switch to ndn-cxx KeyChain v2
refs #4089
Change-Id: I32bc19db156de49275b681ef67f684b76631d50b
diff --git a/daemon/mgmt/command-authenticator.cpp b/daemon/mgmt/command-authenticator.cpp
index 50e4434..63ab319 100644
--- a/daemon/mgmt/command-authenticator.cpp
+++ b/daemon/mgmt/command-authenticator.cpp
@@ -26,8 +26,8 @@
#include "command-authenticator.hpp"
#include "core/logger.hpp"
-#include <ndn-cxx/security/v1/identity-certificate.hpp>
-#include <ndn-cxx/security/validator-null.hpp>
+#include <ndn-cxx/security/security-common.hpp>
+#include <ndn-cxx/security/verification-helpers.hpp>
#include <ndn-cxx/util/io.hpp>
#include <boost/filesystem.hpp>
@@ -38,8 +38,6 @@
// INFO: configuration change, etc
// DEBUG: per authentication request result
-using ndn::security::v1::IdentityCertificate;
-
shared_ptr<CommandAuthenticator>
CommandAuthenticator::create()
{
@@ -47,8 +45,8 @@
}
CommandAuthenticator::CommandAuthenticator()
- : m_validator(make_unique<ndn::ValidatorNull>())
{
+ NFD_LOG_WARN("Command Interest timestamp checking is currently bypassed.");
}
void
@@ -91,7 +89,7 @@
}
bool isAny = false;
- shared_ptr<IdentityCertificate> cert;
+ shared_ptr<ndn::security::v2::Certificate> cert;
if (certfile == "any") {
isAny = true;
NFD_LOG_WARN("'certfile any' is intended for demo purposes only and "
@@ -100,7 +98,7 @@
else {
using namespace boost::filesystem;
path certfilePath = absolute(certfile, path(filename).parent_path());
- cert = ndn::io::load<IdentityCertificate>(certfilePath.string());
+ cert = ndn::io::load<ndn::security::v2::Certificate>(certfilePath.string());
if (cert == nullptr) {
BOOST_THROW_EXCEPTION(ConfigFile::Error(
"cannot load certfile " + certfilePath.string() +
@@ -137,8 +135,8 @@
NFD_LOG_INFO("authorize module=" << module << " signer=any");
}
else {
- const Name& keyName = cert->getPublicKeyName();
- found->second.certs.emplace(keyName, cert->getPublicKeyInfo());
+ const Name& keyName = cert->getKeyName();
+ found->second.certs.emplace(keyName, *cert);
NFD_LOG_INFO("authorize module=" << module << " signer=" << keyName <<
" certfile=" << certfile);
}
@@ -181,22 +179,26 @@
return;
}
- bool hasGoodSig = ndn::Validator::verifySignature(interest, found->second);
+ bool hasGoodSig = ndn::security::verifySignature(interest, found->second);
if (!hasGoodSig) {
NFD_LOG_DEBUG("reject " << interest.getName() << " signer=" << keyName << " bad-sig");
reject(ndn::mgmt::RejectReply::STATUS403);
return;
}
- self->m_validator.validate(interest,
- bind([=] {
- NFD_LOG_DEBUG("accept " << interest.getName() << " signer=" << keyName);
- accept(keyName.toUri());
- }),
- bind([=] {
- NFD_LOG_DEBUG("reject " << interest.getName() << " signer=" << keyName << " invalid-timestamp");
- reject(ndn::mgmt::RejectReply::STATUS403);
- }));
+ //self->m_validator.validate(interest,
+ // bind([=] {
+ // NFD_LOG_DEBUG("accept " << interest.getName() << " signer=" << keyName);
+ // accept(keyName.toUri());
+ // }),
+ // bind([=] {
+ // NFD_LOG_DEBUG("reject " << interest.getName() << " signer=" << keyName << " invalid-timestamp");
+ // reject(ndn::mgmt::RejectReply::STATUS403);
+ // }));
+
+ /// \todo restore timestamp checking
+ NFD_LOG_DEBUG("accept " << interest.getName() << " signer=" << keyName);
+ accept(keyName.toUri());
};
}
@@ -226,9 +228,9 @@
}
try {
- return {true, IdentityCertificate::certificateNameToPublicKeyName(keyLocator.getName())};
+ return {true, keyLocator.getName()};
}
- catch (const IdentityCertificate::Error&) {
+ catch (const std::invalid_argument&) {
return {false, Name()};
}
}
diff --git a/daemon/mgmt/command-authenticator.hpp b/daemon/mgmt/command-authenticator.hpp
index fe2e0b9..0924e9b 100644
--- a/daemon/mgmt/command-authenticator.hpp
+++ b/daemon/mgmt/command-authenticator.hpp
@@ -28,8 +28,7 @@
#include "core/config-file.hpp"
#include <ndn-cxx/mgmt/dispatcher.hpp>
-#include <ndn-cxx/security/command-interest-validator.hpp>
-#include <ndn-cxx/security/v1/public-key.hpp>
+#include <ndn-cxx/security/v2/certificate.hpp>
namespace nfd {
@@ -68,11 +67,9 @@
struct AuthorizedCerts
{
bool allowAny = false;
- std::unordered_map<Name, ndn::security::v1::PublicKey> certs; ///< keyName => publicKey
+ std::unordered_map<Name, ndn::security::v2::Certificate> certs; ///< keyName => cert
};
std::unordered_map<std::string, AuthorizedCerts> m_moduleAuth; ///< module => certs
-
- ndn::security::CommandInterestValidator m_validator;
};
} // namespace nfd