key-chain.hpp
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
23 #ifndef NDN_KEY_CHAIN_HPP
24 #define NDN_KEY_CHAIN_HPP
25 
26 #include "../data.hpp"
27 #include "../interest.hpp"
28 #include "../face.hpp"
29 #include "identity/identity-manager.hpp"
30 #include "policy/validation-request.hpp"
31 #include "key-params.hpp"
32 
33 namespace ndn {
34 
35 class PolicyManager;
36 
45 class KeyChain {
46 public:
52  KeyChain
53  (const ptr_lib::shared_ptr<IdentityManager>& identityManager,
54  const ptr_lib::shared_ptr<PolicyManager>& policyManager);
55 
61  KeyChain(const ptr_lib::shared_ptr<IdentityManager>& identityManager);
62 
67  KeyChain();
68 
69  /*****************************************
70  * Identity Management *
71  *****************************************/
72 
82  Name
83  createIdentityAndCertificate
84  (const Name& identityName, const KeyParams& params = DEFAULT_KEY_PARAMS)
85  {
86  return identityManager_->createIdentityAndCertificate(identityName, params);
87  }
88 
101  Name
102  DEPRECATED_IN_NDN_CPP createIdentity
103  (const Name& identityName, const KeyParams& params = DEFAULT_KEY_PARAMS)
104  {
105  return IdentityCertificate::certificateNameToPublicKeyName
106  (createIdentityAndCertificate(identityName, params));
107  }
108 
115  void
116  deleteIdentity(const Name& identityName)
117  {
118  identityManager_->deleteIdentity(identityName);
119  }
120 
126  Name
127  getDefaultIdentity()
128  {
129  return identityManager_->getDefaultIdentity();
130  }
131 
139  Name
140  getDefaultCertificateName()
141  {
142  return identityManager_->getDefaultCertificateName();
143  }
144 
154  Name
155  generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048)
156  {
157  return identityManager_->generateRSAKeyPair(identityName, isKsk, keySize);
158  }
159 
169  Name
170  generateEcdsaKeyPair(const Name& identityName, bool isKsk = false, int keySize = 256)
171  {
172  return identityManager_->generateEcdsaKeyPair(identityName, isKsk, keySize);
173  }
174 
181  void
182  setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name())
183  {
184  return identityManager_->setDefaultKeyForIdentity(keyName, identityName);
185  }
186 
196  Name
197  generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048)
198  {
199  return identityManager_->generateRSAKeyPairAsDefault(identityName, isKsk, keySize);
200  }
201 
211  Name
212  generateEcdsaKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 256)
213  {
214  return identityManager_->generateEcdsaKeyPairAsDefault(identityName, isKsk, keySize);
215  }
216 
222  Blob
223  createSigningRequest(const Name& keyName)
224  {
225  return identityManager_->getPublicKey(keyName)->getKeyDer();
226  }
227 
232  void
233  installIdentityCertificate(const IdentityCertificate& certificate)
234  {
235  identityManager_->addCertificate(certificate);
236  }
237 
242  void
243  setDefaultCertificateForKey(const IdentityCertificate& certificate)
244  {
245  identityManager_->setDefaultCertificateForKey(certificate);
246  }
247 
253  ptr_lib::shared_ptr<IdentityCertificate>
254  getCertificate(const Name& certificateName)
255  {
256  return identityManager_->getCertificate(certificateName);
257  }
258 
264  ptr_lib::shared_ptr<IdentityCertificate>
265  getAnyCertificate(const Name& certificateName)
266  {
267  return identityManager_->getAnyCertificate(certificateName);
268  }
269 
275  ptr_lib::shared_ptr<IdentityCertificate>
276  getIdentityCertificate(const Name& certificateName)
277  {
278  return identityManager_->getCertificate(certificateName);
279  }
280 
286  ptr_lib::shared_ptr<IdentityCertificate>
287  getAnyIdentityCertificate(const Name& certificateName)
288  {
289  return identityManager_->getAnyCertificate(certificateName);
290  }
291 
296  void
297  revokeKey(const Name & keyName)
298  {
299  //TODO: Implement
300  }
301 
306  void
307  revokeCertificate(const Name & certificateName)
308  {
309  //TODO: Implement
310  }
311 
316  const ptr_lib::shared_ptr<IdentityManager>&
317  getIdentityManager() { return identityManager_; }
318 
319  /*****************************************
