security: Enabling SignedInterest processing in SecPolicy and Verifier.
refs: #1161
Change-Id: I701ad619299e8e5aae03658b5ce2d3e7fed179cd
diff --git a/src/security/sec-policy-no-verify.cpp b/src/security/sec-policy-no-verify.cpp
index 23ffa42..1dce9d2 100644
--- a/src/security/sec-policy-no-verify.cpp
+++ b/src/security/sec-policy-no-verify.cpp
@@ -15,37 +15,22 @@
SecPolicyNoVerify::~SecPolicyNoVerify()
{
}
-
-bool
-SecPolicyNoVerify::skipVerifyAndTrust(const Data& data)
-{
- return true;
-}
-
-bool
-SecPolicyNoVerify::requireVerify(const Data& data)
-{
- return false;
-}
ptr_lib::shared_ptr<ValidationRequest>
SecPolicyNoVerify::checkVerificationPolicy
(const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed)
{
- onVerified(data);
+ onVerified();
return ptr_lib::shared_ptr<ValidationRequest>();
}
-bool
-SecPolicyNoVerify::checkSigningPolicy(const Name& dataName, const Name& certificateName)
+ptr_lib::shared_ptr<ValidationRequest>
+SecPolicyNoVerify::checkVerificationPolicy
+ (const ptr_lib::shared_ptr<Interest>& interest, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed)
{
- return true;
+ onVerified();
+ return ptr_lib::shared_ptr<ValidationRequest>();
}
-Name
-SecPolicyNoVerify::inferSigningIdentity(const Name& dataName)
-{
- return Name();
-}
}
diff --git a/src/security/sec-policy-no-verify.hpp b/src/security/sec-policy-no-verify.hpp
index 1d2927e..4b3e15a 100644
--- a/src/security/sec-policy-no-verify.hpp
+++ b/src/security/sec-policy-no-verify.hpp
@@ -22,49 +22,32 @@
~SecPolicyNoVerify();
/**
- * Override to always skip verification and trust as valid.
- * @param data The received data packet.
- * @return true.
- */
- virtual bool
- skipVerifyAndTrust(const Data& data);
-
- /**
- * Override to return false for no verification rule for the received data.
- * @param data The received data packet.
- * @return false.
- */
- virtual bool
- requireVerify(const Data& data);
-
- /**
- * Override to call onVerified(data) and to indicate no further verification step.
+ * Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.
+ * If there is no next verification step, that imlies policy MUST have already made the verification decision.
+ * i.e., either onVerified or onVerifyFailed callback is invoked.
* @param data The Data object with the signature to check.
* @param stepCount The number of verification steps that have been done, used to track the verification progress.
- * @param onVerified This does override to call onVerified(data).
- * @param onVerifyFailed Override to ignore this.
- * @return null for no further step.
+ * @param onVerified If the signature is verified, this calls onVerified(data).
+ * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
+ * @return the indication of next verification step, null if there is no further step.
*/
virtual ptr_lib::shared_ptr<ValidationRequest>
checkVerificationPolicy
(const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed);
-
+
/**
- * Override to always indicate that the signing certificate name and data name satisfy the signing policy.
- * @param dataName The name of data to be signed.
- * @param certificateName The name of signing certificate.
- * @return true to indicate that the signing certificate can be used to sign the data.
+ * Check whether the received interest packet complies with the verification policy, and get the indication of the next verification step.
+ * If there is no next verification step, that implies policy MUST have already made the verification decision.
+ * i.e., either onVerified or onVerifyFailed callback is invoked.
+ * @param data The Data object with the signature to check.
+ * @param stepCount The number of verification steps that have been done, used to track the verification progress.
+ * @param onVerified If the signature is verified, this calls onVerified(data).
+ * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
+ * @return the indication of next verification step, null if there is no further step.
*/
- virtual bool
- checkSigningPolicy(const Name& dataName, const Name& certificateName);
-
- /**
- * Override to indicate that the signing identity cannot be inferred.
- * @param dataName The name of data to be signed.
- * @return An empty name because cannot infer.
