Validation state. More...
#include <ndn-cxx/security/validation-state.hpp>
Public Member Functions | |
virtual | ~ValidationState () |
void | addCertificate (const Certificate &cert) |
Add cert to the top of the certificate chain. More... | |
virtual void | fail (const ValidationError &error)=0 |
Call the failure callback. More... | |
size_t | getDepth () const noexcept |
boost::logic::tribool | getOutcome () const noexcept |
template<typename T > | |
shared_ptr< T > | getTag () const |
Get a tag item. More... | |
bool | hasSeenCertificateName (const Name &certName) |
Check if certName has been previously seen and record the supplied name. More... | |
template<typename T > | |
void | removeTag () const |
Remove a tag item. More... | |
template<typename T > | |
void | setTag (shared_ptr< T > tag) const |
Set (add or replace) a tag item. More... | |
Protected Attributes | |
boost::logic::tribool | m_outcome {boost::logic::indeterminate} |
Validation state.
One instance of the validation state is kept for the validation of the whole certificate chain.
The state collects the certificate chain that adheres to the selected validation policy to validate data or interest packets. Certificate, data, and interest packet signatures are verified only after the validator determines that the chain terminates with a trusted certificate (a trusted anchor or a previously validated certificate). This model allows filtering out invalid certificate chains without incurring (costly) cryptographic signature verification overhead and mitigates some forms of denial-of-service attacks.
Validation policy and/or key fetcher may add custom information associated with the validation state using tags (
Definition at line 59 of file validation-state.hpp.
|
virtual |
Definition at line 36 of file validation-state.cpp.
void ndn::security::v2::ValidationState::addCertificate | ( | const Certificate & | cert | ) |
Add cert
to the top of the certificate chain.
If m_certificateChain is empty, cert
should be the signer of the original packet. If m_certificateChain is not empty, cert
should be the signer of m_certificateChain.front().
Definition at line 49 of file validation-state.cpp.
|
pure virtual |
Call the failure callback.
Implemented in ndn::security::v2::InterestValidationState, and ndn::security::v2::DataValidationState.
|
inlinenoexcept |
Definition at line 81 of file validation-state.hpp.
|
inlinenoexcept |
Definition at line 66 of file validation-state.hpp.
|
inherited |
Get a tag item.
T | type of the tag, which must be a subclass of ndn::Tag |
nullptr | if no Tag of type T is stored |
Definition at line 67 of file tag-host.hpp.
bool ndn::security::v2::ValidationState::hasSeenCertificateName | ( | const Name & | certName | ) |
Check if certName
has been previously seen and record the supplied name.
Definition at line 43 of file validation-state.cpp.
|
inherited |
Remove a tag item.
Definition at line 94 of file tag-host.hpp.
|
inherited |
Set (add or replace) a tag item.
T | type of the tag, which must be a subclass of ndn::Tag |
Definition at line 80 of file tag-host.hpp.
|
protected |
Definition at line 140 of file validation-state.hpp.