Blame - src/ca-module.cpp - ndncert

blob: 81b7138f9968251e3f10c0b5f92f79d2b3c45e23 [file] [log] [blame]

Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	1	/* -- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -- */
swa770	de007bc	2020-03-24 21:26:21 -0700	[diff] [blame]	2	/**
Davide Pesavento	b48bbda	2020-07-27 19:41:37 -0400	[diff] [blame]	3	* Copyright (c) 2017-2020, Regents of the University of California.
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	4	*
				5	* This file is part of ndncert, a certificate management system based on NDN.
				6	*
				7	* ndncert is free software: you can redistribute it and/or modify it under the terms
				8	* of the GNU General Public License as published by the Free Software Foundation, either
				9	* version 3 of the License, or (at your option) any later version.
				10	*
				11	* ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
				12	* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
				13	* PARTICULAR PURPOSE. See the GNU General Public License for more details.
				14	*
				15	* You should have received copies of the GNU General Public License along with
				16	* ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
				17	*
				18	* See AUTHORS.md for complete list of ndncert authors and contributors.
				19	*/
				20
				21	#include "ca-module.hpp"
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	22
Zhiyi Zhang	fc1678a	2020-05-12 16:52:14 -0700	[diff] [blame]	23	#include <ndn-cxx/metadata-object.hpp>
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	24	#include <ndn-cxx/security/signing-helpers.hpp>
				25	#include <ndn-cxx/security/verification-helpers.hpp>
				26	#include <ndn-cxx/util/io.hpp>
				27	#include <ndn-cxx/util/random.hpp>
				28
				29	#include "challenge-module.hpp"
				30	#include "crypto-support/enc-tlv.hpp"
				31	#include "logging.hpp"
				32	#include "protocol-detail/challenge.hpp"
				33	#include "protocol-detail/error.hpp"
				34	#include "protocol-detail/info.hpp"
				35	#include "protocol-detail/new.hpp"
				36	#include "protocol-detail/probe.hpp"
				37	#include "protocol-detail/revoke.hpp"
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	38
				39	namespace ndn {
				40	namespace ndncert {
				41
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	42	static const time::seconds DEFAULT_DATA_FRESHNESS_PERIOD = 1_s;
Zhiyi Zhang	1a735bc	2019-07-04 21:36:49 -0700	[diff] [blame]	43	static const time::seconds REQUEST_VALIDITY_PERIOD_NOT_BEFORE_GRACE_PERIOD = 120_s;
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	44
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	45	_LOG_INIT(ndncert.ca);
				46
				47	CaModule::CaModule(Face& face, security::v2::KeyChain& keyChain,
				48	const std::string& configPath, const std::string& storageType)
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	49	: m_face(face)
				50	, m_keyChain(keyChain)
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	51	{
Zhiyi Zhang	a63b737	2017-05-17 14:14:34 -0700	[diff] [blame]	52	// load the config and create storage
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	53	m_config.load(configPath);
				54	m_storage = CaStorage::createCaStorage(storageType);
				55
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	56	registerPrefix();
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	57	}
				58
				59	CaModule::~CaModule()
				60	{
Zhiyi Zhang	c87d52b	2020-09-28 22:07:18 -0700	[diff] [blame^]	61	for (auto& handle : m_interestFilterHandles) {
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	62	handle.cancel();
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	63	}
Zhiyi Zhang	c87d52b	2020-09-28 22:07:18 -0700	[diff] [blame^]	64	for (auto& handle : m_registeredPrefixHandles) {
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	65	handle.unregister();
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	66	}
				67	}
				68
				69	void
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	70	CaModule::registerPrefix()
				71	{
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	72	// register localhop discovery prefix
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	73	Name localhopInfoPrefix("/localhop/CA/INFO");
				74	auto prefixId = m_face.setInterestFilter(InterestFilter(localhopInfoPrefix),
				75	bind(&CaModule::onInfo, this, _2),
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	76	bind(&CaModule::onRegisterFailed, this, _2));
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	77	m_registeredPrefixHandles.push_back(prefixId);
