Project

General

Profile

Task #3920

Updated by Zhiyi Zhang over 7 years ago

Goals: 

 * Before TrustSchemaPolicy is implemented, this conversion would allow removal of all v1 keychain and validation code 
 * The commit should also remove the unused code (e.g. ValidatorRegex) 
 * For existing use of v1 validator in ndn-cxx, convert to v2 validator 

 The v2::Validator would take ValidationPolicy to check whether signed data/interest satisfy the validation policy. 

 ValidationPolicy: 

 * ValidationPolicyAcceptAll: accept all signed interest/data without checking 
 * ValidationPolicyCommandInterest: to check the timestamp of a stop-and-wait command Interest. 
 * ValidationPolicySimpleHierarchy: check the signature using a simple hierarchy trust model. The validator would directly fetch certificates according to KeyLocator. 
 * ValidationPolicyConf: enable the naming convention check based on configure  

 In some cases, we may want more complex and fine-grained trust model when validating data packets and signed interest packets. 

 To enable more complex and flexible policy, we introduce inner policy as the member variable of ValidationPolicy. This inner policy enables the combination of multiple policies. 

 The outer policy  

 e.g. One can do policy use ValidationPolicyCommandInterest to check based on its own rules and delegate the rest part of the check to inner policy. If a packet cannot pass the outer ValidationPolicy, it won't be passed to inner ValidationPolicy. 

 e.g. signed interest's timestamp. To check the stop-and-wait command interest, the packet needs to satisfy 1. signature validation rules remainder parts (signatures of data packets and 2. timestamp check. In this case, interest packets), one can create a use ValidationPolicySimpleHierarchy as the outer check and set the inner ValidationPolicy to be policy of ValidationPolicyCommandInterest. With the combined ValidationPolicy, the signature of incoming In this way, all data packets would first be checked by outer policy and interests that satisfy the timestamp of command interest ValidationPolicyCommandInterest would then be checked by inner policy. use ValidationPolicySimpleHierarchy to finish the remainder checking. 

Back