CA config and Client config: update format and semantics of probe
Refs: https://github.com/named-data/ndncert/wiki/NDNCERT-CA-Configuration
Change-Id: Ia0a8def6aea8565533a0f5364c44768d3849f18f
diff --git a/ca.conf.sample b/ca.conf.sample
index d81a8e9..0324699 100644
--- a/ca.conf.sample
+++ b/ca.conf.sample
@@ -1,34 +1,12 @@
{
- "ca-list":
+ "ca-prefix": "/example",
+ "issuing-freshness": "720",
+ "validity-period": "360",
+ "ca-info": "An example NDNCERT CA",
+ "probe": "[JSON attribute]:[JSON attribute]:[...] Example: email:UID"
+ "supported-challenges":
[
- {
- "ca-prefix": "/ndn",
- "issuing-freshness": "720",
- "validity-period": "360",
- "ca-info": "NDN Testbed CA",
-
- "probe": "email",
-
- "targeted-list": "Use your email address (edu preferred) as input",
- "related-ca-list":
- [
- { "ca-prefix": "/ndn/edu/arizona" },
- { "ca-prefix": "/ndn/edu/memphis" }
- ],
-
- "supported-challenges":
- [
- { "type": "PIN" }
- ]
- },
- {
- "ca-prefix": "/example",
- "issuing-freshness": "720",
- "validity-period": "360",
- "supported-challenges":
- [
- { "type": "PIN" }
- ]
- }
+ { "type": "PIN" },
+ { "type": "Email" }
]
-}
\ No newline at end of file
+}
diff --git a/client.conf.sample b/client.conf.sample
index a0de72a..7e7d316 100644
--- a/client.conf.sample
+++ b/client.conf.sample
@@ -2,10 +2,9 @@
"ca-list":
[
{
- "ca-prefix": "/ndn/CA",
- "ca-info": "NDN Testbed CA",
+ "ca-prefix": "/example",
+ "ca-info": "An example NDNCERT CA",
"probe": "email",
- "target-list": "Use your email address (edu preferred) as input",
"certificate": "Bv0CJAcsCANuZG4IBXNpdGUxCANLRVkICBG8IvRjFf8XCARzZWxmCAn9AAABWcgU2aUUCRgBAhkEADbugBX9AU8wggFLMIIBAwYHKoZIzj0CATCB9wIBATAsBgcqhkjOPQEBAiEA/////wAAAAEAAAAAAAAAAAAAAAD///////////////8wWwQg/////wAAAAEAAAAAAAAAAAAAAAD///////////////wEIFrGNdiqOpPns+u9VXaYhrxlHQawzFOw9jvOPD4n0mBLAxUAxJ02CIbnBJNqZnjhE50mt4GffpAEQQRrF9Hy4SxCR/i85uVjpEDydwN9gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3v1H1AiEA/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQEDQgAES9Cb9iANUNYmwt5bjwNW1mZgjzIkDJb6FTCdiYWnkMMIVxh2YDllphoWDEAPS6kqJczzCuhnGYpZCp9tTaYKGxZMGwEDHB0HGwgDbmRuCAVzaXRlMQgDS0VZCAgRvCL0YxX/F/0A/Sb9AP4PMTk3MDAxMDFUMDAwMDAw/QD/DzIwMzcwMTE3VDIxMjg0NhdIMEYCIQDXkR1hF3GiP7yLXq+0JBJfi9QC+hhAu/1Bykx+MWz6RAIhANwelBTxxZr2C5bD15mjfhWudK4I1tOb4b/9xWCHyM7F"
}
],
diff --git a/src/ca-module.cpp b/src/ca-module.cpp
index 1794528..74985aa 100644
--- a/src/ca-module.cpp
+++ b/src/ca-module.cpp
@@ -195,18 +195,24 @@
if (probeTokenStr != "") {
try {
std::stringstream ss(probeTokenStr);
- probeToken = io::load<security::v2::Certificate>(ss);
+ probeToken = io::load<Data>(ss);
}
catch (const std::exception& e) {
_LOG_ERROR("Unrecognized probe token " << e.what());
return;
}
}
- if (probeToken != nullptr) {
+ if (probeToken == nullptr && m_config.m_probe != "") {
+ // the CA requires PROBE before NEW
+ _LOG_ERROR("CA requires PROBE but no PROBE token is found in NEW Interest.");
+ return;
+ }
+ else if (probeToken != nullptr) {
+ // check whether the carried probe token is a PROBE Data packet
