latest/ndn-cpp/config-policy-manager_8hpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */

 #ifndef NDN_CONFIG_POLICY_MANAGER_HPP

 #define NDN_CONFIG_POLICY_MANAGER_HPP


 #include <string>

 #include <vector>

 #include <map>

 #include "certificate-cache.hpp"

 #include "../v2/certificate-cache-v2.hpp"

 #include "policy-manager.hpp"


 // Give friend access to the tests.

 class TestVerificationRules_NameRelation_Test;

 class TestVerificationRules_SimpleRegex_Test;

 class TestVerificationRules_Hierarchical_Test;

 class TestVerificationRules_HyperRelation_Test;


 namespace ndn {


 class BoostInfoTree;

 class BoostInfoParser;

 class IdentityCertificate;


 class ConfigPolicyManager : public PolicyManager {

 public:

   ConfigPolicyManager

     (const std::string& configFileName = "",

      const ptr_lib::shared_ptr<CertificateCache>& certificateCache =

      ptr_lib::shared_ptr<CertificateCache>(), int searchDepth = 5,

      Milliseconds graceInterval = 3000, Milliseconds keyTimestampTtl = 3600000,

      int maxTrackedKeys = 1000);


   ConfigPolicyManager

     (const std::string& configFileName,

      const ptr_lib::shared_ptr<CertificateCacheV2>& certificateCache,

      int searchDepth = 5, Milliseconds graceInterval = 3000,

      Milliseconds keyTimestampTtl = 3600000, int maxTrackedKeys = 1000);


   virtual

   ~ConfigPolicyManager();


   void

   reset();


   void

   load(const std::string& configFileName);


   void

   load(const std::string& input, const std::string& inputName);


   virtual bool

   skipVerifyAndTrust(const Data& data);


   virtual bool

   skipVerifyAndTrust(const Interest& interest);


   virtual bool

   requireVerify(const Data& data);


   virtual bool

   requireVerify(const Interest& interest);


   virtual ptr_lib::shared_ptr<ValidationRequest>

   checkVerificationPolicy

     (const ptr_lib::shared_ptr<Data>& data, int stepCount,

      const OnVerified& onVerified,

      const OnDataValidationFailed& onValidationFailed);


   virtual ptr_lib::shared_ptr<ValidationRequest>

   checkVerificationPolicy

     (const ptr_lib::shared_ptr<Interest>& interest, int stepCount,

      const OnVerifiedInterest& onVerified,

      const OnInterestValidationFailed& onValidationFailed,

      WireFormat& wireFormat);


   virtual bool

   checkSigningPolicy(const Name& dataName, const Name& certificateName);


   virtual Name

   inferSigningIdentity(const Name& dataName);


 private:

   // Give friend access to the tests.

   friend TestVerificationRules_NameRelation_Test;

   friend TestVerificationRules_SimpleRegex_Test;

   friend TestVerificationRules_Hierarchical_Test;

   friend TestVerificationRules_HyperRelation_Test;


   class TrustAnchorRefreshManager {

   public:

     TrustAnchorRefreshManager(bool isSecurityV1)

     : isSecurityV1_(isSecurityV1)

     {

     }


     static ptr_lib::shared_ptr<IdentityCertificate>

     loadIdentityCertificateFromFile(const std::string& filename);


     static ptr_lib::shared_ptr<CertificateV2>

     loadCertificateV2FromFile(const std::string& filename);


     ptr_lib::shared_ptr<IdentityCertificate>

     getCertificate(Name certificateName) const;


     ptr_lib::shared_ptr<CertificateV2>

     getCertificateV2(Name certificateName) const;


     void

     addDirectory(const std::string& directoryName, Milliseconds refreshPeriod);


     void

     refreshAnchors();


   private:

     class DirectoryInfo {

     public:

       DirectoryInfo

         (const std::vector<std::string>& certificateNames,

          MillisecondsSince1970 nextRefresh, Milliseconds refreshPeriod)

       : certificateNames_(certificateNames), nextRefresh_(nextRefresh),

         refreshPeriod_(refreshPeriod)

