combine requester state
Change-Id: If91d08318ec1a40a8c031fdd493fe1f8662ef35d
diff --git a/src/detail/challenge-encoder.cpp b/src/detail/challenge-encoder.cpp
index de7e3cc..083fa61 100644
--- a/src/detail/challenge-encoder.cpp
+++ b/src/detail/challenge-encoder.cpp
@@ -51,7 +51,7 @@
}
void
-challengetlv::decodeDataContent(const Block& contentBlock, requester::RequestState& state)
+challengetlv::decodeDataContent(const Block& contentBlock, requester::Request& state)
{
auto result = decodeBlockWithAesGcm128(contentBlock, state.aesKey.data(),
state.requestId.data(), state.requestId.size(),
diff --git a/src/detail/challenge-encoder.hpp b/src/detail/challenge-encoder.hpp
index f5cad6f..a8baa57 100644
--- a/src/detail/challenge-encoder.hpp
+++ b/src/detail/challenge-encoder.hpp
@@ -22,7 +22,7 @@
#define NDNCERT_DETAIL_CHALLENGE_ENCODER_HPP
#include "detail/ca-request-state.hpp"
-#include "requester-request-state.hpp"
+#include "requester-request.hpp"
namespace ndn {
namespace ndncert {
@@ -32,7 +32,7 @@
encodeDataContent(ca::RequestState& request, const Name& issuedCertName = Name());
void
-decodeDataContent(const Block& contentBlock, requester::RequestState& state);
+decodeDataContent(const Block& contentBlock, requester::Request& state);
} // namespace challengetlv
} // namespace ndncert
diff --git a/src/requester-request-state.cpp b/src/requester-request-state.cpp
deleted file mode 100644
index 04b87e8..0000000
--- a/src/requester-request-state.cpp
+++ /dev/null
@@ -1,36 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2017-2020, Regents of the University of California.
- *
- * This file is part of ndncert, a certificate management system based on NDN.
- *
- * ndncert is free software: you can redistribute it and/or modify it under the terms
- * of the GNU General Public License as published by the Free Software Foundation, either
- * version 3 of the License, or (at your option) any later version.
- *
- * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU General Public License for more details.
- *
- * You should have received copies of the GNU General Public License along with
- * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndncert authors and contributors.
- */
-
-#include "requester-request-state.hpp"
-
-namespace ndn {
-namespace ndncert {
-namespace requester {
-
-RequestState::RequestState(security::KeyChain& keyChain, const CaProfile& profile, RequestType requestType)
- : caProfile(profile)
- , keyChain(keyChain)
- , type(requestType)
-{
-}
-
-} // namespace requester
-} // namespace ndncert
-} // namespace ndn
\ No newline at end of file
diff --git a/src/requester-request-state.hpp b/src/requester-request-state.hpp
deleted file mode 100644
index b86dac7..0000000
--- a/src/requester-request-state.hpp
+++ /dev/null
@@ -1,115 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2017-2020, Regents of the University of California.
- *
- * This file is part of ndncert, a certificate management system based on NDN.
- *
- * ndncert is free software: you can redistribute it and/or modify it under the terms
- * of the GNU General Public License as published by the Free Software Foundation, either
- * version 3 of the License, or (at your option) any later version.
- *
- * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU General Public License for more details.
- *
- * You should have received copies of the GNU General Public License along with
- * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndncert authors and contributors.
- */
-
-#ifndef NDNCERT_REQUESTER_REQUEST_STATE_HPP
-#define NDNCERT_REQUESTER_REQUEST_STATE_HPP
-
-#include "detail/ca-request-state.hpp"
-#include "detail/crypto-helpers.hpp"
-#include "detail/profile-storage.hpp"
-
-namespace ndn {
-namespace ndncert {
-namespace requester {
-
-struct RequestState {
- explicit
- RequestState(security::KeyChain& keyChain, const CaProfile& profile, RequestType requestType);
-
- /**
- * @brief The CA profile for this request.
