Gitiles
Code Review Sign In
gerrit.named-data.net / ndncert / a34d6dedf83948fb7364f41381f8117b9d697c29 / . / src / requester-request.cpp
blob: 5929794e0b1c826b0feffa74942a91e1a78d33ec [file] [log] [blame]
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2017-2020, Regents of the University of California.
4 *
5 * This file is part of ndncert, a certificate management system based on NDN.
6 *
7 * ndncert is free software: you can redistribute it and/or modify it under the terms
8 * of the GNU General Public License as published by the Free Software Foundation, either
9 * version 3 of the License, or (at your option) any later version.
10 *
11 * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License along with
16 * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
17 *
18 * See AUTHORS.md for complete list of ndncert authors and contributors.
19 */
20
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]21#include "requester-request.hpp"
Zhiyi Zhang84e11842020-11-19 20:03:23 -0800[diff] [blame]22#include "challenge/challenge-module.hpp"
Zhiyi Zhangdc25ddf2020-10-20 14:28:55 -0700[diff] [blame]23#include "detail/crypto-helpers.hpp"
Zhiyi Zhang062be6d2020-10-14 17:13:43 -0700[diff] [blame]24#include "detail/challenge-encoder.hpp"
25#include "detail/error-encoder.hpp"
26#include "detail/info-encoder.hpp"
Zhiyi Zhang7cca76a2021-02-17 14:57:42 -0800[diff] [blame]27#include "detail/request-encoder.hpp"
Zhiyi Zhang062be6d2020-10-14 17:13:43 -0700[diff] [blame]28#include "detail/probe-encoder.hpp"
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]29#include <ndn-cxx/security/signing-helpers.hpp>
30#include <ndn-cxx/security/transform/base64-encode.hpp>
31#include <ndn-cxx/security/transform/buffer-source.hpp>
32#include <ndn-cxx/security/transform/stream-sink.hpp>
33#include <ndn-cxx/security/verification-helpers.hpp>
34#include <ndn-cxx/util/io.hpp>
35#include <ndn-cxx/util/random.hpp>
Zhiyi Zhangfbcab842020-10-07 15:17:13 -0700[diff] [blame]36#include <ndn-cxx/metadata-object.hpp>
tylerliu96a67e82020-10-15 13:37:12 -0700[diff] [blame]37#include <boost/lexical_cast.hpp>
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]38
39namespace ndn {
40namespace ndncert {
Zhiyi Zhang3002e6b2020-10-29 18:54:07 -0700[diff] [blame]41namespace requester {
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]42
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]43NDN_LOG_INIT(ndncert.client);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]44
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]45shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]46Request::genCaProfileDiscoveryInterest(const Name& caName)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]47{
Zhiyi Zhangfbcab842020-10-07 15:17:13 -0700[diff] [blame]48 Name contentName = caName;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]49 if (readString(caName.at(-1)) != "CA")
Zhiyi Zhangfbcab842020-10-07 15:17:13 -0700[diff] [blame]50 contentName.append("CA");
51 contentName.append("INFO");
52 return std::make_shared<Interest>(MetadataObject::makeDiscoveryInterest(contentName));
53}
54
55shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]56Request::genCaProfileInterestFromDiscoveryResponse(const Data& reply)
Zhiyi Zhangfbcab842020-10-07 15:17:13 -0700[diff] [blame]57{
Zhiyi Zhang615b6b72021-01-11 14:25:32 -0800[diff] [blame]58 // set naming convention to be typed
59 auto convention = name::getConventionEncoding();
60 name::setConventionEncoding(name::Convention::TYPED);
61
Zhiyi Zhangfbcab842020-10-07 15:17:13 -0700[diff] [blame]62 auto metaData = MetadataObject(reply);
63 auto interestName= metaData.getVersionedName();
64 interestName.appendSegment(0);
65 auto interest = std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]66 interest->setCanBePrefix(false);
Zhiyi Zhang615b6b72021-01-11 14:25:32 -0800[diff] [blame]67
68 // set back the convention
69 name::setConventionEncoding(convention);
70
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]71 return interest;
72}
73
Zhiyi Zhang997669a2020-10-28 21:15:40 -0700[diff] [blame]74optional<CaProfile>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]75Request::onCaProfileResponse(const Data& reply)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]76{
Zhiyi Zhangf22ae242020-11-17 10:51:15 -0800[diff] [blame]77 auto caItem = infotlv::decodeDataContent(reply.getContent());
Zhiyi Zhang44c6a352020-12-14 10:57:17 -0800[diff] [blame]78 if (!security::verifySignature(reply, *caItem.cert)) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]79 NDN_LOG_ERROR("Cannot verify replied Data packet signature.");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]80 NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]81 }
82 return caItem;
83}
84
Zhiyi Zhang997669a2020-10-28 21:15:40 -0700[diff] [blame]85optional<CaProfile>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]86Request::onCaProfileResponseAfterRedirection(const Data& reply, const Name& caCertFullName)
Zhiyi Zhang837406d2020-10-05 22:01:31 -0700[diff] [blame]87{
Zhiyi Zhangf22ae242020-11-17 10:51:15 -0800[diff] [blame]88 auto caItem = infotlv::decodeDataContent(reply.getContent());
Zhiyi Zhang44c6a352020-12-14 10:57:17 -0800[diff] [blame]89 auto certBlock = caItem.cert->wireEncode();
90 caItem.cert = std::make_shared<security::Certificate>(certBlock);
91 if (caItem.cert->getFullName() != caCertFullName) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]92 NDN_LOG_ERROR("Ca profile does not match the certificate information offered by the original CA.");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]93 NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
