Gitiles
Code Review Sign In
gerrit.named-data.net / ndncert / 4889a788194d16c6862af936c58b692c7991644e / . / src / client-module.cpp
blob: ffda468f25d56675ec240d6d82d2b9e807857863 [file] [log] [blame]
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Zhiyi Zhangad9e04f2020-03-27 12:04:31 -0700[diff] [blame]3 * Copyright (c) 2017-2020, Regents of the University of California.
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]4 *
5 * This file is part of ndncert, a certificate management system based on NDN.
6 *
7 * ndncert is free software: you can redistribute it and/or modify it under the terms
8 * of the GNU General Public License as published by the Free Software Foundation, either
9 * version 3 of the License, or (at your option) any later version.
10 *
11 * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License along with
16 * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
17 *
18 * See AUTHORS.md for complete list of ndncert authors and contributors.
19 */
20
21#include "client-module.hpp"
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]22
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]23#include <ndn-cxx/security/signing-helpers.hpp>
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]24#include <ndn-cxx/security/transform/base64-encode.hpp>
25#include <ndn-cxx/security/transform/buffer-source.hpp>
26#include <ndn-cxx/security/transform/stream-sink.hpp>
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]27#include <ndn-cxx/security/verification-helpers.hpp>
28#include <ndn-cxx/util/io.hpp>
29#include <ndn-cxx/util/random.hpp>
30
31#include "challenge-module.hpp"
32#include "crypto-support/enc-tlv.hpp"
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]33#include "protocol-detail/challenge.hpp"
34#include "protocol-detail/info.hpp"
tylerliu4889a782020-09-30 22:47:49 -0700[diff] [blame^]35#include "protocol-detail/new-renew-revoke.hpp"
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]36#include "protocol-detail/probe.hpp"
tylerliu36d97f52020-09-30 22:32:54 -0700[diff] [blame]37#include "protocol-detail/error.hpp"
38#include "ndncert-common.hpp"
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]39
40namespace ndn {
41namespace ndncert {
42
43_LOG_INIT(ndncert.client);
44
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]45ClientModule::ClientModule(security::v2::KeyChain& keyChain)
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]46 : m_keyChain(keyChain)
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]47{
48}
49
Zhiyi Zhangad9e04f2020-03-27 12:04:31 -0700[diff] [blame]50ClientModule::~ClientModule()
51{
52 endSession();
53}
Davide Pesavento08994782018-01-22 12:13:41 -0500[diff] [blame]54
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]55shared_ptr<Interest>
swa77020643ac2020-03-26 02:24:45 -0700[diff] [blame]56ClientModule::generateInfoInterest(const Name& caName)
Zhiyi Zhang1c0bd372017-12-18 18:32:55 +0800[diff] [blame]57{
58 Name interestName = caName;
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]59 if (readString(caName.at(-1)) != "CA")
60 interestName.append("CA");
swa77020643ac2020-03-26 02:24:45 -0700[diff] [blame]61 interestName.append("INFO");
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]62 auto interest = make_shared<Interest>(interestName);
63 interest->setMustBeFresh(true);
64 interest->setCanBePrefix(false);
65 return interest;
Zhiyi Zhang1c0bd372017-12-18 18:32:55 +0800[diff] [blame]66}
67
Zhiyi Zhangcaab5462019-10-18 13:41:02 -0700[diff] [blame]68bool
Suyong Won19fba4d2020-05-09 13:39:46 -0700[diff] [blame]69ClientModule::verifyInfoResponse(const Data& reply)
Zhiyi Zhangcaab5462019-10-18 13:41:02 -0700[diff] [blame]70{
71 // parse the ca item
Zhiyi Zhang3e8ca252020-09-30 17:18:38 -0700[diff] [blame]72 auto caItem = INFO::decodeDataContent(reply.getContent());
Zhiyi Zhangcaab5462019-10-18 13:41:02 -0700[diff] [blame]73
74 // verify the probe Data's sig
Zhiyi Zhang9829da92020-09-30 16:19:34 -0700[diff] [blame]75 if (!security::verifySignature(reply, *caItem.m_cert)) {
