Add list function

Change-Id: I3923d4f12e2134250b5a61419d53582e5450bdde
diff --git a/client.conf.sample b/client.conf.sample
index f9135ee..e2079d3 100644
--- a/client.conf.sample
+++ b/client.conf.sample
@@ -8,5 +8,6 @@
         "target-list": "Use your email address (edu preferred) as input",
         "certificate": "Bv0CJAcsCANuZG4IBXNpdGUxCANLRVkICBG8IvRjFf8XCARzZWxmCAn9AAABWcgU2aUUCRgBAhkEADbugBX9AU8wggFLMIIBAwYHKoZIzj0CATCB9wIBATAsBgcqhkjOPQEBAiEA/////wAAAAEAAAAAAAAAAAAAAAD///////////////8wWwQg/////wAAAAEAAAAAAAAAAAAAAAD///////////////wEIFrGNdiqOpPns+u9VXaYhrxlHQawzFOw9jvOPD4n0mBLAxUAxJ02CIbnBJNqZnjhE50mt4GffpAEQQRrF9Hy4SxCR/i85uVjpEDydwN9gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3v1H1AiEA/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQEDQgAES9Cb9iANUNYmwt5bjwNW1mZgjzIkDJb6FTCdiYWnkMMIVxh2YDllphoWDEAPS6kqJczzCuhnGYpZCp9tTaYKGxZMGwEDHB0HGwgDbmRuCAVzaXRlMQgDS0VZCAgRvCL0YxX/F/0A/Sb9AP4PMTk3MDAxMDFUMDAwMDAw/QD/DzIwMzcwMTE3VDIxMjg0NhdIMEYCIQDXkR1hF3GiP7yLXq+0JBJfi9QC+hhAu/1Bykx+MWz6RAIhANwelBTxxZr2C5bD15mjfhWudK4I1tOb4b/9xWCHyM7F"
     }
-  ]
+  ],
+  "local-ndncert-anchor": "/usr/local/etc/ndncert/anchor.key"
 }
\ No newline at end of file
diff --git a/src/ca-module.cpp b/src/ca-module.cpp
index 38b23b8..f2aa498 100644
--- a/src/ca-module.cpp
+++ b/src/ca-module.cpp
@@ -21,7 +21,7 @@
 #include "ca-module.hpp"
 #include "challenge-module.hpp"
 #include "logging.hpp"
-#include <ndn-cxx/face.hpp>
+#include <ndn-cxx/util/io.hpp>
 #include <ndn-cxx/security/verification-helpers.hpp>
 #include <ndn-cxx/security/signing-helpers.hpp>
 #include <ndn-cxx/util/random.hpp>
@@ -40,48 +40,7 @@
   m_config.load(configPath);
   m_storage = CaStorage::createCaStorage(storageType);
 
-  // register prefix
-  for (const auto& item : m_config.m_caItems) {
-    Name prefix = item.m_caName;
-    prefix.append("CA");
-    try {
-      const RegisteredPrefixId* prefixId = m_face.registerPrefix(prefix,
-        [&] (const Name& name) {
-          // NEW
-          const InterestFilterId* filterId = m_face.setInterestFilter(Name(name).append("_NEW"),
-                                              bind(&CaModule::handleNew, this, _2, item));
-          m_interestFilterIds.push_back(filterId);
-          // SELECT
-          filterId = m_face.setInterestFilter(Name(name).append("_SELECT"),
-                                              bind(&CaModule::handleSelect, this, _2, item));
-          m_interestFilterIds.push_back(filterId);
-          // VALIDATE
-          filterId = m_face.setInterestFilter(Name(name).append("_VALIDATE"),
-                                              bind(&CaModule::handleValidate, this, _2, item));
-          m_interestFilterIds.push_back(filterId);
-          // STATUS
-          filterId = m_face.setInterestFilter(Name(name).append("_STATUS"),
-                                              bind(&CaModule::handleStatus, this, _2, item));
-          m_interestFilterIds.push_back(filterId);
-          // DOWNLOAD
-          filterId = m_face.setInterestFilter(Name(name).append("_DOWNLOAD"),
-                                              bind(&CaModule::handleDownload, this, _2, item));
-          m_interestFilterIds.push_back(filterId);
-          // PROBE
-          if (item.m_probe != "") {
-            filterId = m_face.setInterestFilter(Name(name).append("_PROBE"),
-                                                bind(&CaModule::handleProbe, this, _2, item));
-            m_interestFilterIds.push_back(filterId);
-          }
-          _LOG_TRACE("Prefix " << name << " got registered");
-        },
-        bind(&CaModule::onRegisterFailed, this, _2));
-      m_registeredPrefixIds.push_back(prefixId);
-    }
-    catch (const std::exception& e) {
-      _LOG_ERROR(e.what());
-    }
-  }
+  registerPrefix();
 }
 
 CaModule::~CaModule()
@@ -95,6 +54,63 @@
 }
 
 void
+CaModule::registerPrefix()
+{
+  // register localhost list prefix
+  Name localProbePrefix("/localhost/CA/_LIST");
+  auto prefixId = m_face.setInterestFilter(InterestFilter(localProbePrefix),
+                                           bind(&CaModule::handleLocalhostList, this, _2),
+                                           bind(&CaModule::onRegisterFailed, this, _2));
+  m_registeredPrefixIds.push_back(prefixId);
+  _LOG_TRACE("Prefix " << localProbePrefix << " got registered");
+
+  // register prefixes for each CA
+  for (const auto& item : m_config.m_caItems) {
+    Name prefix = item.m_caName;
+    prefix.append("CA");
+
+    prefixId = m_face.registerPrefix(prefix,
+      [&] (const Name& name) {
+        // NEW
+        auto filterId = m_face.setInterestFilter(Name(name).append("_NEW"),
+                                                 bind(&CaModule::handleNew, this, _2, item));
+        m_interestFilterIds.push_back(filterId);
+        // SELECT
+        filterId = m_face.setInterestFilter(Name(name).append("_SELECT"),
+                                            bind(&CaModule::handleSelect, this, _2, item));
+        m_interestFilterIds.push_back(filterId);
+        // VALIDATE
+        filterId = m_face.setInterestFilter(Name(name).append("_VALIDATE"),
+                                            bind(&CaModule::handleValidate, this, _2, item));
+        m_interestFilterIds.push_back(filterId);
+        // STATUS
+        filterId = m_face.setInterestFilter(Name(name).append("_STATUS"),
+                                            bind(&CaModule::handleStatus, this, _2, item));
+        m_interestFilterIds.push_back(filterId);
+        // DOWNLOAD
+        filterId = m_face.setInterestFilter(Name(name).append("_DOWNLOAD"),
+                                            bind(&CaModule::handleDownload, this, _2, item));
+        m_interestFilterIds.push_back(filterId);
+        // PROBE
+        if (item.m_probe != "") {
+          filterId = m_face.setInterestFilter(Name(name).append("_PROBE"),
+                                              bind(&CaModule::handleProbe, this, _2, item));
+          m_interestFilterIds.push_back(filterId);
+        }
+        // LIST
+        if (item.m_relatedCaList.size() > 0) {
+          filterId = m_face.setInterestFilter(Name(name).append("_LIST"),
+                                              bind(&CaModule::handleList, this, _2, item));
+          m_interestFilterIds.push_back(filterId);
+        }
+        _LOG_TRACE("Prefix " << name << " got registered");
+      },
+      bind(&CaModule::onRegisterFailed, this, _2));
+    m_registeredPrefixIds.push_back(prefixId);
+  }
+}
+
+void
 CaModule::setProbeHandler(const Name caName, const ProbeHandler& handler)
 {
   for (auto& entry : m_config.m_caItems) {
@@ -125,6 +141,123 @@
 }
 