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	78	_LOG_TRACE("Prefix " << localhopInfoPrefix << " got registered");
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	79
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	80	// register prefixes
Suyong Won	256c906	2020-05-11 02:45:56 -0700	[diff] [blame]	81	Name prefix = m_config.m_caPrefix;
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	82	prefix.append("CA");
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	83
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	84	prefixId = m_face.registerPrefix(
				85	prefix,
				86	[&](const Name& name) {
				87	// register INFO prefix
				88	auto filterId = m_face.setInterestFilter(Name(name).append("INFO"),
				89	bind(&CaModule::onInfo, this, _2));
				90	m_interestFilterHandles.push_back(filterId);
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	91
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	92	// register PROBE prefix
				93	filterId = m_face.setInterestFilter(Name(name).append("PROBE"),
				94	bind(&CaModule::onProbe, this, _2));
				95	m_interestFilterHandles.push_back(filterId);
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	96
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	97	// register NEW prefix
				98	filterId = m_face.setInterestFilter(Name(name).append("NEW"),
Zhiyi Zhang	c87d52b	2020-09-28 22:07:18 -0700	[diff] [blame^]	99	bind(&CaModule::onNewRenewRevoke, this, _1, _2, RequestType::NEW));
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	100	m_interestFilterHandles.push_back(filterId);
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	101
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	102	// register SELECT prefix
				103	filterId = m_face.setInterestFilter(Name(name).append("CHALLENGE"),
				104	bind(&CaModule::onChallenge, this, _2));
				105	m_interestFilterHandles.push_back(filterId);
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	106
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	107	// register REVOKE prefix
				108	filterId = m_face.setInterestFilter(Name(name).append("REVOKE"),
Zhiyi Zhang	c87d52b	2020-09-28 22:07:18 -0700	[diff] [blame^]	109	bind(&CaModule::onNewRenewRevoke, this, _1, _2, RequestType::REVOKE));
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	110	m_interestFilterHandles.push_back(filterId);
				111	_LOG_TRACE("Prefix " << name << " got registered");
				112	},
				113	bind(&CaModule::onRegisterFailed, this, _2));
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	114	m_registeredPrefixHandles.push_back(prefixId);
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	115	}
				116
Zhiyi Zhang	f6c5d27	2020-09-28 10:17:32 -0700	[diff] [blame]	117	void
				118	CaModule::setNameAssignmentFunction(const NameAssignmentFunc& handler)
Zhiyi Zhang	7420cf5	2017-12-18 18:59:21 +0800	[diff] [blame]	119	{
Zhiyi Zhang	f6c5d27	2020-09-28 10:17:32 -0700	[diff] [blame]	120	m_config.m_nameAssignmentFunc = handler;
Zhiyi Zhang	7420cf5	2017-12-18 18:59:21 +0800	[diff] [blame]	121	}
				122
Zhiyi Zhang	343cdfb	2018-01-17 12:04:28 -0800	[diff] [blame]	123	bool
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	124	CaModule::setStatusUpdateCallback(const StatusUpdateCallback& onUpdateCallback)
Zhiyi Zhang	7420cf5	2017-12-18 18:59:21 +0800	[diff] [blame]	125	{
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	126	m_config.m_statusUpdateCallback = onUpdateCallback;
Zhiyi Zhang	343cdfb	2018-01-17 12:04:28 -0800	[diff] [blame]	127	return false;
Zhiyi Zhang	7420cf5	2017-12-18 18:59:21 +0800	[diff] [blame]	128	}
				129
Zhiyi Zhang	fc1678a	2020-05-12 16:52:14 -0700	[diff] [blame]	130	shared_ptr<Data>
				131	CaModule::generateCaConfigMetaData()
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	132	{
Zhiyi Zhang	fc1678a	2020-05-12 16:52:14 -0700	[diff] [blame]	133	// @TODO
				134	// make metadata a class member variable m_infoMetadata
				135	// check whether the m_infoMetadata has the latest versioned name, if not, then generate a new one
				136	// otherwise, directly reply m_infoMetadata.makeData
				137
				138	auto infoPacket = generateCaConfigData();
				139	MetadataObject metadata;
				140	metadata.setVersionedName(infoPacket->getName().getPrefix(-1));
				141	Name discoveryInterestName(infoPacket->getName().getPrefix(-2));
				142	name::Component metadataComponent(32, reinterpret_cast<const uint8_t*>("metadata"), std::strlen("metadata"));
				143	discoveryInterestName.append(metadataComponent);
				144	auto metadataData = metadata.makeData(discoveryInterestName, m_keyChain, signingByIdentity(m_config.m_caPrefix));
