Gitiles
Code Review Sign In
gerrit.named-data.net / NLSR / 53353465e963a853e47159dae9e99208b2b56ddc / . / src / security / key-manager.hpp
blob: 9becfe2edc257f2d33f14d69c84c61c4a92a8cbd [file] [log] [blame]
akmhoque53353462014-04-22 08:43:45 -0500[diff] [blame^]1#ifndef NLSR_KM_HPP
2#define NLSR_KM_HPP
3
4#include <ndn-cpp-dev/face.hpp>
5#include <ndn-cpp-dev/data.hpp>
6#include <ndn-cpp-dev/security/key-chain.hpp>
7#include <ndn-cpp-dev/security/validator.hpp>
8#include <ndn-cpp-dev/util/random.hpp>
9#include <ndn-cpp-dev/security/identity-certificate.hpp>
10#include <list>
11#include "conf-parameter.hpp"
12#include "certificate-store.hpp"
13#include "utility/tokenizer.hpp"
14
15namespace nlsr {
16class Nlsr;
17enum nlsrKeyType
18{
19 KEY_TYPE_ROOT,
20 KEY_TYPE_SITE,
21 KEY_TYPE_OPERATOR,
22 KEY_TYPE_ROUTER,
23 KEY_TYPE_PROCESS,
24 KEY_TYPE_UNKNOWN
25};
26
27enum nlsrContentType
28{
29 CONTENT_TYPE_DATA,
30 CONTENT_TYPE_CERT
31};
32
33class KeyManager: public ndn::KeyChain, public ndn::Validator
34{
35 typedef SecPublicInfo::Error InfoError;
36 typedef SecTpm::Error TpmError;
37public:
38 using ndn::KeyChain::addCertificate;
39 KeyManager()
40 : m_certSeqNo(1)
41 , m_nlsrRootKeyPrefix()
42 , m_certStore()
43 {
44 }
45
46 bool
47 initialize(ConfParameter& cp);
48
49
50
51 void
52 checkPolicy(const ndn::Data& data,
53 int stepCount,
54 const ndn::OnDataValidated& onValidated,
55 const ndn::OnDataValidationFailed& onValidationFailed,
56 std::vector<ndn::shared_ptr<ndn::ValidationRequest> >& nextSteps)
57 {}
58
59 void
60 checkPolicy(const ndn::Interest& interest,
61 int stepCount,
62 const ndn::OnInterestValidated& onValidated,
63 const ndn::OnInterestValidationFailed& onValidationFailed,
64 std::vector<ndn::shared_ptr<ndn::ValidationRequest> >& nextSteps)
65 {}
66
67 void
68 signData(ndn::Data& data)
69 {
70 ndn::KeyChain::signByIdentity(data, m_processIdentity);
71 }
72
73 template<typename T> void
74 signByIdentity(T& packet, ndn::Name signeeIdentity)
75 {
76 ndn::KeyChain::signByIdentity(packet, signeeIdentity);
77 }
78
79 ndn::Name
80 createIdentity(const ndn::Name identityName)
81 {
82 return ndn::KeyChain::createIdentity(identityName);
83 }
84
85 ndn::Name
86 createIdentity(const ndn::Name identityName, const ndn::Name signee)
87 {
88 ndn::KeyChain::addIdentity(identityName);
89 ndn::Name keyName;
90 try
91 {
92 keyName = ndn::KeyChain::getDefaultKeyNameForIdentity(identityName);
93 }
94 catch (InfoError& e)
95 {
96 keyName = ndn::KeyChain::generateRSAKeyPairAsDefault(identityName, true);
97 }
98 ndn::shared_ptr<ndn::PublicKey> pubKey;
99 try
100 {
101 pubKey = ndn::KeyChain::getPublicKey(keyName);
102 }
103 catch (InfoError& e)
104 {
105 return identityName;
106 }
107 ndn::Name certName;
108 try
109 {
110 certName = ndn::KeyChain::getDefaultCertificateNameForKey(keyName);
111 }
112 catch (InfoError& e)
113 {
114 ndn::shared_ptr<ndn::IdentityCertificate> certificate =
115 ndn::make_shared<ndn::IdentityCertificate>();
116 ndn::Name certificateName = keyName.getPrefix(-1);
117 certificateName.append("KEY").append(
118 keyName.get(-1)).append("ID-CERT").appendVersion();
119 certificate->setName(certificateName);
120 certificate->setNotBefore(ndn::time::system_clock::now());
121 certificate->setNotAfter(ndn::time::system_clock::now() + ndn::time::days(
122 7300) /* 1 year*/);
123 certificate->setPublicKeyInfo(*pubKey);
124 certificate->addSubjectDescription(
125 ndn::CertificateSubjectDescription("2.5.4.41",
126 keyName.toUri()));
