security: enable direct fetch for data sig validation
Change-Id: Icae66769cf980a20bc637caca46f381b29361047
diff --git a/src/security/v2/certificate-fetcher-direct-fetch.cpp b/src/security/v2/certificate-fetcher-direct-fetch.cpp
index 2e01612..0f240a2 100644
--- a/src/security/v2/certificate-fetcher-direct-fetch.cpp
+++ b/src/security/v2/certificate-fetcher-direct-fetch.cpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -38,20 +38,26 @@
const ValidationContinuation& continueValidation)
{
auto interestState = dynamic_pointer_cast<InterestValidationState>(state);
+ uint64_t incomingFaceId = 0;
if (interestState != nullptr) {
- uint64_t incomingFaceId = 0;
auto incomingFaceIdTag = interestState->getOriginalInterest().getTag<lp::IncomingFaceIdTag>();
if (incomingFaceIdTag != nullptr) {
incomingFaceId = incomingFaceIdTag->get();
}
-
- if (incomingFaceId != 0) {
- Interest directInterest(keyRequest->m_interest);
- directInterest.refreshNonce();
- directInterest.setTag(make_shared<lp::NextHopFaceIdTag>(incomingFaceId));
- m_face.expressInterest(directInterest, nullptr, nullptr, nullptr);
+ }
+ else {
+ auto dataState = dynamic_pointer_cast<DataValidationState>(state);
+ auto incomingFaceIdTag = dataState->getOriginalData().getTag<lp::IncomingFaceIdTag>();
+ if (incomingFaceIdTag != nullptr) {
+ incomingFaceId = incomingFaceIdTag->get();
}
}
+ if (incomingFaceId != 0) {
+ Interest directInterest(keyRequest->m_interest);
+ directInterest.refreshNonce();
+ directInterest.setTag(make_shared<lp::NextHopFaceIdTag>(incomingFaceId));
+ m_face.expressInterest(directInterest, nullptr, nullptr, nullptr);
+ }
// send infrastructure Interest
CertificateFetcherFromNetwork::doFetch(keyRequest, state, continueValidation);
diff --git a/src/security/v2/certificate-fetcher-direct-fetch.hpp b/src/security/v2/certificate-fetcher-direct-fetch.hpp
index 2f51246..5eba1f0 100644
--- a/src/security/v2/certificate-fetcher-direct-fetch.hpp
+++ b/src/security/v2/certificate-fetcher-direct-fetch.hpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -29,14 +29,13 @@
namespace v2 {
/**
- * @brief Extends CertificateFetcherFromNetwork to fetch certificates from Interest sender
+ * @brief Extends CertificateFetcherFromNetwork to fetch certificates from the incoming face of
+ * the packet
*
- * During Interest validation, if IncomingFaceId tag is present on the original Interest, this
- * fetcher will send a "direct Interest" to fetch certificates from the face where the original
- * Interest was received, in addition to fetching from the infrastructure. The application must
+ * During Interest and Data validation, if IncomingFaceId tag is present on the original Interest,
+ * this fetcher will send a "direct Interest" to fetch certificates from the face where the original
+ * packet was received, in addition to fetching from the infrastructure. The application must
* enable NextHopFaceId privilege on the face used by this fetcher prior to the validation.
- *
- * During Data validation, this fetcher is equivalent to CertificateFetcherFromNetwork.
*/
class CertificateFetcherDirectFetch : public CertificateFetcherFromNetwork
{