security: Update the code style in validator-config

Change-Id: I3ad02257b4e26deb0461d34952a4812ede54ca6f
diff --git a/src/security/validator-config.cpp b/src/security/validator-config.cpp
index f643c84..13bcc73 100644
--- a/src/security/validator-config.cpp
+++ b/src/security/validator-config.cpp
@@ -52,7 +52,7 @@
   , m_maxTrackedKeys(maxTrackedKeys)
   , m_keyTimestampTtl(keyTimestampTtl)
 {
-  if (!static_cast<bool>(m_certificateCache) && face != nullptr)
+  if (m_certificateCache == nullptr && face != nullptr)
     m_certificateCache = make_shared<CertificateCacheTtl>(ref(face->getIoService()));
 }
 
@@ -71,7 +71,7 @@
   , m_maxTrackedKeys(maxTrackedKeys)
   , m_keyTimestampTtl(keyTimestampTtl)
 {
-  if (!static_cast<bool>(m_certificateCache))
+  if (m_certificateCache == nullptr)
     m_certificateCache = make_shared<CertificateCacheTtl>(ref(face.getIoService()));
 }
 
@@ -80,12 +80,11 @@
 {
   std::ifstream inputFile;
   inputFile.open(filename.c_str());
-  if (!inputFile.good() || !inputFile.is_open())
-    {
-      std::string msg = "Failed to read configuration file: ";
-      msg += filename;
-      BOOST_THROW_EXCEPTION(security::conf::Error(msg));
-    }
+  if (!inputFile.good() || !inputFile.is_open()) {
+    std::string msg = "Failed to read configuration file: ";
+    msg += filename;
+    BOOST_THROW_EXCEPTION(security::conf::Error(msg));
+  }
   load(inputFile, filename);
   inputFile.close();
 }
@@ -102,18 +101,16 @@
 ValidatorConfig::load(std::istream& input, const std::string& filename)
 {
   security::conf::ConfigSection tree;
-  try
-    {
-      boost::property_tree::read_info(input, tree);
-    }
-  catch (boost::property_tree::info_parser_error& error)
-    {
-      std::stringstream msg;
-      msg << "Failed to parse configuration file";
-      msg << " " << filename;
-      msg << " " << error.message() << " line " << error.line();
-      BOOST_THROW_EXCEPTION(security::conf::Error(msg.str()));
-    }
+  try {
+    boost::property_tree::read_info(input, tree);
+  }
+  catch (const boost::property_tree::info_parser_error& error) {
+    std::stringstream msg;
+    msg << "Failed to parse configuration file";
+    msg << " " << filename;
+    msg << " " << error.message() << " line " << error.line();
+    BOOST_THROW_EXCEPTION(security::conf::Error(msg.str()));
+  }
 
   load(tree, filename);
 }
@@ -126,38 +123,33 @@
 
   reset();
 
-  if (configSection.begin() == configSection.end())
-    {
-      std::string msg = "Error processing configuration file";
-      msg += ": ";
-      msg += filename;
-      msg += " no data";
-      BOOST_THROW_EXCEPTION(security::conf::Error(msg));
-    }
+  if (configSection.begin() == configSection.end()) {
+    std::string msg = "Error processing configuration file";
+    msg += ": ";
+    msg += filename;
+    msg += " no data";
+    BOOST_THROW_EXCEPTION(security::conf::Error(msg));
+  }
 
   for (security::conf::ConfigSection::const_iterator i = configSection.begin();
-       i != configSection.end(); ++i)
-    {
-      const std::string& sectionName = i->first;
-      const security::conf::ConfigSection& section = i->second;
+       i != configSection.end(); ++i) {
+    const std::string& sectionName = i->first;
+    const security::conf::ConfigSection& section = i->second;
 
-      if (boost::iequals(sectionName, "rule"))
-        {
-          onConfigRule(section, filename);
-        }
-      else if (boost::iequals(sectionName, "trust-anchor"))
-        {
-          onConfigTrustAnchor(section, filename);
-        }
-      else
-        {
-          std::string msg = "Error processing configuration file";
-          msg += " ";
-          msg += filename;
-          msg += " unrecognized section: " + sectionName;
-          BOOST_THROW_EXCEPTION(security::conf::Error(msg));
-        }
+    if (boost::iequals(sectionName, "rule")) {
+      onConfigRule(section, filename);
     }
+    else if (boost::iequals(sectionName, "trust-anchor")) {
+      onConfigTrustAnchor(section, filename);
+    }
+    else {
+      std::string msg = "Error processing configuration file";
+      msg += " ";
+      msg += filename;
+      msg += " unrecognized section: " + sectionName;
+      BOOST_THROW_EXCEPTION(security::conf::Error(msg));
+    }
+  }
 }
 
 void
@@ -182,7 +174,7 @@
   std::string usage = propertyIt->second.data();
   propertyIt++;
 
-  bool isForData;
+  bool isForData = false;
   if (boost::iequals(usage, "data"))
     isForData = true;
   else if (boost::iequals(usage, "interest"))
@@ -193,57 +185,52 @@
 
