Yingdi Yu | 9236c43 | 2013-10-18 11:29:25 -0700 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /* |
| 3 | * Copyright (c) 2013, Regents of the University of California |
| 4 | * Yingdi Yu |
| 5 | * |
| 6 | * BSD license, See the LICENSE file for more information |
| 7 | * |
| 8 | * Author: Yingdi Yu <yingdi@cs.ucla.edu> |
| 9 | */ |
| 10 | |
| 11 | #include "contact-manager.h" |
| 12 | |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 13 | #ifndef Q_MOC_RUN |
Yingdi Yu | 9236c43 | 2013-10-18 11:29:25 -0700 | [diff] [blame] | 14 | #include <ndn.cxx/wrapper/wrapper.h> |
| 15 | #include <ndn.cxx/security/keychain.h> |
| 16 | #include <ndn.cxx/security/identity/basic-identity-storage.h> |
| 17 | #include <ndn.cxx/security/identity/osx-privatekey-storage.h> |
| 18 | #include <ndn.cxx/security/policy/simple-policy-manager.h> |
| 19 | #include <ndn.cxx/security/policy/identity-policy-rule.h> |
| 20 | #include <ndn.cxx/security/cache/ttl-certificate-cache.h> |
| 21 | #include <ndn.cxx/security/encryption/basic-encryption-manager.h> |
Yingdi Yu | b2e747d | 2013-11-05 23:06:43 -0800 | [diff] [blame] | 22 | #include <ndn.cxx/helpers/der/der.h> |
Yingdi Yu | 9236c43 | 2013-10-18 11:29:25 -0700 | [diff] [blame] | 23 | #include <fstream> |
Yingdi Yu | ec3d9a3 | 2013-10-18 18:35:09 -0700 | [diff] [blame] | 24 | #include "logging.h" |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 25 | #endif |
Yingdi Yu | 9236c43 | 2013-10-18 11:29:25 -0700 | [diff] [blame] | 26 | |
| 27 | using namespace ndn; |
| 28 | using namespace ndn::security; |
| 29 | |
Yingdi Yu | ec3d9a3 | 2013-10-18 18:35:09 -0700 | [diff] [blame] | 30 | INIT_LOGGER("ContactManager"); |
| 31 | |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 32 | ContactManager::ContactManager(Ptr<ContactStorage> contactStorage, |
Yingdi Yu | ec3d9a3 | 2013-10-18 18:35:09 -0700 | [diff] [blame] | 33 | Ptr<DnsStorage> dnsStorage, |
| 34 | QObject* parent) |
| 35 | : QObject(parent) |
| 36 | , m_contactStorage(contactStorage) |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 37 | , m_dnsStorage(dnsStorage) |
Yingdi Yu | 9236c43 | 2013-10-18 11:29:25 -0700 | [diff] [blame] | 38 | { |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 39 | setKeychain(); |
| 40 | |
| 41 | m_wrapper = Ptr<Wrapper>(new Wrapper(m_keychain)); |
Yingdi Yu | 9236c43 | 2013-10-18 11:29:25 -0700 | [diff] [blame] | 42 | } |
| 43 | |
| 44 | ContactManager::~ContactManager() |
| 45 | { |
| 46 | } |
| 47 | |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 48 | void |
Yingdi Yu | 9236c43 | 2013-10-18 11:29:25 -0700 | [diff] [blame] | 49 | ContactManager::setKeychain() |
| 50 | { |
| 51 | Ptr<OSXPrivatekeyStorage> privateStorage = Ptr<OSXPrivatekeyStorage>::Create(); |
| 52 | Ptr<IdentityManager> identityManager = Ptr<IdentityManager>(new IdentityManager(Ptr<BasicIdentityStorage>::Create(), privateStorage)); |
| 53 | Ptr<TTLCertificateCache> certificateCache = Ptr<TTLCertificateCache>(new TTLCertificateCache()); |
| 54 | Ptr<SimplePolicyManager> policyManager = Ptr<SimplePolicyManager>(new SimplePolicyManager(10, certificateCache)); |
| 55 | Ptr<EncryptionManager> encryptionManager = Ptr<EncryptionManager>(new BasicEncryptionManager(privateStorage, "/tmp/encryption.db")); |
