Blame - src/ca-module.cpp - ndncert

blob: 2a9b5d7f9d0bc0e3ddadef45227419b99ab9711a [file] [log] [blame]

Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	1	/* -- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -- */
swa770	de007bc	2020-03-24 21:26:21 -0700	[diff] [blame]	2	/**
Davide Pesavento	b48bbda	2020-07-27 19:41:37 -0400	[diff] [blame]	3	* Copyright (c) 2017-2020, Regents of the University of California.
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	4	*
				5	* This file is part of ndncert, a certificate management system based on NDN.
				6	*
				7	* ndncert is free software: you can redistribute it and/or modify it under the terms
				8	* of the GNU General Public License as published by the Free Software Foundation, either
				9	* version 3 of the License, or (at your option) any later version.
				10	*
				11	* ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
				12	* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
				13	* PARTICULAR PURPOSE. See the GNU General Public License for more details.
				14	*
				15	* You should have received copies of the GNU General Public License along with
				16	* ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
				17	*
				18	* See AUTHORS.md for complete list of ndncert authors and contributors.
				19	*/
				20
				21	#include "ca-module.hpp"
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	22
Zhiyi Zhang	fc1678a	2020-05-12 16:52:14 -0700	[diff] [blame]	23	#include <ndn-cxx/metadata-object.hpp>
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	24	#include <ndn-cxx/security/signing-helpers.hpp>
				25	#include <ndn-cxx/security/verification-helpers.hpp>
				26	#include <ndn-cxx/util/io.hpp>
				27	#include <ndn-cxx/util/random.hpp>
				28
				29	#include "challenge-module.hpp"
				30	#include "crypto-support/enc-tlv.hpp"
				31	#include "logging.hpp"
				32	#include "protocol-detail/challenge.hpp"
				33	#include "protocol-detail/error.hpp"
				34	#include "protocol-detail/info.hpp"
				35	#include "protocol-detail/new.hpp"
				36	#include "protocol-detail/probe.hpp"
				37	#include "protocol-detail/revoke.hpp"
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	38
				39	namespace ndn {
				40	namespace ndncert {
				41
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	42	static const int IS_SUBNAME_MIN_OFFSET = 5;
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	43	static const time::seconds DEFAULT_DATA_FRESHNESS_PERIOD = 1_s;
Zhiyi Zhang	1a735bc	2019-07-04 21:36:49 -0700	[diff] [blame]	44	static const time::seconds REQUEST_VALIDITY_PERIOD_NOT_BEFORE_GRACE_PERIOD = 120_s;
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	45
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	46	_LOG_INIT(ndncert.ca);
				47
				48	CaModule::CaModule(Face& face, security::v2::KeyChain& keyChain,
				49	const std::string& configPath, const std::string& storageType)
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	50	: m_face(face)
				51	, m_keyChain(keyChain)
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	52	{
Zhiyi Zhang	a63b737	2017-05-17 14:14:34 -0700	[diff] [blame]	53	// load the config and create storage
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	54	m_config.load(configPath);
				55	m_storage = CaStorage::createCaStorage(storageType);
				56
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	57	registerPrefix();
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	58	}
				59
				60	CaModule::~CaModule()
				61	{
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	62	for (auto handle : m_interestFilterHandles) {
				63	handle.cancel();
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	64	}
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	65	for (auto handle : m_registeredPrefixHandles) {
				66	handle.unregister();
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	67	}
				68	}
				69
				70	void
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	71	CaModule::registerPrefix()
				72	{
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	73	// register localhop discovery prefix
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	74	Name localhopInfoPrefix("/localhop/CA/INFO");
				75	auto prefixId = m_face.setInterestFilter(InterestFilter(localhopInfoPrefix),
				76	bind(&CaModule::onInfo, this, _2),
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	77	bind(&CaModule::onRegisterFailed, this, _2));
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	78	m_registeredPrefixHandles.push_back(prefixId);
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	79	_LOG_TRACE("Prefix " << localhopInfoPrefix << " got registered");
