security: Merging SecPolicy into Validator (previously Verifier)

Change-Id: I469fc8f823406cb217bf85248d38d241c32f31f0
diff --git a/src/security/sec-policy-no-verify.cpp b/src/security/sec-policy-no-verify.cpp
deleted file mode 100644
index 3a45756..0000000
--- a/src/security/sec-policy-no-verify.cpp
+++ /dev/null
@@ -1,36 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#include "security/sec-policy-no-verify.hpp"
-
-using namespace std;
-
-namespace ndn {
-
-SecPolicyNoVerify::~SecPolicyNoVerify()
-{
-}
-    
-ptr_lib::shared_ptr<ValidationRequest>
-SecPolicyNoVerify::checkVerificationPolicy
-  (const ptr_lib::shared_ptr<const Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed)
-{ 
-  onVerified(); 
-  return ptr_lib::shared_ptr<ValidationRequest>();
-}
-
-ptr_lib::shared_ptr<ValidationRequest>
-SecPolicyNoVerify::checkVerificationPolicy
-  (const ptr_lib::shared_ptr<const Interest>& interest, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed)
-{ 
-  onVerified(); 
-  return ptr_lib::shared_ptr<ValidationRequest>();
-}
-
-
-}
diff --git a/src/security/sec-policy-no-verify.hpp b/src/security/sec-policy-no-verify.hpp
deleted file mode 100644
index 59dd615..0000000
--- a/src/security/sec-policy-no-verify.hpp
+++ /dev/null
@@ -1,55 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_SEC_POLICY_NO_VERIFY_HPP
-#define NDN_SEC_POLICY_NO_VERIFY_HPP
-
-#include "sec-policy.hpp"
-
-namespace ndn {
-
-class SecPolicyNoVerify : public SecPolicy {
-public:
-  /**
-   * The virtual destructor.
-   */
-  virtual
-  ~SecPolicyNoVerify();
-
-  /**
-   * Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.
-   * If there is no next verification step, that imlies policy MUST have already made the verification decision.
-   * i.e., either onVerified or onVerifyFailed callback is invoked.
-   * @param data The Data object with the signature to check.
-   * @param stepCount The number of verification steps that have been done, used to track the verification progress.
-   * @param onVerified If the signature is verified, this calls onVerified(data).
-   * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
-   * @return the indication of next verification step, null if there is no further step.
-   */
-  virtual ptr_lib::shared_ptr<ValidationRequest>
-  checkVerificationPolicy
-    (const ptr_lib::shared_ptr<const Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed);
-
-  /**
-   * Check whether the received interest packet complies with the verification policy, and get the indication of the next verification step.
-   * If there is no next verification step, that implies policy MUST have already made the verification decision.
-   * i.e., either onVerified or onVerifyFailed callback is invoked.
-   * @param data The Data object with the signature to check.
-   * @param stepCount The number of verification steps that have been done, used to track the verification progress.
-   * @param onVerified If the signature is verified, this calls onVerified(data).
-   * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
-   * @return the indication of next verification step, null if there is no further step.
-   */
-  virtual ptr_lib::shared_ptr<ValidationRequest>
-  checkVerificationPolicy
-    (const ptr_lib::shared_ptr<const Interest>& interest, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed);
-};
-
-}
-
-#endif
diff --git a/src/security/sec-policy-regex.cpp b/src/security/sec-policy-regex.cpp
deleted file mode 100644
index 4b74132..0000000
--- a/src/security/sec-policy-regex.cpp
+++ /dev/null
@@ -1,151 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#include "sec-policy-regex.hpp"
-
-#include "verifier.hpp"
-#include "signature-sha256-with-rsa.hpp"
-
-#include "../util/logging.hpp"
-
-INIT_LOGGER("SecPolicyRegex");
-
-using namespace std;
-
-namespace ndn
-{
-
-SecPolicyRegex::SecPolicyRegex(shared_ptr<CertificateCache> certificateCache,
-                                 const int stepLimit)
-  : m_stepLimit(stepLimit)
-  , m_certificateCache(certificateCache)
-{}
-
-void
-SecPolicyRegex::onCertificateVerified(shared_ptr<Data>signCertificate, 
-                                       shared_ptr<Data>data, 
-                                       const OnVerified& onVerified, 
-                                       const OnVerifyFailed& onVerifyFailed)
-{
-  shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>(*signCertificate);
-  
-  if(!certificate->isTooLate() && !certificate->isTooEarly())
-    {
-      m_certificateCache->insertCertificate(certificate);
-      
-      try{
-        if(Verifier::verifySignature(*data, data->getSignature(), certificate->getPublicKeyInfo()))
-          {
-            onVerified();
-            return;
-          }
-      }catch(Signature::Error &e){
-        _LOG_DEBUG("SecPolicyRegex Error: " << e.what());
-        onVerifyFailed();
-        return;
-      }
-    }
-  else
-    {
-      onVerifyFailed();
-      return;
-    }
-}
-
-void
-SecPolicyRegex::onCertificateVerifyFailed(shared_ptr<Data>signCertificate, 
-                                           shared_ptr<Data>data, 
-                                           const OnVerifyFailed& onVerifyFailed)
-{ onVerifyFailed(); }
-
-shared_ptr<ValidationRequest>
-SecPolicyRegex::checkVerificationPolicy(const shared_ptr<Data>& data, 
-                                         int stepCount, 
-                                         const OnVerified& onVerified, 
-                                         const OnVerifyFailed& onVerifyFailed)
-{
-  if(m_stepLimit == stepCount){
-    _LOG_DEBUG("reach the maximum steps of verification");
-    onVerifyFailed();
-    return shared_ptr<ValidationRequest>();
-  }
-  
-  RuleList::iterator it = m_mustFailVerify.begin();
-  for(; it != m_mustFailVerify.end(); it++)
-    {
-      if((*it)->satisfy(*data))
-        {
-          onVerifyFailed();
-          return shared_ptr<ValidationRequest>();
-        }
-    }
-  
-  it = m_verifyPolicies.begin();
-  for(; it != m_verifyPolicies.end(); it++)
-    {
-      if((*it)->satisfy(*data))
-        {
-          try{
-            SignatureSha256WithRsa sig(data->getSignature());                
-            
-            Name keyLocatorName = sig.getKeyLocator().getName();
-            shared_ptr<const Certificate> trustedCert;
-            if(m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName))
-              trustedCert = m_certificateCache->getCertificate(keyLocatorName);
-            else
-              trustedCert = m_trustAnchors[keyLocatorName];
-            
-            if(static_cast<bool>(trustedCert)){
-              if(Verifier::verifySignature(*data, sig, trustedCert->getPublicKeyInfo()))
-                onVerified();
-              else
-                onVerifyFailed();
-              
-              return shared_ptr<ValidationRequest>();
-            }
-            else{
-              // _LOG_DEBUG("KeyLocator is not trust anchor");                
-              ValidationRequest::OnCertVerified onCertVerified = bind(&SecPolicyRegex::onCertificateVerified, 
-                                                                      this, 
-                                                                      _1, 
-                                                                      data, 
-                                                                      onVerified, 
-                                                                      onVerifyFailed);
-              
