Interface for validating data and interest packets. More...
#include <ndn-cxx/security/validator.hpp>
Public Member Functions | |
Validator (unique_ptr< ValidationPolicy > policy, unique_ptr< CertificateFetcher > certFetcher) | |
Validator constructor. More... | |
~Validator () noexcept | |
void | cacheUnverifiedCert (Certificate &&cert) |
Cache unverified certificate for a period of time (5 minutes). More... | |
void | cacheVerifiedCertificate (Certificate &&cert) |
Cache verified cert a period of time (1 hour). More... | |
const Certificate * | findTrustedCert (const Interest &interestForCert) const |
Find a trusted certificate in trust anchor container or in verified cache. More... | |
CertificateFetcher & | getFetcher () const noexcept |
size_t | getMaxDepth () const noexcept |
Return the maximum depth of the certificate chain. More... | |
ValidationPolicy & | getPolicy () const noexcept |
const TrustAnchorContainer & | getTrustAnchors () const |
const CertificateCache & | getUnverifiedCertCache () const |
const CertificateCache & | getVerifiedCertCache () const |
bool | isCertKnown (const Name &certPrefix) const |
Check if certificate exists in the verified/unverified cache or in the set of trust anchors. More... | |
void | loadAnchor (const std::string &groupId, Certificate &&cert) |
Load static trust anchor. More... | |
void | loadAnchor (const std::string &groupId, const std::string &certfilePath, time::nanoseconds refreshPeriod, bool isDir=false) |
Load dynamic trust anchors. More... | |
void | resetAnchors () |
Remove any previously loaded static or dynamic trust anchor. More... | |
void | resetVerifiedCertificates () |
Remove any cached verified certificates. More... | |
void | setMaxDepth (size_t depth) noexcept |
Set the maximum depth of the certificate chain. More... | |
void | validate (const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb) |
Asynchronously validate data . More... | |
void | validate (const Interest &interest, const InterestValidationSuccessCallback &successCb, const InterestValidationFailureCallback &failureCb) |
Asynchronously validate interest . More... | |
Protected Member Functions | |
void | cacheVerifiedCert (Certificate &&cert) |
Cache verified certificate a period of time (1 hour). More... | |
void | resetVerifiedCerts () |
Remove any cached verified certificates. More... | |
Protected Attributes | |
TrustAnchorContainer | m_trustAnchors |
CertificateCache | m_unverifiedCertCache |
CertificateCache | m_verifiedCertCache |
Interface for validating data and interest packets.
Every time a validation process initiated, it creates a ValidationState that exist until validation finishes with either success or failure. This state serves several purposes:
During validation, policy and/or key fetcher can augment validation state with policy- and fetcher-specific information using ndn::Tag's.
A validator has a trust anchor cache to save static and dynamic trust anchors, a verified certificate cache for saving certificates that are already verified and an unverified certificate cache for saving prefetched but not yet verified certificates.
Limit the maximum time the validation process is allowed to run before declaring failure
Ability to customize maximum lifetime for trusted and untrusted certificate caches. Current implementation hard-codes them to be 1 hour and 5 minutes.
Definition at line 61 of file validator.hpp.
Validator::Validator | ( | unique_ptr< ValidationPolicy > | policy, |
unique_ptr< CertificateFetcher > | certFetcher | ||
) |
Validator constructor.
policy | Validation policy to be associated with the validator. |
certFetcher | Certificate fetcher implementation. |
Definition at line 36 of file validator.cpp.
|
defaultnoexcept |
|
inherited |
Cache unverified certificate for a period of time (5 minutes).
cert | The certificate packet |
Definition at line 86 of file certificate-storage.cpp.
|
protectedinherited |
Cache verified certificate a period of time (1 hour).
cert | The certificate packet |
Definition at line 74 of file certificate-storage.cpp.
void Validator::cacheVerifiedCertificate | ( | Certificate && | cert | ) |
Cache verified cert
a period of time (1 hour).
Definition at line 190 of file validator.cpp.
|
inherited |
Find a trusted certificate in trust anchor container or in verified cache.
interestForCert | Interest for certificate |
Definition at line 35 of file certificate-storage.cpp.
|
inlinenoexcept |
Definition at line 81 of file validator.hpp.
|
inlinenoexcept |
Return the maximum depth of the certificate chain.
Definition at line 90 of file validator.hpp.
|
inlinenoexcept |
Definition at line 75 of file validator.hpp.
|
inherited |
Definition at line 92 of file certificate-storage.cpp.
|
inherited |
Definition at line 104 of file certificate-storage.cpp.
|
inherited |
Definition at line 98 of file certificate-storage.cpp.
|
inherited |
Check if certificate exists in the verified/unverified cache or in the set of trust anchors.
Definition at line 47 of file certificate-storage.cpp.
void Validator::loadAnchor | ( | const std::string & | groupId, |
Certificate && | cert | ||
) |
Load static trust anchor.
Static trust anchors are permanently associated with the validator and never expire.
groupId | Certificate group id. |
cert | Certificate to load as a trust anchor. |
Definition at line 171 of file validator.cpp.
void Validator::loadAnchor | ( | const std::string & | groupId, |
const std::string & | certfilePath, | ||
time::nanoseconds | refreshPeriod, | ||
bool | isDir = false |
||
) |
Load dynamic trust anchors.
Dynamic trust anchors are associated with the validator for as long as the underlying trust anchor file (set of files) exist(s).
groupId | Certificate group id, must not be empty. |
certfilePath | Specifies the path to load the trust anchors. |
refreshPeriod | Refresh period for the trust anchors, must be positive. |
isDir | Tells whether the path is a directory or a single file. |
Definition at line 177 of file validator.cpp.
void Validator::resetAnchors | ( | ) |
Remove any previously loaded static or dynamic trust anchor.
Definition at line 184 of file validator.cpp.
void Validator::resetVerifiedCertificates | ( | ) |
Remove any cached verified certificates.
Definition at line 196 of file validator.cpp.
|
protectedinherited |
Remove any cached verified certificates.
Definition at line 80 of file certificate-storage.cpp.
|
inlinenoexcept |
Set the maximum depth of the certificate chain.
Definition at line 99 of file validator.hpp.
void Validator::validate | ( | const Data & | data, |
const DataValidationSuccessCallback & | successCb, | ||
const DataValidationFailureCallback & | failureCb | ||
) |
Asynchronously validate data
.
successCb
and failureCb
must not be nullptr Definition at line 49 of file validator.cpp.
void Validator::validate | ( | const Interest & | interest, |
const InterestValidationSuccessCallback & | successCb, | ||
const InterestValidationFailureCallback & | failureCb | ||
) |
Asynchronously validate interest
.
successCb
and failureCb
must not be nullptr Definition at line 62 of file validator.cpp.
|
protectedinherited |
Definition at line 133 of file certificate-storage.hpp.
|
protectedinherited |
Definition at line 135 of file certificate-storage.hpp.
|
protectedinherited |
Definition at line 134 of file certificate-storage.hpp.