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	80
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	81	// register prefixes
Suyong Won	256c906	2020-05-11 02:45:56 -0700	[diff] [blame]	82	Name prefix = m_config.m_caPrefix;
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	83	prefix.append("CA");
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	84
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	85	prefixId = m_face.registerPrefix(
				86	prefix,
				87	[&](const Name& name) {
				88	// register INFO prefix
				89	auto filterId = m_face.setInterestFilter(Name(name).append("INFO"),
				90	bind(&CaModule::onInfo, this, _2));
				91	m_interestFilterHandles.push_back(filterId);
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	92
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	93	// register PROBE prefix
				94	filterId = m_face.setInterestFilter(Name(name).append("PROBE"),
				95	bind(&CaModule::onProbe, this, _2));
				96	m_interestFilterHandles.push_back(filterId);
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	97
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	98	// register NEW prefix
				99	filterId = m_face.setInterestFilter(Name(name).append("NEW"),
				100	bind(&CaModule::onNew, this, _2));
				101	m_interestFilterHandles.push_back(filterId);
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	102
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	103	// register SELECT prefix
				104	filterId = m_face.setInterestFilter(Name(name).append("CHALLENGE"),
				105	bind(&CaModule::onChallenge, this, _2));
				106	m_interestFilterHandles.push_back(filterId);
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	107
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	108	// register REVOKE prefix
				109	filterId = m_face.setInterestFilter(Name(name).append("REVOKE"),
				110	bind(&CaModule::onRevoke, this, _2));
				111	m_interestFilterHandles.push_back(filterId);
				112	_LOG_TRACE("Prefix " << name << " got registered");
				113	},
				114	bind(&CaModule::onRegisterFailed, this, _2));
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	115	m_registeredPrefixHandles.push_back(prefixId);
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	116	}
				117
Zhiyi Zhang	f6c5d27	2020-09-28 10:17:32 -0700	[diff] [blame]	118	void
				119	CaModule::setNameAssignmentFunction(const NameAssignmentFunc& handler)
Zhiyi Zhang	7420cf5	2017-12-18 18:59:21 +0800	[diff] [blame]	120	{
Zhiyi Zhang	f6c5d27	2020-09-28 10:17:32 -0700	[diff] [blame]	121	m_config.m_nameAssignmentFunc = handler;
Zhiyi Zhang	7420cf5	2017-12-18 18:59:21 +0800	[diff] [blame]	122	}
				123
Zhiyi Zhang	343cdfb	2018-01-17 12:04:28 -0800	[diff] [blame]	124	bool
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	125	CaModule::setStatusUpdateCallback(const StatusUpdateCallback& onUpdateCallback)
Zhiyi Zhang	7420cf5	2017-12-18 18:59:21 +0800	[diff] [blame]	126	{
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	127	m_config.m_statusUpdateCallback = onUpdateCallback;
Zhiyi Zhang	343cdfb	2018-01-17 12:04:28 -0800	[diff] [blame]	128	return false;
Zhiyi Zhang	7420cf5	2017-12-18 18:59:21 +0800	[diff] [blame]	129	}
				130
Zhiyi Zhang	fc1678a	2020-05-12 16:52:14 -0700	[diff] [blame]	131	shared_ptr<Data>
				132	CaModule::generateCaConfigMetaData()
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	133	{
Zhiyi Zhang	fc1678a	2020-05-12 16:52:14 -0700	[diff] [blame]	134	// @TODO
				135	// make metadata a class member variable m_infoMetadata
				136	// check whether the m_infoMetadata has the latest versioned name, if not, then generate a new one
				137	// otherwise, directly reply m_infoMetadata.makeData
				138
				139	auto infoPacket = generateCaConfigData();
				140	MetadataObject metadata;
				141	metadata.setVersionedName(infoPacket->getName().getPrefix(-1));
				142	Name discoveryInterestName(infoPacket->getName().getPrefix(-2));
				143	name::Component metadataComponent(32, reinterpret_cast<const uint8_t*>("metadata"), std::strlen("metadata"));
				144	discoveryInterestName.append(metadataComponent);
				145	auto metadataData = metadata.makeData(discoveryInterestName, m_keyChain, signingByIdentity(m_config.m_caPrefix));
				146	return make_shared<Data>(metadataData);
				147	}
				148
				149	shared_ptr<Data>
				150	CaModule::generateCaConfigData()
				151	{
				152	// @TODO
				153	// make CaInfo Data packet a class member variable m_infoData
				154	// check whether the m_infoData is still valid, if not, then generate a new one
				155	// otherwise, directly reply m_infoData
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	156
