src/challenge-module/challenge-credential.hpp

/**
 * Copyright (c) 2017, Regents of the University of California.
 *
 * This file is part of ndncert, a certificate management system based on NDN.
 *
 * ndncert is free software: you can redistribute it and/or modify it under the terms
 * of the GNU General Public License as published by the Free Software Foundation, either
 * version 3 of the License, or (at your option) any later version.
 *
 * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
 * PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 *
 * You should have received copies of the GNU General Public License along with
 * ndncert, e.g., in COPYING.md file.  If not, see <http://www.gnu.org/licenses/>.
 *
 * See AUTHORS.md for complete list of ndncert authors and contributors.
 */

#ifndef NDNCERT_CHALLENGE_CREDENTIAL_HPP
#define NDNCERT_CHALLENGE_CREDENTIAL_HPP

#include "../challenge-module.hpp"

namespace ndn {
namespace ndncert {

/**
 * @brief Provide Credential based challenge
 *
 * Credential here means the certificate issued by a trust anchor. Once the requester
 * could proof his/her possession of an existing certificate from other certificate, th
 * requester could finish the challenge.
 *
 * The requester needs to provide the proof of the possession of a certificate issued by
 * a trust anchor. The challenge require the requester to pass the BASE64 certificate and
 * a BASE64 self-signed certificate whose key is the same as the key in certificate.
 *
 * The main process of this challenge module is:
 *   1. Requester provides a certificate signed by that trusted certificate as credential.
 *   2. The challenge module will verify the signature of the credential.
 *
 * Failure info when application fails:
 *   FAILURE_INVALID_CREDENTIAL: When the cert issued from trust anchor or self-signed cert
 *     cannot be validated.
 *   FAILURE_INVALID_FORMAT: When the credential format is wrong.
 */
class ChallengeCredential : public ChallengeModule
{
public:
  ChallengeCredential(const std::string& configPath = "");

PUBLIC_WITH_TESTS_ELSE_PROTECTED:
  JsonSection
  processSelectInterest(const Interest& interest, CertificateRequest& request) override;

  JsonSection
  processValidateInterest(const Interest& interest, CertificateRequest& request) override;

  std::list<std::string>
  getSelectRequirements() override;

  std::list<std::string>
  getValidateRequirements(const std::string& status) override;

  JsonSection
  doGenSelectParamsJson(const std::string& status,
                        const std::list<std::string>& paramList) override;

  JsonSection
  doGenValidateParamsJson(const std::string& status,
                          const std::list<std::string>& paramList) override;

PUBLIC_WITH_TESTS_ELSE_PRIVATE:
  void
  parseConfigFile();

PUBLIC_WITH_TESTS_ELSE_PRIVATE:
  static const std::string FAILURE_INVALID_CREDENTIAL;
  static const std::string FAILURE_INVALID_FORMAT;

  static const std::string JSON_CREDENTIAL_CERT;
  static const std::string JSON_CREDENTIAL_SELF;

PUBLIC_WITH_TESTS_ELSE_PRIVATE:
  std::list<security::v2::Certificate> m_trustAnchors;
  std::string m_configFile;
};

} // namespace ndncert
} // namespace ndn

#endif // NDNCERT_CHALLENGE_CREDENTIAL_HPP