Remove obsolete deployment instructions and script
Change-Id: If86fc4d91b975d8c1a8e575229328f95dc0dc49c
diff --git a/deployment/deploy-over-testbed.md b/deployment/deploy-over-testbed.md
deleted file mode 100644
index 1b0aaed..0000000
--- a/deployment/deploy-over-testbed.md
+++ /dev/null
@@ -1,51 +0,0 @@
-# Deploy NDNCERT v0.3 over testbed
-
-Three steps:
-
-* Deploy root CA `/ndn` by setting up the NDNCERT CA configuration and run NDNCERT service
-* At each site server, run NDNCERT client command line tools to get certificate issued by `/ndn` using the PIN code challenge, set up the CA configuration and run NDNCERT CA service.
-* Update the `/ndn`'s configuration file and restart the service.
-
-## Step 1
-
-```bash
-sudo ./deploy.sh
-```
-
-## Step 2
-
-On each site:
-
-```bash
-sudo ./deploy.sh
-```
-
-```bash
-ndnsec-dump-certificate XXX
-```
-
-## Step 3
-Stop NDNCERT CA
-```bash
-sudo systemctl stop ndncert-ca
-```
-
-Update CA configuation file ``ca.conf`` with the output certificate just get:
-Inside ``ca.conf``, site CAs are configured by sections below:
-
-```
- "redirect-to":
- [
- {
- "ca-prefix": "/example/site1",
- "certificate": "Bv0CvQcwCAdleGFtcGxlCAVzaXRlMQgDS0VZCAh6af3szF4QZwgEc2VsZggJ/QAAAXT6+NCKFAkYAQIZBAA27oAV/QEmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43hjZT0HUFFJcqwj8lZnd/vg0NrzqvZ4jhsq1c+nv6J3Huc9Uq5jRZwhFQ8nBWT3CeFScO5FUQfNXDIDncZ4vYPFEnockOFVtvmKQ/ELwReUvjH80d1NPGrIVrD0lMRpv2sFr6NW2p7aw6bCSj3OJq7H/+QHDkAryssMZyHwTbPzMZHyYKmxR68CyCCpvLlgp8tYFT+cCrOc3lz3nROK3VFR+apgwubpvl8nbKD10QLcgMHSkLoLEy/Ksq8OH7MQhUEZDjLk/zL9baZ7MiKXtdUZCNTZk13y5z+4aT4TqumLB+obiDXmv6JAi+CkYIMf2ck2IvMV6JgxxIlv3+Ke2wIDAQABFlAbAQEcIQcfCAdleGFtcGxlCAVzaXRlMQgDS0VZCAh6af3szF4QZ/0A/Sb9AP4PMTk3MDAxMDFUMDAwMDAw/QD/DzIwNDAwOTMwVDIyNTQwNBf9AQCCSXOqUX40mAIdKCa+nnfJCGZbNowQPJp5kDnyolj5/Ek9x8czyLcX58xTsgYtiPmL5DxMgkRujRJu9INm0pUJIJRlsqhDOwsrxIjlSgwy5AeexYe7SM3rSwljLxTR4MfBw26pym9iYt8ovHXotCDE+etyKwHzXoOgzxORoPXqBGwobNOPnhDfpzHQBFOrPd8qqLAGioNNk/k2U/uyvBbLoZS4ScNVJpfbcvcmzu/A8H/VyT4234LrlISL9WpWlO8J18yzhrXchFR0ZwCoYge5rLZ4vsQhY1WqXHCsYnRa3la6Txz44EWYEBpmk12qnkPt06KAPvQ82N1CICxFb9NY"
- }
- ]
-```
-
-Replace the ``ca-prefix`` and ``certificate`` in this example section with the ones in your case.
-
-Start NDNCERT CA
-```bash
-sudo systemctl start ndncert-ca
-```
diff --git a/deployment/deploy.sh b/deployment/deploy.sh
deleted file mode 100755
index 29781f4..0000000
--- a/deployment/deploy.sh
+++ /dev/null
@@ -1,280 +0,0 @@
-#!/usr/bin/env bash
-
-function generate_client_config() {
-echo
-echo "What is the parent CA's prefix?"
