key-chain.hpp
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
23 #ifndef NDN_KEY_CHAIN_HPP
24 #define NDN_KEY_CHAIN_HPP
25 
26 #include "../data.hpp"
27 #include "../interest.hpp"
28 #include "../face.hpp"
29 #include "identity/identity-manager.hpp"
30 #include "policy/validation-request.hpp"
31 #include "key-params.hpp"
32 
33 namespace ndn {
34 
35 class PolicyManager;
36 
45 class KeyChain {
46 public:
52  KeyChain
53  (const ptr_lib::shared_ptr<IdentityManager>& identityManager,
54  const ptr_lib::shared_ptr<PolicyManager>& policyManager);
55 
61  KeyChain(const ptr_lib::shared_ptr<IdentityManager>& identityManager);
62 
67  KeyChain();
68 
69  /*****************************************
70  * Identity Management *
71  *****************************************/
72 
82  Name
83  createIdentityAndCertificate
84  (const Name& identityName, const KeyParams& params = DEFAULT_KEY_PARAMS)
85  {
86  return identityManager_->createIdentityAndCertificate(identityName, params);
87  }
88 
102  Name
103  DEPRECATED_IN_NDN_CPP createIdentity
104  (const Name& identityName, const KeyParams& params = DEFAULT_KEY_PARAMS)
105  {
106  return IdentityCertificate::certificateNameToPublicKeyName
107  (createIdentityAndCertificate(identityName, params));
108  }
109 
116  void
117  deleteIdentity(const Name& identityName)
118  {
119  identityManager_->deleteIdentity(identityName);
120  }
121 
127  Name
128  getDefaultIdentity()
129  {
130  return identityManager_->getDefaultIdentity();
131  }
132 
140  Name
141  getDefaultCertificateName()
142  {
143  return identityManager_->getDefaultCertificateName();
144  }
145 
155  Name
156  generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048)
157  {
158  return identityManager_->generateRSAKeyPair(identityName, isKsk, keySize);
159  }
160 
170  Name
171  generateEcdsaKeyPair(const Name& identityName, bool isKsk = false, int keySize = 256)
172  {
173  return identityManager_->generateEcdsaKeyPair(identityName, isKsk, keySize);
174  }
175 
183  void
184  setDefaultKeyForIdentity(const Name& keyName, const Name& identityNameCheck = Name())
185  {
186  return identityManager_->setDefaultKeyForIdentity(keyName, identityNameCheck);
187  }
188 
198  Name
199  generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048)
200  {
201  return identityManager_->generateRSAKeyPairAsDefault(identityName, isKsk, keySize);
202  }
203 
213  Name
214  generateEcdsaKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 256)
215  {
216  return identityManager_->generateEcdsaKeyPairAsDefault(identityName, isKsk, keySize);
217  }
218 
224  Blob
225  createSigningRequest(const Name& keyName)
226  {
227  return identityManager_->getPublicKey(keyName)->getKeyDer();
228  }
229 
234  void
235  installIdentityCertificate(const IdentityCertificate& certificate)
236  {
237  identityManager_->addCertificate(certificate);
238  }
239 
244  void
245  setDefaultCertificateForKey(const IdentityCertificate& certificate)
246  {
247  identityManager_->setDefaultCertificateForKey(certificate);
248  }
249 
255  ptr_lib::shared_ptr<IdentityCertificate>
256  getCertificate(const Name& certificateName)
257  {
258  return identityManager_->getCertificate(certificateName);
259  }
260 
264  ptr_lib::shared_ptr<IdentityCertificate>
265  DEPRECATED_IN_NDN_CPP getIdentityCertificate(const Name& certificateName)
266  {
267  return identityManager_->getCertificate(certificateName);
268  }
269 
274  void
275  revokeKey(const Name & keyName)
276  {
277  //TODO: Implement
278  }
279 
284  void
285  revokeCertificate(const Name & certificateName)
286  {
287  //TODO: Implement
288  }
289 
294  const ptr_lib::shared_ptr<IdentityManager>&
295  getIdentityManager() { return identityManager_; }
296 
297  /*****************************************
298  * Policy Management *
299  *****************************************/
300 
305  const ptr_lib::shared_ptr<PolicyManager>&
306  getPolicyManager() { return policyManager_; }
307 
308  /*****************************************
309  * Sign/Verify *
310  *****************************************/
311 
318  void
319  sign(Data& data, const Name& certificateName,
320  WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
321  {
322  identityManager_->signByCertificate(data, certificateName, wireFormat);
323  }
324 
333  void
334  sign(Data& data, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
335  {
336  identityManager_->signByCertificate
337  (data, prepareDefaultCertificateName(), wireFormat);
338  }
339 
349  void
350  sign
351  (Interest& interest, const Name& certificateName,
352  WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
353  {
354  identityManager_->signInterestByCertificate
355  (interest, certificateName, wireFormat);
356  }
357 
367  void
368  sign
369  (Interest& interest,
370  WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
371  {
372  identityManager_->signInterestByCertificate
373  (interest, prepareDefaultCertificateName(), wireFormat);
374  }
375 
383  ptr_lib::shared_ptr<Signature>
384  sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
385  {
386  return identityManager_->signByCertificate
387  (buffer, bufferLength, certificateName);
388  }
389 
396  ptr_lib::shared_ptr<Signature>
397  sign(const std::vector<uint8_t>& buffer, const Name& certificateName)
398  {
399  return sign(&buffer[0], buffer.size(), certificateName);
400  }
401 
408  void
409  signByIdentity(Data& data, const Name& identityName = Name(), WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
410 
418  ptr_lib::shared_ptr<Signature>
419  signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
420 
427  ptr_lib::shared_ptr<Signature>
428  signByIdentity(const std::vector<uint8_t>& buffer, const Name& identityName)
429  {
430  return signByIdentity(&buffer[0], buffer.size(), identityName);
431  }
432 
441  void
442  signWithSha256
443  (Data& data, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
444  {
445  identityManager_->signWithSha256(data, wireFormat);
446  }
447 
457  void
458  signWithSha256
459  (Interest& interest, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat())
460  {
461  identityManager_->signInterestWithSha256(interest, wireFormat);
462  }
463 
477  void
478  verifyData
479  (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
480 
495  void
496  verifyInterest
497  (const ptr_lib::shared_ptr<Interest>& interest,
498  const OnVerifiedInterest& onVerified,
499  const OnVerifyInterestFailed& onVerifyFailed, int stepCount = 0,
500  WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
501 
506  void
507  setFace(Face* face) { face_ = face; }
508 
519  static void
520  signWithHmacWithSha256
521  (Data& data, const Blob& key,
522  WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
523 
534  static bool
535  verifyDataWithHmacWithSha256
536  (const Data& data, const Blob& key,
537  WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
538 
539  static const RsaKeyParams DEFAULT_KEY_PARAMS;
540 
541 private:
542  void
543  onCertificateData
544  (const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
545 
546  void
547  onCertificateInterestTimeout
548  (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed,
549  const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
550 
555  void
556  onCertificateInterestTimeoutForVerifyInterest
557  (const ptr_lib::shared_ptr<const Interest> &interest, int retry,
558  const OnVerifyInterestFailed& onVerifyFailed,
559  const ptr_lib::shared_ptr<Interest>& originalInterest,
560  ptr_lib::shared_ptr<ValidationRequest> nextStep);
561 
567  Name
568  prepareDefaultCertificateName();
569 
574  void
575  setDefaultCertificate();
576 
577  ptr_lib::shared_ptr<IdentityManager> identityManager_;
578  ptr_lib::shared_ptr<PolicyManager> policyManager_;
579  Face* face_;
580 };
581 
582 }
583 
584 #endif
ndn::KeyChain::revokeKey
void revokeKey(const Name &keyName)
Revoke a key.
Definition: key-chain.hpp:275
ndn::KeyChain::getPolicyManager
const ptr_lib::shared_ptr< PolicyManager > & getPolicyManager()
Get the policy manager given to or created by the constructor.
Definition: key-chain.hpp:306
ndn::OnVerifyInterestFailed
func_lib::function< void(const ptr_lib::shared_ptr< Interest > &interest)> OnVerifyInterestFailed
An OnVerifyInterestFailed function object is used to pass a callback to verifyInterest to report a fa...
Definition: validation-request.hpp:52
ndn
Copyright (C) 2013-2016 Regents of the University of California.
