security: Enabling SignedInterest processing in SecPolicy and Verifier.

refs: #1161

Change-Id: I701ad619299e8e5aae03658b5ce2d3e7fed179cd
diff --git a/src/security/sec-policy-no-verify.cpp b/src/security/sec-policy-no-verify.cpp
index 23ffa42..1dce9d2 100644
--- a/src/security/sec-policy-no-verify.cpp
+++ b/src/security/sec-policy-no-verify.cpp
@@ -15,37 +15,22 @@
 SecPolicyNoVerify::~SecPolicyNoVerify()
 {
 }
-
-bool 
-SecPolicyNoVerify::skipVerifyAndTrust(const Data& data)
-{ 
-  return true; 
-}
-
-bool
-SecPolicyNoVerify::requireVerify(const Data& data)
-{ 
-  return false; 
-}
     
 ptr_lib::shared_ptr<ValidationRequest>
 SecPolicyNoVerify::checkVerificationPolicy
   (const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed)
 { 
-  onVerified(data); 
+  onVerified(); 
   return ptr_lib::shared_ptr<ValidationRequest>();
 }
 
-bool 
-SecPolicyNoVerify::checkSigningPolicy(const Name& dataName, const Name& certificateName)
+ptr_lib::shared_ptr<ValidationRequest>
+SecPolicyNoVerify::checkVerificationPolicy
+  (const ptr_lib::shared_ptr<Interest>& interest, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed)
 { 
-  return true; 
+  onVerified(); 
+  return ptr_lib::shared_ptr<ValidationRequest>();
 }
 
-Name 
-SecPolicyNoVerify::inferSigningIdentity(const Name& dataName)
-{ 
-  return Name(); 
-}
 
 }
diff --git a/src/security/sec-policy-no-verify.hpp b/src/security/sec-policy-no-verify.hpp
index 1d2927e..4b3e15a 100644
--- a/src/security/sec-policy-no-verify.hpp
+++ b/src/security/sec-policy-no-verify.hpp
@@ -22,49 +22,32 @@
   ~SecPolicyNoVerify();
 
   /**
-   * Override to always skip verification and trust as valid.
-   * @param data The received data packet.
-   * @return true.
-   */
-  virtual bool 
-  skipVerifyAndTrust(const Data& data);
-
-  /**
-   * Override to return false for no verification rule for the received data.
-   * @param data The received data packet.
-   * @return false.
-   */
-  virtual bool
-  requireVerify(const Data& data);
-
-  /**
-   * Override to call onVerified(data) and to indicate no further verification step.
+   * Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.
+   * If there is no next verification step, that imlies policy MUST have already made the verification decision.
+   * i.e., either onVerified or onVerifyFailed callback is invoked.
    * @param data The Data object with the signature to check.
    * @param stepCount The number of verification steps that have been done, used to track the verification progress.
-   * @param onVerified This does override to call onVerified(data).
-   * @param onVerifyFailed Override to ignore this.
-   * @return null for no further step.
+   * @param onVerified If the signature is verified, this calls onVerified(data).
+   * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
+   * @return the indication of next verification step, null if there is no further step.
    */
   virtual ptr_lib::shared_ptr<ValidationRequest>
   checkVerificationPolicy
     (const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed);
-    
+
   /**
-   * Override to always indicate that the signing certificate name and data name satisfy the signing policy.
-   * @param dataName The name of data to be signed.
-   * @param certificateName The name of signing certificate.
-   * @return true to indicate that the signing certificate can be used to sign the data.
+   * Check whether the received interest packet complies with the verification policy, and get the indication of the next verification step.
+   * If there is no next verification step, that implies policy MUST have already made the verification decision.
+   * i.e., either onVerified or onVerifyFailed callback is invoked.
+   * @param data The Data object with the signature to check.
+   * @param stepCount The number of verification steps that have been done, used to track the verification progress.
+   * @param onVerified If the signature is verified, this calls onVerified(data).
+   * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
+   * @return the indication of next verification step, null if there is no further step.
    */
-  virtual bool 
-  checkSigningPolicy(const Name& dataName, const Name& certificateName);
-    
-  /**
-   * Override to indicate that the signing identity cannot be inferred.
-   * @param dataName The name of data to be signed.
-   * @return An empty name because cannot infer. 
-   */
-  virtual Name 
-  inferSigningIdentity(const Name& dataName);
+  virtual ptr_lib::shared_ptr<ValidationRequest>
+  checkVerificationPolicy
+    (const ptr_lib::shared_ptr<Interest>& interest, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed);
 };
 
