Gitiles
Code Review Sign In
gerrit.named-data.net / ndns / 08d18748fb51c34ec9d240efaac611e2bc71b6b1 / . / src / mgmt / management-tool.cpp
blob: 3832561e4ee3439fd73280d5e45375c8984d20d0 [file] [log] [blame]
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]2/*
Yumin Xia55a7cc42017-05-14 18:43:34 -0700[diff] [blame]3 * Copyright (c) 2014-2018, Regents of the University of California.
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]4 *
5 * This file is part of NDNS (Named Data Networking Domain Name Service).
6 * See AUTHORS.md for complete list of NDNS authors and contributors.
7 *
8 * NDNS is free software: you can redistribute it and/or modify it under the terms
9 * of the GNU General Public License as published by the Free Software Foundation,
10 * either version 3 of the License, or (at your option) any later version.
11 *
12 * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
13 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
14 * PURPOSE. See the GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * NDNS, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20#include "management-tool.hpp"
21#include "logger.hpp"
22#include "ndns-label.hpp"
23#include "ndns-tlv.hpp"
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]24#include "util/cert-helper.hpp"
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]25
26#include <string>
27#include <iomanip>
28
29#include <boost/filesystem/operations.hpp>
30#include <boost/filesystem/path.hpp>
31#include <boost/algorithm/string/replace.hpp>
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame]32#include <boost/lexical_cast.hpp>
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]33
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]34#include <ndn-cxx/util/regex.hpp>
Jiewen Tand1dd86d2015-03-20 10:26:28 -0700[diff] [blame]35#include <ndn-cxx/util/indented-stream.hpp>
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]36#include <ndn-cxx/util/io.hpp>
Yumin Xia5dd9f2b2016-10-26 20:48:05 -0700[diff] [blame]37#include <ndn-cxx/link.hpp>
Yumin Xiac5ed63f2017-01-26 13:44:38 -0800[diff] [blame]38#include <ndn-cxx/security/signing-helpers.hpp>
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]39#include <ndn-cxx/security/transform.hpp>
40
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]41
42namespace ndn {
43namespace ndns {
44
Alexander Afanasyev08d18742018-03-15 16:31:28 -0400[diff] [blame^]45NDNS_LOG_INIT(ManagementTool);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]46
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]47using security::transform::base64Encode;
48using security::transform::streamSink;
49using security::transform::bufferSource;
50using security::v2::Certificate;
51using security::Identity;
52using security::Key;
53
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame]54ManagementTool::ManagementTool(const std::string& dbFile, KeyChain& keyChain)
55 : m_keyChain(keyChain)
56 , m_dbMgr(dbFile)
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]57{
58}
59
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]60Zone
61ManagementTool::createZone(const Name& zoneName,
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]62 const Name& parentZoneName,
63 const time::seconds& cacheTtl,
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame]64 const time::seconds& certValidity,
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]65 const Name& kskCertName,
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]66 const Name& dskCertName,
67 const Name& dkeyCertName)
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]68{
69 bool isRoot = zoneName == ROOT_ZONE;
Yumin Xia918343d2017-03-17 19:04:55 -0700[diff] [blame]70 Name zoneIdentityName = Name(zoneName).append(label::NDNS_ITERATIVE_QUERY);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]71
72 //check preconditions
73 Zone zone(zoneName, cacheTtl);
74 if (m_dbMgr.find(zone)) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]75 BOOST_THROW_EXCEPTION(Error(zoneName.toUri() + " is already presented in the NDNS db"));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]76 }
77
78 if (!isRoot && parentZoneName.equals(zoneName)) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]79 BOOST_THROW_EXCEPTION(Error("Parent zone name can not be the zone itself"));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]80 }
81
82 if (!isRoot && !parentZoneName.isPrefixOf(zoneName)) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]83 BOOST_THROW_EXCEPTION(Error(parentZoneName.toUri() + " is not a prefix of " + zoneName.toUri()));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]84 }
85
Jiewen Tan01693fd2015-03-25 20:34:45 -0700[diff] [blame]86 // if dsk is provided, there is no need to check ksk
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]87 if (dskCertName != DEFAULT_CERT) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]88 if (!matchCertificate(dskCertName, zoneIdentityName)) {
89 BOOST_THROW_EXCEPTION(Error("Cannot verify DSK certificate"));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]90 }
91 }
Jiewen Tan01693fd2015-03-25 20:34:45 -0700[diff] [blame]92 else if (kskCertName != DEFAULT_CERT) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]93 if (!matchCertificate(kskCertName, zoneIdentityName)) {
94 BOOST_THROW_EXCEPTION(Error("Cannot verify KSK certificate"));
Jiewen Tan01693fd2015-03-25 20:34:45 -0700[diff] [blame]95 }
96 }
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]97
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]98 if (dkeyCertName == DEFAULT_CERT && isRoot) {
99 BOOST_THROW_EXCEPTION(Error("Cannot generate dkey for root zone"));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]100 }
101
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]102 // Generate a parentZone's identity to generate a D-Key.
