Project

General

Profile

Actions

Feature #5142

closed

ValidatorConfig: Accommodate certificate name in hierarchical checker

Added by Junxiao Shi almost 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
3.00 h

Description

In ValidatorConfig, a hierarchical checker requires that the packet name must be under the namespace of the packet signer.
It has the form:

checker
{
  type hierarchical
  sig-type {SIG-TYPE}
}

It is currently defined to be equivalent to:

checker
{
  type customized
  sig-type {SIG-TYPE}
  key-locator
  {
    type name
    hyper-relation
    {
      k-regex ^(<>*)<KEY><>$
      k-expand \\1
      h-relation is-prefix-of
      p-regex ^(<>*)$
      p-expand \\1
    }
  }
}

In #5112, KeyLocator can contain a certificate name instead of a key name.
The hierarchical checker should be changed accordingly to maintain its intended semantics.


Related issues 1 (0 open1 closed)

Related to ndn-cxx - Feature #5112: Include certificate name in KeyLocatorClosedJunxiao Shi

Actions
Actions #1

Updated by Junxiao Shi almost 4 years ago

  • Related to Feature #5112: Include certificate name in KeyLocator added
Actions #2

Updated by Junxiao Shi over 3 years ago

  • Tags set to security
  • Assignee set to Junxiao Shi
  • Target version set to 0.8.0

20210212 NFD call approves this design.

Actions #3

Updated by Junxiao Shi over 3 years ago

  • Status changed from New to In Progress
  • Estimated time changed from 1.50 h to 3.00 h
Actions #4

Updated by Junxiao Shi over 3 years ago

  • Status changed from In Progress to Code review
  • % Done changed from 0 to 60

https://gerrit.named-data.net/c/ndn-cxx/+/6361 updates:

  • hierarchical checker and its documentation
  • name relation checker

Moreover, I've also deduplicated some code in the checker test suite with MPL.
I need a Cartesian product metafunction but it's only available in Boost.MP11 that is not in Ubuntu 18.
I decide to use three boost::mpl::push_backs instead of more fold magic, to improve readability at the cost of more templates.
I can confirm that this change does not lose test cases because build/unit-tests -t Security/ValidatorConfig/TestChecker indicates there are 39 test cases before and after the change.

Actions #5

Updated by Junxiao Shi over 3 years ago

  • Status changed from Code review to Closed
  • % Done changed from 60 to 100
Actions #6

Updated by Junxiao Shi over 3 years ago

  • Tags changed from security to security, ValidatorConfig
Actions

Also available in: Atom PDF