key-chain.hpp
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
23 #ifndef NDN_KEY_CHAIN_HPP
24 #define NDN_KEY_CHAIN_HPP
25 
26 #include "../data.hpp"
27 #include "../interest.hpp"
28 #include "../face.hpp"
29 #include "identity/identity-manager.hpp"
30 #include "policy/validation-request.hpp"
31 #include "key-params.hpp"
32 
33 namespace ndn {
34 
35 class PolicyManager;
36 
45 class KeyChain {
46 public:
52  KeyChain
53  (const ptr_lib::shared_ptr<IdentityManager>& identityManager,
54  const ptr_lib::shared_ptr<PolicyManager>& policyManager);
55 
61  KeyChain(const ptr_lib::shared_ptr<IdentityManager>& identityManager);
62 
67  KeyChain();
68 
69  /*****************************************
70  * Identity Management *
71  *****************************************/
72 
82  Name
83  createIdentityAndCertificate
84  (const Name& identityName, const KeyParams& params = DEFAULT_KEY_PARAMS)
85  {
86  return identityManager_->createIdentityAndCertificate(identityName, params);
87  }
88 
102  Name
103  DEPRECATED_IN_NDN_CPP createIdentity
104  (const Name& identityName, const KeyParams& params = DEFAULT_KEY_PARAMS)
105  {
106  return IdentityCertificate::certificateNameToPublicKeyName
107  (createIdentityAndCertificate(identityName, params));
108  }
109 
116  void
117  deleteIdentity(const Name& identityName)
118  {
119  identityManager_->deleteIdentity(identityName);
120  }
121 
127  Name
128  getDefaultIdentity()
129  {
130  return identityManager_->getDefaultIdentity();
131  }
132 
140  Name
141  getDefaultCertificateName()
142  {
143  return identityManager_->getDefaultCertificateName();
144  }
145 
155  Name
156  generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048)
157  {
158  return identityManager_->generateRSAKeyPair(identityName, isKsk, keySize);
159  }
160 
170  Name
171  generateEcdsaKeyPair(const Name& identityName, bool isKsk = false, int keySize = 256)
172  {
173  return identityManager_->generateEcdsaKeyPair(identityName, isKsk, keySize);
174  }
175 
183  void
184  setDefaultKeyForIdentity(const Name& keyName, const Name& identityNameCheck = Name())
185  {
186  return identityManager_->setDefaultKeyForIdentity(keyName, identityNameCheck);
187  }
188 
198  Name
199  generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048)
200  {
201  return identityManager_->generateRSAKeyPairAsDefault(identityName, isKsk, keySize);
202  }
203 
213  Name
214  generateEcdsaKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 256)
215  {
216  return identityManager_->generateEcdsaKeyPairAsDefault(identityName, isKsk, keySize);
217  }
218 
224  Blob
225  createSigningRequest(const Name& keyName)
226  {
227  return identityManager_->getPublicKey(keyName)->getKeyDer();
228  }
229 
234  void
235  installIdentityCertificate(const IdentityCertificate& certificate)
236  {
237  identityManager_->addCertificate(certificate);
238  }
239 
244  void
245  setDefaultCertificateForKey(const IdentityCertificate& certificate)
246  {
247  identityManager_->setDefaultCertificateForKey(certificate);
248  }
249 
255  ptr_lib::shared_ptr<IdentityCertificate>
256  getCertificate(const Name& certificateName)
257  {
258  return identityManager_->getCertificate(certificateName);
259  }
260 
266  ptr_lib::shared_ptr<IdentityCertificate>
267  getAnyCertificate(const Name& certificateName)
268  {
269  return identityManager_->getAnyCertificate(certificateName);
270  }
271 
277  ptr_lib::shared_ptr<IdentityCertificate>
278  getIdentityCertificate(const Name& certificateName)
279  {
280  return identityManager_->getCertificate(certificateName);
281  }
282 
288  ptr_lib::shared_ptr<IdentityCertificate>
289  getAnyIdentityCertificate(const Name& certificateName)
290  {
291  return identityManager_->getAnyCertificate(certificateName);
292  }
293 
298  void
299  revokeKey(const Name & keyName)
300  {
301  //TODO: Implement
302  }
303 
308  void
309  revokeCertificate(const Name & certificateName)
310  {
311  //TODO: Implement
312  }
313 
318  const ptr_lib::shared_ptr<IdentityManager>&
319  getIdentityManager() { return identityManager_; }
320 
321  /*****************************************
322  * Policy Management *
323  *****************************************/
324 
329  const ptr_lib::shared_ptr<PolicyManager>&
