Task #5075
closed
Refactor Certificate Storage Class
100%
Description
Currently, the certificate management (serving and fetching) is done inside the NLSR class. This complicates testing and also increases complexities.
Updated by Saurab Dulal about 4 years ago
The primary reason for this refactor is to modularize NLSR. Currently, all the certificate related task is in nlsr.cpp which has unnecessarily bloated the nlsr.cpp and has no logical reason to be there. This refactoring isolates certificate storage from nlsr class and is moved to its own class (CertificateStore), will make code testing much easier, and will also open possibilities of using repo for the certificate management in the future.
Additionally, the refactoring is also supposed to remove several redundant codes and make nlsr key initialization independent of NLSR class.
Updated by Saurab Dulal about 4 years ago
The function CertificateStore::publishCertFromCache is tested using a minindn integration test using the following 4 node topology.
A ++++++ B
+ +
+ +
+ +
C D
Notes:
Use case of CertificateStorage::getUnverifiedCertCache , and mechanism on how the cert gets inserted to the validator’s cache.
When the library retrieves a certificate Data packet, the certificate cannot be trusted until the certificate chain starting from a trust anchor has been retrieved and verified. The unverified certificate Data packet needs to stay somewhere when the certificates higher in the hierarchy are being retrieved, hence the library has an unverified cert cache. After the whole certificate chain has been retrieved and verified, the certificates can be moved to a trusted cert cache so that future validations that involve these certificates can be completed faster, without re-fetching the certificate chain. - Junxiao
Updated by Ashlesh Gawande about 4 years ago
- Status changed from New to Closed
- Start date deleted (
01/19/2020) - % Done changed from 80 to 100