   // Get rule.filter(s)
   std::vector<shared_ptr<Filter>> filters;
-  for (; propertyIt != configSection.end(); propertyIt++)
-    {
-      if (!boost::iequals(propertyIt->first, "filter"))
-        {
-          if (boost::iequals(propertyIt->first, "checker"))
-            break;
-          BOOST_THROW_EXCEPTION(Error("Expect <rule.filter> in rule: " + ruleId));
-        }
-
-      filters.push_back(FilterFactory::create(propertyIt->second));
-      continue;
+  for (; propertyIt != configSection.end(); propertyIt++) {
+    if (!boost::iequals(propertyIt->first, "filter")) {
+      if (boost::iequals(propertyIt->first, "checker"))
+        break;
+      BOOST_THROW_EXCEPTION(Error("Expect <rule.filter> in rule: " + ruleId));
     }
 
+    filters.push_back(FilterFactory::create(propertyIt->second));
+    continue;
+  }
+
   // Get rule.checker(s)
   std::vector<shared_ptr<Checker>> checkers;
-  for (; propertyIt != configSection.end(); propertyIt++)
-    {
-      if (!boost::iequals(propertyIt->first, "checker"))
-        BOOST_THROW_EXCEPTION(Error("Expect <rule.checker> in rule: " + ruleId));
+  for (; propertyIt != configSection.end(); propertyIt++) {
+    if (!boost::iequals(propertyIt->first, "checker"))
+      BOOST_THROW_EXCEPTION(Error("Expect <rule.checker> in rule: " + ruleId));
 
-      checkers.push_back(CheckerFactory::create(propertyIt->second, filename));
-      continue;
-    }
+    checkers.push_back(CheckerFactory::create(propertyIt->second, filename));
+    continue;
+  }
 
   // Check other stuff
   if (propertyIt != configSection.end())
     BOOST_THROW_EXCEPTION(Error("Expect the end of rule: " + ruleId));
 
-  if (checkers.size() == 0)
+  if (checkers.empty())
     BOOST_THROW_EXCEPTION(Error("No <rule.checker> is specified in rule: " + ruleId));
 
-  if (isForData)
-    {
-      shared_ptr<DataRule> rule(new DataRule(ruleId));
-      for (size_t i = 0; i < filters.size(); i++)
-        rule->addFilter(filters[i]);
-      for (size_t i = 0; i < checkers.size(); i++)
-        rule->addChecker(checkers[i]);
+  if (isForData) {
+    shared_ptr<DataRule> rule = make_shared<DataRule>(ruleId);
+    for (const auto& filter : filters)
+      rule->addFilter(filter);
+    for (const auto& checker : checkers)
+      rule->addChecker(checker);
 
-      m_dataRules.push_back(rule);
-    }
-  else
-    {
-      shared_ptr<InterestRule> rule(new InterestRule(ruleId));
-      for (size_t i = 0; i < filters.size(); i++)
-        rule->addFilter(filters[i]);
-      for (size_t i = 0; i < checkers.size(); i++)
-        rule->addChecker(checkers[i]);
+    m_dataRules.push_back(rule);
+  }
+  else {
+    shared_ptr<InterestRule> rule = make_shared<InterestRule>(ruleId);;
+    for (const auto& filter : filters)
+      rule->addFilter(filter);
+    for (const auto& checker : checkers)
+      rule->addChecker(checker);
 
-      m_interestRules.push_back(rule);
-    }
+    m_interestRules.push_back(rule);
+  }
 }
 
 void
@@ -262,116 +249,103 @@
   std::string type = propertyIt->second.data();
   propertyIt++;
 
-  if (boost::iequals(type, "file"))
-    {
-      // Get trust-anchor.file
-      if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first,"file-name"))
-        BOOST_THROW_EXCEPTION(Error("Expect <trust-anchor.file-name>!"));
+  if (boost::iequals(type, "file")) {
+    // Get trust-anchor.file
+    if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "file-name"))
+      BOOST_THROW_EXCEPTION(Error("Expect <trust-anchor.file-name>!"));
 
-      std::string file = propertyIt->second.data();
-      propertyIt++;
+    std::string file = propertyIt->second.data();
+    propertyIt++;
 
-      // Check other stuff
-      if (propertyIt != configSection.end())
-        BOOST_THROW_EXCEPTION(Error("Expect the end of trust-anchor!"));
+    // Check other stuff
+    if (propertyIt != configSection.end())
+      BOOST_THROW_EXCEPTION(Error("Expect the end of trust-anchor!"));
 
-      path certfilePath = absolute(file, path(filename).parent_path());
-      shared_ptr<v1::IdentityCertificate> idCert =
-        io::load<v1::IdentityCertificate>(certfilePath.string());
+    path certfilePath = absolute(file, path(filename).parent_path());
+    auto idCert = io::load<v1::IdentityCertificate>(certfilePath.string());
 
