Validation state. More...
#include <ndn-cxx/security/validation-state.hpp>
Public Member Functions | |
virtual | ~ValidationState () |
void | addCertificate (const Certificate &cert) |
Add cert to the top of the certificate chain. More... | |
virtual void | fail (const ValidationError &error)=0 |
Call the failure callback. More... | |
size_t | getDepth () const noexcept |
boost::logic::tribool | getOutcome () const noexcept |
template<typename T > | |
std::shared_ptr< T > | getTag () const |
Get a tag item. More... | |
bool | hasSeenCertificateName (const Name &certName) |
Check if certName has been previously seen and record the supplied name. More... | |
template<typename T > | |
void | removeTag () const |
Remove a tag item. More... | |
template<typename T > | |
void | setTag (std::shared_ptr< T > tag) const |
Set (add or replace) a tag item. More... | |
Protected Attributes | |
boost::logic::tribool | m_outcome {boost::logic::indeterminate} |
Validation state.
One instance of the validation state is kept for the validation of the whole certificate chain.
The state collects the certificate chain that adheres to the selected validation policy to validate data or interest packets. Certificate, data, and interest packet signatures are verified only after the validator determines that the chain terminates with a trusted certificate (a trusted anchor or a previously validated certificate). This model allows filtering out invalid certificate chains without incurring (costly) cryptographic signature verification overhead and mitigates some forms of denial-of-service attacks.
Validation policy and/or key fetcher may add custom information associated with the validation state using tags (
Definition at line 57 of file validation-state.hpp.
|
virtual |
Definition at line 34 of file validation-state.cpp.
void ndn::security::ValidationState::addCertificate | ( | const Certificate & | cert | ) |
Add cert
to the top of the certificate chain.
If m_certificateChain is empty, cert
should be the signer of the original packet. If m_certificateChain is not empty, cert
should be the signer of m_certificateChain.front().
Definition at line 47 of file validation-state.cpp.
|
pure virtual |
Call the failure callback.
Implemented in ndn::security::InterestValidationState, and ndn::security::DataValidationState.
|
inlinenoexcept |
Definition at line 79 of file validation-state.hpp.
|
inlinenoexcept |
Definition at line 64 of file validation-state.hpp.
|
inherited |
Get a tag item.
T | type of the tag, which must be a subclass of ndn::Tag |
nullptr | if no Tag of type T is stored |
Definition at line 72 of file tag-host.hpp.
bool ndn::security::ValidationState::hasSeenCertificateName | ( | const Name & | certName | ) |
Check if certName
has been previously seen and record the supplied name.
Definition at line 41 of file validation-state.cpp.
|
inherited |
Remove a tag item.
T | type of the tag, which must be a subclass of ndn::Tag |
Definition at line 98 of file tag-host.hpp.
|
inherited |
Set (add or replace) a tag item.
T | type of the tag, which must be a subclass of ndn::Tag |
Definition at line 84 of file tag-host.hpp.
|
protected |
Definition at line 138 of file validation-state.hpp.