An IdentityManager is the interface of operations related to identity, keys, and certificates. More...
#include <identity-manager.hpp>
Public Member Functions | |
IdentityManager (const ptr_lib::shared_ptr< IdentityStorage > &identityStorage, const ptr_lib::shared_ptr< PrivateKeyStorage > &privateKeyStorage) | |
Create a new IdentityManager to use the given IdentityStorage and PrivateKeyStorage. More... | |
IdentityManager (const ptr_lib::shared_ptr< IdentityStorage > &identityStorage) | |
Create a new IdentityManager to use the given IdentityStorage and the default PrivateKeyStorage for your system, which is OSXPrivateKeyStorage for OS X, otherwise FilePrivateKeyStorage. More... | |
IdentityManager () | |
Create a new IdentityManager to use BasicIdentityStorage and the default PrivateKeyStorage for your system, which is OSXPrivateKeyStorage for OS X, otherwise FilePrivateKeyStorage. More... | |
Name | createIdentityAndCertificate (const Name &identityName, const KeyParams ¶ms) |
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. More... | |
Name DEPRECATED_IN_NDN_CPP | createIdentity (const Name &identityName, const KeyParams ¶ms) |
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. More... | |
ptr_lib::shared_ptr< IdentityCertificate > | prepareUnsignedIdentityCertificate (const Name &keyName, const Name &signingIdentity, MillisecondsSince1970 notBefore, MillisecondsSince1970 notAfter, std::vector< CertificateSubjectDescription > &subjectDescription, const Name *certPrefix=0) |
Use the keyName to get the public key from the identity storage and prepare an unsigned identity certificate. More... | |
ptr_lib::shared_ptr< IdentityCertificate > | prepareUnsignedIdentityCertificate (const Name &keyName, const PublicKey &publicKey, const Name &signingIdentity, MillisecondsSince1970 notBefore, MillisecondsSince1970 notAfter, std::vector< CertificateSubjectDescription > &subjectDescription, const Name *certPrefix=0) |
Prepare an unsigned identity certificate. More... | |
void | deleteIdentity (const Name &identityName) |
Delete the identity from the public and private key storage. More... | |
void | setDefaultIdentity (const Name &identityName) |
Set the default identity. More... | |
Name | getDefaultIdentity () |
Get the default identity. More... | |
ptr_lib::shared_ptr< IdentityCertificate > | getDefaultCertificate () |
Get the certificate of the default identity. More... | |
Name | generateRSAKeyPair (const Name &identityName, bool isKsk=false, int keySize=2048) |
Generate a pair of RSA keys for the specified identity. More... | |
Name | generateEcdsaKeyPair (const Name &identityName, bool isKsk=false, int keySize=256) |
Generate a pair of ECDSA keys for the specified identity. More... | |
void | setDefaultKeyForIdentity (const Name &keyName, const Name &identityNameCheck=Name()) |
Set a key as the default key of an identity. More... | |
Name | getDefaultKeyNameForIdentity (const Name &identityName) |
Get the default key for an identity. More... | |
Name | generateRSAKeyPairAsDefault (const Name &identityName, bool isKsk=false, int keySize=2048) |
Generate a pair of RSA keys for the specified identity and set it as default key for the identity. More... | |
Name | generateEcdsaKeyPairAsDefault (const Name &identityName, bool isKsk=false, int keySize=256) |
Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity. More... | |
ptr_lib::shared_ptr< PublicKey > | getPublicKey (const Name &keyName) |
Get the public key with the specified name. More... | |
Name | createIdentityCertificate (const Name &certificatePrefix, const Name &signerCertificateName, const MillisecondsSince1970 ¬Before, const MillisecondsSince1970 ¬After) |
Create an identity certificate for a public key managed by this IdentityManager. More... | |
ptr_lib::shared_ptr< IdentityCertificate > | createIdentityCertificate (const Name &certificatePrefix, const PublicKey &publickey, const Name &signerCertificateName, const MillisecondsSince1970 ¬Before, const MillisecondsSince1970 ¬After) |
Create an identity certificate for a public key supplied by the caller. More... | |
void | addCertificate (const IdentityCertificate &certificate) |
Add a certificate into the public key identity storage. More... | |
void | setDefaultCertificateForKey (const IdentityCertificate &certificate) |
Set the certificate as the default for its corresponding key. More... | |
void | addCertificateAsIdentityDefault (const IdentityCertificate &certificate) |
Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity. More... | |
void | addCertificateAsDefault (const IdentityCertificate &certificate) |
Add a certificate into the public key identity storage and set the certificate as the default of its corresponding key. More... | |
ptr_lib::shared_ptr< IdentityCertificate > | getCertificate (const Name &certificateName) |
Get a certificate with the specified name. More... | |
Name | getDefaultCertificateNameForIdentity (const Name &identityName) |