-      if (static_cast<bool>(idCert))
-        {
-          BOOST_ASSERT(idCert->getName().size() >= 1);
-          m_staticContainer.add(idCert);
-          m_anchors[idCert->getName().getPrefix(-1)] = idCert;
-        }
+    if (idCert != nullptr) {
+      BOOST_ASSERT(idCert->getName().size() >= 1);
+      m_staticContainer.add(idCert);
+      m_anchors[idCert->getName().getPrefix(-1)] = idCert;
+    }
+    else
+      BOOST_THROW_EXCEPTION(Error("Cannot read certificate from file: " + certfilePath.native()));
+
+    return;
+  }
+  else if (boost::iequals(type, "base64")) {
+    // Get trust-anchor.base64-string
+    if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "base64-string"))
+      BOOST_THROW_EXCEPTION(Error("Expect <trust-anchor.base64-string>!"));
+
+    std::stringstream ss(propertyIt->second.data());
+    propertyIt++;
+
+    // Check other stuff
+    if (propertyIt != configSection.end())
+      BOOST_THROW_EXCEPTION(Error("Expect the end of trust-anchor!"));
+
+    auto idCert = io::load<v1::IdentityCertificate>(ss);
+
+    if (idCert != nullptr) {
+      BOOST_ASSERT(idCert->getName().size() >= 1);
+      m_staticContainer.add(idCert);
+      m_anchors[idCert->getName().getPrefix(-1)] = idCert;
+    }
+    else
+      BOOST_THROW_EXCEPTION(Error("Cannot decode certificate from base64-string"));
+
+    return;
+  }
+  else if (boost::iequals(type, "dir")) {
+    if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "dir"))
+      BOOST_THROW_EXCEPTION(Error("Expect <trust-anchor.dir>"));
+
+    std::string dirString(propertyIt->second.data());
+    propertyIt++;
+
+    if (propertyIt != configSection.end()) {
+      if (boost::iequals(propertyIt->first, "refresh")) {
+        using namespace boost::filesystem;
+
+        time::nanoseconds refresh = getRefreshPeriod(propertyIt->second.data());
+        propertyIt++;
+
+        if (propertyIt != configSection.end())
+          BOOST_THROW_EXCEPTION(Error("Expect the end of trust-anchor"));
+
+        path dirPath = absolute(dirString, path(filename).parent_path());
+
+        m_dynamicContainers.push_back(DynamicTrustAnchorContainer(dirPath, true, refresh));
+
+        m_dynamicContainers.rbegin()->setLastRefresh(time::system_clock::now() - refresh);
+
+        return;
+      }
       else
-        BOOST_THROW_EXCEPTION(Error("Cannot read certificate from file: " +
-                                    certfilePath.native()));
+        BOOST_THROW_EXCEPTION(Error("Expect <trust-anchor.refresh>!"));
+    }
+    else {
+      using namespace boost::filesystem;
+
+      path dirPath = absolute(dirString, path(filename).parent_path());
+
+      directory_iterator end;
+
+      for (directory_iterator it(dirPath); it != end; it++) {
+        auto idCert = io::load<v1::IdentityCertificate>(it->path().string());
+
+        if (idCert != nullptr)
+          m_staticContainer.add(idCert);
+      }
 
       return;
     }
-  else if (boost::iequals(type, "base64"))
-    {
-      // Get trust-anchor.base64-string
-      if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "base64-string"))
-        BOOST_THROW_EXCEPTION(Error("Expect <trust-anchor.base64-string>!"));
-
-      std::stringstream ss(propertyIt->second.data());
-      propertyIt++;
-
-      // Check other stuff
-      if (propertyIt != configSection.end())
-        BOOST_THROW_EXCEPTION(Error("Expect the end of trust-anchor!"));
-
-      shared_ptr<v1::IdentityCertificate> idCert = io::load<v1::IdentityCertificate>(ss);
-
-      if (static_cast<bool>(idCert))
-        {
-          BOOST_ASSERT(idCert->getName().size() >= 1);
-          m_staticContainer.add(idCert);
-          m_anchors[idCert->getName().getPrefix(-1)] = idCert;
-        }
-      else
-        BOOST_THROW_EXCEPTION(Error("Cannot decode certificate from base64-string"));
-
-      return;
-    }
-  else if (boost::iequals(type, "dir"))
-    {
-      if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "dir"))
-        BOOST_THROW_EXCEPTION(Error("Expect <trust-anchor.dir>"));
-
-      std::string dirString(propertyIt->second.data());
-      propertyIt++;
-
-      if (propertyIt != configSection.end())
-        {
-          if (boost::iequals(propertyIt->first, "refresh"))
-            {
-              using namespace boost::filesystem;
-
-              time::nanoseconds refresh = getRefreshPeriod(propertyIt->second.data());
-              propertyIt++;
-
-              if (propertyIt != configSection.end())
-                BOOST_THROW_EXCEPTION(Error("Expect the end of trust-anchor"));
-
-              path dirPath = absolute(dirString, path(filename).parent_path());
-
-              m_dynamicContainers.push_back(DynamicTrustAnchorContainer(dirPath, true, refresh));
-
-              m_dynamicContainers.rbegin()->setLastRefresh(time::system_clock::now() - refresh);
-
-              return;
-            }
-          else
-            BOOST_THROW_EXCEPTION(Error("Expect <trust-anchor.refresh>!"));
-        }
-      else
-        {
-          using namespace boost::filesystem;
-
-          path dirPath = absolute(dirString, path(filename).parent_path());
-
-          directory_iterator end;
-
-          for (directory_iterator it(dirPath); it != end; it++)
-            {
-              shared_ptr<v1::IdentityCertificate> idCert =
-                io::load<v1::IdentityCertificate>(it->path().string());
-
-              if (static_cast<bool>(idCert))
-                m_staticContainer.add(idCert);
-            }
-
-          return;
-        }
-    }
-  else if (boost::iequals(type, "any"))
-    {
-      m_shouldValidate = false;
-    }
+  }
+  else if (boost::iequals(type, "any")) {
+    m_shouldValidate = false;
+  }
   else
     BOOST_THROW_EXCEPTION(Error("Unsupported trust-anchor.type: " + type));
 }
@@ -379,7 +353,7 @@
 void
 ValidatorConfig::reset()
 {
-  if (static_cast<bool>(m_certificateCache))
+  if (m_certificateCache != nullptr)
     m_certificateCache->reset();
   m_interestRules.clear();
   m_dataRules.clear();
@@ -394,12 +368,8 @@
 bool
 ValidatorConfig::isEmpty()
 {
-  if ((!static_cast<bool>(m_certificateCache) || m_certificateCache->isEmpty()) &&
-      m_interestRules.empty() &&
-      m_dataRules.empty() &&
-      m_anchors.empty())
-    return true;
-  return false;
+  return ((m_certificateCache == nullptr || m_certificateCache->isEmpty()) &&
+          m_interestRules.empty() && m_dataRules.empty() && m_anchors.empty());
 }
 
