Source: security/v2/dynamic-trust-anchor-group.js

  1. /**
  2.  * Copyright (C) 2018 Regents of the University of California.
  3.  * @author: Jeff Thompson <jefft0@remap.ucla.edu>
  4.  * @author: From ndn-cxx security https://github.com/named-data/ndn-cxx/blob/master/src/security/v2/trust-anchor-group.cpp
  5.  *
  6.  * This program is free software: you can redistribute it and/or modify
  7.  * it under the terms of the GNU Lesser General Public License as published by
  8.  * the Free Software Foundation, either version 3 of the License, or
  9.  * (at your option) any later version.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU Lesser General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU Lesser General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  * A copy of the GNU Lesser General Public License is in the file COPYING.
  19.  */
  21. /** @ignore */
  22. var fs = require('fs'); /** @ignore */
  23. var path = require('path'); /** @ignore */
  24. var TrustAnchorGroup = require('./trust-anchor-group.js').TrustAnchorGroup; /** @ignore */
  25. var Name = require('../../name.js').Name; /** @ignore */
  26. var LOG = require('../../log.js').Log.LOG;
  28. /**
  29.  * The DynamicTrustAnchorGroup class extends TrustAnchorGroup to implement a
  30.  * dynamic trust anchor group.
  31.  *
  32.  * Create a DynamicTrustAnchorGroup to use an existing container.
  33.  * @param {CertificateContainer} certificateContainer The existing certificate
  34.  * container which implements the CertificateContainer interface.
  35.  * @param {string} id The group ID.
  36.  * @param {string} path The file path for trust anchor(s), which could be a
  37.  * directory or a file. If it is a directory, all the certificates in the
  38.  * directory will be loaded.
  39.  * @param {number} refreshPeriod  The refresh time in milliseconds for the
  40.  * anchors under path. This must be positive.
  41.  * @param {boolean} isDirectory If true, then path is a directory. If false, it
  42.  * is a single file.
  43.  * @throws Error If refreshPeriod is not positive.
  44.  * @constructor
  45.  */
  46. var DynamicTrustAnchorGroup = function DynamicTrustAnchorGroup
  47.   (certificateContainer, id, path, refreshPeriod, isDirectory)
  48. {
  49.   // Call the base constructor.
  50.   TrustAnchorGroup.call(this, certificateContainer, id);
  52.   this.isDirectory_ = isDirectory;
  53.   this.path_ = path;
  54.   this.refreshPeriod_ = refreshPeriod;
  55.   this.expireTime_ = 0;
  56.   if (refreshPeriod <= 0)
  57.     throw new Error("Refresh period for the dynamic group must be positive");
  59.   if (LOG > 0)
  60.     console.log("Create a dynamic trust anchor group " + id + " for file/dir " +
  61.       path + " with refresh time " + refreshPeriod);
  62.   this.refresh();
  63. };
  65. DynamicTrustAnchorGroup.prototype = new TrustAnchorGroup();
  66. DynamicTrustAnchorGroup.prototype.name = "DynamicTrustAnchorGroup";
  68. exports.DynamicTrustAnchorGroup = DynamicTrustAnchorGroup;
  70. /**
  71.  * Request a certificate refresh.
  72.  */
  73. DynamicTrustAnchorGroup.prototype.refresh = function()
  74. {
  75.   var now = new Date().getTime();
  76.   if (this.expireTime_ > now)
  77.     return;
  79.   this.expireTime_ = now + this.refreshPeriod_;
  80.   if (LOG > 0)
  81.     console.log("Reloading the dynamic trust anchor group");
  83.   // Save a copy of anchorNameUris_ .
  84.   var oldAnchorNameUris = {};
  85.   for (var uri in this.anchorNameUris_)
  86.     oldAnchorNameUris[uri] = true;
  88.   if (!this.isDirectory_)
  89.     this.loadCertificate_(this.path_, oldAnchorNameUris);
  90.   else {
  91.     var allFiles;
  92.     try {
  93.       allFiles = fs.readdirSync(this.path_);
  94.     }
  95.     catch (e) {
  96.       throw new Error("Cannot list files in directory " + this.path_);
  97.     }
  99.     for (var i = 0; i < allFiles.length; ++i)
  100.       this.loadCertificate_(path.join(this.path_, allFiles[i]), oldAnchorNameUris);
  101.   }
  103.   // Remove old certificates.
  104.   for (var uri in oldAnchorNameUris) {
  105.     delete this.anchorNameUris_[uri];
  106.     this.certificates_.remove(new Name(uri));
  107.   }
  108. };
  110. /**
  111.  * @param {string} file
  112.  * @param {object} oldAnchorNameUris The keys are the set of anchor name URIs,
  113.  * and each value is true.
  114.  */
  115. DynamicTrustAnchorGroup.prototype.loadCertificate_ = function
  116.   (file, oldAnchorNameUris)
  117. {
  118.   var certificate = TrustAnchorGroup.readCertificate(file);
  119.   if (certificate != null) {
  120.     var certificateNameUri = certificate.getName().toUri();
  122.     if (!this.anchorNameUris_[certificateNameUri]) {
  123.       this.anchorNameUris_[certificateNameUri] = true;
  124.       this.certificates_.add(certificate);
  125.     }
  126.     else
  127.       delete oldAnchorNameUris[certificateNameUri];
  128.   }
  129. };