Feature #4053
closedFinish the email challenge
100%
Description
Currently, the only available challenge is PIN code challenge. We want the email-based challenge to be available too.
For now, the email challenge module is ready in NDNCERT code base. However, the email challenge is not finished until it can send the email out. An email sending script is needed.
Updated by Zhiyi Zhang almost 7 years ago
- Tracker changed from Task to Feature
- Status changed from New to Code review
- % Done changed from 0 to 80
Updated by Zhiyi Zhang over 6 years ago
- % Done changed from 80 to 50
We still need the script to send the email to requesters.
Updated by Zhiyi Zhang over 6 years ago
- Description updated (diff)
To deploy the ndncert email challenge, one need to:
- Configure the ndncert email configuration
- Configure the ndncert CA configuration
- Try ndncert email challenge!
Configure the ndncert email configuration¶
You need to edit the ndncert-mail.conf to make email challenge work.
To create ndncert-mail.conf, just run
mv /usr/local/etc/ndncert/ndncert-mail.conf.sample /usr/local/etc/ndncert/ndncert-mail.conf
You then need to edit the conf by run
vim /usr/local/etc/ndncert/ndncert-mail.conf
As an example, here is my ndncert-conf:
[ndncert_smtp_settings]
SMTP_SERVER = smtp.gmail.com
SMTP_PORT = 587
ENCRYPT_MODE = tls
SMTP_USER = zhangzhiyi1919@gmail.com
SMTP_PASSWORD = **that's my secret**
[ndncert_email_settings]
MAIL_FROM = zhangzhiyi1919@gmail.com
SUBJECT = Email Challenge Triggered by NDNCERT
TEXT_TEMPLATE = Your PIN code: {0} Please keep it secret and type in to your application to finish the certificiate issuance process. If you do not know what is going on, please ignore the message
HTML_TEMPLATE = <html><head></head><body><p><b>Your PIN code: {0}</b></p><p>Please keep it secret and type in to your application to finish the certificiate issuance process. If you do not know what is going on, please ignore the message.</p><p>Sincerely,<br/>NDN Testbed Certificate robot</p>
Configure the ndncert CA configuration¶
You need to add Email
as an available challenge from your CA configuration
Here is my CA configuration:
{
"ca-list":
[
{
"ca-prefix": "/zhiyi",
"issuing-freshness": "720",
"validity-period": "360",
"ca-anchor": "/zhiyi/KEY/X%E9%A7ik%02%14%AA/self/%FD%00%00%01_%26f%17r",
"supported-challenges":
[
{ "type": "PIN" },
{ "type": "Email" }
]
}
]
}
Try ndncert email challenge¶
Run ndncert ca:
ndncert-ca-server
The ndncert client side command line input and output
Index CA Namespace CA Introduction
0 /zhiyi/CA /zhiyi/KEY/X%E9%A7ik%02%14%AA
Step0: Please type in the CA namespace index that you want to apply
0
Step1: Please type in the identity name
test003
Step2: Please select one challenge from following types.
PIN
Email
Email
Step3: Please satisfy following instruction(s)
Please input your email address:
zhiyi@cs.ucla.edu
Step4: Please satisfy following instruction(s)
Please input your verification code:
408529
DONE! Certificate has already been issued
DONE! Certificate has already been installed to local keychain
The email sent to zhiyi@cs.ucla.edu
from zhangzhiyi1919@gmail.com
:
Content-Type: multipart/alternative; boundary="===============5394734142355072363=="
MIME-Version: 1.0
From: zhangzhiyi1919@gmail.com
To: zhiyi@cs.ucla.edu
Subject: Email Challenge Triggered by NDNCERT
--===============5394734142355072363==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Your PIN code: 408529 Please keep it secret and type in to your application to finish the certificiate issuance process. If you do not know what is going on, please ignore the message
--===============5394734142355072363==
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head></head><body><p><b>Your PIN code: 408529</b></p><p>Please keep it secret and type in to your application to finish the certificiate issuance process. If you do not know what is going on, please ignore the message.</p><p>Sincerely,<br/>NDN Testbed Certificate robot</p>
--===============5394734142355072363==--
Updated by Zhiyi Zhang over 6 years ago
- Status changed from Code review to Closed
- % Done changed from 50 to 100