blob: 291d55cffd413a8713bf9680d2c0c5bfc0976e33 [file] [log] [blame]
akmhoqueba094742014-02-28 11:47:21 -06001#ifndef NLSR_KM_HPP
2#define NLSR_KM_HPP
3
4#include <ndn-cpp-dev/face.hpp>
5#include <ndn-cpp-dev/data.hpp>
6#include <ndn-cpp-dev/security/key-chain.hpp>
7#include <ndn-cpp-dev/security/validator.hpp>
akmhoqueba094742014-02-28 11:47:21 -06008#include <ndn-cpp-dev/util/random.hpp>
9#include <ndn-cpp-dev/security/identity-certificate.hpp>
akmhoqueba094742014-02-28 11:47:21 -060010#include <list>
11#include "nlsr_conf_param.hpp"
akmhoqueeb764c52014-03-11 16:01:09 -050012#include "nlsr_cert_store.hpp"
13#include "utility/nlsr_tokenizer.hpp"
akmhoqueba094742014-02-28 11:47:21 -060014
15namespace nlsr
16{
akmhoquefa8ee9b2014-03-14 09:06:24 -050017 class Nlsr;
akmhoque5a44dd42014-03-12 18:11:32 -050018 enum nlsrKeyType
19 {
20 KEY_TYPE_ROOT,
21 KEY_TYPE_SITE,
22 KEY_TYPE_OPERATOR,
23 KEY_TYPE_ROUTER,
24 KEY_TYPE_PROCESS,
25 KEY_TYPE_UNKNOWN
26 };
27
28 enum nlsrContentType
29 {
30 CONTENT_TYPE_DATA,
31 CONTENT_TYPE_CERT
32 };
33
34 class KeyManager: public ndn::KeyChain, public ndn::Validator
35 {
36 typedef SecPublicInfo::Error InfoError;
37 typedef SecTpm::Error TpmError;
38 public:
39 KeyManager()
akmhoque05d5fcf2014-04-15 14:58:45 -050040 : m_certSeqNo(1)
41 , m_certStore()
42 , m_nlsrRootKeyPrefix()
akmhoqueba094742014-02-28 11:47:21 -060043 {
akmhoque5a44dd42014-03-12 18:11:32 -050044 }
45
akmhoque05d5fcf2014-04-15 14:58:45 -050046 bool initialize(ConfParameter &cp);
akmhoque5a44dd42014-03-12 18:11:32 -050047
48
49
50 void
51 checkPolicy (const ndn::Data& data,
52 int stepCount,
akmhoque05d5fcf2014-04-15 14:58:45 -050053 const ndn::OnDataValidated& onValidated,
54 const ndn::OnDataValidationFailed& onValidationFailed,
55 std::vector<ndn::shared_ptr<ndn::ValidationRequest> >& nextSteps)
akmhoque5a44dd42014-03-12 18:11:32 -050056 {}
57
58 void
59 checkPolicy (const ndn::Interest& interest,
60 int stepCount,
akmhoque05d5fcf2014-04-15 14:58:45 -050061 const ndn::OnInterestValidated& onValidated,
62 const ndn::OnInterestValidationFailed& onValidationFailed,
63 std::vector<ndn::shared_ptr<ndn::ValidationRequest> >& nextSteps)
akmhoque5a44dd42014-03-12 18:11:32 -050064 {}
65
66 void signData(ndn::Data& data)
akmhoqueeb764c52014-03-11 16:01:09 -050067 {
akmhoque05d5fcf2014-04-15 14:58:45 -050068 ndn::KeyChain::signByIdentity(data,m_processIdentity);
akmhoque5a44dd42014-03-12 18:11:32 -050069 }
akmhoqueba094742014-02-28 11:47:21 -060070
akmhoque5a44dd42014-03-12 18:11:32 -050071 template<typename T>
72 void signByIdentity(T& packet, ndn::Name signeeIdentity)
akmhoqueba094742014-02-28 11:47:21 -060073 {
akmhoque5a44dd42014-03-12 18:11:32 -050074 ndn::KeyChain::signByIdentity(packet,signeeIdentity);
75 }
akmhoqueba094742014-02-28 11:47:21 -060076
akmhoque5a44dd42014-03-12 18:11:32 -050077 ndn::shared_ptr<ndn::IdentityCertificate>
78 getCertificate(ndn::Name certificateName)
79 {
80 return ndn::KeyChain::getCertificate(certificateName);
81 }
akmhoqueba094742014-02-28 11:47:21 -060082
akmhoque5a44dd42014-03-12 18:11:32 -050083 ndn::shared_ptr<ndn::IdentityCertificate>
84 getCertificate()
85 {
akmhoque05d5fcf2014-04-15 14:58:45 -050086 return getCertificate(m_processCertName);
