Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 2 | /** |
Teng Liang | e6f8751 | 2016-07-26 22:14:19 -0700 | [diff] [blame] | 3 | * Copyright (c) 2013-2016 Regents of the University of California. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 6 | * |
Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 7 | * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| 8 | * terms of the GNU Lesser General Public License as published by the Free Software |
| 9 | * Foundation, either version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License and GNU Lesser |
| 16 | * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| 17 | * <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 20 | * |
| 21 | * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/> |
| 22 | * @author Jeff Thompson <jefft0@remap.ucla.edu> |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 23 | */ |
| 24 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 25 | #ifndef NDN_SECURITY_VALIDATOR_HPP |
| 26 | #define NDN_SECURITY_VALIDATOR_HPP |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 27 | |
Alexander Afanasyev | e2dcdfd | 2014-02-07 15:53:28 -0800 | [diff] [blame] | 28 | #include "../common.hpp" |
| 29 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 30 | #include "../data.hpp" |
| 31 | #include "../face.hpp" |
| 32 | #include "public-key.hpp" |
| 33 | #include "signature-sha256-with-rsa.hpp" |
Yingdi Yu | c8f883c | 2014-06-20 23:25:22 -0700 | [diff] [blame] | 34 | #include "signature-sha256-with-ecdsa.hpp" |
Yingdi Yu | bf6a281 | 2014-06-17 15:32:11 -0700 | [diff] [blame] | 35 | #include "digest-sha256.hpp" |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 36 | #include "validation-request.hpp" |
Joao Pereira | 0b3cac5 | 2015-07-02 14:49:49 -0400 | [diff] [blame] | 37 | #include "identity-certificate.hpp" |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 38 | |
| 39 | namespace ndn { |
Joao Pereira | 0b3cac5 | 2015-07-02 14:49:49 -0400 | [diff] [blame] | 40 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 41 | /** |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 42 | * @brief Validator is one of the main classes of the security library. |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 43 | * |
| 44 | * The Validator class provides the interfaces for packet validation. |
| 45 | */ |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 46 | class Validator |
| 47 | { |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 48 | public: |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 49 | class Error : public std::runtime_error |
| 50 | { |
| 51 | public: |
| 52 | explicit |
| 53 | Error(const std::string& what) |
| 54 | : std::runtime_error(what) |
| 55 | { |
| 56 | } |
| 57 | }; |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 58 | |
Yingdi Yu | 4e9b069 | 2014-11-04 16:13:56 -0800 | [diff] [blame] | 59 | /** |
| 60 | * @brief Validator constructor |
| 61 | * |
| 62 | * @param face Pointer to face through which validator may retrieve certificates. |
| 63 | * Passing a null pointer implies the validator is in offline mode. |
| 64 | * |
| 65 | * @note Make sure the lifetime of the passed Face is longer than validator. |
| 66 | */ |
| 67 | explicit |
| 68 | Validator(Face* face = nullptr); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 69 | |
Yingdi Yu | 4e9b069 | 2014-11-04 16:13:56 -0800 | [diff] [blame] | 70 | /// @deprecated Use the constructor taking Face* as parameter. |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 71 | explicit |
Yingdi Yu | 96e6406 | 2014-04-15 19:57:33 -0700 | [diff] [blame] | 72 | Validator(Face& face); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 73 | |
| 74 | /** |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 75 | * @brief Validate Data and call either onValidated or onValidationFailed. |
| 76 | * |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 77 | * @param data The Data with the signature to check. |
| 78 | * @param onValidated If the Data is validated, this calls onValidated(data). |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 79 | * @param onValidationFailed If validation fails, this calls onValidationFailed(data). |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 80 | */ |
| 81 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 82 | validate(const Data& data, |
| 83 | const OnDataValidated& onValidated, |
| 84 | const OnDataValidationFailed& onValidationFailed) |
| 85 | { |
| 86 | validate(data, onValidated, onValidationFailed, 0); |
| 87 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 88 | |
| 89 | /** |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 90 | * @brief Validate Interest and call either onValidated or onValidationFailed. |
