Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
| 2 | /** |
| 3 | * Copyright (c) 2017, Regents of the University of California. |
| 4 | * |
| 5 | * This file is part of ndncert, a certificate management system based on NDN. |
| 6 | * |
| 7 | * ndncert is free software: you can redistribute it and/or modify it under the terms |
| 8 | * of the GNU General Public License as published by the Free Software Foundation, either |
| 9 | * version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License along with |
| 16 | * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>. |
| 17 | * |
| 18 | * See AUTHORS.md for complete list of ndncert authors and contributors. |
| 19 | */ |
| 20 | |
| 21 | #include "client-module.hpp" |
| 22 | #include "logging.hpp" |
| 23 | #include "json-helper.hpp" |
| 24 | #include <ndn-cxx/security/signing-helpers.hpp> |
| 25 | #include <ndn-cxx/security/verification-helpers.hpp> |
| 26 | |
| 27 | namespace ndn { |
| 28 | namespace ndncert { |
| 29 | |
| 30 | _LOG_INIT(ndncert.client); |
| 31 | |
| 32 | ClientModule::ClientModule(Face& face, security::v2::KeyChain& keyChain, size_t retryTimes) |
| 33 | : m_face(face) |
| 34 | , m_keyChain(keyChain) |
| 35 | , m_retryTimes(retryTimes) |
| 36 | { |
| 37 | } |
| 38 | |
| 39 | void |
| 40 | ClientModule::sendProbe(const ClientCaItem& ca, const std::string& probeInfo, |
| 41 | const RequestCallback& requestCallback, |
| 42 | const ErrorCallback& errorCallback) |
| 43 | { |
| 44 | Interest interest(Name(ca.m_caName).append("_PROBE").append(probeInfo)); |
| 45 | interest.setMustBeFresh(true); |
| 46 | DataCallback dataCb = bind(&ClientModule::handleProbeResponse, this, _1, _2, ca, requestCallback, errorCallback); |
| 47 | m_face.expressInterest(interest, dataCb, |
| 48 | bind(&ClientModule::onNack, this, _1, _2, errorCallback), |
| 49 | bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb, |
| 50 | requestCallback, errorCallback)); |
| 51 | |
| 52 | _LOG_TRACE("PROBE interest sent with Probe info " << probeInfo); |
| 53 | } |
| 54 | |
| 55 | void |
| 56 | ClientModule::handleProbeResponse(const Interest& request, const Data& reply, |
| 57 | const ClientCaItem& ca, |
| 58 | const RequestCallback& requestCallback, |
| 59 | const ErrorCallback& errorCallback) |
| 60 | { |
| 61 | if (!security::verifySignature(reply, ca.m_anchor)) { |
| 62 | errorCallback("Cannot verify data from " + ca.m_caName.toUri()); |
| 63 | return; |
| 64 | }; |
| 65 | JsonSection contentJson = getJsonFromData(reply); |
| 66 | std::string identityNameString = contentJson.get(JSON_IDNENTIFIER, ""); |
| 67 | if (!identityNameString.empty()) { |
| 68 | Name identityName(identityNameString); |
| 69 | sendNew(ca, identityName, requestCallback, errorCallback); |
| 70 | |
| 71 | _LOG_TRACE("Got PROBE response with identity " << identityName); |
| 72 | } |
| 73 | else { |
| 74 | errorCallback("The response does not carry required fields."); |
| 75 | return; |
| 76 | } |
| 77 | } |
| 78 | |
| 79 | void |
| 80 | ClientModule::sendNew(const ClientCaItem& ca, const Name& identityName, |
| 81 | const RequestCallback& requestCallback, |
| 82 | const ErrorCallback& errorCallback) |
| 83 | { |
| 84 | security::Identity identity = m_keyChain.createIdentity(identityName); |
| 85 | |
| 86 | auto state = make_shared<RequestState>(); |
