Gitiles
Code Review Sign In
gerrit.named-data.net / ndncert / 0dc020186a8c399408457c37900941226308b5cf / . / src / requester-request.cpp
blob: 6ab56ead65b136009b9b24b950067612e58d29e5 [file] [log] [blame]
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]2/*
3 * Copyright (c) 2017-2021, Regents of the University of California.
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]4 *
5 * This file is part of ndncert, a certificate management system based on NDN.
6 *
7 * ndncert is free software: you can redistribute it and/or modify it under the terms
8 * of the GNU General Public License as published by the Free Software Foundation, either
9 * version 3 of the License, or (at your option) any later version.
10 *
11 * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License along with
16 * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
17 *
18 * See AUTHORS.md for complete list of ndncert authors and contributors.
19 */
20
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]21#include "requester-request.hpp"
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]22
Zhiyi Zhang84e11842020-11-19 20:03:23 -0800[diff] [blame]23#include "challenge/challenge-module.hpp"
Zhiyi Zhangdc25ddf2020-10-20 14:28:55 -0700[diff] [blame]24#include "detail/crypto-helpers.hpp"
Zhiyi Zhang062be6d2020-10-14 17:13:43 -0700[diff] [blame]25#include "detail/challenge-encoder.hpp"
26#include "detail/error-encoder.hpp"
27#include "detail/info-encoder.hpp"
Zhiyi Zhang7cca76a2021-02-17 14:57:42 -0800[diff] [blame]28#include "detail/request-encoder.hpp"
Zhiyi Zhang062be6d2020-10-14 17:13:43 -0700[diff] [blame]29#include "detail/probe-encoder.hpp"
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]30
31#include <ndn-cxx/metadata-object.hpp>
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]32#include <ndn-cxx/security/signing-helpers.hpp>
33#include <ndn-cxx/security/transform/base64-encode.hpp>
34#include <ndn-cxx/security/transform/buffer-source.hpp>
35#include <ndn-cxx/security/transform/stream-sink.hpp>
36#include <ndn-cxx/security/verification-helpers.hpp>
37#include <ndn-cxx/util/io.hpp>
38#include <ndn-cxx/util/random.hpp>
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]39
tylerliu96a67e82020-10-15 13:37:12 -0700[diff] [blame]40#include <boost/lexical_cast.hpp>
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]41
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]42namespace ndncert {
Zhiyi Zhang3002e6b2020-10-29 18:54:07 -0700[diff] [blame]43namespace requester {
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]44
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]45NDN_LOG_INIT(ndncert.client);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]46
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]47std::shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]48Request::genCaProfileDiscoveryInterest(const Name& caName)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]49{
Zhiyi Zhangfbcab842020-10-07 15:17:13 -0700[diff] [blame]50 Name contentName = caName;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]51 if (readString(caName.at(-1)) != "CA")
Zhiyi Zhangfbcab842020-10-07 15:17:13 -0700[diff] [blame]52 contentName.append("CA");
53 contentName.append("INFO");
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]54 return std::make_shared<Interest>(ndn::MetadataObject::makeDiscoveryInterest(contentName));
Zhiyi Zhangfbcab842020-10-07 15:17:13 -0700[diff] [blame]55}
56
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]57std::shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]58Request::genCaProfileInterestFromDiscoveryResponse(const Data& reply)
Zhiyi Zhangfbcab842020-10-07 15:17:13 -0700[diff] [blame]59{
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]60 auto metaData = ndn::MetadataObject(reply);
Zhiyi Zhangfbcab842020-10-07 15:17:13 -0700[diff] [blame]61 auto interestName= metaData.getVersionedName();
62 interestName.appendSegment(0);
63 auto interest = std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]64 interest->setCanBePrefix(false);
65 return interest;
66}
67
Zhiyi Zhang997669a2020-10-28 21:15:40 -0700[diff] [blame]68optional<CaProfile>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]69Request::onCaProfileResponse(const Data& reply)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]70{
Zhiyi Zhangf22ae242020-11-17 10:51:15 -0800[diff] [blame]71 auto caItem = infotlv::decodeDataContent(reply.getContent());
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]72 if (!ndn::security::verifySignature(reply, *caItem.cert)) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]73 NDN_LOG_ERROR("Cannot verify replied Data packet signature.");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]74 NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]75 }
76 return caItem;
77}
78
Zhiyi Zhang997669a2020-10-28 21:15:40 -0700[diff] [blame]79optional<CaProfile>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]80Request::onCaProfileResponseAfterRedirection(const Data& reply, const Name& caCertFullName)
Zhiyi Zhang837406d2020-10-05 22:01:31 -0700[diff] [blame]81{
Zhiyi Zhangf22ae242020-11-17 10:51:15 -0800[diff] [blame]82 auto caItem = infotlv::decodeDataContent(reply.getContent());
Zhiyi Zhang44c6a352020-12-14 10:57:17 -0800[diff] [blame]83 auto certBlock = caItem.cert->wireEncode();
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]84 caItem.cert = std::make_shared<Certificate>(certBlock);
Zhiyi Zhang44c6a352020-12-14 10:57:17 -0800[diff] [blame]85 if (caItem.cert->getFullName() != caCertFullName) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]86 NDN_LOG_ERROR("Ca profile does not match the certificate information offered by the original CA.");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]87 NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
