blob: 157f28d4e7763265a42ecf49a23595fe0bda3724 [file] [log] [blame]
Zhiyi Zhang23564c82017-03-01 10:22:22 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2017, Regents of the University of California.
4 *
5 * This file is part of ndncert, a certificate management system based on NDN.
6 *
7 * ndncert is free software: you can redistribute it and/or modify it under the terms
8 * of the GNU General Public License as published by the Free Software Foundation, either
9 * version 3 of the License, or (at your option) any later version.
10 *
11 * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License along with
16 * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
17 *
18 * See AUTHORS.md for complete list of ndncert authors and contributors.
19 */
20
21#include "client-module.hpp"
22#include "logging.hpp"
23#include "json-helper.hpp"
24#include <ndn-cxx/security/signing-helpers.hpp>
25#include <ndn-cxx/security/verification-helpers.hpp>
26
27namespace ndn {
28namespace ndncert {
29
30_LOG_INIT(ndncert.client);
31
32ClientModule::ClientModule(Face& face, security::v2::KeyChain& keyChain, size_t retryTimes)
33 : m_face(face)
34 , m_keyChain(keyChain)
35 , m_retryTimes(retryTimes)
36{
37}
38
39void
40ClientModule::sendProbe(const ClientCaItem& ca, const std::string& probeInfo,
41 const RequestCallback& requestCallback,
42 const ErrorCallback& errorCallback)
43{
44 Interest interest(Name(ca.m_caName).append("_PROBE").append(probeInfo));
45 interest.setMustBeFresh(true);
46 DataCallback dataCb = bind(&ClientModule::handleProbeResponse, this, _1, _2, ca, requestCallback, errorCallback);
47 m_face.expressInterest(interest, dataCb,
48 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
49 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
50 requestCallback, errorCallback));
51
52 _LOG_TRACE("PROBE interest sent with Probe info " << probeInfo);
53}
54
55void
56ClientModule::handleProbeResponse(const Interest& request, const Data& reply,
57 const ClientCaItem& ca,
58 const RequestCallback& requestCallback,
59 const ErrorCallback& errorCallback)
60{
61 if (!security::verifySignature(reply, ca.m_anchor)) {
62 errorCallback("Cannot verify data from " + ca.m_caName.toUri());
63 return;
64 };
65 JsonSection contentJson = getJsonFromData(reply);
66 std::string identityNameString = contentJson.get(JSON_IDNENTIFIER, "");
67 if (!identityNameString.empty()) {
68 Name identityName(identityNameString);
69 sendNew(ca, identityName, requestCallback, errorCallback);
70
71 _LOG_TRACE("Got PROBE response with identity " << identityName);
72 }
73 else {
74 errorCallback("The response does not carry required fields.");
75 return;
76 }
77}
78
79void
80ClientModule::sendNew(const ClientCaItem& ca, const Name& identityName,
81 const RequestCallback& requestCallback,
82 const ErrorCallback& errorCallback)
83{
84 security::Identity identity = m_keyChain.createIdentity(identityName);
85
86 auto state = make_shared<RequestState>();
87 state->m_key = m_keyChain.createKey(identity);
88 state->m_ca = ca;
89 state->m_isInstalled = false;
90
91 // generate certificate request
92 security::v2::Certificate certRequest;
93 certRequest.setName(Name(state->m_key.getName()).append("cert-request").appendVersion());
94 certRequest.setContentType(tlv::ContentType_Key);
95 certRequest.setFreshnessPeriod(time::hours(24));
96 certRequest.setContent(state->m_key.getPublicKey().buf(), state->m_key.getPublicKey().size());
97 SignatureInfo signatureInfo;
98 signatureInfo.setValidityPeriod(security::ValidityPeriod(time::system_clock::now(),
99 time::system_clock::now() + time::days(10)));
100 m_keyChain.sign(certRequest, signingByKey(state->m_key.getName()).setSignatureInfo(signatureInfo));
101
102 // generate interest
103 Interest interest(Name(ca.m_caName).append(Name("_NEW")).append(certRequest.wireEncode()));
104 m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
105
106 DataCallback dataCb = bind(&ClientModule::handleNewResponse, this, _1, _2, state, requestCallback, errorCallback);
107 m_face.expressInterest(interest, dataCb,
108 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
109 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
110 requestCallback, errorCallback));
111
112 _LOG_TRACE("NEW interest sent with identity " << identityName);
113}
114
115void
116ClientModule::handleNewResponse(const Interest& request, const Data& reply,
117 const shared_ptr<RequestState>& state,
118 const RequestCallback& requestCallback,
119 const ErrorCallback& errorCallback)
120{
121 if (!security::verifySignature(reply, state->m_ca.m_anchor)) {
122 errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri());
123 return;
124 }
125
126 const JsonSection& json = getJsonFromData(reply);
