validator.conf.sample.in

rule
{
  id "NDNS KEY signing rule"
  for data
  filter
  {
    type name
    regex ^([^<NDNS>]*)<NDNS><KEY><><><>$
  }
  checker
  {
    type customized
    sig-type ecdsa-sha256
    key-locator
    {
      type name
      hyper-relation
      {
        k-regex ^([^<NDNS>]*)<NDNS>(<>*)<KEY><>$
        k-expand \\1\\2
        h-relation equal ; ksk should be signed by dkey in parent zone
        p-regex ^([^<NDNS>]*)<NDNS><KEY><><><>$
        p-expand \\1
      }
      ; example1:
      ; data: /ndn/ndnsim/NDNS/KEY/ksk-1/CERT/123
      ; k-locator: /ndn/NDNS/ndnsim/KEY/dkey-1
      ; example2:
      ; data: /ndn/ndnsim/NDNS/KEY/dsk-1/CERT/123
      ; k-locator: /ndn/ndnsim/NDNS/KEY/ksk-1
    }
  }
}

rule
{
  id "NDNS data signing rule"
  for data
  filter
  {
    type name
    regex ^([^<NDNS>]*)<NDNS>(<>*)<><>$
  }
  checker
  {
    type customized
    sig-type ecdsa-sha256
    key-locator
    {
      type name
      hyper-relation
      {
        k-regex ^([^<NDNS>]*)<NDNS><KEY><>$
        k-expand \\1
        h-relation equal; data should be signed by dsk
        p-regex ^([^<NDNS>]*)<NDNS>(<>*)<><>$
        p-expand \\1
      }
      ; example:
      ; data: /ndn/ndnsim/NDNS/NS/CERT/123
      ; k-locator: /ndn/ndnsim/NDNS/KEY/dsk-1
    }
  }
}

trust-anchor
{
  type file
  file-name @ANCHORPATH@
}