       {

       }


       std::vector<std::string> certificateNames_;

       MillisecondsSince1970 nextRefresh_;

       Milliseconds refreshPeriod_;

     };


     bool isSecurityV1_;

     CertificateCache certificateCache_;

     CertificateCacheV2 certificateCacheV2_;

     // refreshDirectories_ maps the directory name to certificate names so they

     //   can be deleted when necessary, and the next refresh time.

     std::map<std::string, ptr_lib::shared_ptr<DirectoryInfo> > refreshDirectories_;

   };


   void

   loadTrustAnchorCertificates();


   bool

   checkSignatureMatch

     (const Name& signatureName, const Name& objectName,

      const BoostInfoTree& rule, std::string& failureReason);


   ptr_lib::shared_ptr<IdentityCertificate>

   lookupCertificate(const std::string& certID, bool isPath);


   ptr_lib::shared_ptr<CertificateV2>

   lookupCertificateV2(const std::string& certID, bool isPath);


   const BoostInfoTree*

   findMatchingRule(const Name& objName, const std::string& matchType) const;


   static bool

   matchesRelation

     (const Name& name, const Name& matchName, const std::string& matchRelation);


   static ptr_lib::shared_ptr<Signature>

   extractSignature

     (const Interest& interest, WireFormat& wireFormat,

      std::string& failureReason);


   bool

   interestTimestampIsFresh

     (const Name& keyName, MillisecondsSince1970 timestamp,

      std::string& failureReason) const;


   void

   updateTimestampForKey(const Name& keyName, MillisecondsSince1970 timestamp);


   bool

   verify

     (const Signature* signatureInfo, const SignedBlob& signedBlob,

      std::string& failureReason) const;


   ptr_lib::shared_ptr<Interest>

   getCertificateInterest

     (int stepCount, const std::string& matchType, const Name& objectName,

      const Signature* signature, std::string& failureReason);


   void

   onCertificateDownloadComplete

     (const ptr_lib::shared_ptr<Data> &data,

      const ptr_lib::shared_ptr<Data> &originalData, int stepCount,

      const OnVerified& onVerified,

      const OnDataValidationFailed& onValidationFailed);


   void

   onCertificateDownloadCompleteForInterest

     (const ptr_lib::shared_ptr<Data> &data,

      const ptr_lib::shared_ptr<Interest> &originalInterest, int stepCount,

      const OnVerifiedInterest& onVerified,

      const OnInterestValidationFailed& onValidationFailed,

      WireFormat& wireFormat);


   bool isSecurityV1_;

   ptr_lib::shared_ptr<CertificateCache> certificateCache_;

   ptr_lib::shared_ptr<CertificateCacheV2> certificateCacheV2_;

   int maxDepth_;

   Milliseconds keyGraceInterval_;

   Milliseconds keyTimestampTtl_;

   int maxTrackedKeys_;

   // fixedCertificateCache_ stores the fixed-signer certificate name associated with

   //    validation rules so we don't keep loading from files.

   std::map<std::string, std::string> fixedCertificateCache_;

   // keyTimestamps_ stores the timestamps for each public key used in command

   //   interests to avoid replay attacks.

   // key is the public key name, value is the last timestamp.

   std::map<std::string, MillisecondsSince1970> keyTimestamps_;

   ptr_lib::shared_ptr<BoostInfoParser> config_;

   bool requiresVerification_;

   ptr_lib::shared_ptr<TrustAnchorRefreshManager> refreshManager_;

 };


 }


 #endif

ndn::Milliseconds
double Milliseconds
A time interval represented as the number of milliseconds.
Definition: common.hpp:114

ndn::ConfigPolicyManager
A ConfigPolicyManager manages trust according to a configuration file in the Validator Configuration ...
Definition: config-policy-manager.hpp:61

ndn::OnVerifiedInterest
func_lib::function< void(const ptr_lib::shared_ptr< Interest > &interest)> OnVerifiedInterest
An OnVerifiedInterest function object is used to pass a callback to verifyInterest to report a succes...
Definition: validation-request.hpp:53

ndn::ConfigPolicyManager::skipVerifyAndTrust
virtual bool skipVerifyAndTrust(const Data &data)
Check if the received data packet can escape from verification and be trusted as valid.

