improve the robustness of ndncert library
Change-Id: Iaabc4d8f28ca27a7e7f501ebd122c5231ceb3ac0
diff --git a/src/challenge-module/challenge-credential.cpp b/src/challenge-module/challenge-credential.cpp
index 839ccae..f5d7434 100644
--- a/src/challenge-module/challenge-credential.cpp
+++ b/src/challenge-module/challenge-credential.cpp
@@ -41,8 +41,9 @@
if (configPath == "") {
m_configFile = std::string(SYSCONFDIR) + "/ndncert/challenge-credential.conf";
}
- else
+ else {
m_configFile = configPath;
+ }
}
void
@@ -65,9 +66,13 @@
auto anchorList = config.get_child("anchor-list");
auto it = anchorList.begin();
for (; it != anchorList.end(); it++) {
- std::istringstream ss(it->second.get<std::string>("certificate"));
- security::v2::Certificate cert = *(io::load<security::v2::Certificate>(ss));
- m_trustAnchors.push_back(cert);
+ std::istringstream ss(it->second.get("certificate", ""));
+ auto cert = io::load<security::v2::Certificate>(ss);
+ if (cert == nullptr) {
+ _LOG_ERROR("Cannot load the certificate from config file");
+ continue;
+ }
+ m_trustAnchors.push_back(*cert);
}
}
@@ -79,13 +84,10 @@
parseConfigFile();
}
// load credential parameter
- std::istringstream ss1(params.get<std::string>(JSON_CREDENTIAL_CERT));
- security::v2::Certificate cert;
- try {
- cert = *(io::load<security::v2::Certificate>(ss1));
- }
- catch (const std::exception& e) {
- _LOG_ERROR("Cannot load credential parameter: cert" << e.what());
+ std::istringstream ss1(params.get(JSON_CREDENTIAL_CERT, ""));
+ auto cert = io::load<security::v2::Certificate>(ss1);
+ if (cert == nullptr) {
+ _LOG_ERROR("Cannot load credential parameter: cert");
request.m_status = STATUS_FAILURE;
request.m_challengeStatus = FAILURE_INVALID_FORMAT_CREDENTIAL;
updateRequestOnChallengeEnd(request);
@@ -94,13 +96,10 @@
ss1.str("");
ss1.clear();
// load self-signed data
- std::istringstream ss2(params.get<std::string>(JSON_CREDENTIAL_SELF));
- Data self;
- try {
- self = *(io::load<Data>(ss2));
- }
- catch (const std::exception& e) {
- _LOG_TRACE("Cannot load credential parameter: self-signed cert" << e.what());
+ std::istringstream ss2(params.get(JSON_CREDENTIAL_SELF, ""));
+ auto self = io::load<Data>(ss2);
+ if (self == nullptr) {
+ _LOG_TRACE("Cannot load credential parameter: self-signed cert");
request.m_status = STATUS_FAILURE;
request.m_challengeStatus = FAILURE_INVALID_FORMAT_SELF_SIGNED;
updateRequestOnChallengeEnd(request);
@@ -110,11 +109,11 @@
ss2.clear();
// verify the credential and the self-signed cert
- Name signingKeyName = cert.getSignature().getKeyLocator().getName();
+ Name signingKeyName = cert->getSignature().getKeyLocator().getName();
for (auto anchor : m_trustAnchors) {
if (anchor.getKeyName() == signingKeyName) {
- if (security::verifySignature(cert, anchor) && security::verifySignature(self, cert)
- && readString(self.getContent()) == request.m_requestId) {
+ if (security::verifySignature(*cert, anchor) && security::verifySignature(*self, *cert)
+ && readString(self->getContent()) == request.m_requestId) {
request.m_status = STATUS_PENDING;
request.m_challengeStatus = CHALLENGE_STATUS_SUCCESS;
updateRequestOnChallengeEnd(request);
@@ -150,8 +149,8 @@
{
JsonSection result;
