Interface for validating data and interest packets. More...
#include <ndn-cxx/security/validator.hpp>
Public Member Functions | |
Validator (unique_ptr< ValidationPolicy > policy, unique_ptr< CertificateFetcher > certFetcher) | |
Validator constructor. More... | |
~Validator () noexcept | |
void | cacheUnverifiedCert (Certificate &&cert) |
Cache unverified certificate for a period of time (5 minutes). More... | |
void | cacheVerifiedCertificate (Certificate &&cert) |
Cache verified cert a period of time (1 hour). More... | |
const Certificate * | findTrustedCert (const Interest &interestForCert) const |
Find a trusted certificate in trust anchor container or in verified cache. More... | |
CertificateFetcher & | getFetcher () const noexcept |
size_t | getMaxDepth () const noexcept |
Return the maximum depth of the certificate chain. More... | |
ValidationPolicy & | getPolicy () const noexcept |
const TrustAnchorContainer & | getTrustAnchors () const |
const CertificateCache & | getUnverifiedCertCache () const |
const CertificateCache & | getVerifiedCertCache () const |
bool | isCertKnown (const Name &certPrefix) const |
Check if certificate exists in the verified/unverified cache or in the set of trust anchors. More... | |
void | loadAnchor (const std::string &groupId, Certificate &&cert) |
Load static trust anchor. More... | |
void | loadAnchor (const std::string &groupId, const std::string &certfilePath, time::nanoseconds refreshPeriod, bool isDir=false) |
Load dynamic trust anchors. More... | |
void | resetAnchors () |
Remove any previously loaded static or dynamic trust anchor. More... | |
void | resetVerifiedCertificates () |
Remove any cached verified certificates. More... | |
void | setMaxDepth (size_t depth) noexcept |
Set the maximum depth of the certificate chain. More... | |
void | validate (const Data &data, const DataValidationSuccessCallback &successCb, const DataValidationFailureCallback &failureCb) |
Asynchronously validate data . More... | |
void | validate (const Interest &interest, const InterestValidationSuccessCallback &successCb, const InterestValidationFailureCallback &failureCb) |
Asynchronously validate interest . More... | |
Protected Member Functions | |
void | cacheVerifiedCert (Certificate &&cert) |
Cache verified certificate a period of time (1 hour). More... | |
void | resetVerifiedCerts () |
Remove any cached verified certificates. More... | |
Protected Attributes | |
TrustAnchorContainer | m_trustAnchors |
CertificateCache | m_unverifiedCertCache |
CertificateCache | m_verifiedCertCache |
Interface for validating data and interest packets.
Every time a validation process initiated, it creates a ValidationState that exist until validation finishes with either success or failure. This state serves several purposes:
During validation, policy and/or key fetcher can augment validation state with policy- and fetcher-specific information using ndn::Tag's.
A validator has a trust anchor cache to save static and dynamic trust anchors, a verified certificate cache for saving certificates that are already verified and an unverified certificate cache for saving prefetched but not yet verified certificates.
Limit the maximum time the validation process is allowed to run before declaring failure
Ability to customize maximum lifetime for trusted and untrusted certificate caches. Current implementation hard-codes them to be 1 hour and 5 minutes.
Definition at line 60 of file validator.hpp.
ndn::security::Validator::Validator | ( | unique_ptr< ValidationPolicy > | policy, |
unique_ptr< CertificateFetcher > | certFetcher | ||
) |
Validator constructor.
policy | Validation policy to be associated with the validator. |
certFetcher | Certificate fetcher implementation. |
Definition at line 34 of file validator.cpp.
|
defaultnoexcept |
|
inherited |
Cache unverified certificate for a period of time (5 minutes).
cert | The certificate packet |
Definition at line 81 of file certificate-storage.cpp.
|
protectedinherited |
Cache verified certificate a period of time (1 hour).
cert | The certificate packet |
Definition at line 69 of file certificate-storage.cpp.
void ndn::security::Validator::cacheVerifiedCertificate | ( | Certificate && | cert | ) |
Cache verified cert
a period of time (1 hour).
Definition at line 188 of file validator.cpp.
|
inherited |
Find a trusted certificate in trust anchor container or in verified cache.
interestForCert | Interest for certificate |
Definition at line 33 of file certificate-storage.cpp.
|
inlinenoexcept |
Definition at line 80 of file validator.hpp.
|
inlinenoexcept |
Return the maximum depth of the certificate chain.
Definition at line 89 of file validator.hpp.
|
inlinenoexcept |
Definition at line 74 of file validator.hpp.
|
inherited |
Definition at line 87 of file certificate-storage.cpp.
|
inherited |
Definition at line 99 of file certificate-storage.cpp.
|
inherited |
Definition at line 93 of file certificate-storage.cpp.
|
inherited |
Check if certificate exists in the verified/unverified cache or in the set of trust anchors.
Definition at line 42 of file certificate-storage.cpp.
void ndn::security::Validator::loadAnchor | ( | const std::string & | groupId, |
Certificate && | cert | ||
) |
Load static trust anchor.
Static trust anchors are permanently associated with the validator and never expire.
groupId | Certificate group id. |
cert | Certificate to load as a trust anchor. |
Definition at line 169 of file validator.cpp.
void ndn::security::Validator::loadAnchor | ( | const std::string & | groupId, |
const std::string & | certfilePath, | ||
time::nanoseconds | refreshPeriod, | ||
bool | isDir = false |
||
) |
Load dynamic trust anchors.
Dynamic trust anchors are associated with the validator for as long as the underlying trust anchor file (set of files) exist(s).
groupId | Certificate group id, must not be empty. |
certfilePath | Specifies the path to load the trust anchors. |
refreshPeriod | Refresh period for the trust anchors, must be positive. |
isDir | Tells whether the path is a directory or a single file. |
Definition at line 175 of file validator.cpp.
void ndn::security::Validator::resetAnchors | ( | ) |
Remove any previously loaded static or dynamic trust anchor.
Definition at line 182 of file validator.cpp.
void ndn::security::Validator::resetVerifiedCertificates | ( | ) |
Remove any cached verified certificates.
Definition at line 194 of file validator.cpp.
|
protectedinherited |
Remove any cached verified certificates.
Definition at line 75 of file certificate-storage.cpp.
|
inlinenoexcept |
Set the maximum depth of the certificate chain.
Definition at line 98 of file validator.hpp.
void ndn::security::Validator::validate | ( | const Data & | data, |
const DataValidationSuccessCallback & | successCb, | ||
const DataValidationFailureCallback & | failureCb | ||
) |
Asynchronously validate data
.
successCb
and failureCb
must not be nullptr Definition at line 47 of file validator.cpp.
void ndn::security::Validator::validate | ( | const Interest & | interest, |
const InterestValidationSuccessCallback & | successCb, | ||
const InterestValidationFailureCallback & | failureCb | ||
) |
Asynchronously validate interest
.
successCb
and failureCb
must not be nullptr Definition at line 60 of file validator.cpp.
|
protectedinherited |
Definition at line 131 of file certificate-storage.hpp.
|
protectedinherited |
Definition at line 133 of file certificate-storage.hpp.
|
protectedinherited |
Definition at line 132 of file certificate-storage.hpp.