new ValidationState()
ValidationState is an abstract base class for DataValidationState and
InterestValidationState.
One instance of the validation state is kept for the validation of the whole
certificate chain.
The state collects the certificate chain that adheres to the selected
validation policy to validate data or interest packets. Certificate, data,
and interest packet signatures are verified only after the validator
determines that the chain terminates with a trusted certificate (a trusted
anchor or a previously validated certificate). This model allows filtering
out invalid certificate chains without incurring (costly) cryptographic
signature verification overhead and mitigates some forms of denial-of-service
attacks.
A validation policy and/or key fetcher may add custom information associated
with the validation state using tags.
- Source:
Members
certificateChain_
Each certificate in the chain signs the next certificate. The last
certificate signs the original packet.
- Source:
Methods
addCertificate(certificate)
Add the certificate to the top of the certificate chain.
If the certificate chain is empty, then the certificate should be the
signer of the original packet. If the certificate chain is not empty, then
the certificate should be the signer of the front of the certificate chain.
Parameters:
| Name | Type | Description |
|---|---|---|
certificate |
CertificateV2 | The certificate to add, which is copied. |
- Source:
bypassValidation_()
Call the success callback of the original packet without signature
validation. This is only called by the Validator class.
- Source:
fail(error)
Call the failure callback.
Parameters:
| Name | Type | Description |
|---|---|---|
error |
ValidationError |
- Source:
getDepth() → {number}
Get the depth of the certificate chain.
- Source:
Returns:
The depth of the certificate chain.
- Type
- number
hasOutcome() → {boolean}
Check if validation failed or success has been called.
- Source:
Returns:
True if validation failed or success has been called.
- Type
- boolean
hasSeenCertificateName(certificateName) → {boolean}
Check if certificateName has been previously seen, and record the supplied
name.
Parameters:
| Name | Type | Description |
|---|---|---|
certificateName |
Name | The certificate name, which is copied. |
- Source:
Returns:
True if certificateName has been previously seen.
- Type
- boolean
isOutcomeFailed() → {boolean}
Check if validation failed has been called.
- Source:
Returns:
True if validation failed has been called, false if no
validation callbacks have been called or validation success was called.
- Type
- boolean
isOutcomeSuccess() → {boolean}
Check if validation success has been called.
- Source:
Returns:
True if validation success has been called, false if no
validation callbacks have been called or validation failed was called.
- Type
- boolean
setOutcome(outcome)
Set the outcome to the given value, and set hasOutcome_ true.
Parameters:
| Name | Type | Description |
|---|---|---|
outcome |
boolean | The outcome. |
- Source:
Throws:
Error If this ValidationState already has an outcome.
verifyCertificateChainPromise_(trustedCertificate) → {Promise|SyncPromise}
Verify signatures of certificates in the certificate chain. On return, the
certificate chain contains a list of certificates successfully verified by
trustedCertificate.
When the certificate chain cannot be verified, this method will call
fail() with the INVALID_SIGNATURE error code and the appropriate message.
This is only called by the Validator class.
Parameters:
| Name | Type | Description |
|---|---|---|
trustedCertificate |
CertificateV2 |
- Source:
Returns:
A promise which returns the CertificateV2 to
validate the original data packet, either the last entry in the certificate
chain or trustedCertificate if the certificate chain is empty. However,
return a promise which returns null if the signature of at least one
certificate in the chain is invalid, in which case all unverified
certificates have been removed from the certificate chain.
- Type
- Promise | SyncPromise
verifyOriginalPacketPromise_(trustedCertificate) → {Promise|SyncPromise}
Verify the signature of the original packet. This is only called by the
Validator class.
Parameters:
| Name | Type | Description |
|---|---|---|
trustedCertificate |
CertificateV2 | The certificate that signs the original packet. |
- Source:
Returns:
A promise that resolves when the success or
failure callback has been called.
- Type
- Promise | SyncPromise