update ca-profile
Change-Id: Iae0124f4ea1e366976eed307a96e3dd540a56278
diff --git a/src/ca-module.cpp b/src/ca-module.cpp
index 0d9c85e..f4e03c0 100644
--- a/src/ca-module.cpp
+++ b/src/ca-module.cpp
@@ -50,7 +50,7 @@
{
// load the config and create storage
m_config.load(configPath);
- m_storage = CaStorage::createCaStorage(storageType, m_config.m_caItem.m_caPrefix, "");
+ m_storage = CaStorage::createCaStorage(storageType, m_config.m_caProfile.m_caPrefix, "");
random::generateSecureBytes(m_requestIdGenKey, 32);
if (m_config.m_nameAssignmentFuncs.size() == 0) {
m_config.m_nameAssignmentFuncs.push_back(NameAssignmentFunc::createNameAssignmentFunc("random"));
@@ -72,7 +72,7 @@
CaModule::registerPrefix()
{
// register prefixes
- Name prefix = m_config.m_caItem.m_caPrefix;
+ Name prefix = m_config.m_caProfile.m_caPrefix;
prefix.append("CA");
auto prefixId = m_face.registerPrefix(
@@ -120,16 +120,16 @@
{
if (m_profileData == nullptr) {
const auto& pib = m_keyChain.getPib();
- const auto& identity = pib.getIdentity(m_config.m_caItem.m_caPrefix);
+ const auto& identity = pib.getIdentity( m_config.m_caProfile.m_caPrefix);
const auto& cert = identity.getDefaultKey().getDefaultCertificate();
- Block contentTLV = infotlv::encodeDataContent(m_config.m_caItem, cert);
+ Block contentTLV = infotlv::encodeDataContent( m_config.m_caProfile, cert);
- Name infoPacketName(m_config.m_caItem.m_caPrefix);
+ Name infoPacketName( m_config.m_caProfile.m_caPrefix);
infoPacketName.append("CA").append("INFO").appendVersion().appendSegment(0);
m_profileData = std::make_unique<Data>(infoPacketName);
m_profileData->setContent(contentTLV);
m_profileData->setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
- m_keyChain.sign(*m_profileData, signingByIdentity(m_config.m_caItem.m_caPrefix));
+ m_keyChain.sign(*m_profileData, signingByIdentity( m_config.m_caProfile.m_caPrefix));
}
return *m_profileData;
}
@@ -146,7 +146,7 @@
Name discoveryInterestName(m_profileData->getName().getPrefix(-2));
name::Component metadataComponent(32, reinterpret_cast<const uint8_t*>("metadata"), std::strlen("metadata"));
discoveryInterestName.append(metadataComponent);
- m_face.put(metadata.makeData(discoveryInterestName, m_keyChain, signingByIdentity(m_config.m_caItem.m_caPrefix)));
+ m_face.put(metadata.makeData(discoveryInterestName, m_keyChain, signingByIdentity( m_config.m_caProfile.m_caPrefix)));
}
void
@@ -169,16 +169,16 @@
}
std::vector<Name> availableNames;
for (const auto& component : availableComponents) {
- Name newIdentityName = m_config.m_caItem.m_caPrefix;
+ Name newIdentityName = m_config.m_caProfile.m_caPrefix;
newIdentityName.append(component);
availableNames.push_back(newIdentityName);
}
Data result;
result.setName(request.getName());
- result.setContent(probetlv::encodeDataContent(availableNames, m_config.m_caItem.m_maxSuffixLength, m_config.m_redirection));
+ result.setContent(probetlv::encodeDataContent(availableNames, m_config.m_caProfile.m_maxSuffixLength, m_config.m_redirection));
result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
- m_keyChain.sign(result, signingByIdentity(m_config.m_caItem.m_caPrefix));
+ m_keyChain.sign(result, signingByIdentity( m_config.m_caProfile.m_caPrefix));
m_face.put(result);
NDN_LOG_TRACE("Handle PROBE: send out the PROBE response");
}
@@ -237,16 +237,16 @@