| 91 | * |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 92 | * @param interest The Interest with the signature to check. |
| 93 | * @param onValidated If the Interest is validated, this calls onValidated(interest). |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 94 | * @param onValidationFailed If validation fails, this calls onValidationFailed(interest). |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 95 | */ |
| 96 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 97 | validate(const Interest& interest, |
| 98 | const OnInterestValidated& onValidated, |
| 99 | const OnInterestValidationFailed& onValidationFailed) |
| 100 | { |
| 101 | validate(interest, onValidated, onValidationFailed, 0); |
| 102 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 103 | |
| 104 | /***************************************** |
| 105 | * verifySignature method set * |
| 106 | *****************************************/ |
| 107 | |
| 108 | /// @brief Verify the data using the publicKey. |
| 109 | static bool |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 110 | verifySignature(const Data& data, const PublicKey& publicKey); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 111 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 112 | /** |
| 113 | * @brief Verify the signed Interest using the publicKey. |
| 114 | * |
| 115 | * (Note the signature covers the first n-2 name components). |
| 116 | */ |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 117 | static bool |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 118 | verifySignature(const Interest& interest, const PublicKey& publicKey); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 119 | |
| 120 | /// @brief Verify the blob using the publicKey against the signature. |
| 121 | static bool |
Yingdi Yu | 4a55705 | 2014-07-09 16:40:37 -0700 | [diff] [blame] | 122 | verifySignature(const Buffer& blob, const Signature& sig, const PublicKey& publicKey) |
Yingdi Yu | c8f883c | 2014-06-20 23:25:22 -0700 | [diff] [blame] | 123 | { |
| 124 | return verifySignature(blob.buf(), blob.size(), sig, publicKey); |
| 125 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 126 | |
| 127 | /// @brief Verify the data using the publicKey against the SHA256-RSA signature. |
| 128 | static bool |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 129 | verifySignature(const Data& data, |
Yingdi Yu | 4a55705 | 2014-07-09 16:40:37 -0700 | [diff] [blame] | 130 | const Signature& sig, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 131 | const PublicKey& publicKey) |
| 132 | { |
| 133 | return verifySignature(data.wireEncode().value(), |
| 134 | data.wireEncode().value_size() - data.getSignature().getValue().size(), |
| 135 | sig, publicKey); |
| 136 | } |
| 137 | |
| 138 | /** @brief Verify the interest using the publicKey against the SHA256-RSA signature. |
| 139 | * |
| 140 | * (Note the signature covers the first n-2 name components). |
| 141 | */ |
| 142 | static bool |
| 143 | verifySignature(const Interest& interest, |
Yingdi Yu | 4a55705 | 2014-07-09 16:40:37 -0700 | [diff] [blame] | 144 | const Signature& sig, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 145 | const PublicKey& publicKey) |
| 146 | { |
| 147 | if (interest.getName().size() < 2) |
| 148 | return false; |
| 149 | |
Yingdi Yu | 3cca4ab | 2014-04-11 12:46:53 -0700 | [diff] [blame] | 150 | const Name& name = interest.getName(); |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 151 | |
Yingdi Yu | 3cca4ab | 2014-04-11 12:46:53 -0700 | [diff] [blame] | 152 | return verifySignature(name.wireEncode().value(), |
| 153 | name.wireEncode().value_size() - name[-1].size(), |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 154 | sig, publicKey); |
| 155 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 156 | |
| 157 | /// @brief Verify the blob using the publicKey against the SHA256-RSA signature. |
| 158 | static bool |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 159 | verifySignature(const uint8_t* buf, |
| 160 | const size_t size, |
Yingdi Yu | 4a55705 | 2014-07-09 16:40:37 -0700 | [diff] [blame] | 161 | const Signature& sig, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 162 | const PublicKey& publicKey); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 163 | |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 164 | |
| 165 | /// @brief Verify the data against the SHA256 signature. |
| 166 | static bool |
Yingdi Yu | bf6a281 | 2014-06-17 15:32:11 -0700 | [diff] [blame] | 167 | verifySignature(const Data& data, const DigestSha256& sig) |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 168 | { |
| 169 | return verifySignature(data.wireEncode().value(), |
| 170 | data.wireEncode().value_size() - |