- */
- CaProfile caProfile;
- /**
- * @brief The local keychain to generate and install identities, keys and certificates
- */
- security::KeyChain& keyChain;
- /**
- * @brief The type of request. Either NEW, RENEW, or REVOKE.
- */
- RequestType type;
- /**
- * @brief The identity name for the requesting certificate.
- */
- Name identityName;
- /**
- * @brief The keypair for the request.
- */
- security::Key keyPair;
- /**
- * @brief The CA-generated request ID for the request.
- */
- RequestId requestId;
- /**
- * @brief The current status of the request.
- */
- Status status = Status::BEFORE_CHALLENGE;
- /**
- * @brief The type of challenge chosen.
- */
- std::string challengeType;
- /**
- * @brief The status of the current challenge.
- */
- std::string challengeStatus;
- /**
- * @brief The remaining number of tries left for the challenge
- */
- int remainingTries = 0;
- /**
- * @brief The time this challenge will remain fresh
- */
- time::system_clock::TimePoint freshBefore;
- /**
- * @brief the name of the certificate being issued.
- */
- Name issuedCertName;
- /**
- * @brief ecdh state.
- */
- ECDHState ecdh;
- /**
- * @brief AES key derived from the ecdh shared secret.
- */
- std::array<uint8_t, 16> aesKey = {};
- /**
- * @brief The last Initialization Vector used by the AES encryption.
- */
- std::vector<uint8_t> encryptionIv;
- /**
- * @brief The last Initialization Vector used by the other side's AES encryption.
- */
- std::vector<uint8_t> decryptionIv;
- /**
- * @brief State about how identity/key is generated.
- */
- bool isNewlyCreatedIdentity = false;
- bool isNewlyCreatedKey = false;
- /**
- * @brief Store Nonce for signature
- */
- std::array<uint8_t, 16> nonce = {};
-};
-
-} // namespace requester
-} // namespace ndncert
-} // namespace ndn
-
-#endif // NDNCERT_REQUESTER_REQUEST_STATE_HPP
diff --git a/src/requester.cpp b/src/requester-request.cpp
similarity index 64%
rename from src/requester.cpp
rename to src/requester-request.cpp
index 5ca6aaa..0fe0219 100644
--- a/src/requester.cpp
+++ b/src/requester-request.cpp
@@ -18,7 +18,7 @@
* See AUTHORS.md for complete list of ndncert authors and contributors.
*/
-#include "requester.hpp"
+#include "requester-request.hpp"
#include "challenge/challenge-module.hpp"
#include "detail/crypto-helpers.hpp"
#include "detail/challenge-encoder.hpp"
@@ -43,7 +43,7 @@
NDN_LOG_INIT(ndncert.client);
shared_ptr<Interest>
-Requester::genCaProfileDiscoveryInterest(const Name& caName)
+Request::genCaProfileDiscoveryInterest(const Name& caName)
{
Name contentName = caName;
if (readString(caName.at(-1)) != "CA")
@@ -53,7 +53,7 @@
}
shared_ptr<Interest>
-Requester::genCaProfileInterestFromDiscoveryResponse(const Data& reply)
+Request::genCaProfileInterestFromDiscoveryResponse(const Data& reply)
{
// set naming convention to be typed
auto convention = name::getConventionEncoding();
@@ -72,7 +72,7 @@
}
optional<CaProfile>
-Requester::onCaProfileResponse(const Data& reply)
+Request::onCaProfileResponse(const Data& reply)
{
auto caItem = infotlv::decodeDataContent(reply.getContent());
if (!security::verifySignature(reply, *caItem.cert)) {
@@ -83,7 +83,7 @@
}
optional<CaProfile>
-Requester::onCaProfileResponseAfterRedirection(const Data& reply, const Name& caCertFullName)
+Request::onCaProfileResponseAfterRedirection(const Data& reply, const Name& caCertFullName)
{
auto caItem = infotlv::decodeDataContent(reply.getContent());
auto certBlock = caItem.cert->wireEncode();
@@ -96,7 +96,7 @@