				145	return make_shared<Data>(metadataData);
				146	}
				147
				148	shared_ptr<Data>
				149	CaModule::generateCaConfigData()
				150	{
				151	// @TODO
				152	// make CaInfo Data packet a class member variable m_infoData
				153	// check whether the m_infoData is still valid, if not, then generate a new one
				154	// otherwise, directly reply m_infoData
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	155
				156	const auto& pib = m_keyChain.getPib();
Suyong Won	256c906	2020-05-11 02:45:56 -0700	[diff] [blame]	157	const auto& identity = pib.getIdentity(m_config.m_caPrefix);
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	158	const auto& cert = identity.getDefaultKey().getDefaultCertificate();
Zhiyi Zhang	61c43a6	2020-09-28 12:56:01 -0700	[diff] [blame]	159	Block contentTLV = INFO::encodeDataContent(m_config, cert);
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	160
Zhiyi Zhang	fc1678a	2020-05-12 16:52:14 -0700	[diff] [blame]	161	Name infoPacketName(m_config.m_caPrefix);
				162	infoPacketName.append("CA").append("INFO").appendVersion().appendSegment(0);
				163	Data infoData(infoPacketName);
				164	infoData.setContent(contentTLV);
				165	infoData.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
				166	m_keyChain.sign(infoData, signingByIdentity(m_config.m_caPrefix));
				167	return make_shared<Data>(infoData);
				168	}
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	169
Zhiyi Zhang	fc1678a	2020-05-12 16:52:14 -0700	[diff] [blame]	170	void
				171	CaModule::onInfo(const Interest& request)
				172	{
				173	_LOG_TRACE("Received INFO request");
				174
				175	if (request.getName().get(-1).type() == 32) {
				176	m_face.put(*generateCaConfigMetaData());
				177	}
				178	else {
				179	m_face.put(*generateCaConfigData());
				180	}
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	181
				182	_LOG_TRACE("Handle INFO: send out the INFO response");
				183	}
				184
				185	void
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	186	CaModule::onProbe(const Interest& request)
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	187	{
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	188	// PROBE Naming Convention: /<CA-Prefix>/CA/PROBE/[ParametersSha256DigestComponent]
				189	_LOG_TRACE("Received PROBE request");
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	190
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	191	// process PROBE requests: find an available name
Zhiyi Zhang	f6c5d27	2020-09-28 10:17:32 -0700	[diff] [blame]	192	std::string availableId = "";
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	193	const auto& parameterTLV = request.getApplicationParameters();
Suyong Won	44d0cce	2020-05-10 04:07:43 -0700	[diff] [blame]	194	parameterTLV.parse();
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	195	if (!parameterTLV.hasValue()) {
				196	_LOG_ERROR("Empty TLV obtained from the Interest parameter.");
swa770	20643ac	2020-03-26 02:24:45 -0700	[diff] [blame]	197	return;
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	198	}
Suyong Won	44d0cce	2020-05-10 04:07:43 -0700	[diff] [blame]	199
Zhiyi Zhang	f6c5d27	2020-09-28 10:17:32 -0700	[diff] [blame]	200	// if (m_config.m_nameAssignmentFunc) {
				201	// try {
				202	// availableId = m_config.m_nameAssignmentFunc(parameterTLV);
				203	// }
				204	// catch (const std::exception& e) {
				205	// _LOG_TRACE("Cannot find PROBE input from PROBE parameters: " << e.what());
				206	// return;
				207	// }
				208	// }
				209	// else {
				210	// // if there is no app-specified name lookup, use a random name id
				211	// availableId = std::to_string(random::generateSecureWord64());
				212	// }
				213	// Name newIdentityName = m_config.m_caPrefix;
				214	// newIdentityName.append(availableId);
				215	// _LOG_TRACE("Handle PROBE: generate an identity " << newIdentityName);
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	216
Zhiyi Zhang	f6c5d27	2020-09-28 10:17:32 -0700	[diff] [blame]	217	// Block contentTLV = PROBE::encodeDataContent(newIdentityName.toUri(), m_config.m_probe, parameterTLV);
				218
				219	// Data result;
				220	// result.setName(request.getName());
				221	// result.setContent(contentTLV);
				222	// result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
				223	// m_keyChain.sign(result, signingByIdentity(m_config.m_caPrefix));
				224	// m_face.put(result);
				225	// _LOG_TRACE("Handle PROBE: send out the PROBE response");
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	226	}
				227
				228	void
