blob: aa3ae3289cd88df966a0443645b8d0e551ee5d95 [file] [log] [blame]
Saurab Dulal427e0122019-11-28 11:58:02 -06001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2014-2020, The University of Memphis,
4 * Regents of the University of California,
5 * Arizona Board of Regents.
6 *
7 * This file is part of NLSR (Named-data Link State Routing).
8 * See AUTHORS.md for complete list of NLSR authors and contributors.
9 *
10 * NLSR is free software: you can redistribute it and/or modify it under the terms
11 * of the GNU General Public License as published by the Free Software Foundation,
12 * either version 3 of the License, or (at your option) any later version.
13 *
14 * NLSR is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
15 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
16 * PURPOSE. See the GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along with
19 * NLSR, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
20 **/
21
22#include "certificate-store.hpp"
23#include "conf-parameter.hpp"
24#include "logger.hpp"
25
26#include <ndn-cxx/util/io.hpp>
27
28namespace nlsr {
29namespace security {
30
31INIT_LOGGER(CertificateStore);
32
33CertificateStore::CertificateStore(ndn::Face& face, ConfParameter& confParam, Lsdb& lsdb)
34 : m_face(face)
35 , m_confParam(confParam)
36 , m_lsdb(lsdb)
37 , m_validator(m_confParam.getValidator())
38 , m_afterSegmentValidatedConnection(m_lsdb.afterSegmentValidatedSignal.connect(
39 std::bind(&CertificateStore::afterFetcherSignalEmitted,
40 this, _1)))
41{
42 for (const auto& x: confParam.getIdCerts()) {
43 auto idCert = ndn::io::load<ndn::security::v2::Certificate>(x);
44 insert(*idCert);
45 }
46
47 registerKeyPrefixes();
48}
49
50void
51CertificateStore::insert(const ndn::security::v2::Certificate& certificate)
52{
53 m_certificates[certificate.getKeyName()] = certificate;
54 NLSR_LOG_TRACE("Certificate inserted successfully");
55}
56
57const ndn::security::v2::Certificate*
58CertificateStore::find(const ndn::Name& keyName) const
59{
60 auto it = m_certificates.find(keyName);
61 return it != m_certificates.end() ? &it->second : nullptr;
62}
63
64void
65CertificateStore::clear()
66{
67 m_certificates.clear();
68}
69
70void
71CertificateStore::setInterestFilter(const ndn::Name& prefix, bool loopback)
72{
73 m_face.setInterestFilter(ndn::InterestFilter(prefix).allowLoopback(loopback),
74 std::bind(&CertificateStore::onKeyInterest, this, _1, _2),
75 std::bind(&CertificateStore::onKeyPrefixRegSuccess, this, _1),
76 std::bind(&CertificateStore::registrationFailed, this, _1),
77 m_confParam.getSigningInfo(), ndn::nfd::ROUTE_FLAG_CAPTURE);
78}
79
80void
81CertificateStore::registerKeyPrefixes()
82{
83 std::vector<ndn::Name> prefixes;
84
85 // Router's NLSR certificate
86 ndn::Name nlsrKeyPrefix = m_confParam.getRouterPrefix();
87 nlsrKeyPrefix.append("nlsr");
88 nlsrKeyPrefix.append("KEY");
89 prefixes.push_back(nlsrKeyPrefix);
90
91 // Router's certificate
92 ndn::Name routerKeyPrefix = m_confParam.getRouterPrefix();
93 routerKeyPrefix.append("KEY");
94 prefixes.push_back(routerKeyPrefix);
95
96 // Router's operator's certificate
97 ndn::Name operatorKeyPrefix = m_confParam.getNetwork();
98 operatorKeyPrefix.append(m_confParam.getSiteName());
99 operatorKeyPrefix.append(std::string("%C1.Operator"));
100 prefixes.push_back(operatorKeyPrefix);
101
102 // Router's site's certificate
103 ndn::Name siteKeyPrefix = m_confParam.getNetwork();
104 siteKeyPrefix.append(m_confParam.getSiteName());
105 siteKeyPrefix.append("KEY");
106 prefixes.push_back(siteKeyPrefix);
107
108 // Start listening for interest of this router's NLSR certificate,
109 // router's certificate and site's certificate
110 for (const auto& i : prefixes) {
111 setInterestFilter(i);
112 }
113}
114
115void
116CertificateStore::onKeyInterest(const ndn::Name& name, const ndn::Interest& interest)
117{
118 NLSR_LOG_DEBUG("Got interest for certificate. Interest: " << interest.getName());
119
120 const auto* cert = find(interest.getName());
121
122 if (!cert) {
123 NLSR_LOG_TRACE("Certificate is not found for: " << interest);
124 return;
125 }
126 m_face.put(*cert);
127}
128
129void
130CertificateStore::onKeyPrefixRegSuccess(const ndn::Name& name)
131{
132 NLSR_LOG_DEBUG("KEY prefix: " << name << " registration is successful.");
133}
134
135void
136CertificateStore::registrationFailed(const ndn::Name& name)
137{
138 NLSR_LOG_ERROR("ERROR: Failed to register prefix " << name);
139 BOOST_THROW_EXCEPTION(std::runtime_error("Prefix registration failed"));
140}
141
142void
143CertificateStore::publishCertFromCache(const ndn::Name& keyName)
144{
145 const auto* cert = m_validator.getUnverifiedCertCache().find(keyName);
146
147 if (cert) {
148 insert(*cert);
149 NLSR_LOG_TRACE(*cert);
150 ndn::Name certName = ndn::security::v2::extractKeyNameFromCertName(cert->getName());
151 NLSR_LOG_TRACE("Setting interest filter for: " << certName);
152
153 setInterestFilter(certName);
154
155 if (cert->getKeyName() != cert->getSignature().getKeyLocator().getName()) {
156 publishCertFromCache(cert->getSignature().getKeyLocator().getName());
157 }
158 }
159 else {
160 // Happens for root cert
161 NLSR_LOG_TRACE("Cert for " << keyName << " was not found in the Validator's cache. ");
162 }
163}
164
165void
166CertificateStore::afterFetcherSignalEmitted(const ndn::Data& lsaSegment)
167{
168 const auto keyName = lsaSegment.getSignature().getKeyLocator().getName();
169 if (!find(keyName)) {
170 NLSR_LOG_TRACE("Publishing certificate for: " << keyName);
171 publishCertFromCache(keyName);
172 }
173 else {
174 NLSR_LOG_TRACE("Certificate is already in the store: " << keyName);
175 }
176}
177
178} // namespace security
179} // namespace nlsr