hkdf(sharedSecret.data(), sharedSecret.size(), salt.data(), salt.size(), aesKey.data(), aesKey.size());
// verify identity name
- if (!m_config.m_caItem.m_caPrefix.isPrefixOf(clientCert->getIdentity())
+ if (! m_config.m_caProfile.m_caPrefix.isPrefixOf(clientCert->getIdentity())
|| !security::Certificate::isValidName(clientCert->getName())
- || clientCert->getIdentity().size() <= m_config.m_caItem.m_caPrefix.size()) {
+ || clientCert->getIdentity().size() <= m_config.m_caProfile.m_caPrefix.size()) {
NDN_LOG_ERROR("An invalid certificate name is being requested " << clientCert->getName());
m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::NAME_NOT_ALLOWED,
"An invalid certificate name is being requested."));
return;
}
- if (m_config.m_caItem.m_maxSuffixLength) {
- if (clientCert->getIdentity().size() > m_config.m_caItem.m_caPrefix.size() + *m_config.m_caItem.m_maxSuffixLength) {
+ if ( m_config.m_caProfile.m_maxSuffixLength) {
+ if (clientCert->getIdentity().size() > m_config.m_caProfile.m_caPrefix.size() + * m_config.m_caProfile.m_maxSuffixLength) {
NDN_LOG_ERROR("An invalid certificate name is being requested " << clientCert->getName());
m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::NAME_NOT_ALLOWED,
"An invalid certificate name is being requested."));
@@ -259,7 +259,7 @@
auto expectedPeriod = clientCert->getValidityPeriod().getPeriod();
auto currentTime = time::system_clock::now();
if (expectedPeriod.first < currentTime - REQUEST_VALIDITY_PERIOD_NOT_BEFORE_GRACE_PERIOD ||
- expectedPeriod.second > currentTime + m_config.m_caItem.m_maxValidityPeriod ||
+ expectedPeriod.second > currentTime + m_config.m_caProfile.m_maxValidityPeriod ||
expectedPeriod.second <= expectedPeriod.first) {
NDN_LOG_ERROR("An invalid validity period is being requested.");
m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::BAD_VALIDITY_PERIOD,
@@ -283,7 +283,7 @@
}
else if (requestType == RequestType::REVOKE) {
//verify cert is from this CA
- const auto& cert = m_keyChain.getPib().getIdentity(m_config.m_caItem.m_caPrefix).getDefaultKey().getDefaultCertificate();
+ const auto& cert = m_keyChain.getPib().getIdentity( m_config.m_caProfile.m_caPrefix).getDefaultKey().getDefaultCertificate();
if (!security::verifySignature(*clientCert, cert)) {
NDN_LOG_ERROR("Invalid signature in the certificate to revoke.");
m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::BAD_SIGNATURE,
@@ -306,7 +306,7 @@
}
RequestId id;
std::memcpy(id.data(), requestIdData, id.size());
- RequestState requestState(m_config.m_caItem.m_caPrefix, id, requestType,
+ RequestState requestState( m_config.m_caProfile.m_caPrefix, id, requestType,
Status::BEFORE_CHALLENGE, *clientCert, std::move(aesKey));
try {
m_storage->addRequest(requestState);
@@ -323,8 +323,8 @@
result.setContent(requesttlv::encodeDataContent(myEcdhPubKeyBase64,
salt,
requestState.m_requestId, requestState.m_status,
- m_config.m_caItem.m_supportedChallenges));
- m_keyChain.sign(result, signingByIdentity(m_config.m_caItem.m_caPrefix));
+ m_config.m_caProfile.m_supportedChallenges));
+ m_keyChain.sign(result, signingByIdentity( m_config.m_caProfile.m_caPrefix));
m_face.put(result);
if (m_statusUpdateCallback) {
m_statusUpdateCallback(requestState);
@@ -422,7 +422,7 @@
result.setName(request.getName());
result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
result.setContent(payload);