| 87 | state->m_key = m_keyChain.createKey(identity); |
| 88 | state->m_ca = ca; |
| 89 | state->m_isInstalled = false; |
| 90 | |
| 91 | // generate certificate request |
| 92 | security::v2::Certificate certRequest; |
| 93 | certRequest.setName(Name(state->m_key.getName()).append("cert-request").appendVersion()); |
| 94 | certRequest.setContentType(tlv::ContentType_Key); |
| 95 | certRequest.setFreshnessPeriod(time::hours(24)); |
| 96 | certRequest.setContent(state->m_key.getPublicKey().buf(), state->m_key.getPublicKey().size()); |
| 97 | SignatureInfo signatureInfo; |
| 98 | signatureInfo.setValidityPeriod(security::ValidityPeriod(time::system_clock::now(), |
| 99 | time::system_clock::now() + time::days(10))); |
| 100 | m_keyChain.sign(certRequest, signingByKey(state->m_key.getName()).setSignatureInfo(signatureInfo)); |
| 101 | |
| 102 | // generate interest |
| 103 | Interest interest(Name(ca.m_caName).append(Name("_NEW")).append(certRequest.wireEncode())); |
| 104 | m_keyChain.sign(interest, signingByKey(state->m_key.getName())); |
| 105 | |
| 106 | DataCallback dataCb = bind(&ClientModule::handleNewResponse, this, _1, _2, state, requestCallback, errorCallback); |
| 107 | m_face.expressInterest(interest, dataCb, |
| 108 | bind(&ClientModule::onNack, this, _1, _2, errorCallback), |
| 109 | bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb, |
| 110 | requestCallback, errorCallback)); |
| 111 | |
| 112 | _LOG_TRACE("NEW interest sent with identity " << identityName); |
| 113 | } |
| 114 | |
| 115 | void |
| 116 | ClientModule::handleNewResponse(const Interest& request, const Data& reply, |
| 117 | const shared_ptr<RequestState>& state, |
| 118 | const RequestCallback& requestCallback, |
| 119 | const ErrorCallback& errorCallback) |
| 120 | { |
| 121 | if (!security::verifySignature(reply, state->m_ca.m_anchor)) { |
| 122 | errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri()); |
| 123 | return; |
| 124 | } |
| 125 | |
| 126 | const JsonSection& json = getJsonFromData(reply); |
| 127 | state->m_status = json.get(JSON_STATUS, ""); |
| 128 | state->m_requestId = json.get(JSON_REQUEST_ID, ""); |
| 129 | |
| 130 | if (!checkStatus(*state, json, errorCallback)) { |
| 131 | return; |
| 132 | } |
| 133 | |
| 134 | JsonSection challengesJson = json.get_child(JSON_CHALLENGES); |
| 135 | std::list<std::string> challengeList; |
| 136 | for (const auto& challengeJson : challengesJson) { |
| 137 | challengeList.push_back(challengeJson.second.get<std::string>(JSON_CHALLENGE_TYPE)); |
| 138 | } |
| 139 | state->m_challengeList = challengeList; |
| 140 | |
| 141 | _LOG_TRACE("Got NEW response with requestID " << state->m_requestId |
| 142 | << " with status " << state->m_status |
| 143 | << " with challenge number " << challengeList.size()); |
| 144 | |
| 145 | requestCallback(state); |
| 146 | } |
| 147 | |
| 148 | void |
| 149 | ClientModule::sendSelect(const shared_ptr<RequestState>& state, |
| 150 | const std::string& challengeType, |
| 151 | const JsonSection& selectParams, |
| 152 | const RequestCallback& requestCallback, |
| 153 | const ErrorCallback& errorCallback) |
| 154 | { |
| 155 | JsonSection requestIdJson; |
| 156 | requestIdJson.put(JSON_REQUEST_ID, state->m_requestId); |
| 157 | |
| 158 | state->m_challengeType = challengeType; |
| 159 | |
