security: Add 'type any' for trust-anchor in ValidatorConfig
Refs: #1482
Change-Id: Ida78f392799f0f2e578e1bdc6735bbfc68e1617e
diff --git a/docs/tutorials/security-validator-config.rst b/docs/tutorials/security-validator-config.rst
index fe136e1..ee164f5 100644
--- a/docs/tutorials/security-validator-config.rst
+++ b/docs/tutorials/security-validator-config.rst
@@ -411,6 +411,21 @@
base64-string "Bv0DGwdG...amHFvHIMDw=="
}
+There is another special trust anchor "any".
+As long as such a trust-anchor is defined in config file,
+packet validation will be turned off.
+
+- **ATTENTION: This type of trust anchor is dangerous.
+ You should used it only when you want to disable packet validation temporarily
+ (e.g, debugging code, building a demo).**
+
+::
+
+ trust-anchor
+ {
+ type any
+ }
+
Example Configuration For NLSR
------------------------------
diff --git a/src/security/validator-config.cpp b/src/security/validator-config.cpp
index 054c843..80d2fb1 100644
--- a/src/security/validator-config.cpp
+++ b/src/security/validator-config.cpp
@@ -28,6 +28,7 @@
const shared_ptr<CertificateCache>& certificateCache,
const int stepLimit)
: Validator(face)
+ , m_shouldValidate(true)
, m_stepLimit(stepLimit)
, m_certificateCache(certificateCache)
{
@@ -275,6 +276,10 @@
return;
}
+ else if (boost::iequals(type, "any"))
+ {
+ m_shouldValidate = false;
+ }
else
throw Error("Unsupported trust-anchor.type: " + type);
}
@@ -286,6 +291,9 @@
const OnDataValidationFailed& onValidationFailed,
std::vector<shared_ptr<ValidationRequest> >& nextSteps)
{
+ if (!m_shouldValidate)
+ return onValidated(data.shared_from_this());
+
if (m_stepLimit == nSteps)
return onValidationFailed(data.shared_from_this(),
"Maximum steps of validation reached");
@@ -322,6 +330,9 @@
const OnInterestValidationFailed& onValidationFailed,
std::vector<shared_ptr<ValidationRequest> >& nextSteps)
{
+ if (!m_shouldValidate)
+ return onValidated(interest.shared_from_this());
+
if (m_stepLimit == nSteps)
return onValidationFailed(interest.shared_from_this(),
"Maximum steps of validation reached");
diff --git a/src/security/validator-config.hpp b/src/security/validator-config.hpp
index e22c446..00d7c66 100644
--- a/src/security/validator-config.hpp
+++ b/src/security/validator-config.hpp
@@ -120,6 +120,13 @@
typedef std::vector<shared_ptr<DataRule> > DataRuleList;
typedef std::map<Name, shared_ptr<IdentityCertificate> > AnchorList;
+ /**
+ * @brief gives whether validation should be preformed
+ *
+ * If false, no validation occurs, and any packet is considered validated immediately.
+ */
+ bool m_shouldValidate;
+
int m_stepLimit;
shared_ptr<CertificateCache> m_certificateCache;
diff --git a/tests-integrated/security/test-validator-config.cpp b/tests-integrated/security/test-validator-config.cpp
index 360b056..e122523 100644
--- a/tests-integrated/security/test-validator-config.cpp
+++ b/tests-integrated/security/test-validator-config.cpp
@@ -963,6 +963,40 @@
boost::filesystem::remove(CERT_PATH);
}
+BOOST_AUTO_TEST_CASE(Wildcard)
+{
+ KeyChain keyChain;
+
+ Name identity("/TestValidatorConfig/Wildcard");
+ identity.appendVersion();
+ BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
+
+ Name dataName1("/any/data");
+ shared_ptr<Data> data1 = make_shared<Data>(dataName1);
+ BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data1, identity));
+
+ std::string CONFIG =
+ "trust-anchor\n"
+ "{\n"
+ " type any\n"
+ "}\n";
+
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test-nfd.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*data1,
+ bind(&onValidated, _1),
+ bind(&onValidationFailed, _1, _2));
+
+ keyChain.deleteIdentity(identity);
+}
+
+
BOOST_AUTO_TEST_SUITE_END()
} // namespace ndn