2.4/doxygen/certificate-bundle-fetcher_8cpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 #include "certificate-bundle-fetcher.hpp"
 #include "face.hpp"
 #include "util/logger.hpp"

 namespace ndn {
 namespace security {
 namespace v2 {

 NDN_LOG_INIT(ndn.security.v2.CertificateBundleFetcher);

 #define NDN_LOG_DEBUG_DEPTH(x) NDN_LOG_DEBUG(std::string(state->getDepth() + 1, '>') << " " << x)
 #define NDN_LOG_TRACE_DEPTH(x) NDN_LOG_TRACE(std::string(state->getDepth() + 1, '>') << " " << x)

 CertificateBundleFetcher::CertificateBundleFetcher(unique_ptr<CertificateFetcher> inner,
                                                    Face& face)
   : m_inner(std::move(inner))
   , m_face(face)
   , m_bundleInterestLifetime(1000)
 {
   BOOST_ASSERT(m_inner != nullptr);
 }

 void
 CertificateBundleFetcher::setBundleInterestLifetime(time::milliseconds time)
 {
   m_bundleInterestLifetime = time;
 }

 time::milliseconds
 CertificateBundleFetcher::getBundleInterestLifetime() const
 {
   return m_bundleInterestLifetime;
 }

 void
 CertificateBundleFetcher::setCertificateStorage(CertificateStorage& certStorage)
 {
   m_certStorage = &certStorage;
   m_inner->setCertificateStorage(certStorage);
 }

 void
 CertificateBundleFetcher::doFetch(const shared_ptr<CertificateRequest>& certRequest,
                                   const shared_ptr<ValidationState>& state,
                                   const ValidationContinuation& continueValidation)
 {
   auto dataValidationState = dynamic_pointer_cast<DataValidationState>(state);
   if (dataValidationState == nullptr) {
     return m_inner->fetch(certRequest, state, continueValidation);
   }

   // check if a bundle segment was fetched before
   shared_ptr<BundleNameTag> bundleNameTag = state->getTag<BundleNameTag>();
   if (bundleNameTag == nullptr) {
     const Name& originalDataName = dataValidationState->getOriginalData().getName();
     if (originalDataName.empty()) {
       return m_inner->fetch(certRequest, state, continueValidation);
     }
     // derive certificate bundle name from original data name
     Name bundleNamePrefix = deriveBundleName(originalDataName);
     fetchFirstBundleSegment(bundleNamePrefix, certRequest, state, continueValidation);
   }
   else {
     Name fullBundleName = bundleNameTag->get();
     fetchNextBundleSegment(fullBundleName, fullBundleName.get(-1).getSuccessor(),
                            certRequest, state, continueValidation);
   }
 }

 void
 CertificateBundleFetcher::fetchFirstBundleSegment(const Name& bundleNamePrefix,
                                                   const shared_ptr<CertificateRequest>& certRequest,
                                                   const shared_ptr<ValidationState>& state,
                                                   const ValidationContinuation& continueValidation)
 {
   Interest bundleInterest = Interest(bundleNamePrefix);
   bundleInterest.setInterestLifetime(m_bundleInterestLifetime);
   bundleInterest.setMustBeFresh(true);
   bundleInterest.setChildSelector(1);

   m_face.expressInterest(bundleInterest,
                          [=] (const Interest& interest, const Data& data) {
                            dataCallback(data, true, certRequest, state, continueValidation);
                          },
                          [=] (const Interest& interest, const lp::Nack& nack) {
                            nackCallback(nack, certRequest, state, continueValidation, bundleNamePrefix);
                          },
                          [=] (const Interest& interest) {
                            timeoutCallback(certRequest, state, continueValidation, bundleNamePrefix);
                          });
 }

 void
 CertificateBundleFetcher::fetchNextBundleSegment(const Name& fullBundleName, const name::Component& segmentNo,
                                                  const shared_ptr<CertificateRequest>& certRequest,
                                                  const shared_ptr<ValidationState>& state,
                                                  const ValidationContinuation& continueValidation)
 {
   shared_ptr<FinalBlockIdTag> finalBlockId = state->getTag<FinalBlockIdTag>();
   if (finalBlockId != nullptr && segmentNo > finalBlockId->get()) {
     return m_inner->fetch(certRequest, state, continueValidation);
   }

