SecurityConfig

ndn_config::config

Struct SecurityConfig 

Source 
pub struct SecurityConfig {
Show 13 fields
    pub identity: Option<String>,
    pub pib_path: Option<String>,
    pub trust_anchor: Option<String>,
    pub require_signed: bool,
    pub auto_init: bool,
    pub profile: String,
    pub ca_prefix: Option<String>,
    pub ca_info: String,
    pub ca_max_validity_days: u32,
    pub ca_challenges: Vec<String>,
    pub rules: Vec<TrustRuleConfig>,
    pub pib_type: String,
    pub ephemeral_prefix: Option<String>,

}
Expand description

Security settings.

Fields§

§identity: Option<String>

NDN identity name for this router (e.g., /ndn/router1).

The corresponding key and certificate must exist in the PIB (unless auto_init is enabled).

§pib_path: Option<String>

Path to the PIB directory (default: ~/.ndn/pib).

Create with ndn-ctl security init or enable auto_init.

§trust_anchor: Option<String>

Path to a trust-anchor certificate file to load at startup.

Takes precedence over anchors already stored in the PIB.

§require_signed: bool

Whether to require all Data packets to be signed and verified.

§auto_init: bool

Automatically generate an identity and self-signed certificate on first startup if no keys exist in the PIB.

Requires identity to be set. Default: false.

§profile: String

Security profile: "default", "accept-signed", or "disabled".

  • "default" — full chain validation with hierarchical trust schema
  • "accept-signed" — verify signatures but skip chain walking
  • "disabled" — no validation (benchmarking/lab only)

Default: "default".

§ca_prefix: Option<String>

NDN name prefix for the built-in NDNCERT CA, e.g. /ndn/edu/example/CA.

When set, the router registers handlers under <ca_prefix>/CA/INFO, <ca_prefix>/CA/PROBE, <ca_prefix>/CA/NEW, and <ca_prefix>/CA/CHALLENGE.

Leave unset to run in client-only mode (no CA hosted).

§ca_info: String

Human-readable description of this CA, returned in CA INFO responses.

Example: "NDN Test Network CA".

§ca_max_validity_days: u32

Maximum certificate lifetime (days) the CA will issue.

Requests for longer validity are silently capped to this value. Default: 365.

§ca_challenges: Vec<String>

Supported NDNCERT challenge types offered by the CA.

Recognised values: "token", "pin", "possession", "email", "yubikey-hotp". Default: ["token"].

§rules: Vec<TrustRuleConfig>

Static trust schema rules loaded at startup.

These are added to the active validator’s schema on startup in addition to the rules implied by the profile setting.

When profile = "default" the hierarchical rule is pre-loaded; additional [[security.rule]] entries extend it. When profile = "accept-signed" the accept-all rule is pre-loaded; additional rules are appended. When profile = "disabled" this field is ignored.

Rules can also be added or removed at runtime via the management API: /localhost/nfd/security/schema-rule-add and schema-rule-remove.

§pib_type: String

Key backing store type.

  • "file" — file-based PIB at pib_path (default, persisted across restarts)
  • "memory" — ephemeral in-memory store; keys are lost on restart

When identity is set and the PIB cannot be opened, the router falls back to an ephemeral identity and logs a warning (or shows an interactive recovery prompt when running in a terminal).

Default: "file".

§ephemeral_prefix: Option<String>

NDN name prefix for the auto-generated ephemeral identity.

When no identity is configured (or the PIB fails), an in-memory key is generated under <ephemeral_prefix>/<hostname>. If not set, the router derives the name from the system hostname (e.g. /ndn-fwd/router-host).

Set this to enforce a deterministic name for ephemeral identities, e.g. in test environments where the hostname varies.

Trait Implementations§

Source§

impl Clone for SecurityConfig

Source§

fn clone(&self) -> SecurityConfig

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for SecurityConfig

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for SecurityConfig

Source§

fn default() -> SecurityConfig

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for SecurityConfig

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for SecurityConfig

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,