Task #3289
Updated by Yingdi Yu almost 10 years ago
We have several features and issues about Validator, which is more or less coupled.
We can take this opportunity to refactor Validator to make it simple and modular.
An ideal Validator should consists of three modules:
* a policy checker which determine if a packet complies with the trust model;
* a public key/cert management module which accept a key/cert name, and return the key/cert (either from cache, trust anchor, or from network);
* a list of active validation instances of which each tracks the validation of an original packet.
The top-level class Validator defines the inter-operations between these modules, and virtual interface for others to implement detailed features.
class Validator {
public:
/** @brief Construct a Validator using @p keyManager
*
* The policy checking module is implemented as checkPolicy method
* The instance management is internally managed by InstancePool
* @param enableLoopDetection Enable loop detection if true
*/
Validator(shared_ptr<KeyManager> keyManager, bool enableLoopDetection = false);
/// /**
* @brief Validate data, invoke @p succeed if validated, otherwise invoke @p fail
*/
void
validate(const Data& data, const SuccessCallback& succeed, const FailureCallback& fail)
{
auto instance = m_instancePool.allocate(data, succeed, fail);
reqs = validate(data, instance.succeed, instance.fail, instance.id);
}
/// @brief Validate interest, invoke @p succeed if validated, otherwise invoke @p fail
void
validate(const Interest& interest, const SuccessCallback& succeed, const FailureCallback& fail)
{
auto instance = m_instancePool.allocate(interest, succeed, fail);
reqs = validate(interest, instance.succeed, instance.fail, instance.id);
}
protected:
/** @brief Validate data, invoke @p succeed if validated, otherwise invoke @p fail,
* @param id The id of validation instance.
*/
template<typename Packet> void
validate(const Packet& packet, const SuccessCallback& succeed, const FailureCallback& fail, uint32_t id)
{
list<KeyRequest> reqs = checkPolicy(packet, succeed, fail, id);
// retrieve keys
for (const auto& req : reqs)
if (m_enableLoopDetection && m_instancePool.isLoopDetected(id, req))
req.retrievalFailureCallback();
else
m_keyManager.retrieve(req);
}
private:
virtual list<KeyRequest>
checkPolicy(const Data& data, const SuccessCallback& succeed, const FailureCallback& fail) = 0;
virtual list<KeyRequest>
checkPolicy(const Data& data, const SuccessCallback& succeed, const FailureCallback& fail) = 0;
protected:
// key management;
shared_ptr<KeyManager> m_keyManager;
private:
// loop detection mode
bool m_enableLoopDetection;
// instance management;
InstancePool m_instancePool;
};