}
shared_ptr<Interest>
-Requester::genProbeInterest(const CaProfile& ca, std::multimap<std::string, std::string>&& probeInfo)
+Request::genProbeInterest(const CaProfile& ca, std::multimap<std::string, std::string>&& probeInfo)
{
Name interestName = ca.caPrefix;
interestName.append("CA").append("PROBE");
@@ -108,8 +108,8 @@
}
void
-Requester::onProbeResponse(const Data& reply, const CaProfile& ca,
- std::vector<std::pair<Name, int>>& identityNames, std::vector<Name>& otherCas)
+Request::onProbeResponse(const Data& reply, const CaProfile& ca,
+ std::vector<std::pair<Name, int>>& identityNames, std::vector<Name>& otherCas)
{
if (!security::verifySignature(reply, *ca.cert)) {
NDN_LOG_ERROR("Cannot verify replied Data packet signature.");
@@ -120,161 +120,166 @@
probetlv::decodeDataContent(reply.getContent(), identityNames, otherCas);
}
+Request::Request(security::KeyChain& keyChain, const CaProfile& profile, RequestType requestType)
+ : m_keyChain(keyChain)
+ , caProfile(profile)
+ , type(requestType)
+{}
+
shared_ptr<Interest>
-Requester::genNewInterest(RequestState& state, const Name& identityName,
- const time::system_clock::TimePoint& notBefore,
- const time::system_clock::TimePoint& notAfter)
+Request::genNewInterest(const Name& newIdentityName,
+ const time::system_clock::TimePoint& notBefore,
+ const time::system_clock::TimePoint& notAfter)
{
- if (!state.caProfile.caPrefix.isPrefixOf(identityName)) {
+ if (!caProfile.caPrefix.isPrefixOf(newIdentityName)) {
return nullptr;
}
- if (identityName.empty()) {
- NDN_LOG_TRACE("Randomly create a new name because identityName is empty and the param is empty.");
- state.identityName = state.caProfile.caPrefix;
- state.identityName.append(std::to_string(random::generateSecureWord64()));
+ if (newIdentityName.empty()) {
+ NDN_LOG_TRACE("Randomly create a new name because newIdentityName is empty and the param is empty.");
+ identityName = caProfile.caPrefix;
+ identityName.append(std::to_string(random::generateSecureWord64()));
}
else {
- state.identityName = identityName;
+ identityName = newIdentityName;
}
// generate a newly key pair or use an existing key
- const auto& pib = state.keyChain.getPib();
+ const auto& pib = m_keyChain.getPib();
security::pib::Identity identity;
try {
- identity = pib.getIdentity(state.identityName);
+ identity = pib.getIdentity(identityName);
}
catch (const security::Pib::Error& e) {
- identity = state.keyChain.createIdentity(state.identityName);
- state.isNewlyCreatedIdentity = true;
- state.isNewlyCreatedKey = true;
+ identity = m_keyChain.createIdentity(identityName);
+ m_isNewlyCreatedIdentity = true;
+ m_isNewlyCreatedKey = true;
}
try {
- state.keyPair = identity.getDefaultKey();
+ m_keyPair = identity.getDefaultKey();
}
catch (const security::Pib::Error& e) {
- state.keyPair = state.keyChain.createKey(identity);
- state.isNewlyCreatedKey = true;
+ m_keyPair = m_keyChain.createKey(identity);
+ m_isNewlyCreatedKey = true;
}
- auto& keyName = state.keyPair.getName();
+ auto& keyName = m_keyPair.getName();
// generate certificate request
security::Certificate certRequest;
certRequest.setName(Name(keyName).append("cert-request").appendVersion());
certRequest.setContentType(ndn::tlv::ContentType_Key);
- certRequest.setContent(state.keyPair.getPublicKey().data(), state.keyPair.getPublicKey().size());
+ certRequest.setContent(m_keyPair.getPublicKey().data(), m_keyPair.getPublicKey().size());
SignatureInfo signatureInfo;
