An IdentityManager is the interface of operations related to identity, keys, and certificates. More...

#include <identity-manager.hpp>

Public Member Functions
	IdentityManager (const ptr_lib::shared_ptr< IdentityStorage > &identityStorage, const ptr_lib::shared_ptr< PrivateKeyStorage > &privateKeyStorage)
	Create a new IdentityManager to use the given IdentityStorage and PrivateKeyStorage. More...

	IdentityManager (const ptr_lib::shared_ptr< IdentityStorage > &identityStorage)
	Create a new IdentityManager to use the given IdentityStorage and the default PrivateKeyStorage for your system, which is OSXPrivateKeyStorage for OS X, otherwise FilePrivateKeyStorage. More...

	IdentityManager ()
	Create a new IdentityManager to use BasicIdentityStorage and the default PrivateKeyStorage for your system, which is OSXPrivateKeyStorage for OS X, otherwise FilePrivateKeyStorage. More...

Name	createIdentityAndCertificate (const Name &identityName, const KeyParams &params)
	Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. More...

Name DEPRECATED_IN_NDN_CPP	createIdentity (const Name &identityName, const KeyParams &params)
	Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. More...

ptr_lib::shared_ptr< IdentityCertificate >	prepareUnsignedIdentityCertificate (const Name &keyName, const Name &signingIdentity, MillisecondsSince1970 notBefore, MillisecondsSince1970 notAfter, std::vector< CertificateSubjectDescription > &subjectDescription, const Name *certPrefix=0)
	Use the keyName to get the public key from the identity storage and prepare an unsigned identity certificate. More...

ptr_lib::shared_ptr< IdentityCertificate >	prepareUnsignedIdentityCertificate (const Name &keyName, const PublicKey &publicKey, const Name &signingIdentity, MillisecondsSince1970 notBefore, MillisecondsSince1970 notAfter, std::vector< CertificateSubjectDescription > &subjectDescription, const Name *certPrefix=0)
	Prepare an unsigned identity certificate. More...

void	deleteIdentity (const Name &identityName)
	Delete the identity from the public and private key storage. More...

void	setDefaultIdentity (const Name &identityName)
	Set the default identity. More...

Name	getDefaultIdentity ()
	Get the default identity. More...

ptr_lib::shared_ptr< IdentityCertificate >	getDefaultCertificate ()
	Get the certificate of the default identity. More...

Name	generateRSAKeyPair (const Name &identityName, bool isKsk=false, int keySize=2048)
	Generate a pair of RSA keys for the specified identity. More...

Name	generateEcdsaKeyPair (const Name &identityName, bool isKsk=false, int keySize=256)
	Generate a pair of ECDSA keys for the specified identity. More...

void	setDefaultKeyForIdentity (const Name &keyName, const Name &identityNameCheck=Name())
	Set a key as the default key of an identity. More...

Name	getDefaultKeyNameForIdentity (const Name &identityName)
	Get the default key for an identity. More...

Name	generateRSAKeyPairAsDefault (const Name &identityName, bool isKsk=false, int keySize=2048)
	Generate a pair of RSA keys for the specified identity and set it as default key for the identity. More...

Name	generateEcdsaKeyPairAsDefault (const Name &identityName, bool isKsk=false, int keySize=256)
	Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity. More...

ptr_lib::shared_ptr< PublicKey >	getPublicKey (const Name &keyName)
	Get the public key with the specified name. More...

Name	createIdentityCertificate (const Name &certificatePrefix, const Name &signerCertificateName, const MillisecondsSince1970 &notBefore, const MillisecondsSince1970 &notAfter)
	Create an identity certificate for a public key managed by this IdentityManager. More...

ptr_lib::shared_ptr< IdentityCertificate >	createIdentityCertificate (const Name &certificatePrefix, const PublicKey &publickey, const Name &signerCertificateName, const MillisecondsSince1970 &notBefore, const MillisecondsSince1970 &notAfter)
	Create an identity certificate for a public key supplied by the caller. More...

void	addCertificate (const IdentityCertificate &certificate)
	Add a certificate into the public key identity storage. More...

void	setDefaultCertificateForKey (const IdentityCertificate &certificate)
	Set the certificate as the default for its corresponding key. More...

void	addCertificateAsIdentityDefault (const IdentityCertificate &certificate)
	Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity. More...

void	addCertificateAsDefault (const IdentityCertificate &certificate)
	Add a certificate into the public key identity storage and set the certificate as the default of its corresponding key. More...

ptr_lib::shared_ptr< IdentityCertificate >	getCertificate (const Name &certificateName)
	Get a certificate with the specified name. More...

