Gitiles
Code Review Sign In
gerrit.named-data.net / ndnSIM / ndn-cxx / f601e1988b1553e2e32614fcc4701fc6cce1675e / . / ndn-cxx / security / v2 / certificate-cache.hpp
blob: d0e412e913d5f1abce01d8f8bc6b562137dcb0fd [file] [log] [blame]
Qiuhan Ding609f0612015-11-04 14:07:14 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Alexander Afanasyev6aff0242017-08-29 17:14:44 -0400[diff] [blame]2/*
Alexander Afanasyev4e0cc6c2019-01-22 14:44:42 -0500[diff] [blame]3 * Copyright (c) 2013-2019 Regents of the University of California.
Qiuhan Ding609f0612015-11-04 14:07:14 -0800[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#ifndef NDN_SECURITY_V2_CERTIFICATE_CACHE_HPP
23#define NDN_SECURITY_V2_CERTIFICATE_CACHE_HPP
24
Davide Pesavento7e780642018-11-24 15:51:34 -0500[diff] [blame]25#include "ndn-cxx/interest.hpp"
26#include "ndn-cxx/security/v2/certificate.hpp"
Qiuhan Ding609f0612015-11-04 14:07:14 -0800[diff] [blame]27
28#include <boost/multi_index_container.hpp>
29#include <boost/multi_index/ordered_index.hpp>
30#include <boost/multi_index/mem_fun.hpp>
31#include <boost/multi_index/member.hpp>
32
33namespace ndn {
34namespace security {
35namespace v2 {
36
37/**
38 * @brief Represents a container for verified certificates.
39 *
40 * A certificate is removed no later than its NotAfter time, or maxLifetime after it has been
41 * added to the cache.
42 */
43class CertificateCache : noncopyable
44{
45public:
46 /**
47 * @brief Create an object for certificate cache.
48 *
49 * @param maxLifetime the maximum time that certificates could live inside cache (default: 1 hour)
50 */
51 explicit
52 CertificateCache(const time::nanoseconds& maxLifetime = getDefaultLifetime());
53
54 /**
55 * @brief Insert certificate into cache.
56 *
57 * The inserted certificate will be removed no later than its NotAfter time, or maxLifetime
58 * defined during cache construction.
59 *
60 * @param cert the certificate packet.
61 */
62 void
63 insert(const Certificate& cert);
64
65 /**
Alexander Afanasyev6aff0242017-08-29 17:14:44 -0400[diff] [blame]66 * @brief Remove all certificates from cache
67 */
68 void
69 clear();
70
71 /**
Qiuhan Ding609f0612015-11-04 14:07:14 -0800[diff] [blame]72 * @brief Get certificate given key name
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]73 * @param certPrefix Certificate prefix for searching the certificate.
Qiuhan Ding609f0612015-11-04 14:07:14 -0800[diff] [blame]74 * @return The found certificate, nullptr if not found.
75 *
76 * @note The returned value may be invalidated after next call to one of find methods.
77 */
78 const Certificate*
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]79 find(const Name& certPrefix) const;
Qiuhan Ding609f0612015-11-04 14:07:14 -0800[diff] [blame]80
81 /**
82 * @brief Find certificate given interest
83 * @param interest The input interest packet.
84 * @return The found certificate that matches the interest, nullptr if not found.
85 *
Qiuhan Ding609f0612015-11-04 14:07:14 -0800[diff] [blame]86 * @note The returned value may be invalidated after next call to one of find methods.
87 */
88 const Certificate*
Alexander Afanasyev7e721412017-01-11 13:36:08 -0800[diff] [blame]89 find(const Interest& interest) const;
Qiuhan Ding609f0612015-11-04 14:07:14 -0800[diff] [blame]90
91private:
92 class Entry
93 {
94 public:
95 Entry(const Certificate& cert, const time::system_clock::TimePoint& removalTime)
96 : cert(cert)
97 , removalTime(removalTime)
98 {
99 }
100
101 const Name&
102 getCertName() const
103 {
104 return cert.getName();
105 }
106
107 public:
108 Certificate cert;
109 time::system_clock::TimePoint removalTime;
110 };
111
112 /**
113 * @brief Remove all outdated certificate entries.
114 */
115 void
116 refresh();
117
118public:
Davide Pesavento0f830802018-01-16 23:58:58 -0500[diff] [blame]119 static time::nanoseconds
Qiuhan Ding609f0612015-11-04 14:07:14 -0800[diff] [blame]120 getDefaultLifetime();
121
122private:
123 /// @todo Switch to InMemoryStorateTimeout after it is available (task #3917)
124 typedef boost::multi_index::multi_index_container<
125 Entry,
126 boost::multi_index::indexed_by<
127 boost::multi_index::ordered_non_unique<
128 boost::multi_index::member<Entry, const time::system_clock::TimePoint, &Entry::removalTime>
129 >,
130 boost::multi_index::ordered_unique<
131 boost::multi_index::const_mem_fun<Entry, const Name&, &Entry::getCertName>
132 >
133 >
134 > CertIndex;
135
136 typedef CertIndex::nth_index<0>::type CertIndexByTime;
137 typedef CertIndex::nth_index<1>::type CertIndexByName;
138 CertIndex m_certs;
139 CertIndexByTime& m_certsByTime;
140 CertIndexByName& m_certsByName;
141 time::nanoseconds m_maxLifetime;
142};
143
144} // namespace v2
145} // namespace security
146} // namespace ndn
147
148#endif // NDN_SECURITY_V2_CERTIFICATE_CACHE_HPP