latest/ndn-cpp/key-chain_8hpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */

 #ifndef NDN_KEY_CHAIN_HPP

 #define NDN_KEY_CHAIN_HPP


 #include <map>

 #include <stdexcept>

 #include "../data.hpp"

 #include "../interest.hpp"

 #include "../face.hpp"

 #include "identity/identity-manager.hpp"

 #include "policy/validation-request.hpp"

 #include "pib/pib.hpp"

 #include "pib/pib.hpp"

 #include "tpm/tpm.hpp"

 #include "signing-info.hpp"

 #include "key-params.hpp"

 #include "safe-bag.hpp"


 namespace ndn {


 class PolicyManager;

 class ConfigFile;


 class KeyChain {

 public:

   class Error : public std::runtime_error

   {

   public:

     Error(const std::string& what)

     : std::runtime_error(what)

     {

     }

   };


   class InvalidSigningInfoError : public Error

   {

   public:

     InvalidSigningInfoError(const std::string& what)

     : Error(what)

     {

     }

   };


   class LocatorMismatchError : public Error

   {

   public:

     LocatorMismatchError(const std::string& what)

     : Error(what)

     {

     }

   };


   typedef func_lib::function<ptr_lib::shared_ptr<PibImpl>

     (const std::string& location)> MakePibImpl;


   typedef func_lib::function<ptr_lib::shared_ptr<TpmBackEnd>

     (const std::string& location)> MakeTpmBackEnd;


   KeyChain

     (const std::string& pibLocator, const std::string& tpmLocator,

      bool allowReset = false);


   KeyChain

     (const ptr_lib::shared_ptr<PibImpl>& pibImpl,

      const ptr_lib::shared_ptr<TpmBackEnd>& tpmBackEnd,

      const ptr_lib::shared_ptr<PolicyManager>& policyManager =

        ptr_lib::shared_ptr<PolicyManager>());


   KeyChain

     (const ptr_lib::shared_ptr<IdentityManager>& identityManager,

      const ptr_lib::shared_ptr<PolicyManager>& policyManager);


   KeyChain(const ptr_lib::shared_ptr<IdentityManager>& identityManager);


   KeyChain();


   Pib&

   getPib()

   {

     if (isSecurityV1_)

       throw Error("getPib is not supported for security v1");


     return *pib_;

   }


   Tpm&

   getTpm()

   {

     if (isSecurityV1_)

       throw Error("getTpm is not supported for security v1");


     return *tpm_;

   }


   bool

   getIsSecurityV1() const { return isSecurityV1_; }


   // Identity management


   ptr_lib::shared_ptr<PibIdentity>

   createIdentityV2

     (const Name& identityName, const KeyParams& params = getDefaultKeyParams());


   void

   deleteIdentity(PibIdentity& identity);


   void

   setDefaultIdentity(PibIdentity& identity);


   // Key management


   ptr_lib::shared_ptr<PibKey>

   createKey

     (PibIdentity& identity, const KeyParams& params = getDefaultKeyParams());


   void

   deleteKey(PibIdentity& identity, PibKey& key);


   void

   setDefaultKey(PibIdentity& identity, PibKey& key);


   // Certificate management


   void

   addCertificate(PibKey& key, const CertificateV2& certificate);


   void

   deleteCertificate(PibKey& key, const Name& certificateName);


   void

   setDefaultCertificate(PibKey& key, const CertificateV2& certificate);


   // Signing


   void

   sign(Data& data, const SigningInfo& params,

        WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());


   void

   sign(Data& data, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())

   {

     if (isSecurityV1_) {

       identityManager_->signByCertificate

         (data, prepareDefaultCertificateName(), wireFormat);

       return;

     }


     sign(data, getDefaultSigningInfo(), wireFormat);

   }


   void

   sign(Interest& interest, const SigningInfo& params,

        WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());


   void

   sign(Interest& interest,

        WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())

   {

     if (isSecurityV1_) {

       identityManager_->signInterestByCertificate

         (interest, prepareDefaultCertificateName(), wireFormat);

       return;

     }


     sign(interest, getDefaultSigningInfo(), wireFormat);

