security: load trust anchor from QT resources
Change-Id: I35b0ee54dbbb2218ec7db60d21afe7ec4976ae27
diff --git a/demo.qrc b/demo.qrc
index 3e90f1f..1a1fa76 100644
--- a/demo.qrc
+++ b/demo.qrc
@@ -1,8 +1,9 @@
<!DOCTYPE RCC><RCC version="1.0">
<qresource prefix="/">
- <file>images/icon_large.png</file>
- <file>images/icon_small.png</file>
- <file>images/note.png</file>
- <file>images/refresh.png</file>
+ <file>images/icon_large.png</file>
+ <file>images/icon_small.png</file>
+ <file>images/note.png</file>
+ <file>images/refresh.png</file>
+ <file>security/anchor.cert</file>
</qresource>
</RCC>
diff --git a/security/anchor.cert b/security/anchor.cert
new file mode 100644
index 0000000..6eeaef4
--- /dev/null
+++ b/security/anchor.cert
@@ -0,0 +1,16 @@
+Bv0C2gcvCANuZG4IA0tFWQgRa3NrLTEzOTMzNzgwNTI0MDkIB0lELUNFUlQIB/0B
+RGvNyo0UAxgBAhX9AW0wggFpMCIYDzIwMTQwMjI2MDEyNzMyWhgPMjAxNDAzMDUw
+ODM5MzJaMB8wHQYDVQQpExYvbmRuL2tzay0xMzkzMzc4MDUyNDA5MIIBIDANBgkq
+hkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAyfBfMsDEKjn5sEF/2B5uUvojnpUvh8/r
+rF5nDVdG7faJVjWkrdnPYweUQItnNRDfiTPYoAINfFdlSdtsCV3gMQjXvrJa5pFP
+Ha4M7nZ9YVExXAnYTSdHAqwFi2bfNJMNUvME7R0lVhjDcyJAdB4IjMc+W7s80rOr
+1BFo3Jf66HE+hLnQsHWC/L3AxR5IYJ7laubDeQBUCJWfbQ+xbM8cb8y39O7ONyhw
+hbJ4hGqel6wvffsGVNzQcZkkGFvpns8FTMrYdhV3rYbmRKxSy09Xh6qDkkuCvgf7
+zZHDZvJGIibEKlfjHD82EJn+V4Ib7PDFAy9le/rissmyZ3gBI7QcqwIBERYtGwEB
+HCgHJggDbmRuCANLRVkIEWtzay0xMzkzMzc4MDUyNDA5CAdJRC1DRVJUF/0BABlT
+1uvcHSjoMNnaeuK73LeI93OqZwOK3Prtl6KNYG/p6ob8uue0pU6x9u8YIu8qj1Gt
+1uIvFhgOqlkbBMUebCjFeRTwlddXnyCWaWH7oJMYZbEjuCyv3498xgEV+4K5fF/x
+BePjfFVD70Vfh3gMUqR2L3ktXzXcLyemT/PvLMXWJ6iQXX4FNLbpAx2EdMzwfFbE
+uPK9/QUBJIG92ks44e9M9iD7meiW+nLjKi4ebiCWYOVcoIazfEi13ZCiBXwbXTNv
+HM0wp7ODHf0CUz3cKfl9pLl8bC9UNEIxFi2b9Vr5UpCy2i8xiTGaxJpvICSFYGFg
+Z7eA1LjpBYouO/4W7+w=
diff --git a/src/contact-manager.cpp b/src/contact-manager.cpp
index 7be5017..74f84fa 100644
--- a/src/contact-manager.cpp
+++ b/src/contact-manager.cpp
@@ -14,6 +14,7 @@
#include "contact-manager.h"
#include <QStringList>
+#include <QFile>
#ifndef Q_MOC_RUN
#include <ndn-cpp-dev/util/crypto.hpp>
@@ -23,6 +24,7 @@
#include <cryptopp/base64.h>
#include <cryptopp/files.h>
#include <cryptopp/sha.h>
+#include <cryptopp/filters.h>
#include <boost/asio.hpp>
#include <boost/tokenizer.hpp>
#include <boost/filesystem.hpp>
@@ -52,11 +54,55 @@
{}
// private methods
+shared_ptr<IdentityCertificate>
+ContactManager::loadTrustAnchor()
+{
+ shared_ptr<IdentityCertificate> anchor;
+
+ QFile anchorFile(":/security/anchor.cert");
+
+ if (!anchorFile.open(QIODevice::ReadOnly))
+ {
+ emit warning(QString("Cannot load trust anchor!"));
+
+ return anchor;
+ }
+
+ qint64 fileSize = anchorFile.size();
+ char* buf = new char[fileSize];
+ anchorFile.read(buf, fileSize);
+
+ try
+ {
+ using namespace CryptoPP;
+
+ OBufferStream os;
+ StringSource(reinterpret_cast<const uint8_t*>(buf), fileSize, true, new Base64Decoder(new FileSink(os)));
+ anchor = make_shared<IdentityCertificate>();
+ anchor->wireDecode(Block(os.buf()));
+ }
+ catch(CryptoPP::Exception& e)
+ {
+ emit warning(QString("Cannot load trust anchor!"));
+ }
+ catch(IdentityCertificate::Error& e)
+ {
+ emit warning(QString("Cannot load trust anchor!"));
+ }
+ catch(Block::Error& e)
+ {
+ emit warning(QString("Cannot load trust anchor!"));
+ }
+
+ delete [] buf;
+
+ return anchor;
+}
+
void
ContactManager::initializeSecurity()
{
- fs::path anchorPath = fs::path(getenv("HOME")) / ".chronos" / "anchor.cert";
- shared_ptr<IdentityCertificate> anchor = io::load<IdentityCertificate>(anchorPath.c_str());
+ shared_ptr<IdentityCertificate> anchor = loadTrustAnchor();
shared_ptr<ValidatorRegex> validator = make_shared<ValidatorRegex>(m_face);
validator->addDataVerificationRule(make_shared<SecRuleRelative>("^([^<DNS>]*)<DNS><ENDORSED>",
diff --git a/src/contact-manager.h b/src/contact-manager.h
index 6bcd429..fa28a9e 100644
--- a/src/contact-manager.h
+++ b/src/contact-manager.h
@@ -53,7 +53,10 @@
contactList.clear();
contactList.insert(contactList.end(), m_contactList.begin(), m_contactList.end());
}
-private:
+private:
+ ndn::shared_ptr<ndn::IdentityCertificate>
+ loadTrustAnchor();
+
void
initializeSecurity();