				157	const auto& pib = m_keyChain.getPib();
Suyong Won	256c906	2020-05-11 02:45:56 -0700	[diff] [blame]	158	const auto& identity = pib.getIdentity(m_config.m_caPrefix);
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	159	const auto& cert = identity.getDefaultKey().getDefaultCertificate();
Zhiyi Zhang	61c43a6	2020-09-28 12:56:01 -0700	[diff] [blame]	160	Block contentTLV = INFO::encodeDataContent(m_config, cert);
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	161
Zhiyi Zhang	fc1678a	2020-05-12 16:52:14 -0700	[diff] [blame]	162	Name infoPacketName(m_config.m_caPrefix);
				163	infoPacketName.append("CA").append("INFO").appendVersion().appendSegment(0);
				164	Data infoData(infoPacketName);
				165	infoData.setContent(contentTLV);
				166	infoData.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
				167	m_keyChain.sign(infoData, signingByIdentity(m_config.m_caPrefix));
				168	return make_shared<Data>(infoData);
				169	}
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	170
Zhiyi Zhang	fc1678a	2020-05-12 16:52:14 -0700	[diff] [blame]	171	void
				172	CaModule::onInfo(const Interest& request)
				173	{
				174	_LOG_TRACE("Received INFO request");
				175
				176	if (request.getName().get(-1).type() == 32) {
				177	m_face.put(*generateCaConfigMetaData());
				178	}
				179	else {
				180	m_face.put(*generateCaConfigData());
				181	}
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	182
				183	_LOG_TRACE("Handle INFO: send out the INFO response");
				184	}
				185
				186	void
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	187	CaModule::onProbe(const Interest& request)
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	188	{
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	189	// PROBE Naming Convention: /<CA-Prefix>/CA/PROBE/[ParametersSha256DigestComponent]
				190	_LOG_TRACE("Received PROBE request");
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	191
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	192	// process PROBE requests: find an available name
Zhiyi Zhang	f6c5d27	2020-09-28 10:17:32 -0700	[diff] [blame]	193	std::string availableId = "";
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	194	const auto& parameterTLV = request.getApplicationParameters();
Suyong Won	44d0cce	2020-05-10 04:07:43 -0700	[diff] [blame]	195	parameterTLV.parse();
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	196	if (!parameterTLV.hasValue()) {
				197	_LOG_ERROR("Empty TLV obtained from the Interest parameter.");
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	198	return;
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	199	}
Suyong Won	44d0cce	2020-05-10 04:07:43 -0700	[diff] [blame]	200
Zhiyi Zhang	f6c5d27	2020-09-28 10:17:32 -0700	[diff] [blame]	201	// if (m_config.m_nameAssignmentFunc) {
				202	// try {
				203	// availableId = m_config.m_nameAssignmentFunc(parameterTLV);
				204	// }
				205	// catch (const std::exception& e) {
				206	// _LOG_TRACE("Cannot find PROBE input from PROBE parameters: " << e.what());
				207	// return;
				208	// }
				209	// }
				210	// else {
				211	// // if there is no app-specified name lookup, use a random name id
				212	// availableId = std::to_string(random::generateSecureWord64());
				213	// }
				214	// Name newIdentityName = m_config.m_caPrefix;
				215	// newIdentityName.append(availableId);
				216	// _LOG_TRACE("Handle PROBE: generate an identity " << newIdentityName);
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	217
Zhiyi Zhang	f6c5d27	2020-09-28 10:17:32 -0700	[diff] [blame]	218	// Block contentTLV = PROBE::encodeDataContent(newIdentityName.toUri(), m_config.m_probe, parameterTLV);
				219
				220	// Data result;
				221	// result.setName(request.getName());
				222	// result.setContent(contentTLV);
				223	// result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
				224	// m_keyChain.sign(result, signingByIdentity(m_config.m_caPrefix));
				225	// m_face.put(result);
				226	// _LOG_TRACE("Handle PROBE: send out the PROBE response");
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	227	}
				228
				229	void
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	230	CaModule::onNew(const Interest& request)
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	231	{
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	232	// NEW Naming Convention: /<CA-prefix>/CA/NEW/[SignedInterestParameters_Digest]
				233	onRequestInit(request, REQUEST_TYPE_NEW);
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	234	}
				235
				236	void
				237	CaModule::onRevoke(const Interest& request)
				238	{
