Gitiles
Code Review Sign In
gerrit.named-data.net / ndncert / eec07f5bf06c3e95b6a2301a570de7d6938a81bf / . / src / requester-request.cpp
blob: 7c5ab3c4a91afa012bd9d6c845173e3807504c47 [file] [log] [blame]
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]2/*
Tianyuan Yu13aac732022-03-03 20:59:54 -0800[diff] [blame]3 * Copyright (c) 2017-2022, Regents of the University of California.
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]4 *
5 * This file is part of ndncert, a certificate management system based on NDN.
6 *
7 * ndncert is free software: you can redistribute it and/or modify it under the terms
8 * of the GNU General Public License as published by the Free Software Foundation, either
9 * version 3 of the License, or (at your option) any later version.
10 *
11 * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License along with
16 * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
17 *
18 * See AUTHORS.md for complete list of ndncert authors and contributors.
19 */
20
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]21#include "requester-request.hpp"
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]22
Zhiyi Zhang84e11842020-11-19 20:03:23 -0800[diff] [blame]23#include "challenge/challenge-module.hpp"
Zhiyi Zhangdc25ddf2020-10-20 14:28:55 -0700[diff] [blame]24#include "detail/crypto-helpers.hpp"
Zhiyi Zhang062be6d2020-10-14 17:13:43 -0700[diff] [blame]25#include "detail/challenge-encoder.hpp"
26#include "detail/error-encoder.hpp"
27#include "detail/info-encoder.hpp"
Zhiyi Zhang7cca76a2021-02-17 14:57:42 -0800[diff] [blame]28#include "detail/request-encoder.hpp"
Zhiyi Zhang062be6d2020-10-14 17:13:43 -0700[diff] [blame]29#include "detail/probe-encoder.hpp"
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]30
31#include <ndn-cxx/metadata-object.hpp>
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]32#include <ndn-cxx/security/signing-helpers.hpp>
33#include <ndn-cxx/security/transform/base64-encode.hpp>
34#include <ndn-cxx/security/transform/buffer-source.hpp>
35#include <ndn-cxx/security/transform/stream-sink.hpp>
36#include <ndn-cxx/security/verification-helpers.hpp>
37#include <ndn-cxx/util/io.hpp>
38#include <ndn-cxx/util/random.hpp>
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]39
tylerliu96a67e82020-10-15 13:37:12 -0700[diff] [blame]40#include <boost/lexical_cast.hpp>
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]41
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]42namespace ndncert {
Zhiyi Zhang3002e6b2020-10-29 18:54:07 -0700[diff] [blame]43namespace requester {
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]44
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]45NDN_LOG_INIT(ndncert.client);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]46
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]47std::shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]48Request::genCaProfileDiscoveryInterest(const Name& caName)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]49{
Zhiyi Zhangfbcab842020-10-07 15:17:13 -0700[diff] [blame]50 Name contentName = caName;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]51 if (readString(caName.at(-1)) != "CA")
Zhiyi Zhangfbcab842020-10-07 15:17:13 -0700[diff] [blame]52 contentName.append("CA");
53 contentName.append("INFO");
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]54 return std::make_shared<Interest>(ndn::MetadataObject::makeDiscoveryInterest(contentName));
Zhiyi Zhangfbcab842020-10-07 15:17:13 -0700[diff] [blame]55}
56
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]57std::shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]58Request::genCaProfileInterestFromDiscoveryResponse(const Data& reply)
Zhiyi Zhangfbcab842020-10-07 15:17:13 -0700[diff] [blame]59{
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]60 auto metaData = ndn::MetadataObject(reply);
Davide Pesavento64d5c8f2022-03-07 22:06:22 -0500[diff] [blame]61 auto interestName = metaData.getVersionedName();
Zhiyi Zhangfbcab842020-10-07 15:17:13 -0700[diff] [blame]62 interestName.appendSegment(0);
Davide Pesavento64d5c8f2022-03-07 22:06:22 -0500[diff] [blame]63 return std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]64}
65
Zhiyi Zhang997669a2020-10-28 21:15:40 -0700[diff] [blame]66optional<CaProfile>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]67Request::onCaProfileResponse(const Data& reply)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]68{
Zhiyi Zhangf22ae242020-11-17 10:51:15 -0800[diff] [blame]69 auto caItem = infotlv::decodeDataContent(reply.getContent());
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]70 if (!ndn::security::verifySignature(reply, *caItem.cert)) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]71 NDN_LOG_ERROR("Cannot verify replied Data packet signature.");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]72 NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]73 }
74 return caItem;
75}
76
Zhiyi Zhang997669a2020-10-28 21:15:40 -0700[diff] [blame]77optional<CaProfile>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]78Request::onCaProfileResponseAfterRedirection(const Data& reply, const Name& caCertFullName)
Zhiyi Zhang837406d2020-10-05 22:01:31 -0700[diff] [blame]79{
Zhiyi Zhangf22ae242020-11-17 10:51:15 -0800[diff] [blame]80 auto caItem = infotlv::decodeDataContent(reply.getContent());
Zhiyi Zhang44c6a352020-12-14 10:57:17 -0800[diff] [blame]81 auto certBlock = caItem.cert->wireEncode();
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]82 caItem.cert = std::make_shared<Certificate>(certBlock);
Zhiyi Zhang44c6a352020-12-14 10:57:17 -0800[diff] [blame]83 if (caItem.cert->getFullName() != caCertFullName) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]84 NDN_LOG_ERROR("Ca profile does not match the certificate information offered by the original CA.");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]85 NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