 void
+CaModule::handleLocalhostList(const Interest& request)
+{
+  _LOG_TRACE("Got Localhost LIST request");
+
+  JsonSection root;
+  JsonSection caListSection;
+
+  for (const auto& entry : m_config.m_caItems) {
+    JsonSection caItem;
+
+    const auto& pib = m_keyChain.getPib();
+    auto identity = pib.getIdentity(entry.m_caName);
+    auto cert = identity.getDefaultKey().getDefaultCertificate();
+
+    // ca-prefix
+    Name caName = entry.m_caName;
+    caName.append("CA");
+    caItem.put("ca-prefix", caName.toUri());
+
+    // ca-info
+    std::string caInfo;
+    if (entry.m_caInfo == "") {
+      caInfo = "Issued by " + cert.getSignature().getKeyLocator().getName().toUri();
+    }
+    else {
+      caInfo = entry.m_caInfo;
+    }
+    caItem.put("ca-info", caInfo);
+
+    // probe is always false for local client
+
+    // ca-target list
+    caItem.put("target-list", entry.m_targetedList);
+
+    // certificate
+    std::stringstream ss;
+    io::save(cert, ss);
+    caItem.put("certificate", ss.str());
+
+    caListSection.push_back(std::make_pair("", caItem));
+  }
+  root.add_child("ca-list", caListSection);
+
+  Data result;
+  Name dataName = request.getName();
+  dataName.appendTimestamp();
+  result.setName(dataName);
+  result.setContent(dataContentFromJson(root));
+  m_keyChain.sign(result, signingByIdentity(m_keyChain.getPib().getDefaultIdentity().getName()));
+  m_face.put(result);
+}
+
+void
+CaModule::handleList(const Interest& request, const CaItem& caItem)
+{
+  _LOG_TRACE("Got LIST request");
+
+  bool getRecommendation = false;
+  Name recommendedCaName;
+  std::string identityName;
+
+  // LIST naming convention: /CA-prefix/CA/_LIST/[optional info]
+  if (readString(request.getName().at(-1)) != "_LIST" && caItem.m_recommendCaHandler) {
+    const auto& additionInfo = readString(request.getName().at(-1));
+    try {
+      std::tie(recommendedCaName, identityName) = caItem.m_recommendCaHandler(additionInfo, caItem.m_relatedCaList);
+      getRecommendation = true;
+    }
+    catch (const std::exception& e) {
+      _LOG_TRACE("Cannot recommend CA for LIST request. Degrade to non-target list." << e.what());
+    }
+  }
+
+  JsonSection root;
+  JsonSection caListSection;
+  if (getRecommendation) {
+    // JSON format
+    // {
+    //   "recommended-ca": "/ndn/edu/ucla"
+    //   "recommended-identity": "something"
+    //   "trust-schema": "schema Data packet name"
+    // }
+    root.put("recommended-ca", recommendedCaName.toUri());
+    root.put("recommended-identity", identityName);
+  }
+  else {
+    // JSON format
+    // {
+    //   "ca-list": [
+    //     {"ca-prefix": "/ndn/edu/ucla"},
+    //     {"ca-prefix": "/ndn/edu/memphis"},
+    //     ...
+    //   ]
+    //   "trust-schema": "schema Data packet name"
+    // }
+    for (const auto& entry : caItem.m_relatedCaList) {
+      JsonSection caItem;
+      caItem.put("ca-prefix", entry.toUri());
+      caListSection.push_back(std::make_pair("", caItem));
+    }
+    root.add_child("ca-list", caListSection);
+  }
+
+  // TODO: add trust schema
+  std::string schemaDataName = "TODO: add trust schema";
+  root.put("trust-schema", schemaDataName);
+
+  Data result;
+  Name dataName = request.getName();
+  dataName.appendTimestamp();
+  result.setName(dataName);
+  result.setContent(dataContentFromJson(root));
+  m_keyChain.sign(result, signingByIdentity(caItem.m_caName));
+  m_face.put(result);
+}
+
+void
 CaModule::handleProbe(const Interest& request, const CaItem& caItem)
 {
   // PROBE Naming Convention: /CA-prefix/CA/_PROBE/<Probe Information>
@@ -346,20 +479,56 @@
   // DOWNLOAD Naming Convention: /CA-prefix/CA/_DOWNLOAD/{Request-ID JSON}
   _LOG_TRACE("Handle DOWNLOAD request");
 
-  JsonSection requestIdJson = jsonFromNameComponent(request.getName(), caItem.m_caName.size() + 2);
-  std::string requestId = requestIdJson.get(JSON_REQUEST_ID, "");
-  security::v2::Certificate signedCert;
-  try {
-    signedCert = m_storage->getCertificate(requestId);
-  }
-  catch (const std::exception& e) {
-    _LOG_ERROR(e.what());
-    return;
-  }
-
   Data result;
   result.setName(request.getName());
-  result.setContent(signedCert.wireEncode());
+  if (readString(request.getName().at(-1)) == "ANCHOR") {
+    JsonSection contentJson;
+
+    const auto& pib = m_keyChain.getPib();
+    auto identity = pib.getIdentity(caItem.m_caName);
+    auto cert = identity.getDefaultKey().getDefaultCertificate();
+
+    // ca-prefix
+    Name caName = caItem.m_caName;
+    caName.append("CA");
+    contentJson.put("ca-prefix", caName.toUri());
+
+    // ca-info
+    std::string caInfo;
+    if (caItem.m_caInfo == "") {
+      caInfo = "Issued by " + cert.getSignature().getKeyLocator().getName().toUri();
+    }
+    else {
+      caInfo = caItem.m_caInfo;
+    }
+    contentJson.put("ca-info", caInfo);
+
+    // probe
+    contentJson.put("probe", caItem.m_probe);
+
+    // ca-target list
+    contentJson.put("target-list", caItem.m_targetedList);
+
+    // certificate
+    std::stringstream ss;
+    io::save(cert, ss);
+    contentJson.put("certificate", ss.str());
+
+    result.setContent(dataContentFromJson(contentJson));
+  }
+  else {
+    JsonSection requestIdJson = jsonFromNameComponent(request.getName(), caItem.m_caName.size() + 2);
+    std::string requestId = requestIdJson.get(JSON_REQUEST_ID, "");
+    security::v2::Certificate signedCert;
+    try {
+      signedCert = m_storage->getCertificate(requestId);
+    }
+    catch (const std::exception& e) {
+      _LOG_ERROR(e.what());
+      return;
+    }
+    result.setContent(signedCert.wireEncode());
+  }
   m_keyChain.sign(result, signingByIdentity(caItem.m_caName));
   m_face.put(result);
 }
diff --git a/src/ca-module.hpp b/src/ca-module.hpp
index 7e3a5e6..5ef9ced 100644
--- a/src/ca-module.hpp
+++ b/src/ca-module.hpp
@@ -67,9 +67,14 @@
   void
   setRequestUpdateCallback(const Name caName, const RequestUpdateCallback& onUpateCallback);
 