 time::nanoseconds
@@ -408,31 +378,28 @@
   char unit = inputString[inputString.size() - 1];
   std::string refreshString = inputString.substr(0, inputString.size() - 1);
 
-  uint32_t number;
+  uint32_t refreshPeriod = 0;
 
-  try
-    {
-      number = boost::lexical_cast<uint32_t>(refreshString);
-    }
-  catch (boost::bad_lexical_cast&)
-    {
-      BOOST_THROW_EXCEPTION(Error("Bad number: " + refreshString));
-    }
+  try {
+    refreshPeriod = boost::lexical_cast<uint32_t>(refreshString);
+  }
+  catch (const boost::bad_lexical_cast&) {
+    BOOST_THROW_EXCEPTION(Error("Bad number: " + refreshString));
+  }
 
-  if (number == 0)
+  if (refreshPeriod == 0)
     return getDefaultRefreshPeriod();
 
-  switch (unit)
-    {
-    case 'h':
-      return time::duration_cast<time::nanoseconds>(time::hours(number));
-    case 'm':
-      return time::duration_cast<time::nanoseconds>(time::minutes(number));
-    case 's':
-      return time::duration_cast<time::nanoseconds>(time::seconds(number));
-    default:
-      BOOST_THROW_EXCEPTION(Error(std::string("Wrong time unit: ") + unit));
-    }
+  switch (unit) {
+  case 'h':
+    return time::duration_cast<time::nanoseconds>(time::hours(refreshPeriod));
+  case 'm':
+    return time::duration_cast<time::nanoseconds>(time::minutes(refreshPeriod));
+  case 's':
+    return time::duration_cast<time::nanoseconds>(time::seconds(refreshPeriod));
+  default:
+    BOOST_THROW_EXCEPTION(Error(std::string("Wrong time unit: ") + unit));
+  }
 }
 
 time::nanoseconds
@@ -448,42 +415,30 @@
 
   bool isRefreshed = false;
 
-  for (DynamicContainers::iterator cIt = m_dynamicContainers.begin();
-       cIt != m_dynamicContainers.end(); cIt++)
-    {
-      if (cIt->getLastRefresh() + cIt->getRefreshPeriod() < now)
-        {
-          isRefreshed = true;
-          cIt->refresh();
-          cIt->setLastRefresh(now);
-        }
-      else
-        break;
+  for (auto cIt = m_dynamicContainers.begin();
+       cIt != m_dynamicContainers.end() && cIt->getLastRefresh() + cIt->getRefreshPeriod() < now;
+       cIt++) {
+    isRefreshed = true;
+    cIt->refresh();
+    cIt->setLastRefresh(now);
+  }
+
+  if (isRefreshed) {
+    m_anchors.clear();
+
+    for (const auto& cert : m_staticContainer.getAll()) {
+      m_anchors[cert->getName().getPrefix(-1)] = cert;
     }
 
-  if (isRefreshed)
-    {
-      m_anchors.clear();
+    for (const auto& container : m_dynamicContainers) {
+      const CertificateList& certList = container.getAll();
 