akmhoque5a44dd42014-03-12 18:11:32 -050087 }
akmhoqueba094742014-02-28 11:47:21 -060088
akmhoque5a44dd42014-03-12 18:11:32 -050089 ndn::Name
90 createIdentity(const ndn::Name identityName)
91 {
92 return ndn::KeyChain::createIdentity(identityName);
93 }
akmhoqueba094742014-02-28 11:47:21 -060094
akmhoque5a44dd42014-03-12 18:11:32 -050095 ndn::Name
96 createIdentity(const ndn::Name identityName, const ndn::Name signee)
97 {
98 ndn::KeyChain::addIdentity(identityName);
99 ndn::Name keyName;
100 try
101 {
102 keyName = ndn::KeyChain::getDefaultKeyNameForIdentity(identityName);
103 }
104 catch(InfoError& e)
105 {
106 keyName = ndn::KeyChain::generateRSAKeyPairAsDefault(identityName, true);
107 }
108 ndn::shared_ptr<ndn::PublicKey> pubKey;
109 try
110 {
111 pubKey = ndn::KeyChain::getPublicKey(keyName);
112 }
113 catch(InfoError& e)
114 {
115 return identityName;
116 }
117 ndn::Name certName;
118 try
119 {
120 certName = ndn::KeyChain::getDefaultCertificateNameForKey(keyName);
121 }
122 catch(InfoError& e)
123 {
124 ndn::shared_ptr<ndn::IdentityCertificate> certificate =
125 ndn::make_shared<ndn::IdentityCertificate>();
126 ndn::Name certificateName = keyName.getPrefix(-1);
127 certificateName.append("KEY").append(
128 keyName.get(-1)).append("ID-CERT").appendVersion();
129 certificate->setName(certificateName);
akmhoque05d5fcf2014-04-15 14:58:45 -0500130 certificate->setNotBefore(ndn::time::system_clock::now());
131 certificate->setNotAfter(ndn::time::system_clock::now() + ndn::time::days(7300) /* 1 year*/);
akmhoque5a44dd42014-03-12 18:11:32 -0500132 certificate->setPublicKeyInfo(*pubKey);
133 certificate->addSubjectDescription(
134 ndn::CertificateSubjectDescription("2.5.4.41",
135 keyName.toUri()));
136 certificate->encode();
137 try
akmhoqueba094742014-02-28 11:47:21 -0600138 {
akmhoque5a44dd42014-03-12 18:11:32 -0500139 ndn::KeyChain::signByIdentity(*certificate,signee);
akmhoqueeb764c52014-03-11 16:01:09 -0500140 }
akmhoque5a44dd42014-03-12 18:11:32 -0500141 catch(InfoError& e)
akmhoqueeb764c52014-03-11 16:01:09 -0500142 {
akmhoque5a44dd42014-03-12 18:11:32 -0500143 try
144 {
145 ndn::KeyChain::deleteIdentity(identityName);
146 }
147 catch(InfoError& e)
148 {
149 }
150 return identityName;
akmhoqueba094742014-02-28 11:47:21 -0600151 }
akmhoque5a44dd42014-03-12 18:11:32 -0500152 certName=certificate->getName();
153 }
154 return certName;
155 }
akmhoqueba094742014-02-28 11:47:21 -0600156
akmhoque5a44dd42014-03-12 18:11:32 -0500157 void printCertStore()
158 {
akmhoque05d5fcf2014-04-15 14:58:45 -0500159 m_certStore.print();
akmhoque5a44dd42014-03-12 18:11:32 -0500160 }
akmhoqueba094742014-02-28 11:47:21 -0600161
akmhoque5a44dd42014-03-12 18:11:32 -0500162 private:
163 bool
164 verifyDataPacket(ndn::Data packet)
165 {
166 std::cout<<"KeyManager::verifyDataPacket Called"<<std::endl;
167 ndn::SignatureSha256WithRsa signature(packet.getSignature());
168 std::string signingCertName=signature.getKeyLocator().getName().toUri();
169 std::string packetName=packet.getName().toUri();
170 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool> signee=
akmhoque05d5fcf2014-04-15 14:58:45 -0500171 m_certStore.getCertificateFromStore(signingCertName);
