Add CA module
Change-Id: Ic7a7291911c56fce907f1f201fb6dce16a444a44
diff --git a/src/ca-detail/ca-memory.cpp b/src/ca-detail/ca-memory.cpp
new file mode 100644
index 0000000..bde895d
--- /dev/null
+++ b/src/ca-detail/ca-memory.cpp
@@ -0,0 +1,114 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2017, Regents of the University of California.
+ *
+ * This file is part of ndncert, a certificate management system based on NDN.
+ *
+ * ndncert is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License along with
+ * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndncert authors and contributors.
+ */
+
+#include "ca-memory.hpp"
+
+namespace ndn {
+namespace ndncert {
+
+const std::string
+CaMemory::STORAGE_TYPE = "ca-storage-memory";
+
+NDNCERT_REGISTER_CA_STORAGE(CaMemory);
+
+CertificateRequest
+CaMemory::getRequest(const std::string& requestId)
+{
+ auto search = m_requests.find(requestId);
+ if (search == m_requests.end()) {
+ BOOST_THROW_EXCEPTION(Error("Request " + requestId + " doest not exists"));
+ }
+ return search->second;
+}
+
+void
+CaMemory::addRequest(const CertificateRequest& request)
+{
+ auto search = m_requests.find(request.getRequestId());
+ if (search == m_requests.end()) {
+ m_requests[request.getRequestId()] = request;
+ }
+ else {
+ BOOST_THROW_EXCEPTION(Error("Request " + request.getRequestId() + " already exists"));
+ }
+}
+
+void
+CaMemory::updateRequest(const CertificateRequest& request)
+{
+ m_requests[request.getRequestId()] = request;
+}
+
+void
+CaMemory::deleteRequest(const std::string& requestId)
+{
+ auto search = m_requests.find(requestId);
+ if (search != m_requests.end()) {
+ m_requests.erase(search);
+ }
+}
+
+// certificate related
+security::v2::Certificate
+CaMemory::getCertificate(const std::string& certId)
+{
+ security::v2::Certificate cert;
+ auto search = m_issuedCerts.find(certId);
+ if (search != m_issuedCerts.end()) {
+ cert = search->second;
+ }
+ return cert;
+}
+
+void
+CaMemory::addCertificate(const std::string& certId, const security::v2::Certificate& cert)
+{
+ auto search = m_issuedCerts.find(certId);
+ if (search == m_issuedCerts.end()) {
+ m_issuedCerts[certId] = cert;
+ }
+ else {
+ BOOST_THROW_EXCEPTION(Error("Certificate " + cert.getName().toUri() + " does not exists"));
+ }
+}
+
+void
+CaMemory::updateCertificate(const std::string& certId, const security::v2::Certificate& cert)
+{
+ auto search = m_issuedCerts.find(certId);
+ if (search == m_issuedCerts.end()) {
+ m_issuedCerts[certId] = cert;
+ }
+ else {
+ BOOST_THROW_EXCEPTION(Error("Certificate " + cert.getName().toUri() + " does not exists"));
+ }
+}
+
+void
+CaMemory::deleteCertificate(const std::string& certId)
+{
+ auto search = m_issuedCerts.find(certId);
+ if (search != m_issuedCerts.end()) {
+ m_issuedCerts.erase(search);
+ }
+}
+
+} // namespace ndncert
+} // namespace ndn
diff --git a/src/ca-detail/ca-memory.hpp b/src/ca-detail/ca-memory.hpp
new file mode 100644
index 0000000..249321d
--- /dev/null
+++ b/src/ca-detail/ca-memory.hpp
@@ -0,0 +1,69 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2017, Regents of the University of California.
+ *
+ * This file is part of ndncert, a certificate management system based on NDN.
+ *
+ * ndncert is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License along with
+ * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndncert authors and contributors.