127 certificate->encode();
128 try
129 {
130 ndn::KeyChain::signByIdentity(*certificate, signee);
131 }
132 catch (InfoError& e)
133 {
134 try
135 {
136 ndn::KeyChain::deleteIdentity(identityName);
137 }
138 catch (InfoError& e)
139 {
140 }
141 return identityName;
142 }
143 certName = certificate->getName();
144 }
145 return certName;
146 }
147
148 void
149 printCertStore()
150 {
151 m_certStore.print();
152 }
153
154private:
155 bool
156 verifyDataPacket(ndn::Data packet)
157 {
158 std::cout << "KeyManager::verifyDataPacket Called" << std::endl;
159 ndn::SignatureSha256WithRsa signature(packet.getSignature());
160 std::string signingCertName = signature.getKeyLocator().getName().toUri();
161 std::string packetName = packet.getName().toUri();
162 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool> signee =
163 m_certStore.getCertificateFromStore(signingCertName);
164 if (signee.second)
165 {
166 std::string routerNameFromPacketName = getRouterName(packetName);
167 std::string routerNameFromCertName = getRouterName(signingCertName);
168 return ((routerNameFromPacketName == routerNameFromCertName) &&
169 verifySignature(packet, signee.first->getPublicKeyInfo()) &&
170 m_certStore.getCertificateIsVerified(signingCertName));
171 }
172 return false;
173 }
174
175 bool
176 verifyCertPacket(Nlsr& pnlsr, ndn::IdentityCertificate& packet);
177
178public:
179 template<typename T> bool
180 verify(T& packet)
181 {
182 std::cout << "KeyManager::verify Called" << std::endl;
183
184 return verifyDataPacket(packet);
185
186 return false;
187 }
188
189 bool
190 verify(Nlsr& pnlsr, ndn::IdentityCertificate& packet)
191 {
192 return verifyCertPacket(pnlsr, packet);
193 }
194
195 ndn::Name
196 getProcessCertName();
197
198 ndn::Name
199 getRouterCertName();
200
201 ndn::Name
202 getOperatorCertName();
203
204 ndn::Name
205 getSiteCertName();
206
207 ndn::Name
208 getRootCertName();
209
210 uint32_t
211 getCertSeqNo();
212
213 std::pair<uint32_t, bool>
214 getCertificateSeqNum(std::string certName);
215
216 void
217 setCerSeqNo(uint32_t csn);
218
219 void
220 initCertSeqFromFile(std::string certSeqFileDir);
221
222 void
223 writeCertSeqToFile();
224
225 bool
226 isNewCertificate(std::string certName, int checkSeqNum);
227
228 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
229 getCertificateFromStore(const std::string certName, int checkSeqNum);
230
231 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
232 getCertificateFromStore(const std::string certName);
233
234 bool
235 addCertificate(ndn::shared_ptr<ndn::IdentityCertificate> pcert,
236 uint32_t csn, bool isv);
237
238
239private:
240 bool
241 loadAllCertificates(std::string certDirPath);
242
243 bool
244 loadCertificate(std::string inputFile, nlsrKeyType keyType);
245
246 nlsrKeyType
247 getKeyTypeFromName(const std::string keyName);
248
249 std::string
250 getRouterName(const std::string name);
251
252 std::string
253 getSiteName(const std::string name);
254
255 std::string
256 getRootName(const std::string name);
257
258private:
259 ndn::Name m_processIdentity;
260 ndn::Name m_routerIdentity;
261 ndn::Name m_processCertName;
262 ndn::Name m_routerCertName;
263 ndn::Name m_opCertName;
264 ndn::Name m_siteCertName;
265 ndn::Name m_rootCertName;
266 ndn::Name m_processKeyName;
267 uint32_t m_certSeqNo;
268 std::string m_certSeqFileNameWithPath;
269 std::string m_nlsrRootKeyPrefix;
270 CertificateStore m_certStore;
271
272};
273}//namespace nlsr
274
275#endif //NLSR_KM_HPP