Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
| 2 | /** |
Zhiyi Zhang | ad9e04f | 2020-03-27 12:04:31 -0700 | [diff] [blame] | 3 | * Copyright (c) 2017-2020, Regents of the University of California. |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndncert, a certificate management system based on NDN. |
| 6 | * |
| 7 | * ndncert is free software: you can redistribute it and/or modify it under the terms |
| 8 | * of the GNU General Public License as published by the Free Software Foundation, either |
| 9 | * version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License along with |
| 16 | * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>. |
| 17 | * |
| 18 | * See AUTHORS.md for complete list of ndncert authors and contributors. |
| 19 | */ |
| 20 | |
| 21 | #include "client-module.hpp" |
| 22 | #include "logging.hpp" |
Zhiyi Zhang | a9bda73 | 2017-05-20 22:58:55 -0700 | [diff] [blame] | 23 | #include "challenge-module.hpp" |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 24 | #include "crypto-support/enc-tlv.hpp" |
Zhiyi Zhang | 1c0bd37 | 2017-12-18 18:32:55 +0800 | [diff] [blame] | 25 | #include <ndn-cxx/util/io.hpp> |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 26 | #include <ndn-cxx/security/signing-helpers.hpp> |
| 27 | #include <ndn-cxx/security/verification-helpers.hpp> |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 28 | #include <ndn-cxx/util/random.hpp> |
| 29 | #include <ndn-cxx/security/transform/base64-encode.hpp> |
| 30 | #include <ndn-cxx/security/transform/buffer-source.hpp> |
| 31 | #include <ndn-cxx/security/transform/stream-sink.hpp> |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 32 | |
| 33 | namespace ndn { |
| 34 | namespace ndncert { |
| 35 | |
| 36 | _LOG_INIT(ndncert.client); |
| 37 | |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 38 | ClientModule::ClientModule(security::v2::KeyChain& keyChain) |
| 39 | : m_keyChain(keyChain) |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 40 | { |
| 41 | } |
| 42 | |
Zhiyi Zhang | ad9e04f | 2020-03-27 12:04:31 -0700 | [diff] [blame] | 43 | ClientModule::~ClientModule() |
| 44 | { |
| 45 | endSession(); |
| 46 | } |
Davide Pesavento | 0899478 | 2018-01-22 12:13:41 -0500 | [diff] [blame] | 47 | |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 48 | shared_ptr<Interest> |
swa770 | 20643ac | 2020-03-26 02:24:45 -0700 | [diff] [blame^] | 49 | ClientModule::generateInfoInterest(const Name& caName) |
Zhiyi Zhang | 1c0bd37 | 2017-12-18 18:32:55 +0800 | [diff] [blame] | 50 | { |
| 51 | Name interestName = caName; |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 52 | if (readString(caName.at(-1)) != "CA") |
| 53 | interestName.append("CA"); |
swa770 | 20643ac | 2020-03-26 02:24:45 -0700 | [diff] [blame^] | 54 | interestName.append("INFO"); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 55 | auto interest = make_shared<Interest>(interestName); |
| 56 | interest->setMustBeFresh(true); |
| 57 | interest->setCanBePrefix(false); |
| 58 | return interest; |
Zhiyi Zhang | 1c0bd37 | 2017-12-18 18:32:55 +0800 | [diff] [blame] | 59 | } |
| 60 | |
Zhiyi Zhang | caab546 | 2019-10-18 13:41:02 -0700 | [diff] [blame] | 61 | bool |
| 62 | ClientModule::verifyProbeInfoResponse(const Data& reply) |
| 63 | { |
| 64 | // parse the ca item |
| 65 | auto contentJson = getJsonFromData(reply); |
| 66 | auto caItem = ClientConfig::extractCaItem(contentJson); |
| 67 | |
| 68 | // verify the probe Data's sig |
| 69 | if (!security::verifySignature(reply, caItem.m_anchor)) { |
| 70 | _LOG_ERROR("Cannot verify data signature from " << m_ca.m_caName.toUri()); |
| 71 | return false; |
| 72 | } |
| 73 | return true; |
| 74 | } |
