security: Convert ValidatorConfig to ValidationPolicyConfig
The security API also provides a convenience ValidatorConfig helper.
Change-Id: Ic86dec4904b917361cb4740204de4b6710d2a386
Refs: #3920
diff --git a/src/security/validator-config.hpp b/src/security/validator-config.hpp
index 47d536e..bc42e52 100644
--- a/src/security/validator-config.hpp
+++ b/src/security/validator-config.hpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -22,51 +22,29 @@
#ifndef NDN_SECURITY_VALIDATOR_CONFIG_HPP
#define NDN_SECURITY_VALIDATOR_CONFIG_HPP
-#include "validator.hpp"
-#include "certificate-cache.hpp"
-#include "conf/rule.hpp"
-#include "conf/common.hpp"
+#include "v2/validator.hpp"
+#include "v2/validation-policy-command-interest.hpp"
+#include "v2/validation-policy-config.hpp"
namespace ndn {
namespace security {
/**
- * @brief The validator which can be set up via a configuration file.
+ * @brief Helper for validator that uses CommandInterest + Config policy and NetworkFetcher
*/
-class ValidatorConfig : public Validator
+class ValidatorConfig : public v2::Validator
{
public:
- class Error : public Validator::Error
- {
- public:
- explicit
- Error(const std::string& what)
- : Validator::Error(what)
- {
- }
- };
+ using v2::Validator::Validator;
+ using Options = v2::ValidationPolicyCommandInterest::Options;
- /**
- * @note When both certificate cache and face are not supplied, no cache will be used.
- * However, if only face is supplied, a default cache will be created and used.
- */
explicit
- ValidatorConfig(Face* face = nullptr,
- const shared_ptr<CertificateCache>& certificateCache = DEFAULT_CERTIFICATE_CACHE,
- const time::milliseconds& graceInterval = DEFAULT_GRACE_INTERVAL,
- const size_t stepLimit = 10,
- const size_t maxTrackedKeys = 1000,
- const time::system_clock::Duration& keyTimestampTtl = DEFAULT_KEY_TIMESTAMP_TTL);
+ ValidatorConfig(std::unique_ptr<v2::CertificateFetcher> fetcher, const Options& options = Options());
- /// @deprecated Use the constructor taking Face* as parameter.
explicit
- ValidatorConfig(Face& face,
- const shared_ptr<CertificateCache>& certificateCache = DEFAULT_CERTIFICATE_CACHE,
- const time::milliseconds& graceInterval = DEFAULT_GRACE_INTERVAL,
- const size_t stepLimit = 10,
- const size_t maxTrackedKeys = 1000,
- const time::system_clock::Duration& keyTimestampTtl = DEFAULT_KEY_TIMESTAMP_TTL);
+ ValidatorConfig(Face& face, const Options& options = Options());
+public: // helpers for ValidationPolicyConfig
void
load(const std::string& filename);
@@ -77,182 +55,11 @@
load(std::istream& input, const std::string& filename);
void
- load(const security::conf::ConfigSection& configSection,
+ load(const v2::validator_config::ConfigSection& configSection,
const std::string& filename);
- void
- reset();
-
- bool
- isEmpty();
-
-protected:
- void
- checkPolicy(const Data& data,
- int nSteps,
- const OnDataValidated& onValidated,
- const OnDataValidationFailed& onValidationFailed,
- std::vector<shared_ptr<ValidationRequest>>& nextSteps) override;
-
- void
- checkPolicy(const Interest& interest,
- int nSteps,
- const OnInterestValidated& onValidated,
- const OnInterestValidationFailed& onValidationFailed,
- std::vector<shared_ptr<ValidationRequest>>& nextSteps) override;
-
-private:
- template<class Packet, class OnValidated, class OnFailed>
- void
- checkSignature(const Packet& packet,
- const Signature& signature,
- size_t nSteps,
- const OnValidated& onValidated,
- const OnFailed& onValidationFailed,
- std::vector<shared_ptr<ValidationRequest>>& nextSteps);
-
- void
- checkTimestamp(const shared_ptr<const Interest>& interest,
- const Name& keyName,
- const OnInterestValidated& onValidated,
