Bug #2063
closedCommandValidator uses deprecated CommandInterestValidator
100%
Description
nfd::CommandValidator
uses deprecated ndn::util::CommandInterestValidator
.
This usage shall be replaced with a suitable non-deprecated subclass of Validator
.
In addition, test cases should use KeyChain::sign
instead of CommandInterestGenerator
.
Files
Updated by Junxiao Shi about 10 years ago
- Blocks Task #2008: Delete deprecated Command Interest functions added
Updated by Anonymous about 10 years ago
Glancing through the code, it seems that this is a major change on NFD's side. Correct me if I'm wrong, but I think this requires completely changing the authorizations section of the configuration file and re-writing how NFD validates things.
NFD's CommandValidator currently handles the authorizations section parsing and interacts with the (deprecated) CommandInterestValidator through a simple addInterestRule API that allows it to associate privileges with identities. However, ValidatorConfig provides no such API and only supports load
ing what appears to be be a full configuration file at a time.
We might also lose the ability to detect invalid config file privileges. Currently managers use CommandValidator::addSupportedPrivilege
to inform the CommandValidator::onConfig
of what strings are valid privileges.
My thinking is:
- re-write authorizations section as something ValidatorConfig expects (not sure of what this means at the moment)
- Removing parsing code from
CommandValidator::onConfig
in favor of invoking `Validator::load
- Various re-workings/cleanup (this probably touches a lot)
Is this an accurate assessment?
Updated by Alex Afanasyev about 10 years ago
I will be against using ValidatorConfig for validation of fib, faces, and strategy-choice (unless somebody can prove that it is needed).
However, there is another method that doesn't require CommandValidator. Yingdi can correct me, but I believe ValidatorRegex may have exactly the same functionality. If not, then we simply would keep CommandValidator, but we'll need to rename it to something like "ValidatorSimple" or something.
Updated by Junxiao Shi about 10 years ago
- Description updated (diff)
ValidatorConfig
is recommended in CommandInterestValidator
as the replacement, but it's unsuitable for NFD Management because it depends on ndn::Face
which is unavailable.
Updated by Junxiao Shi about 10 years ago
- Blocked by Feature #2065: ValidatorRegex: verify signed Interest added
Updated by Junxiao Shi about 10 years ago
- Blocked by Feature #2124: Validator: make Face optional added
Updated by Junxiao Shi over 9 years ago
- Blocked by Feature #2376: CommandInterestValidator added
Updated by Alex Afanasyev about 9 years ago
- Target version changed from v0.3 to v0.4
Updated by Alex Afanasyev about 9 years ago
- Target version changed from v0.4 to v0.5
Updated by Junxiao Shi over 8 years ago
- Blocks Feature #2856: Confine registered prefix within identity added
Updated by Junxiao Shi over 8 years ago
- Status changed from New to In Progress
- Assignee set to Junxiao Shi
Updated by Junxiao Shi over 8 years ago
My idea is:
Relive ndn::security::CommandInterestValidator
from https://gerrit.named-data.net/2035, but as a subclass of Validator
.
Similar to nfd::tools::nfd_status::NfdIdCollector
, it would be a Validator
that chains up to an inner validator.
It delegates trust model validation to the inner validator, but checks the uniqueness and sequence of timestamps.
Unlike abandoned Change 2035, ndn::security::CommandInterestValidator
is not restricted to use with ValidatorConfig
, and ValidatorConfig
will not be weakened.
Then, nfd::CommandValidator
class is replaced with an CommandAuthenticator
class.
This class will not have Validator
API. Instead, it has a method to return a ndn::mgmt::Authorization
function for each ControlCommand which does the following:
- Based on management module and command verb, find out what signing certificates are allowed.
- Check whether the Interest is signed by one of these certificates. If not, reject.
- Pass the Interest to the
ndn::security::CommandInterestValidator
(shared among allndn::mgmt::Authorization
functions). If timestamp is bad, reject. - Finally, verify the signature with
Validator::verifySignature
static method.
The benefit of this design is that it takes advantage of the management module and command verb information that is already known from the ndn::mgmt::Dispatcher
, because every Dispatcher::addControlCommand
can have a distinct ndn::mgmt::Authorization
callback, so that those information can kept with std::bind
.
The inner validator when constructing ndn::security::CommandInterestValidator
is simply a ValidatorNull
.
Updated by Junxiao Shi over 8 years ago
- Description updated (diff)
At 20160721 call Alex agrees with note-12 idea.
ndn::security::CommandInterestValidator
might need a better name.
Updated by Junxiao Shi over 8 years ago
- Related to Bug #3639: FATAL authorization rejected when default key is ECDSA added
Updated by Junxiao Shi over 8 years ago
- % Done changed from 0 to 20
- Estimated time changed from 3.00 h to 6.00 h
https://gerrit.named-data.net/3033 patchset1 has CommandAuthenticator
class.
I'll add test cases in the next patchset.
Then, I'll create a second commit to use CommandAuthenticator
in managers, and a third commit to delete CommandValidator
.
Updated by Junxiao Shi over 8 years ago
- % Done changed from 20 to 40
https://gerrit.named-data.net/3033 patchset2 adds test cases for CommandAuthenticator
.
Updated by Junxiao Shi over 8 years ago
- Blocked by Bug #3723: Validator::verifySignature(const Interest&, const PublicKey&) throws if Signature TLV is invalid added
Updated by Junxiao Shi over 8 years ago
- % Done changed from 40 to 50
https://gerrit.named-data.net/3110 changes ManagerBase::authorize
pure virtual function to ManagerBase::makeAuthorization
, so that NfdManagerBase::makeAuthorization
can later be changed to invoke CommandAuthenticator::makeAuthorization
.
Updated by Junxiao Shi over 8 years ago
- % Done changed from 50 to 80
https://gerrit.named-data.net/3116 changes NfdManagerBase::makeAuthorization
to use CommandAuthenticator
.
Updated by Junxiao Shi over 8 years ago
- Status changed from In Progress to Code review
- % Done changed from 80 to 100
https://gerrit.named-data.net/3119 deletes CommandValidator
and completes this issue.
Updated by Junxiao Shi over 8 years ago
- Status changed from Code review to Closed
Updated by Junxiao Shi over 8 years ago
- Status changed from Closed to Feedback
I also need to update NFD devguide.
Updated by Junxiao Shi over 8 years ago
- Blocks deleted (Task #2008: Delete deprecated Command Interest functions)
Updated by Junxiao Shi about 8 years ago
- Blocks Bug #3821: CommandAuthenticator denial-of-service added
Updated by Junxiao Shi about 8 years ago
- Status changed from Feedback to Resolved
nfd-docs:commit:8a24cf224ea527739e1e9157670049ff50b2c0a7 replaces Command Validator section with Command Authenticator section.
There's a typo in mgmt-manager-dispatch.pdf
, and I'm waiting for Yanbiao to upload the source file so I can change it.
Updated by Yanbiao Li about 8 years ago
- File dispatcher.graffle dispatcher.graffle added
Updated by Junxiao Shi about 8 years ago
- Status changed from Resolved to Closed
Unfortunately I do not have proper software to open dispatcher.graffle
, so I'll keep the figure as is. The file is checked into the repository.
Updated by Alex Afanasyev about 8 years ago
Can you mention what is the typo, so I can fix it?
Updated by Junxiao Shi about 8 years ago
what is the typo?
Authorzation => Authorization
ParametersValidate => ValidateParameters
StatusDataset should not have Authorization, or it cannot reject