| 75 | |
Zhiyi Zhang | 1c0bd37 | 2017-12-18 18:32:55 +0800 | [diff] [blame] | 76 | void |
Zhiyi Zhang | caab546 | 2019-10-18 13:41:02 -0700 | [diff] [blame] | 77 | ClientModule::addCaFromProbeInfoResponse(const Data& reply) |
Zhiyi Zhang | 1c0bd37 | 2017-12-18 18:32:55 +0800 | [diff] [blame] | 78 | { |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 79 | // parse the ca item |
| 80 | auto contentJson = getJsonFromData(reply); |
| 81 | auto caItem = ClientConfig::extractCaItem(contentJson); |
Zhiyi Zhang | 1c0bd37 | 2017-12-18 18:32:55 +0800 | [diff] [blame] | 82 | |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 83 | // update the local config |
| 84 | bool findItem = false; |
| 85 | for (auto& item : m_config.m_caItems) { |
| 86 | if (item.m_caName == caItem.m_caName) { |
| 87 | findItem = true; |
| 88 | item = caItem; |
Zhiyi Zhang | 1c0bd37 | 2017-12-18 18:32:55 +0800 | [diff] [blame] | 89 | } |
| 90 | } |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 91 | if (!findItem) { |
| 92 | m_config.m_caItems.push_back(caItem); |
Zhiyi Zhang | 1c0bd37 | 2017-12-18 18:32:55 +0800 | [diff] [blame] | 93 | } |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 94 | } |
| 95 | |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 96 | shared_ptr<Interest> |
| 97 | ClientModule::generateProbeInterest(const ClientCaItem& ca, const std::string& probeInfo) |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 98 | { |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 99 | Name interestName = ca.m_caName; |
swa770 | de007bc | 2020-03-24 21:26:21 -0700 | [diff] [blame] | 100 | interestName.append("CA").append("PROBE"); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 101 | auto interest = make_shared<Interest>(interestName); |
| 102 | interest->setMustBeFresh(true); |
| 103 | interest->setCanBePrefix(false); |
Yufeng Zhang | 424d036 | 2019-06-12 16:48:27 -0700 | [diff] [blame] | 104 | auto paramJson = genProbeRequestJson(ca, probeInfo); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 105 | interest->setApplicationParameters(paramFromJson(paramJson)); |
| 106 | |
| 107 | // update local state |
| 108 | m_ca = ca; |
| 109 | return interest; |
| 110 | } |
| 111 | |
| 112 | void |
| 113 | ClientModule::onProbeResponse(const Data& reply) |
| 114 | { |
| 115 | if (!security::verifySignature(reply, m_ca.m_anchor)) { |
| 116 | _LOG_ERROR("Cannot verify data signature from " << m_ca.m_caName.toUri()); |
| 117 | return; |
| 118 | } |
| 119 | auto contentJson = getJsonFromData(reply); |
| 120 | |
| 121 | // read the available name and put it into the state |
Zhiyi Zhang | 8da54d6 | 2019-11-21 00:03:05 -0800 | [diff] [blame] | 122 | auto nameUri = contentJson.get(JSON_CA_NAME, ""); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 123 | if (nameUri != "") { |
| 124 | m_identityName = Name(nameUri); |
| 125 | } |
Zhiyi Zhang | 781a560 | 2019-06-26 19:05:04 -0700 | [diff] [blame] | 126 | else { |
| 127 | NDN_LOG_TRACE("The JSON_CA_NAME is empty."); |
| 128 | } |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 129 | } |
| 130 | |
| 131 | shared_ptr<Interest> |
| 132 | ClientModule::generateNewInterest(const time::system_clock::TimePoint& notBefore, |
| 133 | const time::system_clock::TimePoint& notAfter, |
Zhiyi Zhang | 5f749a2 | 2019-06-12 17:02:33 -0700 | [diff] [blame] | 134 | const Name& identityName, const shared_ptr<Data>& probeToken) |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 135 | { |
| 136 | // Name requestedName = identityName; |
| 137 | if (!identityName.empty()) { // if identityName is not empty, find the corresponding CA |
| 138 | bool findCa = false; |
| 139 | for (const auto& caItem : m_config.m_caItems) { |