   }


   Blob

   sign(const uint8_t* buffer, size_t bufferLength,

        const SigningInfo& params = getDefaultSigningInfo());


   ptr_lib::shared_ptr<CertificateV2>

   selfSign

     (ptr_lib::shared_ptr<PibKey>& key,

      WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());


   // Import and export


   // TODO: exportSafeBag


   void

   importSafeBag

     (const SafeBag& safeBag, const uint8_t* password = 0,

      size_t passwordLength = 0);


   // PIB & TPM backend registry


   static void

   registerPibBackend(const std::string& scheme, const MakePibImpl& makePibImpl)

   {

     getPibFactories()[scheme] = makePibImpl;

   }


   static void

   registerTpmBackend

     (const std::string& scheme, const MakeTpmBackEnd& makeTpmBackEnd)

   {

     getTpmFactories()[scheme] = makeTpmBackEnd;

   }


   // Security v1 methods


   /*****************************************

    *          Identity Management          *

    *****************************************/


   Name

   createIdentityAndCertificate

     (const Name& identityName, const KeyParams& params = getDefaultKeyParams())

   {

     if (!isSecurityV1_) {

       ptr_lib::shared_ptr<PibIdentity> identity = createIdentityV2

         (identityName, params);

       return identity->getDefaultKey()->getDefaultCertificate()->getName();

     }


     return identityManager_->createIdentityAndCertificate(identityName, params);

   }


   Name

   DEPRECATED_IN_NDN_CPP createIdentity

     (const Name& identityName, const KeyParams& params = getDefaultKeyParams())

   {

     return IdentityCertificate::certificateNameToPublicKeyName

       (createIdentityAndCertificate(identityName, params));

   }


   void

   deleteIdentity(const Name& identityName)

   {

     if (!isSecurityV1_) {

       try {

         deleteIdentity(*pib_->getIdentity(identityName));

       } catch (const Pib::Error& ex) {

       }

       return;

     }


     identityManager_->deleteIdentity(identityName);

   }


   Name

   getDefaultIdentity()

   {

     if (!isSecurityV1_)

       return pib_->getDefaultIdentity()->getName();


     return identityManager_->getDefaultIdentity();

   }


   Name

   getDefaultCertificateName()

   {

     if (!isSecurityV1_)

       return pib_->getDefaultIdentity()->getDefaultKey()->getDefaultCertificate()

         ->getName();


     return identityManager_->getDefaultCertificateName();

   }


   Name

   generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048)

   {

     if (!isSecurityV1_)

       throw Error

         ("generateRSAKeyPair is not supported for security v2. Use createIdentityV2.");


     return identityManager_->generateRSAKeyPair(identityName, isKsk, keySize);

   }


   Name

   generateEcdsaKeyPair(const Name& identityName, bool isKsk = false, int keySize = 256)

   {

     if (!isSecurityV1_)

       throw Error

         ("generateEcdsaKeyPair is not supported for security v2. Use createIdentityV2.");


     return identityManager_->generateEcdsaKeyPair(identityName, isKsk, keySize);

   }


   void

   setDefaultKeyForIdentity(const Name& keyName, const Name& identityNameCheck = Name())

   {

     if (!isSecurityV1_)

       throw Error

         ("setDefaultKeyForIdentity is not supported for security v2. Use getPib() methods.");


     return identityManager_->setDefaultKeyForIdentity(keyName, identityNameCheck);

   }


   Name

   generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048)

   {

     if (!isSecurityV1_)

       throw Error

         ("generateRSAKeyPairAsDefault is not supported for security v2. Use createIdentityV2.");


     return identityManager_->generateRSAKeyPairAsDefault(identityName, isKsk, keySize);

   }


   Name

   generateEcdsaKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 256)

   {

     if (!isSecurityV1_)

       throw Error

         ("generateEcdsaKeyPairAsDefault is not supported for security v2. Use createIdentityV2.");


     return identityManager_->generateEcdsaKeyPairAsDefault(identityName, isKsk, keySize);

   }


   Blob

   createSigningRequest(const Name& keyName)

   {

     if (!isSecurityV1_)

       return pib_->getIdentity(PibKey::extractIdentityFromKeyName(keyName))

