commit 7bc10fad91daf3b4756429e4e6dcec3df061ded2
author Alexander Afanasyev <alexander.afanasyev@ucla.edu> Fri Jan 13 16:56:26 2017 -0800
committer Alexander Afanasyev <alexander.afanasyev@ucla.edu> Tue Jan 24 10:52:23 2017 -0500
tree 2d1743133a76086ed89ace1ddafffc0acf0605da
parent 7e7214103e24dd2b891d6912552d0defb89e2c48

security: Abstract certificate fetching from v2::Validator

Change-Id: Ia98d11ac67b0095f632818ac37a19a1e5a7656a8
Refs: #3921

src/security/v2/certificate-fetcher-from-network.cpp

diff --git a/src/security/v2/certificate-fetcher-from-network.cpp b/src/security/v2/certificate-fetcher-from-network.cpp
new file mode 100644
index 0000000..5d7bcaa
--- /dev/null
+++ b/src/security/v2/certificate-fetcher-from-network.cpp
@@ -0,0 +1,116 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2017 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "certificate-fetcher-from-network.hpp"
+#include "face.hpp"
+#include "util/logger.hpp"
+
+namespace ndn {
+namespace security {
+namespace v2 {
+
+NDN_LOG_INIT(ndn.security.v2.CertificateFetcher);
+
+#define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(state->getDepth() + 1, '>') << " " << x)
+#define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(state->getDepth() + 1, '>') << " " << x)
+
+CertificateFetcherFromNetwork::CertificateFetcherFromNetwork(Face& face)
+  : m_face(face)
+{
+}
+
+void
+CertificateFetcherFromNetwork::doFetch(const shared_ptr<CertificateRequest>& certRequest,
+                                       const shared_ptr<ValidationState>& state,
+                                       const ValidationContinuation& continueValidation)
+{
+  m_face.expressInterest(certRequest->m_interest,
+                         [=] (const Interest& interest, const Data& data) {
+                           dataCallback(data, certRequest, state, continueValidation);
+                         },
+                         [=] (const Interest& interest, const lp::Nack& nack) {
+                           nackCallback(nack, certRequest, state, continueValidation);
+                         },
+                         [=] (const Interest& interest) {
+                           timeoutCallback(certRequest, state, continueValidation);
+                         });
+}
+
+void
+CertificateFetcherFromNetwork::dataCallback(const Data& data,
+                                            const shared_ptr<CertificateRequest>& certRequest,
+                                            const shared_ptr<ValidationState>& state,
+                                            const ValidationContinuation& continueValidation)
+{
+  NDN_LOG_DEBUG_DEPTH("Fetched certificate from network " << data.getName());
+
+  Certificate cert;
+  try {
+    cert = Certificate(data);
+  }
+  catch (const tlv::Error& e) {
+    return state->fail({ValidationError::Code::MALFORMED_CERT, "Fetched a malformed certificate "
+                        "`" + data.getName().toUri() + "` (" + e.what() + ")"});
+  }
+  continueValidation(cert, state);
+}
+
+void
+CertificateFetcherFromNetwork::nackCallback(const lp::Nack& nack,
+                                            const shared_ptr<CertificateRequest>& certRequest,
+                                            const shared_ptr<ValidationState>& state,
+                                            const ValidationContinuation& continueValidation)
+{
+  NDN_LOG_DEBUG_DEPTH("NACK (" << nack.getReason() <<  ") while fetching certificate "
+                      << certRequest->m_interest.getName());
+
+  --certRequest->m_nRetriesLeft;
+  if (certRequest->m_nRetriesLeft >= 0) {
+    // TODO implement delay for the the next fetch
+    fetch(certRequest, state, continueValidation);
+  }
+  else {
+    state->fail({ValidationError::Code::CANNOT_RETRIEVE_CERT, "Cannot fetch certificate after all "
+                 "retries `" + certRequest->m_interest.getName().toUri() + "`"});
+  }
+}
+
+void
+CertificateFetcherFromNetwork::timeoutCallback(const shared_ptr<CertificateRequest>& certRequest,
+                                               const shared_ptr<ValidationState>& state,
+                                               const ValidationContinuation& continueValidation)
+{
+  NDN_LOG_DEBUG_DEPTH("Timeout while fetching certificate " << certRequest->m_interest.getName()
+                      << ", retrying");
+
+  --certRequest->m_nRetriesLeft;
+  if (certRequest->m_nRetriesLeft >= 0) {
+    fetch(certRequest, state, continueValidation);
+  }
+  else {
+    state->fail({ValidationError::Code::CANNOT_RETRIEVE_CERT, "Cannot fetch certificate after all "
+                 "retries `" + certRequest->m_interest.getName().toUri() + "`"});
+  }
+}
+
+} // namespace v2
+} // namespace security
+} // namespace ndn