blob: c141fcf77fb4f8e979742ad67de3f793c1a1f124 [file] [log] [blame]
#ifndef NLSR_KM_HPP
#define NLSR_KM_HPP
#include <ndn-cpp-dev/face.hpp>
#include <ndn-cpp-dev/data.hpp>
#include <ndn-cpp-dev/security/key-chain.hpp>
#include <ndn-cpp-dev/security/validator.hpp>
#include <ndn-cpp-dev/util/random.hpp>
#include <ndn-cpp-dev/security/identity-certificate.hpp>
#include <list>
#include "nlsr_conf_param.hpp"
#include "nlsr_cert_store.hpp"
#include "utility/nlsr_tokenizer.hpp"
namespace nlsr
{
enum nlsrKeyType
{
KEY_TYPE_ROOT,
KEY_TYPE_SITE,
KEY_TYPE_OPERATOR,
KEY_TYPE_ROUTER,
KEY_TYPE_PROCESS,
KEY_TYPE_UNKNOWN
};
enum nlsrContentType
{
CONTENT_TYPE_DATA,
CONTENT_TYPE_CERT
};
class KeyManager: public ndn::KeyChain, public ndn::Validator
{
typedef SecPublicInfo::Error InfoError;
typedef SecTpm::Error TpmError;
public:
KeyManager()
: certSeqNo(1)
, certStore()
, nlsrRootKeyPrefix()
{
}
bool initKeyManager(ConfParameter &cp);
void
checkPolicy (const ndn::Data& data,
int stepCount,
const ndn::OnDataValidated &onValidated,
const ndn::OnDataValidationFailed &onValidationFailed,
std::vector<ndn::shared_ptr<ndn::ValidationRequest> > &nextSteps)
{}
void
checkPolicy (const ndn::Interest& interest,
int stepCount,
const ndn::OnInterestValidated &onValidated,
const ndn::OnInterestValidationFailed &onValidationFailed,
std::vector<ndn::shared_ptr<ndn::ValidationRequest> > &nextSteps)
{}
void signData(ndn::Data& data)
{
ndn::KeyChain::signByIdentity(data,processIdentity);
}
template<typename T>
void signByIdentity(T& packet, ndn::Name signeeIdentity)
{
ndn::KeyChain::signByIdentity(packet,signeeIdentity);
}
ndn::shared_ptr<ndn::IdentityCertificate>
getCertificate(ndn::Name certificateName)
{
return ndn::KeyChain::getCertificate(certificateName);
}
ndn::shared_ptr<ndn::IdentityCertificate>
getCertificate()
{
return getCertificate(processCertName);
}
ndn::Name
createIdentity(const ndn::Name identityName)
{
return ndn::KeyChain::createIdentity(identityName);
}
ndn::Name
createIdentity(const ndn::Name identityName, const ndn::Name signee)
{
ndn::KeyChain::addIdentity(identityName);
ndn::Name keyName;
try
{
keyName = ndn::KeyChain::getDefaultKeyNameForIdentity(identityName);
}
catch(InfoError& e)
{
keyName = ndn::KeyChain::generateRSAKeyPairAsDefault(identityName, true);
}
ndn::shared_ptr<ndn::PublicKey> pubKey;
try
{
pubKey = ndn::KeyChain::getPublicKey(keyName);
}
catch(InfoError& e)
{
return identityName;
}
ndn::Name certName;
try
{
certName = ndn::KeyChain::getDefaultCertificateNameForKey(keyName);
}
catch(InfoError& e)
{
ndn::shared_ptr<ndn::IdentityCertificate> certificate =
ndn::make_shared<ndn::IdentityCertificate>();
ndn::Name certificateName = keyName.getPrefix(-1);
certificateName.append("KEY").append(
keyName.get(-1)).append("ID-CERT").appendVersion();
certificate->setName(certificateName);
certificate->setNotBefore(ndn::getNow());
certificate->setNotAfter(ndn::getNow() + 31536000 /* 1 year*/);
certificate->setPublicKeyInfo(*pubKey);
certificate->addSubjectDescription(
ndn::CertificateSubjectDescription("2.5.4.41",
keyName.toUri()));
certificate->encode();
try
{
ndn::KeyChain::signByIdentity(*certificate,signee);
}
catch(InfoError& e)
{
try
{
ndn::KeyChain::deleteIdentity(identityName);
}
catch(InfoError& e)
{
}
return identityName;
}
certName=certificate->getName();
}
return certName;
}
void printCertStore()
{
certStore.printCertStore();
}
private:
bool
verifyDataPacket(ndn::Data packet)
{
std::cout<<"KeyManager::verifyDataPacket Called"<<std::endl;
ndn::SignatureSha256WithRsa signature(packet.getSignature());
std::string signingCertName=signature.getKeyLocator().getName().toUri();
std::string packetName=packet.getName().toUri();
std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool> signee=
certStore.getCertificateFromStore(signingCertName);
if( signee.second )
{
std::string routerNameFromPacketName=getRouterName(packetName);
std::string routerNameFromCertName=getRouterName(signingCertName);
return ( (routerNameFromPacketName== routerNameFromCertName) &&
verifySignature(packet, signee.first->getPublicKeyInfo()));
}
return false;
}
bool
verifyCertPacket(ndn::IdentityCertificate packet)
{
std::cout<<"KeyManager::verifyCertPacket Called"<<std::endl;
return true;
}
public:
template<typename T>
bool
verify(T& packet )
{
std::cout<<"KeyManager::verify Called"<<std::endl;
std::string packetName=packet.getName().toUri();
nlsrTokenizer nt(packetName,"/");
std::string keyHandle("keys");
if ( nt.doesTokenExist(keyHandle) )
{
return verifyCertPacket(packet);
}
else
{
return verifyDataPacket(packet);
}
return false;
}
ndn::Name getProcessCertName();
ndn::Name getRouterCertName();
ndn::Name getOperatorCertName();
ndn::Name getSiteCertName();
ndn::Name getRootCertName();
uint32_t getCertSeqNo();
void setCerSeqNo(uint32_t csn);
void initCertSeqFromFile(string certSeqFileDir);
void writeCertSeqToFile();
bool isNewCertificate(std::string certName, int checkSeqNum);
std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
getCertificateFromStore(const std::string certName, int checkSeqNum);
std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
getCertificateFromStore(const std::string certName);
bool addCertificate(ndn::shared_ptr<ndn::IdentityCertificate> pcert
, uint32_t csn, bool isv);
private:
bool loadAllCertificates(std::string certDirPath);
bool loadCertificate(std::string inputFile, nlsrKeyType keyType);
nlsrKeyType getKeyTypeFromName(const std::string keyName);
std::string getRouterName(const std::string name);
std::string getSiteName(const std::string name);
private:
ndn::Name processIdentity;
ndn::Name routerIdentity;
ndn::Name processCertName;
ndn::Name routerCertName;
ndn::Name opCertName;
ndn::Name siteCertName;
ndn::Name rootCertName;
ndn::Name processKeyName;
uint32_t certSeqNo;
string certSeqFileNameWithPath;
string nlsrRootKeyPrefix;
NlsrCertificateStore certStore;
};
}
#endif