         ->getKey(keyName)->getPublicKey();


     return identityManager_->getPublicKey(keyName)->getKeyDer();

   }


   void

   installIdentityCertificate(const IdentityCertificate& certificate)

   {

     if (!isSecurityV1_)

       throw Error

         ("installIdentityCertificate is not supported for security v2. Use getPib() methods.");


     identityManager_->addCertificate(certificate);

   }


   void

   setDefaultCertificateForKey(const IdentityCertificate& certificate)

   {

     if (!isSecurityV1_)

       throw Error

         ("setDefaultCertificateForKey is not supported for security v2. Use getPib() methods.");


     identityManager_->setDefaultCertificateForKey(certificate);

   }


   ptr_lib::shared_ptr<IdentityCertificate>

   getCertificate(const Name& certificateName)

   {

     if (!isSecurityV1_)

       throw Error

         ("getCertificate is not supported for security v2. Use getPib() methods.");


     return identityManager_->getCertificate(certificateName);

   }


   ptr_lib::shared_ptr<IdentityCertificate>

   DEPRECATED_IN_NDN_CPP getIdentityCertificate(const Name& certificateName)

   {

     if (!isSecurityV1_)

       throw Error

         ("getIdentityCertificate is not supported for security v2. Use getPib() methods.");


     return identityManager_->getCertificate(certificateName);

   }


   void

   revokeKey(const Name & keyName)

   {

     //TODO: Implement

   }


   void

   revokeCertificate(const Name & certificateName)

   {

     //TODO: Implement

   }


   const ptr_lib::shared_ptr<IdentityManager>&

   getIdentityManager()

   {

     if (!isSecurityV1_)

       throw Error("getIdentityManager is not supported for security v2");


     return identityManager_;

   }


   /*****************************************

    *           Policy Management           *

    *****************************************/


   const ptr_lib::shared_ptr<PolicyManager>&

   getPolicyManager() { return policyManager_; }


   /*****************************************

    *              Sign/Verify              *

    *****************************************/


   void

   sign(Data& data, const Name& certificateName,

        WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())

   {

     if (!isSecurityV1_) {

       SigningInfo signingInfo;

       signingInfo.setSigningCertificateName(certificateName);

       sign(data, signingInfo, wireFormat);

       return;

     }


     identityManager_->signByCertificate(data, certificateName, wireFormat);

   }


   void

   sign

     (Interest& interest, const Name& certificateName,

      WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())

   {

     if (!isSecurityV1_) {

       SigningInfo signingInfo;

       signingInfo.setSigningCertificateName(certificateName);

       sign(interest, signingInfo, wireFormat);

       return;

     }


     identityManager_->signInterestByCertificate

       (interest, certificateName, wireFormat);

   }


   ptr_lib::shared_ptr<Signature>

   sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)

   {

     if (!isSecurityV1_)

       throw Error

         ("sign(buffer, certificateName) is not supported for security v2. Use sign with SigningInfo.");


     return identityManager_->signByCertificate

       (buffer, bufferLength, certificateName);

   }


   ptr_lib::shared_ptr<Signature>

   sign(const std::vector<uint8_t>& buffer, const Name& certificateName)

   {

     return sign(&buffer[0], buffer.size(), certificateName);

   }


   void

   signByIdentity(Data& data, const Name& identityName = Name(), WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());


   ptr_lib::shared_ptr<Signature>

   signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);


   ptr_lib::shared_ptr<Signature>

   signByIdentity(const std::vector<uint8_t>& buffer, const Name& identityName)

   {

     return signByIdentity(&buffer[0], buffer.size(), identityName);

   }


   void

   signWithSha256

     (Data& data, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())

   {

     if (!isSecurityV1_) {

       SigningInfo signingInfo;

       signingInfo.setSha256Signing();

       sign(data, signingInfo, wireFormat);

       return;

     }


     identityManager_->signWithSha256(data, wireFormat);

   }


   void

   signWithSha256

     (Interest& interest, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())

   {

     if (!isSecurityV1_) {

       SigningInfo signingInfo;

       signingInfo.setSha256Signing();

       sign(interest, signingInfo, wireFormat);

       return;

