Prepare for testbed deployment: name assignment and redirection policy

Change-Id: I7f4da10b763f3891d33820e9c6f4c7cb0eea60ce
named-data · Mar 5, 2022 · 13aac73 · 13aac73
1 parent fae76c4
commit 13aac73
Show file tree

Hide file tree

Showing 37 changed files with 896 additions and 209 deletions.
diff --git a/ca.conf.sample b/ca.conf.sample
@@ -14,9 +14,15 @@
   ],
   "redirect-to":
   [
-    {
-      "ca-prefix": "/example/site1",
-      "certificate": "Bv0CvQcwCAdleGFtcGxlCAVzaXRlMQgDS0VZCAh6af3szF4QZwgEc2VsZggJ/QAAAXT6+NCKFAkYAQIZBAA27oAV/QEmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43hjZT0HUFFJcqwj8lZnd/vg0NrzqvZ4jhsq1c+nv6J3Huc9Uq5jRZwhFQ8nBWT3CeFScO5FUQfNXDIDncZ4vYPFEnockOFVtvmKQ/ELwReUvjH80d1NPGrIVrD0lMRpv2sFr6NW2p7aw6bCSj3OJq7H/+QHDkAryssMZyHwTbPzMZHyYKmxR68CyCCpvLlgp8tYFT+cCrOc3lz3nROK3VFR+apgwubpvl8nbKD10QLcgMHSkLoLEy/Ksq8OH7MQhUEZDjLk/zL9baZ7MiKXtdUZCNTZk13y5z+4aT4TqumLB+obiDXmv6JAi+CkYIMf2ck2IvMV6JgxxIlv3+Ke2wIDAQABFlAbAQEcIQcfCAdleGFtcGxlCAVzaXRlMQgDS0VZCAh6af3szF4QZ/0A/Sb9AP4PMTk3MDAxMDFUMDAwMDAw/QD/DzIwNDAwOTMwVDIyNTQwNBf9AQCCSXOqUX40mAIdKCa+nnfJCGZbNowQPJp5kDnyolj5/Ek9x8czyLcX58xTsgYtiPmL5DxMgkRujRJu9INm0pUJIJRlsqhDOwsrxIjlSgwy5AeexYe7SM3rSwljLxTR4MfBw26pym9iYt8ovHXotCDE+etyKwHzXoOgzxORoPXqBGwobNOPnhDfpzHQBFOrPd8qqLAGioNNk/k2U/uyvBbLoZS4ScNVJpfbcvcmzu/A8H/VyT4234LrlISL9WpWlO8J18yzhrXchFR0ZwCoYge5rLZ4vsQhY1WqXHCsYnRa3la6Txz44EWYEBpmk12qnkPt06KAPvQ82N1CICxFb9NY"
-    }
+      {
+        "ca-prefix": "/ndn/edu/ucla",
+        "certificate": "Bv0BNQcwCANuZG4IA2VkdQgEdWNsYQgDS0VZCAgAdGt6D7S2VAgEc2VsZggJ/QAAAX5lZMOiFAkYAQIZBAA27oAVWzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOKmvwHmK5t+MhMPgft4qmKC7YF9I6UM/o7GFa4BjZQknsqLvxdW2zIAF+iPPHJV0eVAijX6bYrQobuomiWZAY0WUBsBAxwhBx8IA25kbggDZWR1CAR1Y2xhCANLRVkICAB0a3oPtLZU/QD9Jv0A/g8xOTcwMDEwMVQwMDAwMDD9AP8PMjA0MjAxMTJUMDAxNjQ5F0cwRQIgBF/HS0j1DMo/dIILv/6IMUmMAhVtS3m97YgS8tsBhC0CIQCgEm0e6KoBCyV6PiueN9YW9zSSkdg8MLCxsyduP8tRsQ=="
+      },
+      {
+        "ca-prefix": "/ndn/edu/ucla/cs",
+        "certificate": "Bv0BPgc0CANuZG4IA2VkdQgEdWNsYQgCY3MIA0tFWQgI27kFrpVyxUAIBHNlbGYICf0AAAF+ZZ/79xQJGAECGQQANu6AFVswWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASOLtEWMpMk8tPqPe0VY9SAYA0e969NNy5t0QeseNvr6AbYWQHBR4oa6Ymv3TRlQnyy+IzvKPte5suX/Qhtnjn2FlQbAQMcJQcjCANuZG4IA2VkdQgEdWNsYQgCY3MIA0tFWQgI27kFrpVyxUD9AP0m/QD+DzE5NzAwMTAxVDAwMDAwMP0A/w8yMDQyMDExMlQwMTIxMzAXSDBGAiEAm+aJbcmI0n37Qhear5fo//S02ZlDkmao8a7olSsElx8CIQDD8dZkYfD8xcvYl3vXm7G/NSXFrnrRqxC7NR/4r4swbw=="
+        "policy-type": "email",