if (status == STATUS_BEFORE_CHALLENGE && challengeStatus == "") {
- result.put(JSON_CREDENTIAL_CERT, params.get<std::string>(JSON_CREDENTIAL_CERT, ""));
- result.put(JSON_CREDENTIAL_SELF, params.get<std::string>(JSON_CREDENTIAL_SELF, ""));
+ result.put(JSON_CREDENTIAL_CERT, params.get(JSON_CREDENTIAL_CERT, ""));
+ result.put(JSON_CREDENTIAL_SELF, params.get(JSON_CREDENTIAL_SELF, ""));
}
else {
_LOG_ERROR("Client's status and challenge status are wrong");
diff --git a/src/challenge-module/challenge-email.cpp b/src/challenge-module/challenge-email.cpp
index b22ec93..b9ca344 100644
--- a/src/challenge-module/challenge-email.cpp
+++ b/src/challenge-module/challenge-email.cpp
@@ -50,9 +50,10 @@
void
ChallengeEmail::handleChallengeRequest(const JsonSection& params, CertificateRequest& request)
{
+ auto currentTime = time::system_clock::now();
if (request.m_challengeStatus == "") {
// for the first time, init the challenge
- std::string emailAddress = params.get<std::string>(JSON_EMAIL);
+ std::string emailAddress = params.get(JSON_EMAIL, "");
if (!isValidEmailAddress(emailAddress)) {
request.m_status = STATUS_FAILURE;
request.m_challengeStatus = FAILURE_INVALID_EMAIL;
@@ -79,7 +80,7 @@
JsonSection secretJson;
secretJson.add(JSON_CODE, emailCode);
request.m_challengeSecrets = secretJson;
- request.m_challengeTp = time::toIsoString(time::system_clock::now());
+ request.m_challengeTp = time::toIsoString(currentTime);
request.m_remainingTime = m_secretLifetime.count();
request.m_remainingTries = m_maxAttemptTimes;
// send out the email
@@ -90,9 +91,9 @@
else if (request.m_challengeStatus == NEED_CODE || request.m_challengeStatus == WRONG_CODE) {
_LOG_TRACE("Challenge Interest arrives. Challenge Status: " << request.m_challengeStatus);
// the incoming interest should bring the pin code
- std::string givenCode = params.get<std::string>(JSON_CODE);
+ std::string givenCode = params.get(JSON_CODE, "");
const auto realCode = request.m_challengeSecrets.get<std::string>(JSON_CODE);
- if (time::system_clock::now() - time::fromIsoString(request.m_challengeTp) >= m_secretLifetime) {
+ if (currentTime - time::fromIsoString(request.m_challengeTp) >= m_secretLifetime) {
// secret expires
request.m_status = STATUS_FAILURE;
request.m_challengeStatus = CHALLENGE_STATUS_FAILURE_TIMEOUT;
@@ -113,7 +114,7 @@
if (request.m_remainingTries > 1) {
request.m_challengeStatus = WRONG_CODE;
request.m_remainingTries = request.m_remainingTries - 1;
- auto remainTime = m_secretLifetime - (time::system_clock::now() - time::fromIsoString(request.m_challengeTp));
+ auto remainTime = m_secretLifetime - (currentTime - time::fromIsoString(request.m_challengeTp));
request.m_remainingTime = remainTime.count();
_LOG_TRACE("Secret code didn't match. Remaining Tries - 1.");
return;
@@ -161,15 +162,15 @@
JsonSection result;
if (status == STATUS_BEFORE_CHALLENGE && challengeStatus == "") {
result.put(JSON_CLIENT_SELECTED_CHALLENGE, CHALLENGE_TYPE);
- result.put(JSON_EMAIL, params.get<std::string>(JSON_EMAIL, ""));
+ result.put(JSON_EMAIL, params.get(JSON_EMAIL, ""));
}
else if (status == STATUS_CHALLENGE && challengeStatus == NEED_CODE) {
result.put(JSON_CLIENT_SELECTED_CHALLENGE, CHALLENGE_TYPE);
- result.put(JSON_CODE, params.get<std::string>(JSON_CODE, ""));
