Gitiles
Code Review Sign In
gerrit.named-data.net / NLSR / 53353465e963a853e47159dae9e99208b2b56ddc / . / src / security / key-manager.cpp
blob: 5ab63a81aa4486d450f164f3c4dd3a469babc31f [file] [log] [blame]
akmhoque53353462014-04-22 08:43:45 -0500[diff] [blame^]1#include <ndn-cpp-dev/security/identity-certificate.hpp>
2#include <ndn-cpp-dev/encoding/block.hpp>
3#include <ndn-cpp-dev/util/io.hpp>
4#include <stdexcept>
5
6#include "sequencing-manager.hpp"
7#include "key-manager.hpp"
8#include "nlsr.hpp"
9
10
11namespace nlsr {
12bool
13KeyManager::initialize(ConfParameter& cp)
14{
15 initCertSeqFromFile(cp.getSeqFileDir());
16 if (!loadAllCertificates(cp.getCertDir()))
17 {
18 return false;
19 }
20 m_nlsrRootKeyPrefix = cp.getRootKeyPrefix();
21 string processIdentityName(cp.getRootKeyPrefix());
22 processIdentityName += "/";
23 processIdentityName += cp.getSiteName();
24 processIdentityName += "/";
25 processIdentityName += "R.Start";
26 processIdentityName += "/";
27 processIdentityName += cp.getRouterName();
28 ndn::Name ri(processIdentityName);
29 std::cout << "Router Identity: " << ri.toUri() << std::endl;
30 m_routerIdentity = ri;
31 processIdentityName += "/";
32 processIdentityName += "nlsr";
33 cout << "Proces Identity Name: " << processIdentityName << endl;
34 ndn::Name identityName(processIdentityName);
35 m_processIdentity = identityName;
36 ndn::KeyChain::deleteIdentity(m_processIdentity);
37 m_processCertName = ndn::KeyChain::createIdentity(m_processIdentity);
38 cout << "Certificate Name: " << m_processCertName.toUri() << endl;
39 m_processKeyName = m_processCertName.getPrefix(-2);
40 cout << "Key Name: " << m_processKeyName.toUri() << endl;
41 ndn::shared_ptr<ndn::IdentityCertificate> cert =
42 getCertificate(m_processCertName);
43 signByIdentity(*(cert), m_routerIdentity);
44 m_certStore.addCertificate(cert, m_certSeqNo, true);
45 m_certStore.print();
46 return true;
47}
48
49bool
50KeyManager::loadAllCertificates(std::string certDirPath)
51{
52 std::string filePath = certDirPath;
53 if (filePath.empty())
54 {
55 SequencingManager sm;
56 filePath = sm.getUserHomeDirectory();
57 filePath += "/nlsrCertDir";
58 }
59 return loadCertificate(filePath + "/root.cert", KEY_TYPE_ROOT)
60 && loadCertificate(filePath + "/site.cert", KEY_TYPE_SITE)
61 && loadCertificate(filePath + "/operator.cert", KEY_TYPE_OPERATOR)
62 && loadCertificate(filePath + "/router.cert", KEY_TYPE_ROUTER) ;
63}
64
65bool
66KeyManager::loadCertificate(std::string inputFile, nlsrKeyType keyType)
67{
68 try
69 {
70 ndn::shared_ptr<ndn::IdentityCertificate> cert =
71 ndn::io::load<ndn::IdentityCertificate>(inputFile, ndn::io::BASE_64);
72 ndn::Name certName = cert->getName();
73 switch (keyType)
74 {
75 case KEY_TYPE_ROOT:
76 m_certStore.addCertificate(cert, 10, true);
77 m_rootCertName = certName;
78 std::cout << "Root Cert: " << m_rootCertName << std::endl;
79 break;
80 case KEY_TYPE_SITE:
81 m_certStore.addCertificate(cert, 10, true);
82 m_siteCertName = certName;
83 std::cout << "Site Cert: " << m_siteCertName << std::endl;
84 break;
85 case KEY_TYPE_OPERATOR:
86 m_certStore.addCertificate(cert, 10, true);
87 m_opCertName = certName;
88 std::cout << "Operator Cert: " << m_opCertName << std::endl;
89 break;
90 case KEY_TYPE_ROUTER:
91 m_certStore.addCertificate(cert, m_certSeqNo, true);
92 m_routerCertName = certName;
93 std::cout << "Router Cert: " << m_routerCertName << std::endl;
94 break;
95 case KEY_TYPE_PROCESS:
96 m_certStore.addCertificate(cert, m_certSeqNo, true);
97 m_processCertName = certName;
98 std::cout << "Process Cert: " << m_processCertName << std::endl;
99 break;
100 default:
101 break;
102 }
103 return true;
104 }
105 catch (std::exception& e)
106 {
107 return false;
108 }
109 return false;
110}
111
112ndn::Name
113KeyManager::getProcessCertName()
114{
115 return m_processCertName;
116}
117
118ndn::Name
119KeyManager::getRouterCertName()
120{
121 return m_routerCertName;
122}
123