330  getPolicyManager() { return policyManager_; }
331 
332  /*****************************************
333  * Sign/Verify *
334  *****************************************/
335 
342  void
343  sign(Data& data, const Name& certificateName,
344  WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
345  {
346  identityManager_->signByCertificate(data, certificateName, wireFormat);
347  }
348 
357  void
358  sign(Data& data, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
359  {
360  identityManager_->signByCertificate
361  (data, prepareDefaultCertificateName(), wireFormat);
362  }
363 
373  void
374  sign
375  (Interest& interest, const Name& certificateName,
376  WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
377  {
378  identityManager_->signInterestByCertificate
379  (interest, certificateName, wireFormat);
380  }
381 
391  void
392  sign
393  (Interest& interest,
394  WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
395  {
396  identityManager_->signInterestByCertificate
397  (interest, prepareDefaultCertificateName(), wireFormat);
398  }
399 
407  ptr_lib::shared_ptr<Signature>
408  sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
409  {
410  return identityManager_->signByCertificate
411  (buffer, bufferLength, certificateName);
412  }
413 
420  ptr_lib::shared_ptr<Signature>
421  sign(const std::vector<uint8_t>& buffer, const Name& certificateName)
422  {
423  return sign(&buffer[0], buffer.size(), certificateName);
424  }
425 
432  void
433  signByIdentity(Data& data, const Name& identityName = Name(), WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
434 
442  ptr_lib::shared_ptr<Signature>
443  signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
444 
451  ptr_lib::shared_ptr<Signature>
452  signByIdentity(const std::vector<uint8_t>& buffer, const Name& identityName)
453  {
454  return signByIdentity(&buffer[0], buffer.size(), identityName);
455  }
456 
465  void
466  signWithSha256
467  (Data& data, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
468  {
469  identityManager_->signWithSha256(data, wireFormat);
470  }
471 
481  void
482  signWithSha256
483  (Interest& interest, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
484  {
485  identityManager_->signInterestWithSha256(interest, wireFormat);
486  }
487 
495  void
496  verifyData
497  (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
498 
507  void
508  verifyInterest
509  (const ptr_lib::shared_ptr<Interest>& interest,
510  const OnVerifiedInterest& onVerified,
511  const OnVerifyInterestFailed& onVerifyFailed, int stepCount = 0,
512  WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
513 
518  void
519  setFace(Face* face) { face_ = face; }
520 
521  static const RsaKeyParams DEFAULT_KEY_PARAMS;
522 
523 private:
524  void
525  onCertificateData
526  (const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
527 
528  void
529  onCertificateInterestTimeout
530  (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed,
531  const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
532 
537  void
538  onCertificateInterestTimeoutForVerifyInterest
539  (const ptr_lib::shared_ptr<const Interest> &interest, int retry,
540  const OnVerifyInterestFailed& onVerifyFailed,
541  const ptr_lib::shared_ptr<Interest>& originalInterest,
542  ptr_lib::shared_ptr<ValidationRequest> nextStep);
543 
549  Name
550  prepareDefaultCertificateName();
551 
556  void
557  setDefaultCertificate();
558 
559  ptr_lib::shared_ptr<IdentityManager> identityManager_;
560  ptr_lib::shared_ptr<PolicyManager> policyManager_;
561  Face* face_;
562 };
563 
564 }
565 
566 #endif
ndn::KeyChain::revokeKey
void revokeKey(const Name &keyName)
Revoke a key.
Definition: key-chain.hpp:299
ndn::KeyChain::getPolicyManager
const ptr_lib::shared_ptr< PolicyManager > & getPolicyManager()
Get the policy manager given to or created by the constructor.
Definition: key-chain.hpp:330
ndn::OnVerifyInterestFailed
func_lib::function< void(const ptr_lib::shared_ptr< Interest > &interest)> OnVerifyInterestFailed
An OnVerifyInterestFailed function object is used to pass a callback to verifyInterest to report a fa...
Definition: validation-request.hpp:52
ndn
Copyright (C) 2013-2016 Regents of the University of California.