- const OnInterestValidationFailed& onValidationFailed);
-
- template<class Packet, class OnValidated, class OnFailed>
- void
- onCertValidated(const shared_ptr<const Data>& signCertificate,
- const shared_ptr<const Packet>& packet,
- const OnValidated& onValidated,
- const OnFailed& onValidationFailed);
-
- template<class Packet, class OnFailed>
- void
- onCertFailed(const shared_ptr<const Data>& signCertificate,
- const std::string& failureInfo,
- const shared_ptr<const Packet>& packet,
- const OnFailed& onValidationFailed);
-
- void
- onConfigRule(const security::conf::ConfigSection& section,
- const std::string& filename);
-
- void
- onConfigTrustAnchor(const security::conf::ConfigSection& section,
- const std::string& filename);
-
- time::nanoseconds
- getRefreshPeriod(std::string refreshString);
-
- time::nanoseconds
- getDefaultRefreshPeriod();
-
- void
- refreshAnchors();
-
- void
- cleanOldKeys();
-
- class TrustAnchorContainer
- {
- public:
- const std::list<shared_ptr<v1::IdentityCertificate>>&
- getAll() const
- {
- return m_certificates;
- }
-
- void
- add(shared_ptr<v1::IdentityCertificate> certificate)
- {
- m_certificates.push_back(certificate);
- }
-
- protected:
- std::list<shared_ptr<v1::IdentityCertificate>> m_certificates;
- };
-
- class DynamicTrustAnchorContainer : public TrustAnchorContainer
- {
- public:
- DynamicTrustAnchorContainer(const boost::filesystem::path& path, bool isDir,
- time::nanoseconds refreshPeriod)
- : m_path(path)
- , m_isDir(isDir)
- , m_refreshPeriod(refreshPeriod)
- {
- }
-
- void
- setLastRefresh(const time::system_clock::TimePoint& lastRefresh)
- {
- m_lastRefresh = lastRefresh;
- }
-
- const time::system_clock::TimePoint&
- getLastRefresh() const
- {
- return m_lastRefresh;
- }
-
- const time::nanoseconds&
- getRefreshPeriod() const
- {
- return m_refreshPeriod;
- }
-
- void
- refresh();
-
- private:
- boost::filesystem::path m_path;
- bool m_isDir;
-
- time::system_clock::TimePoint m_lastRefresh;
- time::nanoseconds m_refreshPeriod;
- };
-
- static inline bool
- compareDynamicContainer(const DynamicTrustAnchorContainer& containerA,
- const DynamicTrustAnchorContainer& containerB)
- {
- return (containerA.getLastRefresh() < containerB.getLastRefresh());
- }
-
-public:
- static const shared_ptr<CertificateCache> DEFAULT_CERTIFICATE_CACHE;
- static const time::milliseconds DEFAULT_GRACE_INTERVAL;
- static const time::system_clock::Duration DEFAULT_KEY_TIMESTAMP_TTL;
-
NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
- typedef security::conf::Rule<Interest> InterestRule;
- typedef security::conf::Rule<Data> DataRule;
- typedef std::vector<shared_ptr<InterestRule>> InterestRuleList;
- typedef std::vector<shared_ptr<DataRule>> DataRuleList;
- typedef std::map<Name, shared_ptr<v1::IdentityCertificate>> AnchorList;
- typedef std::list<DynamicTrustAnchorContainer> DynamicContainers; // sorted by m_lastRefresh
- typedef std::list<shared_ptr<v1::IdentityCertificate>> CertificateList;
-
- /**
- * @brief gives whether validation should be preformed
- *
- * If false, no validation occurs, and any packet is considered validated immediately.
- */
- bool m_shouldValidate;
-
- size_t m_stepLimit;
- shared_ptr<CertificateCache> m_certificateCache;
-
- InterestRuleList m_interestRules;
- DataRuleList m_dataRules;
-
- AnchorList m_anchors;
- TrustAnchorContainer m_staticContainer;
- DynamicContainers m_dynamicContainers;
-
- time::milliseconds m_graceInterval;
- size_t m_maxTrackedKeys;
- typedef std::map<Name, time::system_clock::TimePoint> LastTimestampMap;
- LastTimestampMap m_lastTimestamp;
- const time::system_clock::Duration& m_keyTimestampTtl;
+ v2::ValidationPolicyConfig& m_policyConfig;
};
} // namespace security