Update CaConfig to support multi CA and make config JSON style
Change-Id: I1737fa26356c255f3eb8090a5463614d7f728644
diff --git a/src/ca-config.cpp b/src/ca-config.cpp
index 753d483..8d3f309 100644
--- a/src/ca-config.cpp
+++ b/src/ca-config.cpp
@@ -25,89 +25,54 @@
namespace ndn {
namespace ndncert {
-CaConfig::CaConfig() = default;
-
-CaConfig::CaConfig(const std::string& fileName)
- : m_fileName(fileName)
-{
- open();
- load();
-}
-
void
-CaConfig::open()
+CaConfig::load(const std::string& fileName)
{
- std::ifstream inputFile;
- inputFile.open(m_fileName.c_str());
- if (!inputFile.good() || !inputFile.is_open()) {
- std::string msg = "Failed to read configuration file: ";
- msg += m_fileName;
- BOOST_THROW_EXCEPTION(Error(msg));
- }
-
try {
- boost::property_tree::read_info(inputFile, m_config);
+ boost::property_tree::read_json(fileName, m_config);
}
catch (const boost::property_tree::info_parser_error& error) {
- BOOST_THROW_EXCEPTION(Error("Failed to parse configuration file " + m_fileName +
+ BOOST_THROW_EXCEPTION(Error("Failed to parse configuration file " + fileName +
" " + error.message() + " line " + std::to_string(error.line())));
}
if (m_config.begin() == m_config.end()) {
- BOOST_THROW_EXCEPTION(Error("Error processing configuration file: " + m_fileName + " no data"));
+ BOOST_THROW_EXCEPTION(Error("Error processing configuration file: " + fileName + " no data"));
}
- inputFile.close();
+ parse();
}
void
-CaConfig::load()
+CaConfig::parse()
{
- m_caName = Name(m_config.get<std::string>("name"));
- m_validatorConfig = m_config.get_child("validator-conf");
+ m_caItems.clear();
+ auto caList = m_config.get_child("ca-list");
+ auto it = caList.begin();
+ for (; it != caList.end(); it++) {
+ CaItem item;
+ item.m_caName = Name(it->second.get<std::string>("ca-prefix"));
+ item.m_caInfo = it->second.get<std::string>("ca-info");
+ item.m_probe = it->second.get("probe", "");
+ item.m_freshnessPeriod = time::seconds(it->second.get<uint64_t>("issuing-freshness"));
+ item.m_validityPeriod = time::days(it->second.get<uint64_t>("validity-period"));
- parseCertificateInfo(m_config.get_child("certificate-info"));
- parseCaAnchor(m_config.get_child("ca-anchor"));
- parseChallengeList(m_config.get_child("challenge-list"));
-}
-
-void
-CaConfig::parseCertificateInfo(const ConfigSection& configSection)
-{
- m_freshPeriod = configSection.get<uint64_t>("freshness-period");
-}
-
-void
-CaConfig::parseCaAnchor(const ConfigSection& configSection)
-{
- std::string type = configSection.get<std::string>("type");
- std::string value = configSection.get<std::string>("value");
- if (type == "file") {
- boost::filesystem::path certfilePath = absolute(value,
- boost::filesystem::path(m_fileName).parent_path());
- m_anchor = io::load<security::v2::Certificate>(certfilePath.string());
- if (m_anchor != nullptr) {
- BOOST_ASSERT(m_anchor->getName().size() >= 1);
- }
- else
- BOOST_THROW_EXCEPTION(Error("Cannot read certificate from file: " + certfilePath.native()));
- }