| 140 | if (caItem.m_caName.isPrefixOf(identityName)) { |
| 141 | m_ca = caItem; |
| 142 | findCa = true; |
| 143 | } |
| 144 | } |
| 145 | if (!findCa) { // if cannot find, cannot proceed |
| 146 | return nullptr; |
| 147 | } |
| 148 | m_identityName = identityName; |
| 149 | } |
| 150 | else { // if identityName is empty, check m_identityName or generate a random name |
| 151 | if (!m_identityName.empty()) { |
| 152 | // do nothing |
| 153 | } |
| 154 | else { |
Zhiyi Zhang | 781a560 | 2019-06-26 19:05:04 -0700 | [diff] [blame] | 155 | NDN_LOG_TRACE("Randomly create a new name because m_identityName is empty and the param is empty."); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 156 | auto id = std::to_string(random::generateSecureWord64()); |
| 157 | m_identityName = m_ca.m_caName; |
| 158 | m_identityName.append(id); |
| 159 | } |
| 160 | } |
| 161 | |
| 162 | // generate a newly key pair or use an existing key |
Zhiyi Zhang | 1013078 | 2018-02-01 18:28:49 -0800 | [diff] [blame] | 163 | const auto& pib = m_keyChain.getPib(); |
Zhiyi Zhang | ad9e04f | 2020-03-27 12:04:31 -0700 | [diff] [blame] | 164 | security::pib::Identity identity; |
Zhiyi Zhang | 1013078 | 2018-02-01 18:28:49 -0800 | [diff] [blame] | 165 | try { |
Zhiyi Zhang | ad9e04f | 2020-03-27 12:04:31 -0700 | [diff] [blame] | 166 | identity = pib.getIdentity(m_identityName); |
Zhiyi Zhang | 1013078 | 2018-02-01 18:28:49 -0800 | [diff] [blame] | 167 | } |
| 168 | catch (const security::Pib::Error& e) { |
Zhiyi Zhang | ad9e04f | 2020-03-27 12:04:31 -0700 | [diff] [blame] | 169 | identity = m_keyChain.createIdentity(m_identityName); |
| 170 | m_isNewlyCreatedIdentity = true; |
| 171 | m_isNewlyCreatedKey = true; |
| 172 | } |
| 173 | try { |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 174 | m_key = identity.getDefaultKey(); |
Zhiyi Zhang | 1013078 | 2018-02-01 18:28:49 -0800 | [diff] [blame] | 175 | } |
Zhiyi Zhang | ad9e04f | 2020-03-27 12:04:31 -0700 | [diff] [blame] | 176 | catch (const security::Pib::Error& e) { |
| 177 | m_key = m_keyChain.createKey(identity); |
| 178 | m_isNewlyCreatedKey = true; |
| 179 | } |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 180 | |
| 181 | // generate certificate request |
| 182 | security::v2::Certificate certRequest; |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 183 | certRequest.setName(Name(m_key.getName()).append("cert-request").appendVersion()); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 184 | certRequest.setContentType(tlv::ContentType_Key); |
| 185 | certRequest.setFreshnessPeriod(time::hours(24)); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 186 | certRequest.setContent(m_key.getPublicKey().data(), m_key.getPublicKey().size()); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 187 | SignatureInfo signatureInfo; |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 188 | signatureInfo.setValidityPeriod(security::ValidityPeriod(notBefore, notAfter)); |
| 189 | m_keyChain.sign(certRequest, signingByKey(m_key.getName()).setSignatureInfo(signatureInfo)); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 190 | |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 191 | // generate Interest packet |
| 192 | Name interestName = m_ca.m_caName; |
swa770 | de007bc | 2020-03-24 21:26:21 -0700 | [diff] [blame] | 193 | interestName.append("CA").append("NEW"); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 194 | auto interest = make_shared<Interest>(interestName); |
| 195 | interest->setMustBeFresh(true); |
| 196 | interest->setCanBePrefix(false); |
Zhiyi Zhang | 5f749a2 | 2019-06-12 17:02:33 -0700 | [diff] [blame] | 197 | interest->setApplicationParameters(paramFromJson(genNewRequestJson(m_ecdh.getBase64PubKey(), certRequest, probeToken))); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 198 | |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 199 | // sign the Interest packet |
| 200 | m_keyChain.sign(*interest, signingByKey(m_key.getName())); |
| 201 | return interest; |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 202 | } |
| 203 | |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 204 | std::list<std::string> |
| 205 | ClientModule::onNewResponse(const Data& reply) |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 206 | { |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 207 | if (!security::verifySignature(reply, m_ca.m_anchor)) { |
| 208 | _LOG_ERROR("Cannot verify data signature from " << m_ca.m_caName.toUri()); |
| 209 | return std::list<std::string>(); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 210 | } |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 211 | auto contentJson = getJsonFromData(reply); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 212 | |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 213 | // ECDH |
Zhiyi Zhang | 8da54d6 | 2019-11-21 00:03:05 -0800 | [diff] [blame] | 214 | const auto& peerKeyBase64Str = contentJson.get(JSON_CA_ECDH, ""); |
| 215 | const auto& saltStr = contentJson.get(JSON_CA_SALT, ""); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 216 | uint64_t saltInt = std::stoull(saltStr); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 217 | m_ecdh.deriveSecret(peerKeyBase64Str); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 218 | |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 219 | // HKDF |
Zhiyi Zhang | 3670683 | 2019-07-04 21:33:03 -0700 | [diff] [blame] | 220 | hkdf(m_ecdh.context->sharedSecret, m_ecdh.context->sharedSecretLen, |
| 221 | (uint8_t*)&saltInt, sizeof(saltInt), m_aesKey, sizeof(m_aesKey)); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 222 | |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 223 | // update state |
Zhiyi Zhang | 8da54d6 | 2019-11-21 00:03:05 -0800 | [diff] [blame] | 224 | m_status = contentJson.get(JSON_CA_STATUS, 0); |
| 225 | m_requestId = contentJson.get(JSON_CA_REQUEST_ID, ""); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 226 | |
| 227 | auto challengesJson = contentJson.get_child(JSON_CA_CHALLENGES); |
| 228 | m_challengeList.clear(); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 229 | for (const auto& challengeJson : challengesJson) { |
Zhiyi Zhang | 8da54d6 | 2019-11-21 00:03:05 -0800 | [diff] [blame] | 230 | m_challengeList.push_back(challengeJson.second.get(JSON_CA_CHALLENGE_ID, "")); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 231 | } |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 232 | return m_challengeList; |
| 233 | } |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 234 | |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 235 | shared_ptr<Interest> |
| 236 | ClientModule::generateChallengeInterest(const JsonSection& paramJson) |
| 237 | { |
Zhiyi Zhang | 8da54d6 | 2019-11-21 00:03:05 -0800 | [diff] [blame] | 238 | m_challengeType = paramJson.get(JSON_CLIENT_SELECTED_CHALLENGE, ""); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 239 | |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 240 | Name interestName = m_ca.m_caName; |
swa770 | de007bc | 2020-03-24 21:26:21 -0700 | [diff] [blame] | 241 | interestName.append("CA").append("CHALLENGE").append(m_requestId); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 242 | auto interest = make_shared<Interest>(interestName); |
| 243 | interest->setMustBeFresh(true); |
| 244 | interest->setCanBePrefix(false); |