-
 PUBLIC_WITH_TESTS_ELSE_PRIVATE:
   void
+  handleLocalhostList(const Interest& query);
+
+  void
+  handleList(const Interest& request, const CaItem& caItem);
+
+  void
   handleProbe(const Interest& request, const CaItem& caItem);
 
   void
@@ -102,6 +107,9 @@
   static Block
   dataContentFromJson(const JsonSection& jsonSection);
 
+  void
+  registerPrefix();
+
 PUBLIC_WITH_TESTS_ELSE_PRIVATE:
   Face& m_face;
   CaConfig m_config;
diff --git a/src/client-config.cpp b/src/client-config.cpp
index 116e1d8..aeeaddc 100644
--- a/src/client-config.cpp
+++ b/src/client-config.cpp
@@ -50,23 +50,24 @@
   auto caList = configSection.get_child("ca-list");
   auto it = caList.begin();
   for (; it != caList.end(); it++) {
-    ClientCaItem item;
-    item.m_caName = Name(it->second.get<std::string>("ca-prefix"));
-    item.m_caInfo = it->second.get<std::string>("ca-info");
-    item.m_probe = it->second.get("probe", "");
-    item.m_targetedList = it->second.get("target-list", "");
-
-    std::istringstream ss(it->second.get<std::string>("certificate"));
-    item.m_anchor = *(io::load<security::v2::Certificate>(ss));
-
-    m_caItems.push_back(item);
+    m_caItems.push_back(extractCaItem(it->second));
   }
+  m_localNdncertAnchor = configSection.get("local-ndncert-anchor", "");
 }
 
-void
-ClientConfig::addNewCaItem(const ClientCaItem& item)
+ClientCaItem
+ClientConfig::extractCaItem(const JsonSection& configSection)
 {
-  m_caItems.push_back(item);
+  ClientCaItem item;
+  item.m_caName = Name(configSection.get<std::string>("ca-prefix"));
+  item.m_caInfo = configSection.get<std::string>("ca-info");
+  item.m_probe = configSection.get("probe", "");
+  item.m_targetedList = configSection.get("target-list", "");
+
+  std::istringstream ss(configSection.get<std::string>("certificate"));
+  item.m_anchor = *(io::load<security::v2::Certificate>(ss));
+
+  return item;
 }
 
 void
diff --git a/src/client-config.hpp b/src/client-config.hpp
index e32eab3..97c282b 100644
--- a/src/client-config.hpp
+++ b/src/client-config.hpp
@@ -76,11 +76,12 @@
   void
   removeCaItem(const Name& caName);
 
+  static ClientCaItem
+  extractCaItem(const JsonSection& configSection);
+
 public:
   std::list<ClientCaItem> m_caItems;
-
-PUBLIC_WITH_TESTS_ELSE_PRIVATE:
-  JsonSection m_config;
+  std::string m_localNdncertAnchor;
 };
 
 } // namespace ndncert
diff --git a/src/client-module.cpp b/src/client-module.cpp
index 9994c31..e4162d2 100644
--- a/src/client-module.cpp
+++ b/src/client-module.cpp
@@ -22,6 +22,7 @@
 #include "logging.hpp"
 #include "json-helper.hpp"
 #include "challenge-module.hpp"
+#include <ndn-cxx/util/io.hpp>
 #include <ndn-cxx/security/signing-helpers.hpp>
 #include <ndn-cxx/security/verification-helpers.hpp>
 
@@ -38,17 +39,124 @@
 }
 
 void
+ClientModule::requestCaTrustAnchor(const Name& caName, const DataCallback& trustAnchorCallback,
+                                   const ErrorCallback& errorCallback)
+{
+  Name interestName = caName;
+  interestName.append("CA").append("_DOWNLOAD").append("ANCHOR");
+  Interest interest(interestName);
+  interest.setMustBeFresh(true);
+
+  m_face.expressInterest(interest, trustAnchorCallback,
+                         bind(&ClientModule::onNack, this, _1, _2, errorCallback),
+                         bind(&ClientModule::onTimeout, this, _1, m_retryTimes,
+                              trustAnchorCallback, errorCallback));
+}
+
+void
+ClientModule::requestLocalhostList(const LocalhostListCallback& listCallback,
+                                   const ErrorCallback& errorCallback)
+{
+  Interest interest(Name("/localhost/CA/_LIST"));
+  interest.setMustBeFresh(true);
+  DataCallback dataCb = bind(&ClientModule::handleLocalhostListResponse,
+                             this, _1, _2, listCallback, errorCallback);
+  m_face.expressInterest(interest, dataCb,
+                         bind(&ClientModule::onNack, this, _1, _2, errorCallback),
+                         bind(&ClientModule::onTimeout, this, _1, m_retryTimes,
+                              dataCb, errorCallback));
+}
+
+void
+ClientModule::handleLocalhostListResponse(const Interest& request, const Data& reply,
+                                          const LocalhostListCallback& listCallback,
+                                          const ErrorCallback& errorCallback)
+{
+  // TODO: use the file path to replace the cert
+  // const auto& pib = m_keyChain.getPib();
+  // auto identity = pib.getDefaultIdentity();
+  // auto key = identity.getDefaultKey();
+  // auto cert = key.getDefaultCertificate();
+
+  auto cert = *(io::load<security::v2::Certificate>(m_config.m_localNdncertAnchor));
+
+  if (!security::verifySignature(reply, cert)) {
+    errorCallback("Cannot verify data from localhost CA");
+    return;
+  };
+
+  JsonSection contentJson = getJsonFromData(reply);
+  ClientConfig clientConf;
+  clientConf.load(contentJson);
+  listCallback(clientConf);
+}
+
+void
+ClientModule::requestList(const ClientCaItem& ca, const std::string& additionalInfo,
+                          const ListCallback& listCallback, const ErrorCallback& errorCallback)
+{
+  Name requestName(ca.m_caName);
+  requestName.append("_LIST");
+  if (additionalInfo != "") {
+    requestName.append(additionalInfo);
+  }
+  Interest interest(requestName);
+  interest.setMustBeFresh(true);
+  DataCallback dataCb = bind(&ClientModule::handleListResponse,
+                             this, _1, _2, ca, listCallback, errorCallback);
+  m_face.expressInterest(interest, dataCb,
+                         bind(&ClientModule::onNack, this, _1, _2, errorCallback),
+                         bind(&ClientModule::onTimeout, this, _1, m_retryTimes,
+                              dataCb, errorCallback));
+}
+
+void
+ClientModule::handleListResponse(const Interest& request, const Data& reply,
+                                 const ClientCaItem& ca,
+                                 const ListCallback& listCallback,
+                                 const ErrorCallback& errorCallback)
+{
+  if (!security::verifySignature(reply, ca.m_anchor)) {
+    errorCallback("Cannot verify data from " + ca.m_caName.toUri());
+    return;
+  };
+
+  std::list<Name> caList;
+  Name assignedName;
+
+  JsonSection contentJson = getJsonFromData(reply);
+  auto recommendedName = contentJson.get("recommended-identity", "");
+  if (recommendedName == "") {
+    // without recommendation
+    auto caListJson = contentJson.get_child("ca-list");
+    auto it = caListJson.begin();
+    for(; it != caListJson.end(); it++) {
+      caList.push_back(Name(it->second.get<std::string>("ca-prefix")));
+    }
+  }
+  else {
+    // with recommendation
+    Name caName(contentJson.get<std::string>("recommended-ca"));
+    caList.push_back(caName);
+    assignedName = caName.append(recommendedName);
+  }
+  Name schemaDataName(contentJson.get("trust-schema", ""));
+  listCallback(caList, assignedName, schemaDataName);
+}
+
+void
 ClientModule::sendProbe(const ClientCaItem& ca, const std::string& probeInfo,
                         const RequestCallback& requestCallback,
                         const ErrorCallback& errorCallback)
 {
   Interest interest(Name(ca.m_caName).append("_PROBE").append(probeInfo));
   interest.setMustBeFresh(true);
-  DataCallback dataCb = bind(&ClientModule::handleProbeResponse, this, _1, _2, ca, requestCallback, errorCallback);
+  DataCallback dataCb = bind(&ClientModule::handleProbeResponse,
+                             this, _1, _2, ca, requestCallback, errorCallback);
   m_face.expressInterest(interest, dataCb,
                          bind(&ClientModule::onNack, this, _1, _2, errorCallback),
-                         bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
-                              requestCallback, errorCallback));
+                         bind(&ClientModule::onTimeout, this, _1, m_retryTimes,
+                              dataCb, errorCallback));
 