signatureInfo.setValidityPeriod(security::ValidityPeriod(notBefore, notAfter));
- state.keyChain.sign(certRequest, signingByKey(keyName).setSignatureInfo(signatureInfo));
+ m_keyChain.sign(certRequest, signingByKey(keyName).setSignatureInfo(signatureInfo));
// generate Interest packet
- Name interestName = state.caProfile.caPrefix;
+ Name interestName = caProfile.caPrefix;
interestName.append("CA").append("NEW");
auto interest =std::make_shared<Interest>(interestName);
interest->setMustBeFresh(true);
interest->setCanBePrefix(false);
interest->setApplicationParameters(
- requesttlv::encodeApplicationParameters(RequestType::NEW, state.ecdh.getSelfPubKey(), certRequest));
+ requesttlv::encodeApplicationParameters(RequestType::NEW, ecdh.getSelfPubKey(), certRequest));
// sign the Interest packet
- state.keyChain.sign(*interest, signingByKey(keyName));
+ m_keyChain.sign(*interest, signingByKey(keyName));
return interest;
}
shared_ptr<Interest>
-Requester::genRevokeInterest(RequestState& state, const security::Certificate& certificate)
+Request::genRevokeInterest(const security::Certificate& certificate)
{
- if (!state.caProfile.caPrefix.isPrefixOf(certificate.getName())) {
+ if (!caProfile.caPrefix.isPrefixOf(certificate.getName())) {
return nullptr;
}
// generate Interest packet
- Name interestName = state.caProfile.caPrefix;
+ Name interestName = caProfile.caPrefix;
interestName.append("CA").append("REVOKE");
auto interest =std::make_shared<Interest>(interestName);
interest->setMustBeFresh(true);
interest->setCanBePrefix(false);
interest->setApplicationParameters(
- requesttlv::encodeApplicationParameters(RequestType::REVOKE, state.ecdh.getSelfPubKey(), certificate));
+ requesttlv::encodeApplicationParameters(RequestType::REVOKE, ecdh.getSelfPubKey(), certificate));
return interest;
}
std::list<std::string>
-Requester::onNewRenewRevokeResponse(RequestState& state, const Data& reply)
+Request::onNewRenewRevokeResponse(const Data& reply)
{
- if (!security::verifySignature(reply, *state.caProfile.cert)) {
+ if (!security::verifySignature(reply, *caProfile.cert)) {
NDN_LOG_ERROR("Cannot verify replied Data packet signature.");
NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
}
processIfError(reply);
- auto contentTLV = reply.getContent();
+ const auto& contentTLV = reply.getContent();
std::vector<uint8_t> ecdhKey;
std::array<uint8_t, 32> salt;
- auto challenges = requesttlv::decodeDataContent(contentTLV, ecdhKey, salt, state.requestId, state.status);
+ auto challenges = requesttlv::decodeDataContent(contentTLV, ecdhKey, salt, requestId, status);
// ECDH and HKDF
- auto sharedSecret = state.ecdh.deriveSecret(ecdhKey);
+ auto sharedSecret = ecdh.deriveSecret(ecdhKey);
hkdf(sharedSecret.data(), sharedSecret.size(),
- salt.data(), salt.size(), state.aesKey.data(), state.aesKey.size());
+ salt.data(), salt.size(), aesKey.data(), aesKey.size());
// update state
return challenges;
}
std::multimap<std::string, std::string>
-Requester::selectOrContinueChallenge(RequestState& state, const std::string& challengeSelected)
+Request::selectOrContinueChallenge(const std::string& challengeSelected)
{
auto challenge = ChallengeModule::createChallengeModule(challengeSelected);
if (challenge == nullptr) {
NDN_THROW(std::runtime_error("The challenge selected is not supported by your current version of NDNCERT."));
}
- state.challengeType = challengeSelected;
- return challenge->getRequestedParameterList(state.status, state.challengeStatus);
+ challengeType = challengeSelected;
+ return challenge->getRequestedParameterList(status, challengeStatus);
}
shared_ptr<Interest>
-Requester::genChallengeInterest(RequestState& state,
- std::multimap<std::string, std::string>&& parameters)
+Request::genChallengeInterest(std::multimap<std::string, std::string>&& parameters)
{
- if (state.challengeType == "") {
+ if (challengeType == "") {
NDN_THROW(std::runtime_error("The challenge has not been selected."));
}
- auto challenge = ChallengeModule::createChallengeModule(state.challengeType);
+ auto challenge = ChallengeModule::createChallengeModule(challengeType);
if (challenge == nullptr) {
NDN_THROW(std::runtime_error("The challenge selected is not supported by your current version of NDNCERT."));
}
- auto challengeParams = challenge->genChallengeRequestTLV(state.status, state.challengeStatus, std::move(parameters));
+ auto challengeParams = challenge->genChallengeRequestTLV(status, challengeStatus, std::move(parameters));
- Name interestName = state.caProfile.caPrefix;
- interestName.append("CA").append("CHALLENGE").append(state.requestId.data(), state.requestId.size());
+ Name interestName = caProfile.caPrefix;
+ interestName.append("CA").append("CHALLENGE").append(requestId.data(), requestId.size());
auto interest =std::make_shared<Interest>(interestName);
interest->setMustBeFresh(true);
interest->setCanBePrefix(false);
// encrypt the Interest parameters
- auto paramBlock = encodeBlockWithAesGcm128(ndn::tlv::ApplicationParameters, state.aesKey.data(),
+ auto paramBlock = encodeBlockWithAesGcm128(ndn::tlv::ApplicationParameters, aesKey.data(),
challengeParams.value(), challengeParams.value_size(),
- state.requestId.data(), state.requestId.size(),
- state.encryptionIv);
+ requestId.data(), requestId.size(),
+ encryptionIv);
interest->setApplicationParameters(paramBlock);
- state.keyChain.sign(*interest, signingByKey(state.keyPair.getName()));
+ m_keyChain.sign(*interest, signingByKey(m_keyPair.getName()));
return interest;
}
void
-Requester::onChallengeResponse(RequestState& state, const Data& reply)
+Request::onChallengeResponse(const Data& reply)
{
- if (!security::verifySignature(reply, *state.caProfile.cert)) {
+ if (!security::verifySignature(reply, *caProfile.cert)) {
NDN_LOG_ERROR("Cannot verify replied Data packet signature.");
NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
}
processIfError(reply);
- challengetlv::decodeDataContent(reply.getContent(), state);
+ challengetlv::decodeDataContent(reply.getContent(), *this);
}
shared_ptr<Interest>
-Requester::genCertFetchInterest(const RequestState& state)
+Request::genCertFetchInterest() const
{
- Name interestName = state.issuedCertName;
+ Name interestName = issuedCertName;
auto interest =std::make_shared<Interest>(interestName);
interest->setMustBeFresh(false);
interest->setCanBePrefix(false);
@@ -282,7 +287,7 @@
}
shared_ptr<security::Certificate>
-Requester::onCertFetchResponse(const Data& reply)
+Request::onCertFetchResponse(const Data& reply)
{
try {
return std::make_shared<security::Certificate>(reply);
@@ -295,25 +300,25 @@
}
void
-Requester::endSession(RequestState& state)
+Request::endSession()
{
- if (state.status == Status::SUCCESS) {
+ if (status == Status::SUCCESS) {
return;
}
- if (state.isNewlyCreatedIdentity) {
+ if (m_isNewlyCreatedIdentity) {
// put the identity into the if scope is because it may cause an error
// outside since when endSession is called, identity may not have been created yet.
- auto identity = state.keyChain.getPib().getIdentity(state.identityName);
- state.keyChain.deleteIdentity(identity);
+ auto identity = m_keyChain.getPib().getIdentity(identityName);
+ m_keyChain.deleteIdentity(identity);
}
- else if (state.isNewlyCreatedKey) {
- auto identity = state.keyChain.getPib().getIdentity(state.identityName);
- state.keyChain.deleteKey(identity, state.keyPair);
+ else if (m_isNewlyCreatedKey) {
+ auto identity = m_keyChain.getPib().getIdentity(identityName);
+ m_keyChain.deleteKey(identity, m_keyPair);
}
}
void
-Requester::processIfError(const Data& data)
+Request::processIfError(const Data& data)
{
auto errorInfo = errortlv::decodefromDataContent(data.getContent());
if (std::get<0>(errorInfo) == ErrorCode::NO_ERROR) {
diff --git a/src/requester.hpp b/src/requester-request.hpp
similarity index 72%
rename from src/requester.hpp
rename to src/requester-request.hpp
index 92cf00b..249d2a7 100644
--- a/src/requester.hpp
+++ b/src/requester-request.hpp
@@ -18,16 +18,18 @@
* See AUTHORS.md for complete list of ndncert authors and contributors.
*/
-#ifndef NDNCERT_REQUESTER_HPP
-#define NDNCERT_REQUESTER_HPP
+#ifndef NDNCERT_REQUESTER_REQUEST_HPP
+#define NDNCERT_REQUESTER_REQUEST_HPP
-#include "requester-request-state.hpp"
+#include "detail/ca-request-state.hpp"
+#include "detail/crypto-helpers.hpp"
+#include "detail/profile-storage.hpp"
namespace ndn {
namespace ndncert {
namespace requester {
-class Requester : noncopyable
+class Request : noncopyable
{
public:
/**
@@ -101,18 +103,22 @@
onProbeResponse(const Data& reply, const CaProfile& ca,
std::vector<std::pair<Name, int>>& identityNames, std::vector<Name>& otherCas);
+
+ explicit
+ Request(security::KeyChain& keyChain, const CaProfile& profile, RequestType requestType);
+
// NEW/REVOKE/RENEW related helpers
/**
* @brief Generates a NEW interest to the CA.
*
* @param state The current requester state for this request. Will be modified in the function.
- * @param identityName The identity name to be requested.
+ * @param newIdentityName The identity name to be requested.
* @param notBefore The expected notBefore field for the certificate (starting time)
* @param notAfter The expected notAfter field for the certificate (expiration time)
* @return The shared pointer to the encoded interest.
*/
- static shared_ptr<Interest>
- genNewInterest(RequestState& state, const Name& identityName,
+ shared_ptr<Interest>
+ genNewInterest(const Name& newIdentityName,
const time::system_clock::TimePoint& notBefore,
const time::system_clock::TimePoint& notAfter);
@@ -123,8 +129,8 @@
* @param certificate The certificate to the revoked.
* @return The shared pointer to the encoded interest.
*/
- static shared_ptr<Interest>
- genRevokeInterest(RequestState& state, const security::Certificate& certificate);
+ shared_ptr<Interest>
+ genRevokeInterest(const security::Certificate& certificate);
/**
* @brief Decodes the replied data of NEW, RENEW, or REVOKE interest from the CA.
@@ -134,8 +140,8 @@
* @return the list of challenge accepted by the CA, for CHALLENGE step.
* @throw std::runtime_error if the decoding fails or receiving an error packet.
*/
- static std::list<std::string>
- onNewRenewRevokeResponse(RequestState& state, const Data& reply);
+ std::list<std::string>
+ onNewRenewRevokeResponse(const Data& reply);
// CHALLENGE helpers
/**
@@ -147,8 +153,8 @@
* @return The requirement list for the current stage of the challenge, in name, prompt mapping.
* @throw std::runtime_error if the challenge is not supported.