Zhiyi Zhang	c87d52b	2020-09-28 22:07:18 -0700	[diff] [blame^]	229	CaModule::onNewRenewRevoke(const InterestFilter& filter, const Interest& request, RequestType requestType)
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	230	{
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	231	// NEW Naming Convention: /<CA-prefix>/CA/NEW/[SignedInterestParameters_Digest]
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	232	// REVOKE Naming Convention: /<CA-prefix>/CA/REVOKE/[SignedInterestParameters_Digest]
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	233	// get ECDH pub key and cert request
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	234	const auto& parameterTLV = request.getApplicationParameters();
Suyong Won	7968f7a	2020-05-12 01:01:25 -0700	[diff] [blame]	235	parameterTLV.parse();
				236
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	237	if (!parameterTLV.hasValue()) {
				238	_LOG_ERROR("Empty TLV obtained from the Interest parameter.");
Zhiyi Zhang	547c851	2019-06-18 23:46:14 -0700	[diff] [blame]	239	return;
				240	}
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	241
				242	std::string peerKeyBase64 = readString(parameterTLV.get(tlv_ecdh_pub));
				243
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	244	if (peerKeyBase64 == "") {
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	245	_LOG_ERROR("Empty ECDH PUB obtained from the Interest parameter.");
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	246	return;
				247	}
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	248
				249	// get server's ECDH pub key
				250	auto myEcdhPubKeyBase64 = m_ecdh.getBase64PubKey();
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	251	try {
				252	m_ecdh.deriveSecret(peerKeyBase64);
				253	}
				254	catch (const std::exception& e) {
				255	_LOG_ERROR("Cannot derive a shared secret using the provided ECDH key: " << e.what());
				256	return;
				257	}
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	258	// generate salt for HKDF
				259	auto saltInt = random::generateSecureWord64();
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	260	// hkdf
				261	hkdf(m_ecdh.context->sharedSecret, m_ecdh.context->sharedSecretLen,
Zhiyi Zhang	3670683	2019-07-04 21:33:03 -0700	[diff] [blame]	262	(uint8_t*)&saltInt, sizeof(saltInt), m_aesKey, sizeof(m_aesKey));
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	263
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	264	shared_ptr<security::v2::Certificate> clientCert = nullptr;
Suyong Won	7968f7a	2020-05-12 01:01:25 -0700	[diff] [blame]	265
Zhiyi Zhang	c87d52b	2020-09-28 22:07:18 -0700	[diff] [blame^]	266	if (requestType == RequestType::NEW) {
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	267	// parse certificate request
				268	Block cert_req = parameterTLV.get(tlv_cert_request);
				269	cert_req.parse();
Zhiyi Zhang	693c127	2017-05-20 22:58:55 -0700	[diff] [blame]	270
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	271	try {
				272	security::v2::Certificate cert = security::v2::Certificate(cert_req.get(tlv::Data));
				273	clientCert = make_shared<security::v2::Certificate>(cert);
				274	}
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	275	catch (const std::exception& e) {
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	276	_LOG_ERROR("Unrecognized certificate request: " << e.what());
				277	return;
				278	}
				279	// check the validity period
				280	auto expectedPeriod = clientCert->getValidityPeriod().getPeriod();
				281	auto currentTime = time::system_clock::now();
				282	if (expectedPeriod.first < currentTime - REQUEST_VALIDITY_PERIOD_NOT_BEFORE_GRACE_PERIOD) {
				283	_LOG_ERROR("Client requests a too old notBefore timepoint.");
				284	return;
				285	}
				286	if (expectedPeriod.second > currentTime + m_config.m_maxValidityPeriod \|\|
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	287	expectedPeriod.second <= expectedPeriod.first) {
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	288	_LOG_ERROR("Client requests an invalid validity period or a notAfter timepoint beyond the allowed time period.");
				289	return;
				290	}
				291
				292	// verify the self-signed certificate, the request, and the token
				293	if (!m_config.m_caPrefix.isPrefixOf(clientCert->getName()) // under ca prefix
				294	\|\| !security::v2::Certificate::isValidName(clientCert->getName()) // is valid cert name
tylerliu	c84c3ba	2020-09-28 18:09:46 -0700	[diff] [blame]	295	\|\| clientCert->getIdentity().size() <= m_config.m_caPrefix.size()
