pyndn.security.v2.validator_config package

Submodules

pyndn.security.v2.validator_config.config_checker module

This module defines the ConfigChecker class which is an abstract base class for ConfigNameRelationChecker, etc. (also in this module) used by ValidatorConfig to check if a packet name and KeyLocator satisfy the conditions in a configuration section.

class pyndn.security.v2.validator_config.config_checker.ConfigChecker[source]

Bases: object

check(isForInterest, packetName, keyLocatorName, state)[source]

Check if the packet name ane KeyLocator name satisfy this checker’s conditions.

Parameters:
  • isForInterest (bool) – True if packetName is for an Interest, False if for a Data packet.
  • packetName (Name) – The packet name. For a signed interest, the last two components are skipped but not removed.
  • keyLocatorName (Name) – The KeyLocator’s name.
  • state (ValidationState) – This calls state.fail() if the packet is invalid.
Returns:

True if further signature verification is needed, or False if the packet is immediately determined to be invalid in which case this calls state.fail() with the proper code and message.
Return type:

bool
checkNames(packetName, keyLocatorName, state)[source]

Check if the packet name ane KeyLocator name satisfy this checker’s conditions.

Parameters:
  • packetName (Name) – The packet name, which is already stripped of signature components if this is a signed Interest name.
  • keyLocatorName (Name) – The KeyLocator’s name.
  • state (ValidationState) – This calls state.fail() if the packet is invalid.
Returns:

True if further signature verification is needed, or False if the packet is immediately determined to be invalid in which case this calls state.fail() with the proper code and message.
Return type:

bool
static create(configSection)[source]

Create a checker from the configuration section.

Parameters:configSection (BoostInfoTree) – The section containing the definition of the checker, e.g. one of “validation.rule.checker”.
Returns:A new checker created from the configuration section.
Return type:ConfigChecker
class pyndn.security.v2.validator_config.config_checker.ConfigHyperRelationChecker(packetNameRegexString, packetNameExpansion, keyNameRegexString, keyNameExpansion, hyperRelation)[source]

Bases: pyndn.security.v2.validator_config.config_checker.ConfigChecker

Parameters:
  • packetNameRegexString (str) –
  • packetNameExpansion (str) –
  • keyNameRegexString (str) –
  • keyNameExpansion (str) –
  • hyperRelation (int) – The value for the ConfigNameRelation.Relation enum.
checkNames(packetName, keyLocatorName, state)[source]
Parameters:
Return type:

bool
class pyndn.security.v2.validator_config.config_checker.ConfigNameRelationChecker(name, relation)[source]

Bases: pyndn.security.v2.validator_config.config_checker.ConfigChecker

Parameters:
  • name (Name) –
  • relation (int) – The value for the ConfigNameRelation.Relation enum.
checkNames(packetName, keyLocatorName, state)[source]
Parameters:
Return type:

bool
class pyndn.security.v2.validator_config.config_checker.ConfigRegexChecker(regexString)[source]

Bases: pyndn.security.v2.validator_config.config_checker.ConfigChecker

Parameters:regexString (str) –
checkNames(packetName, keyLocatorName, state)[source]
Parameters:
Return type:

bool

pyndn.security.v2.validator_config.config_filter module

This module defines the ConfigFilter class which is an abstract base class for RegexNameFilter, etc. (also in this module) used by ValidatorConfig. The ValidatorConfig class consists of a set of rules. The Filter class is a part of a rule and is used to match a packet. Matched packets will be checked against the checkers defined in the rule.

class pyndn.security.v2.validator_config.config_filter.ConfigFilter[source]

Bases: object

static create(configSection)[source]

Create a filter from the configuration section.

Parameters:configSection (BoostInfoTree) – The section containing the definition of the filter, e.g. one of “validator.rule.filter”.
Returns:A new filter created from the configuration section.
Return type:ConfigFilter
match(isForInterest, packetName)[source]

Call the virtual matchName method based on the packet type.

Parameters:
  • isForInterest (bool) – True if packetName is for an Interest, False if for a Data packet.
  • packetName (Name) – The packet name. For a signed interest, the last two components are skipped but not removed.
Returns:

True for a match.
Return type:

bool
matchName(packetName)[source]

Implementation of the check for match.

Parameters:packetName (Name) – The packet name, which is already stripped of signature components if this is a signed Interest name.
Returns:True for a match.
Return type:bool
class pyndn.security.v2.validator_config.config_filter.ConfigRegexNameFilter(regexString)[source]

Bases: pyndn.security.v2.validator_config.config_filter.ConfigFilter

ConfigRegexNameFilter extends ConfigFilter to check that the packet name matches the specified regular expression. The configuration {@code “filter { type name regex ^[^<KEY>]*<KEY><>*<ksk-.*>$ }”} creates {@code ConfigRegexNameFilter(“^[^<KEY>]*<KEY><>*<ksk-.*>$”) }.