103 // This D-key will be passed to parent zone and resigned.
104 Name dkeyIdentityName;
105 if (dkeyCertName == DEFAULT_CERT) {
Yumin Xia918343d2017-03-17 19:04:55 -0700[diff] [blame]106 dkeyIdentityName = Name(parentZoneName).append(label::NDNS_ITERATIVE_QUERY)
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]107 .append(zoneName.getSubName(parentZoneName.size()));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]108 }
109 else {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]110 dkeyIdentityName = CertHelper::getIdentityNameFromCert(dkeyCertName);
111 }
112 NDNS_LOG_INFO("Generated D-Key's identityName: " + dkeyIdentityName.toUri());
113
114 Name dskName;
115 Key ksk;
116 Key dsk;
117 Key dkey;
118 Certificate dskCert;
119 Certificate kskCert;
120 Certificate dkeyCert;
121 Identity zoneIdentity = m_keyChain.createIdentity(zoneIdentityName);
122 Identity dkeyIdentity = m_keyChain.createIdentity(dkeyIdentityName);
123
124 if (dkeyCertName == DEFAULT_CERT) {
125 dkey = m_keyChain.createKey(dkeyIdentity);
126 m_keyChain.deleteCertificate(dkey, dkey.getDefaultCertificate().getName());
127
Yumin Xiafa2bce72017-04-09 16:20:25 -0700[diff] [blame]128 dkeyCert = CertHelper::createCertificate(m_keyChain, dkey, dkey, label::CERT_RR_TYPE.toUri(), certValidity);
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]129 dkeyCert.setFreshnessPeriod(cacheTtl);
130 m_keyChain.addCertificate(dkey, dkeyCert);
131 NDNS_LOG_INFO("Generated DKEY: " << dkeyCert.getName());
132
133 }
134 else {
135 dkeyCert = CertHelper::getCertificate(m_keyChain, dkeyIdentityName, dkeyCertName);
136 dkey = dkeyIdentity.getKey(dkeyCert.getKeyName());
137 }
138
139 if (kskCertName == DEFAULT_CERT) {
140 ksk = m_keyChain.createKey(zoneIdentity);
141 // delete automatically generated certificates,
142 // because its issue is 'self' instead of CERT_RR_TYPE
143 m_keyChain.deleteCertificate(ksk, ksk.getDefaultCertificate().getName());
Yumin Xiafa2bce72017-04-09 16:20:25 -0700[diff] [blame]144 kskCert = CertHelper::createCertificate(m_keyChain, ksk, dkey, label::CERT_RR_TYPE.toUri(), certValidity);
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]145 kskCert.setFreshnessPeriod(cacheTtl);
146 m_keyChain.addCertificate(ksk, kskCert);
147 NDNS_LOG_INFO("Generated KSK: " << kskCert.getName());
148 }
149 else {
150 // ksk usually might not be the default key of a zone
151 kskCert = CertHelper::getCertificate(m_keyChain, zoneIdentityName, kskCertName);
152 ksk = zoneIdentity.getKey(kskCert.getKeyName());
153 }
154
155 if (dskCertName == DEFAULT_CERT) {
156 // if no dsk provided, then generate a dsk either signed by ksk auto generated or user provided
157 dsk = m_keyChain.createKey(zoneIdentity);
158 m_keyChain.deleteCertificate(dsk, dsk.getDefaultCertificate().getName());
159 dskCert = CertHelper::createCertificate(m_keyChain, dsk, ksk, label::CERT_RR_TYPE.toUri(), certValidity);
160 dskCert.setFreshnessPeriod(cacheTtl);
161 // dskCert will become the default certificate, since the default cert has been deleted.