     }


     identityManager_->signInterestWithSha256(interest, wireFormat);

   }


   void

   verifyData

     (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified,

      const OnDataValidationFailed& onValidationFailed, int stepCount = 0);


   void

   DEPRECATED_IN_NDN_CPP verifyData

     (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified,

      const OnVerifyFailed& onVerifyFailed, int stepCount = 0);


   void

   verifyInterest

     (const ptr_lib::shared_ptr<Interest>& interest,

      const OnVerifiedInterest& onVerified,

      const OnInterestValidationFailed& onValidationFailed, int stepCount = 0,

      WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());


   void

   DEPRECATED_IN_NDN_CPP verifyInterest

     (const ptr_lib::shared_ptr<Interest>& interest,

      const OnVerifiedInterest& onVerified,

      const OnVerifyInterestFailed& onVerifyFailed, int stepCount = 0,

      WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());


   void

   setFace(Face* face) { face_ = face; }


   static void

   signWithHmacWithSha256

     (Data& data, const Blob& key,

      WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());


   static void

   signWithHmacWithSha256

     (Interest& interest, const Blob& key, const Name& keyName,

      WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());


   static bool

   verifyDataWithHmacWithSha256

     (const Data& data, const Blob& key,

      WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());


   static bool

   verifyInterestWithHmacWithSha256

     (const Interest& interest, const Blob& key,

      WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());


   static const KeyParams&

   getDefaultKeyParams();


   static const RsaKeyParams DEPRECATED_IN_NDN_CPP DEFAULT_KEY_PARAMS;


 private:

   friend class CommandInterestSigner;


   void

   construct

     (const std::string& pibLocator, const std::string& tpmLocator,

      bool allowReset);


   static std::map<std::string, MakePibImpl>&

   getPibFactories();


   static std::map<std::string, MakeTpmBackEnd>&

   getTpmFactories();


   static void

   parseLocatorUri

     (const std::string& uri, std::string& scheme, std::string& location);


   static void

   parseAndCheckPibLocator

     (const std::string& pibLocator, std::string& pibScheme,

      std::string& pibLocation);


   static void

   parseAndCheckTpmLocator

     (const std::string& tpmLocator, std::string& tpmScheme,

      std::string& tpmLocation);


   static std::string

   getDefaultPibScheme();


   static std::string

   getDefaultTpmScheme();


   static ptr_lib::shared_ptr<Pib>

   createPib(const std::string& pibLocator);


   static ptr_lib::shared_ptr<Tpm>

   createTpm(const std::string& tpmLocator);


   static std::string

   getDefaultPibLocator(ConfigFile& config);


   static std::string

   getDefaultTpmLocator(ConfigFile& config);


   ptr_lib::shared_ptr<Signature>

   prepareSignatureInfo(const SigningInfo& params, Name& keyName);


   Blob

   sign(const uint8_t* buffer, size_t bufferLength, const Name& keyName,

        DigestAlgorithm digestAlgorithm) const;


   static const SigningInfo&

   getDefaultSigningInfo();


   // Private security v1 methods


   void

   onCertificateData

     (const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);


   void

   onCertificateInterestTimeout

     (const ptr_lib::shared_ptr<const Interest> &interest, int retry,

      const OnDataValidationFailed& onValidationFailed,

      const ptr_lib::shared_ptr<Data> &data,

      ptr_lib::shared_ptr<ValidationRequest> nextStep);


   void

   onCertificateInterestTimeoutForVerifyInterest

     (const ptr_lib::shared_ptr<const Interest> &interest, int retry,

      const OnInterestValidationFailed& onValidationFailed,

      const ptr_lib::shared_ptr<Interest>& originalInterest,

      ptr_lib::shared_ptr<ValidationRequest> nextStep);


   Name

   prepareDefaultCertificateName();


   void

   setDefaultCertificate();


   bool isSecurityV1_;

   ptr_lib::shared_ptr<IdentityManager> identityManager_; // for security v1

   ptr_lib::shared_ptr<PolicyManager> policyManager_;     // for security v1

   Face* face_; // for security v1


   ptr_lib::shared_ptr<Pib> pib_;

   ptr_lib::shared_ptr<Tpm> tpm_;


   static std::string* defaultPibLocator_;

   static std::string* defaultTpmLocator_;

   static std::map<std::string, MakePibImpl>* pibFactories_;

   static std::map<std::string, MakeTpmBackEnd>* tpmFactories_;

   static SigningInfo* defaultSigningInfo_;

   static KeyParams* defaultKeyParams_;

