Gitiles
Code Review Sign In
gerrit.named-data.net / ndncert / 1d3dcd230166d1871bd80a0a534cd4191aded21f / . / src / requester.hpp
blob: 44dd7eedfbe97fb596291c77c47586814d6fe09b [file] [log] [blame]
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
* Copyright (c) 2017-2020, Regents of the University of California.
*
* This file is part of ndncert, a certificate management system based on NDN.
*
* ndncert is free software: you can redistribute it and/or modify it under the terms
* of the GNU General Public License as published by the Free Software Foundation, either
* version 3 of the License, or (at your option) any later version.
*
* ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received copies of the GNU General Public License along with
* ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*
* See AUTHORS.md for complete list of ndncert authors and contributors.
*/
#ifndef NDNCERT_CLIENT_MODULE_HPP
#define NDNCERT_CLIENT_MODULE_HPP
#include "configuration.hpp"
#include "request-state.hpp"
#include "crypto-support/crypto-helper.hpp"
namespace ndn {
namespace ndncert {
// TODO
// For each RequesterState, create a validator instance and initialize it with CA's cert
// The validator instance should be in CaProfile
struct RequesterState {
explicit
RequesterState(security::v2::KeyChain& keyChain, const CaProfile& caItem, RequestType requestType);
CaProfile m_caItem;
security::v2::KeyChain& m_keyChain;
RequestType m_type;
Name m_identityName;
security::Key m_keyPair;
std::string m_requestId;
Status m_status = Status::NOT_STARTED;
std::string m_challengeType;
std::string m_challengeStatus;
int m_remainingTries = 0;
time::system_clock::TimePoint m_freshBefore;
Name m_issuedCertName;
ECDHState m_ecdh;
uint8_t m_aesKey[16] = {0};
bool m_isCertInstalled = false;
bool m_isNewlyCreatedIdentity = false;
bool m_isNewlyCreatedKey = false;
};
class Requester : noncopyable
{
public:
// INFO related helpers
static shared_ptr<Interest>
genCaProfileInterest(const Name& caName);
/**
* Will first verify the signature of the packet using the key provided inside the profile.
* The application should be cautious whether to add CaProfile into the RequesterCaCache.
*/
static boost::optional<CaProfile>
onCaProfileResponse(const Data& reply);
// PROBE related helpers
static shared_ptr<Interest>
genProbeInterest(const CaProfile& ca, std::vector<std::tuple<std::string, std::string>>&& probeInfo);
static void
onProbeResponse(const Data& reply, const CaProfile& ca,
std::vector<Name>& identityNames, std::vector<Name>& otherCas);
// NEW/REVOKE/RENEW related helpers
static shared_ptr<Interest>
genNewInterest(RequesterState& state, const Name& identityName,
const time::system_clock::TimePoint& notBefore,
const time::system_clock::TimePoint& notAfter);
static shared_ptr<Interest>
genRevokeInterest(RequesterState& state, const security::v2::Certificate& certificate);
static std::list<std::string>
onNewRenewRevokeResponse(RequesterState& state, const Data& reply);
// CHALLENGE helpers
static std::vector<std::tuple<std::string, std::string>>
selectOrContinueChallenge(RequesterState& state, const std::string& challengeSelected);
static shared_ptr<Interest>
genChallengeInterest(const RequesterState& state,
std::vector<std::tuple<std::string, std::string>>&& parameters);
static void
onChallengeResponse(RequesterState& state, const Data& reply);
static shared_ptr<Interest>
genCertFetchInterest(const RequesterState& state);
shared_ptr<security::v2::Certificate>
onCertFetchResponse(const Data& reply);
void
endSession(RequesterState& state);
private:
static void
processIfError(const Data& data);
};
} // namespace ndncert
} // namespace ndn
#endif // NDNCERT_CLIENT_MODULE_HPP