include/ndn-cpp/security/key-chain.hpp - ndn-cxx - Gitiles

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
 /**
  * Copyright (C) 2013 Regents of the University of California.
  * @author: Yingdi Yu <yingdi@cs.ucla.edu>
  * @author: Jeff Thompson <jefft0@remap.ucla.edu>
  * See COPYING for copyright and distribution information.
  */

 #ifndef NDN_KEY_CHAIN_HPP
 #define NDN_KEY_CHAIN_HPP

 #include "../data.hpp"
 #include "../face.hpp"
 #include "identity/identity-manager.hpp"
 #include "encryption/encryption-manager.hpp"
 #include "policy/validation-request.hpp"

 namespace ndn {

 class PolicyManager;

 /**
  * KeyChain is the main class of the security library.
  *
  * The KeyChain class provides a set of interfaces to the security library such as identity management, policy configuration
  * and packet signing and verification.
  */
 class KeyChain {
 public:
   struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };

   KeyChain(const ptr_lib::shared_ptr<IdentityManager>   &identityManager   = DefaultIdentityManager,
            const ptr_lib::shared_ptr<PolicyManager>     &policyManager     = DefaultPolicyManager,
            const ptr_lib::shared_ptr<EncryptionManager> &encryptionManager = DefaultEncryptionManager);

   /**
    * @brief Set the Face which will be used to fetch required certificates.
    * @param face A pointer to the Face object.
    *
    * Setting face is necessary for keychain operation that involve fetching data.
    */
   void
   setFace(const ptr_lib::shared_ptr<Face> &face) { face_ = face; }

   /*****************************************
    *          Identity Management          *
    *****************************************/

   inline IdentityManager&
   identities()
   {
     if (!identityManager_)
       throw Error("IdentityManager is not assigned to the KeyChain");

     return *identityManager_;
   }

   /*****************************************
    *           Policy Management           *
    *****************************************/

   inline PolicyManager&
   policies()
   {
     if (!policyManager_)
       throw Error("PolicyManager is not assigned to the KeyChain");

     return *policyManager_;
   }

   /*****************************************
    *         Encryption Management         *
    *****************************************/

   inline EncryptionManager&
   encryption()
   {
     if (!encryptionManager_)
       throw Error("EncryptionManager is not assigned to the KeyChain");

     return *encryptionManager_;
   }

   /*****************************************
    *              Sign/Verify              *
    *****************************************/

   inline void
   sign(Data& data);

   /**
    * Wire encode the Data object, sign it and set its signature.
    * Note: the caller must make sure the timestamp is correct, for example with
    * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
    * @param data The Data object to be signed.  This updates its signature and key locator field and wireEncoding.
    * @param certificateName The certificate name of the key to use for signing.  If omitted, infer the signing identity from the data packet name.
    */
   inline void
   sign(Data& data, const Name& certificateName);

   /**
    * Sign the byte array using a certificate name and return a Signature object.
    * @param buffer The byte array to be signed.
    * @param bufferLength the length of buffer.
    * @param certificateName The certificate name used to get the signing key and which will be put into KeyLocator.
    * @return The Signature.
    */
   inline Signature
   sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);

   /**
    * Wire encode the Data object, sign it and set its signature.
    * Note: the caller must make sure the timestamp is correct, for example with
    * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
    * @param data The Data object to be signed.  This updates its signature and key locator field and wireEncoding.
    * @param identityName The identity name for the key to use for signing.  If omitted, infer the signing identity from the data packet name.
    */
   void
   signByIdentity(Data& data, const Name& identityName = Name());

   /**
    * Sign the byte array using an identity name and return a Signature object.
    * @param buffer The byte array to be signed.
    * @param bufferLength the length of buffer.
    * @param identityName The identity name.
    * @return The Signature.
    */
   Signature
   signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);

   /**
    * Check the signature on the Data object and call either onVerify or onVerifyFailed.
    * We use callback functions because verify may fetch information to check the signature.
    * @param data The Data object with the signature to check. It is an error if data does not have a wireEncoding.
    * To set the wireEncoding, you can call data.wireDecode.
    * @param onVerified If the signature is verified, this calls onVerified(data).
    * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
    */
   void
   verifyData
     (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);

   /*****************************************
    *           Encrypt/Decrypt             *
    *****************************************/
   // todo

 public:
   static const ptr_lib::shared_ptr<IdentityManager>   DefaultIdentityManager;
   static const ptr_lib::shared_ptr<PolicyManager>     DefaultPolicyManager;
   static const ptr_lib::shared_ptr<EncryptionManager> DefaultEncryptionManager;

 private:
   void
   onCertificateData
     (const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);

   void
   onCertificateInterestTimeout
     (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed,
      const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);

 private:
   ptr_lib::shared_ptr<IdentityManager>   identityManager_;
   ptr_lib::shared_ptr<PolicyManager>     policyManager_;
   ptr_lib::shared_ptr<EncryptionManager> encryptionManager_;

   ptr_lib::shared_ptr<Face>        face_;

   const int maxSteps_;
 };

 void
 KeyChain::sign(Data& data)
 {
   identities().sign(data);
 }

 void
 KeyChain::sign(Data& data, const Name& certificateName)
 {
   identities().signByCertificate(data, certificateName);
 }