Name	getDefaultCertificateNameForIdentity (const Name &identityName)
	Get the default certificate name for the specified identity, which will be used when signing is performed based on identity. More...

Name	getDefaultCertificateName ()
	Get the default certificate name of the default identity, which will be used when signing is based on identity and the identity is not specified. More...

void	getAllIdentities (std::vector< Name > &nameList, bool isDefault)
	Append all the identity names to the nameList. More...

void	getAllKeyNamesOfIdentity (const Name &identityName, std::vector< Name > &nameList, bool isDefault)
	Append all the key names of a particular identity to the nameList. More...

void	getAllCertificateNamesOfKey (const Name &keyName, std::vector< Name > &nameList, bool isDefault)
	Append all the certificate names of a particular key name to the nameList. More...

ptr_lib::shared_ptr< Signature >	signByCertificate (const uint8_t *buffer, size_t bufferLength, const Name &certificateName)
	Sign the byte array data based on the certificate name. More...

ptr_lib::shared_ptr< Signature >	signByCertificate (const std::vector< uint8_t > &buffer, const Name &certificateName)
	Sign the byte array data based on the certificate name. More...

void	signByCertificate (Data &data, const Name &certificateName, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
	Sign data packet based on the certificate name. More...

void	signInterestByCertificate (Interest &interest, const Name &certificateName, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
	Append a SignatureInfo to the Interest name, sign the name components and append a final name component with the signature bits. More...

void	signWithSha256 (Data &data, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
	Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256. More...

void	signInterestWithSha256 (Interest &interest, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
	Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and append a final name component with the signature bits (which is the digest). More...

ptr_lib::shared_ptr< IdentityCertificate >	selfSign (const Name &keyName)
	Generate a self-signed certificate for a public key. More...

Detailed Description

An IdentityManager is the interface of operations related to identity, keys, and certificates.

Constructor & Destructor Documentation

ndn::IdentityManager::IdentityManager	(	const ptr_lib::shared_ptr< IdentityStorage > &	identityStorage,
		const ptr_lib::shared_ptr< PrivateKeyStorage > &	privateKeyStorage
	)

Create a new IdentityManager to use the given IdentityStorage and PrivateKeyStorage.

Parameters

identityStorage	An object of a subclass of IdentityStorage.
privateKeyStorage	An object of a subclass of PrivateKeyStorage.

ndn::IdentityManager::IdentityManager ( const ptr_lib::shared_ptr< IdentityStorage > & identityStorage )

Create a new IdentityManager to use the given IdentityStorage and the default PrivateKeyStorage for your system, which is OSXPrivateKeyStorage for OS X, otherwise FilePrivateKeyStorage.

Parameters

identityStorage An object of a subclass of IdentityStorage.

ndn::IdentityManager::IdentityManager ( )

Create a new IdentityManager to use BasicIdentityStorage and the default PrivateKeyStorage for your system, which is OSXPrivateKeyStorage for OS X, otherwise FilePrivateKeyStorage.

Parameters

identityStorage An object of a subclass of IdentityStorage.

Member Function Documentation

void ndn::IdentityManager::addCertificate ( const IdentityCertificate & certificate )

inline

Add a certificate into the public key identity storage.

Parameters

certificate The certificate to to added. This makes a copy of the certificate.

void ndn::IdentityManager::addCertificateAsDefault ( const IdentityCertificate & certificate )

Add a certificate into the public key identity storage and set the certificate as the default of its corresponding key.

Parameters

certificate The certificate to be added. This makes a copy of the certificate.

void ndn::IdentityManager::addCertificateAsIdentityDefault ( const IdentityCertificate & certificate )

Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.

Parameters

certificate The certificate to be added. This makes a copy of the certificate.