| 171 | data.getSignature().getValue().size(), |
| 172 | sig); |
| 173 | } |
| 174 | |
| 175 | /** @brief Verify the interest against the SHA256 signature. |
| 176 | * |
| 177 | * (Note the signature covers the first n-2 name components). |
| 178 | */ |
| 179 | static bool |
Yingdi Yu | bf6a281 | 2014-06-17 15:32:11 -0700 | [diff] [blame] | 180 | verifySignature(const Interest& interest, const DigestSha256& sig) |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 181 | { |
| 182 | if (interest.getName().size() < 2) |
| 183 | return false; |
| 184 | |
Yingdi Yu | 6ab6781 | 2014-11-27 15:00:34 -0800 | [diff] [blame] | 185 | const Name& name = interest.getName(); |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 186 | |
Yingdi Yu | 6ab6781 | 2014-11-27 15:00:34 -0800 | [diff] [blame] | 187 | return verifySignature(name.wireEncode().value(), |
| 188 | name.wireEncode().value_size() - name[-1].size(), |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 189 | sig); |
| 190 | } |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 191 | |
| 192 | /// @brief Verify the blob against the SHA256 signature. |
| 193 | static bool |
Yingdi Yu | bf6a281 | 2014-06-17 15:32:11 -0700 | [diff] [blame] | 194 | verifySignature(const Buffer& blob, const DigestSha256& sig) |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 195 | { |
| 196 | return verifySignature (blob.buf(), blob.size(), sig); |
| 197 | } |
| 198 | |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 199 | /// @brief Verify the blob against the SHA256 signature. |
| 200 | static bool |
Yingdi Yu | bf6a281 | 2014-06-17 15:32:11 -0700 | [diff] [blame] | 201 | verifySignature(const uint8_t* buf, const size_t size, const DigestSha256& sig); |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 202 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 203 | protected: |
| 204 | /** |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 205 | * @brief Check the Data against policy and return the next validation step if necessary. |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 206 | * |
| 207 | * If there is no next validation step, that validation MUST have been done. |
| 208 | * i.e., either onValidated or onValidationFailed callback is invoked. |
| 209 | * |
Alexander Afanasyev | 770827c | 2014-05-13 17:42:55 -0700 | [diff] [blame] | 210 | * @param data The Data to check. |
| 211 | * @param nSteps The number of validation steps that have been done. |
| 212 | * @param onValidated If the Data is validated, this calls onValidated(data) |
| 213 | * @param onValidationFailed If validation fails, this calls onValidationFailed(data) |
| 214 | * @param nextSteps On return, contains the next validation step |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 215 | */ |
| 216 | virtual void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 217 | checkPolicy(const Data& data, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 218 | int nSteps, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 219 | const OnDataValidated& onValidated, |
| 220 | const OnDataValidationFailed& onValidationFailed, |
| 221 | std::vector<shared_ptr<ValidationRequest> >& nextSteps) = 0; |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 222 | |
| 223 | /** |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 224 | * @brief Check the Interest against validation policy and return the next validation step |
| 225 | * if necessary. |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 226 | * |
| 227 | * If there is no next validation step, that validation MUST have been done. |
| 228 | * i.e., either onValidated or onValidationFailed callback is invoked. |
| 229 | * |
Alexander Afanasyev | 770827c | 2014-05-13 17:42:55 -0700 | [diff] [blame] | 230 | * @param interest The Interest to check. |
| 231 | * @param nSteps The number of validation steps that have been done. |
| 232 | * @param onValidated If the Interest is validated, this calls onValidated(data) |
| 233 | * @param onValidationFailed If validation fails, this calls onValidationFailed(data) |
| 234 | * @param nextSteps On return, contains the next validation step |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 235 | */ |
| 236 | virtual void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 237 | checkPolicy(const Interest& interest, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 238 | int nSteps, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 239 | const OnInterestValidated& onValidated, |
| 240 | const OnInterestValidationFailed& onValidationFailed, |
