Certificate revocation
Adds the handling of certificate revocation according to ndncert protocol v0.2.
Includes handing on CA module, client module as well as the test cases for these funcationalities.
Currently no internal database are being updated from the revocation.
This actual update and propagation of revocation information needs to relies on a certificate log, which can be attached to the CA module using status update callback.
Change-Id: I21f912285161ce781e17d222e640c8f0c57b50f7
diff --git a/src/protocol-detail/revoke.cpp b/src/protocol-detail/revoke.cpp
new file mode 100644
index 0000000..5bde720
--- /dev/null
+++ b/src/protocol-detail/revoke.cpp
@@ -0,0 +1,74 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2017-2020, Regents of the University of California.
+ *
+ * This file is part of ndncert, a certificate management system based on NDN.
+ *
+ * ndncert is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License along with
+ * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndncert authors and contributors.
+ */
+
+#include "revoke.hpp"
+#include "../logging.hpp"
+#include "../ndncert-common.hpp"
+
+#include <ndn-cxx/security/transform/base64-encode.hpp>
+#include <ndn-cxx/security/transform/buffer-source.hpp>
+#include <ndn-cxx/security/transform/stream-sink.hpp>
+#include <ndn-cxx/util/logger.hpp>
+
+namespace ndn {
+namespace ndncert {
+
+_LOG_INIT(ndncert.client);
+
+Block
+REVOKE::encodeApplicationParameters(const std::string& ecdhPub, const security::v2::Certificate& certToRevoke)
+{
+ Block request = makeEmptyBlock(tlv::ApplicationParameters);
+ std::stringstream ss;
+ try {
+ security::transform::bufferSource(certToRevoke.wireEncode().wire(), certToRevoke.wireEncode().size())
+ >> security::transform::base64Encode(false)
+ >> security::transform::streamSink(ss);
+ }
+ catch (const security::transform::Error& e) {
+ _LOG_ERROR("Cannot convert self-signed cert into BASE64 string " << e.what());
+ return request;
+ }
+
+ request.push_back(makeStringBlock(tlv_ecdh_pub, ecdhPub));
+ request.push_back(makeNestedBlock(tlv_cert_to_revoke, certToRevoke));
+ request.encode();
+ return request;
+}
+
+Block
+REVOKE::encodeDataContent(const std::string& ecdhKey, const std::string& salt,
+ const CertificateRequest& request,
+ const std::list<std::string>& challenges)
+{
+ Block response = makeEmptyBlock(tlv::Content);
+ response.push_back(makeStringBlock(tlv_ecdh_pub, ecdhKey));
+ response.push_back(makeStringBlock(tlv_salt, salt));
+ response.push_back(makeStringBlock(tlv_request_id, request.m_requestId));
+ response.push_back(makeNonNegativeIntegerBlock(tlv_status, request.m_status));
+ for (const auto& entry: challenges) {
+ response.push_back(makeStringBlock(tlv_challenge, entry));
+ }
+ response.encode();
+ return response;
+}
+
+} // namespace ndncert
+} // namespace ndn
\ No newline at end of file