- */
- virtual Name
- inferSigningIdentity(const Name& dataName);
+ virtual ptr_lib::shared_ptr<ValidationRequest>
+ checkVerificationPolicy
+ (const ptr_lib::shared_ptr<Interest>& interest, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed);
};
}
diff --git a/src/security/sec-policy-self-verify.cpp b/src/security/sec-policy-self-verify.cpp
index ca9fb3d..2793b69 100644
--- a/src/security/sec-policy-self-verify.cpp
+++ b/src/security/sec-policy-self-verify.cpp
@@ -16,66 +16,10 @@
namespace ndn {
-/**
- * Verify the signature on the data packet using the given public key. If there is no data.getDefaultWireEncoding(),
- * this calls data.wireEncode() to set it.
- * TODO: Move this general verification code to a more central location.
- * @param data The data packet with the signed portion and the signature to verify. The data packet must have a
- * Sha256WithRsaSignature.
- * @param publicKeyDer The DER-encoded public key used to verify the signature.
- * @return true if the signature verifies, false if not.
- * @throw SecurityException if data does not have a Sha256WithRsaSignature.
- */
-static bool
-verifySha256WithRsaSignature(const Data& data, const Blob& publicKeyDer)
-{
- const Sha256WithRsaSignature *signature = dynamic_cast<const Sha256WithRsaSignature*>(data.getSignature());
- if (!signature)
- throw SecurityException("signature is not Sha256WithRsaSignature.");
-
- // Set the data packet's default wire encoding if it is not already there.
- if (signature->getDigestAlgorithm().size() != 0)
- // TODO: Allow a non-default digest algorithm.
- throw UnrecognizedDigestAlgorithmException("Cannot verify a data packet with a non-default digest algorithm.");
- if (!data.getDefaultWireEncoding())
- data.wireEncode();
-
- // Set signedPortionDigest to the digest of the signed portion of the wire encoding.
- uint8_t signedPortionDigest[SHA256_DIGEST_LENGTH];
- ndn_digestSha256(data.getDefaultWireEncoding().signedBuf(), data.getDefaultWireEncoding().signedSize(), signedPortionDigest);
-
- // Verify the signedPortionDigest.
- // Use a temporary pointer since d2i updates it.
- const uint8_t *derPointer = publicKeyDer.buf();
- RSA *rsaPublicKey = d2i_RSA_PUBKEY(NULL, &derPointer, publicKeyDer.size());
- if (!rsaPublicKey)
- throw UnrecognizedKeyFormatException("Error decoding public key in d2i_RSAPublicKey");
- int success = RSA_verify
- (NID_sha256, signedPortionDigest, sizeof(signedPortionDigest), (uint8_t *)signature->getSignature().buf(),
- signature->getSignature().size(), rsaPublicKey);
- // Free the public key before checking for success.
- RSA_free(rsaPublicKey);
-
- // RSA_verify returns 1 for a valid signature.
- return (success == 1);
-}
-
SecPolicySelfVerify::~SecPolicySelfVerify()
{
}
-bool
-SecPolicySelfVerify::skipVerifyAndTrust(const Data& data)
-{
- return false;
-}
-
-bool
-SecPolicySelfVerify::requireVerify(const Data& data)
-{
- return true;
-}
-
ptr_lib::shared_ptr<ValidationRequest>
SecPolicySelfVerify::checkVerificationPolicy
(const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed)
@@ -113,18 +57,6 @@
return ptr_lib::shared_ptr<ValidationRequest>();
}
-bool
-SecPolicySelfVerify::checkSigningPolicy(const Name& dataName, const Name& certificateName)
-{
- return true;
-}
-
-Name
-SecPolicySelfVerify::inferSigningIdentity(const Name& dataName)
-{
- return Name();
-}
-
}
#endif // TEMPORARILY_DISABLED
diff --git a/src/security/sec-policy-self-verify.hpp b/src/security/sec-policy-self-verify.hpp
index 111b61a..1b17646 100644
--- a/src/security/sec-policy-self-verify.hpp
+++ b/src/security/sec-policy-self-verify.hpp
@@ -37,53 +37,32 @@
~SecPolicySelfVerify();
/**
- * Never skip verification.
