25 #include <boost/lexical_cast.hpp>
33 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(state->getDepth() + 1, '>') << " " << x)
34 #define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(state->getDepth() + 1, '>') << " " << x)
37 : m_policy(std::move(policy))
38 , m_certFetcher(std::move(certFetcher))
40 BOOST_ASSERT(m_policy !=
nullptr);
41 BOOST_ASSERT(m_certFetcher !=
nullptr);
42 m_policy->setValidator(*
this);
43 m_certFetcher->setCertificateStorage(*
this);
53 auto state = make_shared<DataValidationState>(data, successCb, failureCb);
56 m_policy->checkPolicy(data, state, [
this] (
auto&&... args) {
57 continueValidation(std::forward<decltype(args)>(args)...);
66 auto state = make_shared<InterestValidationState>(interest, successCb, failureCb);
71 state->setTag(make_shared<SignedInterestFormatTag>(fmt));
75 interest.
getName().toUri() +
"`: " + e.what()});
78 m_policy->checkPolicy(interest, state, [
this] (
auto&&... args) {
79 continueValidation(std::forward<decltype(args)>(args)...);
88 if (!cert.isValid()) {
90 "between " + boost::lexical_cast<std::string>(cert.getValidityPeriod())});
93 m_policy->checkPolicy(cert, state,
94 [
this, cert] (
const shared_ptr<CertificateRequest>& certRequest,
const shared_ptr<ValidationState>& state) {
95 if (certRequest ==
nullptr) {
97 cert.getName().toUri() +
"` as a trust anchor"});
101 state->addCertificate(cert);
102 requestCertificate(certRequest, state);
108 Validator::continueValidation(
const shared_ptr<CertificateRequest>& certRequest,
109 const shared_ptr<ValidationState>& state)
113 if (certRequest ==
nullptr) {
114 state->bypassValidation();
118 requestCertificate(certRequest, state);
123 Validator::requestCertificate(
const shared_ptr<CertificateRequest>& certRequest,
124 const shared_ptr<ValidationState>& state)
126 if (state->getDepth() >= m_maxDepth) {
132 state->verifyOriginalPacket(nullopt);
136 if (state->hasSeenCertificateName(certRequest->interest.getName())) {
144 if (cert !=
nullptr) {
147 cert = state->verifyCertificateChain(*cert);
148 if (cert !=
nullptr) {
149 state->verifyOriginalPacket(*cert);
151 for (
auto trustedCert = std::make_move_iterator(state->m_certificateChain.begin());
152 trustedCert != std::make_move_iterator(state->m_certificateChain.end());
159 m_certFetcher->fetch(certRequest, state, [
this] (
auto&&... args) {
160 validate(std::forward<decltype(args)>(args)...);
Represents a Data packet.
Represents an Interest packet.
const Name & getName() const noexcept
optional< SignatureInfo > getSignatureInfo() const
Get the InterestSignatureInfo element.
static const Name & getDigestSha256Identity()
A localhost identity to indicate that the signature is generated using SHA-256.
const Certificate * findTrustedCert(const Interest &interestForCert) const
Find a trusted certificate in trust anchor container or in verified cache.
void loadAnchor(const std::string &groupId, Certificate &&cert)
Load static trust anchor.
void resetVerifiedCerts()
Remove any cached verified certificates.
void resetAnchors()
Remove any previously loaded static or dynamic trust anchor.
void cacheVerifiedCert(Certificate &&cert)
Cache verified certificate a period of time (1 hour).
Represents an NDN certificate.
@ LOOP_DETECTED
Loop detected in the certification chain.
@ EXCEEDED_DEPTH_LIMIT
Exceeded validation depth limit.
@ MALFORMED_SIGNATURE
The signature (e.g., SignatureInfo element) is missing or malformed.
@ POLICY_ERROR
The packet violates the validation rules enforced by the policy.
@ EXPIRED_CERT
The certificate expired or is not yet valid.
Interface for validating data and interest packets.
void cacheVerifiedCertificate(Certificate &&cert)
Cache verified cert a period of time (1 hour).
void resetAnchors()
Remove any previously loaded static or dynamic trust anchor.
Validator(unique_ptr< ValidationPolicy > policy, unique_ptr< CertificateFetcher > certFetcher)
Validator constructor.
void resetVerifiedCertificates()
Remove any cached verified certificates.
void validate(const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb)
Asynchronously validate data.
void loadAnchor(const std::string &groupId, Certificate &&cert)
Load static trust anchor.
Represents an error in TLV encoding or decoding.
#define NDN_LOG_INIT(name)
Define a non-member log module.
std::string to_string(const errinfo_stacktrace &x)
std::function< void(const Data &)> DataValidationSuccessCallback
Callback to report a successful Data validation.
std::function< void(const Data &, const ValidationError &)> DataValidationFailureCallback
Callback to report a failed Data validation.
std::function< void(const Interest &)> InterestValidationSuccessCallback
Callback to report a successful Interest validation.
std::function< void(const Interest &, const ValidationError &)> InterestValidationFailureCallback
Callback to report a failed Interest validation.
@ V03
Sign Interest using Packet Specification v0.3 semantics.
@ V02
Sign Interest using Packet Specification v0.2 semantics.
boost::chrono::nanoseconds nanoseconds
#define NDN_LOG_DEBUG_DEPTH(x)
#define NDN_LOG_TRACE_DEPTH(x)