| 56 | Ptr<Keychain> keychain = Ptr<Keychain>(new Keychain(identityManager, policyManager, encryptionManager)); |
| 57 | |
Yingdi Yu | b2e747d | 2013-11-05 23:06:43 -0800 | [diff] [blame] | 58 | policyManager->addVerificationPolicyRule(Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<DNS>]*)<DNS><ENDORSED>", |
| 59 | "^([^<KEY>]*)<KEY>(<>*)[<ksk-.*><dsk-.*>]<ID-CERT>$", |
| 60 | "==", "\\1", "\\1\\2", true))); |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 61 | policyManager->addVerificationPolicyRule(Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<DNS>]*)<DNS><PROFILE>", |
Yingdi Yu | 9b34b1f | 2013-11-01 17:37:51 -0700 | [diff] [blame] | 62 | "^([^<KEY>]*)<KEY>(<>*)[<ksk-.*><dsk-.*>]<ID-CERT>$", |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 63 | "==", "\\1", "\\1\\2", true))); |
Yingdi Yu | 9236c43 | 2013-10-18 11:29:25 -0700 | [diff] [blame] | 64 | policyManager->addVerificationPolicyRule(Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<PROFILE-CERT>]*)<PROFILE-CERT>", |
Yingdi Yu | 9b34b1f | 2013-11-01 17:37:51 -0700 | [diff] [blame] | 65 | "^([^<KEY>]*)<KEY>(<>*<ksk-.*>)<ID-CERT>$", |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 66 | "==", "\\1", "\\1\\2", true))); |
Yingdi Yu | 7989eb2 | 2013-10-31 17:38:22 -0700 | [diff] [blame] | 67 | policyManager->addVerificationPolicyRule(Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>", |
Yingdi Yu | 9b34b1f | 2013-11-01 17:37:51 -0700 | [diff] [blame] | 68 | "^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>$", |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 69 | ">", "\\1\\2", "\\1", true))); |
Yingdi Yu | 7989eb2 | 2013-10-31 17:38:22 -0700 | [diff] [blame] | 70 | policyManager->addVerificationPolicyRule(Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>", |
Yingdi Yu | 9b34b1f | 2013-11-01 17:37:51 -0700 | [diff] [blame] | 71 | "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>$", |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 72 | "==", "\\1", "\\1\\2", true))); |
| 73 | |
| 74 | policyManager->addSigningPolicyRule(Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<DNS>]*)<DNS><PROFILE>", |
| 75 | "^([^<KEY>]*)<KEY>(<>*)<><ID-CERT>", |
| 76 | "==", "\\1", "\\1\\2", true))); |
Yingdi Yu | 9236c43 | 2013-10-18 11:29:25 -0700 | [diff] [blame] | 77 | |
| 78 | ifstream is ("trust-anchor.data", ios::binary); |
| 79 | is.seekg (0, ios::end); |
| 80 | ifstream::pos_type size = is.tellg(); |
| 81 | char * memblock = new char [size]; |
| 82 | is.seekg (0, ios::beg); |
| 83 | is.read (memblock, size); |
| 84 | is.close(); |
| 85 | |
| 86 | Ptr<Blob> readBlob = Ptr<Blob>(new Blob(memblock, size)); |
| 87 | Ptr<Data> readData = Data::decodeFromWire (readBlob); |
| 88 | Ptr<IdentityCertificate> anchor = Ptr<IdentityCertificate>(new IdentityCertificate(*readData)); |
| 89 | policyManager->addTrustAnchor(anchor); |
| 90 | |
| 91 | delete memblock; |
| 92 | |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 93 | m_keychain = keychain; |
Yingdi Yu | 9236c43 | 2013-10-18 11:29:25 -0700 | [diff] [blame] | 94 | } |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 95 | |
| 96 | |
| 97 | void |