+        "policy-param": "cs.ucla.edu"
+      }
   ]
 }
diff --git a/client.conf.sample b/client.conf.sample
@@ -2,15 +2,16 @@
   "ca-list":
   [
     {
-      "ca-prefix": "/example",
-      "ca-info": "An example NDNCERT CA",
+      "ca-prefix": "/ndncert-demo",
+      "ca-info": "NDN Testbed NDNCERT CA (Demo)",
       "max-validity-period": "1296000",
-      "max-suffix-length": "2",
-      "probe-parameters":
-      [
-        {"probe-parameter-key": "email"}
+      "max-suffix-length": "5",
+      "probe-parameters": [
+        {
+          "probe-parameter-key": "email"
+        }
       ],
-      "certificate": "Bv0CrwcpCAdleGFtcGxlCANLRVkICJev38tR696CCARzZWxmCAn9AAABdPr4U3cUCRgBAhkEADbugBX9ASYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLjjKYDiimVlQD2vOAOYvu3iCsfS5mzQYOjw1cVS7+EDzC0T841FrmLEtrYe1USBGTSYUKNePspBTDMeAh2WlG+UmnzHyTJEcpv3Dtp/37pYIFlR8vW6TvBkBmCKVR7IDOW0DmBEY2iHbWOCCTyTd9NVyH4XiHqFx+cL9uGRyhVeXcZ5pl335SrnW58Q6tvZeOHS8YXuiAZ8E10Mdhzdmponl2+yRlc1kzkcAX1DQZt7eYXjlSsa5FSphLzw5LNqJuESLcrPRctN+4vs8xTIvWGex8n3+6wAhfXD9DLsO01mJorUxms+mwIKnV7KNLXtwDNsAZYT2BPPnO0H5Zk+tRAgMBAAEWSRsBARwaBxgIB2V4YW1wbGUIA0tFWQgIl6/fy1Hr3oL9AP0m/QD+DzE5NzAwMTAxVDAwMDAwMP0A/w8yMDQwMDkzMFQyMjUzMzIX/QEAZLgyhRsOERTgy5Q2X4FLXQV+r6emud472za0CVT20XHLXofkgybvLvY0UJ80CtuLcNRt/WKTDIKd01SoCnonx1VydKjXsO23RV95pBt/BqZVWakYEJEgbO5KzekpBHbKJmTOWBa/Tmgd9Pd5KFhQm9Ny2ZK1nlyyV37EKqR9jADkDVgRs+Sgr+Z4v14+WePROk7LR11P4NxYfgy2L0CHjpIxiFxnU+CpQL+BoGRQDTFgGq4gxUR45rpt/Y/vl5ImMdmIFDOI5W34AjVIhSLrYH3EDhWgjo9cDqvS+KT45i+t87SBQjtcQbrLl8osQcG+HgRldBv7HEEDVoPL8qL0yg=="
+      "certificate": "Bv0BLwctCAxuZG5jZXJ0LWRlbW8IA0tFWQgI92c9QI8lJGoIBHNlbGY2CAAAAX7YsardFAkYAQIZBAA27oAVWzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNIu6i4dFU2FwW9641O4XehbwZD3INSgsEehPfZVRnDhQ0l5oRdUGJo6OQhOutExKov7dp+hzmRSAHbiO3dRjdIWThsBAxwfBx0IDG5kbmNlcnQtZGVtbwgDS0VZCAj3Zz1AjyUkav0A/Sb9AP4PMTk3MDAxMDFUMDAwMDAw/QD/DzIwNDIwMjAzVDA5MzcwORdGMEQCIA7CEGlG+KQnJudjqpCzt7IlHRgPV2ni1k5mSu0yZXKtAiAGkqnGwTu1e8LVqZ1XIidt/wDzcYXTQGEoltwhcN6jUw=="
     }
   ]
 }
diff --git a/ndncert-send-email-challenge.py b/ndncert-send-email-challenge.py
@@ -1,12 +1,9 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 import sys
 import smtplib
 import argparse
 import socket
-try: # python3
-    from configparser import ConfigParser
-except ImportError: # python2
-    from ConfigParser import SafeConfigParser as ConfigParser
+from configparser import ConfigParser
 from email.mime.multipart import MIMEMultipart
 from email.mime.text import MIMEText
 

