a validator for stop-and-wait command Interests More...

#include <command-interest-validator.hpp>

Inheritance diagram for ndn::security::CommandInterestValidator:

Collaboration diagram for ndn::security::CommandInterestValidator:

Classes
class	Options

Public Types
enum	ErrorCode { ErrorCode::NONE = 0, ErrorCode::NAME_TOO_SHORT, ErrorCode::BAD_TIMESTAMP, ErrorCode::BAD_SIG_INFO, ErrorCode::MISSING_KEY_LOCATOR, ErrorCode::BAD_KEY_LOCATOR_TYPE, ErrorCode::BAD_CERT_NAME, ErrorCode::TIMESTAMP_OUT_OF_GRACE, ErrorCode::TIMESTAMP_REORDER }
	error codes More...

Public Member Functions
	CommandInterestValidator (unique_ptr< Validator > inner, const Options &options=Options())
	constructor More...

void	setDirectCertFetchEnabled (bool isEnabled)
	Enable or disable the direct certificate fetch feature. More...

void	validate (const Data &data, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed)
	Validate Data and call either onValidated or onValidationFailed. More...

void	validate (const Interest &interest, const OnInterestValidated &onValidated, const OnInterestValidationFailed &onValidationFailed)
	Validate Interest and call either onValidated or onValidationFailed. More...

Static Public Member Functions
static bool	verifySignature (const Data &data, const v1::PublicKey &publicKey)
	Verify the data using the publicKey. More...

static bool	verifySignature (const Interest &interest, const v1::PublicKey &publicKey)
	Verify the signed Interest using the publicKey. More...

static bool	verifySignature (const Buffer &blob, const Signature &sig, const v1::PublicKey &publicKey)
	Verify the blob using the publicKey against the signature. More...

static bool	verifySignature (const Data &data, const Signature &sig, const v1::PublicKey &publicKey)
	Verify the data using the publicKey against the SHA256-RSA signature. More...

static bool	verifySignature (const Interest &interest, const Signature &sig, const v1::PublicKey &publicKey)
	Verify the interest using the publicKey against the SHA256-RSA signature. More...

static bool	verifySignature (const uint8_t *buf, const size_t size, const Signature &sig, const v1::PublicKey &publicKey)
	Verify the blob using the publicKey against the SHA256-RSA signature. More...

static bool	verifySignature (const Data &data, const DigestSha256 &sig)
	Verify the data against the SHA256 signature. More...

static bool	verifySignature (const Interest &interest, const DigestSha256 &sig)
	Verify the interest against the SHA256 signature. More...

static bool	verifySignature (const Buffer &blob, const DigestSha256 &sig)
	Verify the blob against the SHA256 signature. More...

static bool	verifySignature (const uint8_t *buf, const size_t size, const DigestSha256 &sig)
	Verify the blob against the SHA256 signature. More...

Protected Types
typedef function< void(const std::string &)>	OnFailure

Protected Member Functions
virtual void	afterCheckPolicy (const std::vector< shared_ptr< ValidationRequest >> &nextSteps, const OnFailure &onFailure)
	trigger after checkPolicy is done. More...

void	checkPolicy (const Interest &interest, int nSteps, const OnInterestValidated &accept, const OnInterestValidationFailed &reject, std::vector< shared_ptr< ValidationRequest >> &nextSteps) override
	validate command Interest More...

void	checkPolicy (const Data &data, int nSteps, const OnDataValidated &accept, const OnDataValidationFailed &reject, std::vector< shared_ptr< ValidationRequest >> &nextSteps) override
	validate Data More...

void	onData (const Interest &interest, const Data &data, const shared_ptr< ValidationRequest > &nextStep)
	Process the received certificate. More...

virtual void	onNack (const Interest &interest, const lp::Nack &nack, int nRemainingRetries, const OnFailure &onFailure, const shared_ptr< ValidationRequest > &validationRequest)
	trigger when interest retrieves a Nack. More...

virtual void	onTimeout (const Interest &interest, int nRemainingRetries, const OnFailure &onFailure, const shared_ptr< ValidationRequest > &validationRequest)
	trigger when interest for certificate times out. More...

virtual shared_ptr< const Data >	preCertificateValidation (const Data &data)
	Hooks. More...

void	validate (const Data &data, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed, int nSteps)

void	validate (const Interest &interest, const OnInterestValidated &onValidated, const OnInterestValidationFailed &onValidationFailed, int nSteps)

Protected Attributes
Face *	m_face

bool	m_wantDirectCertFetch

Detailed Description

a validator for stop-and-wait command Interests

See also: https://redmine.named-data.net/projects/ndn-cxx/wiki/CommandInterest

This validator checks timestamp field of a stop-and-wait command Interest. Signed Interest validation and Data validation requests are delegated to an inner validator.

Definition at line 40 of file command-interest-validator.hpp.

Member Typedef Documentation

typedef function<void(const std::string&)> ndn::security::Validator::OnFailure

protectedinherited

Definition at line 260 of file validator.hpp.