-              ValidationRequest::OnCertVerifyFailed onCertVerifyFailed = bind(&SecPolicyRegex::onCertificateVerifyFailed, 
-                                                                              this, 
-                                                                              _1, 
-                                                                              data, 
-                                                                              onVerifyFailed);
-              
-              
-              shared_ptr<Interest> interest = make_shared<Interest>(boost::cref(sig.getKeyLocator().getName()));
-
-              shared_ptr<ValidationRequest> nextStep = make_shared<ValidationRequest>(interest, 
-                                                                                                        onCertVerified,
-                                                                                                        onCertVerifyFailed,
-                                                                                                        3,
-                                                                                                        stepCount + 1);
-              return nextStep;
-            }
-          }catch(SignatureSha256WithRsa::Error &e){
-            _LOG_DEBUG("SecPolicyRegex Error: " << e.what());
-            onVerifyFailed();
-            return shared_ptr<ValidationRequest>(); 
-          }catch(KeyLocator::Error &e){
-            _LOG_DEBUG("SecPolicyRegex Error: " << e.what());
-            onVerifyFailed();
-            return shared_ptr<ValidationRequest>(); 
-          }
-        }
-    }
-  
-  onVerifyFailed();
-  return shared_ptr<ValidationRequest>();
-}
-
-}//ndn
diff --git a/src/security/sec-policy-regex.hpp b/src/security/sec-policy-regex.hpp
deleted file mode 100644
index a4d9190..0000000
--- a/src/security/sec-policy-regex.hpp
+++ /dev/null
@@ -1,87 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_SEC_POLICY_REGEX_HPP
-#define NDN_SEC_POLICY_REGEX_HPP
-
-#include "sec-policy.hpp"
-#include "identity-certificate.hpp"
-#include "sec-rule-relative.hpp"
-#include "certificate-cache.hpp"
-#include "../util/regex.hpp"
-
-#include <map>
-
-
-
-
-namespace ndn {
-
-class SecPolicyRegex : public SecPolicy
-{
-public:
-  struct Error : public SecPolicy::Error { Error(const std::string &what) : SecPolicy::Error(what) {} };
-  
-  SecPolicyRegex(shared_ptr<CertificateCache> certificateCache, const int stepLimit = 10);
-  
-  virtual 
-  ~SecPolicyRegex() {}
-  
-  virtual shared_ptr<ValidationRequest>
-  checkVerificationPolicy(const shared_ptr<Data>& data, 
-                          int stepCount, 
-                          const OnVerified& onVerified, 
-                          const OnVerifyFailed& onVerifyFailed);
-      
-  /**
-   * @brief add a rule to check whether the data name and signing certificate name comply with the policy
-   * @param policy the verification policy
-   */
-  inline virtual void
-  addVerificationPolicyRule (shared_ptr<SecRuleRelative> rule);
-    
-  /**
-   * @brief add a trust anchor
-   * @param certificate the trust anchor 
-   */
-  inline virtual void 
-  addTrustAnchor(shared_ptr<IdentityCertificate> certificate);
-
-protected:
-  virtual void
-  onCertificateVerified(shared_ptr<Data> certificate, 
-                        shared_ptr<Data> data, 
-                        const OnVerified& onVerified, 
-                        const OnVerifyFailed& onVerifyFailed);
-  
-  virtual void
-  onCertificateVerifyFailed(shared_ptr<Data>signCertificate, 
-                            shared_ptr<Data>data, 
-                            const OnVerifyFailed& onVerifyFailed);
-  
-protected:
-  typedef std::vector< shared_ptr<SecRuleRelative> > RuleList;
-  typedef std::vector< shared_ptr<Regex> > RegexList;
-
-  int m_stepLimit;
-  shared_ptr<CertificateCache> m_certificateCache;
-  RuleList m_mustFailVerify;
-  RuleList m_verifyPolicies;
-  std::map<Name, shared_ptr<IdentityCertificate> > m_trustAnchors;
-};
-
-void 
-SecPolicyRegex::addVerificationPolicyRule (shared_ptr<SecRuleRelative> rule)
-{ rule->isPositive() ? m_verifyPolicies.push_back(rule) : m_mustFailVerify.push_back(rule); }
-      
-void  
-SecPolicyRegex::addTrustAnchor(shared_ptr<IdentityCertificate> certificate)
-{ m_trustAnchors[certificate->getName().getPrefix(-1)] = certificate; }
-
-}//ndn
-
-#endif
diff --git a/src/security/sec-policy.hpp b/src/security/sec-policy.hpp
deleted file mode 100644
index 5158f61..0000000
--- a/src/security/sec-policy.hpp
+++ /dev/null
@@ -1,71 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_SEC_POLICY_HPP
-#define NDN_SEC_POLICY_HPP
-
-#include "../data.hpp"
-#include "verifier.hpp"
-#include "validation-request.hpp"
-
-namespace ndn {
-  
-/**
- * A SecPolicy is an abstract base class to represent the policy for verifying data packets.
- * You must create an object of a subclass.
- */
-class SecPolicy {
-public:
-  struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
-
-  /**
-   * The virtual destructor.
-   */
-  virtual
-  ~SecPolicy() {}
-
-  /**
-   * Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.
-   * If there is no next verification step, that imlies policy MUST have already made the verification decision.
-   * i.e., either onVerified or onVerifyFailed callback is invoked.
-   * @param data The Data object with the signature to check.
-   * @param stepCount The number of verification steps that have been done, used to track the verification progress.
-   * @param onVerified If the signature is verified, this calls onVerified(data).
-   * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
-   * @return the indication of next verification step, null if there is no further step.
-   */
-  virtual ptr_lib::shared_ptr<ValidationRequest>
-  checkVerificationPolicy
-    (const ptr_lib::shared_ptr<const Data>& data, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed)
-  {
-    onVerifyFailed();
-    return ptr_lib::shared_ptr<ValidationRequest>();
-  }
-
-  /**
-   * Check whether the received interest packet complies with the verification policy, and get the indication of the next verification step.
-   * If there is no next verification step, that implies policy MUST have already made the verification decision.
-   * i.e., either onVerified or onVerifyFailed callback is invoked.
-   * @param data The Data object with the signature to check.
-   * @param stepCount The number of verification steps that have been done, used to track the verification progress.
-   * @param onVerified If the signature is verified, this calls onVerified(data).
-   * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
-   * @return the indication of next verification step, null if there is no further step.
-   */
-  virtual ptr_lib::shared_ptr<ValidationRequest>
-  checkVerificationPolicy
-    (const ptr_lib::shared_ptr<const Interest>& interest, int stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed)
-  {
-    onVerifyFailed();
-    return ptr_lib::shared_ptr<ValidationRequest>();
-  }
-};
-
-}
-
-#endif
diff --git a/src/security/validation-request.hpp b/src/security/validation-request.hpp
index ad2a128..4dc3a11 100644
--- a/src/security/validation-request.hpp
+++ b/src/security/validation-request.hpp
@@ -12,35 +12,48 @@
 #include "../interest.hpp"
 
 namespace ndn {
+/**
+ * An OnVerified function object is used to pass a callback to report a successful Interest validation.