   _LOG_TRACE("PROBE interest sent with Probe info " << probeInfo);
 }
@@ -104,11 +212,12 @@
   Interest interest(Name(ca.m_caName).append(Name("_NEW")).append(certRequest.wireEncode()));
   m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
 
-  DataCallback dataCb = bind(&ClientModule::handleNewResponse, this, _1, _2, state, requestCallback, errorCallback);
+  DataCallback dataCb = bind(&ClientModule::handleNewResponse,
+                             this, _1, _2, state, requestCallback, errorCallback);
   m_face.expressInterest(interest, dataCb,
                          bind(&ClientModule::onNack, this, _1, _2, errorCallback),
-                         bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
-                              requestCallback, errorCallback));
+                         bind(&ClientModule::onTimeout, this, _1, m_retryTimes,
+                              dataCb, errorCallback));
 
   _LOG_TRACE("NEW interest sent with identity " << identityName);
 }
@@ -166,11 +275,12 @@
   Interest interest(interestName);
   m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
 
-  DataCallback dataCb = bind(&ClientModule::handleSelectResponse, this, _1, _2, state, requestCallback, errorCallback);
+  DataCallback dataCb = bind(&ClientModule::handleSelectResponse,
+                             this, _1, _2, state, requestCallback, errorCallback);
   m_face.expressInterest(interest, dataCb,
                          bind(&ClientModule::onNack, this, _1, _2, errorCallback),
-                         bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
-                              requestCallback, errorCallback));
+                         bind(&ClientModule::onTimeout, this, _1, m_retryTimes,
+                              dataCb, errorCallback));
 
    _LOG_TRACE("SELECT interest sent with challenge type " << challengeType);
 }
@@ -189,7 +299,8 @@
 
   JsonSection json = getJsonFromData(reply);
 
-  _LOG_TRACE("SELECT response would change the status from " << state->m_status << " to " + json.get<std::string>(JSON_STATUS));
+  _LOG_TRACE("SELECT response would change the status from "
+             << state->m_status << " to " + json.get<std::string>(JSON_STATUS));
 
   state->m_status = json.get<std::string>(JSON_STATUS);
 
@@ -219,11 +330,12 @@
   Interest interest(interestName);
   m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
 
-  DataCallback dataCb = bind(&ClientModule::handleValidateResponse, this, _1, _2, state, requestCallback, errorCallback);
+  DataCallback dataCb = bind(&ClientModule::handleValidateResponse,
+                             this, _1, _2, state, requestCallback, errorCallback);
   m_face.expressInterest(interest, dataCb,
                          bind(&ClientModule::onNack, this, _1, _2, errorCallback),
-                         bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
-                              requestCallback, errorCallback));
+                         bind(&ClientModule::onTimeout, this, _1, m_retryTimes,
+                              dataCb, errorCallback));
 
   _LOG_TRACE("VALIDATE interest sent");
 }
@@ -267,11 +379,12 @@
 
   m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
 
-  DataCallback dataCb = bind(&ClientModule::handleStatusResponse, this, _1, _2, state, requestCallback, errorCallback);
+  DataCallback dataCb = bind(&ClientModule::handleStatusResponse,
+                             this, _1, _2, state, requestCallback, errorCallback);
   m_face.expressInterest(interest, dataCb,
                          bind(&ClientModule::onNack, this, _1, _2, errorCallback),
-                         bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
-                              requestCallback, errorCallback));
+                         bind(&ClientModule::onTimeout, this, _1, m_retryTimes,
+                              dataCb, errorCallback));
 
   _LOG_TRACE("STATUS interest sent");
 }
@@ -312,11 +425,12 @@
   Interest interest(interestName);
   interest.setMustBeFresh(true);
 
-  DataCallback dataCb = bind(&ClientModule::handleDownloadResponse, this, _1, _2, state, requestCallback, errorCallback);
+  DataCallback dataCb = bind(&ClientModule::handleDownloadResponse,
+                             this, _1, _2, state, requestCallback, errorCallback);
   m_face.expressInterest(interest, dataCb,
                          bind(&ClientModule::onNack, this, _1, _2, errorCallback),
-                         bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
-                              requestCallback, errorCallback));
+                         bind(&ClientModule::onTimeout, this, _1, m_retryTimes,
+                              dataCb, errorCallback));
 
   _LOG_TRACE("DOWNLOAD interest sent");
 }
@@ -349,13 +463,13 @@
 
 void
 ClientModule::onTimeout(const Interest& interest, int nRetriesLeft, const DataCallback& dataCallback,
-                        const RequestCallback& requestCallback, const ErrorCallback& errorCallback)
+                        const ErrorCallback& errorCallback)
 {
   if (nRetriesLeft > 0) {
     m_face.expressInterest(interest, dataCallback,
                            bind(&ClientModule::onNack, this, _1, _2, errorCallback),
-                           bind(&ClientModule::onTimeout, this, _1, nRetriesLeft - 1, dataCallback,
-                                requestCallback, errorCallback));
+                           bind(&ClientModule::onTimeout, this, _1, nRetriesLeft - 1,
+                                dataCallback, errorCallback));
   }
   else {
     errorCallback("Run out retries: still timeout");
diff --git a/src/client-module.hpp b/src/client-module.hpp
index 5293b9a..e285ce2 100644
--- a/src/client-module.hpp
+++ b/src/client-module.hpp
@@ -29,6 +29,7 @@
 
 class RequestState
 {
+
 public:
   ClientCaItem m_ca;
   security::Key m_key;
@@ -57,6 +58,8 @@
     using std::runtime_error::runtime_error;
   };
 