320  * Policy Management *
321  *****************************************/
322 
327  const ptr_lib::shared_ptr<PolicyManager>&
328  getPolicyManager() { return policyManager_; }
329 
330  /*****************************************
331  * Sign/Verify *
332  *****************************************/
333 
340  void
341  sign(Data& data, const Name& certificateName,
342  WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
343  {
344  identityManager_->signByCertificate(data, certificateName, wireFormat);
345  }
346 
356  void
357  sign
358  (Interest& interest, const Name& certificateName,
359  WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
360  {
361  identityManager_->signInterestByCertificate
362  (interest, certificateName, wireFormat);
363  }
364 
372  ptr_lib::shared_ptr<Signature>
373  sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
374  {
375  return identityManager_->signByCertificate
376  (buffer, bufferLength, certificateName);
377  }
378 
385  ptr_lib::shared_ptr<Signature>
386  sign(const std::vector<uint8_t>& buffer, const Name& certificateName)
387  {
388  return sign(&buffer[0], buffer.size(), certificateName);
389  }
390 
397  void
398  signByIdentity(Data& data, const Name& identityName = Name(), WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
399 
407  ptr_lib::shared_ptr<Signature>
408  signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
409 
416  ptr_lib::shared_ptr<Signature>
417  signByIdentity(const std::vector<uint8_t>& buffer, const Name& identityName)
418  {
419  return signByIdentity(&buffer[0], buffer.size(), identityName);
420  }
421 
430  void
431  signWithSha256
432  (Data& data, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
433  {
434  identityManager_->signWithSha256(data, wireFormat);
435  }
436 
446  void
447  signWithSha256
448  (Interest& interest, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
449  {
450  identityManager_->signInterestWithSha256(interest, wireFormat);
451  }
452 
460  void
461  verifyData
462  (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
463 
472  void
473  verifyInterest
474  (const ptr_lib::shared_ptr<Interest>& interest,
475  const OnVerifiedInterest& onVerified,
476  const OnVerifyInterestFailed& onVerifyFailed, int stepCount = 0,
477  WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
478 
483  void
484  setFace(Face* face) { face_ = face; }
485 
486  static const RsaKeyParams DEFAULT_KEY_PARAMS;
487 
488 private:
489  void
490  onCertificateData
491  (const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
492 
493  void
494  onCertificateInterestTimeout
495  (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed,
496  const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
497 
502  void
503  onCertificateInterestTimeoutForVerifyInterest
504  (const ptr_lib::shared_ptr<const Interest> &interest, int retry,
505  const OnVerifyInterestFailed& onVerifyFailed,
506  const ptr_lib::shared_ptr<Interest>& originalInterest,
507  ptr_lib::shared_ptr<ValidationRequest> nextStep);
508 
509  ptr_lib::shared_ptr<IdentityManager> identityManager_;
510  ptr_lib::shared_ptr<PolicyManager> policyManager_;
511  Face* face_;
512  const int maxSteps_;
513 };
514 
515 }
516 
517 #endif
ndn::KeyChain::revokeKey
void revokeKey(const Name &keyName)
Revoke a key.
Definition: key-chain.hpp:297
ndn::KeyChain::getPolicyManager
const ptr_lib::shared_ptr< PolicyManager > & getPolicyManager()
Get the policy manager given to or created by the constructor.
Definition: key-chain.hpp:328
ndn::OnVerifyInterestFailed
func_lib::function< void(const ptr_lib::shared_ptr< Interest > &interest)> OnVerifyInterestFailed
An OnVerifyInterestFailed function object is used to pass a callback to verifyInterest to report a fa...
Definition: validation-request.hpp:52
ndn
Copyright (C) 2013-2015 Regents of the University of California.
Definition: common.hpp:35
ndn::OnVerifiedInterest
func_lib::function< void(const ptr_lib::shared_ptr< Interest > &interest)> OnVerifiedInterest
An OnVerifiedInterest function object is used to pass a callback to verifyInterest to report a succes...