Zhiyi Zhang837406d2020-10-05 22:01:31 -0700[diff] [blame]88 }
89 return onCaProfileResponse(reply);
90}
91
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]92std::shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]93Request::genProbeInterest(const CaProfile& ca, std::multimap<std::string, std::string>&& probeInfo)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]94{
Zhiyi Zhang44c6a352020-12-14 10:57:17 -0800[diff] [blame]95 Name interestName = ca.caPrefix;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]96 interestName.append("CA").append("PROBE");
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]97 auto interest = std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]98 interest->setMustBeFresh(true);
99 interest->setCanBePrefix(false);
Zhiyi Zhangf22ae242020-11-17 10:51:15 -0800[diff] [blame]100 interest->setApplicationParameters(probetlv::encodeApplicationParameters(std::move(probeInfo)));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]101 return interest;
102}
103
104void
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]105Request::onProbeResponse(const Data& reply, const CaProfile& ca,
106 std::vector<std::pair<Name, int>>& identityNames, std::vector<Name>& otherCas)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]107{
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]108 if (!ndn::security::verifySignature(reply, *ca.cert)) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]109 NDN_LOG_ERROR("Cannot verify replied Data packet signature.");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]110 NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]111 return;
112 }
113 processIfError(reply);
Zhiyi Zhangf22ae242020-11-17 10:51:15 -0800[diff] [blame]114 probetlv::decodeDataContent(reply.getContent(), identityNames, otherCas);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]115}
116
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]117Request::Request(ndn::KeyChain& keyChain, const CaProfile& profile, RequestType requestType)
118 : m_caProfile(profile)
119 , m_type(requestType)
120 , m_keyChain(keyChain)
121{
122}
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]123
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]124std::shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]125Request::genNewInterest(const Name& newIdentityName,
126 const time::system_clock::TimePoint& notBefore,
127 const time::system_clock::TimePoint& notAfter)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]128{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]129 if (!m_caProfile.caPrefix.isPrefixOf(newIdentityName)) {
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]130 return nullptr;
131 }
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]132 if (newIdentityName.empty()) {
133 NDN_LOG_TRACE("Randomly create a new name because newIdentityName is empty and the param is empty.");
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]134 m_identityName = m_caProfile.caPrefix;
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]135 m_identityName.append(ndn::to_string(ndn::random::generateSecureWord64()));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]136 }
137 else {
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]138 m_identityName = newIdentityName;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]139 }
140
141 // generate a newly key pair or use an existing key
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]142 const auto& pib = m_keyChain.getPib();
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]143 ndn::security::pib::Identity identity;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]144 try {
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]145 identity = pib.getIdentity(m_identityName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]146 }
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]147 catch (const ndn::security::Pib::Error&) {
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]148 identity = m_keyChain.createIdentity(m_identityName);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]149 m_isNewlyCreatedIdentity = true;
150 m_isNewlyCreatedKey = true;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]151 }
152 try {
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]153 m_keyPair = identity.getDefaultKey();
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]154 }
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]155 catch (const ndn::security::Pib::Error&) {
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]156 m_keyPair = m_keyChain.createKey(identity);
157 m_isNewlyCreatedKey = true;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]158 }
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]159 auto& keyName = m_keyPair.getName();
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]160
161 // generate certificate request
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]162 Certificate certRequest;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]163 certRequest.setName(Name(keyName).append("cert-request").appendVersion());
Zhiyi Zhang8f1ade32020-10-14 16:42:57 -0700[diff] [blame]164 certRequest.setContentType(ndn::tlv::ContentType_Key);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]165 certRequest.setContent(m_keyPair.getPublicKey().data(), m_keyPair.getPublicKey().size());
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]166 SignatureInfo signatureInfo;
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]167 signatureInfo.setValidityPeriod(ndn::security::ValidityPeriod(notBefore, notAfter));
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]168 m_keyChain.sign(certRequest, signingByKey(keyName).setSignatureInfo(signatureInfo));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]169
