df/dff/certificate-bundle-fetcher_8cpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */

 /*

  * Copyright (c) 2013-2020 Regents of the University of California.

  *

  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).

  *

  * ndn-cxx library is free software: you can redistribute it and/or modify it under the

  * terms of the GNU Lesser General Public License as published by the Free Software

  * Foundation, either version 3 of the License, or (at your option) any later version.

  *

  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY

  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A

  * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.

  *

  * You should have received copies of the GNU General Public License and GNU Lesser

  * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see

  * <http://www.gnu.org/licenses/>.

  *

  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.

  */


 #include "ndn-cxx/security/certificate-bundle-fetcher.hpp"


 #include "ndn-cxx/face.hpp"

 #include "ndn-cxx/security/certificate-request.hpp"

 #include "ndn-cxx/security/certificate-storage.hpp"

 #include "ndn-cxx/security/validation-state.hpp"

 #include "ndn-cxx/util/logger.hpp"


 namespace ndn {

 namespace security {

 inline namespace v2 {


 NDN_LOG_INIT(ndn.security.CertificateBundleFetcher);


 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(state->getDepth() + 1, '>') << " " << x)

 #define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(state->getDepth() + 1, '>') << " " << x)


 CertificateBundleFetcher::CertificateBundleFetcher(unique_ptr<CertificateFetcher> inner,

                                                    Face& face)

   : m_inner(std::move(inner))

   , m_face(face)

   , m_bundleInterestLifetime(1000)

 {

   BOOST_ASSERT(m_inner != nullptr);

 }


 void

 CertificateBundleFetcher::setBundleInterestLifetime(time::milliseconds time)

 {

   m_bundleInterestLifetime = time;

 }


 time::milliseconds

 CertificateBundleFetcher::getBundleInterestLifetime() const

 {

   return m_bundleInterestLifetime;

 }


 void

 CertificateBundleFetcher::setCertificateStorage(CertificateStorage& certStorage)

 {

   m_certStorage = &certStorage;

   m_inner->setCertificateStorage(certStorage);

 }


 void

 CertificateBundleFetcher::doFetch(const shared_ptr<CertificateRequest>& certRequest,

                                   const shared_ptr<ValidationState>& state,

                                   const ValidationContinuation& continueValidation)

 {

   auto dataValidationState = dynamic_pointer_cast<DataValidationState>(state);

   if (dataValidationState == nullptr) {

     return m_inner->fetch(certRequest, state, continueValidation);

   }


   // check if a bundle segment was fetched before

   shared_ptr<BundleNameTag> bundleNameTag = state->getTag<BundleNameTag>();

   if (bundleNameTag == nullptr) {

     const Name& originalDataName = dataValidationState->getOriginalData().getName();

     if (originalDataName.empty()) {

       return m_inner->fetch(certRequest, state, continueValidation);

     }

     // derive certificate bundle name from original data name

     Name bundleNamePrefix = deriveBundleName(originalDataName);

     fetchFirstBundleSegment(bundleNamePrefix, certRequest, state, continueValidation);

   }

   else {

     Name fullBundleName = bundleNameTag->get();

     fetchNextBundleSegment(fullBundleName, fullBundleName.get(-1).getSuccessor(),

                            certRequest, state, continueValidation);

   }

 }


 void

 CertificateBundleFetcher::fetchFirstBundleSegment(const Name& bundleNamePrefix,

                                                   const shared_ptr<CertificateRequest>& certRequest,

                                                   const shared_ptr<ValidationState>& state,

                                                   const ValidationContinuation& continueValidation)

 {

   Interest bundleInterest = Interest(bundleNamePrefix);

   bundleInterest.setCanBePrefix(true);

   bundleInterest.setMustBeFresh(true);

   bundleInterest.setInterestLifetime(m_bundleInterestLifetime);


   m_face.expressInterest(bundleInterest,

                          [=] (const Interest&, const Data& data) {

                            dataCallback(data, true, certRequest, state, continueValidation);

                          },

                          [=] (const Interest&, const lp::Nack& nack) {

                            nackCallback(nack, certRequest, state, continueValidation, bundleNamePrefix);

                          },

                          [=] (const Interest&) {

                            timeoutCallback(certRequest, state, continueValidation, bundleNamePrefix);

                          });

 }


 void

 CertificateBundleFetcher::fetchNextBundleSegment(const Name& fullBundleName, const name::Component& segmentNo,

                                                  const shared_ptr<CertificateRequest>& certRequest,

                                                  const shared_ptr<ValidationState>& state,

                                                  const ValidationContinuation& continueValidation)