Zhiyi Zhang837406d2020-10-05 22:01:31 -0700[diff] [blame]86 }
87 return onCaProfileResponse(reply);
88}
89
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]90std::shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]91Request::genProbeInterest(const CaProfile& ca, std::multimap<std::string, std::string>&& probeInfo)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]92{
Zhiyi Zhang44c6a352020-12-14 10:57:17 -0800[diff] [blame]93 Name interestName = ca.caPrefix;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]94 interestName.append("CA").append("PROBE");
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]95 auto interest = std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]96 interest->setMustBeFresh(true);
Zhiyi Zhangf22ae242020-11-17 10:51:15 -0800[diff] [blame]97 interest->setApplicationParameters(probetlv::encodeApplicationParameters(std::move(probeInfo)));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]98 return interest;
99}
100
101void
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]102Request::onProbeResponse(const Data& reply, const CaProfile& ca,
103 std::vector<std::pair<Name, int>>& identityNames, std::vector<Name>& otherCas)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]104{
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]105 if (!ndn::security::verifySignature(reply, *ca.cert)) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]106 NDN_LOG_ERROR("Cannot verify replied Data packet signature.");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]107 NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]108 }
109 processIfError(reply);
Zhiyi Zhangf22ae242020-11-17 10:51:15 -0800[diff] [blame]110 probetlv::decodeDataContent(reply.getContent(), identityNames, otherCas);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]111}
112
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]113Request::Request(ndn::KeyChain& keyChain, const CaProfile& profile, RequestType requestType)
114 : m_caProfile(profile)
115 , m_type(requestType)
116 , m_keyChain(keyChain)
117{
118}
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]119
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]120std::shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]121Request::genNewInterest(const Name& newIdentityName,
122 const time::system_clock::TimePoint& notBefore,
123 const time::system_clock::TimePoint& notAfter)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]124{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]125 if (!m_caProfile.caPrefix.isPrefixOf(newIdentityName)) {
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]126 return nullptr;
127 }
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]128 if (newIdentityName.empty()) {
129 NDN_LOG_TRACE("Randomly create a new name because newIdentityName is empty and the param is empty.");
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]130 m_identityName = m_caProfile.caPrefix;
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]131 m_identityName.append(ndn::to_string(ndn::random::generateSecureWord64()));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]132 }
133 else {
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]134 m_identityName = newIdentityName;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]135 }
136
137 // generate a newly key pair or use an existing key
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]138 const auto& pib = m_keyChain.getPib();
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]139 ndn::security::pib::Identity identity;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]140 try {
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]141 identity = pib.getIdentity(m_identityName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]142 }
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]143 catch (const ndn::security::Pib::Error&) {
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]144 identity = m_keyChain.createIdentity(m_identityName);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]145 m_isNewlyCreatedIdentity = true;
146 m_isNewlyCreatedKey = true;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]147 }
148 try {
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]149 m_keyPair = identity.getDefaultKey();
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]150 }
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]151 catch (const ndn::security::Pib::Error&) {
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]152 m_keyPair = m_keyChain.createKey(identity);
153 m_isNewlyCreatedKey = true;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]154 }
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]155 auto& keyName = m_keyPair.getName();
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]156
157 // generate certificate request
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]158 Certificate certRequest;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]159 certRequest.setName(Name(keyName).append("cert-request").appendVersion());
Zhiyi Zhang8f1ade32020-10-14 16:42:57 -0700[diff] [blame]160 certRequest.setContentType(ndn::tlv::ContentType_Key);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]161 certRequest.setContent(m_keyPair.getPublicKey().data(), m_keyPair.getPublicKey().size());
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]162 SignatureInfo signatureInfo;
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]163 signatureInfo.setValidityPeriod(ndn::security::ValidityPeriod(notBefore, notAfter));
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]164 m_keyChain.sign(certRequest, signingByKey(keyName).setSignatureInfo(signatureInfo));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]165
166 // generate Interest packet
