a number of fix and update
Change-Id: I657926268c1977e45c04974bcd36dc2570b4d172
diff --git a/src/ca-module.cpp b/src/ca-module.cpp
index 2f2ba91..7fdfb07 100644
--- a/src/ca-module.cpp
+++ b/src/ca-module.cpp
@@ -388,7 +388,7 @@
requestState.m_status = Status::SUCCESS;
m_storage->deleteRequest(requestState.m_requestId);
- payload = CHALLENGE::encodeDataPayload(requestState);
+ payload = CHALLENGE::encodeDataContent(requestState);
payload.parse();
payload.push_back(makeNestedBlock(tlv_issued_cert_name, issuedCert.getName()));
payload.encode();
@@ -398,13 +398,13 @@
requestState.m_status = Status::SUCCESS;
m_storage->deleteRequest(requestState.m_requestId);
- payload = CHALLENGE::encodeDataPayload(requestState);
+ payload = CHALLENGE::encodeDataContent(requestState);
_LOG_TRACE("Challenge succeeded. Certificate has been revoked");
}
}
else {
m_storage->updateRequest(requestState);
- payload = CHALLENGE::encodeDataPayload(requestState);
+ payload = CHALLENGE::encodeDataContent(requestState);
_LOG_TRACE("No failure no success. Challenge moves on");
}
diff --git a/src/identity-challenge/challenge-module.cpp b/src/identity-challenge/challenge-module.cpp
index 28624d7..0570ed5 100644
--- a/src/identity-challenge/challenge-module.cpp
+++ b/src/identity-challenge/challenge-module.cpp
@@ -24,8 +24,6 @@
namespace ndn {
namespace ndncert {
-const std::string ChallengeModule::SUCCESS = "success";
-
ChallengeModule::ChallengeModule(const std::string& challengeType,
size_t maxAttemptTimes,
time::seconds secretLifetime)
diff --git a/src/identity-challenge/challenge-module.hpp b/src/identity-challenge/challenge-module.hpp
index 7021666..deed763 100644
--- a/src/identity-challenge/challenge-module.hpp
+++ b/src/identity-challenge/challenge-module.hpp
@@ -81,8 +81,6 @@
const size_t m_maxAttemptTimes;
const time::seconds m_secretLifetime;
- static const std::string SUCCESS;
-
private:
typedef function<unique_ptr<ChallengeModule>()> ChallengeCreateFunc;
typedef std::map<std::string, ChallengeCreateFunc> ChallengeFactory;
diff --git a/src/protocol-detail/challenge.cpp b/src/protocol-detail/challenge.cpp
index bc53b8c..aa0d884 100644
--- a/src/protocol-detail/challenge.cpp
+++ b/src/protocol-detail/challenge.cpp
@@ -23,50 +23,41 @@
namespace ndn {
namespace ndncert {
-_LOG_INIT(ndncert.encoding.challenge);
-
Block
-CHALLENGE::encodeDataPayload(const CaState& request)
+CHALLENGE::encodeDataContent(const CaState& request)
{
Block response = makeEmptyBlock(tlv_encrypted_payload);
response.push_back(makeNonNegativeIntegerBlock(tlv_status, static_cast<size_t>(request.m_status)));
if (request.m_challengeState) {
response.push_back(makeStringBlock(tlv_challenge_status, request.m_challengeState->m_challengeStatus));
response.push_back(
- makeNonNegativeIntegerBlock(tlv_remaining_tries, request.m_challengeState->m_remainingTries));
+ makeNonNegativeIntegerBlock(tlv_remaining_tries, request.m_challengeState->m_remainingTries));
response.push_back(
- makeNonNegativeIntegerBlock(tlv_remaining_time, request.m_challengeState->m_remainingTime.count()));
- } else if (request.m_status != Status::SUCCESS || request.m_status != Status::FAILURE){
- _LOG_ERROR("Unsuccessful challenge does not have a challenge state");
+ makeNonNegativeIntegerBlock(tlv_remaining_time, request.m_challengeState->m_remainingTime.count()));
}
response.encode();
return response;
}
-CHALLENGE::DecodedData
-CHALLENGE::decodeDataPayload(const Block& data){
- data.parse();
- Status status = static_cast<Status>(readNonNegativeInteger(data.get(tlv_status)));
- DecodedData decodedData{status, nullopt, nullopt, nullopt, nullopt};
- if (data.find(tlv_challenge_status) != data.elements_end()) {
- decodedData.challengeStatus = readString(data.get(tlv_challenge_status));
- }
- if (data.find(tlv_remaining_tries) != data.elements_end()) {
- decodedData.remainingTries = readNonNegativeInteger(data.get(tlv_remaining_tries));
- }
- if (data.find(tlv_remaining_time) != data.elements_end()) {
- decodedData.remainingTime = time::seconds(readNonNegativeInteger(data.get(tlv_remaining_time)));
- }
- if (data.find(tlv_issued_cert_name) != data.elements_end()) {
- Block issuedCertNameBlock = data.get(tlv_issued_cert_name);