Zhiyi Zhang837406d2020-10-05 22:01:31 -0700[diff] [blame]94 }
95 return onCaProfileResponse(reply);
96}
97
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]98shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]99Request::genProbeInterest(const CaProfile& ca, std::multimap<std::string, std::string>&& probeInfo)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]100{
Zhiyi Zhang44c6a352020-12-14 10:57:17 -0800[diff] [blame]101 Name interestName = ca.caPrefix;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]102 interestName.append("CA").append("PROBE");
Zhiyi Zhang32437282020-10-10 16:15:37 -0700[diff] [blame]103 auto interest =std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]104 interest->setMustBeFresh(true);
105 interest->setCanBePrefix(false);
Zhiyi Zhangf22ae242020-11-17 10:51:15 -0800[diff] [blame]106 interest->setApplicationParameters(probetlv::encodeApplicationParameters(std::move(probeInfo)));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]107 return interest;
108}
109
110void
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]111Request::onProbeResponse(const Data& reply, const CaProfile& ca,
112 std::vector<std::pair<Name, int>>& identityNames, std::vector<Name>& otherCas)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]113{
Zhiyi Zhang44c6a352020-12-14 10:57:17 -0800[diff] [blame]114 if (!security::verifySignature(reply, *ca.cert)) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]115 NDN_LOG_ERROR("Cannot verify replied Data packet signature.");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]116 NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]117 return;
118 }
119 processIfError(reply);
Zhiyi Zhangf22ae242020-11-17 10:51:15 -0800[diff] [blame]120 probetlv::decodeDataContent(reply.getContent(), identityNames, otherCas);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]121}
122
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]123Request::Request(security::KeyChain& keyChain, const CaProfile& profile, RequestType requestType)
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]124 : m_caProfile(profile)
125 , m_type(requestType)
Zhiyi Zhang3f1c7cf2021-02-17 14:08:14 -0800[diff] [blame]126 , m_keyChain(keyChain)
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]127{}
128
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]129shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]130Request::genNewInterest(const Name& newIdentityName,
131 const time::system_clock::TimePoint& notBefore,
132 const time::system_clock::TimePoint& notAfter)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]133{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]134 if (!m_caProfile.caPrefix.isPrefixOf(newIdentityName)) {
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]135 return nullptr;
136 }
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]137 if (newIdentityName.empty()) {
138 NDN_LOG_TRACE("Randomly create a new name because newIdentityName is empty and the param is empty.");
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]139 m_identityName = m_caProfile.caPrefix;
140 m_identityName.append(std::to_string(random::generateSecureWord64()));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]141 }
142 else {
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]143 m_identityName = newIdentityName;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]144 }
145
146 // generate a newly key pair or use an existing key
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]147 const auto& pib = m_keyChain.getPib();
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]148 security::pib::Identity identity;
149 try {
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]150 identity = pib.getIdentity(m_identityName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]151 }
152 catch (const security::Pib::Error& e) {
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]153 identity = m_keyChain.createIdentity(m_identityName);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]154 m_isNewlyCreatedIdentity = true;
155 m_isNewlyCreatedKey = true;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]156 }
157 try {
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]158 m_keyPair = identity.getDefaultKey();
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]159 }
160 catch (const security::Pib::Error& e) {
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]161 m_keyPair = m_keyChain.createKey(identity);
162 m_isNewlyCreatedKey = true;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]163 }
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]164 auto& keyName = m_keyPair.getName();
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]165
166 // generate certificate request
tylerliua7bea662020-10-08 18:51:02 -0700[diff] [blame]167 security::Certificate certRequest;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]168 certRequest.setName(Name(keyName).append("cert-request").appendVersion());
Zhiyi Zhang8f1ade32020-10-14 16:42:57 -0700[diff] [blame]169 certRequest.setContentType(ndn::tlv::ContentType_Key);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]170 certRequest.setContent(m_keyPair.getPublicKey().data(), m_keyPair.getPublicKey().size());
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]171 SignatureInfo signatureInfo;
172 signatureInfo.setValidityPeriod(security::ValidityPeriod(notBefore, notAfter));
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]173 m_keyChain.sign(certRequest, signingByKey(keyName).setSignatureInfo(signatureInfo));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]174
175 // generate Interest packet