   Interest bundleInterest(fullBundleName.getPrefix(-1).append(segmentNo));
   bundleInterest.setInterestLifetime(m_bundleInterestLifetime);
   bundleInterest.setMustBeFresh(false);

   m_face.expressInterest(bundleInterest,
                          [=] (const Interest& interest, const Data& data) {
                            dataCallback(data, false, certRequest, state, continueValidation);
                          },
                          [=] (const Interest& interest, const lp::Nack& nack) {
                            nackCallback(nack, certRequest, state, continueValidation, fullBundleName);
                          },
                          [=] (const Interest& interest) {
                            timeoutCallback(certRequest, state, continueValidation, fullBundleName);
                          });
 }

 void
 CertificateBundleFetcher::dataCallback(const Data& bundleData,
                                        bool isSegmentZeroExpected,
                                        const shared_ptr<CertificateRequest>& certRequest,
                                        const shared_ptr<ValidationState>& state,
                                        const ValidationContinuation& continueValidation)
 {
   NDN_LOG_DEBUG_DEPTH("Fetched certificate bundle from network " << bundleData.getName());

   name::Component currentSegment = bundleData.getName().get(-1);
   if (!currentSegment.isSegment()) {
     return m_inner->fetch(certRequest, state, continueValidation);
   }

   if (isSegmentZeroExpected && currentSegment.toSegment() != 0) {
     // fetch segment zero
     fetchNextBundleSegment(bundleData.getName(), name::Component::fromSegment(0),
                            certRequest, state, continueValidation);
   }
   else {
     state->setTag(make_shared<BundleNameTag>(bundleData.getName()));

     const name::Component& finalBlockId = bundleData.getMetaInfo().getFinalBlockId();
     if (!finalBlockId.empty()) {
       state->setTag(make_shared<FinalBlockIdTag>(finalBlockId));
     }

     Block bundleContent = bundleData.getContent();
     bundleContent.parse();

     // store all the certificates in unverified cache
     for (const auto& block : bundleContent.elements()) {
       m_certStorage->cacheUnverifiedCert(Certificate(block));
     }

     auto cert = m_certStorage->getUnverifiedCertCache().find(certRequest->m_interest);
     continueValidation(*cert, state);
   }
 }

 void
 CertificateBundleFetcher::nackCallback(const lp::Nack& nack,
                                        const shared_ptr<CertificateRequest>& certRequest,
                                        const shared_ptr<ValidationState>& state,
                                        const ValidationContinuation& continueValidation,
                                        const Name& bundleName)
 {
   NDN_LOG_DEBUG_DEPTH("NACK (" << nack.getReason() <<  ") while fetching certificate bundle"
                       << bundleName);

   m_inner->fetch(certRequest, state, continueValidation);
 }

 void
 CertificateBundleFetcher::timeoutCallback(const shared_ptr<CertificateRequest>& certRequest,
                                           const shared_ptr<ValidationState>& state,
                                           const ValidationContinuation& continueValidation,
                                           const Name& bundleName)
 {
   NDN_LOG_DEBUG_DEPTH("Timeout while fetching certificate bundle" << bundleName);

   m_inner->fetch(certRequest, state, continueValidation);
 }

 Name
 CertificateBundleFetcher::deriveBundleName(const Name& name)
 {
   name::Component lastComponent = name.at(-1);