124ndn::Name
125KeyManager::getOperatorCertName()
126{
127 return m_opCertName;
128}
129
130ndn::Name
131KeyManager::getSiteCertName()
132{
133 return m_siteCertName;
134}
135
136ndn::Name
137KeyManager::getRootCertName()
138{
139 return m_rootCertName;
140}
141
142uint32_t
143KeyManager::getCertSeqNo()
144{
145 return m_certSeqNo;
146}
147
148void
149KeyManager::setCerSeqNo(uint32_t csn)
150{
151 m_certSeqNo = csn;
152}
153
154void
155KeyManager::initCertSeqFromFile(string certSeqFileDir)
156{
157 m_certSeqFileNameWithPath = certSeqFileDir;
158 if (m_certSeqFileNameWithPath.empty())
159 {
160 SequencingManager sm;
161 m_certSeqFileNameWithPath = sm.getUserHomeDirectory();
162 }
163 m_certSeqFileNameWithPath += "/nlsrCertSeqNo.txt";
164 cout << "Key Seq File Name: " << m_certSeqFileNameWithPath << endl;
165 std::ifstream inputFile(m_certSeqFileNameWithPath.c_str(), ios::binary);
166 if (inputFile.good())
167 {
168 inputFile >> m_certSeqNo;
169 m_certSeqNo++;
170 }
171 else
172 {
173 m_certSeqNo = 1;
174 }
175 writeCertSeqToFile();
176}
177
178void
179KeyManager::writeCertSeqToFile()
180{
181 std::ofstream outputFile(m_certSeqFileNameWithPath.c_str(), ios::binary);
182 outputFile << m_certSeqNo;
183 outputFile.close();
184}
185
186bool
187KeyManager::isNewCertificate(std::string certName, int checkSeqNum)
188{
189 return m_certStore.isCertificateNewInStore(certName, checkSeqNum);
190}
191
192std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
193KeyManager::getCertificateFromStore(const std::string certName, int checkSeqNum)
194{
195 return m_certStore.getCertificateFromStore(certName, checkSeqNum);
196}
197
198std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
199KeyManager::getCertificateFromStore(const std::string certName)
200{
201 return m_certStore.getCertificateFromStore(certName);
202}
203
204bool
205KeyManager::addCertificate(ndn::shared_ptr<ndn::IdentityCertificate> pcert
206 , uint32_t csn, bool isv)
207{
208 return m_certStore.addCertificate(pcert, csn, isv);
209}
210
211std::pair<uint32_t, bool>
212KeyManager::getCertificateSeqNum(std::string certName)
213{
214 return m_certStore.getCertificateSeqNum(certName);
215}
216
217nlsrKeyType
218KeyManager::getKeyTypeFromName(const std::string keyName)
219{
220 Tokenizer nt(keyName, "/");
221 std::string KEY("KEY");
222 std::string opHandle("O.Start");
223 std::string routerHandle("R.Start");
224 std::string processHandle("nlsr");
225 if (nt.getTokenString(0, nt.getTokenPosition(KEY) - 1) == m_nlsrRootKeyPrefix)
226 {
227 return KEY_TYPE_ROOT;
228 }
229 else if (nt.doesTokenExist(opHandle))
230 {
231 return KEY_TYPE_OPERATOR;
232 }
233 else if (nt.doesTokenExist(routerHandle) &&
234 nt.doesTokenExist(processHandle))
235 {
236 return KEY_TYPE_PROCESS;
237 }
238 else if (nt.doesTokenExist(routerHandle) &&
239 !nt.doesTokenExist(processHandle))
240 {
241 return KEY_TYPE_ROUTER;
242 }
243 else
244 {
245 return KEY_TYPE_SITE;
246 }
247}
248
249std::string
250KeyManager::getRouterName(const std::string name)
251{
252 std::string routerName;
253 std::string rkp(m_nlsrRootKeyPrefix);
254 Tokenizer ntRkp(rkp, "/");
255 Tokenizer nt(name, "/");
256 std::string KEY("KEY");
257 std::string opHandle("O.Start");
258 std::string routerHandle("R.Start");
259 std::string processHandle("nlsr");
260 std::string infoHandle("info");
261 std::string lsaHandle("LSA");
262 if (nt.doesTokenExist(processHandle) && nt.doesTokenExist(routerHandle))
263 {
264 routerName = "/ndn" +
265 nt.getTokenString(ntRkp.getTokenNumber(),
266 nt.getTokenPosition(routerHandle) - 1) +
267 nt.getTokenString(nt.getTokenPosition(routerHandle) + 1,
268 nt.getTokenPosition(processHandle) - 1);
269 }
270 else if (nt.doesTokenExist(routerHandle) && !nt.doesTokenExist(infoHandle)
271 && !nt.doesTokenExist(lsaHandle))
272 {
273 routerName = "/ndn" +
274 nt.getTokenString(ntRkp.getTokenNumber(),
275 nt.getTokenPosition(routerHandle) - 1) +
276 nt.getTokenString(nt.getTokenPosition(routerHandle) + 1,
277 nt.getTokenPosition(KEY) - 1);
278 }
279 else
280 {
281 if (nt.doesTokenExist(infoHandle))
282 {
283 routerName = nt.getTokenString(0, nt.getTokenPosition(infoHandle) - 1);
284 }
285 else
286 {
287 routerName = nt.getTokenString(nt.getTokenPosition(lsaHandle) + 1,
288 nt.getTokenNumber() - 4);
289 }
290 }
291 return routerName;
292}
293
294std::string
295KeyManager::getSiteName(const std::string name)
296{
297 std::string siteName;
298 std::string routerName;
299 std::string rkp(m_nlsrRootKeyPrefix);
300 Tokenizer ntRkp(rkp, "/");
301 Tokenizer nt(name, "/");
302 std::string KEY("KEY");
303 std::string opHandle("O.Start");
304 std::string routerHandle("R.Start");
305 if (nt.doesTokenExist(routerHandle))
306 {
307 siteName = "/ndn" + nt.getTokenString(ntRkp.getTokenNumber(),
308 nt.getTokenPosition(routerHandle) - 1);
309 }
310 else if (nt.doesTokenExist(opHandle))
311 {
312 siteName = "/ndn" + nt.getTokenString(ntRkp.getTokenNumber(),
313 nt.getTokenPosition(opHandle) - 1);
314 }
315 else
316 {
317 siteName = "/ndn" + nt.getTokenString(ntRkp.getTokenNumber(),
318 nt.getTokenPosition(KEY) - 1);
319 }
320 return siteName;
321}
322
323std::string
324KeyManager::getRootName(const std::string name)
325{
326 std::string rName;
327 Tokenizer nt(name, "/");
328 std::string rkp(m_nlsrRootKeyPrefix);
329 Tokenizer ntRkp(rkp, "/");
330 rName = nt.getTokenString(0, ntRkp.getTokenNumber() - 1);
331 return rName;
332}
333
334
335bool
336KeyManager::verifyCertPacket(Nlsr& pnlsr, ndn::IdentityCertificate& packet)
337{
338 std::cout << "KeyManager::verifyCertPacket Called" << std::endl;
339 ndn::SignatureSha256WithRsa signature(packet.getSignature());
340 std::string signingCertName = signature.getKeyLocator().getName().toUri();
341 std::string packetName = packet.getName().toUri();
342
343 std::cout << "Packet Name: " << packetName << std::endl;
344 std::cout << "Signee Name: " << signingCertName << std::endl;
345
346 int paketCertType = getKeyTypeFromName(packetName);
347 int signingCertType = getKeyTypeFromName(signingCertName);
348
349 if (signingCertType > paketCertType) //lower level Cert can not sign
350 {
351 //upper level Cert
352 return false;
353 }
354
355 if ((signingCertType == paketCertType) && (paketCertType != KEY_TYPE_ROOT))
356 {
357 return false;
358 }
359
360 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool> signee =
361 m_certStore.getCertificateFromStore(signingCertName);
362
363 if (signee.second)
364 {
365 switch (paketCertType)
366 {
367 case KEY_TYPE_ROOT:
368 return ((getRootName(packetName) == m_nlsrRootKeyPrefix) &&
369 verifySignature(packet, signee.first->getPublicKeyInfo()));
370 break;
371 case KEY_TYPE_SITE:
372 return ((getRootName(packetName) == getRootName(signingCertName)) &&
373 verifySignature(packet, signee.first->getPublicKeyInfo()) &&
374 m_certStore.getCertificateIsVerified(signingCertName));
375 break;
376 case KEY_TYPE_OPERATOR:
377 return ((getSiteName(packetName) == getSiteName(signingCertName)) &&
378 verifySignature(packet, signee.first->getPublicKeyInfo()) &&
379 m_certStore.getCertificateIsVerified(signingCertName));
380 break;
381 case KEY_TYPE_ROUTER:
382 return ((getSiteName(packetName) == getSiteName(signingCertName)) &&
383 verifySignature(packet, signee.first->getPublicKeyInfo()) &&
384 m_certStore.getCertificateIsVerified(signingCertName));
385 break;
386 case KEY_TYPE_PROCESS:
387 return ((getRouterName(packetName) == getRouterName(signingCertName)) &&
388 verifySignature(packet, signee.first->getPublicKeyInfo()) &&
389 m_certStore.getCertificateIsVerified(signingCertName));
390 break;
391 }
392 }
393 else
394 {
395 std::cout << "Certificate Not Found in store. Sending Interest" << std::endl;
396 pnlsr.getIm().expressInterest(pnlsr, signingCertName, 3,
397 pnlsr.getConfParameter().getInterestResendTime());
398 return false;
399 }
400 return false;
401}
402
403}//namespace nlsr
404
405
406