Suyong Won256c9062020-05-11 02:45:56 -0700[diff] [blame]76 _LOG_ERROR("Cannot verify data signature from " << m_ca.m_caPrefix.toUri());
Zhiyi Zhangcaab5462019-10-18 13:41:02 -0700[diff] [blame]77 return false;
78 }
79 return true;
80}
81
Zhiyi Zhang1c0bd372017-12-18 18:32:55 +0800[diff] [blame]82void
Suyong Won19fba4d2020-05-09 13:39:46 -0700[diff] [blame]83ClientModule::addCaFromInfoResponse(const Data& reply)
Zhiyi Zhang1c0bd372017-12-18 18:32:55 +0800[diff] [blame]84{
Suyong Won57462ca2020-05-05 22:20:09 -0700[diff] [blame]85 const Block& contentBlock = reply.getContent();
86
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]87 // parse the ca item
Zhiyi Zhang3e8ca252020-09-30 17:18:38 -0700[diff] [blame]88 auto caItem = INFO::decodeDataContent(contentBlock);
Zhiyi Zhang1c0bd372017-12-18 18:32:55 +0800[diff] [blame]89
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]90 // update the local config
91 bool findItem = false;
92 for (auto& item : m_config.m_caItems) {
Suyong Won256c9062020-05-11 02:45:56 -0700[diff] [blame]93 if (item.m_caPrefix == caItem.m_caPrefix) {
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]94 findItem = true;
95 item = caItem;
Zhiyi Zhang1c0bd372017-12-18 18:32:55 +0800[diff] [blame]96 }
97 }
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]98 if (!findItem) {
99 m_config.m_caItems.push_back(caItem);
Zhiyi Zhang1c0bd372017-12-18 18:32:55 +0800[diff] [blame]100 }
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]101}
102
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]103shared_ptr<Interest>
Zhiyi Zhang9829da92020-09-30 16:19:34 -0700[diff] [blame]104ClientModule::generateProbeInterest(const CaConfigItem& ca,
105 std::vector<std::tuple<std::string, std::string>>&& probeInfo)
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]106{
Suyong Won256c9062020-05-11 02:45:56 -0700[diff] [blame]107 Name interestName = ca.m_caPrefix;
swa770de007bc2020-03-24 21:26:21 -0700[diff] [blame]108 interestName.append("CA").append("PROBE");
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]109 auto interest = make_shared<Interest>(interestName);
110 interest->setMustBeFresh(true);
111 interest->setCanBePrefix(false);
Zhiyi Zhang9829da92020-09-30 16:19:34 -0700[diff] [blame]112 interest->setApplicationParameters(PROBE::encodeApplicationParameters(std::move(probeInfo)));
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]113
114 // update local state
115 m_ca = ca;
116 return interest;
117}
118
119void
120ClientModule::onProbeResponse(const Data& reply)
121{
Zhiyi Zhang9829da92020-09-30 16:19:34 -0700[diff] [blame]122 if (!security::verifySignature(reply, *m_ca.m_cert)) {
Suyong Won256c9062020-05-11 02:45:56 -0700[diff] [blame]123 _LOG_ERROR("Cannot verify data signature from " << m_ca.m_caPrefix.toUri());
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]124 return;
125 }
Suyong Won19fba4d2020-05-09 13:39:46 -0700[diff] [blame]126
tylerliu36d97f52020-09-30 22:32:54 -0700[diff] [blame]127 // error handling
128 processIfError(reply);
129
Suyong Won19fba4d2020-05-09 13:39:46 -0700[diff] [blame]130 auto contentTLV = reply.getContent();
Suyong Won44d0cce2020-05-10 04:07:43 -0700[diff] [blame]131 contentTLV.parse();
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]132
133 // read the available name and put it into the state
Suyong Won19fba4d2020-05-09 13:39:46 -0700[diff] [blame]134 if (contentTLV.get(tlv_probe_response).hasValue()) {
Suyong Wonb29e0da2020-05-12 01:59:15 -0700[diff] [blame]135 Block probeResponseBlock = contentTLV.get(tlv_probe_response);
136 probeResponseBlock.parse();
137 m_identityName.wireDecode(probeResponseBlock.get(tlv::Name));
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]138 }
Zhiyi Zhang781a5602019-06-26 19:05:04 -0700[diff] [blame]139 else {
140 NDN_LOG_TRACE("The JSON_CA_NAME is empty.");
141 }
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]142}
143
144shared_ptr<Interest>
145ClientModule::generateNewInterest(const time::system_clock::TimePoint& notBefore,
146 const time::system_clock::TimePoint& notAfter,
Zhiyi Zhangb8bbc642020-09-29 14:08:26 -0700[diff] [blame]147 const Name& identityName)