				296	\|\| clientCert->getIdentity().size() > m_config.m_caPrefix.size() + m_config.m_maxSuffixLength) {
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	297	_LOG_ERROR("Invalid self-signed certificate name " << clientCert->getName());
				298	return;
				299	}
				300	if (!security::verifySignature(clientCert, clientCert)) {
				301	_LOG_ERROR("Cert request with bad signature.");
				302	return;
				303	}
				304	if (!security::verifySignature(request, *clientCert)) {
				305	_LOG_ERROR("Interest with bad signature.");
				306	return;
				307	}
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	308	}
Zhiyi Zhang	c87d52b	2020-09-28 22:07:18 -0700	[diff] [blame^]	309	else if (requestType == RequestType::REVOKE) {
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	310	// parse certificate request
				311	Block cert_revoke = parameterTLV.get(tlv_cert_to_revoke);
				312	cert_revoke.parse();
				313
				314	try {
				315	security::v2::Certificate cert = security::v2::Certificate(cert_revoke.get(tlv::Data));
				316	clientCert = make_shared<security::v2::Certificate>(cert);
				317	}
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	318	catch (const std::exception& e) {
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	319	_LOG_ERROR("Unrecognized certificate: " << e.what());
				320	return;
				321	}
				322
				323	// verify the certificate
Zhiyi Zhang	f6c5d27	2020-09-28 10:17:32 -0700	[diff] [blame]	324	if (!m_config.m_caPrefix.isPrefixOf(clientCert->getName()) // under ca prefix
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	325	\|\| !security::v2::Certificate::isValidName(clientCert->getName()) // is valid cert name
tylerliu	c84c3ba	2020-09-28 18:09:46 -0700	[diff] [blame]	326	\|\| clientCert->getIdentity().size() <= m_config.m_caPrefix.size()
				327	\|\| clientCert->getIdentity().size() > m_config.m_caPrefix.size() + m_config.m_maxSuffixLength) {
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	328	_LOG_ERROR("Invalid certificate name " << clientCert->getName());
				329	return;
				330	}
Zhiyi Zhang	f6c5d27	2020-09-28 10:17:32 -0700	[diff] [blame]	331	const auto& cert = m_keyChain.getPib().getIdentity(m_config.m_caPrefix).getDefaultKey().getDefaultCertificate();
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	332	if (!security::verifySignature(*clientCert, cert)) {
				333	_LOG_ERROR("Cert request with bad signature.");
				334	return;
				335	}
Zhiyi Zhang	693c127	2017-05-20 22:58:55 -0700	[diff] [blame]	336	}
				337
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	338	// create new request instance
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	339	std::string requestId = std::to_string(random::generateWord64());
Zhiyi Zhang	48f2378	2020-09-28 12:11:24 -0700	[diff] [blame]	340	CertificateRequest certRequest(m_config.m_caPrefix, requestId, requestType, Status::BEFORE_CHALLENGE, *clientCert);
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	341
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	342	try {
				343	m_storage->addRequest(certRequest);
				344	}
				345	catch (const std::exception& e) {
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	346	_LOG_ERROR("Cannot add new request instance into the storage: " << e.what());
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	347	return;
				348	}
				349
				350	Data result;
				351	result.setName(request.getName());
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	352	result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
Zhiyi Zhang	c87d52b	2020-09-28 22:07:18 -0700	[diff] [blame^]	353	if (requestType == RequestType::NEW) {
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	354	result.setContent(NEW::encodeDataContent(myEcdhPubKeyBase64,
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	355	std::to_string(saltInt),
				356	certRequest,
				357	m_config.m_supportedChallenges));
				358	}
Zhiyi Zhang	c87d52b	2020-09-28 22:07:18 -0700	[diff] [blame^]	359	else if (requestType == RequestType::REVOKE) {
tylerliu	4a00aad	2020-09-26 02:03:17 -0700	[diff] [blame]	360	result.setContent(REVOKE::encodeDataContent(myEcdhPubKeyBase64,
				361	std::to_string(saltInt),
				362	certRequest,
				363	m_config.m_supportedChallenges));
				364	}
Suyong Won	256c906	2020-05-11 02:45:56 -0700	[diff] [blame]	365	m_keyChain.sign(result, signingByIdentity(m_config.m_caPrefix));
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	366	m_face.put(result);
Zhiyi Zhang	a63b737	2017-05-17 14:14:34 -0700	[diff] [blame]	367
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	368	if (m_config.m_statusUpdateCallback) {
