/** * Copyright (C) 2018 Regents of the University of California. * @author: Jeff Thompson <jefft0@remap.ucla.edu> * @author: From ndn-cxx security https://github.com/named-data/ndn-cxx/blob/master/src/security/v2/certificate-storage.hpp * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * A copy of the GNU Lesser General Public License is in the file COPYING. *//** @ignore */var Name = require('../../name.js').Name; /** @ignore */var TrustAnchorContainer = require('./trust-anchor-container.js').TrustAnchorContainer; /** @ignore */var CertificateV2 = require('./certificate-v2.js').CertificateV2; /** @ignore */var CertificateCacheV2 = require('./certificate-cache-v2.js').CertificateCacheV2;/** * The CertificateStorage class stores trusted anchors and has a verified * certificate cache, and an unverified certificate cache. * * @constructor */var CertificateStorage = function CertificateStorage(){ this.trustAnchors_ = new TrustAnchorContainer(); this.verifiedCertificateCache_ = new CertificateCacheV2(3600 * 1000.0); this.unverifiedCertificateCache_ = new CertificateCacheV2(300 * 1000.0);};exports.CertificateStorage = CertificateStorage;/** * Find a trusted certificate in the trust anchor container or in the * verified cache. * @param {Interest} interestForCertificate The Interest for the certificate. * @return {CertificateV2} The found certificate, or null if not found. */CertificateStorage.prototype.findTrustedCertificate = function (interestForCertificate){ var certificate = this.trustAnchors_.find(interestForCertificate); if (certificate != null) return certificate; certificate = this.verifiedCertificateCache_.find(interestForCertificate); return certificate;};/** * Check if the certificate with the given name prefix exists in the verified * cache, the unverified cache, or in the set of trust anchors. * @param {Name} certificatePrefix The certificate name prefix. * @return {boolean} True if the certificate is known. */CertificateStorage.prototype.isCertificateKnown = function(certificatePrefix){ return this.trustAnchors_.find(certificatePrefix) != null || this.verifiedCertificateCache_.find(certificatePrefix) != null || this.unverifiedCertificateCache_.find(certificatePrefix) != null;};/** * Cache the unverified certificate for a period of time (5 minutes). * @param {CertificateV2} certificate The certificate packet, which is copied. */CertificateStorage.prototype.cacheUnverifiedCertificate = function(certificate){ this.unverifiedCertificateCache_.insert(certificate);};/** * Get the trust anchor container. * @return {TrustAnchorContainer} The trust anchor container. */CertificateStorage.prototype.getTrustAnchors = function(){ return this.trustAnchors_;};/** * Get the verified certificate cache. * @return {CertificateCacheV2} The verified certificate cache. */CertificateStorage.prototype.getVerifiedCertificateCache = function(){ return this.verifiedCertificateCache_;};/** * Get the unverified certificate cache. * @return {CertificateCacheV2} The unverified certificate cache. */CertificateStorage.prototype.getUnverifiedCertificateCache = function(){ return this.unverifiedCertificateCache_;};/** * There are two forms of loadAnchor: * loadAnchor(groupId, certificate) - Load a static trust anchor. Static trust * anchors are permanently associated with the validator and never expire. * loadAnchor(groupId, path, refreshPeriod, isDirectory) - Load dynamic trust * anchors. Dynamic trust anchors are associated with the validator for as long * as the underlying trust anchor file (or set of files) exists. * @param {String} groupId The certificate group id. * @param {CertificateV2} certificate The certificate to load as a trust anchor, * which is copied. * @param {String} path The path to load the trust anchors. * @param {number} refreshPeriod The refresh time in milliseconds for the * anchors under path. This must be positive. The relevant trust anchors will * only be updated when find is called. * @param {boolean} isDirectory (optional) If true, then path is a directory. * If false or omitted, it is a single file. */CertificateStorage.prototype.loadAnchor = function (groupId, certificateOrPath, refreshPeriod, isDirectory){ this.trustAnchors_.insert (groupId, certificateOrPath, refreshPeriod, isDirectory);};/** * Remove any previously loaded static or dynamic trust anchors. */CertificateStorage.prototype.resetAnchors = function(){ this.trustAnchors_.clear();};/** * Cache the verified certificate a period of time (1 hour). * @param {CertificateV2} certificate The certificate object, which is copied. */CertificateStorage.prototype.cacheVerifiedCertificate = function(certificate){ this.verifiedCertificateCache_.insert(certificate);};/** * Remove any cached verified certificates. */CertificateStorage.prototype.resetVerifiedCertificates = function(){ this.verifiedCertificateCache_.clear();};/** * Set the offset when the cache insert() and refresh() get the current time, * which should only be used for testing. * @param {number} nowOffsetMilliseconds The offset in milliseconds. */CertificateStorage.prototype.setCacheNowOffsetMilliseconds_ = function (nowOffsetMilliseconds){ this.verifiedCertificateCache_.setNowOffsetMilliseconds_(nowOffsetMilliseconds); this.unverifiedCertificateCache_.setNowOffsetMilliseconds_(nowOffsetMilliseconds);};