Parameters:regexString (str) – The regex string.
matchName(packetName)[source]

Implementation of the check for match.

Parameters:packetName (Name) – The packet name, which is already stripped of signature components if this is a signed Interest name.
Returns:True for a match.
Return type:bool
class pyndn.security.v2.validator_config.config_filter.ConfigRelationNameFilter(name, relation)[source]

Bases: pyndn.security.v2.validator_config.config_filter.ConfigFilter

ConfigRelationNameFilter extends ConfigFilter to check that the name is in the given relation to the packet name. The configuration “filter { type name name /example relation is-prefix-of }” creates ConfigRelationNameFilter(“/example”, ConfigNameRelation.Relation.IS_PREFIX_OF) .

Parameters:
  • name (Name) – The relation name, which is copied.
  • relation (int) – The relation type as a ConfigNameRelation.Relation enum.
matchName(packetName)[source]

Implementation of the check for match.

Parameters:packetName (Name) – The packet name, which is already stripped of signature components if this is a signed Interest name.
Returns:True for a match.
Return type:bool

pyndn.security.v2.validator_config.config_name_relation module

This module defines the ConfigNameRelation class which defines the ConfigNameRelation.Relation enum and static methods to work with name relations for the ValidatorConfig.

class pyndn.security.v2.validator_config.config_name_relation.ConfigNameRelation[source]

Bases: object

class Relation[source]

Bases: object

EQUAL = 0
IS_PREFIX_OF = 1
IS_STRICT_PREFIX_OF = 2
static checkNameRelation(relation, name1, name2)[source]

Check whether name1 and name2 satisfy the relation.

Parameters:
  • relation (int) – The value for the ConfigNameRelation.Relation enum.
  • name1 (Name) – The first name to check.
  • name2 (Name) – The second name to check.
Returns:

True if the names satisfy the relation.
Return type:

bool
static getNameRelationFromString(relationString)[source]

Convert relationString to a Relation enum.

Parameters:relationString (str) – the string to convert.
Returns:The value for the ConfigNameRelation.Relation enum.
Return type:int
Raises:ValidatorConfigError if relationString cannot be converted.
static toString(relation)[source]

Get a string representation of the Relation enum.

Parameters:relation (int) – The value for the ConfigNameRelation.Relation enum.
Returns:The string representation.
Return type:str

pyndn.security.v2.validator_config.config_rule module

This module defines the ConfigRule class which represents a rule configuration section, used by ConfigValidator.

class pyndn.security.v2.validator_config.config_rule.ConfigRule(id, isForInterest)[source]

Bases: object

Create a ConfigRule with empty filters and checkers.

Parameters:
  • id (str) – The rule ID from the configuration section.
  • isForInterest (bool) – True if the rule is for an Interest packet, False if it is for a Data packet.
addChecker(checker)[source]

Add the ConfigChecker to the list of checkers.

Parameters:checker (ConfigChecker) – The ConfigChecker.
addFilter(filter)[source]

Add the ConfigFilter to the list of filters.

Parameters:filter (ConfigFilter) – The ConfigFilter.
check(isForInterest, packetName, keyLocatorName, state)[source]

Check if the packet satisfies the rule’s condition.

Parameters:
  • isForInterest (bool) – True if packetName is for an Interest, False if for a Data packet.
  • packetName (Name) – The packet name. For a signed interest, the last two components are skipped but not removed.
  • keyLocatorName (Name) – The KeyLocator’s name.
  • state (ValidationState) – This calls state.fail() if the packet is invalid.
Returns:

True if further signature verification is needed, or False if the packet is immediately determined to be invalid in which case this calls state.fail() with the proper code and message.
Return type:

bool
Raises:

ValidatorConfigError if the supplied isForInterest doesn’t match the one for which the rule is designed.
static create(configSection)[source]

Create a rule from configuration section.

Parameters:configSection (BoostInfoTree) – The section containing the definition of the checker, e.g. one of “validator.rule”.
Returns:A new ConfigRule created from the configuration.
Return type:ConfigRule
getId()[source]

Get the rule ID.

Returns:The rule ID.
Return type:bool
getIsForInterest()[source]

Get the isForInterest flag.

Returns:True if the rule is for an Interest packet, False if it is for a Data packet.
Return type:bool
match(isForInterest, packetName)[source]

Check if the packet name matches the rule’s filter. If no filters were added, the rule matches everything.

Parameters:
  • isForInterest (bool) – True if packetName is for an Interest, False if for a Data packet.
  • packetName (Name) – The packet name. For a signed interest, the last two components are skipped but not removed.
Returns:

True if at least one filter matches the packet name, False if none of the filters match the packet name.
Return type:

bool
Raises:

ValidatorConfigError if the supplied isForInterest doesn’t match the one for which the rule is designed.

Module contents