162 m_keyChain.addCertificate(dsk, dskCert);
163 m_keyChain.setDefaultKey(zoneIdentity, dsk);
164 NDNS_LOG_INFO("Generated DSK: " << dskCert.getName());
165 }
166 else {
167 dskCert = CertHelper::getCertificate(m_keyChain, zoneIdentityName, dskCertName);
168 dsk = zoneIdentity.getKey(dskCert.getKeyName());
169 m_keyChain.setDefaultKey(zoneIdentity, dsk);
170 m_keyChain.setDefaultCertificate(dsk, dskCert);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]171 }
172
173 //second add zone to the database
174 NDNS_LOG_INFO("Start adding new zone to data base");
175 addZone(zone);
176
177 //third create ID-cert
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]178 NDNS_LOG_INFO("Start adding Certificates to NDNS database");
179 addIdCert(zone, kskCert, cacheTtl, dskCert);
180 addIdCert(zone, dskCert, cacheTtl, dskCert);
181
182 NDNS_LOG_INFO("Start saving KSK and DSK's id to ZoneInfo");
183 m_dbMgr.setZoneInfo(zone, "ksk", kskCert.wireEncode());
184 m_dbMgr.setZoneInfo(zone, "dsk", dskCert.wireEncode());
185
186 NDNS_LOG_INFO("Start saving DKEY certificate id to ZoneInfo");
187 m_dbMgr.setZoneInfo(zone, "dkey", dkeyCert.wireEncode());
188
Yumin Xia55a7cc42017-05-14 18:43:34 -0700[diff] [blame]189 generateDoe(zone);
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]190 return zone;
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]191}
192
193void
194ManagementTool::deleteZone(const Name& zoneName)
195{
196 //check pre-conditions
197 Zone zone(zoneName);
198 if (!m_dbMgr.find(zone)) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]199 BOOST_THROW_EXCEPTION(Error(zoneName.toUri() + " is not presented in the NDNS db"));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]200 }
201
202 //first remove all rrsets of this zone from local ndns database
203 std::vector<Rrset> rrsets = m_dbMgr.findRrsets(zone);
204 for (Rrset& rrset : rrsets) {
205 m_dbMgr.remove(rrset);
206 }
207
208 //second remove zone from local ndns database
209 removeZone(zone);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]210}
211
212void
213ManagementTool::exportCertificate(const Name& certName, const std::string& outFile)
214{
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]215 // only search in local NDNS database
216 security::v2::Certificate cert;
217 shared_ptr<Regex> regex = make_shared<Regex>("(<>*)<NDNS>(<>+)<CERT><>");
218 if (!regex->match(certName)) {
219 BOOST_THROW_EXCEPTION(Error("Certificate name is illegal"));
220 return;
221 }
222
223 Name zoneName = regex->expand("\\1");
Yumin Xia918343d2017-03-17 19:04:55 -0700[diff] [blame]224 Name identityName = Name(zoneName).append(label::NDNS_ITERATIVE_QUERY);
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]225 Name label = regex->expand("\\2");
226
227 Zone zone(zoneName);
228 Rrset rrset(&zone);
229 rrset.setLabel(label);
230 rrset.setType(label::CERT_RR_TYPE);
231 if (m_dbMgr.find(rrset)) {
232 cert = security::v2::Certificate(rrset.getData());
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]233 }
234 else {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]235 BOOST_THROW_EXCEPTION(Error("Cannot find the cert: " + certName.toUri()));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]236 }
237
238 if (outFile == DEFAULT_IO) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]239 ndn::io::save(cert, std::cout);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]240 }
241 else {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]242 ndn::io::save(cert, outFile);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]243 NDNS_LOG_INFO("save cert to file: " << outFile);
244 }
245}
246
247void
Yumin Xiaacd21332016-11-28 22:54:48 -0800[diff] [blame]248ManagementTool::addMultiLevelLabelRrset(Rrset& rrset,
249 RrsetFactory& zoneRrFactory,
250 const time::seconds& authTtl)
251{
252 const Name& label = rrset.getLabel();
253
254 // Check whether it is legal to insert the rrset
255 for (size_t i = 1; i <= label.size() - 1; i++) {
256 Name prefix = label.getPrefix(i);
257 Rrset prefixNsRr(rrset.getZone());
258 prefixNsRr.setLabel(prefix);
259 prefixNsRr.setType(label::NS_RR_TYPE);