Get the default certificate name for the specified identity, which will be used when signing is performed based on identity. More... | |
Name | getDefaultCertificateName () |
Get the default certificate name of the default identity, which will be used when signing is based on identity and the identity is not specified. More... | |
void | getAllIdentities (std::vector< Name > &nameList, bool isDefault) |
Append all the identity names to the nameList. More... | |
void | getAllKeyNamesOfIdentity (const Name &identityName, std::vector< Name > &nameList, bool isDefault) |
Append all the key names of a particular identity to the nameList. More... | |
void | getAllCertificateNamesOfKey (const Name &keyName, std::vector< Name > &nameList, bool isDefault) |
Append all the certificate names of a particular key name to the nameList. More... | |
ptr_lib::shared_ptr< Signature > | signByCertificate (const uint8_t *buffer, size_t bufferLength, const Name &certificateName) |
Sign the byte array data based on the certificate name. More... | |
ptr_lib::shared_ptr< Signature > | signByCertificate (const std::vector< uint8_t > &buffer, const Name &certificateName) |
Sign the byte array data based on the certificate name. More... | |
void | signByCertificate (Data &data, const Name &certificateName, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat()) |
Sign data packet based on the certificate name. More... | |
void | signInterestByCertificate (Interest &interest, const Name &certificateName, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat()) |
Append a SignatureInfo to the Interest name, sign the name components and append a final name component with the signature bits. More... | |
void | signWithSha256 (Data &data, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat()) |
Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256. More... | |
void | signInterestWithSha256 (Interest &interest, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat()) |
Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and append a final name component with the signature bits (which is the digest). More... | |
ptr_lib::shared_ptr< IdentityCertificate > | selfSign (const Name &keyName) |
Generate a self-signed certificate for a public key. More... | |
An IdentityManager is the interface of operations related to identity, keys, and certificates.
ndn::IdentityManager::IdentityManager | ( | const ptr_lib::shared_ptr< IdentityStorage > & | identityStorage, |
const ptr_lib::shared_ptr< PrivateKeyStorage > & | privateKeyStorage | ||
) |
Create a new IdentityManager to use the given IdentityStorage and PrivateKeyStorage.
identityStorage | An object of a subclass of IdentityStorage. |
privateKeyStorage | An object of a subclass of PrivateKeyStorage. |
ndn::IdentityManager::IdentityManager | ( | const ptr_lib::shared_ptr< IdentityStorage > & | identityStorage | ) |
Create a new IdentityManager to use the given IdentityStorage and the default PrivateKeyStorage for your system, which is OSXPrivateKeyStorage for OS X, otherwise FilePrivateKeyStorage.
identityStorage | An object of a subclass of IdentityStorage. |
ndn::IdentityManager::IdentityManager | ( | ) |
Create a new IdentityManager to use BasicIdentityStorage and the default PrivateKeyStorage for your system, which is OSXPrivateKeyStorage for OS X, otherwise FilePrivateKeyStorage.
identityStorage | An object of a subclass of IdentityStorage. |
|
inline |
Add a certificate into the public key identity storage.
certificate | The certificate to to added. This makes a copy of the certificate. |
void ndn::IdentityManager::addCertificateAsDefault | ( | const IdentityCertificate & | certificate | ) |
Add a certificate into the public key identity storage and set the certificate as the default of its corresponding key.
certificate | The certificate to be added. This makes a copy of the certificate. |
void ndn::IdentityManager::addCertificateAsIdentityDefault | ( | const IdentityCertificate & | certificate | ) |
Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.
certificate | The certificate to be added. This makes a copy of the certificate. |
|
inline |
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
identityName | The name of the identity. |
params | The key parameters if a key needs to be generated for the identity. |
Name ndn::IdentityManager::createIdentityAndCertificate | ( | const Name & | identityName, |
const KeyParams & | params | ||
) |
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
If a key pair or certificate for the identity already exists, use it.
identityName | The name of the identity. |
params | The key parameters if a key needs to be generated for the identity. |
Name ndn::IdentityManager::createIdentityCertificate | ( | const Name & | certificatePrefix, |
const Name & | signerCertificateName, | ||
const MillisecondsSince1970 & | notBefore, | ||
const MillisecondsSince1970 & | notAfter | ||
) |
Create an identity certificate for a public key managed by this IdentityManager.
