Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / f714d1b52099183ea3cf70dbc310aee201aa45af / . / src / security / v2 / validation-policy-config.hpp
blob: 7690cc12b47588a58f09de9a68275d01fbac7cd9 [file] [log] [blame]
Alexander Afanasyeve5a19b82017-01-30 22:30:46 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/*
3 * Copyright (c) 2013-2017 Regents of the University of California.
4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#ifndef NDN_SECURITY_V2_VALIDATION_POLICY_CONFIG_HPP
23#define NDN_SECURITY_V2_VALIDATION_POLICY_CONFIG_HPP
24
25#include "validation-policy.hpp"
26#include "validator-config/rule.hpp"
27#include "validator-config/common.hpp"
28
29namespace ndn {
30namespace security {
31namespace v2 {
32namespace validator_config {
33
34/**
35 * @brief The validator which can be set up via a configuration file.
36 *
37 * @note For command Interest validation, this policy must be combined with
38 * @p ValidationPolicyCommandInterest, in order to guard against replay attacks.
39 * @note This policy does not support inner policies (a sole policy or a terminal inner policy)
40 * @sa https://named-data.net/doc/ndn-cxx/current/tutorials/security-validator-config.html
41 */
42class ValidationPolicyConfig : public ValidationPolicy
43{
44public:
45 ValidationPolicyConfig();
46
47 void
48 load(const std::string& filename);
49
50 void
51 load(const std::string& input, const std::string& filename);
52
53 void
54 load(std::istream& input, const std::string& filename);
55
56 void
57 load(const ConfigSection& configSection, const std::string& filename);
58
59protected:
60 void
61 checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,
62 const ValidationContinuation& continueValidation) override;
63
64 void
65 checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,
66 const ValidationContinuation& continueValidation) override;
67
68private:
69 void
70 processConfigTrustAnchor(const ConfigSection& section, const std::string& filename);
71
72 time::nanoseconds
73 getRefreshPeriod(ConfigSection::const_iterator& it, const ConfigSection::const_iterator& end);
74
75 time::nanoseconds
76 getDefaultRefreshPeriod();
77
78NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
79 /** @brief whether to always bypass validation
80 *
81 * This is set to true when 'any' is specified as a trust anchor.
82 * It causes all packets to bypass validation.
83 */
84 bool m_shouldBypass;
85 bool m_isConfigured;
86
87 std::vector<unique_ptr<Rule>> m_dataRules;
88 std::vector<unique_ptr<Rule>> m_interestRules;
89};
90
91} // namespace validator_config
92
93using validator_config::ValidationPolicyConfig;
94
95} // namespace v2
96} // namespace security
97} // namespace ndn
98
99#endif // NDN_SECURITY_V2_VALIDATION_POLICY_CONFIG_HPP