+ */
+typedef function< void (const shared_ptr<const Interest> &) > OnInterestValidated;
+  
+/**
+ * An OnVerifyFailed function object is used to pass a callback to report a failed Interest validation.
+ */
+typedef function< void (const shared_ptr<const Interest> &) > OnInterestValidationFailed;
+
+/**
+ * An OnVerified function object is used to pass a callback to report a successful Data validation.
+ */
+typedef function< void (const shared_ptr<const Data> &) > OnDataValidated;
+  
+/**
+ * An OnVerifyFailed function object is used to pass a callback to report a failed Data validation.
+ */
+typedef function< void (const shared_ptr<const Data> &) > OnDataValidationFailed;
+
 
 class ValidationRequest {
 public:
-  /**
-   * An OnCertVerified function object is used to pass a callback to to report a successful verification.
-   */
-  typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>&)> OnCertVerified;
-  
-  /**
-   * An OnCertVerifyFailed function object is used to pass a callback to to report a failed verification.
-   */
-  typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>&)> OnCertVerifyFailed;
-
-
-  ValidationRequest
-    (const ptr_lib::shared_ptr<Interest> &interest, const OnCertVerified& onVerified, const OnCertVerifyFailed& onVerifyFailed,
-     int retry, int stepCount)
-  : m_interest(interest), m_onVerified(onVerified), m_onVerifyFailed(onVerifyFailed), m_retry(retry), m_stepCount(stepCount)
-  {
-  }
+  ValidationRequest(const Interest &interest, 
+                    const OnDataValidated &onValidated, 
+                    const OnDataValidationFailed &onDataValidated, 
+                    int retry, int stepCount)
+  : m_interest(interest)
+  , m_onValidated(onValidated)
+  , m_onDataValidated(onDataValidated)
+  , m_retry(retry)
+  , m_stepCount(stepCount)
+  {}
     
   virtual
   ~ValidationRequest() {}
 
-  ptr_lib::shared_ptr<Interest> m_interest; // An interest packet to fetch the requested data.
-  OnCertVerified m_onVerified;                  // A callback function if the requested certificate has been validated.
-  OnCertVerifyFailed m_onVerifyFailed;          // A callback function if the requested certificate cannot be validated.
+  Interest m_interest;                      // An interest packet to fetch the requested data.
+  OnDataValidated m_onValidated;            // A callback function if the requested certificate is validated.
+  OnDataValidationFailed m_onDataValidated; // A callback function if the requested certificate validation fails.
   int m_retry;                              // The number of retrials when there is an interest timeout.
-  int m_stepCount;
+  int m_stepCount;                          // The stepCount of next step.
 };
 
 }
diff --git a/src/security/validator-null.hpp b/src/security/validator-null.hpp
new file mode 100644
index 0000000..90b5293
--- /dev/null
+++ b/src/security/validator-null.hpp
@@ -0,0 +1,42 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_VALIDATOR_NULL_HPP
+#define NDN_VALIDATOR_NULL_HPP
+
+#include "validator.hpp"
+
+namespace ndn {
+
+class ValidatorNull : public Validator {
+protected:
+
+  virtual
+  ~ValidatorNull()
+  {}
+
+  virtual void
+  checkPolicy (shared_ptr<const Data> data, 
+               int stepCount, 
+               const OnDataValidated &onValidated, 
+               const OnDataValidationFailed &onValidationFailed,
+               std::vector<shared_ptr<ValidationRequest> > &nextSteps)
+  { onValidated(data); }
+
+  virtual void
+  checkPolicy (shared_ptr<const Interest> interest, 
+               int stepCount, 
+               const OnInterestValidated &onValidated, 
+               const OnInterestValidationFailed &onValidationFailed,
+               std::vector<shared_ptr<ValidationRequest> > &nextSteps)
+  { onValidated(interest); }
+};
+
+}
+
+#endif
diff --git a/src/security/validator-regex.cpp b/src/security/validator-regex.cpp
new file mode 100644
index 0000000..63c49c4
--- /dev/null
+++ b/src/security/validator-regex.cpp
@@ -0,0 +1,151 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#include "validator-regex.hpp"
+#include "signature-sha256-with-rsa.hpp"
+#include "certificate-cache-ttl.hpp"
+
+#include "../util/logging.hpp"
+
+INIT_LOGGER("ndn::ValidatorRegex");
+
+using namespace std;
+
+namespace ndn
+{
+
+const shared_ptr<CertificateCache> ValidatorRegex::DefaultCertificateCache = shared_ptr<CertificateCache>();
+
+ValidatorRegex::ValidatorRegex(shared_ptr<Face> face,
+                               shared_ptr<CertificateCache> certificateCache /* = DefaultCertificateCache */,
+                               const int stepLimit /* = 3 */)
+  : Validator(face)
+  , m_stepLimit(stepLimit)
+  , m_certificateCache(certificateCache)
+{
+  if(!static_cast<bool>(face))
+    throw Error("Face is not set!");
+
+  if(!static_cast<bool>(m_certificateCache))
+    m_certificateCache = make_shared<CertificateCacheTtl>(m_face->ioService());
+}
+
+void
+ValidatorRegex::onCertificateValidated(const shared_ptr<const Data> &signCertificate, 
+                                       const shared_ptr<const Data> &data, 
+                                       const OnDataValidated &onValidated, 
+                                       const OnDataValidationFailed &onValidationFailed)
+{
+  shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>(*signCertificate);
+  
+  if(!certificate->isTooLate() && !certificate->isTooEarly())
+    {
+      m_certificateCache->insertCertificate(certificate);
+      
+      try{
+        if(verifySignature(*data, certificate->getPublicKeyInfo()))
+          {
+            onValidated(data);
+            return;
+          }
+      }catch(Signature::Error &e){
+        _LOG_DEBUG("ValidatorRegex Error: " << e.what());
+        onValidationFailed(data);
+        return;
+      }
+    }
+  else
+    {
+      _LOG_DEBUG("Wrong Invalidity: " << e.what());
+      onValidationFailed(data);
+      return;
+    }
+}
+
+void
+ValidatorRegex::onCertificateValidationFailed(const shared_ptr<const Data> &signCertificate, 
+                                              const shared_ptr<const Data> &data, 
+                                              const OnDataValidationFailed &onValidationFailed)
+{ onValidationFailed(data); }
+
+void
+ValidatorRegex::checkPolicy(const shared_ptr<const Data> &data, 
+                            int stepCount, 
+                            const OnDataValidated &onValidated, 
+                            const OnDataValidationFailed &onValidationFailed,
+                            vector<shared_ptr<ValidationRequest> > &nextSteps)
+{
+  if(m_stepLimit == stepCount){
+    _LOG_DEBUG("reach the maximum steps of verification");
+    onValidationFailed(data);
+    return;
+  }
+  
+  RuleList::iterator it = m_mustFailVerify.begin();
+  for(; it != m_mustFailVerify.end(); it++)
+    if((*it)->satisfy(*data))
+      {
+        onValidationFailed(data);
+        return;
+      }
+
+  it = m_verifyPolicies.begin();
+  for(; it != m_verifyPolicies.end(); it++)
+    {
+      if((*it)->satisfy(*data))
+        {
+          try{
+            SignatureSha256WithRsa sig(data->getSignature());                
+            
+            Name keyLocatorName = sig.getKeyLocator().getName();
