| ; The catalog section contains settings of catalog |
| general |
| { |
| ; Set the catalog prefix, so that adapters can extend it as their own prefix |
| ; e.g., suppose that the catalog has the prefix "ndn:/cmip5", so QueryAdapter has the prefix |
| ; "ndn:/cmip5/catalog/query" and "ndn:/cmip5/catalog/query-results", |
| ; PublishAdapter has the prefix "ndn:/cmip5/catalog/publish" |
| |
| prefix /cmip5 |
| |
| ; Set name components for the scientific data, for example, the climate data |
| ; contains name fields like activity, ..., time |
| nameFields activity,product,organization,model,experiment,frequency,modeling_realm,variable_name,ensemble,time |
| |
| ; Set the database table name for the scientific data |
| databaseTable cmip5 |
| } |
| |
| ; The queryAdapter section contains settings of queryAdapter |
| queryAdapter |
| { |
| ; ; Set the Identity that signs data that respond the queries |
| ; ; If the identity contains multiple keys, use the default one |
| ; signingId ndn:/cmip5/test/query/identity |
| |
| ; Set the filter category names, for example, |
| ; the filter category contains name fields like activity, ..., ensemble |
| filterCategoryNames activity,product,organization,model,experiment,frequency,modeling_realm,variable_name,ensemble |
| |
| ; Set database settings for QueryAdapter |
| database |
| { |
| dbServer 127.0.0.1 ; Specify the database server |
| dbName testdb ; Specify the database name |
| dbUser testuser ; Specify the database user name |
| dbPasswd test623 ; Specify the associated password for the dbUser |
| } |
| } |
| |
| ; The publishAdapter section contains settings of publishAdapter |
| publishAdapter |
| { |
| ; Set the Identity that signs data that respond the queries |
| ; If the identity contains multiple keys, use the default one |
| ; signingId ndn:/cmip5/test/query/identity |
| |
| ; The security section contains the rules for the adapter to verify the |
| ; published files indeed come from a valid publisher. |
| security |
| { |
| rule |
| { |
| id "Publishing data is signed by the Datapublisher's dsk" |
| for data ; rule for Data (to validate NDN certificates) |
| filter |
| { |
| type name |
| regex ^<><><><>$ ; condition on data name |
| } |
| checker |
| { |
| type customized |
| sig-type rsa-sha256 |
| key-locator |
| { |
| type name |
| hyper-relation |
| { |
| k-regex ^([^<DataPublisher><KEY>]*)<DataPublisher><KEY><dsk-.*><ID-CERT>$ |
| k-expand \\1 |
| h-relation equal |
| p-regex ^(<>)<>(<>)<>$ |
| p-expand \\1\\2 |
| } |
| } |
| } |
| } |
| |
| rule |
| { |
| id "Datapublisher's dsk is signed by its ksk" |
| for data |
| filter |
| { |
| type name |
| regex ^[^<DataPublisher><KEY>]*<DataPublisher><KEY><dsk-.*><ID-CERT><>$ |
| } |
| checker |
| { |
| type customized |
| sig-type rsa-sha256 |
| key-locator |
| { |
| type name |
| hyper-relation |
| { |
| k-regex ^([^<DataPublisher><KEY>]*)<DataPublisher><KEY><ksk-.*><ID-CERT>$ |
| k-expand \\1 |
| h-relation equal |
| p-regex ^([^<DataPublisher><KEY>]*)<DataPublisher><KEY><dsk-.*><ID-CERT><>$ |
| p-expand \\1 |
| } |
| } |
| } |
| } |
| |
| rule |
| { |
| id "DataPublisher's ksk signed by the site's ksk" |
| for data |
| filter |
| { |
| type name |
| regex ^[^<DataPublisher><KEY>]*<DataPublisher><KEY><ksk-.*><ID-CERT><>$ |
| } |
| checker |
| { |
| type customized |
| sig-type rsa-sha256 |
| key-locator |
| { |
| type name |
| hyper-relation |
| { |
| k-regex ^([^<KEY>]*)<KEY><ksk-.*><ID-CERT>$ |
| k-expand \\1 |
| h-relation equal |
| p-regex ^([^<DataPublisher><KEY>]*)<DataPublisher><KEY><ksk-.*><ID-CERT><>$ |
| p-expand \\1 |
| } |
| } |
| } |
| } |
| |
| rule |
| { |
| id "publishing Hierarchical Rule" |
| for data |
| filter |
| { |
| type name |
| regex ^[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$ |
| } |
| checker |
| { |
| type hierarchical |
| sig-type rsa-sha256 |
| } |
| } |
| |
| trust-anchor |
| { |
| type file |
| file-name /usr/local/etc/ndn/nlsr/keys/cmip5_root.cert ; the file name of trust-anchor |
| } |
| |
| } |
| |
| ; The database section contains settings of database |
| ; The user in publishAdapter may differ from the one in queryAdapter, to provide different |
| ; access control |
| database |
| { |
| dbServer 127.0.0.1 ; Specify the database server |
| dbName testdb ; Specify the database name |
| dbUser testuser ; Specify the database user name |
| dbPasswd test623 ; Specify the associated password for the dbUser |
| } |
| |
| ; The sync section contains settings of ChronoSync |
| sync |
| { |
| ; Set the prefix for sync messages, default 'ndn:/ndn/broadcast' |
| prefix /ndn/broadcast |
| |
| ; The sync_data_security section contains the rules that are required for ChronoSync nodes to |
| ; verify published data by other ChronoSync nodes. |
| ; The ChronoSync validator will be disabled when sync_data_security section is missing. |
| |
| ; sync_data_security |
| ; { |
| ; ; This section defines the trust model for the ChronoSync data Management. It consists of |
| ; ; rules and trust-anchors, which are briefly defined in this file. Multiple rules can be |
| ; ; included |
| ; ; rule |
| ; ; { |
| ; ; id "ChronoSync Update Messages Rule" |
| ; ; for data ; rule for Data (to validate NDN certificates) |
| ; ; filter |
| ; ; { |
| ; ; type name ; condition on data name |
| ; ; regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$ |
| ; ; } |
| ; ; checker |
| ; ; { |
| ; ; type hierarchical ; the certificate name of the signing key and |
| ; ; ; the data name must follow the hierarchical model |
| ; ; sig-type rsa-sha256 ; data must have a rsa-sha256 signature |
| ; ; } |
| ; ; } |
| ; ; trust-anchor |
| ; ; { |
| ; ; type file |
| ; ; file-name keys/default.ndncert ; the file name, by default this file should be placed in |
| ; ; ; the same folder as this config file. |
| ; ; } |
| ; } |
| } |
| } |