+  using LocalhostListCallback = function<void (const ClientConfig&)>;
+  using ListCallback = function<void (const std::list<Name>&, const Name&, const Name&)>;
   using RequestCallback = function<void (const shared_ptr<RequestState>&)>;
   using ErrorCallback = function<void (const std::string&)>;
 
@@ -70,6 +73,37 @@
     return m_config;
   }
 
+  /**
+   * @brief Send /CA-prefix/CA/_DOWNLOAD/ANCHOR to get CA's latest anchor with the config
+   */
+  void
+  requestCaTrustAnchor(const Name& caName, const DataCallback& trustAnchorCallback,
+                       const ErrorCallback& errorCallback);
+
+  /**
+   * @brief Send /localhost/CA/List to query local available CAs
+   *
+   * For more information:
+   *   https://github.com/named-data/ndncert/wiki/Intra-Node-Design
+   */
+  void
+  requestLocalhostList(const LocalhostListCallback& listCallback, const ErrorCallback& errorCallback);
+
+  /**
+   * @brief Handle the list request response
+   */
+  void
+  handleLocalhostListResponse(const Interest& request, const Data& reply,
+                              const LocalhostListCallback& listCallback, const ErrorCallback& errorCallback);
+
+  void
+  requestList(const ClientCaItem& ca, const std::string& additionalInfo,
+              const ListCallback& listCallback, const ErrorCallback& errorCallback);
+
+  void
+  handleListResponse(const Interest& request, const Data& reply, const ClientCaItem& ca,
+                     const ListCallback& listCallback, const ErrorCallback& errorCallback);
+
   void
   sendProbe(const ClientCaItem& ca, const std::string& probeInfo,
             const RequestCallback& requestCallback, const ErrorCallback& errorCallback);
@@ -136,8 +170,8 @@
 
 protected:
   virtual void
-  onTimeout(const Interest& interest, int nRetriesLeft, const DataCallback& dataCallback,
-            const RequestCallback& requestCallback, const ErrorCallback& errorCallback);
+  onTimeout(const Interest& interest, int nRetriesLeft,
+            const DataCallback& dataCallback, const ErrorCallback& errorCallback);
 
   virtual void
   onNack(const Interest& interest, const lp::Nack& nack, const ErrorCallback& errorCallback);
diff --git a/tests/unit-tests/ca-module.t.cpp b/tests/unit-tests/ca-module.t.cpp
index 27cb9a7..5d23a9f 100644
--- a/tests/unit-tests/ca-module.t.cpp
+++ b/tests/unit-tests/ca-module.t.cpp
@@ -23,6 +23,7 @@
 #include "database-fixture.hpp"
 #include "client-module.hpp"
 #include "challenge-module.hpp"
+
 #include <ndn-cxx/util/dummy-client-face.hpp>
 #include <ndn-cxx/security/signing-helpers.hpp>
 #include <ndn-cxx/security/transform/public-key.hpp>
@@ -48,8 +49,8 @@
   BOOST_CHECK_EQUAL(ca.getCaStorage()->getCertificate("111").getIdentity(), Name("/ndn/site2"));
 
   advanceClocks(time::milliseconds(20), 60);
-  BOOST_CHECK_EQUAL(ca.m_registeredPrefixIds.size(), 3);
-  BOOST_CHECK_EQUAL(ca.m_interestFilterIds.size(), 17);
+  BOOST_CHECK_EQUAL(ca.m_registeredPrefixIds.size(), 4);
+  BOOST_CHECK_EQUAL(ca.m_interestFilterIds.size(), 18);
 }
 
 BOOST_AUTO_TEST_CASE(HandleProbe)
@@ -160,6 +161,95 @@
   BOOST_CHECK_EQUAL(nClientInterest, 1);
 }
 
+BOOST_AUTO_TEST_CASE(HandleLocalhostList)
+{
+  auto identity0 = addIdentity(Name("/ndn"));
+  auto identity1 = addIdentity(Name("/ndn/edu/ucla/cs/zhiyi"));
+  auto identity2 = addIdentity(Name("/ndn/site1"));
+  m_keyChain.setDefaultIdentity(identity0);
+
+  util::DummyClientFace face(m_io, {true, true});
+  CaModule ca(face, m_keyChain, "tests/unit-tests/ca.conf.test");
+
+  advanceClocks(time::milliseconds(20), 60);
+  Interest interest(Name("/localhost/CA/_LIST"));
+
+  int count = 0;
+  face.onSendData.connect([&] (const Data& response) {
+      count++;
+      JsonSection contentJson = ClientModule::getJsonFromData(response);
+      ClientConfig clientConf;
+      clientConf.load(contentJson);
+      BOOST_CHECK_EQUAL(clientConf.m_caItems.size(), 3);
+    });
+  face.receive(interest);
+
+  advanceClocks(time::milliseconds(20), 60);
+  BOOST_CHECK_EQUAL(count, 1);
+}
+
+BOOST_AUTO_TEST_CASE(HandleList)
+{
+  auto identity0 = addIdentity(Name("/ndn"));
+  util::DummyClientFace face(m_io, {true, true});
+  CaModule ca(face, m_keyChain, "tests/unit-tests/ca.conf.test");
+
+  advanceClocks(time::milliseconds(20), 60);
+  Interest interest(Name("/ndn/CA/_LIST"));
+
+  int count = 0;
+  face.onSendData.connect([&] (const Data& response) {
+      count++;
+      JsonSection contentJson = ClientModule::getJsonFromData(response);
+      BOOST_CHECK_EQUAL(contentJson.get_child("ca-list").size(), 2);
+      std::string schemaDataName = contentJson.get<std::string>("trust-schema");
+      BOOST_CHECK_EQUAL(schemaDataName, "TODO: add trust schema");
+    });
+  face.receive(interest);
+
+  advanceClocks(time::milliseconds(20), 60);
+  BOOST_CHECK_EQUAL(count, 1);
+}
+
+BOOST_AUTO_TEST_CASE(HandleTargetList)
+{
+  auto identity0 = addIdentity(Name("/ndn"));
+  util::DummyClientFace face(m_io, {true, true});
+  CaModule ca(face, m_keyChain, "tests/unit-tests/ca.conf.test");
+  ca.setRecommendCaHandler(Name("/ndn"),
+    [] (const std::string& input, const std::list<Name>& list) -> std::tuple<Name, std::string> {
+      Name recommendedCa;
+      std::string identity;
+      for (auto caName : list) {
+        std::string univName = readString(caName.get(-1));
+        if (input.find(univName) != std::string::npos) {
+          recommendedCa = caName;
+          identity = input.substr(0, input.find("@"));
+        }
+      }
+      return std::make_tuple(recommendedCa, identity);
+    });
+
+  advanceClocks(time::milliseconds(20), 60);
+  Interest interest(Name("/ndn/CA/_LIST/example@memphis.edu"));
+
+  int count = 0;
+  face.onSendData.connect([&] (const Data& response) {
+      count++;
+      JsonSection contentJson = ClientModule::getJsonFromData(response);
+      std::string recommendedCA = contentJson.get<std::string>("recommended-ca");
+      std::string recommendedIdentity = contentJson.get<std::string>("recommended-identity");
+      std::string schemaDataName = contentJson.get<std::string>("trust-schema");
+      BOOST_CHECK_EQUAL(recommendedCA, "/ndn/edu/memphis");
+      BOOST_CHECK_EQUAL(recommendedIdentity, "example");
+      BOOST_CHECK_EQUAL(schemaDataName, "TODO: add trust schema");
+    });
+  face.receive(interest);
+
+  advanceClocks(time::milliseconds(20), 60);
+  BOOST_CHECK_EQUAL(count, 1);
+}
+
 BOOST_AUTO_TEST_SUITE_END() // TestCaModule
 