+ */
+
+#ifndef NDNCERT_CA_DETAIL_CA_MEMORY_HPP
+#define NDNCERT_CA_DETAIL_CA_MEMORY_HPP
+
+#include "../ca-storage.hpp"
+
+namespace ndn {
+namespace ndncert {
+
+class CaMemory : public CaStorage
+{
+public:
+ const static std::string STORAGE_TYPE;
+
+public:
+ // certificate request related
+ CertificateRequest
+ getRequest(const std::string& requestId) override;
+
+ void
+ addRequest(const CertificateRequest& request) override;
+
+ void
+ updateRequest(const CertificateRequest& request) override;
+
+ void
+ deleteRequest(const std::string& requestId) override;
+
+ // certificate related
+ security::v2::Certificate
+ getCertificate(const std::string& certId) override;
+
+ void
+ addCertificate(const std::string& certId, const security::v2::Certificate& cert) override;
+
+ void
+ updateCertificate(const std::string& certId, const security::v2::Certificate& cert) override;
+
+ void
+ deleteCertificate(const std::string& certId) override;
+
+private:
+ std::map<std::string, CertificateRequest> m_requests;
+ std::map<std::string, security::v2::Certificate> m_issuedCerts;
+};
+
+} // namespace ndncert
+} // namespace ndn
+
+#endif // NDNCERT_CA_DETAIL_CA_MEMORY_HPP
diff --git a/src/ca-module.cpp b/src/ca-module.cpp
new file mode 100644
index 0000000..b0d0e44
--- /dev/null
+++ b/src/ca-module.cpp
@@ -0,0 +1,370 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2017, Regents of the University of California.
+ *
+ * This file is part of ndncert, a certificate management system based on NDN.
+ *
+ * ndncert is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License along with
+ * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndncert authors and contributors.
+ */
+
+#include "ca-module.hpp"
+#include "challenge-module.hpp"
+#include "logging.hpp"
+#include <ndn-cxx/face.hpp>
+#include <ndn-cxx/security/verification-helpers.hpp>
+#include <ndn-cxx/security/signing-helpers.hpp>
+
+namespace ndn {
+namespace ndncert {
+
+_LOG_INIT(ndncert.ca);
+
+CaModule::CaModule(Face& face, security::v2::KeyChain& keyChain,
+ const std::string& configPath, const std::string& storageType)
+ : m_face(face)
+ , m_keyChain(keyChain)
+{
+ m_config.load(configPath);
+ m_storage = CaStorage::createCaStorage(storageType);
+
+ for (const auto& item : m_config.m_caItems) {
+ Name prefix = item.m_caName;
+ prefix.append("CA");
+ try {
+ const RegisteredPrefixId* prefixId = m_face.registerPrefix(prefix,
+ [&] (const Name& name) {
+ const InterestFilterId* filterId = m_face.setInterestFilter(Name(name).append("_PROBE"),
+ bind(&CaModule::handleProbe, this, _2, item));
+ m_interestFilterIds.push_back(filterId);
+
+ filterId = m_face.setInterestFilter(Name(name).append("_NEW"),
+ bind(&CaModule::handleNew, this, _2, item));
+ m_interestFilterIds.push_back(filterId);
+
+ filterId = m_face.setInterestFilter(Name(name).append("_SELECT"),
+ bind(&CaModule::handleSelect, this, _2, item));
+ m_interestFilterIds.push_back(filterId);
+
+ filterId = m_face.setInterestFilter(Name(name).append("_VALIDATE"),
+ bind(&CaModule::handleValidate, this, _2, item));
+ m_interestFilterIds.push_back(filterId);
+
+ filterId = m_face.setInterestFilter(Name(name).append("_STATUS"),
+ bind(&CaModule::handleStatus, this, _2, item));
+ m_interestFilterIds.push_back(filterId);
+
+ filterId = m_face.setInterestFilter(Name(name).append("_DOWNLOAD"),
+ bind(&CaModule::handleDownload, this, _2, item));
+ m_interestFilterIds.push_back(filterId);
+
+ _LOG_TRACE("Prefix " << name << " got registered");
+ },
+ bind(&CaModule::onRegisterFailed, this, _2));
+ m_registeredPrefixIds.push_back(prefixId);
+ }
+ catch (const std::exception& e) {
+ _LOG_TRACE("Error: " << e.what());
+ }
+ }
+}
+
+CaModule::~CaModule()
+{
+ for (auto prefixId : m_interestFilterIds) {
+ m_face.unsetInterestFilter(prefixId);
+ }
+ for (auto prefixId : m_registeredPrefixIds) {
+ m_face.unregisterPrefix(prefixId, nullptr, nullptr);