Name prefix = m_config.m_caName;
prefix.append("CA").append("_PROBE");
if (!prefix.isPrefixOf(probeToken->getName())) {
- // the carried probe token is not a Probe Data packet
+ _LOG_ERROR("Carried PROBE token is not a valid PROBE Data packet.");
return;
}
}
@@ -231,7 +237,7 @@
const auto& key = pib.getIdentity(m_config.m_caName).getDefaultKey();
const auto& caCert = key.getDefaultCertificate();
if (!security::verifySignature(*probeToken, caCert)) {
- _LOG_TRACE("Token with bad signature.");
+ _LOG_TRACE("PROBE Token with bad signature.");
return;
}
}
diff --git a/tests/unit-tests/ca-config.t.cpp b/tests/unit-tests/ca-config.t.cpp
index 78aa9da..0e53dff 100644
--- a/tests/unit-tests/ca-config.t.cpp
+++ b/tests/unit-tests/ca-config.t.cpp
@@ -38,7 +38,7 @@
BOOST_CHECK_EQUAL(config.m_caName.toUri(), "/ndn");
BOOST_CHECK_EQUAL(config.m_freshnessPeriod, time::seconds(720));
BOOST_CHECK_EQUAL(config.m_validityPeriod, time::days(360));
- BOOST_CHECK_EQUAL(config.m_probe, "input email address");
+ BOOST_CHECK_EQUAL(config.m_probe, "");
BOOST_CHECK_EQUAL(config.m_caInfo, "ndn testbed ca");
}
diff --git a/tests/unit-tests/ca-module.t.cpp b/tests/unit-tests/ca-module.t.cpp
index a3e5f01..a3fa150 100644
--- a/tests/unit-tests/ca-module.t.cpp
+++ b/tests/unit-tests/ca-module.t.cpp
@@ -108,7 +108,7 @@
auto contentJson = ClientModule::getJsonFromData(response);
auto caItem = ClientConfig::extractCaItem(contentJson);
BOOST_CHECK_EQUAL(caItem.m_caName.toUri(), "/ndn");
- BOOST_CHECK_EQUAL(caItem.m_probe, "input email address");
+ BOOST_CHECK_EQUAL(caItem.m_probe, "");
BOOST_CHECK_EQUAL(caItem.m_anchor.wireEncode(), cert.wireEncode());
BOOST_CHECK_EQUAL(caItem.m_caInfo, "ndn testbed ca");
});
@@ -195,6 +195,7 @@
util::DummyClientFace face(m_io, {true, true});
CaModule ca(face, m_keyChain, "tests/unit-tests/ca.conf.test");
+ ca.m_config.m_probe = "email";
advanceClocks(time::milliseconds(20), 60);
ClientModule client(m_keyChain);
@@ -203,7 +204,7 @@
item.m_anchor = cert;
client.getClientConf().m_caItems.push_back(item);
- auto data = make_shared<Data>(Name("/ndn/CA/probe/123"));
+ auto data = make_shared<Data>(Name("/ndn/CA/_PROBE/123"));
m_keyChain.sign(*data, signingByIdentity(ca.m_config.m_caName));
auto interest = client.generateNewInterest(time::system_clock::now(),
diff --git a/tests/unit-tests/ca.conf.test b/tests/unit-tests/ca.conf.test
index 15b497f..8acd23c 100644
--- a/tests/unit-tests/ca.conf.test
+++ b/tests/unit-tests/ca.conf.test
@@ -3,8 +3,6 @@
"issuing-freshness": "720",
"validity-period": "360",
"ca-info": "ndn testbed ca",
-
- "probe": "input email address",
"supported-challenges":
[
{ "type": "PIN" }
diff --git a/tests/unit-tests/client-config.t.cpp b/tests/unit-tests/client-config.t.cpp
index 5f7c3a5..1026ad8 100644
--- a/tests/unit-tests/client-config.t.cpp
+++ b/tests/unit-tests/client-config.t.cpp
@@ -35,9 +35,9 @@
BOOST_CHECK_EQUAL(config.m_caItems.size(), 2);
const auto& item = config.m_caItems.front();
- BOOST_CHECK_EQUAL(item.m_caName.toUri(), "/ndn/edu/ucla/CA");
