31 , m_byKeyName(m_container.get<0>())
32 , m_byLastRefreshed(m_container.get<1>())
34 if (inner ==
nullptr) {
35 NDN_THROW(std::invalid_argument(
"Inner policy is missing"));
44 const shared_ptr<ValidationState>& state,
52 const shared_ptr<ValidationState>& state,
55 if (!state->getOutcome()) {
69 ValidationPolicySignedInterest::checkIncomingInterest(
const shared_ptr<ValidationState>& state,
73 if (!state->getOutcome()) {
77 if (!state->getOutcome()) {
80 auto timestamp = sigInfo.getTime();
81 auto seqNum = sigInfo.getSeqNum();
82 auto nonce = sigInfo.getNonce();
84 auto record = m_byKeyName.find(keyName);
87 if (!timestamp.has_value()) {
95 "Timestamp is outside the grace period for key " + keyName.
toUri()});
99 if (record != m_byKeyName.end() && record->timestamp.has_value() && timestamp <= record->timestamp) {
101 "Timestamp is reordered for key " + keyName.
toUri()});
107 if (!seqNum.has_value()) {
109 "Sequence number is required by policy but is not present"});
113 if (record != m_byKeyName.end() && record->seqNum.has_value() && seqNum <= record->seqNum) {
115 "Sequence number is reordered for key " + keyName.
toUri()});
121 if (!nonce.has_value()) {
126 if (record != m_byKeyName.end() && record->observedNonces.get<NonceSet>().count(*nonce) > 0) {
128 "Nonce matches previously-seen nonce for key " + keyName.
toUri()});
134 auto interestState = dynamic_pointer_cast<InterestValidationState>(state);
135 BOOST_ASSERT(interestState !=
nullptr);
136 interestState->afterSuccess.connect([=] (
const Interest&) {
137 insertRecord(keyName, timestamp, seqNum, nonce);
144 ValidationPolicySignedInterest::insertRecord(
const Name& keyName,
145 optional<time::system_clock::TimePoint> timestamp,
146 optional<uint64_t> seqNum,
147 optional<SigNonce> nonce)
150 Container::nth_index<0>::type::iterator it;
152 std::tie(it, isOk) = m_byKeyName.emplace(keyName, timestamp, seqNum);
155 isOk = m_byKeyName.modify(it, [&] (LastInterestRecord& record) {
157 if (timestamp.has_value()) {
158 record.timestamp = timestamp;
160 if (seqNum.has_value()) {
161 record.seqNum = seqNum;
169 isOk = m_byKeyName.modify(it, [
this, &nonce] (LastInterestRecord& record) {
170 auto& sigNonceList = record.observedNonces.get<NonceList>();
171 sigNonceList.push_back(*nonce);
175 BOOST_ASSERT(sigNonceList.size() ==
static_cast<size_t>(m_options.
maxNonceRecordCount) + 1);
176 sigNonceList.pop_front();
184 m_byLastRefreshed.size() >
static_cast<size_t>(m_options.
maxRecordCount)) {
185 BOOST_ASSERT(m_byLastRefreshed.size() ==
static_cast<size_t>(m_options.
maxRecordCount) + 1);
186 m_byLastRefreshed.erase(m_byLastRefreshed.begin());
Represents a Data packet.
Represents an Interest packet.
Represents an absolute name.
void toUri(std::ostream &os, name::UriFormat format=name::UriFormat::DEFAULT) const
Write URI representation of the name to the output stream.
Provides a tag type for simple types.
@ POLICY_ERROR
The packet violates the validation rules enforced by the policy.
ssize_t maxNonceRecordCount
Number of previous nonces to track for each public key.
bool shouldValidateSeqNums
Whether to validate sequence numbers in signed Interests by ensuring they are present and are strictl...
ssize_t maxRecordCount
Max number of distinct public keys to track.
time::nanoseconds timestampGracePeriod
Tolerance of timestamp differences from the current time.
bool shouldValidateTimestamps
Whether to validate timestamps in signed Interests by ensuring they are not reordered for a given pub...
bool shouldValidateNonces
Whether to validate nonces by ensuring that they are present and do not overlap with one of the last ...
void checkPolicy(const Data &data, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation) override
Check data against the policy.
ValidationPolicySignedInterest(unique_ptr< ValidationPolicy > inner, const Options &options={})
Constructor.
ValidationPolicy & getInnerPolicy()
Return the inner policy.
std::function< void(const shared_ptr< CertificateRequest > &certRequest, const shared_ptr< ValidationState > &state)> ValidationContinuation
virtual void checkPolicy(const Data &data, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation)=0
Check data against the policy.
void setInnerPolicy(unique_ptr< ValidationPolicy > innerPolicy)
Set inner policy.
static time_point now() noexcept
static time_point now() noexcept
Name getKeyLocatorName(const SignatureInfo &si, ValidationState &state)
Extract the KeyLocator name from a SignatureInfo element.
SignatureInfo getSignatureInfo(const Interest &interest, ValidationState &state)
Extract SignatureInfo from a signed Interest.
@ V03
Sign Interest using Packet Specification v0.3 semantics.
constexpr duration< Rep, Period > abs(duration< Rep, Period > d)