Public Types | Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
ndn::security::ValidatorConfig Class Reference

Helper for validator that uses CommandInterest + Config policy and NetworkFetcher. More...

#include <ndn-cxx/security/validator-config.hpp>

+ Inheritance diagram for ndn::security::ValidatorConfig:
+ Collaboration diagram for ndn::security::ValidatorConfig:

Public Types

using Options = v2::ValidationPolicyCommandInterest::Options
 

Public Member Functions

 ValidatorConfig (std::unique_ptr< v2::CertificateFetcher > fetcher, const Options &options=Options())
 
 ValidatorConfig (Face &face, const Options &options=Options())
 
void cacheUnverifiedCert (Certificate &&cert)
 Cache unverified certificate for a period of time (5 minutes) More...
 
void cacheVerifiedCertificate (Certificate &&cert)
 Cache verified cert a period of time (1 hour) More...
 
const Certificate * findTrustedCert (const Interest &interestForCert) const
 Find a trusted certificate in trust anchor container or in verified cache. More...
 
CertificateFetcher & getFetcher ()
 
size_t getMaxDepth () const
 
ValidationPolicy & getPolicy ()
 
const TrustAnchorContainer & getTrustAnchors () const
 
const CertificateCache & getUnverifiedCertCache () const
 
const CertificateCache & getVerifiedCertCache () const
 
bool isCertKnown (const Name &certPrefix) const
 Check if certificate exists in verified, unverified cache, or in the set of trust anchors. More...
 
void load (const std::string &filename)
 
void load (const std::string &input, const std::string &filename)
 
void load (std::istream &input, const std::string &filename)
 
void load (const v2::validator_config::ConfigSection &configSection, const std::string &filename)
 
void loadAnchor (const std::string &groupId, Certificate &&cert)
 load static trust anchor. More...
 
void loadAnchor (const std::string &groupId, const std::string &certfilePath, time::nanoseconds refreshPeriod, bool isDir=false)
 load dynamic trust anchors. More...
 
void resetAnchors ()
 remove any previously loaded static or dynamic trust anchor More...
 
void resetVerifiedCertificates ()
 Remove any cached verified certificates. More...
 
void setMaxDepth (size_t depth)
 Set the maximum depth of the certificate chain. More...
 
void validate (const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb)
 Asynchronously validate data. More...
 
void validate (const Interest &interest, const InterestValidationSuccessCallback &successCb, const InterestValidationFailureCallback &failureCb)
 Asynchronously validate interest. More...
 

Protected Member Functions

void cacheVerifiedCert (Certificate &&cert)
 Cache verified certificate a period of time (1 hour) More...
 
void resetVerifiedCerts ()
 Remove any cached verified certificates. More...
 

Protected Attributes

TrustAnchorContainer m_trustAnchors
 
CertificateCache m_unverifiedCertCache
 
CertificateCache m_verifiedCertCache
 

Detailed Description

Helper for validator that uses CommandInterest + Config policy and NetworkFetcher.

Definition at line 35 of file validator-config.hpp.

Member Typedef Documentation

◆ Options

using ndn::security::ValidatorConfig::Options = v2::ValidationPolicyCommandInterest::Options

Definition at line 39 of file validator-config.hpp.

Constructor & Destructor Documentation

◆ ValidatorConfig() [1/2]

ndn::security::ValidatorConfig::ValidatorConfig ( std::unique_ptr< v2::CertificateFetcher fetcher,
const Options options = Options() 
)
explicit

Definition at line 28 of file validator-config.cpp.

◆ ValidatorConfig() [2/2]

ndn::security::ValidatorConfig::ValidatorConfig ( Face face,
const Options options = Options() 
)
explicit

Definition at line 36 of file validator-config.cpp.

Member Function Documentation

◆ cacheUnverifiedCert()

void ndn::security::v2::CertificateStorage::cacheUnverifiedCert ( Certificate &&  cert)
inherited

Cache unverified certificate for a period of time (5 minutes)

Parameters
certThe certificate packet
Todo:
Add ability to customize time period

Definition at line 86 of file certificate-storage.cpp.

◆ cacheVerifiedCert()

void ndn::security::v2::CertificateStorage::cacheVerifiedCert ( Certificate &&  cert)
protectedinherited

Cache verified certificate a period of time (1 hour)

Parameters
certThe certificate packet
Todo:
Add ability to customize time period

Definition at line 74 of file certificate-storage.cpp.

◆ cacheVerifiedCertificate()

void ndn::security::v2::Validator::cacheVerifiedCertificate ( Certificate &&  cert)
inherited

Cache verified cert a period of time (1 hour)

Todo:
Add ability to customize time period

Definition at line 204 of file validator.cpp.

◆ findTrustedCert()

const Certificate * ndn::security::v2::CertificateStorage::findTrustedCert ( const Interest interestForCert) const
inherited

Find a trusted certificate in trust anchor container or in verified cache.

Parameters
interestForCertInterest for certificate
Returns
found certificate, nullptr if not found.
Note
The returned pointer may get invalidated after next findTrustedCert or findCert calls.

Definition at line 35 of file certificate-storage.cpp.

◆ getFetcher()

CertificateFetcher & ndn::security::v2::Validator::getFetcher ( )
inherited

Definition at line 57 of file validator.cpp.