+            shared_ptr<const Certificate> trustedCert;
+            if(m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName))
+              trustedCert = m_certificateCache->getCertificate(keyLocatorName);
+            else
+              trustedCert = m_trustAnchors[keyLocatorName];
+            
+            if(static_cast<bool>(trustedCert)){
+              if(verifySignature(*data, sig, trustedCert->getPublicKeyInfo()))
+                onValidated(data);
+              else
+                onValidationFailed(data);
+              
+              return;
+            }
+            else{
+              // _LOG_DEBUG("KeyLocator is not trust anchor");                
+              OnDataValidated onKeyValidated = bind(&ValidatorRegex::onCertificateValidated, this, 
+                                                    _1, data, onValidated, onValidationFailed);
+              
+              OnDataValidationFailed onKeyValidationFailed = bind(&ValidatorRegex::onCertificateValidationFailed, this, 
+                                                                  _1, data, onValidationFailed);              
+
+              shared_ptr<ValidationRequest> nextStep = make_shared<ValidationRequest>(Interest(boost::cref(sig.getKeyLocator().getName())), 
+                                                                                      onKeyValidated,
+                                                                                      onKeyValidationFailed,
+                                                                                      3,
+                                                                                      stepCount + 1);
+              nextSteps.push_back(nextStep);
+              return;
+            }
+          }catch(SignatureSha256WithRsa::Error &e){
+            _LOG_DEBUG("ValidatorRegex Error: " << e.what());
+            onValidationFailed(data);
+            return;
+          }catch(KeyLocator::Error &e){
+            _LOG_DEBUG("ValidatorRegex Error: " << e.what());
+            onValidationFailed(data);
+            return;
+          }
+        }
+    }
+
+  onValidationFailed(data);
+  return;
+}
+
+}//ndn
diff --git a/src/security/validator-regex.hpp b/src/security/validator-regex.hpp
new file mode 100644
index 0000000..e080ddf
--- /dev/null
+++ b/src/security/validator-regex.hpp
@@ -0,0 +1,92 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_VALIDATOR_REGEX_HPP
+#define NDN_VALIDATOR_REGEX_HPP
+
+#include "validator.hpp"
+#include "identity-certificate.hpp"
+#include "sec-rule-relative.hpp"
+#include "certificate-cache.hpp"
+#include "../util/regex.hpp"
+
+#include <map>
+
+
+namespace ndn {
+
+class ValidatorRegex : public Validator
+{
+public:
+  struct Error : public Validator::Error { Error(const std::string &what) : Validator::Error(what) {} };
+
+  static const shared_ptr<CertificateCache> DefaultCertificateCache;
+  
+  ValidatorRegex(shared_ptr<Face> face,
+                 shared_ptr<CertificateCache> certificateCache = DefaultCertificateCache, 
+                 const int stepLimit = 3);
+  
+  virtual 
+  ~ValidatorRegex() {}
+  
+  /**
+   * @brief Add a rule for data verification.
+   *
+   * @param policy The verification rule
+   */
+  inline void
+  addDataVerificationRule (shared_ptr<SecRuleRelative> rule);
+    
+  /**
+   * @brief Add a trust anchor
+   *
+   * @param certificate The trust anchor 
+   */
+  inline void 
+  addTrustAnchor(shared_ptr<IdentityCertificate> certificate);
+
+protected:
+  virtual void
+  checkPolicy (const shared_ptr<const Data> &data, 
+               int stepCount, 
+               const OnDataValidated &onValidated, 
+               const OnDataValidationFailed &onValidationFailed,
+               std::vector<shared_ptr<ValidationRequest> > &nextSteps);
+
+  void
+  onCertificateValidated(const shared_ptr<const Data> &signCertificate, 
+                         const shared_ptr<const Data> &data, 
+                         const OnDataValidated &onValidated, 
+                         const OnDataValidationFailed &onValidationFailed);
+  
+  void
+  onCertificateValidationFailed(const shared_ptr<const Data> &signCertificate, 
+                                const shared_ptr<const Data> &data, 
+                                const OnDataValidationFailed &onValidationFailed);
+  
+protected:
+  typedef std::vector< shared_ptr<SecRuleRelative> > RuleList;
+  typedef std::vector< shared_ptr<Regex> > RegexList;
+
+  int m_stepLimit;
+  shared_ptr<CertificateCache> m_certificateCache;
+  RuleList m_mustFailVerify;
+  RuleList m_verifyPolicies;
+  std::map<Name, shared_ptr<IdentityCertificate> > m_trustAnchors;
+};
+
+void 
+ValidatorRegex::addDataVerificationRule (shared_ptr<SecRuleRelative> rule)
+{ rule->isPositive() ? m_verifyPolicies.push_back(rule) : m_mustFailVerify.push_back(rule); }
+      
+void  
+ValidatorRegex::addTrustAnchor(shared_ptr<IdentityCertificate> certificate)
+{ m_trustAnchors[certificate->getName().getPrefix(-1)] = certificate; }
+
+}//ndn
+
+#endif
diff --git a/src/security/validator.cpp b/src/security/validator.cpp
new file mode 100644
index 0000000..9440d84
--- /dev/null
+++ b/src/security/validator.cpp
@@ -0,0 +1,272 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#if __clang__
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wreorder"
+#pragma clang diagnostic ignored "-Wtautological-compare"
+#pragma clang diagnostic ignored "-Wunused-variable"
+#pragma clang diagnostic ignored "-Wunused-function"
+#elif __GNUC__
+#pragma GCC diagnostic ignored "-Wreorder"
+#pragma GCC diagnostic ignored "-Wunused-variable"
+#pragma GCC diagnostic ignored "-Wunused-function"
+#endif
+
+#include "validator.hpp"
+#include "../util/logging.hpp"
+
+#include <cryptopp/rsa.h>
+
+using namespace std;
+
+INIT_LOGGER("ndn::Validator");
+
+namespace ndn {
+
+const shared_ptr<Face> Validator::DefaultFace = shared_ptr<Face>();
+
+Validator::Validator(shared_ptr<Face> face /* = DefaultFace */)                   
+  : m_face(face)
+{}
+
+void
+Validator::validate(const shared_ptr<const Interest> &interest, 
+                    const OnInterestValidated &onValidated, 
+                    const OnInterestValidationFailed &onValidationFailed,
+                    int stepCount)
+{
+  vector<shared_ptr<ValidationRequest> > nextSteps;
+  checkPolicy(interest, stepCount, onValidated, onValidationFailed, nextSteps);
+  
+  if (!nextSteps.empty())
+    {
+      if(!static_cast<bool>(m_face))
+        throw Error("Face should be set prior to verify method to call");
+      
+      vector<shared_ptr<ValidationRequest> >::const_iterator it = nextSteps.begin();
+      OnFailure onFailure = bind(onValidationFailed, interest);
+      for(; it != nextSteps.end(); it++)
+        m_face->expressInterest((*it)->m_interest,
+                                bind(&Validator::onData, this, _1, _2, *it), 
+                                bind(&Validator::onTimeout, 
+                                     this, _1, (*it)->m_retry, 
+                                     onFailure, 
+                                     *it));
+    }
+  else
+    {
+      //If there is no nextStep, that means InterestPolicy has already been able to verify the Interest.
