ConfigPolicyManager (jndn 0.22 API)

java.lang.Object
- net.named_data.jndn.security.policy.PolicyManager
- - net.named_data.jndn.security.policy.ConfigPolicyManager

```
public class ConfigPolicyManager
extends PolicyManager
```
A ConfigPolicyManager manages trust according to a configuration file in the Validator Configuration File Format (http://redmine.named-data.net/projects/ndn-cxx/wiki/CommandValidatorConf) Once a rule is matched, the ConfigPolicyManager looks in the CertificateCache for the certificate matching the name in the KeyLocator and uses its public key to verify the data packet or signed interest. If the certificate can't be found, it is downloaded, verified and installed. A chain of certificates will be followed to a maximum depth. If the new certificate is accepted, it is used to complete the verification. The KeyLocators of data packets and signed interests MUST contain a name for verification to succeed.

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`static interface`	`ConfigPolicyManager.Friend` A class implements Friend if it has a method setConfigPolicyManagerFriendAccess which setFriendAccess calls to set the FriendAccess object.
`static class`	`ConfigPolicyManager.FriendAccess` A friend class can call the methods of FriendAccess to access private methods.

Constructor Summary

Constructors
Constructor and Description
`ConfigPolicyManager()` Create a new ConfigPolicyManager which will act on the rules specified in the configuration and download unknown certificates when necessary.
`ConfigPolicyManager(String configFileName)` This creates a security v1 PolicyManager to verify certificates in format v1.
`ConfigPolicyManager(String configFileName, CertificateCache certificateCache)`
`ConfigPolicyManager(String configFileName, CertificateCache certificateCache, int searchDepth)`
`ConfigPolicyManager(String configFileName, CertificateCache certificateCache, int searchDepth, double graceInterval)`
`ConfigPolicyManager(String configFileName, CertificateCache certificateCache, int searchDepth, double graceInterval, double keyTimestampTtl)`
`ConfigPolicyManager(String configFileName, CertificateCache certificateCache, int searchDepth, double graceInterval, double keyTimestampTtl, int maxTrackedKeys)` Create a new ConfigPolicyManager which will act on the rules specified in the configuration and download unknown certificates when necessary.
`ConfigPolicyManager(String configFileName, CertificateCacheV2 certificateCache)`
`ConfigPolicyManager(String configFileName, CertificateCacheV2 certificateCache, int searchDepth)`
`ConfigPolicyManager(String configFileName, CertificateCacheV2 certificateCache, int searchDepth, double graceInterval)`
`ConfigPolicyManager(String configFileName, CertificateCacheV2 certificateCache, int searchDepth, double graceInterval, double keyTimestampTtl)`
`ConfigPolicyManager(String configFileName, CertificateCacheV2 certificateCache, int searchDepth, double graceInterval, double keyTimestampTtl, int maxTrackedKeys)` Create a new ConfigPolicyManager which will act on the rules specified in the configuration and download unknown certificates when necessary.

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`checkSigningPolicy(Name dataName, Name certificateName)` Override to always indicate that the signing certificate name and data name satisfy the signing policy.
`ValidationRequest`	`checkVerificationPolicy(Data data, int stepCount, OnVerified onVerified, OnDataValidationFailed onValidationFailed)` Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.
`ValidationRequest`	`checkVerificationPolicy(Interest interest, int stepCount, OnVerifiedInterest onVerified, OnInterestValidationFailed onValidationFailed, WireFormat wireFormat)` Check whether the received signed interest complies with the verification policy, and get the indication of the next verification step.
`Name`	`inferSigningIdentity(Name dataName)` Infer the signing identity name according to the policy.
`void`	`load(String configFileName)` Call reset() and load the configuration rules from the file.
`void`	`load(String input, String inputName)` Call reset() and load the configuration rules from the input.
`boolean`	`requireVerify(Data data)` Check if this PolicyManager has a verification rule for the received data.
`boolean`	`requireVerify(Interest interest)` Check if this PolicyManager has a verification rule for the received signed interest.
`void`	`reset()` Reset the certificate cache and other fields to the constructor state.
`static void`	`setFriendAccess(ConfigPolicyManager.Friend friend)` Call friend.setConfigPolicyManagerFriendAccess to pass an instance of a FriendAccess class to allow a friend class to call private methods.
`boolean`	`skipVerifyAndTrust(Data data)` Check if the received data packet can escape from verification and be trusted as valid.
`boolean`	`skipVerifyAndTrust(Interest interest)` Check if the received signed interest can escape from verification and be trusted as valid.