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	239	// REVOKE Naming Convention: /<CA-prefix>/CA/REVOKE/[SignedInterestParameters_Digest]
				240	onRequestInit(request, REQUEST_TYPE_REVOKE);
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	241	}
				242
				243	void
				244	CaModule::onRequestInit(const Interest& request, int requestType)
				245	{
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	246	// get ECDH pub key and cert request
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	247	const auto& parameterTLV = request.getApplicationParameters();
Suyong Won	7968f7a	2020-05-12 01:01:25 -0700	[diff] [blame]	248	parameterTLV.parse();
				249
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	250	if (!parameterTLV.hasValue()) {
				251	_LOG_ERROR("Empty TLV obtained from the Interest parameter.");
Zhiyi Zhang	547c851	2019-06-18 23:46:14 -0700	[diff] [blame]	252	return;
				253	}
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	254
				255	std::string peerKeyBase64 = readString(parameterTLV.get(tlv_ecdh_pub));
				256
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	257	if (peerKeyBase64 == "") {
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	258	_LOG_ERROR("Empty ECDH PUB obtained from the Interest parameter.");
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	259	return;
				260	}
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	261
				262	// get server's ECDH pub key
				263	auto myEcdhPubKeyBase64 = m_ecdh.getBase64PubKey();
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	264	try {
				265	m_ecdh.deriveSecret(peerKeyBase64);
				266	}
				267	catch (const std::exception& e) {
				268	_LOG_ERROR("Cannot derive a shared secret using the provided ECDH key: " << e.what());
				269	return;
				270	}
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	271	// generate salt for HKDF
				272	auto saltInt = random::generateSecureWord64();
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	273	// hkdf
				274	hkdf(m_ecdh.context->sharedSecret, m_ecdh.context->sharedSecretLen,
Zhiyi Zhang	3670683	2019-07-04 21:33:03 -0700	[diff] [blame]	275	(uint8_t*)&saltInt, sizeof(saltInt), m_aesKey, sizeof(m_aesKey));
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	276
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	277	shared_ptr<security::v2::Certificate> clientCert = nullptr;
Suyong Won	7968f7a	2020-05-12 01:01:25 -0700	[diff] [blame]	278
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	279	if (requestType == REQUEST_TYPE_NEW) {
				280	// parse certificate request
				281	Block cert_req = parameterTLV.get(tlv_cert_request);
				282	cert_req.parse();
Zhiyi Zhang	693c127	2017-05-20 22:58:55 -0700	[diff] [blame]	283
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	284	try {
				285	security::v2::Certificate cert = security::v2::Certificate(cert_req.get(tlv::Data));
				286	clientCert = make_shared<security::v2::Certificate>(cert);
				287	}
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	288	catch (const std::exception& e) {
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	289	_LOG_ERROR("Unrecognized certificate request: " << e.what());
				290	return;
				291	}
				292	// check the validity period
				293	auto expectedPeriod = clientCert->getValidityPeriod().getPeriod();
				294	auto currentTime = time::system_clock::now();
				295	if (expectedPeriod.first < currentTime - REQUEST_VALIDITY_PERIOD_NOT_BEFORE_GRACE_PERIOD) {
				296	_LOG_ERROR("Client requests a too old notBefore timepoint.");
				297	return;
				298	}
				299	if (expectedPeriod.second > currentTime + m_config.m_maxValidityPeriod \|\|
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	300	expectedPeriod.second <= expectedPeriod.first) {
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	301	_LOG_ERROR("Client requests an invalid validity period or a notAfter timepoint beyond the allowed time period.");
				302	return;
				303	}
				304
				305	// verify the self-signed certificate, the request, and the token
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	306	<<<<<<< HEAD
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	307	if (!m_config.m_caPrefix.isPrefixOf(clientCert->getName()) // under ca prefix
				308	\|\| !security::v2::Certificate::isValidName(clientCert->getName()) // is valid cert name
tylerliu	0b6d0db	2020-09-28 17:52:02 -0700	[diff] [blame]	309	\|\| clientCert->getName().size() < m_config.m_caPrefix.size() + IS_SUBNAME_MIN_OFFSET
				310	\|\| clientCert->getName().size() >
				311	m_config.m_caPrefix.size() + IS_SUBNAME_MIN_OFFSET - 1 + m_config.m_maxSuffixLength) {
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	312	=======
