Classes | Public Member Functions | List of all members
ndn::nac::AccessManager Class Reference

Access Manager. More...

#include <access-manager.hpp>

Classes

class  Error
 

Public Member Functions

 AccessManager (const Identity &identity, const Name &dataset, KeyChain &keyChain, Face &face)
 
Data addMember (const Certificate &memberCert)
 Authorize a member identified by its certificate memberCert to decrypt data under the policy. More...
 
InMemoryStorage::const_iterator begin () const
 Returns begin iterator of the in-memory storage ordered by name with digest. More...
 
InMemoryStorage::const_iterator end () const
 Returns end iterator of the in-memory storage ordered by name with digest. More...
 
void removeMember (const Name &identity)
 Remove member with name identity from the group. More...
 
size_t size () const
 

Detailed Description

Access Manager.

Access Manager controls decryption policy by publishing granular per-namespace access policies in the form of key encryption (KEK, plaintext public) and key decryption (KDK, encrypted private key) key pair.

Todo:
Rolling KEK

Definition at line 38 of file access-manager.hpp.

Constructor & Destructor Documentation

◆ AccessManager()

ndn::nac::AccessManager::AccessManager ( const Identity &  identity,
const Name &  dataset,
KeyChain &  keyChain,
Face &  face 
)
Parameters
identityData owner's namespace identity (will be used to sign KEK and KDK)
datasetName of dataset that this manager is controlling
keyChainKeyChain
faceFace that will be used to publish KEK and KDKs

KEK and KDK naming: 

[identity]/NAC/[dataset]/KEK            /[key-id]                           (== KEK, public key)

[identity]/NAC/[dataset]/KDK/[key-id]   /ENCRYPTED-BY/[user]/KEY/[key-id]   (== KDK, encrypted private key)

\_____________  ______________/
              \/
     registered with NFD

AccessManager serves NAC public key for data producers to fetch and encrypted versions of private keys (as safe bags) for authorized consumers to fetch.

Definition at line 31 of file access-manager.cpp.

Member Function Documentation

◆ addMember()

Data ndn::nac::AccessManager::addMember ( const Certificate &  memberCert)

Authorize a member identified by its certificate memberCert to decrypt data under the policy.

Returns
published KDK

Definition at line 79 of file access-manager.cpp.

◆ begin()

InMemoryStorage::const_iterator ndn::nac::AccessManager::begin ( ) const
inline

Returns begin iterator of the in-memory storage ordered by name with digest.

Returns
{ const_iterator pointing to the beginning of m_cache }

Definition at line 106 of file access-manager.hpp.

◆ end()

InMemoryStorage::const_iterator ndn::nac::AccessManager::end ( ) const
inline

Returns end iterator of the in-memory storage ordered by name with digest.

Returns
{ const_iterator pointing to the end of m_cache }

Definition at line 117 of file access-manager.hpp.

◆ removeMember()

void ndn::nac::AccessManager::removeMember ( const Name &  identity)

Remove member with name identity from the group.

Definition at line 121 of file access-manager.cpp.

◆ size()

size_t ndn::nac::AccessManager::size ( ) const
inline
Returns
{ number of packets stored in in-memory storage }

Definition at line 95 of file access-manager.hpp.