+ BOOST_CHECK_EQUAL(item.m_caName.toUri(), "/ndn/edu/ucla");
BOOST_CHECK_EQUAL(item.m_caInfo, "UCLA's ceritificate authority, located in BH4805.");
- BOOST_CHECK_EQUAL(item.m_probe, "Please use your email address to apply a namespace first. UCLA email is preferred.");
+ BOOST_CHECK_EQUAL(item.m_probe, "email");
BOOST_CHECK_EQUAL(item.m_anchor.getName().toUri(),
"/ndn/site1/KEY/%11%BC%22%F4c%15%FF%17/self/%FD%00%00%01Y%C8%14%D9%A5");
@@ -62,7 +62,7 @@
config.removeCaItem(Name("/test"));
BOOST_CHECK_EQUAL(config.m_caItems.size(), 2);
lastItem = config.m_caItems.back();
- BOOST_CHECK_EQUAL(lastItem.m_caName.toUri(), "/ndn/edu/ucla/zhiyi/CA");
+ BOOST_CHECK_EQUAL(lastItem.m_caName.toUri(), "/ndn/edu/ucla/zhiyi");
}
BOOST_AUTO_TEST_SUITE_END() // TestClientConfig
diff --git a/tests/unit-tests/client.conf.test b/tests/unit-tests/client.conf.test
index c75d4d1..903c2bd 100644
--- a/tests/unit-tests/client.conf.test
+++ b/tests/unit-tests/client.conf.test
@@ -1,18 +1,18 @@
{
"ca-list":
[
- {
- "ca-prefix": "/ndn/edu/ucla/CA",
+ {
+ "ca-prefix": "/ndn/edu/ucla",
"ca-info": "UCLA's ceritificate authority, located in BH4805.",
- "probe": "Please use your email address to apply a namespace first. UCLA email is preferred.",
+ "probe": "email",
"certificate": "Bv0CJAcsCANuZG4IBXNpdGUxCANLRVkICBG8IvRjFf8XCARzZWxmCAn9AAABWcgU2aUUCRgBAhkEADbugBX9AU8wggFLMIIBAwYHKoZIzj0CATCB9wIBATAsBgcqhkjOPQEBAiEA/////wAAAAEAAAAAAAAAAAAAAAD///////////////8wWwQg/////wAAAAEAAAAAAAAAAAAAAAD///////////////wEIFrGNdiqOpPns+u9VXaYhrxlHQawzFOw9jvOPD4n0mBLAxUAxJ02CIbnBJNqZnjhE50mt4GffpAEQQRrF9Hy4SxCR/i85uVjpEDydwN9gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3v1H1AiEA/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQEDQgAES9Cb9iANUNYmwt5bjwNW1mZgjzIkDJb6FTCdiYWnkMMIVxh2YDllphoWDEAPS6kqJczzCuhnGYpZCp9tTaYKGxZMGwEDHB0HGwgDbmRuCAVzaXRlMQgDS0VZCAgRvCL0YxX/F/0A/Sb9AP4PMTk3MDAxMDFUMDAwMDAw/QD/DzIwMzcwMTE3VDIxMjg0NhdIMEYCIQDXkR1hF3GiP7yLXq+0JBJfi9QC+hhAu/1Bykx+MWz6RAIhANwelBTxxZr2C5bD15mjfhWudK4I1tOb4b/9xWCHyM7F"
- },
- {
- "ca-prefix": "/ndn/edu/ucla/zhiyi/CA",
+ },
+ {
+ "ca-prefix": "/ndn/edu/ucla/zhiyi",
"ca-info": "Zhiyi's own ceritificate authority",
- "probe": "true",
+ "probe": "email",
"certificate": "Bv0CJAcsCANuZG4IBXNpdGUxCANLRVkICBG8IvRjFf8XCARzZWxmCAn9AAABWcgU2aUUCRgBAhkEADbugBX9AU8wggFLMIIBAwYHKoZIzj0CATCB9wIBATAsBgcqhkjOPQEBAiEA/////wAAAAEAAAAAAAAAAAAAAAD///////////////8wWwQg/////wAAAAEAAAAAAAAAAAAAAAD///////////////wEIFrGNdiqOpPns+u9VXaYhrxlHQawzFOw9jvOPD4n0mBLAxUAxJ02CIbnBJNqZnjhE50mt4GffpAEQQRrF9Hy4SxCR/i85uVjpEDydwN9gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3v1H1AiEA/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQEDQgAES9Cb9iANUNYmwt5bjwNW1mZgjzIkDJb6FTCdiYWnkMMIVxh2YDllphoWDEAPS6kqJczzCuhnGYpZCp9tTaYKGxZMGwEDHB0HGwgDbmRuCAVzaXRlMQgDS0VZCAgRvCL0YxX/F/0A/Sb9AP4PMTk3MDAxMDFUMDAwMDAw/QD/DzIwMzcwMTE3VDIxMjg0NhdIMEYCIQDXkR1hF3GiP7yLXq+0JBJfi9QC+hhAu/1Bykx+MWz6RAIhANwelBTxxZr2C5bD15mjfhWudK4I1tOb4b/9xWCHyM7F"
- }
+ }
],
"local-ndncert-anchor": "/usr/local/etc/ndncert/anchor.key"
}
\ No newline at end of file