Add certificate fetcher of ndns-appcert and ndns-cert
Validators are updated accordingly
Change-Id: Ibdee00b8f20243448a2ba3011ca87f85ce1ea516
diff --git a/src/validator/certificate-fetcher-ndns-appcert.cpp b/src/validator/certificate-fetcher-ndns-appcert.cpp
new file mode 100644
index 0000000..28f81b5
--- /dev/null
+++ b/src/validator/certificate-fetcher-ndns-appcert.cpp
@@ -0,0 +1,126 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2017, Regents of the University of California.
+ *
+ * This file is part of NDNS (Named Data Networking Domain Name Service).
+ * See AUTHORS.md for complete list of NDNS authors and contributors.
+ *
+ * NDNS is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * NDNS, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "certificate-fetcher-ndns-appcert.hpp"
+#include "certificate-fetcher-ndns-cert.hpp"
+#include "clients/iterative-query-controller.hpp"
+
+#include "validator.hpp"
+#include "clients/response.hpp"
+
+namespace ndn {
+namespace ndns {
+
+using security::v2::Certificate;
+
+CertificateFetcherAppCert::CertificateFetcherAppCert(Face& face,
+ size_t nsCacheSize,
+ size_t startComponentIndex)
+ : m_face(face)
+ , m_validator(NdnsValidatorBuilder::create(face, nsCacheSize, startComponentIndex))
+ , m_startComponentIndex(startComponentIndex)
+{
+ m_nsCache = dynamic_cast<CertificateFetcherNdnsCert&>(m_validator->getFetcher()).getNsCache();
+}
+
+void
+CertificateFetcherAppCert::doFetch(const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation)
+{
+ const Name& key = certRequest->m_interest.getName();
+ auto query = make_shared<IterativeQueryController>(key,
+ label::APPCERT_RR_TYPE,
+ certRequest->m_interest.getInterestLifetime(),
+ [=] (const Data& data, const Response& response) {
+ onQuerySuccessCallback(data, certRequest, state, continueValidation);
+ },
+ [=] (uint32_t errCode, const std::string& errMsg) {
+ onQueryFailCallback(errMsg, certRequest, state, continueValidation);
+ },
+ m_face,
+ nullptr,
+ m_nsCache);
+ query->setStartComponentIndex(m_startComponentIndex);
+ query->start();
+ state->setTag(make_shared<IterativeQueryTag>(query));
+}
+
+void
+CertificateFetcherAppCert::onQuerySuccessCallback(const Data& data,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation)
+{
+ m_validator->validate(data,
+ [=] (const Data& data) {
+ onValidationSuccessCallback(data, certRequest, state, continueValidation);
+ },
+ [=] (const Data& data,
+ const security::v2::ValidationError& errStr) {
+ onValidationFailCallback(errStr, certRequest, state, continueValidation);
+ });
+}
+
+void
+CertificateFetcherAppCert::onQueryFailCallback(const std::string& errMsg,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation)
+{
+ state->fail({security::v2::ValidationError::Code::CANNOT_RETRIEVE_CERT, "Cannot fetch certificate due to " +
+ errMsg + " `" + certRequest->m_interest.getName().toUri() + "`"});
+}
+
+void
+CertificateFetcherAppCert::onValidationSuccessCallback(const Data& data,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation)
+{
+ if (data.getContentType() == NDNS_NACK) {
+ state->fail({security::v2::ValidationError::Code::CANNOT_RETRIEVE_CERT, "Cannot fetch certificate: get a Nack "
+ "in query `" + certRequest->m_interest.getName().toUri() + "`"});
+ return;
+ }
+
+ Certificate cert;
+ try {
+ cert = Certificate(data.getContent().blockFromValue());
+ }
+ catch (const ndn::tlv::Error& e) {
+ return state->fail({security::v2::ValidationError::Code::MALFORMED_CERT, "Fetched a malformed certificate "
+ "`" + data.getName().toUri() + "` (" + e.what() + ")"});
+ }
+ continueValidation(cert, state);
+}
+
+void
+CertificateFetcherAppCert::onValidationFailCallback(const security::v2::ValidationError& err,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation)
+{
+ state->fail({security::v2::ValidationError::Code::CANNOT_RETRIEVE_CERT,
+ "Cannot fetch certificate due to NDNS validation error :"
+ + err.getInfo() + " `" + certRequest->m_interest.getName().toUri() + "`"});
+}
+
+} // namespace ndns
+} // namespace ndn
diff --git a/src/validator/certificate-fetcher-ndns-appcert.hpp b/src/validator/certificate-fetcher-ndns-appcert.hpp
new file mode 100644
index 0000000..2bd9305
--- /dev/null
+++ b/src/validator/certificate-fetcher-ndns-appcert.hpp
@@ -0,0 +1,103 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2017, Regents of the University of California.