- else if (type == "base64") {
- std::istringstream ss(value);
- m_anchor = io::load<security::v2::Certificate>(ss);
- }
- else {
- BOOST_THROW_EXCEPTION(Error("Unrecognized trust anchor '" + type + "' '" + value + "'"));
+ auto challengeList = it->second.get_child("supported-challenges");
+ item.m_supportedChallenges = parseChallengeList(challengeList);
+ item.m_anchor = Name(it->second.get<std::string>("ca-anchor"));
+ m_caItems.push_back(item);
}
}
-void
-CaConfig::parseChallengeList(const ConfigSection& configSection)
+std::list<std::string>
+CaConfig::parseChallengeList(const ConfigSection& section)
{
- auto it = configSection.begin();
- for (; it != configSection.end(); it++) {
- m_availableChallenges.push_back(it->second.get<std::string>("type"));
+ std::list<std::string> result;
+ auto it = section.begin();
+ for (; it != section.end(); it++) {
+ result.push_back(it->second.get<std::string>("type"));
}
+ return result;
}
} // namespace ndncert
diff --git a/src/ca-config.hpp b/src/ca-config.hpp
index 9bde1f9..ed95cb2 100644
--- a/src/ca-config.hpp
+++ b/src/ca-config.hpp
@@ -29,6 +29,18 @@
typedef boost::property_tree::ptree ConfigSection;
+class CaItem
+{
+public:
+ Name m_caName;
+ std::string m_caInfo;
+ std::string m_probe;
+ time::seconds m_freshnessPeriod;
+ time::days m_validityPeriod;
+ std::list<std::string> m_supportedChallenges;
+ Name m_anchor;
+};
+
/**
* @brief Represents a CA configuration instance
*/
@@ -41,45 +53,25 @@
class Error : public std::runtime_error
{
public:
- explicit
- Error(const std::string& what)
- : std::runtime_error(what)
- {
- }
+ using std::runtime_error::runtime_error;
};
public:
- CaConfig();
-
- explicit
- CaConfig(const std::string& fileName);
-
-PUBLIC_WITH_TESTS_ELSE_PRIVATE:
void
- open();
+ load(const std::string& fileName);
+private:
void
- load();
+ parse();
- void
- parseCertificateInfo(const ConfigSection& configSection);
-
- void
- parseCaAnchor(const ConfigSection& configSection);
-
- void
+ std::list<std::string>
parseChallengeList(const ConfigSection& configSection);
public:
- Name m_caName;
- uint64_t m_freshPeriod;
- shared_ptr<security::v2::Certificate> m_anchor;
- std::list<std::string> m_availableChallenges;
- ConfigSection m_validatorConfig;
+ std::list<CaItem> m_caItems;
PUBLIC_WITH_TESTS_ELSE_PRIVATE:
ConfigSection m_config;
- std::string m_fileName;
};
} // namespace ndncert
diff --git a/src/client-config.hpp b/src/client-config.hpp
index fbc71f3..fbb703b 100644
--- a/src/client-config.hpp
+++ b/src/client-config.hpp
@@ -27,15 +27,6 @@
namespace ndn {
namespace ndncert {
-class CaItem
-{
-public:
- Name m_caName;
- std::string m_caInfo;
- std::string m_probe;
- std::list<std::string> m_supportedChallenges;
-};
-
class ClientConfig
{
public:
diff --git a/tests/unit-tests/ca-config.t.cpp b/tests/unit-tests/ca-config.t.cpp
index 09a0d08..e803254 100644
--- a/tests/unit-tests/ca-config.t.cpp
+++ b/tests/unit-tests/ca-config.t.cpp
@@ -32,31 +32,25 @@
BOOST_AUTO_TEST_CASE(ReadConfigFileWithFileAnchor)
{