 } // namespace tests
diff --git a/tests/unit-tests/client-config.t.cpp b/tests/unit-tests/client-config.t.cpp
index 9e03da0..6035510 100644
--- a/tests/unit-tests/client-config.t.cpp
+++ b/tests/unit-tests/client-config.t.cpp
@@ -41,6 +41,8 @@
   BOOST_CHECK_EQUAL(item.m_targetedList, "Use your email address (edu preferred) as input");
   BOOST_CHECK_EQUAL(item.m_anchor.getName().toUri(),
                     "/ndn/site1/KEY/%11%BC%22%F4c%15%FF%17/self/%FD%00%00%01Y%C8%14%D9%A5");
+
+  BOOST_CHECK_EQUAL(config.m_localNdncertAnchor, "/usr/local/etc/ndncert/anchor.key");
 }
 
 BOOST_AUTO_TEST_CASE(AddAndRemoveCaItem)
@@ -53,7 +55,7 @@
   item.m_caInfo = "test";
   item.m_probe = "test";
 
-  config.addNewCaItem(item);
+  config.m_caItems.push_back(item);
   BOOST_CHECK_EQUAL(config.m_caItems.size(), 3);
   auto lastItem = config.m_caItems.back();
   BOOST_CHECK_EQUAL(lastItem.m_caName.toUri(), "/test");
diff --git a/tests/unit-tests/client.conf.test b/tests/unit-tests/client.conf.test
index 222d6c5..9c39af1 100644
--- a/tests/unit-tests/client.conf.test
+++ b/tests/unit-tests/client.conf.test
@@ -13,5 +13,6 @@
         "ca-info": "Zhiyi's own ceritificate authority",
         "certificate": "Bv0CJAcsCANuZG4IBXNpdGUxCANLRVkICBG8IvRjFf8XCARzZWxmCAn9AAABWcgU2aUUCRgBAhkEADbugBX9AU8wggFLMIIBAwYHKoZIzj0CATCB9wIBATAsBgcqhkjOPQEBAiEA/////wAAAAEAAAAAAAAAAAAAAAD///////////////8wWwQg/////wAAAAEAAAAAAAAAAAAAAAD///////////////wEIFrGNdiqOpPns+u9VXaYhrxlHQawzFOw9jvOPD4n0mBLAxUAxJ02CIbnBJNqZnjhE50mt4GffpAEQQRrF9Hy4SxCR/i85uVjpEDydwN9gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3v1H1AiEA/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQEDQgAES9Cb9iANUNYmwt5bjwNW1mZgjzIkDJb6FTCdiYWnkMMIVxh2YDllphoWDEAPS6kqJczzCuhnGYpZCp9tTaYKGxZMGwEDHB0HGwgDbmRuCAVzaXRlMQgDS0VZCAgRvCL0YxX/F/0A/Sb9AP4PMTk3MDAxMDFUMDAwMDAw/QD/DzIwMzcwMTE3VDIxMjg0NhdIMEYCIQDXkR1hF3GiP7yLXq+0JBJfi9QC+hhAu/1Bykx+MWz6RAIhANwelBTxxZr2C5bD15mjfhWudK4I1tOb4b/9xWCHyM7F"
     }
-  ]
+  ],
+  "local-ndncert-anchor": "/usr/local/etc/ndncert/anchor.key"
 }
\ No newline at end of file
diff --git a/tools/ndncert-ca-server.cpp b/tools/ndncert-ca-server.cpp
index 75dd400..7377fc1 100644
--- a/tools/ndncert-ca-server.cpp
+++ b/tools/ndncert-ca-server.cpp
@@ -29,6 +29,7 @@
 namespace ndn {
 namespace ndncert {
 
+
 int
 main(int argc, char* argv[])
 {
@@ -56,8 +57,23 @@
   Face face;
   security::v2::KeyChain keyChain;
   CaModule ca(face, keyChain, configFilePath);
-  face.processEvents();
 
+  ca.setRecommendCaHandler(Name("/ndn"),
+    [] (const std::string& input, const std::list<Name>& list) -> std::tuple<Name, std::string> {
+      Name recommendedCa;
+      std::string identity;
+      for (auto caName : list) {
+        std::string univName = readString(caName.get(-1));
+        if (input.find(univName) != std::string::npos) {
+          recommendedCa = caName;
+          identity = input.substr(0, input.find("@"));
+          break;
+        }
+      }
+      return std::make_tuple(recommendedCa, identity);
+    });
+
+  face.processEvents();
   return 0;
 }
 
diff --git a/tools/ndncert-client.cpp b/tools/ndncert-client.cpp
index 7f082d8..a4b3368 100644
--- a/tools/ndncert-client.cpp
+++ b/tools/ndncert-client.cpp
@@ -20,18 +20,19 @@
 
 #include "client-module.hpp"
 #include "challenge-module.hpp"
-#include "logging.hpp"
 
