catalog.conf.sample.in

; The catalog section contains settings of catalog
general
{
  ; Set the catalog prefix, so that adapters can extend it as their own prefix
  ; e.g., suppose that the catalog has the prefix "ndn:/cmip5", so QueryAdapter has the prefix
  ; "ndn:/cmip5/catalog/query" and "ndn:/cmip5/catalog/query-results",
  ; PublishAdapter has the prefix "ndn:/cmip5/catalog/publish"

  prefix /cmip5

  ; Set name components for the scientific data, for example, the climate data
  ; contains name fields like activity, ..., time
  nameFields activity,product,organization,model,experiment,frequency,modeling_realm,variable_name,ensemble,time

  ; Set the database table name for the scientific data
  databaseTable cmip5
}

; The queryAdapter section contains settings of queryAdapter
queryAdapter
{
  ; ; Set the Identity that signs data that respond the queries
  ; ; If the identity contains multiple keys, use the default one
  ; signingId ndn:/cmip5/test/query/identity

  ; Set the filter category names, for example,
  ; the filter category contains name fields like activity, ..., ensemble
  filterCategoryNames activity,product,organization,model,experiment,frequency,modeling_realm,variable_name,ensemble

  ; Set database settings for QueryAdapter
  database
  {
    dbServer 127.0.0.1  ; Specify the database server
    dbName testdb       ; Specify the database name
    dbUser testuser     ; Specify the database user name
    dbPasswd test623    ; Specify the associated password for the dbUser
  }
}

; The publishAdapter section contains settings of publishAdapter
publishAdapter
{
  ; Set the Identity that signs data that respond the queries
  ; If the identity contains multiple keys, use the default one
  ; signingId ndn:/cmip5/test/query/identity

  ; The security section contains the rules for the adapter to verify the
  ; published files indeed come from a valid publisher.
  security
  {
    rule
    {
      id "Publishing data is signed by the Datapublisher's dsk"
      for data              ; rule for Data (to validate NDN certificates)
      filter
      {
        type name
        regex ^<><><><>$    ; condition on data name
      }
      checker
      {
        type customized
        sig-type rsa-sha256
        key-locator
        {
          type name
          hyper-relation
          {
            k-regex ^([^<DataPublisher><KEY>]*)<DataPublisher><KEY><dsk-.*><ID-CERT>$
            k-expand \\1
            h-relation equal
            p-regex ^(<>)<>(<>)<>$
            p-expand \\1\\2
          }
        }
      }
    }

    rule
    {
      id "Datapublisher's dsk is signed by its ksk"
      for data
      filter
      {
        type name
        regex ^[^<DataPublisher><KEY>]*<DataPublisher><KEY><dsk-.*><ID-CERT><>$
      }
      checker
      {
        type customized
        sig-type rsa-sha256
        key-locator
        {
          type name
          hyper-relation
          {
            k-regex ^([^<DataPublisher><KEY>]*)<DataPublisher><KEY><ksk-.*><ID-CERT>$
            k-expand \\1
            h-relation equal
            p-regex ^([^<DataPublisher><KEY>]*)<DataPublisher><KEY><dsk-.*><ID-CERT><>$
            p-expand \\1
          }
        }
      }
    }

    rule
    {
      id "DataPublisher's ksk signed by the site's ksk"
      for data
      filter
      {
        type name
        regex ^[^<DataPublisher><KEY>]*<DataPublisher><KEY><ksk-.*><ID-CERT><>$
      }
      checker
      {
        type customized
        sig-type rsa-sha256
        key-locator
        {
          type name
          hyper-relation
          {
            k-regex ^([^<KEY>]*)<KEY><ksk-.*><ID-CERT>$
            k-expand \\1
            h-relation equal
            p-regex ^([^<DataPublisher><KEY>]*)<DataPublisher><KEY><ksk-.*><ID-CERT><>$
            p-expand \\1
          }
        }
      }
    }

    rule
    {
      id "publishing Hierarchical Rule"
      for data
      filter
      {
        type name
        regex ^[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
      }
      checker
      {
        type hierarchical
        sig-type rsa-sha256
      }
    }

    trust-anchor
    {
      type file
      file-name /usr/local/etc/ndn/nlsr/keys/cmip5_root.cert ; the file name of trust-anchor
    }

  }

  ; The database section contains settings of database
  ; The user in publishAdapter may differ from the one in queryAdapter, to provide different
  ; access control
  database
  {
    dbServer 127.0.0.1  ; Specify the database server
    dbName testdb       ; Specify the database name
    dbUser testuser     ; Specify the database user name
    dbPasswd test623    ; Specify the associated password for the dbUser
  }

  ; The sync section contains settings of ChronoSync
  sync
  {
    ; Set the prefix for sync messages, default 'ndn:/ndn/broadcast'
    prefix /ndn/broadcast

    ; The sync_data_security section contains the rules that are required for ChronoSync nodes to
    ; verify published data by other ChronoSync nodes.
    ; The ChronoSync validator will be disabled when sync_data_security section is missing.

    ; sync_data_security
    ; {
    ;   ; This section defines the trust model for the ChronoSync data Management. It consists of
    ;   ; rules and trust-anchors, which are briefly defined in this file. Multiple rules can be
    ;   ; included
    ;   ; rule
    ;   ; {
    ;   ;   id "ChronoSync Update Messages Rule"
    ;   ;   for data                             ; rule for Data (to validate NDN certificates)
    ;   ;   filter
    ;   ;   {
    ;   ;     type name                          ; condition on data name
    ;   ;     regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$
    ;   ;   }
    ;   ;   checker
    ;   ;   {
    ;   ;     type hierarchical                  ; the certificate name of the signing key and
    ;   ;                                        ; the data name must follow the hierarchical model
    ;   ;     sig-type rsa-sha256                ; data must have a rsa-sha256 signature
    ;   ;   }
    ;   ; }
    ;   ; trust-anchor
    ;   ; {
    ;   ;   type file
    ;   ;   file-name keys/default.ndncert ; the file name, by default this file should be placed in
    ;   ;                                  ; the same folder as this config file.
    ;   ; }
    ; }
  }
}