| 245 | |
| 246 | // encrypt the Interest parameters |
| 247 | std::stringstream ss; |
| 248 | boost::property_tree::write_json(ss, paramJson); |
| 249 | auto payload = ss.str(); |
Zhiyi Zhang | 3670683 | 2019-07-04 21:33:03 -0700 | [diff] [blame] | 250 | auto paramBlock = genEncBlock(tlv::ApplicationParameters, m_aesKey, sizeof(m_aesKey), |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 251 | (const uint8_t*)payload.c_str(), payload.size()); |
| 252 | interest->setApplicationParameters(paramBlock); |
| 253 | |
| 254 | m_keyChain.sign(*interest, signingByKey(m_key.getName())); |
| 255 | return interest; |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 256 | } |
| 257 | |
| 258 | void |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 259 | ClientModule::onChallengeResponse(const Data& reply) |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 260 | { |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 261 | if (!security::verifySignature(reply, m_ca.m_anchor)) { |
| 262 | _LOG_ERROR("Cannot verify data signature from " << m_ca.m_caName.toUri()); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 263 | return; |
| 264 | } |
Zhiyi Zhang | 3670683 | 2019-07-04 21:33:03 -0700 | [diff] [blame] | 265 | auto result = parseEncBlock(m_aesKey, sizeof(m_aesKey), reply.getContent()); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 266 | std::string payload((const char*)result.data(), result.size()); |
| 267 | std::istringstream ss(payload); |
| 268 | JsonSection contentJson; |
| 269 | boost::property_tree::json_parser::read_json(ss, contentJson); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 270 | |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 271 | // update state |
Zhiyi Zhang | 8da54d6 | 2019-11-21 00:03:05 -0800 | [diff] [blame] | 272 | m_status = contentJson.get(JSON_CA_STATUS, 0); |
| 273 | m_challengeStatus = contentJson.get(JSON_CHALLENGE_STATUS, ""); |
| 274 | m_remainingTries = contentJson.get(JSON_CHALLENGE_REMAINING_TRIES, 0); |
| 275 | m_freshBefore = time::system_clock::now() + time::seconds(contentJson.get(JSON_CHALLENGE_REMAINING_TIME, 0)); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 276 | } |
Zhiyi Zhang | e30eb35 | 2017-04-13 15:26:14 -0700 | [diff] [blame] | 277 | |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 278 | shared_ptr<Interest> |
| 279 | ClientModule::generateDownloadInterest() |
| 280 | { |
| 281 | Name interestName = m_ca.m_caName; |
swa770 | de007bc | 2020-03-24 21:26:21 -0700 | [diff] [blame] | 282 | interestName.append("CA").append("DOWNLOAD").append(m_requestId); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 283 | auto interest = make_shared<Interest>(interestName); |
| 284 | interest->setMustBeFresh(true); |
| 285 | interest->setCanBePrefix(false); |
| 286 | return interest; |
| 287 | } |
Zhiyi Zhang | e30eb35 | 2017-04-13 15:26:14 -0700 | [diff] [blame] | 288 | |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 289 | shared_ptr<Interest> |
| 290 | ClientModule::generateCertFetchInterest() |
| 291 | { |
| 292 | Name interestName = m_identityName; |
| 293 | interestName.append("KEY").append(m_certId); |
| 294 | auto interest = make_shared<Interest>(interestName); |
| 295 | interest->setMustBeFresh(true); |
| 296 | interest->setCanBePrefix(false); |
| 297 | return interest; |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 298 | } |
| 299 | |
Zhiyi Zhang | ad9e04f | 2020-03-27 12:04:31 -0700 | [diff] [blame] | 300 | shared_ptr<security::v2::Certificate> |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 301 | ClientModule::onDownloadResponse(const Data& reply) |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 302 | { |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 303 | try { |
