytes of Data packet)...
Definition: signed-blob.hpp:34

ndn::WireFormat
Definition: wire-format.hpp:37

ndn::PolicyManager
A PolicyManager is an abstract base class to represent the policy for verifying data packets...
Definition: policy-manager.hpp:37

ndn::CertificateCache
A CertificateCache is used to save other users' certificate during verification.
Definition: certificate-cache.hpp:36