| 98 | ContactManager::fetchSelfEndorseCertificate(const ndn::Name& identity) |
| 99 | { |
| 100 | Name interestName = identity; |
| 101 | interestName.append("DNS").append("PROFILE"); |
| 102 | |
| 103 | Ptr<Interest> interestPtr = Ptr<Interest>(new Interest(interestName)); |
Yingdi Yu | 7989eb2 | 2013-10-31 17:38:22 -0700 | [diff] [blame] | 104 | interestPtr->setChildSelector(Interest::CHILD_RIGHT); |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 105 | Ptr<Closure> closure = Ptr<Closure> (new Closure(boost::bind(&ContactManager::onDnsSelfEndorseCertificateVerified, |
| 106 | this, |
| 107 | _1, |
| 108 | identity), |
| 109 | boost::bind(&ContactManager::onDnsSelfEndorseCertificateTimeout, |
| 110 | this, |
| 111 | _1, |
| 112 | _2, |
| 113 | identity, |
| 114 | 0), |
| 115 | boost::bind(&ContactManager::onDnsSelfEndorseCertificateUnverified, |
| 116 | this, |
| 117 | _1, |
| 118 | identity))); |
| 119 | m_wrapper->sendInterest(interestPtr, closure); |
| 120 | } |
| 121 | |
| 122 | void |
Yingdi Yu | b2e747d | 2013-11-05 23:06:43 -0800 | [diff] [blame] | 123 | ContactManager::fetchCollectEndorse(const ndn::Name& identity) |
| 124 | { |
| 125 | Name interestName = identity; |
| 126 | interestName.append("DNS").append("ENDORSED"); |
| 127 | |
| 128 | Ptr<Interest> interestPtr = Ptr<Interest>(new Interest(interestName)); |
| 129 | interestPtr->setChildSelector(Interest::CHILD_RIGHT); |
| 130 | interestPtr->setInterestLifetime(1); |
| 131 | Ptr<Closure> closure = Ptr<Closure> (new Closure(boost::bind(&ContactManager::onDnsCollectEndorseVerified, |
| 132 | this, |
| 133 | _1, |
| 134 | identity), |
| 135 | boost::bind(&ContactManager::onDnsCollectEndorseTimeout, |
| 136 | this, |
| 137 | _1, |
| 138 | _2, |
| 139 | identity, |
| 140 | 0), |
| 141 | boost::bind(&ContactManager::onDnsCollectEndorseUnverified, |
| 142 | this, |
| 143 | _1, |
| 144 | identity))); |
| 145 | m_wrapper->sendInterest(interestPtr, closure); |
| 146 | } |
| 147 | |
| 148 | void |
| 149 | ContactManager::fetchKey(const ndn::Name& certName) |
| 150 | { |
| 151 | Name interestName = certName; |
| 152 | |
| 153 | Ptr<Interest> interestPtr = Ptr<Interest>(new Interest(interestName)); |
| 154 | interestPtr->setChildSelector(Interest::CHILD_RIGHT); |
| 155 | Ptr<Closure> closure = Ptr<Closure> (new Closure(boost::bind(&ContactManager::onKeyVerified, |
| 156 | this, |
| 157 | _1, |
| 158 | certName), |
| 159 | boost::bind(&ContactManager::onKeyTimeout, |
| 160 | this, |
| 161 | _1, |
| 162 | _2, |
| 163 | certName, |
| 164 | 0), |
| 165 | boost::bind(&ContactManager::onKeyUnverified, |
| 166 | this, |
| 167 | _1, |
| 168 | certName))); |
| 169 | m_wrapper->sendInterest(interestPtr, closure); |
| 170 | } |
| 171 | |
| 172 | void |
| 173 | ContactManager::onDnsCollectEndorseVerified(Ptr<Data> data, const Name& identity) |
| 174 | { emit collectEndorseFetched (*data); } |
| 175 | |
| 176 | void |
| 177 | ContactManager::onDnsCollectEndorseTimeout(Ptr<Closure> closure, Ptr<Interest> interest, const Name& identity, int retry) |
| 178 | { emit collectEndorseFetchFailed (identity); } |
| 179 | |
| 180 | void |
| 181 | ContactManager::onDnsCollectEndorseUnverified(Ptr<Data> data, const Name& identity) |