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]148{
149 // Name requestedName = identityName;
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]150 if (!identityName.empty()) { // if identityName is not empty, find the corresponding CA
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]151 bool findCa = false;
152 for (const auto& caItem : m_config.m_caItems) {
Suyong Won256c9062020-05-11 02:45:56 -0700[diff] [blame]153 if (caItem.m_caPrefix.isPrefixOf(identityName)) {
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]154 m_ca = caItem;
155 findCa = true;
156 }
157 }
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]158 if (!findCa) { // if cannot find, cannot proceed
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]159 return nullptr;
160 }
161 m_identityName = identityName;
162 }
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]163 else { // if identityName is empty, check m_identityName or generate a random name
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]164 if (!m_identityName.empty()) {
165 // do nothing
166 }
167 else {
Zhiyi Zhang781a5602019-06-26 19:05:04 -0700[diff] [blame]168 NDN_LOG_TRACE("Randomly create a new name because m_identityName is empty and the param is empty.");
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]169 auto id = std::to_string(random::generateSecureWord64());
Suyong Won256c9062020-05-11 02:45:56 -0700[diff] [blame]170 m_identityName = m_ca.m_caPrefix;
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]171 m_identityName.append(id);
172 }
173 }
174
175 // generate a newly key pair or use an existing key
Zhiyi Zhang10130782018-02-01 18:28:49 -0800[diff] [blame]176 const auto& pib = m_keyChain.getPib();
Zhiyi Zhangad9e04f2020-03-27 12:04:31 -0700[diff] [blame]177 security::pib::Identity identity;
Zhiyi Zhang10130782018-02-01 18:28:49 -0800[diff] [blame]178 try {
Zhiyi Zhangad9e04f2020-03-27 12:04:31 -0700[diff] [blame]179 identity = pib.getIdentity(m_identityName);
Zhiyi Zhang10130782018-02-01 18:28:49 -0800[diff] [blame]180 }
181 catch (const security::Pib::Error& e) {
Zhiyi Zhangad9e04f2020-03-27 12:04:31 -0700[diff] [blame]182 identity = m_keyChain.createIdentity(m_identityName);
183 m_isNewlyCreatedIdentity = true;
184 m_isNewlyCreatedKey = true;
185 }
186 try {
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]187 m_key = identity.getDefaultKey();
Zhiyi Zhang10130782018-02-01 18:28:49 -0800[diff] [blame]188 }
Zhiyi Zhangad9e04f2020-03-27 12:04:31 -0700[diff] [blame]189 catch (const security::Pib::Error& e) {
190 m_key = m_keyChain.createKey(identity);
191 m_isNewlyCreatedKey = true;
192 }
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]193
194 // generate certificate request
195 security::v2::Certificate certRequest;
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]196 certRequest.setName(Name(m_key.getName()).append("cert-request").appendVersion());
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]197 certRequest.setContentType(tlv::ContentType_Key);
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]198 certRequest.setContent(m_key.getPublicKey().data(), m_key.getPublicKey().size());
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]199 SignatureInfo signatureInfo;
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]200 signatureInfo.setValidityPeriod(security::ValidityPeriod(notBefore, notAfter));
201 m_keyChain.sign(certRequest, signingByKey(m_key.getName()).setSignatureInfo(signatureInfo));
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]202
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]203 // generate Interest packet
Suyong Won256c9062020-05-11 02:45:56 -0700[diff] [blame]204 Name interestName = m_ca.m_caPrefix;
swa770de007bc2020-03-24 21:26:21 -0700[diff] [blame]205 interestName.append("CA").append("NEW");
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]206 auto interest = make_shared<Interest>(interestName);
207 interest->setMustBeFresh(true);
208 interest->setCanBePrefix(false);
Suyong Won19fba4d2020-05-09 13:39:46 -0700[diff] [blame]209 interest->setApplicationParameters(