+ *
+ * This file is part of NDNS (Named Data Networking Domain Name Service).
+ * See AUTHORS.md for complete list of NDNS authors and contributors.
+ *
+ * NDNS is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * NDNS, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef NDNS_VALIDATOR_CERTIFICATE_FETCHER_NDNS_APPCERT_HPP
+#define NDNS_VALIDATOR_CERTIFICATE_FETCHER_NDNS_APPCERT_HPP
+
+#include <ndn-cxx/ims/in-memory-storage.hpp>
+#include <ndn-cxx/security/v2/validator.hpp>
+
+namespace ndn {
+namespace ndns {
+
+/**
+ * @brief Fetch NDNS-stored application certificate(APPCERT type record)
+ * By an iterative-query process, it will retrieve the record, execute authentications,
+ * and de-encapsulate record to get application's certificate.
+ */
+class CertificateFetcherAppCert : public security::v2::CertificateFetcher
+{
+public:
+ explicit
+ CertificateFetcherAppCert(Face& face,
+ size_t nsCacheSize = 500,
+ size_t startComponentIndex = 0);
+
+protected:
+ /**
+ * @brief retrive appcert record, validate, and de-encapsulate
+ * This method will first retrive the record by an iterative query.
+ * Then it will pass it to validator.
+ * If validated, de-encapsulate and call continueValidation.
+ */
+ void
+ doFetch(const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation) override;
+
+private:
+ /**
+ * @brief Callback invoked when rrset is retrived, including nack
+ */
+ void
+ onQuerySuccessCallback(const Data& data,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation);
+
+ /**
+ * @brief Callback invoked when iterative query failed
+ *
+ * @todo retry for some amount of time
+ */
+ void
+ onQueryFailCallback(const std::string& errMsg,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation);
+
+ /**
+ * @brief Callback invoked when rrset validation succeeded
+ */
+ void
+ onValidationSuccessCallback(const Data& data,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation);
+
+ /**
+ * @brief Callback invoked when rrset validation failed
+ */
+ void
+ onValidationFailCallback(const security::v2::ValidationError& err,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation);
+
+private:
+ Face& m_face;
+ unique_ptr<security::v2::Validator> m_validator;
+ InMemoryStorage* m_nsCache;
+ size_t m_startComponentIndex;
+};
+
+} // namespace ndns
+} // namespace ndn
+
+#endif // NDNS_VALIDATOR_CERTIFICATE_FETCHER_NDNS_APPCERT_HPP
\ No newline at end of file
diff --git a/src/validator/certificate-fetcher-ndns-cert.cpp b/src/validator/certificate-fetcher-ndns-cert.cpp
new file mode 100644
index 0000000..8131bea
--- /dev/null
+++ b/src/validator/certificate-fetcher-ndns-cert.cpp
@@ -0,0 +1,207 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2017, Regents of the University of California.
+ *
+ * This file is part of NDNS (Named Data Networking Domain Name Service).
+ * See AUTHORS.md for complete list of NDNS authors and contributors.