| 182 | { emit collectEndorseFetchFailed (identity); } |
| 183 | |
| 184 | void |
| 185 | ContactManager::onKeyVerified(Ptr<Data> data, const Name& identity) |
| 186 | { |
| 187 | IdentityCertificate identityCertificate(*data); |
Yingdi Yu | 2e3199c | 2013-11-06 18:42:34 -0800 | [diff] [blame] | 188 | |
| 189 | Ptr<ProfileData> profileData = Ptr<ProfileData>(new ProfileData(Profile(identityCertificate))); |
Yingdi Yu | b2e747d | 2013-11-05 23:06:43 -0800 | [diff] [blame] | 190 | |
| 191 | Ptr<IdentityManager> identityManager = m_keychain->getIdentityManager(); |
| 192 | Name certificateName = identityManager->getDefaultCertificateName (); |
| 193 | identityManager->signByCertificate(*profileData, certificateName); |
| 194 | |
| 195 | EndorseCertificate endorseCertificate(identityCertificate, profileData); |
| 196 | |
| 197 | identityManager->signByCertificate(endorseCertificate, certificateName); |
| 198 | |
| 199 | emit contactKeyFetched (endorseCertificate); |
| 200 | } |
| 201 | |
| 202 | void |
| 203 | ContactManager::onKeyUnverified(Ptr<Data> data, const Name& identity) |
| 204 | { emit contactKeyFetchFailed (identity); } |
| 205 | |
| 206 | void |
| 207 | ContactManager::onKeyTimeout(Ptr<Closure> closure, Ptr<Interest> interest, const Name& identity, int retry) |
| 208 | { emit contactKeyFetchFailed(identity); } |
| 209 | |
| 210 | void |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 211 | ContactManager::updateProfileData(const Name& identity) |
| 212 | { |
Yingdi Yu | 9b34b1f | 2013-11-01 17:37:51 -0700 | [diff] [blame] | 213 | _LOG_DEBUG("updateProfileData: " << identity.toUri()); |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 214 | // Get current profile; |
| 215 | Ptr<Profile> newProfile = m_contactStorage->getSelfProfile(identity); |
| 216 | if(NULL == newProfile) |
| 217 | return; |
| 218 | Ptr<Blob> newProfileBlob = newProfile->toDerBlob(); |
| 219 | |
| 220 | // Check if profile exists |
| 221 | Ptr<Blob> profileDataBlob = m_contactStorage->getSelfEndorseCertificate(identity); |
| 222 | if(NULL != profileDataBlob) |
| 223 | { |
| 224 | Ptr<Data> plainData = Data::decodeFromWire(profileDataBlob); |
| 225 | EndorseCertificate oldEndorseCertificate(*plainData); |
| 226 | // _LOG_DEBUG("Certificate converted!"); |
| 227 | const Blob& oldProfileBlob = oldEndorseCertificate.getProfileData()->content(); |
| 228 | |
| 229 | if(oldProfileBlob == *newProfileBlob) |
| 230 | return; |
| 231 | |
| 232 | Ptr<EndorseCertificate> newEndorseCertificate = getSignedSelfEndorseCertificate(identity, *newProfile); |
| 233 | // _LOG_DEBUG("Signing DONE!"); |
| 234 | if(NULL == newEndorseCertificate) |
| 235 | return; |
Yingdi Yu | ec3d9a3 | 2013-10-18 18:35:09 -0700 | [diff] [blame] | 236 | _LOG_DEBUG("About to update"); |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 237 | m_contactStorage->updateSelfEndorseCertificate(newEndorseCertificate, identity); |
| 238 | |
| 239 | publishSelfEndorseCertificateInDNS(newEndorseCertificate); |
| 240 | } |
| 241 | else |
| 242 | { |
| 243 | Ptr<EndorseCertificate> newEndorseCertificate = getSignedSelfEndorseCertificate(identity, *newProfile); |
| 244 | // _LOG_DEBUG("Signing DONE!"); |
| 245 | if(NULL == newEndorseCertificate) |
| 246 | return; |