- decodedData.issuedCertName = Name(issuedCertNameBlock.blockFromValue());
- }
-
- return decodedData;
+void
+CHALLENGE::decodeDataContent(const Block& data, RequesterState& state)
+{
+ data.parse();
+ state.m_status = static_cast<Status>(readNonNegativeInteger(data.get(tlv_status)));
+ if (data.find(tlv_challenge_status) != data.elements_end()) {
+ state.m_challengeStatus = readString(data.get(tlv_challenge_status));
+ }
+ if (data.find(tlv_remaining_tries) != data.elements_end()) {
+ state.m_remainingTries = readNonNegativeInteger(data.get(tlv_remaining_tries));
+ }
+ if (data.find(tlv_remaining_time) != data.elements_end()) {
+ state.m_freshBefore = time::system_clock::now() + time::seconds(readNonNegativeInteger(data.get(tlv_remaining_time)));
+ }
+ if (data.find(tlv_issued_cert_name) != data.elements_end()) {
+ Block issuedCertNameBlock = data.get(tlv_issued_cert_name);
+ state.m_issuedCertName = Name(issuedCertNameBlock.blockFromValue());
+ }
}
-} // namespace ndncert
-} // namespace ndn
-
-
-
+} // namespace ndncert
+} // namespace ndn
diff --git a/src/protocol-detail/challenge.hpp b/src/protocol-detail/challenge.hpp
index 42eb485..23a9d84 100644
--- a/src/protocol-detail/challenge.hpp
+++ b/src/protocol-detail/challenge.hpp
@@ -22,6 +22,7 @@
#define NDNCERT_PROTOCOL_DETAIL_CHALLENGE_HPP
#include "../ca-state.hpp"
+#include "../requester-state.hpp"
namespace ndn {
namespace ndncert {
@@ -29,18 +30,10 @@
class CHALLENGE {
public:
static Block
- encodeDataPayload(const CaState& request);
+ encodeDataContent(const CaState& request);
- struct DecodedData{
- Status status;
- optional<std::string> challengeStatus;
- optional<size_t> remainingTries;
- optional<time::seconds> remainingTime;
- optional<Name> issuedCertName;
- };
-
- static DecodedData
- decodeDataPayload(const Block& data);
+ static void
+ decodeDataContent(const Block& data, RequesterState& state);
};
} // namespace ndncert
diff --git a/src/requester-state.cpp b/src/requester-state.cpp
new file mode 100644
index 0000000..f6ab099
--- /dev/null
+++ b/src/requester-state.cpp
@@ -0,0 +1,34 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2017-2020, Regents of the University of California.
+ *
+ * This file is part of ndncert, a certificate management system based on NDN.
+ *
+ * ndncert is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License along with
+ * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndncert authors and contributors.
+ */
+
+#include "requester-state.hpp"
+
+namespace ndn {
+namespace ndncert {
+
+RequesterState::RequesterState(security::KeyChain& keyChain, const CaProfile& caItem, RequestType requestType)
+ : m_caItem(caItem)
+ , m_keyChain(keyChain)
+ , m_type(requestType)
+{
+}
+
+} // namespace ndncert
+} // namespace ndn
\ No newline at end of file
diff --git a/src/requester-state.hpp b/src/requester-state.hpp
new file mode 100644
index 0000000..5d87ea3
--- /dev/null
+++ b/src/requester-state.hpp
@@ -0,0 +1,103 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2017-2020, Regents of the University of California.
+ *
+ * This file is part of ndncert, a certificate management system based on NDN.
+ *
+ * ndncert is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License along with
+ * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndncert authors and contributors.
+ */
+
+#ifndef NDNCERT_REQUESTER_STATE_HPP
+#define NDNCERT_REQUESTER_STATE_HPP
+
+#include "ndncert-common.hpp"
+#include "crypto-support/crypto-helper.hpp"
+#include "configuration.hpp"
+
+namespace ndn {
+namespace ndncert {
+
+struct RequesterState {
+ explicit
+ RequesterState(security::KeyChain& keyChain, const CaProfile& caItem, RequestType requestType);
+
+ /**
+ * The CA profile for this request.
+ */
+ CaProfile m_caItem;
+ /**
+ * The local keychain to generate and install identities, keys and certificates
+ */
+ security::KeyChain& m_keyChain;
+ /**
+ * The type of request. Either NEW, RENEW, or REVOKE.
+ */
+ RequestType m_type;
+
+ /**
+ * The identity name for the requesting certificate.
+ */
+ Name m_identityName;
+ /**
+ * The keypair for the request.
+ */
+ security::Key m_keyPair;
+ /**
+ * The CA-generated request ID for the request.
+ */
+ std::string m_requestId;
+ /**
+ * The current status of the request.