akmhoque5a44dd42014-03-12 18:11:32 -0500172 if( signee.second )
173 {
174 std::string routerNameFromPacketName=getRouterName(packetName);
175 std::string routerNameFromCertName=getRouterName(signingCertName);
176 return ( (routerNameFromPacketName== routerNameFromCertName) &&
akmhoquefa8ee9b2014-03-14 09:06:24 -0500177 verifySignature(packet, signee.first->getPublicKeyInfo()) &&
akmhoque05d5fcf2014-04-15 14:58:45 -0500178 m_certStore.getCertificateIsVerified(signingCertName));
akmhoque5a44dd42014-03-12 18:11:32 -0500179 }
180 return false;
181 }
akmhoqueba094742014-02-28 11:47:21 -0600182
akmhoque5a44dd42014-03-12 18:11:32 -0500183 bool
akmhoquefa8ee9b2014-03-14 09:06:24 -0500184 verifyCertPacket(Nlsr& pnlsr, ndn::IdentityCertificate& packet);
akmhoqueba094742014-02-28 11:47:21 -0600185
akmhoque5a44dd42014-03-12 18:11:32 -0500186 public:
187 template<typename T>
188 bool
189 verify(T& packet )
190 {
191 std::cout<<"KeyManager::verify Called"<<std::endl;
akmhoquefa8ee9b2014-03-14 09:06:24 -0500192
193 return verifyDataPacket(packet);
194
akmhoque5a44dd42014-03-12 18:11:32 -0500195 return false;
196 }
akmhoquefa8ee9b2014-03-14 09:06:24 -0500197
198 bool
199 verify(Nlsr& pnlsr, ndn::IdentityCertificate& packet)
200 {
201 return verifyCertPacket(pnlsr, packet);
202 }
akmhoque5a44dd42014-03-12 18:11:32 -0500203
204 ndn::Name getProcessCertName();
205 ndn::Name getRouterCertName();
206 ndn::Name getOperatorCertName();
207 ndn::Name getSiteCertName();
208 ndn::Name getRootCertName();
209
210 uint32_t getCertSeqNo();
akmhoquefa8ee9b2014-03-14 09:06:24 -0500211 std::pair<uint32_t, bool> getCertificateSeqNum(std::string certName);
akmhoque5a44dd42014-03-12 18:11:32 -0500212 void setCerSeqNo(uint32_t csn);
213 void initCertSeqFromFile(string certSeqFileDir);
214 void writeCertSeqToFile();
215 bool isNewCertificate(std::string certName, int checkSeqNum);
216 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
217 getCertificateFromStore(const std::string certName, int checkSeqNum);
218 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
219 getCertificateFromStore(const std::string certName);
220 bool addCertificate(ndn::shared_ptr<ndn::IdentityCertificate> pcert
221 , uint32_t csn, bool isv);
222
223
224 private:
225 bool loadAllCertificates(std::string certDirPath);
226 bool loadCertificate(std::string inputFile, nlsrKeyType keyType);
227 nlsrKeyType getKeyTypeFromName(const std::string keyName);
228 std::string getRouterName(const std::string name);
229 std::string getSiteName(const std::string name);
akmhoquefa8ee9b2014-03-14 09:06:24 -0500230 std::string getRootName(const std::string name);
akmhoque5a44dd42014-03-12 18:11:32 -0500231
232 private:
akmhoque05d5fcf2014-04-15 14:58:45 -0500233 ndn::Name m_processIdentity;
234 ndn::Name m_routerIdentity;
235 ndn::Name m_processCertName;
236 ndn::Name m_routerCertName;
237 ndn::Name m_opCertName;
238 ndn::Name m_siteCertName;
239 ndn::Name m_rootCertName;
240 ndn::Name m_processKeyName;
241 uint32_t m_certSeqNo;
242 string m_certSeqFileNameWithPath;
243 string m_nlsrRootKeyPrefix;
244 NlsrCertificateStore m_certStore;
akmhoque5a44dd42014-03-12 18:11:32 -0500245
246 };
akmhoqueba094742014-02-28 11:47:21 -0600247}
248
249#endif