Gitiles
Code Review Sign In
gerrit.named-data.net / ndncert / 70fe25837375216fc26a097cad945f3cb29c8f3c / . / src / challenge-module / challenge-credential.hpp
blob: a617f1863f09d4bcd5f917a1c37fa48913a6e3cd [file] [log] [blame]
Zhiyi Zhang0a89b722017-04-28 17:56:01 -0700[diff] [blame]1/**
2 * Copyright (c) 2017, Regents of the University of California.
3 *
4 * This file is part of ndncert, a certificate management system based on NDN.
5 *
6 * ndncert is free software: you can redistribute it and/or modify it under the terms
7 * of the GNU General Public License as published by the Free Software Foundation, either
8 * version 3 of the License, or (at your option) any later version.
9 *
10 * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
11 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
12 * PARTICULAR PURPOSE. See the GNU General Public License for more details.
13 *
14 * You should have received copies of the GNU General Public License along with
15 * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
16 *
17 * See AUTHORS.md for complete list of ndncert authors and contributors.
18 */
19
20#ifndef NDNCERT_CHALLENGE_CREDENTIAL_HPP
21#define NDNCERT_CHALLENGE_CREDENTIAL_HPP
22
23#include "../challenge-module.hpp"
24
25namespace ndn {
26namespace ndncert {
27
28/**
29 * @brief Provide Credential based challenge
30 *
31 * Credential here means the certificate issued by a trust anchor. Once the requester
32 * could proof his/her possession of an existing certificate from other certificate, th
33 * requester could finish the challenge.
34 *
Zhiyi Zhang70fe2582017-05-19 15:01:03 -0700[diff] [blame^]35 * The requester needs to provide the proof of the possession of a certificate issued by
36 * a trust anchor. The challenge require the requester to pass the BASE64 certificate and
37 * a BASE64 self-signed certificate whose key is the same as the key in certificate.
38 *
Zhiyi Zhang0a89b722017-04-28 17:56:01 -0700[diff] [blame]39 * The main process of this challenge module is:
40 * 1. Requester provides a certificate signed by that trusted certificate as credential.
41 * 2. The challenge module will verify the signature of the credential.
42 *
43 * There are several challenge status in EMAIL challenge:
44 * FAILURE_INVALID_SIG: When the credential cannot be validated.
45 */
46class ChallengeCredential : public ChallengeModule
47{
48public:
Zhiyi Zhang70fe2582017-05-19 15:01:03 -0700[diff] [blame^]49 ChallengeCredential(const std::string& configPath = "");
Zhiyi Zhang0a89b722017-04-28 17:56:01 -0700[diff] [blame]50
51PUBLIC_WITH_TESTS_ELSE_PROTECTED:
52 JsonSection
53 processSelectInterest(const Interest& interest, CertificateRequest& request) override;
54
55 JsonSection
56 processValidateInterest(const Interest& interest, CertificateRequest& request) override;
57
58 std::list<std::string>
59 getSelectRequirements() override;
60
61 std::list<std::string>
62 getValidateRequirements(const std::string& status) override;
63
64 JsonSection
65 doGenSelectParamsJson(const std::string& status,
66 const std::list<std::string>& paramList) override;
67
68 JsonSection
69 doGenValidateParamsJson(const std::string& status,
70 const std::list<std::string>& paramList) override;
71
72PUBLIC_WITH_TESTS_ELSE_PRIVATE:
73 void
74 parseConfigFile();
75
76PUBLIC_WITH_TESTS_ELSE_PRIVATE:
77 static const std::string FAILURE_INVALID_CREDENTIAL;
78 static const std::string FAILURE_INVALID_FORMAT;
Zhiyi Zhang70fe2582017-05-19 15:01:03 -0700[diff] [blame^]79 static const std::string JSON_CREDENTIAL_CERT;
80 static const std::string JSON_CREDENTIAL_SELF;
Zhiyi Zhang0a89b722017-04-28 17:56:01 -0700[diff] [blame]81
82PUBLIC_WITH_TESTS_ELSE_PRIVATE:
83 std::list<security::v2::Certificate> m_trustAnchors;
84 std::string m_configFile;
85};
86
87} // namespace ndncert
88} // namespace ndn
89
90#endif // NDNCERT_CHALLENGE_CREDENTIAL_HPP