Project

General

Profile

Actions

CommandValidatorConf » History » Revision 6

« Previous | Revision 6/55 (diff) | Next »
Yingdi Yu, 03/17/2014 04:52 PM


Validator Configuration File Format

You can set up a Validator via a configuration file.
Next, we will show you how to write a configuration file.

The configuration file consists of rules that will be used in validation.
Here is an example of configuration file containing two rules.

rule
{
  for data
  name "Simple Rule"
  type customized
  target
  {
    type name
    name "/localhost/example"
    condition isPrefixOf
  }
  signer
  {
    type name
    rule "/ndn/edu/ucla/KEY/yingdi/ksk-1234/ID-CERT"
    condition equal
  }
}
rule
{
  for data
  name "Testbed Validation Rule"
  type hierarchical
  trust-anchor
  {
    type file
    file-name "testbed-trust-anchor.cert"
  }
}

Each rule has a unique name (which should be unique in the configuration file), e.g., "Simple Rule", "Testbed Validation Rule".
The rule name is specified in the property name.
Each rule must be specified with a usage which is specified in the property for.
The usage indicates the type of packets to which the rule should be applied, therefore, only two usages can be specified so far: data and interest.
The property type indicates how to apply the rule to packets.
Some rule types (such as hierarchical) has been defined.
One can also specify its own rules by set the type property to be customized.
A particular type of rules might require some other properties.
Next, we will introduce the other properties for the each rule type.

Customized Rule

Two properties are required by customized rule: target and signer.
The target property defines the conditions that the packet per se must satisfy,
thus restricting the scope of packets to which the rule can be applied.

A packet will be checked against the target property of rules in the configuration file,
one-by-one until the first rule whose target property can be satisfied by the packet.
Therefore, the order of rules in configuration file MATTERS!

target also has a property type with two possible value name and regex.
If type is name, then

and signer defines the requirements that the signer (or KeyLocator) must fulfill.

Hierarchical Rule

As implied by its name, hierarchical rule requires the name of the target packet to be under the namespace of the packet signer.
Assume that the usage of the rule is for data, then it is equivalent to a customized rule:

rule
{
  for data
  name "Expanded Hierarchical Rule"
  type customized
  target
  {
    type regex
    expr "^(<>*)$"
    expand "\\1"
  }
  signer
  {
    type regex
    expr "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$"
    expand "\\1\\2"
  }
  additional-condition >
}

Updated by Yingdi Yu over 10 years ago · 55 revisions