add RestartSec in systemd file, remove status field from NEW packets
Change-Id: Ia4e6831af565ad19d9b0a778ea9fb5ae1ec652c5
diff --git a/src/ca-module.cpp b/src/ca-module.cpp
index a99bbd2..6b370dc 100644
--- a/src/ca-module.cpp
+++ b/src/ca-module.cpp
@@ -45,8 +45,8 @@
CaModule::CaModule(Face& face, security::KeyChain& keyChain,
const std::string& configPath, const std::string& storageType)
- : m_face(face)
- , m_keyChain(keyChain)
+ : m_face(face)
+ , m_keyChain(keyChain)
{
// load the config and create storage
m_config.load(configPath);
@@ -76,36 +76,37 @@
prefix.append("CA");
auto prefixId = m_face.registerPrefix(
- prefix,
- [&](const Name& name) {
- // register INFO RDR metadata prefix
- name::Component metaDataComp(32, reinterpret_cast<const uint8_t*>("metadata"), std::strlen("metadata"));
- auto filterId = m_face.setInterestFilter(Name(name).append("INFO").append(metaDataComp),
- bind(&CaModule::onCaProfileDiscovery, this, _2));
- m_interestFilterHandles.push_back(filterId);
+ prefix,
+ [&](const Name& name)
+ {
+ // register INFO RDR metadata prefix
+ name::Component metaDataComp(32, reinterpret_cast<const uint8_t*>("metadata"), std::strlen("metadata"));
+ auto filterId = m_face.setInterestFilter(Name(name).append("INFO").append(metaDataComp),
+ bind(&CaModule::onCaProfileDiscovery, this, _2));
+ m_interestFilterHandles.push_back(filterId);
- // register PROBE prefix
- filterId = m_face.setInterestFilter(Name(name).append("PROBE"),
- bind(&CaModule::onProbe, this, _2));
- m_interestFilterHandles.push_back(filterId);
+ // register PROBE prefix
+ filterId = m_face.setInterestFilter(Name(name).append("PROBE"),
+ bind(&CaModule::onProbe, this, _2));
+ m_interestFilterHandles.push_back(filterId);
- // register NEW prefix
- filterId = m_face.setInterestFilter(Name(name).append("NEW"),
- bind(&CaModule::onNewRenewRevoke, this, _2, RequestType::NEW));
- m_interestFilterHandles.push_back(filterId);
+ // register NEW prefix
+ filterId = m_face.setInterestFilter(Name(name).append("NEW"),
+ bind(&CaModule::onNewRenewRevoke, this, _2, RequestType::NEW));
+ m_interestFilterHandles.push_back(filterId);
- // register SELECT prefix
- filterId = m_face.setInterestFilter(Name(name).append("CHALLENGE"),
- bind(&CaModule::onChallenge, this, _2));
- m_interestFilterHandles.push_back(filterId);
+ // register SELECT prefix
+ filterId = m_face.setInterestFilter(Name(name).append("CHALLENGE"),
+ bind(&CaModule::onChallenge, this, _2));
+ m_interestFilterHandles.push_back(filterId);
- // register REVOKE prefix
- filterId = m_face.setInterestFilter(Name(name).append("REVOKE"),
- bind(&CaModule::onNewRenewRevoke, this, _2, RequestType::REVOKE));
- m_interestFilterHandles.push_back(filterId);
- NDN_LOG_TRACE("Prefix " << name << " got registered");
- },
- bind(&CaModule::onRegisterFailed, this, _2));
+ // register REVOKE prefix
+ filterId = m_face.setInterestFilter(Name(name).append("REVOKE"),
+ bind(&CaModule::onNewRenewRevoke, this, _2, RequestType::REVOKE));
+ m_interestFilterHandles.push_back(filterId);
+ NDN_LOG_TRACE("Prefix " << name << " got registered");
+ },
+ bind(&CaModule::onRegisterFailed, this, _2));
m_registeredPrefixHandles.push_back(prefixId);
}
@@ -135,7 +136,7 @@
m_profileData->setFinalBlock(segmentComp);
m_profileData->setContent(contentTLV);
m_profileData->setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
- m_keyChain.sign(*m_profileData, signingByIdentity( m_config.caProfile.caPrefix));
+ m_keyChain.sign(*m_profileData, signingByIdentity(m_config.caProfile.caPrefix));
// set back the convention
name::setConventionEncoding(convention);
@@ -155,7 +156,7 @@
Name discoveryInterestName(m_profileData->getName().getPrefix(-2));
name::Component metadataComponent(32, reinterpret_cast<const uint8_t*>("metadata"), std::strlen("metadata"));
discoveryInterestName.append(metadataComponent);
- m_face.put(metadata.makeData(discoveryInterestName, m_keyChain, signingByIdentity( m_config.caProfile.caPrefix)));