Yingdi Yu | ec3d9a3 | 2013-10-18 18:35:09 -0700 | [diff] [blame] | 247 | _LOG_DEBUG("About to Insert"); |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 248 | m_contactStorage->addSelfEndorseCertificate(newEndorseCertificate, identity); |
| 249 | |
| 250 | publishSelfEndorseCertificateInDNS(newEndorseCertificate); |
| 251 | } |
| 252 | } |
| 253 | |
Yingdi Yu | b2e747d | 2013-11-05 23:06:43 -0800 | [diff] [blame] | 254 | void |
| 255 | ContactManager::updateEndorseCertificate(const ndn::Name& identity, const ndn::Name& signerIdentity) |
| 256 | { |
| 257 | Ptr<Blob> oldEndorseCertificateBlob = m_contactStorage->getEndorseCertificate(identity); |
| 258 | Ptr<EndorseCertificate> newEndorseCertificate = generateEndorseCertificate(identity, signerIdentity); |
| 259 | if(NULL != oldEndorseCertificateBlob) |
| 260 | { |
| 261 | Ptr<Data> plainData = Data::decodeFromWire(oldEndorseCertificateBlob); |
| 262 | EndorseCertificate oldEndorseCertificate(*plainData); |
| 263 | const Blob& oldEndorseContent = oldEndorseCertificate.content(); |
| 264 | const Blob& newEndorseContent = newEndorseCertificate->content(); |
| 265 | if(oldEndorseContent == newEndorseContent) |
| 266 | return; |
| 267 | } |
| 268 | else |
| 269 | { |
| 270 | if(NULL == newEndorseCertificate) |
| 271 | return; |
| 272 | } |
| 273 | m_contactStorage->addEndorseCertificate(newEndorseCertificate, identity); |
| 274 | publishEndorseCertificateInDNS(newEndorseCertificate, signerIdentity); |
| 275 | } |
| 276 | |
| 277 | Ptr<EndorseCertificate> |
| 278 | ContactManager::generateEndorseCertificate(const Name& identity, const Name& signerIdentity) |
| 279 | { |
| 280 | Ptr<ContactItem> contact = getContact(identity); |
| 281 | |
| 282 | Ptr<IdentityManager> identityManager = m_keychain->getIdentityManager(); |
| 283 | Name signerKeyName = identityManager->getDefaultKeyNameForIdentity(signerIdentity); |
| 284 | Name signerCertName = identityManager->getDefaultCertificateNameByIdentity(signerIdentity); |
| 285 | |
| 286 | vector<string> endorseList = m_contactStorage->getEndorseList(identity); |
| 287 | |
| 288 | Ptr<EndorseCertificate> cert = Ptr<EndorseCertificate>(new EndorseCertificate(contact->getSelfEndorseCertificate(), signerKeyName, endorseList)); |
| 289 | identityManager->signByCertificate(*cert, signerCertName); |
| 290 | |
| 291 | return cert; |
| 292 | } |
| 293 | |
Yingdi Yu | 2ac40fb | 2013-10-21 13:38:38 -0700 | [diff] [blame] | 294 | vector<Ptr<ContactItem> > |
| 295 | ContactManager::getContactItemList() |
Yingdi Yu | 71c0187 | 2013-11-03 16:22:05 -0800 | [diff] [blame] | 296 | { return m_contactStorage->getAllContacts(); } |
Yingdi Yu | 2ac40fb | 2013-10-21 13:38:38 -0700 | [diff] [blame] | 297 | |
Yingdi Yu | 4ef8cf6 | 2013-10-23 14:05:12 -0700 | [diff] [blame] | 298 | Ptr<ContactItem> |
| 299 | ContactManager::getContact(const ndn::Name& contactNamespace) |
Yingdi Yu | 71c0187 | 2013-11-03 16:22:05 -0800 | [diff] [blame] | 300 | { return m_contactStorage->getContact(contactNamespace); } |
Yingdi Yu | 4ef8cf6 | 2013-10-23 14:05:12 -0700 | [diff] [blame] | 301 | |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 302 | Ptr<EndorseCertificate> |
