remove JSON parameter list from challenge module and add unified return interfaces for challenge modules
Change-Id: I0e69f7f8ef2ea36f38f11815aa980928b049cdc7
diff --git a/src/challenge-module/challenge-email.cpp b/src/challenge-module/challenge-email.cpp
index cd08d9b..7e0134a 100644
--- a/src/challenge-module/challenge-email.cpp
+++ b/src/challenge-module/challenge-email.cpp
@@ -19,187 +19,130 @@
*/
#include "challenge-email.hpp"
+
+#include <regex>
+
#include "../ca-module.hpp"
#include "../logging.hpp"
-#include <regex>
namespace ndn {
namespace ndncert {
-_LOG_INIT(ndncert.ChallengeEmail);
-
+_LOG_INIT(ndncert.challenge.email);
NDNCERT_REGISTER_CHALLENGE(ChallengeEmail, "email");
const std::string ChallengeEmail::NEED_CODE = "need-code";
const std::string ChallengeEmail::WRONG_CODE = "wrong-code";
-const std::string ChallengeEmail::FAILURE_INVALID_EMAIL = "failure-invalid-email";
-const std::string ChallengeEmail::JSON_EMAIL = "email";
-const std::string ChallengeEmail::JSON_CODE = "code";
+const std::string ChallengeEmail::PARAMETER_KEY_EMAIL = "email";
+const std::string ChallengeEmail::PARAMETER_KEY_CODE = "code";
ChallengeEmail::ChallengeEmail(const std::string& scriptPath,
const size_t& maxAttemptTimes,
const time::seconds secretLifetime)
- : ChallengeModule("email")
- , m_sendEmailScript(scriptPath)
- , m_maxAttemptTimes(maxAttemptTimes)
- , m_secretLifetime(secretLifetime)
+ : ChallengeModule("email")
+ , m_sendEmailScript(scriptPath)
+ , m_maxAttemptTimes(maxAttemptTimes)
+ , m_secretLifetime(secretLifetime)
{
}
// For CA
-void
+std::tuple<Error, std::string>
ChallengeEmail::handleChallengeRequest(const Block& params, CertificateRequest& request)
{
params.parse();
auto currentTime = time::system_clock::now();
- if (request.m_challengeStatus == "") {
+ if (request.m_status == Status::BEFORE_CHALLENGE) {
// for the first time, init the challenge
std::string emailAddress = readString(params.get(tlv_parameter_value));
if (!isValidEmailAddress(emailAddress)) {
- request.m_status = Status::FAILURE;
- request.m_challengeStatus = FAILURE_INVALID_EMAIL;
- return;
+ return returnWithError(request, Error::INVALID_PARAMETER, "Invalid email address format.");
}
- // check whether this email is the same as the one used in PROBE
- if (request.m_probeToken != nullptr) {
- const auto& content = request.m_probeToken->getContent();
- const auto& json = CaModule::jsonFromBlock(content);
- const auto& expectedEmail = json.get("email", "");
- Name expectedPrefix(json.get(JSON_CA_NAME, ""));
- if (expectedEmail != emailAddress || !expectedPrefix.isPrefixOf(request.m_cert.getName())) {
- _LOG_ERROR("Cannot match with the PROBE token. Input email: " << emailAddress
- << " Email in Token: " << expectedEmail
- << " Requested Cert Name: " << request.m_cert.getName()
- << " Identity Name got from Token: " << expectedPrefix);
- return;
- }
+ auto lastComponentRequested = readString(request.m_cert.getIdentity().get(-1));
+ if (lastComponentRequested != emailAddress) {
+ _LOG_TRACE("Email and requested name do not match. Email " << emailAddress << "requested last component " << lastComponentRequested);
}
- request.m_status = Status::CHALLENGE;
- request.m_challengeStatus = NEED_CODE;
- request.m_challengeType = CHALLENGE_TYPE;
std::string emailCode = generateSecretCode();
JsonSection secretJson;
- secretJson.add(JSON_CODE, emailCode);
- request.m_challengeSecrets = secretJson;
- request.m_challengeTp = time::toIsoString(currentTime);
- request.m_remainingTime = m_secretLifetime.count();
- request.m_remainingTries = m_maxAttemptTimes;
+ secretJson.add(PARAMETER_KEY_CODE, emailCode);
// send out the email
sendEmail(emailAddress, emailCode, request);
_LOG_TRACE("Secret for request " << request.m_requestId << " : " << emailCode);
- return;
+ return returnWithNewChallengeStatus(request, NEED_CODE, std::move(secretJson), m_maxAttemptTimes, m_secretLifetime.count());
}
- else if (request.m_challengeStatus == NEED_CODE || request.m_challengeStatus == WRONG_CODE) {
+
+ if (request.m_challengeStatus == NEED_CODE || request.m_challengeStatus == WRONG_CODE) {
_LOG_TRACE("Challenge Interest arrives. Challenge Status: " << request.m_challengeStatus);
// the incoming interest should bring the pin code
std::string givenCode = readString(params.get(tlv_parameter_value));
- const auto realCode = request.m_challengeSecrets.get<std::string>(JSON_CODE);
+ auto secret = request.m_challengeSecrets;
+ // check if run out of time
if (currentTime - time::fromIsoString(request.m_challengeTp) >= m_secretLifetime) {
- // secret expires
- request.m_status = Status::FAILURE;
- request.m_challengeStatus = CHALLENGE_STATUS_FAILURE_TIMEOUT;
- updateRequestOnChallengeEnd(request);
- _LOG_TRACE("Secret expired. Challenge failed.");
- return;
+ return returnWithError(request, Error::OUT_OF_TIME, "Secret expired.");
}
- else if (givenCode == realCode) {
+ // check if provided secret is correct
+ if (givenCode == secret.get<std::string>(PARAMETER_KEY_CODE)) {
// the code is correct
- request.m_status = Status::PENDING;
- request.m_challengeStatus = CHALLENGE_STATUS_SUCCESS;
- updateRequestOnChallengeEnd(request);
- _LOG_TRACE("Secret code matched. Challenge succeeded.");
- return;
+ _LOG_TRACE("Correct secret code. Challenge succeeded.");
+ return returnWithSuccess(request);
+ }
+ // otherwise, check remaining attempt times
+ if (request.m_remainingTries > 1) {
+ auto remainTime = m_secretLifetime - (currentTime - time::fromIsoString(request.m_challengeTp));
+ _LOG_TRACE("Wrong secret code provided. Remaining Tries - 1.");
+ return returnWithNewChallengeStatus(request, WRONG_CODE, std::move(secret), request.m_remainingTries - 1, remainTime.count());
}
else {
- // check rest attempt times
- if (request.m_remainingTries > 1) {
- request.m_challengeStatus = WRONG_CODE;
- request.m_remainingTries = request.m_remainingTries - 1;
- auto remainTime = m_secretLifetime - (currentTime - time::fromIsoString(request.m_challengeTp));
- request.m_remainingTime = remainTime.count();
- _LOG_TRACE("Secret code didn't match. Remaining Tries - 1.");
- return;
- }
- else {
- // run out times
- request.m_status = Status::FAILURE;
- request.m_challengeStatus = CHALLENGE_STATUS_FAILURE_MAXRETRY;
- updateRequestOnChallengeEnd(request);
- _LOG_TRACE("Secret code didn't match. Ran out tires. Challenge failed.");
- return;
- }
+ // run out times
+ _LOG_TRACE("Wrong secret code provided. Ran out tires. Challenge failed.");
+ return returnWithError(request, Error::OUT_OF_TRIES, "Ran out tires.");
}
}
- else {
- _LOG_ERROR("The challenge status is wrong");
- request.m_status = Status::FAILURE;
- return;
- }
+ return returnWithError(request, Error::INVALID_PARAMETER, "Unexpected status or challenge status");
}
// For Client
-JsonSection
-ChallengeEmail::getRequirementForChallenge(Status status, const std::string& challengeStatus)
+std::vector<std::tuple<std::string, std::string>>
+ChallengeEmail::getRequestedParameterList(Status status, const std::string& challengeStatus)
{
- JsonSection result;
+ std::vector<std::tuple<std::string, std::string>> result;
if (status == Status::BEFORE_CHALLENGE && challengeStatus == "") {
- result.put(JSON_EMAIL, "Please_input_your_email_address");
+ result.push_back(std::make_tuple(PARAMETER_KEY_EMAIL, "Please input your email address"));
}
else if (status == Status::CHALLENGE && challengeStatus == NEED_CODE) {
- result.put(JSON_CODE, "Please_input_your_verification_code");
+ result.push_back(std::make_tuple(PARAMETER_KEY_CODE, "Please input your verification code"));
}
else if (status == Status::CHALLENGE && challengeStatus == WRONG_CODE) {
- result.put(JSON_CODE, "Incorrect_code_please_try_again");
+ result.push_back(std::make_tuple(PARAMETER_KEY_CODE, "Incorrect code, please try again"));
}
else {
- _LOG_ERROR("CA's status and challenge status are wrong");
- }
- return result;
-}
-
-JsonSection
-ChallengeEmail::genChallengeRequestJson(Status status, const std::string& challengeStatus, const JsonSection& params)
-{
- JsonSection result;
- if (status == Status::BEFORE_CHALLENGE && challengeStatus == "") {
- result.put(JSON_CLIENT_SELECTED_CHALLENGE, CHALLENGE_TYPE);
- result.put(JSON_EMAIL, params.get(JSON_EMAIL, ""));
- }
- else if (status == Status::CHALLENGE && challengeStatus == NEED_CODE) {
- result.put(JSON_CLIENT_SELECTED_CHALLENGE, CHALLENGE_TYPE);
- result.put(JSON_CODE, params.get(JSON_CODE, ""));
- }
- else if (status == Status::CHALLENGE && challengeStatus == WRONG_CODE) {
- result.put(JSON_CLIENT_SELECTED_CHALLENGE, CHALLENGE_TYPE);
- result.put(JSON_CODE, params.get(JSON_CODE, ""));
- }
- else {
- _LOG_ERROR("Client's status and challenge status are wrong");
+ BOOST_THROW_EXCEPTION(std::runtime_error("Unexpected status or challenge status."));
}
return result;
}
Block
-ChallengeEmail::genChallengeRequestTLV(Status status, const std::string& challengeStatus, const JsonSection& params)
+ChallengeEmail::genChallengeRequestTLV(Status status, const std::string& challengeStatus, std::vector<std::tuple<std::string, std::string>>&& params)
{
Block request = makeEmptyBlock(tlv_encrypted_payload);
- if (status == Status::BEFORE_CHALLENGE && challengeStatus == "") {
+ if (status == Status::BEFORE_CHALLENGE) {
+ if (params.size() != 1 || std::get<0>(params[0]) != PARAMETER_KEY_EMAIL) {
+ BOOST_THROW_EXCEPTION(std::runtime_error("Wrong parameter provided."));
+ }
request.push_back(makeStringBlock(tlv_selected_challenge, CHALLENGE_TYPE));
- request.push_back(makeStringBlock(tlv_parameter_key, JSON_EMAIL));
- request.push_back(makeStringBlock(tlv_parameter_value, params.get(JSON_EMAIL,"")));
+ request.push_back(makeStringBlock(tlv_parameter_key, PARAMETER_KEY_EMAIL));
+ request.push_back(makeStringBlock(tlv_parameter_value, std::get<1>(params[0])));
}
- else if (status == Status::CHALLENGE && challengeStatus == NEED_CODE) {
+ else if (status == Status::CHALLENGE && (challengeStatus == NEED_CODE || challengeStatus == WRONG_CODE)) {
+ if (params.size() != 1 || std::get<0>(params[0]) != PARAMETER_KEY_CODE) {
+ BOOST_THROW_EXCEPTION(std::runtime_error("Wrong parameter provided."));
+ }
request.push_back(makeStringBlock(tlv_selected_challenge, CHALLENGE_TYPE));
- request.push_back(makeStringBlock(tlv_parameter_key, JSON_CODE));
- request.push_back(makeStringBlock(tlv_parameter_value, params.get(JSON_CODE,"")));
- }
- else if (status == Status::CHALLENGE && challengeStatus == WRONG_CODE) {
- request.push_back(makeStringBlock(tlv_selected_challenge, CHALLENGE_TYPE));
- request.push_back(makeStringBlock(tlv_parameter_key, JSON_CODE));
- request.push_back(makeStringBlock(tlv_parameter_value, params.get(JSON_CODE,"")));
+ request.push_back(makeStringBlock(tlv_parameter_key, PARAMETER_KEY_CODE));
+ request.push_back(makeStringBlock(tlv_parameter_value, std::get<1>(params[0])));
}
else {
- _LOG_ERROR("Client's status and challenge status are wrong");
+ BOOST_THROW_EXCEPTION(std::runtime_error("Unexpected status or challenge status."));
}
request.encode();
return request;
@@ -218,8 +161,7 @@
const CertificateRequest& request) const
{
std::string command = m_sendEmailScript;
- command += " \"" + emailAddress + "\" \"" + secret + "\" \""
- + request.m_caPrefix.toUri() + "\" \"" + request.m_cert.getName().toUri() + "\"";
+ command += " \"" + emailAddress + "\" \"" + secret + "\" \"" + request.m_caPrefix.toUri() + "\" \"" + request.m_cert.getName().toUri() + "\"";
int result = system(command.c_str());
if (result == -1) {
_LOG_TRACE("EmailSending Script " + m_sendEmailScript + " fails.");
@@ -229,5 +171,5 @@
return;
}
-} // namespace ndncert
-} // namespace ndn
+} // namespace ndncert
+} // namespace ndn