Gitiles
Code Review Sign In
gerrit.named-data.net / NLSR / ba09474389f2cf7b0538aaa757abe0b7243990db / . / src / security / nlsr_km.hpp
blob: 7b3b7ba20e84ff5123caf58030951c8d849ef81a [file] [log] [blame]
#ifndef NLSR_KM_HPP
#define NLSR_KM_HPP
#include <ndn-cpp-dev/face.hpp>
#include <ndn-cpp-dev/data.hpp>
#include <ndn-cpp-dev/security/key-chain.hpp>
#include <ndn-cpp-dev/security/validator.hpp>
#include <ndn-cpp-dev/util/scheduler.hpp>
#include <ndn-cpp-dev/util/random.hpp>
#include <ndn-cpp-dev/security/identity-certificate.hpp>
#include <ndn-cpp-dev/security/signature-sha256-with-rsa.hpp>
#include <ndn-cpp-dev/security/sec-public-info-sqlite3.hpp>
#include <ndn-cpp-dev/security/sec-public-info-memory.hpp>
//TPM
#include <ndn-cpp-dev/security/sec-tpm-file.hpp>
#include <ndn-cpp-dev/security/sec-tpm-memory.hpp>
#ifdef NDN_CPP_HAVE_OSX_SECURITY
#include <ndn-cpp-dev/security/sec-tpm-osx.hpp>
#endif
#include <list>
#include "nlsr_conf_param.hpp"
namespace nlsr
{
enum nlsrKeyType
{
KEY_TYPE_ROOT,
KEY_TYPE_SITE,
KEY_TYPE_OPERATOR,
KEY_TYPE_ROUTER,
KEY_TYPE_PROCESS
};
class KeyManager: public ndn::KeyChain, public ndn::Validator
{
typedef SecPublicInfo::Error InfoError;
typedef SecTpm::Error TpmError;
public:
KeyManager()
: certSeqNo(1)
{
}
void initKeyManager(ConfParameter &cp);
void
checkPolicy (const ndn::Data& data,
int stepCount,
const ndn::OnDataValidated &onValidated,
const ndn::OnDataValidationFailed &onValidationFailed,
std::vector<ndn::shared_ptr<ndn::ValidationRequest> > &nextSteps)
{}
void
checkPolicy (const ndn::Interest& interest,
int stepCount,
const ndn::OnInterestValidated &onValidated,
const ndn::OnInterestValidationFailed &onValidationFailed,
std::vector<ndn::shared_ptr<ndn::ValidationRequest> > &nextSteps)
{}
void signData(ndn::Data& data)
{
ndn::KeyChain::signByIdentity(data,routerIdentity);
//ndn::SignatureSha256WithRsa signature(data.getSignature());
//signature.setKeyLocator(routerCertName);
}
ndn::shared_ptr<ndn::IdentityCertificate>
getCertificate(ndn::Name certificateName)
{
return ndn::KeyChain::getCertificate(routerCertName);
}
ndn::Name
createIdentity(const ndn::Name identityName, const ndn::Name signee)
{
ndn::KeyChain::addIdentity(identityName);
ndn::Name keyName;
try
{
keyName = ndn::KeyChain::getDefaultKeyNameForIdentity(identityName);
}
catch(InfoError& e)
{
keyName = ndn::KeyChain::generateRSAKeyPairAsDefault(identityName, true);
}
ndn::shared_ptr<ndn::PublicKey> pubKey;
try
{
pubKey = ndn::KeyChain::getPublicKey(keyName);
}
catch(InfoError& e)
{
//return ndn::shared_ptr<ndn::IdentityCertificate>()->getName();
return identityName;
}
ndn::Name certName;
try
{
certName = ndn::KeyChain::getDefaultCertificateNameForKey(keyName);
}
catch(InfoError& e)
{
ndn::shared_ptr<ndn::IdentityCertificate> certificate =
ndn::make_shared<ndn::IdentityCertificate>();
ndn::Name certificateName = keyName.getPrefix(-1);
certificateName.append("KEY").append(
keyName.get(-1)).append("ID-CERT").appendVersion();
certificate->setName(certificateName);
certificate->setNotBefore(ndn::getNow());
certificate->setNotAfter(ndn::getNow() + 31536000 /* 1 year*/);
certificate->setPublicKeyInfo(*pubKey);
certificate->addSubjectDescription(
ndn::CertificateSubjectDescription("2.5.4.41",
keyName.toUri()));
certificate->encode();
try
{
ndn::KeyChain::signByIdentity(*certificate,signee);
}
catch(InfoError& e)
{
try
{
ndn::KeyChain::deleteIdentity(identityName);
}
catch(InfoError& e)
{
}
return identityName;
}
certName=certificate->getName();
}
return certName;
}
ndn::Name getRouterCertName();
uint32_t getCertSeqNo();
void setCerSeqNo(uint32_t csn);
void initCertSeqFromFile(string certSeqFileDir);
void writeCertSeqToFile();
private:
ndn::Name routerIdentity;
ndn::Name routerCertName;
ndn::Name routerKeyName;
uint32_t certSeqNo;
string certSeqFileNameWithPath;
};
}
#endif