-      for (CertificateList::const_iterator it = m_staticContainer.getAll().begin();
-           it != m_staticContainer.getAll().end(); it++)
-        {
-          m_anchors[(*it)->getName().getPrefix(-1)] = (*it);
-        }
-
-      for (DynamicContainers::iterator cIt = m_dynamicContainers.begin();
-           cIt != m_dynamicContainers.end(); cIt++)
-        {
-          const CertificateList& certList = cIt->getAll();
-
-          for (CertificateList::const_iterator it = certList.begin();
-               it != certList.end(); it++)
-            {
-              m_anchors[(*it)->getName().getPrefix(-1)] = (*it);
-            }
-        }
-      m_dynamicContainers.sort(ValidatorConfig::compareDynamicContainer);
+      for (const auto& cert :certList) {
+        m_anchors[cert->getName().getPrefix(-1)] = cert;
+      }
     }
+    m_dynamicContainers.sort(ValidatorConfig::compareDynamicContainer);
+  }
 }
 
 void
@@ -499,26 +454,22 @@
   bool isMatched = false;
   int8_t checkResult = -1;
 
-  for (DataRuleList::iterator it = m_dataRules.begin();
-       it != m_dataRules.end(); it++)
-    {
-      if ((*it)->match(data))
-        {
-          isMatched = true;
-          checkResult = (*it)->check(data, onValidated, onValidationFailed);
-          break;
-        }
+  for (const auto& dataRule : m_dataRules) {
+    if (dataRule->match(data)) {
+      isMatched = true;
+      checkResult = dataRule->check(data, onValidated, onValidationFailed);
+      break;
     }
+  }
 
   if (!isMatched)
     return onValidationFailed(data.shared_from_this(), "No rule matched!");
 
-  if (checkResult == 0)
-    {
-      const Signature& signature = data.getSignature();
-      checkSignature(data, signature, nSteps,
-                     onValidated, onValidationFailed, nextSteps);
-    }
+  if (checkResult == 0) {
+    const Signature& signature = data.getSignature();
+    checkSignature(data, signature, nSteps,
+                   onValidated, onValidationFailed, nextSteps);
+  }
 }
 
 void
@@ -537,75 +488,59 @@
     return onValidationFailed(interest.shared_from_this(),
                               "Interest is not signed: " + interest.getName().toUri());
 
-  try
-    {
-      const Name& interestName = interest.getName();
-      Signature signature(interestName[signed_interest::POS_SIG_INFO].blockFromValue(),
-                          interestName[signed_interest::POS_SIG_VALUE].blockFromValue());
+  try {
+    const Name& interestName = interest.getName();
+    Signature signature(interestName[signed_interest::POS_SIG_INFO].blockFromValue(),
+                        interestName[signed_interest::POS_SIG_VALUE].blockFromValue());
 
-      if (!signature.hasKeyLocator())
-        return onValidationFailed(interest.shared_from_this(),
-                                  "No valid KeyLocator");
+    if (!signature.hasKeyLocator())
+      return onValidationFailed(interest.shared_from_this(), "No valid KeyLocator");
 
-      const KeyLocator& keyLocator = signature.getKeyLocator();
+    const KeyLocator& keyLocator = signature.getKeyLocator();
 
-      if (keyLocator.getType() != KeyLocator::KeyLocator_Name)
-        return onValidationFailed(interest.shared_from_this(),
-                                  "Key Locator is not a name");
+    if (keyLocator.getType() != KeyLocator::KeyLocator_Name)
+      return onValidationFailed(interest.shared_from_this(), "Key Locator is not a name");
 
-      Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(keyLocator.getName());
+    Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(keyLocator.getName());
 
-      bool isMatched = false;
-      int8_t checkResult = -1;
+    bool isMatched = false;
+    int8_t checkResult = -1;
 
-      for (InterestRuleList::iterator it = m_interestRules.begin();
-           it != m_interestRules.end(); it++)
-        {
-          if ((*it)->match(interest))
-            {
-              isMatched = true;
-              checkResult = (*it)->check(interest,
-                                         bind(&ValidatorConfig::checkTimestamp, this, _1,
-                                              keyName, onValidated, onValidationFailed),
-                                         onValidationFailed);
-              break;
-            }
-        }
-
-      if (!isMatched)
-        return onValidationFailed(interest.shared_from_this(), "No rule matched!");
-
-      if (checkResult == 0)
-        {
-          checkSignature<Interest, OnInterestValidated, OnInterestValidationFailed>
-            (interest, signature, nSteps,
-             bind(&ValidatorConfig::checkTimestamp, this, _1,
-                  keyName, onValidated, onValidationFailed),
-             onValidationFailed,
-             nextSteps);
-        }
-    }
-  catch (Signature::Error& e)
-    {
-      return onValidationFailed(interest.shared_from_this(),
-                                "No valid signature");
-    }
-  catch (KeyLocator::Error& e)
-    {
-      return onValidationFailed(interest.shared_from_this(),
-                                "No valid KeyLocator");
-    }
-  catch (v1::IdentityCertificate::Error& e)
-    {
-      return onValidationFailed(interest.shared_from_this(),
-                                "Cannot determine the signing key");
+    for (const auto& interestRule : m_interestRules) {
+      if (interestRule->match(interest)) {
+        isMatched = true;
+        checkResult = interestRule->check(interest,
+                                          bind(&ValidatorConfig::checkTimestamp, this, _1,
+                                               keyName, onValidated, onValidationFailed),
+                                          onValidationFailed);
+        break;
+      }
     }
 