Name DEPRECATED_IN_NDN_CPP ndn::IdentityManager::createIdentity	(	const Name &	identityName,
		const KeyParams &	params
	)

inline

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.

Deprecated:

Use createIdentityAndCertificate which returns the certificate name instead of the key name. You can use IdentityCertificate.certificateNameToPublicKeyName to convert the certificate name to the key name.

Parameters

identityName	The name of the identity.
params	The key parameters if a key needs to be generated for the identity.

Returns: The key name of the auto-generated KSK of the identity.

Name ndn::IdentityManager::createIdentityAndCertificate	(	const Name &	identityName,
		const KeyParams &	params
	)

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.

If a key pair or certificate for the identity already exists, use it.

Parameters

identityName	The name of the identity.
params	The key parameters if a key needs to be generated for the identity.

Returns: The name of the default certificate of the identity.

Name ndn::IdentityManager::createIdentityCertificate	(	const Name &	certificatePrefix,
		const Name &	signerCertificateName,
		const MillisecondsSince1970 &	notBefore,
		const MillisecondsSince1970 &	notAfter
	)

Create an identity certificate for a public key managed by this IdentityManager.

Parameters

certificatePrefix	The name of public key to be signed.
signerCertificateName	The name of signing certificate.
notBefore	The notBefore value in the validity field of the generated certificate.
notAfter	The notAfter value in validity field of the generated certificate.

Returns: The name of generated identity certificate.

ptr_lib::shared_ptr< IdentityCertificate > ndn::IdentityManager::createIdentityCertificate	(	const Name &	certificatePrefix,
		const PublicKey &	publickey,
		const Name &	signerCertificateName,
		const MillisecondsSince1970 &	notBefore,
		const MillisecondsSince1970 &	notAfter
	)

Create an identity certificate for a public key supplied by the caller.

Parameters

certificatePrefix	The name of public key to be signed.
publickey	The public key to be signed.
signerCertificateName	The name of signing certificate.
notBefore	The notBefore value in the validity field of the generated certificate.
notAfter	The notAfter vallue in validity field of the generated certificate.

Returns: The generated identity certificate.

void ndn::IdentityManager::deleteIdentity ( const Name & identityName )

Delete the identity from the public and private key storage.

If the identity to be deleted is the current default system default, this will not delete the identity and will return immediately.

Parameters

identityName The name of the identity.

Name ndn::IdentityManager::generateEcdsaKeyPair	(	const Name &	identityName,
		bool	isKsk = `false`,
		int	keySize = `256`
	)

Generate a pair of ECDSA keys for the specified identity.

Parameters

identityName	The name of the identity.
isKsk	(optional) true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). If omitted, generate a Data-Signing-Key.
keySize	(optional) The size of the key. If omitted, use a default secure key size.

Returns: The generated key name.

Name ndn::IdentityManager::generateEcdsaKeyPairAsDefault	(	const Name &	identityName,
		bool	isKsk = `false`,
		int	keySize = `256`
	)

Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity.

Parameters

identityName	The name of the identity.
isKsk	(optional) true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). If omitted, generate a Data-Signing-Key.
keySize	(optional) The size of the key. If omitted, use a default secure key size.

Returns: The generated key name.

Name ndn::IdentityManager::generateRSAKeyPair	(	const Name &	identityName,
		bool	isKsk = `false`,
		int	keySize = `2048`
	)

Generate a pair of RSA keys for the specified identity.

Parameters

identityName	The name of the identity.
isKsk	(optional) true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). If omitted, generate a Data-Signing-Key.
keySize	(optional) The size of the key. If omitted, use a default secure key size.

Returns: The generated key name.

Name ndn::IdentityManager::generateRSAKeyPairAsDefault	(	const Name &	identityName,
		bool	isKsk = `false`,
		int	keySize = `2048`
	)

Generate a pair of RSA keys for the specified identity and set it as default key for the identity.

Parameters

identityName	The name of the identity.
isKsk	(optional) true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). If omitted, generate a Data-Signing-Key.
keySize	(optional) The size of the key. If omitted, use a default secure key size.