- CaConfig config("tests/unit-tests/ca.conf.test");
- BOOST_CHECK_EQUAL(config.m_caName.toUri(), "/ndn/edu/ucla/cs/zhiyi");
- BOOST_CHECK_EQUAL(config.m_freshPeriod, 720);
- BOOST_CHECK_EQUAL(config.m_anchor->getName().toUri(),
+ CaConfig config;
+ config.load("tests/unit-tests/ca.conf.test");
+ auto itemA = config.m_caItems.front();
+ BOOST_CHECK_EQUAL(itemA.m_caName.toUri(), "/ndn/edu/ucla/cs/zhiyi");
+ BOOST_CHECK_EQUAL(itemA.m_probe, "true");
+ BOOST_CHECK_EQUAL(itemA.m_freshnessPeriod, time::seconds(720));
+ BOOST_CHECK_EQUAL(itemA.m_validityPeriod, time::days(360));
+ BOOST_CHECK_EQUAL(itemA.m_anchor.toUri(),
+ "/ndn/edu/ucla/cs/zhiyi/KEY/%9A%E0%C6%C6%09%7C%92i/self/%FD%00%00%01Z%B0%2AJ%B4");
+ BOOST_CHECK_EQUAL(itemA.m_supportedChallenges.size(), 1);
+
+ auto itemB = config.m_caItems.back();
+ BOOST_CHECK_EQUAL(itemB.m_caName.toUri(), "/ndn/site1");
+ BOOST_CHECK_EQUAL(itemB.m_probe, "true");
+ BOOST_CHECK_EQUAL(itemB.m_freshnessPeriod, time::seconds(720));
+ BOOST_CHECK_EQUAL(itemB.m_validityPeriod, time::days(360));
+ BOOST_CHECK_EQUAL(itemB.m_anchor.toUri(),
"/ndn/site1/KEY/%11%BC%22%F4c%15%FF%17/self/%FD%00%00%01Y%C8%14%D9%A5");
- BOOST_CHECK_EQUAL(config.m_availableChallenges.size(), 1);
-}
-
-BOOST_AUTO_TEST_CASE(ReadConfigFileWithBase64Anchor)
-{
- auto identity = addIdentity(Name("/ndn/site1"));
- auto key = identity.getDefaultKey();
- auto cert = key.getDefaultCertificate();
-
- using namespace security::transform;
- std::stringstream ss;
- bufferSource(cert.wireEncode().wire(), cert.wireEncode().size()) >> base64Encode() >> streamSink(ss);
-
- const std::string certBase64 = ss.str();
-
- CaConfig config("tests/unit-tests/ca.conf.test");
- config.m_config.put("ca-anchor.type", "base64");
- config.m_config.put("ca-anchor.value", certBase64);
- config.load();
- BOOST_CHECK_EQUAL(*(config.m_anchor), cert);
+ BOOST_CHECK_EQUAL(itemB.m_supportedChallenges.size(), 1);
}
BOOST_AUTO_TEST_SUITE_END() // TestCaConfig
diff --git a/tests/unit-tests/ca.conf.test b/tests/unit-tests/ca.conf.test
index 8459594..838d9c4 100644
--- a/tests/unit-tests/ca.conf.test
+++ b/tests/unit-tests/ca.conf.test
@@ -1,73 +1,29 @@
-; The namespace that the NDN Certificate Authority will serve.
-name "/ndn/edu/ucla/cs/zhiyi"
-
-; This section configures parameter(s) of the issued certificates.
-certificate-info
{
- ; freshness-period defines the freshness period of newly issued certificates.
- freshness-period 720
-}
-
-; This ca-anchor section configures the CA certificate.
-;
-; The type defines the type of certificate. Now NDNCERT supports two types:
-;
-; file; value should be the file name of the certificate file
-; base64; value should be the Base64 encoded plain text of NDN certificate bytes
-;
-ca-anchor
-{
- type file
- value "ca.ndncert.test"
-}
-
-; This challenge-list section defines a list of all available challenge types.
-;
-; It includes one or more challenge. For every challenge, the type should be
-; the unique type identifier of the registered Challenge Module.