Member Enumeration Documentation

enum ndn::security::CommandInterestValidator::ErrorCode

strong

error codes

Todo:: #1872 assign numeric codes to these errors

Enumerator
NONE
NAME_TOO_SHORT
BAD_TIMESTAMP
BAD_SIG_INFO
MISSING_KEY_LOCATOR
BAD_KEY_LOCATOR_TYPE
BAD_CERT_NAME
TIMESTAMP_OUT_OF_GRACE
TIMESTAMP_REORDER

Definition at line 96 of file command-interest-validator.hpp.

Constructor & Destructor Documentation

ndn::security::CommandInterestValidator::CommandInterestValidator	(	unique_ptr< Validator >	inner,
		const Options &	options = `Options()`
	)

explicit

constructor

Parameters

inner	a Validator for signed Interest signature validation and Data validation; this must not be nullptr
options	stop-and-wait command Interest validation options

Exceptions

std::invalid inner is nullptr

Definition at line 61 of file command-interest-validator.cpp.

Member Function Documentation

void ndn::security::Validator::afterCheckPolicy	(	const std::vector< shared_ptr< ValidationRequest >> &	nextSteps,
		const OnFailure &	onFailure
	)

protectedvirtualinherited

trigger after checkPolicy is done.

Validator can decide how to handle the set of validation requests according to the trust model.

Parameters

nextSteps	A set of validation request made by checkPolicy.
onFailure	Failure callback when errors happen in processing nextSteps.

Definition at line 303 of file validator.cpp.

void ndn::security::CommandInterestValidator::checkPolicy	(	const Interest &	interest,
		int	nSteps,
		const OnInterestValidated &	accept,
		const OnInterestValidationFailed &	reject,
		std::vector< shared_ptr< ValidationRequest >> &	nextSteps
	)

overrideprotectedvirtual

validate command Interest

This function executes the following validation procedure:

parse the Interest as a command Interest, and extract the public key name
invoke inner validation to verify the signed Interest
classify the command Interest as either initial or subsequent, and check the timestamp accordingly
record the timestamp as last timestamp of the public key name

The validation request is rejected if any step in this procedure fails.

Implements ndn::security::Validator.

Definition at line 76 of file command-interest-validator.cpp.

void ndn::security::CommandInterestValidator::checkPolicy	(	const Data &	data,
		int	nSteps,
		const OnDataValidated &	accept,
		const OnDataValidationFailed &	reject,
		std::vector< shared_ptr< ValidationRequest >> &	nextSteps
	)

overrideprotectedvirtual

validate Data

The validation request is redirected to the inner validator.

Implements ndn::security::Validator.

Definition at line 197 of file command-interest-validator.cpp.

void ndn::security::Validator::onData	(	const Interest &	interest,
		const Data &	data,
		const shared_ptr< ValidationRequest > &	nextStep
	)

protectedinherited

Process the received certificate.

Definition at line 88 of file validator.cpp.

void ndn::security::Validator::onNack	(	const Interest &	interest,
		const lp::Nack &	nack,
		int	nRemainingRetries,
		const OnFailure &	onFailure,
		const shared_ptr< ValidationRequest > &	validationRequest
	)

protectedvirtualinherited

trigger when interest retrieves a Nack.

Validator can decide how to handle a Nack, either call onFailure, or retry.

Parameters

interest	The interest that retrieves a Nack.
nack	The Nack that is retrieved.
nRemainingRetries	The number of retries left.
onFailure	Failure callback when there is no more retries remaining.
validationRequest	The validationRequest containing the context of the interest.

Definition at line 256 of file validator.cpp.

void ndn::security::Validator::onTimeout	(	const Interest &	interest,
		int	nRemainingRetries,
		const OnFailure &	onFailure,
		const shared_ptr< ValidationRequest > &	validationRequest
	)

protectedvirtualinherited

trigger when interest for certificate times out.

Validator can decide how to handle the timeout, either call onFailure, or retry.

Parameters

interest	The interest that times out.
nRemainingRetries	The number of retries left.
onFailure	Failure callback when there is no more retries remaining.
validationRequest	The validationRequest containing the context of the interest.

Definition at line 280 of file validator.cpp.

virtual shared_ptr<const Data> ndn::security::Validator::preCertificateValidation ( const Data & data )

inlineprotectedvirtualinherited

Hooks.

trigger before validating requested certificate.

The Data:

matches the interest in the validation-request.
may be certificate or a data encapsulating certificate.

This method returns a data (actually certificate) that is will be passed as Data into: Validator::validate(const Data& data, const OnDataValidated& onValidated, const OnDataValidationFailed& onValidationFailed, int nSteps);

Definition at line 296 of file validator.hpp.

void ndn::security::Validator::setDirectCertFetchEnabled ( bool isEnabled )

inherited

Enable or disable the direct certificate fetch feature.

When enabled, the validator will attempt to fetch the certificate that signs an Interest from the sender of that Interest, as identified by IncomingFaceId field, in addition to fetching from the infrastructure.

Prior to enabling this feature, the application must enable NextHopFaceId privilege on the face used by this validator.

