Interface for validating data and interest packets. More...
#include <ndn-cxx/security/validator.hpp>
Inheritance diagram for ndn::security::v2::Validator: Collaboration diagram for ndn::security::v2::Validator:Public Member Functions | |
| Validator (unique_ptr< ValidationPolicy > policy, unique_ptr< CertificateFetcher > certFetcher) | |
| Validator constructor. More... | |
| ~Validator () | |
| void | cacheUnverifiedCert (Certificate &&cert) |
| Cache unverified certificate for a period of time (5 minutes) More... | |
| void | cacheVerifiedCertificate (Certificate &&cert) |
Cache verified cert a period of time (1 hour) More... | |
| const Certificate * | findTrustedCert (const Interest &interestForCert) const |
| Find a trusted certificate in trust anchor container or in verified cache. More... | |
| CertificateFetcher & | getFetcher () |
| size_t | getMaxDepth () const |
| ValidationPolicy & | getPolicy () |
| const TrustAnchorContainer & | getTrustAnchors () const |
| const CertificateCache & | getUnverifiedCertCache () const |
| const CertificateCache & | getVerifiedCertCache () const |
| bool | isCertKnown (const Name &certPrefix) const |
| Check if certificate exists in verified, unverified cache, or in the set of trust anchors. More... | |
| void | loadAnchor (const std::string &groupId, Certificate &&cert) |
| load static trust anchor. More... | |
| void | loadAnchor (const std::string &groupId, const std::string &certfilePath, time::nanoseconds refreshPeriod, bool isDir=false) |
| load dynamic trust anchors. More... | |
| void | resetAnchors () |
| remove any previously loaded static or dynamic trust anchor More... | |
| void | resetVerifiedCertificates () |
| Remove any cached verified certificates. More... | |
| void | setMaxDepth (size_t depth) |
| Set the maximum depth of the certificate chain. More... | |
| void | validate (const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb) |
Asynchronously validate data. More... | |
| void | validate (const Interest &interest, const InterestValidationSuccessCallback &successCb, const InterestValidationFailureCallback &failureCb) |
Asynchronously validate interest. More... | |
Protected Member Functions | |
| void | cacheVerifiedCert (Certificate &&cert) |
| Cache verified certificate a period of time (1 hour) More... | |
| void | resetVerifiedCerts () |
| Remove any cached verified certificates. More... | |
Protected Attributes | |
| TrustAnchorContainer | m_trustAnchors |
| CertificateCache | m_unverifiedCertCache |
| CertificateCache | m_verifiedCertCache |
Interface for validating data and interest packets.
Every time a validation process initiated, it creates a ValidationState that exist until validation finishes with either success or failure. This state serves several purposes:
During validation, policy and/or key fetcher can augment validation state with policy- and fetcher-specific information using ndn::Tag's.
A validator has a trust anchor cache to save static and dynamic trust anchors, a verified certificate cache for saving certificates that are already verified and an unverified certificate cache for saving prefetched but not yet verified certificates.
Limit the maximum time the validation process is allowed to run before declaring failure
Ability to customize maximum lifetime for trusted and untrusted certificate caches. Current implementation hard-codes them to be 1 hour and 5 minutes.
Definition at line 61 of file validator.hpp.
| Validator::Validator | ( | unique_ptr< ValidationPolicy > | policy, |
| unique_ptr< CertificateFetcher > | certFetcher | ||
| ) |
Validator constructor.
| policy | Validation policy to be associated with the validator |
| certFetcher | Certificate fetcher implementation. |
Definition at line 37 of file validator.cpp.
|
default |
|
inherited |
Cache unverified certificate for a period of time (5 minutes)
| cert | The certificate packet |
Definition at line 86 of file certificate-storage.cpp.
|
protectedinherited |
Cache verified certificate a period of time (1 hour)
| cert | The certificate packet |
Definition at line 74 of file certificate-storage.cpp.
| void Validator::cacheVerifiedCertificate | ( | Certificate && | cert | ) |
Cache verified cert a period of time (1 hour)
Definition at line 208 of file validator.cpp.
|
inherited |
Find a trusted certificate in trust anchor container or in verified cache.
| interestForCert | Interest for certificate |
Definition at line 35 of file certificate-storage.cpp.
| CertificateFetcher & Validator::getFetcher | ( | ) |
Definition at line 57 of file validator.cpp.
| size_t Validator::getMaxDepth | ( | ) | const |
Definition at line 69 of file validator.cpp.
| ValidationPolicy & Validator::getPolicy | ( | ) |
Definition at line 51 of file validator.cpp.
|
inherited |
Definition at line 92 of file certificate-storage.cpp.
|
inherited |
Definition at line 104 of file certificate-storage.cpp.
|
inherited |
Definition at line 98 of file certificate-storage.cpp.
|
inherited |
Check if certificate exists in verified, unverified cache, or in the set of trust anchors.
Definition at line 47 of file certificate-storage.cpp.
| void Validator::loadAnchor | ( | const std::string & | groupId, |
| Certificate && | cert | ||
| ) |
load static trust anchor.
Static trust anchors are permanently associated with the validator and never expire.
| groupId | Certificate group id. |
| cert | Certificate to load as a trust anchor. |
Definition at line 189 of file validator.cpp.
| void Validator::loadAnchor | ( | const std::string & | groupId, |
| const std::string & | certfilePath, | ||
| time::nanoseconds | refreshPeriod, | ||
| bool | isDir = false |
||
| ) |
load dynamic trust anchors.
Dynamic trust anchors are associated with the validator for as long as the underlying trust anchor file (set of files) exist(s).
| groupId | Certificate group id, must not be empty. |
| certfilePath | Specifies the path to load the trust anchors. |
| refreshPeriod | Refresh period for the trust anchors, must be positive. |
| isDir | Tells whether the path is a directory or a single file. |
Definition at line 195 of file validator.cpp.
| void Validator::resetAnchors | ( | ) |
remove any previously loaded static or dynamic trust anchor
Definition at line 202 of file validator.cpp.
| void Validator::resetVerifiedCertificates | ( | ) |
Remove any cached verified certificates.
Definition at line 214 of file validator.cpp.
|
protectedinherited |
Remove any cached verified certificates.
Definition at line 80 of file certificate-storage.cpp.
| void Validator::setMaxDepth | ( | size_t | depth | ) |
Set the maximum depth of the certificate chain.
Definition at line 63 of file validator.cpp.
| void Validator::validate | ( | const Data & | data, |
| const DataValidationSuccessCallback & | successCb, | ||
| const DataValidationFailureCallback & | failureCb | ||
| ) |
Asynchronously validate data.
successCb and failureCb must not be nullptr Definition at line 75 of file validator.cpp.
| void Validator::validate | ( | const Interest & | interest, |
| const InterestValidationSuccessCallback & | successCb, | ||
| const InterestValidationFailureCallback & | failureCb | ||
| ) |
Asynchronously validate interest.
successCb and failureCb must not be nullptr Definition at line 95 of file validator.cpp.
|
protectedinherited |
Definition at line 134 of file certificate-storage.hpp.
|
protectedinherited |
Definition at line 136 of file certificate-storage.hpp.
|
protectedinherited |
Definition at line 135 of file certificate-storage.hpp.
1.8.13