certificatePrefix | The name of public key to be signed. |
signerCertificateName | The name of signing certificate. |
notBefore | The notBefore value in the validity field of the generated certificate. |
notAfter | The notAfter value in validity field of the generated certificate. |
ptr_lib::shared_ptr< IdentityCertificate > ndn::IdentityManager::createIdentityCertificate | ( | const Name & | certificatePrefix, |
const PublicKey & | publickey, | ||
const Name & | signerCertificateName, | ||
const MillisecondsSince1970 & | notBefore, | ||
const MillisecondsSince1970 & | notAfter | ||
) |
Create an identity certificate for a public key supplied by the caller.
certificatePrefix | The name of public key to be signed. |
publickey | The public key to be signed. |
signerCertificateName | The name of signing certificate. |
notBefore | The notBefore value in the validity field of the generated certificate. |
notAfter | The notAfter vallue in validity field of the generated certificate. |
void ndn::IdentityManager::deleteIdentity | ( | const Name & | identityName | ) |
Delete the identity from the public and private key storage.
If the identity to be deleted is the current default system default, this will not delete the identity and will return immediately.
identityName | The name of the identity. |
Name ndn::IdentityManager::generateEcdsaKeyPair | ( | const Name & | identityName, |
bool | isKsk = false , |
||
int | keySize = 256 |
||
) |
Generate a pair of ECDSA keys for the specified identity.
identityName | The name of the identity. |
isKsk | (optional) true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). If omitted, generate a Data-Signing-Key. |
keySize | (optional) The size of the key. If omitted, use a default secure key size. |
Name ndn::IdentityManager::generateEcdsaKeyPairAsDefault | ( | const Name & | identityName, |
bool | isKsk = false , |
||
int | keySize = 256 |
||
) |
Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity.
identityName | The name of the identity. |
isKsk | (optional) true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). If omitted, generate a Data-Signing-Key. |
keySize | (optional) The size of the key. If omitted, use a default secure key size. |
Name ndn::IdentityManager::generateRSAKeyPair | ( | const Name & | identityName, |
bool | isKsk = false , |
||
int | keySize = 2048 |
||
) |
Generate a pair of RSA keys for the specified identity.
identityName | The name of the identity. |
isKsk | (optional) true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). If omitted, generate a Data-Signing-Key. |
keySize | (optional) The size of the key. If omitted, use a default secure key size. |
Name ndn::IdentityManager::generateRSAKeyPairAsDefault | ( | const Name & | identityName, |
bool | isKsk = false , |
||
int | keySize = 2048 |
||
) |
Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
identityName | The name of the identity. |
isKsk | (optional) true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). If omitted, generate a Data-Signing-Key. |
keySize | (optional) The size of the key. If omitted, use a default secure key size. |
|
inline |
Append all the certificate names of a particular key name to the nameList.
keyName | The key name to search for. |
nameList | Append result names to nameList. |
isDefault | If true, add only the default certificate name. If false, add only the non-default certificate names. |
|
inline |
Append all the identity names to the nameList.
nameList | Append result names to nameList. |
isDefault | If true, add only the default key name. If false, add only the non-default key names. |
|
inline |
Append all the key names of a particular identity to the nameList.
identityName | The identity name to search for. |
nameList | Append result names to nameList. |
isDefault | If true, add only the default key name. If false, add only the non-default key names. |
|
inline |
Get a certificate with the specified name.
certificateName | The name of the requested certificate. |
|
inline |
Get the certificate of the default identity.
|
inline |
Get the default certificate name of the default identity, which will be used when signing is based on identity and the identity is not specified.
SecurityException | if the default identity is not set or the default key name for the identity is not set or the default certificate name for the key name is not set. |
Get the default certificate name for the specified identity, which will be used when signing is performed based on identity.
identityName | The name of the specified identity. |
SecurityException | if the default key name for the identity is not set or the default certificate name for the key name is not set. |
|
inline |
Get the default identity.
SecurityException | if the default identity is not set. |
Get the default key for an identity.
identityName | The name of the identity. |
SecurityException | if the default key name for the identity is not set. |
Get the public key with the specified name.
keyName | The name of the key. |
ptr_lib::shared_ptr<IdentityCertificate> ndn::IdentityManager::prepareUnsignedIdentityCertificate | ( | const Name & | keyName, |
const Name & | signingIdentity, | ||
MillisecondsSince1970 | notBefore, | ||
MillisecondsSince1970 | notAfter, | ||
std::vector< CertificateSubjectDescription > & | subjectDescription, | ||
const Name * | certPrefix = 0 |
||
) |
Use the keyName to get the public key from the identity storage and prepare an unsigned identity certificate.