				313	if (!m_config.m_caPrefix.isPrefixOf(clientCert->getName()) // under ca prefix
				314	\|\| !security::v2::Certificate::isValidName(clientCert->getName()) // is valid cert name
				315	\|\| clientCert->getName().size() < m_config.m_caPrefix.size() + IS_SUBNAME_MIN_OFFSET) {
				316	>>>>>>> apply Error Data packet in challenge status
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	317	_LOG_ERROR("Invalid self-signed certificate name " << clientCert->getName());
				318	return;
				319	}
				320	if (!security::verifySignature(clientCert, clientCert)) {
				321	_LOG_ERROR("Cert request with bad signature.");
				322	return;
				323	}
				324	if (!security::verifySignature(request, *clientCert)) {
				325	_LOG_ERROR("Interest with bad signature.");
				326	return;
				327	}
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	328	}
				329	else if (requestType == REQUEST_TYPE_REVOKE) {
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	330	// parse certificate request
				331	Block cert_revoke = parameterTLV.get(tlv_cert_to_revoke);
				332	cert_revoke.parse();
				333
				334	try {
				335	security::v2::Certificate cert = security::v2::Certificate(cert_revoke.get(tlv::Data));
				336	clientCert = make_shared<security::v2::Certificate>(cert);
				337	}
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	338	catch (const std::exception& e) {
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	339	_LOG_ERROR("Unrecognized certificate: " << e.what());
				340	return;
				341	}
				342
				343	// verify the certificate
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	344	<<<<<<< HEAD
Zhiyi Zhang	f6c5d27	2020-09-28 10:17:32 -0700	[diff] [blame]	345	if (!m_config.m_caPrefix.isPrefixOf(clientCert->getName()) // under ca prefix
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	346	\|\| !security::v2::Certificate::isValidName(clientCert->getName()) // is valid cert name
tylerliu	0b6d0db	2020-09-28 17:52:02 -0700	[diff] [blame]	347	\|\| clientCert->getName().size() < m_config.m_caPrefix.size() + IS_SUBNAME_MIN_OFFSET
				348	\|\| clientCert->getName().size() >
				349	m_config.m_caPrefix.size() + IS_SUBNAME_MIN_OFFSET - 1 + m_config.m_maxSuffixLength) {
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	350	=======
				351	if (!m_config.m_caPrefix.isPrefixOf(clientCert->getName()) // under ca prefix
				352	\|\| !security::v2::Certificate::isValidName(clientCert->getName()) // is valid cert name
				353	\|\| clientCert->getName().size() < m_config.m_caPrefix.size() + IS_SUBNAME_MIN_OFFSET) {
				354	>>>>>>> apply Error Data packet in challenge status
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	355	_LOG_ERROR("Invalid certificate name " << clientCert->getName());
				356	return;
				357	}
Zhiyi Zhang	f6c5d27	2020-09-28 10:17:32 -0700	[diff] [blame]	358	const auto& cert = m_keyChain.getPib().getIdentity(m_config.m_caPrefix).getDefaultKey().getDefaultCertificate();
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	359	if (!security::verifySignature(*clientCert, cert)) {
				360	_LOG_ERROR("Cert request with bad signature.");
				361	return;
				362	}
Zhiyi Zhang	693c127	2017-05-20 22:58:55 -0700	[diff] [blame]	363	}
				364
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	365	// create new request instance
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	366	std::string requestId = std::to_string(random::generateWord64());
Zhiyi Zhang	48f2378	2020-09-28 12:11:24 -0700	[diff] [blame]	367	CertificateRequest certRequest(m_config.m_caPrefix, requestId, requestType, Status::BEFORE_CHALLENGE, *clientCert);
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	368
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	369	try {
				370	m_storage->addRequest(certRequest);
				371	}
				372	catch (const std::exception& e) {
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	373	_LOG_ERROR("Cannot add new request instance into the storage: " << e.what());
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	374	return;
				375	}
				376
				377	Data result;
				378	result.setName(request.getName());
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	379	result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	380	if (requestType == REQUEST_TYPE_NEW) {
				381	result.setContent(NEW::encodeDataContent(myEcdhPubKeyBase64,
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	382	std::to_string(saltInt),
				383	certRequest,
				384	m_config.m_supportedChallenges));
				385	}
				386	else if (requestType == REQUEST_TYPE_REVOKE) {
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	387	result.setContent(REVOKE::encodeDataContent(myEcdhPubKeyBase64,