Definition: validation-request.hpp:45
ndn::KeyChain::getDefaultIdentity
Name getDefaultIdentity()
Get the default identity.
Definition: key-chain.hpp:127
ndn::KeyChain::verifyData
void verifyData(const ptr_lib::shared_ptr< Data > &data, const OnVerified &onVerified, const OnVerifyFailed &onVerifyFailed, int stepCount=0)
Check the signature on the Data object and call either onVerify or onVerifyFailed.
Definition: key-chain.cpp:98
ndn::KeyChain::installIdentityCertificate
void installIdentityCertificate(const IdentityCertificate &certificate)
Install an identity certificate into the public key identity storage.
Definition: key-chain.hpp:233
ndn::KeyChain::signWithSha256
void signWithSha256(Data &data, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.
Definition: key-chain.hpp:432
ndn::Data
Definition: data.hpp:36
ndn::RsaKeyParams
Definition: key-params.hpp:58
ndn::Face
The Face class provides the main methods for NDN communication.
Definition: face.hpp:72
ndn::IdentityCertificate
Definition: identity-certificate.hpp:30
ndn::KeyChain::sign
ptr_lib::shared_ptr< Signature > sign(const std::vector< uint8_t > &buffer, const Name &certificateName)
Sign the byte array using a certificate name and return a Signature object.
Definition: key-chain.hpp:386
ndn::KeyChain::createIdentityAndCertificate
Name createIdentityAndCertificate(const Name &identityName, const KeyParams &params=DEFAULT_KEY_PARAMS)
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed ce...
Definition: key-chain.hpp:84
ndn::KeyChain::signByIdentity
void signByIdentity(Data &data, const Name &identityName=Name(), WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, sign it and set its signature.
Definition: key-chain.cpp:62
ndn::KeyChain::generateEcdsaKeyPairAsDefault
Name generateEcdsaKeyPairAsDefault(const Name &identityName, bool isKsk=false, int keySize=256)
Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity...
Definition: key-chain.hpp:212
ndn::OnVerified
func_lib::function< void(const ptr_lib::shared_ptr< Data > &data)> OnVerified
An OnVerified function object is used to pass a callback to verifyData to report a successful verific...
Definition: validation-request.hpp:33
ndn::KeyChain::getIdentityCertificate
ptr_lib::shared_ptr< IdentityCertificate > getIdentityCertificate(const Name &certificateName)
Get an identity certificate with the specified name.
Definition: key-chain.hpp:276
ndn::KeyChain::generateRSAKeyPairAsDefault
Name generateRSAKeyPairAsDefault(const Name &identityName, bool isKsk=false, int keySize=2048)
Generate a pair of RSA keys for the specified identity and set it as default key for the identity...
Definition: key-chain.hpp:197
ndn::KeyChain::setFace
void setFace(Face *face)
Set the Face which will be used to fetch required certificates.
Definition: key-chain.hpp:484
ndn::KeyChain::signByIdentity
ptr_lib::shared_ptr< Signature > signByIdentity(const std::vector< uint8_t > &buffer, const Name &identityName)
Sign the byte array using an identity name and return a Signature object.
Definition: key-chain.hpp:417
ndn::KeyChain::getCertificate
ptr_lib::shared_ptr< IdentityCertificate > getCertificate(const Name &certificateName)
Get a certificate with the specified name.
Definition: key-chain.hpp:254
ndn::IdentityCertificate::certificateNameToPublicKeyName
static Name certificateNameToPublicKeyName(const Name &certificateName)
Get the public key name from the full certificate name.
Definition: identity-certificate.cpp:101
ndn::KeyChain::sign
void sign(Data &data, const Name &certificateName, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, sign it and set its signature.
Definition: key-chain.hpp:341
ndn::KeyChain
KeyChain is the main class of the security library.
Definition: key-chain.hpp:45
ndn::Name
A Name holds an array of Name::Component and represents an NDN name.
Definition: name.hpp:42
ndn::KeyChain::deleteIdentity
void deleteIdentity(const Name &identityName)
Delete the identity from the public and private key storage.
