Gitiles
Code Review Sign In
gerrit.named-data.net / ndncert / 576aad18c6964a91c82c4904a283276b964901da / . / src / client-module.cpp
blob: 9994c31c96869dca4c8c7dd33076f998065c2c4e [file] [log] [blame]
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2017, Regents of the University of California.
4 *
5 * This file is part of ndncert, a certificate management system based on NDN.
6 *
7 * ndncert is free software: you can redistribute it and/or modify it under the terms
8 * of the GNU General Public License as published by the Free Software Foundation, either
9 * version 3 of the License, or (at your option) any later version.
10 *
11 * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License along with
16 * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
17 *
18 * See AUTHORS.md for complete list of ndncert authors and contributors.
19 */
20
21#include "client-module.hpp"
22#include "logging.hpp"
23#include "json-helper.hpp"
Zhiyi Zhanga9bda732017-05-20 22:58:55 -0700[diff] [blame]24#include "challenge-module.hpp"
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]25#include <ndn-cxx/security/signing-helpers.hpp>
26#include <ndn-cxx/security/verification-helpers.hpp>
27
28namespace ndn {
29namespace ndncert {
30
31_LOG_INIT(ndncert.client);
32
33ClientModule::ClientModule(Face& face, security::v2::KeyChain& keyChain, size_t retryTimes)
34 : m_face(face)
35 , m_keyChain(keyChain)
36 , m_retryTimes(retryTimes)
37{
38}
39
40void
41ClientModule::sendProbe(const ClientCaItem& ca, const std::string& probeInfo,
42 const RequestCallback& requestCallback,
43 const ErrorCallback& errorCallback)
44{
45 Interest interest(Name(ca.m_caName).append("_PROBE").append(probeInfo));
46 interest.setMustBeFresh(true);
47 DataCallback dataCb = bind(&ClientModule::handleProbeResponse, this, _1, _2, ca, requestCallback, errorCallback);
48 m_face.expressInterest(interest, dataCb,
49 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
50 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
51 requestCallback, errorCallback));
52
53 _LOG_TRACE("PROBE interest sent with Probe info " << probeInfo);
54}
55
56void
57ClientModule::handleProbeResponse(const Interest& request, const Data& reply,
58 const ClientCaItem& ca,
59 const RequestCallback& requestCallback,
60 const ErrorCallback& errorCallback)
61{
62 if (!security::verifySignature(reply, ca.m_anchor)) {
63 errorCallback("Cannot verify data from " + ca.m_caName.toUri());
64 return;
65 };
66 JsonSection contentJson = getJsonFromData(reply);
67 std::string identityNameString = contentJson.get(JSON_IDNENTIFIER, "");
68 if (!identityNameString.empty()) {
69 Name identityName(identityNameString);
70 sendNew(ca, identityName, requestCallback, errorCallback);
71
72 _LOG_TRACE("Got PROBE response with identity " << identityName);
73 }
74 else {
75 errorCallback("The response does not carry required fields.");
76 return;
77 }
78}
79
80void
81ClientModule::sendNew(const ClientCaItem& ca, const Name& identityName,
82 const RequestCallback& requestCallback,
83 const ErrorCallback& errorCallback)
84{
85 security::Identity identity = m_keyChain.createIdentity(identityName);
86
87 auto state = make_shared<RequestState>();
88 state->m_key = m_keyChain.createKey(identity);
89 state->m_ca = ca;
90 state->m_isInstalled = false;
91
92 // generate certificate request
93 security::v2::Certificate certRequest;
94 certRequest.setName(Name(state->m_key.getName()).append("cert-request").appendVersion());
95 certRequest.setContentType(tlv::ContentType_Key);
96 certRequest.setFreshnessPeriod(time::hours(24));
Zhiyi Zhang576aad12017-10-03 15:41:53 -0700[diff] [blame^]97 certRequest.setContent(state->m_key.getPublicKey().data(), state->m_key.getPublicKey().size());
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]98 SignatureInfo signatureInfo;
99 signatureInfo.setValidityPeriod(security::ValidityPeriod(time::system_clock::now(),
100 time::system_clock::now() + time::days(10)));
101 m_keyChain.sign(certRequest, signingByKey(state->m_key.getName()).setSignatureInfo(signatureInfo));
102
103 // generate interest
104 Interest interest(Name(ca.m_caName).append(Name("_NEW")).append(certRequest.wireEncode()));
105 m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
106
107 DataCallback dataCb = bind(&ClientModule::handleNewResponse, this, _1, _2, state, requestCallback, errorCallback);
108 m_face.expressInterest(interest, dataCb,
109 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
110 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
111 requestCallback, errorCallback));
112
113 _LOG_TRACE("NEW interest sent with identity " << identityName);
114}
115
116void
117ClientModule::handleNewResponse(const Interest& request, const Data& reply,
118 const shared_ptr<RequestState>& state,
119 const RequestCallback& requestCallback,
120 const ErrorCallback& errorCallback)
121{