+ }
+}
+
+void
+CaModule::handleProbe(const Interest& request, const CaItem& caItem)
+{
+ // PROBE Naming Convention: /CA-prefix/_PROBE/<Probe Information>
+ _LOG_TRACE("Handle PROBE request");
+
+ std::string identifier;
+ try {
+ identifier = m_probeHandler(readString(request.getName().at(caItem.m_caName.size() + 2)));
+ }
+ catch (const std::exception& e) {
+ _LOG_TRACE("Cannot generate identifier for PROBE request " << e.what());
+ return;
+ }
+ Name identityName = caItem.m_caName;
+ identityName.append(identifier);
+
+ Data result;
+ result.setName(request.getName());
+ result.setContent(dataContentFromJson(genResponseProbeJson(identityName, "")));
+ m_keyChain.sign(result, signingByCertificate(caItem.m_anchor));
+ m_face.put(result);
+
+ _LOG_TRACE("Handle PROBE: generate identity " << identityName);
+}
+
+void
+CaModule::handleNew(const Interest& request, const CaItem& caItem)
+{
+ // NEW Naming Convention: /CA-prefix/_NEW/<certificate-request>/[signature]
+ _LOG_TRACE("Handle NEW request");
+
+ security::v2::Certificate clientCert;
+ try {
+ clientCert.wireDecode(request.getName().at(caItem.m_caName.size() + 2).blockFromValue());
+ }
+ catch (const std::exception& e) {
+ _LOG_TRACE("Unrecognized certificate request " << e.what());
+ return;
+ }
+ std::string requestId = std::to_string(random::generateWord64());
+ CertificateRequest certRequest(caItem.m_caName, requestId, clientCert);
+ try {
+ m_storage->addRequest(certRequest);
+ }
+ catch (const std::exception& e) {
+ _LOG_TRACE("Cannot add new request instance " << e.what());
+ return;
+ }
+
+ Data result;
+ result.setName(request.getName());
+ result.setContent(dataContentFromJson(genResponseNewJson(requestId,
+ ChallengeModule::WAIT_SELECTION,
+ caItem.m_supportedChallenges)));
+ m_keyChain.sign(result, signingByCertificate(caItem.m_anchor));
+ m_face.put(result);
+}
+
+void
+CaModule::handleSelect(const Interest& request, const CaItem& caItem)
+{
+ // SELECT Naming Convention: /CA-prefix/_SELECT/{Request-ID JSON}/<ChallengeID>/
+ // {Param JSON}/[Signature components]
+ _LOG_TRACE("Handle SELECT request");
+
+ CertificateRequest certRequest = getCertificateRequest(request, caItem.m_caName);
+ if (certRequest.getRequestId().empty()) {
+ return;
+ }
+
+ if (!security::verifySignature(request, certRequest.getCert())) {
+ _LOG_TRACE("Error: Interest with bad signature.");
+ return;
+ }
+
+ std::string challengeType;
+ try {
+ challengeType = readString(request.getName().at(caItem.m_caName.size() + 3));
+ }
+ catch (const std::exception& e) {
+ _LOG_TRACE(e.what());
+ return;
+ }
+ auto challenge = ChallengeModule::createChallengeModule(challengeType);
+ if (challenge == nullptr) {
+ _LOG_TRACE("Unrecognized challenge type " << challengeType);
+ return;
+ }
+ JsonSection contentJson = challenge->handleChallengeRequest(request, certRequest);
+ try {
+ m_storage->updateRequest(certRequest);
+ }
+ catch (const std::exception& e) {
+ _LOG_TRACE("Cannot update request instance " << e.what());
+ return;
+ }
+
+ Data result;
+ result.setName(request.getName());
+ result.setContent(dataContentFromJson(contentJson));
+ m_keyChain.sign(result, signingByCertificate(caItem.m_anchor));
+ m_face.put(result);
+}
+
+void
+CaModule::handleValidate(const Interest& request, const CaItem& caItem)
+{
+ // VALIDATE Naming Convention: /CA-prefix/_VALIDATE/{Request-ID JSON}/<ChallengeID>/
+ // {Param JSON}/[Signature components]
+ _LOG_TRACE("Handle VALIDATE request");
+
+ CertificateRequest certRequest = getCertificateRequest(request, caItem.m_caName);
+ if (certRequest.getRequestId().empty()) {
+ return;
+ }
+
+ if (!security::verifySignature(request, certRequest.getCert())) {
+ _LOG_TRACE("Error: Interest with bad signature.");
+ return;
+ }
+
+ std::string challengeType = certRequest.getChallengeType();
+ auto challenge = ChallengeModule::createChallengeModule(challengeType);