keyName | The key name, e.g., /<identity_name>/ksk-123456 . |
signingIdentity | The signing identity. |
notBefore | See IdentityCertificate. |
notAfter | See IdentityCertificate. |
subjectDescription | A list of CertificateSubjectDescription. See IdentityCertificate. If empty, this adds a an ATTRIBUTE_NAME based on the keyName. |
certPrefix | (optional) The prefix before the KEY component. If 0, this infers the certificate name according to the relation between the signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, KEY will be inserted after the signingIdentity, otherwise KEY is inserted after subject identity (i.e., before ksk-... ). |
ptr_lib::shared_ptr<IdentityCertificate> ndn::IdentityManager::prepareUnsignedIdentityCertificate | ( | const Name & | keyName, |
const PublicKey & | publicKey, | ||
const Name & | signingIdentity, | ||
MillisecondsSince1970 | notBefore, | ||
MillisecondsSince1970 | notAfter, | ||
std::vector< CertificateSubjectDescription > & | subjectDescription, | ||
const Name * | certPrefix = 0 |
||
) |
Prepare an unsigned identity certificate.
keyName | The key name, e.g., /<identity_name>/ksk-123456 . |
publicKey | The public key to sign. |
signingIdentity | The signing identity. |
notBefore | See IdentityCertificate. |
notAfter | See IdentityCertificate. |
subjectDescription | A list of CertificateSubjectDescription. See IdentityCertificate. If empty, this adds a an ATTRIBUTE_NAME based on the keyName. |
certPrefix | (optional) The prefix before the KEY component. If 0, this infers the certificate name according to the relation between the signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, KEY will be inserted after the signingIdentity, otherwise KEY is inserted after subject identity (i.e., before ksk-... ). |
ptr_lib::shared_ptr< IdentityCertificate > ndn::IdentityManager::selfSign | ( | const Name & | keyName | ) |
Generate a self-signed certificate for a public key.
keyName | The name of the public key. |
void ndn::IdentityManager::setDefaultCertificateForKey | ( | const IdentityCertificate & | certificate | ) |
Set the certificate as the default for its corresponding key.
certificate | The certificate. |
|
inline |
Set the default identity.
If the identityName does not exist, then clear the default identity so that getDefaultIdentity() throws an exception.
identityName | The default identity name. |
|
inline |
Set a key as the default key of an identity.
The identity name is inferred from keyName.
keyName | The name of the key. |
identityNameCheck | (optional) The identity name to check that the keyName contains the same identity name. If an empty name, it is ignored. |
ptr_lib::shared_ptr< Signature > ndn::IdentityManager::signByCertificate | ( | const uint8_t * | buffer, |
size_t | bufferLength, | ||
const Name & | certificateName | ||
) |
Sign the byte array data based on the certificate name.
buffer | The byte array to be signed. |
bufferLength | the length of buffer. |
certificateName | The signing certificate name. |
|
inline |
Sign the byte array data based on the certificate name.
buffer | The byte array to be signed. |
certificateName | The signing certificate name. |
void ndn::IdentityManager::signByCertificate | ( | Data & | data, |
const Name & | certificateName, | ||
WireFormat & | wireFormat = *WireFormat::getDefaultWireFormat() |
||
) |
Sign data packet based on the certificate name.
data | The Data object to sign and update its signature. |
certificateName | The Name identifying the certificate which identifies the signing key. |
wireFormat | The WireFormat for calling encodeData, or WireFormat::getDefaultWireFormat() if omitted. |
void ndn::IdentityManager::signInterestByCertificate | ( | Interest & | interest, |
const Name & | certificateName, | ||
WireFormat & | wireFormat = *WireFormat::getDefaultWireFormat() |
||
) |
Append a SignatureInfo to the Interest name, sign the name components and append a final name component with the signature bits.
interest | The Interest object to be signed. This appends name components of SignatureInfo and the signature bits. |
certificateName | The certificate name of the key to use for signing. |
wireFormat | (optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat(). |
void ndn::IdentityManager::signInterestWithSha256 | ( | Interest & | interest, |
WireFormat & | wireFormat = *WireFormat::getDefaultWireFormat() |
||
) |
Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and append a final name component with the signature bits (which is the digest).
interest | The Interest object to be signed. This appends name components of SignatureInfo and the signature bits. |
wireFormat | (optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat(). |
void ndn::IdentityManager::signWithSha256 | ( | Data & | data, |
WireFormat & | wireFormat = *WireFormat::getDefaultWireFormat() |
||
) |
Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.
data | The Data object to be signed. This updates its signature and wireEncoding. |
wireFormat | (optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat(). |