 };


 }


 #endif

ndn::KeyChain::revokeKey
void revokeKey(const Name &keyName)
Revoke a key.
Definition: key-chain.hpp:741

ndn::CommandInterestSigner
CommandInterestSigner is a helper class to create command interests.
Definition: command-interest-signer.hpp:38

ndn::KeyChain::getPolicyManager
const ptr_lib::shared_ptr< PolicyManager > & getPolicyManager()
Get the policy manager given to or created by the constructor.
Definition: key-chain.hpp:778

ndn::OnVerifyInterestFailed
func_lib::function< void(const ptr_lib::shared_ptr< Interest > &interest)> OnVerifyInterestFailed
An OnVerifyInterestFailed function object is used to pass a callback to verifyInterest to report a fa...
Definition: validation-request.hpp:68

ndn::OnVerifiedInterest
func_lib::function< void(const ptr_lib::shared_ptr< Interest > &interest)> OnVerifiedInterest
An OnVerifiedInterest function object is used to pass a callback to verifyInterest to report a succes...
Definition: validation-request.hpp:53

ndn::KeyChain::getDefaultIdentity
Name getDefaultIdentity()
Get the default identity.
Definition: key-chain.hpp:544

ndn::KeyChain::selfSign
ptr_lib::shared_ptr< CertificateV2 > selfSign(ptr_lib::shared_ptr< PibKey > &key, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Generate a self-signed certificate for the public key and add it to the PIB.
Definition: key-chain.cpp:392

ndn::KeyChain::verifyDataWithHmacWithSha256
static bool verifyDataWithHmacWithSha256(const Data &data, const Blob &key, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Compute a new HmacWithSha256 for the data packet and verify it against the signature value...

ndn::SigningInfo
A SigningInfo holds the signing parameters passed to the KeyChain.
Definition: signing-info.hpp:39

ndn::KeyChain::installIdentityCertificate
void installIdentityCertificate(const IdentityCertificate &certificate)
Install an identity certificate into the public key identity storage.
Definition: key-chain.hpp:685

ndn::KeyChain::signWithSha256
void signWithSha256(Data &data, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.
Definition: key-chain.hpp:900

ndn::KeyChain::registerPibBackend
static void registerPibBackend(const std::string &scheme, const MakePibImpl &makePibImpl)
Add to the PIB factories map where scheme is the key and makePibImpl is the value.
Definition: key-chain.hpp:447

ndn::Data
Definition: data.hpp:37

ndn::RsaKeyParams
Definition: key-params.hpp:80

ndn::Face
The Face class provides the main methods for NDN communication.
Definition: face.hpp:86

ndn::KeyChain::LocatorMismatchError
A KeyChain::LocatorMismatchError extends KeyChain::Error to indicate that the supplied TPM locator do...
Definition: key-chain.hpp:85

ndn::IdentityCertificate
Definition: identity-certificate.hpp:30

ndn::KeyChain::getIsSecurityV1
bool getIsSecurityV1() const
Get the flag set by the constructor if this is a security v1 or v2 KeyChain.
Definition: key-chain.hpp:186

ndn::KeyChain::verifyInterest
void verifyInterest(const ptr_lib::shared_ptr< Interest > &interest, const OnVerifiedInterest &onVerified, const OnInterestValidationFailed &onValidationFailed, int stepCount=0, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Check the signature on the signed interest and call either onVerify or onValidationFailed.
Definition: key-chain.cpp:588

ndn::KeyChain::registerTpmBackend
static void registerTpmBackend(const std::string &scheme, const MakeTpmBackEnd &makeTpmBackEnd)
Add to the TPM factories map where scheme is the key and makeTpmBackEnd is the value.
Definition: key-chain.hpp:462

ndn::KeyChain::sign
ptr_lib::shared_ptr< Signature > sign(const std::vector< uint8_t > &buffer, const Name &certificateName)
Sign the byte array using a certificate name and return a Signature object.
Definition: key-chain.hpp:854

ndn::Tpm
The TPM (Trusted Platform Module) stores the private portion of a user's cryptography keys...
Definition: tpm.hpp:54

ndn::KeyChain::signWithHmacWithSha256
static void signWithHmacWithSha256(Data &data, const Blob &key, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, compute an HmacWithSha256 and update the signature value.

ndn::KeyChain::sign
void sign(Interest &interest, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Sign the Interest with the default key of the default identity.
Definition: key-chain.hpp:367

ndn::KeyChain::signByIdentity
void signByIdentity(Data &data, const Name &identityName=Name(), WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, sign it and set its signature.
Definition: key-chain.cpp:482

ndn::KeyChain::generateEcdsaKeyPairAsDefault
Name generateEcdsaKeyPairAsDefault(const Name &identityName, bool isKsk=false, int keySize=256)
Generate a pair of ECDSA keys for the specified identity and set it as the default key for the identi...
Definition: key-chain.hpp:656

ndn::KeyChain::addCertificate
void addCertificate(PibKey &key, const CertificateV2 &certificate)
Add a certificate for the key.
Definition: key-chain.cpp:305

ndn::KeyChain::createIdentityV2
ptr_lib::shared_ptr< PibIdentity > createIdentityV2(const Name &identityName, const KeyParams &params=getDefaultKeyParams())
Create a security V2 identity for identityName.
Definition: key-chain.cpp:222

ndn::CertificateV2
CertificateV2 represents a certificate following the certificate format naming convention.
Definition: certificate-v2.hpp:81

ndn::OnVerified
func_lib::function< void(const ptr_lib::shared_ptr< Data > &data)> OnVerified
An OnVerified function object is used to pass a callback to verifyData to report a successful verific...
Definition: validation-request.hpp:33

ndn::KeyChain::DEFAULT_KEY_PARAMS
static const RsaKeyParams DEPRECATED_IN_NDN_CPP DEFAULT_KEY_PARAMS
Definition: key-chain.hpp:1097

ndn::SigningInfo::setSigningCertificateName
SigningInfo & setSigningCertificateName(const Name &certificateName)
Set this to type SIGNER_TYPE_CERT and a certificate with name certificateName.
Definition: signing-info.hpp:151

ndn::KeyChain::generateRSAKeyPairAsDefault
Name generateRSAKeyPairAsDefault(const Name &identityName, bool isKsk=false, int keySize=2048)
Generate a pair of RSA keys for the specified identity and set it as the default key for the identity...
Definition: key-chain.hpp:636

ndn::KeyChain::createIdentityAndCertificate
Name createIdentityAndCertificate(const Name &identityName, const KeyParams &params=getDefaultKeyParams())
Create a security v1 identity by creating a pair of Key-Signing-Key (KSK) for this identity and a sel...
Definition: key-chain.hpp:485

ndn::KeyChain::setFace
void setFace(Face *face)
Set the Face which will be used to fetch required certificates.
Definition: key-chain.hpp:1026

ndn::KeyChain::signByIdentity
ptr_lib::shared_ptr< Signature > signByIdentity(const std::vector< uint8_t > &buffer, const Name &identityName)
Sign the byte array using an identity name and return a Signature object.
Definition: key-chain.hpp:885

ndn::KeyChain::getCertificate
ptr_lib::shared_ptr< IdentityCertificate > getCertificate(const Name &certificateName)
Get a certificate with the specified name.
Definition: key-chain.hpp:714

ndn::IdentityCertificate::certificateNameToPublicKeyName
static Name certificateNameToPublicKeyName(const Name &certificateName)
Get the public key name from the full certificate name.
Definition: identity-certificate.cpp:101

ndn::KeyChain::getIdentityCertificate
ptr_lib::shared_ptr< IdentityCertificate > DEPRECATED_IN_NDN_CPP getIdentityCertificate(const Name &certificateName)
Definition: key-chain.hpp:727

ndn::KeyChain::setDefaultKey
void setDefaultKey(PibIdentity &identity, PibKey &key)
Set the key as the default key of identity.
Definition: key-chain.cpp:295

