ndn::security::validator_config::ValidationPolicyConfig Class Reference

A validator that can be set up via a configuration file. More...

#include <ndn-cxx/security/validation-policy-config.hpp>

+ Inheritance diagram for ndn::security::validator_config::ValidationPolicyConfig:
+ Collaboration diagram for ndn::security::validator_config::ValidationPolicyConfig:

Public Types

using ValidationContinuation = std::function< void(const shared_ptr< CertificateRequest > &certRequest, const shared_ptr< ValidationState > &state)>
 

Public Member Functions

virtual void checkPolicy (const Certificate &certificate, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation)
 Check certificate against the policy. More...
 
ValidationPolicygetInnerPolicy ()
 Return the inner policy. More...
 
bool hasInnerPolicy () const
 Check if inner policy is set. More...
 
void load (const ConfigSection &configSection, const std::string &filename)
 Load policy from configSection. More...
 
void load (const std::string &filename)
 Load policy from file filename. More...
 
void load (const std::string &input, const std::string &filename)
 Load policy from direct input. More...
 
void load (std::istream &input, const std::string &filename)
 Load policy from direct input. More...
 
void setInnerPolicy (unique_ptr< ValidationPolicy > innerPolicy)
 Set inner policy. More...
 
void setValidator (Validator &validator)
 Set validator to which the policy is associated. More...
 

Protected Member Functions

void checkPolicy (const Data &data, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation) override
 Check data against the policy. More...
 
void checkPolicy (const Interest &interest, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation) override
 Check interest against the policy. More...
 

Protected Attributes

unique_ptr< ValidationPolicym_innerPolicy
 
Validatorm_validator = nullptr
 

Detailed Description

A validator that can be set up via a configuration file.

Note
For Command Interest validation, this policy must be combined with ValidationPolicyCommandInterest, in order to guard against replay attacks.
This policy does not support inner policies (a sole policy or a terminal inner policy)
See also
Validator Configuration File Format

Definition at line 40 of file validation-policy-config.hpp.

Member Typedef Documentation

◆ ValidationContinuation

using ndn::security::ValidationPolicy::ValidationContinuation = std::function<void(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state)>
inherited

Definition at line 38 of file validation-policy.hpp.

Member Function Documentation

◆ checkPolicy() [1/3]

virtual void ndn::security::ValidationPolicy::checkPolicy ( const Certificate certificate,
const shared_ptr< ValidationState > &  state,
const ValidationContinuation continueValidation 
)
inlinevirtualinherited

Check certificate against the policy.

Unless overridden by the policy, this check defaults to checkPolicy(const Data&, ...).

Depending on implementation of the policy, this check can be done synchronously or asynchronously.

Semantics of checkPolicy has changed from v1::Validator

  • If packet violates policy, the policy should call state->fail with appropriate error code and error description.
  • If packet conforms to the policy and no further certificate retrievals are necessary, the policy should call continueValidation(nullptr, state)
  • If packet conforms to the policy and a certificate needs to be fetched, the policy should call continueValidation(<appropriate-cert-request-instance>, state)

Definition at line 137 of file validation-policy.hpp.

◆ checkPolicy() [2/3]

void ndn::security::validator_config::ValidationPolicyConfig::checkPolicy ( const Data data,
const shared_ptr< ValidationState > &  state,
const ValidationContinuation continueValidation 
)
overrideprotectedvirtual

Check data against the policy.

Depending on implementation of the policy, this check can be done synchronously or asynchronously.

Semantics of checkPolicy has changed from v1::Validator

  • If packet violates policy, the policy should call state->fail with appropriate error code and error description.
  • If packet conforms to the policy and no further certificate retrievals are necessary, the policy should call continueValidation(nullptr, state)
  • If packet conforms to the policy and a certificate needs to be fetched, the policy should call continueValidation(<appropriate-cert-request-instance>, state)

Implements ndn::security::ValidationPolicy.

Definition at line 228 of file validation-policy-config.cpp.