				388	std::to_string(saltInt),
				389	certRequest,
				390	m_config.m_supportedChallenges));
				391	}
Suyong Won	256c906	2020-05-11 02:45:56 -0700	[diff] [blame]	392	m_keyChain.sign(result, signingByIdentity(m_config.m_caPrefix));
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	393	m_face.put(result);
Zhiyi Zhang	a63b737	2017-05-17 14:14:34 -0700	[diff] [blame]	394
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	395	if (m_config.m_statusUpdateCallback) {
				396	m_config.m_statusUpdateCallback(certRequest);
Zhiyi Zhang	7420cf5	2017-12-18 18:59:21 +0800	[diff] [blame]	397	}
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	398	}
				399
				400	void
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	401	CaModule::onChallenge(const Interest& request)
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	402	{
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	403	// get certificate request state
				404	CertificateRequest certRequest = getCertificateRequest(request);
				405	if (certRequest.m_requestId == "") {
				406	// cannot get the request state
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	407	_LOG_ERROR("Cannot find certificate request state from CA's storage.");
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	408	m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::INVALID_PARAMETER,
				409	"Cannot find certificate request state from CA's storage."));
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	410	return;
				411	}
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	412	// verify signature
				413	if (!security::verifySignature(request, certRequest.m_cert)) {
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	414	_LOG_ERROR("Challenge Interest with bad signature.");
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	415	m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::BAD_SIGNATURE, "Bad signature."));
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	416	return;
				417	}
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	418	// decrypt the parameters
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	419	Buffer paramTLVPayload;
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	420	try {
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	421	paramTLVPayload = decodeBlockWithAesGcm128(request.getApplicationParameters(), m_aesKey,
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	422	(uint8_t*)"test", strlen("test"));
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	423	}
				424	catch (const std::exception& e) {
				425	_LOG_ERROR("Cannot successfully decrypt the Interest parameters: " << e.what());
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	426	m_storage->deleteRequest(certRequest.m_requestId);
				427	m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::INVALID_PARAMETER,
				428	"Cannot successfully decrypt the Interest parameters."));
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	429	return;
				430	}
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	431	if (paramTLVPayload.size() == 0) {
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	432	_LOG_ERROR("Got an empty buffer from content decryption.");
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	433	m_storage->deleteRequest(certRequest.m_requestId);
				434	m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::INVALID_PARAMETER,
				435	"Empty buffer from content decryption."));
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	436	return;
				437	}
Suyong Won	44d0cce	2020-05-10 04:07:43 -0700	[diff] [blame]	438	Block paramTLV = makeBinaryBlock(tlv_encrypted_payload, paramTLVPayload.data(), paramTLVPayload.size());
				439	paramTLV.parse();
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	440
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	441	// load the corresponding challenge module
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	442	std::string challengeType = readString(paramTLV.get(tlv_selected_challenge));
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	443	auto challenge = ChallengeModule::createChallengeModule(challengeType);
				444	if (challenge == nullptr) {
				445	_LOG_TRACE("Unrecognized challenge type " << challengeType);
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	446	m_storage->deleteRequest(certRequest.m_requestId);
				447	m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::INVALID_PARAMETER, "Unrecognized challenge type"));
				448	return;
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	449	}
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	450
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	451	_LOG_TRACE("CHALLENGE module to be load: " << challengeType);
