Fix the bug when user type in NONE when selecting CAs
Change-Id: Ie12c058ec0685a537300f11dd227771f8e719c28
diff --git a/src/client-config.cpp b/src/client-config.cpp
index 47b75da..19f8a89 100644
--- a/src/client-config.cpp
+++ b/src/client-config.cpp
@@ -20,6 +20,7 @@
#include "client-config.hpp"
#include <ndn-cxx/util/io.hpp>
+#include <fstream>
namespace ndn {
namespace ndncert {
@@ -55,6 +56,32 @@
m_localNdncertAnchor = configSection.get("local-ndncert-anchor", "");
}
+void
+ClientConfig::save(const std::string& fileName)
+{
+ JsonSection configJson;
+ JsonSection caList;
+ std::stringstream ss;
+ for (const auto& item : m_caItems) {
+ JsonSection caItem;
+ caItem.put("ca-prefix", item.m_caName.toUri());
+ caItem.put("ca-info", item.m_caInfo);
+ caItem.put("probe", item.m_probe);
+ ss.str(std::string());
+ io::save(item.m_anchor, ss);
+ caItem.put("certificate", ss.str());
+ caList.push_back(std::make_pair("", caItem));
+ }
+ configJson.add_child("ca-list", caList);
+ ss.str(std::string());
+ boost::property_tree::write_json(ss, configJson);
+
+ std::ofstream configFile;
+ configFile.open(fileName, std::ios::trunc);
+ configFile << ss.str();
+ configFile.close();
+}
+
ClientCaItem
ClientConfig::extractCaItem(const JsonSection& configSection)
{
diff --git a/src/client-config.hpp b/src/client-config.hpp
index ddbdc74..ba02efa 100644
--- a/src/client-config.hpp
+++ b/src/client-config.hpp
@@ -68,6 +68,9 @@
load(const JsonSection& configSection);
void
+ save(const std::string& fileName);
+
+ void
addNewCaItem(const ClientCaItem& item);
void
diff --git a/src/client-module.cpp b/src/client-module.cpp
index 12d835d..24947f4 100644
--- a/src/client-module.cpp
+++ b/src/client-module.cpp
@@ -55,8 +55,23 @@
return interest;
}
+bool
+ClientModule::verifyProbeInfoResponse(const Data& reply)
+{
+ // parse the ca item
+ auto contentJson = getJsonFromData(reply);
+ auto caItem = ClientConfig::extractCaItem(contentJson);
+
+ // verify the probe Data's sig
+ if (!security::verifySignature(reply, caItem.m_anchor)) {
+ _LOG_ERROR("Cannot verify data signature from " << m_ca.m_caName.toUri());
+ return false;
+ }
+ return true;
+}
+
void
-ClientModule::onProbeInfoResponse(const Data& reply)
+ClientModule::addCaFromProbeInfoResponse(const Data& reply)
{
// parse the ca item
auto contentJson = getJsonFromData(reply);
@@ -73,12 +88,6 @@
if (!findItem) {
m_config.m_caItems.push_back(caItem);
}
-
- // verify the probe Data's sig
- if (!security::verifySignature(reply, caItem.m_anchor)) {
- _LOG_ERROR("Cannot verify data signature from " << m_ca.m_caName.toUri());
- return;
- }
}
shared_ptr<Interest>
diff --git a/src/client-module.hpp b/src/client-module.hpp
index 330b3c6..806c5bc 100644
--- a/src/client-module.hpp
+++ b/src/client-module.hpp
@@ -71,6 +71,9 @@
shared_ptr<Interest>
generateProbeInfoInterest(const Name& caName);
+ bool
+ verifyProbeInfoResponse(const Data& reply);
+
/**
* @brief Process the replied PROBE INFO Data packet
* Warning: this function will add a new trust anchor into the application.
@@ -78,7 +81,7 @@
* can be verified in later challenge phase.
*/
void
- onProbeInfoResponse(const Data& reply);
+ addCaFromProbeInfoResponse(const Data& reply);
shared_ptr<Interest>
generateProbeInterest(const ClientCaItem& ca, const std::string& probeInfo);
diff --git a/tools/ndncert-client.cpp b/tools/ndncert-client.cpp
index 2c47424..ea6f3be 100644
--- a/tools/ndncert-client.cpp
+++ b/tools/ndncert-client.cpp
@@ -229,24 +229,29 @@
static void
probeInfoCb(const Data& reply)
{
+ if (!client.verifyProbeInfoResponse(reply)) {
+ std::cerr << "The fetched CA information cannot be trusted because its integrity is broken" << std::endl;
+ return;
+ }
auto contentJson = ClientModule::getJsonFromData(reply);
auto caItem = ClientConfig::extractCaItem(contentJson);
- std::cerr << "Will install new trust anchor, please double check the identity info: \n"
- << "This trust anchor packet is signed by " << reply.getSignature().getKeyLocator() << std::endl
- << "The signing certificate is " << caItem.m_anchor << std::endl;
+ std::cerr << "Will use a new trust anchor, please double check the identity info: \n"
+ << "This trust anchor information is signed by " << reply.getSignature().getKeyLocator() << std::endl
+ << "The certificate is " << caItem.m_anchor << std::endl;
std::cerr << "Do you trust the information? Type in YES or NO" << std::endl;
std::string answer;
getline(std::cin, answer);
boost::algorithm::to_lower(answer);
if (answer == "yes") {
- client.onProbeInfoResponse(reply);
- std::cerr << "You answered YES: new CA has been installed" << std::endl;
+ std::cerr << "You answered YES: new CA will be used" << std::endl;
+ client.addCaFromProbeInfoResponse(reply);
+ // client.getClientConf().save(std::string(SYSCONFDIR) + "/ndncert/client.conf");
startApplication();
}
else {
- std::cerr << "New CA will not be installed" << std::endl;
+ std::cerr << "You answered NO: new CA will not be used" << std::endl;
return;
}
}
@@ -288,7 +293,9 @@
boost::algorithm::to_lower(caIndexSLower);
if (caIndexSLower == "none") {
std::cerr << "Step " << nStep << ": Please type in the CA Name\n";
- face.expressInterest(*client.generateProbeInfoInterest(Name(caIndexS)),
+ std::string expectedCAName;
+ getline(std::cin, expectedCAName);
+ face.expressInterest(*client.generateProbeInfoInterest(Name(expectedCAName)),
bind(&probeInfoCb, _2), bind(&onNackCb), bind(&timeoutCb));
}
else {