pub struct TrustSchema { /* private fields */ }Expand description
A collection of trust schema rules, optionally backed by an imported LightVerSec model.
§Backing stores
A TrustSchema combines two independent rule sources, OR’d together:
- A vector of native
SchemaRules authored in ndn-rs’s own text grammar (data_pattern => key_pattern). Convenient for simple hand-written policies. - An optional compiled
LvsModelimported viaTrustSchema::from_lvs_binaryfrom the binary TLV format used by python-ndn, NDNts, and ndnd. Lets ndn-rs consume trust schemas authored in the wider NDN community’s tooling.
TrustSchema::allows returns true if either source permits the
(data_name, key_name) pair — you can mix a hand-written rule with an
imported LVS model and both will be consulted.
Implementations§
Source§impl TrustSchema
impl TrustSchema
pub fn new() -> Self
pub fn add_rule(&mut self, rule: SchemaRule)
Sourcepub fn from_lvs_binary(wire: &[u8]) -> Result<Self, LvsError>
pub fn from_lvs_binary(wire: &[u8]) -> Result<Self, LvsError>
Construct a trust schema backed by a compiled LightVerSec model in its TLV binary format.
The binary format is defined at
https://python-ndn.readthedocs.io/en/latest/src/lvs/binary-format.html
and produced by python-ndn’s LVS compiler, NDNts @ndn/lvs, and
ndnd. See the crate::lvs module docs for the supported feature
subset — notably, user functions ($eq, $regex, …) are parsed
but not dispatched in v0.1.0, so any rule that depends on one will
never match a packet. Inspect LvsModel::uses_user_functions on
the result of TrustSchema::lvs_model if you need to refuse
such schemas.
The resulting schema has no native SchemaRules — add them with
TrustSchema::add_rule if you want to mix the two sources.
Sourcepub fn lvs_model(&self) -> Option<&LvsModel>
pub fn lvs_model(&self) -> Option<&LvsModel>
Return the imported LVS model, if this schema was constructed from
one. Use this to inspect LvsModel::uses_user_functions or walk
the node graph for diagnostics.
Sourcepub fn allows(&self, data_name: &Name, key_name: &Name) -> bool
pub fn allows(&self, data_name: &Name, key_name: &Name) -> bool
Returns true if at least one source permits this
(data_name, key_name) pair. Checks native rules first (cheap), then
falls through to the LVS model if present.
Sourcepub fn rules(&self) -> &[SchemaRule]
pub fn rules(&self) -> &[SchemaRule]
Return an immutable slice of all native rules in this schema. Does not include rules inside an imported LVS model.
Sourcepub fn remove_rule(&mut self, index: usize) -> SchemaRule
pub fn remove_rule(&mut self, index: usize) -> SchemaRule
Remove the rule at index, returning it.
Panics if index is out of bounds.
Sourcepub fn clear(&mut self)
pub fn clear(&mut self)
Remove all rules, returning the schema to its empty (reject-all) state. Also clears any imported LVS model.
Sourcepub fn accept_all() -> Self
pub fn accept_all() -> Self
Accept any signed packet regardless of name relationship.
Useful for the AcceptSigned security profile and for tests.
Sourcepub fn hierarchical() -> Self
pub fn hierarchical() -> Self
Hierarchical trust: data and key must share a common first component.
Rule: /<org>/** must be signed by /<org>/**. The actual hierarchy
is enforced by the certificate chain walk — a key can only be trusted
if its cert was issued by a parent key, all the way up to a trust anchor.
The schema just ensures the top-level namespace matches.
Trait Implementations§
Source§impl Clone for TrustSchema
impl Clone for TrustSchema
Source§fn clone(&self) -> TrustSchema
fn clone(&self) -> TrustSchema
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read more