-read -r parent_ca_prefix
-echo "what is the parent certificate? (use Ctrl-D to end input)"
-root_cert=$(cat | tr -d '\n')
-
-cat > ndncert-site-client.conf << ~EOF
-{
- "ca-list":
- [
- {
- "ca-prefix": "$parent_ca_prefix",
- "ca-info": "NDN Testbed Root Trust Anchor",
- "max-validity-period": "1296000",
- "max-suffix-length": "3",
- "probe-parameters":
- [
- {"probe-parameter-key": "pin"}
- ],
- "certificate": "$root_cert"
- }
- ]
-}
-~EOF
-echo "config file generated at ndncert-site-client.conf"
-echo
-}
-
-function generate_ca_config() {
-echo
-echo "Load the new configuration file for the CA"
-echo "Would you like to allow email challenge for this CA? [Y/N]"
-read -r allow_email_challenge
-# prepare CA configuration file
-cat > ndncert-deploy-ca.conf << ~EOF
-{
- "ca-prefix": "$1",
- "ca-info": "NDN Trust Anchor: $1",
- "max-validity-period": "1296000",
- "max-suffix-length": "2",
- "probe-parameters":
- [
- {"probe-parameter-key": "email"}
- ],
- "supported-challenges":
- [
-~EOF
-if [ "$allow_email_challenge" = 'y' ]; then
- echo ' { "challenge": "email" },' >> ndncert-deploy-ca.conf
-elif [ "$allow_email_challenge" = 'Y' ]; then
- echo ' { "challenge": "email" },' >> ndncert-deploy-ca.conf
-fi
-cat >> ndncert-deploy-ca.conf << ~EOF
- { "challenge": "pin" }
- ],
- "name-assignment":
- {
- "param": "/email"
- }
-}
-~EOF
-
-sudo touch /usr/local/etc/ndncert/ca.conf
-sudo mv ndncert-deploy-ca.conf /usr/local/etc/ndncert/ca.conf
-
-echo ""
-}
-
-deployment_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-ndncert_dir="$(dirname "$deployment_dir")"
-current_path="$(pwd)"
-cd "$ndncert_dir"
-
-echo "Do you want to (re) compile and build NDNCERT? [Y/N]"
-read -r NDNCERT_COMPILE
-echo ""
-
-case $NDNCERT_COMPILE in
- N|n)
- echo "Okay, we'll skip compilation and build."
- ;;
- Y|y)
- CXXFLAGS="-O2" "./waf" configure
- "./waf"
- ;;
- *)
- echo "Unknown option, build and install is cancelled"
- cd "$current_path"
- exit 1
- ;;
-esac
-echo "Need sudo to install NDNCERT CLI tools"
-sudo "./waf" install
-echo ""
-
-echo "==================================================================="
-echo "=="
-echo "== deploying NDNCERT"
-echo "=="
-echo "==================================================================="
-echo ""
-echo "Are you sure [Y/n] ?"
-read -r deploy
-
-case $deploy in
- N|n)
- echo "deployment cancelled"
- cd "$current_path"
- exit 1
- ;;
- Y|y)
- ;;
- *)
- echo "Unknown option, deployment cancelled"
- cd "$current_path"
- exit 1
- ;;
-esac
-
-echo ""
-echo "==================================================================="
-echo "=="
-echo "== deployment started"
-echo "=="
-echo "==================================================================="
-
-echo "What is the CA Prefix (eg. /example) you want to deploy?"
-read -r ca_prefix
-echo ""
-
-echo ""
-echo "==================================================================="
-echo "=="
-echo "== systemd config"
-echo "=="
-echo "==================================================================="
-
-echo "Do you want to install ndncert CA for systemd on this machine? [Y/N]"
-read -r systemd_install
-echo ""
-
-case $systemd_install in
- N|n)
- echo "We will not install systemd CA on this machine"
- echo "Successfully finish the deployment of NDNCERT. To run NDNCERT, please use CLI ndncert-ca-server"
- cd "$current_path"
- exit 0
- ;;
- Y|y)
- echo "Copying NDNCERT-CA systemd service on this machine"
- sudo cp "$ndncert_dir/build/systemd/ndncert-ca.service" /etc/systemd/system
- sudo chmod 644 /etc/systemd/system/ndncert-ca.service
- ;;
- *)
- echo "Unknown option, deployment cancelled"
- cd "$current_path"
- exit 1
- ;;
-esac
-
-echo ""
-echo "ndncert-ca service requires user ndn. Will check it now :D"
-if id ndn &>/dev/null; then
- echo 'ndn user account found, GOOD!'
-else
- echo 'ndn user not found; adding ndn user as root'
- sudo useradd ndn
-fi
-
-echo ""
-echo "ndncert-ca service requires /var/lib/ndncert-ca. Will check or create the keychain in /var/lib/ndncert-ca"
-sudo mkdir -p /var/lib/ndncert-ca
-sudo chown ndn /var/lib/ndncert-ca
-echo '/var/lib/ndncert-ca is ready, GOOD!'
-
-echo ""
-echo "==================================================================="
-echo "=="
-echo "== anchor certificate generation"
-echo "=="
-echo "==================================================================="
-
-echo ""
-echo "Do you want to import an existing safebag for $ca_prefix ? [Y/N]"
-read -r use_safe_bag
-
-case $use_safe_bag in
- N|n)
- if [ "$(HOME=/var/lib/ndncert-ca ndnsec list | grep " $ca_prefix$" > /dev/null 2>&1; echo $?)" -ne 0 ]; then
- echo "Generating new NDN identity for $ca_prefix"
- sudo HOME=/var/lib/ndncert-ca -u ndn ndnsec-keygen "$ca_prefix"
- else
- echo "Key detected for $ca_prefix"
- echo "Continue..."