				369	m_config.m_statusUpdateCallback(certRequest);
Zhiyi Zhang	7420cf5	2017-12-18 18:59:21 +0800	[diff] [blame]	370	}
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	371	}
				372
				373	void
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	374	CaModule::onChallenge(const Interest& request)
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	375	{
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	376	// get certificate request state
				377	CertificateRequest certRequest = getCertificateRequest(request);
				378	if (certRequest.m_requestId == "") {
				379	// cannot get the request state
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	380	_LOG_ERROR("Cannot find certificate request state from CA's storage.");
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	381	m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::INVALID_PARAMETER,
				382	"Cannot find certificate request state from CA's storage."));
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	383	return;
				384	}
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	385	// verify signature
				386	if (!security::verifySignature(request, certRequest.m_cert)) {
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	387	_LOG_ERROR("Challenge Interest with bad signature.");
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	388	m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::BAD_SIGNATURE, "Bad signature."));
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	389	return;
				390	}
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	391	// decrypt the parameters
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	392	Buffer paramTLVPayload;
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	393	try {
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	394	paramTLVPayload = decodeBlockWithAesGcm128(request.getApplicationParameters(), m_aesKey,
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	395	(uint8_t*)"test", strlen("test"));
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	396	}
				397	catch (const std::exception& e) {
				398	_LOG_ERROR("Cannot successfully decrypt the Interest parameters: " << e.what());
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	399	m_storage->deleteRequest(certRequest.m_requestId);
				400	m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::INVALID_PARAMETER,
				401	"Cannot successfully decrypt the Interest parameters."));
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	402	return;
				403	}
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	404	if (paramTLVPayload.size() == 0) {
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	405	_LOG_ERROR("Got an empty buffer from content decryption.");
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	406	m_storage->deleteRequest(certRequest.m_requestId);
				407	m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::INVALID_PARAMETER,
				408	"Empty buffer from content decryption."));
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	409	return;
				410	}
Suyong Won	44d0cce	2020-05-10 04:07:43 -0700	[diff] [blame]	411	Block paramTLV = makeBinaryBlock(tlv_encrypted_payload, paramTLVPayload.data(), paramTLVPayload.size());
				412	paramTLV.parse();
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	413
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	414	// load the corresponding challenge module
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	415	std::string challengeType = readString(paramTLV.get(tlv_selected_challenge));
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	416	auto challenge = ChallengeModule::createChallengeModule(challengeType);
				417	if (challenge == nullptr) {
				418	_LOG_TRACE("Unrecognized challenge type " << challengeType);
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	419	m_storage->deleteRequest(certRequest.m_requestId);
				420	m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::INVALID_PARAMETER, "Unrecognized challenge type"));
				421	return;
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	422	}
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	423
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	424	_LOG_TRACE("CHALLENGE module to be load: " << challengeType);
				425	auto errorInfo = challenge->handleChallengeRequest(paramTLV, certRequest);
				426	if (std::get<0>(errorInfo) != ErrorCode::NO_ERROR) {
				427	m_storage->deleteRequest(certRequest.m_requestId);
				428	m_face.put(generateErrorDataPacket(request.getName(), std::get<0>(errorInfo), std::get<1>(errorInfo)));
