update: Process Name prefix update commands
refs #1834
Change-Id: I18c86d0743b4a10ce3a8681f202b59a86602e43f
diff --git a/nlsr.conf b/nlsr.conf
index ffffe43..a370f34 100644
--- a/nlsr.conf
+++ b/nlsr.conf
@@ -212,7 +212,7 @@
type name
hyper-relation
{
- k-regex ^([^<KEY><%C1.Operator>]*)<%C1.Operator>[^<KEY>]*<KEY><ksk-.*><ID-CERT>$
+ k-regex ^([^<KEY><%C1.Operator>]*)<%C1.Operator>[^<KEY>]*<KEY><ksk-.*><ID-CERT>$
k-expand \\1
h-relation equal
p-regex ^([^<KEY><%C1.Router>]*)<%C1.Router>[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
@@ -244,6 +244,52 @@
file-name "root.cert"
}
}
+
+ prefix-update-validator
+ {
+ rule
+ {
+ id "NLSR ControlCommand Rule"
+ for interest
+ filter
+ {
+ type name
+ regex ^<localhost><nlsr><prefix-update>[<advertise><withdraw>]<>$
+ }
+ checker
+ {
+ type customized
+ sig-type rsa-sha256
+ key-locator
+ {
+ type name
+ regex ^([^<KEY><%C1.Operator>]*)<%C1.Operator>[^<KEY>]*<KEY><ksk-.*><ID-CERT>$
+ }
+ }
+ }
+
+ rule
+ {
+ id "NLSR Hierarchy Rule"
+ for data
+ filter
+ {
+ type name
+ regex ^[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
+ }
+ checker
+ {
+ type hierarchical
+ sig-type rsa-sha256
+ }
+ }
+
+ trust-anchor
+ {
+ type file
+ file-name "site.cert"
+ }
+ }
; cert-to-publish "root.cert" ; optional, a file containing the root certificate
; Only the router that is designated to publish the root cert
; needs to specify this