From bbc49264ce257e49d8685a7cf6244201206a10b5 Mon Sep 17 00:00:00 2001
From: Junxiao Shi <git@mail1.yoursunny.com>
Date: Fri, 15 Jan 2021 21:27:05 +0000
Subject: [PATCH] ndncert: set ValidityPeriod in client cert request

---
 .gitignore                             |  1 +
 src/ndnph/app/ndncert/client.hpp       |  9 ++++++---
 src/ndnph/app/ndncert/server.hpp       |  4 +++-
 src/ndnph/keychain/validity-period.hpp |  6 ++++++
 tests/unit/app/ndncert.t.cpp           | 21 +++++++++++++--------
 tests/unit/face/face.t.cpp             |  2 ++
 6 files changed, 31 insertions(+), 12 deletions(-)

diff --git a/.gitignore b/.gitignore
index 97dab28..887e7b3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 /build*
+/*.out
 /.vscode
diff --git a/src/ndnph/app/ndncert/client.hpp b/src/ndnph/app/ndncert/client.hpp
index 045b7ff..e7b286a 100644
--- a/src/ndnph/app/ndncert/client.hpp
+++ b/src/ndnph/app/ndncert/client.hpp
@@ -406,10 +406,13 @@ class Client : public PacketHandler
     }
 
     time_t now = time(nullptr);
-    ValidityPeriod validity(now, now + 3600);
-    // auto validity = ValidityPeriod::getMax(); // TODO set proper ValidityPeriod
-    auto cert = pub.selfSign(m_region, validity, m_pvt);
+    auto validity = certificate::getValidity(m_profile.cert)
+                      .intersect(ValidityPeriod(now, now + m_profile.maxValidityPeriod));
+    if (!validity.includes(now)) {
+      return;
+    }
 
+    auto cert = pub.selfSign(m_region, validity, m_pvt);
     m_newRequest.certRequest = m_region.create<Data>();
     if (!m_newRequest.certRequest || !m_newRequest.certRequest.decodeFrom(cert)) {
       return;
diff --git a/src/ndnph/app/ndncert/server.hpp b/src/ndnph/app/ndncert/server.hpp
index 9e2e618..d5e1bc7 100644
--- a/src/ndnph/app/ndncert/server.hpp
+++ b/src/ndnph/app/ndncert/server.hpp
@@ -323,6 +323,8 @@ class Session
       return makeError(packetRegion, interest, ErrorCode::BadParameterFormat, m_signer);
     }
 
+    // TODO check ValidityPeriod
+
     mbedtls::Mpi ecdhPvt;
     if (mbedtls_ecdh_gen_public(mbedtls::P256::group(), &ecdhPvt, &m_newResponse.ecdhPub,
                                 mbedtls::rng, nullptr) != 0 ||
@@ -368,7 +370,7 @@ class Session
     m_challengeResponse.params = result.params;
     if (result.success) {
       m_issuedCert = m_region.create<Data>();
-      auto validity = ValidityPeriod::getMax(); // TODO set proper ValidityPeriod
+      auto validity = certificate::getValidity(m_newRequest.certRequest);
       if (m_issuedCert.decodeFrom(m_newRequest.pub.buildCertificate(
             m_region, m_newRequest.pub.getName(), validity, m_signer)) &&
           !!(m_challengeResponse.issuedCertName = m_issuedCert.getFullName(m_region))) {
diff --git a/src/ndnph/keychain/validity-period.hpp b/src/ndnph/keychain/validity-period.hpp
index 46a9df5..3e59e4c 100644
--- a/src/ndnph/keychain/validity-period.hpp
+++ b/src/ndnph/keychain/validity-period.hpp
@@ -58,6 +58,12 @@ class ValidityPeriod
     return notBefore <= t && t <= notAfter;
   }
 
+  /** @brief Calculate the intersection of this and @c other ValidityPeriod. */
+  ValidityPeriod intersect(const ValidityPeriod& other) const
+  {
+    return ValidityPeriod(std::max(notBefore, other.notBefore), std::min(notAfter, other.notAfter));
+  }
+
   void encodeTo(Encoder& encoder) const
   {
     encoder.prependTlv(
diff --git a/tests/unit/app/ndncert.t.cpp b/tests/unit/app/ndncert.t.cpp
index 8e571fd..c8af3f0 100644
--- a/tests/unit/app/ndncert.t.cpp
+++ b/tests/unit/app/ndncert.t.cpp
@@ -18,18 +18,15 @@ class NdncertFixture : public BridgeFixture
 
   void SetUp() override
   {
-    DynamicRegion packetRegion(4096);
-
     sProfile.prefix = Name::parse(sRegion, "/authority");
     ASSERT_TRUE(sProfile.prefix);
     sProfile.maxValidityPeriod = 86400;
-    ASSERT_TRUE(ec::generate(sRegion, sProfile.prefix.getPrefix(-1), sPvt, sPub));
+    ASSERT_TRUE(ec::generate(sRegion, sProfile.prefix, sPvt, sPub));
     sProfile.cert = sRegion.create<Data>();
-    ASSERT_TRUE(
-      sProfile.cert.decodeFrom(sPub.selfSign(packetRegion, ValidityPeriod::getMax(), sPvt)));
+    ASSERT_TRUE(sProfile.cert.decodeFrom(sPub.selfSign(sRegion, ValidityPeriod::getMax(), sPvt)));
 
-    Data profileData = packetRegion.create<Data>();
-    ASSERT_TRUE(profileData.decodeFrom(sProfile.toData(packetRegion, sPvt)));
+    Data profileData = cRegion.create<Data>();
+    ASSERT_TRUE(profileData.decodeFrom(sProfile.toData(cRegion, sPvt)));
     EXPECT_EQ(test::toString(profileData.getName().getPrefix(3)), "/8=authority/8=CA/8=INFO");
     ASSERT_TRUE(cProfile.fromData(cRegion, profileData));
     EXPECT_EQ(test::toString(cProfile.prefix), "/8=authority");
@@ -45,12 +42,20 @@ class NdncertFixture : public BridgeFixture
     if (!!cert) {
       EXPECT_TRUE(ec::isCertificate(cert));
       self->cIssuedCertName = test::toString(cert.getName());
+
+      auto validity = certificate::getValidity(cert);
+      auto now = time(nullptr);
+      EXPECT_TRUE(validity.includes(now));
+      EXPECT_TRUE(validity.includes(now + 23 * 3600));
+      EXPECT_FALSE(validity.includes(now - 1 * 3600));
+      EXPECT_FALSE(validity.includes(now + 25 * 3600));
     } else {
       self->cIssuedCertName = "FAIL";
     }
   }
 
-  void executeWorkflow(server::ChallengeList sChallenges, client::ChallengeList cChallenges)
+  void executeWorkflow(const server::ChallengeList& sChallenges,
+                       const client::ChallengeList& cChallenges)
   {
     server::NopChallenge sNopChallenge;
     Server server(Server::Options{
diff --git a/tests/unit/face/face.t.cpp b/tests/unit/face/face.t.cpp
index d5d8a0b..1dacf08 100644
--- a/tests/unit/face/face.t.cpp
+++ b/tests/unit/face/face.t.cpp
@@ -289,6 +289,8 @@ TEST_F(FacePendingFixture, MismatchPitToken)
 TEST_F(FacePendingFixture, Expire)
 {
   interest.setName(Name::parse(cRegion, "/A"));
+
+  EXPECT_CALL(transport, doSend).Times(1);
   h.send(interest, 100);
 
   EXPECT_FALSE(h.expired());