Definition: key-chain.hpp:116
ndn::KeyChain::verifyInterest
void verifyInterest(const ptr_lib::shared_ptr< Interest > &interest, const OnVerifiedInterest &onVerified, const OnVerifyInterestFailed &onVerifyFailed, int stepCount=0, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Check the signature on the signed interest and call either onVerify or onVerifyFailed.
Definition: key-chain.cpp:119
ndn::KeyChain::sign
ptr_lib::shared_ptr< Signature > sign(const uint8_t *buffer, size_t bufferLength, const Name &certificateName)
Sign the byte array using a certificate name and return a Signature object.
Definition: key-chain.hpp:373
ndn::KeyChain::getAnyCertificate
ptr_lib::shared_ptr< IdentityCertificate > getAnyCertificate(const Name &certificateName)
Get a certificate even if the certificate is not valid anymore.
Definition: key-chain.hpp:265
ndn::KeyChain::createSigningRequest
Blob createSigningRequest(const Name &keyName)
Create a public key signing request.
Definition: key-chain.hpp:223
ndn::Blob
A Blob holds a pointer to an immutable byte array implemented as const std::vector.
Definition: blob.hpp:42
ndn::Interest
An Interest holds a Name and other fields for an interest.
Definition: interest.hpp:41
ndn::KeyChain::KeyChain
KeyChain()
Create a new KeyChain with the the default IdentityManager and a NoVerifyPolicyManager.
Definition: key-chain.cpp:54
ndn::KeyChain::setDefaultCertificateForKey
void setDefaultCertificateForKey(const IdentityCertificate &certificate)
Set the certificate as the default for its corresponding key.
Definition: key-chain.hpp:243
ndn::KeyChain::createIdentity
Name DEPRECATED_IN_NDN_CPP createIdentity(const Name &identityName, const KeyParams &params=DEFAULT_KEY_PARAMS)
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed ce...
Definition: key-chain.hpp:103
ndn::KeyChain::setDefaultKeyForIdentity
void setDefaultKeyForIdentity(const Name &keyName, const Name &identityName=Name())
Set a key as the default key of an identity.
Definition: key-chain.hpp:182
ndn::KeyParams
KeyParams is a base class for key parameters.
Definition: key-params.hpp:34
ndn::KeyChain::generateEcdsaKeyPair
Name generateEcdsaKeyPair(const Name &identityName, bool isKsk=false, int keySize=256)
Generate a pair of ECDSA keys for the specified identity.
Definition: key-chain.hpp:170
ndn::OnVerifyFailed
func_lib::function< void(const ptr_lib::shared_ptr< Data > &data)> OnVerifyFailed
An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verific...
Definition: validation-request.hpp:38
ndn::WireFormat::getDefaultWireFormat
static WireFormat * getDefaultWireFormat()
Return the default WireFormat used by default encoding and decoding methods which was set with setDef...
Definition: wire-format.cpp:36
ndn::KeyChain::generateRSAKeyPair
Name generateRSAKeyPair(const Name &identityName, bool isKsk=false, int keySize=2048)
Generate a pair of RSA keys for the specified identity.
Definition: key-chain.hpp:155
ndn::KeyChain::getDefaultCertificateName
Name getDefaultCertificateName()
Get the default certificate name of the default identity.
Definition: key-chain.hpp:140
ndn::KeyChain::getIdentityManager
const ptr_lib::shared_ptr< IdentityManager > & getIdentityManager()
Get the identity manager given to or created by the constructor.
Definition: key-chain.hpp:317
ndn::WireFormat
Definition: wire-format.hpp:37
ndn::KeyChain::getAnyIdentityCertificate
ptr_lib::shared_ptr< IdentityCertificate > getAnyIdentityCertificate(const Name &certificateName)
Get an identity certificate even if the certificate is not valid anymore.
Definition: key-chain.hpp:287
ndn::KeyChain::revokeCertificate
void revokeCertificate(const Name &certificateName)
Revoke a certificate.
Definition: key-chain.hpp:307
Generated on Wed May 20 2015 15:41:07 by   doxygen 1.8.9.1