| 303 | ContactManager::getSignedSelfEndorseCertificate(const Name& identity, |
| 304 | const Profile& profile) |
| 305 | { |
| 306 | Ptr<IdentityManager> identityManager = m_keychain->getIdentityManager(); |
| 307 | Name certificateName = identityManager->getDefaultCertificateNameByIdentity(identity); |
| 308 | if(0 == certificateName.size()) |
| 309 | return NULL; |
| 310 | |
Yingdi Yu | 2e3199c | 2013-11-06 18:42:34 -0800 | [diff] [blame] | 311 | Ptr<ProfileData> profileData = Ptr<ProfileData>(new ProfileData(profile)); |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 312 | identityManager->signByCertificate(*profileData, certificateName); |
| 313 | |
Yingdi Yu | 9b34b1f | 2013-11-01 17:37:51 -0700 | [diff] [blame] | 314 | Ptr<security::IdentityCertificate> signingCert = identityManager->getCertificate(certificateName); |
| 315 | Name signingKeyName = security::IdentityCertificate::certificateNameToPublicKeyName(signingCert->getName(), true); |
| 316 | |
| 317 | Ptr<security::IdentityCertificate> kskCert; |
| 318 | if(signingKeyName.get(-1).toUri().substr(0,4) == string("dsk-")) |
| 319 | { |
| 320 | Ptr<const signature::Sha256WithRsa> dskCertSig = DynamicCast<const signature::Sha256WithRsa>(signingCert->getSignature()); |
| 321 | // HACK! KSK certificate should be retrieved from network. |
| 322 | _LOG_DEBUG("keyLocator: " << dskCertSig->getKeyLocator().getKeyName()); |
| 323 | Name keyName = security::IdentityCertificate::certificateNameToPublicKeyName(dskCertSig->getKeyLocator().getKeyName()); |
| 324 | _LOG_DEBUG("keyName: " << keyName.toUri()); |
| 325 | Name kskCertName = identityManager->getPublicStorage()->getDefaultCertificateNameForKey(keyName); |
| 326 | _LOG_DEBUG("ksk cert name: " << kskCertName); |
| 327 | kskCert = identityManager->getCertificate(kskCertName); |
| 328 | |
| 329 | } |
| 330 | else |
| 331 | { |
| 332 | kskCert = signingCert; |
| 333 | _LOG_DEBUG("ksk cert name: " << kskCert->getName().toUri()); |
| 334 | } |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 335 | |
| 336 | vector<string> endorseList; |
| 337 | Profile::const_iterator it = profile.begin(); |
| 338 | for(; it != profile.end(); it++) |
| 339 | endorseList.push_back(it->first); |
| 340 | |
| 341 | Ptr<EndorseCertificate> selfEndorseCertificate = Ptr<EndorseCertificate>(new EndorseCertificate(*kskCert, |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 342 | profileData, |
| 343 | endorseList)); |
| 344 | identityManager->signByCertificate(*selfEndorseCertificate, kskCert->getName()); |
| 345 | |
| 346 | return selfEndorseCertificate; |
| 347 | } |
| 348 | |
| 349 | |
| 350 | void |
| 351 | ContactManager::onDnsSelfEndorseCertificateVerified(Ptr<Data> data, const Name& identity) |
| 352 | { |
Yingdi Yu | d95c564 | 2013-10-20 19:43:10 -0700 | [diff] [blame] | 353 | Ptr<Blob> dataContentBlob = Ptr<Blob>(new Blob(data->content().buf(), data->content().size())); |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 354 | |
Yingdi Yu | d95c564 | 2013-10-20 19:43:10 -0700 | [diff] [blame] | 355 | Ptr<Data> plainData = Data::decodeFromWire(dataContentBlob); |
| 356 | |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 357 | Ptr<EndorseCertificate> selfEndorseCertificate = Ptr<EndorseCertificate>(new EndorseCertificate(*plainData)); |