tylerliu4889a782020-09-30 22:47:49 -0700[diff] [blame^]210 NEW_RENEW_REVOKE::encodeApplicationParameters(RequestType::NEW, m_ecdh.getBase64PubKey(), certRequest));
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]211
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]212 // sign the Interest packet
213 m_keyChain.sign(*interest, signingByKey(m_key.getName()));
214 return interest;
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]215}
216
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]217std::list<std::string>
tylerliu0e176c32020-09-29 11:39:46 -0700[diff] [blame]218ClientModule::onNewRenewRevokeResponse(const Data& reply)
tylerliu4a00aad2020-09-26 02:03:17 -0700[diff] [blame]219{
Zhiyi Zhang9829da92020-09-30 16:19:34 -0700[diff] [blame]220 if (!security::verifySignature(reply, *m_ca.m_cert)) {
Suyong Won256c9062020-05-11 02:45:56 -0700[diff] [blame]221 _LOG_ERROR("Cannot verify data signature from " << m_ca.m_caPrefix.toUri());
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]222 return std::list<std::string>();
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]223 }
tylerliu36d97f52020-09-30 22:32:54 -0700[diff] [blame]224
225 // error handling
226 processIfError(reply);
227
Suyong Won19fba4d2020-05-09 13:39:46 -0700[diff] [blame]228 auto contentTLV = reply.getContent();
Suyong Won44d0cce2020-05-10 04:07:43 -0700[diff] [blame]229 contentTLV.parse();
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]230
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]231 // ECDH
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]232 const auto& peerKeyBase64Str = readString(contentTLV.get(tlv_ecdh_pub));
Suyong Won19fba4d2020-05-09 13:39:46 -0700[diff] [blame]233 const auto& saltStr = readString(contentTLV.get(tlv_salt));
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]234 uint64_t saltInt = std::stoull(saltStr);
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]235 m_ecdh.deriveSecret(peerKeyBase64Str);
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]236
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]237 // HKDF
Zhiyi Zhang36706832019-07-04 21:33:03 -0700[diff] [blame]238 hkdf(m_ecdh.context->sharedSecret, m_ecdh.context->sharedSecretLen,
239 (uint8_t*)&saltInt, sizeof(saltInt), m_aesKey, sizeof(m_aesKey));
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]240
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]241 // update state
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]242 m_status = static_cast<Status>(readNonNegativeInteger(contentTLV.get(tlv_status)));
Suyong Won19fba4d2020-05-09 13:39:46 -0700[diff] [blame]243 m_requestId = readString(contentTLV.get(tlv_request_id));
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]244 m_challengeList.clear();
Suyong Won19fba4d2020-05-09 13:39:46 -0700[diff] [blame]245 for (auto const& element : contentTLV.elements()) {
246 if (element.type() == tlv_challenge) {
247 m_challengeList.push_back(readString(element));
248 }
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]249 }
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]250 return m_challengeList;
251}
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]252
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]253shared_ptr<Interest>
tylerliu182bc532020-09-25 01:54:45 -0700[diff] [blame]254ClientModule::generateRevokeInterest(const security::v2::Certificate& certificate)
255{
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]256 // Name requestedName = identityName;
257 bool findCa = false;
258 for (const auto& caItem : m_config.m_caItems) {
Zhiyi Zhang9829da92020-09-30 16:19:34 -0700[diff] [blame]259 if (caItem.m_caPrefix.isPrefixOf(certificate.getName())) {
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]260 m_ca = caItem;
261 findCa = true;
tylerliu182bc532020-09-25 01:54:45 -0700[diff] [blame]262 }
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]263 }
264 if (!findCa) { // if cannot find, cannot proceed
265 _LOG_TRACE("Cannot find corresponding CA for the certificate.");
266 return nullptr;
267 }
