Project

General

Profile

Task #3290

Design and Implement validator::KeyManager

Added by Yingdi Yu almost 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:

Description

One module of the new Validator framework is KeyManager which manages trust anchors, verified keys, unverified keys, and key retrieval.
This issue designs KeyManager abstraction.

class KeyManager 
{
public:
  // create a KeyManager with @p face.
  KeyManager(Face* face);

  shared_ptr<const Data>
  retrieveTrustedCert(const Interest& interest); 
  {
    auto anchor = m_anchors.find(interest);
    if (anchor != nullptr) {
      return anchor;
    }

    auto key = m_verfiedKeyCache.find(interest);
    return key;
  }

  // Retrieve unverified certificate
  void
  retrieveCertificate(shared_ptr<KeyRequest>& req,
                      const RetrievalSuccessCallback& onRetrieval,
                      const RetrievalFailureCallback& onFailure)
  {
    auto uKey = m_unverfiedKeyCache.find(req->interest);
    if (uKey != nullptr) {
      return onRetrieval(uKey, req);
    }

    if (m_face != nullptr)
      fetchKeyFromNetwork(req, onRetrieval, onFailure);
    else
      onFailure(req->interest, req);
  }

  void 
  fetchKeyFromNetwork(shared_ptr<KeyRequest>& req,
                      const RetrievalSuccessCallback& onRetrieval,
                      const RetrievalFailureCallback& onFailure)
  {
    preProcess(const_cast<KeyRequest&> req);
    m_face->expressInterest(req.interest. onRetrieval, onFailure, onTimeout);
  }

  void
  loadAnchor(...);

  void
  loadVerifiedKey(...);

  void
  loadUnverifiedKey(...);

  // call back when interest times out, will retry @p remainRetries times before falure
  void
  onTimeout(const Interest& interest, int remainRetries,
            shared_ptr<KeyRequest>& req,
            const RetrievalSuccessCallback& onRetrieval,
            const RetrievalFailureCallback& onFailure);

private:
  virtual
  preProcess(KeyRequest& req) = 0;

private:
  Face* m_face;
  TrustAnchorContainer m_anchors;           // trust anchors
  CertificateCache     m_verfiedKeyCache;   // cache of verified keys.
  DataCache            m_unverfiedKeyCache; // cache of unverified keys.
};
#1

Updated by Yingdi Yu almost 5 years ago

  • Subject changed from Design validator::KeyManager to Design and Implement validator::KeyManager
  • Description updated (diff)
  • Assignee set to Yingdi Yu
#2

Updated by Yingdi Yu almost 5 years ago

  • Description updated (diff)
#3

Updated by Yingdi Yu almost 5 years ago

  • Category set to Security
#4

Updated by Junxiao Shi almost 5 years ago

What the difference between verified key and unverified key?

Does a key that is deemed untrusted stay in unverified key cache? Or is that cache only for keys who verification is still in progress?


m_face->expressInterest(req.getInterest(). res.retrivalSuccessCallback, res.retrivalTimeoutCallback);

This Face::expressInterest overload is deprecated. You need to handle Nack.

#5

Updated by Yingdi Yu almost 5 years ago

Junxiao Shi wrote:

What the difference between verified key and unverified key?

Does a key that is deemed untrusted stay in unverified key cache? Or is that cache only for keys who verification is still in progress?

It usually stores pre-fetched keys which are yet to be verified.


m_face->expressInterest(req.getInterest(). res.retrivalSuccessCallback, res.retrivalTimeoutCallback);

This Face::expressInterest overload is deprecated. You need to handle Nack.

got it

#6

Updated by Qiuhan Ding almost 5 years ago

  • Description updated (diff)
#7

Updated by Qiuhan Ding almost 5 years ago

  • Status changed from New to Code review
  • Assignee changed from Yingdi Yu to Qiuhan Ding
#8

Updated by Qiuhan Ding almost 5 years ago

  • Status changed from Code review to Closed
#9

Updated by Qiuhan Ding almost 5 years ago

  • Parent task deleted (#3289)

Also available in: Atom PDF