+ *
+ * NDNS is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * NDNS, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "certificate-fetcher-ndns-cert.hpp"
+#include "clients/iterative-query-controller.hpp"
+#include "clients/response.hpp"
+#include "logger.hpp"
+
+#include <ndn-cxx/encoding/tlv.hpp>
+#include <ndn-cxx/ims/in-memory-storage-fifo.hpp>
+
+namespace ndn {
+namespace ndns {
+
+using security::v2::Certificate;
+
+NDNS_LOG_INIT("CertificateFetcherNdnsCert")
+
+CertificateFetcherNdnsCert::CertificateFetcherNdnsCert(Face& face,
+ size_t nsCacheSize,
+ size_t startComponentIndex)
+ : m_face(face)
+ , m_nsCache(make_unique<InMemoryStorageFifo>(nsCacheSize))
+ , m_startComponentIndex(startComponentIndex)
+{}
+
+void
+CertificateFetcherNdnsCert::doFetch(const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation)
+{
+ using IterativeQueryTag = SimpleTag<shared_ptr<IterativeQueryController>, 1086>;
+ const Name& key = certRequest->m_interest.getName();
+ Name domain = calculateDomain(key);
+ if (domain.size() == m_startComponentIndex) {
+ // NS record does not exist, since the domain is actually globally routable
+ nsFailCallback("[skipped] zone name " + domain.toUri()
+ + " is globally routable because startComponentIndex="
+ + std::to_string(m_startComponentIndex),
+ certRequest, state, continueValidation);
+ return ;
+ }
+
+ auto query = make_shared<IterativeQueryController>(domain,
+ label::NS_RR_TYPE,
+ certRequest->m_interest.getInterestLifetime(),
+ [=] (const Data& data, const Response& response) {
+ nsSuccessCallback(data, certRequest, state, continueValidation);
+ },
+ [=] (uint32_t errCode, const std::string& errMsg) {
+ nsFailCallback(errMsg, certRequest, state, continueValidation);
+ },
+ m_face,
+ nullptr,
+ m_nsCache.get());
+ query->setStartComponentIndex(m_startComponentIndex);
+ query->start();
+ auto queryTag = make_shared<IterativeQueryTag>(query);
+ state->setTag(queryTag);
+}
+
+void
+CertificateFetcherNdnsCert::nsSuccessCallback(const Data& data,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation)
+{
+ Name interestName(certRequest->m_interest.getName());
+ interestName.append(label::CERT_RR_TYPE);
+ Interest interest(interestName);
+
+ if (data.getContentType() == NDNS_LINK) {
+ Link link(data.wireEncode());
+ if (!link.getDelegationList().empty()) {
+ interest.setForwardingHint(link.getDelegationList());
+ NDNS_LOG_INFO(" [* -> *] sending interest with LINK:" << interestName);
+ }
+ else {
+ NDNS_LOG_INFO(" [* -> *] sending interest without LINK (empty delegation set):" << interestName);
+ }
+ }
+ else {
+ NDNS_LOG_WARN("fail to get NS rrset of " << interestName << " , returned data type:" << data.getContentType());
+ }
+
+ m_face.expressInterest(interest,
+ [=] (const Interest& interest, const Data& data) {
+ dataCallback(data, certRequest, state, continueValidation);
+ },
+ [=] (const Interest& interest, const lp::Nack& nack) {
+ nackCallback(nack, certRequest, state, continueValidation);
+ },
+ [=] (const Interest& interest) {
+ timeoutCallback(certRequest, state, continueValidation);
+ });
+}
+
+void
+CertificateFetcherNdnsCert::nsFailCallback(const std::string& errMsg,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation)
+{
+ NDNS_LOG_WARN("Cannot fetch link due to " +
+ errMsg + " `" + certRequest->m_interest.getName().toUri() + "`");
+
+ Name interestName(certRequest->m_interest.getName());
+ interestName.append(label::CERT_RR_TYPE);
+ Interest interest(interestName);
+ m_face.expressInterest(interest,
+ [=] (const Interest& interest, const Data& data) {
+ dataCallback(data, certRequest, state, continueValidation);
+ },
+ [=] (const Interest& interest, const lp::Nack& nack) {
+ nackCallback(nack, certRequest, state, continueValidation);
+ },
+ [=] (const Interest& interest) {
+ timeoutCallback(certRequest, state, continueValidation);
+ });
+}
+
+Name
+CertificateFetcherNdnsCert::calculateDomain(const Name& key)
+{
+ for (size_t i = 0; i < key.size(); i++) {
