Add CaConfig to support CA configuration
Change-Id: I3095b4c8fbe70c2f5b8e27722c0e85d1ec801aba
diff --git a/src/ca-config.cpp b/src/ca-config.cpp
new file mode 100644
index 0000000..753d483
--- /dev/null
+++ b/src/ca-config.cpp
@@ -0,0 +1,114 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2017, Regents of the University of California.
+ *
+ * This file is part of ndncert, a certificate management system based on NDN.
+ *
+ * ndncert is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License along with
+ * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndncert authors and contributors.
+ */
+
+#include "ca-config.hpp"
+#include <ndn-cxx/util/io.hpp>
+#include <boost/filesystem.hpp>
+
+namespace ndn {
+namespace ndncert {
+
+CaConfig::CaConfig() = default;
+
+CaConfig::CaConfig(const std::string& fileName)
+ : m_fileName(fileName)
+{
+ open();
+ load();
+}
+
+void
+CaConfig::open()
+{
+ std::ifstream inputFile;
+ inputFile.open(m_fileName.c_str());
+ if (!inputFile.good() || !inputFile.is_open()) {
+ std::string msg = "Failed to read configuration file: ";
+ msg += m_fileName;
+ BOOST_THROW_EXCEPTION(Error(msg));
+ }
+
+ try {
+ boost::property_tree::read_info(inputFile, m_config);
+ }
+ catch (const boost::property_tree::info_parser_error& error) {
+ BOOST_THROW_EXCEPTION(Error("Failed to parse configuration file " + m_fileName +
+ " " + error.message() + " line " + std::to_string(error.line())));
+ }
+
+ if (m_config.begin() == m_config.end()) {
+ BOOST_THROW_EXCEPTION(Error("Error processing configuration file: " + m_fileName + " no data"));
+ }
+
+ inputFile.close();
+}
+
+void
+CaConfig::load()
+{
+ m_caName = Name(m_config.get<std::string>("name"));
+ m_validatorConfig = m_config.get_child("validator-conf");
+
+ parseCertificateInfo(m_config.get_child("certificate-info"));
+ parseCaAnchor(m_config.get_child("ca-anchor"));
+ parseChallengeList(m_config.get_child("challenge-list"));
+}
+
+void
+CaConfig::parseCertificateInfo(const ConfigSection& configSection)
+{
+ m_freshPeriod = configSection.get<uint64_t>("freshness-period");
+}
+
+void
+CaConfig::parseCaAnchor(const ConfigSection& configSection)
+{
+ std::string type = configSection.get<std::string>("type");
+ std::string value = configSection.get<std::string>("value");
+ if (type == "file") {
+ boost::filesystem::path certfilePath = absolute(value,
+ boost::filesystem::path(m_fileName).parent_path());
+ m_anchor = io::load<security::v2::Certificate>(certfilePath.string());
+ if (m_anchor != nullptr) {
+ BOOST_ASSERT(m_anchor->getName().size() >= 1);
+ }
+ else
+ BOOST_THROW_EXCEPTION(Error("Cannot read certificate from file: " + certfilePath.native()));
+ }
+ else if (type == "base64") {
+ std::istringstream ss(value);
+ m_anchor = io::load<security::v2::Certificate>(ss);
+ }
+ else {
+ BOOST_THROW_EXCEPTION(Error("Unrecognized trust anchor '" + type + "' '" + value + "'"));
+ }
+}
+
+void
+CaConfig::parseChallengeList(const ConfigSection& configSection)
+{
+ auto it = configSection.begin();
+ for (; it != configSection.end(); it++) {
+ m_availableChallenges.push_back(it->second.get<std::string>("type"));
+ }
+}
+
+} // namespace ndncert
+} // namespace ndn
diff --git a/src/ca-config.hpp b/src/ca-config.hpp
new file mode 100644
index 0000000..9bde1f9
--- /dev/null
+++ b/src/ca-config.hpp
@@ -0,0 +1,88 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2017, Regents of the University of California.
+ *
+ * This file is part of ndncert, a certificate management system based on NDN.
+ *
+ * ndncert is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License along with
+ * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndncert authors and contributors.