Returns: The generated key name.

void ndn::IdentityManager::getAllCertificateNamesOfKey	(	const Name &	keyName,
		std::vector< Name > &	nameList,
		bool	isDefault
	)

inline

Append all the certificate names of a particular key name to the nameList.

Parameters

keyName	The key name to search for.
nameList	Append result names to nameList.
isDefault	If true, add only the default certificate name. If false, add only the non-default certificate names.

void ndn::IdentityManager::getAllIdentities	(	std::vector< Name > &	nameList,
		bool	isDefault
	)

inline

Append all the identity names to the nameList.

Parameters

nameList	Append result names to nameList.
isDefault	If true, add only the default key name. If false, add only the non-default key names.

void ndn::IdentityManager::getAllKeyNamesOfIdentity	(	const Name &	identityName,
		std::vector< Name > &	nameList,
		bool	isDefault
	)

inline

Append all the key names of a particular identity to the nameList.

Parameters

identityName	The identity name to search for.
nameList	Append result names to nameList.
isDefault	If true, add only the default key name. If false, add only the non-default key names.

ptr_lib::shared_ptr<IdentityCertificate> ndn::IdentityManager::getCertificate ( const Name & certificateName )

inline

Get a certificate with the specified name.

Parameters

certificateName The name of the requested certificate.

Returns: the requested certificate.

ptr_lib::shared_ptr<IdentityCertificate> ndn::IdentityManager::getDefaultCertificate ( )

inline

Get the certificate of the default identity.

Returns: The requested certificate. If not found, return a shared_ptr with a null pointer.

Name ndn::IdentityManager::getDefaultCertificateName ( )

inline

Get the default certificate name of the default identity, which will be used when signing is based on identity and the identity is not specified.

Returns: The requested certificate name.

Exceptions

SecurityException if the default identity is not set or the default key name for the identity is not set or the default certificate name for the key name is not set.

Name ndn::IdentityManager::getDefaultCertificateNameForIdentity ( const Name & identityName )

inline

Get the default certificate name for the specified identity, which will be used when signing is performed based on identity.

Parameters

identityName The name of the specified identity.

Returns: The requested certificate name.

Exceptions

SecurityException if the default key name for the identity is not set or the default certificate name for the key name is not set.

Name ndn::IdentityManager::getDefaultIdentity ( )

inline

Get the default identity.

Returns: The name of default identity.

Exceptions

SecurityException if the default identity is not set.

Name ndn::IdentityManager::getDefaultKeyNameForIdentity ( const Name & identityName )

inline

Get the default key for an identity.

Parameters

identityName The name of the identity.

Returns: The default key name.

Exceptions

SecurityException if the default key name for the identity is not set.

ptr_lib::shared_ptr<PublicKey> ndn::IdentityManager::getPublicKey ( const Name & keyName )

inline

Get the public key with the specified name.

Parameters

keyName The name of the key.

Returns: The public key.

ptr_lib::shared_ptr<IdentityCertificate> ndn::IdentityManager::prepareUnsignedIdentityCertificate	(	const Name &	keyName,
		const Name &	signingIdentity,
		MillisecondsSince1970	notBefore,
		MillisecondsSince1970	notAfter,
		std::vector< CertificateSubjectDescription > &	subjectDescription,
		const Name *	certPrefix = `0`
	)

Use the keyName to get the public key from the identity storage and prepare an unsigned identity certificate.

Parameters

keyName	The key name, e.g., `/<identity_name>/ksk-123456`.
signingIdentity	The signing identity.
notBefore	See IdentityCertificate.
notAfter	See IdentityCertificate.
subjectDescription	A list of CertificateSubjectDescription. See IdentityCertificate. If empty, this adds a an ATTRIBUTE_NAME based on the keyName.
certPrefix	(optional) The prefix before the `KEY` component. If 0, this infers the certificate name according to the relation between the signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-...`).

Returns: The unsigned IdentityCertificate, or a null shared_ptr if the inputs are invalid.

ptr_lib::shared_ptr<IdentityCertificate> ndn::IdentityManager::prepareUnsignedIdentityCertificate	(	const Name &	keyName,
		const PublicKey &	publicKey,
		const Name &	signingIdentity,
		MillisecondsSince1970	notBefore,
		MillisecondsSince1970	notAfter,
		std::vector< CertificateSubjectDescription > &	subjectDescription,
		const Name *	certPrefix = `0`
	)

Prepare an unsigned identity certificate.

Parameters

keyName	The key name, e.g., `/<identity_name>/ksk-123456`.
publicKey	The public key to sign.
signingIdentity	The signing identity.
notBefore	See IdentityCertificate.
notAfter	See IdentityCertificate.
subjectDescription	A list of CertificateSubjectDescription. See IdentityCertificate. If empty, this adds a an ATTRIBUTE_NAME based on the keyName.
certPrefix	(optional) The prefix before the `KEY` component. If 0, this infers the certificate name according to the relation between the signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-...`).

Returns: The unsigned IdentityCertificate, or a null shared_ptr if the inputs are invalid.

ptr_lib::shared_ptr< IdentityCertificate > ndn::IdentityManager::selfSign ( const Name & keyName )

Generate a self-signed certificate for a public key.

Parameters

keyName The name of the public key.

Returns: The generated certificate.

void ndn::IdentityManager::setDefaultCertificateForKey ( const IdentityCertificate & certificate )

Set the certificate as the default for its corresponding key.

Parameters

certificate The certificate.

void ndn::IdentityManager::setDefaultIdentity ( const Name & identityName )

inline

Set the default identity.

If the identityName does not exist, then clear the default identity so that getDefaultIdentity() throws an exception.

Parameters

identityName The default identity name.

void ndn::IdentityManager::setDefaultKeyForIdentity	(	const Name &	keyName,
		const Name &	identityNameCheck = `Name()`
	)

inline

Set a key as the default key of an identity.

The identity name is inferred from keyName.

Parameters

keyName	The name of the key.
identityNameCheck	(optional) The identity name to check that the keyName contains the same identity name. If an empty name, it is ignored.

ptr_lib::shared_ptr< Signature > ndn::IdentityManager::signByCertificate	(	const uint8_t *	buffer,
		size_t	bufferLength,
		const Name &	certificateName
	)

Sign the byte array data based on the certificate name.

Parameters

buffer	The byte array to be signed.
bufferLength	the length of buffer.
certificateName	The signing certificate name.

Returns: The generated signature.

ptr_lib::shared_ptr<Signature> ndn::IdentityManager::signByCertificate	(	const std::vector< uint8_t > &	buffer,
		const Name &	certificateName
	)

inline

Sign the byte array data based on the certificate name.

Parameters

buffer	The byte array to be signed.
certificateName	The signing certificate name.

Returns: The generated signature.

void ndn::IdentityManager::signByCertificate	(	Data &	data,
		const Name &	certificateName,
		WireFormat &	wireFormat = `*WireFormat::getDefaultWireFormat()`
	)

Sign data packet based on the certificate name.

Parameters

data	The Data object to sign and update its signature.
certificateName	The Name identifying the certificate which identifies the signing key.
wireFormat	The WireFormat for calling encodeData, or WireFormat::getDefaultWireFormat() if omitted.

void ndn::IdentityManager::signInterestByCertificate	(	Interest &	interest,
		const Name &	certificateName,
		WireFormat &	wireFormat = `*WireFormat::getDefaultWireFormat()`
	)

Append a SignatureInfo to the Interest name, sign the name components and append a final name component with the signature bits.

Parameters

interest	The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.
certificateName	The certificate name of the key to use for signing.
wireFormat	(optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().

void ndn::IdentityManager::signInterestWithSha256	(	Interest &	interest,
		WireFormat &	wireFormat = `*WireFormat::getDefaultWireFormat()`
	)

Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and append a final name component with the signature bits (which is the digest).

Parameters

interest	The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.
wireFormat	(optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().

void ndn::IdentityManager::signWithSha256	(	Data &	data,
		WireFormat &	wireFormat = `*WireFormat::getDefaultWireFormat()`
	)

Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.

Parameters

data	The Data object to be signed. This updates its signature and wireEncoding.
wireFormat	(optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().

The documentation for this class was generated from the following files:

include/ndn-cpp/security/identity/identity-manager.hpp
src/security/identity/identity-manager.cpp

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation