Adding direct trust mechanism in invitation, if two are already each other's trusted contacts, then they can talk to each other without fetching keys
diff --git a/src/chatdialog.cpp b/src/chatdialog.cpp
index 9ecd2a3..f88f972 100644
--- a/src/chatdialog.cpp
+++ b/src/chatdialog.cpp
@@ -918,6 +918,7 @@
#endif
}
_LOG_DEBUG("now the prefix is " << m_localPrefix.toUri());
+ _LOG_DEBUG("in use prefix is " << m_user.getOriginPrefix().toStdString());
QString originPrefix = QString::fromStdString(m_newLocalPrefix.toUri());
if (originPrefix != "" && m_user.getOriginPrefix () != originPrefix)
diff --git a/src/contactpanel.cpp b/src/contactpanel.cpp
index a2a554c..8e7de21 100644
--- a/src/contactpanel.cpp
+++ b/src/contactpanel.cpp
@@ -303,6 +303,17 @@
return;
}
+ Ptr<security::Publickey> keyPtr = m_panelPolicyManager->getTrustedKey(invitation->getInviterCertificateName());
+ if(NULL != keyPtr && security::PolicyManager::verifySignature(invitation->getSignedBlob(), invitation->getSignatureBits(), *keyPtr))
+ {
+ Ptr<security::IdentityCertificate> certificate = Ptr<security::IdentityCertificate>::Create();
+ // hack: incomplete certificate, we don't send it to the wire nor store it anywhere
+ certificate->setName(invitation->getInviterCertificateName());
+ certificate->setPublicKeyInfo(*keyPtr);
+ popChatInvitation(invitation, invitation->getInviterNameSpace(), certificate);
+ return;
+ }
+
Ptr<Interest> newInterest = Ptr<Interest>(new Interest(invitation->getInviterCertificateName()));
Ptr<Closure> closure = Ptr<Closure>(new Closure(boost::bind(&ContactPanel::onInvitationCertVerified,
this,
diff --git a/src/panel-policy-manager.cpp b/src/panel-policy-manager.cpp
index 679a3c9..ecb03b1 100644
--- a/src/panel-policy-manager.cpp
+++ b/src/panel-policy-manager.cpp
@@ -106,7 +106,7 @@
map<Name, Publickey>::iterator it = m_trustAnchors.find(keyName);
if(m_trustAnchors.end() != it)
{
- _LOG_DEBUG("found key!");
+ // _LOG_DEBUG("found key!");
Ptr<IdentityCertificate> identityCertificate = Ptr<IdentityCertificate>(new IdentityCertificate(*data));
if(it->second.getKeyBlob() == identityCertificate->getPublicKeyInfo().getKeyBlob())
{
@@ -179,3 +179,15 @@
// _LOG_DEBUG("Add Anchor: " << selfEndorseCertificate.getPublicKeyName().toUri());
m_trustAnchors.insert(pair <Name, Publickey > (selfEndorseCertificate.getPublicKeyName(), selfEndorseCertificate.getPublicKeyInfo()));
}
+
+Ptr<Publickey>
+PanelPolicyManager::getTrustedKey(const ndn::Name& inviterCertName)
+{
+ Name keyLocatorName = inviterCertName.getPrefix(inviterCertName.size()-1);
+ m_keyNameRegex->match(keyLocatorName);
+ Name keyName = m_keyNameRegex->expand();
+
+ if(m_trustAnchors.end() != m_trustAnchors.find(keyName))
+ return Ptr<Publickey>(new Publickey(m_trustAnchors[keyName]));
+ return NULL;
+}
diff --git a/src/panel-policy-manager.h b/src/panel-policy-manager.h
index 640c184..b28c90a 100644
--- a/src/panel-policy-manager.h
+++ b/src/panel-policy-manager.h
@@ -91,6 +91,9 @@
// ndn::Ptr<ndn::Data> originalData,
// const ndn::UnverifiedCallback& unverifiedCallback);
+ ndn::Ptr<ndn::security::Publickey>
+ getTrustedKey(const ndn::Name& inviterCertName);
+
private:
int m_stepLimit;
ndn::Ptr<ndn::security::CertificateCache> m_certificateCache;