+ if (key[i] == label::NDNS_ITERATIVE_QUERY) {
+ return key.getPrefix(i);
+ }
+ }
+ BOOST_THROW_EXCEPTION(std::runtime_error(key.toUri() + " is not a legal NDNS certificate name"));
+}
+
+void
+CertificateFetcherNdnsCert::dataCallback(const Data& data,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation)
+{
+ NDNS_LOG_DEBUG("Fetched certificate from network " << data.getName());
+
+ Certificate cert;
+ try {
+ cert = Certificate(data);
+ }
+ catch (const ndn::tlv::Error& e) {
+ return state->fail({security::v2::ValidationError::Code::MALFORMED_CERT, "Fetched a malformed certificate "
+ "`" + data.getName().toUri() + "` (" + e.what() + ")"});
+ }
+ continueValidation(cert, state);
+}
+
+void
+CertificateFetcherNdnsCert::nackCallback(const lp::Nack& nack,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation)
+{
+ NDNS_LOG_DEBUG("NACK (" << nack.getReason() << ") while fetching certificate "
+ << certRequest->m_interest.getName());
+
+ --certRequest->m_nRetriesLeft;
+ if (certRequest->m_nRetriesLeft >= 0) {
+ // TODO implement delay for the the next fetch
+ fetch(certRequest, state, continueValidation);
+ }
+ else {
+ state->fail({security::v2::ValidationError::Code::CANNOT_RETRIEVE_CERT, "Cannot fetch certificate after all "
+ "retries `" + certRequest->m_interest.getName().toUri() + "`"});
+ }
+}
+
+void
+CertificateFetcherNdnsCert::timeoutCallback(const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation)
+{
+ NDNS_LOG_DEBUG("Timeout while fetching certificate " << certRequest->m_interest.getName()
+ << ", retrying");
+
+ --certRequest->m_nRetriesLeft;
+ if (certRequest->m_nRetriesLeft >= 0) {
+ fetch(certRequest, state, continueValidation);
+ }
+ else {
+ state->fail({security::v2::ValidationError::Code::CANNOT_RETRIEVE_CERT, "Cannot fetch certificate after all "
+ "retries `" + certRequest->m_interest.getName().toUri() + "`"});
+ }
+}
+
+} // namespace ndns
+} // namespace ndn
diff --git a/src/validator/certificate-fetcher-ndns-cert.hpp b/src/validator/certificate-fetcher-ndns-cert.hpp
new file mode 100644
index 0000000..a67e5b0
--- /dev/null
+++ b/src/validator/certificate-fetcher-ndns-cert.hpp
@@ -0,0 +1,123 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2017, Regents of the University of California.
+ *
+ * This file is part of NDNS (Named Data Networking Domain Name Service).
+ * See AUTHORS.md for complete list of NDNS authors and contributors.
+ *
+ * NDNS is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * NDNS, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef NDNS_VALIDATOR_CERTIFICATE_FETCHER_NDNS_CERT_HPP
+#define NDNS_VALIDATOR_CERTIFICATE_FETCHER_NDNS_CERT_HPP
+
+#include <ndn-cxx/face.hpp>
+#include <ndn-cxx/ims/in-memory-storage.hpp>
+#include <ndn-cxx/security/v2/certificate-fetcher.hpp>
+
+namespace ndn {
+namespace ndns {
+
+/**
+ * @brief Fetch NDNS-owned certificate by an iterative query process
+ */
+class CertificateFetcherNdnsCert : public security::v2::CertificateFetcher
+{
+public:
+ explicit
+ CertificateFetcherNdnsCert(Face& face,
+ size_t nsCacheSize = 100,
+ size_t startComponentIndex = 0);
+
+ InMemoryStorage*
+ getNsCache()
+ {
+ return m_nsCache.get();
+ }
+
+protected:
+ void
+ doFetch(const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation) override;
+
+private:
+ /**
+ * @brief Callback invoked when NS rrset of the domain is retrived, including nack rrset
+ */
+ void
+ nsSuccessCallback(const Data& data,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation);
+
+ /**
+ * @brief Callback invoked when iterative query failed
+ *
+ * @todo retry for some amount of time
+ */
+ void
+ nsFailCallback(const std::string& errMsg,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation);
+
+ /**
+ * @brief get NDNS query's domainName and label name by parsing keylocator
+ *
+ * The return result is the name prefix before "/NDNS"
+ */
+ Name
+ calculateDomain(const Name& key);
+
+ /**
+ * @brief Callback invoked when certificate is retrieved.
