Gitiles
Code Review Sign In
gerrit.named-data.net / NLSR / 0c21782b13b758a68dc2dd9662751206e6f015be / . / src / security / key-manager.hpp.disable
blob: c343108bf5702f585ee65854483692a6334f56f8 [file] [log] [blame]
akmhoque53353462014-04-22 08:43:45 -0500[diff] [blame]1#ifndef NLSR_KM_HPP
2#define NLSR_KM_HPP
3
4#include <ndn-cpp-dev/face.hpp>
5#include <ndn-cpp-dev/data.hpp>
6#include <ndn-cpp-dev/security/key-chain.hpp>
7#include <ndn-cpp-dev/security/validator.hpp>
8#include <ndn-cpp-dev/util/random.hpp>
9#include <ndn-cpp-dev/security/identity-certificate.hpp>
10#include <list>
11#include "conf-parameter.hpp"
12#include "certificate-store.hpp"
13#include "utility/tokenizer.hpp"
14
15namespace nlsr {
16class Nlsr;
17enum nlsrKeyType
18{
19 KEY_TYPE_ROOT,
20 KEY_TYPE_SITE,
21 KEY_TYPE_OPERATOR,
22 KEY_TYPE_ROUTER,
23 KEY_TYPE_PROCESS,
24 KEY_TYPE_UNKNOWN
25};
26
27enum nlsrContentType
28{
29 CONTENT_TYPE_DATA,
30 CONTENT_TYPE_CERT
31};
32
33class KeyManager: public ndn::KeyChain, public ndn::Validator
34{
35 typedef SecPublicInfo::Error InfoError;
36 typedef SecTpm::Error TpmError;
37public:
38 using ndn::KeyChain::addCertificate;
39 KeyManager()
40 : m_certSeqNo(1)
41 , m_nlsrRootKeyPrefix()
42 , m_certStore()
43 {
44 }
45
46 bool
47 initialize(ConfParameter& cp);
48
49
50
51 void
52 checkPolicy(const ndn::Data& data,
53 int stepCount,
54 const ndn::OnDataValidated& onValidated,
55 const ndn::OnDataValidationFailed& onValidationFailed,
56 std::vector<ndn::shared_ptr<ndn::ValidationRequest> >& nextSteps)
57 {}
58
59 void
60 checkPolicy(const ndn::Interest& interest,
61 int stepCount,
62 const ndn::OnInterestValidated& onValidated,
63 const ndn::OnInterestValidationFailed& onValidationFailed,
64 std::vector<ndn::shared_ptr<ndn::ValidationRequest> >& nextSteps)
65 {}
66
67 void
68 signData(ndn::Data& data)
69 {
70 ndn::KeyChain::signByIdentity(data, m_processIdentity);
71 }
72
73 template<typename T> void
74 signByIdentity(T& packet, ndn::Name signeeIdentity)
75 {
76 ndn::KeyChain::signByIdentity(packet, signeeIdentity);
77 }
78
79 ndn::Name
80 createIdentity(const ndn::Name identityName)
81 {
82 return ndn::KeyChain::createIdentity(identityName);
83 }
84
85 ndn::Name
86 createIdentity(const ndn::Name identityName, const ndn::Name signee)
87 {
88 ndn::KeyChain::addIdentity(identityName);
89 ndn::Name keyName;
90 try
91 {
92 keyName = ndn::KeyChain::getDefaultKeyNameForIdentity(identityName);
93 }
94 catch (InfoError& e)
95 {
96 keyName = ndn::KeyChain::generateRSAKeyPairAsDefault(identityName, true);
97 }
98 ndn::shared_ptr<ndn::PublicKey> pubKey;
99 try
100 {
101 pubKey = ndn::KeyChain::getPublicKey(keyName);
102 }
103 catch (InfoError& e)
104 {
105 return identityName;
106 }
107 ndn::Name certName;
108 try
109 {
110 certName = ndn::KeyChain::getDefaultCertificateNameForKey(keyName);
111 }
112 catch (InfoError& e)
113 {
114 ndn::shared_ptr<ndn::IdentityCertificate> certificate =
115 ndn::make_shared<ndn::IdentityCertificate>();
116 ndn::Name certificateName = keyName.getPrefix(-1);
117 certificateName.append("KEY").append(
118 keyName.get(-1)).append("ID-CERT").appendVersion();
119 certificate->setName(certificateName);
120 certificate->setNotBefore(ndn::time::system_clock::now());
121 certificate->setNotAfter(ndn::time::system_clock::now() + ndn::time::days(
122 7300) /* 1 year*/);
123 certificate->setPublicKeyInfo(*pubKey);
124 certificate->addSubjectDescription(
125 ndn::CertificateSubjectDescription("2.5.4.41",
126 keyName.toUri()));
127 certificate->encode();
128 try
129 {
130 ndn::KeyChain::signByIdentity(*certificate, signee);
131 }
132 catch (InfoError& e)
133 {
134 try
135 {
136 ndn::KeyChain::deleteIdentity(identityName);
137 }
138 catch (InfoError& e)
139 {
140 }
141 return identityName;
142 }
143 certName = certificate->getName();
144 }
145 return certName;
146 }
147
148 void
149 printCertStore()
150 {
151 m_certStore.print();
152 }
153
154private:
155 bool
156 verifyDataPacket(ndn::Data packet)
157 {
158 std::cout << "KeyManager::verifyDataPacket Called" << std::endl;
159 ndn::SignatureSha256WithRsa signature(packet.getSignature());
160 std::string signingCertName = signature.getKeyLocator().getName().toUri();
161 std::string packetName = packet.getName().toUri();
162 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool> signee =
163 m_certStore.getCertificateFromStore(signingCertName);
164 if (signee.second)
165 {
166 std::string routerNameFromPacketName = getRouterName(packetName);
167 std::string routerNameFromCertName = getRouterName(signingCertName);
168 return ((routerNameFromPacketName == routerNameFromCertName) &&
169 verifySignature(packet, signee.first->getPublicKeyInfo()) &&
170 m_certStore.getCertificateIsVerified(signingCertName));
171 }
172 return false;
173 }
174
175 bool
176 verifyCertPacket(Nlsr& pnlsr, ndn::IdentityCertificate& packet);
177
178public:
179 template<typename T> bool
180 verify(T& packet)
181 {
182 std::cout << "KeyManager::verify Called" << std::endl;
akmhoque53353462014-04-22 08:43:45 -0500[diff] [blame]183 return verifyDataPacket(packet);
akmhoque53353462014-04-22 08:43:45 -0500[diff] [blame]184 return false;
185 }
186
187 bool
188 verify(Nlsr& pnlsr, ndn::IdentityCertificate& packet)
189 {
190 return verifyCertPacket(pnlsr, packet);
191 }
192
193 ndn::Name
194 getProcessCertName();
195
196 ndn::Name
197 getRouterCertName();
198
199 ndn::Name
200 getOperatorCertName();
201
202 ndn::Name
203 getSiteCertName();
204
205 ndn::Name
206 getRootCertName();
207
208 uint32_t
209 getCertSeqNo();
210
211 std::pair<uint32_t, bool>
212 getCertificateSeqNum(std::string certName);
213
214 void
215 setCerSeqNo(uint32_t csn);
216
217 void
218 initCertSeqFromFile(std::string certSeqFileDir);
219
220 void
221 writeCertSeqToFile();
222
223 bool
224 isNewCertificate(std::string certName, int checkSeqNum);
225
226 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
227 getCertificateFromStore(const std::string certName, int checkSeqNum);
228
229 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
230 getCertificateFromStore(const std::string certName);
231
232 bool
233 addCertificate(ndn::shared_ptr<ndn::IdentityCertificate> pcert,
234 uint32_t csn, bool isv);
235
236
237private:
238 bool
239 loadAllCertificates(std::string certDirPath);
240
241 bool
242 loadCertificate(std::string inputFile, nlsrKeyType keyType);
243
244 nlsrKeyType
245 getKeyTypeFromName(const std::string keyName);
246
247 std::string
248 getRouterName(const std::string name);
249
250 std::string
251 getSiteName(const std::string name);
252
253 std::string
254 getRootName(const std::string name);
255
256private:
257 ndn::Name m_processIdentity;
258 ndn::Name m_routerIdentity;
259 ndn::Name m_processCertName;
260 ndn::Name m_routerCertName;
261 ndn::Name m_opCertName;
262 ndn::Name m_siteCertName;
263 ndn::Name m_rootCertName;
264 ndn::Name m_processKeyName;
265 uint32_t m_certSeqNo;
266 std::string m_certSeqFileNameWithPath;
267 std::string m_nlsrRootKeyPrefix;
268 CertificateStore m_certStore;
269
270};
271}//namespace nlsr
272
273#endif //NLSR_KM_HPP