- fi
- ;;
- Y|y)
- echo "Reading the safebag."
- echo "What is the safebag file name?"
- read -r safe_bag_path
- echo ""
-
- echo "What is the password of the safebag?"
- read -r safe_bafg_pwd
- echo ""
-
- sudo HOME=/var/lib/ndncert-ca -u ndn ndnsec-import -i "$safe_bag_path" -P "$safe_bafg_pwd"
- ;;
- *)
- echo "Unknown option, deployment cancelled"
- cd "$current_path"
- exit 1
- ;;
-esac
-
-echo ""
-echo "Do you want to request a certificate from a parent CA? [Y/N]"
-read -r run_client
-case $run_client in
- Y|y)
- echo "Running ndncert client"
- generate_client_config
- ndncert-client -c ndncert-site-client.conf
- rm ndncert-site-client.conf
-
- echo "What is the new certificate name?"
- read -r new_cert_name
- ndnsec set-default -c "$new_cert_name"
- ;;
- *)
- echo "Will not request a certificate. "
- ;;
-esac
-
-echo ""
-echo "==================================================================="
-echo "=="
-echo "== configuration generation"
-echo "=="
-echo "==================================================================="
-
-generate_ca_config "$ca_prefix"
-
-echo ""
-echo "==================================================================="
-echo "=="
-echo "== done"
-echo "=="
-echo "==================================================================="
-
-echo "Do you want to start the service now? [Y/N]"
-read -r start_now
-case $start_now in
- N|n)
- echo "Successfully finish the deployment of NDNCERT. You can run sudo systemctl start ndncert-ca when you want to start the service"
- cd "$current_path"
- exit 0
- ;;
- Y|y)
- echo "Starting the service ndncert-ca"
- sudo systemctl daemon-reload
- sudo systemctl start ndncert-ca
- sleep 2
- echo "Reading the status of service ndncert-ca"
- sudo systemctl status ndncert-ca
- echo "Successfully finish the deployment of NDNCERT. You can run sudo systemctl status ndncert-ca when you want to check the status of the service"
- cd "$current_path"
- exit 0
- ;;
- *)
- echo "Unknown option, deployment cancelled"
- cd "$current_path"
- exit 1
- ;;
-esac
-
-cd "$current_path"
\ No newline at end of file
diff --git a/src/challenge/challenge-email.hpp b/src/challenge/challenge-email.hpp
index 6de8216..d9d4bf4 100644
--- a/src/challenge/challenge-email.hpp
+++ b/src/challenge/challenge-email.hpp
@@ -26,12 +26,7 @@
namespace ndncert {
/**
- * @brief Provide Email based challenge
- *
- * For challenge design
- * @sa https://github.com/named-data/ndncert/wiki/NDN-Certificate-Management-Protocol
- * For deployment instructions:
- * @sa https://github.com/named-data/ndncert/wiki/Deploy-Email-Challenge
+ * @brief Provide email-based challenge.
*
* The main process of this challenge module is:
* 1. Requester provides its email address.
@@ -45,6 +40,8 @@
* Failure info when application fails:
* FAILURE_MAXRETRY: When run out retry times.
* FAILURE_TIMEOUT: When the secret lifetime expires.
+ *
+ * @sa https://github.com/named-data/ndncert/wiki/NDNCERT-Protocol-0.3-Challenges
*/
class ChallengeEmail : public ChallengeModule
{
diff --git a/src/challenge/challenge-pin.hpp b/src/challenge/challenge-pin.hpp
index cfcf508..4ab6cdd 100644
--- a/src/challenge/challenge-pin.hpp
+++ b/src/challenge/challenge-pin.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2017-2021, Regents of the University of California.
+ * Copyright (c) 2017-2022, Regents of the University of California.
*
* This file is part of ndncert, a certificate management system based on NDN.
*
@@ -26,9 +26,7 @@
namespace ndncert {
/**
- * @brief Provide PIN code based challenge
- *
- * @sa https://github.com/named-data/ndncert/wiki/NDN-Certificate-Management-Protocol
+ * @brief Provide PIN code based challenge.
*
* The main process of this challenge module is:
* 1. End entity provides empty string. The first POLL is only for selection.
@@ -42,6 +40,8 @@
* Failure info when application fails:
* FAILURE_TIMEOUT: When secret is out-dated.
* FAILURE_MAXRETRY: When requester tries too many times.
+ *
+ * @sa https://github.com/named-data/ndncert/wiki/NDNCERT-Protocol-0.3-Challenges
*/
class ChallengePin : public ChallengeModule
{