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]176 Name interestName = m_caProfile.caPrefix;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]177 interestName.append("CA").append("NEW");
Zhiyi Zhang32437282020-10-10 16:15:37 -0700[diff] [blame]178 auto interest =std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]179 interest->setMustBeFresh(true);
180 interest->setCanBePrefix(false);
181 interest->setApplicationParameters(
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]182 requesttlv::encodeApplicationParameters(RequestType::NEW, m_ecdh.getSelfPubKey(), certRequest));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]183
184 // sign the Interest packet
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]185 m_keyChain.sign(*interest, signingByKey(keyName));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]186 return interest;
187}
188
189shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]190Request::genRevokeInterest(const security::Certificate& certificate)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]191{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]192 if (!m_caProfile.caPrefix.isPrefixOf(certificate.getName())) {
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]193 return nullptr;
194 }
195 // generate Interest packet
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]196 Name interestName = m_caProfile.caPrefix;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]197 interestName.append("CA").append("REVOKE");
Zhiyi Zhang32437282020-10-10 16:15:37 -0700[diff] [blame]198 auto interest =std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]199 interest->setMustBeFresh(true);
200 interest->setCanBePrefix(false);
201 interest->setApplicationParameters(
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]202 requesttlv::encodeApplicationParameters(RequestType::REVOKE, m_ecdh.getSelfPubKey(), certificate));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]203 return interest;
204}
205
206std::list<std::string>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]207Request::onNewRenewRevokeResponse(const Data& reply)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]208{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]209 if (!security::verifySignature(reply, *m_caProfile.cert)) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]210 NDN_LOG_ERROR("Cannot verify replied Data packet signature.");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]211 NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]212 }
213 processIfError(reply);
214
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]215 const auto& contentTLV = reply.getContent();
Zhiyi Zhangbed854c2020-10-20 18:25:35 -0700[diff] [blame]216 std::vector<uint8_t> ecdhKey;
217 std::array<uint8_t, 32> salt;
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]218 auto challenges = requesttlv::decodeDataContent(contentTLV, ecdhKey, salt, m_requestId);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]219
Zhiyi Zhang91f86ab2020-10-05 15:36:35 -0700[diff] [blame]220 // ECDH and HKDF
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]221 auto sharedSecret = m_ecdh.deriveSecret(ecdhKey);
Zhiyi Zhangbed854c2020-10-20 18:25:35 -0700[diff] [blame]222 hkdf(sharedSecret.data(), sharedSecret.size(),
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]223 salt.data(), salt.size(), m_aesKey.data(), m_aesKey.size(),
224 m_requestId.data(), m_requestId.size());
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]225
226 // update state
Zhiyi Zhangbed854c2020-10-20 18:25:35 -0700[diff] [blame]227 return challenges;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]228}
229
tylerliu40226332020-11-11 15:37:16 -0800[diff] [blame]230std::multimap<std::string, std::string>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]231Request::selectOrContinueChallenge(const std::string& challengeSelected)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]232{
233 auto challenge = ChallengeModule::createChallengeModule(challengeSelected);
234 if (challenge == nullptr) {
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]235 NDN_THROW(std::runtime_error("The challenge selected is not supported by your current version of NDNCERT."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]236 }
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]237 m_challengeType = challengeSelected;
238 return challenge->getRequestedParameterList(m_status, m_challengeStatus);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]239}
240
241shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]242Request::genChallengeInterest(std::multimap<std::string, std::string>&& parameters)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]243{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]244 if (m_challengeType == "") {
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]245 NDN_THROW(std::runtime_error("The challenge has not been selected."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]246 }
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]247 auto challenge = ChallengeModule::createChallengeModule(m_challengeType);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]248 if (challenge == nullptr) {
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]249 NDN_THROW(std::runtime_error("The challenge selected is not supported by your current version of NDNCERT."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]250 }
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]251 auto challengeParams = challenge->genChallengeRequestTLV(m_status, m_challengeStatus, std::move(parameters));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]252