 #include <iostream>
+#include <string>
 
 #include <boost/program_options/options_description.hpp>
 #include <boost/program_options/variables_map.hpp>
 #include <boost/program_options/parsers.hpp>
+#include <ndn-cxx/security/verification-helpers.hpp>
 
 namespace ndn {
 namespace ndncert {
 
-_LOG_INIT(ndncert.clientTool);
+int nStep;
 
 class ClientTool
 {
@@ -44,23 +45,101 @@
   void
   errorCb(const std::string& errorInfo)
   {
-    _LOG_TRACE("Error: " << errorInfo);
+    std::cerr << "Error: " << errorInfo << std::endl;
   }
 
   void
-  downloadCb(const shared_ptr<RequestState>& state, int& nStep)
+  downloadCb(const shared_ptr<RequestState>& state)
   {
-    _LOG_TRACE("Certificate has already been installed to local keychain");
+    std::cerr << "Step " << nStep++
+              << "DONE! Certificate has already been installed to local keychain" << std::endl;
     return;
   }
 
   void
-  validateCb(const shared_ptr<RequestState>& state, int& nStep)
+  anchorCb(const Interest& request, const Data& reply,
+           const ClientCaItem& anchorItem, const Name& assignedName)
+  {
+    auto contentJson = ClientModule::getJsonFromData(reply);
+    auto caItem = ClientConfig::extractCaItem(contentJson);
+
+    if (!security::verifySignature(caItem.m_anchor, anchorItem.m_anchor)) {
+      std::cerr << "Fail to verify fetched anchor" << std::endl;
+      return;
+    }
+    client.getClientConf().m_caItems.push_back(caItem);
+
+    if (assignedName.toUri() != "/") {
+      client.sendNew(caItem, assignedName,
+                     bind(&ClientTool::newCb, this, _1),
+                     bind(&ClientTool::errorCb, this, _1));
+    }
+    else {
+      if (caItem.m_probe != "") {
+        std::cerr <<"Step " << nStep++ << ": Probe Requirement-" << caItem.m_probe << std::endl;
+        std::string probeInfo;
+        getline(std::cin, probeInfo);
+        client.sendProbe(caItem, probeInfo,
+                         bind(&ClientTool::newCb, this, _1),
+                         bind(&ClientTool::errorCb, this, _1));
+      }
+      else {
+        std::cerr <<"Step " << nStep++ << ": Please type in the identity name" << std::endl;
+        std::string nameComponent;
+        getline(std::cin, nameComponent);
+        Name identityName = caItem.m_caName.getPrefix(-1);
+        identityName.append(nameComponent);
+        client.sendNew(caItem, identityName,
+                       bind(&ClientTool::newCb, this, _1),
+                       bind(&ClientTool::errorCb, this, _1));
+      }
+    }
+  }
+
+  void
+  listCb(const std::list<Name>& caList, const Name& assignedName, const Name& schema,
+         const ClientCaItem& caItem)
+  {
+    if (assignedName.toUri() != "" && caList.size() == 1) {
+      // with recommendation
+
+      std::cerr << "Get recommended CA: " << caList.front()
+                << "Get recommended Identity: " << assignedName << std::endl;
+      client.requestCaTrustAnchor(caList.front(),
+                                  bind(&ClientTool::anchorCb, this, _1, _2, caItem, assignedName),
+                                  bind(&ClientTool::errorCb, this, _1));
+    }
+    else {
+      // without recommendation
+      int count = 0;
+      for (auto name : caList) {
+        std::cerr << "***************************************" << "\n"
+                  << "Index: " << count++ << "\n"
+                  << "CA prefix:" << name << "\n"
+                  << "***************************************" << std::endl;
+      }
+      std::cerr << "Select an index to apply for a certificate."<< std::endl;
+
+      std::string option;
+      getline(std::cin, option);
+      int caIndex = std::stoi(option);
+
+      std::vector<Name> caVector{std::begin(caList), std::end(caList)};
+      Name targetCaName = caVector[caIndex];
+
+      client.requestCaTrustAnchor(targetCaName,
+                                  bind(&ClientTool::anchorCb, this, _1, _2, caItem, Name("")),
+                                  bind(&ClientTool::errorCb, this, _1));
+    }
+  }
+
+  void
+  validateCb(const shared_ptr<RequestState>& state)
   {
     if (state->m_status == ChallengeModule::SUCCESS) {
-      _LOG_TRACE("Certificate has already been issued");
+      std::cerr << "DONE! Certificate has already been issued" << std::endl;
       client.requestDownload(state,
-                             bind(&ClientTool::downloadCb, this, _1, nStep),
+                             bind(&ClientTool::downloadCb, this, _1),
                              bind(&ClientTool::errorCb, this, _1));
       return;
     }
@@ -75,17 +154,17 @@
     std::list<std::string> paraList;
     for (size_t i = 0; i < requirementList.size(); i++) {
       std::string tempParam;
-      std::cin >> tempParam;
+      getline(std::cin, tempParam);
       paraList.push_back(tempParam);
     }
     auto paramJson = challenge->genValidateParamsJson(state->m_status, paraList);
     client.sendValidate(state, paramJson,
-                        bind(&ClientTool::validateCb, this, _1, nStep),
+                        bind(&ClientTool::validateCb, this, _1),
                         bind(&ClientTool::errorCb, this, _1));
   }
 
   void
-  selectCb(const shared_ptr<RequestState>& state, int& nStep)
+  selectCb(const shared_ptr<RequestState>& state)
   {
     auto challenge = ChallengeModule::createChallengeModule(state->m_challengeType);
     auto requirementList = challenge->getRequirementForValidate(state->m_status);
@@ -97,25 +176,25 @@
     std::list<std::string> paraList;
     for (size_t i = 0; i < requirementList.size(); i++) {
       std::string tempParam;
-      std::cin >> tempParam;
+      getline(std::cin, tempParam);
       paraList.push_back(tempParam);
     }
 
     auto paramJson = challenge->genValidateParamsJson(state->m_status, paraList);
     client.sendValidate(state, paramJson,
-                        bind(&ClientTool::validateCb, this, _1, nStep),
+                        bind(&ClientTool::validateCb, this, _1),
                         bind(&ClientTool::errorCb, this, _1));
   }
 
   void
-  newCb(const shared_ptr<RequestState>& state, int& nStep)
+  newCb(const shared_ptr<RequestState>& state)
   {
     std::cerr << "Step" << nStep++ << ": Please select one challenge from following types." << std::endl;
     for (auto item : state->m_challengeList) {
       std::cerr << "\t" << item << std::endl;
     }
     std::string choice;
-    std::cin >> choice;
+    getline(std::cin, choice);
 
     auto challenge = ChallengeModule::createChallengeModule(choice);
     auto requirementList = challenge->getRequirementForSelect();
@@ -127,13 +206,13 @@
       }
       for (size_t i = 0; i < requirementList.size(); i++) {
         std::string tempParam;
-        std::cin >> tempParam;
+        getline(std::cin, tempParam);
         paraList.push_back(tempParam);
       }
     }
     auto paramJson = challenge->genSelectParamsJson(state->m_status, paraList);
     client.sendSelect(state, choice, paramJson,
-                      bind(&ClientTool::selectCb, this, _1, nStep),
+                      bind(&ClientTool::selectCb, this, _1),
                       bind(&ClientTool::errorCb, this, _1));
   }
 
@@ -146,10 +225,13 @@
 {
   namespace po = boost::program_options;
   std::string configFilePath = std::string(SYSCONFDIR) + "/ndncert/client.conf";
-  po::options_description description("General Usage\n  ndncert-client [-h] [-f] configFilePath-file\n");
+  bool isIntra = false;
+  po::options_description description("General Usage\n ndncert-client [-h] [-i] [-f]\n");
   description.add_options()
     ("help,h", "produce help message")
-    ("config-file,f", po::value<std::string>(&configFilePath), "config file name");
+    ("intra-node,i", "optional, if specified, switch on the intra-node mode")
+    ("config-file,f", po::value<std::string>(&configFilePath), "config file name")
+    ;
   po::positional_options_description p;
 
   po::variables_map vm;
@@ -165,50 +247,123 @@
     std::cerr << description << std::endl;
     return 0;
   }
+  if (vm.count("intra-node") != 0) {
+    isIntra = true;
+  }
 
+  nStep = 0;
   Face face;
   security::v2::KeyChain keyChain;
   ClientModule client(face, keyChain);
   client.getClientConf().load(configFilePath);
-
   ClientTool tool(client);
 
-  auto caList = client.getClientConf().m_caItems;
-  std::cerr << "Index \t CA Namespace \t CA Introduction" << std::endl;
-  int count = 0;
-  for (auto item : caList) {
-    std::cerr << count++ << "\t"
-              << item.m_caName << "\t"
-              << item.m_caInfo << std::endl;
-  }
-  std::vector<ClientCaItem> caVector{std::begin(caList), std::end(caList)};
-  int nStep = 0;
-  std::cerr << "Step" << nStep++ << ": Please type in the CA namespace index that you want to apply" << std::endl;
-  std::string caIndexS;
-  std::cin >> caIndexS;
-  int caIndex = std::stoi(caIndexS);
+  if (isIntra) {
+    client.requestLocalhostList([&](const ClientConfig& config) {
+        auto caList = config.m_caItems;
+        int count = 0;
+        for (auto item : caList) {
+          std::cerr << "***************************************" << "\n"
+                    << "Index: " << count++ << "\n"
+                    << "CA prefix:" << item.m_caName << "\n"
+                    << "Introduction: " << item.m_caInfo << "\n"
+                    << "***************************************" << std::endl;
+        }
+        std::vector<ClientCaItem> caVector{std::begin(caList), std::end(caList)};
+        std::cerr << "Step" << nStep++
+                  << ": Please type in the CA namespace index that you want to apply" << std::endl;
+        std::string caIndexS;
+        getline(std::cin, caIndexS);
+        int caIndex = std::stoi(caIndexS);
 
-  BOOST_ASSERT(caIndex <= count);
+        BOOST_ASSERT(caIndex <= count);
 
-  auto targetCaItem = caVector[caIndex];
-  if (targetCaItem.m_probe != "") {
-    std::cerr <<"Step" << nStep++ << ": Probe Requirement-" << targetCaItem.m_probe << std::endl;
-    std::string probeInfo;
-    std::cin >> probeInfo;
-    client.sendProbe(targetCaItem, probeInfo,
-                     bind(&ClientTool::newCb, &tool, _1, nStep),
-                     bind(&ClientTool::errorCb, &tool, _1));
+        auto targetCaItem = caVector[caIndex];
+        if (targetCaItem.m_probe != "") {
+          std::cerr <<"Step" << nStep++ << ": Probe Requirement-" << targetCaItem.m_probe << std::endl;
+          std::string probeInfo;
+          getline(std::cin, probeInfo);
+          client.sendProbe(targetCaItem, probeInfo,
+                           bind(&ClientTool::newCb, &tool, _1),
+                           bind(&ClientTool::errorCb, &tool, _1));
+        }
+        else {
+          std::cerr <<"Step" << nStep++ << ": Please type in the identity name" << std::endl;
+          std::string nameComponent;
+          getline(std::cin, nameComponent);
+          Name identityName = targetCaItem.m_caName.getPrefix(-1);
+          identityName.append(nameComponent);
+          client.sendNew(targetCaItem, identityName,
+                         bind(&ClientTool::newCb, &tool, _1),
+                         bind(&ClientTool::errorCb, &tool, _1));
+        }
+      },
+      bind(&ClientTool::errorCb, &tool, _1));
   }
   else {
-    std::cerr <<"Step" << nStep++ << ": Please type in the identity name" << std::endl;
-    std::string nameComponent;
-    std::cin >> nameComponent;
-    Name identityName = targetCaItem.m_caName.getPrefix(-1);
-    identityName.append(nameComponent);
-    client.sendNew(targetCaItem, identityName,
-                   bind(&ClientTool::newCb, &tool, _1, nStep),
-                   bind(&ClientTool::errorCb, &tool, _1));
+    auto caList = client.getClientConf().m_caItems;
+    int count = 0;
+    for (auto item : caList) {
+      std::cerr << "***************************************" << "\n"
+                << "Index: " << count++ << "\n"
+                << "CA prefix:" << item.m_caName << "\n"
+                << "Introduction: " << item.m_caInfo << "\n"
+                << "***************************************" << std::endl;
+    }
+    std::vector<ClientCaItem> caVector{std::begin(caList), std::end(caList)};
+    std::cerr << "Step " << nStep++ << ": Please type in the CA namespace index that you want to apply" << std::endl;
+
+    std::string caIndexS;
+    getline(std::cin, caIndexS);
+
+    int caIndex = std::stoi(caIndexS);
+
+    BOOST_ASSERT(caIndex <= count);
+
+    auto targetCaItem = caVector[caIndex];
+    std::cerr << "You want a namespace with prefix (A) /ndn or (B) a sub-namespace of "
+              << targetCaItem.m_caName << "?" << std::endl;
+    std::string listOption;
+    getline(std::cin, listOption);
+    if (listOption == "A" || listOption == "a") {
+      // should directly send _PROBE or _NEW
+      if (targetCaItem.m_probe != "") {
+        std::cerr <<"Step " << nStep++ << ": Probe Requirement-" << targetCaItem.m_probe << std::endl;
+        std::string probeInfo;
+        getline(std::cin, probeInfo);
+        client.sendProbe(targetCaItem, probeInfo,
+                         bind(&ClientTool::newCb, &tool, _1),
+                         bind(&ClientTool::errorCb, &tool, _1));
+      }
+      else {
+        std::cerr <<"Step " << nStep++ << ": Please type in the identity name" << std::endl;
+        std::string nameComponent;
+        getline(std::cin, nameComponent);
+        Name identityName = targetCaItem.m_caName.getPrefix(-1);
+        identityName.append(nameComponent);
+        client.sendNew(targetCaItem, identityName,
+                       bind(&ClientTool::newCb, &tool, _1),
+                       bind(&ClientTool::errorCb, &tool, _1));
+      }
+    }
+    else if (listOption == "B" || listOption == "b") {
+      std::string additionalInfo = "";
+      if (targetCaItem.m_targetedList != "") {
+        std::cerr <<"Step " << nStep++
+                  << ": Enter nothing if you want to see all available sub-namespace CAs"
+                  << "or follow the instruction to get a recommended CA\n"
+                  << "\t" << targetCaItem.m_targetedList << std::endl;
+        getline(std::cin, additionalInfo);
+      }
+      client.requestList(targetCaItem, additionalInfo,
+                         bind(&ClientTool::listCb, &tool, _1, _2, _3, targetCaItem),
+                         bind(&ClientTool::errorCb, &tool, _1));
+    }
+    else {
+      std::cerr << "Your input is not an option." << std::endl;
+    }
   }
+
   face.processEvents();
   return 0;
 }