ndn::Data
Definition: data.hpp:37

ndn::ConfigPolicyManager::reset
void reset()
Reset the certificate cache and other fields to the constructor state.

ndn::ConfigPolicyManager::requireVerify
virtual bool requireVerify(const Data &data)
Check if this PolicyManager has a verification rule for the received data.

ndn::ConfigPolicyManager::ConfigPolicyManager
ConfigPolicyManager(const std::string &configFileName="", const ptr_lib::shared_ptr< CertificateCache > &certificateCache=ptr_lib::shared_ptr< CertificateCache >(), int searchDepth=5, Milliseconds graceInterval=3000, Milliseconds keyTimestampTtl=3600000, int maxTrackedKeys=1000)
Create a new ConfigPolicyManager which will act on the rules specified in the configuration and downl...

ndn::OnVerified
func_lib::function< void(const ptr_lib::shared_ptr< Data > &data)> OnVerified
An OnVerified function object is used to pass a callback to verifyData to report a successful verific...
Definition: validation-request.hpp:33

ndn::BoostInfoTree
BoostInfoTree is provided for compatibility with the Boost INFO property list format used in ndn-cxx...
Definition: boost-info-parser.hpp:46

ndn::ConfigPolicyManager::inferSigningIdentity
virtual Name inferSigningIdentity(const Name &dataName)
Infer the signing identity name according to the policy.

ndn::ConfigPolicyManager::~ConfigPolicyManager
virtual ~ConfigPolicyManager()
The virtual destructor.

ndn::Name
A Name holds an array of Name::Component and represents an NDN name.
Definition: name.hpp:40

ndn::Signature
A Signature is an abstract base class providing methods to work with the signature information in a D...
Definition: signature.hpp:35

ndn::Interest
An Interest holds a Name and other fields for an interest.
Definition: interest.hpp:43

ndn::ConfigPolicyManager::load
void load(const std::string &configFileName)
Call reset() and load the configuration rules from the file.

ndn::ConfigPolicyManager::checkVerificationPolicy
virtual ptr_lib::shared_ptr< ValidationRequest > checkVerificationPolicy(const ptr_lib::shared_ptr< Data > &data, int stepCount, const OnVerified &onVerified, const OnDataValidationFailed &onValidationFailed)
Check whether the received data packet complies with the verification policy, and get the indication ...

ndn::MillisecondsSince1970
double MillisecondsSince1970
The calendar time represented as the number of milliseconds since 1/1/1970.
Definition: common.hpp:119

ndn::OnInterestValidationFailed
func_lib::function< void(const ptr_lib::shared_ptr< Interest > &interest, const std::string &reason)> OnInterestValidationFailed
An OnInterestValidationFailed function object is used to pass a callback to verifyInterest to report ...
Definition: validation-request.hpp:61

ndn::CertificateCacheV2
A CertificateCacheV2 holds other user's verified certificates in security v2 format CertificateV2...
Definition: certificate-cache-v2.hpp:38

ndn::ConfigPolicyManager::checkSigningPolicy
virtual bool checkSigningPolicy(const Name &dataName, const Name &certificateName)
Override to always indicate that the signing certificate name and data name satisfy the signing polic...

ndn::SignedBlob
A SignedBlob extends Blob to keep the offsets of a signed portion (e.g., the bytes of Data packet)...
Definition: signed-blob.hpp:34

ndn::WireFormat
Definition: wire-format.hpp:39

ndn::PolicyManager
A PolicyManager is an abstract base class to represent the policy for verifying data packets...
Definition: policy-manager.hpp:37

ndn::OnDataValidationFailed
func_lib::function< void(const ptr_lib::shared_ptr< Data > &data, const std::string &reason)> OnDataValidationFailed
An OnDataValidationFailed function object is used to pass a callback to verifyData to report a failed...
Definition: validation-request.hpp:41

ndn::CertificateCache
A CertificateCache is used to save other users' certificate during verification.
Definition: certificate-cache.hpp:36