[Nfd-dev] Restricting local prefix registrations
Andres Calderon Jaramillo
andrescj at mail.colostate.edu
Sat Jul 15 23:56:20 PDT 2017
Hi,
I'm trying to restrict which applications can register prefixes with the
local NFD. I modified my localhost_security section to look like this:
localhost_security
{
rule
{
id "Restrictive Prefix Registration Command Rule"
for interest
filter
{
type name
regex ^<localhost><nfd><rib>[<register><unregister>]<>$
}
checker
{
type fixed-signer
sig-type rsa-sha256
signer
{
type file
file-name "keys/andrescj.ndncert"
}
}
}
}
I restarted NFD. Then, in my application (which uses jNDN), I have the
following:
face.setCommandSigningInfo(kc, new
Name("/andrescj/KEY/ksk-1497484873352/ID-CERT"));
face.registerPrefix(new Name("/test"), this, this);
Unfortunately, I always get the following error:
INFO: Register prefix failed: Expected NFD status code 200, got: 403
I have verified that the certificate
/andrescj/KEY/ksk-1497484873352/ID-CERT and the file
/etc/ndn/keys/andrescj.ndncert are identical (I used ndnsec cert-dump).
Even when I use the ALL log level, NFD's log file does not seem to show
where the authorization process is failing.
Am I doing something wrong? Or, is there a better way to see more
details on where exactly the interest validation is failing?
Thanks!
Andres
More information about the Nfd-dev
mailing list