-  catch (tlv::Error& e)
-    {
-      return onValidationFailed(interest.shared_from_this(),
-                                "Cannot decode signature");
+    if (!isMatched)
+      return onValidationFailed(interest.shared_from_this(), "No rule matched!");
+
+    if (checkResult == 0) {
+      checkSignature<Interest, OnInterestValidated, OnInterestValidationFailed>
+        (interest, signature, nSteps,
+         bind(&ValidatorConfig::checkTimestamp, this, _1,
+              keyName, onValidated, onValidationFailed),
+         onValidationFailed,
+         nextSteps);
     }
+  }
+  catch (const Signature::Error& e) {
+    return onValidationFailed(interest.shared_from_this(), "No valid signature");
+  }
+  catch (const KeyLocator::Error& e){
+    return onValidationFailed(interest.shared_from_this(), "No valid KeyLocator");
+  }
+  catch (const v1::IdentityCertificate::Error& e){
+    return onValidationFailed(interest.shared_from_this(), "Cannot determine the signing key");
+  }
+  catch (const tlv::Error& e){
+    return onValidationFailed(interest.shared_from_this(), "Cannot decode signature");
+  }
 }
 
 void
@@ -617,47 +552,38 @@
   const Name& interestName = interest->getName();
   time::system_clock::TimePoint interestTime;
 
-  try
-    {
-      interestTime =
-        time::fromUnixTimestamp(
-          time::milliseconds(interestName.get(-signed_interest::MIN_LENGTH).toNumber()));
-    }
-  catch (tlv::Error& e)
-    {
-      return onValidationFailed(interest,
-                                "Cannot decode signature related TLVs");
-    }
+  try {
+    interestTime =
+      time::fromUnixTimestamp(time::milliseconds(interestName.get(-signed_interest::MIN_LENGTH).toNumber()));
+  }
+  catch (const tlv::Error& e) {
+    return onValidationFailed(interest,
+                              "Cannot decode signature related TLVs");
+  }
 
   time::system_clock::TimePoint currentTime = time::system_clock::now();
 
   LastTimestampMap::iterator timestampIt = m_lastTimestamp.find(keyName);
-  if (timestampIt == m_lastTimestamp.end())
-    {
-      if (!(currentTime - m_graceInterval <= interestTime &&
-            interestTime <= currentTime + m_graceInterval))
-        return onValidationFailed(interest,
-                                  "The command is not in grace interval: " +
-                                  interest->getName().toUri());
-    }
-  else
-    {
-      if (interestTime <= timestampIt->second)
-        return onValidationFailed(interest,
-                                  "The command is outdated: " +
-                                  interest->getName().toUri());
-    }
+  if (timestampIt == m_lastTimestamp.end()) {
+    if (!(currentTime - m_graceInterval <= interestTime &&
+          interestTime <= currentTime + m_graceInterval))
+      return onValidationFailed(interest,
+                                "The command is not in grace interval: " + interest->getName().toUri());
+  }
+  else {
+    if (interestTime <= timestampIt->second)
+      return onValidationFailed(interest,
+                                "The command is outdated: " + interest->getName().toUri());
+  }
 
-  //Update timestamp
-  if (timestampIt == m_lastTimestamp.end())
-    {
-      cleanOldKeys();
-      m_lastTimestamp[keyName] = interestTime;
-    }
-  else
-    {
-      timestampIt->second = interestTime;
-    }
+  // Update timestamp
+  if (timestampIt == m_lastTimestamp.end()) {
+    cleanOldKeys();
+    m_lastTimestamp[keyName] = interestTime;
+  }
+  else {
+    timestampIt->second = interestTime;
+  }
 
   return onValidated(interest);
 }
@@ -675,25 +601,22 @@
   LastTimestampMap::iterator oldestKeyIt = m_lastTimestamp.begin();
   time::system_clock::TimePoint oldestTimestamp = oldestKeyIt->second;
 
-  while (timestampIt != end)
-    {
-      if (now - timestampIt->second > m_keyTimestampTtl)
-        {
-          LastTimestampMap::iterator toDelete = timestampIt;
-          timestampIt++;
-          m_lastTimestamp.erase(toDelete);
-          continue;
-        }
-
-      if (timestampIt->second < oldestTimestamp)
-        {
-          oldestTimestamp = timestampIt->second;
-          oldestKeyIt = timestampIt;
-        }
-
+  while (timestampIt != end) {
+    if (now - timestampIt->second > m_keyTimestampTtl) {
+      LastTimestampMap::iterator toDelete = timestampIt;
       timestampIt++;
+      m_lastTimestamp.erase(toDelete);
+      continue;
     }
 
+    if (timestampIt->second < oldestTimestamp) {
+      oldestTimestamp = timestampIt->second;
+      oldestKeyIt = timestampIt;
+    }
+
+    timestampIt++;
+  }
+
   if (m_lastTimestamp.size() >= m_maxTrackedKeys)
     m_lastTimestamp.erase(oldestKeyIt);
 }
@@ -705,27 +628,22 @@
 
   m_certificates.clear();
 