127 state->m_status = json.get(JSON_STATUS, "");
128 state->m_requestId = json.get(JSON_REQUEST_ID, "");
129
130 if (!checkStatus(*state, json, errorCallback)) {
131 return;
132 }
133
134 JsonSection challengesJson = json.get_child(JSON_CHALLENGES);
135 std::list<std::string> challengeList;
136 for (const auto& challengeJson : challengesJson) {
137 challengeList.push_back(challengeJson.second.get<std::string>(JSON_CHALLENGE_TYPE));
138 }
139 state->m_challengeList = challengeList;
140
141 _LOG_TRACE("Got NEW response with requestID " << state->m_requestId
142 << " with status " << state->m_status
143 << " with challenge number " << challengeList.size());
144
145 requestCallback(state);
146}
147
148void
149ClientModule::sendSelect(const shared_ptr<RequestState>& state,
150 const std::string& challengeType,
151 const JsonSection& selectParams,
152 const RequestCallback& requestCallback,
153 const ErrorCallback& errorCallback)
154{
155 JsonSection requestIdJson;
156 requestIdJson.put(JSON_REQUEST_ID, state->m_requestId);
157
158 state->m_challengeType = challengeType;
159
160 Name interestName(state->m_ca.m_caName);
161 interestName.append("_SELECT")
162 .append(nameBlockFromJson(requestIdJson))
163 .append(challengeType)
164 .append(nameBlockFromJson(selectParams));
165 Interest interest(interestName);
166 m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
167
168 DataCallback dataCb = bind(&ClientModule::handleSelectResponse, this, _1, _2, state, requestCallback, errorCallback);
169 m_face.expressInterest(interest, dataCb,
170 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
171 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
172 requestCallback, errorCallback));
173
174 _LOG_TRACE("SELECT interest sent with challenge type " << challengeType);
175}
176
177void
178ClientModule::handleSelectResponse(const Interest& request,
179 const Data& reply,
180 const shared_ptr<RequestState>& state,
181 const RequestCallback& requestCallback,
182 const ErrorCallback& errorCallback)
183{
184 if (!security::verifySignature(reply, state->m_ca.m_anchor)) {
185 errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri());
186 return;
187 }
188
189 JsonSection json = getJsonFromData(reply);
Zhiyi Zhange30eb352017-04-13 15:26:14 -0700190
191 _LOG_TRACE("SELECT response would change the status from " << state->m_status << " to " + json.get<std::string>(JSON_STATUS));
192
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800193 state->m_status = json.get<std::string>(JSON_STATUS);
194
195 if (!checkStatus(*state, json, errorCallback)) {
196 return;
197 }
198
199 _LOG_TRACE("Got SELECT response with status " << state->m_status);
200
201 requestCallback(state);
202}
203
204void
205ClientModule::sendValidate(const shared_ptr<RequestState>& state,
206 const JsonSection& validateParams,
207 const RequestCallback& requestCallback,
208 const ErrorCallback& errorCallback)
209{
210 JsonSection requestIdJson;
211 requestIdJson.put(JSON_REQUEST_ID, state->m_requestId);
212
213 Name interestName(state->m_ca.m_caName);
214 interestName.append("_VALIDATE")
215 .append(nameBlockFromJson(requestIdJson))
216 .append(state->m_challengeType)
217 .append(nameBlockFromJson(validateParams));
218 Interest interest(interestName);
219 m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
220
221 DataCallback dataCb = bind(&ClientModule::handleValidateResponse, this, _1, _2, state, requestCallback, errorCallback);
222 m_face.expressInterest(interest, dataCb,
223 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
224 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
225 requestCallback, errorCallback));
226
227 _LOG_TRACE("VALIDATE interest sent");
228}
229
230void
231ClientModule::handleValidateResponse(const Interest& request,
232 const Data& reply,
233 const shared_ptr<RequestState>& state,
234 const RequestCallback& requestCallback,
235 const ErrorCallback& errorCallback)
236{
237 if (!security::verifySignature(reply, state->m_ca.m_anchor)) {
238 errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri());
239 return;
240 }
241
242 JsonSection json = getJsonFromData(reply);
243 state->m_status = json.get<std::string>(JSON_STATUS);
244
245 if (!checkStatus(*state, json, errorCallback)) {
246 return;
247 }
248
249 _LOG_TRACE("Got VALIDATE response with status " << state->m_status);
250
251 requestCallback(state);
252}
253
254
255void
256ClientModule::requestStatus(const shared_ptr<RequestState>& state,
257 const RequestCallback& requestCallback,
258 const ErrorCallback& errorCallback)
259{
260 JsonSection requestIdJson;
261 requestIdJson.put(JSON_REQUEST_ID, state->m_requestId);
262
263 Name interestName(state->m_ca.m_caName);
264 interestName.append("_STATUS").append(nameBlockFromJson(requestIdJson));
265 Interest interest(interestName);
266
267 m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
268
269 DataCallback dataCb = bind(&ClientModule::handleStatusResponse, this, _1, _2, state, requestCallback, errorCallback);
270 m_face.expressInterest(interest, dataCb,
271 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
272 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
273 requestCallback, errorCallback));
274
275 _LOG_TRACE("STATUS interest sent");
276}
277
278void
279ClientModule::handleStatusResponse(const Interest& request, const Data& reply,
280 const shared_ptr<RequestState>& state,
281 const RequestCallback& requestCallback,
282 const ErrorCallback& errorCallback)
283{
284 if (!security::verifySignature(reply, state->m_ca.m_anchor)) {
285 errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri());
286 return;
287 }
288
289 JsonSection json = getJsonFromData(reply);
290 state->m_status = json.get<std::string>(JSON_STATUS);
291
292 if (!checkStatus(*state, json, errorCallback)) {
293 return;
294 }
295
296 _LOG_TRACE("Got STATUS response with status " << state->m_status);
297
298 requestCallback(state);
299}
300
301void
302ClientModule::requestDownload(const shared_ptr<RequestState>& state,
303 const RequestCallback& requestCallback,
304 const ErrorCallback& errorCallback)
305{
306 JsonSection requestIdJson;
307 requestIdJson.put(JSON_REQUEST_ID, state->m_requestId);
308
309 Name interestName(state->m_ca.m_caName);
310 interestName.append("_DOWNLOAD").append(nameBlockFromJson(requestIdJson));
311 Interest interest(interestName);
312 interest.setMustBeFresh(true);
313
314 DataCallback dataCb = bind(&ClientModule::handleDownloadResponse, this, _1, _2, state, requestCallback, errorCallback);
315 m_face.expressInterest(interest, dataCb,
316 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
317 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
318 requestCallback, errorCallback));
319
320 _LOG_TRACE("DOWNLOAD interest sent");
321}
322
323void
324ClientModule::handleDownloadResponse(const Interest& request, const Data& reply,
325 const shared_ptr<RequestState>& state,
326 const RequestCallback& requestCallback,
327 const ErrorCallback& errorCallback)
328{
329 if (!security::verifySignature(reply, state->m_ca.m_anchor)) {
330 errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri());
331 return;
332 }
333
334 try {
335 security::v2::Certificate cert(reply.getContent().blockFromValue());
336 m_keyChain.addCertificate(state->m_key, cert);
337
338 _LOG_TRACE("Got DOWNLOAD response and installed the cert " << cert.getName());
339 }
340 catch (const std::exception& e) {
341 errorCallback(std::string(e.what()));
342 return;
343 }
344
345 state->m_isInstalled = true;
346 requestCallback(state);
347}
348
349void
350ClientModule::onTimeout(const Interest& interest, int nRetriesLeft, const DataCallback& dataCallback,
351 const RequestCallback& requestCallback, const ErrorCallback& errorCallback)
352{
353 if (nRetriesLeft > 0) {
354 m_face.expressInterest(interest, dataCallback,
355 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
356 bind(&ClientModule::onTimeout, this, _1, nRetriesLeft - 1, dataCallback,
357 requestCallback, errorCallback));
358 }
359 else {
360 errorCallback("Run out retries: still timeout");
361 return;
362 }
363}
364
365void
366ClientModule::onNack(const Interest& interest, const lp::Nack& nack, const ErrorCallback& errorCallback)
367{
368 errorCallback("Got Nack");
369}
370
371JsonSection
372ClientModule::getJsonFromData(const Data& data)
373{
374 Block jsonBlock = data.getContent();
375 std::string jsonString = encoding::readString(jsonBlock);
376 std::istringstream ss(jsonString);
377 JsonSection json;
378 boost::property_tree::json_parser::read_json(ss, json);
379 return json;
380}
381
382Block
383ClientModule::nameBlockFromJson(const JsonSection& json)
384{
385 std::stringstream ss;
386 boost::property_tree::write_json(ss, json);
387 return makeStringBlock(ndn::tlv::NameComponent, ss.str());
388}
389
390bool
391ClientModule::checkStatus(const RequestState& state, const JsonSection& json,
392 const ErrorCallback& errorCallback)
393{
394 if (state.m_status == "error") {
395 errorCallback(json.get(JSON_ERROR_INFO, ""));
396 return false;
397 }
398 if (state.m_requestId.empty() || state.m_status.empty()) {
Zhiyi Zhange30eb352017-04-13 15:26:14 -0700399 errorCallback("The response does not carry required fields. requestID: " + state.m_requestId
400 + " status: " + state.m_status);
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800401 return false;
402 }
403 return true;
404}
405
406} // namespace ndncert
407} // namespace ndn