+ m_face.put(metadata.makeData(discoveryInterestName, m_keyChain, signingByIdentity(m_config.caProfile.caPrefix)));
}
void
@@ -166,7 +167,7 @@
// process PROBE requests: collect probe parameters
auto parameters = probetlv::decodeApplicationParameters(request.getApplicationParameters());
- std::vector<PartialName> availableComponents;
+ std::vector <PartialName> availableComponents;
for (auto& item : m_config.nameAssignmentFuncs) {
auto names = item->assignName(parameters);
availableComponents.insert(availableComponents.end(), names.begin(), names.end());
@@ -176,7 +177,7 @@
"Cannot generate available names from parameters provided."));
return;
}
- std::vector<Name> availableNames;
+ std::vector <Name> availableNames;
for (const auto& component : availableComponents) {
Name newIdentityName = m_config.caProfile.caPrefix;
newIdentityName.append(component);
@@ -185,9 +186,10 @@
Data result;
result.setName(request.getName());
- result.setContent(probetlv::encodeDataContent(availableNames, m_config.caProfile.maxSuffixLength, m_config.redirection));
+ result.setContent(
+ probetlv::encodeDataContent(availableNames, m_config.caProfile.maxSuffixLength, m_config.redirection));
result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
- m_keyChain.sign(result, signingByIdentity( m_config.caProfile.caPrefix));
+ m_keyChain.sign(result, signingByIdentity(m_config.caProfile.caPrefix));
m_face.put(result);
NDN_LOG_TRACE("Handle PROBE: send out the PROBE response");
}
@@ -197,7 +199,10 @@
{
//verify ca cert validity
- const auto& caCert = m_keyChain.getPib().getIdentity( m_config.caProfile.caPrefix).getDefaultKey().getDefaultCertificate();
+ const auto& caCert = m_keyChain.getPib()
+ .getIdentity(m_config.caProfile.caPrefix)
+ .getDefaultKey()
+ .getDefaultCertificate();
if (!caCert.isValid()) {
NDN_LOG_ERROR("Server certificate invalid/expired");
m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::BAD_VALIDITY_PERIOD,
@@ -209,8 +214,8 @@
// REVOKE Naming Convention: /<CA-prefix>/CA/REVOKE/[SignedInterestParameters_Digest]
// get ECDH pub key and cert request
const auto& parameterTLV = request.getApplicationParameters();
- std::vector<uint8_t> ecdhPub;
- shared_ptr<security::Certificate> clientCert;
+ std::vector <uint8_t> ecdhPub;
+ shared_ptr <security::Certificate> clientCert;
try {
requesttlv::decodeApplicationParameters(parameterTLV, requestType, ecdhPub, clientCert);
}
@@ -237,8 +242,7 @@
// get server's ECDH pub key
ECDHState ecdh;
- auto myEcdhPubKey = ecdh.getSelfPubKey();
- std::vector<uint8_t> sharedSecret;
+ std::vector <uint8_t> sharedSecret;
try {
sharedSecret = ecdh.deriveSecret(ecdhPub);
}
@@ -256,16 +260,16 @@
hkdf(sharedSecret.data(), sharedSecret.size(), salt.data(), salt.size(), aesKey.data(), aesKey.size());
// verify identity name
- if (! m_config.caProfile.caPrefix.isPrefixOf(clientCert->getIdentity())
+ if (!m_config.caProfile.caPrefix.isPrefixOf(clientCert->getIdentity())
|| !security::Certificate::isValidName(clientCert->getName())
|| clientCert->getIdentity().size() <= m_config.caProfile.caPrefix.size()) {
- NDN_LOG_ERROR("An invalid certificate name is being requested " << clientCert->getName());
- m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::NAME_NOT_ALLOWED,
- "An invalid certificate name is being requested."));
- return;
+ NDN_LOG_ERROR("An invalid certificate name is being requested " << clientCert->getName());
+ m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::NAME_NOT_ALLOWED,
+ "An invalid certificate name is being requested."));
+ return;
}
- if ( m_config.caProfile.maxSuffixLength) {
- if (clientCert->getIdentity().size() > m_config.caProfile.caPrefix.size() + * m_config.caProfile.maxSuffixLength) {
+ if (m_config.caProfile.maxSuffixLength) {
+ if (clientCert->getIdentity().size() > m_config.caProfile.caPrefix.size() + *m_config.caProfile.maxSuffixLength) {
NDN_LOG_ERROR("An invalid certificate name is being requested " << clientCert->getName());
m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::NAME_NOT_ALLOWED,