tylerliu182bc532020-09-25 01:54:45 -0700[diff] [blame]268
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]269 // generate Interest packet
270 Name interestName = m_ca.m_caPrefix;
271 interestName.append("CA").append("REVOKE");
272 auto interest = make_shared<Interest>(interestName);
273 interest->setMustBeFresh(true);
274 interest->setCanBePrefix(false);
275 interest->setApplicationParameters(
tylerliu4889a782020-09-30 22:47:49 -0700[diff] [blame^]276 NEW_RENEW_REVOKE::encodeApplicationParameters(RequestType::REVOKE, m_ecdh.getBase64PubKey(), certificate));
tylerliu182bc532020-09-25 01:54:45 -0700[diff] [blame]277
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]278 // return the Interest packet
279 return interest;
tylerliu182bc532020-09-25 01:54:45 -0700[diff] [blame]280}
281
tylerliu182bc532020-09-25 01:54:45 -0700[diff] [blame]282shared_ptr<Interest>
Suyong Won19fba4d2020-05-09 13:39:46 -0700[diff] [blame]283ClientModule::generateChallengeInterest(const Block& challengeRequest)
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]284{
Suyong Won44d0cce2020-05-10 04:07:43 -0700[diff] [blame]285 challengeRequest.parse();
Suyong Won19fba4d2020-05-09 13:39:46 -0700[diff] [blame]286 m_challengeType = readString(challengeRequest.get(tlv_selected_challenge));
Suyong Won44d0cce2020-05-10 04:07:43 -0700[diff] [blame]287
Suyong Won256c9062020-05-11 02:45:56 -0700[diff] [blame]288 Name interestName = m_ca.m_caPrefix;
swa770de007bc2020-03-24 21:26:21 -0700[diff] [blame]289 interestName.append("CA").append("CHALLENGE").append(m_requestId);
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]290 auto interest = make_shared<Interest>(interestName);
291 interest->setMustBeFresh(true);
292 interest->setCanBePrefix(false);
293
294 // encrypt the Interest parameters
Suyong Won7968f7a2020-05-12 01:01:25 -0700[diff] [blame]295 auto paramBlock = encodeBlockWithAesGcm128(tlv::ApplicationParameters, m_aesKey,
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]296 challengeRequest.value(), challengeRequest.value_size(),
297 (const uint8_t*)"test", strlen("test"));
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]298 interest->setApplicationParameters(paramBlock);
299
300 m_keyChain.sign(*interest, signingByKey(m_key.getName()));
301 return interest;
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]302}
303
304void
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]305ClientModule::onChallengeResponse(const Data& reply)
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]306{
Zhiyi Zhang9829da92020-09-30 16:19:34 -0700[diff] [blame]307 if (!security::verifySignature(reply, *m_ca.m_cert)) {
Suyong Won256c9062020-05-11 02:45:56 -0700[diff] [blame]308 _LOG_ERROR("Cannot verify data signature from " << m_ca.m_caPrefix.toUri());
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]309 return;
310 }
tylerliu36d97f52020-09-30 22:32:54 -0700[diff] [blame]311
312 // error handling
313 processIfError(reply);
314
Zhiyi Zhangb8cb0472020-05-05 20:55:05 -0700[diff] [blame]315 auto result = decodeBlockWithAesGcm128(reply.getContent(), m_aesKey, (const uint8_t*)"test", strlen("test"));
Suyong Won19fba4d2020-05-09 13:39:46 -0700[diff] [blame]316
Suyong Won44d0cce2020-05-10 04:07:43 -0700[diff] [blame]317 Block contentTLV = makeBinaryBlock(tlv_encrypted_payload, result.data(), result.size());
318 contentTLV.parse();
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]319
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]320 // update state
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]321 m_status = static_cast<Status>(readNonNegativeInteger(contentTLV.get(tlv_status)));
Suyong Won19fba4d2020-05-09 13:39:46 -0700[diff] [blame]322 m_challengeStatus = readString(contentTLV.get(tlv_challenge_status));
323 m_remainingTries = readNonNegativeInteger(contentTLV.get(tlv_remaining_tries));
324 m_freshBefore = time::system_clock::now() +
325 time::seconds(readNonNegativeInteger(contentTLV.get(tlv_remaining_time)));
326
Suyong Won7968f7a2020-05-12 01:01:25 -0700[diff] [blame]327 if (contentTLV.find(tlv_issued_cert_name) != contentTLV.elements_end()) {