Yingdi Yu | d95c564 | 2013-10-20 19:43:10 -0700 | [diff] [blame] | 358 | |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 359 | const security::Publickey& ksk = selfEndorseCertificate->getPublicKeyInfo(); |
Yingdi Yu | d95c564 | 2013-10-20 19:43:10 -0700 | [diff] [blame] | 360 | |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 361 | if(security::PolicyManager::verifySignature(*plainData, ksk)) |
Yingdi Yu | d95c564 | 2013-10-20 19:43:10 -0700 | [diff] [blame] | 362 | { |
Yingdi Yu | 2ac40fb | 2013-10-21 13:38:38 -0700 | [diff] [blame] | 363 | // Profile profile = selfEndorseCertificate->getProfileData()->getProfile(); |
| 364 | // Profile::const_iterator it = profile.getEntries().begin(); |
| 365 | // it++; |
| 366 | // _LOG_DEBUG("Entry Size: " << it->first); |
| 367 | |
Yingdi Yu | d95c564 | 2013-10-20 19:43:10 -0700 | [diff] [blame] | 368 | emit contactFetched (*selfEndorseCertificate); |
| 369 | } |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 370 | else |
Yingdi Yu | d95c564 | 2013-10-20 19:43:10 -0700 | [diff] [blame] | 371 | { |
| 372 | emit contactFetchFailed (identity); |
| 373 | } |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 374 | } |
| 375 | |
| 376 | void |
| 377 | ContactManager::onDnsSelfEndorseCertificateUnverified(Ptr<Data> data, const Name& identity) |
| 378 | { emit contactFetchFailed (identity); } |
| 379 | |
| 380 | void |
| 381 | ContactManager::onDnsSelfEndorseCertificateTimeout(Ptr<Closure> closure, Ptr<Interest> interest, const Name& identity, int retry) |
Yingdi Yu | b2e747d | 2013-11-05 23:06:43 -0800 | [diff] [blame] | 382 | { emit contactFetchFailed(identity); } |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 383 | |
| 384 | void |
| 385 | ContactManager::publishSelfEndorseCertificateInDNS(Ptr<EndorseCertificate> selfEndorseCertificate) |
| 386 | { |
| 387 | Ptr<Data> data = Ptr<Data>::Create(); |
| 388 | |
| 389 | Name keyName = selfEndorseCertificate->getPublicKeyName(); |
| 390 | Name identity = keyName.getSubName(0, keyName.size()-1); |
| 391 | |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 392 | |
| 393 | Name dnsName = identity; |
Yingdi Yu | 7989eb2 | 2013-10-31 17:38:22 -0700 | [diff] [blame] | 394 | dnsName.append("DNS").append("PROFILE").appendVersion(); |
Yingdi Yu | d95c564 | 2013-10-20 19:43:10 -0700 | [diff] [blame] | 395 | |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 396 | data->setName(dnsName); |
| 397 | Ptr<Blob> blob = selfEndorseCertificate->encodeToWire(); |
Yingdi Yu | d95c564 | 2013-10-20 19:43:10 -0700 | [diff] [blame] | 398 | |
| 399 | // string encoded; |
| 400 | // CryptoPP::StringSource ss(reinterpret_cast<const unsigned char *>(blob->buf()), blob->size(), true, |
| 401 | // new CryptoPP::Base64Encoder(new CryptoPP::StringSink(encoded), false)); |
| 402 | |
| 403 | // Content content(encoded.c_str(), encoded.size()); |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 404 | Content content(blob->buf(), blob->size()); |
| 405 | data->setContent(content); |
| 406 | |
| 407 | m_keychain->signByIdentity(*data, identity); |
Yingdi Yu | ec3d9a3 | 2013-10-18 18:35:09 -0700 | [diff] [blame] | 408 | |
