Task #3289
Updated by Qiuhan Ding over 8 years ago
We have several features and issues about Validator, which is more or less coupled. We can take this opportunity to refactor Validator to make it simple and modular. An ideal Validator should consists of three parts: modules: * a policy checker which determine if a packet complies with the trust model; * a public key/cert retrieval management module which accept a key/cert name, and return the key/cert (either from cache, trust anchor and network. anchor, or from network); * a list of active validation instances of which each tracks the validation of an original packet. The top-level class Validator defines the inter-operations between these modules, and virtual interface for others to implement detailed features. class Validator { public: /** @brief Construct a Validator using @p face keyManager * * The policy checking module is implemented as checkPolicy method * The instance management is internally managed by InstancePool * @param enableLoopDetection Enable loop detection if true */ Validator(Face* face, Validator(shared_ptr<KeyManager> keyManager, bool enableLoopDetection = false); /// @brief Validate data, invoke @p succeed if validated, otherwise invoke @p fail void validate(const Data& data, const SuccessCallback& succeed, const FailureCallback& fail) { auto instance = m_instancePool.allocate(data, succeed, fail); reqs = validate(data, instance.succeed, instance.fail, instance.id); } /// @brief Validate interest, invoke @p succeed if validated, otherwise invoke @p fail void validate(const Interest& interest, const SuccessCallback& succeed, const FailureCallback& fail) { auto instance = m_instancePool.allocate(interest, succeed, fail); reqs = validate(interest, instance.succeed, instance.fail, instance.id); } protected: /** @brief Validate data, invoke @p succeed if validated, otherwise invoke @p fail, * @param id The id of validation instance. */ template<typename Packet> void validate(const Packet& packet, const SuccessCallback& succeed, const FailureCallback& fail, uint32_t id) { list<KeyRequest> reqs = checkPolicy(packet, succeed, fail, id); // retrieve keys for (const auto& req : reqs) if (m_enableLoopDetection && m_instancePool.isLoopDetected(id, req)) req.FailureCallback(); req.retrievalFailureCallback(); else { // retrieve keys... auto cert = RetrieveTrustedKey(req); if (cert != nullptr) RetrievalSuccessCallback(cert); else RetrieveCertificate(req); } m_keyManager.retrieve(req); } private: virtual list<KeyRequest> checkPolicy(const Data& data, const SuccessCallback& succeed, const FailureCallback& fail) = 0; virtual list<KeyRequest> checkPolicy(const Data& data, const SuccessCallback& succeed, const FailureCallback& fail) = 0; protected: // key management; TrustAnchorContainer m_anchorCache; CertificateCache m_verifiedKeyCache; Cache m_unVerifiedKeyCache; shared_ptr<KeyManager> m_keyManager; private: Face* m_face; // loop detection mode bool m_enableLoopDetection; // instance management; InstancePool m_instancePool; };