-  if (m_isDir)
-    {
-      directory_iterator end;
+  if (m_isDir) {
+    directory_iterator end;
 
-      for (directory_iterator it(m_path); it != end; it++)
-        {
-          shared_ptr<v1::IdentityCertificate> idCert =
-            io::load<v1::IdentityCertificate>(it->path().string());
+    for (directory_iterator it(m_path); it != end; it++) {
+      auto idCert = io::load<v1::IdentityCertificate>(it->path().string());
 
-          if (static_cast<bool>(idCert))
-            m_certificates.push_back(idCert);
-        }
-    }
-  else
-    {
-      shared_ptr<v1::IdentityCertificate> idCert =
-        io::load<v1::IdentityCertificate>(m_path.string());
-
-      if (static_cast<bool>(idCert))
+      if (idCert != nullptr)
         m_certificates.push_back(idCert);
     }
+  }
+  else {
+    auto idCert = io::load<v1::IdentityCertificate>(m_path.string());
+
+    if (idCert != nullptr)
+      m_certificates.push_back(idCert);
+  }
 }
 
 template<class Packet, class OnValidated, class OnFailed>
@@ -737,43 +655,37 @@
                                 const OnFailed& onValidationFailed,
                                 std::vector<shared_ptr<ValidationRequest>>& nextSteps)
 {
-  if (signature.getType() == tlv::DigestSha256)
-    {
-      DigestSha256 sigSha256(signature);
+  if (signature.getType() == tlv::DigestSha256) {
+    DigestSha256 sigSha256(signature);
 
-      if (verifySignature(packet, sigSha256))
-        return onValidated(packet.shared_from_this());
-      else
-        return onValidationFailed(packet.shared_from_this(),
-                                  "Sha256 Signature cannot be verified!");
-    }
+    if (verifySignature(packet, sigSha256))
+      return onValidated(packet.shared_from_this());
+    else
+      return onValidationFailed(packet.shared_from_this(), "Sha256 Signature cannot be verified!");
+  }
 
   try {
     switch (signature.getType()) {
-    case tlv::SignatureSha256WithRsa:
-    case tlv::SignatureSha256WithEcdsa:
-      {
+      case tlv::SignatureSha256WithRsa:
+      case tlv::SignatureSha256WithEcdsa: {
         if (!signature.hasKeyLocator()) {
           return onValidationFailed(packet.shared_from_this(),
                                     "Missing KeyLocator in SignatureInfo");
         }
         break;
       }
-    default:
-      return onValidationFailed(packet.shared_from_this(),
-                              "Unsupported signature type");
+      default:
+        return onValidationFailed(packet.shared_from_this(), "Unsupported signature type");
     }
   }
-  catch (KeyLocator::Error& e) {
+  catch (const KeyLocator::Error& e) {
     return onValidationFailed(packet.shared_from_this(),
                               "Cannot decode KeyLocator in public key signature");
   }
-  catch (tlv::Error& e) {
-    return onValidationFailed(packet.shared_from_this(),
-                              "Cannot decode public key signature");
+  catch (const tlv::Error& e) {
+    return onValidationFailed(packet.shared_from_this(), "Cannot decode public key signature");
   }
 
-
   if (signature.getKeyLocator().getType() != KeyLocator::KeyLocator_Name) {
     return onValidationFailed(packet.shared_from_this(), "Unsupported KeyLocator type");
   }
@@ -785,45 +697,39 @@
   refreshAnchors();
 
   AnchorList::const_iterator it = m_anchors.find(keyLocatorName);
-  if (m_anchors.end() == it && static_cast<bool>(m_certificateCache))
+  if (m_anchors.end() == it && m_certificateCache != nullptr)
     trustedCert = m_certificateCache->getCertificate(keyLocatorName);
   else if (m_anchors.end() != it)
     trustedCert = it->second;
 
-  if (static_cast<bool>(trustedCert))
-    {
-      if (verifySignature(packet, signature, trustedCert->getPublicKeyInfo()))
-        return onValidated(packet.shared_from_this());
-      else
-        return onValidationFailed(packet.shared_from_this(),
-                                  "Cannot verify signature");
-    }
-  else
-    {
-      if (m_stepLimit == nSteps)
-        return onValidationFailed(packet.shared_from_this(),
-                                  "Maximum steps of validation reached");
+  if (trustedCert != nullptr) {
+    if (verifySignature(packet, signature, trustedCert->getPublicKeyInfo()))
+      return onValidated(packet.shared_from_this());
+    else
+      return onValidationFailed(packet.shared_from_this(), "Cannot verify signature");
+  }
+  else {
+    if (m_stepLimit == nSteps)
+      return onValidationFailed(packet.shared_from_this(), "Maximum steps of validation reached");
 
