Access Manager. More...
#include <access-manager.hpp>
Classes | |
class | Error |
Public Member Functions | |
AccessManager (const Identity &identity, const Name &dataset, KeyChain &keyChain, Face &face) | |
Data | addMember (const Certificate &memberCert) |
Authorize a member identified by its certificate memberCert to decrypt data under the policy. More... | |
InMemoryStorage::const_iterator | begin () const |
Returns begin iterator of the in-memory storage ordered by name with digest. More... | |
InMemoryStorage::const_iterator | end () const |
Returns end iterator of the in-memory storage ordered by name with digest. More... | |
void | removeMember (const Name &identity) |
Remove member with name identity from the group. More... | |
size_t | size () const |
Access Manager.
Access Manager controls decryption policy by publishing granular per-namespace access policies in the form of key encryption (KEK, plaintext public) and key decryption (KDK, encrypted private key) key pair.
Definition at line 38 of file access-manager.hpp.
ndn::nac::AccessManager::AccessManager | ( | const Identity & | identity, |
const Name & | dataset, | ||
KeyChain & | keyChain, | ||
Face & | face | ||
) |
identity | Data owner's namespace identity (will be used to sign KEK and KDK) |
dataset | Name of dataset that this manager is controlling |
keyChain | KeyChain |
face | Face that will be used to publish KEK and KDKs |
KEK and KDK naming:
[identity]/NAC/[dataset]/KEK /[key-id] (== KEK, public key) [identity]/NAC/[dataset]/KDK/[key-id] /ENCRYPTED-BY/[user]/KEY/[key-id] (== KDK, encrypted private key) \_____________ ______________/ \/ registered with NFD
AccessManager serves NAC public key for data producers to fetch and encrypted versions of private keys (as safe bags) for authorized consumers to fetch.
Definition at line 31 of file access-manager.cpp.
Data ndn::nac::AccessManager::addMember | ( | const Certificate & | memberCert | ) |
Authorize a member identified by its certificate memberCert
to decrypt data under the policy.
Definition at line 79 of file access-manager.cpp.
|
inline |
Returns begin iterator of the in-memory storage ordered by name with digest.
Definition at line 106 of file access-manager.hpp.
|
inline |
Returns end iterator of the in-memory storage ordered by name with digest.
Definition at line 117 of file access-manager.hpp.
void ndn::nac::AccessManager::removeMember | ( | const Name & | identity | ) |
Remove member with name identity
from the group.
Definition at line 121 of file access-manager.cpp.
|
inline |
Definition at line 95 of file access-manager.hpp.