| 304 | security::v2::Certificate cert(reply.getContent().blockFromValue()); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 305 | m_keyChain.addCertificate(m_key, cert); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 306 | _LOG_TRACE("Got DOWNLOAD response and installed the cert " << cert.getName()); |
Zhiyi Zhang | ad9e04f | 2020-03-27 12:04:31 -0700 | [diff] [blame] | 307 | m_isCertInstalled = true; |
| 308 | return make_shared<security::v2::Certificate>(cert); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 309 | } |
| 310 | catch (const std::exception& e) { |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 311 | _LOG_ERROR("Cannot add replied certificate into the keychain " << e.what()); |
Zhiyi Zhang | ad9e04f | 2020-03-27 12:04:31 -0700 | [diff] [blame] | 312 | return nullptr; |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 313 | } |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 314 | } |
| 315 | |
| 316 | void |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 317 | ClientModule::onCertFetchResponse(const Data& reply) |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 318 | { |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 319 | onDownloadResponse(reply); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 320 | } |
| 321 | |
Zhiyi Zhang | ad9e04f | 2020-03-27 12:04:31 -0700 | [diff] [blame] | 322 | void |
| 323 | ClientModule::endSession() |
| 324 | { |
| 325 | if (getApplicationStatus() == STATUS_SUCCESS || getApplicationStatus() == STATUS_ENDED) { |
| 326 | return; |
| 327 | } |
| 328 | if (m_isNewlyCreatedIdentity) { |
| 329 | // put the identity into the if scope is because it may cause an error |
| 330 | // outside since when endSession is called, identity may not have been created yet. |
| 331 | auto identity = m_keyChain.getPib().getIdentity(m_identityName); |
| 332 | m_keyChain.deleteIdentity(identity); |
| 333 | } |
| 334 | else if (m_isNewlyCreatedKey) { |
| 335 | auto identity = m_keyChain.getPib().getIdentity(m_identityName); |
| 336 | m_keyChain.deleteKey(identity, m_key); |
| 337 | } |
| 338 | m_status = STATUS_ENDED; |
| 339 | } |
| 340 | |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 341 | JsonSection |
| 342 | ClientModule::getJsonFromData(const Data& data) |
| 343 | { |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 344 | std::istringstream ss(encoding::readString(data.getContent())); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 345 | JsonSection json; |
| 346 | boost::property_tree::json_parser::read_json(ss, json); |
| 347 | return json; |
| 348 | } |
| 349 | |
Zhiyi Zhang | 547c851 | 2019-06-18 23:46:14 -0700 | [diff] [blame] | 350 | std::vector<std::string> |
| 351 | ClientModule::parseProbeComponents(const std::string& probe) |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 352 | { |
Zhiyi Zhang | 547c851 | 2019-06-18 23:46:14 -0700 | [diff] [blame] | 353 | std::vector<std::string> components; |
Yufeng Zhang | 424d036 | 2019-06-12 16:48:27 -0700 | [diff] [blame] | 354 | std::string delimiter = ":"; |
| 355 | size_t last = 0; |
| 356 | size_t next = 0; |
Zhiyi Zhang | 547c851 | 2019-06-18 23:46:14 -0700 | [diff] [blame] | 357 | while ((next = probe.find(delimiter, last)) != std::string::npos) { |
| 358 | components.push_back(probe.substr(last, next - last)); |
| 359 | last = next + 1; |
| 360 | } |
| 361 | components.push_back(probe.substr(last)); |
| 362 | return components; |
| 363 | } |
Yufeng Zhang | 424d036 | 2019-06-12 16:48:27 -0700 | [diff] [blame] | 364 | |
swa770 | 20643ac | 2020-03-26 02:24:45 -0700 | [diff] [blame^] | 365 | JsonSection |