diff --git a/src/ca-module.cpp b/src/ca-module.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2017-2021, Regents of the University of California.
+ * Copyright (c) 2017-2022, Regents of the University of California.
  *
  * This file is part of ndncert, a certificate management system based on NDN.
  *
@@ -153,25 +153,40 @@ CaModule::onCaProfileDiscovery(const Interest&)
 }
 
 void
-CaModule::onProbe(const Interest& request)
-{
+CaModule::onProbe(const Interest& request) {
   // PROBE Naming Convention: /<CA-Prefix>/CA/PROBE/[ParametersSha256DigestComponent]
   NDN_LOG_TRACE("Received PROBE request");
 
   // process PROBE requests: collect probe parameters
-  auto parameters = probetlv::decodeApplicationParameters(request.getApplicationParameters());
+  std::vector<ndn::Name> redirectionNames;
   std::vector<ndn::PartialName> availableComponents;
-  for (auto& item : m_config.nameAssignmentFuncs) {
-    auto names = item->assignName(parameters);
-    availableComponents.insert(availableComponents.end(), names.begin(), names.end());
+  try {
+    auto parameters = probetlv::decodeApplicationParameters(request.getApplicationParameters());
+
+    //collect redirections
+    for (auto &item : m_config.redirection) {
+      if (item.second->isRedirecting(parameters)) {
+        redirectionNames.push_back(item.first->getFullName());
+      }
+    }
+
+    //collect name assignments
+    for (auto &item : m_config.nameAssignmentFuncs) {
+      auto names = item->assignName(parameters);
+      availableComponents.insert(availableComponents.end(), names.begin(), names.end());
+    }
+  } catch (const std::exception& e) {
+    NDN_LOG_ERROR("[CaModule::onProbe]Error in decoding TLV: " << e.what());
+    return;
   }
-  if (availableComponents.size() == 0) {
+
+  if (availableComponents.size() == 0 && redirectionNames.size() == 0) {
     m_face.put(generateErrorDataPacket(request.getName(), ErrorCode::INVALID_PARAMETER,
                                        "Cannot generate available names from parameters provided."));
     return;
   }
-  std::vector <Name> availableNames;
-  for (const auto& component : availableComponents) {
+  std::vector<Name> availableNames;
+  for (const auto &component : availableComponents) {
     Name newIdentityName = m_config.caProfile.caPrefix;
     newIdentityName.append(component);
     availableNames.push_back(newIdentityName);
@@ -180,7 +195,7 @@ CaModule::onProbe(const Interest& request)
   Data result;
   result.setName(request.getName());
   result.setContent(
-    probetlv::encodeDataContent(availableNames, m_config.caProfile.maxSuffixLength, m_config.redirection));
+      probetlv::encodeDataContent(availableNames, m_config.caProfile.maxSuffixLength, redirectionNames));
   result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
   m_keyChain.sign(result, signingByIdentity(m_config.caProfile.caPrefix));
   m_face.put(result);
@@ -457,7 +472,7 @@ CaModule::issueCertificate(const RequestState& requestState)
   Certificate newCert;
 