Definition: common.hpp:35
ndn::OnVerifiedInterest
func_lib::function< void(const ptr_lib::shared_ptr< Interest > &interest)> OnVerifiedInterest
An OnVerifiedInterest function object is used to pass a callback to verifyInterest to report a succes...
Definition: validation-request.hpp:45
ndn::KeyChain::getDefaultIdentity
Name getDefaultIdentity()
Get the default identity.
Definition: key-chain.hpp:128
ndn::KeyChain::verifyDataWithHmacWithSha256
static bool verifyDataWithHmacWithSha256(const Data &data, const Blob &key, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Compute a new HmacWithSha256 for the data packet and verify it against the signature value...
ndn::KeyChain::verifyData
void verifyData(const ptr_lib::shared_ptr< Data > &data, const OnVerified &onVerified, const OnVerifyFailed &onVerifyFailed, int stepCount=0)
Check the signature on the Data object and call either onVerify or onVerifyFailed.
Definition: key-chain.cpp:100
ndn::KeyChain::installIdentityCertificate
void installIdentityCertificate(const IdentityCertificate &certificate)
Install an identity certificate into the public key identity storage.
Definition: key-chain.hpp:235
ndn::KeyChain::signWithSha256
void signWithSha256(Data &data, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.
Definition: key-chain.hpp:443
ndn::Data
Definition: data.hpp:37
ndn::RsaKeyParams
Definition: key-params.hpp:58
ndn::Face
The Face class provides the main methods for NDN communication.
Definition: face.hpp:86
ndn::IdentityCertificate
Definition: identity-certificate.hpp:30
ndn::KeyChain::sign
ptr_lib::shared_ptr< Signature > sign(const std::vector< uint8_t > &buffer, const Name &certificateName)
Sign the byte array using a certificate name and return a Signature object.
Definition: key-chain.hpp:397
ndn::KeyChain::createIdentityAndCertificate
Name createIdentityAndCertificate(const Name &identityName, const KeyParams &params=DEFAULT_KEY_PARAMS)
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed ce...
Definition: key-chain.hpp:84
ndn::KeyChain::signWithHmacWithSha256
static void signWithHmacWithSha256(Data &data, const Blob &key, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, compute an HmacWithSha256 and update the signature value.
ndn::KeyChain::signByIdentity
void signByIdentity(Data &data, const Name &identityName=Name(), WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, sign it and set its signature.
Definition: key-chain.cpp:64
ndn::KeyChain::generateEcdsaKeyPairAsDefault
Name generateEcdsaKeyPairAsDefault(const Name &identityName, bool isKsk=false, int keySize=256)
Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity...
Definition: key-chain.hpp:214
ndn::OnVerified
func_lib::function< void(const ptr_lib::shared_ptr< Data > &data)> OnVerified
An OnVerified function object is used to pass a callback to verifyData to report a successful verific...
Definition: validation-request.hpp:33
ndn::KeyChain::generateRSAKeyPairAsDefault
Name generateRSAKeyPairAsDefault(const Name &identityName, bool isKsk=false, int keySize=2048)
Generate a pair of RSA keys for the specified identity and set it as default key for the identity...
Definition: key-chain.hpp:199
ndn::KeyChain::setFace
void setFace(Face *face)
Set the Face which will be used to fetch required certificates.
Definition: key-chain.hpp:507
ndn::KeyChain::signByIdentity
ptr_lib::shared_ptr< Signature > signByIdentity(const std::vector< uint8_t > &buffer, const Name &identityName)
Sign the byte array using an identity name and return a Signature object.
Definition: key-chain.hpp:428
ndn::KeyChain::getCertificate
ptr_lib::shared_ptr< IdentityCertificate > getCertificate(const Name &certificateName)
Get a certificate with the specified name.
Definition: key-chain.hpp:256
ndn::IdentityCertificate::certificateNameToPublicKeyName
static Name certificateNameToPublicKeyName(const Name &certificateName)
Get the public key name from the full certificate name.
Definition: identity-certificate.cpp:101
ndn::KeyChain::getIdentityCertificate
ptr_lib::shared_ptr< IdentityCertificate > DEPRECATED_IN_NDN_CPP getIdentityCertificate(const Name &certificateName)
Definition: key-chain.hpp:265
ndn::KeyChain::sign
void sign(Data &data, const Name &certificateName, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, sign it and set its signature.
Definition: key-chain.hpp:319
ndn::KeyChain
KeyChain is the main class of the security library.
Definition: key-chain.hpp:45
ndn::Name
A Name holds an array of Name::Component and represents an NDN name.
Definition: name.hpp:40
ndn::KeyChain::deleteIdentity
void deleteIdentity(const Name &identityName)
Delete the identity from the public and private key storage.
Definition: key-chain.hpp:117
ndn::KeyChain::verifyInterest
void verifyInterest(const ptr_lib::shared_ptr< Interest > &interest, const OnVerifiedInterest &onVerified, const OnVerifyInterestFailed &onVerifyFailed, int stepCount=0, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Check the signature on the signed interest and call either onVerify or onVerifyFailed.
Definition: key-chain.cpp:135
ndn::KeyChain::sign
ptr_lib::shared_ptr< Signature > sign(const uint8_t *buffer, size_t bufferLength, const Name &certificateName)
Sign the byte array using a certificate name and return a Signature object.
Definition: key-chain.hpp:384
ndn::KeyChain::createSigningRequest
Blob createSigningRequest(const Name &keyName)
Create a public key signing request.
Definition: key-chain.hpp:225
ndn::Blob
A Blob holds a pointer to an immutable byte array implemented as const std::vector.
Definition: blob.hpp:42
ndn::Interest
An Interest holds a Name and other fields for an interest.
Definition: interest.hpp:41
ndn::KeyChain::sign
void sign(Data &data, WireFormat &wireFormat=*WireFormat::getDefaultWireFormat())
Wire encode the Data object, sign it with the default identity and set its signature.
Definition: key-chain.hpp:334
ndn::KeyChain::setDefaultKeyForIdentity
void setDefaultKeyForIdentity(const Name &keyName, const Name &identityNameCheck=Name())
Set a key as the default key of an identity.
Definition: key-chain.hpp:184
ndn::KeyChain::KeyChain
KeyChain()
Create a new KeyChain with the the default IdentityManager and a NoVerifyPolicyManager.
Definition: key-chain.cpp:56
ndn::KeyChain::setDefaultCertificateForKey
void setDefaultCertificateForKey(const IdentityCertificate &certificate)
Set the certificate as the default for its corresponding key.
Definition: key-chain.hpp:245
ndn::KeyChain::createIdentity
Name DEPRECATED_IN_NDN_CPP createIdentity(const Name &identityName, const KeyParams &params=DEFAULT_KEY_PARAMS)
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed ce...
Definition: key-chain.hpp:104
ndn::KeyParams
KeyParams is a base class for key parameters.
Definition: key-params.hpp:34
ndn::KeyChain::generateEcdsaKeyPair
Name generateEcdsaKeyPair(const Name &identityName, bool isKsk=false, int keySize=256)
Generate a pair of ECDSA keys for the specified identity.
Definition: key-chain.hpp:171
ndn::OnVerifyFailed
func_lib::function< void(const ptr_lib::shared_ptr< Data > &data)> OnVerifyFailed
An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verific...
Definition: validation-request.hpp:38
ndn::WireFormat::getDefaultWireFormat
static WireFormat * getDefaultWireFormat()
Return the default WireFormat used by default encoding and decoding methods which was set with setDef...
Definition: wire-format.cpp:34
ndn::KeyChain::generateRSAKeyPair
Name generateRSAKeyPair(const Name &identityName, bool isKsk=false, int keySize=2048)
Generate a pair of RSA keys for the specified identity.
Definition: key-chain.hpp:156
ndn::KeyChain::getDefaultCertificateName
Name getDefaultCertificateName()
Get the default certificate name of the default identity.
Definition: key-chain.hpp:141
ndn::KeyChain::getIdentityManager
const ptr_lib::shared_ptr< IdentityManager > & getIdentityManager()
Get the identity manager given to or created by the constructor.
Definition: key-chain.hpp:295
ndn::WireFormat
Definition: wire-format.hpp:39
ndn::KeyChain::revokeCertificate
void revokeCertificate(const Name &certificateName)
Revoke a certificate.
Definition: key-chain.hpp:285
Generated on Fri May 13 2016 15:36:52 by   doxygen 1.8.9.1