+ */
+
+#ifndef NDNCERT_CA_CONFIG_HPP
+#define NDNCERT_CA_CONFIG_HPP
+
+#include "ndncert-common.hpp"
+#include <ndn-cxx/security/v2/certificate.hpp>
+
+namespace ndn {
+namespace ndncert {
+
+typedef boost::property_tree::ptree ConfigSection;
+
+/**
+ * @brief Represents a CA configuration instance
+ */
+class CaConfig
+{
+public:
+ /**
+ * @brief Error that can be thrown from CaConfig
+ */
+ class Error : public std::runtime_error
+ {
+ public:
+ explicit
+ Error(const std::string& what)
+ : std::runtime_error(what)
+ {
+ }
+ };
+
+public:
+ CaConfig();
+
+ explicit
+ CaConfig(const std::string& fileName);
+
+PUBLIC_WITH_TESTS_ELSE_PRIVATE:
+ void
+ open();
+
+ void
+ load();
+
+ void
+ parseCertificateInfo(const ConfigSection& configSection);
+
+ void
+ parseCaAnchor(const ConfigSection& configSection);
+
+ void
+ parseChallengeList(const ConfigSection& configSection);
+
+public:
+ Name m_caName;
+ uint64_t m_freshPeriod;
+ shared_ptr<security::v2::Certificate> m_anchor;
+ std::list<std::string> m_availableChallenges;
+ ConfigSection m_validatorConfig;
+
+PUBLIC_WITH_TESTS_ELSE_PRIVATE:
+ ConfigSection m_config;
+ std::string m_fileName;
+};
+
+} // namespace ndncert
+} // namespace ndn
+
+#endif // NDNCERT_CA_CONFIG_HPP
diff --git a/src/ndncert-common.hpp b/src/ndncert-common.hpp
index 6e93164..519b00f 100644
--- a/src/ndncert-common.hpp
+++ b/src/ndncert-common.hpp
@@ -23,7 +23,7 @@
#include "ndncert-config.hpp"
-#ifdef WITH_TESTS
+#ifdef HAVE_TESTS
#define VIRTUAL_WITH_TESTS virtual
#define PUBLIC_WITH_TESTS_ELSE_PROTECTED public
#define PUBLIC_WITH_TESTS_ELSE_PRIVATE public
diff --git a/tests/unit-tests/ca-config.t.cpp b/tests/unit-tests/ca-config.t.cpp
new file mode 100644
index 0000000..09a0d08
--- /dev/null
+++ b/tests/unit-tests/ca-config.t.cpp
@@ -0,0 +1,66 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2017, Regents of the University of California.
+ *
+ * This file is part of ndncert, a certificate management system based on NDN.
+ *
+ * ndncert is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License along with
+ * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndncert authors and contributors.
+ */
+
+#include "identity-management-fixture.hpp"
+#include "ca-config.hpp"
+#include <ndn-cxx/security/transform/base64-encode.hpp>
+#include <ndn-cxx/security/transform/buffer-source.hpp>
+#include <ndn-cxx/security/transform/stream-sink.hpp>
+
+namespace ndn {
+namespace ndncert {
+namespace tests {
+
+BOOST_FIXTURE_TEST_SUITE(TestCaConfig, IdentityManagementV2Fixture)
+
+BOOST_AUTO_TEST_CASE(ReadConfigFileWithFileAnchor)
+{
+ CaConfig config("tests/unit-tests/ca.conf.test");
+ BOOST_CHECK_EQUAL(config.m_caName.toUri(), "/ndn/edu/ucla/cs/zhiyi");
+ BOOST_CHECK_EQUAL(config.m_freshPeriod, 720);
+ BOOST_CHECK_EQUAL(config.m_anchor->getName().toUri(),
+ "/ndn/site1/KEY/%11%BC%22%F4c%15%FF%17/self/%FD%00%00%01Y%C8%14%D9%A5");
+ BOOST_CHECK_EQUAL(config.m_availableChallenges.size(), 1);
+}
+
+BOOST_AUTO_TEST_CASE(ReadConfigFileWithBase64Anchor)
+{
+ auto identity = addIdentity(Name("/ndn/site1"));
+ auto key = identity.getDefaultKey();
+ auto cert = key.getDefaultCertificate();
+
+ using namespace security::transform;
+ std::stringstream ss;
+ bufferSource(cert.wireEncode().wire(), cert.wireEncode().size()) >> base64Encode() >> streamSink(ss);
+
+ const std::string certBase64 = ss.str();
+
+ CaConfig config("tests/unit-tests/ca.conf.test");
+ config.m_config.put("ca-anchor.type", "base64");
+ config.m_config.put("ca-anchor.value", certBase64);
+ config.load();
+ BOOST_CHECK_EQUAL(*(config.m_anchor), cert);
+}
+
+BOOST_AUTO_TEST_SUITE_END() // TestCaConfig
+
+} // namespace tests
+} // namespace ndncert
+} // namespace ndn
diff --git a/tests/unit-tests/ca.conf.test b/tests/unit-tests/ca.conf.test
new file mode 100644
index 0000000..8459594
--- /dev/null
+++ b/tests/unit-tests/ca.conf.test
@@ -0,0 +1,73 @@
+; The namespace that the NDN Certificate Authority will serve.