   Name certName = requestState.cert.getKeyName();
-  certName.append("NDNCERT").append(ndn::to_string(ndn::random::generateSecureWord64()));
+  certName.append("NDNCERT").appendVersion();
   newCert.setName(certName);
   newCert.setContent(requestState.cert.getContent());
   NDN_LOG_TRACE("cert request content " << requestState.cert);

diff --git a/src/challenge/challenge-email.cpp b/src/challenge/challenge-email.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2017-2021, Regents of the University of California.
+ * Copyright (c) 2017-2022, Regents of the University of California.
  *
  * This file is part of ndncert, a certificate management system based on NDN.
  *
@@ -29,7 +29,6 @@ NDNCERT_REGISTER_CHALLENGE(ChallengeEmail, "email");
 
 const std::string ChallengeEmail::NEED_CODE = "need-code";
 const std::string ChallengeEmail::WRONG_CODE = "wrong-code";
-const std::string ChallengeEmail::INVALID_EMAIL = "invalid-email";
 const std::string ChallengeEmail::PARAMETER_KEY_EMAIL = "email";
 const std::string ChallengeEmail::PARAMETER_KEY_CODE = "code";
 
@@ -50,13 +49,9 @@ ChallengeEmail::handleChallengeRequest(const Block& params, ca::RequestState& re
   if (request.status == Status::BEFORE_CHALLENGE) {
     // for the first time, init the challenge
     std::string emailAddress = readString(params.get(tlv::ParameterValue));
-    if (!isValidEmailAddress(emailAddress)) {
-      return returnWithNewChallengeStatus(request, INVALID_EMAIL, JsonSection(), m_maxAttemptTimes - 1,
-                                          m_secretLifetime);
-    }
     auto lastComponentRequested = readString(request.cert.getIdentity().get(-1));
     if (lastComponentRequested != emailAddress) {
-      NDN_LOG_TRACE("Email and requested name do not match. Email " << emailAddress << "requested last component "
+      NDN_LOG_TRACE("Email and requested name do not match. Email " << emailAddress << " requested last component "
                     << lastComponentRequested);
     }
     std::string emailCode = generateSecretCode();
@@ -96,8 +91,8 @@ ChallengeEmail::handleChallengeRequest(const Block& params, ca::RequestState& re
       }
       else {
         // run out times
-        NDN_LOG_TRACE("Wrong secret code provided. Ran out tires. Challenge failed.");
-        return returnWithError(request, ErrorCode::OUT_OF_TRIES, "Ran out tires.");
+        NDN_LOG_TRACE("Wrong secret code provided. Ran out of tries. Challenge failed.");
+        return returnWithError(request, ErrorCode::OUT_OF_TRIES, "Ran out of tries.");
       }
     }
   }
@@ -112,9 +107,6 @@ ChallengeEmail::getRequestedParameterList(Status status, const std::string& chal
   if (status == Status::BEFORE_CHALLENGE && challengeStatus == "") {
     result.emplace(PARAMETER_KEY_EMAIL, "Please input your email address");
   }
-  else if (status == Status::CHALLENGE && challengeStatus == INVALID_EMAIL) {
-    result.emplace(PARAMETER_KEY_EMAIL, "Invalid email, please try again");
-  }
   else if (status == Status::CHALLENGE && challengeStatus == NEED_CODE) {
     result.emplace(PARAMETER_KEY_CODE, "Please input your verification code");
   }
@@ -176,8 +168,10 @@ ChallengeEmail::sendEmail(const std::string& emailAddress, const std::string& se
   if (child.exit_code() != 0) {
     NDN_LOG_TRACE("EmailSending Script " + m_sendEmailScript + " fails.");
   }
-  NDN_LOG_TRACE("EmailSending Script " + m_sendEmailScript +
-             " was executed successfully with return value 0.");
+  else {
+    NDN_LOG_TRACE("EmailSending Script " + m_sendEmailScript +
+              " was executed successfully with return value 0.");
+  }
 }
 