+      //No more further processes.
+    }
+}
+
+void
+Validator::validate(const shared_ptr<const Data> &data, 
+                    const OnDataValidated &onValidated, 
+                    const OnDataValidationFailed &onValidationFailed,
+                    int stepCount)
+{
+  vector<shared_ptr<ValidationRequest> > nextSteps;
+  checkPolicy(data, stepCount, onValidated, onValidationFailed, nextSteps);
+
+  if (!nextSteps.empty())
+    {
+      if(!static_cast<bool>(m_face))
+        throw Error("Face should be set prior to verify method to call");
+
+      vector<shared_ptr<ValidationRequest> >::const_iterator it = nextSteps.begin();
+      OnFailure onFailure = bind(onValidationFailed, data);
+      for(; it != nextSteps.end(); it++)
+        m_face->expressInterest((*it)->m_interest,
+                                bind(&Validator::onData, this, _1, _2, *it), 
+                                bind(&Validator::onTimeout, 
+                                     this, _1, (*it)->m_retry, 
+                                     onFailure,
+                                     *it));
+    }
+  else
+    {
+      //If there is no nextStep, that means InterestPolicy has already been able to verify the Interest.
+      //No more further processes.
+    }
+}
+
+void
+Validator::onData(const shared_ptr<const Interest> &interest, 
+                  const shared_ptr<const Data> &data, 
+                  shared_ptr<ValidationRequest> nextStep)
+{
+  validate(data, nextStep->m_onValidated, nextStep->m_onDataValidated, nextStep->m_stepCount);
+}
+
+void
+Validator::onTimeout(const shared_ptr<const Interest> &interest, 
+                     int retry, 
+                     const OnFailure &onFailure, 
+                     shared_ptr<ValidationRequest> nextStep)
+{
+  if (retry > 0)
+    // Issue the same expressInterest except decrement retry.
+    m_face->expressInterest(*interest, 
+                            bind(&Validator::onData, this, _1, _2, nextStep), 
+                            bind(&Validator::onTimeout, this, _1, retry - 1, onFailure, nextStep));
+  else
+    onFailure();
+}
+
+bool
+Validator::verifySignature(const Data& data, const PublicKey& key)
+{
+  try{
+    switch(data.getSignature().getType()){
+    case Signature::Sha256WithRsa:
+      {
+        SignatureSha256WithRsa sigSha256Rsa(data.getSignature());
+        return verifySignature(data, sigSha256Rsa, key);
+      }
+    default:
+      {
+        _LOG_DEBUG("verifySignature: Unknown signature type: " << sig.getType());
+        return false;
+      }
+    }
+  }catch(Signature::Error &e){
+    _LOG_DEBUG("verifySignature: " << e.what());
+    return false;
+  }
+  return false;
+}
+
+bool
+Validator::verifySignature(const Interest &interest, const PublicKey &key)
+{
+  const Name &interestName = interest.getName();
+
+  if(interestName.size() < 3)
+    return false;
+
+  try{
+    const Block &nameBlock = interestName.wireEncode();
+
+    if(nameBlock.getAll().size() != interestName.size()) //HACK!! we should change it when Name::Component is changed to derive from Block.
+      const_cast<Block&>(nameBlock).parse();
+
+    Signature sig((++nameBlock.getAll().rbegin())->blockFromValue(), 
+                  (nameBlock.getAll().rbegin())->blockFromValue());
+
+    switch(sig.getType()){
+    case Signature::Sha256WithRsa:
+      {
+        SignatureSha256WithRsa sigSha256Rsa(sig);
+
+        return verifySignature(nameBlock.value(), 
+                               nameBlock.value_size() - (nameBlock.getAll().rbegin())->size(), 
+                               sigSha256Rsa, key);
+      }
+    default:
+      {
+        _LOG_DEBUG("verifySignature: Unknown signature type: " << sig.getType());
+        return false;
+      }
+    }
+  }catch(Signature::Error &e){
+    _LOG_DEBUG("verifySignature: " << e.what());
+    return false;
+  }catch(Block::Error &e){
+    _LOG_DEBUG("verifySignature: " << e.what());
+    return false;
+  }
+  return false;
+}
+
+bool
+Validator::verifySignature(const Buffer &data, const Signature &sig, const PublicKey &key)
+{
+  try{
+    switch(sig.getType()){
+    case Signature::Sha256WithRsa:
+      {
+        SignatureSha256WithRsa sigSha256Rsa(sig);
+        return verifySignature(data, sigSha256Rsa, key);
+      }
+    default:
+      {
+        _LOG_DEBUG("verifySignature: Unknown signature type: " << sig.getType());
+        return false;
+      }
+    }
+  }catch(Signature::Error &e){
+    _LOG_DEBUG("verifySignature: " << e.what());
+    return false;
+  }
+  return false;
+}
+
+bool
+Validator::verifySignature(const Data& data, const SignatureSha256WithRsa& sig, const PublicKey& key)
+{
+  using namespace CryptoPP;
+
+  bool result = false;
+  
+  RSA::PublicKey publicKey;
+  ByteQueue queue;
+
+  queue.Put(reinterpret_cast<const byte*>(key.get().buf()), key.get().size());
+  publicKey.Load(queue);
+
+  RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
+  result = verifier.VerifyMessage(data.wireEncode().value(), data.wireEncode().value_size() - data.getSignature().getValue().size(),
+				  sig.getValue().value(), sig.getValue().value_size());
+
+  _LOG_DEBUG("Signature verified? " << data.getName().toUri() << " " << boolalpha << result);
+  
+  return result;
+}
+
+bool
+Validator::verifySignature(const Buffer& data, const SignatureSha256WithRsa& sig, const PublicKey& key)
+{
+  using namespace CryptoPP;
+
+  bool result = false;
+  
+  RSA::PublicKey publicKey;
+  ByteQueue queue;
+
+  queue.Put(reinterpret_cast<const byte*>(key.get().buf()), key.get().size());
+  publicKey.Load(queue);
+
+  RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
+  result = verifier.VerifyMessage(data.buf(), data.size(),
+				  sig.getValue().value(), sig.getValue().value_size());
+  
+  return result;
+}
+
+bool
+Validator::verifySignature(const uint8_t* buf, const size_t size, const SignatureSha256WithRsa &sig, const PublicKey &key)
+{
+  using namespace CryptoPP;
+
+  bool result = false;
+  
+  RSA::PublicKey publicKey;
+  ByteQueue queue;
+
+  queue.Put(reinterpret_cast<const byte*>(key.get().buf()), key.get().size());
+  publicKey.Load(queue);
+
+  RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
+  result = verifier.VerifyMessage(buf, size, sig.getValue().value(), sig.getValue().value_size());
+  
+  return result;
+}
+
+}
diff --git a/src/security/validator.hpp b/src/security/validator.hpp
new file mode 100644
index 0000000..82f8e98
--- /dev/null
+++ b/src/security/validator.hpp
@@ -0,0 +1,157 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_VALIDATOR_HPP
+#define NDN_VALIDATOR_HPP
+
+#include "../data.hpp"
+#include "../face.hpp"
+#include "public-key.hpp"
+#include "signature-sha256-with-rsa.hpp"
+#include "validation-request.hpp"
+
+namespace ndn {
+/**
+ * Validator is one of the main classes of the security library.