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]167 Name interestName = m_caProfile.caPrefix;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]168 interestName.append("CA").append("NEW");
Davide Pesavento64d5c8f2022-03-07 22:06:22 -0500[diff] [blame]169 auto interest = std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]170 interest->setMustBeFresh(true);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]171 interest->setApplicationParameters(
Davide Pesavento64d5c8f2022-03-07 22:06:22 -0500[diff] [blame]172 requesttlv::encodeApplicationParameters(RequestType::NEW, m_ecdh.getSelfPubKey(), certRequest));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]173
174 // sign the Interest packet
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]175 m_keyChain.sign(*interest, signingByKey(keyName));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]176 return interest;
177}
178
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]179std::shared_ptr<Interest>
180Request::genRevokeInterest(const Certificate& certificate)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]181{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]182 if (!m_caProfile.caPrefix.isPrefixOf(certificate.getName())) {
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]183 return nullptr;
184 }
Davide Pesavento64d5c8f2022-03-07 22:06:22 -0500[diff] [blame]185
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]186 // generate Interest packet
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]187 Name interestName = m_caProfile.caPrefix;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]188 interestName.append("CA").append("REVOKE");
Davide Pesavento64d5c8f2022-03-07 22:06:22 -0500[diff] [blame]189 auto interest = std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]190 interest->setMustBeFresh(true);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]191 interest->setApplicationParameters(
Davide Pesavento64d5c8f2022-03-07 22:06:22 -0500[diff] [blame]192 requesttlv::encodeApplicationParameters(RequestType::REVOKE, m_ecdh.getSelfPubKey(), certificate));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]193 return interest;
194}
195
196std::list<std::string>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]197Request::onNewRenewRevokeResponse(const Data& reply)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]198{
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]199 if (!ndn::security::verifySignature(reply, *m_caProfile.cert)) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]200 NDN_LOG_ERROR("Cannot verify replied Data packet signature.");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]201 NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]202 }
203 processIfError(reply);
204
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]205 const auto& contentTLV = reply.getContent();
Zhiyi Zhangbed854c2020-10-20 18:25:35 -0700[diff] [blame]206 std::vector<uint8_t> ecdhKey;
207 std::array<uint8_t, 32> salt;
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]208 auto challenges = requesttlv::decodeDataContent(contentTLV, ecdhKey, salt, m_requestId);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]209
Zhiyi Zhang91f86ab2020-10-05 15:36:35 -0700[diff] [blame]210 // ECDH and HKDF
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]211 auto sharedSecret = m_ecdh.deriveSecret(ecdhKey);
Zhiyi Zhangbed854c2020-10-20 18:25:35 -0700[diff] [blame]212 hkdf(sharedSecret.data(), sharedSecret.size(),
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]213 salt.data(), salt.size(), m_aesKey.data(), m_aesKey.size(),
214 m_requestId.data(), m_requestId.size());
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]215
216 // update state
Zhiyi Zhangbed854c2020-10-20 18:25:35 -0700[diff] [blame]217 return challenges;
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]218}
219
tylerliu40226332020-11-11 15:37:16 -0800[diff] [blame]220std::multimap<std::string, std::string>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]221Request::selectOrContinueChallenge(const std::string& challengeSelected)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]222{
223 auto challenge = ChallengeModule::createChallengeModule(challengeSelected);
224 if (challenge == nullptr) {
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]225 NDN_THROW(std::runtime_error("The challenge selected is not supported by your current version of NDNCERT."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]226 }
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]227 m_challengeType = challengeSelected;
228 return challenge->getRequestedParameterList(m_status, m_challengeStatus);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]229}
230
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]231std::shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]232Request::genChallengeInterest(std::multimap<std::string, std::string>&& parameters)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]233{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]234 if (m_challengeType == "") {
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]235 NDN_THROW(std::runtime_error("The challenge has not been selected."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]236 }
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]237 auto challenge = ChallengeModule::createChallengeModule(m_challengeType);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]238 if (challenge == nullptr) {
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]239 NDN_THROW(std::runtime_error("The challenge selected is not supported by your current version of NDNCERT."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]240 }
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]241 auto challengeParams = challenge->genChallengeRequestTLV(m_status, m_challengeStatus, std::move(parameters));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]242
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]243 Name interestName = m_caProfile.caPrefix;