				452	auto errorInfo = challenge->handleChallengeRequest(paramTLV, certRequest);
				453	if (std::get<0>(errorInfo) != ErrorCode::NO_ERROR) {
				454	m_storage->deleteRequest(certRequest.m_requestId);
				455	m_face.put(generateErrorDataPacket(request.getName(), std::get<0>(errorInfo), std::get<1>(errorInfo)));
				456	return;
				457	}
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	458
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	459	Block payload;
				460	if (certRequest.m_status == Status::PENDING) {
				461	// if challenge succeeded
				462	if (certRequest.m_requestType == REQUEST_TYPE_NEW) {
				463	auto issuedCert = issueCertificate(certRequest);
				464	certRequest.m_cert = issuedCert;
				465	certRequest.m_status = Status::SUCCESS;
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	466	try {
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	467	m_storage->addCertificate(certRequest.m_requestId, issuedCert);
				468	m_storage->deleteRequest(certRequest.m_requestId);
				469	_LOG_TRACE("New Certificate Issued " << issuedCert.getName());
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	470	}
				471	catch (const std::exception& e) {
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	472	_LOG_ERROR("Cannot add issued cert and remove the request: " << e.what());
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	473	return;
				474	}
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	475
Suyong Won	44d0cce	2020-05-10 04:07:43 -0700	[diff] [blame]	476	payload = CHALLENGE::encodeDataPayload(certRequest);
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	477	payload.parse();
				478	payload.push_back(makeNestedBlock(tlv_issued_cert_name, issuedCert.getName()));
				479	payload.encode();
				480
				481	//contentJson.add(JSON_CA_CERT_ID, readString(issuedCert.getName().at(-1)));
				482	_LOG_TRACE("Challenge succeeded. Certificate has been issued");
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	483	}
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	484	else if (certRequest.m_requestType == REQUEST_TYPE_REVOKE) {
				485	certRequest.m_status = Status::SUCCESS;
				486	try {
				487	m_storage->deleteRequest(certRequest.m_requestId);
				488	_LOG_TRACE("Certificate Revoked");
				489	}
				490	catch (const std::exception& e) {
				491	_LOG_ERROR("Cannot add issued cert and remove the request: " << e.what());
				492	return;
				493	}
				494
				495	payload = CHALLENGE::encodeDataPayload(certRequest);
				496	payload.parse();
				497	_LOG_TRACE("Challenge succeeded. Certificate has been revoked");
				498	}
				499	}
				500	else {
				501	m_storage->updateRequest(certRequest);
				502	payload = CHALLENGE::encodeDataPayload(certRequest);
				503	_LOG_TRACE("No failure no success. Challenge moves on");
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	504	}
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	505
				506	Data result;
				507	result.setName(request.getName());
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	508	result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	509
				510	// encrypt the content
Suyong Won	7968f7a	2020-05-12 01:01:25 -0700	[diff] [blame]	511	auto contentBlock = encodeBlockWithAesGcm128(tlv::Content, m_aesKey, payload.value(),
				512	payload.value_size(), (uint8_t*)"test", strlen("test"));
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	513	result.setContent(contentBlock);
Suyong Won	256c906	2020-05-11 02:45:56 -0700	[diff] [blame]	514	m_keyChain.sign(result, signingByIdentity(m_config.m_caPrefix));
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	515	m_face.put(result);
				516
				517	if (m_config.m_statusUpdateCallback) {
				518	m_config.m_statusUpdateCallback(certRequest);
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	519	}
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	520	}
				521
Zhiyi Zhang	343cdfb	2018-01-17 12:04:28 -0800	[diff] [blame]	522	security::v2::Certificate
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	523	CaModule::issueCertificate(const CertificateRequest& certRequest)
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	524	{
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	525	auto expectedPeriod =
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	526	certRequest.m_cert.getValidityPeriod().getPeriod();
Zhiyi Zhang	1a735bc	2019-07-04 21:36:49 -0700	[diff] [blame]	527	security::ValidityPeriod period(expectedPeriod.first, expectedPeriod.second);
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	528	security::v2::Certificate newCert;