"An invalid certificate name is being requested."));
@@ -343,11 +347,10 @@
Data result;
result.setName(request.getName());
result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
- result.setContent(requesttlv::encodeDataContent(myEcdhPubKey,
- salt,
- requestState.requestId, requestState.status,
+ result.setContent(requesttlv::encodeDataContent(ecdh.getSelfPubKey(),
+ salt, requestState.requestId,
m_config.caProfile.supportedChallenges));
- m_keyChain.sign(result, signingByIdentity( m_config.caProfile.caPrefix));
+ m_keyChain.sign(result, signingByIdentity(m_config.caProfile.caPrefix));
m_face.put(result);
if (m_statusUpdateCallback) {
m_statusUpdateCallback(requestState);
@@ -404,7 +407,8 @@
if (challenge == nullptr) {
NDN_LOG_TRACE("Unrecognized challenge type: " << challengeType);
m_storage->deleteRequest(requestState->requestId);
- m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::INVALID_PARAMETER, "Unrecognized challenge type."));
+ m_face.put(
+ generateErrorDataPacket(request.getName(), ErrorCode::INVALID_PARAMETER, "Unrecognized challenge type."));
return;
}
@@ -446,7 +450,7 @@
result.setName(request.getName());
result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
result.setContent(payload);
- m_keyChain.sign(result, signingByIdentity( m_config.caProfile.caPrefix));
+ m_keyChain.sign(result, signingByIdentity(m_config.caProfile.caPrefix));
m_face.put(result);
if (m_statusUpdateCallback) {
m_statusUpdateCallback(*requestState);
@@ -475,7 +479,7 @@
return newCert;
}
-std::unique_ptr<RequestState>
+std::unique_ptr <RequestState>
CaModule::getCertificateRequest(const Interest& request)
{
RequestId requestId;
@@ -510,7 +514,7 @@
result.setName(name);
result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
result.setContent(errortlv::encodeDataContent(error, errorInfo));
- m_keyChain.sign(result, signingByIdentity( m_config.caProfile.caPrefix));
+ m_keyChain.sign(result, signingByIdentity(m_config.caProfile.caPrefix));
return result;
}
diff --git a/src/detail/new-renew-revoke-encoder.cpp b/src/detail/new-renew-revoke-encoder.cpp
index 84313e7..5ad3859 100644
--- a/src/detail/new-renew-revoke-encoder.cpp
+++ b/src/detail/new-renew-revoke-encoder.cpp
@@ -27,10 +27,11 @@
namespace ndncert {
Block
-requesttlv::encodeApplicationParameters(RequestType requestType, const std::vector<uint8_t>& ecdhPub,
- const security::Certificate& certRequest)
+requesttlv::encodeApplicationParameters(RequestType requestType, const std::vector <uint8_t>& ecdhPub,
+ const security::Certificate& certRequest)
{
- Block request(ndn::tlv::ApplicationParameters);
+ Block
+ request(ndn::tlv::ApplicationParameters);
request.push_back(makeBinaryBlock(tlv::EcdhPub, ecdhPub.data(), ecdhPub.size()));
if (requestType == RequestType::NEW || requestType == RequestType::RENEW) {
request.push_back(makeNestedBlock(tlv::CertRequest, certRequest));
@@ -44,8 +45,8 @@
void
requesttlv::decodeApplicationParameters(const Block& payload, RequestType requestType,
- std::vector<uint8_t>& ecdhPub,
- shared_ptr<security::Certificate>& clientCert)
+ std::vector <uint8_t>& ecdhPub,
+ shared_ptr <security::Certificate>& clientCert)
{
payload.parse();
@@ -63,19 +64,18 @@
requestPayload.parse();
security::Certificate cert = security::Certificate(requestPayload.get(ndn::tlv::Data));
- clientCert =std::make_shared<security::Certificate>(cert);
+ clientCert = std::make_shared<security::Certificate>(cert);
}
Block
-requesttlv::encodeDataContent(const std::vector<uint8_t>& ecdhKey, const std::array<uint8_t, 32>& salt,
- const RequestId& requestId, const Status& status,
- const std::vector<std::string>& challenges)
+requesttlv::encodeDataContent(const std::vector <uint8_t>& ecdhKey, const std::array<uint8_t, 32>& salt,
+ const RequestId& requestId,
+ const std::vector <std::string>& challenges)
{
Block response(ndn::tlv::Content);
response.push_back(makeBinaryBlock(tlv::EcdhPub, ecdhKey.data(), ecdhKey.size()));
response.push_back(makeBinaryBlock(tlv::Salt, salt.data(), salt.size()));
