commit 0f5fb696dd53d204272980df53c55d6ccaede059
author Yingdi Yu <yuyingdi@gmail.com> Tue Jun 10 12:07:28 2014 -0700
committer Yingdi Yu <yuyingdi@gmail.com> Tue Jun 17 19:37:08 2014 -0700
tree edee0c3c388c40dd86a724c2f37d784887870c33
parent bf6a28101e06d1517eff3887f702db22d73503fd

security: Include timestamp and nonce in signed interest and provide timestamp checking in ValidatorConf

Change-Id: I0adebd5c06b2d8d35ba13c5c03828b03334b7cec
Refs: #1642

src/security/validator-config.hpp

diff --git a/src/security/validator-config.hpp b/src/security/validator-config.hpp
index f768efc..f5882d6 100644
--- a/src/security/validator-config.hpp
+++ b/src/security/validator-config.hpp
@@ -46,11 +46,16 @@
   };
 
   static const shared_ptr<CertificateCache> DEFAULT_CERTIFICATE_CACHE;
+  static const time::milliseconds DEFAULT_GRACE_INTERVAL;
+  static const time::system_clock::Duration DEFAULT_KEY_TIMESTAMP_TTL;
 
   explicit
   ValidatorConfig(Face& face,
                   const shared_ptr<CertificateCache>& certificateCache = DEFAULT_CERTIFICATE_CACHE,
-                  const int stepLimit = 10);
+                  const time::milliseconds& graceInterval = DEFAULT_GRACE_INTERVAL,
+                  const size_t stepLimit = 10,
+                  const size_t maxTrackedKeys = 1000,
+                  const time::system_clock::Duration& keyTimestampTtl = DEFAULT_KEY_TIMESTAMP_TTL);
 
   virtual
   ~ValidatorConfig()
@@ -96,11 +101,17 @@
   void
   checkSignature(const Packet& packet,
                  const Signature& signature,
-                 int nSteps,
+                 size_t nSteps,
                  const OnValidated& onValidated,
                  const OnFailed& onValidationFailed,
                  std::vector<shared_ptr<ValidationRequest> >& nextSteps);
 
+  void
+  checkTimestamp(const shared_ptr<const Interest>& interest,
+                 const Name& keyName,
+                 const OnInterestValidated& onValidated,
+                 const OnInterestValidationFailed& onValidationFailed);
+
   template<class Packet, class OnValidated, class OnFailed>
   void
   onCertValidated(const shared_ptr<const Data>& signCertificate,
@@ -132,6 +143,17 @@
   void
   refreshAnchors();
 
+  void
+  cleanOldKeys();
+
+#ifdef NDN_CXX_HAVE_TESTS
+  size_t
+  getTimestampMapSize()
+  {
+    return m_lastTimestamp.size();
+  }
+#endif
+
 
 private:
 
@@ -220,7 +242,7 @@
    */
   bool m_shouldValidate;
 
-  int m_stepLimit;
+  size_t m_stepLimit;
   shared_ptr<CertificateCache> m_certificateCache;
 
   InterestRuleList m_interestRules;
@@ -230,6 +252,11 @@
   TrustAnchorContainer m_staticContainer;
   DynamicContainers m_dynamicContainers;
 
+  time::milliseconds m_graceInterval;
+  size_t m_maxTrackedKeys;
+  typedef std::map<Name, time::system_clock::TimePoint> LastTimestampMap;
+  LastTimestampMap m_lastTimestamp;
+  const time::system_clock::Duration& m_keyTimestampTtl;
 };
 
 inline void
@@ -261,7 +288,7 @@
 void
 ValidatorConfig::checkSignature(const Packet& packet,
                                 const Signature& signature,
-                                int nSteps,
+                                size_t nSteps,
                                 const OnValidated& onValidated,
                                 const OnFailed& onValidationFailed,
                                 std::vector<shared_ptr<ValidationRequest> >& nextSteps)