Definition: common.hpp:35
ndn::OnVerifiedInterest
func_lib::function< void(const ptr_lib::shared_ptr< Interest > &interest)> OnVerifiedInterest
An OnVerifiedInterest function object is used to pass a callback to verifyInterest to report a succes...
Definition: validation-request.hpp:45
ndn::KeyChain::getDefaultIdentity
Name getDefaultIdentity()
Get the default identity.
Definition: key-chain.hpp:128
ndn::KeyChain::verifyData
void verifyData(const ptr_lib::shared_ptr< Data > &data, const OnVerified &onVerified, const OnVerifyFailed &onVerifyFailed, int stepCount=0)
Check the signature on the Data object and call either onVerify or onVerifyFailed.
Definition: key-chain.cpp:99
ndn::KeyChain::installIdentityCertificate
void installIdentityCertificate(const IdentityCertificate &certificate)
Install an identity certificate into the public key identity storage.
Definition: key-chain.hpp:235
ndn::KeyChain::signWithSha256
void signWithSha256(Data &data, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.
Definition: key-chain.hpp:467
ndn::Data
Definition: data.hpp:35
ndn::RsaKeyParams
Definition: key-params.hpp:58
ndn::Face
The Face class provides the main methods for NDN communication.
Definition: face.hpp:78
ndn::IdentityCertificate
Definition: identity-certificate.hpp:30
ndn::KeyChain::sign
ptr_lib::shared_ptr< Signature > sign(const std::vector< uint8_t > &buffer, const Name &certificateName)
Sign the byte array using a certificate name and return a Signature object.
Definition: key-chain.hpp:421
ndn::KeyChain::createIdentityAndCertificate
Name createIdentityAndCertificate(const Name &identityName, const KeyParams &params=DEFAULT_KEY_PARAMS)
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed ce...
Definition: key-chain.hpp:84
ndn::KeyChain::signByIdentity
void signByIdentity(Data &data, const Name &identityName=Name(), WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, sign it and set its signature.
Definition: key-chain.cpp:63
ndn::KeyChain::generateEcdsaKeyPairAsDefault
Name generateEcdsaKeyPairAsDefault(const Name &identityName, bool isKsk=false, int keySize=256)
Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity...
Definition: key-chain.hpp:214
ndn::OnVerified
func_lib::function< void(const ptr_lib::shared_ptr< Data > &data)> OnVerified
An OnVerified function object is used to pass a callback to verifyData to report a successful verific...
Definition: validation-request.hpp:33
ndn::KeyChain::getIdentityCertificate
ptr_lib::shared_ptr< IdentityCertificate > getIdentityCertificate(const Name &certificateName)
Get an identity certificate with the specified name.
Definition: key-chain.hpp:278
ndn::KeyChain::generateRSAKeyPairAsDefault
Name generateRSAKeyPairAsDefault(const Name &identityName, bool isKsk=false, int keySize=2048)
Generate a pair of RSA keys for the specified identity and set it as default key for the identity...
Definition: key-chain.hpp:199
ndn::KeyChain::setFace
void setFace(Face *face)
Set the Face which will be used to fetch required certificates.
Definition: key-chain.hpp:519
ndn::KeyChain::signByIdentity
ptr_lib::shared_ptr< Signature > signByIdentity(const std::vector< uint8_t > &buffer, const Name &identityName)
Sign the byte array using an identity name and return a Signature object.
Definition: key-chain.hpp:452
ndn::KeyChain::getCertificate
ptr_lib::shared_ptr< IdentityCertificate > getCertificate(const Name &certificateName)
Get a certificate with the specified name.
Definition: key-chain.hpp:256
ndn::IdentityCertificate::certificateNameToPublicKeyName
static Name certificateNameToPublicKeyName(const Name &certificateName)
Get the public key name from the full certificate name.
Definition: identity-certificate.cpp:101
ndn::KeyChain::sign
void sign(Data &data, const Name &certificateName, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, sign it and set its signature.
Definition: key-chain.hpp:343
ndn::KeyChain
KeyChain is the main class of the security library.
Definition: key-chain.hpp:45
ndn::Name
A Name holds an array of Name::Component and represents an NDN name.
Definition: name.hpp:40
ndn::KeyChain::deleteIdentity
void deleteIdentity(const Name &identityName)
Delete the identity from the public and private key storage.
Definition: key-chain.hpp:117
ndn::KeyChain::verifyInterest
void verifyInterest(const ptr_lib::shared_ptr< Interest > &interest, const OnVerifiedInterest &onVerified, const OnVerifyInterestFailed &onVerifyFailed, int stepCount=0, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Check the signature on the signed interest and call either onVerify or onVerifyFailed.
Definition: key-chain.cpp:120
ndn::KeyChain::sign
ptr_lib::shared_ptr< Signature > sign(const uint8_t *buffer, size_t bufferLength, const Name &certificateName)
Sign the byte array using a certificate name and return a Signature object.
Definition: key-chain.hpp:408
ndn::KeyChain::getAnyCertificate
ptr_lib::shared_ptr< IdentityCertificate > getAnyCertificate(const Name &certificateName)
Get a certificate even if the certificate is not valid anymore.
Definition: key-chain.hpp:267
ndn::KeyChain::createSigningRequest
Blob createSigningRequest(const Name &keyName)
Create a public key signing request.
Definition: key-chain.hpp:225
ndn::Blob
A Blob holds a pointer to an immutable byte array implemented as const std::vector.
Definition: blob.hpp:42
ndn::Interest
An Interest holds a Name and other fields for an interest.
Definition: interest.hpp:38
ndn::KeyChain::sign
void sign(Data &data, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, sign it with the default identity and set its signature.
Definition: key-chain.hpp:358
ndn::KeyChain::setDefaultKeyForIdentity
void setDefaultKeyForIdentity(const Name &keyName, const Name &identityNameCheck=Name())
Set a key as the default key of an identity.
Definition: key-chain.hpp:184
ndn::KeyChain::KeyChain
KeyChain()
Create a new KeyChain with the the default IdentityManager and a NoVerifyPolicyManager.
Definition: key-chain.cpp:55
ndn::KeyChain::setDefaultCertificateForKey
void setDefaultCertificateForKey(const IdentityCertificate &certificate)
Set the certificate as the default for its corresponding key.
Definition: key-chain.hpp:245
ndn::KeyChain::createIdentity
Name DEPRECATED_IN_NDN_CPP createIdentity(const Name &identityName, const KeyParams &params=DEFAULT_KEY_PARAMS)
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed ce...
Definition: key-chain.hpp:104
ndn::KeyParams
KeyParams is a base class for key parameters.
Definition: key-params.hpp:34
ndn::KeyChain::generateEcdsaKeyPair
Name generateEcdsaKeyPair(const Name &identityName, bool isKsk=false, int keySize=256)
Generate a pair of ECDSA keys for the specified identity.
Definition: key-chain.hpp:171
ndn::OnVerifyFailed
func_lib::function< void(const ptr_lib::shared_ptr< Data > &data)> OnVerifyFailed
An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verific...
Definition: validation-request.hpp:38
ndn::WireFormat::getDefaultWireFormat
static WireFormat * getDefaultWireFormat()
Return the default WireFormat used by default encoding and decoding methods which was set with setDef...
Definition: wire-format.cpp:34
ndn::KeyChain::generateRSAKeyPair
Name generateRSAKeyPair(const Name &identityName, bool isKsk=false, int keySize=2048)
Generate a pair of RSA keys for the specified identity.
Definition: key-chain.hpp:156
ndn::KeyChain::getDefaultCertificateName
Name getDefaultCertificateName()
Get the default certificate name of the default identity.
Definition: key-chain.hpp:141
ndn::KeyChain::getIdentityManager
const ptr_lib::shared_ptr< IdentityManager > & getIdentityManager()
Get the identity manager given to or created by the constructor.
Definition: key-chain.hpp:319
ndn::WireFormat
Definition: wire-format.hpp:36
ndn::KeyChain::getAnyIdentityCertificate
ptr_lib::shared_ptr< IdentityCertificate > getAnyIdentityCertificate(const Name &certificateName)
Get an identity certificate even if the certificate is not valid anymore.
Definition: key-chain.hpp:289
ndn::KeyChain::revokeCertificate
void revokeCertificate(const Name &certificateName)
Revoke a certificate.
Definition: key-chain.hpp:309
Generated on Thu Jan 7 2016 11:48:14 by   doxygen 1.8.9.1