 } // namespace ndncert
diff --git a/src/challenge/challenge-email.hpp b/src/challenge/challenge-email.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2017-2021, Regents of the University of California.
+ * Copyright (c) 2017-2022, Regents of the University of California.
  *
  * This file is part of ndncert, a certificate management system based on NDN.
  *
@@ -44,7 +44,6 @@ namespace ndncert {
  *
  * Failure info when application fails:
  *   FAILURE_MAXRETRY: When run out retry times.
- *   FAILURE_INVALID_EMAIL: When the email is invalid.
  *   FAILURE_TIMEOUT: When the secret lifetime expires.
  */
 class ChallengeEmail : public ChallengeModule
@@ -69,7 +68,6 @@ class ChallengeEmail : public ChallengeModule
   // challenge status
   static const std::string NEED_CODE;
   static const std::string WRONG_CODE;
-  static const std::string INVALID_EMAIL;
   // challenge parameters
   static const std::string PARAMETER_KEY_EMAIL;
   static const std::string PARAMETER_KEY_CODE;

diff --git a/src/detail/ca-configuration.cpp b/src/detail/ca-configuration.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2017-2021, Regents of the University of California.
+ * Copyright (c) 2017-2022, Regents of the University of California.
  *
  * This file is part of ndncert, a certificate management system based on NDN.
  *
@@ -53,11 +53,24 @@ CaConfig::load(const std::string& fileName)
       auto caPrefixStr = item.second.get(CONFIG_CA_PREFIX, "");
       auto caCertStr = item.second.get(CONFIG_CERTIFICATE, "");
       if (caCertStr == "") {
-        NDN_THROW(std::runtime_error("Redirect-to item's ca-prefix or certificate cannot be empty."));
+        NDN_THROW(std::runtime_error("Redirect-to item's certificate cannot be empty."));
       }
       std::istringstream ss(caCertStr);
       auto caCert = ndn::io::load<Certificate>(ss);
-      redirection.push_back(caCert);
+      if (caPrefixStr != "" && Name(caPrefixStr) != caCert->getIdentity()) {
+        NDN_THROW(std::runtime_error("Redirect-to item's prefix and certificate does not match."));
+      }
+
+      auto policyType = item.second.get(CONFIG_REDIRECTION_POLICY_TYPE, "");
+      auto policyParam = item.second.get(CONFIG_REDIRECTION_POLICY_PARAM, "");
+      if (policyType.empty()) {
+          NDN_THROW(std::runtime_error("Redirect-to policy type expected but not provided."));
+      }
+      auto policy = RedirectionPolicy::createPolicyFunc(policyType, policyParam);
+      if (policy == nullptr) {
+        NDN_THROW(std::runtime_error("Error on creating redirection policy"));
+      }
+      redirection.emplace_back(caCert, std::move(policy));
     }
   }
   // parse name assignment if appears

diff --git a/src/detail/ca-configuration.hpp b/src/detail/ca-configuration.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2017-2021, Regents of the University of California.
+ * Copyright (c) 2017-2022, Regents of the University of California.
  *
  * This file is part of ndncert, a certificate management system based on NDN.
  *
@@ -21,8 +21,9 @@
 #ifndef NDNCERT_DETAIL_CA_CONFIGURATION_HPP
 #define NDNCERT_DETAIL_CA_CONFIGURATION_HPP
 
-#include "detail/ca-profile.hpp"
 #include "name-assignment/assignment-func.hpp"
+#include "redirection/redirection-policy.hpp"
+#include "ca-profile.hpp"
 
 namespace ndncert {
 namespace ca {
@@ -66,7 +67,7 @@ class CaConfig
   /**
    * @brief Used for CA redirection
    */
-  std::vector<std::shared_ptr<Certificate>> redirection;
+  std::vector<std::pair<std::shared_ptr<Certificate>, std::unique_ptr<RedirectionPolicy>>> redirection;
   /**
    * @brief Name Assignment Functions
    */

diff --git a/src/detail/ca-profile.hpp b/src/detail/ca-profile.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2017-2021, Regents of the University of California.
+ * Copyright (c) 2017-2022, Regents of the University of California.
  *
  * This file is part of ndncert, a certificate management system based on NDN.
  *
@@ -37,6 +37,8 @@ const std::string CONFIG_CHALLENGE = "challenge";
 const std::string CONFIG_CERTIFICATE = "certificate";
 const std::string CONFIG_REDIRECTION = "redirect-to";
 const std::string CONFIG_NAME_ASSIGNMENT = "name-assignment";
+const std::string CONFIG_REDIRECTION_POLICY_TYPE = "policy-type";
+const std::string CONFIG_REDIRECTION_POLICY_PARAM = "policy-param";
 