-;
-challenge-list
-{
- challenge
- {
- type pin
- }
-}
-
-;
-validator-conf
-{
- ; This section defines the trust model for NDNCERT CaModule validator. It consists of rules
- ; and trust-anchors, which are briefly defined in this file. For more information refer to
- ; manpage of ndn-validator.conf:
- ;
- ; man ndn-validator.conf
- ;
- ; A trust-anchor is a pre-trusted certificate. This can be any certificate that is the root
- ; of certification chain (e.g., NDN testbed root certificate) or an existing default system
- ; certificate `default.ndncert`. A rule defines conditions a valid packet MUST have. A
- ; packet must satisfy one of the rules defined here. A rule can be broken into two parts:
- ; matching & checking. A packet will be matched against rules from the first to the last
- ; until a matched rule is encountered. The matched rule will be used to check the packet. If
- ; a packet does not match any rule, it will be treated as invalid. The matching part of a
- ; rule consists of `for` and `filter` sections. They collectively define which packets can be
- ; checked with this rule. `for` defines packet type (data or interest) and `filter` defines
- ; conditions on other properties of a packet. Right now, you can only define conditions on
- ; packet name, and you can only specify ONLY ONE filter for packet name. The checking part
- ; of a rule consists of `checker`, which defines the conditions that a VALID packet MUST
- ; have. See comments in checker section for more details.
- rule
- {
- id "zhiyi interest rule"
- for interest
- filter
+ "ca-list":
+ [
{
- type name
- regex ^<ndn><edu><ucla><cs><zhiyi>[<_NEW><_POLL>]<>*$
- }
- trust-anchor
+ "ca-prefix": "/ndn/edu/ucla/cs/zhiyi",
+ "ca-info": "UCLA's ceritificate authority, located in BH4805.",
+ "probe": "true",
+ "issuing-freshness": "720",
+ "validity-period": "360",
+ "ca-anchor": "/ndn/edu/ucla/cs/zhiyi/KEY/%9A%E0%C6%C6%09%7C%92i/self/%FD%00%00%01Z%B0%2AJ%B4",
+ "supported-challenges":
+ [
+ { "type": "PIN" }
+ ]
+ },
{
- type any
+ "ca-prefix": "/ndn/site1",
+ "ca-info": "UCLA's ceritificate authority, located in BH4805.",
+ "probe": "true",
+ "issuing-freshness": "720",
+ "validity-period": "360",
+ "ca-anchor": "/ndn/site1/KEY/%11%BC%22%F4c%15%FF%17/self/%FD%00%00%01Y%C8%14%D9%A5",
+ "supported-challenges":
+ [
+ { "type": "PIN" }
+ ]
}
- }
-}
+ ]
+}
\ No newline at end of file
diff --git a/tests/unit-tests/ca.ndncert.test b/tests/unit-tests/ca.ndncert.test
deleted file mode 100644
index e7d29bf..0000000
--- a/tests/unit-tests/ca.ndncert.test
+++ /dev/null
@@ -1,12 +0,0 @@
-Bv0CJAcsCANuZG4IBXNpdGUxCANLRVkICBG8IvRjFf8XCARzZWxmCAn9AAABWcgU
-2aUUCRgBAhkEADbugBX9AU8wggFLMIIBAwYHKoZIzj0CATCB9wIBATAsBgcqhkjO
-PQEBAiEA/////wAAAAEAAAAAAAAAAAAAAAD///////////////8wWwQg/////wAA
-AAEAAAAAAAAAAAAAAAD///////////////wEIFrGNdiqOpPns+u9VXaYhrxlHQaw
-zFOw9jvOPD4n0mBLAxUAxJ02CIbnBJNqZnjhE50mt4GffpAEQQRrF9Hy4SxCR/i8
-5uVjpEDydwN9gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2
-QGg3v1H1AiEA/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQEDQgAE
-S9Cb9iANUNYmwt5bjwNW1mZgjzIkDJb6FTCdiYWnkMMIVxh2YDllphoWDEAPS6kq
-JczzCuhnGYpZCp9tTaYKGxZMGwEDHB0HGwgDbmRuCAVzaXRlMQgDS0VZCAgRvCL0
-YxX/F/0A/Sb9AP4PMTk3MDAxMDFUMDAwMDAw/QD/DzIwMzcwMTE3VDIxMjg0NhdI
-MEYCIQDXkR1hF3GiP7yLXq+0JBJfi9QC+hhAu/1Bykx+MWz6RAIhANwelBTxxZr2
-C5bD15mjfhWudK4I1tOb4b/9xWCHyM7F
\ No newline at end of file