+ */
+ void
+ dataCallback(const Data& data,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation);
+ /**
+ * @brief Callback invoked when interest for fetching certificate gets NACKed.
+ *
+ * It will retry if certRequest->m_nRetriesLeft > 0
+ *
+ * @todo Delay retry for some amount of time
+ */
+ void
+ nackCallback(const lp::Nack& nack,
+ const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation);
+
+ /**
+ * @brief Callback invoked when interest for fetching certificate times out.
+ *
+ * It will retry if certRequest->m_nRetriesLeft > 0
+ */
+ void
+ timeoutCallback(const shared_ptr<security::v2::CertificateRequest>& certRequest,
+ const shared_ptr<security::v2::ValidationState>& state,
+ const ValidationContinuation& continueValidation);
+protected:
+ Face& m_face;
+ unique_ptr<InMemoryStorage> m_nsCache;
+
+private:
+ size_t m_startComponentIndex;
+};
+
+} // namespace ndns
+} // namespace ndn
+
+#endif // NDNS_VALIDATOR_CERTIFICATE_FETCHER_NDNS_CERT_HPP
\ No newline at end of file
diff --git a/src/validator/validator.cpp b/src/validator/validator.cpp
index 9eb9a2e..3497d20 100644
--- a/src/validator/validator.cpp
+++ b/src/validator/validator.cpp
@@ -18,11 +18,11 @@
*/
#include "validator.hpp"
-#include "logger.hpp"
#include "config.hpp"
+#include "certificate-fetcher-ndns-cert.hpp"
+#include "logger.hpp"
#include <ndn-cxx/security/v2/validation-policy-config.hpp>
-#include <ndn-cxx/security/v2/certificate-fetcher-from-network.hpp>
namespace ndn {
namespace ndns {
@@ -32,10 +32,15 @@
std::string NdnsValidatorBuilder::VALIDATOR_CONF_FILE = DEFAULT_CONFIG_PATH "/" "validator.conf";
unique_ptr<security::v2::Validator>
-NdnsValidatorBuilder::create(Face& face, const std::string& confFile)
+NdnsValidatorBuilder::create(Face& face,
+ size_t nsCacheSize,
+ size_t startComponentIndex,
+ const std::string& confFile)
{
auto validator = make_unique<security::v2::Validator>(make_unique<security::v2::ValidationPolicyConfig>(),
- make_unique<security::v2::CertificateFetcherFromNetwork>(face));
+ make_unique<CertificateFetcherNdnsCert>(face,
+ nsCacheSize,
+ startComponentIndex));
security::v2::ValidationPolicyConfig& policy = dynamic_cast<security::v2::ValidationPolicyConfig&>(validator->getPolicy());
policy.load(confFile);
NDNS_LOG_TRACE("Validator loads configuration: " << confFile);
diff --git a/src/validator/validator.hpp b/src/validator/validator.hpp
index da1cba1..92a4c09 100644
--- a/src/validator/validator.hpp
+++ b/src/validator/validator.hpp
@@ -34,7 +34,10 @@
static std::string VALIDATOR_CONF_FILE;
static unique_ptr<security::v2::Validator>
- create(Face& face, const std::string& confFile = VALIDATOR_CONF_FILE);
+ create(Face& face,
+ size_t nsCacheSize = 500,
+ size_t startComponentIndex = 0,
+ const std::string& confFile = VALIDATOR_CONF_FILE);
};
} // namespace ndns