25 #include <boost/lexical_cast.hpp>
31 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(state->getDepth() + 1, '>') << " " << x)
32 #define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(state->getDepth() + 1, '>') << " " << x)
35 : m_policy(std::move(policy))
36 , m_certFetcher(std::move(certFetcher))
38 BOOST_ASSERT(m_policy !=
nullptr);
39 BOOST_ASSERT(m_certFetcher !=
nullptr);
40 m_policy->setValidator(*
this);
41 m_certFetcher->setCertificateStorage(*
this);
51 auto state = make_shared<DataValidationState>(data, successCb, failureCb);
54 m_policy->checkPolicy(data, state, [
this] (
auto&&... args) {
55 continueValidation(std::forward<decltype(args)>(args)...);
64 auto state = make_shared<InterestValidationState>(interest, successCb, failureCb);
69 state->setTag(make_shared<SignedInterestFormatTag>(fmt));
73 interest.
getName().toUri() +
"`: " + e.what()});
76 m_policy->checkPolicy(interest, state, [
this] (
auto&&... args) {
77 continueValidation(std::forward<decltype(args)>(args)...);
86 if (!cert.isValid()) {
88 "between " + boost::lexical_cast<std::string>(cert.getValidityPeriod())});
91 m_policy->checkPolicy(cert, state,
92 [
this, cert] (
const shared_ptr<CertificateRequest>& certRequest,
const shared_ptr<ValidationState>& state) {
93 if (certRequest ==
nullptr) {
95 cert.getName().toUri() +
"` as a trust anchor"});
99 state->addCertificate(cert);
100 requestCertificate(certRequest, state);
106 Validator::continueValidation(
const shared_ptr<CertificateRequest>& certRequest,
107 const shared_ptr<ValidationState>& state)
111 if (certRequest ==
nullptr) {
112 state->bypassValidation();
116 requestCertificate(certRequest, state);
121 Validator::requestCertificate(
const shared_ptr<CertificateRequest>& certRequest,
122 const shared_ptr<ValidationState>& state)
124 if (state->getDepth() >= m_maxDepth) {
130 state->verifyOriginalPacket(std::nullopt);
134 if (state->hasSeenCertificateName(certRequest->interest.getName())) {
142 if (cert !=
nullptr) {
145 cert = state->verifyCertificateChain(*cert);
146 if (cert !=
nullptr) {
147 state->verifyOriginalPacket(*cert);
149 for (
auto trustedCert = std::make_move_iterator(state->m_certificateChain.begin());
150 trustedCert != std::make_move_iterator(state->m_certificateChain.end());
157 m_certFetcher->fetch(certRequest, state, [
this] (
auto&&... args) {
158 validate(std::forward<decltype(args)>(args)...);
Represents a Data packet.
Represents an Interest packet.
std::optional< SignatureInfo > getSignatureInfo() const
Get the InterestSignatureInfo element.
const Name & getName() const noexcept
Get the Interest name.
const Certificate * findTrustedCert(const Interest &interestForCert) const
Find a trusted certificate in trust anchor container or in verified cache.
void resetAnchors()
Remove any previously loaded static or dynamic trust anchor.
void cacheVerifiedCert(Certificate &&cert)
Cache verified certificate a period of time (1 hour).
void loadAnchor(const std::string &groupId, Certificate &&cert)
Load static trust anchor.
void resetVerifiedCerts()
Remove any cached verified certificates.
Represents an NDN certificate.
static const Name & getDigestSha256Identity()
A localhost identity to indicate that the signature is generated using SHA-256.
@ EXCEEDED_DEPTH_LIMIT
Exceeded validation depth limit.
@ EXPIRED_CERT
The certificate expired or is not yet valid.
@ POLICY_ERROR
The packet violates the validation rules enforced by the policy.
@ LOOP_DETECTED
Loop detected in the certification chain.
@ MALFORMED_SIGNATURE
The signature (e.g., SignatureInfo element) is missing or malformed.
Interface for validating data and interest packets.
void cacheVerifiedCertificate(Certificate &&cert)
Cache verified cert a period of time (1 hour).
void loadAnchor(const std::string &groupId, Certificate &&cert)
Load static trust anchor.
void validate(const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb)
Asynchronously validate data.
void resetVerifiedCertificates()
Remove any cached verified certificates.
void resetAnchors()
Remove any previously loaded static or dynamic trust anchor.
Validator(unique_ptr< ValidationPolicy > policy, unique_ptr< CertificateFetcher > certFetcher)
Validator constructor.
Represents an error in TLV encoding or decoding.
#define NDN_LOG_INIT(name)
Define a non-member log module.
std::string to_string(const errinfo_stacktrace &x)
Contains the ndn-cxx security framework.
std::function< void(const Interest &)> InterestValidationSuccessCallback
Callback to report a successful Interest validation.
std::function< void(const Interest &, const ValidationError &)> InterestValidationFailureCallback
Callback to report a failed Interest validation.
std::function< void(const Data &)> DataValidationSuccessCallback
Callback to report a successful Data validation.
@ V03
Sign Interest using Packet Specification v0.3 semantics.
@ V02
Sign Interest using Packet Specification v0.2 semantics.
std::function< void(const Data &, const ValidationError &)> DataValidationFailureCallback
Callback to report a failed Data validation.
::boost::chrono::nanoseconds nanoseconds
#define NDN_LOG_DEBUG_DEPTH(x)
#define NDN_LOG_TRACE_DEPTH(x)