170 // generate Interest packet
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]171 Name interestName = m_caProfile.caPrefix;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]172 interestName.append("CA").append("NEW");
Zhiyi Zhang32437282020-10-10 16:15:37 -0700[diff] [blame]173 auto interest =std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]174 interest->setMustBeFresh(true);
175 interest->setCanBePrefix(false);
176 interest->setApplicationParameters(
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]177 requesttlv::encodeApplicationParameters(RequestType::NEW, m_ecdh.getSelfPubKey(), certRequest));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]178
179 // sign the Interest packet
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]180 m_keyChain.sign(*interest, signingByKey(keyName));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]181 return interest;
182}
183
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]184std::shared_ptr<Interest>
185Request::genRevokeInterest(const Certificate& certificate)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]186{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]187 if (!m_caProfile.caPrefix.isPrefixOf(certificate.getName())) {
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]188 return nullptr;
189 }
190 // generate Interest packet
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]191 Name interestName = m_caProfile.caPrefix;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]192 interestName.append("CA").append("REVOKE");
Zhiyi Zhang32437282020-10-10 16:15:37 -0700[diff] [blame]193 auto interest =std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]194 interest->setMustBeFresh(true);
195 interest->setCanBePrefix(false);
196 interest->setApplicationParameters(
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]197 requesttlv::encodeApplicationParameters(RequestType::REVOKE, m_ecdh.getSelfPubKey(), certificate));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]198 return interest;
199}
200
201std::list<std::string>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]202Request::onNewRenewRevokeResponse(const Data& reply)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]203{
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]204 if (!ndn::security::verifySignature(reply, *m_caProfile.cert)) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]205 NDN_LOG_ERROR("Cannot verify replied Data packet signature.");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]206 NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]207 }
208 processIfError(reply);
209
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]210 const auto& contentTLV = reply.getContent();
Zhiyi Zhangbed854c2020-10-20 18:25:35 -0700[diff] [blame]211 std::vector<uint8_t> ecdhKey;
212 std::array<uint8_t, 32> salt;
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]213 auto challenges = requesttlv::decodeDataContent(contentTLV, ecdhKey, salt, m_requestId);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]214
Zhiyi Zhang91f86ab2020-10-05 15:36:35 -0700[diff] [blame]215 // ECDH and HKDF
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]216 auto sharedSecret = m_ecdh.deriveSecret(ecdhKey);
Zhiyi Zhangbed854c2020-10-20 18:25:35 -0700[diff] [blame]217 hkdf(sharedSecret.data(), sharedSecret.size(),
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]218 salt.data(), salt.size(), m_aesKey.data(), m_aesKey.size(),
219 m_requestId.data(), m_requestId.size());
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]220
221 // update state
Zhiyi Zhangbed854c2020-10-20 18:25:35 -0700[diff] [blame]222 return challenges;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]223}
224
tylerliu40226332020-11-11 15:37:16 -0800[diff] [blame]225std::multimap<std::string, std::string>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]226Request::selectOrContinueChallenge(const std::string& challengeSelected)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]227{
228 auto challenge = ChallengeModule::createChallengeModule(challengeSelected);
229 if (challenge == nullptr) {
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]230 NDN_THROW(std::runtime_error("The challenge selected is not supported by your current version of NDNCERT."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]231 }
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]232 m_challengeType = challengeSelected;
233 return challenge->getRequestedParameterList(m_status, m_challengeStatus);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]234}
235
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]236std::shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]237Request::genChallengeInterest(std::multimap<std::string, std::string>&& parameters)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]238{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]239 if (m_challengeType == "") {
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]240 NDN_THROW(std::runtime_error("The challenge has not been selected."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]241 }
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]242 auto challenge = ChallengeModule::createChallengeModule(m_challengeType);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]243 if (challenge == nullptr) {
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]244 NDN_THROW(std::runtime_error("The challenge selected is not supported by your current version of NDNCERT."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]245 }
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]246 auto challengeParams = challenge->genChallengeRequestTLV(m_status, m_challengeStatus, std::move(parameters));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]247