+ *
+ * The Validator class provides the interfaces for packet validation.
+ */
+class Validator {
+public:
+  struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+
+  static const shared_ptr<Face> DefaultFace;
+
+  Validator (shared_ptr<Face> face = DefaultFace);
+
+  /**
+   * @brief Validate Data and call either onValidated or onValidationFailed. 
+   * 
+   * @param data The Data with the signature to check.
+   * @param onValidated If the Data is validated, this calls onValidated(data).
+   * @param onValidationFailed If the Data validation fails, this calls onValidationFailed(data).
+   */
+  void
+  validate (const shared_ptr<const Data> &data, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed)
+  { validate (data, onValidated, onValidationFailed, 0); }
+
+  /**
+   * @brief Validate Interest and call either onValidated or onValidationFailed. 
+   * 
+   * @param interest The Interest with the signature to check.
+   * @param onValidated If the Interest is validated, this calls onValidated(interest).
+   * @param onValidationFailed If the Interest validation fails, this calls onValidationFailed(interest).
+   */
+  void
+  validate (const shared_ptr<const Interest> &interest, const OnInterestValidated &onValidated, const OnInterestValidationFailed &onValidationFailed)
+  { validate (interest, onValidated, onValidationFailed, 0); }
+
+  /*****************************************
+   *      verifySignature method set       *
+   *****************************************/
+
+  /// @brief Verify the data using the publicKey.
+  static bool
+  verifySignature (const Data &data, const PublicKey &publicKey);
+
+  /// @brief Verify the signed Interest using the publicKey.
+  static bool
+  verifySignature (const Interest &interest, const PublicKey &publicKey);
+
+  /// @brief Verify the blob using the publicKey against the signature.
+  static bool
+  verifySignature (const Buffer &blob, const Signature &sig, const PublicKey &publicKey);
+
+  /// @brief Verify the data using the publicKey against the SHA256-RSA signature.
+  static bool
+  verifySignature (const Data& data, const SignatureSha256WithRsa& sig, const PublicKey& publicKey);
+
+  /// @brief Verify the blob using the publicKey against the SHA256-RSA signature.
+  static bool
+  verifySignature (const Buffer &blob, const SignatureSha256WithRsa &sig, const PublicKey &publicKey);
+  
+  /// @brief Verify the blob using the publicKey against the SHA256-RSA signature.
+  static bool
+  verifySignature (const uint8_t* buf, const size_t size, const SignatureSha256WithRsa &sig, const PublicKey &publicKey);
+
+protected:
+  /**
+   * @brief Check the Data against validation policy and return the next validation step if necessary.
+   *
+   * If there is no next validation step, that validation MUST have been done.
+   * i.e., either onValidated or onValidationFailed callback is invoked.
+   *
+   * @param data The Data to check.
+   * @param stepCount The number of validation steps that have been done, used to track the validation progress.
+   * @param onDataValidated If the Data is validated, this calls onValidated(data).
+   * @param onDataValidationFailed If the Data validation fails, this calls onValidationFailed(data).
+   * @param nextSteps On return, contains the next validation step.
+   */
+  virtual void
+  checkPolicy (const shared_ptr<const Data> &data, 
+               int stepCount, 
+               const OnDataValidated &onValidated, 
+               const OnDataValidationFailed &onValidationFailed,
+               std::vector<shared_ptr<ValidationRequest> > &nextSteps)
+  { onValidationFailed(data); }
+
+  /**
+   * @brief Check the Interest against validation policy and return the next validation step if necessary.
+   *
+   * If there is no next validation step, that validation MUST have been done.
+   * i.e., either onValidated or onValidationFailed callback is invoked.
+   *
+   * @param data The Interest to check.
+   * @param stepCount The number of validation steps that have been done, used to track the validation progress.
+   * @param OnInterestValidated If the Interest is validated, this calls onValidated(data).
+   * @param OnInterestValidationFailed If the Interest validation fails, this calls onValidationFailed(data).
+   * @return the indication of next validation step, null if there is no further step.
+   */
+  virtual void
+  checkPolicy (const shared_ptr<const Interest> &interest, 
+               int stepCount, 
+               const OnInterestValidated &onValidated, 
+               const OnInterestValidationFailed &onValidationFailed,
+               std::vector<shared_ptr<ValidationRequest> > &nextSteps)
+  { onValidationFailed(interest); }
+
+private:
+  typedef function< void () > OnFailure;
+  
+  /// @brief Process the received certificate.
+  void
+  onData (const shared_ptr<const Interest> &interest, 
+          const shared_ptr<const Data> &data, 
+          shared_ptr<ValidationRequest> nextStep);
+  
+  /// @brief Re-express the interest if it times out.
+  void
+  onTimeout (const shared_ptr<const Interest> &interest, 
+             int retry, 
+             const OnFailure &onFailure, 
+             shared_ptr<ValidationRequest> nextStep);
+
+  void
+  validate (const shared_ptr<const Data> &data, 
+            const OnDataValidated &onValidated, 
+            const OnDataValidationFailed &onValidationFailed, 
+            int stepCount);
+
+  void
+  validate (const shared_ptr<const Interest> &interest, 
+            const OnInterestValidated &onValidated, 
+            const OnInterestValidationFailed &onValidationFailed, 
+            int stepCount);
+
+protected:
+  shared_ptr<Face> m_face;
+};
+
+}
+
+#endif
diff --git a/src/security/verifier.cpp b/src/security/verifier.cpp
deleted file mode 100644
index 62f660d..0000000
--- a/src/security/verifier.cpp
+++ /dev/null
@@ -1,307 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#if __clang__
-#pragma clang diagnostic push
-#pragma clang diagnostic ignored "-Wreorder"
-#pragma clang diagnostic ignored "-Wtautological-compare"
-#pragma clang diagnostic ignored "-Wunused-variable"
-#pragma clang diagnostic ignored "-Wunused-function"
-#elif __GNUC__
-#pragma GCC diagnostic ignored "-Wreorder"
-#pragma GCC diagnostic ignored "-Wunused-variable"
-#pragma GCC diagnostic ignored "-Wunused-function"
-#endif
-
-#include "security/verifier.hpp"
-
-#include "security/sec-policy.hpp"
-
-#include <cryptopp/rsa.h>
-
-#include "../util/logging.hpp"
-
-using namespace std;
-#if NDN_CPP_HAVE_CXX11
-// In the std library, the placeholders are in a different namespace than boost.