response.push_back(makeBinaryBlock(tlv::RequestId, requestId.data(), requestId.size()));
- response.push_back(makeNonNegativeIntegerBlock(tlv::Status, static_cast<size_t>(status)));
for (const auto& entry: challenges) {
response.push_back(makeStringBlock(tlv::Challenge, entry));
}
@@ -83,12 +83,11 @@
return response;
}
-std::list<std::string>
-requesttlv::decodeDataContent(const Block& content, std::vector<uint8_t>& ecdhKey,
- std::array<uint8_t, 32>& salt, RequestId& requestId, Status& status)
+std::list <std::string>
+requesttlv::decodeDataContent(const Block& content, std::vector <uint8_t>& ecdhKey,
+ std::array<uint8_t, 32>& salt, RequestId& requestId)
{
content.parse();
- status = statusFromBlock(content.get(tlv::Status));
const auto& ecdhBlock = content.get(tlv::EcdhPub);
ecdhKey.resize(ecdhBlock.value_size());
@@ -100,7 +99,7 @@
const auto& requestIdBlock = content.get(tlv::RequestId);
std::memcpy(requestId.data(), requestIdBlock.value(), requestIdBlock.value_size());
- std::list<std::string> challenges;
+ std::list <std::string> challenges;
for (auto const& element : content.elements()) {
if (element.type() == tlv::Challenge) {
challenges.push_back(readString(element));
diff --git a/src/detail/new-renew-revoke-encoder.hpp b/src/detail/new-renew-revoke-encoder.hpp
index 2b8e0e2..25a9989 100644
--- a/src/detail/new-renew-revoke-encoder.hpp
+++ b/src/detail/new-renew-revoke-encoder.hpp
@@ -37,12 +37,12 @@
Block
encodeDataContent(const std::vector<uint8_t>& ecdhKey, const std::array<uint8_t, 32>& salt,
- const RequestId& requestId, const Status& status,
+ const RequestId& requestId,
const std::vector<std::string>& challenges);
std::list<std::string>
decodeDataContent(const Block& content, std::vector<uint8_t>& ecdhKey,
- std::array<uint8_t, 32>& salt, RequestId& requestId, Status& status);
+ std::array<uint8_t, 32>& salt, RequestId& requestId);
} // namespace requesttlv
} // namespace ndncert
diff --git a/src/requester-request.cpp b/src/requester-request.cpp
index 7b9f47d..44e4d96 100644
--- a/src/requester-request.cpp
+++ b/src/requester-request.cpp
@@ -215,7 +215,7 @@
const auto& contentTLV = reply.getContent();
std::vector<uint8_t> ecdhKey;
std::array<uint8_t, 32> salt;
- auto challenges = requesttlv::decodeDataContent(contentTLV, ecdhKey, salt, requestId, status);
+ auto challenges = requesttlv::decodeDataContent(contentTLV, ecdhKey, salt, requestId);
// ECDH and HKDF
auto sharedSecret = ecdh.deriveSecret(ecdhKey);
diff --git a/systemd/ndncert-ca.service.in b/systemd/ndncert-ca.service.in
index 5ac1a2b..94ac006 100644
--- a/systemd/ndncert-ca.service.in
+++ b/systemd/ndncert-ca.service.in
@@ -6,6 +6,7 @@
ExecStart=@BINDIR@/ndncert-ca-server
Restart=on-failure
RestartPreventExitStatus=2
+RestartSec=5
User=ndn
[Install]
diff --git a/tests/unit-tests/protocol-encoders.t.cpp b/tests/unit-tests/protocol-encoders.t.cpp
index 5dd26b5..f432738 100644
--- a/tests/unit-tests/protocol-encoders.t.cpp
+++ b/tests/unit-tests/protocol-encoders.t.cpp
@@ -127,16 +127,14 @@
std::vector<std::string> list;
list.emplace_back("abc");
list.emplace_back("def");
- auto b = requesttlv::encodeDataContent(pub, salt, id, Status::BEFORE_CHALLENGE, list);
+ auto b = requesttlv::encodeDataContent(pub, salt, id, list);
std::vector<uint8_t> returnedPub;
std::array<uint8_t, 32> returnedSalt;
RequestId returnedId;
- Status s;
- auto retlist = requesttlv::decodeDataContent(b, returnedPub, returnedSalt, returnedId, s);
+ auto retlist = requesttlv::decodeDataContent(b, returnedPub, returnedSalt, returnedId);
BOOST_CHECK_EQUAL_COLLECTIONS(returnedPub.begin(), returnedPub.end(), pub.begin(), pub.end());
BOOST_CHECK_EQUAL_COLLECTIONS(returnedSalt.begin(), returnedSalt.end(), salt.begin(), salt.end());
BOOST_CHECK_EQUAL_COLLECTIONS(returnedId.begin(), returnedId.end(), id.begin(), id.end());
- BOOST_CHECK_EQUAL(static_cast<size_t>(s), static_cast<size_t>(Status::BEFORE_CHALLENGE));
}
BOOST_AUTO_TEST_CASE(ChallengeEncoding)