- m_keyChain.sign(result, signingByIdentity(m_config.m_caItem.m_caPrefix));
+ m_keyChain.sign(result, signingByIdentity( m_config.m_caProfile.m_caPrefix));
m_face.put(result);
if (m_statusUpdateCallback) {
m_statusUpdateCallback(*requestState);
@@ -444,7 +444,7 @@
SignatureInfo signatureInfo;
signatureInfo.setValidityPeriod(period);
security::SigningInfo signingInfo(security::SigningInfo::SIGNER_TYPE_ID,
- m_config.m_caItem.m_caPrefix, signatureInfo);
+ m_config.m_caProfile.m_caPrefix, signatureInfo);
m_keyChain.sign(newCert, signingInfo);
NDN_LOG_TRACE("new cert got signed" << newCert);
@@ -456,7 +456,7 @@
{
RequestId requestId;
try {
- auto& component = request.getName().at(m_config.m_caItem.m_caPrefix.size() + 2);
+ auto& component = request.getName().at( m_config.m_caProfile.m_caPrefix.size() + 2);
std::memcpy(requestId.data(), component.value(), component.value_size());
}
catch (const std::exception& e) {
@@ -486,7 +486,7 @@
result.setName(name);
result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
result.setContent(errortlv::encodeDataContent(error, errorInfo));
- m_keyChain.sign(result, signingByIdentity(m_config.m_caItem.m_caPrefix));
+ m_keyChain.sign(result, signingByIdentity( m_config.m_caProfile.m_caPrefix));
return result;
}
diff --git a/src/detail/ca-configuration.cpp b/src/detail/ca-configuration.cpp
index b88352b..857c6a8 100644
--- a/src/detail/ca-configuration.cpp
+++ b/src/detail/ca-configuration.cpp
@@ -19,8 +19,6 @@
*/
#include "detail/ca-configuration.hpp"
-#include "identity-challenge/challenge-module.hpp"
-#include "name-assignment/assignment-func.hpp"
#include <ndn-cxx/util/io.hpp>
#include <boost/filesystem.hpp>
@@ -41,12 +39,12 @@
if (configJson.begin() == configJson.end()) {
NDN_THROW(std::runtime_error("No JSON configuration found in file: " + fileName));
}
- m_caItem.parse(configJson);
- if (m_caItem.m_supportedChallenges.size() == 0) {
+ m_caProfile = CaProfile::fromJson(configJson);
+ if (m_caProfile.m_supportedChallenges.size() == 0) {
NDN_THROW(std::runtime_error("At least one challenge should be specified."));
}
// parse redirection section if appears
- m_redirection = nullopt;
+ m_redirection.clear();
auto redirectionItems = configJson.get_child_optional(CONFIG_REDIRECTION);
if (redirectionItems) {
for (const auto& item : *redirectionItems) {
@@ -57,10 +55,7 @@
}
std::istringstream ss(caCertStr);
auto caCert = io::load<security::Certificate>(ss);
- if (!m_redirection) {
- m_redirection = std::vector<std::shared_ptr<security::Certificate>>();
- }
- m_redirection->push_back(caCert);
+ m_redirection.push_back(caCert);
}
}
// parse name assignment if appears
diff --git a/src/detail/ca-configuration.hpp b/src/detail/ca-configuration.hpp
index da170b9..9623464 100644
--- a/src/detail/ca-configuration.hpp
+++ b/src/detail/ca-configuration.hpp
@@ -22,6 +22,7 @@
#define NDNCERT_DETAIL_CA_CONFIGURATION_HPP
#include "detail/ca-profile.hpp"
+#include "name-assignment/assignment-func.hpp"
namespace ndn {
namespace ndncert {
@@ -29,7 +30,6 @@
/**
* @brief CA's configuration on NDNCERT.
- * @sa https://github.com/named-data/ndncert/wiki/NDNCERT-Protocol-0.3
*
* The format of CA configuration in JSON
* {
@@ -53,21 +53,23 @@
{
public:
/**
- * Load CA configuration from the file.
+ * @brief Load CA configuration from the file.
* @throw std::runtime_error when config file cannot be correctly parsed.