-using namespace ndn::func_lib::placeholders;
-#endif
-
-INIT_LOGGER("ndn.Verifier");
-
-namespace ndn {
-const ptr_lib::shared_ptr<SecPolicy>     Verifier::DefaultPolicy     = ptr_lib::shared_ptr<SecPolicy>();
-
-Verifier::Verifier(const ptr_lib::shared_ptr<SecPolicy>     &policy     /* = DefaultPolicy */)                   
-  : m_policy(policy)
-{
-  if (m_policy == DefaultPolicy)
-    {
-      // #ifdef USE_SIMPLE_POLICY_MANAGER
-      //   Ptr<SimplePolicyManager> policyManager = Ptr<SimplePolicyManager>(new SimplePolicyManager());
-      //   Ptr<IdentityPolicyRule> rule1 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>",
-      //                                                                                  "^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
-      //                                                                                  ">", "\\1\\2", "\\1", true));
-      //   Ptr<IdentityPolicyRule> rule2 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
-      //                                                                                  "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>",
-      //                                                                                  "==", "\\1", "\\1\\2", true));
-      //   Ptr<IdentityPolicyRule> rule3 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^(<>*)$", 
-      //                                                                                  "^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>", 
-      //                                                                                  ">", "\\1", "\\1", true));
-      //   policyManager->addVerificationPolicyRule(rule1);
-      //   policyManager->addVerificationPolicyRule(rule2);
-      //   policyManager->addVerificationPolicyRule(rule3);
-    
-      //   policyManager->addSigningPolicyRule(rule3);
-
-      //   m_policyManager = policyManager;
-      //
-      // #else
-      //   policy_ = new NoVerifyPolicyManager();
-      // #endif
-    }  
-}
-
-void
-Verifier::verify(const ptr_lib::shared_ptr<const Interest> &interest, 
-                 const OnVerified &onVerified, 
-                 const OnVerifyFailed &onVerifyFailed,
-                 int stepCount)
-{
-  //It does not make sense to verify Interest without specified policy, verification must fail!
-  if(!static_cast<bool>(m_policy))
-    onVerifyFailed();
-  else
-    {
-      //check verification policy 
-      ptr_lib::shared_ptr<ValidationRequest> nextStep = m_policy->checkVerificationPolicy(interest, stepCount, onVerified, onVerifyFailed);
-      if (static_cast<bool>(nextStep))
-        {
-          if(!m_face)
-            throw Error("Face should be set prior to verify method to call");
-
-          m_face->expressInterest
-            (*nextStep->m_interest,
-             func_lib::bind(&Verifier::onCertificateData, this, _1, _2, nextStep), 
-             func_lib::bind(&Verifier::onCertificateInterestTimeout, this, _1, nextStep->m_retry, onVerifyFailed, nextStep));
-        }
-      else
-        {
-          //If there is no nextStep, that means InterestPolicy has already been able to verify the Interest.
-          //No more further processes.
-        }
-    }
-}
-
-void
-Verifier::verify(const ptr_lib::shared_ptr<const Data> &data, 
-                 const OnVerified &onVerified, 
-                 const OnVerifyFailed &onVerifyFailed, 
-                 int stepCount)
-{
-  //It does not make sense to verify Interest without specified policy, verification must fail!
-  if(!static_cast<bool>(m_policy))
-    onVerifyFailed();
-  else
-    {
-      //check verification policy 
-      ptr_lib::shared_ptr<ValidationRequest> nextStep = m_policy->checkVerificationPolicy(data, stepCount, onVerified, onVerifyFailed);
-      if (static_cast<bool>(nextStep))
-        {
-          if(!m_face)
-            throw Error("Face should be set prior to verify method to call");
-
-          m_face->expressInterest
-            (*nextStep->m_interest,
-             func_lib::bind(&Verifier::onCertificateData, this, _1, _2, nextStep), 
-             func_lib::bind(&Verifier::onCertificateInterestTimeout, this, _1, nextStep->m_retry, onVerifyFailed, nextStep));
-        }
-      else
-        {
-          //If there is no nextStep, that means InterestPolicy has already been able to verify the Interest.
-          //No more further processes.
-        }
-    }
-}
-
-void
-Verifier::onCertificateData(const ptr_lib::shared_ptr<const Interest> &interest, 
-                            const ptr_lib::shared_ptr<Data> &data, 
-                            ptr_lib::shared_ptr<ValidationRequest> nextStep)
-{
-  // Try to verify the certificate (data) according to the parameters in nextStep.
-  verify(data, 
-         func_lib::bind(nextStep->m_onVerified, data),
-         func_lib::bind(nextStep->m_onVerifyFailed, data),
-         nextStep->m_stepCount);
-}
-
-void
-Verifier::onCertificateInterestTimeout
-  (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, ptr_lib::shared_ptr<ValidationRequest> nextStep)
-{
-  if (retry > 0)
-    // Issue the same expressInterest as in verifyData except decrement retry.
-    m_face->expressInterest
-      (*interest, 
-       func_lib::bind(&Verifier::onCertificateData, this, _1, _2, nextStep), 
-       func_lib::bind(&Verifier::onCertificateInterestTimeout, this, _1, retry - 1, onVerifyFailed, nextStep));
-  else
-    onVerifyFailed();
-}
-
-bool
-Verifier::verifySignature(const Data& data, const Signature& sig, const PublicKey& key)
-{
-  try{
-    switch(sig.getType()){
-    case Signature::Sha256WithRsa:
-      {
-        SignatureSha256WithRsa sigSha256Rsa(sig);
-        return verifySignature(data, sigSha256Rsa, key);
-      }
-    default:
-      {
-        _LOG_DEBUG("verifySignature: Unknown signature type: " << sig.getType());
-        return false;
-      }
-    }
-  }catch(Signature::Error &e){
-    _LOG_DEBUG("verifySignature: " << e.what());
-    return false;
-  }
-  return false;
-}
-
-bool
-Verifier::verifySignature(const Interest &interest, const PublicKey &key)
-{
-  const Name &interestName = interest.getName();
-
-  if(interestName.size() < 3)
-    return false;
-
-  try{
-    const Block &nameBlock = interestName.wireEncode();
-
-    if(nameBlock.getAll().size() != interestName.size()) //HACK!! we should change it when Name::Component is changed to derive from Block.