-      OnDataValidated onCertValidated =
-        bind(&ValidatorConfig::onCertValidated<Packet, OnValidated, OnFailed>,
-             this, _1, packet.shared_from_this(), onValidated, onValidationFailed);
+    OnDataValidated onCertValidated =
+      bind(&ValidatorConfig::onCertValidated<Packet, OnValidated, OnFailed>,
+           this, _1, packet.shared_from_this(), onValidated, onValidationFailed);
 
-      OnDataValidationFailed onCertValidationFailed =
-        bind(&ValidatorConfig::onCertFailed<Packet, OnFailed>,
-             this, _1, _2, packet.shared_from_this(), onValidationFailed);
+    OnDataValidationFailed onCertValidationFailed =
+      bind(&ValidatorConfig::onCertFailed<Packet, OnFailed>,
+           this, _1, _2, packet.shared_from_this(), onValidationFailed);
 
-      Interest certInterest(keyLocatorName);
+    Interest certInterest(keyLocatorName);
 
-      shared_ptr<ValidationRequest> nextStep =
-        make_shared<ValidationRequest>(certInterest,
-                                       onCertValidated,
-                                       onCertValidationFailed,
-                                       1, nSteps + 1);
+    auto nextStep = make_shared<ValidationRequest>(certInterest,
+                                                   onCertValidated,
+                                                   onCertValidationFailed,
+                                                   1, nSteps + 1);
 
-      nextSteps.push_back(nextStep);
-      return;
-    }
-
+    nextSteps.push_back(nextStep);
+    return;
+  }
   return onValidationFailed(packet.shared_from_this(), "Unsupported Signature Type");
 }
 
@@ -843,31 +749,27 @@
   try {
     certificate = make_shared<v1::IdentityCertificate>(*signCertificate);
   }
-  catch (tlv::Error&) {
+  catch (const tlv::Error&) {
     return onValidationFailed(packet,
                               "Cannot decode signer's cert: " +
                               signCertificate->getName().toUri());
   }
 
-  if (!certificate->isTooLate() && !certificate->isTooEarly())
-    {
-      if (static_cast<bool>(m_certificateCache))
-        m_certificateCache->insertCertificate(certificate);
+  if (!certificate->isTooLate() && !certificate->isTooEarly()) {
+    if (m_certificateCache != nullptr)
+      m_certificateCache->insertCertificate(certificate);
 
-      if (verifySignature(*packet, certificate->getPublicKeyInfo()))
-        return onValidated(packet);
-      else
-        return onValidationFailed(packet,
-                                  "Cannot verify signature: " +
-                                  packet->getName().toUri());
-    }
-  else
-    {
+    if (verifySignature(*packet, certificate->getPublicKeyInfo()))
+      return onValidated(packet);
+    else
       return onValidationFailed(packet,
-                                "Signing certificate " +
-                                signCertificate->getName().toUri() +
-                                " is no longer valid.");
-    }
+                                "Cannot verify signature: " + packet->getName().toUri());
+  }
+  else {
+    return onValidationFailed(packet,
+                              "Signing certificate " +
+                              signCertificate->getName().toUri() + " is no longer valid.");
+  }
 }
 
 template<class Packet, class OnFailed>
diff --git a/src/security/validator-config.hpp b/src/security/validator-config.hpp
index 8d801ad..a477325 100644
--- a/src/security/validator-config.hpp
+++ b/src/security/validator-config.hpp
@@ -33,6 +33,9 @@
 namespace ndn {
 namespace security {
 
+/**
+ * @brief The validator which can be set up via a configuration file.
+ */
 class ValidatorConfig : public Validator
 {
 public:
@@ -67,9 +70,6 @@
                   const size_t maxTrackedKeys = 1000,
                   const time::system_clock::Duration& keyTimestampTtl = DEFAULT_KEY_TIMESTAMP_TTL);
 
-  virtual
-  ~ValidatorConfig() = default;
-
   void
   load(const std::string& filename);
 
@@ -95,14 +95,14 @@
               int nSteps,
               const OnDataValidated& onValidated,
               const OnDataValidationFailed& onValidationFailed,
-              std::vector<shared_ptr<ValidationRequest>>& nextSteps);
+              std::vector<shared_ptr<ValidationRequest>>& nextSteps) override;
 
   virtual void
   checkPolicy(const Interest& interest,
               int nSteps,
               const OnInterestValidated& onValidated,
               const OnInterestValidationFailed& onValidationFailed,
-              std::vector<shared_ptr<ValidationRequest>>& nextSteps);
+              std::vector<shared_ptr<ValidationRequest>>& nextSteps) override;
 
 private:
   template<class Packet, class OnValidated, class OnFailed>
@@ -157,10 +157,6 @@
   class TrustAnchorContainer
   {
   public:
-    TrustAnchorContainer()
-    {
-    }
-
     const std::list<shared_ptr<v1::IdentityCertificate>>&
     getAll() const
     {
@@ -238,7 +234,6 @@
   typedef std::list<DynamicTrustAnchorContainer> DynamicContainers; // sorted by m_lastRefresh
   typedef std::list<shared_ptr<v1::IdentityCertificate>> CertificateList;
 
-
   /**
    * @brief gives whether validation should be preformed
    *