Update validation related codes to security v2
Change-Id: I5467b87092820666c04f22623f0f1665ce9a1194
diff --git a/src/daemon/name-server.cpp b/src/daemon/name-server.cpp
index 70288ec..11ad3a8 100644
--- a/src/daemon/name-server.cpp
+++ b/src/daemon/name-server.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2014-2016, Regents of the University of California.
+/*
+ * Copyright (c) 2014-2017, Regents of the University of California.
*
* This file is part of NDNS (Named Data Networking Domain Name Service).
* See AUTHORS.md for complete list of NDNS authors and contributors.
@@ -20,6 +20,7 @@
#include "name-server.hpp"
#include "logger.hpp"
#include <ndn-cxx/encoding/encoding-buffer.hpp>
+#include <ndn-cxx/security/signing-helpers.hpp>
namespace ndn {
namespace ndns {
@@ -28,44 +29,32 @@
const time::milliseconds NAME_SERVER_DEFAULT_CONTENT_FRESHNESS(4000);
NameServer::NameServer(const Name& zoneName, const Name& certName, Face& face, DbMgr& dbMgr,
- KeyChain& keyChain, Validator& validator)
+ KeyChain& keyChain, security::v2::Validator& validator)
: m_zone(zoneName)
, m_dbMgr(dbMgr)
, m_ndnsPrefix(zoneName)
- , m_keyPrefix(zoneName)
, m_certName(certName)
, m_contentFreshness(NAME_SERVER_DEFAULT_CONTENT_FRESHNESS)
, m_face(face)
, m_keyChain(keyChain)
, m_validator(validator)
{
- if (!m_keyChain.doesCertificateExist(m_certName)) {
- NDNS_LOG_FATAL("Certificate: " << m_certName << " does not exist");
- throw Error("certificate does not exist in the KeyChain: " + m_certName.toUri());
- }
-
m_dbMgr.find(m_zone);
if (m_zone.getId() == 0) {
NDNS_LOG_FATAL("m_zone does not exist: " << zoneName);
- throw Error("Zone " + zoneName.toUri() + " does not exist in the database");
+ BOOST_THROW_EXCEPTION(Error("Zone " + zoneName.toUri() + " does not exist in the database"));
}
m_ndnsPrefix.append(ndns::label::NDNS_ITERATIVE_QUERY);
- m_keyPrefix.append(ndns::label::NDNS_CERT_QUERY);
m_face.setInterestFilter(m_ndnsPrefix,
bind(&NameServer::onInterest, this, _1, _2),
bind(&NameServer::onRegisterFailed, this, _1, _2)
);
- m_face.setInterestFilter(m_keyPrefix,
- bind(&NameServer::onInterest, this, _1, _2),
- bind(&NameServer::onRegisterFailed, this, _1, _2)
- );
-
NDNS_LOG_INFO("Zone: " << m_zone.getName() << " binds "
- << "Prefix: " << m_ndnsPrefix << " and " << m_keyPrefix
+ << "Prefix: " << m_ndnsPrefix
<< " with Certificate: " << m_certName
);
}
@@ -109,7 +98,7 @@
answer->setFreshnessPeriod(this->getContentFreshness());
answer->setContentType(NDNS_NACK);
- m_keyChain.sign(*answer, m_certName);
+ m_keyChain.sign(*answer, signingByCertificate(m_certName));
NDNS_LOG_TRACE("answer query with NDNS-NACK: " << answer->getName());
m_face.put(*answer);
}
@@ -127,13 +116,13 @@
const Block& block = it->blockFromValue();
data = make_shared<Data>(block);
}
- catch (std::exception& e) {
+ catch (const std::exception& e) {
NDNS_LOG_WARN("exception when getting update info: " << e.what());
return;
}
m_validator.validate(*data,
bind(&NameServer::doUpdate, this, interest.shared_from_this(), data),
- [this] (const shared_ptr<const Data>& data, const std::string& msg) {
+ [this] (const Data& data, const security::v2::ValidationError& msg) {
NDNS_LOG_WARN("Ignoring update that did not pass the verification. "
<< "Check the root certificate")
});
@@ -144,8 +133,8 @@
NameServer::onRegisterFailed(const ndn::Name& prefix, const std::string& reason)
{
NDNS_LOG_FATAL("fail to register prefix=" << prefix << ". Due to: " << reason);
- throw Error("zone " + m_zone.getName().toUri() + " register prefix: " +
- prefix.toUri() + " fails. due to: " + reason);
+ BOOST_THROW_EXCEPTION(Error("zone " + m_zone.getName().toUri() + " register prefix: " +
+ prefix.toUri() + " fails. due to: " + reason));
}
void
@@ -157,7 +146,7 @@
if (!label::matchName(*data, m_zone.getName(), re))
return;
}
- catch (std::exception& e) {
+ catch (const std::exception& e) {
NDNS_LOG_INFO("Error while name/certificate matching: " << e.what());
}
@@ -204,7 +193,7 @@
NDNS_LOG_TRACE("insert new record and answer update with UPDATE_OK");
}
}
- catch (std::exception& e) {
+ catch (const std::exception& e) {
blk.push_back(makeNonNegativeIntegerBlock(ndn::ndns::tlv::UpdateReturnCode, UPDATE_FAILURE));
blk.encode(); // must
answer->setContent(blk);
@@ -212,7 +201,7 @@
<< ". Update may need sudo privilege to write DbFile");
NDNS_LOG_TRACE("exception happens and answer update with UPDATE_FAILURE");
}
- m_keyChain.sign(*answer, m_certName);
+ m_keyChain.sign(*answer, signingByCertificate(m_certName));
m_face.put(*answer);
}