260 if (m_dbMgr.find(prefixNsRr)) {
261 Data data(prefixNsRr.getData());
262 if (data.getContentType() == NDNS_LINK) {
263 BOOST_THROW_EXCEPTION(Error("Cannot override " + boost::lexical_cast<std::string>(prefixNsRr) + " (NDNS_LINK)"));
264 }
265 }
266 }
267
268 // check that it does not override existing AUTH
269 if (rrset.getType() == label::NS_RR_TYPE) {
270 Rrset rrsetCopy = rrset;
271 if (m_dbMgr.find(rrsetCopy)) {
272 if (Data(rrsetCopy.getData()).getContentType() == NDNS_AUTH) {
273 BOOST_THROW_EXCEPTION(Error("Cannot override " + boost::lexical_cast<std::string>(rrsetCopy) + " (NDNS_AUTH)"));
274 }
275 }
276 }
277
278 for (size_t i = 1; i <= label.size() - 1; i++) {
279 Name prefix = label.getPrefix(i);
280 Rrset prefixNsRr(rrset.getZone());
281 prefixNsRr.setLabel(prefix);
282 prefixNsRr.setType(label::NS_RR_TYPE);
283 if (m_dbMgr.find(prefixNsRr)) {
284 NDNS_LOG_INFO("NDNS_AUTH Rrset Label=" << prefix << " is already existed, insertion skipped");
285 continue;
286 }
287
Yumin Xiad4e8ce52017-03-17 19:56:52 -0700[diff] [blame]288 Rrset authRr = zoneRrFactory.generateAuthRrset(prefix,
Yumin Xiaacd21332016-11-28 22:54:48 -0800[diff] [blame]289 VERSION_USE_UNIX_TIMESTAMP, authTtl);
290 NDNS_LOG_INFO("Adding NDNS_AUTH " << authRr);
291 m_dbMgr.insert(authRr);
292 }
293
294 checkRrsetVersion(rrset);
295 NDNS_LOG_INFO("Adding " << rrset);
296 m_dbMgr.insert(rrset);
Yumin Xia55a7cc42017-05-14 18:43:34 -0700[diff] [blame]297 generateDoe(*rrset.getZone());
Yumin Xiaacd21332016-11-28 22:54:48 -0800[diff] [blame]298}
299
300void
Yumin Xia5dd9f2b2016-10-26 20:48:05 -0700[diff] [blame]301ManagementTool::addRrset(Rrset& rrset)
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]302{
Yumin Xiaacd21332016-11-28 22:54:48 -0800[diff] [blame]303 // check that it does not override existing AUTH
304 Rrset rrsetCopy = rrset;
305 rrsetCopy.setType(label::NS_RR_TYPE);
306 if (m_dbMgr.find(rrsetCopy)) {
307 if (Data(rrsetCopy.getData()).getContentType() == NDNS_AUTH) {
308 BOOST_THROW_EXCEPTION(Error("Can not add this Rrset: it overrides a NDNS_AUTH record"));
309 }
310 }
311
Jiewen Tan8cd35ea2015-03-20 00:44:23 -0700[diff] [blame]312 checkRrsetVersion(rrset);
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame]313 NDNS_LOG_INFO("Added " << rrset);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]314 m_dbMgr.insert(rrset);
Yumin Xia55a7cc42017-05-14 18:43:34 -0700[diff] [blame]315 generateDoe(*rrset.getZone());
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]316}
317
318void
Yumin Xiac5ed63f2017-01-26 13:44:38 -0800[diff] [blame]319ManagementTool::addRrsetFromFile(const Name& zoneName,
320 const std::string& inFile,
321 const time::seconds& ttl,
322 const Name& inputDskCertName,
323 const ndn::io::IoEncoding encoding,
324 bool needResign)
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]325{
326 //check precondition
327 Zone zone(zoneName);
Yumin Xia918343d2017-03-17 19:04:55 -0700[diff] [blame]328 Name zoneIdentityName = Name(zoneName).append(label::NDNS_ITERATIVE_QUERY);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]329 if (!m_dbMgr.find(zone)) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]330 BOOST_THROW_EXCEPTION(Error(zoneName.toUri() + " is not presented in the NDNS db"));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]331 }
332
333 Name dskName;
334 Name dskCertName = inputDskCertName;
335 if (dskCertName == DEFAULT_CERT) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]336 dskName = CertHelper::getDefaultKeyNameOfIdentity(m_keyChain, zoneIdentityName);
337 dskCertName = CertHelper::getDefaultCertificateNameOfIdentity(m_keyChain, zoneIdentityName);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]338 }
339 else {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]340 if (!matchCertificate(dskCertName, zoneIdentityName)) {
341 BOOST_THROW_EXCEPTION(Error("Cannot verify certificate"));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]342 }
343 }
344
345 if (inFile != DEFAULT_IO) {
346 boost::filesystem::path dir = boost::filesystem::path(inFile);