*/
- static std::multimap<std::string, std::string>
- selectOrContinueChallenge(RequestState& state, const std::string& challengeSelected);
+ std::multimap<std::string, std::string>
+ selectOrContinueChallenge(const std::string& challengeSelected);
/**
* @brief Generates the CHALLENGE interest for the request.
@@ -158,9 +164,8 @@
* @return The shared pointer to the encoded interest
* @throw std::runtime_error if the challenge is not selected or is not supported.
*/
- static shared_ptr<Interest>
- genChallengeInterest(RequestState& state,
- std::multimap<std::string, std::string>&& parameters);
+ shared_ptr<Interest>
+ genChallengeInterest(std::multimap<std::string, std::string>&& parameters);
/**
* @brief Decodes the responded data from the CHALLENGE interest.
@@ -169,8 +174,8 @@
* @param reply, the response data.
* @throw std::runtime_error if the decoding fails or receiving an error packet.
*/
- static void
- onChallengeResponse(RequestState& state, const Data& reply);
+ void
+ onChallengeResponse(const Data& reply);
/**
* @brief Generate the interest to fetch the issued certificate
@@ -178,8 +183,8 @@
* @param state, the state of the request.
* @return The shared pointer to the encoded interest
*/
- static shared_ptr<Interest>
- genCertFetchInterest(const RequestState& state);
+ shared_ptr<Interest>
+ genCertFetchInterest() const;
/**
* @brief Decoded and installs the response certificate from the certificate fetch.
@@ -195,16 +200,92 @@
*
* @param state, the requester state for the request.
*/
- static void
- endSession(RequestState& state);
+ void
+ endSession();
private:
static void
processIfError(const Data& data);
+
+public:
+ /**
+ * @brief The CA profile for this request.
+ */
+ CaProfile caProfile;
+ /**
+ * @brief The type of request. Either NEW, RENEW, or REVOKE.
+ */
+ RequestType type;
+ /**
+ * @brief The identity name for the requesting certificate.
+ */
+ Name identityName;
+ /**
+ * @brief The CA-generated request ID for the request.
+ */
+ RequestId requestId;
+ /**
+ * @brief The current status of the request.
+ */
+ Status status = Status::BEFORE_CHALLENGE;
+ /**
+ * @brief The type of challenge chosen.
+ */
+ std::string challengeType;
+ /**
+ * @brief The status of the current challenge.
+ */
+ std::string challengeStatus;
+ /**
+ * @brief The remaining number of tries left for the challenge
+ */
+ int remainingTries = 0;
+ /**
+ * @brief The time this challenge will remain fresh
+ */
+ time::system_clock::TimePoint freshBefore;
+ /**
+ * @brief the name of the certificate being issued.
+ */
+ Name issuedCertName;
+ /**
+ * @brief ecdh state.
+ */
+ ECDHState ecdh;
+ /**
+ * @brief AES key derived from the ecdh shared secret.
+ */
+ std::array<uint8_t, 16> aesKey = {};
+ /**
+ * @brief The last Initialization Vector used by the AES encryption.
+ */
+ std::vector<uint8_t> encryptionIv;
+ /**
+ * @brief The last Initialization Vector used by the other side's AES encryption.
+ */
+ std::vector<uint8_t> decryptionIv;
+ /**
+ * @brief Store Nonce for signature
+ */
+ std::array<uint8_t, 16> nonce = {};
+private:
+ /**
+ * @brief The local keychain to generate and install identities, keys and certificates
+ */
+ security::KeyChain& m_keyChain;
+ /**
+ * @brief State about how identity/key is generated.
+ */
+ bool m_isNewlyCreatedIdentity = false;
+ bool m_isNewlyCreatedKey = false;
+ /**
+ * @brief The keypair for the request.
+ */
+ security::Key m_keyPair;
};
} // namespace requester
} // namespace ndncert
} // namespace ndn
-#endif // NDNCERT_REQUESTER_HPP
+#endif // NDNCERT_REQUESTER_REQUEST_HPP