   Name bundleName = name;
   if (lastComponent.isImplicitSha256Digest()) {
     if (name.size() >= 2 && name.get(-2).isSegment()) {
       bundleName = name.getPrefix(-2);
     }
     else {
       bundleName = name.getPrefix(-1);
     }
   }
   else if (lastComponent.isSegment()) {
     bundleName = name.getPrefix(-1);
   }
   bundleName.append("_BUNDLE");
   bundleName.appendNumber(00);

   return bundleName;
 }

 } // namespace v2
 } // namespace security
 } // namespace ndn
ndn::security::v2::CertificateBundleFetcher::getBundleInterestLifetime
time::milliseconds getBundleInterestLifetime() const
Definition: certificate-bundle-fetcher.cpp:51

ndn
Copyright (c) 2011-2015 Regents of the University of California.
Definition: ndn-strategy-choice-helper.hpp:34

ndn::security::v2::Certificate
The certificate following the certificate format naming convention.
Definition: certificate.hpp:81

ndn::Block::elements
const element_container & elements() const
Get container of sub elements.
Definition: block.hpp:347

NDN_LOG_DEBUG_DEPTH
#define NDN_LOG_DEBUG_DEPTH(x)
Definition: certificate-bundle-fetcher.cpp:32

ndn::Interest::setMustBeFresh
Interest & setMustBeFresh(bool mustBeFresh)
Definition: interest.hpp:324

ndn::security::v2
Definition: command-authenticator.hpp:34

ndn::tlv::Interest
Definition: tlv.hpp:64

websocketpp::lib::asio::milliseconds
boost::posix_time::time_duration milliseconds(long duration)
Definition: asio.hpp:117

ndn::security::v2::CertificateBundleFetcher::setBundleInterestLifetime
void setBundleInterestLifetime(time::milliseconds time)
Set the lifetime of certificate bundle interest.
Definition: certificate-bundle-fetcher.cpp:45

ndn::security::v2::CertificateFetcher::m_certStorage
CertificateStorage * m_certStorage
Definition: certificate-fetcher.hpp:84

std
STL namespace.

ndn::security::v2::CertificateStorage::cacheUnverifiedCert
void cacheUnverifiedCert(Certificate &&cert)
Cache unverified certificate for a period of time (5 minutes)
Definition: certificate-storage.cpp:86

ndn::Block
Represents a TLV element of NDN packet format.
Definition: block.hpp:42

ndn::Interest
represents an Interest packet
Definition: interest.hpp:42

ndn::Data::getMetaInfo
const MetaInfo & getMetaInfo() const
Get MetaInfo.
Definition: data.hpp:135

ndn::security::v2::CertificateFetcher::ValidationContinuation
std::function< void(const Certificate &cert, const shared_ptr< ValidationState > &state)> ValidationContinuation
Definition: certificate-fetcher.hpp:43

ndn::security::v2::CertificateBundleFetcher::CertificateBundleFetcher
CertificateBundleFetcher(unique_ptr< CertificateFetcher > inner, Face &face)
Definition: certificate-bundle-fetcher.cpp:35

ndn::security::v2::CertificateCache::find
const Certificate * find(const Name &certPrefix) const
Get certificate given key name.
Definition: certificate-cache.cpp:68

ndn::Name::appendNumber
Name & appendNumber(uint64_t number)
Append a component with a nonNegativeInteger.
Definition: name.hpp:324

ndn::Name::append
Name & append(const Component &component)
Append a component.
Definition: name.hpp:256

ndn::time
Definition: time-custom-clock.hpp:28

ndn::lp::Nack
represents a Network Nack
Definition: nack.hpp:40

ndn::security::v2::DataValidationState
Validation state for a data packet.
Definition: validation-state.hpp:158

websocketpp::transport::asio::socket::error::security
Catch-all error for security policy errors that don&#39;t fit in other categories.
Definition: base.hpp:79

ndn::SimpleTag
provides a tag type for simple types
Definition: tag.hpp:58

ndn::lp::Nack::getReason
NackReason getReason() const
Definition: nack.hpp:92

ndn::name::Component::fromSegment
static Component fromSegment(uint64_t segmentNo)
Create segment number component using NDN naming conventions.
Definition: name-component.cpp:323