+ if (challenge == nullptr) {
+ _LOG_TRACE("Unrecognized challenge type " << challengeType);
+ return;
+ }
+ JsonSection contentJson = challenge->handleChallengeRequest(request, certRequest);
+ try {
+ m_storage->updateRequest(certRequest);
+ }
+ catch (const std::exception& e) {
+ _LOG_TRACE("Cannot update request instance " << e.what());
+ return;
+ }
+
+ Data result;
+ result.setName(request.getName());
+ result.setContent(dataContentFromJson(contentJson));
+ m_keyChain.sign(result, signingByCertificate(caItem.m_anchor));
+ m_face.put(result);
+
+ if (certRequest.getStatus() == ChallengeModule::SUCCESS) {
+ issueCertificate(certRequest, caItem);
+ }
+}
+
+void
+CaModule::handleStatus(const Interest& request, const CaItem& caItem)
+{
+ // STATUS Naming Convention: /CA-prefix/_STATUS/{Request-ID JSON}/[Signature components]
+ _LOG_TRACE("Handle STATUS request");
+
+ CertificateRequest certRequest = getCertificateRequest(request, caItem.m_caName);
+ if (certRequest.getRequestId().empty()) {
+ return;
+ }
+
+ if (!security::verifySignature(request, certRequest.getCert())) {
+ _LOG_TRACE("Error: Interest with bad signature.");
+ return;
+ }
+
+ std::string challengeType = certRequest.getChallengeType();
+ auto challenge = ChallengeModule::createChallengeModule(challengeType);
+ if (challenge == nullptr) {
+ _LOG_TRACE("Unrecognized challenge type " << challengeType);
+ return;
+ }
+ JsonSection contentJson = challenge->handleChallengeRequest(request, certRequest);
+
+ Data result;
+ result.setName(request.getName());
+ result.setContent(dataContentFromJson(contentJson));
+ m_keyChain.sign(result, signingByCertificate(caItem.m_anchor));
+ m_face.put(result);
+}
+
+void
+CaModule::handleDownload(const Interest& request, const CaItem& caItem)
+{
+ // DOWNLOAD Naming Convention: /CA-prefix/_DOWNLOAD/{Request-ID JSON}
+ _LOG_TRACE("Handle DOWNLOAD request");
+
+ JsonSection requestIdJson = jsonFromNameComponent(request.getName(), caItem.m_caName.size() + 2);
+ std::string requestId = requestIdJson.get(JSON_REQUEST_ID, "");
+ security::v2::Certificate signedCert;
+ try {
+ signedCert = m_storage->getCertificate(requestId);
+ }
+ catch (const std::exception& e) {
+ _LOG_TRACE("Error: " << e.what());
+ return;
+ }
+
+ Data result;
+ result.setName(request.getName());
+ result.setContent(signedCert.wireEncode());
+ m_keyChain.sign(result, signingWithSha256());
+ m_face.put(result);
+}
+
+void
+CaModule::issueCertificate(const CertificateRequest& certRequest, const CaItem& caItem)
+{
+ Name certName = certRequest.getCert().getKeyName();
+ certName.append("NDNCERT").appendVersion();
+ security::v2::Certificate newCert;
+ newCert.setName(certName);
+ newCert.setContent(certRequest.getCert().getContent());
+ SignatureInfo signatureInfo;
+ security::ValidityPeriod period(time::system_clock::now(),
+ time::system_clock::now() + caItem.m_validityPeriod);
+ signatureInfo.setValidityPeriod(period);
+ security::SigningInfo signingInfo(security::SigningInfo::SIGNER_TYPE_CERT,
+ caItem.m_anchor, signatureInfo);
+ newCert.setFreshnessPeriod(caItem.m_freshnessPeriod);
+
+ m_keyChain.sign(newCert, signingInfo);
+ try {
+ m_storage->addCertificate(certRequest.getRequestId(), newCert);
+ m_storage->deleteRequest(certRequest.getRequestId());
+ _LOG_TRACE("New Certificate Issued " << certName);
+ }
+ catch (const std::exception& e) {
+ _LOG_TRACE("Error: Cannot add issued cert and remove the request " << e.what());
+ return;
+ }
+}
+
+CertificateRequest
+CaModule::getCertificateRequest(const Interest& request, const Name& caName)
+{
+ JsonSection requestIdJson = jsonFromNameComponent(request.getName(), caName.size() + 2);
+ std::string requestId = requestIdJson.get(JSON_REQUEST_ID, "");
+ CertificateRequest certRequest;
+ try {
+ certRequest = m_storage->getRequest(requestId);
+ }
+ catch (const std::exception& e) {
+ _LOG_TRACE("Error: " << e.what());