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]253 Name interestName = m_caProfile.caPrefix;
254 interestName.append("CA").append("CHALLENGE").append(m_requestId.data(), m_requestId.size());
Zhiyi Zhang32437282020-10-10 16:15:37 -0700[diff] [blame]255 auto interest =std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]256 interest->setMustBeFresh(true);
257 interest->setCanBePrefix(false);
258
259 // encrypt the Interest parameters
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]260 auto paramBlock = encodeBlockWithAesGcm128(ndn::tlv::ApplicationParameters, m_aesKey.data(),
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]261 challengeParams.value(), challengeParams.value_size(),
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]262 m_requestId.data(), m_requestId.size(),
263 m_encryptionIv);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]264 interest->setApplicationParameters(paramBlock);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]265 m_keyChain.sign(*interest, signingByKey(m_keyPair.getName()));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]266 return interest;
267}
268
269void
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]270Request::onChallengeResponse(const Data& reply)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]271{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]272 if (!security::verifySignature(reply, *m_caProfile.cert)) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]273 NDN_LOG_ERROR("Cannot verify replied Data packet signature.");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]274 NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]275 }
276 processIfError(reply);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]277 challengetlv::decodeDataContent(reply.getContent(), *this);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]278}
279
280shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]281Request::genCertFetchInterest() const
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]282{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]283 Name interestName = m_issuedCertName;
Zhiyi Zhang32437282020-10-10 16:15:37 -0700[diff] [blame]284 auto interest =std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]285 interest->setMustBeFresh(false);
286 interest->setCanBePrefix(false);
287 return interest;
288}
289
tylerliua7bea662020-10-08 18:51:02 -0700[diff] [blame]290shared_ptr<security::Certificate>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]291Request::onCertFetchResponse(const Data& reply)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]292{
293 try {
tylerliua7bea662020-10-08 18:51:02 -0700[diff] [blame]294 return std::make_shared<security::Certificate>(reply);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]295 }
296 catch (const std::exception& e) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]297 NDN_LOG_ERROR("Cannot parse replied certificate ");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]298 NDN_THROW(std::runtime_error("Cannot parse replied certificate "));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]299 return nullptr;
300 }
301}
302
303void
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]304Request::endSession()
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]305{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]306 if (m_status == Status::SUCCESS) {
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]307 return;
308 }
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]309 if (m_isNewlyCreatedIdentity) {
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]310 // put the identity into the if scope is because it may cause an error
311 // outside since when endSession is called, identity may not have been created yet.
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]312 auto identity = m_keyChain.getPib().getIdentity(m_identityName);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]313 m_keyChain.deleteIdentity(identity);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]314 }
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]315 else if (m_isNewlyCreatedKey) {
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]316 auto identity = m_keyChain.getPib().getIdentity(m_identityName);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]317 m_keyChain.deleteKey(identity, m_keyPair);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]318 }
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]319}
320
321void
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]322Request::processIfError(const Data& data)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]323{
Zhiyi Zhangf22ae242020-11-17 10:51:15 -0800[diff] [blame]324 auto errorInfo = errortlv::decodefromDataContent(data.getContent());
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]325 if (std::get<0>(errorInfo) == ErrorCode::NO_ERROR) {
326 return;
327 }
Zhiyi Zhang1a222692020-10-16 11:35:49 -0700[diff] [blame]328 NDN_LOG_ERROR("Error info replied from the CA with Error code: " << std::get<0>(errorInfo) <<
329 " and Error Info: " << std::get<1>(errorInfo));
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]330 NDN_THROW(std::runtime_error("Error info replied from the CA with Error code: " +
Zhiyi Zhang1a222692020-10-16 11:35:49 -0700[diff] [blame]331 boost::lexical_cast<std::string>(std::get<0>(errorInfo)) +
332 " and Error Info: " + std::get<1>(errorInfo)));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]333}
334
Zhiyi Zhang3002e6b2020-10-29 18:54:07 -0700[diff] [blame]335} // namespace requester
Zhiyi Zhange4891b72020-10-10 15:11:57 -0700[diff] [blame]336} // namespace ndncert
337} // namespace ndn