Gitiles
Code Review Sign In
gerrit.named-data.net / ndncert / 23564c854d96abdaec056b8ed71f88f000e74819 / . / src / client-module.cpp
blob: fe4eb7217746ca8a32c9a960865ae98faea82b36 [file] [log] [blame]
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame^]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2017, Regents of the University of California.
4 *
5 * This file is part of ndncert, a certificate management system based on NDN.
6 *
7 * ndncert is free software: you can redistribute it and/or modify it under the terms
8 * of the GNU General Public License as published by the Free Software Foundation, either
9 * version 3 of the License, or (at your option) any later version.
10 *
11 * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License along with
16 * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
17 *
18 * See AUTHORS.md for complete list of ndncert authors and contributors.
19 */
20
21#include "client-module.hpp"
22#include "logging.hpp"
23#include "json-helper.hpp"
24#include <ndn-cxx/security/signing-helpers.hpp>
25#include <ndn-cxx/security/verification-helpers.hpp>
26
27namespace ndn {
28namespace ndncert {
29
30_LOG_INIT(ndncert.client);
31
32ClientModule::ClientModule(Face& face, security::v2::KeyChain& keyChain, size_t retryTimes)
33 : m_face(face)
34 , m_keyChain(keyChain)
35 , m_retryTimes(retryTimes)
36{
37}
38
39void
40ClientModule::sendProbe(const ClientCaItem& ca, const std::string& probeInfo,
41 const RequestCallback& requestCallback,
42 const ErrorCallback& errorCallback)
43{
44 Interest interest(Name(ca.m_caName).append("_PROBE").append(probeInfo));
45 interest.setMustBeFresh(true);
46 DataCallback dataCb = bind(&ClientModule::handleProbeResponse, this, _1, _2, ca, requestCallback, errorCallback);
47 m_face.expressInterest(interest, dataCb,
48 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
49 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
50 requestCallback, errorCallback));
51
52 _LOG_TRACE("PROBE interest sent with Probe info " << probeInfo);
53}
54
55void
56ClientModule::handleProbeResponse(const Interest& request, const Data& reply,
57 const ClientCaItem& ca,
58 const RequestCallback& requestCallback,
59 const ErrorCallback& errorCallback)
60{
61 if (!security::verifySignature(reply, ca.m_anchor)) {
62 errorCallback("Cannot verify data from " + ca.m_caName.toUri());
63 return;
64 };
65 JsonSection contentJson = getJsonFromData(reply);
66 std::string identityNameString = contentJson.get(JSON_IDNENTIFIER, "");
67 if (!identityNameString.empty()) {
68 Name identityName(identityNameString);
69 sendNew(ca, identityName, requestCallback, errorCallback);
70
71 _LOG_TRACE("Got PROBE response with identity " << identityName);
72 }
73 else {
74 errorCallback("The response does not carry required fields.");
75 return;
76 }
77}
78
79void
80ClientModule::sendNew(const ClientCaItem& ca, const Name& identityName,
81 const RequestCallback& requestCallback,
82 const ErrorCallback& errorCallback)
83{
84 security::Identity identity = m_keyChain.createIdentity(identityName);
85
86 auto state = make_shared<RequestState>();
87 state->m_key = m_keyChain.createKey(identity);
88 state->m_ca = ca;
89 state->m_isInstalled = false;
90
91 // generate certificate request
92 security::v2::Certificate certRequest;
93 certRequest.setName(Name(state->m_key.getName()).append("cert-request").appendVersion());
94 certRequest.setContentType(tlv::ContentType_Key);
95 certRequest.setFreshnessPeriod(time::hours(24));
96 certRequest.setContent(state->m_key.getPublicKey().buf(), state->m_key.getPublicKey().size());
97 SignatureInfo signatureInfo;
98 signatureInfo.setValidityPeriod(security::ValidityPeriod(time::system_clock::now(),
99 time::system_clock::now() + time::days(10)));
100 m_keyChain.sign(certRequest, signingByKey(state->m_key.getName()).setSignatureInfo(signatureInfo));
101
102 // generate interest
103 Interest interest(Name(ca.m_caName).append(Name("_NEW")).append(certRequest.wireEncode()));
104 m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
105
106 DataCallback dataCb = bind(&ClientModule::handleNewResponse, this, _1, _2, state, requestCallback, errorCallback);
107 m_face.expressInterest(interest, dataCb,
108 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
109 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
110 requestCallback, errorCallback));
111
112 _LOG_TRACE("NEW interest sent with identity " << identityName);
113}
114
115void
116ClientModule::handleNewResponse(const Interest& request, const Data& reply,
117 const shared_ptr<RequestState>& state,
118 const RequestCallback& requestCallback,
119 const ErrorCallback& errorCallback)
120{
121 if (!security::verifySignature(reply, state->m_ca.m_anchor)) {
122 errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri());
123 return;
124 }
125
126 const JsonSection& json = getJsonFromData(reply);
127 state->m_status = json.get(JSON_STATUS, "");
128 state->m_requestId = json.get(JSON_REQUEST_ID, "");
129
130 if (!checkStatus(*state, json, errorCallback)) {
131 return;
132 }
133
134 JsonSection challengesJson = json.get_child(JSON_CHALLENGES);
135 std::list<std::string> challengeList;
136 for (const auto& challengeJson : challengesJson) {
137 challengeList.push_back(challengeJson.second.get<std::string>(JSON_CHALLENGE_TYPE));
138 }
139 state->m_challengeList = challengeList;
140
141 _LOG_TRACE("Got NEW response with requestID " << state->m_requestId
142 << " with status " << state->m_status
143 << " with challenge number " << challengeList.size());
144
145 requestCallback(state);
146}
147
148void
149ClientModule::sendSelect(const shared_ptr<RequestState>& state,
150 const std::string& challengeType,
151 const JsonSection& selectParams,
152 const RequestCallback& requestCallback,
153 const ErrorCallback& errorCallback)
154{
155 JsonSection requestIdJson;
156 requestIdJson.put(JSON_REQUEST_ID, state->m_requestId);
157
158 state->m_challengeType = challengeType;
159
160 Name interestName(state->m_ca.m_caName);
161 interestName.append("_SELECT")
162 .append(nameBlockFromJson(requestIdJson))
163 .append(challengeType)
164 .append(nameBlockFromJson(selectParams));
165 Interest interest(interestName);
166 m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
167
168 DataCallback dataCb = bind(&ClientModule::handleSelectResponse, this, _1, _2, state, requestCallback, errorCallback);
169 m_face.expressInterest(interest, dataCb,
170 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
171 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
172 requestCallback, errorCallback));
173
174 _LOG_TRACE("SELECT interest sent with challenge type " << challengeType);
175}
176
177void
178ClientModule::handleSelectResponse(const Interest& request,
179 const Data& reply,
180 const shared_ptr<RequestState>& state,
181 const RequestCallback& requestCallback,
182 const ErrorCallback& errorCallback)
183{
184 if (!security::verifySignature(reply, state->m_ca.m_anchor)) {
185 errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri());
186 return;
187 }
188
189 JsonSection json = getJsonFromData(reply);
190 state->m_status = json.get<std::string>(JSON_STATUS);
191
192 if (!checkStatus(*state, json, errorCallback)) {
193 return;
194 }
195
196 _LOG_TRACE("Got SELECT response with status " << state->m_status);
197
198 requestCallback(state);
199}
200
201void
202ClientModule::sendValidate(const shared_ptr<RequestState>& state,
203 const JsonSection& validateParams,
204 const RequestCallback& requestCallback,
205 const ErrorCallback& errorCallback)
206{
207 JsonSection requestIdJson;
208 requestIdJson.put(JSON_REQUEST_ID, state->m_requestId);
209
210 Name interestName(state->m_ca.m_caName);
211 interestName.append("_VALIDATE")
212 .append(nameBlockFromJson(requestIdJson))
213 .append(state->m_challengeType)
214 .append(nameBlockFromJson(validateParams));
215 Interest interest(interestName);
216 m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
217
218 DataCallback dataCb = bind(&ClientModule::handleValidateResponse, this, _1, _2, state, requestCallback, errorCallback);
219 m_face.expressInterest(interest, dataCb,
220 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
221 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
222 requestCallback, errorCallback));
223
224 _LOG_TRACE("VALIDATE interest sent");
225}
226
227void
228ClientModule::handleValidateResponse(const Interest& request,
229 const Data& reply,
230 const shared_ptr<RequestState>& state,
231 const RequestCallback& requestCallback,
232 const ErrorCallback& errorCallback)
233{
234 if (!security::verifySignature(reply, state->m_ca.m_anchor)) {
235 errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri());
236 return;
237 }
238
239 JsonSection json = getJsonFromData(reply);
240 state->m_status = json.get<std::string>(JSON_STATUS);
241
242 if (!checkStatus(*state, json, errorCallback)) {
243 return;
244 }
245
246 _LOG_TRACE("Got VALIDATE response with status " << state->m_status);
247
248 requestCallback(state);
249}
250
251
252void
253ClientModule::requestStatus(const shared_ptr<RequestState>& state,
254 const RequestCallback& requestCallback,
255 const ErrorCallback& errorCallback)
256{
257 JsonSection requestIdJson;
258 requestIdJson.put(JSON_REQUEST_ID, state->m_requestId);
259
260 Name interestName(state->m_ca.m_caName);
261 interestName.append("_STATUS").append(nameBlockFromJson(requestIdJson));
262 Interest interest(interestName);
263
264 m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
265
266 DataCallback dataCb = bind(&ClientModule::handleStatusResponse, this, _1, _2, state, requestCallback, errorCallback);
267 m_face.expressInterest(interest, dataCb,
268 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
269 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
270 requestCallback, errorCallback));
271
272 _LOG_TRACE("STATUS interest sent");
273}
274
275void
276ClientModule::handleStatusResponse(const Interest& request, const Data& reply,
277 const shared_ptr<RequestState>& state,
278 const RequestCallback& requestCallback,
279 const ErrorCallback& errorCallback)
280{
281 if (!security::verifySignature(reply, state->m_ca.m_anchor)) {
282 errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri());
283 return;
284 }
285
286 JsonSection json = getJsonFromData(reply);
287 state->m_status = json.get<std::string>(JSON_STATUS);
288
289 if (!checkStatus(*state, json, errorCallback)) {
290 return;
291 }
292
293 _LOG_TRACE("Got STATUS response with status " << state->m_status);
294
295 requestCallback(state);
296}
297
298void
299ClientModule::requestDownload(const shared_ptr<RequestState>& state,
300 const RequestCallback& requestCallback,
301 const ErrorCallback& errorCallback)
302{
303 JsonSection requestIdJson;
304 requestIdJson.put(JSON_REQUEST_ID, state->m_requestId);
305
306 Name interestName(state->m_ca.m_caName);
307 interestName.append("_DOWNLOAD").append(nameBlockFromJson(requestIdJson));
308 Interest interest(interestName);
309 interest.setMustBeFresh(true);
310
311 DataCallback dataCb = bind(&ClientModule::handleDownloadResponse, this, _1, _2, state, requestCallback, errorCallback);
312 m_face.expressInterest(interest, dataCb,
313 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
314 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
315 requestCallback, errorCallback));
316
317 _LOG_TRACE("DOWNLOAD interest sent");
318}
319
320void
321ClientModule::handleDownloadResponse(const Interest& request, const Data& reply,
322 const shared_ptr<RequestState>& state,
323 const RequestCallback& requestCallback,
324 const ErrorCallback& errorCallback)
325{
326 if (!security::verifySignature(reply, state->m_ca.m_anchor)) {
327 errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri());
328 return;
329 }
330
331 try {
332 security::v2::Certificate cert(reply.getContent().blockFromValue());
333 m_keyChain.addCertificate(state->m_key, cert);
334
335 _LOG_TRACE("Got DOWNLOAD response and installed the cert " << cert.getName());
336 }
337 catch (const std::exception& e) {
338 errorCallback(std::string(e.what()));
339 return;
340 }
341
342 state->m_isInstalled = true;
343 requestCallback(state);
344}
345
346void
347ClientModule::onTimeout(const Interest& interest, int nRetriesLeft, const DataCallback& dataCallback,
348 const RequestCallback& requestCallback, const ErrorCallback& errorCallback)
349{
350 if (nRetriesLeft > 0) {
351 m_face.expressInterest(interest, dataCallback,
352 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
353 bind(&ClientModule::onTimeout, this, _1, nRetriesLeft - 1, dataCallback,
354 requestCallback, errorCallback));
355 }
356 else {
357 errorCallback("Run out retries: still timeout");
358 return;
359 }
360}
361
362void
363ClientModule::onNack(const Interest& interest, const lp::Nack& nack, const ErrorCallback& errorCallback)
364{
365 errorCallback("Got Nack");
366}
367
368JsonSection
369ClientModule::getJsonFromData(const Data& data)
370{
371 Block jsonBlock = data.getContent();
372 std::string jsonString = encoding::readString(jsonBlock);
373 std::istringstream ss(jsonString);
374 JsonSection json;
375 boost::property_tree::json_parser::read_json(ss, json);
376 return json;
377}
378
379Block
380ClientModule::nameBlockFromJson(const JsonSection& json)
381{
382 std::stringstream ss;
383 boost::property_tree::write_json(ss, json);
384 return makeStringBlock(ndn::tlv::NameComponent, ss.str());
385}
386
387bool
388ClientModule::checkStatus(const RequestState& state, const JsonSection& json,
389 const ErrorCallback& errorCallback)
390{
391 if (state.m_status == "error") {
392 errorCallback(json.get(JSON_ERROR_INFO, ""));
393 return false;
394 }
395 if (state.m_requestId.empty() || state.m_status.empty()) {
396 errorCallback("The response does not carry required fields.");
397 return false;
398 }
399 return true;
400}
401
402} // namespace ndncert
403} // namespace ndn