ndn::KeyChain::sign
void sign(Data &data, const Name &certificateName, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, sign it and set its signature.
Definition: key-chain.hpp:791

ndn::KeyChain::createIdentity
Name DEPRECATED_IN_NDN_CPP createIdentity(const Name &identityName, const KeyParams &params=getDefaultKeyParams())
Create a security v1 identity by creating a pair of Key-Signing-Key (KSK) for this identity and a sel...
Definition: key-chain.hpp:511

ndn::PibKey
The PibKey class provides access to a key at the second level in the PIB's Identity-Key-Certificate h...
Definition: pib-key.hpp:43

ndn::KeyChain
KeyChain is the main class of the security library.
Definition: key-chain.hpp:53

ndn::KeyChain::createKey
ptr_lib::shared_ptr< PibKey > createKey(PibIdentity &identity, const KeyParams &params=getDefaultKeyParams())
Create a key for the identity according to params.
Definition: key-chain.cpp:266

ndn::KeyChain::sign
void sign(Data &data, const SigningInfo &params, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, sign it according to the supplied signing parameters, and set its signature.
Definition: key-chain.cpp:335

ndn::PibIdentity
PibIdentity is at the top level in PIB's Identity-Key-Certificate hierarchy.
Definition: pib-identity.hpp:48

ndn::Name
A Name holds an array of Name::Component and represents an NDN name.
Definition: name.hpp:40

ndn::KeyChain::deleteIdentity
void deleteIdentity(const Name &identityName)
Delete the identity from the public and private key storage.
Definition: key-chain.hpp:524

ndn::KeyChain::Error
A KeyChain::Error extends runtime_error and represents an error in KeyChain processing.
Definition: key-chain.hpp:59

ndn::KeyChain::sign
ptr_lib::shared_ptr< Signature > sign(const uint8_t *buffer, size_t bufferLength, const Name &certificateName)
Sign the byte array using a certificate name and return a Signature object.
Definition: key-chain.hpp:837

ndn::KeyChain::createSigningRequest
Blob createSigningRequest(const Name &keyName)
Create a public key signing request.
Definition: key-chain.hpp:671

ndn::Blob
A Blob holds a pointer to an immutable byte array implemented as const std::vector<uint8_t>.
Definition: blob.hpp:42

ndn::Interest
An Interest holds a Name and other fields for an interest.
Definition: interest.hpp:43

ndn::KeyChain::InvalidSigningInfoError
A KeyChain::InvalidSigningInfoError extends KeyChain::Error to indicate that the supplied SigningInfo...
Definition: key-chain.hpp:72

ndn::KeyChain::sign
void sign(Data &data, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, sign it with the default key of the default identity, and set its signature.
Definition: key-chain.hpp:325

ndn::KeyChain::setDefaultKeyForIdentity
void setDefaultKeyForIdentity(const Name &keyName, const Name &identityNameCheck=Name())
Set a key as the default key of an identity.
Definition: key-chain.hpp:616

ndn::KeyChain::KeyChain
KeyChain()
Create a KeyChain with the default PIB and TPM, which are platform-dependent and can be overridden sy...
Definition: key-chain.cpp:141

ndn::SafeBag
A SafeBag represents a container for sensitive related information such as a certificate and private ...
Definition: safe-bag.hpp:35

ndn::KeyChain::setDefaultCertificateForKey
void setDefaultCertificateForKey(const IdentityCertificate &certificate)
Set the certificate as the default for its corresponding key.
Definition: key-chain.hpp:699

ndn::OnInterestValidationFailed
func_lib::function< void(const ptr_lib::shared_ptr< Interest > &interest, const std::string &reason)> OnInterestValidationFailed
An OnInterestValidationFailed function object is used to pass a callback to verifyInterest to report ...
Definition: validation-request.hpp:61

ndn::KeyChain::deleteKey
void deleteKey(PibIdentity &identity, PibKey &key)
Delete the given key of the given identity.
Definition: key-chain.cpp:283

ndn::KeyChain::deleteCertificate
void deleteCertificate(PibKey &key, const Name &certificateName)
Delete the certificate with the given name from the given key.
Definition: key-chain.cpp:316

ndn::PibKey::extractIdentityFromKeyName
static Name extractIdentityFromKeyName(const Name &keyName)
Extract the identity namespace from keyName.
Definition: pib-key.cpp:90

ndn::KeyChain::verifyInterestWithHmacWithSha256
static bool verifyInterestWithHmacWithSha256(const Interest &interest, const Blob &key, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Compute a new HmacWithSha256 for all but the final name component and verify it against the signature...