*/
void
load(const std::string& fileName);
public:
- CaProfile m_caItem;
/**
- * Used for CA redirection
- * @sa https://github.com/named-data/ndncert/wiki/NDNCERT-Protocol-0.3-PROBE-Extensions#probe-extension-for-redirection
+ * @brief the CA's profile
*/
- optional<std::vector<std::shared_ptr<security::Certificate>>> m_redirection = nullopt;
+ CaProfile m_caProfile;
/**
- * Name Assignment Functions
+ * @brief Used for CA redirection
+ */
+ std::vector<std::shared_ptr<security::Certificate>> m_redirection;
+ /**
+ * @brief Name Assignment Functions
*/
std::vector<std::unique_ptr<NameAssignmentFunc>> m_nameAssignmentFuncs;
};
diff --git a/src/detail/ca-profile.cpp b/src/detail/ca-profile.cpp
index 4599e06..bd826e9 100644
--- a/src/detail/ca-profile.cpp
+++ b/src/detail/ca-profile.cpp
@@ -20,34 +20,34 @@
#include "detail/ca-profile.hpp"
#include "identity-challenge/challenge-module.hpp"
-#include "name-assignment/assignment-func.hpp"
#include <ndn-cxx/util/io.hpp>
#include <boost/filesystem.hpp>
namespace ndn {
namespace ndncert {
-void
-CaProfile::parse(const JsonSection& configJson)
+CaProfile
+CaProfile::fromJson(const JsonSection& json)
{
+ CaProfile profile;
// CA prefix
- m_caPrefix = Name(configJson.get(CONFIG_CA_PREFIX, ""));
- if (m_caPrefix.empty()) {
+ profile.m_caPrefix = Name(json.get(CONFIG_CA_PREFIX, ""));
+ if (profile.m_caPrefix.empty()) {
NDN_THROW(std::runtime_error("Cannot parse ca-prefix from the config file"));
}
// CA info
- m_caInfo = configJson.get(CONFIG_CA_INFO, "");
+ profile.m_caInfo = json.get(CONFIG_CA_INFO, "");
// CA max validity period
- m_maxValidityPeriod = time::seconds(configJson.get(CONFIG_MAX_VALIDITY_PERIOD, 86400));
+ profile.m_maxValidityPeriod = time::seconds(json.get(CONFIG_MAX_VALIDITY_PERIOD, 86400));
// CA max suffix length
- m_maxSuffixLength = nullopt;
- auto maxSuffixLength = configJson.get_optional<size_t>(CONFIG_MAX_SUFFIX_LENGTH);
+ profile.m_maxSuffixLength = nullopt;
+ auto maxSuffixLength = json.get_optional<size_t>(CONFIG_MAX_SUFFIX_LENGTH);
if (maxSuffixLength) {
- m_maxSuffixLength = *maxSuffixLength;
+ profile.m_maxSuffixLength = *maxSuffixLength;
}
// probe parameter keys
- m_probeParameterKeys.clear();
- auto probeParametersJson = configJson.get_child_optional(CONFIG_PROBE_PARAMETERS);
+ profile.m_probeParameterKeys.clear();
+ auto probeParametersJson = json.get_child_optional(CONFIG_PROBE_PARAMETERS);
if (probeParametersJson) {
for (const auto& item : *probeParametersJson) {
auto probeParameter = item.second.get(CONFIG_PROBE_PARAMETER, "");
@@ -55,12 +55,12 @@
if (probeParameter == "") {
NDN_THROW(std::runtime_error("Probe parameter key cannot be empty."));
}
- m_probeParameterKeys.push_back(probeParameter);
+ profile.m_probeParameterKeys.push_back(probeParameter);
}
}
// supported challenges
- m_supportedChallenges.clear();
- auto challengeListJson = configJson.get_child_optional(CONFIG_SUPPORTED_CHALLENGES);
+ profile.m_supportedChallenges.clear();
+ auto challengeListJson = json.get_child_optional(CONFIG_SUPPORTED_CHALLENGES);
if (challengeListJson) {
for (const auto& item : *challengeListJson) {
auto challengeType = item.second.get(CONFIG_CHALLENGE, "");
@@ -71,16 +71,17 @@
if (!ChallengeModule::isChallengeSupported(challengeType)) {
NDN_THROW(std::runtime_error("Challenge " + challengeType + " is not supported."));
}
- m_supportedChallenges.push_back(challengeType);
+ profile.m_supportedChallenges.push_back(challengeType);
}
}
// anchor certificate
- m_cert = nullptr;
- auto certificateStr = configJson.get(CONFIG_CERTIFICATE, "");
+ profile.m_cert = nullptr;
+ auto certificateStr = json.get(CONFIG_CERTIFICATE, "");
if (certificateStr != "") {
std::istringstream ss(certificateStr);
- m_cert = io::load<security::Certificate>(ss);
+ profile.m_cert = io::load<security::Certificate>(ss);
}
+ return profile;
}
JsonSection
diff --git a/src/detail/ca-profile.hpp b/src/detail/ca-profile.hpp
index c67f5dc..c9599f9 100644
--- a/src/detail/ca-profile.hpp
+++ b/src/detail/ca-profile.hpp
@@ -21,7 +21,7 @@
#ifndef NDNCERT_DETAIL_CA_PROFILE_HPP
#define NDNCERT_DETAIL_CA_PROFILE_HPP
-#include "name-assignment/assignment-func.hpp"
+#include "detail/ndncert-common.hpp"
namespace ndn {
namespace ndncert {
@@ -46,8 +46,8 @@
* Parse the configuration json and modify current struct to the result.