NDN_LOG_INIT
#define NDN_LOG_INIT(name)
declare a log module
Definition: logger.hpp:32

ndn::name::Component::isSegment
bool isSegment() const
Check if the component is segment number per NDN naming conventions.
Definition: name-component.cpp:212

ndn::security::v2::CertificateStorage::getUnverifiedCertCache
const CertificateCache & getUnverifiedCertCache() const
Definition: certificate-storage.cpp:104

ndn::Interest::setChildSelector
Interest & setChildSelector(int childSelector)
Definition: interest.hpp:310

ndn::security::v2::CertificateStorage
Storage for trusted anchors, verified certificate cache, and unverified certificate cache...
Definition: certificate-storage.hpp:36

ndn::Face
Provide a communication channel with local or remote NDN forwarder.
Definition: face.hpp:95

ndn::security::v2::CertificateBundleFetcher::doFetch
void doFetch(const shared_ptr< CertificateRequest > &certRequest, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation) override
Asynchronous certificate fetching implementation.
Definition: certificate-bundle-fetcher.cpp:64

ndn::Block::get
const Block & get(uint32_t type) const
Get the first sub element of specified TLV-TYPE.
Definition: block.cpp:416

face

ndn::Name::size
size_t size() const
Get number of components.
Definition: name.hpp:154

ndn::Name
Represents an absolute name.
Definition: name.hpp:42

ndn::Name::at
const Component & at(ssize_t i) const
Get the component at the given index.
Definition: name.cpp:185

ndn::security::v2::CertificateBundleFetcher
Fetch certificate bundle from the network.
Definition: certificate-bundle-fetcher.hpp:41

ndn::Block::parse
void parse() const
Parse TLV-VALUE into sub elements.
Definition: block.cpp:334

ndn::name::Component::getSuccessor
Component getSuccessor() const
Definition: name-component.cpp:420

ndn::security
Definition: dummy-keychain.cpp:28

ndn::Data::getName
const Name & getName() const
Get name.
Definition: data.hpp:121

ndn::name::Component
Component holds a read-only name component value.
Definition: name-component.hpp:47

ndn::Interest::setInterestLifetime
Interest & setInterestLifetime(time::milliseconds interestLifetime)
Set Interest&#39;s lifetime.
Definition: interest.cpp:332

ndn::Data::getContent
const Block & getContent() const
Get Content.
Definition: data.cpp:185

ndn::Name::empty
bool empty() const
Check if name is empty.
Definition: name.hpp:146

ndn::name::Component::empty
bool empty() const
Definition: name-component.hpp:463

certificate-bundle-fetcher.hpp

ndn::Name::getPrefix
PartialName getPrefix(ssize_t nComponents) const
Extract a prefix of the name.
Definition: name.hpp:210

logger.hpp

ndn::Face::expressInterest
const PendingInterestId * expressInterest(const Interest &interest, const DataCallback &afterSatisfied, const NackCallback &afterNacked, const TimeoutCallback &afterTimeout)
Express Interest.
Definition: face.cpp:144

ndn::Data
Represents a Data packet.
Definition: data.hpp:35

ndn::MetaInfo::getFinalBlockId
const name::Component & getFinalBlockId() const
Definition: meta-info.hpp:219

ndn::Name::get
const Component & get(ssize_t i) const
Get the component at the given index.
Definition: name.hpp:164

ndn::security::v2::CertificateBundleFetcher::setCertificateStorage
void setCertificateStorage(CertificateStorage &certStorage) override
Set the storage for this and inner certificate fetcher.
Definition: certificate-bundle-fetcher.cpp:57

ndn::name
Definition: name-component.cpp:37

ndn::name::Component::isImplicitSha256Digest
bool isImplicitSha256Digest() const
Check if the component is ImplicitSha256DigestComponent.
Definition: name-component.cpp:357