+ }
+ return certRequest;
+}
+
+void
+CaModule::onRegisterFailed(const std::string& reason)
+{
+ _LOG_TRACE("Error: failed to register prefix in local hub's daemon, REASON: " << reason);
+}
+
+Block
+CaModule::dataContentFromJson(const JsonSection& jsonSection)
+{
+ std::stringstream ss;
+ boost::property_tree::write_json(ss, jsonSection);
+ return makeStringBlock(ndn::tlv::Content, ss.str());
+}
+
+JsonSection
+CaModule::jsonFromNameComponent(const Name& name, int pos)
+{
+ std::string jsonString;
+ try {
+ jsonString = encoding::readString(name.at(pos));
+ }
+ catch (const std::exception& e) {
+ _LOG_TRACE(e.what());
+ return JsonSection();
+ }
+ std::istringstream ss(jsonString);
+ JsonSection json;
+ boost::property_tree::json_parser::read_json(ss, json);
+ return json;
+}
+
+} // namespace ndncert
+} // namespace ndn
diff --git a/src/ca-module.hpp b/src/ca-module.hpp
new file mode 100644
index 0000000..240a011
--- /dev/null
+++ b/src/ca-module.hpp
@@ -0,0 +1,122 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2017, Regents of the University of California.
+ *
+ * This file is part of ndncert, a certificate management system based on NDN.
+ *
+ * ndncert is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License along with
+ * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndncert authors and contributors.
+ */
+
+#ifndef NDNCERT_CA_MODULE_HPP
+#define NDNCERT_CA_MODULE_HPP
+
+#include "ca-config.hpp"
+#include "ca-storage.hpp"
+#include "json-helper.hpp"
+
+namespace ndn {
+namespace ndncert {
+
+class CaModule : noncopyable
+{
+public:
+ /**
+ * @brief Error that can be thrown from CaModule
+ */
+ class Error : public std::runtime_error
+ {
+ public:
+ using std::runtime_error::runtime_error;
+ };
+
+ /**
+ * @brief The function should be able to convert a probe info string to an identity name
+ *
+ * The function should throw exceptions when there is an unexpected probe info.
+ */
+ using ProbeHandler = function<std::string (const std::string&)>;
+
+public:
+ CaModule(Face& face, security::v2::KeyChain& keyChain, const std::string& configPath,
+ const std::string& storageType = "ca-storage-memory");
+
+ ~CaModule();
+
+ CaConfig&
+ getCaConf()
+ {
+ return m_config;
+ }
+
+ const unique_ptr<CaStorage>&
+ getCaStorage()
+ {
+ return m_storage;
+ }
+
+ void
+ setProbeHandler(const ProbeHandler& handler)
+ {
+ m_probeHandler = handler;
+ }
+
+PUBLIC_WITH_TESTS_ELSE_PRIVATE:
+ void
+ handleProbe(const Interest& request, const CaItem& caItem);
+
+ void
+ handleNew(const Interest& request, const CaItem& caItem);
+
+ void
+ handleSelect(const Interest& request, const CaItem& caItem);
+
+ void
+ handleValidate(const Interest& request, const CaItem& caItem);
+
+ void
+ handleStatus(const Interest& request, const CaItem& caItem);
+
+ void
+ handleDownload(const Interest& request, const CaItem& caItem);
+
+ void
+ onRegisterFailed(const std::string& reason);
+
+ CertificateRequest
+ getCertificateRequest(const Interest& request, const Name& caName);
+
+ void
+ issueCertificate(const CertificateRequest& certRequest, const CaItem& caItem);
+
+ static JsonSection
+ jsonFromNameComponent(const Name& name, int pos);
+
+ static Block
+ dataContentFromJson(const JsonSection& jsonSection);
+
+PUBLIC_WITH_TESTS_ELSE_PROTECTED:
+ Face& m_face;
+ CaConfig m_config;
+ unique_ptr<CaStorage> m_storage;
+ security::v2::KeyChain& m_keyChain;
+
+ ProbeHandler m_probeHandler;
+ std::list<const RegisteredPrefixId*> m_registeredPrefixIds;
+ std::list<const InterestFilterId*> m_interestFilterIds;
+};
+
+} // namespace ndncert
+} // namespace ndn
+
+#endif // NDNCERT_CA_MODULE_HPP
diff --git a/src/ca-storage.cpp b/src/ca-storage.cpp
new file mode 100644
index 0000000..3f8aeb5
--- /dev/null
+++ b/src/ca-storage.cpp
@@ -0,0 +1,42 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2017, Regents of the University of California.
