Validation state. More...
#include <validation-state.hpp>
Public Member Functions | |
ValidationState () | |
Create validation state. More... | |
virtual | ~ValidationState () |
void | addCertificate (const Certificate &cert) |
Add cert to the top of the certificate chain. More... | |
virtual void | fail (const ValidationError &error)=0 |
Call the failure callback. More... | |
size_t | getDepth () const |
boost::logic::tribool | getOutcome () const |
template<typename T > | |
shared_ptr< T > | getTag () const |
get a tag item More... | |
bool | hasSeenCertificateName (const Name &certName) |
Check if certName has been previously seen and record the supplied name. More... | |
template<typename T > | |
void | removeTag () const |
remove tag item More... | |
template<typename T > | |
void | setTag (shared_ptr< T > tag) const |
set a tag item More... | |
Protected Attributes | |
boost::logic::tribool | m_outcome |
Friends | |
class | Validator |
Validation state.
One instance of the validation state is kept for the validation of the whole certificate chain.
The state collects the certificate chain that adheres to the selected validation policy to validate data or interest packets. Certificate, data, and interest packet signatures are verified only after the validator determines that the chain terminates with a trusted certificate (a trusted anchor or a previously validated certificate). This model allows filtering out invalid certificate chains without incurring (costly) cryptographic signature verification overhead and mitigates some forms of denial-of-service attacks.
Validation policy and/or key fetcher may add custom information associated with the validation state using tags (
Definition at line 58 of file validation-state.hpp.
ndn::security::v2::ValidationState::ValidationState | ( | ) |
Create validation state.
Definition at line 36 of file validation-state.cpp.
|
virtual |
Definition at line 41 of file validation-state.cpp.
void ndn::security::v2::ValidationState::addCertificate | ( | const Certificate & | cert | ) |
Add cert
to the top of the certificate chain.
If m_certificateChain is empty, cert
should be the signer of the original packet. If m_certificateChain is not empty, cert
should be the signer of m_certificateChain.front().
Definition at line 60 of file validation-state.cpp.
|
pure virtual |
Call the failure callback.
Implemented in ndn::security::v2::InterestValidationState, and ndn::security::v2::DataValidationState.
size_t ndn::security::v2::ValidationState::getDepth | ( | ) | const |
Definition at line 48 of file validation-state.cpp.
|
inline |
Definition at line 70 of file validation-state.hpp.
|
inlineinherited |
get a tag item
T | type of the tag, which must be a subclass of ndn::Tag |
nullptr | if no Tag of type T is stored |
Definition at line 67 of file tag-host.hpp.
bool ndn::security::v2::ValidationState::hasSeenCertificateName | ( | const Name & | certName | ) |
Check if certName
has been previously seen and record the supplied name.
Definition at line 54 of file validation-state.cpp.
|
inlineinherited |
remove tag item
Definition at line 94 of file tag-host.hpp.
|
inlineinherited |
set a tag item
T | type of the tag, which must be a subclass of ndn::Tag |
Definition at line 80 of file tag-host.hpp.
|
friend |
Definition at line 152 of file validation-state.hpp.
|
protected |
Definition at line 139 of file validation-state.hpp.