rib: Separate trust models for `/localhost` and `/localhop` RIB management commands

Change-Id: I10fd9a1c8a2e0e572ea28f6e97d57b0b5b9750c8
Refs: #1557
Refs: #1558
diff --git a/rib/rib-manager.cpp b/rib/rib-manager.cpp
index 916ed93..3db042d 100644
--- a/rib/rib-manager.cpp
+++ b/rib/rib-manager.cpp
@@ -66,8 +66,10 @@
 RibManager::RibManager()
   : m_face(shared_ptr<boost::asio::io_service>(&getGlobalIoService(), &NullDeleter))
   , m_nfdController(new ndn::nfd::Controller(m_face))
-  , m_validator(m_face)
+  , m_localhostValidator(m_face)
+  , m_localhopValidator(m_face)
   , m_faceMonitor(m_face)
+  , m_isLocalhopEnabled(false)
   , m_verbDispatch(COMMAND_VERBS,
                    COMMAND_VERBS + (sizeof(COMMAND_VERBS) / sizeof(VerbAndProcessor)))
 {
@@ -82,13 +84,16 @@
   NFD_LOG_INFO("Setting interest filter on: " << COMMAND_PREFIX);
   m_face.setController(m_nfdController);
   m_face.setInterestFilter(COMMAND_PREFIX,
-                           bind(&RibManager::onRibRequest, this, _2),
+                           bind(&RibManager::onLocalhostRequest, this, _2),
                            bind(&RibManager::setInterestFilterFailed, this, _1, _2));
 
-  NFD_LOG_INFO("Setting interest filter on: " << REMOTE_COMMAND_PREFIX);
-  m_face.setInterestFilter(REMOTE_COMMAND_PREFIX,
-                           bind(&RibManager::onRibRequest, this, _2),
-                           bind(&RibManager::setInterestFilterFailed, this, _1, _2));
+  if (m_isLocalhopEnabled)
+    {
+      NFD_LOG_INFO("Setting interest filter on: " << REMOTE_COMMAND_PREFIX);
+      m_face.setInterestFilter(REMOTE_COMMAND_PREFIX,
+                               bind(&RibManager::onLocalhopRequest, this, _2),
+                               bind(&RibManager::setInterestFilterFailed, this, _1, _2));
+    }
 
   NFD_LOG_INFO("Start monitoring face create/destroy events");
   m_faceMonitor.addSubscriber(boost::bind(&RibManager::onNotification, this, _1));
@@ -98,7 +103,7 @@
 void
 RibManager::setConfigFile(ConfigFile& configFile)
 {
-  configFile.addSectionHandler("rib_security",
+  configFile.addSectionHandler("rib",
                                bind(&RibManager::onConfig, this, _1, _2, _3));
 }
 
@@ -107,9 +112,19 @@
                      bool isDryRun,
                      const std::string& filename)
 {
-  /// \todo remove check after validator-conf replaces settings on each load
-  if (!isDryRun)
-    m_validator.load(configSection, filename);
+  for (ConfigSection::const_iterator i = configSection.begin();
+       i != configSection.end(); ++i)
+    {
+      if (i->first == "localhost_security")
+          m_localhostValidator.load(i->second, filename);
+      else if (i->first == "localhop_security")
+        {
+          m_localhopValidator.load(i->second, filename);
+          m_isLocalhopEnabled = true;
+        }
+      else
+        throw Error("Unrecognized rib property: " + i->first);
+    }
 }
 
 void
@@ -142,11 +157,19 @@
 }
 
 void
-RibManager::onRibRequest(const Interest& request)
+RibManager::onLocalhostRequest(const Interest& request)
 {
-  m_validator.validate(request,
-                       bind(&RibManager::onCommandValidated, this, _1),
-                       bind(&RibManager::onCommandValidationFailed, this, _1, _2));
+  m_localhostValidator.validate(request,
+                                bind(&RibManager::onCommandValidated, this, _1),
+                                bind(&RibManager::onCommandValidationFailed, this, _1, _2));
+}
+
+void
+RibManager::onLocalhopRequest(const Interest& request)
+{
+  m_localhopValidator.validate(request,
+                               bind(&RibManager::onCommandValidated, this, _1),
+                               bind(&RibManager::onCommandValidationFailed, this, _1, _2));
 }
 
 void
diff --git a/rib/rib-manager.hpp b/rib/rib-manager.hpp
index 4c2c344..1d542fb 100644
--- a/rib/rib-manager.hpp
+++ b/rib/rib-manager.hpp
@@ -46,10 +46,17 @@
 class RibManager : noncopyable
 {
 public:
-  RibManager();
+  class Error : public std::runtime_error
+  {
+  public:
+    explicit
+    Error(const std::string& what)
+      : std::runtime_error(what)
+    {
+    }
+  };
 
-  void
-  onRibRequest(const Interest& request);
+  RibManager();
 
   void
   registerWithNfd();
@@ -67,6 +74,12 @@
            const std::string& filename);
 
   void
+  onLocalhopRequest(const Interest& request);
+
+  void
+  onLocalhostRequest(const Interest& request);
+
+  void
   sendResponse(const Name& name,
                const ControlResponse& response);
 
@@ -131,8 +144,10 @@
   ndn::Face m_face;
   ndn::shared_ptr<ndn::nfd::Controller> m_nfdController;
   ndn::KeyChain m_keyChain;
-  ndn::ValidatorConfig m_validator;
+  ndn::ValidatorConfig m_localhostValidator;
+  ndn::ValidatorConfig m_localhopValidator;
   FaceMonitor m_faceMonitor;
+  bool m_isLocalhopEnabled;
 
   typedef boost::function<void(RibManager*,
                                const shared_ptr<const Interest>& request,