347 if (!boost::filesystem::exists(dir) || boost::filesystem::is_directory(dir)) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]348 BOOST_THROW_EXCEPTION(Error("Data: " + inFile + " does not exist"));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]349 }
350 }
351
Yumin Xiac5ed63f2017-01-26 13:44:38 -0800[diff] [blame]352 // load data
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]353 shared_ptr<Data> data;
354 if (inFile == DEFAULT_IO)
Jiewen Tan74d745c2015-03-20 01:40:41 -0700[diff] [blame]355 data = ndn::io::load<ndn::Data>(std::cin, encoding);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]356 else
Jiewen Tan74d745c2015-03-20 01:40:41 -0700[diff] [blame]357 data = ndn::io::load<ndn::Data>(inFile, encoding);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]358
Jiewen Tand2d21822015-03-19 15:37:03 -0700[diff] [blame]359 if (data == nullptr) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]360 BOOST_THROW_EXCEPTION(Error("input does not contain a valid Data packet"));
Jiewen Tand2d21822015-03-19 15:37:03 -0700[diff] [blame]361 }
362
Yumin Xiac5ed63f2017-01-26 13:44:38 -0800[diff] [blame]363 if (needResign) {
Yumin Xiafa2bce72017-04-09 16:20:25 -0700[diff] [blame]364 // TODO validityPeriod should be able to be configured
365 SignatureInfo info;
366 info.setValidityPeriod(security::ValidityPeriod(time::system_clock::now(),
367 time::system_clock::now() + DEFAULT_CERT_TTL));
368 m_keyChain.sign(*data, signingByCertificate(dskCertName).setSignatureInfo(info));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]369 }
370
371 // create response for the input data
372 Response re;
Yumin Xia6343c5b2016-10-20 15:45:50 -0700[diff] [blame]373 re.fromData(zoneName, *data);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]374 Name label = re.getRrLabel();
375 name::Component type = re.getRrType();
376
377 Rrset rrset(&zone);
378 rrset.setLabel(label);
379 rrset.setType(type);
380 if (ttl == DEFAULT_RR_TTL)
381 rrset.setTtl(zone.getTtl());
382 else
383 rrset.setTtl(ttl);
384 rrset.setVersion(re.getVersion());
385 rrset.setData(data->wireEncode());
386
Jiewen Tan8cd35ea2015-03-20 00:44:23 -0700[diff] [blame]387 checkRrsetVersion(rrset);
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]388 NDNS_LOG_INFO("Adding rrset from file " << rrset);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]389 m_dbMgr.insert(rrset);
Yumin Xia55a7cc42017-05-14 18:43:34 -0700[diff] [blame]390 generateDoe(*rrset.getZone());
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]391}
392
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]393security::v2::Certificate
394ManagementTool::getZoneDkey(Zone& zone)
395{
396 std::map<std::string, Block> zoneInfo = m_dbMgr.getZoneInfo(zone);
397 return security::v2::Certificate(zoneInfo["dkey"]);
398}
399
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]400void
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame]401ManagementTool::listZone(const Name& zoneName, std::ostream& os, const bool printRaw)
402{
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]403 Zone zone(zoneName);
404 if (!m_dbMgr.find(zone)) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]405 BOOST_THROW_EXCEPTION(Error("Zone " + zoneName.toUri() + " is not found in the database"));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]406 }
407
408 //first output the zone name
409 os << "; Zone " << zoneName.toUri() << std::endl << std::endl;
410
411 //second output all rrsets
412 std::vector<Rrset> rrsets = m_dbMgr.findRrsets(zone);
413
414 //set width for different columns
415 size_t labelWidth = 0;
416 size_t ttlWidth = 0;
417 size_t typeWidth = 0;
418 for (Rrset& rrset : rrsets) {
419 Data data(rrset.getData());
420 Response re;
Yumin Xia6343c5b2016-10-20 15:45:50 -0700[diff] [blame]421 re.fromData(zoneName, data);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]422
423 if (rrset.getLabel().toUri().size() > labelWidth)
424 labelWidth = rrset.getLabel().toUri().size();
425
426 std::stringstream seconds;
427 seconds << rrset.getTtl().count();
428 if (seconds.str().size() > ttlWidth)
429 ttlWidth = seconds.str().size();
430
431 if (rrset.getType().toUri().size() > typeWidth)
432 typeWidth = rrset.getType().toUri().size();
433 }
434
435 //output
436 for (Rrset& rrset : rrsets) {
437 Data data(rrset.getData());
438 Response re;
Yumin Xia6343c5b2016-10-20 15:45:50 -0700[diff] [blame]439 re.fromData(zoneName, data);
Yumin Xia3c6b1fd2016-12-11 19:08:47 -0800[diff] [blame]440 int iteration = re.getContentType() == NDNS_BLOB
441 || re.getContentType() == NDNS_KEY
442 || re.getContentType() == NDNS_AUTH ? 1 : re.getRrs().size();
443
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]444 const std::vector<Block>& rrs = re.getRrs();
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]445
Yumin Xia3c6b1fd2016-12-11 19:08:47 -0800[diff] [blame]446 if (re.getContentType() != NDNS_BLOB && re.getContentType() != NDNS_KEY) {
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]447 os << "; rrset=" << rrset.getLabel().toUri()
448 << " type=" << rrset.getType().toUri()
449 << " version=" << rrset.getVersion().toUri()
450 << " signed-by=" << data.getSignature().getKeyLocator().getName().toUri()
451 << std::endl;
452 }
453
454 for (int i = 0; i < iteration; i++) {
455 os.setf(os.left);
456 os.width(labelWidth + 2);
457 os << rrset.getLabel().toUri();
458
459 os.width(ttlWidth + 2);
460 os << rrset.getTtl().count();
461
462 os.width(typeWidth + 2);
463 os << rrset.getType().toUri();
464
Yumin Xia3c6b1fd2016-12-11 19:08:47 -0800[diff] [blame]465 if (re.getContentType() != NDNS_BLOB && re.getContentType() != NDNS_KEY) {
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]466 if (rrset.getType() == label::TXT_RR_TYPE) {
467 os.write(reinterpret_cast<const char*>(rrs[i].value()), rrs[i].value_size());
468 os << std::endl;
469 }
470 else if (rrset.getType() == label::NS_RR_TYPE) {
Yumin Xia5dd9f2b2016-10-26 20:48:05 -0700[diff] [blame]471 BOOST_ASSERT(iteration == 1);
Yumin Xiaa484ba72016-11-10 20:40:12 -0800[diff] [blame]472 if (re.getContentType() == NDNS_AUTH) {
Yumin Xia5dd9f2b2016-10-26 20:48:05 -0700[diff] [blame]473 const std::string authStr = "NDNS-Auth";
474 os << authStr;
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]475 }
476 else {
Yumin Xia5dd9f2b2016-10-26 20:48:05 -0700[diff] [blame]477 Link link(rrset.getData());
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]478 const DelegationList& ds = link.getDelegationList();
Yumin Xia5dd9f2b2016-10-26 20:48:05 -0700[diff] [blame]479 for (const auto& i: ds) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]480 std::string str = std::to_string(i.preference);
481 + "," + i.name.toUri() + ";";
Yumin Xia5dd9f2b2016-10-26 20:48:05 -0700[diff] [blame]482 os << str;
483 }
484 }
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]485 os << std::endl;
486 }
487 else {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]488 bufferSource(rrs[i].wire(), rrs[i].size()) >> base64Encode() >> streamSink(os);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]489 }
490 }
491 }
492
Yumin Xia3c6b1fd2016-12-11 19:08:47 -0800[diff] [blame]493 if (re.getContentType() == NDNS_BLOB || re.getContentType() == NDNS_KEY) {
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]494 os.width();
Yumin Xiaa484ba72016-11-10 20:40:12 -0800[diff] [blame]495 os << "; content-type=" << re.getContentType()
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]496 << " version=" << rrset.getVersion().toUri()
497 << " signed-by=" << data.getSignature().getKeyLocator().getName().toUri();
498 os << std::endl;
499
Yumin Xia3c6b1fd2016-12-11 19:08:47 -0800[diff] [blame]500 if (printRaw && (re.getContentType() == NDNS_BLOB
501 || re.getContentType() == NDNS_KEY)) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]502 ndn::util::IndentedStream istream(os, "; ");
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]503
Jiewen Tand1dd86d2015-03-20 10:26:28 -0700[diff] [blame]504 if (re.getRrType() == label::CERT_RR_TYPE) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]505 security::v2::Certificate cert(rrset.getData());
506 os << cert;
507 // cert.printCertificate(istream);
Jiewen Tand1dd86d2015-03-20 10:26:28 -0700[diff] [blame]508 }
509 else {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]510 bufferSource(re.getAppContent().wire(), re.getAppContent().size()) >> base64Encode() >> streamSink(os);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]511 }
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]512 }
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame]513 os << std::endl;
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]514 }
515 else {
516 os << std::endl;
517 }
518 }
519}
520
521void
522ManagementTool::listAllZones(std::ostream& os) {
523 std::vector<Zone> zones = m_dbMgr.listZones();
524
525 size_t nameWidth = 0;
526 for (const Zone& zone : zones) {
527 if (zone.getName().toUri().size() > nameWidth)
528 nameWidth = zone.getName().toUri().size();
529 }
530
531 for (const Zone& zone : zones) {
532 os.setf(os.left);
533 os.width(nameWidth + 2);
534 os << zone.getName().toUri();
Yumin Xia918343d2017-03-17 19:04:55 -0700[diff] [blame]535 Name zoneIdentity = Name(zone.getName()).append(label::NDNS_ITERATIVE_QUERY);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]536
537 os << "; default-ttl=" << zone.getTtl().count();
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]538 os << " default-key=" << CertHelper::getDefaultKeyNameOfIdentity(m_keyChain, zoneIdentity);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]539 os << " default-certificate="
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]540 << CertHelper::getDefaultCertificateNameOfIdentity(m_keyChain, zoneIdentity);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]541 os << std::endl;
542 }
543}
544
545void
546ManagementTool::removeRrSet(const Name& zoneName, const Name& label, const name::Component& type)
547{
548 Zone zone(zoneName);
549 Rrset rrset(&zone);
550 rrset.setLabel(label);
551 rrset.setType(type);
552
553 if (!m_dbMgr.find(rrset)) {
554 return;
555 }
556 NDNS_LOG_INFO("Remove rrset with zone-id: " << zone.getId() << " label: " << label << " type: "
557 << type);
558 m_dbMgr.remove(rrset);
Yumin Xia55a7cc42017-05-14 18:43:34 -0700[diff] [blame]559 generateDoe(zone);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]560}
561
562void
563ManagementTool::getRrSet(const Name& zoneName,
564 const Name& label,
565 const name::Component& type,
566 std::ostream& os)
567{
568 Zone zone(zoneName);
569 Rrset rrset(&zone);
570 rrset.setLabel(label);
571 rrset.setType(type);
572
573 if (!m_dbMgr.find(rrset)) {
574 os << "No record is found" << std::endl;
575 return;
576 }
577
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]578 bufferSource(rrset.getData().wire(), rrset.getData().size()) >> base64Encode() >> streamSink(os);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]579}
580
581void
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]582ManagementTool::addIdCert(Zone& zone, const Certificate& cert,
583 const time::seconds& ttl,
584 const Certificate& dskCert)
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]585{
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]586 Rrset rrsetKey(&zone);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]587 size_t size = zone.getName().size();
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]588 Name label = cert.getName().getSubName(size + 1, cert.getName().size() - size - 3);
589 rrsetKey.setLabel(label);
590 rrsetKey.setType(label::CERT_RR_TYPE);
591 rrsetKey.setTtl(ttl);
592 rrsetKey.setVersion(cert.getName().get(-1));
593 rrsetKey.setData(cert.wireEncode());
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]594
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]595 if (m_dbMgr.find(rrsetKey)) {
596 BOOST_THROW_EXCEPTION(Error("CERT with label=" + label.toUri() +
597 " is already presented in local NDNS databse"));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]598 }
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]599
600 m_dbMgr.insert(rrsetKey);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]601 NDNS_LOG_INFO("Add rrset with zone-id: " << zone.getId() << " label: " << label << " type: "
602 << label::CERT_RR_TYPE);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]603}
604
605void
606ManagementTool::addZone(Zone& zone)
607{
608 if (m_dbMgr.find(zone)) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]609 BOOST_THROW_EXCEPTION(Error("Zone with Name=" + zone.getName().toUri() +
610 " is already presented in local NDNS databse"));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]611 }
612 NDNS_LOG_INFO("Add zone with Name: " << zone.getName().toUri());
613 m_dbMgr.insert(zone);
614}
615
616void
617ManagementTool::removeZone(Zone& zone)
618{
619 if (!m_dbMgr.find(zone)) {
620 return;
621 }
622 NDNS_LOG_INFO("Remove zone with Name: " << zone.getName().toUri());
623 m_dbMgr.remove(zone);
624}
625
626bool
627ManagementTool::matchCertificate(const Name& certName, const Name& identity)
628{
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]629 security::Identity id = m_keyChain.getPib().getIdentity(identity);
630 for (const security::Key& key: id.getKeys()) {
631 try {
632 key.getCertificate(certName);
633 return true;
634 } catch (const std::exception&) {
635 }
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]636 }
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]637 return false;
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]638}
639
Jiewen Tan8cd35ea2015-03-20 00:44:23 -0700[diff] [blame]640void
641ManagementTool::checkRrsetVersion(const Rrset& rrset)
642{
643 Rrset originalRrset(rrset);
644 if (m_dbMgr.find(originalRrset)) {
645 // update only if rrset has a newer version
646 if (originalRrset.getVersion() == rrset.getVersion()) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]647 BOOST_THROW_EXCEPTION(Error("Duplicate: "
648 + boost::lexical_cast<std::string>(originalRrset)));
Jiewen Tan8cd35ea2015-03-20 00:44:23 -0700[diff] [blame]649 }
650 else if (originalRrset.getVersion() > rrset.getVersion()) {
Yumin Xia2c509c22017-02-09 14:37:36 -0800[diff] [blame]651 BOOST_THROW_EXCEPTION(Error("Newer version exists: "
652 + boost::lexical_cast<std::string>(originalRrset)));
Jiewen Tan8cd35ea2015-03-20 00:44:23 -0700[diff] [blame]653 }
654
655 m_dbMgr.remove(originalRrset);
656 }
657}
658
Yumin Xia55a7cc42017-05-14 18:43:34 -0700[diff] [blame]659void
660ManagementTool::generateDoe(Zone& zone)
661{
662 // check zone existence
663 if (!m_dbMgr.find(zone)) {
664 BOOST_THROW_EXCEPTION(Error(zone.getName().toUri() + " is not presented in the NDNS db"));
665 }
666
667 // remove all the Doe records
668 m_dbMgr.removeRrsetsOfZoneByType(zone, label::DOE_RR_TYPE);
669
670 // get the records out
671 std::vector<Rrset> allRecords = m_dbMgr.findRrsets(zone);
672
673 // sort them by DoE label name (same as in the database)
674 std::sort(allRecords.begin(), allRecords.end());
675
676 RrsetFactory factory(m_dbMgr.getDbFile(), zone.getName(), m_keyChain, DEFAULT_CERT);
677 factory.checkZoneKey();
678
679 for (size_t i = 0; i < allRecords.size() - 1; i++) {
680 Name lowerLabel = Name(allRecords[i].getLabel()).append(allRecords[i].getType());
681 Name upperLabel = Name(allRecords[i + 1].getLabel()).append(allRecords[i + 1].getType());
682 Rrset doe = factory.generateDoeRrset(lowerLabel,
683 VERSION_USE_UNIX_TIMESTAMP,
684 DEFAULT_CACHE_TTL, lowerLabel, upperLabel);
685 m_dbMgr.insert(doe);
686 }
687
688 Name lastLabel = Name(allRecords.back().getLabel()).append(allRecords.back().getType());
689 Name firstLabel = Name(allRecords.front().getLabel()).append(allRecords.front().getType());
690 Rrset lastRange = factory.generateDoeRrset(lastLabel,
691 VERSION_USE_UNIX_TIMESTAMP,
692 DEFAULT_CACHE_TTL, lastLabel, firstLabel);
693 m_dbMgr.insert(lastRange);
694
695 // This guard will be the lowest label-ranked record
696 // so if requested label+type is less than the lowest label except for this one, it will be choosed
697 // by findLowerBound. This small trick avoids complicated SQL query in findLowerBound
698 Rrset guardRange = factory.generateDoeRrset(Name(""),
699 VERSION_USE_UNIX_TIMESTAMP,
700 DEFAULT_CACHE_TTL, lastLabel, firstLabel);
701 m_dbMgr.insert(guardRange);
702 NDNS_LOG_INFO("DoE record updated");
703}
704
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]705} // namespace ndns
706} // namespace ndn