+ result.put(JSON_CODE, params.get(JSON_CODE, ""));
}
else if (status == STATUS_CHALLENGE && challengeStatus == WRONG_CODE) {
result.put(JSON_CLIENT_SELECTED_CHALLENGE, CHALLENGE_TYPE);
- result.put(JSON_CODE, params.get<std::string>(JSON_CODE, ""));
+ result.put(JSON_CODE, params.get(JSON_CODE, ""));
}
else {
_LOG_ERROR("Client's status and challenge status are wrong");
diff --git a/src/challenge-module/challenge-pin.cpp b/src/challenge-module/challenge-pin.cpp
index 9534b21..87f36cc 100644
--- a/src/challenge-module/challenge-pin.cpp
+++ b/src/challenge-module/challenge-pin.cpp
@@ -44,6 +44,7 @@
void
ChallengePin::handleChallengeRequest(const JsonSection& params, CertificateRequest& request)
{
+ auto currentTime = time::system_clock::now();
if (request.m_challengeStatus == "") {
_LOG_TRACE("Challenge Interest arrives. Init the challenge");
// for the first time, init the challenge
@@ -54,7 +55,7 @@
JsonSection secretJson;
secretJson.add(JSON_PIN_CODE, secretCode);
request.m_challengeSecrets = secretJson;
- request.m_challengeTp = time::toIsoString(time::system_clock::now());
+ request.m_challengeTp = time::toIsoString(currentTime);
request.m_remainingTime = m_secretLifetime.count();
request.m_remainingTries = m_maxAttemptTimes;
_LOG_TRACE("Secret for request " << request.m_requestId << " : " << secretCode);
@@ -63,9 +64,9 @@
else if (request.m_challengeStatus == NEED_CODE || request.m_challengeStatus == WRONG_CODE) {
_LOG_TRACE("Challenge Interest arrives. Challenge Status: " << request.m_challengeStatus);
// the incoming interest should bring the pin code
- std::string givenCode = params.get<std::string>(JSON_PIN_CODE);
+ std::string givenCode = params.get(JSON_PIN_CODE, "");
const auto realCode = request.m_challengeSecrets.get<std::string>(JSON_PIN_CODE);
- if (time::system_clock::now() - time::fromIsoString(request.m_challengeTp) >= m_secretLifetime) {
+ if (currentTime - time::fromIsoString(request.m_challengeTp) >= m_secretLifetime) {
// secret expires
request.m_status = STATUS_FAILURE;
request.m_challengeStatus = CHALLENGE_STATUS_FAILURE_TIMEOUT;
@@ -86,7 +87,7 @@
if (request.m_remainingTries > 1) {
request.m_challengeStatus = WRONG_CODE;
request.m_remainingTries = request.m_remainingTries - 1;
- auto remainTime = m_secretLifetime - (time::system_clock::now() - time::fromIsoString(request.m_challengeTp));
+ auto remainTime = m_secretLifetime - (currentTime - time::fromIsoString(request.m_challengeTp));
request.m_remainingTime = remainTime.count();
_LOG_TRACE("PIN code didn't match. Remaining Tries - 1.");
return;
@@ -138,11 +139,11 @@
}
else if (status == STATUS_CHALLENGE && challengeStatus == NEED_CODE) {
result.put(JSON_CLIENT_SELECTED_CHALLENGE, CHALLENGE_TYPE);
- result.put(JSON_PIN_CODE, params.get<std::string>(JSON_PIN_CODE, ""));
+ result.put(JSON_PIN_CODE, params.get(JSON_PIN_CODE, ""));
}
else if (status == STATUS_CHALLENGE && challengeStatus == WRONG_CODE) {
result.put(JSON_CLIENT_SELECTED_CHALLENGE, CHALLENGE_TYPE);
- result.put(JSON_PIN_CODE, params.get<std::string>(JSON_PIN_CODE, ""));
+ result.put(JSON_PIN_CODE, params.get(JSON_PIN_CODE, ""));
}
else {
_LOG_ERROR("Client's status and challenge status are wrong");