◆ checkPolicy() [3/3]

void ndn::security::validator_config::ValidationPolicyConfig::checkPolicy ( const Interest interest,
const shared_ptr< ValidationState > &  state,
const ValidationContinuation continueValidation 
)
overrideprotectedvirtual

Check interest against the policy.

Depending on implementation of the policy, this check can be done synchronously or asynchronously.

Semantics of checkPolicy has changed from v1::Validator

  • If packet violates policy, the policy should call state->fail with appropriate error code and error description.
  • If packet conforms to the policy and no further certificate retrievals are necessary, the policy should call continueValidation(nullptr, state)
  • If packet conforms to the policy and a certificate needs to be fetched, the policy should call continueValidation(<appropriate-cert-request-instance>, state)

Implements ndn::security::ValidationPolicy.

Definition at line 259 of file validation-policy-config.cpp.

◆ getInnerPolicy()

ValidationPolicy & ndn::security::ValidationPolicy::getInnerPolicy ( )
inherited

Return the inner policy.

If the inner policy was not set, behavior is undefined.

Definition at line 47 of file validation-policy.cpp.

◆ hasInnerPolicy()

bool ndn::security::ValidationPolicy::hasInnerPolicy ( ) const
inlineinherited

Check if inner policy is set.

Definition at line 65 of file validation-policy.hpp.

◆ load() [1/4]

void ndn::security::validator_config::ValidationPolicyConfig::load ( const ConfigSection configSection,
const std::string &  filename 
)

Load policy from configSection.

Exceptions
ErrorValidator instance not assigned to the policy (m_validator == nullptr)

Definition at line 67 of file validation-policy-config.cpp.

◆ load() [2/4]

void ndn::security::validator_config::ValidationPolicyConfig::load ( const std::string &  filename)

Load policy from file filename.

Exceptions
ErrorValidator instance not assigned to the policy (m_validator == nullptr)

Definition at line 36 of file validation-policy-config.cpp.

◆ load() [3/4]

void ndn::security::validator_config::ValidationPolicyConfig::load ( const std::string &  input,
const std::string &  filename 
)

Load policy from direct input.

Exceptions
ErrorValidator instance not assigned to the policy (m_validator == nullptr)

Definition at line 46 of file validation-policy-config.cpp.

◆ load() [4/4]

void ndn::security::validator_config::ValidationPolicyConfig::load ( std::istream &  input,
const std::string &  filename 
)

Load policy from direct input.

Exceptions
ErrorValidator instance not assigned to the policy (m_validator == nullptr)

Definition at line 53 of file validation-policy-config.cpp.

◆ setInnerPolicy()

void ndn::security::ValidationPolicy::setInnerPolicy ( unique_ptr< ValidationPolicy innerPolicy)
inherited

Set inner policy.

Multiple assignments of the inner policy will create a "chain" of linked policies. The inner policy from the latest invocation of setInnerPolicy will be at the bottom of the policy list.

For example, sequence of this->setInnerPolicy(policy1) and this->setInnerPolicy(policy2), will result in this->m_innerPolicy == policy1, this->m_innerPolicy->m_innerPolicy == policy2', and this->m_innerPolicy->m_innerPolicy->m_innerPolicy == nullptr.

Exceptions
std::invalid_argumentexception, if innerPolicy is nullptr.

Definition at line 28 of file validation-policy.cpp.

◆ setValidator()

void ndn::security::ValidationPolicy::setValidator ( Validator validator)
inherited

Set validator to which the policy is associated.

Definition at line 53 of file validation-policy.cpp.

Member Data Documentation

◆ m_innerPolicy

unique_ptr<ValidationPolicy> ndn::security::ValidationPolicy::m_innerPolicy
protectedinherited

Definition at line 145 of file validation-policy.hpp.

◆ m_validator

Validator* ndn::security::ValidationPolicy::m_validator = nullptr
protectedinherited

Definition at line 144 of file validation-policy.hpp.