| 409 | m_dnsStorage->updateDnsSelfProfileData(*data, identity); |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 410 | |
| 411 | Ptr<Blob> dnsBlob = data->encodeToWire(); |
| 412 | |
Yingdi Yu | eda39aa | 2013-10-23 23:07:29 -0700 | [diff] [blame] | 413 | m_wrapper->putToNdnd(*dnsBlob); |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 414 | } |
| 415 | |
Yingdi Yu | b2e747d | 2013-11-05 23:06:43 -0800 | [diff] [blame] | 416 | void |
| 417 | ContactManager::publishEndorseCertificateInDNS(Ptr<EndorseCertificate> endorseCertificate, const Name& signerIdentity) |
| 418 | { |
| 419 | Ptr<Data> data = Ptr<Data>::Create(); |
| 420 | |
| 421 | Name keyName = endorseCertificate->getPublicKeyName(); |
| 422 | Name endorsee = keyName.getSubName(0, keyName.size()-1); |
| 423 | |
| 424 | |
| 425 | Name dnsName = signerIdentity; |
| 426 | dnsName.append("DNS").append(endorsee).append("ENDORSEE").appendVersion(); |
| 427 | |
| 428 | data->setName(dnsName); |
| 429 | Ptr<Blob> blob = endorseCertificate->encodeToWire(); |
| 430 | |
| 431 | Content content(blob->buf(), blob->size()); |
| 432 | data->setContent(content); |
| 433 | |
| 434 | Name signCertName = m_keychain->getIdentityManager()->getDefaultCertificateNameByIdentity(signerIdentity); |
| 435 | m_keychain->getIdentityManager()->signByCertificate(*data, signCertName); |
| 436 | |
| 437 | m_dnsStorage->updateDnsEndorseOthers(*data, signerIdentity, endorsee); |
| 438 | |
| 439 | Ptr<Blob> dnsBlob = data->encodeToWire(); |
| 440 | |
| 441 | m_wrapper->putToNdnd(*dnsBlob); |
| 442 | } |
| 443 | |
| 444 | void |
| 445 | ContactManager::publishEndorsedDataInDns(const Name& identity) |
| 446 | { |
| 447 | Ptr<Data> data = Ptr<Data>::Create(); |
| 448 | |
| 449 | Name dnsName = identity; |
| 450 | dnsName.append("DNS").append("ENDORSED").appendVersion(); |
| 451 | data->setName(dnsName); |
| 452 | |
| 453 | Ptr<vector<Blob> > collectEndorseList = m_contactStorage->getCollectEndorseList(identity); |
| 454 | |
| 455 | Ptr<der::DerSequence> root = Ptr<der::DerSequence>::Create(); |
| 456 | |
| 457 | vector<Blob>::const_iterator it = collectEndorseList->begin(); |
| 458 | for(; it != collectEndorseList->end(); it++) |
| 459 | { |
| 460 | Ptr<der::DerOctetString> entry = Ptr<der::DerOctetString>(new der::DerOctetString(*it)); |
| 461 | root->addChild(entry); |
| 462 | } |
| 463 | |
| 464 | blob_stream blobStream; |
| 465 | OutputIterator & start = reinterpret_cast<OutputIterator &> (blobStream); |
| 466 | root->encode(start); |
| 467 | |
| 468 | Content content(blobStream.buf()->buf(), blobStream.buf()->size()); |
| 469 | data->setContent(content); |
| 470 | |
| 471 | Name signCertName = m_keychain->getIdentityManager()->getDefaultCertificateNameByIdentity(identity); |
| 472 | m_keychain->getIdentityManager()->signByCertificate(*data, signCertName); |
| 473 | |
| 474 | m_dnsStorage->updateDnsOthersEndorse(*data, identity); |
| 475 | |
| 476 | Ptr<Blob> dnsBlob = data->encodeToWire(); |
| 477 | |
| 478 | m_wrapper->putToNdnd(*dnsBlob); |
| 479 | } |
| 480 | |
Yingdi Yu | 4685b1b | 2013-10-18 17:05:02 -0700 | [diff] [blame] | 481 | |
| 482 | #if WAF |
| 483 | #include "contact-manager.moc" |
| 484 | #include "contact-manager.cpp.moc" |
| 485 | #endif |