 }
diff --git a/src/security/sec-policy-self-verify.cpp b/src/security/sec-policy-self-verify.cpp
index ca9fb3d..2793b69 100644
--- a/src/security/sec-policy-self-verify.cpp
+++ b/src/security/sec-policy-self-verify.cpp
@@ -16,66 +16,10 @@
 
 namespace ndn {
 
-/**
- * Verify the signature on the data packet using the given public key.  If there is no data.getDefaultWireEncoding(),
- * this calls data.wireEncode() to set it.
- * TODO: Move this general verification code to a more central location.
- * @param data The data packet with the signed portion and the signature to verify.  The data packet must have a
- * Sha256WithRsaSignature.
- * @param publicKeyDer The DER-encoded public key used to verify the signature.
- * @return true if the signature verifies, false if not.
- * @throw SecurityException if data does not have a Sha256WithRsaSignature.
- */
-static bool
-verifySha256WithRsaSignature(const Data& data, const Blob& publicKeyDer)
-{
-  const Sha256WithRsaSignature *signature = dynamic_cast<const Sha256WithRsaSignature*>(data.getSignature());
-  if (!signature)
-    throw SecurityException("signature is not Sha256WithRsaSignature.");
-  
-  // Set the data packet's default wire encoding if it is not already there.
-  if (signature->getDigestAlgorithm().size() != 0)
-    // TODO: Allow a non-default digest algorithm.
-    throw UnrecognizedDigestAlgorithmException("Cannot verify a data packet with a non-default digest algorithm.");
-  if (!data.getDefaultWireEncoding())
-    data.wireEncode();
-  
-  // Set signedPortionDigest to the digest of the signed portion of the wire encoding.
-  uint8_t signedPortionDigest[SHA256_DIGEST_LENGTH];
-  ndn_digestSha256(data.getDefaultWireEncoding().signedBuf(), data.getDefaultWireEncoding().signedSize(), signedPortionDigest);
-  
-  // Verify the signedPortionDigest.
-  // Use a temporary pointer since d2i updates it.
-  const uint8_t *derPointer = publicKeyDer.buf();
-  RSA *rsaPublicKey = d2i_RSA_PUBKEY(NULL, &derPointer, publicKeyDer.size());
-  if (!rsaPublicKey)
-    throw UnrecognizedKeyFormatException("Error decoding public key in d2i_RSAPublicKey");
-  int success = RSA_verify
-    (NID_sha256, signedPortionDigest, sizeof(signedPortionDigest), (uint8_t *)signature->getSignature().buf(),
-     signature->getSignature().size(), rsaPublicKey);
-  // Free the public key before checking for success.
-  RSA_free(rsaPublicKey);
-  
-  // RSA_verify returns 1 for a valid signature.
-  return (success == 1);
-}
-
 SecPolicySelfVerify::~SecPolicySelfVerify()
 {
 }
 
-bool 
-SecPolicySelfVerify::skipVerifyAndTrust(const Data& data)
-{ 
-  return false; 
-}
-
-bool
-SecPolicySelfVerify::requireVerify(const Data& data)
-{ 
-  return true; 
-}
-    
 ptr_lib::shared_ptr<ValidationRequest>
 SecPolicySelfVerify::checkVerificationPolicy
   (const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed)
@@ -113,18 +57,6 @@
   return ptr_lib::shared_ptr<ValidationRequest>();
 }
 
-bool 
-SecPolicySelfVerify::checkSigningPolicy(const Name& dataName, const Name& certificateName)
-{ 
-  return true; 
-}
-
-Name 
-SecPolicySelfVerify::inferSigningIdentity(const Name& dataName)
-{ 
-  return Name(); 
-}
-
 }
 
 #endif // TEMPORARILY_DISABLED
diff --git a/src/security/sec-policy-self-verify.hpp b/src/security/sec-policy-self-verify.hpp
index 111b61a..1b17646 100644
--- a/src/security/sec-policy-self-verify.hpp
+++ b/src/security/sec-policy-self-verify.hpp
@@ -37,53 +37,32 @@
   ~SecPolicySelfVerify();
 