Methods inherited from class net.named_data.jndn.security.policy.PolicyManager
checkVerificationPolicy, verifySignature

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - ConfigPolicyManager
```
public ConfigPolicyManager(String configFileName,
                           CertificateCache certificateCache,
                           int searchDepth,
                           double graceInterval,
                           double keyTimestampTtl,
                           int maxTrackedKeys)
                    throws IOException,
                           SecurityException,
                           CertificateV2.Error
```
    Create a new ConfigPolicyManager which will act on the rules specified in the configuration and download unknown certificates when necessary. This creates a security v1 PolicyManager to verify certificates in format v1. To verify certificate format v2, use the ConfigPolicyManager with a CertificateCacheV2.
    
    Parameters:
    
    configFileName - (optional) If not null or empty, the path to the configuration file containing verification rules. Otherwise, you should separately call load().
    
    certificateCache - (optional) A CertificateCache to hold known certificates. If omitted, then create an internal CertificateCache.
    
    searchDepth - (optional) The maximum number of links to follow when verifying a certificate chain.
    
    graceInterval - (optional) The window of time difference (in milliseconds) allowed between the timestamp of the first interest signed with a new public key and the validation time. If omitted, use a default value.
    
    keyTimestampTtl - (optional) How long a public key's last-used timestamp is kept in the store (milliseconds). If omitted, use a default value.
    
    maxTrackedKeys - (optional) The maximum number of public key use timestamps to track. If omitted, use a default.
    
    Throws:
    
    IOException
    
    SecurityException
    
    CertificateV2.Error
  - ConfigPolicyManager
```
public ConfigPolicyManager(String configFileName,
                           CertificateCache certificateCache,
                           int searchDepth,
                           double graceInterval,
                           double keyTimestampTtl)
                    throws IOException,
                           SecurityException,
                           CertificateV2.Error
```
    Throws:
    
    IOException
    
    SecurityException
    
    CertificateV2.Error
  - ConfigPolicyManager
```
public ConfigPolicyManager(String configFileName,
                           CertificateCache certificateCache,
                           int searchDepth,
                           double graceInterval)
                    throws IOException,
                           SecurityException,
                           CertificateV2.Error
```
    Throws:
    
    IOException
    
    SecurityException
    
    CertificateV2.Error
  - ConfigPolicyManager
```
public ConfigPolicyManager(String configFileName,
                           CertificateCache certificateCache,
                           int searchDepth)
                    throws IOException,
                           SecurityException,
                           CertificateV2.Error
```
    Throws:
    
    IOException
    
    SecurityException
    
    CertificateV2.Error
  - ConfigPolicyManager
```
public ConfigPolicyManager(String configFileName,
                           CertificateCache certificateCache)
                    throws IOException,
                           SecurityException,
                           CertificateV2.Error
```
    Throws:
    
    IOException
    
    SecurityException
    
    CertificateV2.Error
  - ConfigPolicyManager
```
public ConfigPolicyManager(String configFileName)
                    throws IOException,
                           SecurityException,
                           CertificateV2.Error
```
    This creates a security v1 PolicyManager to verify certificates in format v1. To verify certificate format v2, use the ConfigPolicyManager with a CertificateCacheV2.
    
    Throws:
    
    IOException
    
    SecurityException
    
    CertificateV2.Error
  - ConfigPolicyManager
```
public ConfigPolicyManager()
```
    Create a new ConfigPolicyManager which will act on the rules specified in the configuration and download unknown certificates when necessary. Use default parameter values. You must call load(). This creates a security v1 PolicyManager to verify certificates in format v1. To verify certificate format v2, use the ConfigPolicyManager with a CertificateCacheV2.
  - ConfigPolicyManager
```
public ConfigPolicyManager(String configFileName,
                           CertificateCacheV2 certificateCache,
                           int searchDepth,
                           double graceInterval,
                           double keyTimestampTtl,
                           int maxTrackedKeys)
                    throws IOException,
                           SecurityException,
                           CertificateV2.Error
```
    Create a new ConfigPolicyManager which will act on the rules specified in the configuration and download unknown certificates when necessary. This uses certificate format v2.
    