-      const_cast<Block&>(nameBlock).parse();
-
-    Signature sig((++nameBlock.getAll().rbegin())->blockFromValue(), 
-                  (nameBlock.getAll().rbegin())->blockFromValue());
-
-    switch(sig.getType()){
-    case Signature::Sha256WithRsa:
-      {
-        SignatureSha256WithRsa sigSha256Rsa(sig);
-
-        return verifySignature(nameBlock.value(), 
-                               nameBlock.value_size() - (nameBlock.getAll().rbegin())->size(), 
-                               sigSha256Rsa, key);
-      }
-    default:
-      {
-        _LOG_DEBUG("verifySignature: Unknown signature type: " << sig.getType());
-        return false;
-      }
-    }
-  }catch(Signature::Error &e){
-    _LOG_DEBUG("verifySignature: " << e.what());
-    return false;
-  }catch(Block::Error &e){
-    _LOG_DEBUG("verifySignature: " << e.what());
-    return false;
-  }
-  return false;
-}
-
-bool
-Verifier::verifySignature(const Buffer &data, const Signature &sig, const PublicKey &key)
-{
-  try{
-    switch(sig.getType()){
-    case Signature::Sha256WithRsa:
-      {
-        SignatureSha256WithRsa sigSha256Rsa(sig);
-        return verifySignature(data, sigSha256Rsa, key);
-      }
-    default:
-      {
-        _LOG_DEBUG("verifySignature: Unknown signature type: " << sig.getType());
-        return false;
-      }
-    }
-  }catch(Signature::Error &e){
-    _LOG_DEBUG("verifySignature: " << e.what());
-    return false;
-  }
-  return false;
-}
-
-bool
-Verifier::verifySignature(const Data& data, const SignatureSha256WithRsa& sig, const PublicKey& key)
-{
-  using namespace CryptoPP;
-
-  bool result = false;
-  
-  RSA::PublicKey publicKey;
-  ByteQueue queue;
-
-  queue.Put(reinterpret_cast<const byte*>(key.get().buf()), key.get().size());
-  publicKey.Load(queue);
-
-  RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
-  result = verifier.VerifyMessage(data.wireEncode().value(), data.wireEncode().value_size() - data.getSignature().getValue().size(),
-				  sig.getValue().value(), sig.getValue().value_size());
-
-  _LOG_DEBUG("Signature verified? " << data.getName().toUri() << " " << boolalpha << result);
-  
-  return result;
-}
-
-bool
-Verifier::verifySignature(const Buffer& data, const SignatureSha256WithRsa& sig, const PublicKey& key)
-{
-  using namespace CryptoPP;
-
-  bool result = false;
-  
-  RSA::PublicKey publicKey;
-  ByteQueue queue;
-
-  queue.Put(reinterpret_cast<const byte*>(key.get().buf()), key.get().size());
-  publicKey.Load(queue);
-
-  RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
-  result = verifier.VerifyMessage(data.buf(), data.size(),
-				  sig.getValue().value(), sig.getValue().value_size());
-  
-  return result;
-}
-
-bool
-Verifier::verifySignature(const uint8_t* buf, const size_t size, const SignatureSha256WithRsa &sig, const PublicKey &key)
-{
-  using namespace CryptoPP;
-
-  bool result = false;
-  
-  RSA::PublicKey publicKey;
-  ByteQueue queue;
-
-  queue.Put(reinterpret_cast<const byte*>(key.get().buf()), key.get().size());
-  publicKey.Load(queue);
-
-  RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
-  result = verifier.VerifyMessage(buf, size, sig.getValue().value(), sig.getValue().value_size());
-  
-  return result;
-}
-
-}
diff --git a/src/security/verifier.hpp b/src/security/verifier.hpp
deleted file mode 100644
index a9bded4..0000000
--- a/src/security/verifier.hpp
+++ /dev/null
@@ -1,124 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_VERIFIER_HPP
-#define NDN_VERIFIER_HPP
-
-#include "../data.hpp"
-#include "../face.hpp"
-#include "validation-request.hpp"
-#include "public-key.hpp"
-#include "signature-sha256-with-rsa.hpp"
-
-namespace ndn {
-
-class SecPolicy;
-
-/**
- * An OnVerified function object is used to pass a callback to verifyData to report a successful verification.
- */
-typedef func_lib::function<void()> OnVerified;
-
-/**
- * An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verification.
- */
-typedef func_lib::function<void()> OnVerifyFailed;
-
-  
-/**
- * Verifier is one of the main classes of the security librar .
- *
- * The Verifier class provides the interfaces for packet verification.
- */
-class Verifier {
-public:
-  struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
-
-  Verifier(const ptr_lib::shared_ptr<SecPolicy> &policy = DefaultPolicy);
-
-  /**
-   * @brief Set the Face which will be used to fetch required certificates.
-   * @param face A pointer to the Face object.
-   *
-   * Setting face is necessary for verifier operation that involve fetching data.
-   */
-  void
-  setFace(const ptr_lib::shared_ptr<Face> &face) { m_face = face; }
-  
-  /**
-   * @brief Get the policy.
-   * @return The Policy.
-   */
-  inline SecPolicy&
-  policy()
-  {
-    if (static_cast<bool>(m_policy))
-      throw Error("policy is not assigned to the KeyChain");
-
-    return *m_policy;
-  }
-
-
-  /**
-   * Check the signature on the Data object and call either onVerify or onVerifyFailed. 
-   * We use callback functions because verify may fetch information to check the signature.
-   * @param data The Data object with the signature to check. It is an error if data does not have a wireEncoding. 
-   * To set the wireEncoding, you can call data.wireDecode.
-   * @param onVerified If the signature is verified, this calls onVerified(data).
-   * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
-   */
-  void
-  verify
-  (const ptr_lib::shared_ptr<const Data> &data, const OnVerified &onVerified, const OnVerifyFailed &onVerifyFailed, int stepCount = 0);
-
-  void
-  verify
-  (const ptr_lib::shared_ptr<const Interest> &Interest, const OnVerified &onVerified, const OnVerifyFailed &onVerifyFailed, int stepCount = 0);
-
-  /*****************************************
-   *      verifySignature method set       *
-   *****************************************/
-  static bool
-  verifySignature(const Data &data, const Signature &sig, const PublicKey &publicKey);
-
-  static bool
-  verifySignature(const Interest &interest, const PublicKey &publicKey);
-
-  static bool
-  verifySignature(const Buffer &data, const Signature &sig, const PublicKey &publicKey);
-
-  static bool
-  verifySignature(const Data& data, const SignatureSha256WithRsa& sig, const PublicKey& publicKey);
-
-  static bool
-  verifySignature(const Buffer &data, const SignatureSha256WithRsa &sig, const PublicKey &publicKey);
-  
-  static bool
-  verifySignature(const uint8_t* buf, const size_t size, const SignatureSha256WithRsa &sig, const PublicKey &publicKey);
-
-
-public:
-  static const ptr_lib::shared_ptr<SecPolicy>     DefaultPolicy;
-    
-private:
-  void
-  onCertificateData
-    (const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
-  
-  void
-  onCertificateInterestTimeout
-    (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, ptr_lib::shared_ptr<ValidationRequest> nextStep);
-
-private:
-  ptr_lib::shared_ptr<SecPolicy>         m_policy;
-  ptr_lib::shared_ptr<Face>              m_face;
-};
-
-}
-
-#endif