328 Block issuedCertNameBlock = contentTLV.get(tlv_issued_cert_name);
329 issuedCertNameBlock.parse();
330 m_issuedCertName.wireDecode(issuedCertNameBlock.get(tlv::Name));
331 }
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]332}
Zhiyi Zhange30eb352017-04-13 15:26:14 -0700[diff] [blame]333
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]334shared_ptr<Interest>
335ClientModule::generateDownloadInterest()
336{
Suyong Won256c9062020-05-11 02:45:56 -0700[diff] [blame]337 Name interestName = m_ca.m_caPrefix;
swa770de007bc2020-03-24 21:26:21 -0700[diff] [blame]338 interestName.append("CA").append("DOWNLOAD").append(m_requestId);
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]339 auto interest = make_shared<Interest>(interestName);
340 interest->setMustBeFresh(true);
341 interest->setCanBePrefix(false);
342 return interest;
343}
Zhiyi Zhange30eb352017-04-13 15:26:14 -0700[diff] [blame]344
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]345shared_ptr<Interest>
346ClientModule::generateCertFetchInterest()
347{
swa770cf1d8f72020-04-21 23:12:39 -0700[diff] [blame]348 Name interestName = m_issuedCertName;
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]349 auto interest = make_shared<Interest>(interestName);
350 interest->setMustBeFresh(true);
351 interest->setCanBePrefix(false);
352 return interest;
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]353}
354
swa770cf1d8f72020-04-21 23:12:39 -0700[diff] [blame]355void
356ClientModule::onCertFetchResponse(const Data& reply)
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]357{
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]358 try {
359 security::v2::Certificate cert(reply.getContent().blockFromValue());
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]360 m_keyChain.addCertificate(m_key, cert);
swa770cf1d8f72020-04-21 23:12:39 -0700[diff] [blame]361 _LOG_TRACE("Fetched and installed the cert " << cert.getName());
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]362 }
363 catch (const std::exception& e) {
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]364 _LOG_ERROR("Cannot add replied certificate into the keychain " << e.what());
Zhiyi Zhangef6b36a2020-09-22 21:20:59 -0700[diff] [blame]365 return;
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]366 }
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]367}
368
Zhiyi Zhangef6b36a2020-09-22 21:20:59 -0700[diff] [blame]369void
370ClientModule::endSession()
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]371{
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]372 if (getApplicationStatus() == Status::SUCCESS || getApplicationStatus() == Status::ENDED) {
Zhiyi Zhangef6b36a2020-09-22 21:20:59 -0700[diff] [blame]373 return;
374 }
375 if (m_isNewlyCreatedIdentity) {
376 // put the identity into the if scope is because it may cause an error
377 // outside since when endSession is called, identity may not have been created yet.
378 auto identity = m_keyChain.getPib().getIdentity(m_identityName);
379 m_keyChain.deleteIdentity(identity);
380 }
381 else if (m_isNewlyCreatedKey) {
382 auto identity = m_keyChain.getPib().getIdentity(m_identityName);
383 m_keyChain.deleteKey(identity, m_key);
384 }
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]385 m_status = Status::ENDED;
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]386}
387
tylerliu36d97f52020-09-30 22:32:54 -0700[diff] [blame]388void
389ClientModule::processIfError(const Data& data)
390{
391 auto contentTLV = data.getContent();
392 if (ErrorTLV::isErrorContent(contentTLV)) {
393 try {
394 auto error = ErrorTLV::decodefromDataContent(contentTLV);
395 _LOG_ERROR("Error data returned for " << data.getName() << ": " << std::endl <<
396 "Code: " << errorCodeToString(std::get<0>(error)) << std::endl <<
397 "Info: " << std::get<1>(error) << std::endl);
398 } catch (const std::exception& e) {
399 _LOG_ERROR("Cannot parse error data content for " << data.getName());
400 return;
401 }
402 }
403}
404
Zhiyi Zhang48f23782020-09-28 12:11:24 -0700[diff] [blame]405} // namespace ndncert
406} // namespace ndn