| 241 | std::vector<shared_ptr<ValidationRequest> >& nextSteps) = 0; |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 242 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 243 | typedef function<void(const std::string&)> OnFailure; |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 244 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 245 | /// @brief Process the received certificate. |
| 246 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 247 | onData(const Interest& interest, |
| 248 | const Data& data, |
| 249 | const shared_ptr<ValidationRequest>& nextStep); |
| 250 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 251 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 252 | validate(const Data& data, |
| 253 | const OnDataValidated& onValidated, |
| 254 | const OnDataValidationFailed& onValidationFailed, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 255 | int nSteps); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 256 | |
| 257 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 258 | validate(const Interest& interest, |
| 259 | const OnInterestValidated& onValidated, |
| 260 | const OnInterestValidationFailed& onValidationFailed, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 261 | int nSteps); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 262 | |
Yingdi Yu | d9006e7 | 2014-06-23 19:10:44 -0700 | [diff] [blame] | 263 | /// Hooks |
| 264 | |
| 265 | /** |
| 266 | * @brief trigger before validating requested certificate. |
| 267 | * |
| 268 | * The Data: |
| 269 | * - matches the interest in the validation-request. |
| 270 | * - may be certificate or a data encapsulating certificate. |
| 271 | * |
| 272 | * This method returns a data (actually certificate) that is will be passed as Data into: |
| 273 | * Validator::validate(const Data& data, |
| 274 | * const OnDataValidated& onValidated, |
| 275 | * const OnDataValidationFailed& onValidationFailed, |
| 276 | * int nSteps); |
| 277 | */ |
| 278 | virtual shared_ptr<const Data> |
| 279 | preCertificateValidation(const Data& data) |
| 280 | { |
| 281 | return data.shared_from_this(); |
| 282 | } |
| 283 | |
| 284 | /** |
Teng Liang | e6f8751 | 2016-07-26 22:14:19 -0700 | [diff] [blame] | 285 | * @brief trigger when interest retrieves a Nack. |
| 286 | * |
| 287 | * Validator can decide how to handle a Nack, either call onFailure, or retry. |
| 288 | * |
| 289 | * @param interest The interest that retrieves a Nack. |
| 290 | * @param nack The Nack that is retrieved. |
| 291 | * @param nRemainingRetries The number of retries left. |
| 292 | * @param onFailure Failure callback when there is no more retries remaining. |
| 293 | * @param validationRequest The validationRequest containing the context of the interest. |
| 294 | */ |
| 295 | virtual void |
| 296 | onNack(const Interest& interest, |
| 297 | const lp::Nack& nack, |
| 298 | int nRemainingRetries, |
| 299 | const OnFailure& onFailure, |
| 300 | const shared_ptr<ValidationRequest>& validationRequest); |
| 301 | |
| 302 | /** |
Yingdi Yu | d9006e7 | 2014-06-23 19:10:44 -0700 | [diff] [blame] | 303 | * @brief trigger when interest for certificate times out. |
| 304 | * |
| 305 | * Validator can decide how to handle the timeout, either call onFailure, or retry. |
| 306 | * |
| 307 | * @param interest The interest that times out. |
| 308 | * @param nRemainingRetries The number of retries left. |
| 309 | * @param onFailure Failure callback when there is no more retries remaining. |
| 310 | * @param validationRequest The validationRequest containing the context of the interest. |
| 311 | */ |
Yingdi Yu | d9006e7 | 2014-06-23 19:10:44 -0700 | [diff] [blame] | 312 | virtual void |
| 313 | onTimeout(const Interest& interest, |
| 314 | int nRemainingRetries, |
| 315 | const OnFailure& onFailure, |
| 316 | const shared_ptr<ValidationRequest>& validationRequest); |
| 317 | |
| 318 | /** |
| 319 | * @brief trigger after checkPolicy is done. |
| 320 | * |
| 321 | * Validator can decide how to handle the set of validation requests according to |
| 322 | * the trust model. |
| 323 | * |
| 324 | * @param nextSteps A set of validation request made by checkPolicy. |
| 325 | * @param onFailure Failure callback when errors happen in processing nextSteps. |
| 326 | */ |
| 327 | virtual void |
| 328 | afterCheckPolicy(const std::vector<shared_ptr<ValidationRequest> >& nextSteps, |
| 329 | const OnFailure& onFailure); |
| 330 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 331 | protected: |
Yingdi Yu | 4e9b069 | 2014-11-04 16:13:56 -0800 | [diff] [blame] | 332 | Face* m_face; |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 333 | }; |
| 334 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 335 | } // namespace ndn |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 336 | |
Yingdi Yu | 4e9b069 | 2014-11-04 16:13:56 -0800 | [diff] [blame] | 337 | #endif // NDN_SECURITY_VALIDATOR_HPP |