blob: 029e3b021106378950e7a894a988a2ac99f4016b [file] [log] [blame]
Yumin Xiaf853ad72016-11-03 21:14:07 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yumin Xia2c509c22017-02-09 14:37:36 -08002/*
Alexander Afanasyev60514ec2020-06-03 14:18:53 -04003 * Copyright (c) 2014-2020, Regents of the University of California.
Yumin Xiaf853ad72016-11-03 21:14:07 -07004 *
5 * This file is part of NDNS (Named Data Networking Domain Name Service).
6 * See AUTHORS.md for complete list of NDNS authors and contributors.
7 *
8 * NDNS is free software: you can redistribute it and/or modify it under the terms
9 * of the GNU General Public License as published by the Free Software Foundation,
10 * either version 3 of the License, or (at your option) any later version.
11 *
12 * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
13 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
14 * PURPOSE. See the GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * NDNS, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20#include "rrset-factory.hpp"
21#include "mgmt/management-tool.hpp"
Yumin Xia2c509c22017-02-09 14:37:36 -080022#include "util/cert-helper.hpp"
23
24#include <ndn-cxx/security/signing-helpers.hpp>
Yumin Xiaf853ad72016-11-03 21:14:07 -070025
26#include <boost/algorithm/string/join.hpp>
27
28namespace ndn {
29namespace ndns {
30
Yumin Xiab87b9d92016-11-14 23:41:25 -080031RrsetFactory::RrsetFactory(const boost::filesystem::path& dbFile,
Yumin Xiaf853ad72016-11-03 21:14:07 -070032 const Name& zoneName,
33 KeyChain& keyChain,
34 const Name& inputDskCertName)
35 : m_keyChain(keyChain)
Yumin Xiab87b9d92016-11-14 23:41:25 -080036 , m_dbFile(dbFile.string())
Yumin Xiaf853ad72016-11-03 21:14:07 -070037 , m_zone(zoneName)
38 , m_dskCertName(inputDskCertName)
39 , m_checked(false)
40{
Yumin Xia918343d2017-03-17 19:04:55 -070041 Name identityName = Name(zoneName).append(label::NDNS_ITERATIVE_QUERY);
Yumin Xiaf853ad72016-11-03 21:14:07 -070042 if (m_dskCertName == DEFAULT_CERT) {
Yumin Xia2c509c22017-02-09 14:37:36 -080043 m_dskName = CertHelper::getDefaultKeyNameOfIdentity(m_keyChain, identityName);
44 m_dskCertName = CertHelper::getDefaultCertificateNameOfIdentity(m_keyChain, identityName);
Yumin Xiaf853ad72016-11-03 21:14:07 -070045 }
46}
47
48void
49RrsetFactory::checkZoneKey()
50{
51 onlyCheckZone();
Yumin Xia918343d2017-03-17 19:04:55 -070052 Name zoneIdentityName = Name(m_zone.getName()).append(label::NDNS_ITERATIVE_QUERY);
Yumin Xiaf853ad72016-11-03 21:14:07 -070053 if (m_dskCertName != DEFAULT_CERT &&
Yumin Xia2c509c22017-02-09 14:37:36 -080054 !matchCertificate(m_dskCertName, zoneIdentityName)) {
Yumin Xiaf853ad72016-11-03 21:14:07 -070055 BOOST_THROW_EXCEPTION(Error("Cannot verify certificate"));
56 }
57}
58
59void
60RrsetFactory::onlyCheckZone()
61{
62 if (m_checked) {
63 return ;
64 }
65 m_checked = true;
66
67 DbMgr dbMgr(m_dbFile);
68 const Name& zoneName = m_zone.getName();
69 if (!dbMgr.find(m_zone)) {
70 BOOST_THROW_EXCEPTION(Error(zoneName.toUri() + " is not presented in the NDNS db"));
71 }
72}
73
74
75std::pair<Rrset, Name>
76RrsetFactory::generateBaseRrset(const Name& label,
77 const name::Component& type,
Yumin Xia55a7cc42017-05-14 18:43:34 -070078 uint64_t version,
Yumin Xiaf853ad72016-11-03 21:14:07 -070079 const time::seconds& ttl)
80{
81 Rrset rrset(&m_zone);
82
83 rrset.setLabel(label);
84 rrset.setType(type);
85 rrset.setTtl(ttl);
86
Yumin Xiaf853ad72016-11-03 21:14:07 -070087 Name name;
88 name.append(m_zone.getName())
Yumin Xia918343d2017-03-17 19:04:55 -070089 .append(label::NDNS_ITERATIVE_QUERY)
Yumin Xiaf853ad72016-11-03 21:14:07 -070090 .append(label)
91 .append(type);
92
93 if (version != VERSION_USE_UNIX_TIMESTAMP) {