 {

   shared_ptr<FinalBlockIdTag> finalBlockId = state->getTag<FinalBlockIdTag>();

   if (finalBlockId != nullptr && segmentNo > finalBlockId->get()) {

     return m_inner->fetch(certRequest, state, continueValidation);

   }


   Interest bundleInterest(fullBundleName.getPrefix(-1).append(segmentNo));

   bundleInterest.setCanBePrefix(false);

   bundleInterest.setMustBeFresh(false);

   bundleInterest.setInterestLifetime(m_bundleInterestLifetime);


   m_face.expressInterest(bundleInterest,

                          [=] (const Interest&, const Data& data) {

                            dataCallback(data, false, certRequest, state, continueValidation);

                          },

                          [=] (const Interest&, const lp::Nack& nack) {

                            nackCallback(nack, certRequest, state, continueValidation, fullBundleName);

                          },

                          [=] (const Interest&) {

                            timeoutCallback(certRequest, state, continueValidation, fullBundleName);

                          });

 }


 void

 CertificateBundleFetcher::dataCallback(const Data& bundleData,

                                        bool isSegmentZeroExpected,

                                        const shared_ptr<CertificateRequest>& certRequest,

                                        const shared_ptr<ValidationState>& state,

                                        const ValidationContinuation& continueValidation)

 {

   NDN_LOG_DEBUG_DEPTH("Fetched certificate bundle from network " << bundleData.getName());


   name::Component currentSegment = bundleData.getName().get(-1);

   if (!currentSegment.isSegment()) {

     return m_inner->fetch(certRequest, state, continueValidation);

   }


   if (isSegmentZeroExpected && currentSegment.toSegment() != 0) {

     // fetch segment zero

     fetchNextBundleSegment(bundleData.getName(), name::Component::fromSegment(0),

                            certRequest, state, continueValidation);

   }

   else {

     state->setTag(make_shared<BundleNameTag>(bundleData.getName()));


     const auto& finalBlockId = bundleData.getFinalBlock();

     if (finalBlockId) {

       state->setTag(make_shared<FinalBlockIdTag>(*finalBlockId));

     }


     Block bundleContent = bundleData.getContent();

     bundleContent.parse();


     // store all the certificates in unverified cache

     for (const auto& block : bundleContent.elements()) {

       m_certStorage->cacheUnverifiedCert(Certificate(block));

     }


     auto cert = m_certStorage->getUnverifiedCertCache().find(certRequest->interest);

     continueValidation(*cert, state);

   }

 }


 void

 CertificateBundleFetcher::nackCallback(const lp::Nack& nack,

                                        const shared_ptr<CertificateRequest>& certRequest,

                                        const shared_ptr<ValidationState>& state,

                                        const ValidationContinuation& continueValidation,

                                        const Name& bundleName)

 {

   NDN_LOG_DEBUG_DEPTH("NACK (" << nack.getReason() <<  ") while fetching certificate bundle"

                       << bundleName);


   m_inner->fetch(certRequest, state, continueValidation);

 }


 void

 CertificateBundleFetcher::timeoutCallback(const shared_ptr<CertificateRequest>& certRequest,

                                           const shared_ptr<ValidationState>& state,

                                           const ValidationContinuation& continueValidation,

                                           const Name& bundleName)

 {

   NDN_LOG_DEBUG_DEPTH("Timeout while fetching certificate bundle" << bundleName);


   m_inner->fetch(certRequest, state, continueValidation);

 }


 Name

 CertificateBundleFetcher::deriveBundleName(const Name& name)

 {

   name::Component lastComponent = name.at(-1);


   Name bundleName = name;

   if (lastComponent.isImplicitSha256Digest()) {

     if (name.size() >= 2 && name.get(-2).isSegment()) {

       bundleName = name.getPrefix(-2);

     }

     else {

       bundleName = name.getPrefix(-1);

     }

   }

   else if (lastComponent.isSegment()) {

     bundleName = name.getPrefix(-1);

   }

   bundleName.append("_BUNDLE");

   bundleName.appendNumber(0);


   return bundleName;