122 if (!security::verifySignature(reply, state->m_ca.m_anchor)) {
123 errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri());
124 return;
125 }
126
127 const JsonSection& json = getJsonFromData(reply);
128 state->m_status = json.get(JSON_STATUS, "");
129 state->m_requestId = json.get(JSON_REQUEST_ID, "");
130
131 if (!checkStatus(*state, json, errorCallback)) {
132 return;
133 }
134
135 JsonSection challengesJson = json.get_child(JSON_CHALLENGES);
136 std::list<std::string> challengeList;
137 for (const auto& challengeJson : challengesJson) {
138 challengeList.push_back(challengeJson.second.get<std::string>(JSON_CHALLENGE_TYPE));
139 }
140 state->m_challengeList = challengeList;
141
142 _LOG_TRACE("Got NEW response with requestID " << state->m_requestId
143 << " with status " << state->m_status
144 << " with challenge number " << challengeList.size());
145
146 requestCallback(state);
147}
148
149void
150ClientModule::sendSelect(const shared_ptr<RequestState>& state,
151 const std::string& challengeType,
152 const JsonSection& selectParams,
153 const RequestCallback& requestCallback,
154 const ErrorCallback& errorCallback)
155{
156 JsonSection requestIdJson;
157 requestIdJson.put(JSON_REQUEST_ID, state->m_requestId);
158
159 state->m_challengeType = challengeType;
160
161 Name interestName(state->m_ca.m_caName);
162 interestName.append("_SELECT")
163 .append(nameBlockFromJson(requestIdJson))
164 .append(challengeType)
165 .append(nameBlockFromJson(selectParams));
166 Interest interest(interestName);
167 m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
168
169 DataCallback dataCb = bind(&ClientModule::handleSelectResponse, this, _1, _2, state, requestCallback, errorCallback);
170 m_face.expressInterest(interest, dataCb,
171 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
172 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
173 requestCallback, errorCallback));
174
175 _LOG_TRACE("SELECT interest sent with challenge type " << challengeType);
176}
177
178void
179ClientModule::handleSelectResponse(const Interest& request,
180 const Data& reply,
181 const shared_ptr<RequestState>& state,
182 const RequestCallback& requestCallback,
183 const ErrorCallback& errorCallback)
184{
185 if (!security::verifySignature(reply, state->m_ca.m_anchor)) {
186 errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri());
187 return;
188 }
189
190 JsonSection json = getJsonFromData(reply);
Zhiyi Zhange30eb352017-04-13 15:26:14 -0700[diff] [blame]191
192 _LOG_TRACE("SELECT response would change the status from " << state->m_status << " to " + json.get<std::string>(JSON_STATUS));
193
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]194 state->m_status = json.get<std::string>(JSON_STATUS);
195
196 if (!checkStatus(*state, json, errorCallback)) {
197 return;
198 }
199
200 _LOG_TRACE("Got SELECT response with status " << state->m_status);
201
202 requestCallback(state);
203}
204
205void
206ClientModule::sendValidate(const shared_ptr<RequestState>& state,
207 const JsonSection& validateParams,
208 const RequestCallback& requestCallback,
209 const ErrorCallback& errorCallback)
210{
211 JsonSection requestIdJson;
212 requestIdJson.put(JSON_REQUEST_ID, state->m_requestId);
213
214 Name interestName(state->m_ca.m_caName);
215 interestName.append("_VALIDATE")
216 .append(nameBlockFromJson(requestIdJson))
217 .append(state->m_challengeType)
218 .append(nameBlockFromJson(validateParams));
219 Interest interest(interestName);
220 m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
221
222 DataCallback dataCb = bind(&ClientModule::handleValidateResponse, this, _1, _2, state, requestCallback, errorCallback);
223 m_face.expressInterest(interest, dataCb,
224 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
225 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
226 requestCallback, errorCallback));
227
228 _LOG_TRACE("VALIDATE interest sent");
229}
230
231void
232ClientModule::handleValidateResponse(const Interest& request,
233 const Data& reply,
234 const shared_ptr<RequestState>& state,
235 const RequestCallback& requestCallback,
236 const ErrorCallback& errorCallback)
237{
238 if (!security::verifySignature(reply, state->m_ca.m_anchor)) {
239 errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri());
240 return;
241 }
242
243 JsonSection json = getJsonFromData(reply);
244 state->m_status = json.get<std::string>(JSON_STATUS);
245
246 if (!checkStatus(*state, json, errorCallback)) {
247 return;
248 }
249
250 _LOG_TRACE("Got VALIDATE response with status " << state->m_status);
251
252 requestCallback(state);
253}
254
255
256void
257ClientModule::requestStatus(const shared_ptr<RequestState>& state,
258 const RequestCallback& requestCallback,
259 const ErrorCallback& errorCallback)
260{
261 JsonSection requestIdJson;
262 requestIdJson.put(JSON_REQUEST_ID, state->m_requestId);
263
264 Name interestName(state->m_ca.m_caName);
