security: Add CertificateFetcherDirectFetch

Change-Id: I3abaa0c264b8d93f9bba588d346477e7179f03e7
Refs: #3921
diff --git a/src/security/v2/certificate-fetcher-direct-fetch.cpp b/src/security/v2/certificate-fetcher-direct-fetch.cpp
new file mode 100644
index 0000000..2e01612
--- /dev/null
+++ b/src/security/v2/certificate-fetcher-direct-fetch.cpp
@@ -0,0 +1,62 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2017 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "certificate-fetcher-direct-fetch.hpp"
+#include "face.hpp"
+#include "lp/tags.hpp"
+
+namespace ndn {
+namespace security {
+namespace v2 {
+
+CertificateFetcherDirectFetch::CertificateFetcherDirectFetch(Face& face)
+  : CertificateFetcherFromNetwork(face)
+{
+}
+
+void
+CertificateFetcherDirectFetch::doFetch(const shared_ptr<CertificateRequest>& keyRequest,
+                                       const shared_ptr<ValidationState>& state,
+                                       const ValidationContinuation& continueValidation)
+{
+  auto interestState = dynamic_pointer_cast<InterestValidationState>(state);
+  if (interestState != nullptr) {
+    uint64_t incomingFaceId = 0;
+    auto incomingFaceIdTag = interestState->getOriginalInterest().getTag<lp::IncomingFaceIdTag>();
+    if (incomingFaceIdTag != nullptr) {
+      incomingFaceId = incomingFaceIdTag->get();
+    }
+
+    if (incomingFaceId != 0) {
+      Interest directInterest(keyRequest->m_interest);
+      directInterest.refreshNonce();
+      directInterest.setTag(make_shared<lp::NextHopFaceIdTag>(incomingFaceId));
+      m_face.expressInterest(directInterest, nullptr, nullptr, nullptr);
+    }
+  }
+
+  // send infrastructure Interest
+  CertificateFetcherFromNetwork::doFetch(keyRequest, state, continueValidation);
+}
+
+} // namespace v2
+} // namespace security
+} // namespace ndn
diff --git a/src/security/v2/certificate-fetcher-direct-fetch.hpp b/src/security/v2/certificate-fetcher-direct-fetch.hpp
new file mode 100644
index 0000000..2f51246
--- /dev/null
+++ b/src/security/v2/certificate-fetcher-direct-fetch.hpp
@@ -0,0 +1,57 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2017 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_V2_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
+#define NDN_SECURITY_V2_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP
+
+#include "certificate-fetcher-from-network.hpp"
+
+namespace ndn {
+namespace security {
+namespace v2 {
+
+/**
+ * @brief Extends CertificateFetcherFromNetwork to fetch certificates from Interest sender
+ *
+ * During Interest validation, if IncomingFaceId tag is present on the original Interest, this
+ * fetcher will send a "direct Interest" to fetch certificates from the face where the original
+ * Interest was received, in addition to fetching from the infrastructure. The application must
+ * enable NextHopFaceId privilege on the face used by this fetcher prior to the validation.
+ *
+ * During Data validation, this fetcher is equivalent to CertificateFetcherFromNetwork.
+ */
+class CertificateFetcherDirectFetch : public CertificateFetcherFromNetwork
+{
+public:
+  explicit
+  CertificateFetcherDirectFetch(Face& face);
+
+protected:
+  void
+  doFetch(const shared_ptr<CertificateRequest>& keyRequest, const shared_ptr<ValidationState>& state,
+          const ValidationContinuation& continueValidation) override;
+};
+
+} // namespace v2
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_V2_CERTIFICATE_FETCHER_DIRECT_FETCH_HPP