ndn::security::TrustAnchorContainer Class Reference

A container for trust anchors. More...

#include <ndn-cxx/security/trust-anchor-container.hpp>

+ Inheritance diagram for ndn::security::TrustAnchorContainer:
+ Collaboration diagram for ndn::security::TrustAnchorContainer:

Classes

class  Error
 

Public Member Functions

void clear ()
 Remove all static or dynamic anchors. More...
 
const Certificatefind (const Interest &interest) const
 Find certificate given interest. More...
 
const Certificatefind (const Name &keyName) const
 Search for certificate across all groups (longest prefix match). More...
 
TrustAnchorGroupgetGroup (const std::string &groupId) const
 Get trusted anchor group. More...
 
void insert (const std::string &groupId, Certificate &&cert)
 Insert a static trust anchor. More...
 
void insert (const std::string &groupId, const std::filesystem::path &path, time::nanoseconds refreshPeriod, bool isDir=false)
 Insert dynamic trust anchors from path. More...
 
size_t size () const
 Get number of trust anchors across all groups. More...
 

Detailed Description

A container for trust anchors.

There are two kinds of anchors:

  • static anchors that are permanent for the lifetime of the container
  • dynamic anchors that are periodically updated.

Trust anchors are organized in groups. Each group has a unique group id. The same anchor certificate (same name without considering the implicit digest) can be inserted into multiple groups, but no more than once into each.

Dynamic groups are created using the appropriate TrustAnchorContainer::insert method. Once created, the dynamic anchor group cannot be updated.

The returned pointer to Certificate from find methods is only guaranteed to be valid until the next invocation of find and may be invalidated afterwards.

Definition at line 53 of file trust-anchor-container.hpp.

Member Function Documentation

◆ clear()

void ndn::security::TrustAnchorContainer::clear ( )

Remove all static or dynamic anchors.

Definition at line 72 of file trust-anchor-container.cpp.

◆ find() [1/2]

const Certificate * ndn::security::TrustAnchorContainer::find ( const Interest interest) const

Find certificate given interest.

Parameters
interestThe input interest packet.
Returns
The found certificate, nullptr if not found.
Note
The returned value may be invalidated after next call to one of find methods.
Interest with implicit digest is not supported.

Definition at line 91 of file trust-anchor-container.cpp.

◆ find() [2/2]

const Certificate * ndn::security::TrustAnchorContainer::find ( const Name keyName) const

Search for certificate across all groups (longest prefix match).

Parameters
keyNameKey name prefix for searching the certificate.
Returns
The found certificate, nullptr if not found.
Note
The returned value may be invalidated after next call to one of find methods.

Definition at line 79 of file trust-anchor-container.cpp.

◆ getGroup()

TrustAnchorGroup & ndn::security::TrustAnchorContainer::getGroup ( const std::string &  groupId) const

Get trusted anchor group.

Exceptions
ErrorgroupId does not exist

Definition at line 106 of file trust-anchor-container.cpp.

◆ insert() [1/2]

void ndn::security::TrustAnchorContainer::insert ( const std::string &  groupId,
Certificate &&  cert 
)

Insert a static trust anchor.

Parameters
groupIdCertificate group id.
certCertificate to insert.

If cert (same name without considering implicit digest) already exists in the group groupId, this method has no effect.

Exceptions
ErrorgroupId is a dynamic anchor group .

Definition at line 45 of file trust-anchor-container.cpp.

◆ insert() [2/2]

void ndn::security::TrustAnchorContainer::insert ( const std::string &  groupId,
const std::filesystem::path &  path,
time::nanoseconds  refreshPeriod,
bool  isDir = false 
)

Insert dynamic trust anchors from path.

Parameters
groupIdCertificate group id, must not be empty.
pathSpecifies the path to load the trust anchors.
refreshPeriodRefresh period for the trust anchors, must be positive. Relevant trust anchors will only be updated when find is called
isDirTells whether the path is a directory or a single file.
Exceptions
std::invalid_argumentrefreshPeriod is not positive
Errora group with groupId already exists

Definition at line 60 of file trust-anchor-container.cpp.

◆ size()

size_t ndn::security::TrustAnchorContainer::size ( ) const

Get number of trust anchors across all groups.

Definition at line 116 of file trust-anchor-container.cpp.