commit 4e9b069bb844545d7e352b98821c5a11520f1b58
author Yingdi Yu <yuyingdi@gmail.com> Tue Nov 04 16:13:56 2014 -0800
committer Yingdi Yu <yuyingdi@gmail.com> Thu Nov 06 11:19:27 2014 -0800
tree 1bd3468dcf63832703943217da5c379692035eaa
parent 51dc2ef4dfc94563aa649c5f23df9148c7dd8775

security: Make Face optional in Validator

Change-Id: I75760e358878d8031439dd33a8200e21c69db3f8
Refs: #2124

src/security/validator-regex.cpp

diff --git a/src/security/validator-regex.cpp b/src/security/validator-regex.cpp
index 0539abd..08f4c73 100644
--- a/src/security/validator-regex.cpp
+++ b/src/security/validator-regex.cpp
@@ -31,6 +31,17 @@
 
 const shared_ptr<CertificateCache> ValidatorRegex::DEFAULT_CERTIFICATE_CACHE;
 
+ValidatorRegex::ValidatorRegex(Face* face,
+                               shared_ptr<CertificateCache> certificateCache,
+                               const int stepLimit)
+  : Validator(face)
+  , m_stepLimit(stepLimit)
+  , m_certificateCache(certificateCache)
+{
+  if (!static_cast<bool>(m_certificateCache) && face != nullptr)
+    m_certificateCache = make_shared<CertificateCacheTtl>(ref(face->getIoService()));
+}
+
 ValidatorRegex::ValidatorRegex(Face& face,
                                shared_ptr<CertificateCache> certificateCache,
                                const int stepLimit)
@@ -39,7 +50,19 @@
   , m_certificateCache(certificateCache)
 {
   if (!static_cast<bool>(m_certificateCache))
-    m_certificateCache = make_shared<CertificateCacheTtl>(ref(m_face.getIoService()));
+    m_certificateCache = make_shared<CertificateCacheTtl>(ref(face.getIoService()));
+}
+
+void
+ValidatorRegex::addDataVerificationRule(shared_ptr<SecRuleRelative> rule)
+{
+  rule->isPositive() ? m_verifyPolicies.push_back(rule) : m_mustFailVerify.push_back(rule);
+}
+
+void
+ValidatorRegex::addTrustAnchor(shared_ptr<IdentityCertificate> certificate)
+{
+  m_trustAnchors[certificate->getName().getPrefix(-1)] = certificate;
 }
 
 void
@@ -53,7 +76,8 @@
 
   if (!certificate->isTooLate() && !certificate->isTooEarly())
     {
-      m_certificateCache->insertCertificate(certificate);
+      if (static_cast<bool>(m_certificateCache))
+        m_certificateCache->insertCertificate(certificate);
 
       if (verifySignature(*data, certificate->getPublicKeyInfo()))
         return onValidated(data);
@@ -122,7 +146,8 @@
 
               const Name& keyLocatorName = keyLocator.getName();
               shared_ptr<const Certificate> trustedCert;
-              if (m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName))
+              if (m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName) &&
+                  static_cast<bool>(m_certificateCache))
                 trustedCert = m_certificateCache->getCertificate(keyLocatorName);
               else
                 trustedCert = m_trustAnchors[keyLocatorName];