- * @param data The received data packet.
- * @return false.
- */
- virtual bool
- skipVerifyAndTrust(const Data& data);
-
- /**
- * Always return true to use the self-verification rule for the received data.
- * @param data The received data packet.
- * @return true.
- */
- virtual bool
- requireVerify(const Data& data);
-
- /**
- * Use the public key DER in the data packet's KeyLocator (if available) or look in the IdentityStorage for the
- * public key with the name in the KeyLocator (if available) and use it to verify the data packet. If the public key can't
- * be found, call onVerifyFailed.
+ * Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.
+ * If there is no next verification step, that imlies policy MUST have already made the verification decision.
+ * i.e., either onVerified or onVerifyFailed callback is invoked.
* @param data The Data object with the signature to check.
* @param stepCount The number of verification steps that have been done, used to track the verification progress.
- * (stepCount is ignored.)
* @param onVerified If the signature is verified, this calls onVerified(data).
- * @param onVerifyFailed If the signature check fails or can't find the public key, this calls onVerifyFailed(data).
- * @return null for no further step for looking up a certificate chain.
+ * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
+ * @return the indication of next verification step, null if there is no further step.
*/
virtual ptr_lib::shared_ptr<ValidationRequest>
checkVerificationPolicy
(const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed);
-
+
/**
- * Override to always indicate that the signing certificate name and data name satisfy the signing policy.
- * @param dataName The name of data to be signed.
- * @param certificateName The name of signing certificate.
- * @return true to indicate that the signing certificate can be used to sign the data.
+ * Check whether the received interest packet complies with the verification policy, and get the indication of the next verification step.
+ * If there is no next verification step, that implies policy MUST have already made the verification decision.
+ * i.e., either onVerified or onVerifyFailed callback is invoked.
+ * @param data The Data object with the signature to check.
+ * @param stepCount The number of verification steps that have been done, used to track the verification progress.
+ * @param onVerified If the signature is verified, this calls onVerified(data).
+ * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
+ * @return the indication of next verification step, null if there is no further step.
*/
- virtual bool
- checkSigningPolicy(const Name& dataName, const Name& certificateName);
-
- /**
- * Override to indicate that the signing identity cannot be inferred.
- * @param dataName The name of data to be signed.
- * @return An empty name because cannot infer.
- */
- virtual Name
- inferSigningIdentity(const Name& dataName);
-
+ virtual ptr_lib::shared_ptr<ValidationRequest>
+ checkVerificationPolicy
+ (const ptr_lib::shared_ptr<Interest>& interest, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed);
};
}
diff --git a/src/security/sec-policy.hpp b/src/security/sec-policy.hpp
index e3879bb..0d17e41 100644
--- a/src/security/sec-policy.hpp
+++ b/src/security/sec-policy.hpp
@@ -10,6 +10,7 @@
#define NDN_SEC_POLICY_HPP
#include "../data.hpp"
+#include "verifier.hpp"
#include "validation-request.hpp"
namespace ndn {
@@ -29,23 +30,9 @@
~SecPolicy() {}
/**
- * Check if the received data packet can escape from verification and be trusted as valid.
- * @param data The received data packet.
- * @return true if the data does not need to be verified to be trusted as valid, otherwise false.
- */
- virtual bool
- skipVerifyAndTrust(const Data& data) = 0;
-
- /**
- * Check if this SecPolicy has a verification rule for the received data.
- * @param data The received data packet.
- * @return true if the data must be verified, otherwise false.
- */
- virtual bool
- requireVerify(const Data& data) = 0;
-
- /**
* Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.
+ * If there is no next verification step, that imlies policy MUST have already made the verification decision.
+ * i.e., either onVerified or onVerifyFailed callback is invoked.
* @param data The Data object with the signature to check.
* @param stepCount The number of verification steps that have been done, used to track the verification progress.
* @param onVerified If the signature is verified, this calls onVerified(data).