244 interestName.append("CA").append("CHALLENGE").append(m_requestId.data(), m_requestId.size());
Davide Pesavento64d5c8f2022-03-07 22:06:22 -0500[diff] [blame]245 auto interest = std::make_shared<Interest>(interestName);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]246 interest->setMustBeFresh(true);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]247
248 // encrypt the Interest parameters
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]249 auto paramBlock = encodeBlockWithAesGcm128(ndn::tlv::ApplicationParameters, m_aesKey.data(),
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]250 challengeParams.value(), challengeParams.value_size(),
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]251 m_requestId.data(), m_requestId.size(),
252 m_encryptionIv);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]253 interest->setApplicationParameters(paramBlock);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]254 m_keyChain.sign(*interest, signingByKey(m_keyPair.getName()));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]255 return interest;
256}
257
258void
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]259Request::onChallengeResponse(const Data& reply)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]260{
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]261 if (!ndn::security::verifySignature(reply, *m_caProfile.cert)) {
Zhiyi Zhangd61b4a82020-10-10 15:18:43 -0700[diff] [blame]262 NDN_LOG_ERROR("Cannot verify replied Data packet signature.");
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]263 NDN_THROW(std::runtime_error("Cannot verify replied Data packet signature."));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]264 }
265 processIfError(reply);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]266 challengetlv::decodeDataContent(reply.getContent(), *this);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]267}
268
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]269std::shared_ptr<Interest>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]270Request::genCertFetchInterest() const
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]271{
Davide Pesavento64d5c8f2022-03-07 22:06:22 -0500[diff] [blame]272 auto interest = std::make_shared<Interest>(m_issuedCertName);
Tianyuan Yu60775552022-03-07 17:10:10 -0800[diff] [blame]273 if (!m_forwardingHint.empty()) {
274 interest->setForwardingHint({m_forwardingHint});
275 }
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]276 return interest;
277}
278
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]279std::shared_ptr<Certificate>
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]280Request::onCertFetchResponse(const Data& reply)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]281{
282 try {
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]283 return std::make_shared<Certificate>(reply);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]284 }
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]285 catch (const std::exception&) {
Davide Pesavento64d5c8f2022-03-07 22:06:22 -0500[diff] [blame]286 NDN_LOG_ERROR("Cannot parse replied certificate");
287 NDN_THROW(std::runtime_error("Cannot parse replied certificate"));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]288 }
289}
290
291void
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]292Request::endSession()
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]293{
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]294 if (m_status == Status::SUCCESS) {
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]295 return;
296 }
Davide Pesavento64d5c8f2022-03-07 22:06:22 -0500[diff] [blame]297
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]298 if (m_isNewlyCreatedIdentity) {
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]299 // put the identity into the if scope is because it may cause an error
300 // outside since when endSession is called, identity may not have been created yet.
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]301 auto identity = m_keyChain.getPib().getIdentity(m_identityName);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]302 m_keyChain.deleteIdentity(identity);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]303 }
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]304 else if (m_isNewlyCreatedKey) {
Zhiyi Zhang6499edd2021-02-17 22:37:21 -0800[diff] [blame]305 auto identity = m_keyChain.getPib().getIdentity(m_identityName);
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]306 m_keyChain.deleteKey(identity, m_keyPair);
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]307 }
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]308}
309
310void
tylerliu4140fe82021-01-27 15:45:44 -0800[diff] [blame]311Request::processIfError(const Data& data)
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]312{
Zhiyi Zhangf22ae242020-11-17 10:51:15 -0800[diff] [blame]313 auto errorInfo = errortlv::decodefromDataContent(data.getContent());
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]314 if (std::get<0>(errorInfo) == ErrorCode::NO_ERROR) {
315 return;
316 }
Zhiyi Zhang1a222692020-10-16 11:35:49 -0700[diff] [blame]317 NDN_LOG_ERROR("Error info replied from the CA with Error code: " << std::get<0>(errorInfo) <<
318 " and Error Info: " << std::get<1>(errorInfo));
tylerliu41c11532020-10-10 16:14:45 -0700[diff] [blame]319 NDN_THROW(std::runtime_error("Error info replied from the CA with Error code: " +
Zhiyi Zhang1a222692020-10-16 11:35:49 -0700[diff] [blame]320 boost::lexical_cast<std::string>(std::get<0>(errorInfo)) +
321 " and Error Info: " + std::get<1>(errorInfo)));
Zhiyi Zhang1d3dcd22020-10-01 22:25:43 -0700[diff] [blame]322}
323
Zhiyi Zhang3002e6b2020-10-29 18:54:07 -0700[diff] [blame]324} // namespace requester
Zhiyi Zhange4891b72020-10-10 15:11:57 -0700[diff] [blame]325} // namespace ndncert