* @param configJson the configuration json to parse
*/
- void
- parse(const JsonSection& configJson);
+ static CaProfile
+ fromJson(const JsonSection& json);
/**
* @return the JSON representation of this profile.
diff --git a/src/detail/profile-storage.cpp b/src/detail/profile-storage.cpp
index f880d1b..8fcbc9f 100644
--- a/src/detail/profile-storage.cpp
+++ b/src/detail/profile-storage.cpp
@@ -19,9 +19,6 @@
*/
#include "detail/profile-storage.hpp"
-#include "identity-challenge/challenge-module.hpp"
-#include "name-assignment/assignment-func.hpp"
-#include <ndn-cxx/util/io.hpp>
#include <boost/filesystem.hpp>
namespace ndn {
@@ -45,17 +42,17 @@
}
void
-ProfileStorage::load(const JsonSection& configSection)
+ProfileStorage::load(const JsonSection& json)
{
- m_caItems.clear();
- auto caList = configSection.get_child("ca-list");
+ m_caProfiles.clear();
+ auto caList = json.get_child("ca-list");
for (auto item : caList) {
CaProfile caItem;
- caItem.parse(item.second);
+ caItem = CaProfile::fromJson(item.second);
if (caItem.m_cert == nullptr) {
NDN_THROW(std::runtime_error("No CA certificate is loaded from JSON configuration."));
}
- m_caItems.push_back(std::move(caItem));
+ m_caProfiles.push_back(std::move(caItem));
}
}
@@ -63,7 +60,7 @@
ProfileStorage::save(const std::string& fileName) const
{
JsonSection configJson;
- for (const auto& caItem : m_caItems) {
+ for (const auto& caItem : m_caProfiles) {
configJson.push_back(std::make_pair("", caItem.toJson()));
}
std::stringstream ss;
@@ -77,25 +74,25 @@
void
ProfileStorage::removeCaProfile(const Name& caName)
{
- m_caItems.remove_if([&](const CaProfile& item) { return item.m_caPrefix == caName; });
+ m_caProfiles.remove_if([&](const CaProfile& item) { return item.m_caPrefix == caName; });
}
void
ProfileStorage::addCaProfile(const CaProfile& profile)
{
- for (auto& item : m_caItems) {
+ for (auto& item : m_caProfiles) {
if (item.m_caPrefix == profile.m_caPrefix) {
item = profile;
return;
}
}
- m_caItems.push_back(profile);
+ m_caProfiles.push_back(profile);
}
const std::list<CaProfile>&
-ProfileStorage::getCaItems() const
+ProfileStorage::getCaProfiles() const
{
- return m_caItems;
+ return m_caProfiles;
}
} // namespace requester
diff --git a/src/detail/profile-storage.hpp b/src/detail/profile-storage.hpp
index 0f8d1ce..eabb7c9 100644
--- a/src/detail/profile-storage.hpp
+++ b/src/detail/profile-storage.hpp
@@ -18,11 +18,10 @@
* See AUTHORS.md for complete list of ndncert authors and contributors.
*/
-#ifndef NDNCERT_CONFIGURATION_HPP
-#define NDNCERT_CONFIGURATION_HPP
+#ifndef NDNCERT_DETAIL_PROFILE_STORAGE_HPP
+#define NDNCERT_DETAIL_PROFILE_STORAGE_HPP
#include "detail/ca-profile.hpp"
-#include "name-assignment/assignment-func.hpp"
namespace ndn {
namespace ndncert {
@@ -45,7 +44,7 @@
* @throw std::runtime_error when config file cannot be correctly parsed.
*/
void
- load(const JsonSection& configSection);
+ load(const JsonSection& json);
void
save(const std::string& fileName) const;
@@ -60,14 +59,14 @@
addCaProfile(const CaProfile& profile);
const std::list<CaProfile>&
- getCaItems() const;
+ getCaProfiles() const;
private:
- std::list<CaProfile> m_caItems;
+ std::list<CaProfile> m_caProfiles;
};
} // namespace requester
} // namespace ndncert
} // namespace ndn
-#endif // NDNCERT_CONFIGURATION_HPP
+#endif // NDNCERT_DETAIL_PROFILE_STORAGE_HPP