 class CaProfile
 {

diff --git a/src/detail/challenge-encoder.cpp b/src/detail/challenge-encoder.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2017-2021, Regents of the University of California.
+ * Copyright (c) 2017-2022, Regents of the University of California.
  *
  * This file is part of ndncert, a certificate management system based on NDN.
  *
@@ -59,31 +59,62 @@ challengetlv::decodeDataContent(const Block& contentBlock, requester::Request& s
   auto data = ndn::makeBinaryBlock(tlv::EncryptedPayload, result.data(), result.size());
   data.parse();
 
-  state.m_status = statusFromBlock(data.get(tlv::Status));
-  if (data.find(tlv::ChallengeStatus) != data.elements_end()) {
-    state.m_challengeStatus = readString(data.get(tlv::ChallengeStatus));
-  }
-  if (data.find(tlv::RemainingTries) != data.elements_end()) {
-    state.m_remainingTries = readNonNegativeInteger(data.get(tlv::RemainingTries));
-  }
-  if (data.find(tlv::RemainingTime) != data.elements_end()) {
-    state.m_freshBefore = time::system_clock::now() +
-                          time::seconds(readNonNegativeInteger(data.get(tlv::RemainingTime)));
-  }
-  if (data.find(tlv::IssuedCertName) != data.elements_end()) {
-    Block issuedCertNameBlock = data.get(tlv::IssuedCertName);
-    state.m_issuedCertName = Name(issuedCertNameBlock.blockFromValue());
-  }
-  if (data.find(tlv::ParameterKey) != data.elements_end() &&
-      readString(data.get(tlv::ParameterKey)) == "nonce") {
-    if (data.find(tlv::ParameterKey) == data.elements_end()) {
-        NDN_THROW(std::runtime_error("Parameter Key found, but no value found"));
+  int numStatus = 0;
+  bool lookingForNonce = false;
+  for (const auto &item : data.elements()) {
+    if (!lookingForNonce) {
+      switch (item.type()) {
+        case tlv::Status:
+          state.m_status = statusFromBlock(data.get(tlv::Status));
+          numStatus++;
+          break;
+        case tlv::ChallengeStatus:
+          state.m_challengeStatus = readString(item);
+          break;
+        case tlv::RemainingTries:
+          state.m_remainingTries = readNonNegativeInteger(item);
+          break;
+        case tlv::RemainingTime:
+          state.m_freshBefore = time::system_clock::now() +
+                                time::seconds(readNonNegativeInteger(item));
+          break;
+        case tlv::IssuedCertName:
+          state.m_issuedCertName = Name(item.blockFromValue());
+          break;
+        case tlv::ParameterKey:
+          if (readString(item) == "nonce") {
+            lookingForNonce = true;
+          }
+          else {
+            NDN_THROW(std::runtime_error("Unknown Parameter: " + readString(item)));
+          }
+          break;
+        default:
+          if (ndn::tlv::isCriticalType(item.type())) {
+            NDN_THROW(std::runtime_error("Unrecognized TLV Type: " + std::to_string(item.type())));
+          }
+          else {
+            //ignore
+          }
+          break;
+      }
     }
-    Block nonceBlock = data.get(tlv::ParameterValue);
-    if (nonceBlock.value_size() != 16) {
-        NDN_THROW(std::runtime_error("Wrong nonce length"));
+    else {
+      if (item.type() == tlv::ParameterValue) {
+        lookingForNonce = false;
+        if (item.value_size() != 16) {
+          NDN_THROW(std::runtime_error("Wrong nonce length"));
+        }
+        memcpy(state.m_nonce.data(), item.value(), 16);
+      }
+      else {
+        NDN_THROW(std::runtime_error("Parameter Key found, but no value found"));
+      }
     }
-    memcpy(state.m_nonce.data(), nonceBlock.value(), 16);
+  }
+  if (numStatus != 1) {
+    NDN_THROW(std::runtime_error("number of status block is not equal to 1; there are " +
+                                 std::to_string(numStatus) + " status blocks"));
   }
 }