Zhiyi Zhang | 547c851 | 2019-06-18 23:46:14 -0700 | [diff] [blame] | 366 | ClientModule::genProbeRequestJson(const ClientCaItem& ca, const std::string& probeInfo) |
| 367 | { |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 368 | JsonSection root; |
Zhiyi Zhang | 547c851 | 2019-06-18 23:46:14 -0700 | [diff] [blame] | 369 | std::vector<std::string> fields = parseProbeComponents(ca.m_probe); |
| 370 | std::vector<std::string> arguments = parseProbeComponents(probeInfo);; |
Yufeng Zhang | 424d036 | 2019-06-12 16:48:27 -0700 | [diff] [blame] | 371 | |
| 372 | if (arguments.size() != fields.size()) { |
| 373 | BOOST_THROW_EXCEPTION(Error("Error in genProbeRequestJson: argument list does not match field list in the config file.")); |
| 374 | } |
Yufeng Zhang | 424d036 | 2019-06-12 16:48:27 -0700 | [diff] [blame] | 375 | for (size_t i = 0; i < fields.size(); ++i) { |
| 376 | root.put(fields.at(i), arguments.at(i)); |
| 377 | } |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 378 | return root; |
| 379 | } |
| 380 | |
swa770 | 20643ac | 2020-03-26 02:24:45 -0700 | [diff] [blame^] | 381 | JsonSection |
Zhiyi Zhang | 5f749a2 | 2019-06-12 17:02:33 -0700 | [diff] [blame] | 382 | ClientModule::genNewRequestJson(const std::string& ecdhPub, const security::v2::Certificate& certRequest, |
| 383 | const shared_ptr<Data>& probeToken) |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 384 | { |
| 385 | JsonSection root; |
| 386 | std::stringstream ss; |
| 387 | try { |
| 388 | security::transform::bufferSource(certRequest.wireEncode().wire(), certRequest.wireEncode().size()) |
Zhiyi Zhang | 8da54d6 | 2019-11-21 00:03:05 -0800 | [diff] [blame] | 389 | >> security::transform::base64Encode(false) |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 390 | >> security::transform::streamSink(ss); |
| 391 | } |
| 392 | catch (const security::transform::Error& e) { |
| 393 | _LOG_ERROR("Cannot convert self-signed cert into BASE64 string " << e.what()); |
| 394 | return root; |
| 395 | } |
| 396 | root.put(JSON_CLIENT_ECDH, ecdhPub); |
| 397 | root.put(JSON_CLIENT_CERT_REQ, ss.str()); |
Zhiyi Zhang | 5f749a2 | 2019-06-12 17:02:33 -0700 | [diff] [blame] | 398 | if (probeToken != nullptr) { |
| 399 | // clear the stringstream |
| 400 | ss.str(""); |
| 401 | ss.clear(); |
| 402 | // transform the probe data into a base64 string |
| 403 | try { |
| 404 | security::transform::bufferSource(probeToken->wireEncode().wire(), probeToken->wireEncode().size()) |
Zhiyi Zhang | 8da54d6 | 2019-11-21 00:03:05 -0800 | [diff] [blame] | 405 | >> security::transform::base64Encode(false) |
Zhiyi Zhang | 5f749a2 | 2019-06-12 17:02:33 -0700 | [diff] [blame] | 406 | >> security::transform::streamSink(ss); |
| 407 | } |
| 408 | catch (const security::transform::Error& e) { |
| 409 | _LOG_ERROR("Cannot convert self-signed cert into BASE64 string " << e.what()); |
| 410 | return root; |
| 411 | } |
| 412 | // add the token into the JSON |
| 413 | root.put("probe-token", ss.str()); |
| 414 | } |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 415 | return root; |
| 416 | } |
| 417 | |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 418 | Block |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 419 | ClientModule::paramFromJson(const JsonSection& json) |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 420 | { |
| 421 | std::stringstream ss; |
| 422 | boost::property_tree::write_json(ss, json); |
Zhiyi Zhang | af7c290 | 2019-03-14 22:13:21 -0700 | [diff] [blame] | 423 | return makeStringBlock(ndn::tlv::ApplicationParameters, ss.str()); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 424 | } |
| 425 | |
| 426 | } // namespace ndncert |
| 427 | } // namespace ndn |