| 160 | Name interestName(state->m_ca.m_caName); |
| 161 | interestName.append("_SELECT") |
| 162 | .append(nameBlockFromJson(requestIdJson)) |
| 163 | .append(challengeType) |
| 164 | .append(nameBlockFromJson(selectParams)); |
| 165 | Interest interest(interestName); |
| 166 | m_keyChain.sign(interest, signingByKey(state->m_key.getName())); |
| 167 | |
| 168 | DataCallback dataCb = bind(&ClientModule::handleSelectResponse, this, _1, _2, state, requestCallback, errorCallback); |
| 169 | m_face.expressInterest(interest, dataCb, |
| 170 | bind(&ClientModule::onNack, this, _1, _2, errorCallback), |
| 171 | bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb, |
| 172 | requestCallback, errorCallback)); |
| 173 | |
| 174 | _LOG_TRACE("SELECT interest sent with challenge type " << challengeType); |
| 175 | } |
| 176 | |
| 177 | void |
| 178 | ClientModule::handleSelectResponse(const Interest& request, |
| 179 | const Data& reply, |
| 180 | const shared_ptr<RequestState>& state, |
| 181 | const RequestCallback& requestCallback, |
| 182 | const ErrorCallback& errorCallback) |
| 183 | { |
| 184 | if (!security::verifySignature(reply, state->m_ca.m_anchor)) { |
| 185 | errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri()); |
| 186 | return; |
| 187 | } |
| 188 | |
| 189 | JsonSection json = getJsonFromData(reply); |
Zhiyi Zhang | e30eb35 | 2017-04-13 15:26:14 -0700 | [diff] [blame] | 190 | |
| 191 | _LOG_TRACE("SELECT response would change the status from " << state->m_status << " to " + json.get<std::string>(JSON_STATUS)); |
| 192 | |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 193 | state->m_status = json.get<std::string>(JSON_STATUS); |
| 194 | |
| 195 | if (!checkStatus(*state, json, errorCallback)) { |
| 196 | return; |
| 197 | } |
| 198 | |
| 199 | _LOG_TRACE("Got SELECT response with status " << state->m_status); |
| 200 | |
| 201 | requestCallback(state); |
| 202 | } |
| 203 | |
| 204 | void |
| 205 | ClientModule::sendValidate(const shared_ptr<RequestState>& state, |
| 206 | const JsonSection& validateParams, |
| 207 | const RequestCallback& requestCallback, |
| 208 | const ErrorCallback& errorCallback) |
| 209 | { |
| 210 | JsonSection requestIdJson; |
| 211 | requestIdJson.put(JSON_REQUEST_ID, state->m_requestId); |
| 212 | |
| 213 | Name interestName(state->m_ca.m_caName); |
| 214 | interestName.append("_VALIDATE") |
| 215 | .append(nameBlockFromJson(requestIdJson)) |
| 216 | .append(state->m_challengeType) |
| 217 | .append(nameBlockFromJson(validateParams)); |
| 218 | Interest interest(interestName); |
| 219 | m_keyChain.sign(interest, signingByKey(state->m_key.getName())); |
| 220 | |
| 221 | DataCallback dataCb = bind(&ClientModule::handleValidateResponse, this, _1, _2, state, requestCallback, errorCallback); |
| 222 | m_face.expressInterest(interest, dataCb, |
| 223 | bind(&ClientModule::onNack, this, _1, _2, errorCallback), |
| 224 | bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb, |
| 225 | requestCallback, errorCallback)); |
| 226 | |
| 227 | _LOG_TRACE("VALIDATE interest sent"); |
| 228 | } |
| 229 | |
| 230 | void |
| 231 | ClientModule::handleValidateResponse(const Interest& request, |
| 232 | const Data& reply, |
| 233 | const shared_ptr<RequestState>& state, |
| 234 | const RequestCallback& requestCallback, |
| 235 | const ErrorCallback& errorCallback) |
| 236 | { |
| 237 | if (!security::verifySignature(reply, state->m_ca.m_anchor)) { |
| 238 | errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri()); |
| 239 | return; |
| 240 | } |
| 241 | |
| 242 | JsonSection json = getJsonFromData(reply); |
| 243 | state->m_status = json.get<std::string>(JSON_STATUS); |
| 244 | |
| 245 | if (!checkStatus(*state, json, errorCallback)) { |
| 246 | return; |
| 247 | } |
| 248 | |
| 249 | _LOG_TRACE("Got VALIDATE response with status " << state->m_status); |
| 250 | |
| 251 | requestCallback(state); |
| 252 | } |
| 253 | |
| 254 | |
| 255 | void |
| 256 | ClientModule::requestStatus(const shared_ptr<RequestState>& state, |
| 257 | const RequestCallback& requestCallback, |
| 258 | const ErrorCallback& errorCallback) |
| 259 | { |
| 260 | JsonSection requestIdJson; |
| 261 | requestIdJson.put(JSON_REQUEST_ID, state->m_requestId); |
| 262 | |
| 263 | Name interestName(state->m_ca.m_caName); |
| 264 | interestName.append("_STATUS").append(nameBlockFromJson(requestIdJson)); |
| 265 | Interest interest(interestName); |
| 266 | |
| 267 | m_keyChain.sign(interest, signingByKey(state->m_key.getName())); |
| 268 | |
| 269 | DataCallback dataCb = bind(&ClientModule::handleStatusResponse, this, _1, _2, state, requestCallback, errorCallback); |
| 270 | m_face.expressInterest(interest, dataCb, |
| 271 | bind(&ClientModule::onNack, this, _1, _2, errorCallback), |
| 272 | bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb, |
| 273 | requestCallback, errorCallback)); |
| 274 | |
| 275 | _LOG_TRACE("STATUS interest sent"); |
| 276 | } |
| 277 | |
| 278 | void |
| 279 | ClientModule::handleStatusResponse(const Interest& request, const Data& reply, |
| 280 | const shared_ptr<RequestState>& state, |
| 281 | const RequestCallback& requestCallback, |
| 282 | const ErrorCallback& errorCallback) |
| 283 | { |
| 284 | if (!security::verifySignature(reply, state->m_ca.m_anchor)) { |
| 285 | errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri()); |
| 286 | return; |
| 287 | } |
| 288 | |
| 289 | JsonSection json = getJsonFromData(reply); |
| 290 | state->m_status = json.get<std::string>(JSON_STATUS); |
| 291 | |
| 292 | if (!checkStatus(*state, json, errorCallback)) { |
| 293 | return; |
| 294 | } |
| 295 | |
| 296 | _LOG_TRACE("Got STATUS response with status " << state->m_status); |
| 297 | |
| 298 | requestCallback(state); |
| 299 | } |
| 300 | |
| 301 | void |
| 302 | ClientModule::requestDownload(const shared_ptr<RequestState>& state, |
| 303 | const RequestCallback& requestCallback, |
| 304 | const ErrorCallback& errorCallback) |
| 305 | { |
| 306 | JsonSection requestIdJson; |
| 307 | requestIdJson.put(JSON_REQUEST_ID, state->m_requestId); |
| 308 | |
| 309 | Name interestName(state->m_ca.m_caName); |
| 310 | interestName.append("_DOWNLOAD").append(nameBlockFromJson(requestIdJson)); |
| 311 | Interest interest(interestName); |
| 312 | interest.setMustBeFresh(true); |
| 313 | |
| 314 | DataCallback dataCb = bind(&ClientModule::handleDownloadResponse, this, _1, _2, state, requestCallback, errorCallback); |
| 315 | m_face.expressInterest(interest, dataCb, |
| 316 | bind(&ClientModule::onNack, this, _1, _2, errorCallback), |
| 317 | bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb, |
| 318 | requestCallback, errorCallback)); |
| 319 | |
| 320 | _LOG_TRACE("DOWNLOAD interest sent"); |
| 321 | } |
| 322 | |
| 323 | void |
| 324 | ClientModule::handleDownloadResponse(const Interest& request, const Data& reply, |
| 325 | const shared_ptr<RequestState>& state, |
| 326 | const RequestCallback& requestCallback, |
| 327 | const ErrorCallback& errorCallback) |
| 328 | { |
| 329 | if (!security::verifySignature(reply, state->m_ca.m_anchor)) { |
| 330 | errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri()); |
| 331 | return; |
| 332 | } |
| 333 | |
| 334 | try { |
| 335 | security::v2::Certificate cert(reply.getContent().blockFromValue()); |
| 336 | m_keyChain.addCertificate(state->m_key, cert); |
| 337 | |
| 338 | _LOG_TRACE("Got DOWNLOAD response and installed the cert " << cert.getName()); |
| 339 | } |
| 340 | catch (const std::exception& e) { |
| 341 | errorCallback(std::string(e.what())); |
| 342 | return; |
| 343 | } |
| 344 | |
| 345 | state->m_isInstalled = true; |
| 346 | requestCallback(state); |
| 347 | } |
| 348 | |
| 349 | void |
| 350 | ClientModule::onTimeout(const Interest& interest, int nRetriesLeft, const DataCallback& dataCallback, |
| 351 | const RequestCallback& requestCallback, const ErrorCallback& errorCallback) |
| 352 | { |
| 353 | if (nRetriesLeft > 0) { |
| 354 | m_face.expressInterest(interest, dataCallback, |
| 355 | bind(&ClientModule::onNack, this, _1, _2, errorCallback), |
| 356 | bind(&ClientModule::onTimeout, this, _1, nRetriesLeft - 1, dataCallback, |
| 357 | requestCallback, errorCallback)); |
| 358 | } |
| 359 | else { |
| 360 | errorCallback("Run out retries: still timeout"); |
| 361 | return; |
| 362 | } |
| 363 | } |
| 364 | |
| 365 | void |
| 366 | ClientModule::onNack(const Interest& interest, const lp::Nack& nack, const ErrorCallback& errorCallback) |
| 367 | { |
| 368 | errorCallback("Got Nack"); |
| 369 | } |
| 370 | |
| 371 | JsonSection |
| 372 | ClientModule::getJsonFromData(const Data& data) |
| 373 | { |
| 374 | Block jsonBlock = data.getContent(); |
| 375 | std::string jsonString = encoding::readString(jsonBlock); |
| 376 | std::istringstream ss(jsonString); |
| 377 | JsonSection json; |
| 378 | boost::property_tree::json_parser::read_json(ss, json); |
| 379 | return json; |
| 380 | } |
| 381 | |
| 382 | Block |
| 383 | ClientModule::nameBlockFromJson(const JsonSection& json) |
| 384 | { |
| 385 | std::stringstream ss; |
| 386 | boost::property_tree::write_json(ss, json); |
| 387 | return makeStringBlock(ndn::tlv::NameComponent, ss.str()); |
| 388 | } |
| 389 | |
| 390 | bool |
| 391 | ClientModule::checkStatus(const RequestState& state, const JsonSection& json, |
| 392 | const ErrorCallback& errorCallback) |
| 393 | { |
| 394 | if (state.m_status == "error") { |
| 395 | errorCallback(json.get(JSON_ERROR_INFO, "")); |
| 396 | return false; |
| 397 | } |
| 398 | if (state.m_requestId.empty() || state.m_status.empty()) { |
Zhiyi Zhang | e30eb35 | 2017-04-13 15:26:14 -0700 | [diff] [blame] | 399 | errorCallback("The response does not carry required fields. requestID: " + state.m_requestId |
| 400 | + " status: " + state.m_status); |
Zhiyi Zhang | 23564c8 | 2017-03-01 10:22:22 -0800 | [diff] [blame] | 401 | return false; |
| 402 | } |
| 403 | return true; |
| 404 | } |
| 405 | |
| 406 | } // namespace ndncert |
| 407 | } // namespace ndn |