| /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
| /* |
| * Copyright (c) 2013-2024 Regents of the University of California. |
| * |
| * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
| * |
| * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| * terms of the GNU Lesser General Public License as published by the Free Software |
| * Foundation, either version 3 of the License, or (at your option) any later version. |
| * |
| * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| * |
| * You should have received copies of the GNU General Public License and GNU Lesser |
| * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| * <http://www.gnu.org/licenses/>. |
| * |
| * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
| */ |
| |
| #ifndef NDN_CXX_SECURITY_TRUST_ANCHOR_GROUP_HPP |
| #define NDN_CXX_SECURITY_TRUST_ANCHOR_GROUP_HPP |
| |
| #include "ndn-cxx/data.hpp" |
| #include "ndn-cxx/security/certificate.hpp" |
| |
| #include <filesystem> |
| #include <set> |
| |
| namespace ndn::security { |
| |
| class CertContainerInterface |
| { |
| public: |
| virtual |
| ~CertContainerInterface() = default; |
| |
| virtual void |
| add(Certificate&& cert) = 0; |
| |
| virtual void |
| remove(const Name& certName) = 0; |
| }; |
| |
| /** |
| * @brief A group of trust anchors |
| */ |
| class TrustAnchorGroup : noncopyable |
| { |
| public: |
| /** |
| * @brief Create an anchor group |
| */ |
| TrustAnchorGroup(CertContainerInterface& certContainer, const std::string& id); |
| |
| virtual |
| ~TrustAnchorGroup(); |
| |
| /** |
| * @return group id |
| */ |
| const std::string& |
| getId() const |
| { |
| return m_id; |
| } |
| |
| /** |
| * @return number of certificates in the group |
| */ |
| size_t |
| size() const; |
| |
| /** |
| * @brief Request certificate refresh |
| */ |
| virtual void |
| refresh(); |
| |
| protected: |
| CertContainerInterface& m_certs; |
| std::set<Name> m_anchorNames; |
| |
| private: |
| std::string m_id; |
| }; |
| |
| /** |
| * @brief Static trust anchor group |
| */ |
| class StaticTrustAnchorGroup : public TrustAnchorGroup |
| { |
| public: |
| /** |
| * @brief Create a static trust anchor group |
| * @param certContainer Reference to CertContainerInterface instance |
| * @param id Group id |
| */ |
| StaticTrustAnchorGroup(CertContainerInterface& certContainer, const std::string& id); |
| |
| /** |
| * @brief Load static anchor @p cert |
| */ |
| void |
| add(Certificate&& cert); |
| |
| /** |
| * @brief Remove static anchor @p certName |
| */ |
| void |
| remove(const Name& certName); |
| }; |
| |
| /** |
| * @brief Dynamic trust anchor group |
| */ |
| class DynamicTrustAnchorGroup : public TrustAnchorGroup |
| { |
| public: |
| /** |
| * @brief Create a dynamic trust anchor group |
| * |
| * This contructor would load all the certificates from @p path and will be refreshing |
| * certificates every @p refreshPeriod time period. |
| * |
| * Note that refresh is not scheduled, but is performed upon "find" operations. |
| * |
| * When @p isDir is false and @p path doesn't point to a valid certificate (file doesn't |
| * exist or content is not a valid certificate), the dynamic anchor group will be empty until |
| * file gets created. If file disappears or gets corrupted, the anchor group becomes empty. |
| * |
| * When @p idDir is true and @p path does't point to a valid folder, folder is empty, or |
| * doesn't contain valid certificates, the group will be empty until certificate files are |
| * placed in the folder. If folder is removed, becomes empty, or no longer contains valid |
| * certificates, the anchor group becomes empty. |
| * |
| * Upon refresh, the existing certificates are not changed. |
| * |
| * @param certContainer A certificate container into which trust anchors from the group will |
| * be added |
| * @param id Group id |
| * @param path File path for trust anchor(s), could be directory or file. If it is a |
| * directory, all the certificates in the directory will be loaded. |
| * @param refreshPeriod Refresh time for the anchors under @p path, must be positive. |
| * @param isDir Tells whether the path is a directory or a single file. |
| * |
| * @throw std::invalid_argument @p refreshPeriod is negative |
| */ |
| DynamicTrustAnchorGroup(CertContainerInterface& certContainer, const std::string& id, |
| const std::filesystem::path& path, time::nanoseconds refreshPeriod, |
| bool isDir = false); |
| |
| void |
| refresh() override; |
| |
| private: |
| bool m_isDir; |
| std::filesystem::path m_path; |
| time::nanoseconds m_refreshPeriod; |
| time::steady_clock::time_point m_expireTime; |
| }; |
| |
| } // namespace ndn::security |
| |
| #endif // NDN_CXX_SECURITY_TRUST_ANCHOR_GROUP_HPP |