+ */
+ Status m_status = Status::NOT_STARTED;
+
+ /**
+ * The type of challenge chosen.
+ */
+ std::string m_challengeType;
+ /**
+ * The status of the current challenge.
+ */
+ std::string m_challengeStatus;
+ /**
+ * The remaining number of tries left for the challenge
+ */
+ int m_remainingTries = 0;
+ /**
+ * The time this challenge will remain fresh
+ */
+ time::system_clock::TimePoint m_freshBefore;
+ /**
+ * the name of the certificate being issued.
+ */
+ Name m_issuedCertName;
+ /**
+ * ecdh state.
+ */
+ ECDHState m_ecdh;
+ /**
+ * AES key derived from the ecdh shared secret.
+ */
+ uint8_t m_aesKey[16] = {0};
+ /**
+ * State about how identity/key is generated.
+ */
+ bool m_isNewlyCreatedIdentity = false;
+ bool m_isNewlyCreatedKey = false;
+};
+
+} // namespace ndncert
+} // namespace ndn
+
+#endif // NDNCERT_REQUESTER_STATE_HPP
diff --git a/src/requester.cpp b/src/requester.cpp
index 5229c9c..39a265f 100644
--- a/src/requester.cpp
+++ b/src/requester.cpp
@@ -40,13 +40,6 @@
_LOG_INIT(ndncert.client);
-RequesterState::RequesterState(security::KeyChain& keyChain, const CaProfile& caItem, RequestType requestType)
- : m_caItem(caItem)
- , m_keyChain(keyChain)
- , m_type(requestType)
-{
-}
-
shared_ptr<Interest>
Requester::genCaProfileDiscoveryInterest(const Name& caName)
{
@@ -267,19 +260,7 @@
processIfError(reply);
auto result = decodeBlockWithAesGcm128(reply.getContent(), state.m_aesKey, (const uint8_t*)"test", strlen("test"));
Block contentTLV = makeBinaryBlock(tlv_encrypted_payload, result.data(), result.size());
- auto decoded = CHALLENGE::decodeDataPayload(contentTLV);
-
- // update state
- state.m_status = decoded.status;
- if (decoded.status != Status::SUCCESS && decoded.status != Status::FAILURE) {
- state.m_challengeStatus = *decoded.challengeStatus;
- state.m_remainingTries = *decoded.remainingTries;
- state.m_freshBefore = time::system_clock::now() + *decoded.remainingTime;
- }
-
- if (decoded.issuedCertName) {
- state.m_issuedCertName = *decoded.issuedCertName;
- }
+ CHALLENGE::decodeDataContent(contentTLV, state);
}
shared_ptr<Interest>
diff --git a/src/requester.hpp b/src/requester.hpp
index f08e579..2b6c3c3 100644
--- a/src/requester.hpp
+++ b/src/requester.hpp
@@ -21,9 +21,7 @@
#ifndef NDNCERT_REQUESTER_HPP
#define NDNCERT_REQUESTER_HPP
-#include "configuration.hpp"
-#include "ca-state.hpp"
-#include "crypto-support/crypto-helper.hpp"
+#include "requester-state.hpp"
namespace ndn {
namespace ndncert {
@@ -32,69 +30,6 @@
// For each RequesterState, create a validator instance and initialize it with CA's cert
// The validator instance should be in CaProfile
-struct RequesterState {
- explicit
- RequesterState(security::KeyChain& keyChain, const CaProfile& caItem, RequestType requestType);
-
- /**
- * The CA profile for this request.
- */
- CaProfile m_caItem;
- /**
- * The local keychain to generate and install identities, keys and certificates
- */
- security::KeyChain& m_keyChain;
- /**
- * The type of request. Either NEW, RENEW, or REVOKE.
- */
- RequestType m_type;
-
- /**
- * The identity name for the requesting certificate.
- */
- Name m_identityName;
- /**
- * The keypair for the request.
- */
- security::Key m_keyPair;
- /**
- * The CA-generated request ID for the request.
- */
- std::string m_requestId;
- /**
- * The current status of the request.
- */
- Status m_status = Status::NOT_STARTED;
-
- /**
- * The type of challenge chosen.
- */
- std::string m_challengeType;
- /**
- * The status of the current challenge.
- */
- std::string m_challengeStatus;
- /**
- * The remaining number of tries left for the challenge
- */
- int m_remainingTries = 0;
- /**
- * The time this challenge will remain fresh
- */
- time::system_clock::TimePoint m_freshBefore;
- /**
- * the name of the certificate being issued.
- */
- Name m_issuedCertName;
-
- ECDHState m_ecdh;
- uint8_t m_aesKey[16] = {0};
-
- bool m_isCertInstalled = false;
- bool m_isNewlyCreatedIdentity = false;
- bool m_isNewlyCreatedKey = false;
-};
-
class Requester : noncopyable
{
public: