Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 3e3a989096055bcf8134c5578941edbd443ae94d / . / src / security / v2 / trust-anchor-group.hpp
blob: 8e41ebb369dca49955520a7b4a0315f5474ea076 [file] [log] [blame]
Qiuhan Ding4caa0cc2015-10-23 20:31:27 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2013-2017 Regents of the University of California.
4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#ifndef NDN_SECURITY_V2_TRUST_ANCHOR_GROUP_HPP
23#define NDN_SECURITY_V2_TRUST_ANCHOR_GROUP_HPP
24
25#include "../../data.hpp"
26#include "certificate.hpp"
27
Qiuhan Ding4caa0cc2015-10-23 20:31:27 -0700[diff] [blame]28#include <boost/filesystem/path.hpp>
Davide Pesavento7f20d6e2017-01-16 14:43:58 -0500[diff] [blame]29#include <set>
Qiuhan Ding4caa0cc2015-10-23 20:31:27 -0700[diff] [blame]30
31namespace ndn {
32namespace security {
33namespace v2 {
34
35class CertContainerInterface
36{
37public:
Davide Pesavento7f20d6e2017-01-16 14:43:58 -0500[diff] [blame]38 virtual
39 ~CertContainerInterface() = default;
40
Qiuhan Ding4caa0cc2015-10-23 20:31:27 -0700[diff] [blame]41 virtual void
42 add(Certificate&& cert) = 0;
43
44 virtual void
45 remove(const Name& certName) = 0;
46};
47
48/**
49 * @brief A group of trust anchors
50 */
51class TrustAnchorGroup : noncopyable
52{
53public:
54 /**
55 * @brief Create an anchor group
56 */
Qiuhan Ding4caa0cc2015-10-23 20:31:27 -0700[diff] [blame]57 TrustAnchorGroup(CertContainerInterface& certContainer, const std::string& id);
58
Davide Pesavento7f20d6e2017-01-16 14:43:58 -0500[diff] [blame]59 virtual
60 ~TrustAnchorGroup();
61
Qiuhan Ding4caa0cc2015-10-23 20:31:27 -0700[diff] [blame]62 /**
63 * @return group id
64 */
65 const std::string&
66 getId() const
67 {
68 return m_id;
69 }
70
71 /**
72 * @return number of certificates in the group
73 */
74 size_t
75 size() const;
76
77 /**
78 * @brief Request certificate refresh
79 */
80 virtual void
81 refresh();
82
83protected:
84 CertContainerInterface& m_certs;
85 std::set<Name> m_anchorNames;
86
87private:
88 std::string m_id;
89};
90
91/**
92 * @brief Static trust anchor group
93 */
94class StaticTrustAnchorGroup : public TrustAnchorGroup
95{
96public:
97 /**
98 * @brief Create a static trust anchor group
99 * @param certContainer Reference to CertContainerInterface instance
100 * @param id Group id
101 */
102 StaticTrustAnchorGroup(CertContainerInterface& certContainer, const std::string& id);
103
104 /**
105 * @brief Load static anchor @p cert
106 */
107 void
108 add(Certificate&& cert);
109
110 /**
111 * @brief Remove static anchor @p certName
112 */
113 void
114 remove(const Name& certName);
115};
116
117/**
118 * @brief Dynamic trust anchor group
119 */
120class DynamicTrustAnchorGroup : public TrustAnchorGroup
121{
122public:
123 /**
124 * @brief Create a dynamic trust anchor group
125 *
126 * This contructor would load all the certificates from @p path and will be refreshing
127 * certificates every @p refreshPeriod time period.
128 *
129 * Note that refresh is not scheduled, but is performed upon "find" operations.
130 *
131 * When @p isDir is false and @p path doesn't point to a valid certificate (file doesn't
132 * exist or content is not a valid certificate), the dynamic anchor group will be empty until
133 * file gets created. If file disappears or gets corrupted, the anchor group becomes empty.
134 *
135 * When @p idDir is true and @p path does't point to a valid folder, folder is empty, or
136 * doesn't contain valid certificates, the group will be empty until certificate files are
137 * placed in the folder. If folder is removed, becomes empty, or no longer contains valid
138 * certificates, the anchor group becomes empty.
139 *
140 * Upon refresh, the existing certificates are not changed.
141 *
142 * @param certContainer A certificate container into which trust anchors from the group will
143 * be added
144 * @param id Group id
145 * @param path File path for trust anchor(s), could be directory or file. If it is a
146 * directory, all the certificates in the directory will be loaded.
147 * @param refreshPeriod Refresh time for the anchors under @p path, must be positive.
148 * @param isDir Tells whether the path is a directory or a single file.
149 *
150 * @throw std::invalid_argument @p refreshPeriod is negative
151 */
152 DynamicTrustAnchorGroup(CertContainerInterface& certContainer, const std::string& id,
Davide Pesavento7f20d6e2017-01-16 14:43:58 -0500[diff] [blame]153 const boost::filesystem::path& path, time::nanoseconds refreshPeriod,
154 bool isDir = false);
Qiuhan Ding4caa0cc2015-10-23 20:31:27 -0700[diff] [blame]155
156 void
157 refresh() override;
158
159private:
160 bool m_isDir;
161 boost::filesystem::path m_path;
162 time::nanoseconds m_refreshPeriod;
163 time::steady_clock::TimePoint m_expireTime;
164};
165
166} // namespace v2
167} // namespace security
168} // namespace ndn
169
170#endif // NDN_SECURITY_V2_TRUST_ANCHOR_GROUP_HPP