   /**
-   * Never skip verification.
-   * @param data The received data packet.
-   * @return false.
-   */
-  virtual bool 
-  skipVerifyAndTrust(const Data& data);
-
-  /**
-   * Always return true to use the self-verification rule for the received data.
-   * @param data The received data packet.
-   * @return true.
-   */
-  virtual bool
-  requireVerify(const Data& data);
-
-  /**
-   * Use the public key DER in the data packet's KeyLocator (if available) or look in the IdentityStorage for the 
-   * public key with the name in the KeyLocator (if available) and use it to verify the data packet.  If the public key can't 
-   * be found, call onVerifyFailed.
+   * Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.
+   * If there is no next verification step, that imlies policy MUST have already made the verification decision.
+   * i.e., either onVerified or onVerifyFailed callback is invoked.
    * @param data The Data object with the signature to check.
    * @param stepCount The number of verification steps that have been done, used to track the verification progress.
-   * (stepCount is ignored.)
    * @param onVerified If the signature is verified, this calls onVerified(data).
-   * @param onVerifyFailed If the signature check fails or can't find the public key, this calls onVerifyFailed(data).
-   * @return null for no further step for looking up a certificate chain.
+   * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
+   * @return the indication of next verification step, null if there is no further step.
    */
   virtual ptr_lib::shared_ptr<ValidationRequest>
   checkVerificationPolicy
     (const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed);
-    
+
   /**
-   * Override to always indicate that the signing certificate name and data name satisfy the signing policy.
-   * @param dataName The name of data to be signed.
-   * @param certificateName The name of signing certificate.
-   * @return true to indicate that the signing certificate can be used to sign the data.
+   * Check whether the received interest packet complies with the verification policy, and get the indication of the next verification step.
+   * If there is no next verification step, that implies policy MUST have already made the verification decision.
+   * i.e., either onVerified or onVerifyFailed callback is invoked.
+   * @param data The Data object with the signature to check.
+   * @param stepCount The number of verification steps that have been done, used to track the verification progress.
+   * @param onVerified If the signature is verified, this calls onVerified(data).
+   * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
+   * @return the indication of next verification step, null if there is no further step.
    */
-  virtual bool 
-  checkSigningPolicy(const Name& dataName, const Name& certificateName);
-    
-  /**
-   * Override to indicate that the signing identity cannot be inferred.
-   * @param dataName The name of data to be signed.
-   * @return An empty name because cannot infer. 
-   */
-  virtual Name 
-  inferSigningIdentity(const Name& dataName);
-  
+  virtual ptr_lib::shared_ptr<ValidationRequest>
+  checkVerificationPolicy
+    (const ptr_lib::shared_ptr<Interest>& interest, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed);
 };
 
 }
diff --git a/src/security/sec-policy.hpp b/src/security/sec-policy.hpp
index e3879bb..0d17e41 100644
--- a/src/security/sec-policy.hpp
+++ b/src/security/sec-policy.hpp
@@ -10,6 +10,7 @@
 #define NDN_SEC_POLICY_HPP
 
 #include "../data.hpp"
+#include "verifier.hpp"
 #include "validation-request.hpp"
 