@@ -54,24 +41,29 @@
*/
virtual ptr_lib::shared_ptr<ValidationRequest>
checkVerificationPolicy
- (const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed) = 0;
-
+ (const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed)
+ {
+ onVerifyFailed();
+ return ptr_lib::shared_ptr<ValidationRequest>();
+ }
+
/**
- * Check if the signing certificate name and data name satisfy the signing policy.
- * @param dataName The name of data to be signed.
- * @param certificateName The name of signing certificate.
- * @return true if the signing certificate can be used to sign the data, otherwise false.
+ * Check whether the received interest packet complies with the verification policy, and get the indication of the next verification step.
+ * If there is no next verification step, that implies policy MUST have already made the verification decision.
+ * i.e., either onVerified or onVerifyFailed callback is invoked.
+ * @param data The Data object with the signature to check.
+ * @param stepCount The number of verification steps that have been done, used to track the verification progress.
+ * @param onVerified If the signature is verified, this calls onVerified(data).
+ * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
+ * @return the indication of next verification step, null if there is no further step.
*/
- virtual bool
- checkSigningPolicy(const Name& dataName, const Name& certificateName) = 0;
-
- /**
- * Infer the signing identity name according to the policy. If the signing identity cannot be inferred, return an empty name.
- * @param dataName The name of data to be signed.
- * @return The signing identity or an empty name if cannot infer.
- */
- virtual Name
- inferSigningIdentity(const Name& dataName) = 0;
+ virtual ptr_lib::shared_ptr<ValidationRequest>
+ checkVerificationPolicy
+ (const ptr_lib::shared_ptr<Interest>& interest, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed)
+ {
+ onVerifyFailed();
+ return ptr_lib::shared_ptr<ValidationRequest>();
+ }
};
}
diff --git a/src/security/validation-request.hpp b/src/security/validation-request.hpp
index 7471065..ad2a128 100644
--- a/src/security/validation-request.hpp
+++ b/src/security/validation-request.hpp
@@ -13,34 +13,34 @@
namespace ndn {
-/**
- * An OnVerified function object is used to pass a callback to verifyData to report a successful verification.
- */
-typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerified;
-
-/**
- * An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verification.
- */
-typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerifyFailed;
-
-
class ValidationRequest {
public:
+ /**
+ * An OnCertVerified function object is used to pass a callback to to report a successful verification.
+ */
+ typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>&)> OnCertVerified;
+
+ /**
+ * An OnCertVerifyFailed function object is used to pass a callback to to report a failed verification.
+ */
+ typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>&)> OnCertVerifyFailed;
+
+
ValidationRequest
- (const ptr_lib::shared_ptr<Interest> &interest, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed,
+ (const ptr_lib::shared_ptr<Interest> &interest, const OnCertVerified& onVerified, const OnCertVerifyFailed& onVerifyFailed,
int retry, int stepCount)
- : interest_(interest), onVerified_(onVerified), onVerifyFailed_(onVerifyFailed), retry_(retry), stepCount_(stepCount)
+ : m_interest(interest), m_onVerified(onVerified), m_onVerifyFailed(onVerifyFailed), m_retry(retry), m_stepCount(stepCount)
{
}
virtual
~ValidationRequest() {}
- ptr_lib::shared_ptr<Interest> interest_; // An interest packet to fetch the requested data.
- OnVerified onVerified_; // A callback function if the requested certificate has been validated.
- OnVerifyFailed onVerifyFailed_; // A callback function if the requested certificate cannot be validated.
- int retry_; // The number of retrials when there is an interest timeout.
- int stepCount_;
+ ptr_lib::shared_ptr<Interest> m_interest; // An interest packet to fetch the requested data.
+ OnCertVerified m_onVerified; // A callback function if the requested certificate has been validated.
+ OnCertVerifyFailed m_onVerifyFailed; // A callback function if the requested certificate cannot be validated.
+ int m_retry; // The number of retrials when there is an interest timeout.
+ int m_stepCount;
};
}
diff --git a/src/security/verifier.cpp b/src/security/verifier.cpp
index 4abd14a..cef8997 100644
--- a/src/security/verifier.cpp
+++ b/src/security/verifier.cpp
@@ -27,7 +27,6 @@
#include "../util/logging.hpp"
using namespace std;
-using namespace ndn::func_lib;
#if NDN_CPP_HAVE_CXX11
// In the std library, the placeholders are in a different namespace than boost.
using namespace ndn::func_lib::placeholders;
@@ -39,9 +38,9 @@
const ptr_lib::shared_ptr<SecPolicy> Verifier::DefaultPolicy = ptr_lib::shared_ptr<SecPolicy>();
Verifier::Verifier(const ptr_lib::shared_ptr<SecPolicy> &policy /* = DefaultPolicy */)
- : policy_(policy)
+ : m_policy(policy)
{
- if (policy_ == DefaultPolicy)
+ if (m_policy == DefaultPolicy)
{
// #ifdef USE_SIMPLE_POLICY_MANAGER
// Ptr<SimplePolicyManager> policyManager = Ptr<SimplePolicyManager>(new SimplePolicyManager());
@@ -69,49 +68,91 @@
}
void
-Verifier::verifyData
- (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount)
+Verifier::verify(const ptr_lib::shared_ptr<const Interest> &interest,
+ const OnVerified &onVerified,
+ const OnVerifyFailed &onVerifyFailed,
+ int stepCount)
{
- if (policy().requireVerify(*data)) {
- ptr_lib::shared_ptr<ValidationRequest> nextStep = policy_->checkVerificationPolicy
- (data, stepCount, onVerified, onVerifyFailed);
- if (static_cast<bool>(nextStep))
- {
- if (!face_)
- throw Error("Face should be set prior to verifyData method to call");
-
- face_->expressInterest
- (*nextStep->interest_,
- bind(&Verifier::onCertificateData, this, _1, _2, nextStep),
- bind(&Verifier::onCertificateInterestTimeout, this, _1, nextStep->retry_, onVerifyFailed, data, nextStep));
- }
- }
- else if (policy().skipVerifyAndTrust(*data))
- onVerified(data);
+ //It does not make sense to verify Interest without specified policy, verification must fail!
+ if(!static_cast<bool>(m_policy))
+ onVerifyFailed();
else
- onVerifyFailed(data);
+ {
+ //check verification policy
+ ptr_lib::shared_ptr<ValidationRequest> nextStep = m_policy->checkVerificationPolicy(interest, stepCount, onVerified, onVerifyFailed);
+ if (static_cast<bool>(nextStep))
+ {
+ if(!m_face)
+ throw Error("Face should be set prior to verify method to call");
+
+ m_face->expressInterest
+ (*nextStep->m_interest,
+ func_lib::bind(&Verifier::onCertificateData, this, _1, _2, nextStep),
+ func_lib::bind(&Verifier::onCertificateInterestTimeout, this, _1, nextStep->m_retry, onVerifyFailed, nextStep));
+ }
+ else
+ {
+ //If there is no nextStep, that means InterestPolicy has already been able to verify the Interest.
+ //No more further processes.
+ }
+ }
}
void
-Verifier::onCertificateData(const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep)
+Verifier::verify(const ptr_lib::shared_ptr<const Data> &data,
+ const OnVerified &onVerified,
+ const OnVerifyFailed &onVerifyFailed,
+ int stepCount)
+{
+ //It does not make sense to verify Interest without specified policy, verification must fail!
+ if(!static_cast<bool>(m_policy))
+ onVerifyFailed();
+ else
+ {
+ //check verification policy
+ ptr_lib::shared_ptr<ValidationRequest> nextStep = m_policy->checkVerificationPolicy(data, stepCount, onVerified, onVerifyFailed);
+ if (static_cast<bool>(nextStep))
+ {
+ if(!m_face)
+ throw Error("Face should be set prior to verify method to call");
+
+ m_face->expressInterest
+ (*nextStep->m_interest,
+ func_lib::bind(&Verifier::onCertificateData, this, _1, _2, nextStep),
+ func_lib::bind(&Verifier::onCertificateInterestTimeout, this, _1, nextStep->m_retry, onVerifyFailed, nextStep));
+ }
+ else
+ {
+ //If there is no nextStep, that means InterestPolicy has already been able to verify the Interest.
+ //No more further processes.
+ }
+ }
+}
+
+void
+Verifier::onCertificateData(const ptr_lib::shared_ptr<const Interest> &interest,
+ const ptr_lib::shared_ptr<Data> &data,
+ ptr_lib::shared_ptr<ValidationRequest> nextStep)
{
// Try to verify the certificate (data) according to the parameters in nextStep.
- verifyData(data, nextStep->onVerified_, nextStep->onVerifyFailed_, nextStep->stepCount_);
+ verify(data,
+ func_lib::bind(nextStep->m_onVerified, data),
+ func_lib::bind(nextStep->m_onVerifyFailed, data),
+ nextStep->m_stepCount);
}
void
Verifier::onCertificateInterestTimeout
- (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, const ptr_lib::shared_ptr<Data> &data,
- ptr_lib::shared_ptr<ValidationRequest> nextStep)
+ (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, ptr_lib::shared_ptr<ValidationRequest> nextStep)
{
if (retry > 0)
// Issue the same expressInterest as in verifyData except decrement retry.
- face_->expressInterest
+ m_face->expressInterest
(*interest,
- bind(&Verifier::onCertificateData, this, _1, _2, nextStep),
- bind(&Verifier::onCertificateInterestTimeout, this, _1, retry - 1, onVerifyFailed, data, nextStep));
+ func_lib::bind(&Verifier::onCertificateData, this, _1, _2, nextStep),
+ func_lib::bind(&Verifier::onCertificateInterestTimeout, this, _1, retry - 1, onVerifyFailed, nextStep));
else
- onVerifyFailed(data);
+ onVerifyFailed();
}
bool
diff --git a/src/security/verifier.hpp b/src/security/verifier.hpp
index 2dbd995..07c1494 100644
--- a/src/security/verifier.hpp
+++ b/src/security/verifier.hpp
@@ -11,12 +11,24 @@
#include "../data.hpp"
#include "../face.hpp"
-#include "sec-policy.hpp"
#include "validation-request.hpp"
#include "public-key.hpp"
#include "signature-sha256-with-rsa.hpp"
namespace ndn {
+
+class SecPolicy;
+
+/**
+ * An OnVerified function object is used to pass a callback to verifyData to report a successful verification.
+ */
+typedef func_lib::function<void()> OnVerified;
+
+/**
+ * An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verification.
+ */
+typedef func_lib::function<void()> OnVerifyFailed;
+
/**
* Verifier is one of the main classes of the security librar .
@@ -36,7 +48,7 @@
* Setting face is necessary for verifier operation that involve fetching data.
*/
void
- setFace(const ptr_lib::shared_ptr<Face> &face) { face_ = face; }
+ setFace(const ptr_lib::shared_ptr<Face> &face) { m_face = face; }
/**
* @brief Get the policy.
@@ -45,10 +57,10 @@
inline SecPolicy&
policy()
{
- if (!policy_)
+ if (static_cast<bool>(m_policy))
throw Error("policy is not assigned to the KeyChain");
- return *policy_;
+ return *m_policy;
}
@@ -61,8 +73,12 @@
* @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
*/
void
- verifyData
- (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
+ verify
+ (const ptr_lib::shared_ptr<const Data> &data, const OnVerified &onVerified, const OnVerifyFailed &onVerifyFailed, int stepCount = 0);
+
+ void
+ verify
+ (const ptr_lib::shared_ptr<const Interest> &Interest, const OnVerified &onVerified, const OnVerifyFailed &onVerifyFailed, int stepCount = 0);
/*****************************************
* verifySignature method set *
@@ -89,12 +105,11 @@
void
onCertificateInterestTimeout
- (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed,
- const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
+ (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, ptr_lib::shared_ptr<ValidationRequest> nextStep);
private:
- ptr_lib::shared_ptr<SecPolicy> policy_;
- ptr_lib::shared_ptr<Face> face_;
+ ptr_lib::shared_ptr<SecPolicy> m_policy;
+ ptr_lib::shared_ptr<Face> m_face;
};
}