◆ getMaxDepth()

size_t ndn::security::v2::Validator::getMaxDepth ( ) const
inherited
Returns
The maximum depth of the certificate chain

Definition at line 69 of file validator.cpp.

◆ getPolicy()

ValidationPolicy & ndn::security::v2::Validator::getPolicy ( )
inherited

Definition at line 51 of file validator.cpp.

◆ getTrustAnchors()

const TrustAnchorContainer & ndn::security::v2::CertificateStorage::getTrustAnchors ( ) const
inherited
Returns
Trust anchor container

Definition at line 92 of file certificate-storage.cpp.

◆ getUnverifiedCertCache()

const CertificateCache & ndn::security::v2::CertificateStorage::getUnverifiedCertCache ( ) const
inherited
Returns
Unverified certificate cache

Definition at line 104 of file certificate-storage.cpp.

◆ getVerifiedCertCache()

const CertificateCache & ndn::security::v2::CertificateStorage::getVerifiedCertCache ( ) const
inherited
Returns
Verified certificate cache

Definition at line 98 of file certificate-storage.cpp.

◆ isCertKnown()

bool ndn::security::v2::CertificateStorage::isCertKnown ( const Name certPrefix) const
inherited

Check if certificate exists in verified, unverified cache, or in the set of trust anchors.

Definition at line 47 of file certificate-storage.cpp.

◆ load() [1/4]

void ndn::security::ValidatorConfig::load ( const std::string &  filename)

Definition at line 42 of file validator-config.cpp.

◆ load() [2/4]

void ndn::security::ValidatorConfig::load ( const std::string &  input,
const std::string &  filename 
)

Definition at line 48 of file validator-config.cpp.

◆ load() [3/4]

void ndn::security::ValidatorConfig::load ( std::istream &  input,
const std::string &  filename 
)

Definition at line 54 of file validator-config.cpp.

◆ load() [4/4]

void ndn::security::ValidatorConfig::load ( const v2::validator_config::ConfigSection configSection,
const std::string &  filename 
)

Definition at line 60 of file validator-config.cpp.

◆ loadAnchor() [1/2]

void ndn::security::v2::Validator::loadAnchor ( const std::string &  groupId,
Certificate &&  cert 
)
inherited

load static trust anchor.

Static trust anchors are permanently associated with the validator and never expire.

Parameters
groupIdCertificate group id.
certCertificate to load as a trust anchor.

Definition at line 185 of file validator.cpp.

◆ loadAnchor() [2/2]

void ndn::security::v2::Validator::loadAnchor ( const std::string &  groupId,
const std::string &  certfilePath,
time::nanoseconds  refreshPeriod,
bool  isDir = false 
)
inherited

load dynamic trust anchors.

Dynamic trust anchors are associated with the validator for as long as the underlying trust anchor file (set of files) exist(s).

Parameters
groupIdCertificate group id, must not be empty.
certfilePathSpecifies the path to load the trust anchors.
refreshPeriodRefresh period for the trust anchors, must be positive.
isDirTells whether the path is a directory or a single file.

Definition at line 191 of file validator.cpp.

◆ resetAnchors()

void ndn::security::v2::Validator::resetAnchors ( )
inherited

remove any previously loaded static or dynamic trust anchor

Definition at line 198 of file validator.cpp.

◆ resetVerifiedCertificates()

void ndn::security::v2::Validator::resetVerifiedCertificates ( )
inherited

Remove any cached verified certificates.

Definition at line 210 of file validator.cpp.

◆ resetVerifiedCerts()

void ndn::security::v2::CertificateStorage::resetVerifiedCerts ( )
protectedinherited

Remove any cached verified certificates.

Definition at line 80 of file certificate-storage.cpp.

◆ setMaxDepth()

void ndn::security::v2::Validator::setMaxDepth ( size_t  depth)
inherited

Set the maximum depth of the certificate chain.

Definition at line 63 of file validator.cpp.

◆ validate() [1/2]

void ndn::security::v2::Validator::validate ( const Data data,
const DataValidationSuccessCallback successCb,
const DataValidationFailureCallback failureCb 
)
inherited

Asynchronously validate data.

Note
successCb and failureCb must not be nullptr

Definition at line 75 of file validator.cpp.

◆ validate() [2/2]

void ndn::security::v2::Validator::validate ( const Interest interest,
const InterestValidationSuccessCallback successCb,
const InterestValidationFailureCallback failureCb 
)
inherited

Asynchronously validate interest.

Note
successCb and failureCb must not be nullptr

Definition at line 95 of file validator.cpp.

Member Data Documentation

◆ m_trustAnchors

TrustAnchorContainer ndn::security::v2::CertificateStorage::m_trustAnchors
protectedinherited

Definition at line 134 of file certificate-storage.hpp.

◆ m_unverifiedCertCache

CertificateCache ndn::security::v2::CertificateStorage::m_unverifiedCertCache
protectedinherited

Definition at line 136 of file certificate-storage.hpp.

◆ m_verifiedCertCache

CertificateCache ndn::security::v2::CertificateStorage::m_verifiedCertCache
protectedinherited

Definition at line 135 of file certificate-storage.hpp.