265 interestName.append("_STATUS").append(nameBlockFromJson(requestIdJson));
266 Interest interest(interestName);
267
268 m_keyChain.sign(interest, signingByKey(state->m_key.getName()));
269
270 DataCallback dataCb = bind(&ClientModule::handleStatusResponse, this, _1, _2, state, requestCallback, errorCallback);
271 m_face.expressInterest(interest, dataCb,
272 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
273 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
274 requestCallback, errorCallback));
275
276 _LOG_TRACE("STATUS interest sent");
277}
278
279void
280ClientModule::handleStatusResponse(const Interest& request, const Data& reply,
281 const shared_ptr<RequestState>& state,
282 const RequestCallback& requestCallback,
283 const ErrorCallback& errorCallback)
284{
285 if (!security::verifySignature(reply, state->m_ca.m_anchor)) {
286 errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri());
287 return;
288 }
289
290 JsonSection json = getJsonFromData(reply);
291 state->m_status = json.get<std::string>(JSON_STATUS);
292
293 if (!checkStatus(*state, json, errorCallback)) {
294 return;
295 }
296
297 _LOG_TRACE("Got STATUS response with status " << state->m_status);
298
299 requestCallback(state);
300}
301
302void
303ClientModule::requestDownload(const shared_ptr<RequestState>& state,
304 const RequestCallback& requestCallback,
305 const ErrorCallback& errorCallback)
306{
307 JsonSection requestIdJson;
308 requestIdJson.put(JSON_REQUEST_ID, state->m_requestId);
309
310 Name interestName(state->m_ca.m_caName);
311 interestName.append("_DOWNLOAD").append(nameBlockFromJson(requestIdJson));
312 Interest interest(interestName);
313 interest.setMustBeFresh(true);
314
315 DataCallback dataCb = bind(&ClientModule::handleDownloadResponse, this, _1, _2, state, requestCallback, errorCallback);
316 m_face.expressInterest(interest, dataCb,
317 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
318 bind(&ClientModule::onTimeout, this, _1, m_retryTimes, dataCb,
319 requestCallback, errorCallback));
320
321 _LOG_TRACE("DOWNLOAD interest sent");
322}
323
324void
325ClientModule::handleDownloadResponse(const Interest& request, const Data& reply,
326 const shared_ptr<RequestState>& state,
327 const RequestCallback& requestCallback,
328 const ErrorCallback& errorCallback)
329{
330 if (!security::verifySignature(reply, state->m_ca.m_anchor)) {
331 errorCallback("Cannot verify data from " + state->m_ca.m_caName.toUri());
332 return;
333 }
334
335 try {
336 security::v2::Certificate cert(reply.getContent().blockFromValue());
337 m_keyChain.addCertificate(state->m_key, cert);
338
339 _LOG_TRACE("Got DOWNLOAD response and installed the cert " << cert.getName());
340 }
341 catch (const std::exception& e) {
342 errorCallback(std::string(e.what()));
343 return;
344 }
345
346 state->m_isInstalled = true;
347 requestCallback(state);
348}
349
350void
351ClientModule::onTimeout(const Interest& interest, int nRetriesLeft, const DataCallback& dataCallback,
352 const RequestCallback& requestCallback, const ErrorCallback& errorCallback)
353{
354 if (nRetriesLeft > 0) {
355 m_face.expressInterest(interest, dataCallback,
356 bind(&ClientModule::onNack, this, _1, _2, errorCallback),
357 bind(&ClientModule::onTimeout, this, _1, nRetriesLeft - 1, dataCallback,
358 requestCallback, errorCallback));
359 }
360 else {
361 errorCallback("Run out retries: still timeout");
362 return;
363 }
364}
365
366void
367ClientModule::onNack(const Interest& interest, const lp::Nack& nack, const ErrorCallback& errorCallback)
368{
369 errorCallback("Got Nack");
370}
371
372JsonSection
373ClientModule::getJsonFromData(const Data& data)
374{
375 Block jsonBlock = data.getContent();
376 std::string jsonString = encoding::readString(jsonBlock);
377 std::istringstream ss(jsonString);
378 JsonSection json;
379 boost::property_tree::json_parser::read_json(ss, json);
380 return json;
381}
382
383Block
384ClientModule::nameBlockFromJson(const JsonSection& json)
385{
386 std::stringstream ss;
387 boost::property_tree::write_json(ss, json);
388 return makeStringBlock(ndn::tlv::NameComponent, ss.str());
389}
390
391bool
392ClientModule::checkStatus(const RequestState& state, const JsonSection& json,
393 const ErrorCallback& errorCallback)
394{
Zhiyi Zhanga9bda732017-05-20 22:58:55 -0700[diff] [blame]395 if (state.m_status == ChallengeModule::FAILURE) {
396 errorCallback(json.get(JSON_FAILURE_INFO, ""));
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]397 return false;
398 }
399 if (state.m_requestId.empty() || state.m_status.empty()) {
Zhiyi Zhange30eb352017-04-13 15:26:14 -0700[diff] [blame]400 errorCallback("The response does not carry required fields. requestID: " + state.m_requestId
401 + " status: " + state.m_status);
Zhiyi Zhang23564c82017-03-01 10:22:22 -0800[diff] [blame]402 return false;
403 }
404 return true;
405}
406
407} // namespace ndncert
408} // namespace ndn