 Signature
 KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
 {
   return identities().signByCertificate(buffer, bufferLength, certificateName);
 }

 }

 #endif
	/* -- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -- */
	/**
	* Copyright (C) 2013 Regents of the University of California.
	* @author: Yingdi Yu <yingdi@cs.ucla.edu>
	* @author: Jeff Thompson <jefft0@remap.ucla.edu>
	* See COPYING for copyright and distribution information.
	*/

	#ifndef NDN_KEY_CHAIN_HPP
	#define NDN_KEY_CHAIN_HPP

	#include "../data.hpp"
	#include "../face.hpp"
	#include "identity/identity-manager.hpp"
	#include "encryption/encryption-manager.hpp"
	#include "policy/validation-request.hpp"

	namespace ndn {

	class PolicyManager;

	/**
	* KeyChain is the main class of the security library.
	*
	* The KeyChain class provides a set of interfaces to the security library such as identity management, policy configuration
	* and packet signing and verification.
	*/
	class KeyChain {
	public:
	struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };

	KeyChain(const ptr_lib::shared_ptr<IdentityManager> &identityManager = DefaultIdentityManager,
	const ptr_lib::shared_ptr<PolicyManager> &policyManager = DefaultPolicyManager,
	const ptr_lib::shared_ptr<EncryptionManager> &encryptionManager = DefaultEncryptionManager);

	/**
	* @brief Set the Face which will be used to fetch required certificates.
	* @param face A pointer to the Face object.
	*
	* Setting face is necessary for keychain operation that involve fetching data.
	*/
	void
	setFace(const ptr_lib::shared_ptr<Face> &face) { face_ = face; }

	/*****************************************
	* Identity Management *
	*****************************************/

	inline IdentityManager&
	identities()
	{
	if (!identityManager_)
	throw Error("IdentityManager is not assigned to the KeyChain");

	return *identityManager_;
	}

	/*****************************************
	* Policy Management *
	*****************************************/

	inline PolicyManager&
	policies()
	{
	if (!policyManager_)
	throw Error("PolicyManager is not assigned to the KeyChain");

	return *policyManager_;
	}

	/*****************************************
	* Encryption Management *
	*****************************************/

	inline EncryptionManager&
	encryption()
	{
	if (!encryptionManager_)
	throw Error("EncryptionManager is not assigned to the KeyChain");

	return *encryptionManager_;
	}

	/*****************************************
	* Sign/Verify *
	*****************************************/

	inline void
	sign(Data& data);

	/**
	* Wire encode the Data object, sign it and set its signature.
	* Note: the caller must make sure the timestamp is correct, for example with
	* data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
	* @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
	* @param certificateName The certificate name of the key to use for signing. If omitted, infer the signing identity from the data packet name.
	*/
	inline void
	sign(Data& data, const Name& certificateName);

	/**
	* Sign the byte array using a certificate name and return a Signature object.
	* @param buffer The byte array to be signed.
	* @param bufferLength the length of buffer.
	* @param certificateName The certificate name used to get the signing key and which will be put into KeyLocator.
	* @return The Signature.
	*/
	inline Signature
	sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);

	/**
	* Wire encode the Data object, sign it and set its signature.
	* Note: the caller must make sure the timestamp is correct, for example with
	* data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
	* @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
	* @param identityName The identity name for the key to use for signing. If omitted, infer the signing identity from the data packet name.
	*/
	void
	signByIdentity(Data& data, const Name& identityName = Name());

	/**
	* Sign the byte array using an identity name and return a Signature object.
	* @param buffer The byte array to be signed.
	* @param bufferLength the length of buffer.
	* @param identityName The identity name.
	* @return The Signature.
	*/
	Signature
	signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);

	/**
	* Check the signature on the Data object and call either onVerify or onVerifyFailed.
	* We use callback functions because verify may fetch information to check the signature.
	* @param data The Data object with the signature to check. It is an error if data does not have a wireEncoding.
	* To set the wireEncoding, you can call data.wireDecode.
	* @param onVerified If the signature is verified, this calls onVerified(data).
	* @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
	*/
	void
	verifyData
	(const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);

	/*****************************************
	* Encrypt/Decrypt *
	*****************************************/
	// todo

	public:
	static const ptr_lib::shared_ptr<IdentityManager> DefaultIdentityManager;
	static const ptr_lib::shared_ptr<PolicyManager> DefaultPolicyManager;
	static const ptr_lib::shared_ptr<EncryptionManager> DefaultEncryptionManager;

	private:
	void
	onCertificateData
	(const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);

	void
	onCertificateInterestTimeout
	(const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed,
	const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);

	private:
	ptr_lib::shared_ptr<IdentityManager> identityManager_;
	ptr_lib::shared_ptr<PolicyManager> policyManager_;
	ptr_lib::shared_ptr<EncryptionManager> encryptionManager_;

	ptr_lib::shared_ptr<Face> face_;

	const int maxSteps_;
	};

	void
	KeyChain::sign(Data& data)
	{
	identities().sign(data);
	}

	void
	KeyChain::sign(Data& data, const Name& certificateName)
	{
	identities().signByCertificate(data, certificateName);
	}

	Signature
	KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
	{
	return identities().signByCertificate(buffer, bufferLength, certificateName);
	}

	}

	#endif