 }


 } // inline namespace v2

 } // namespace security

 } // namespace ndn

NDN_LOG_DEBUG_DEPTH
#define NDN_LOG_DEBUG_DEPTH(x)
Definition: certificate-bundle-fetcher.cpp:36

certificate-bundle-fetcher.hpp

certificate-request.hpp

certificate-storage.hpp

ndn::Data
Represents a Data packet.
Definition: data.hpp:38

ndn::Face
Provide a communication channel with local or remote NDN forwarder.
Definition: face.hpp:91

ndn::Face::expressInterest
PendingInterestHandle expressInterest(const Interest &interest, const DataCallback &afterSatisfied, const NackCallback &afterNacked, const TimeoutCallback &afterTimeout)
Express Interest.
Definition: face.cpp:164

ndn::Interest
Represents an Interest packet.
Definition: interest.hpp:50

ndn::Interest::setMustBeFresh
Interest & setMustBeFresh(bool mustBeFresh)
Add or remove MustBeFresh element.
Definition: interest.hpp:235

ndn::Interest::setCanBePrefix
Interest & setCanBePrefix(bool canBePrefix)
Add or remove CanBePrefix element.
Definition: interest.hpp:216

ndn::Interest::setInterestLifetime
Interest & setInterestLifetime(time::milliseconds lifetime)
Set the Interest's lifetime.
Definition: interest.cpp:440

ndn::Name
Represents an absolute name.
Definition: name.hpp:46

ndn::Name::empty
bool empty() const
Checks if the name is empty, i.e.
Definition: name.hpp:147

ndn::Name::get
const Component & get(ssize_t i) const
Returns an immutable reference to the component at the specified index.
Definition: name.hpp:166

ndn::SimpleTag
provides a tag type for simple types
Definition: tag.hpp:59

ndn::lp::Nack
represents a Network Nack
Definition: nack.hpp:39

ndn::name::Component::fromSegment
static Component fromSegment(uint64_t segmentNo)
Create a segment number component using NDN naming conventions.
Definition: name-component.cpp:393

ndn::name::Component::getSuccessor
Component getSuccessor() const
Get the successor of this name component.
Definition: name-component.cpp:505

ndn::security::CertificateBundleFetcher
Fetch certificate bundle from the network.
Definition: certificate-bundle-fetcher.hpp:44

ndn::security::v2::CertificateBundleFetcher::setBundleInterestLifetime
void setBundleInterestLifetime(time::milliseconds time)
Set the lifetime of certificate bundle interest.
Definition: certificate-bundle-fetcher.cpp:49

ndn::security::v2::CertificateBundleFetcher::doFetch
void doFetch(const shared_ptr< CertificateRequest > &certRequest, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation) override
Asynchronous certificate fetching implementation.
Definition: certificate-bundle-fetcher.cpp:68

ndn::security::v2::CertificateBundleFetcher::setCertificateStorage
void setCertificateStorage(CertificateStorage &certStorage) override
Set the storage for this and inner certificate fetcher.
Definition: certificate-bundle-fetcher.cpp:61

ndn::security::v2::CertificateBundleFetcher::getBundleInterestLifetime
time::milliseconds getBundleInterestLifetime() const
Definition: certificate-bundle-fetcher.cpp:55

ndn::security::v2::CertificateBundleFetcher::CertificateBundleFetcher
CertificateBundleFetcher(unique_ptr< CertificateFetcher > inner, Face &face)
Definition: certificate-bundle-fetcher.cpp:39

ndn::security::v2::CertificateCache::find
const Certificate * find(const Name &certPrefix) const
Get certificate given key name.
Definition: certificate-cache.cpp:67

ndn::security::v2::CertificateFetcher::m_certStorage
CertificateStorage * m_certStorage
Definition: certificate-fetcher.hpp:84

ndn::security::v2::CertificateFetcher::ValidationContinuation
std::function< void(const Certificate &cert, const shared_ptr< ValidationState > &state)> ValidationContinuation
Definition: certificate-fetcher.hpp:43

ndn::security::v2::CertificateStorage
Storage for trusted anchors, verified certificate cache, and unverified certificate cache.
Definition: certificate-storage.hpp:37

ndn::security::v2::CertificateStorage::getUnverifiedCertCache
const CertificateCache & getUnverifiedCertCache() const
Definition: certificate-storage.cpp:104

ndn::security::v2::CertificateStorage::cacheUnverifiedCert
void cacheUnverifiedCert(Certificate &&cert)
Cache unverified certificate for a period of time (5 minutes)
Definition: certificate-storage.cpp:86

face.hpp

logger.hpp

NDN_LOG_INIT
#define NDN_LOG_INIT(name)
Define a non-member log module.
Definition: logger.hpp:163

ndn::lp::tlv::Nack
@ Nack
Definition: tlv.hpp:39

ndn::security
Definition: additional-description.cpp:28

ndn::time::milliseconds
boost::chrono::milliseconds milliseconds
Definition: time.hpp:48

ndn::tlv::Name
@ Name
Definition: tlv.hpp:67

ndn::tlv::Data
@ Data
Definition: tlv.hpp:66

ndn::tlv::Interest
@ Interest
Definition: tlv.hpp:65

ndn
Definition: data.cpp:25

validation-state.hpp