 namespace ndn {
@@ -29,23 +30,9 @@
   ~SecPolicy() {}
 
   /**
-   * Check if the received data packet can escape from verification and be trusted as valid.
-   * @param data The received data packet.
-   * @return true if the data does not need to be verified to be trusted as valid, otherwise false.
-   */
-  virtual bool 
-  skipVerifyAndTrust(const Data& data) = 0;
-
-  /**
-   * Check if this SecPolicy has a verification rule for the received data.
-   * @param data The received data packet.
-   * @return true if the data must be verified, otherwise false.
-   */
-  virtual bool
-  requireVerify(const Data& data) = 0;
-
-  /**
    * Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.
+   * If there is no next verification step, that imlies policy MUST have already made the verification decision.
+   * i.e., either onVerified or onVerifyFailed callback is invoked.
    * @param data The Data object with the signature to check.
    * @param stepCount The number of verification steps that have been done, used to track the verification progress.
    * @param onVerified If the signature is verified, this calls onVerified(data).
@@ -54,24 +41,29 @@
    */
   virtual ptr_lib::shared_ptr<ValidationRequest>
   checkVerificationPolicy
-    (const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed) = 0;
-    
+    (const ptr_lib::shared_ptr<Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed)
+  {
+    onVerifyFailed();
+    return ptr_lib::shared_ptr<ValidationRequest>();
+  }
+
   /**
-   * Check if the signing certificate name and data name satisfy the signing policy.
-   * @param dataName The name of data to be signed.
-   * @param certificateName The name of signing certificate.
-   * @return true if the signing certificate can be used to sign the data, otherwise false.
+   * Check whether the received interest packet complies with the verification policy, and get the indication of the next verification step.
+   * If there is no next verification step, that implies policy MUST have already made the verification decision.
+   * i.e., either onVerified or onVerifyFailed callback is invoked.
+   * @param data The Data object with the signature to check.
+   * @param stepCount The number of verification steps that have been done, used to track the verification progress.
+   * @param onVerified If the signature is verified, this calls onVerified(data).
+   * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
+   * @return the indication of next verification step, null if there is no further step.
    */
-  virtual bool 
-  checkSigningPolicy(const Name& dataName, const Name& certificateName) = 0;
-    
-  /**
-   * Infer the signing identity name according to the policy. If the signing identity cannot be inferred, return an empty name.
-   * @param dataName The name of data to be signed.
-   * @return The signing identity or an empty name if cannot infer. 
-   */
-  virtual Name 
-  inferSigningIdentity(const Name& dataName) = 0;
+  virtual ptr_lib::shared_ptr<ValidationRequest>
+  checkVerificationPolicy
+    (const ptr_lib::shared_ptr<Interest>& interest, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed)
+  {
+    onVerifyFailed();
+    return ptr_lib::shared_ptr<ValidationRequest>();
+  }
 };
 
 }
diff --git a/src/security/validation-request.hpp b/src/security/validation-request.hpp
index 7471065..ad2a128 100644
--- a/src/security/validation-request.hpp
+++ b/src/security/validation-request.hpp
@@ -13,34 +13,34 @@
 
 namespace ndn {
 
-/**
- * An OnVerified function object is used to pass a callback to verifyData to report a successful verification.
- */
-typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerified;
-
-/**
- * An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verification.
- */
-typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerifyFailed;
-
-
 class ValidationRequest {
 public:
+  /**
+   * An OnCertVerified function object is used to pass a callback to to report a successful verification.
+   */
+  typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>&)> OnCertVerified;
+  
+  /**
+   * An OnCertVerifyFailed function object is used to pass a callback to to report a failed verification.
+   */
+  typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>&)> OnCertVerifyFailed;
+
+
   ValidationRequest
-    (const ptr_lib::shared_ptr<Interest> &interest, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed,
+    (const ptr_lib::shared_ptr<Interest> &interest, const OnCertVerified& onVerified, const OnCertVerifyFailed& onVerifyFailed,
      int retry, int stepCount)
-  : interest_(interest), onVerified_(onVerified), onVerifyFailed_(onVerifyFailed), retry_(retry), stepCount_(stepCount)
+  : m_interest(interest), m_onVerified(onVerified), m_onVerifyFailed(onVerifyFailed), m_retry(retry), m_stepCount(stepCount)
   {
   }
     
   virtual
   ~ValidationRequest() {}
 
-  ptr_lib::shared_ptr<Interest> interest_; // An interest packet to fetch the requested data.
-  OnVerified onVerified_;                  // A callback function if the requested certificate has been validated.
-  OnVerifyFailed onVerifyFailed_;          // A callback function if the requested certificate cannot be validated.
-  int retry_;                              // The number of retrials when there is an interest timeout.
-  int stepCount_;
+  ptr_lib::shared_ptr<Interest> m_interest; // An interest packet to fetch the requested data.
+  OnCertVerified m_onVerified;                  // A callback function if the requested certificate has been validated.
+  OnCertVerifyFailed m_onVerifyFailed;          // A callback function if the requested certificate cannot be validated.
+  int m_retry;                              // The number of retrials when there is an interest timeout.
+  int m_stepCount;
 };
 
