Project

General

Profile

Feature #5142

ValidatorConfig: Accommodate certificate name in hierarchical checker

Added by Junxiao Shi 8 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
3.00 h

Description

In ValidatorConfig, a hierarchical checker requires that the packet name must be under the namespace of the packet signer.
It has the form:

checker
{
  type hierarchical
  sig-type {SIG-TYPE}
}

It is currently defined to be equivalent to:

checker
{
  type customized
  sig-type {SIG-TYPE}
  key-locator
  {
    type name
    hyper-relation
    {
      k-regex ^(<>*)<KEY><>$
      k-expand \\1
      h-relation is-prefix-of
      p-regex ^(<>*)$
      p-expand \\1
    }
  }
}

In #5112, KeyLocator can contain a certificate name instead of a key name.
The hierarchical checker should be changed accordingly to maintain its intended semantics.


Related issues

Related to ndn-cxx - Feature #5112: Include certificate name in KeyLocatorNew

Actions
#1

Updated by Junxiao Shi 8 months ago

  • Related to Feature #5112: Include certificate name in KeyLocator added
#2

Updated by Junxiao Shi 7 months ago

  • Tags set to security
  • Assignee set to Junxiao Shi
  • Target version set to v0.8

20210212 NFD call approves this design.

#3

Updated by Junxiao Shi 7 months ago

  • Status changed from New to In Progress
  • Estimated time changed from 1.50 h to 3.00 h
#4

Updated by Junxiao Shi 7 months ago

  • Status changed from In Progress to Code review
  • % Done changed from 0 to 60

https://gerrit.named-data.net/c/ndn-cxx/+/6361 updates:

  • hierarchical checker and its documentation
  • name relation checker

Moreover, I've also deduplicated some code in the checker test suite with MPL.
I need a Cartesian product metafunction but it's only available in Boost.MP11 that is not in Ubuntu 18.
I decide to use three boost::mpl::push_backs instead of more fold magic, to improve readability at the cost of more templates.
I can confirm that this change does not lose test cases because build/unit-tests -t Security/ValidatorConfig/TestChecker indicates there are 39 test cases before and after the change.

#5

Updated by Junxiao Shi 7 months ago

  • Status changed from Code review to Closed
  • % Done changed from 60 to 100
#6

Updated by Junxiao Shi 7 months ago

  • Tags changed from security to security, ValidatorConfig

Also available in: Atom PDF