+name "/ndn/edu/ucla/cs/zhiyi"
+
+; This section configures parameter(s) of the issued certificates.
+certificate-info
+{
+ ; freshness-period defines the freshness period of newly issued certificates.
+ freshness-period 720
+}
+
+; This ca-anchor section configures the CA certificate.
+;
+; The type defines the type of certificate. Now NDNCERT supports two types:
+;
+; file; value should be the file name of the certificate file
+; base64; value should be the Base64 encoded plain text of NDN certificate bytes
+;
+ca-anchor
+{
+ type file
+ value "ca.ndncert.test"
+}
+
+; This challenge-list section defines a list of all available challenge types.
+;
+; It includes one or more challenge. For every challenge, the type should be
+; the unique type identifier of the registered Challenge Module.
+;
+challenge-list
+{
+ challenge
+ {
+ type pin
+ }
+}
+
+;
+validator-conf
+{
+ ; This section defines the trust model for NDNCERT CaModule validator. It consists of rules
+ ; and trust-anchors, which are briefly defined in this file. For more information refer to
+ ; manpage of ndn-validator.conf:
+ ;
+ ; man ndn-validator.conf
+ ;
+ ; A trust-anchor is a pre-trusted certificate. This can be any certificate that is the root
+ ; of certification chain (e.g., NDN testbed root certificate) or an existing default system
+ ; certificate `default.ndncert`. A rule defines conditions a valid packet MUST have. A
+ ; packet must satisfy one of the rules defined here. A rule can be broken into two parts:
+ ; matching & checking. A packet will be matched against rules from the first to the last
+ ; until a matched rule is encountered. The matched rule will be used to check the packet. If
+ ; a packet does not match any rule, it will be treated as invalid. The matching part of a
+ ; rule consists of `for` and `filter` sections. They collectively define which packets can be
+ ; checked with this rule. `for` defines packet type (data or interest) and `filter` defines
+ ; conditions on other properties of a packet. Right now, you can only define conditions on
+ ; packet name, and you can only specify ONLY ONE filter for packet name. The checking part
+ ; of a rule consists of `checker`, which defines the conditions that a VALID packet MUST
+ ; have. See comments in checker section for more details.
+ rule
+ {
+ id "zhiyi interest rule"
+ for interest
+ filter
+ {
+ type name
+ regex ^<ndn><edu><ucla><cs><zhiyi>[<_NEW><_POLL>]<>*$
+ }
+ trust-anchor
+ {
+ type any
+ }
+ }
+}
diff --git a/tests/unit-tests/ca.ndncert.test b/tests/unit-tests/ca.ndncert.test
new file mode 100644
index 0000000..e7d29bf
--- /dev/null
+++ b/tests/unit-tests/ca.ndncert.test
@@ -0,0 +1,12 @@
+Bv0CJAcsCANuZG4IBXNpdGUxCANLRVkICBG8IvRjFf8XCARzZWxmCAn9AAABWcgU
+2aUUCRgBAhkEADbugBX9AU8wggFLMIIBAwYHKoZIzj0CATCB9wIBATAsBgcqhkjO
+PQEBAiEA/////wAAAAEAAAAAAAAAAAAAAAD///////////////8wWwQg/////wAA
+AAEAAAAAAAAAAAAAAAD///////////////wEIFrGNdiqOpPns+u9VXaYhrxlHQaw
+zFOw9jvOPD4n0mBLAxUAxJ02CIbnBJNqZnjhE50mt4GffpAEQQRrF9Hy4SxCR/i8
+5uVjpEDydwN9gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2
+QGg3v1H1AiEA/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQEDQgAE
+S9Cb9iANUNYmwt5bjwNW1mZgjzIkDJb6FTCdiYWnkMMIVxh2YDllphoWDEAPS6kq
+JczzCuhnGYpZCp9tTaYKGxZMGwEDHB0HGwgDbmRuCAVzaXRlMQgDS0VZCAgRvCL0
+YxX/F/0A/Sb9AP4PMTk3MDAxMDFUMDAwMDAw/QD/DzIwMzcwMTE3VDIxMjg0NhdI
+MEYCIQDXkR1hF3GiP7yLXq+0JBJfi9QC+hhAu/1Bykx+MWz6RAIhANwelBTxxZr2
+C5bD15mjfhWudK4I1tOb4b/9xWCHyM7F
\ No newline at end of file