94 name.append(name::Component::fromVersion(version));
Yumin Xia2c509c22017-02-09 14:37:36 -080095 }
96 else {
Yumin Xiaf853ad72016-11-03 21:14:07 -070097 name.appendVersion();
98 }
99
100 rrset.setVersion(name.get(-1));
101
102 return std::make_pair(rrset, name);
103}
104
105bool
106RrsetFactory::matchCertificate(const Name& certName, const Name& identity)
107{
Yumin Xia2c509c22017-02-09 14:37:36 -0800108 try {
109 CertHelper::getCertificate(m_keyChain, identity, certName);
110 return true;
Davide Pesavento4a315b32018-11-24 14:32:19 -0500111 } catch (const ndn::security::Pib::Error&) {
Yumin Xiaf853ad72016-11-03 21:14:07 -0700112 return false;
113 }
Yumin Xiaf853ad72016-11-03 21:14:07 -0700114}
115
116Rrset
117RrsetFactory::generateNsRrset(const Name& label,
Yumin Xia55a7cc42017-05-14 18:43:34 -0700118 uint64_t version,
Yumin Xiaf853ad72016-11-03 21:14:07 -0700119 time::seconds ttl,
Yumin Xia2c509c22017-02-09 14:37:36 -0800120 const ndn::DelegationList& delegations)
Yumin Xiaf853ad72016-11-03 21:14:07 -0700121{
122 if (!m_checked) {
123 BOOST_THROW_EXCEPTION(Error("You have to call checkZoneKey before call generate functions"));
124 }
125
126 if (ttl == DEFAULT_RR_TTL)
127 ttl = m_zone.getTtl();
128
Yumin Xiad4e8ce52017-03-17 19:56:52 -0700129 std::pair<Rrset, Name> rrsetAndName = generateBaseRrset(label, label::NS_RR_TYPE, version, ttl);
Yumin Xiaf853ad72016-11-03 21:14:07 -0700130 const Name& name = rrsetAndName.second;
131 Rrset& rrset = rrsetAndName.first;
132
133 Link link(name);
Yumin Xia2c509c22017-02-09 14:37:36 -0800134 link.setDelegationList(delegations);
Yumin Xiaf853ad72016-11-03 21:14:07 -0700135
Yumin Xiaa484ba72016-11-10 20:40:12 -0800136 setContentType(link, NDNS_LINK, ttl);
Yumin Xiaf853ad72016-11-03 21:14:07 -0700137 sign(link);
138 rrset.setData(link.wireEncode());
139
140 return rrset;
141}
142
143Rrset
144RrsetFactory::generateTxtRrset(const Name& label,
Yumin Xia55a7cc42017-05-14 18:43:34 -0700145 uint64_t version,
Yumin Xiaf853ad72016-11-03 21:14:07 -0700146 time::seconds ttl,
147 const std::vector<std::string>& strings)
148{
149 if (!m_checked) {
150 BOOST_THROW_EXCEPTION(Error("You have to call checkZoneKey before call generate functions"));
151 }
152
153 if (ttl == DEFAULT_RR_TTL)
154 ttl = m_zone.getTtl();
155
156 Name name;
157 Rrset rrset;
Yumin Xiad4e8ce52017-03-17 19:56:52 -0700158 std::tie(rrset, name) = generateBaseRrset(label, label::TXT_RR_TYPE, version, ttl);
Yumin Xiaf853ad72016-11-03 21:14:07 -0700159
160 std::vector<Block> rrs;
161 for (const auto& item : strings) {
162 rrs.push_back(makeBinaryBlock(ndns::tlv::RrData,
163 item.c_str(),
164 item.size()));
165 }
166
167 Data data(name);
168 data.setContent(wireEncode(rrs));
169
Yumin Xiaa484ba72016-11-10 20:40:12 -0800170 setContentType(data, NDNS_RESP, ttl);
Yumin Xiaf853ad72016-11-03 21:14:07 -0700171 sign(data);
172 rrset.setData(data.wireEncode());
173
174 return rrset;
175}
176
177Rrset
178RrsetFactory::generateCertRrset(const Name& label,
Yumin Xia55a7cc42017-05-14 18:43:34 -0700179 uint64_t version,
Yumin Xiaf853ad72016-11-03 21:14:07 -0700180 time::seconds ttl,
Alexander Afanasyev60514ec2020-06-03 14:18:53 -0400181 const ndn::security::Certificate& cert)
Yumin Xiaf853ad72016-11-03 21:14:07 -0700182{
183 if (!m_checked) {
184 BOOST_THROW_EXCEPTION(Error("You have to call checkZoneKey before call generate functions"));
185 }
186
187 if (ttl == DEFAULT_RR_TTL)
188 ttl = m_zone.getTtl();
189
190 Name name;
191 Rrset rrset;
Yumin Xiad4e8ce52017-03-17 19:56:52 -0700192 std::tie(rrset, name) = generateBaseRrset(label, label::APPCERT_RR_TYPE, version, ttl);
Yumin Xiaf853ad72016-11-03 21:14:07 -0700193
194 Data data(name);
195 data.setContent(cert.wireEncode());
196