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]248 Name interestName = m_caProfile.caPrefix;
249 interestName.append("CA").append("CHALLENGE").append(m_requestId.data(), m_requestId.size());
Zhiyi Zhang32437282020-10-10 16:15:37 -0700[diff] [blame]250 auto interest =std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]251 interest->setMustBeFresh(true);
252 interest->setCanBePrefix(false);
253
254 // encrypt the Interest parameters
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]255 auto paramBlock = encodeBlockWithAesGcm128(ndn::tlv::ApplicationParameters, m_aesKey.data(),
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]256 challengeParams.value(), challengeParams.value_size(),
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]257 m_requestId.data(), m_requestId.size(),
258 m_encryptionIv);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]259 interest->setApplicationParameters(paramBlock);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]260 m_keyChain.sign(*interest, signingByKey(m_keyPair.getName()));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]261 return interest;
262}
263
264void
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]265Request::onChallengeResponse(const Data& reply)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]266{
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]267 if (!ndn::security::verifySignature(reply, *m_caProfile.cert)) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]268 NDN_LOG_ERROR("Cannot verify replied Data packet signature.");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]269 NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]270 }
271 processIfError(reply);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]272 challengetlv::decodeDataContent(reply.getContent(), *this);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]273}
274
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]275std::shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]276Request::genCertFetchInterest() const
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]277{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]278 Name interestName = m_issuedCertName;
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]279 auto interest = std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]280 interest->setMustBeFresh(false);
281 interest->setCanBePrefix(false);
282 return interest;
283}
284
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]285std::shared_ptr<Certificate>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]286Request::onCertFetchResponse(const Data& reply)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]287{
288 try {
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]289 return std::make_shared<Certificate>(reply);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]290 }
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame^]291 catch (const std::exception&) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]292 NDN_LOG_ERROR("Cannot parse replied certificate ");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]293 NDN_THROW(std::runtime_error("Cannot parse replied certificate "));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]294 return nullptr;
295 }
296}
297
298void
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]299Request::endSession()
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]300{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]301 if (m_status == Status::SUCCESS) {
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]302 return;
303 }
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]304 if (m_isNewlyCreatedIdentity) {
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]305 // put the identity into the if scope is because it may cause an error
306 // outside since when endSession is called, identity may not have been created yet.
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]307 auto identity = m_keyChain.getPib().getIdentity(m_identityName);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]308 m_keyChain.deleteIdentity(identity);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]309 }
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]310 else if (m_isNewlyCreatedKey) {
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]311 auto identity = m_keyChain.getPib().getIdentity(m_identityName);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]312 m_keyChain.deleteKey(identity, m_keyPair);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]313 }
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]314}
315
316void
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]317Request::processIfError(const Data& data)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]318{
Zhiyi Zhangf22ae242020-11-17 10:51:15 -0800[diff] [blame]319 auto errorInfo = errortlv::decodefromDataContent(data.getContent());
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]320 if (std::get<0>(errorInfo) == ErrorCode::NO_ERROR) {
321 return;
322 }
Zhiyi Zhang1a222692020-10-16 11:35:49 -0700[diff] [blame]323 NDN_LOG_ERROR("Error info replied from the CA with Error code: " << std::get<0>(errorInfo) <<
324 " and Error Info: " << std::get<1>(errorInfo));
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]325 NDN_THROW(std::runtime_error("Error info replied from the CA with Error code: " +
Zhiyi Zhang1a222692020-10-16 11:35:49 -0700[diff] [blame]326 boost::lexical_cast<std::string>(std::get<0>(errorInfo)) +
327 " and Error Info: " + std::get<1>(errorInfo)));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]328}
329
Zhiyi Zhang3002e6b2020-10-29 18:54:07 -0700[diff] [blame]330} // namespace requester
Zhiyi Zhange4891b72020-10-10 15:11:57 -0700[diff] [blame]331} // namespace ndncert