    Parameters:
    
    configFileName - (optional) If not null or empty, the path to the configuration file containing verification rules. Otherwise, you should separately call load().
    
    certificateCache - A CertificateCacheV2 to hold known certificates.
    
    searchDepth - (optional) The maximum number of links to follow when verifying a certificate chain.
    
    graceInterval - (optional) The window of time difference (in milliseconds) allowed between the timestamp of the first interest signed with a new public key and the validation time. If omitted, use a default value.
    
    keyTimestampTtl - (optional) How long a public key's last-used timestamp is kept in the store (milliseconds). If omitted, use a default value.
    
    maxTrackedKeys - (optional) The maximum number of public key use timestamps to track. If omitted, use a default.
    
    Throws:
    
    IOException
    
    SecurityException
    
    CertificateV2.Error
  - ConfigPolicyManager
```
public ConfigPolicyManager(String configFileName,
                           CertificateCacheV2 certificateCache,
                           int searchDepth,
                           double graceInterval,
                           double keyTimestampTtl)
                    throws IOException,
                           SecurityException,
                           CertificateV2.Error
```
    Throws:
    
    IOException
    
    SecurityException
    
    CertificateV2.Error
  - ConfigPolicyManager
```
public ConfigPolicyManager(String configFileName,
                           CertificateCacheV2 certificateCache,
                           int searchDepth,
                           double graceInterval)
                    throws IOException,
                           SecurityException,
                           CertificateV2.Error
```
    Throws:
    
    IOException
    
    SecurityException
    
    CertificateV2.Error
  - ConfigPolicyManager
```
public ConfigPolicyManager(String configFileName,
                           CertificateCacheV2 certificateCache,
                           int searchDepth)
                    throws IOException,
                           SecurityException,
                           CertificateV2.Error
```
    Throws:
    
    IOException
    
    SecurityException
    
    CertificateV2.Error
  - ConfigPolicyManager
```
public ConfigPolicyManager(String configFileName,
                           CertificateCacheV2 certificateCache)
                    throws IOException,
                           SecurityException,
                           CertificateV2.Error
```
    Throws:
    
    IOException
    
    SecurityException
    
    CertificateV2.Error
- Method Detail
  - reset
```
public final void reset()
```
    Reset the certificate cache and other fields to the constructor state.
  - load
```
public final void load(String configFileName)
                throws IOException,
                       SecurityException,
                       CertificateV2.Error
```
    Call reset() and load the configuration rules from the file.
    
    Parameters:
    
    configFileName - The path to the configuration file containing the verification rules.
    
    Throws:
    
    IOException
    
    SecurityException
    
    CertificateV2.Error
  - load
```
public void load(String input,
                 String inputName)
          throws IOException,
                 SecurityException,
                 CertificateV2.Error
```
    Call reset() and load the configuration rules from the input.
    
    Parameters:
    
    input - The contents of the configuration rules, with lines separated by "\n" or "\r\n".
    
    inputName - Used for log messages, etc.
    
    Throws:
    
    IOException
    
    SecurityException
    
    CertificateV2.Error
  - skipVerifyAndTrust
```
public final boolean skipVerifyAndTrust(Data data)
```
    Check if the received data packet can escape from verification and be trusted as valid. If the configuration file contains the trust anchor 'any', nothing is verified.
    
    Specified by:
    
    skipVerifyAndTrust in class PolicyManager
    
    Parameters:
    
    data - The received data packet.
    
    Returns:
    
    true if the data does not need to be verified to be trusted as valid, otherwise false.
  - skipVerifyAndTrust
```
public final boolean skipVerifyAndTrust(Interest interest)
```
    Check if the received signed interest can escape from verification and be trusted as valid. If the configuration file contains the trust anchor 'any', nothing is verified.
    
    Specified by:
    
    skipVerifyAndTrust in class PolicyManager
    
    Parameters:
    
    interest - The received interest.
    
    Returns:
    
    true if the interest does not need to be verified to be trusted as valid, otherwise false.
  - requireVerify
```
public final boolean requireVerify(Data data)
```
    Check if this PolicyManager has a verification rule for the received data. If the configuration file contains the trust anchor 'any', nothing is verified.
    
    Specified by:
    
    requireVerify in class PolicyManager
    
    Parameters:
    
    data - The received data packet.
    
    Returns:
    
    true if the data must be verified, otherwise false.
  - requireVerify
```
public final boolean requireVerify(Interest interest)
```
    Check if this PolicyManager has a verification rule for the received signed interest. If the configuration file contains the trust anchor 'any', nothing is verified.
    
    Specified by:
    
    requireVerify in class PolicyManager
    
    Parameters:
    
    interest - The received interest.
    
    Returns:
    
    true if the interest must be verified, otherwise false.
  - checkVerificationPolicy
```
public final ValidationRequest checkVerificationPolicy(Data data,
                                                       int stepCount,
                                                       OnVerified onVerified,
                                                       OnDataValidationFailed onValidationFailed)
                                                throws SecurityException
```
    Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.
    
    Specified by:
    
    checkVerificationPolicy in class PolicyManager
    
    Parameters:
    
    data - The Data object with the signature to check.
    
    stepCount - The number of verification steps that have been done, used to track the verification progress.
    
    onVerified - If the signature is verified, this calls onVerified.onVerified(data). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.
    
    onValidationFailed - If the signature check fails, this calls onValidationFailed.onDataValidationFailed(data, reason). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.
    
    Returns:
    
    the indication of next verification step, null if there is no further step.
    
    Throws:
    
    SecurityException
  - checkVerificationPolicy
```
public final ValidationRequest checkVerificationPolicy(Interest interest,
                                                       int stepCount,
                                                       OnVerifiedInterest onVerified,
                                                       OnInterestValidationFailed onValidationFailed,
                                                       WireFormat wireFormat)
                                                throws SecurityException
```
    Check whether the received signed interest complies with the verification policy, and get the indication of the next verification step.
    
    Specified by:
    
    checkVerificationPolicy in class PolicyManager
    
    Parameters:
    
    interest - The interest with the signature to check.
    
    stepCount - The number of verification steps that have been done, used to track the verification progress.
    
    onVerified - If the signature is verified, this calls onVerified(interest). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.
    
    onValidationFailed - If the signature check fails, this calls onValidationFailed.onInterestValidationFailed(interest, reason). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.
    
    Returns:
    
    the indication of next verification step, null if there is no further step.
    
    Throws:
    
    SecurityException
  - checkSigningPolicy
```
public final boolean checkSigningPolicy(Name dataName,
                                        Name certificateName)
```
    Override to always indicate that the signing certificate name and data name satisfy the signing policy.
    
    Specified by:
    
    checkSigningPolicy in class PolicyManager
    
    Parameters:
    
    dataName - The name of data to be signed.
    
    certificateName - The name of signing certificate.
    
    Returns:
    
    true to indicate that the signing certificate can be used to sign the data.
  - inferSigningIdentity
```
public final Name inferSigningIdentity(Name dataName)
```
    Infer the signing identity name according to the policy. If the signing identity cannot be inferred, return an empty name.
    
    Specified by:
    
    inferSigningIdentity in class PolicyManager
    
    Parameters:
    
    dataName - The name of data to be signed.
    
    Returns:
    
    The signing identity or an empty name if cannot infer.
  - setFriendAccess
```
public static void setFriendAccess(ConfigPolicyManager.Friend friend)
```
    Call friend.setConfigPolicyManagerFriendAccess to pass an instance of a FriendAccess class to allow a friend class to call private methods.
    
    Parameters:
    
    friend - The friend class for calling setConfigPolicyManagerFriendAccess. This uses friend.getClass() to make sure that it is a friend class. Therefore, only a friend class gets an implementation of FriendAccess.

Class ConfigPolicyManager

Nested Class Summary

Constructor Summary

Method Summary

Methods inherited from class net.named_data.jndn.security.policy.PolicyManager

Methods inherited from class java.lang.Object

Constructor Detail

ConfigPolicyManager

ConfigPolicyManager

ConfigPolicyManager

ConfigPolicyManager

ConfigPolicyManager

ConfigPolicyManager

ConfigPolicyManager

ConfigPolicyManager

ConfigPolicyManager

ConfigPolicyManager

ConfigPolicyManager

ConfigPolicyManager

Method Detail

reset

load

load

skipVerifyAndTrust

skipVerifyAndTrust

requireVerify

requireVerify

checkVerificationPolicy

checkVerificationPolicy

checkSigningPolicy

inferSigningIdentity

setFriendAccess