Yumin Xia3c6b1fd2016-12-11 19:08:47 -0800197 setContentType(data, NDNS_KEY, ttl);
Yumin Xiaf853ad72016-11-03 21:14:07 -0700198 sign(data);
199 rrset.setData(data.wireEncode());
200
201 return rrset;
202}
203
Yumin Xiaacd21332016-11-28 22:54:48 -0800204Rrset
205RrsetFactory::generateAuthRrset(const Name& label,
Yumin Xia55a7cc42017-05-14 18:43:34 -0700206 uint64_t version,
Yumin Xiaacd21332016-11-28 22:54:48 -0800207 time::seconds ttl)
208{
209 if (!m_checked) {
210 BOOST_THROW_EXCEPTION(Error("You have to call checkZoneKey before call generate functions"));
211 }
212
213 if (ttl == DEFAULT_RR_TTL)
214 ttl = m_zone.getTtl();
215
216 Name name;
217 Rrset rrset;
Yumin Xiad4e8ce52017-03-17 19:56:52 -0700218 std::tie(rrset, name) = generateBaseRrset(label, label::NS_RR_TYPE, version, ttl);
Yumin Xiaacd21332016-11-28 22:54:48 -0800219
220 Data data(name);
221
222 setContentType(data, NDNS_AUTH, ttl);
223 sign(data);
224 rrset.setData(data.wireEncode());
225
226 return rrset;
227}
Yumin Xiaf853ad72016-11-03 21:14:07 -0700228
Yumin Xia55a7cc42017-05-14 18:43:34 -0700229Rrset
230RrsetFactory::generateDoeRrset(const Name& label,
231 uint64_t version,
232 time::seconds ttl,
233 const Name& lowerLabel,
234 const Name& upperLabel)
235{
236 if (!m_checked) {
237 BOOST_THROW_EXCEPTION(Error("You have to call checkZoneKey before call generate functions"));
238 }
239
240 if (ttl == DEFAULT_RR_TTL)
241 ttl = m_zone.getTtl();
242
243 Name name;
244 Rrset rrset;
245 std::tie(rrset, name) = generateBaseRrset(label, label::DOE_RR_TYPE, version, ttl);
246
247 std::vector<Block> range;
248 range.push_back(lowerLabel.wireEncode());
249 range.push_back(upperLabel.wireEncode());
250
251 Data data(name);
252 data.setContent(wireEncode(range));
253
254 setContentType(data, NDNS_DOE, ttl);
255 sign(data);
256 rrset.setData(data.wireEncode());
257
258 return rrset;
259}
260
261
Yumin Xiaf853ad72016-11-03 21:14:07 -0700262void
263RrsetFactory::sign(Data& data)
264{
Yumin Xia2c509c22017-02-09 14:37:36 -0800265 m_keyChain.sign(data, signingByCertificate(m_dskCertName));
Yumin Xiaf853ad72016-11-03 21:14:07 -0700266}
267
268void
Yumin Xiaa484ba72016-11-10 20:40:12 -0800269RrsetFactory::setContentType(Data& data, NdnsContentType contentType,
270 const time::seconds& ttl)
Yumin Xiaf853ad72016-11-03 21:14:07 -0700271{
Yumin Xiaa484ba72016-11-10 20:40:12 -0800272 data.setContentType(contentType);
273 data.setFreshnessPeriod(ttl);
Yumin Xiaf853ad72016-11-03 21:14:07 -0700274}
275
276template<encoding::Tag TAG>
277inline size_t
278RrsetFactory::wireEncode(EncodingImpl<TAG>& block, const std::vector<Block>& rrs) const
279{
280 // Content :: = CONTENT-TYPE TLV-LENGTH
281 // Block*
282
283 size_t totalLength = 0;
284 for (auto iter = rrs.rbegin(); iter != rrs.rend(); ++iter) {
285 totalLength += block.prependBlock(*iter);
286 }
287
288 totalLength += block.prependVarNumber(totalLength);
289 totalLength += block.prependVarNumber(::ndn::tlv::Content);
290
291 return totalLength;
292}
293
294const Block
295RrsetFactory::wireEncode(const std::vector<Block>& rrs) const
296{
297 EncodingEstimator estimator;
298 size_t estimatedSize = wireEncode(estimator, rrs);
299 EncodingBuffer buffer(estimatedSize, 0);
300 wireEncode(buffer, rrs);
301 return buffer.block();
302}
303
304std::vector<std::string>
305RrsetFactory::wireDecodeTxt(const Block& wire)
306{
307 std::vector<std::string> txts;
308 wire.parse();
309
Yumin Xiaa484ba72016-11-10 20:40:12 -0800310 for (const auto& e : wire.elements()) {
Yumin Xiaf853ad72016-11-03 21:14:07 -0700311 txts.push_back(std::string(reinterpret_cast<const char*>(e.value()),
312 e.value_size()));
313 }
314
315 return txts;
316}
317
318
319} // namespace ndns
320} // namespace ndn