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	529
				530	Name certName = certRequest.m_cert.getKeyName();
				531	certName.append("NDNCERT").append(std::to_string(random::generateSecureWord64()));
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	532	newCert.setName(certName);
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	533	newCert.setContent(certRequest.m_cert.getContent());
				534	_LOG_TRACE("cert request content " << certRequest.m_cert);
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	535	SignatureInfo signatureInfo;
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	536	signatureInfo.setValidityPeriod(period);
Zhiyi Zhang	ad6cf93	2017-10-26 16:19:15 -0700	[diff] [blame]	537	security::SigningInfo signingInfo(security::SigningInfo::SIGNER_TYPE_ID,
Suyong Won	256c906	2020-05-11 02:45:56 -0700	[diff] [blame]	538	m_config.m_caPrefix, signatureInfo);
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	539
				540	m_keyChain.sign(newCert, signingInfo);
Zhiyi Zhang	693c127	2017-05-20 22:58:55 -0700	[diff] [blame]	541	_LOG_TRACE("new cert got signed" << newCert);
Zhiyi Zhang	343cdfb	2018-01-17 12:04:28 -0800	[diff] [blame]	542	return newCert;
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	543	}
				544
				545	CertificateRequest
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	546	CaModule::getCertificateRequest(const Interest& request)
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	547	{
Davide Pesavento	b48bbda	2020-07-27 19:41:37 -0400	[diff] [blame]	548	std::string requestId;
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	549	CertificateRequest certRequest;
				550	try {
Suyong Won	256c906	2020-05-11 02:45:56 -0700	[diff] [blame]	551	requestId = readString(request.getName().at(m_config.m_caPrefix.size() + 2));
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	552	}
				553	catch (const std::exception& e) {
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	554	_LOG_ERROR("Cannot read the request ID out from the request: " << e.what());
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	555	}
				556	try {
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	557	_LOG_TRACE("Request Id to query the database " << requestId);
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	558	certRequest = m_storage->getRequest(requestId);
				559	}
				560	catch (const std::exception& e) {
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	561	_LOG_ERROR("Cannot get certificate request record from the storage: " << e.what());
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	562	}
				563	return certRequest;
				564	}
				565
				566	void
				567	CaModule::onRegisterFailed(const std::string& reason)
				568	{
Zhiyi Zhang	693c127	2017-05-20 22:58:55 -0700	[diff] [blame]	569	_LOG_ERROR("Failed to register prefix in local hub's daemon, REASON: " << reason);
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	570	}
				571
				572	Block
				573	CaModule::dataContentFromJson(const JsonSection& jsonSection)
				574	{
				575	std::stringstream ss;
				576	boost::property_tree::write_json(ss, jsonSection);
				577	return makeStringBlock(ndn::tlv::Content, ss.str());
				578	}
				579
				580	JsonSection
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	581	CaModule::jsonFromBlock(const Block& block)
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	582	{
				583	std::string jsonString;
				584	try {
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	585	jsonString = encoding::readString(block);
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	586	std::istringstream ss(jsonString);
				587	JsonSection json;
				588	boost::property_tree::json_parser::read_json(ss, json);
				589	return json;
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	590	}
				591	catch (const std::exception& e) {
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	592	_LOG_ERROR("Cannot read JSON string from TLV Value: " << e.what());
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	593	return JsonSection();
				594	}
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	595	}
				596
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame^]	597	Data
				598	CaModule::generateErrorDataPacket(const Name& name, ErrorCode error, const std::string& errorInfo)
				599	{
				600	Data result;
				601	result.setName(name);
				602	result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
				603	result.setContent(ErrorTLV::encodeDataContent(error, errorInfo));
				604	m_keyChain.sign(result, signingByIdentity(m_config.m_caPrefix));
				605	return result;
				606	}
				607
				608	} // namespace ndncert
				609	} // namespace ndn