ndn::KeyParams
KeyParams is a base class for key parameters.
Definition: key-params.hpp:36

ndn::KeyChain::generateEcdsaKeyPair
Name generateEcdsaKeyPair(const Name &identityName, bool isKsk=false, int keySize=256)
Generate a pair of ECDSA keys for the specified identity.
Definition: key-chain.hpp:599

ndn::OnVerifyFailed
func_lib::function< void(const ptr_lib::shared_ptr< Data > &data)> OnVerifyFailed
An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verific...
Definition: validation-request.hpp:46

ndn::KeyChain::setDefaultIdentity
void setDefaultIdentity(PibIdentity &identity)
Set the identity as the default identity.
Definition: key-chain.cpp:260

ndn::KeyChain::setDefaultCertificate
void setDefaultCertificate(PibKey &key, const CertificateV2 &certificate)
Set the certificate as the default certificate of the key.
Definition: key-chain.cpp:326

ndn::ConfigFile
A ConfigFile locates, opens, and parses a library configuration file, and holds the values for the ap...
Definition: config-file.hpp:36

ndn::SigningInfo::setSha256Signing
SigningInfo & setSha256Signing()
Set this to type SIGNER_TYPE_SHA256, and set the digest algorithm to DIGEST_ALGORITHM_SHA256.
Definition: signing-info.hpp:164

ndn::WireFormat::getDefaultWireFormat
static WireFormat * getDefaultWireFormat()
Return the default WireFormat used by default encoding and decoding methods which was set with setDef...
Definition: wire-format.cpp:34

ndn::KeyChain::deleteIdentity
void deleteIdentity(PibIdentity &identity)
Delete the identity.
Definition: key-chain.cpp:246

ndn::KeyChain::generateRSAKeyPair
Name generateRSAKeyPair(const Name &identityName, bool isKsk=false, int keySize=2048)
Generate a pair of RSA keys for the specified identity.
Definition: key-chain.hpp:580

ndn::KeyChain::getDefaultCertificateName
Name getDefaultCertificateName()
Get the default certificate name of the default identity.
Definition: key-chain.hpp:561

ndn::KeyChain::getIdentityManager
const ptr_lib::shared_ptr< IdentityManager > & getIdentityManager()
Get the identity manager given to or created by the constructor.
Definition: key-chain.hpp:761

ndn::WireFormat
Definition: wire-format.hpp:39

ndn::Pib::Error
A Pib::Error extends runtime_error and represents a semantic error in PIB processing.
Definition: pib.hpp:60

ndn::KeyChain::importSafeBag
void importSafeBag(const SafeBag &safeBag, const uint8_t *password=0, size_t passwordLength=0)
Import a certificate and its corresponding private key encapsulated in a SafeBag. ...
Definition: key-chain.cpp:424

ndn::KeyChain::verifyData
void verifyData(const ptr_lib::shared_ptr< Data > &data, const OnVerified &onVerified, const OnDataValidationFailed &onValidationFailed, int stepCount=0)
Check the signature on the Data object and call either onVerify or onValidationFailed.
Definition: key-chain.cpp:529

ndn::Pib
In general, a PIB (Public Information Base) stores the public portion of a user's cryptography keys...
Definition: pib.hpp:54

ndn::KeyChain::revokeCertificate
void revokeCertificate(const Name &certificateName)
Revoke a certificate.
Definition: key-chain.hpp:751

ndn::OnDataValidationFailed
func_lib::function< void(const ptr_lib::shared_ptr< Data > &data, const std::string &reason)> OnDataValidationFailed
An OnDataValidationFailed function object is used to pass a callback to verifyData to report a failed...
Definition: validation-request.hpp:41