				429	return;
				430	}
Suyong Won	19fba4d	2020-05-09 13:39:46 -0700	[diff] [blame]	431
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	432	Block payload;
				433	if (certRequest.m_status == Status::PENDING) {
				434	// if challenge succeeded
Zhiyi Zhang	c87d52b	2020-09-28 22:07:18 -0700	[diff] [blame^]	435	if (certRequest.m_requestType == RequestType::NEW) {
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	436	auto issuedCert = issueCertificate(certRequest);
				437	certRequest.m_cert = issuedCert;
				438	certRequest.m_status = Status::SUCCESS;
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	439	try {
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	440	m_storage->addCertificate(certRequest.m_requestId, issuedCert);
				441	m_storage->deleteRequest(certRequest.m_requestId);
				442	_LOG_TRACE("New Certificate Issued " << issuedCert.getName());
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	443	}
				444	catch (const std::exception& e) {
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	445	_LOG_ERROR("Cannot add issued cert and remove the request: " << e.what());
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	446	return;
				447	}
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	448
Suyong Won	44d0cce	2020-05-10 04:07:43 -0700	[diff] [blame]	449	payload = CHALLENGE::encodeDataPayload(certRequest);
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	450	payload.parse();
				451	payload.push_back(makeNestedBlock(tlv_issued_cert_name, issuedCert.getName()));
				452	payload.encode();
				453
				454	//contentJson.add(JSON_CA_CERT_ID, readString(issuedCert.getName().at(-1)));
				455	_LOG_TRACE("Challenge succeeded. Certificate has been issued");
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	456	}
Zhiyi Zhang	c87d52b	2020-09-28 22:07:18 -0700	[diff] [blame^]	457	else if (certRequest.m_requestType == RequestType::REVOKE) {
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	458	certRequest.m_status = Status::SUCCESS;
				459	try {
				460	m_storage->deleteRequest(certRequest.m_requestId);
				461	_LOG_TRACE("Certificate Revoked");
				462	}
				463	catch (const std::exception& e) {
				464	_LOG_ERROR("Cannot add issued cert and remove the request: " << e.what());
				465	return;
				466	}
				467
				468	payload = CHALLENGE::encodeDataPayload(certRequest);
				469	payload.parse();
				470	_LOG_TRACE("Challenge succeeded. Certificate has been revoked");
				471	}
				472	}
				473	else {
				474	m_storage->updateRequest(certRequest);
				475	payload = CHALLENGE::encodeDataPayload(certRequest);
				476	_LOG_TRACE("No failure no success. Challenge moves on");
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	477	}
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	478
				479	Data result;
				480	result.setName(request.getName());
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	481	result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	482
				483	// encrypt the content
Suyong Won	7968f7a	2020-05-12 01:01:25 -0700	[diff] [blame]	484	auto contentBlock = encodeBlockWithAesGcm128(tlv::Content, m_aesKey, payload.value(),
				485	payload.value_size(), (uint8_t*)"test", strlen("test"));
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	486	result.setContent(contentBlock);
Suyong Won	256c906	2020-05-11 02:45:56 -0700	[diff] [blame]	487	m_keyChain.sign(result, signingByIdentity(m_config.m_caPrefix));
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	488	m_face.put(result);
				489
				490	if (m_config.m_statusUpdateCallback) {
				491	m_config.m_statusUpdateCallback(certRequest);
Zhiyi Zhang	1c0bd37	2017-12-18 18:32:55 +0800	[diff] [blame]	492	}
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	493	}
				494
Zhiyi Zhang	343cdfb	2018-01-17 12:04:28 -0800	[diff] [blame]	495	security::v2::Certificate
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	496	CaModule::issueCertificate(const CertificateRequest& certRequest)
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	497	{
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	498	auto expectedPeriod =
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	499	certRequest.m_cert.getValidityPeriod().getPeriod();
Zhiyi Zhang	1a735bc	2019-07-04 21:36:49 -0700	[diff] [blame]	500	security::ValidityPeriod period(expectedPeriod.first, expectedPeriod.second);
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	501	security::v2::Certificate newCert;
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	502
				503	Name certName = certRequest.m_cert.getKeyName();
				504	certName.append("NDNCERT").append(std::to_string(random::generateSecureWord64()));
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	505	newCert.setName(certName);
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	506	newCert.setContent(certRequest.m_cert.getContent());
				507	_LOG_TRACE("cert request content " << certRequest.m_cert);
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	508	SignatureInfo signatureInfo;
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	509	signatureInfo.setValidityPeriod(period);
Zhiyi Zhang	ad6cf93	2017-10-26 16:19:15 -0700	[diff] [blame]	510	security::SigningInfo signingInfo(security::SigningInfo::SIGNER_TYPE_ID,
Suyong Won	256c906	2020-05-11 02:45:56 -0700	[diff] [blame]	511	m_config.m_caPrefix, signatureInfo);
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	512
				513	m_keyChain.sign(newCert, signingInfo);
Zhiyi Zhang	693c127	2017-05-20 22:58:55 -0700	[diff] [blame]	514	_LOG_TRACE("new cert got signed" << newCert);
Zhiyi Zhang	343cdfb	2018-01-17 12:04:28 -0800	[diff] [blame]	515	return newCert;
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	516	}
				517
				518	CertificateRequest
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	519	CaModule::getCertificateRequest(const Interest& request)
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	520	{
Davide Pesavento	b48bbda	2020-07-27 19:41:37 -0400	[diff] [blame]	521	std::string requestId;
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	522	CertificateRequest certRequest;
				523	try {
Suyong Won	256c906	2020-05-11 02:45:56 -0700	[diff] [blame]	524	requestId = readString(request.getName().at(m_config.m_caPrefix.size() + 2));
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	525	}
				526	catch (const std::exception& e) {
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	527	_LOG_ERROR("Cannot read the request ID out from the request: " << e.what());
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	528	}
				529	try {
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	530	_LOG_TRACE("Request Id to query the database " << requestId);
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	531	certRequest = m_storage->getRequest(requestId);
				532	}
				533	catch (const std::exception& e) {
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	534	_LOG_ERROR("Cannot get certificate request record from the storage: " << e.what());
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	535	}
				536	return certRequest;
				537	}
				538
				539	void
				540	CaModule::onRegisterFailed(const std::string& reason)
				541	{
Zhiyi Zhang	693c127	2017-05-20 22:58:55 -0700	[diff] [blame]	542	_LOG_ERROR("Failed to register prefix in local hub's daemon, REASON: " << reason);
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	543	}
				544
				545	Block
				546	CaModule::dataContentFromJson(const JsonSection& jsonSection)
				547	{
				548	std::stringstream ss;
				549	boost::property_tree::write_json(ss, jsonSection);
				550	return makeStringBlock(ndn::tlv::Content, ss.str());
				551	}
				552
				553	JsonSection
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	554	CaModule::jsonFromBlock(const Block& block)
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	555	{
				556	std::string jsonString;
				557	try {
Zhiyi Zhang	af7c290	2019-03-14 22:13:21 -0700	[diff] [blame]	558	jsonString = encoding::readString(block);
Zhiyi Zhang	42e1cf3	2019-06-22 17:11:42 -0700	[diff] [blame]	559	std::istringstream ss(jsonString);
				560	JsonSection json;
				561	boost::property_tree::json_parser::read_json(ss, json);
				562	return json;
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	563	}
				564	catch (const std::exception& e) {
Zhiyi Zhang	bc2d412	2019-09-10 12:10:54 -0700	[diff] [blame]	565	_LOG_ERROR("Cannot read JSON string from TLV Value: " << e.what());
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	566	return JsonSection();
				567	}
Zhiyi Zhang	f5246c4	2017-01-26 09:39:20 -0800	[diff] [blame]	568	}
				569
Zhiyi Zhang	aafc55e	2020-09-28 17:54:48 -0700	[diff] [blame]	570	Data
				571	CaModule::generateErrorDataPacket(const Name& name, ErrorCode error, const std::string& errorInfo)
				572	{
				573	Data result;
				574	result.setName(name);
				575	result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
				576	result.setContent(ErrorTLV::encodeDataContent(error, errorInfo));
				577	m_keyChain.sign(result, signingByIdentity(m_config.m_caPrefix));
				578	return result;
				579	}
				580
				581	} // namespace ndncert
				582	} // namespace ndn