 }
diff --git a/src/security/verifier.cpp b/src/security/verifier.cpp
index 4abd14a..cef8997 100644
--- a/src/security/verifier.cpp
+++ b/src/security/verifier.cpp
@@ -27,7 +27,6 @@
 #include "../util/logging.hpp"
 
 using namespace std;
-using namespace ndn::func_lib;
 #if NDN_CPP_HAVE_CXX11
 // In the std library, the placeholders are in a different namespace than boost.
 using namespace ndn::func_lib::placeholders;
@@ -39,9 +38,9 @@
 const ptr_lib::shared_ptr<SecPolicy>     Verifier::DefaultPolicy     = ptr_lib::shared_ptr<SecPolicy>();
 
 Verifier::Verifier(const ptr_lib::shared_ptr<SecPolicy>     &policy     /* = DefaultPolicy */)                   
-  : policy_(policy)
+  : m_policy(policy)
 {
-  if (policy_ == DefaultPolicy)
+  if (m_policy == DefaultPolicy)
     {
       // #ifdef USE_SIMPLE_POLICY_MANAGER
       //   Ptr<SimplePolicyManager> policyManager = Ptr<SimplePolicyManager>(new SimplePolicyManager());
@@ -69,49 +68,91 @@
 }
 
 void
-Verifier::verifyData
-  (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount)
+Verifier::verify(const ptr_lib::shared_ptr<const Interest> &interest, 
+                 const OnVerified &onVerified, 
+                 const OnVerifyFailed &onVerifyFailed,
+                 int stepCount)
 {
-  if (policy().requireVerify(*data)) {
-    ptr_lib::shared_ptr<ValidationRequest> nextStep = policy_->checkVerificationPolicy
-      (data, stepCount, onVerified, onVerifyFailed);
-    if (static_cast<bool>(nextStep))
-      {
-        if (!face_)
-          throw Error("Face should be set prior to verifyData method to call");
-        
-        face_->expressInterest
-          (*nextStep->interest_, 
-           bind(&Verifier::onCertificateData, this, _1, _2, nextStep), 
-           bind(&Verifier::onCertificateInterestTimeout, this, _1, nextStep->retry_, onVerifyFailed, data, nextStep));
-      }
-  }
-  else if (policy().skipVerifyAndTrust(*data))
-    onVerified(data);
+  //It does not make sense to verify Interest without specified policy, verification must fail!
+  if(!static_cast<bool>(m_policy))
+    onVerifyFailed();
   else
-    onVerifyFailed(data);
+    {
+      //check verification policy 
+      ptr_lib::shared_ptr<ValidationRequest> nextStep = m_policy->checkVerificationPolicy(interest, stepCount, onVerified, onVerifyFailed);
+      if (static_cast<bool>(nextStep))
+        {
+          if(!m_face)
+            throw Error("Face should be set prior to verify method to call");
+
+          m_face->expressInterest
+            (*nextStep->m_interest,
+             func_lib::bind(&Verifier::onCertificateData, this, _1, _2, nextStep), 
+             func_lib::bind(&Verifier::onCertificateInterestTimeout, this, _1, nextStep->m_retry, onVerifyFailed, nextStep));
+        }
+      else
+        {
+          //If there is no nextStep, that means InterestPolicy has already been able to verify the Interest.
+          //No more further processes.
+        }
+    }
 }
 
 void
-Verifier::onCertificateData(const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep)
+Verifier::verify(const ptr_lib::shared_ptr<const Data> &data, 
+                 const OnVerified &onVerified, 
+                 const OnVerifyFailed &onVerifyFailed, 
+                 int stepCount)
+{
+  //It does not make sense to verify Interest without specified policy, verification must fail!
+  if(!static_cast<bool>(m_policy))
+    onVerifyFailed();
+  else
+    {
+      //check verification policy 
+      ptr_lib::shared_ptr<ValidationRequest> nextStep = m_policy->checkVerificationPolicy(data, stepCount, onVerified, onVerifyFailed);
+      if (static_cast<bool>(nextStep))
+        {
+          if(!m_face)
+            throw Error("Face should be set prior to verify method to call");
+
+          m_face->expressInterest
+            (*nextStep->m_interest,
+             func_lib::bind(&Verifier::onCertificateData, this, _1, _2, nextStep), 
+             func_lib::bind(&Verifier::onCertificateInterestTimeout, this, _1, nextStep->m_retry, onVerifyFailed, nextStep));
+        }
+      else
+        {
+          //If there is no nextStep, that means InterestPolicy has already been able to verify the Interest.
+          //No more further processes.
+        }
+    }
+}
+
+void
+Verifier::onCertificateData(const ptr_lib::shared_ptr<const Interest> &interest, 
+                            const ptr_lib::shared_ptr<Data> &data, 
+                            ptr_lib::shared_ptr<ValidationRequest> nextStep)
 {
   // Try to verify the certificate (data) according to the parameters in nextStep.
-  verifyData(data, nextStep->onVerified_, nextStep->onVerifyFailed_, nextStep->stepCount_);
+  verify(data, 
+         func_lib::bind(nextStep->m_onVerified, data),
+         func_lib::bind(nextStep->m_onVerifyFailed, data),
+         nextStep->m_stepCount);
 }
 