Note: Current implementation can only fetch the Interest signer certificate from the Interest sender; the issuer certificate of that certificate is only fetched from the infrastructure.; Currently, this feature can only be used with ValidatorConfig.

Parameters

isEnabled Set true to enable the feature or false to disable.

Definition at line 330 of file validator.cpp.

void ndn::security::Validator::validate	(	const Data &	data,
		const OnDataValidated &	onValidated,
		const OnDataValidationFailed &	onValidationFailed
	)

inlineinherited

Validate Data and call either onValidated or onValidationFailed.

Parameters

data	The Data with the signature to check.
onValidated	If the Data is validated, this calls onValidated(data).
onValidationFailed	If validation fails, this calls onValidationFailed(data).

Definition at line 78 of file validator.hpp.

void ndn::security::Validator::validate	(	const Interest &	interest,
		const OnInterestValidated &	onValidated,
		const OnInterestValidationFailed &	onValidationFailed
	)

inlineinherited

Validate Interest and call either onValidated or onValidationFailed.

Parameters

interest	The Interest with the signature to check.
onValidated	If the Interest is validated, this calls onValidated(interest).
onValidationFailed	If validation fails, this calls onValidationFailed(interest).

Definition at line 93 of file validator.hpp.

void ndn::security::Validator::validate	(	const Data &	data,
		const OnDataValidated &	onValidated,
		const OnDataValidationFailed &	onValidationFailed,
		int	nSteps
	)

protectedinherited

Definition at line 68 of file validator.cpp.

void ndn::security::Validator::validate	(	const Interest &	interest,
		const OnInterestValidated &	onValidated,
		const OnInterestValidationFailed &	onValidationFailed,
		int	nSteps
	)

protectedinherited

Definition at line 48 of file validator.cpp.

bool ndn::security::Validator::verifySignature	(	const Data &	data,
		const v1::PublicKey &	publicKey
	)

staticinherited

Verify the data using the publicKey.

Definition at line 104 of file validator.cpp.

bool ndn::security::Validator::verifySignature	(	const Interest &	interest,
		const v1::PublicKey &	publicKey
	)

staticinherited

Verify the signed Interest using the publicKey.

(Note the signature covers the first n-2 name components).

Definition at line 116 of file validator.cpp.

static bool ndn::security::Validator::verifySignature	(	const Buffer &	blob,
		const Signature &	sig,
		const v1::PublicKey &	publicKey
	)

inlinestaticinherited

Verify the blob using the publicKey against the signature.

Definition at line 139 of file validator.hpp.

static bool ndn::security::Validator::verifySignature	(	const Data &	data,
		const Signature &	sig,
		const v1::PublicKey &	publicKey
	)

inlinestaticinherited

Verify the data using the publicKey against the SHA256-RSA signature.

Definition at line 146 of file validator.hpp.

static bool ndn::security::Validator::verifySignature	(	const Interest &	interest,
		const Signature &	sig,
		const v1::PublicKey &	publicKey
	)

inlinestaticinherited

Verify the interest using the publicKey against the SHA256-RSA signature.

(Note the signature covers the first n-2 name components).

Definition at line 160 of file validator.hpp.

bool ndn::security::Validator::verifySignature	(	const uint8_t *	buf,
		const size_t	size,
		const Signature &	sig,
		const v1::PublicKey &	publicKey
	)

staticinherited

Verify the blob using the publicKey against the SHA256-RSA signature.

Definition at line 142 of file validator.cpp.

static bool ndn::security::Validator::verifySignature	(	const Data &	data,
		const DigestSha256 &	sig
	)

inlinestaticinherited

Verify the data against the SHA256 signature.

Definition at line 184 of file validator.hpp.

static bool ndn::security::Validator::verifySignature	(	const Interest &	interest,
		const DigestSha256 &	sig
	)

inlinestaticinherited

Verify the interest against the SHA256 signature.

(Note the signature covers the first n-2 name components).

Definition at line 197 of file validator.hpp.

static bool ndn::security::Validator::verifySignature	(	const Buffer &	blob,
		const DigestSha256 &	sig
	)

inlinestaticinherited

Verify the blob against the SHA256 signature.

Definition at line 211 of file validator.hpp.

bool ndn::security::Validator::verifySignature	(	const uint8_t *	buf,
		const size_t	size,
		const DigestSha256 &	sig
	)

staticinherited

Verify the blob against the SHA256 signature.

Definition at line 234 of file validator.cpp.

Member Data Documentation

Face* ndn::security::Validator::m_face

protectedinherited

Definition at line 349 of file validator.hpp.

bool ndn::security::Validator::m_wantDirectCertFetch

protectedinherited

Definition at line 350 of file validator.hpp.

ndn-cxx: NDN C++ library with eXperimental eXtensions 0.5.1-156-g0daa92b documentation

Classes

Public Types

Public Member Functions

Static Public Member Functions

Protected Types

Protected Member Functions

Protected Attributes

Detailed Description

Member Typedef Documentation

Member Enumeration Documentation

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation