security: Rename security/v2/* to security/*
Security v1-v2 transition has been completed for a while and path
separation is no longer needed. However, this commit preserves
`ndn::security::v2` namespace, but makes it inline.
Some commonly used v2 headers are preserved, but are deprecated and
should be avoided in the dependent software.
Change-Id: I26056cb3d34bcdc0a16e06dea8c1a78c03da2d40
diff --git a/ndn-cxx/metadata-object.hpp b/ndn-cxx/metadata-object.hpp
index 7946e7f..b6255bc 100644
--- a/ndn-cxx/metadata-object.hpp
+++ b/ndn-cxx/metadata-object.hpp
@@ -16,6 +16,8 @@
* General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
* <http://www.gnu.org/licenses/>.
*
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ *
* @author Chavoosh Ghasemi <chghasemi@cs.arizona.edu>
*/
@@ -24,7 +26,7 @@
#include "ndn-cxx/data.hpp"
#include "ndn-cxx/interest.hpp"
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
namespace ndn {
diff --git a/ndn-cxx/mgmt/nfd/controller.cpp b/ndn-cxx/mgmt/nfd/controller.cpp
index b211f3b..5a3ce12 100644
--- a/ndn-cxx/mgmt/nfd/controller.cpp
+++ b/ndn-cxx/mgmt/nfd/controller.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -21,7 +21,7 @@
#include "ndn-cxx/mgmt/nfd/controller.hpp"
#include "ndn-cxx/face.hpp"
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
#include <boost/lexical_cast.hpp>
diff --git a/ndn-cxx/mgmt/nfd/controller.hpp b/ndn-cxx/mgmt/nfd/controller.hpp
index 5059a99..51bbf7c 100644
--- a/ndn-cxx/mgmt/nfd/controller.hpp
+++ b/ndn-cxx/mgmt/nfd/controller.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,14 +22,14 @@
#ifndef NDN_MGMT_NFD_CONTROLLER_HPP
#define NDN_MGMT_NFD_CONTROLLER_HPP
+#include "ndn-cxx/mgmt/nfd/command-options.hpp"
#include "ndn-cxx/mgmt/nfd/control-command.hpp"
#include "ndn-cxx/mgmt/nfd/control-response.hpp"
#include "ndn-cxx/mgmt/nfd/status-dataset.hpp"
-#include "ndn-cxx/mgmt/nfd/command-options.hpp"
#include "ndn-cxx/security/command-interest-signer.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
#include "ndn-cxx/security/validator-null.hpp"
-#include "ndn-cxx/security/v2/key-chain.hpp"
-#include "ndn-cxx/security/v2/validator.hpp"
+#include "ndn-cxx/security/validator.hpp"
#include "ndn-cxx/util/segment-fetcher.hpp"
namespace ndn {
diff --git a/ndn-cxx/prefix-announcement.hpp b/ndn-cxx/prefix-announcement.hpp
index 4ff1291..c446213 100644
--- a/ndn-cxx/prefix-announcement.hpp
+++ b/ndn-cxx/prefix-announcement.hpp
@@ -22,7 +22,7 @@
#ifndef NDN_CXX_PREFIX_ANNOUNCEMENT_HPP
#define NDN_CXX_PREFIX_ANNOUNCEMENT_HPP
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
namespace ndn {
diff --git a/ndn-cxx/security/v2/additional-description.cpp b/ndn-cxx/security/additional-description.cpp
similarity index 96%
rename from ndn-cxx/security/v2/additional-description.cpp
rename to ndn-cxx/security/additional-description.cpp
index f9aa2af..2b332f4 100644
--- a/ndn-cxx/security/v2/additional-description.cpp
+++ b/ndn-cxx/security/additional-description.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,14 +19,14 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/additional-description.hpp"
+#include "ndn-cxx/security/additional-description.hpp"
#include "ndn-cxx/encoding/block-helpers.hpp"
#include "ndn-cxx/util/concepts.hpp"
#include "ndn-cxx/util/ostream-joiner.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
BOOST_CONCEPT_ASSERT((boost::EqualityComparable<AdditionalDescription>));
BOOST_CONCEPT_ASSERT((WireEncodable<AdditionalDescription>));
@@ -176,6 +176,6 @@
return os << "]";
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/additional-description.hpp b/ndn-cxx/security/additional-description.hpp
new file mode 100644
index 0000000..9fc42e7
--- /dev/null
+++ b/ndn-cxx/security/additional-description.hpp
@@ -0,0 +1,145 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_ADDITIONAL_DESCRIPTION_HPP
+#define NDN_SECURITY_ADDITIONAL_DESCRIPTION_HPP
+
+#include "ndn-cxx/detail/common.hpp"
+#include "ndn-cxx/encoding/block.hpp"
+#include "ndn-cxx/encoding/tlv.hpp"
+
+#include <map>
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Abstraction of AdditionalDescription
+ * @sa docs/specs/certificate-format.rst
+ */
+class AdditionalDescription
+{
+public:
+ class Error : public tlv::Error
+ {
+ public:
+ using tlv::Error::Error;
+ };
+
+ typedef std::map<std::string, std::string>::iterator iterator;
+ typedef std::map<std::string, std::string>::const_iterator const_iterator;
+
+public:
+ /**
+ * @brief Create an empty AdditionalDescription
+ */
+ AdditionalDescription() = default;
+
+ /**
+ * @brief Create AdditionalDescription from @p block
+ */
+ explicit
+ AdditionalDescription(const Block& block);
+
+ const std::string&
+ get(const std::string& key) const;
+
+ void
+ set(const std::string& key, const std::string& value);
+
+ bool
+ has(const std::string& key) const;
+
+ size_t
+ size() const
+ {
+ return m_info.size();
+ }
+
+ bool
+ empty() const
+ {
+ return m_info.empty();
+ }
+
+ iterator
+ begin();
+
+ iterator
+ end();
+
+ const_iterator
+ begin() const;
+
+ const_iterator
+ end() const;
+
+ /** @brief Fast encoding or block size estimation
+ */
+ template<encoding::Tag TAG>
+ size_t
+ wireEncode(EncodingImpl<TAG>& encoder) const;
+
+ /** @brief Encode ValidityPeriod into TLV block
+ */
+ const Block&
+ wireEncode() const;
+
+ /** @brief Decode ValidityPeriod from TLV block
+ * @throw Error when an invalid TLV block supplied
+ */
+ void
+ wireDecode(const Block& wire);
+
+private: // EqualityComparable concept
+ // NOTE: the following "hidden friend" operators are available via
+ // argument-dependent lookup only and must be defined inline.
+
+ friend bool
+ operator==(const AdditionalDescription& lhs, const AdditionalDescription& rhs)
+ {
+ return lhs.m_info == rhs.m_info;
+ }
+
+ friend bool
+ operator!=(const AdditionalDescription& lhs, const AdditionalDescription& rhs)
+ {
+ return lhs.m_info != rhs.m_info;
+ }
+
+private:
+ std::map<std::string, std::string> m_info;
+
+ mutable Block m_wire;
+};
+
+NDN_CXX_DECLARE_WIRE_ENCODE_INSTANTIATIONS(AdditionalDescription);
+
+std::ostream&
+operator<<(std::ostream& os, const AdditionalDescription& desc);
+
+} // inline namespace v2
+
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_ADDITIONAL_DESCRIPTION_HPP
diff --git a/ndn-cxx/security/v2/certificate-bundle-fetcher.cpp b/ndn-cxx/security/certificate-bundle-fetcher.cpp
similarity index 96%
rename from ndn-cxx/security/v2/certificate-bundle-fetcher.cpp
rename to ndn-cxx/security/certificate-bundle-fetcher.cpp
index 76ce514..dabc8a5 100644
--- a/ndn-cxx/security/v2/certificate-bundle-fetcher.cpp
+++ b/ndn-cxx/security/certificate-bundle-fetcher.cpp
@@ -19,19 +19,19 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/certificate-bundle-fetcher.hpp"
+#include "ndn-cxx/security/certificate-bundle-fetcher.hpp"
#include "ndn-cxx/face.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/certificate-storage.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#include "ndn-cxx/security/certificate-request.hpp"
+#include "ndn-cxx/security/certificate-storage.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
#include "ndn-cxx/util/logger.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
-NDN_LOG_INIT(ndn.security.v2.CertificateBundleFetcher);
+NDN_LOG_INIT(ndn.security.CertificateBundleFetcher);
#define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(state->getDepth() + 1, '>') << " " << x)
#define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(state->getDepth() + 1, '>') << " " << x)
@@ -230,6 +230,6 @@
return bundleName;
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/v2/certificate-bundle-fetcher.hpp b/ndn-cxx/security/certificate-bundle-fetcher.hpp
similarity index 95%
rename from ndn-cxx/security/v2/certificate-bundle-fetcher.hpp
rename to ndn-cxx/security/certificate-bundle-fetcher.hpp
index 6249a23..5164b07 100644
--- a/ndn-cxx/security/v2/certificate-bundle-fetcher.hpp
+++ b/ndn-cxx/security/certificate-bundle-fetcher.hpp
@@ -19,16 +19,16 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_CERTIFICATE_BUNDLE_FETCHER_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_BUNDLE_FETCHER_HPP
+#ifndef NDN_SECURITY_CERTIFICATE_BUNDLE_FETCHER_HPP
+#define NDN_SECURITY_CERTIFICATE_BUNDLE_FETCHER_HPP
#include "ndn-cxx/name.hpp"
#include "ndn-cxx/tag.hpp"
-#include "ndn-cxx/security/v2/certificate-fetcher-from-network.hpp"
+#include "ndn-cxx/security/certificate-fetcher-from-network.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
/**
* @brief Fetch certificate bundle from the network
@@ -144,8 +144,8 @@
time::milliseconds m_bundleInterestLifetime;
};
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
-#endif // NDN_SECURITY_V2_CERTIFICATE_BUNDLE_FETCHER_HPP
+#endif // NDN_SECURITY_CERTIFICATE_BUNDLE_FETCHER_HPP
diff --git a/ndn-cxx/security/v2/certificate-cache.cpp b/ndn-cxx/security/certificate-cache.cpp
similarity index 94%
rename from ndn-cxx/security/v2/certificate-cache.cpp
rename to ndn-cxx/security/certificate-cache.cpp
index aefa069..bf5cb6c 100644
--- a/ndn-cxx/security/v2/certificate-cache.cpp
+++ b/ndn-cxx/security/certificate-cache.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,14 +19,14 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/certificate-cache.hpp"
+#include "ndn-cxx/security/certificate-cache.hpp"
#include "ndn-cxx/util/logger.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
-NDN_LOG_INIT(ndn.security.v2.CertificateCache);
+NDN_LOG_INIT(ndn.security.CertificateCache);
time::nanoseconds
CertificateCache::getDefaultLifetime()
@@ -107,6 +107,6 @@
}
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/v2/certificate-cache.hpp b/ndn-cxx/security/certificate-cache.hpp
similarity index 93%
rename from ndn-cxx/security/v2/certificate-cache.hpp
rename to ndn-cxx/security/certificate-cache.hpp
index d0e412e..d4af213 100644
--- a/ndn-cxx/security/v2/certificate-cache.hpp
+++ b/ndn-cxx/security/certificate-cache.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,11 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_CERTIFICATE_CACHE_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_CACHE_HPP
+#ifndef NDN_SECURITY_CERTIFICATE_CACHE_HPP
+#define NDN_SECURITY_CERTIFICATE_CACHE_HPP
#include "ndn-cxx/interest.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/certificate.hpp"
#include <boost/multi_index_container.hpp>
#include <boost/multi_index/ordered_index.hpp>
@@ -32,7 +32,7 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
/**
* @brief Represents a container for verified certificates.
@@ -141,8 +141,8 @@
time::nanoseconds m_maxLifetime;
};
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
-#endif // NDN_SECURITY_V2_CERTIFICATE_CACHE_HPP
+#endif // NDN_SECURITY_CERTIFICATE_CACHE_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher-direct-fetch.cpp b/ndn-cxx/security/certificate-fetcher-direct-fetch.cpp
similarity index 94%
rename from ndn-cxx/security/v2/certificate-fetcher-direct-fetch.cpp
rename to ndn-cxx/security/certificate-fetcher-direct-fetch.cpp
index 0fc4682..abfc636 100644
--- a/ndn-cxx/security/v2/certificate-fetcher-direct-fetch.cpp
+++ b/ndn-cxx/security/certificate-fetcher-direct-fetch.cpp
@@ -19,16 +19,16 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/certificate-fetcher-direct-fetch.hpp"
+#include "ndn-cxx/security/certificate-fetcher-direct-fetch.hpp"
#include "ndn-cxx/face.hpp"
#include "ndn-cxx/lp/tags.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#include "ndn-cxx/security/certificate-request.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
CertificateFetcherDirectFetch::CertificateFetcherDirectFetch(Face& face)
: CertificateFetcherFromNetwork(face)
@@ -94,6 +94,6 @@
}
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/certificate-fetcher-direct-fetch.hpp b/ndn-cxx/security/certificate-fetcher-direct-fetch.hpp
new file mode 100644
index 0000000..db23afb
--- /dev/null
+++ b/ndn-cxx/security/certificate-fetcher-direct-fetch.hpp
@@ -0,0 +1,65 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
+#define NDN_SECURITY_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
+
+#include "ndn-cxx/security/certificate-fetcher-from-network.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Extends CertificateFetcherFromNetwork to fetch certificates from the incoming face of
+ * the packet
+ *
+ * During Interest and Data validation, if IncomingFaceId tag is present on the original Interest,
+ * this fetcher will send a "direct Interest" to fetch certificates from the face where the original
+ * packet was received, in addition to fetching from the infrastructure. The application must
+ * enable NextHopFaceId privilege on the face used by this fetcher prior to the validation.
+ */
+class CertificateFetcherDirectFetch : public CertificateFetcherFromNetwork
+{
+public:
+ explicit
+ CertificateFetcherDirectFetch(Face& face);
+
+ /**
+ * If \p wantDirectInterestOnly, only the direct Interest will be sent out.
+ */
+ void
+ setSendDirectInterestOnly(bool wantDirectInterestOnly);
+
+protected:
+ void
+ doFetch(const shared_ptr<CertificateRequest>& keyRequest, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation) override;
+
+private:
+ bool m_wantDirectInterestOnly = false;
+};
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher-from-network.cpp b/ndn-cxx/security/certificate-fetcher-from-network.cpp
similarity index 94%
rename from ndn-cxx/security/v2/certificate-fetcher-from-network.cpp
rename to ndn-cxx/security/certificate-fetcher-from-network.cpp
index 8ca0a51..a117ee4 100644
--- a/ndn-cxx/security/v2/certificate-fetcher-from-network.cpp
+++ b/ndn-cxx/security/certificate-fetcher-from-network.cpp
@@ -19,18 +19,18 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/certificate-fetcher-from-network.hpp"
+#include "ndn-cxx/security/certificate-fetcher-from-network.hpp"
#include "ndn-cxx/face.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#include "ndn-cxx/security/certificate-request.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
#include "ndn-cxx/util/logger.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
-NDN_LOG_INIT(ndn.security.v2.CertificateFetcher);
+NDN_LOG_INIT(ndn.security.CertificateFetcher);
#define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(state->getDepth() + 1, '>') << " " << x)
#define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(state->getDepth() + 1, '>') << " " << x)
@@ -116,6 +116,6 @@
}
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/certificate-fetcher-from-network.hpp b/ndn-cxx/security/certificate-fetcher-from-network.hpp
new file mode 100644
index 0000000..8074e07
--- /dev/null
+++ b/ndn-cxx/security/certificate-fetcher-from-network.hpp
@@ -0,0 +1,90 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
+#define NDN_SECURITY_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
+
+#include "ndn-cxx/security/certificate-fetcher.hpp"
+#include "ndn-cxx/util/scheduler.hpp"
+
+namespace ndn {
+
+class Data;
+class Face;
+
+namespace lp {
+class Nack;
+} // namespace lp
+
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Fetch missing keys from the network
+ */
+class CertificateFetcherFromNetwork : public CertificateFetcher
+{
+public:
+ explicit
+ CertificateFetcherFromNetwork(Face& face);
+
+protected:
+ void
+ doFetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation) override;
+
+ /**
+ * @brief Callback invoked when certificate is retrieved.
+ */
+ void
+ dataCallback(const Data& data,
+ const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation);
+
+ /**
+ * @brief Callback invoked when interest for fetching certificate gets NACKed.
+ *
+ * Retries with exponential backoff while `certRequest->nRetriesLeft > 0`
+ */
+ void
+ nackCallback(const lp::Nack& nack,
+ const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation);
+
+ /**
+ * @brief Callback invoked when interest for fetching certificate times out.
+ *
+ * It will retry if `certRequest->nRetriesLeft > 0`
+ */
+ void
+ timeoutCallback(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation);
+
+protected:
+ Face& m_face;
+ Scheduler m_scheduler;
+};
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher-offline.cpp b/ndn-cxx/security/certificate-fetcher-offline.cpp
similarity index 87%
rename from ndn-cxx/security/v2/certificate-fetcher-offline.cpp
rename to ndn-cxx/security/certificate-fetcher-offline.cpp
index 9c32216..ea19a73 100644
--- a/ndn-cxx/security/v2/certificate-fetcher-offline.cpp
+++ b/ndn-cxx/security/certificate-fetcher-offline.cpp
@@ -19,13 +19,13 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/certificate-fetcher-offline.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#include "ndn-cxx/security/certificate-fetcher-offline.hpp"
+#include "ndn-cxx/security/certificate-request.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
void
CertificateFetcherOffline::doFetch(const shared_ptr<CertificateRequest>& certRequest,
@@ -36,6 +36,6 @@
"Cannot fetch certificate " + certRequest->interest.getName().toUri() + " in offline mode"});
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/v2/certificate-fetcher-offline.cpp b/ndn-cxx/security/certificate-fetcher-offline.hpp
similarity index 64%
copy from ndn-cxx/security/v2/certificate-fetcher-offline.cpp
copy to ndn-cxx/security/certificate-fetcher-offline.hpp
index 9c32216..617f624 100644
--- a/ndn-cxx/security/v2/certificate-fetcher-offline.cpp
+++ b/ndn-cxx/security/certificate-fetcher-offline.hpp
@@ -19,23 +19,28 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/certificate-fetcher-offline.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#ifndef NDN_SECURITY_CERTIFICATE_FETCHER_OFFLINE_HPP
+#define NDN_SECURITY_CERTIFICATE_FETCHER_OFFLINE_HPP
+
+#include "ndn-cxx/security/certificate-fetcher.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
-void
-CertificateFetcherOffline::doFetch(const shared_ptr<CertificateRequest>& certRequest,
- const shared_ptr<ValidationState>& state,
- const ValidationContinuation&)
+/**
+ * @brief Certificate fetcher realization that does not fetch keys (always offline)
+ */
+class CertificateFetcherOffline : public CertificateFetcher
{
- state->fail({ValidationError::Code::CANNOT_RETRIEVE_CERT,
- "Cannot fetch certificate " + certRequest->interest.getName().toUri() + " in offline mode"});
-}
+protected:
+ void
+ doFetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation) override;
+};
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
+
+#endif // NDN_SECURITY_CERTIFICATE_FETCHER_OFFLINE_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher.cpp b/ndn-cxx/security/certificate-fetcher.cpp
similarity index 88%
rename from ndn-cxx/security/v2/certificate-fetcher.cpp
rename to ndn-cxx/security/certificate-fetcher.cpp
index 717a3f1..931b83e 100644
--- a/ndn-cxx/security/v2/certificate-fetcher.cpp
+++ b/ndn-cxx/security/certificate-fetcher.cpp
@@ -19,17 +19,17 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/certificate-fetcher.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/certificate-storage.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#include "ndn-cxx/security/certificate-fetcher.hpp"
+#include "ndn-cxx/security/certificate-request.hpp"
+#include "ndn-cxx/security/certificate-storage.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
#include "ndn-cxx/util/logger.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
-NDN_LOG_INIT(ndn.security.v2.CertificateFetcher);
+NDN_LOG_INIT(ndn.security.CertificateFetcher);
#define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(state->getDepth() + 1, '>') << " " << x)
@@ -66,6 +66,6 @@
});
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/certificate-fetcher.hpp b/ndn-cxx/security/certificate-fetcher.hpp
new file mode 100644
index 0000000..b90d779
--- /dev/null
+++ b/ndn-cxx/security/certificate-fetcher.hpp
@@ -0,0 +1,91 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_CERTIFICATE_FETCHER_HPP
+#define NDN_SECURITY_CERTIFICATE_FETCHER_HPP
+
+#include "ndn-cxx/detail/common.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+class Certificate;
+class CertificateRequest;
+class CertificateStorage;
+class ValidationState;
+
+/**
+ * @brief Interface used by the validator to fetch missing certificates
+ */
+class CertificateFetcher : noncopyable
+{
+public:
+ using ValidationContinuation = std::function<void(const Certificate& cert,
+ const shared_ptr<ValidationState>& state)>;
+
+ CertificateFetcher();
+
+ virtual
+ ~CertificateFetcher();
+
+ /**
+ * @brief Assign certificate storage to check known certificate and to cache unverified ones
+ * @note The supplied @p certStorage should be valid for the lifetime of CertificateFetcher
+ */
+ virtual void
+ setCertificateStorage(CertificateStorage& certStorage);
+
+ /**
+ * @brief Asynchronously fetch certificate
+ * @pre m_certStorage != nullptr
+ *
+ * If the requested certificate exists in the storage, then this method will immediately call
+ * continueValidation with the certification. If certificate is not available, the
+ * implementation-specific doFetch will be called to asynchronously fetch certificate. The
+ * successfully retrieved certificate will be automatically added to the unverified cache of
+ * the certificate storage.
+ *
+ * When the requested certificate is retrieved, continueValidation is called. Otherwise, the
+ * fetcher implementation call state->failed() with the appropriate error code and diagnostic
+ * message.
+ */
+ void
+ fetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation);
+
+private:
+ /**
+ * @brief Asynchronous certificate fetching implementation
+ */
+ virtual void
+ doFetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation) = 0;
+
+protected:
+ CertificateStorage* m_certStorage;
+};
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_CERTIFICATE_FETCHER_HPP
diff --git a/ndn-cxx/security/v2/certificate-request.hpp b/ndn-cxx/security/certificate-request.hpp
similarity index 87%
rename from ndn-cxx/security/v2/certificate-request.hpp
rename to ndn-cxx/security/certificate-request.hpp
index 13859df..4fd7992 100644
--- a/ndn-cxx/security/v2/certificate-request.hpp
+++ b/ndn-cxx/security/certificate-request.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,14 +19,14 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_CERTIFICATE_REQUEST_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_REQUEST_HPP
+#ifndef NDN_SECURITY_CERTIFICATE_REQUEST_HPP
+#define NDN_SECURITY_CERTIFICATE_REQUEST_HPP
#include "ndn-cxx/interest.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
/**
* @brief Request for a certificate, associated with the number of attempts
@@ -58,8 +58,8 @@
time::milliseconds waitAfterNack = 500_ms;
};
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
-#endif // NDN_SECURITY_V2_CERTIFICATE_REQUEST_HPP
+#endif // NDN_SECURITY_CERTIFICATE_REQUEST_HPP
diff --git a/ndn-cxx/security/v2/certificate-storage.cpp b/ndn-cxx/security/certificate-storage.cpp
similarity index 94%
rename from ndn-cxx/security/v2/certificate-storage.cpp
rename to ndn-cxx/security/certificate-storage.cpp
index e245f24..3120cba 100644
--- a/ndn-cxx/security/v2/certificate-storage.cpp
+++ b/ndn-cxx/security/certificate-storage.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,11 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/certificate-storage.hpp"
+#include "ndn-cxx/security/certificate-storage.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
CertificateStorage::CertificateStorage()
: m_verifiedCertCache(1_h)
@@ -106,6 +106,6 @@
return m_unverifiedCertCache;
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/v2/certificate-storage.hpp b/ndn-cxx/security/certificate-storage.hpp
similarity index 90%
rename from ndn-cxx/security/v2/certificate-storage.hpp
rename to ndn-cxx/security/certificate-storage.hpp
index 412907a..c06f49d 100644
--- a/ndn-cxx/security/v2/certificate-storage.hpp
+++ b/ndn-cxx/security/certificate-storage.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,16 +19,16 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_CERTIFICATE_STORAGE_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_STORAGE_HPP
+#ifndef NDN_SECURITY_CERTIFICATE_STORAGE_HPP
+#define NDN_SECURITY_CERTIFICATE_STORAGE_HPP
-#include "ndn-cxx/security/v2/certificate.hpp"
-#include "ndn-cxx/security/v2/certificate-cache.hpp"
-#include "ndn-cxx/security/v2/trust-anchor-container.hpp"
+#include "ndn-cxx/security/certificate.hpp"
+#include "ndn-cxx/security/certificate-cache.hpp"
+#include "ndn-cxx/security/trust-anchor-container.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
/**
* @brief Storage for trusted anchors, verified certificate cache, and unverified certificate cache.
@@ -136,8 +136,8 @@
CertificateCache m_unverifiedCertCache;
};
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
-#endif // NDN_SECURITY_V2_CERTIFICATE_STORAGE_HPP
+#endif // NDN_SECURITY_CERTIFICATE_STORAGE_HPP
diff --git a/ndn-cxx/security/v2/certificate.cpp b/ndn-cxx/security/certificate.cpp
similarity index 97%
rename from ndn-cxx/security/v2/certificate.cpp
rename to ndn-cxx/security/certificate.cpp
index ae3ae30..36dbc39 100644
--- a/ndn-cxx/security/v2/certificate.cpp
+++ b/ndn-cxx/security/certificate.cpp
@@ -22,15 +22,15 @@
* @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
*/
-#include "ndn-cxx/security/v2/certificate.hpp"
-#include "ndn-cxx/security/v2/additional-description.hpp"
+#include "ndn-cxx/security/certificate.hpp"
+#include "ndn-cxx/security/additional-description.hpp"
#include "ndn-cxx/security/transform.hpp"
#include "ndn-cxx/encoding/block-helpers.hpp"
#include "ndn-cxx/util/indented-stream.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
BOOST_CONCEPT_ASSERT((WireEncodable<Certificate>));
BOOST_CONCEPT_ASSERT((WireDecodable<Certificate>));
@@ -204,6 +204,6 @@
return certName.getPrefix(Certificate::KEY_ID_OFFSET + 1); // trim everything after key id
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/certificate.hpp b/ndn-cxx/security/certificate.hpp
new file mode 100644
index 0000000..c3ef869
--- /dev/null
+++ b/ndn-cxx/security/certificate.hpp
@@ -0,0 +1,194 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ *
+ * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
+ * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
+ */
+
+#ifndef NDN_SECURITY_CERTIFICATE_HPP
+#define NDN_SECURITY_CERTIFICATE_HPP
+
+#include "ndn-cxx/data.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief The certificate following the certificate format naming convention
+ *
+ * Overview of NDN certificate format:
+ *
+ * CertificateV2 ::= DATA-TLV TLV-LENGTH
+ * Name (= /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version])
+ * MetaInfo (.ContentType = KEY)
+ * Content (= X509PublicKeyContent)
+ * SignatureInfo (= CertificateV2SignatureInfo)
+ * SignatureValue
+ *
+ * X509PublicKeyContent ::= CONTENT-TLV TLV-LENGTH
+ * BYTE+ (= public key bits in PKCS#8 format)
+ *
+ * CertificateV2SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
+ * SignatureType
+ * KeyLocator
+ * ValidityPeriod
+ * ... optional critical or non-critical extension blocks ...
+ *
+ * An example of NDN certificate name:
+ *
+ * /edu/ucla/cs/yingdi/KEY/%03%CD...%F1/%9F%D3...%B7/%FD%d2...%8E
+ * \_________________/ \___________/ \___________/\___________/
+ * Certificate Namespace Key Id Issuer Id Version
+ * (Identity)
+ * \__________________________________/
+ * Key Name
+ *
+ * Notes:
+ *
+ * - `Key Id` is opaque name component to identify an instance of the public key for the
+ * certificate namespace. The value of `Key ID` is controlled by the namespace owner. The
+ * library includes helpers for generation of key IDs using 8-byte random number, SHA-256
+ * digest of the public key, timestamp, and the specified numerical identifiers.
+ *
+ * - `Issuer Id` is opaque name component to identify issuer of the certificate. The value is
+ * controlled by the issuer. The library includes helpers to set issuer ID to a 8-byte
+ * random number, SHA-256 digest of the issuer's public key, and the specified numerical
+ * identifiers.
+ *
+ * - `Key Name` is a logical name of the key used for management pursposes. Key Name includes
+ * the certificate namespace, keyword `KEY`, and `KeyId` components.
+ *
+ * @see doc/specs/certificate-format.rst
+ */
+class Certificate : public Data
+{
+public:
+ Certificate();
+
+ /**
+ * @brief Construct certificate from a data object
+ * @throw tlv::Error if data does not follow certificate format
+ */
+ explicit
+ Certificate(Data&& data);
+
+ /**
+ * @brief Construct certificate from a data object
+ * @throw tlv::Error if data does not follow certificate format
+ */
+ explicit
+ Certificate(const Data& data);
+
+ /**
+ * @brief Construct certificate from a wire encoding
+ * @throw tlv::Error if wire encoding is invalid or does not follow certificate format
+ */
+ explicit
+ Certificate(const Block& block);
+
+ /**
+ * @brief Get key name
+ */
+ Name
+ getKeyName() const;
+
+ /**
+ * @brief Get identity name
+ */
+ Name
+ getIdentity() const;
+
+ /**
+ * @brief Get key ID
+ */
+ name::Component
+ getKeyId() const;
+
+ /**
+ * @brief Get issuer ID
+ */
+ name::Component
+ getIssuerId() const;
+
+ /**
+ * @brief Get public key bits (in PKCS#8 format)
+ * @throw Error If content is empty
+ */
+ Buffer
+ getPublicKey() const;
+
+ /**
+ * @brief Get validity period of the certificate
+ */
+ ValidityPeriod
+ getValidityPeriod() const;
+
+ /**
+ * @brief Check if the certificate is valid at @p ts.
+ */
+ bool
+ isValid(const time::system_clock::TimePoint& ts = time::system_clock::now()) const;
+
+ /**
+ * @brief Get extension with TLV @p type
+ * @throw Error The specified block type does not exist
+ */
+ Block
+ getExtension(uint32_t type) const;
+
+ // @TODO Implement extension enumeration (Issue #3907)
+public:
+ /**
+ * @brief Check if the specified name follows the naming convention for the certificate
+ */
+ static bool
+ isValidName(const Name& certName);
+
+public:
+ static const ssize_t VERSION_OFFSET;
+ static const ssize_t ISSUER_ID_OFFSET;
+ static const ssize_t KEY_COMPONENT_OFFSET;
+ static const ssize_t KEY_ID_OFFSET;
+ static const size_t MIN_CERT_NAME_LENGTH;
+ static const size_t MIN_KEY_NAME_LENGTH;
+ static const name::Component KEY_COMPONENT;
+};
+
+std::ostream&
+operator<<(std::ostream& os, const Certificate& cert);
+
+/**
+ * @brief Extract identity namespace from the certificate name @p certName
+ */
+Name
+extractIdentityFromCertName(const Name& certName);
+
+/**
+ * @brief Extract key name from the certificate name @p certName
+ */
+Name
+extractKeyNameFromCertName(const Name& certName);
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_CERTIFICATE_HPP
diff --git a/ndn-cxx/security/command-interest-signer.hpp b/ndn-cxx/security/command-interest-signer.hpp
index f6cb644..5439809 100644
--- a/ndn-cxx/security/command-interest-signer.hpp
+++ b/ndn-cxx/security/command-interest-signer.hpp
@@ -22,7 +22,7 @@
#ifndef NDN_SECURITY_COMMAND_INTEREST_SIGNER_HPP
#define NDN_SECURITY_COMMAND_INTEREST_SIGNER_HPP
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
namespace ndn {
namespace security {
diff --git a/ndn-cxx/security/v2/key-chain.cpp b/ndn-cxx/security/key-chain.cpp
similarity index 98%
rename from ndn-cxx/security/v2/key-chain.cpp
rename to ndn-cxx/security/key-chain.cpp
index 75f1b68..3d4212f 100644
--- a/ndn-cxx/security/v2/key-chain.cpp
+++ b/ndn-cxx/security/key-chain.cpp
@@ -19,7 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
#include "ndn-cxx/encoding/buffer-stream.hpp"
#include "ndn-cxx/util/config-file.hpp"
@@ -51,21 +51,21 @@
// http://stackoverflow.com/q/9459980/2150331
namespace pib {
-NDN_CXX_V2_KEYCHAIN_REGISTER_PIB_BACKEND(PibSqlite3);
-NDN_CXX_V2_KEYCHAIN_REGISTER_PIB_BACKEND(PibMemory);
+NDN_CXX_KEYCHAIN_REGISTER_PIB_BACKEND(PibSqlite3);
+NDN_CXX_KEYCHAIN_REGISTER_PIB_BACKEND(PibMemory);
} // namespace pib
namespace tpm {
#if defined(NDN_CXX_HAVE_OSX_FRAMEWORKS) && defined(NDN_CXX_WITH_OSX_KEYCHAIN)
-NDN_CXX_V2_KEYCHAIN_REGISTER_TPM_BACKEND(BackEndOsx);
+NDN_CXX_KEYCHAIN_REGISTER_TPM_BACKEND(BackEndOsx);
#endif // defined(NDN_CXX_HAVE_OSX_FRAMEWORKS) && defined(NDN_CXX_WITH_OSX_KEYCHAIN)
-NDN_CXX_V2_KEYCHAIN_REGISTER_TPM_BACKEND(BackEndFile);
-NDN_CXX_V2_KEYCHAIN_REGISTER_TPM_BACKEND(BackEndMem);
+NDN_CXX_KEYCHAIN_REGISTER_TPM_BACKEND(BackEndFile);
+NDN_CXX_KEYCHAIN_REGISTER_TPM_BACKEND(BackEndMem);
} // namespace tpm
-namespace v2 {
+inline namespace v2 {
-NDN_LOG_INIT(ndn.security.v2.KeyChain);
+NDN_LOG_INIT(ndn.security.KeyChain);
std::string KeyChain::s_defaultPibLocator;
std::string KeyChain::s_defaultTpmLocator;
@@ -728,6 +728,6 @@
}
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/key-chain.hpp b/ndn-cxx/security/key-chain.hpp
index d82cc3b..bc87805 100644
--- a/ndn-cxx/security/key-chain.hpp
+++ b/ndn-cxx/security/key-chain.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,10 +19,498 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_CXX_SECURITY_KEY_CHAIN_HPP
-#define NDN_CXX_SECURITY_KEY_CHAIN_HPP
+#ifndef NDN_SECURITY_KEY_CHAIN_HPP
+#define NDN_SECURITY_KEY_CHAIN_HPP
-#include "ndn-cxx/security/security-common.hpp"
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/interest.hpp"
+#include "ndn-cxx/security/certificate.hpp"
+#include "ndn-cxx/security/key-params.hpp"
+#include "ndn-cxx/security/pib/pib.hpp"
+#include "ndn-cxx/security/safe-bag.hpp"
+#include "ndn-cxx/security/signing-info.hpp"
+#include "ndn-cxx/security/tpm/tpm.hpp"
-#endif // NDN_CXX_SECURITY_KEY_CHAIN_HPP
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief The interface of signing key management.
+ *
+ * The KeyChain class provides an interface to manage entities related to packet signing,
+ * such as Identity, Key, and Certificates. It consists of two parts: a private key module
+ * (TPM) and a public key information base (PIB). Managing signing key and its related
+ * entities through KeyChain interface guarantees the consistency between TPM and PIB.
+ */
+class KeyChain : noncopyable
+{
+public:
+ class Error : public std::runtime_error
+ {
+ public:
+ using std::runtime_error::runtime_error;
+ };
+
+ /**
+ * @brief Error indicating that the supplied TPM locator does not match the locator stored in PIB.
+ */
+ class LocatorMismatchError : public Error
+ {
+ public:
+ using Error::Error;
+ };
+
+ /**
+ * @brief Error indicating that the supplied SigningInfo is invalid.
+ */
+ class InvalidSigningInfoError : public Error
+ {
+ public:
+ using Error::Error;
+ };
+
+ /**
+ * @brief Constructor to create KeyChain with default PIB and TPM.
+ *
+ * Default PIB and TPM are platform-dependent and can be overriden system-wide or
+ * individually for the user.
+ *
+ * @sa manpage ndn-client.conf
+ *
+ * @todo Add detailed description about config file behavior here
+ */
+ KeyChain();
+
+ /**
+ * @brief KeyChain constructor
+ *
+ * @sa manpage ndn-client.conf
+ *
+ * @param pibLocator PIB locator, e.g., `pib-sqlite3:/example/dir`
+ * @param tpmLocator TPM locator, e.g., `tpm-memory:`
+ * @param allowReset if true, the PIB will be reset when the supplied @p tpmLocator
+ * does not match the one in the PIB
+ */
+ KeyChain(const std::string& pibLocator, const std::string& tpmLocator, bool allowReset = false);
+
+ ~KeyChain();
+
+ const Pib&
+ getPib() const
+ {
+ return *m_pib;
+ }
+
+ const Tpm&
+ getTpm() const
+ {
+ return *m_tpm;
+ }
+
+public: // Identity management
+ /**
+ * @brief Create an identity @p identityName.
+ *
+ * This method will check if the identity exists in PIB and whether the identity has a
+ * default key and default certificate. If the identity does not exist, this method will
+ * create the identity in PIB. If the identity's default key does not exist, this method
+ * will create a key pair and set it as the identity's default key. If the key's default
+ * certificate is missing, this method will create a self-signed certificate for the key.
+ *
+ * If @p identityName did not exist and no default identity was selected before, the created
+ * identity will be set as the default identity
+ *
+ * @param identityName The name of the identity.
+ * @param params The key parameters if a key needs to be created for the identity (default:
+ * EC key with random key id)
+ * @return The created Identity instance.
+ */
+ Identity
+ createIdentity(const Name& identityName, const KeyParams& params = getDefaultKeyParams());
+
+ /**
+ * @brief delete @p identity.
+ *
+ * @pre @p identity must be valid.
+ * @post @p identity becomes invalid.
+ */
+ void
+ deleteIdentity(const Identity& identity);
+
+ /**
+ * @brief Set @p identity as the default identity.
+ * @pre @p identity must be valid.
+ */
+ void
+ setDefaultIdentity(const Identity& identity);
+
+public: // Key management
+ /**
+ * @brief Create a new key for @p identity.
+ *
+ * @param identity Reference to a valid Identity object
+ * @param params Key creation parameters (default: EC key with random key id)
+ * @pre @p identity must be valid.
+ *
+ * If @p identity had no default key selected, the created key will be set as the default for
+ * this identity.
+ *
+ * This method will also create a self-signed certificate for the created key.
+ */
+ Key
+ createKey(const Identity& identity, const KeyParams& params = getDefaultKeyParams());
+
+ /**
+ * @brief Create a new HMAC key.
+ *
+ * @param prefix Prefix used to construct the key name (default: `/localhost/identity/hmac`);
+ * the full key name will include additional components according to @p params
+ * @param params Key creation parameters
+ * @return A name that can be subsequently used to reference the created key.
+ *
+ * The newly created key will be inserted in the TPM. HMAC keys don't have any PIB entries.
+ */
+ Name
+ createHmacKey(const Name& prefix = SigningInfo::getHmacIdentity(),
+ const HmacKeyParams& params = HmacKeyParams());
+
+ /**
+ * @brief Delete a key @p key of @p identity.
+ *
+ * @pre @p identity must be valid.
+ * @pre @p key must be valid.
+ * @post @p key becomes invalid.
+ * @throw std::invalid_argument @p key does not belong to @p identity
+ */
+ void
+ deleteKey(const Identity& identity, const Key& key);
+
+ /**
+ * @brief Set @p key as the default key of @p identity.
+ *
+ * @pre @p identity must be valid.
+ * @pre @p key must be valid.
+ * @throw std::invalid_argument @p key does not belong to @p identity
+ */
+ void
+ setDefaultKey(const Identity& identity, const Key& key);
+
+public: // Certificate management
+ /**
+ * @brief Add a certificate @p certificate for @p key
+ *
+ * If @p key had no default certificate selected, the added certificate will be set as the
+ * default certificate for this key.
+ *
+ * @note This method overwrites certificate with the same name, without considering the
+ * implicit digest.
+ *
+ * @pre @p key must be valid.
+ * @throw std::invalid_argument @p key does not match @p certificate
+ */
+ void
+ addCertificate(const Key& key, const Certificate& certificate);
+
+ /**
+ * @brief delete a certificate with name @p certificateName of @p key.
+ *
+ * If the certificate @p certificateName does not exist, this method has no effect.
+ *
+ * @pre @p key must be valid.
+ * @throw std::invalid_argument @p certificateName does not follow certificate naming convention.
+ */
+ void
+ deleteCertificate(const Key& key, const Name& certificateName);
+
+ /**
+ * @brief Set @p cert as the default certificate of @p key.
+ *
+ * The certificate @p cert will be added to the @p key, potentially overriding existing
+ * certificate if it has the same name (without considering implicit digest).
+ *
+ * @pre @p key must be valid.
+ * @throw std::invalid_argument @p key does not match @p certificate
+ */
+ void
+ setDefaultCertificate(const Key& key, const Certificate& certificate);
+
+public: // signing
+ /**
+ * @brief Sign a Data packet according to the supplied signing information
+ *
+ * This method uses the supplied signing information in @p params to sign @p data as follows:
+ * - It selects a private key and its associated certificate to sign the packet.
+ * - It generates a KeyLocator based upon the certificate name.
+ * - Using the SignatureInfo in @p params as a base, it generates the final SignatureInfo block
+ * for @p data.
+ * - It adds the generated SignatureInfo block to @p data.
+ * - It generates a signature for @p data and adds it as the SignatureValue block of @p data.
+ *
+ * @param data The data to sign
+ * @param params The signing parameters
+ * @throw Error Signing failed
+ * @throw InvalidSigningInfoError Invalid @p params was specified or the specified identity, key,
+ * or certificate does not exist
+ * @see SigningInfo
+ * @see SignatureInfo
+ */
+ void
+ sign(Data& data, const SigningInfo& params = SigningInfo());
+
+ /**
+ * @brief Sign an Interest according to the supplied signing information
+ *
+ * This method uses the supplied signing information in @p params to sign @p interest as follows:
+ * - It selects a private key and its associated certificate to sign the packet.
+ * - It generates a KeyLocator based upon the certificate name.
+ * - Using the SignatureInfo in @p params as a base, it generates the final SignatureInfo block
+ * for @p interest.
+ * - It appends the generated SignatureInfo block to the end of the Name of @p interest.
+ * - It generates a signature for @p interest and appends it to the end of the Name of
+ * @p interest as a SignatureValue block.
+ *
+ * @param interest The interest to sign
+ * @param params The signing parameters
+ * @throw Error Signing failed
+ * @throw InvalidSigningInfoError Invalid @p params was specified or the specified identity, key,
+ * or certificate does not exist
+ * @see SigningInfo
+ * @see SignatureInfo
+ * @see docs/specs/signed-interest.rst
+ */
+ void
+ sign(Interest& interest, const SigningInfo& params = SigningInfo());
+
+ /**
+ * @brief Sign buffer according to the supplied signing information @p params
+ * @deprecated Sign Interests and Data directly
+ *
+ * If @p params refers to an identity, the method selects the default key of the identity.
+ * If @p params refers to a key or certificate, the method select the corresponding key.
+ *
+ * @param buffer The buffer to sign
+ * @param bufferLength The buffer size
+ * @param params The signing parameters
+ * @return SignatureValue TLV block
+ * @throw Error Signing failed
+ * @see SigningInfo
+ * @see SignatureInfo
+ */
+ [[deprecated("sign Interests and Data directly")]]
+ Block
+ sign(const uint8_t* buffer, size_t bufferLength, const SigningInfo& params = SigningInfo());
+
+public: // export & import
+ /**
+ * @brief Export a certificate and its corresponding private key.
+ *
+ * @param certificate The certificate to export.
+ * @param pw The password to secure the private key.
+ * @param pwLen The length of password.
+ * @return A SafeBag carrying the certificate and encrypted private key.
+ * @throw Error the certificate or private key does not exist
+ */
+ shared_ptr<SafeBag>
+ exportSafeBag(const Certificate& certificate, const char* pw, size_t pwLen);
+
+ /**
+ * @brief Import a certificate and its corresponding private key from a SafeBag.
+ *
+ * If the certificate and key are imported properly, the default setting will be updated as if
+ * a new key and certificate is added into KeyChain.
+ *
+ * @param safeBag The encoded data to import.
+ * @param pw The password to secure the private key.
+ * @param pwLen The length of password.
+ * @throw Error any of following conditions:
+ * - the safebag cannot be decoded or its content does not match;
+ * - private key cannot be imported;
+ * - a private/public key of the same name already exists;
+ * - a certificate of the same name already exists.
+ */
+ void
+ importSafeBag(const SafeBag& safeBag, const char* pw, size_t pwLen);
+
+ /**
+ * @brief Import a private key into the TPM.
+ */
+ void
+ importPrivateKey(const Name& keyName, shared_ptr<transform::PrivateKey> key);
+
+NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
+ /**
+ * @brief Derive SignatureTypeValue according to key type and digest algorithm.
+ */
+ static tlv::SignatureTypeValue
+ getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm);
+
+public: // PIB & TPM backend registry
+ /**
+ * @brief Register a new PIB backend
+ * @param scheme Name for the registered PIB backend scheme
+ *
+ * @note This interface is implementation detail and may change without notice.
+ */
+ template<class PibBackendType>
+ static void
+ registerPibBackend(const std::string& scheme);
+
+ /**
+ * @brief Register a new TPM backend
+ * @param scheme Name for the registered TPM backend scheme
+ *
+ * @note This interface is implementation detail and may change without notice.
+ */
+ template<class TpmBackendType>
+ static void
+ registerTpmBackend(const std::string& scheme);
+
+private:
+ typedef std::map<std::string, function<std::shared_ptr<pib::PibImpl>(const std::string& location)>> PibFactories;
+ typedef std::map<std::string, function<unique_ptr<tpm::BackEnd>(const std::string& location)>> TpmFactories;
+
+ static PibFactories&
+ getPibFactories();
+
+ static TpmFactories&
+ getTpmFactories();
+
+ static std::tuple<std::string/*type*/, std::string/*location*/>
+ parseAndCheckPibLocator(const std::string& pibLocator);
+
+ static std::tuple<std::string/*type*/, std::string/*location*/>
+ parseAndCheckTpmLocator(const std::string& tpmLocator);
+
+ static const std::string&
+ getDefaultPibScheme();
+
+ static const std::string&
+ getDefaultTpmScheme();
+
+ /**
+ * @brief Create a PIB according to @p pibLocator
+ */
+ static unique_ptr<Pib>
+ createPib(const std::string& pibLocator);
+
+ /**
+ * @brief Create a TPM according to @p tpmLocator
+ */
+ static unique_ptr<Tpm>
+ createTpm(const std::string& tpmLocator);
+
+NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
+ static const std::string&
+ getDefaultPibLocator();
+
+ static const std::string&
+ getDefaultTpmLocator();
+
+private: // signing
+ /**
+ * @brief Generate a self-signed certificate for a public key.
+ *
+ * The self-signed certificate will also be added to the PIB.
+ */
+ Certificate
+ selfSign(Key& key);
+
+ /**
+ * @brief Prepare a SignatureInfo TLV according to signing information and return the signing
+ * key name.
+ *
+ * @param params The signing parameters
+ * @return The signing key name and prepared SignatureInfo
+ * @throw InvalidSigningInfoError The requested signing method cannot be satisfied
+ */
+ std::tuple<Name, SignatureInfo>
+ prepareSignatureInfo(const SigningInfo& params);
+
+ /**
+ * @brief Generate a SignatureValue block for a buffer @p buf of size @p size using
+ * a key with name @p keyName and digest algorithm @p digestAlgorithm.
+ */
+ Block
+ sign(const uint8_t* buf, size_t size, const Name& keyName, DigestAlgorithm digestAlgorithm) const;
+
+public:
+ /**
+ * @deprecated Use default constructor for SigningInfo
+ */
+ [[deprecated("use default constructor for SigningInfo")]]
+ static const SigningInfo&
+ getDefaultSigningInfo();
+
+ static const KeyParams&
+ getDefaultKeyParams();
+
+private:
+ std::unique_ptr<Pib> m_pib;
+ std::unique_ptr<Tpm> m_tpm;
+
+ static std::string s_defaultPibLocator;
+ static std::string s_defaultTpmLocator;
+};
+
+template<class PibType>
+inline void
+KeyChain::registerPibBackend(const std::string& scheme)
+{
+ getPibFactories().emplace(scheme, [] (const std::string& locator) {
+ return std::shared_ptr<pib::PibImpl>(new PibType(locator));
+ });
+}
+
+template<class TpmType>
+inline void
+KeyChain::registerTpmBackend(const std::string& scheme)
+{
+ getTpmFactories().emplace(scheme, [] (const std::string& locator) {
+ return unique_ptr<tpm::BackEnd>(new TpmType(locator));
+ });
+}
+
+/**
+ * @brief Register Pib backend class in KeyChain
+ *
+ * This macro should be placed once in the implementation file of the
+ * Pib backend class within the namespace where the type is declared.
+ *
+ * @note This interface is implementation detail and may change without notice.
+ */
+#define NDN_CXX_KEYCHAIN_REGISTER_PIB_BACKEND(PibType) \
+static class NdnCxxAuto ## PibType ## PibRegistrationClass \
+{ \
+public: \
+ NdnCxxAuto ## PibType ## PibRegistrationClass() \
+ { \
+ ::ndn::security::v2::KeyChain::registerPibBackend<PibType>(PibType::getScheme()); \
+ } \
+} ndnCxxAuto ## PibType ## PibRegistrationVariable
+
+/**
+ * @brief Register Tpm backend class in KeyChain
+ *
+ * This macro should be placed once in the implementation file of the
+ * Tpm backend class within the namespace where the type is declared.
+ *
+ * @note This interface is implementation detail and may change without notice.
+ */
+#define NDN_CXX_KEYCHAIN_REGISTER_TPM_BACKEND(TpmType) \
+static class NdnCxxAuto ## TpmType ## TpmRegistrationClass \
+{ \
+public: \
+ NdnCxxAuto ## TpmType ## TpmRegistrationClass() \
+ { \
+ ::ndn::security::v2::KeyChain::registerTpmBackend<TpmType>(TpmType::getScheme()); \
+ } \
+} ndnCxxAuto ## TpmType ## TpmRegistrationVariable
+
+} // inline namespace v2
+} // namespace security
+
+using security::v2::KeyChain;
+
+} // namespace ndn
+
+#endif // NDN_SECURITY_KEY_CHAIN_HPP
diff --git a/ndn-cxx/security/pib/certificate-container.hpp b/ndn-cxx/security/pib/certificate-container.hpp
index 2ab7292..1f7e753 100644
--- a/ndn-cxx/security/pib/certificate-container.hpp
+++ b/ndn-cxx/security/pib/certificate-container.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,7 +22,7 @@
#ifndef NDN_SECURITY_PIB_CERTIFICATE_CONTAINER_HPP
#define NDN_SECURITY_PIB_CERTIFICATE_CONTAINER_HPP
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/certificate.hpp"
#include <iterator>
#include <set>
@@ -51,7 +51,7 @@
{
public:
using iterator_category = std::forward_iterator_tag;
- using value_type = const v2::Certificate;
+ using value_type = const Certificate;
using difference_type = std::ptrdiff_t;
using pointer = value_type*;
using reference = value_type&;
diff --git a/ndn-cxx/security/pib/key.cpp b/ndn-cxx/security/pib/key.cpp
index 293effa..5eb011d 100644
--- a/ndn-cxx/security/pib/key.cpp
+++ b/ndn-cxx/security/pib/key.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -21,7 +21,7 @@
#include "ndn-cxx/security/pib/key.hpp"
#include "ndn-cxx/security/pib/impl/key-impl.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/certificate.hpp"
namespace ndn {
namespace security {
@@ -137,7 +137,7 @@
} // namespace pib
-namespace v2 {
+inline namespace v2 {
Name
constructKeyName(const Name& identity, const name::Component& keyId)
@@ -167,6 +167,6 @@
return keyName.getPrefix(-Certificate::MIN_KEY_NAME_LENGTH); // trim everything after and including "KEY"
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/pib/key.hpp b/ndn-cxx/security/pib/key.hpp
index 5848283..6c129bd 100644
--- a/ndn-cxx/security/pib/key.hpp
+++ b/ndn-cxx/security/pib/key.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -28,9 +28,9 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
class KeyChain;
-} // namespace v2
+} // inline namespace v2
namespace pib {
@@ -195,7 +195,7 @@
using pib::Key;
-namespace v2 {
+inline namespace v2 {
/**
* @brief Construct key name based on the appropriate naming conventions
@@ -215,7 +215,7 @@
Name
extractIdentityFromKeyName(const Name& keyName);
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/pib/pib-impl.hpp b/ndn-cxx/security/pib/pib-impl.hpp
index 7d39ad4..3b29ce5 100644
--- a/ndn-cxx/security/pib/pib-impl.hpp
+++ b/ndn-cxx/security/pib/pib-impl.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,7 +23,7 @@
#define NDN_SECURITY_PIB_PIB_IMPL_HPP
#include "ndn-cxx/security/pib/pib.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/certificate.hpp"
#include <set>
diff --git a/ndn-cxx/security/tpm/tpm.hpp b/ndn-cxx/security/tpm/tpm.hpp
index 123d9ec..4a6a8ac 100644
--- a/ndn-cxx/security/tpm/tpm.hpp
+++ b/ndn-cxx/security/tpm/tpm.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -36,9 +36,9 @@
class PrivateKey;
} // namespace transform
-namespace v2 {
+inline namespace v2 {
class KeyChain;
-} // namespace v2
+} // inline namespace v2
namespace tpm {
diff --git a/ndn-cxx/security/v2/trust-anchor-container.cpp b/ndn-cxx/security/trust-anchor-container.cpp
similarity index 97%
rename from ndn-cxx/security/v2/trust-anchor-container.cpp
rename to ndn-cxx/security/trust-anchor-container.cpp
index 7cf5b23..cc5e168 100644
--- a/ndn-cxx/security/v2/trust-anchor-container.cpp
+++ b/ndn-cxx/security/trust-anchor-container.cpp
@@ -19,13 +19,13 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/trust-anchor-container.hpp"
+#include "ndn-cxx/security/trust-anchor-container.hpp"
#include <boost/filesystem.hpp>
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
void
TrustAnchorContainer::AnchorContainer::add(Certificate&& cert)
@@ -130,6 +130,6 @@
}
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/v2/trust-anchor-container.hpp b/ndn-cxx/security/trust-anchor-container.hpp
similarity index 93%
rename from ndn-cxx/security/v2/trust-anchor-container.hpp
rename to ndn-cxx/security/trust-anchor-container.hpp
index e69a74f..d5dcc13 100644
--- a/ndn-cxx/security/v2/trust-anchor-container.hpp
+++ b/ndn-cxx/security/trust-anchor-container.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,12 +19,12 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_TRUST_ANCHOR_CONTAINER_HPP
-#define NDN_SECURITY_V2_TRUST_ANCHOR_CONTAINER_HPP
+#ifndef NDN_SECURITY_TRUST_ANCHOR_CONTAINER_HPP
+#define NDN_SECURITY_TRUST_ANCHOR_CONTAINER_HPP
#include "ndn-cxx/interest.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
-#include "ndn-cxx/security/v2/trust-anchor-group.hpp"
+#include "ndn-cxx/security/certificate.hpp"
+#include "ndn-cxx/security/trust-anchor-group.hpp"
#include <boost/multi_index_container.hpp>
#include <boost/multi_index/hashed_index.hpp>
@@ -33,7 +33,7 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
/**
* @brief represents a container for trust anchors.
@@ -173,8 +173,8 @@
AnchorContainer m_anchors;
};
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
-#endif // NDN_SECURITY_V2_TRUST_ANCHOR_CONTAINER_HPP
+#endif // NDN_SECURITY_TRUST_ANCHOR_CONTAINER_HPP
diff --git a/ndn-cxx/security/v2/trust-anchor-group.cpp b/ndn-cxx/security/trust-anchor-group.cpp
similarity index 94%
rename from ndn-cxx/security/v2/trust-anchor-group.cpp
rename to ndn-cxx/security/trust-anchor-group.cpp
index 1c27a41..2b1a25e 100644
--- a/ndn-cxx/security/v2/trust-anchor-group.cpp
+++ b/ndn-cxx/security/trust-anchor-group.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,7 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/trust-anchor-group.hpp"
+#include "ndn-cxx/security/trust-anchor-group.hpp"
#include "ndn-cxx/util/io.hpp"
#include "ndn-cxx/util/logger.hpp"
@@ -30,9 +30,9 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
-NDN_LOG_INIT(ndn.security.v2.TrustAnchorGroup);
+NDN_LOG_INIT(ndn.security.TrustAnchorGroup);
namespace fs = boost::filesystem;
@@ -140,6 +140,6 @@
}
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/v2/trust-anchor-group.hpp b/ndn-cxx/security/trust-anchor-group.hpp
similarity index 93%
rename from ndn-cxx/security/v2/trust-anchor-group.hpp
rename to ndn-cxx/security/trust-anchor-group.hpp
index 2afe3f5..3ea11a8 100644
--- a/ndn-cxx/security/v2/trust-anchor-group.hpp
+++ b/ndn-cxx/security/trust-anchor-group.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,18 +19,18 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_TRUST_ANCHOR_GROUP_HPP
-#define NDN_SECURITY_V2_TRUST_ANCHOR_GROUP_HPP
+#ifndef NDN_SECURITY_TRUST_ANCHOR_GROUP_HPP
+#define NDN_SECURITY_TRUST_ANCHOR_GROUP_HPP
#include "ndn-cxx/data.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/certificate.hpp"
#include <boost/filesystem/path.hpp>
#include <set>
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
class CertContainerInterface
{
@@ -163,8 +163,8 @@
time::steady_clock::TimePoint m_expireTime;
};
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
-#endif // NDN_SECURITY_V2_TRUST_ANCHOR_GROUP_HPP
+#endif // NDN_SECURITY_TRUST_ANCHOR_GROUP_HPP
diff --git a/ndn-cxx/security/v2/additional-description.hpp b/ndn-cxx/security/v2/additional-description.hpp
index 5057ed5..c9d2701 100644
--- a/ndn-cxx/security/v2/additional-description.hpp
+++ b/ndn-cxx/security/v2/additional-description.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,129 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
-#define NDN_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
+#ifndef NDN_CXX_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
+#define NDN_CXX_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
-#include "ndn-cxx/detail/common.hpp"
-#include "ndn-cxx/encoding/block.hpp"
-#include "ndn-cxx/encoding/tlv.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/additional-description.hpp> instead
-#include <map>
+#include "ndn-cxx/security/additional-description.hpp"
-namespace ndn {
-namespace security {
-namespace v2 {
-
-/**
- * @brief Abstraction of AdditionalDescription
- * @sa docs/specs/certificate-format.rst
- */
-class AdditionalDescription
-{
-public:
- class Error : public tlv::Error
- {
- public:
- using tlv::Error::Error;
- };
-
- typedef std::map<std::string, std::string>::iterator iterator;
- typedef std::map<std::string, std::string>::const_iterator const_iterator;
-
-public:
- /**
- * @brief Create an empty AdditionalDescription
- */
- AdditionalDescription() = default;
-
- /**
- * @brief Create AdditionalDescription from @p block
- */
- explicit
- AdditionalDescription(const Block& block);
-
- const std::string&
- get(const std::string& key) const;
-
- void
- set(const std::string& key, const std::string& value);
-
- bool
- has(const std::string& key) const;
-
- size_t
- size() const
- {
- return m_info.size();
- }
-
- bool
- empty() const
- {
- return m_info.empty();
- }
-
- iterator
- begin();
-
- iterator
- end();
-
- const_iterator
- begin() const;
-
- const_iterator
- end() const;
-
- /** @brief Fast encoding or block size estimation
- */
- template<encoding::Tag TAG>
- size_t
- wireEncode(EncodingImpl<TAG>& encoder) const;
-
- /** @brief Encode ValidityPeriod into TLV block
- */
- const Block&
- wireEncode() const;
-
- /** @brief Decode ValidityPeriod from TLV block
- * @throw Error when an invalid TLV block supplied
- */
- void
- wireDecode(const Block& wire);
-
-private: // EqualityComparable concept
- // NOTE: the following "hidden friend" operators are available via
- // argument-dependent lookup only and must be defined inline.
-
- friend bool
- operator==(const AdditionalDescription& lhs, const AdditionalDescription& rhs)
- {
- return lhs.m_info == rhs.m_info;
- }
-
- friend bool
- operator!=(const AdditionalDescription& lhs, const AdditionalDescription& rhs)
- {
- return lhs.m_info != rhs.m_info;
- }
-
-private:
- std::map<std::string, std::string> m_info;
-
- mutable Block m_wire;
-};
-
-NDN_CXX_DECLARE_WIRE_ENCODE_INSTANTIATIONS(AdditionalDescription);
-
-std::ostream&
-operator<<(std::ostream& os, const AdditionalDescription& desc);
-
-} // namespace v2
-
-using v2::AdditionalDescription;
-
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
+#endif // NDN_CXX_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher-direct-fetch.hpp b/ndn-cxx/security/v2/certificate-fetcher-direct-fetch.hpp
index 0a5c480..2f2262e 100644
--- a/ndn-cxx/security/v2/certificate-fetcher-direct-fetch.hpp
+++ b/ndn-cxx/security/v2/certificate-fetcher-direct-fetch.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,47 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
+#ifndef NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
+#define NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
-#include "ndn-cxx/security/v2/certificate-fetcher-from-network.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/certificate-fetcher-direct-fetch.hpp> instead
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/certificate-fetcher-direct-fetch.hpp"
-/**
- * @brief Extends CertificateFetcherFromNetwork to fetch certificates from the incoming face of
- * the packet
- *
- * During Interest and Data validation, if IncomingFaceId tag is present on the original Interest,
- * this fetcher will send a "direct Interest" to fetch certificates from the face where the original
- * packet was received, in addition to fetching from the infrastructure. The application must
- * enable NextHopFaceId privilege on the face used by this fetcher prior to the validation.
- */
-class CertificateFetcherDirectFetch : public CertificateFetcherFromNetwork
-{
-public:
- explicit
- CertificateFetcherDirectFetch(Face& face);
-
- /**
- * If \p wantDirectInterestOnly, only the direct Interest will be sent out.
- */
- void
- setSendDirectInterestOnly(bool wantDirectInterestOnly);
-
-protected:
- void
- doFetch(const shared_ptr<CertificateRequest>& keyRequest, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation) override;
-
-private:
- bool m_wantDirectInterestOnly = false;
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
+#endif // NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher-from-network.hpp b/ndn-cxx/security/v2/certificate-fetcher-from-network.hpp
index 81bbee5..03bccdf 100644
--- a/ndn-cxx/security/v2/certificate-fetcher-from-network.hpp
+++ b/ndn-cxx/security/v2/certificate-fetcher-from-network.hpp
@@ -19,72 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
+#ifndef NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
+#define NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
-#include "ndn-cxx/security/v2/certificate-fetcher.hpp"
-#include "ndn-cxx/util/scheduler.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/certificate-fetcher-from-network.hpp> instead
-namespace ndn {
+#include "ndn-cxx/security/certificate-fetcher-from-network.hpp"
-class Data;
-class Face;
-
-namespace lp {
-class Nack;
-} // namespace lp
-
-namespace security {
-namespace v2 {
-
-/**
- * @brief Fetch missing keys from the network
- */
-class CertificateFetcherFromNetwork : public CertificateFetcher
-{
-public:
- explicit
- CertificateFetcherFromNetwork(Face& face);
-
-protected:
- void
- doFetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation) override;
-
- /**
- * @brief Callback invoked when certificate is retrieved.
- */
- void
- dataCallback(const Data& data,
- const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation);
-
- /**
- * @brief Callback invoked when interest for fetching certificate gets NACKed.
- *
- * Retries with exponential backoff while `certRequest->nRetriesLeft > 0`
- */
- void
- nackCallback(const lp::Nack& nack,
- const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation);
-
- /**
- * @brief Callback invoked when interest for fetching certificate times out.
- *
- * It will retry if `certRequest->nRetriesLeft > 0`
- */
- void
- timeoutCallback(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation);
-
-protected:
- Face& m_face;
- Scheduler m_scheduler;
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
+#endif // NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_FROM_NETWORK_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher-offline.hpp b/ndn-cxx/security/v2/certificate-fetcher-offline.hpp
index 2cb7386..bd745a2 100644
--- a/ndn-cxx/security/v2/certificate-fetcher-offline.hpp
+++ b/ndn-cxx/security/v2/certificate-fetcher-offline.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,28 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_CERTIFICATE_FETCHER_OFFLINE_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_FETCHER_OFFLINE_HPP
+#ifndef NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_OFFLINE_HPP
+#define NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_OFFLINE_HPP
-#include "ndn-cxx/security/v2/certificate-fetcher.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/certificate-fetcher-offline.hpp> instead
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/certificate-fetcher-offline.hpp"
-/**
- * @brief Certificate fetcher realization that does not fetch keys (always offline)
- */
-class CertificateFetcherOffline : public CertificateFetcher
-{
-protected:
- void
- doFetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation) override;
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_CERTIFICATE_FETCHER_OFFLINE_HPP
+#endif // NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_OFFLINE_HPP
diff --git a/ndn-cxx/security/v2/certificate-fetcher.hpp b/ndn-cxx/security/v2/certificate-fetcher.hpp
index fcf6b87..327d767 100644
--- a/ndn-cxx/security/v2/certificate-fetcher.hpp
+++ b/ndn-cxx/security/v2/certificate-fetcher.hpp
@@ -19,73 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_CERTIFICATE_FETCHER_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_FETCHER_HPP
+#ifndef NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_HPP
+#define NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_HPP
-#include "ndn-cxx/detail/common.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/certificate-fetcher.hpp> instead
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/certificate-fetcher.hpp"
-class Certificate;
-class CertificateRequest;
-class CertificateStorage;
-class ValidationState;
-
-/**
- * @brief Interface used by the validator to fetch missing certificates
- */
-class CertificateFetcher : noncopyable
-{
-public:
- using ValidationContinuation = std::function<void(const Certificate& cert,
- const shared_ptr<ValidationState>& state)>;
-
- CertificateFetcher();
-
- virtual
- ~CertificateFetcher();
-
- /**
- * @brief Assign certificate storage to check known certificate and to cache unverified ones
- * @note The supplied @p certStorage should be valid for the lifetime of CertificateFetcher
- */
- virtual void
- setCertificateStorage(CertificateStorage& certStorage);
-
- /**
- * @brief Asynchronously fetch certificate
- * @pre m_certStorage != nullptr
- *
- * If the requested certificate exists in the storage, then this method will immediately call
- * continueValidation with the certification. If certificate is not available, the
- * implementation-specific doFetch will be called to asynchronously fetch certificate. The
- * successfully retrieved certificate will be automatically added to the unverified cache of
- * the certificate storage.
- *
- * When the requested certificate is retrieved, continueValidation is called. Otherwise, the
- * fetcher implementation call state->failed() with the appropriate error code and diagnostic
- * message.
- */
- void
- fetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation);
-
-private:
- /**
- * @brief Asynchronous certificate fetching implementation
- */
- virtual void
- doFetch(const shared_ptr<CertificateRequest>& certRequest, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation) = 0;
-
-protected:
- CertificateStorage* m_certStorage;
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_CERTIFICATE_FETCHER_HPP
+#endif // NDN_CXX_SECURITY_V2_CERTIFICATE_FETCHER_HPP
diff --git a/ndn-cxx/security/v2/certificate.hpp b/ndn-cxx/security/v2/certificate.hpp
index 8d939b2..7dde933 100644
--- a/ndn-cxx/security/v2/certificate.hpp
+++ b/ndn-cxx/security/v2/certificate.hpp
@@ -17,178 +17,13 @@
* <http://www.gnu.org/licenses/>.
*
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
*/
-#ifndef NDN_SECURITY_V2_CERTIFICATE_HPP
-#define NDN_SECURITY_V2_CERTIFICATE_HPP
+#ifndef NDN_CXX_SECURITY_V2_CERTIFICATE_HPP
+#define NDN_CXX_SECURITY_V2_CERTIFICATE_HPP
-#include "ndn-cxx/data.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/certificate.hpp> instead
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/certificate.hpp"
-/**
- * @brief The certificate following the certificate format naming convention
- *
- * Overview of NDN certificate format:
- *
- * CertificateV2 ::= DATA-TLV TLV-LENGTH
- * Name (= /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version])
- * MetaInfo (.ContentType = KEY)
- * Content (= X509PublicKeyContent)
- * SignatureInfo (= CertificateV2SignatureInfo)
- * SignatureValue
- *
- * X509PublicKeyContent ::= CONTENT-TLV TLV-LENGTH
- * BYTE+ (= public key bits in PKCS#8 format)
- *
- * CertificateV2SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
- * SignatureType
- * KeyLocator
- * ValidityPeriod
- * ... optional critical or non-critical extension blocks ...
- *
- * An example of NDN certificate name:
- *
- * /edu/ucla/cs/yingdi/KEY/%03%CD...%F1/%9F%D3...%B7/%FD%d2...%8E
- * \_________________/ \___________/ \___________/\___________/
- * Certificate Namespace Key Id Issuer Id Version
- * (Identity)
- * \__________________________________/
- * Key Name
- *
- * Notes:
- *
- * - `Key Id` is opaque name component to identify an instance of the public key for the
- * certificate namespace. The value of `Key ID` is controlled by the namespace owner. The
- * library includes helpers for generation of key IDs using 8-byte random number, SHA-256
- * digest of the public key, timestamp, and the specified numerical identifiers.
- *
- * - `Issuer Id` is opaque name component to identify issuer of the certificate. The value is
- * controlled by the issuer. The library includes helpers to set issuer ID to a 8-byte
- * random number, SHA-256 digest of the issuer's public key, and the specified numerical
- * identifiers.
- *
- * - `Key Name` is a logical name of the key used for management pursposes. Key Name includes
- * the certificate namespace, keyword `KEY`, and `KeyId` components.
- *
- * @see doc/specs/certificate-format.rst
- */
-class Certificate : public Data
-{
-public:
- Certificate();
-
- /**
- * @brief Construct certificate from a data object
- * @throw tlv::Error if data does not follow certificate format
- */
- explicit
- Certificate(Data&& data);
-
- /**
- * @brief Construct certificate from a data object
- * @throw tlv::Error if data does not follow certificate format
- */
- explicit
- Certificate(const Data& data);
-
- /**
- * @brief Construct certificate from a wire encoding
- * @throw tlv::Error if wire encoding is invalid or does not follow certificate format
- */
- explicit
- Certificate(const Block& block);
-
- /**
- * @brief Get key name
- */
- Name
- getKeyName() const;
-
- /**
- * @brief Get identity name
- */
- Name
- getIdentity() const;
-
- /**
- * @brief Get key ID
- */
- name::Component
- getKeyId() const;
-
- /**
- * @brief Get issuer ID
- */
- name::Component
- getIssuerId() const;
-
- /**
- * @brief Get public key bits (in PKCS#8 format)
- * @throw Error If content is empty
- */
- Buffer
- getPublicKey() const;
-
- /**
- * @brief Get validity period of the certificate
- */
- ValidityPeriod
- getValidityPeriod() const;
-
- /**
- * @brief Check if the certificate is valid at @p ts.
- */
- bool
- isValid(const time::system_clock::TimePoint& ts = time::system_clock::now()) const;
-
- /**
- * @brief Get extension with TLV @p type
- * @throw Error The specified block type does not exist
- */
- Block
- getExtension(uint32_t type) const;
-
- // @TODO Implement extension enumeration (Issue #3907)
-public:
- /**
- * @brief Check if the specified name follows the naming convention for the certificate
- */
- static bool
- isValidName(const Name& certName);
-
-public:
- static const ssize_t VERSION_OFFSET;
- static const ssize_t ISSUER_ID_OFFSET;
- static const ssize_t KEY_COMPONENT_OFFSET;
- static const ssize_t KEY_ID_OFFSET;
- static const size_t MIN_CERT_NAME_LENGTH;
- static const size_t MIN_KEY_NAME_LENGTH;
- static const name::Component KEY_COMPONENT;
-};
-
-std::ostream&
-operator<<(std::ostream& os, const Certificate& cert);
-
-/**
- * @brief Extract identity namespace from the certificate name @p certName
- */
-Name
-extractIdentityFromCertName(const Name& certName);
-
-/**
- * @brief Extract key name from the certificate name @p certName
- */
-Name
-extractKeyNameFromCertName(const Name& certName);
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_CERTIFICATE_HPP
+#endif // NDN_CXX_SECURITY_V2_CERTIFICATE_HPP
diff --git a/ndn-cxx/security/v2/key-chain.hpp b/ndn-cxx/security/v2/key-chain.hpp
index bbfd3ab..d5c26b7 100644
--- a/ndn-cxx/security/v2/key-chain.hpp
+++ b/ndn-cxx/security/v2/key-chain.hpp
@@ -19,502 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_KEY_CHAIN_HPP
-#define NDN_SECURITY_V2_KEY_CHAIN_HPP
+#ifndef NDN_CXX_SECURITY_V2_KEY_CHAIN_HPP
+#define NDN_CXX_SECURITY_V2_KEY_CHAIN_HPP
-#include "ndn-cxx/interest.hpp"
-#include "ndn-cxx/security/key-params.hpp"
-#include "ndn-cxx/security/pib/pib.hpp"
-#include "ndn-cxx/security/safe-bag.hpp"
-#include "ndn-cxx/security/security-common.hpp"
-#include "ndn-cxx/security/signing-info.hpp"
-#include "ndn-cxx/security/tpm/tpm.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/key-chain.hpp> instead
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/key-chain.hpp"
-/**
- * @brief The interface of signing key management.
- *
- * The KeyChain class provides an interface to manage entities related to packet signing,
- * such as Identity, Key, and Certificates. It consists of two parts: a private key module
- * (TPM) and a public key information base (PIB). Managing signing key and its related
- * entities through KeyChain interface guarantees the consistency between TPM and PIB.
- */
-class KeyChain : noncopyable
-{
-public:
- class Error : public std::runtime_error
- {
- public:
- using std::runtime_error::runtime_error;
- };
-
- /**
- * @brief Error indicating that the supplied TPM locator does not match the locator stored in PIB.
- */
- class LocatorMismatchError : public Error
- {
- public:
- using Error::Error;
- };
-
- /**
- * @brief Error indicating that the supplied SigningInfo is invalid.
- */
- class InvalidSigningInfoError : public Error
- {
- public:
- using Error::Error;
- };
-
- /**
- * @brief Constructor to create KeyChain with default PIB and TPM.
- *
- * Default PIB and TPM are platform-dependent and can be overriden system-wide or
- * individually for the user.
- *
- * @sa manpage ndn-client.conf
- *
- * @todo Add detailed description about config file behavior here
- */
- KeyChain();
-
- /**
- * @brief KeyChain constructor
- *
- * @sa manpage ndn-client.conf
- *
- * @param pibLocator PIB locator, e.g., `pib-sqlite3:/example/dir`
- * @param tpmLocator TPM locator, e.g., `tpm-memory:`
- * @param allowReset if true, the PIB will be reset when the supplied @p tpmLocator
- * does not match the one in the PIB
- */
- KeyChain(const std::string& pibLocator, const std::string& tpmLocator, bool allowReset = false);
-
- ~KeyChain();
-
- const Pib&
- getPib() const
- {
- return *m_pib;
- }
-
- const Tpm&
- getTpm() const
- {
- return *m_tpm;
- }
-
-public: // Identity management
- /**
- * @brief Create an identity @p identityName.
- *
- * This method will check if the identity exists in PIB and whether the identity has a
- * default key and default certificate. If the identity does not exist, this method will
- * create the identity in PIB. If the identity's default key does not exist, this method
- * will create a key pair and set it as the identity's default key. If the key's default
- * certificate is missing, this method will create a self-signed certificate for the key.
- *
- * If @p identityName did not exist and no default identity was selected before, the created
- * identity will be set as the default identity
- *
- * @param identityName The name of the identity.
- * @param params The key parameters if a key needs to be created for the identity (default:
- * EC key with random key id)
- * @return The created Identity instance.
- */
- Identity
- createIdentity(const Name& identityName, const KeyParams& params = getDefaultKeyParams());
-
- /**
- * @brief delete @p identity.
- *
- * @pre @p identity must be valid.
- * @post @p identity becomes invalid.
- */
- void
- deleteIdentity(const Identity& identity);
-
- /**
- * @brief Set @p identity as the default identity.
- * @pre @p identity must be valid.
- */
- void
- setDefaultIdentity(const Identity& identity);
-
-public: // Key management
- /**
- * @brief Create a new key for @p identity.
- *
- * @param identity Reference to a valid Identity object
- * @param params Key creation parameters (default: EC key with random key id)
- * @pre @p identity must be valid.
- *
- * If @p identity had no default key selected, the created key will be set as the default for
- * this identity.
- *
- * This method will also create a self-signed certificate for the created key.
- */
- Key
- createKey(const Identity& identity, const KeyParams& params = getDefaultKeyParams());
-
- /**
- * @brief Create a new HMAC key.
- *
- * @param prefix Prefix used to construct the key name (default: `/localhost/identity/hmac`);
- * the full key name will include additional components according to @p params
- * @param params Key creation parameters
- * @return A name that can be subsequently used to reference the created key.
- *
- * The newly created key will be inserted in the TPM. HMAC keys don't have any PIB entries.
- */
- Name
- createHmacKey(const Name& prefix = SigningInfo::getHmacIdentity(),
- const HmacKeyParams& params = HmacKeyParams());
-
- /**
- * @brief Delete a key @p key of @p identity.
- *
- * @pre @p identity must be valid.
- * @pre @p key must be valid.
- * @post @p key becomes invalid.
- * @throw std::invalid_argument @p key does not belong to @p identity
- */
- void
- deleteKey(const Identity& identity, const Key& key);
-
- /**
- * @brief Set @p key as the default key of @p identity.
- *
- * @pre @p identity must be valid.
- * @pre @p key must be valid.
- * @throw std::invalid_argument @p key does not belong to @p identity
- */
- void
- setDefaultKey(const Identity& identity, const Key& key);
-
-public: // Certificate management
- /**
- * @brief Add a certificate @p certificate for @p key
- *
- * If @p key had no default certificate selected, the added certificate will be set as the
- * default certificate for this key.
- *
- * @note This method overwrites certificate with the same name, without considering the
- * implicit digest.
- *
- * @pre @p key must be valid.
- * @throw std::invalid_argument @p key does not match @p certificate
- */
- void
- addCertificate(const Key& key, const Certificate& certificate);
-
- /**
- * @brief delete a certificate with name @p certificateName of @p key.
- *
- * If the certificate @p certificateName does not exist, this method has no effect.
- *
- * @pre @p key must be valid.
- * @throw std::invalid_argument @p certificateName does not follow certificate naming convention.
- */
- void
- deleteCertificate(const Key& key, const Name& certificateName);
-
- /**
- * @brief Set @p cert as the default certificate of @p key.
- *
- * The certificate @p cert will be added to the @p key, potentially overriding existing
- * certificate if it has the same name (without considering implicit digest).
- *
- * @pre @p key must be valid.
- * @throw std::invalid_argument @p key does not match @p certificate
- */
- void
- setDefaultCertificate(const Key& key, const Certificate& certificate);
-
-public: // signing
- /**
- * @brief Sign a Data packet according to the supplied signing information
- *
- * This method uses the supplied signing information in @p params to sign @p data as follows:
- * - It selects a private key and its associated certificate to sign the packet.
- * - It generates a KeyLocator based upon the certificate name.
- * - Using the SignatureInfo in @p params as a base, it generates the final SignatureInfo block
- * for @p data.
- * - It adds the generated SignatureInfo block to @p data.
- * - It generates a signature for @p data and adds it as the SignatureValue block of @p data.
- *
- * @param data The data to sign
- * @param params The signing parameters
- * @throw Error Signing failed
- * @throw InvalidSigningInfoError Invalid @p params was specified or the specified identity, key,
- * or certificate does not exist
- * @see SigningInfo
- * @see SignatureInfo
- */
- void
- sign(Data& data, const SigningInfo& params = SigningInfo());
-
- /**
- * @brief Sign an Interest according to the supplied signing information
- *
- * This method uses the supplied signing information in @p params to sign @p interest as follows:
- * - It selects a private key and its associated certificate to sign the packet.
- * - It generates a KeyLocator based upon the certificate name.
- * - Using the SignatureInfo in @p params as a base, it generates the final SignatureInfo block
- * for @p interest.
- * - It appends the generated SignatureInfo block to the end of the Name of @p interest.
- * - It generates a signature for @p interest and appends it to the end of the Name of
- * @p interest as a SignatureValue block.
- *
- * @param interest The interest to sign
- * @param params The signing parameters
- * @throw Error Signing failed
- * @throw InvalidSigningInfoError Invalid @p params was specified or the specified identity, key,
- * or certificate does not exist
- * @see SigningInfo
- * @see SignatureInfo
- * @see docs/specs/signed-interest.rst
- */
- void
- sign(Interest& interest, const SigningInfo& params = SigningInfo());
-
- /**
- * @brief Sign buffer according to the supplied signing information @p params
- * @deprecated Sign Interests and Data directly
- *
- * If @p params refers to an identity, the method selects the default key of the identity.
- * If @p params refers to a key or certificate, the method select the corresponding key.
- *
- * @param buffer The buffer to sign
- * @param bufferLength The buffer size
- * @param params The signing parameters
- * @return SignatureValue TLV block
- * @throw Error Signing failed
- * @see SigningInfo
- * @see SignatureInfo
- */
- [[deprecated("sign Interests and Data directly")]]
- Block
- sign(const uint8_t* buffer, size_t bufferLength, const SigningInfo& params = SigningInfo());
-
-public: // export & import
- /**
- * @brief Export a certificate and its corresponding private key.
- *
- * @param certificate The certificate to export.
- * @param pw The password to secure the private key.
- * @param pwLen The length of password.
- * @return A SafeBag carrying the certificate and encrypted private key.
- * @throw Error the certificate or private key does not exist
- */
- shared_ptr<SafeBag>
- exportSafeBag(const Certificate& certificate, const char* pw, size_t pwLen);
-
- /**
- * @brief Import a certificate and its corresponding private key from a SafeBag.
- *
- * If the certificate and key are imported properly, the default setting will be updated as if
- * a new key and certificate is added into KeyChain.
- *
- * @param safeBag The encoded data to import.
- * @param pw The password to secure the private key.
- * @param pwLen The length of password.
- * @throw Error any of following conditions:
- * - the safebag cannot be decoded or its content does not match;
- * - private key cannot be imported;
- * - a private/public key of the same name already exists;
- * - a certificate of the same name already exists.
- */
- void
- importSafeBag(const SafeBag& safeBag, const char* pw, size_t pwLen);
-
- /**
- * @brief Import a private key into the TPM.
- */
- void
- importPrivateKey(const Name& keyName, shared_ptr<transform::PrivateKey> key);
-
-NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
- /**
- * @brief Derive SignatureTypeValue according to key type and digest algorithm.
- */
- static tlv::SignatureTypeValue
- getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm);
-
-public: // PIB & TPM backend registry
- /**
- * @brief Register a new PIB backend
- * @param scheme Name for the registered PIB backend scheme
- *
- * @note This interface is implementation detail and may change without notice.
- */
- template<class PibBackendType>
- static void
- registerPibBackend(const std::string& scheme);
-
- /**
- * @brief Register a new TPM backend
- * @param scheme Name for the registered TPM backend scheme
- *
- * @note This interface is implementation detail and may change without notice.
- */
- template<class TpmBackendType>
- static void
- registerTpmBackend(const std::string& scheme);
-
-private:
- typedef std::map<std::string, function<std::shared_ptr<pib::PibImpl>(const std::string& location)>> PibFactories;
- typedef std::map<std::string, function<unique_ptr<tpm::BackEnd>(const std::string& location)>> TpmFactories;
-
- static PibFactories&
- getPibFactories();
-
- static TpmFactories&
- getTpmFactories();
-
- static std::tuple<std::string/*type*/, std::string/*location*/>
- parseAndCheckPibLocator(const std::string& pibLocator);
-
- static std::tuple<std::string/*type*/, std::string/*location*/>
- parseAndCheckTpmLocator(const std::string& tpmLocator);
-
- static const std::string&
- getDefaultPibScheme();
-
- static const std::string&
- getDefaultTpmScheme();
-
- /**
- * @brief Create a PIB according to @p pibLocator
- */
- static unique_ptr<Pib>
- createPib(const std::string& pibLocator);
-
- /**
- * @brief Create a TPM according to @p tpmLocator
- */
- static unique_ptr<Tpm>
- createTpm(const std::string& tpmLocator);
-
-NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
- static const std::string&
- getDefaultPibLocator();
-
- static const std::string&
- getDefaultTpmLocator();
-
-private: // signing
- /**
- * @brief Generate a self-signed certificate for a public key.
- *
- * The self-signed certificate will also be added to the PIB.
- */
- Certificate
- selfSign(Key& key);
-
- /**
- * @brief Prepare a SignatureInfo TLV according to signing information and return the signing
- * key name.
- *
- * @param params The signing parameters
- * @return The signing key name and prepared SignatureInfo
- * @throw InvalidSigningInfoError The requested signing method cannot be satisfied
- */
- std::tuple<Name, SignatureInfo>
- prepareSignatureInfo(const SigningInfo& params);
-
- /**
- * @brief Generate a SignatureValue block for a buffer @p buf of size @p size using
- * a key with name @p keyName and digest algorithm @p digestAlgorithm.
- */
- Block
- sign(const uint8_t* buf, size_t size, const Name& keyName, DigestAlgorithm digestAlgorithm) const;
-
-public:
- /**
- * @deprecated Use default constructor for SigningInfo
- */
- [[deprecated("use default constructor for SigningInfo")]]
- static const SigningInfo&
- getDefaultSigningInfo();
-
- static const KeyParams&
- getDefaultKeyParams();
-
-private:
- std::unique_ptr<Pib> m_pib;
- std::unique_ptr<Tpm> m_tpm;
-
- static std::string s_defaultPibLocator;
- static std::string s_defaultTpmLocator;
-};
-
-template<class PibType>
-inline void
-KeyChain::registerPibBackend(const std::string& scheme)
-{
- getPibFactories().emplace(scheme, [] (const std::string& locator) {
- return std::shared_ptr<pib::PibImpl>(new PibType(locator));
- });
-}
-
-template<class TpmType>
-inline void
-KeyChain::registerTpmBackend(const std::string& scheme)
-{
- getTpmFactories().emplace(scheme, [] (const std::string& locator) {
- return unique_ptr<tpm::BackEnd>(new TpmType(locator));
- });
-}
-
-/**
- * @brief Register Pib backend class in KeyChain
- *
- * This macro should be placed once in the implementation file of the
- * Pib backend class within the namespace where the type is declared.
- *
- * @note This interface is implementation detail and may change without notice.
- */
-#define NDN_CXX_V2_KEYCHAIN_REGISTER_PIB_BACKEND(PibType) \
-static class NdnCxxAuto ## PibType ## PibRegistrationClass \
-{ \
-public: \
- NdnCxxAuto ## PibType ## PibRegistrationClass() \
- { \
- ::ndn::security::v2::KeyChain::registerPibBackend<PibType>(PibType::getScheme()); \
- } \
-} ndnCxxAuto ## PibType ## PibRegistrationVariable
-
-/**
- * @brief Register Tpm backend class in KeyChain
- *
- * This macro should be placed once in the implementation file of the
- * Tpm backend class within the namespace where the type is declared.
- *
- * @note This interface is implementation detail and may change without notice.
- */
-#define NDN_CXX_V2_KEYCHAIN_REGISTER_TPM_BACKEND(TpmType) \
-static class NdnCxxAuto ## TpmType ## TpmRegistrationClass \
-{ \
-public: \
- NdnCxxAuto ## TpmType ## TpmRegistrationClass() \
- { \
- ::ndn::security::v2::KeyChain::registerTpmBackend<TpmType>(TpmType::getScheme()); \
- } \
-} ndnCxxAuto ## TpmType ## TpmRegistrationVariable
-
-} // namespace v2
-
-using v2::KeyChain;
-
-} // namespace security
-
-using security::v2::KeyChain;
-
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_KEY_CHAIN_HPP
+#endif // NDN_CXX_SECURITY_V2_KEY_CHAIN_HPP
diff --git a/ndn-cxx/security/v2/validation-callback.hpp b/ndn-cxx/security/v2/validation-callback.hpp
index 5ce1db1..406153d 100644
--- a/ndn-cxx/security/v2/validation-callback.hpp
+++ b/ndn-cxx/security/v2/validation-callback.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,40 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_VALIDATION_CALLBACK_HPP
-#define NDN_SECURITY_V2_VALIDATION_CALLBACK_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATION_CALLBACK_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATION_CALLBACK_HPP
-#include "ndn-cxx/data.hpp"
-#include "ndn-cxx/interest.hpp"
-#include "ndn-cxx/security/security-common.hpp"
-#include "ndn-cxx/security/v2/validation-error.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validation-callback.hpp> instead
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/validation-callback.hpp"
-/**
- * @brief Callback to report a successful Data validation.
- */
-typedef function<void(const Data& data)> DataValidationSuccessCallback;
-
-/**
- * @brief Callback to report a failed Data validation.
- */
-typedef function<void(const Data& data, const ValidationError& error)> DataValidationFailureCallback;
-
-/**
- * @brief Callback to report a successful Interest validation.
- */
-typedef function<void(const Interest& interest)> InterestValidationSuccessCallback;
-
-/**
- * @brief Callback to report a failed Interest validation.
- */
-typedef function<void(const Interest& interest, const ValidationError& error)> InterestValidationFailureCallback;
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATION_CALLBACK_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATION_CALLBACK_HPP
diff --git a/ndn-cxx/security/v2/validation-error.hpp b/ndn-cxx/security/v2/validation-error.hpp
index 826cd18..9567dcf 100644
--- a/ndn-cxx/security/v2/validation-error.hpp
+++ b/ndn-cxx/security/v2/validation-error.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,75 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_VALIDATION_ERROR_HPP
-#define NDN_SECURITY_V2_VALIDATION_ERROR_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATION_ERROR_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATION_ERROR_HPP
-#include "ndn-cxx/detail/common.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validation-error.hpp> instead
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/validation-error.hpp"
-/**
- * @brief Validation error code and optional detailed error message
- */
-class ValidationError
-{
-public:
- /**
- * @brief Known validation error code
- * @sa specs/validation-error-code.rst
- */
- enum Code : uint32_t {
- NO_ERROR = 0,
- INVALID_SIGNATURE = 1,
- NO_SIGNATURE = 2,
- CANNOT_RETRIEVE_CERT = 3,
- EXPIRED_CERT = 4,
- LOOP_DETECTED = 5,
- MALFORMED_CERT = 6,
- EXCEEDED_DEPTH_LIMIT = 7,
- INVALID_KEY_LOCATOR = 8,
- POLICY_ERROR = 9,
- IMPLEMENTATION_ERROR = 255,
- USER_MIN = 256 // custom error codes should use >=256
- };
-
-public:
- /**
- * @brief Validation error, implicitly convertible from an error code and info
- */
- ValidationError(uint32_t code, const std::string& info = "")
- : m_code(code)
- , m_info(info)
- {
- }
-
- uint32_t
- getCode() const
- {
- return m_code;
- }
-
- const std::string&
- getInfo() const
- {
- return m_info;
- }
-
-private:
- uint32_t m_code;
- std::string m_info;
-};
-
-std::ostream&
-operator<<(std::ostream& os, ValidationError::Code code);
-
-std::ostream&
-operator<<(std::ostream& os, const ValidationError& error);
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATION_ERROR_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATION_ERROR_HPP
diff --git a/ndn-cxx/security/v2/validation-policy-accept-all.hpp b/ndn-cxx/security/v2/validation-policy-accept-all.hpp
index 9ed54ab..06bb1f0 100644
--- a/ndn-cxx/security/v2/validation-policy-accept-all.hpp
+++ b/ndn-cxx/security/v2/validation-policy-accept-all.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,38 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_VALIDATION_POLICY_ACCEPT_ALL_HPP
-#define NDN_SECURITY_V2_VALIDATION_POLICY_ACCEPT_ALL_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATION_POLICY_ACCEPT_ALL_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATION_POLICY_ACCEPT_ALL_HPP
-#include "ndn-cxx/security/v2/validation-policy.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validation-policy-accept-all.hpp> instead
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/validation-policy-accept-all.hpp"
-/**
- * @brief A validator policy that accepts any signature of data and interest packets
- */
-class ValidationPolicyAcceptAll : public ValidationPolicy
-{
-public:
- void
- checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation) final
- {
- continueValidation(nullptr, state);
- }
-
- void
- checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation) final
- {
- continueValidation(nullptr, state);
- }
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATION_POLICY_ACCEPT_ALL_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATION_POLICY_ACCEPT_ALL_HPP
diff --git a/ndn-cxx/security/v2/validation-policy-command-interest.hpp b/ndn-cxx/security/v2/validation-policy-command-interest.hpp
index 6ac35b8..ec7a233 100644
--- a/ndn-cxx/security/v2/validation-policy-command-interest.hpp
+++ b/ndn-cxx/security/v2/validation-policy-command-interest.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,141 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_VALIDATION_POLICY_COMMAND_INTEREST_HPP
-#define NDN_SECURITY_V2_VALIDATION_POLICY_COMMAND_INTEREST_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATION_POLICY_COMMAND_INTEREST_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATION_POLICY_COMMAND_INTEREST_HPP
-#include "ndn-cxx/security/v2/validation-policy.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validation-policy-command-interest.hpp> instead
-#include <boost/multi_index_container.hpp>
-#include <boost/multi_index/ordered_index.hpp>
-#include <boost/multi_index/sequenced_index.hpp>
-#include <boost/multi_index/key_extractors.hpp>
+#include "ndn-cxx/security/validation-policy-command-interest.hpp"
-namespace ndn {
-namespace security {
-namespace v2 {
-
-/** \brief Validation policy for stop-and-wait command Interests
- * \sa https://redmine.named-data.net/projects/ndn-cxx/wiki/CommandInterest
- *
- * This policy checks the timestamp field of a stop-and-wait command Interest.
- * Signed Interest validation and Data validation requests are delegated to an inner policy.
- */
-class ValidationPolicyCommandInterest : public ValidationPolicy
-{
-public:
- class Options
- {
- public:
- Options()
- {
- }
-
- public:
- /** \brief tolerance of initial timestamp
- *
- * A stop-and-wait command Interest is considered "initial" if the validator
- * has not recorded the last timestamp from the same public key, or when
- * such knowledge has been erased.
- * For an initial command Interest, its timestamp is compared to the current
- * system clock, and the command Interest is rejected if the absolute difference
- * is greater than the grace interval.
- *
- * This should be positive.
- * Setting this option to 0 or negative causes the validator to require exactly same
- * timestamp as the system clock, which most likely rejects all command Interests.
- */
- time::nanoseconds gracePeriod = 2_min;
-
- /** \brief max number of distinct public keys of which to record the last timestamp
- *
- * The validator records last timestamps for every public key.
- * For a subsequent command Interest using the same public key,
- * its timestamp is compared to the last timestamp from that public key,
- * and the command Interest is rejected if its timestamp is
- * less than or equal to the recorded timestamp.
- *
- * This option limits the number of distinct public keys being tracked.
- * If the limit is exceeded, the oldest record is deleted.
- *
- * Setting this option to -1 allows tracking unlimited public keys.
- * Setting this option to 0 disables last timestamp records and causes
- * every command Interest to be processed as initial.
- */
- ssize_t maxRecords = 1000;
-
- /** \brief max lifetime of a last timestamp record
- *
- * A last timestamp record expires and can be deleted if it has not been refreshed
- * within this duration.
- * Setting this option to 0 or negative makes last timestamp records expire immediately
- * and causes every command Interest to be processed as initial.
- */
- time::nanoseconds recordLifetime = 1_h;
- };
-
- /** \brief constructor
- * \param inner a Validator for signed Interest signature validation and Data validation;
- * this must not be nullptr
- * \param options stop-and-wait command Interest validation options
- * \throw std::invalid_argument inner policy is nullptr
- */
- explicit
- ValidationPolicyCommandInterest(unique_ptr<ValidationPolicy> inner,
- const Options& options = {});
-
-protected:
- void
- checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation) override;
-
- void
- checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation) override;
-
-private:
- void
- cleanup();
-
- std::tuple<bool, Name, uint64_t>
- parseCommandInterest(const Interest& interest, const shared_ptr<ValidationState>& state) const;
-
- bool
- checkTimestamp(const shared_ptr<ValidationState>& state,
- const Name& keyName, uint64_t timestamp);
-
- void
- insertNewRecord(const Name& keyName, uint64_t timestamp);
-
-private:
- Options m_options;
-
- struct LastTimestampRecord
- {
- Name keyName;
- uint64_t timestamp;
- time::steady_clock::TimePoint lastRefreshed;
- };
-
- using Container = boost::multi_index_container<
- LastTimestampRecord,
- boost::multi_index::indexed_by<
- boost::multi_index::ordered_unique<
- boost::multi_index::member<LastTimestampRecord, Name, &LastTimestampRecord::keyName>
- >,
- boost::multi_index::sequenced<>
- >
- >;
- using Index = Container::nth_index<0>::type;
- using Queue = Container::nth_index<1>::type;
-
- Container m_container;
- Index& m_index;
- Queue& m_queue;
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATION_POLICY_COMMAND_INTEREST_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATION_POLICY_COMMAND_INTEREST_HPP
diff --git a/ndn-cxx/security/v2/validation-policy-config.hpp b/ndn-cxx/security/v2/validation-policy-config.hpp
index e94ccec..03f11f4 100644
--- a/ndn-cxx/security/v2/validation-policy-config.hpp
+++ b/ndn-cxx/security/v2/validation-policy-config.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,94 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_VALIDATION_POLICY_CONFIG_HPP
-#define NDN_SECURITY_V2_VALIDATION_POLICY_CONFIG_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATION_POLICY_CONFIG_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATION_POLICY_CONFIG_HPP
-#include "ndn-cxx/security/v2/validation-policy.hpp"
-#include "ndn-cxx/security/v2/validator-config/rule.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validation-policy-config.hpp> instead
-namespace ndn {
-namespace security {
-namespace v2 {
-namespace validator_config {
+#include "ndn-cxx/security/validation-policy-config.hpp"
-/**
- * @brief A validator that can be set up via a configuration file.
- *
- * @note For command Interest validation, this policy must be combined with
- * @p ValidationPolicyCommandInterest, in order to guard against replay attacks.
- * @note This policy does not support inner policies (a sole policy or a terminal inner policy)
- * @sa https://named-data.net/doc/ndn-cxx/current/tutorials/security-validator-config.html
- */
-class ValidationPolicyConfig : public ValidationPolicy
-{
-public:
- /**
- * @brief Load policy from file @p filename
- * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
- */
- void
- load(const std::string& filename);
-
- /**
- * @brief Load policy from direct @p input
- * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
- */
- void
- load(const std::string& input, const std::string& filename);
-
- /**
- * @brief Load policy from direct @p input
- * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
- */
- void
- load(std::istream& input, const std::string& filename);
-
- /**
- * @brief Load policy from @p configSection
- * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
- */
- void
- load(const ConfigSection& configSection, const std::string& filename);
-
-protected:
- void
- checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation) override;
-
- void
- checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation) override;
-
-private:
- void
- processConfigTrustAnchor(const ConfigSection& section, const std::string& filename);
-
- time::nanoseconds
- getRefreshPeriod(ConfigSection::const_iterator& it, const ConfigSection::const_iterator& end);
-
- time::nanoseconds
- getDefaultRefreshPeriod();
-
-NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
- /** @brief Whether to always bypass validation.
- *
- * This is set to true when 'any' is specified as a trust anchor.
- * It causes all packets to bypass validation.
- */
- bool m_shouldBypass = false;
- bool m_isConfigured = false;
-
- std::vector<unique_ptr<Rule>> m_dataRules;
- std::vector<unique_ptr<Rule>> m_interestRules;
-};
-
-} // namespace validator_config
-
-using validator_config::ValidationPolicyConfig;
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATION_POLICY_CONFIG_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATION_POLICY_CONFIG_HPP
diff --git a/ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp b/ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp
index 7908075..8678fef 100644
--- a/ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp
+++ b/ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,32 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
-#define NDN_SECURITY_V2_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
-#include "ndn-cxx/security/v2/validation-policy.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validation-policy-simple-hierarchy.hpp> instead
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
-/**
- * @brief Validation policy for a simple hierarchical trust model
- */
-class ValidationPolicySimpleHierarchy : public ValidationPolicy
-{
-public:
- void
- checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation) override;
-
- void
- checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation) override;
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
diff --git a/ndn-cxx/security/v2/validation-policy.hpp b/ndn-cxx/security/v2/validation-policy.hpp
index c5b52c5..8adbe61 100644
--- a/ndn-cxx/security/v2/validation-policy.hpp
+++ b/ndn-cxx/security/v2/validation-policy.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,152 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_VALIDATION_POLICY_HPP
-#define NDN_SECURITY_V2_VALIDATION_POLICY_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATION_POLICY_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATION_POLICY_HPP
-#include "ndn-cxx/data.hpp"
-#include "ndn-cxx/interest.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validation-policy.hpp> instead
-namespace ndn {
-namespace security {
-namespace v2 {
+#include "ndn-cxx/security/validation-policy.hpp"
-/**
- * @brief Abstraction that implements validation policy for Data and Interest packets
- */
-class ValidationPolicy : noncopyable
-{
-public:
- using ValidationContinuation = std::function<void(const shared_ptr<CertificateRequest>& certRequest,
- const shared_ptr<ValidationState>& state)>;
-
- virtual
- ~ValidationPolicy() = default;
-
- /**
- * @brief Set inner policy
- *
- * Multiple assignments of the inner policy will create a "chain" of linked policies.
- * The inner policy from the latest invocation of setInnerPolicy will be at the bottom
- * of the policy list.
- *
- * For example, sequence of `this->setInnerPolicy(policy1)` and
- * `this->setInnerPolicy(policy2)`, will result in `this->m_innerPolicy == policy1`,
- * this->m_innerPolicy->m_innerPolicy == policy2', and
- * `this->m_innerPolicy->m_innerPolicy->m_innerPolicy == nullptr`.
- *
- * @throw std::invalid_argument exception, if @p innerPolicy is nullptr.
- */
- void
- setInnerPolicy(unique_ptr<ValidationPolicy> innerPolicy);
-
- /**
- * @brief Check if inner policy is set
- */
- bool
- hasInnerPolicy() const
- {
- return m_innerPolicy != nullptr;
- }
-
- /**
- * @brief Return the inner policy
- *
- * If the inner policy was not set, behavior is undefined.
- */
- ValidationPolicy&
- getInnerPolicy();
-
- /**
- * @brief Set validator to which the policy is associated
- */
- void
- setValidator(Validator& validator);
-
- /**
- * @brief Check @p data against the policy
- *
- * Depending on implementation of the policy, this check can be done synchronously or
- * asynchronously.
- *
- * Semantics of checkPolicy has changed from v1::Validator
- * - If packet violates policy, the policy should call `state->fail` with appropriate error
- * code and error description.
- * - If packet conforms to the policy and no further certificate retrievals are necessary,
- * the policy should call continueValidation(nullptr, state)
- * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
- * call continueValidation(<appropriate-cert-request-instance>, state)
- */
- virtual void
- checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation) = 0;
-
- /**
- * @brief Check @p interest against the policy
- *
- * Depending on implementation of the policy, this check can be done synchronously or
- * asynchronously.
- *
- * Semantics of checkPolicy has changed from v1::Validator
- * - If packet violates policy, the policy should call `state->fail` with appropriate error
- * code and error description.
- * - If packet conforms to the policy and no further certificate retrievals are necessary,
- * the policy should call continueValidation(nullptr, state)
- * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
- * call continueValidation(<appropriate-cert-request-instance>, state)
- */
- virtual void
- checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation) = 0;
-
- /**
- * @brief Check @p certificate against the policy
- *
- * Unless overridden by the policy, this check defaults to `checkPolicy(const Data&, ...)`.
- *
- * Depending on implementation of the policy, this check can be done synchronously or
- * asynchronously.
- *
- * Semantics of checkPolicy has changed from v1::Validator
- * - If packet violates policy, the policy should call `state->fail` with appropriate error
- * code and error description.
- * - If packet conforms to the policy and no further certificate retrievals are necessary,
- * the policy should call continueValidation(nullptr, state)
- * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
- * call continueValidation(<appropriate-cert-request-instance>, state)
- */
- virtual void
- checkPolicy(const Certificate& certificate, const shared_ptr<ValidationState>& state,
- const ValidationContinuation& continueValidation)
- {
- checkPolicy(static_cast<const Data&>(certificate), state, continueValidation);
- }
-
-NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PROTECTED:
- Validator* m_validator = nullptr;
- unique_ptr<ValidationPolicy> m_innerPolicy;
-};
-
-/** \brief extract KeyLocator.Name from Data
- *
- * Data must contain a KeyLocator of Name type.
- * Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
- */
-Name
-getKeyLocatorName(const Data& data, ValidationState& state);
-
-/** \brief extract KeyLocator.Name from signed Interest
- *
- * Interest must have SignatureInfo and contain a KeyLocator of Name type.
- * Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
- */
-Name
-getKeyLocatorName(const Interest& interest, ValidationState& state);
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATION_POLICY_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATION_POLICY_HPP
diff --git a/ndn-cxx/security/v2/validator.hpp b/ndn-cxx/security/v2/validator.hpp
index 04e0d95..95100d4 100644
--- a/ndn-cxx/security/v2/validator.hpp
+++ b/ndn-cxx/security/v2/validator.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,171 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_VALIDATOR_HPP
-#define NDN_SECURITY_V2_VALIDATOR_HPP
+#ifndef NDN_CXX_SECURITY_V2_VALIDATOR_HPP
+#define NDN_CXX_SECURITY_V2_VALIDATOR_HPP
-#include "ndn-cxx/security/v2/certificate-fetcher.hpp"
-#include "ndn-cxx/security/v2/certificate-request.hpp"
-#include "ndn-cxx/security/v2/certificate-storage.hpp"
-#include "ndn-cxx/security/v2/validation-callback.hpp"
-#include "ndn-cxx/security/v2/validation-policy.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#warning This file is deprecated, include <ndn-cxx/security/validator.hpp> instead
-namespace ndn {
+#include "ndn-cxx/security/validator.hpp"
-class Face;
-
-namespace security {
-namespace v2 {
-
-/**
- * @brief Interface for validating data and interest packets.
- *
- * Every time a validation process initiated, it creates a ValidationState that exist until
- * validation finishes with either success or failure. This state serves several purposes:
- * - record Interest or Data packet being validated
- * - record failure callback
- * - record certificates in the certification chain for the Interest or Data packet being validated
- * - record names of the requested certificates to detect loops in the certificate chain
- * - keep track of the validation chain size (aka validation "depth")
- *
- * During validation, policy and/or key fetcher can augment validation state with policy- and
- * fetcher-specific information using ndn::Tag's.
- *
- * A validator has a trust anchor cache to save static and dynamic trust anchors, a verified
- * certificate cache for saving certificates that are already verified and an unverified
- * certificate cache for saving prefetched but not yet verified certificates.
- *
- * @todo Limit the maximum time the validation process is allowed to run before declaring failure
- * @todo Ability to customize maximum lifetime for trusted and untrusted certificate caches.
- * Current implementation hard-codes them to be 1 hour and 5 minutes.
- */
-class Validator : public CertificateStorage
-{
-public:
- /**
- * @brief Validator constructor.
- *
- * @param policy Validation policy to be associated with the validator
- * @param certFetcher Certificate fetcher implementation.
- */
- Validator(unique_ptr<ValidationPolicy> policy, unique_ptr<CertificateFetcher> certFetcher);
-
- ~Validator();
-
- ValidationPolicy&
- getPolicy();
-
- CertificateFetcher&
- getFetcher();
-
- /**
- * @brief Set the maximum depth of the certificate chain
- */
- void
- setMaxDepth(size_t depth);
-
- /**
- * @return The maximum depth of the certificate chain
- */
- size_t
- getMaxDepth() const;
-
- /**
- * @brief Asynchronously validate @p data
- *
- * @note @p successCb and @p failureCb must not be nullptr
- */
- void
- validate(const Data& data,
- const DataValidationSuccessCallback& successCb,
- const DataValidationFailureCallback& failureCb);
-
- /**
- * @brief Asynchronously validate @p interest
- *
- * @note @p successCb and @p failureCb must not be nullptr
- */
- void
- validate(const Interest& interest,
- const InterestValidationSuccessCallback& successCb,
- const InterestValidationFailureCallback& failureCb);
-
-public: // anchor management
- /**
- * @brief load static trust anchor.
- *
- * Static trust anchors are permanently associated with the validator and never expire.
- *
- * @param groupId Certificate group id.
- * @param cert Certificate to load as a trust anchor.
- */
- void
- loadAnchor(const std::string& groupId, Certificate&& cert);
-
- /**
- * @brief load dynamic trust anchors.
- *
- * Dynamic trust anchors are associated with the validator for as long as the underlying
- * trust anchor file (set of files) exist(s).
- *
- * @param groupId Certificate group id, must not be empty.
- * @param certfilePath Specifies the path to load the trust anchors.
- * @param refreshPeriod Refresh period for the trust anchors, must be positive.
- * @param isDir Tells whether the path is a directory or a single file.
- */
- void
- loadAnchor(const std::string& groupId, const std::string& certfilePath,
- time::nanoseconds refreshPeriod, bool isDir = false);
-
- /**
- * @brief remove any previously loaded static or dynamic trust anchor
- */
- void
- resetAnchors();
-
- /**
- * @brief Cache verified @p cert a period of time (1 hour)
- *
- * @todo Add ability to customize time period
- */
- void
- cacheVerifiedCertificate(Certificate&& cert);
-
- /**
- * @brief Remove any cached verified certificates
- */
- void
- resetVerifiedCertificates();
-
-private: // Common validator operations
- /**
- * @brief Recursive validation of the certificate in the certification chain
- *
- * @param cert The certificate to check.
- * @param state The current validation state.
- */
- void
- validate(const Certificate& cert, const shared_ptr<ValidationState>& state);
-
- /**
- * @brief Request certificate for further validation.
- *
- * @param certRequest Certificate request.
- * @param state The current validation state.
- */
- void
- requestCertificate(const shared_ptr<CertificateRequest>& certRequest,
- const shared_ptr<ValidationState>& state);
-
-private:
- unique_ptr<ValidationPolicy> m_policy;
- unique_ptr<CertificateFetcher> m_certFetcher;
- size_t m_maxDepth;
-};
-
-} // namespace v2
-} // namespace security
-} // namespace ndn
-
-#endif // NDN_SECURITY_V2_VALIDATOR_HPP
+#endif // NDN_CXX_SECURITY_V2_VALIDATOR_HPP
diff --git a/ndn-cxx/security/validation-callback.hpp b/ndn-cxx/security/validation-callback.hpp
new file mode 100644
index 0000000..703267a
--- /dev/null
+++ b/ndn-cxx/security/validation-callback.hpp
@@ -0,0 +1,58 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATION_CALLBACK_HPP
+#define NDN_SECURITY_VALIDATION_CALLBACK_HPP
+
+#include "ndn-cxx/data.hpp"
+#include "ndn-cxx/interest.hpp"
+#include "ndn-cxx/security/security-common.hpp"
+#include "ndn-cxx/security/validation-error.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Callback to report a successful Data validation.
+ */
+typedef function<void(const Data& data)> DataValidationSuccessCallback;
+
+/**
+ * @brief Callback to report a failed Data validation.
+ */
+typedef function<void(const Data& data, const ValidationError& error)> DataValidationFailureCallback;
+
+/**
+ * @brief Callback to report a successful Interest validation.
+ */
+typedef function<void(const Interest& interest)> InterestValidationSuccessCallback;
+
+/**
+ * @brief Callback to report a failed Interest validation.
+ */
+typedef function<void(const Interest& interest, const ValidationError& error)> InterestValidationFailureCallback;
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATION_CALLBACK_HPP
diff --git a/ndn-cxx/security/v2/validation-error.cpp b/ndn-cxx/security/validation-error.cpp
similarity index 94%
rename from ndn-cxx/security/v2/validation-error.cpp
rename to ndn-cxx/security/validation-error.cpp
index 6df5f23..102cb30 100644
--- a/ndn-cxx/security/v2/validation-error.cpp
+++ b/ndn-cxx/security/validation-error.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,13 +19,13 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validation-error.hpp"
+#include "ndn-cxx/security/validation-error.hpp"
#include <ostream>
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
std::ostream&
operator<<(std::ostream& os, ValidationError::Code code)
@@ -74,6 +74,6 @@
return os;
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/validation-error.hpp b/ndn-cxx/security/validation-error.hpp
new file mode 100644
index 0000000..5e5cd2c
--- /dev/null
+++ b/ndn-cxx/security/validation-error.hpp
@@ -0,0 +1,93 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATION_ERROR_HPP
+#define NDN_SECURITY_VALIDATION_ERROR_HPP
+
+#include "ndn-cxx/detail/common.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Validation error code and optional detailed error message
+ */
+class ValidationError
+{
+public:
+ /**
+ * @brief Known validation error code
+ * @sa specs/validation-error-code.rst
+ */
+ enum Code : uint32_t {
+ NO_ERROR = 0,
+ INVALID_SIGNATURE = 1,
+ NO_SIGNATURE = 2,
+ CANNOT_RETRIEVE_CERT = 3,
+ EXPIRED_CERT = 4,
+ LOOP_DETECTED = 5,
+ MALFORMED_CERT = 6,
+ EXCEEDED_DEPTH_LIMIT = 7,
+ INVALID_KEY_LOCATOR = 8,
+ POLICY_ERROR = 9,
+ IMPLEMENTATION_ERROR = 255,
+ USER_MIN = 256 // custom error codes should use >=256
+ };
+
+public:
+ /**
+ * @brief Validation error, implicitly convertible from an error code and info
+ */
+ ValidationError(uint32_t code, const std::string& info = "")
+ : m_code(code)
+ , m_info(info)
+ {
+ }
+
+ uint32_t
+ getCode() const
+ {
+ return m_code;
+ }
+
+ const std::string&
+ getInfo() const
+ {
+ return m_info;
+ }
+
+private:
+ uint32_t m_code;
+ std::string m_info;
+};
+
+std::ostream&
+operator<<(std::ostream& os, ValidationError::Code code);
+
+std::ostream&
+operator<<(std::ostream& os, const ValidationError& error);
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATION_ERROR_HPP
diff --git a/ndn-cxx/security/validation-policy-accept-all.hpp b/ndn-cxx/security/validation-policy-accept-all.hpp
new file mode 100644
index 0000000..6372e88
--- /dev/null
+++ b/ndn-cxx/security/validation-policy-accept-all.hpp
@@ -0,0 +1,56 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATION_POLICY_ACCEPT_ALL_HPP
+#define NDN_SECURITY_VALIDATION_POLICY_ACCEPT_ALL_HPP
+
+#include "ndn-cxx/security/validation-policy.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief A validator policy that accepts any signature of data and interest packets
+ */
+class ValidationPolicyAcceptAll : public ValidationPolicy
+{
+public:
+ void
+ checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation) final
+ {
+ continueValidation(nullptr, state);
+ }
+
+ void
+ checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation) final
+ {
+ continueValidation(nullptr, state);
+ }
+};
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATION_POLICY_ACCEPT_ALL_HPP
diff --git a/ndn-cxx/security/v2/validation-policy-command-interest.cpp b/ndn-cxx/security/validation-policy-command-interest.cpp
similarity index 96%
rename from ndn-cxx/security/v2/validation-policy-command-interest.cpp
rename to ndn-cxx/security/validation-policy-command-interest.cpp
index 52f276d..607356d 100644
--- a/ndn-cxx/security/v2/validation-policy-command-interest.cpp
+++ b/ndn-cxx/security/validation-policy-command-interest.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,11 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validation-policy-command-interest.hpp"
+#include "ndn-cxx/security/validation-policy-command-interest.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
ValidationPolicyCommandInterest::ValidationPolicyCommandInterest(unique_ptr<ValidationPolicy> inner,
const Options& options)
@@ -151,6 +151,6 @@
}
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/validation-policy-command-interest.hpp b/ndn-cxx/security/validation-policy-command-interest.hpp
new file mode 100644
index 0000000..c7ea9c2
--- /dev/null
+++ b/ndn-cxx/security/validation-policy-command-interest.hpp
@@ -0,0 +1,159 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATION_POLICY_COMMAND_INTEREST_HPP
+#define NDN_SECURITY_VALIDATION_POLICY_COMMAND_INTEREST_HPP
+
+#include "ndn-cxx/security/validation-policy.hpp"
+
+#include <boost/multi_index_container.hpp>
+#include <boost/multi_index/ordered_index.hpp>
+#include <boost/multi_index/sequenced_index.hpp>
+#include <boost/multi_index/key_extractors.hpp>
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/** \brief Validation policy for stop-and-wait command Interests
+ * \sa https://redmine.named-data.net/projects/ndn-cxx/wiki/CommandInterest
+ *
+ * This policy checks the timestamp field of a stop-and-wait command Interest.
+ * Signed Interest validation and Data validation requests are delegated to an inner policy.
+ */
+class ValidationPolicyCommandInterest : public ValidationPolicy
+{
+public:
+ class Options
+ {
+ public:
+ Options()
+ {
+ }
+
+ public:
+ /** \brief tolerance of initial timestamp
+ *
+ * A stop-and-wait command Interest is considered "initial" if the validator
+ * has not recorded the last timestamp from the same public key, or when
+ * such knowledge has been erased.
+ * For an initial command Interest, its timestamp is compared to the current
+ * system clock, and the command Interest is rejected if the absolute difference
+ * is greater than the grace interval.
+ *
+ * This should be positive.
+ * Setting this option to 0 or negative causes the validator to require exactly same
+ * timestamp as the system clock, which most likely rejects all command Interests.
+ */
+ time::nanoseconds gracePeriod = 2_min;
+
+ /** \brief max number of distinct public keys of which to record the last timestamp
+ *
+ * The validator records last timestamps for every public key.
+ * For a subsequent command Interest using the same public key,
+ * its timestamp is compared to the last timestamp from that public key,
+ * and the command Interest is rejected if its timestamp is
+ * less than or equal to the recorded timestamp.
+ *
+ * This option limits the number of distinct public keys being tracked.
+ * If the limit is exceeded, the oldest record is deleted.
+ *
+ * Setting this option to -1 allows tracking unlimited public keys.
+ * Setting this option to 0 disables last timestamp records and causes
+ * every command Interest to be processed as initial.
+ */
+ ssize_t maxRecords = 1000;
+
+ /** \brief max lifetime of a last timestamp record
+ *
+ * A last timestamp record expires and can be deleted if it has not been refreshed
+ * within this duration.
+ * Setting this option to 0 or negative makes last timestamp records expire immediately
+ * and causes every command Interest to be processed as initial.
+ */
+ time::nanoseconds recordLifetime = 1_h;
+ };
+
+ /** \brief constructor
+ * \param inner a Validator for signed Interest signature validation and Data validation;
+ * this must not be nullptr
+ * \param options stop-and-wait command Interest validation options
+ * \throw std::invalid_argument inner policy is nullptr
+ */
+ explicit
+ ValidationPolicyCommandInterest(unique_ptr<ValidationPolicy> inner,
+ const Options& options = {});
+
+protected:
+ void
+ checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation) override;
+
+ void
+ checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation) override;
+
+private:
+ void
+ cleanup();
+
+ std::tuple<bool, Name, uint64_t>
+ parseCommandInterest(const Interest& interest, const shared_ptr<ValidationState>& state) const;
+
+ bool
+ checkTimestamp(const shared_ptr<ValidationState>& state,
+ const Name& keyName, uint64_t timestamp);
+
+ void
+ insertNewRecord(const Name& keyName, uint64_t timestamp);
+
+private:
+ Options m_options;
+
+ struct LastTimestampRecord
+ {
+ Name keyName;
+ uint64_t timestamp;
+ time::steady_clock::TimePoint lastRefreshed;
+ };
+
+ using Container = boost::multi_index_container<
+ LastTimestampRecord,
+ boost::multi_index::indexed_by<
+ boost::multi_index::ordered_unique<
+ boost::multi_index::member<LastTimestampRecord, Name, &LastTimestampRecord::keyName>
+ >,
+ boost::multi_index::sequenced<>
+ >
+ >;
+ using Index = Container::nth_index<0>::type;
+ using Queue = Container::nth_index<1>::type;
+
+ Container m_container;
+ Index& m_index;
+ Queue& m_queue;
+};
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATION_POLICY_COMMAND_INTEREST_HPP
diff --git a/ndn-cxx/security/v2/validation-policy-config.cpp b/ndn-cxx/security/validation-policy-config.cpp
similarity index 97%
rename from ndn-cxx/security/v2/validation-policy-config.cpp
rename to ndn-cxx/security/validation-policy-config.cpp
index d723b94..6aeca86 100644
--- a/ndn-cxx/security/v2/validation-policy-config.cpp
+++ b/ndn-cxx/security/validation-policy-config.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,8 +19,8 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validation-policy-config.hpp"
-#include "ndn-cxx/security/v2/validator.hpp"
+#include "ndn-cxx/security/validation-policy-config.hpp"
+#include "ndn-cxx/security/validator.hpp"
#include "ndn-cxx/util/io.hpp"
#include <boost/algorithm/string/predicate.hpp>
@@ -32,7 +32,7 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace validator_config {
void
@@ -289,6 +289,6 @@
}
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/validation-policy-config.hpp b/ndn-cxx/security/validation-policy-config.hpp
new file mode 100644
index 0000000..f910994
--- /dev/null
+++ b/ndn-cxx/security/validation-policy-config.hpp
@@ -0,0 +1,112 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATION_POLICY_CONFIG_HPP
+#define NDN_SECURITY_VALIDATION_POLICY_CONFIG_HPP
+
+#include "ndn-cxx/security/validation-policy.hpp"
+#include "ndn-cxx/security/validator-config/rule.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+namespace validator_config {
+
+/**
+ * @brief A validator that can be set up via a configuration file.
+ *
+ * @note For command Interest validation, this policy must be combined with
+ * @p ValidationPolicyCommandInterest, in order to guard against replay attacks.
+ * @note This policy does not support inner policies (a sole policy or a terminal inner policy)
+ * @sa https://named-data.net/doc/ndn-cxx/current/tutorials/security-validator-config.html
+ */
+class ValidationPolicyConfig : public ValidationPolicy
+{
+public:
+ /**
+ * @brief Load policy from file @p filename
+ * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
+ */
+ void
+ load(const std::string& filename);
+
+ /**
+ * @brief Load policy from direct @p input
+ * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
+ */
+ void
+ load(const std::string& input, const std::string& filename);
+
+ /**
+ * @brief Load policy from direct @p input
+ * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
+ */
+ void
+ load(std::istream& input, const std::string& filename);
+
+ /**
+ * @brief Load policy from @p configSection
+ * @throw Error Validator instance not assigned to the policy (m_validator == nullptr)
+ */
+ void
+ load(const ConfigSection& configSection, const std::string& filename);
+
+protected:
+ void
+ checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation) override;
+
+ void
+ checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation) override;
+
+private:
+ void
+ processConfigTrustAnchor(const ConfigSection& section, const std::string& filename);
+
+ time::nanoseconds
+ getRefreshPeriod(ConfigSection::const_iterator& it, const ConfigSection::const_iterator& end);
+
+ time::nanoseconds
+ getDefaultRefreshPeriod();
+
+NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
+ /** @brief Whether to always bypass validation.
+ *
+ * This is set to true when 'any' is specified as a trust anchor.
+ * It causes all packets to bypass validation.
+ */
+ bool m_shouldBypass = false;
+ bool m_isConfigured = false;
+
+ std::vector<unique_ptr<Rule>> m_dataRules;
+ std::vector<unique_ptr<Rule>> m_interestRules;
+};
+
+} // namespace validator_config
+
+using validator_config::ValidationPolicyConfig;
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATION_POLICY_CONFIG_HPP
diff --git a/ndn-cxx/security/v2/validation-policy-simple-hierarchy.cpp b/ndn-cxx/security/validation-policy-simple-hierarchy.cpp
similarity index 92%
rename from ndn-cxx/security/v2/validation-policy-simple-hierarchy.cpp
rename to ndn-cxx/security/validation-policy-simple-hierarchy.cpp
index b026bbd..53cc1b5 100644
--- a/ndn-cxx/security/v2/validation-policy-simple-hierarchy.cpp
+++ b/ndn-cxx/security/validation-policy-simple-hierarchy.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,11 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
void
ValidationPolicySimpleHierarchy::checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
@@ -61,6 +61,6 @@
}
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/validation-policy-simple-hierarchy.hpp b/ndn-cxx/security/validation-policy-simple-hierarchy.hpp
new file mode 100644
index 0000000..2cd6503
--- /dev/null
+++ b/ndn-cxx/security/validation-policy-simple-hierarchy.hpp
@@ -0,0 +1,50 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
+#define NDN_SECURITY_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
+
+#include "ndn-cxx/security/validation-policy.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Validation policy for a simple hierarchical trust model
+ */
+class ValidationPolicySimpleHierarchy : public ValidationPolicy
+{
+public:
+ void
+ checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation) override;
+
+ void
+ checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation) override;
+};
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATION_POLICY_SIMPLE_HIERARCHY_HPP
diff --git a/ndn-cxx/security/v2/validation-policy.cpp b/ndn-cxx/security/validation-policy.cpp
similarity index 96%
rename from ndn-cxx/security/v2/validation-policy.cpp
rename to ndn-cxx/security/validation-policy.cpp
index 28396d1..b8986b5 100644
--- a/ndn-cxx/security/v2/validation-policy.cpp
+++ b/ndn-cxx/security/validation-policy.cpp
@@ -19,12 +19,12 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validation-policy.hpp"
+#include "ndn-cxx/security/validation-policy.hpp"
#include "ndn-cxx/security/signing-info.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
void
ValidationPolicy::setInnerPolicy(unique_ptr<ValidationPolicy> innerPolicy)
@@ -110,6 +110,6 @@
return getKeyLocatorName(si, state);
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/validation-policy.hpp b/ndn-cxx/security/validation-policy.hpp
new file mode 100644
index 0000000..f4d9b7d
--- /dev/null
+++ b/ndn-cxx/security/validation-policy.hpp
@@ -0,0 +1,170 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATION_POLICY_HPP
+#define NDN_SECURITY_VALIDATION_POLICY_HPP
+
+#include "ndn-cxx/data.hpp"
+#include "ndn-cxx/interest.hpp"
+#include "ndn-cxx/security/certificate-request.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
+
+namespace ndn {
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Abstraction that implements validation policy for Data and Interest packets
+ */
+class ValidationPolicy : noncopyable
+{
+public:
+ using ValidationContinuation = std::function<void(const shared_ptr<CertificateRequest>& certRequest,
+ const shared_ptr<ValidationState>& state)>;
+
+ virtual
+ ~ValidationPolicy() = default;
+
+ /**
+ * @brief Set inner policy
+ *
+ * Multiple assignments of the inner policy will create a "chain" of linked policies.
+ * The inner policy from the latest invocation of setInnerPolicy will be at the bottom
+ * of the policy list.
+ *
+ * For example, sequence of `this->setInnerPolicy(policy1)` and
+ * `this->setInnerPolicy(policy2)`, will result in `this->m_innerPolicy == policy1`,
+ * this->m_innerPolicy->m_innerPolicy == policy2', and
+ * `this->m_innerPolicy->m_innerPolicy->m_innerPolicy == nullptr`.
+ *
+ * @throw std::invalid_argument exception, if @p innerPolicy is nullptr.
+ */
+ void
+ setInnerPolicy(unique_ptr<ValidationPolicy> innerPolicy);
+
+ /**
+ * @brief Check if inner policy is set
+ */
+ bool
+ hasInnerPolicy() const
+ {
+ return m_innerPolicy != nullptr;
+ }
+
+ /**
+ * @brief Return the inner policy
+ *
+ * If the inner policy was not set, behavior is undefined.
+ */
+ ValidationPolicy&
+ getInnerPolicy();
+
+ /**
+ * @brief Set validator to which the policy is associated
+ */
+ void
+ setValidator(Validator& validator);
+
+ /**
+ * @brief Check @p data against the policy
+ *
+ * Depending on implementation of the policy, this check can be done synchronously or
+ * asynchronously.
+ *
+ * Semantics of checkPolicy has changed from v1::Validator
+ * - If packet violates policy, the policy should call `state->fail` with appropriate error
+ * code and error description.
+ * - If packet conforms to the policy and no further certificate retrievals are necessary,
+ * the policy should call continueValidation(nullptr, state)
+ * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
+ * call continueValidation(<appropriate-cert-request-instance>, state)
+ */
+ virtual void
+ checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation) = 0;
+
+ /**
+ * @brief Check @p interest against the policy
+ *
+ * Depending on implementation of the policy, this check can be done synchronously or
+ * asynchronously.
+ *
+ * Semantics of checkPolicy has changed from v1::Validator
+ * - If packet violates policy, the policy should call `state->fail` with appropriate error
+ * code and error description.
+ * - If packet conforms to the policy and no further certificate retrievals are necessary,
+ * the policy should call continueValidation(nullptr, state)
+ * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
+ * call continueValidation(<appropriate-cert-request-instance>, state)
+ */
+ virtual void
+ checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation) = 0;
+
+ /**
+ * @brief Check @p certificate against the policy
+ *
+ * Unless overridden by the policy, this check defaults to `checkPolicy(const Data&, ...)`.
+ *
+ * Depending on implementation of the policy, this check can be done synchronously or
+ * asynchronously.
+ *
+ * Semantics of checkPolicy has changed from v1::Validator
+ * - If packet violates policy, the policy should call `state->fail` with appropriate error
+ * code and error description.
+ * - If packet conforms to the policy and no further certificate retrievals are necessary,
+ * the policy should call continueValidation(nullptr, state)
+ * - If packet conforms to the policy and a certificate needs to be fetched, the policy should
+ * call continueValidation(<appropriate-cert-request-instance>, state)
+ */
+ virtual void
+ checkPolicy(const Certificate& certificate, const shared_ptr<ValidationState>& state,
+ const ValidationContinuation& continueValidation)
+ {
+ checkPolicy(static_cast<const Data&>(certificate), state, continueValidation);
+ }
+
+NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PROTECTED:
+ Validator* m_validator = nullptr;
+ unique_ptr<ValidationPolicy> m_innerPolicy;
+};
+
+/** \brief extract KeyLocator.Name from Data
+ *
+ * Data must contain a KeyLocator of Name type.
+ * Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
+ */
+Name
+getKeyLocatorName(const Data& data, ValidationState& state);
+
+/** \brief extract KeyLocator.Name from signed Interest
+ *
+ * Interest must have SignatureInfo and contain a KeyLocator of Name type.
+ * Otherwise, state.fail is invoked with INVALID_KEY_LOCATOR error.
+ */
+Name
+getKeyLocatorName(const Interest& interest, ValidationState& state);
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATION_POLICY_HPP
diff --git a/ndn-cxx/security/v2/validation-state.cpp b/ndn-cxx/security/validation-state.cpp
similarity index 95%
rename from ndn-cxx/security/v2/validation-state.cpp
rename to ndn-cxx/security/validation-state.cpp
index f6ee8d2..294d9fe 100644
--- a/ndn-cxx/security/v2/validation-state.cpp
+++ b/ndn-cxx/security/validation-state.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,16 +19,16 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validation-state.hpp"
-#include "ndn-cxx/security/v2/validator.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
+#include "ndn-cxx/security/validator.hpp"
#include "ndn-cxx/security/verification-helpers.hpp"
#include "ndn-cxx/util/logger.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
-NDN_LOG_INIT(ndn.security.v2.ValidationState);
+NDN_LOG_INIT(ndn.security.ValidationState);
#define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(this->getDepth() + 1, '>') << " " << x)
#define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(this->getDepth() + 1, '>') << " " << x)
@@ -203,6 +203,6 @@
return m_interest;
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/v2/validation-state.hpp b/ndn-cxx/security/validation-state.hpp
similarity index 95%
rename from ndn-cxx/security/v2/validation-state.hpp
rename to ndn-cxx/security/validation-state.hpp
index 4ebf31c..dffdc08 100644
--- a/ndn-cxx/security/v2/validation-state.hpp
+++ b/ndn-cxx/security/validation-state.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,12 +19,12 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_VALIDATION_STATE_HPP
-#define NDN_SECURITY_V2_VALIDATION_STATE_HPP
+#ifndef NDN_SECURITY_VALIDATION_STATE_HPP
+#define NDN_SECURITY_VALIDATION_STATE_HPP
#include "ndn-cxx/detail/tag-host.hpp"
-#include "ndn-cxx/security/v2/validation-callback.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/validation-callback.hpp"
+#include "ndn-cxx/security/certificate.hpp"
#include "ndn-cxx/util/signal.hpp"
#include <list>
@@ -33,7 +33,7 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
class Validator;
@@ -247,8 +247,8 @@
InterestValidationFailureCallback m_failureCb;
};
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
-#endif // NDN_SECURITY_V2_VALIDATION_STATE_HPP
+#endif // NDN_SECURITY_VALIDATION_STATE_HPP
diff --git a/ndn-cxx/security/validator-config.cpp b/ndn-cxx/security/validator-config.cpp
index 25e46eb..d8c3219 100644
--- a/ndn-cxx/security/validator-config.cpp
+++ b/ndn-cxx/security/validator-config.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,21 +20,21 @@
*/
#include "ndn-cxx/security/validator-config.hpp"
-#include "ndn-cxx/security/v2/certificate-fetcher-from-network.hpp"
+#include "ndn-cxx/security/certificate-fetcher-from-network.hpp"
namespace ndn {
namespace security {
-ValidatorConfig::ValidatorConfig(std::unique_ptr<v2::CertificateFetcher> fetcher, const Options& options)
- : v2::Validator(make_unique<v2::ValidationPolicyCommandInterest>(make_unique<v2::ValidationPolicyConfig>(),
- options),
- std::move(fetcher))
- , m_policyConfig(static_cast<v2::ValidationPolicyConfig&>(getPolicy().getInnerPolicy()))
+ValidatorConfig::ValidatorConfig(std::unique_ptr<CertificateFetcher> fetcher, const Options& options)
+ : Validator(make_unique<ValidationPolicyCommandInterest>(make_unique<ValidationPolicyConfig>(),
+ options),
+ std::move(fetcher))
+ , m_policyConfig(static_cast<ValidationPolicyConfig&>(getPolicy().getInnerPolicy()))
{
}
ValidatorConfig::ValidatorConfig(Face& face, const Options& options)
- : ValidatorConfig(make_unique<v2::CertificateFetcherFromNetwork>(face), options)
+ : ValidatorConfig(make_unique<CertificateFetcherFromNetwork>(face), options)
{
}
@@ -57,7 +57,7 @@
}
void
-ValidatorConfig::load(const v2::validator_config::ConfigSection& configSection,
+ValidatorConfig::load(const validator_config::ConfigSection& configSection,
const std::string& filename)
{
m_policyConfig.load(configSection, filename);
diff --git a/ndn-cxx/security/validator-config.hpp b/ndn-cxx/security/validator-config.hpp
index c3d1586..3583349 100644
--- a/ndn-cxx/security/validator-config.hpp
+++ b/ndn-cxx/security/validator-config.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,9 +22,9 @@
#ifndef NDN_SECURITY_VALIDATOR_CONFIG_HPP
#define NDN_SECURITY_VALIDATOR_CONFIG_HPP
-#include "ndn-cxx/security/v2/validator.hpp"
-#include "ndn-cxx/security/v2/validation-policy-command-interest.hpp"
-#include "ndn-cxx/security/v2/validation-policy-config.hpp"
+#include "ndn-cxx/security/validator.hpp"
+#include "ndn-cxx/security/validation-policy-command-interest.hpp"
+#include "ndn-cxx/security/validation-policy-config.hpp"
namespace ndn {
namespace security {
@@ -32,14 +32,14 @@
/**
* @brief Helper for validator that uses CommandInterest + Config policy and NetworkFetcher
*/
-class ValidatorConfig : public v2::Validator
+class ValidatorConfig : public Validator
{
public:
- using v2::Validator::Validator;
- using Options = v2::ValidationPolicyCommandInterest::Options;
+ using Validator::Validator;
+ using Options = ValidationPolicyCommandInterest::Options;
explicit
- ValidatorConfig(std::unique_ptr<v2::CertificateFetcher> fetcher, const Options& options = Options());
+ ValidatorConfig(std::unique_ptr<CertificateFetcher> fetcher, const Options& options = Options());
explicit
ValidatorConfig(Face& face, const Options& options = Options());
@@ -55,11 +55,11 @@
load(std::istream& input, const std::string& filename);
void
- load(const v2::validator_config::ConfigSection& configSection,
+ load(const validator_config::ConfigSection& configSection,
const std::string& filename);
NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
- v2::ValidationPolicyConfig& m_policyConfig;
+ ValidationPolicyConfig& m_policyConfig;
};
} // namespace security
diff --git a/ndn-cxx/security/v2/validator-config/checker.cpp b/ndn-cxx/security/validator-config/checker.cpp
similarity index 97%
rename from ndn-cxx/security/v2/validator-config/checker.cpp
rename to ndn-cxx/security/validator-config/checker.cpp
index db07441..d86bf4d 100644
--- a/ndn-cxx/security/v2/validator-config/checker.cpp
+++ b/ndn-cxx/security/validator-config/checker.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,8 +19,8 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validator-config/checker.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#include "ndn-cxx/security/validator-config/checker.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
#include "ndn-cxx/security/verification-helpers.hpp"
#include "ndn-cxx/security/pib/key.hpp"
@@ -28,7 +28,7 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace validator_config {
bool
@@ -321,6 +321,6 @@
}
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/v2/validator-config/checker.hpp b/ndn-cxx/security/validator-config/checker.hpp
similarity index 90%
rename from ndn-cxx/security/v2/validator-config/checker.hpp
rename to ndn-cxx/security/validator-config/checker.hpp
index fb9a169..b698226 100644
--- a/ndn-cxx/security/v2/validator-config/checker.hpp
+++ b/ndn-cxx/security/validator-config/checker.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,17 +19,17 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_VALIDATOR_CONFIG_CHECKER_HPP
-#define NDN_SECURITY_V2_VALIDATOR_CONFIG_CHECKER_HPP
+#ifndef NDN_SECURITY_VALIDATOR_CONFIG_CHECKER_HPP
+#define NDN_SECURITY_VALIDATOR_CONFIG_CHECKER_HPP
#include "ndn-cxx/name.hpp"
-#include "ndn-cxx/security/v2/validator-config/common.hpp"
-#include "ndn-cxx/security/v2/validator-config/name-relation.hpp"
+#include "ndn-cxx/security/validator-config/common.hpp"
+#include "ndn-cxx/security/validator-config/name-relation.hpp"
#include "ndn-cxx/util/regex.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
class ValidationState;
@@ -129,8 +129,8 @@
};
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
-#endif // NDN_SECURITY_V2_VALIDATOR_CONFIG_CHECKER_HPP
+#endif // NDN_SECURITY_VALIDATOR_CONFIG_CHECKER_HPP
diff --git a/ndn-cxx/security/v2/validator-config/common.hpp b/ndn-cxx/security/validator-config/common.hpp
similarity index 84%
rename from ndn-cxx/security/v2/validator-config/common.hpp
rename to ndn-cxx/security/validator-config/common.hpp
index 21c690f..06aa516 100644
--- a/ndn-cxx/security/v2/validator-config/common.hpp
+++ b/ndn-cxx/security/validator-config/common.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -21,8 +21,8 @@
* @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
*/
-#ifndef NDN_SECURITY_V2_VALIDATOR_CONFIG_COMMON_HPP
-#define NDN_SECURITY_V2_VALIDATOR_CONFIG_COMMON_HPP
+#ifndef NDN_SECURITY_VALIDATOR_CONFIG_COMMON_HPP
+#define NDN_SECURITY_VALIDATOR_CONFIG_COMMON_HPP
#include "ndn-cxx/detail/common.hpp"
@@ -30,7 +30,7 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace validator_config {
typedef boost::property_tree::ptree ConfigSection;
@@ -42,8 +42,8 @@
};
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
-#endif // NDN_SECURITY_V2_VALIDATOR_CONFIG_COMMON_HPP
+#endif // NDN_SECURITY_VALIDATOR_CONFIG_COMMON_HPP
diff --git a/ndn-cxx/security/v2/validator-config/filter.cpp b/ndn-cxx/security/validator-config/filter.cpp
similarity index 95%
rename from ndn-cxx/security/v2/validator-config/filter.cpp
rename to ndn-cxx/security/validator-config/filter.cpp
index 8fa8b2e..e0cc0ee 100644
--- a/ndn-cxx/security/v2/validator-config/filter.cpp
+++ b/ndn-cxx/security/validator-config/filter.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,7 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validator-config/filter.hpp"
+#include "ndn-cxx/security/validator-config/filter.hpp"
#include "ndn-cxx/data.hpp"
#include "ndn-cxx/interest.hpp"
@@ -30,7 +30,7 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace validator_config {
bool
@@ -142,6 +142,6 @@
}
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/v2/validator-config/filter.hpp b/ndn-cxx/security/validator-config/filter.hpp
similarity index 89%
rename from ndn-cxx/security/v2/validator-config/filter.hpp
rename to ndn-cxx/security/validator-config/filter.hpp
index f5af85e..a199362 100644
--- a/ndn-cxx/security/v2/validator-config/filter.hpp
+++ b/ndn-cxx/security/validator-config/filter.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,18 +19,18 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_VALIDATOR_CONFIG_FILTER_HPP
-#define NDN_SECURITY_V2_VALIDATOR_CONFIG_FILTER_HPP
+#ifndef NDN_SECURITY_VALIDATOR_CONFIG_FILTER_HPP
+#define NDN_SECURITY_VALIDATOR_CONFIG_FILTER_HPP
#include "ndn-cxx/data.hpp"
#include "ndn-cxx/interest.hpp"
-#include "ndn-cxx/security/v2/validator-config/common.hpp"
-#include "ndn-cxx/security/v2/validator-config/name-relation.hpp"
+#include "ndn-cxx/security/validator-config/common.hpp"
+#include "ndn-cxx/security/validator-config/name-relation.hpp"
#include "ndn-cxx/util/regex.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace validator_config {
/**
@@ -135,8 +135,8 @@
};
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
-#endif // NDN_SECURITY_V2_VALIDATOR_CONFIG_FILTER_HPP
+#endif // NDN_SECURITY_VALIDATOR_CONFIG_FILTER_HPP
diff --git a/ndn-cxx/security/v2/validator-config/name-relation.cpp b/ndn-cxx/security/validator-config/name-relation.cpp
similarity index 95%
rename from ndn-cxx/security/v2/validator-config/name-relation.cpp
rename to ndn-cxx/security/validator-config/name-relation.cpp
index 0f27aa9..05804d1 100644
--- a/ndn-cxx/security/v2/validator-config/name-relation.cpp
+++ b/ndn-cxx/security/validator-config/name-relation.cpp
@@ -19,13 +19,13 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validator-config/name-relation.hpp"
+#include "ndn-cxx/security/validator-config/name-relation.hpp"
#include <boost/algorithm/string/predicate.hpp>
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace validator_config {
std::ostream&
@@ -74,6 +74,6 @@
}
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/v2/validator-config/name-relation.hpp b/ndn-cxx/security/validator-config/name-relation.hpp
similarity index 82%
rename from ndn-cxx/security/v2/validator-config/name-relation.hpp
rename to ndn-cxx/security/validator-config/name-relation.hpp
index aa236df..098e5ae 100644
--- a/ndn-cxx/security/v2/validator-config/name-relation.hpp
+++ b/ndn-cxx/security/validator-config/name-relation.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,15 +19,15 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_VALIDATOR_CONFIG_NAME_RELATION_HPP
-#define NDN_SECURITY_V2_VALIDATOR_CONFIG_NAME_RELATION_HPP
+#ifndef NDN_SECURITY_VALIDATOR_CONFIG_NAME_RELATION_HPP
+#define NDN_SECURITY_VALIDATOR_CONFIG_NAME_RELATION_HPP
#include "ndn-cxx/name.hpp"
-#include "ndn-cxx/security/v2/validator-config/common.hpp"
+#include "ndn-cxx/security/validator-config/common.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace validator_config {
enum class NameRelation {
@@ -53,8 +53,8 @@
getNameRelationFromString(const std::string& relationString);
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
-#endif // NDN_SECURITY_V2_VALIDATOR_CONFIG_NAME_RELATION_HPP
+#endif // NDN_SECURITY_VALIDATOR_CONFIG_NAME_RELATION_HPP
diff --git a/ndn-cxx/security/v2/validator-config/rule.cpp b/ndn-cxx/security/validator-config/rule.cpp
similarity index 96%
rename from ndn-cxx/security/v2/validator-config/rule.cpp
rename to ndn-cxx/security/validator-config/rule.cpp
index f0a5249..91807d9 100644
--- a/ndn-cxx/security/v2/validator-config/rule.cpp
+++ b/ndn-cxx/security/validator-config/rule.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,7 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validator-config/rule.hpp"
+#include "ndn-cxx/security/validator-config/rule.hpp"
#include "ndn-cxx/util/logger.hpp"
#include <boost/algorithm/string/predicate.hpp>
@@ -28,7 +28,7 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace validator_config {
Rule::Rule(const std::string& id, uint32_t pktType)
@@ -164,6 +164,6 @@
}
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/v2/validator-config/rule.hpp b/ndn-cxx/security/validator-config/rule.hpp
similarity index 89%
rename from ndn-cxx/security/v2/validator-config/rule.hpp
rename to ndn-cxx/security/validator-config/rule.hpp
index 53dc81c..9d43c59 100644
--- a/ndn-cxx/security/v2/validator-config/rule.hpp
+++ b/ndn-cxx/security/validator-config/rule.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,15 +19,15 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_V2_VALIDATOR_CONFIG_RULE_HPP
-#define NDN_SECURITY_V2_VALIDATOR_CONFIG_RULE_HPP
+#ifndef NDN_SECURITY_VALIDATOR_CONFIG_RULE_HPP
+#define NDN_SECURITY_VALIDATOR_CONFIG_RULE_HPP
-#include "ndn-cxx/security/v2/validator-config/checker.hpp"
-#include "ndn-cxx/security/v2/validator-config/filter.hpp"
+#include "ndn-cxx/security/validator-config/checker.hpp"
+#include "ndn-cxx/security/validator-config/filter.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
class ValidationState;
@@ -106,8 +106,8 @@
};
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
-#endif // NDN_SECURITY_V2_VALIDATOR_CONFIG_RULE_HPP
+#endif // NDN_SECURITY_VALIDATOR_CONFIG_RULE_HPP
diff --git a/ndn-cxx/security/validator-null.cpp b/ndn-cxx/security/validator-null.cpp
index 4299d82..35c66cf 100644
--- a/ndn-cxx/security/validator-null.cpp
+++ b/ndn-cxx/security/validator-null.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,25 +20,25 @@
*/
#include "ndn-cxx/security/validator-null.hpp"
-#include "ndn-cxx/security/v2/validation-policy-accept-all.hpp"
-#include "ndn-cxx/security/v2/certificate-fetcher-offline.hpp"
+#include "ndn-cxx/security/validation-policy-accept-all.hpp"
+#include "ndn-cxx/security/certificate-fetcher-offline.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
ValidatorNull::ValidatorNull()
: Validator(make_unique<ValidationPolicyAcceptAll>(), make_unique<CertificateFetcherOffline>())
{
}
-security::v2::Validator&
+Validator&
getAcceptAllValidator()
{
- static security::ValidatorNull validator;
+ static ValidatorNull validator;
return validator;
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/validator-null.hpp b/ndn-cxx/security/validator-null.hpp
index 7ed55e8..c1517cf 100644
--- a/ndn-cxx/security/validator-null.hpp
+++ b/ndn-cxx/security/validator-null.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,11 +22,11 @@
#ifndef NDN_SECURITY_VALIDATOR_NULL_HPP
#define NDN_SECURITY_VALIDATOR_NULL_HPP
-#include "ndn-cxx/security/v2/validator.hpp"
+#include "ndn-cxx/security/validator.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
/**
* @brief Validator with "accept-all" policy and offline certificate fetcher
@@ -37,14 +37,10 @@
ValidatorNull();
};
-security::v2::Validator&
+Validator&
getAcceptAllValidator();
-} // namespace v2
-
-using v2::ValidatorNull;
-using v2::getAcceptAllValidator;
-
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/v2/validator.cpp b/ndn-cxx/security/validator.cpp
similarity index 96%
rename from ndn-cxx/security/v2/validator.cpp
rename to ndn-cxx/security/validator.cpp
index 1219f4c..2372352 100644
--- a/ndn-cxx/security/v2/validator.cpp
+++ b/ndn-cxx/security/validator.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,7 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validator.hpp"
+#include "ndn-cxx/security/validator.hpp"
#include "ndn-cxx/face.hpp"
#include "ndn-cxx/security/transform/public-key.hpp"
@@ -27,9 +27,9 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
-NDN_LOG_INIT(ndn.security.v2.Validator);
+NDN_LOG_INIT(ndn.security.Validator);
#define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(state->getDepth() + 1, '>') << " " << x)
#define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(state->getDepth() + 1, '>') << " " << x)
@@ -212,6 +212,6 @@
CertificateStorage::resetVerifiedCerts();
}
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/ndn-cxx/security/validator.hpp b/ndn-cxx/security/validator.hpp
new file mode 100644
index 0000000..214eda7
--- /dev/null
+++ b/ndn-cxx/security/validator.hpp
@@ -0,0 +1,189 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2013-2020 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDATOR_HPP
+#define NDN_SECURITY_VALIDATOR_HPP
+
+#include "ndn-cxx/security/certificate-fetcher.hpp"
+#include "ndn-cxx/security/certificate-request.hpp"
+#include "ndn-cxx/security/certificate-storage.hpp"
+#include "ndn-cxx/security/validation-callback.hpp"
+#include "ndn-cxx/security/validation-policy.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
+
+namespace ndn {
+
+class Face;
+
+namespace security {
+inline namespace v2 {
+
+/**
+ * @brief Interface for validating data and interest packets.
+ *
+ * Every time a validation process initiated, it creates a ValidationState that exist until
+ * validation finishes with either success or failure. This state serves several purposes:
+ * - record Interest or Data packet being validated
+ * - record failure callback
+ * - record certificates in the certification chain for the Interest or Data packet being validated
+ * - record names of the requested certificates to detect loops in the certificate chain
+ * - keep track of the validation chain size (aka validation "depth")
+ *
+ * During validation, policy and/or key fetcher can augment validation state with policy- and
+ * fetcher-specific information using ndn::Tag's.
+ *
+ * A validator has a trust anchor cache to save static and dynamic trust anchors, a verified
+ * certificate cache for saving certificates that are already verified and an unverified
+ * certificate cache for saving prefetched but not yet verified certificates.
+ *
+ * @todo Limit the maximum time the validation process is allowed to run before declaring failure
+ * @todo Ability to customize maximum lifetime for trusted and untrusted certificate caches.
+ * Current implementation hard-codes them to be 1 hour and 5 minutes.
+ */
+class Validator : public CertificateStorage
+{
+public:
+ /**
+ * @brief Validator constructor.
+ *
+ * @param policy Validation policy to be associated with the validator
+ * @param certFetcher Certificate fetcher implementation.
+ */
+ Validator(unique_ptr<ValidationPolicy> policy, unique_ptr<CertificateFetcher> certFetcher);
+
+ ~Validator();
+
+ ValidationPolicy&
+ getPolicy();
+
+ CertificateFetcher&
+ getFetcher();
+
+ /**
+ * @brief Set the maximum depth of the certificate chain
+ */
+ void
+ setMaxDepth(size_t depth);
+
+ /**
+ * @return The maximum depth of the certificate chain
+ */
+ size_t
+ getMaxDepth() const;
+
+ /**
+ * @brief Asynchronously validate @p data
+ *
+ * @note @p successCb and @p failureCb must not be nullptr
+ */
+ void
+ validate(const Data& data,
+ const DataValidationSuccessCallback& successCb,
+ const DataValidationFailureCallback& failureCb);
+
+ /**
+ * @brief Asynchronously validate @p interest
+ *
+ * @note @p successCb and @p failureCb must not be nullptr
+ */
+ void
+ validate(const Interest& interest,
+ const InterestValidationSuccessCallback& successCb,
+ const InterestValidationFailureCallback& failureCb);
+
+public: // anchor management
+ /**
+ * @brief load static trust anchor.
+ *
+ * Static trust anchors are permanently associated with the validator and never expire.
+ *
+ * @param groupId Certificate group id.
+ * @param cert Certificate to load as a trust anchor.
+ */
+ void
+ loadAnchor(const std::string& groupId, Certificate&& cert);
+
+ /**
+ * @brief load dynamic trust anchors.
+ *
+ * Dynamic trust anchors are associated with the validator for as long as the underlying
+ * trust anchor file (set of files) exist(s).
+ *
+ * @param groupId Certificate group id, must not be empty.
+ * @param certfilePath Specifies the path to load the trust anchors.
+ * @param refreshPeriod Refresh period for the trust anchors, must be positive.
+ * @param isDir Tells whether the path is a directory or a single file.
+ */
+ void
+ loadAnchor(const std::string& groupId, const std::string& certfilePath,
+ time::nanoseconds refreshPeriod, bool isDir = false);
+
+ /**
+ * @brief remove any previously loaded static or dynamic trust anchor
+ */
+ void
+ resetAnchors();
+
+ /**
+ * @brief Cache verified @p cert a period of time (1 hour)
+ *
+ * @todo Add ability to customize time period
+ */
+ void
+ cacheVerifiedCertificate(Certificate&& cert);
+
+ /**
+ * @brief Remove any cached verified certificates
+ */
+ void
+ resetVerifiedCertificates();
+
+private: // Common validator operations
+ /**
+ * @brief Recursive validation of the certificate in the certification chain
+ *
+ * @param cert The certificate to check.
+ * @param state The current validation state.
+ */
+ void
+ validate(const Certificate& cert, const shared_ptr<ValidationState>& state);
+
+ /**
+ * @brief Request certificate for further validation.
+ *
+ * @param certRequest Certificate request.
+ * @param state The current validation state.
+ */
+ void
+ requestCertificate(const shared_ptr<CertificateRequest>& certRequest,
+ const shared_ptr<ValidationState>& state);
+
+private:
+ unique_ptr<ValidationPolicy> m_policy;
+ unique_ptr<CertificateFetcher> m_certFetcher;
+ size_t m_maxDepth;
+};
+
+} // inline namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDATOR_HPP
diff --git a/ndn-cxx/security/verification-helpers.cpp b/ndn-cxx/security/verification-helpers.cpp
index cb79ac9..0477e4e 100644
--- a/ndn-cxx/security/verification-helpers.cpp
+++ b/ndn-cxx/security/verification-helpers.cpp
@@ -22,8 +22,9 @@
#include "ndn-cxx/security/verification-helpers.hpp"
#include "ndn-cxx/data.hpp"
-#include "ndn-cxx/interest.hpp"
#include "ndn-cxx/encoding/buffer-stream.hpp"
+#include "ndn-cxx/interest.hpp"
+#include "ndn-cxx/security/certificate.hpp"
#include "ndn-cxx/security/impl/openssl.hpp"
#include "ndn-cxx/security/pib/key.hpp"
#include "ndn-cxx/security/tpm/key-handle.hpp"
@@ -34,7 +35,6 @@
#include "ndn-cxx/security/transform/public-key.hpp"
#include "ndn-cxx/security/transform/stream-sink.hpp"
#include "ndn-cxx/security/transform/verifier-filter.hpp"
-#include "ndn-cxx/security/v2/certificate.hpp"
namespace ndn {
namespace security {
diff --git a/ndn-cxx/security/verification-helpers.hpp b/ndn-cxx/security/verification-helpers.hpp
index 3399821..2f9178a 100644
--- a/ndn-cxx/security/verification-helpers.hpp
+++ b/ndn-cxx/security/verification-helpers.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -44,9 +44,9 @@
class PublicKey;
} // namespace transform
-namespace v2 {
+inline namespace v2 {
class Certificate;
-} // namespace v2
+} // inline namespace v2
/**
* @brief Verify @p blob using @p key against @p sig.
diff --git a/ndn-cxx/util/notification-stream.hpp b/ndn-cxx/util/notification-stream.hpp
index 4dc5862..3c10c74 100644
--- a/ndn-cxx/util/notification-stream.hpp
+++ b/ndn-cxx/util/notification-stream.hpp
@@ -1,12 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2014-2018 Regents of the University of California,
- * Arizona Board of Regents,
- * Colorado State University,
- * University Pierre & Marie Curie, Sorbonne University,
- * Washington University in St. Louis,
- * Beijing Institute of Technology,
- * The University of Memphis.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -30,7 +24,7 @@
#include "ndn-cxx/face.hpp"
#include "ndn-cxx/name.hpp"
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
#include "ndn-cxx/util/concepts.hpp"
namespace ndn {
diff --git a/ndn-cxx/util/segment-fetcher.hpp b/ndn-cxx/util/segment-fetcher.hpp
index 30879d6..a35d69b 100644
--- a/ndn-cxx/util/segment-fetcher.hpp
+++ b/ndn-cxx/util/segment-fetcher.hpp
@@ -1,8 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2020 Regents of the University of California,
- * Colorado State University,
- * University Pierre & Marie Curie, Sorbonne University.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -25,7 +23,7 @@
#define NDN_UTIL_SEGMENT_FETCHER_HPP
#include "ndn-cxx/face.hpp"
-#include "ndn-cxx/security/v2/validator.hpp"
+#include "ndn-cxx/security/validator.hpp"
#include "ndn-cxx/util/rtt-estimator.hpp"
#include "ndn-cxx/util/scheduler.hpp"
#include "ndn-cxx/util/signal.hpp"
diff --git a/tests/identity-management-fixture.cpp b/tests/identity-management-fixture.cpp
index 3877a23..0c95567 100644
--- a/tests/identity-management-fixture.cpp
+++ b/tests/identity-management-fixture.cpp
@@ -21,7 +21,7 @@
#include "tests/identity-management-fixture.hpp"
-#include "ndn-cxx/security/v2/additional-description.hpp"
+#include "ndn-cxx/security/additional-description.hpp"
#include "ndn-cxx/util/io.hpp"
#include <boost/filesystem.hpp>
diff --git a/tests/identity-management-fixture.hpp b/tests/identity-management-fixture.hpp
index ba42ca3..7c0ffbd 100644
--- a/tests/identity-management-fixture.hpp
+++ b/tests/identity-management-fixture.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,7 +22,7 @@
#ifndef NDN_TESTS_IDENTITY_MANAGEMENT_FIXTURE_HPP
#define NDN_TESTS_IDENTITY_MANAGEMENT_FIXTURE_HPP
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
#include "ndn-cxx/security/signing-helpers.hpp"
#include "tests/test-home-fixture.hpp"
diff --git a/tests/test-home-fixture.hpp b/tests/test-home-fixture.hpp
index 63d5d88..68ffd50 100644
--- a/tests/test-home-fixture.hpp
+++ b/tests/test-home-fixture.hpp
@@ -22,7 +22,7 @@
#ifndef NDN_TESTS_TEST_HOME_FIXTURE_HPP
#define NDN_TESTS_TEST_HOME_FIXTURE_HPP
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
#include <cstdlib>
#include <fstream>
@@ -76,8 +76,8 @@
}
boost::filesystem::remove_all(m_pibDir);
- const_cast<std::string&>(security::v2::KeyChain::getDefaultPibLocator()).clear();
- const_cast<std::string&>(security::v2::KeyChain::getDefaultTpmLocator()).clear();
+ const_cast<std::string&>(KeyChain::getDefaultPibLocator()).clear();
+ const_cast<std::string&>(KeyChain::getDefaultTpmLocator()).clear();
}
protected:
diff --git a/tests/tests-pch.hpp b/tests/tests-pch.hpp
index a81f7bf..f60e472 100644
--- a/tests/tests-pch.hpp
+++ b/tests/tests-pch.hpp
@@ -27,7 +27,7 @@
#include "ndn-cxx/data.hpp"
#include "ndn-cxx/interest.hpp"
#include "ndn-cxx/lp/nack.hpp"
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
#include "tests/boost-test.hpp"
diff --git a/tests/unit/dummy-validator.hpp b/tests/unit/dummy-validator.hpp
index aab9114..bb05167 100644
--- a/tests/unit/dummy-validator.hpp
+++ b/tests/unit/dummy-validator.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,9 +22,9 @@
#ifndef NDN_TESTS_UNIT_DUMMY_VALIDATOR_HPP
#define NDN_TESTS_UNIT_DUMMY_VALIDATOR_HPP
-#include "ndn-cxx/security/v2/validator.hpp"
-#include "ndn-cxx/security/v2/validation-policy.hpp"
-#include "ndn-cxx/security/v2/certificate-fetcher-offline.hpp"
+#include "ndn-cxx/security/validator.hpp"
+#include "ndn-cxx/security/validation-policy.hpp"
+#include "ndn-cxx/security/certificate-fetcher-offline.hpp"
namespace ndn {
namespace tests {
diff --git a/tests/unit/mgmt/nfd/controller-fixture.hpp b/tests/unit/mgmt/nfd/controller-fixture.hpp
index bc42e20..c210fcf 100644
--- a/tests/unit/mgmt/nfd/controller-fixture.hpp
+++ b/tests/unit/mgmt/nfd/controller-fixture.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,7 +23,7 @@
#define NDN_TESTS_UNIT_MGMT_NFD_CONTROLLER_FIXTURE_HPP
#include "ndn-cxx/mgmt/nfd/controller.hpp"
-#include "ndn-cxx/security/v2/certificate-fetcher-offline.hpp"
+#include "ndn-cxx/security/certificate-fetcher-offline.hpp"
#include "ndn-cxx/util/dummy-client-face.hpp"
#include "tests/unit/dummy-validator.hpp"
diff --git a/tests/unit/security/v2/additional-description.t.cpp b/tests/unit/security/additional-description.t.cpp
similarity index 96%
rename from tests/unit/security/v2/additional-description.t.cpp
rename to tests/unit/security/additional-description.t.cpp
index 86a3a90..657870f 100644
--- a/tests/unit/security/v2/additional-description.t.cpp
+++ b/tests/unit/security/additional-description.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,7 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/additional-description.hpp"
+#include "ndn-cxx/security/additional-description.hpp"
#include "tests/boost-test.hpp"
diff --git a/tests/unit/security/v2/certificate-bundle-fetcher.t.cpp b/tests/unit/security/certificate-bundle-fetcher.t.cpp
similarity index 91%
rename from tests/unit/security/v2/certificate-bundle-fetcher.t.cpp
rename to tests/unit/security/certificate-bundle-fetcher.t.cpp
index cd96300..5c05148 100644
--- a/tests/unit/security/v2/certificate-bundle-fetcher.t.cpp
+++ b/tests/unit/security/certificate-bundle-fetcher.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,23 +19,22 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/certificate-bundle-fetcher.hpp"
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
+#include "ndn-cxx/security/certificate-bundle-fetcher.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
#include "ndn-cxx/util/regex/regex-pattern-list-matcher.hpp"
#include "ndn-cxx/lp/nack.hpp"
#include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace tests {
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
BOOST_AUTO_TEST_SUITE(TestCertificateBundleFetcher)
class CertificateBundleFetcherWrapper : public CertificateBundleFetcher
@@ -69,9 +68,9 @@
{
public:
CertificateBundleFetcherFixture()
- : data("/Security/V2/ValidatorFixture/Sub1/Sub3/Data")
+ : data("/Security/ValidatorFixture/Sub1/Sub3/Data")
{
- subSubIdentity = addSubCertificate("/Security/V2/ValidatorFixture/Sub1/Sub3", subIdentity);
+ subSubIdentity = addSubCertificate("/Security/ValidatorFixture/Sub1/Sub3", subIdentity);
cache.insert(subSubIdentity.getDefaultKey().getDefaultCertificate());
m_keyChain.sign(data, signingByIdentity(subSubIdentity));
@@ -182,10 +181,9 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestCertificateBundleFetcher
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/certificate-cache.t.cpp b/tests/unit/security/certificate-cache.t.cpp
similarity index 92%
rename from tests/unit/security/v2/certificate-cache.t.cpp
rename to tests/unit/security/certificate-cache.t.cpp
index 8062c18..65614ac 100644
--- a/tests/unit/security/v2/certificate-cache.t.cpp
+++ b/tests/unit/security/certificate-cache.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,18 +19,17 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/certificate-cache.hpp"
+#include "ndn-cxx/security/certificate-cache.hpp"
#include "tests/boost-test.hpp"
#include "tests/unit/identity-management-time-fixture.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace tests {
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
class CertificateCacheFixture : public ndn::tests::IdentityManagementTimeFixture
{
@@ -84,10 +83,9 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestCertificateCache
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/certificate-fetcher-direct-fetch.t.cpp b/tests/unit/security/certificate-fetcher-direct-fetch.t.cpp
similarity index 93%
rename from tests/unit/security/v2/certificate-fetcher-direct-fetch.t.cpp
rename to tests/unit/security/certificate-fetcher-direct-fetch.t.cpp
index 7e513c6..9f8c24f 100644
--- a/tests/unit/security/v2/certificate-fetcher-direct-fetch.t.cpp
+++ b/tests/unit/security/certificate-fetcher-direct-fetch.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,26 +19,25 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/certificate-fetcher-direct-fetch.hpp"
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
+#include "ndn-cxx/security/certificate-fetcher-direct-fetch.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
#include "ndn-cxx/lp/nack.hpp"
#include "ndn-cxx/lp/tags.hpp"
#include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
#include <boost/range/adaptor/sliced.hpp>
#include <boost/range/adaptor/strided.hpp>
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace tests {
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
BOOST_AUTO_TEST_SUITE(TestCertificateFetcherDirectFetch)
class Cert
@@ -66,11 +65,11 @@
public:
CertificateFetcherDirectFetchFixture()
- : data("/Security/V2/ValidatorFixture/Sub1/Sub3/Data")
- , interest("/Security/V2/ValidatorFixture/Sub1/Sub3/Interest")
- , interestNoTag("/Security/V2/ValidatorFixture/Sub1/Sub3/Interest2")
+ : data("/Security/ValidatorFixture/Sub1/Sub3/Data")
+ , interest("/Security/ValidatorFixture/Sub1/Sub3/Interest")
+ , interestNoTag("/Security/ValidatorFixture/Sub1/Sub3/Interest2")
{
- Identity subSubIdentity = addSubCertificate("/Security/V2/ValidatorFixture/Sub1/Sub3", subIdentity);
+ Identity subSubIdentity = addSubCertificate("/Security/ValidatorFixture/Sub1/Sub3", subIdentity);
cache.insert(subSubIdentity.getDefaultKey().getDefaultCertificate());
m_keyChain.sign(data, signingByIdentity(subSubIdentity));
@@ -258,10 +257,9 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestCertificateFetcherDirectFetch
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/certificate-fetcher-from-network.t.cpp b/tests/unit/security/certificate-fetcher-from-network.t.cpp
similarity index 86%
rename from tests/unit/security/v2/certificate-fetcher-from-network.t.cpp
rename to tests/unit/security/certificate-fetcher-from-network.t.cpp
index a7b1388..56677b7 100644
--- a/tests/unit/security/v2/certificate-fetcher-from-network.t.cpp
+++ b/tests/unit/security/certificate-fetcher-from-network.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,22 +19,21 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/certificate-fetcher-from-network.hpp"
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
+#include "ndn-cxx/security/certificate-fetcher-from-network.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
#include "ndn-cxx/lp/nack.hpp"
#include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace tests {
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
BOOST_AUTO_TEST_SUITE(TestCertificateFetcherFromNetwork)
class Cert
@@ -55,10 +54,10 @@
{
public:
CertificateFetcherFromNetworkFixture()
- : data("/Security/V2/ValidatorFixture/Sub1/Sub3/Data")
- , interest("/Security/V2/ValidatorFixture/Sub1/Sub3/Interest")
+ : data("/Security/ValidatorFixture/Sub1/Sub3/Data")
+ , interest("/Security/ValidatorFixture/Sub1/Sub3/Interest")
{
- Identity subSubIdentity = addSubCertificate("/Security/V2/ValidatorFixture/Sub1/Sub3", subIdentity);
+ Identity subSubIdentity = addSubCertificate("/Security/ValidatorFixture/Sub1/Sub3", subIdentity);
cache.insert(subSubIdentity.getDefaultKey().getDefaultCertificate());
m_keyChain.sign(data, signingByIdentity(subSubIdentity));
@@ -131,10 +130,9 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestCertificateFetcherFromNetwork
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/certificate-fetcher-offline.t.cpp b/tests/unit/security/certificate-fetcher-offline.t.cpp
similarity index 84%
rename from tests/unit/security/v2/certificate-fetcher-offline.t.cpp
rename to tests/unit/security/certificate-fetcher-offline.t.cpp
index bdf61c6..0a11d24 100644
--- a/tests/unit/security/v2/certificate-fetcher-offline.t.cpp
+++ b/tests/unit/security/certificate-fetcher-offline.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,21 +19,20 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/certificate-fetcher-offline.hpp"
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
+#include "ndn-cxx/security/certificate-fetcher-offline.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
#include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace tests {
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
class CertificateFetcherOfflineWrapper : public CertificateFetcherOffline
{
@@ -52,7 +51,7 @@
BOOST_AUTO_TEST_CASE_TEMPLATE(Validate, Packet, Packets)
{
- Packet unsignedPacket("/Security/V2/ValidatorFixture/Sub1/Packet");
+ Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Packet");
Packet packet = unsignedPacket;
m_keyChain.sign(packet, signingByIdentity(subIdentity));
@@ -66,10 +65,9 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestCertificateFetcherOffline
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/certificate.t.cpp b/tests/unit/security/certificate.t.cpp
similarity index 98%
rename from tests/unit/security/v2/certificate.t.cpp
rename to tests/unit/security/certificate.t.cpp
index 91bb5c1..f645dbd 100644
--- a/tests/unit/security/v2/certificate.t.cpp
+++ b/tests/unit/security/certificate.t.cpp
@@ -21,7 +21,7 @@
* @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
*/
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/certificate.hpp"
#include "tests/boost-test.hpp"
#include "tests/unit/unit-test-time-fixture.hpp"
@@ -30,13 +30,12 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace tests {
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
BOOST_FIXTURE_TEST_SUITE(TestCertificate, UnitTestTimeFixture)
const uint8_t PUBLIC_KEY[] = {
@@ -275,10 +274,9 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestCertificate
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/key-chain.t.cpp b/tests/unit/security/key-chain.t.cpp
similarity index 98%
rename from tests/unit/security/v2/key-chain.t.cpp
rename to tests/unit/security/key-chain.t.cpp
index 7f6abb0..6e85b75 100644
--- a/tests/unit/security/v2/key-chain.t.cpp
+++ b/tests/unit/security/key-chain.t.cpp
@@ -19,7 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/key-chain.hpp"
+#include "ndn-cxx/security/key-chain.hpp"
#include "ndn-cxx/security/signing-helpers.hpp"
#include "ndn-cxx/security/verification-helpers.hpp"
#include "ndn-cxx/security/transform/private-key.hpp"
@@ -30,13 +30,12 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace tests {
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
BOOST_FIXTURE_TEST_SUITE(TestKeyChain, TestHomeEnvSaver)
template<class Path>
@@ -466,7 +465,7 @@
BOOST_FIXTURE_TEST_CASE(SelfSignedCertValidity, IdentityManagementFixture)
{
- Certificate cert = addIdentity("/Security/V2/TestKeyChain/SelfSignedCertValidity")
+ Certificate cert = addIdentity("/Security/TestKeyChain/SelfSignedCertValidity")
.getDefaultKey()
.getDefaultCertificate();
BOOST_CHECK(cert.isValid());
@@ -475,10 +474,9 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestKeyChain
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/pib/pib-data-fixture.hpp b/tests/unit/security/pib/pib-data-fixture.hpp
index 21af850..66e65eb 100644
--- a/tests/unit/security/pib/pib-data-fixture.hpp
+++ b/tests/unit/security/pib/pib-data-fixture.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,7 +22,7 @@
#ifndef NDN_TESTS_UNIT_SECURITY_PIB_DATA_FIXTURE_HPP
#define NDN_TESTS_UNIT_SECURITY_PIB_DATA_FIXTURE_HPP
-#include "ndn-cxx/security/v2/certificate.hpp"
+#include "ndn-cxx/security/certificate.hpp"
namespace ndn {
namespace security {
@@ -34,14 +34,14 @@
PibDataFixture();
public:
- v2::Certificate id1Key1Cert1;
- v2::Certificate id1Key1Cert2;
- v2::Certificate id1Key2Cert1;
- v2::Certificate id1Key2Cert2;
- v2::Certificate id2Key1Cert1;
- v2::Certificate id2Key1Cert2;
- v2::Certificate id2Key2Cert1;
- v2::Certificate id2Key2Cert2;
+ Certificate id1Key1Cert1;
+ Certificate id1Key1Cert2;
+ Certificate id1Key2Cert1;
+ Certificate id1Key2Cert2;
+ Certificate id2Key1Cert1;
+ Certificate id2Key1Cert2;
+ Certificate id2Key2Cert1;
+ Certificate id2Key2Cert2;
Name id1;
Name id2;
diff --git a/tests/unit/security/v2/trust-anchor-container.t.cpp b/tests/unit/security/trust-anchor-container.t.cpp
similarity index 96%
rename from tests/unit/security/v2/trust-anchor-container.t.cpp
rename to tests/unit/security/trust-anchor-container.t.cpp
index 8ed4cec..b25805f 100644
--- a/tests/unit/security/v2/trust-anchor-container.t.cpp
+++ b/tests/unit/security/trust-anchor-container.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,7 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/trust-anchor-container.hpp"
+#include "ndn-cxx/security/trust-anchor-container.hpp"
#include "ndn-cxx/util/io.hpp"
#include "tests/boost-test.hpp"
@@ -29,13 +29,12 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace tests {
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
/**
* This fixture creates a directory and prepares two certificates.
@@ -183,10 +182,9 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestTrustAnchorContainer
-BOOST_AUTO_TEST_SUITE_END() // Detail
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/validation-error.t.cpp b/tests/unit/security/validation-error.t.cpp
similarity index 90%
rename from tests/unit/security/v2/validation-error.t.cpp
rename to tests/unit/security/validation-error.t.cpp
index 21821ee..6ecb94f 100644
--- a/tests/unit/security/v2/validation-error.t.cpp
+++ b/tests/unit/security/validation-error.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,18 +19,17 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validation-error.hpp"
+#include "ndn-cxx/security/validation-error.hpp"
#include "tests/boost-test.hpp"
#include <boost/lexical_cast.hpp>
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace tests {
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
BOOST_AUTO_TEST_SUITE(TestValidationError)
BOOST_AUTO_TEST_CASE(Basic)
@@ -52,10 +51,9 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestValidationError
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/validation-policy-accept-all.t.cpp b/tests/unit/security/validation-policy-accept-all.t.cpp
similarity index 83%
rename from tests/unit/security/v2/validation-policy-accept-all.t.cpp
rename to tests/unit/security/validation-policy-accept-all.t.cpp
index 9d7d927..6a9f0f1 100644
--- a/tests/unit/security/v2/validation-policy-accept-all.t.cpp
+++ b/tests/unit/security/validation-policy-accept-all.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,29 +19,28 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validation-policy-accept-all.hpp"
+#include "ndn-cxx/security/validation-policy-accept-all.hpp"
#include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
#include <boost/mpl/vector.hpp>
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace tests {
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
class ValidationPolicyAcceptAllFixture : public ValidatorFixture<ValidationPolicyAcceptAll>
{
public:
ValidationPolicyAcceptAllFixture()
{
- identity = addIdentity("/Security/V2/TestValidationPolicyAcceptAll");
+ identity = addIdentity("/Security/TestValidationPolicyAcceptAll");
// don't add trust anchors
}
@@ -55,7 +54,7 @@
BOOST_AUTO_TEST_CASE_TEMPLATE(Validate, Packet, Packets)
{
- Packet unsignedPacket("/Security/V2/TestValidationPolicyAcceptAll/Sub/Packet");
+ Packet unsignedPacket("/Security/TestValidationPolicyAcceptAll/Sub/Packet");
Packet packet = unsignedPacket;
VALIDATE_SUCCESS(packet, "Should accept unsigned");
@@ -70,10 +69,9 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestValidationPolicyAcceptAll
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/validation-policy-command-interest.t.cpp b/tests/unit/security/validation-policy-command-interest.t.cpp
similarity index 93%
rename from tests/unit/security/v2/validation-policy-command-interest.t.cpp
rename to tests/unit/security/validation-policy-command-interest.t.cpp
index a061a27..da6ced7 100644
--- a/tests/unit/security/v2/validation-policy-command-interest.t.cpp
+++ b/tests/unit/security/validation-policy-command-interest.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,28 +19,27 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validation-policy-command-interest.hpp"
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
-#include "ndn-cxx/security/v2/validation-policy-accept-all.hpp"
+#include "ndn-cxx/security/validation-policy-command-interest.hpp"
#include "ndn-cxx/security/command-interest-signer.hpp"
#include "ndn-cxx/security/signing-helpers.hpp"
+#include "ndn-cxx/security/validation-policy-accept-all.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
#include "tests/boost-test.hpp"
#include "tests/make-interest-data.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
#include <boost/lexical_cast.hpp>
#include <boost/mpl/vector.hpp>
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace tests {
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
class DefaultOptions
{
@@ -102,7 +101,7 @@
BOOST_AUTO_TEST_CASE(DataPassthru)
{
- Data d1("/Security/V2/ValidatorFixture/Sub1");
+ Data d1("/Security/ValidatorFixture/Sub1");
m_keyChain.sign(d1);
VALIDATE_SUCCESS(d1, "Should succeed (fallback on inner validation policy for data)");
}
@@ -324,13 +323,13 @@
BOOST_FIXTURE_TEST_CASE(LimitedRecords, ValidationPolicyCommandInterestFixture<LimitedRecordsOptions>)
{
- Identity id1 = this->addSubCertificate("/Security/V2/ValidatorFixture/Sub1", identity);
+ Identity id1 = this->addSubCertificate("/Security/ValidatorFixture/Sub1", identity);
this->cache.insert(id1.getDefaultKey().getDefaultCertificate());
- Identity id2 = this->addSubCertificate("/Security/V2/ValidatorFixture/Sub2", identity);
+ Identity id2 = this->addSubCertificate("/Security/ValidatorFixture/Sub2", identity);
this->cache.insert(id2.getDefaultKey().getDefaultCertificate());
- Identity id3 = this->addSubCertificate("/Security/V2/ValidatorFixture/Sub3", identity);
+ Identity id3 = this->addSubCertificate("/Security/ValidatorFixture/Sub3", identity);
this->cache.insert(id3.getDefaultKey().getDefaultCertificate());
- Identity id4 = this->addSubCertificate("/Security/V2/ValidatorFixture/Sub4", identity);
+ Identity id4 = this->addSubCertificate("/Security/ValidatorFixture/Sub4", identity);
this->cache.insert(id4.getDefaultKey().getDefaultCertificate());
auto i1 = makeCommandInterest(id2);
@@ -377,7 +376,7 @@
{
std::vector<Identity> identities;
for (int i = 0; i < 20; ++i) {
- Identity id = this->addSubCertificate("/Security/V2/ValidatorFixture/Sub" + to_string(i), identity);
+ Identity id = this->addSubCertificate("/Security/ValidatorFixture/Sub" + to_string(i), identity);
this->cache.insert(id.getDefaultKey().getDefaultCertificate());
identities.push_back(id);
}
@@ -476,10 +475,9 @@
BOOST_AUTO_TEST_SUITE_END() // Options
BOOST_AUTO_TEST_SUITE_END() // TestValidationPolicyCommandInterest
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/validation-policy-config.t.cpp b/tests/unit/security/validation-policy-config.t.cpp
similarity index 95%
rename from tests/unit/security/v2/validation-policy-config.t.cpp
rename to tests/unit/security/validation-policy-config.t.cpp
index f7a4506..53f6778 100644
--- a/tests/unit/security/v2/validation-policy-config.t.cpp
+++ b/tests/unit/security/validation-policy-config.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,7 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validation-policy-config.hpp"
+#include "ndn-cxx/security/validation-policy-config.hpp"
#include "ndn-cxx/security/transform/base64-encode.hpp"
#include "ndn-cxx/security/transform/buffer-source.hpp"
#include "ndn-cxx/security/transform/stream-sink.hpp"
@@ -27,12 +27,12 @@
#include "ndn-cxx/util/io.hpp"
#include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-config/common.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-config/common.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace validator_config {
namespace tests {
@@ -40,7 +40,6 @@
using namespace ndn::security::v2::tests;
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
BOOST_AUTO_TEST_SUITE(TestValidationPolicyConfig)
BOOST_FIXTURE_TEST_CASE(EmptyConfig, HierarchicalValidatorFixture<ValidationPolicyConfig>)
@@ -52,11 +51,11 @@
BOOST_CHECK_EQUAL(this->policy.m_dataRules.size(), 0);
BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 0);
- Data d("/Security/V2/ValidationPolicyConfig/D");
+ Data d("/Security/ValidationPolicyConfig/D");
this->m_keyChain.sign(d, signingByIdentity(this->identity));
VALIDATE_FAILURE(d, "Empty policy should reject everything");
- Interest i("/Security/V2/ValidationPolicyConfig/I");
+ Interest i("/Security/ValidationPolicyConfig/I");
this->m_keyChain.sign(i, signingByIdentity(this->identity));
VALIDATE_FAILURE(i, "Empty policy should reject everything");
}
@@ -340,7 +339,7 @@
BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 0);
using Packet = typename Policy::Packet;
- Packet unsignedPacket("/Security/V2/ValidatorFixture/Sub1/Sub2/Packet");
+ Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Sub2/Packet");
Packet packet = unsignedPacket;
VALIDATE_FAILURE(packet, "Unsigned");
@@ -372,7 +371,7 @@
BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 1);
using Packet = typename Policy::Packet;
- Packet unsignedPacket("/Security/V2/ValidatorFixture/Sub1/Sub2/Packet");
+ Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Sub2/Packet");
Packet packet = unsignedPacket;
VALIDATE_FAILURE(packet, "Unsigned");
@@ -474,7 +473,7 @@
BOOST_CHECK_EQUAL(this->policy.m_dataRules.size(), 0);
BOOST_CHECK_EQUAL(this->policy.m_interestRules.size(), 0);
- Packet unsignedPacket("/Security/V2/ValidatorFixture/Sub1/Sub2/Packet");
+ Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Sub2/Packet");
Packet packet = unsignedPacket;
VALIDATE_SUCCESS(packet, "Policy should accept everything");
@@ -510,7 +509,7 @@
BOOST_FIXTURE_TEST_CASE_TEMPLATE(ValidateRefresh, Refresh, RefreshPolicies, RefreshPolicyFixture<Refresh>)
{
using Packet = Data;
- Packet unsignedPacket("/Security/V2/ValidatorFixture/Sub1/Sub2/Packet");
+ Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Sub2/Packet");
boost::filesystem::remove(this->path / "keys" / "identity.ndncert");
this->advanceClocks(Refresh::getRefreshTime(), 3);
@@ -548,11 +547,10 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestValidationPolicyConfig
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/validation-policy-simple-hierarchy.t.cpp b/tests/unit/security/validation-policy-simple-hierarchy.t.cpp
similarity index 87%
rename from tests/unit/security/v2/validation-policy-simple-hierarchy.t.cpp
rename to tests/unit/security/validation-policy-simple-hierarchy.t.cpp
index 96f936e..9c8816a 100644
--- a/tests/unit/security/v2/validation-policy-simple-hierarchy.t.cpp
+++ b/tests/unit/security/validation-policy-simple-hierarchy.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,22 +19,21 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
#include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
#include <boost/mpl/vector.hpp>
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace tests {
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
BOOST_FIXTURE_TEST_SUITE(TestValidationPolicySimpleHierarchy,
HierarchicalValidatorFixture<ValidationPolicySimpleHierarchy>)
@@ -42,7 +41,7 @@
BOOST_AUTO_TEST_CASE_TEMPLATE(Validate, Packet, Packets)
{
- Packet unsignedPacket("/Security/V2/ValidatorFixture/Sub1/Sub2/Packet");
+ Packet unsignedPacket("/Security/ValidatorFixture/Sub1/Sub2/Packet");
Packet packet = unsignedPacket;
VALIDATE_FAILURE(packet, "Unsigned");
@@ -71,10 +70,9 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestValidator
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/validator-config.t.cpp b/tests/unit/security/validator-config.t.cpp
index 06e66b0..b4654ac 100644
--- a/tests/unit/security/validator-config.t.cpp
+++ b/tests/unit/security/validator-config.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,13 +20,13 @@
*/
#include "ndn-cxx/security/validator-config.hpp"
+#include "ndn-cxx/security/certificate-fetcher-offline.hpp"
#include "ndn-cxx/security/command-interest-signer.hpp"
-#include "ndn-cxx/security/v2/certificate-fetcher-offline.hpp"
#include "ndn-cxx/util/dummy-client-face.hpp"
#include "tests/boost-test.hpp"
#include "tests/identity-management-fixture.hpp"
-#include "tests/unit/security/v2/validator-config/common.hpp"
+#include "tests/unit/security/validator-config/common.hpp"
namespace ndn {
namespace security {
diff --git a/tests/unit/security/v2/validator-config/checker.t.cpp b/tests/unit/security/validator-config/checker.t.cpp
similarity index 96%
rename from tests/unit/security/v2/validator-config/checker.t.cpp
rename to tests/unit/security/validator-config/checker.t.cpp
index 675ec23..a5fb205 100644
--- a/tests/unit/security/v2/validator-config/checker.t.cpp
+++ b/tests/unit/security/validator-config/checker.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,25 +19,24 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validator-config/checker.hpp"
+#include "ndn-cxx/security/validator-config/checker.hpp"
#include "ndn-cxx/security/command-interest-signer.hpp"
-#include "ndn-cxx/security/v2/validation-policy.hpp"
-#include "ndn-cxx/security/v2/validation-state.hpp"
+#include "ndn-cxx/security/validation-policy.hpp"
+#include "ndn-cxx/security/validation-state.hpp"
#include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
-#include "tests/unit/security/v2/validator-config/common.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
+#include "tests/unit/security/validator-config/common.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace validator_config {
namespace tests {
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
BOOST_AUTO_TEST_SUITE(ValidatorConfig)
class CheckerFixture : public IdentityManagementFixture
@@ -358,11 +357,10 @@
BOOST_AUTO_TEST_SUITE_END() // TestChecker
BOOST_AUTO_TEST_SUITE_END() // ValidatorConfig
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/validator-config/common.hpp b/tests/unit/security/validator-config/common.hpp
similarity index 90%
rename from tests/unit/security/v2/validator-config/common.hpp
rename to tests/unit/security/validator-config/common.hpp
index 1083eb5..de72e3f 100644
--- a/tests/unit/security/v2/validator-config/common.hpp
+++ b/tests/unit/security/validator-config/common.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,13 +22,13 @@
#ifndef NDN_TESTS_SECURITY_V2_VALIDATOR_CONFIG_COMMON_HPP
#define NDN_TESTS_SECURITY_V2_VALIDATOR_CONFIG_COMMON_HPP
-#include "ndn-cxx/security/v2/validator-config/common.hpp"
+#include "ndn-cxx/security/validator-config/common.hpp"
#include <boost/property_tree/info_parser.hpp>
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace validator_config {
namespace tests {
@@ -43,7 +43,7 @@
} // namespace tests
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/validator-config/filter.t.cpp b/tests/unit/security/validator-config/filter.t.cpp
similarity index 95%
rename from tests/unit/security/v2/validator-config/filter.t.cpp
rename to tests/unit/security/validator-config/filter.t.cpp
index d02d745..2b3bf6d 100644
--- a/tests/unit/security/v2/validator-config/filter.t.cpp
+++ b/tests/unit/security/validator-config/filter.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,23 +19,22 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validator-config/filter.hpp"
+#include "ndn-cxx/security/validator-config/filter.hpp"
#include "ndn-cxx/security/command-interest-signer.hpp"
#include "tests/boost-test.hpp"
#include "tests/identity-management-fixture.hpp"
-#include "tests/unit/security/v2/validator-config/common.hpp"
+#include "tests/unit/security/validator-config/common.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace validator_config {
namespace tests {
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
BOOST_AUTO_TEST_SUITE(ValidatorConfig)
class FilterFixture : public IdentityManagementFixture
@@ -191,11 +190,10 @@
BOOST_AUTO_TEST_SUITE_END() // TestFilter
BOOST_AUTO_TEST_SUITE_END() // ValidatorConfig
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/validator-config/name-relation.t.cpp b/tests/unit/security/validator-config/name-relation.t.cpp
similarity index 92%
rename from tests/unit/security/v2/validator-config/name-relation.t.cpp
rename to tests/unit/security/validator-config/name-relation.t.cpp
index ff23348..8879212 100644
--- a/tests/unit/security/v2/validator-config/name-relation.t.cpp
+++ b/tests/unit/security/validator-config/name-relation.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,7 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validator-config/name-relation.hpp"
+#include "ndn-cxx/security/validator-config/name-relation.hpp"
#include "tests/boost-test.hpp"
@@ -27,12 +27,11 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace validator_config {
namespace tests {
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
BOOST_AUTO_TEST_SUITE(ValidatorConfig)
BOOST_AUTO_TEST_SUITE(TestNameRelation)
@@ -69,11 +68,10 @@
BOOST_AUTO_TEST_SUITE_END() // TestNameRelation
BOOST_AUTO_TEST_SUITE_END() // ValidatorConfig
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/validator-config/rule.t.cpp b/tests/unit/security/validator-config/rule.t.cpp
similarity index 94%
rename from tests/unit/security/v2/validator-config/rule.t.cpp
rename to tests/unit/security/validator-config/rule.t.cpp
index 558ffb4..dbc81bf 100644
--- a/tests/unit/security/v2/validator-config/rule.t.cpp
+++ b/tests/unit/security/validator-config/rule.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,17 +19,17 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validator-config/rule.hpp"
+#include "ndn-cxx/security/validator-config/rule.hpp"
#include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
-#include "tests/unit/security/v2/validator-config/common.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
+#include "tests/unit/security/validator-config/common.hpp"
#include <boost/mpl/vector_c.hpp>
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace validator_config {
namespace tests {
@@ -37,7 +37,6 @@
using namespace ndn::security::v2::tests;
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
BOOST_AUTO_TEST_SUITE(ValidatorConfig)
template<uint32_t PktType>
@@ -198,11 +197,10 @@
BOOST_AUTO_TEST_SUITE_END() // TestRule
BOOST_AUTO_TEST_SUITE_END() // ValidatorConfig
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
} // namespace validator_config
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/v2/validator-fixture.hpp b/tests/unit/security/validator-fixture.hpp
similarity index 88%
rename from tests/unit/security/v2/validator-fixture.hpp
rename to tests/unit/security/validator-fixture.hpp
index e5079bc..276ac40 100644
--- a/tests/unit/security/v2/validator-fixture.hpp
+++ b/tests/unit/security/validator-fixture.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,11 +19,11 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_TESTS_UNIT_SECURITY_V2_VALIDATOR_FIXTURE_HPP
-#define NDN_TESTS_UNIT_SECURITY_V2_VALIDATOR_FIXTURE_HPP
+#ifndef NDN_TESTS_UNIT_SECURITY_VALIDATOR_FIXTURE_HPP
+#define NDN_TESTS_UNIT_SECURITY_VALIDATOR_FIXTURE_HPP
-#include "ndn-cxx/security/v2/validator.hpp"
-#include "ndn-cxx/security/v2/certificate-fetcher-from-network.hpp"
+#include "ndn-cxx/security/validator.hpp"
+#include "ndn-cxx/security/certificate-fetcher-from-network.hpp"
#include "ndn-cxx/util/dummy-client-face.hpp"
#include "tests/boost-test.hpp"
@@ -33,7 +33,7 @@
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace tests {
template<class ValidationPolicy, class CertificateFetcher = CertificateFetcherFromNetwork>
@@ -127,10 +127,10 @@
public:
HierarchicalValidatorFixture()
{
- identity = this->addIdentity("/Security/V2/ValidatorFixture");
- subIdentity = this->addSubCertificate("/Security/V2/ValidatorFixture/Sub1", identity);
- subSelfSignedIdentity = this->addIdentity("/Security/V2/ValidatorFixture/Sub1/Sub2");
- otherIdentity = this->addIdentity("/Security/V2/OtherIdentity");
+ identity = this->addIdentity("/Security/ValidatorFixture");
+ subIdentity = this->addSubCertificate("/Security/ValidatorFixture/Sub1", identity);
+ subSelfSignedIdentity = this->addIdentity("/Security/ValidatorFixture/Sub1/Sub2");
+ otherIdentity = this->addIdentity("/Security/OtherIdentity");
this->validator.loadAnchor("", Certificate(identity.getDefaultKey().getDefaultCertificate()));
@@ -180,8 +180,8 @@
};
} // namespace tests
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
-#endif // NDN_TESTS_UNIT_SECURITY_V2_VALIDATOR_FIXTURE_HPP
+#endif // NDN_TESTS_UNIT_SECURITY_VALIDATOR_FIXTURE_HPP
diff --git a/tests/unit/security/v2/validator.t.cpp b/tests/unit/security/validator.t.cpp
similarity index 91%
rename from tests/unit/security/v2/validator.t.cpp
rename to tests/unit/security/validator.t.cpp
index b5a7e04..c87d348 100644
--- a/tests/unit/security/v2/validator.t.cpp
+++ b/tests/unit/security/validator.t.cpp
@@ -19,21 +19,20 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "ndn-cxx/security/v2/validator.hpp"
-#include "ndn-cxx/security/v2/validation-policy-simple-hierarchy.hpp"
+#include "ndn-cxx/security/validator.hpp"
+#include "ndn-cxx/security/validation-policy-simple-hierarchy.hpp"
#include "tests/boost-test.hpp"
-#include "tests/unit/security/v2/validator-fixture.hpp"
+#include "tests/unit/security/validator-fixture.hpp"
namespace ndn {
namespace security {
-namespace v2 {
+inline namespace v2 {
namespace tests {
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(V2)
BOOST_FIXTURE_TEST_SUITE(TestValidator, HierarchicalValidatorFixture<ValidationPolicySimpleHierarchy>)
BOOST_AUTO_TEST_CASE(ConstructorSetValidator)
@@ -53,7 +52,7 @@
{
processInterest = nullptr; // no response for all interests
- Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+ Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
m_keyChain.sign(data, signingByIdentity(subIdentity));
VALIDATE_FAILURE(data, "Should fail to retrieve certificate");
@@ -68,7 +67,7 @@
face.receive(nack);
};
- Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+ Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
m_keyChain.sign(data, signingByIdentity(subIdentity));
VALIDATE_FAILURE(data, "All interests should get NACKed");
@@ -94,7 +93,7 @@
}
};
- Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+ Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
m_keyChain.sign(data, signingByIdentity(subIdentity));
VALIDATE_FAILURE(data, "Signed by a malformed certificate");
@@ -120,7 +119,7 @@
}
};
- Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+ Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
m_keyChain.sign(data, signingByIdentity(subIdentity));
VALIDATE_FAILURE(data, "Signed by an expired certificate");
@@ -131,14 +130,14 @@
{
validator.resetAnchors();
- Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+ Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
m_keyChain.sign(data, signingByIdentity(subIdentity));
VALIDATE_FAILURE(data, "Should fail, as no anchors configured");
}
BOOST_AUTO_TEST_CASE(TrustedCertCaching)
{
- Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+ Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
m_keyChain.sign(data, signingByIdentity(subIdentity));
VALIDATE_SUCCESS(data, "Should get accepted, as signed by the policy-compliant cert");
@@ -160,7 +159,7 @@
BOOST_AUTO_TEST_CASE(ResetVerifiedCertificates)
{
- Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+ Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
m_keyChain.sign(data, signingByIdentity(subIdentity));
VALIDATE_SUCCESS(data, "Should get accepted, as signed by the policy-compliant cert");
@@ -175,7 +174,7 @@
BOOST_AUTO_TEST_CASE(UntrustedCertCaching)
{
- Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+ Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
m_keyChain.sign(data, signingByIdentity(subSelfSignedIdentity));
VALIDATE_FAILURE(data, "Should fail, as signed by the policy-violating cert");
@@ -209,15 +208,15 @@
BOOST_FIXTURE_TEST_CASE(ValidateInterestsButBypassForData,
HierarchicalValidatorFixture<ValidationPolicySimpleHierarchyForInterestOnly>)
{
- Interest interest("/Security/V2/ValidatorFixture/Sub1/Sub2/Interest");
- Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Interest");
+ Interest interest("/Security/ValidatorFixture/Sub1/Sub2/Interest");
+ Data data("/Security/ValidatorFixture/Sub1/Sub2/Interest");
VALIDATE_FAILURE(interest, "Unsigned");
VALIDATE_SUCCESS(data, "Policy requests validation bypassing for all data");
BOOST_CHECK_EQUAL(face.sentInterests.size(), 0);
face.sentInterests.clear();
- interest = Interest("/Security/V2/ValidatorFixture/Sub1/Sub2/Interest");
+ interest = Interest("/Security/ValidatorFixture/Sub1/Sub2/Interest");
m_keyChain.sign(interest, signingWithSha256());
m_keyChain.sign(data, signingWithSha256());
VALIDATE_FAILURE(interest, "Required KeyLocator/Name missing (not passed to policy)");
@@ -287,7 +286,7 @@
face.receive(certificate);
};
- Data data("/Security/V2/ValidatorFixture/Sub1/Sub2/Data");
+ Data data("/Security/ValidatorFixture/Sub1/Sub2/Data");
m_keyChain.sign(data, signingByIdentity(subIdentity));
validator.setMaxDepth(40);
@@ -335,10 +334,9 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestValidator
-BOOST_AUTO_TEST_SUITE_END() // V2
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
-} // namespace v2
+} // inline namespace v2
} // namespace security
} // namespace ndn
diff --git a/tests/unit/security/verification-helpers.t.cpp b/tests/unit/security/verification-helpers.t.cpp
index c0c6b5a..dd5a832 100644
--- a/tests/unit/security/verification-helpers.t.cpp
+++ b/tests/unit/security/verification-helpers.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -466,7 +466,7 @@
BOOST_CHECK(!verifySignature(unsignedInterest1, invalidKey, sizeof(invalidKey)));
// - base version of verifySignature is tested transitively
- // - pib::Key version is tested as part of v2/key-chain.t.cpp (Security/V2/TestKeyChain)
+ // - pib::Key version is tested as part of key-chain.t.cpp (Security/TestKeyChain)
}
BOOST_FIXTURE_TEST_CASE(VerifyHmac, IdentityManagementFixture)
diff --git a/tests/unit/unit-tests-pch.hpp b/tests/unit/unit-tests-pch.hpp
index 54e15f9..5f2ed67 100644
--- a/tests/unit/unit-tests-pch.hpp
+++ b/tests/unit/unit-tests-pch.hpp
@@ -27,7 +27,7 @@
#include "ndn-cxx/face.hpp"
#include "ndn-cxx/ims/in-memory-storage.hpp"
#include "ndn-cxx/security/transform.hpp"
-#include "ndn-cxx/security/v2/validator.hpp"
+#include "ndn-cxx/security/validator.hpp"
#include "ndn-cxx/util/config-file.hpp"
#include "tests/identity-management-fixture.hpp"
diff --git a/tools/ndnsec/cert-gen.cpp b/tools/ndnsec/cert-gen.cpp
index c526654..9aef677 100644
--- a/tools/ndnsec/cert-gen.cpp
+++ b/tools/ndnsec/cert-gen.cpp
@@ -22,11 +22,11 @@
#include "ndnsec.hpp"
#include "util.hpp"
+#include "ndn-cxx/security/additional-description.hpp"
#include "ndn-cxx/security/transform/base64-encode.hpp"
#include "ndn-cxx/security/transform/buffer-source.hpp"
#include "ndn-cxx/security/transform/public-key.hpp"
#include "ndn-cxx/security/transform/stream-sink.hpp"
-#include "ndn-cxx/security/v2/additional-description.hpp"
namespace ndn {
namespace ndnsec {