+ *
+ * This file is part of ndncert, a certificate management system based on NDN.
+ *
+ * ndncert is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License along with
+ * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndncert authors and contributors.
+ */
+
+#include "ca-storage.hpp"
+
+namespace ndn {
+namespace ndncert {
+
+unique_ptr<CaStorage>
+CaStorage::createCaStorage(const std::string& caStorageType)
+{
+ CaStorageFactory& factory = getFactory();
+ auto i = factory.find(caStorageType);
+ return i == factory.end() ? nullptr : i->second();
+}
+
+CaStorage::CaStorageFactory&
+CaStorage::getFactory()
+{
+ static CaStorage::CaStorageFactory factory;
+ return factory;
+}
+
+} // namespace ndncert
+} // namespace ndn
diff --git a/src/ca-storage.hpp b/src/ca-storage.hpp
new file mode 100644
index 0000000..f06e70c
--- /dev/null
+++ b/src/ca-storage.hpp
@@ -0,0 +1,104 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2017, Regents of the University of California.
+ *
+ * This file is part of ndncert, a certificate management system based on NDN.
+ *
+ * ndncert is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License along with
+ * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndncert authors and contributors.
+ */
+
+#ifndef NDNCERT_CA_STORAGE_HPP
+#define NDNCERT_CA_STORAGE_HPP
+
+#include "certificate-request.hpp"
+
+namespace ndn {
+namespace ndncert {
+
+class CaStorage : noncopyable
+{
+public:
+ /**
+ * @brief Error that can be thrown from CaStorage
+ */
+ class Error : public std::runtime_error
+ {
+ public:
+ using std::runtime_error::runtime_error;
+ };
+
+public:
+ // certificate request related
+ virtual CertificateRequest
+ getRequest(const std::string& requestId) = 0;
+
+ virtual void
+ addRequest(const CertificateRequest& request) = 0;
+
+ virtual void
+ updateRequest(const CertificateRequest& request) = 0;
+
+ virtual void
+ deleteRequest(const std::string& requestId) = 0;
+
+ // certificate related
+ virtual security::v2::Certificate
+ getCertificate(const std::string& certId) = 0;
+
+ virtual void
+ addCertificate(const std::string& certId, const security::v2::Certificate& cert) = 0;
+
+ virtual void
+ updateCertificate(const std::string& certId, const security::v2::Certificate& cert) = 0;
+
+ virtual void
+ deleteCertificate(const std::string& certId) = 0;
+
+public:
+ template<class CaStorageType>
+ static void
+ registerCaStorage(const std::string& caStorageType = CaStorageType::STORAGE_TYPE)
+ {
+ CaStorageFactory& factory = getFactory();
+ BOOST_ASSERT(factory.count(caStorageType) == 0);
+ factory[caStorageType] = [] {
+ return make_unique<CaStorageType>();
+ };
+ }
+
+ static unique_ptr<CaStorage>
+ createCaStorage(const std::string& caStorageType);
+
+private:
+ using CaStorageCreateFunc = function<unique_ptr<CaStorage> ()>;
+ using CaStorageFactory = std::map<std::string, CaStorageCreateFunc>;
+
+ static CaStorageFactory&
+ getFactory();
+};
+
+#define NDNCERT_REGISTER_CA_STORAGE(C) \
+static class NdnCert ## C ## CaStorageRegistrationClass \
+{ \
+public: \
+ NdnCert ## C ## CaStorageRegistrationClass() \
+ { \
+ ::ndn::ndncert::CaStorage::registerCaStorage<C>(); \
+ } \
+} g_NdnCert ## C ## CaStorageRegistrationVariable
+
+} // namespace ndncert
+} // namespace ndn
+
+#endif // NDNCERT_CA_STORAGE_HPP