 void
 Verifier::onCertificateInterestTimeout
-  (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, const ptr_lib::shared_ptr<Data> &data, 
-   ptr_lib::shared_ptr<ValidationRequest> nextStep)
+  (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, ptr_lib::shared_ptr<ValidationRequest> nextStep)
 {
   if (retry > 0)
     // Issue the same expressInterest as in verifyData except decrement retry.
-    face_->expressInterest
+    m_face->expressInterest
       (*interest, 
-       bind(&Verifier::onCertificateData, this, _1, _2, nextStep), 
-       bind(&Verifier::onCertificateInterestTimeout, this, _1, retry - 1, onVerifyFailed, data, nextStep));
+       func_lib::bind(&Verifier::onCertificateData, this, _1, _2, nextStep), 
+       func_lib::bind(&Verifier::onCertificateInterestTimeout, this, _1, retry - 1, onVerifyFailed, nextStep));
   else
-    onVerifyFailed(data);
+    onVerifyFailed();
 }
 
 bool
diff --git a/src/security/verifier.hpp b/src/security/verifier.hpp
index 2dbd995..07c1494 100644
--- a/src/security/verifier.hpp
+++ b/src/security/verifier.hpp
@@ -11,12 +11,24 @@
 
 #include "../data.hpp"
 #include "../face.hpp"
-#include "sec-policy.hpp"
 #include "validation-request.hpp"
 #include "public-key.hpp"
 #include "signature-sha256-with-rsa.hpp"
 
 namespace ndn {
+
+class SecPolicy;
+
+/**
+ * An OnVerified function object is used to pass a callback to verifyData to report a successful verification.
+ */
+typedef func_lib::function<void()> OnVerified;
+
+/**
+ * An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verification.
+ */
+typedef func_lib::function<void()> OnVerifyFailed;
+
   
 /**
  * Verifier is one of the main classes of the security librar .
@@ -36,7 +48,7 @@
    * Setting face is necessary for verifier operation that involve fetching data.
    */
   void
-  setFace(const ptr_lib::shared_ptr<Face> &face) { face_ = face; }
+  setFace(const ptr_lib::shared_ptr<Face> &face) { m_face = face; }
   
   /**
    * @brief Get the policy.
@@ -45,10 +57,10 @@
   inline SecPolicy&
   policy()
   {
-    if (!policy_)
+    if (static_cast<bool>(m_policy))
       throw Error("policy is not assigned to the KeyChain");
 
-    return *policy_;
+    return *m_policy;
   }
 
 
@@ -61,8 +73,12 @@
    * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
    */
   void
-  verifyData
-    (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
+  verify
+  (const ptr_lib::shared_ptr<const Data> &data, const OnVerified &onVerified, const OnVerifyFailed &onVerifyFailed, int stepCount = 0);
+
+  void
+  verify
+  (const ptr_lib::shared_ptr<const Interest> &Interest, const OnVerified &onVerified, const OnVerifyFailed &onVerifyFailed, int stepCount = 0);
 
   /*****************************************
    *      verifySignature method set       *
@@ -89,12 +105,11 @@
   
   void
   onCertificateInterestTimeout
-    (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, 
-     const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
+    (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, ptr_lib::shared_ptr<ValidationRequest> nextStep);
 
 private:
-  ptr_lib::shared_ptr<SecPolicy>     policy_;
-  ptr_lib::shared_ptr<Face>        face_;
+  ptr_lib::shared_ptr<SecPolicy>         m_policy;
+  ptr_lib::shared_ptr<Face>              m_face;
 };
 
 }