blob: 3340908736d199844eca2f11afefac971706d775 [file] [log] [blame]
/**
* Copyright (C) 2013 Regents of the University of California.
* @author: Jeff Thompson <jefft0@remap.ucla.edu>
* See COPYING for copyright and distribution information.
*/
#ifndef NDN_KEY_CHAIN_HPP
#define NDN_KEY_CHAIN_HPP
#include "../data.hpp"
#include "../face.hpp"
#include "identity/identity-manager.hpp"
namespace ndn {
/**
* An OnVerified function object is used to pass a callback to verifyData to report a successful verification.
*/
typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerified;
/**
* An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verification.
*/
typedef func_lib::function<void()> OnVerifyFailed;
/**
* Keychain is main class of security library.
*
* The Keychain class provides a set of interfaces to the security library such as identity management, policy configuration
* and packet signing and verification.
*/
class KeyChain {
public:
KeyChain(const ptr_lib::shared_ptr<IdentityManager>& identityManager);
/**
* Get the default certificate name for the specified identity, which will be used when signing is performed based on identity.
* @param identityName The name of the specified identity.
* @return The requested certificate name.
*/
Name
getDefaultCertificateNameForIdentity(const Name& identityName)
{
return identityManager_->getDefaultCertificateNameForIdentity(identityName);
}
/**
* Examine the data packet Name and infer the identity name for signing the content.
* @param name The data packet name to examine.
* @return A new identity name for signing a data packet.
*/
Name
inferSigningIdentity(const Name& name)
{
#if 0
policyManager_->inferSigningIdentity(name)
#else
return Name();
#endif
}
/**
* Wire encode the Data object, sign it and set its signature.
* Note: the caller must make sure the timestamp is correct, for example with
* data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
* @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
* @param certificateName The certificate name of the key to use for signing. If omitted, infer the signing identity from the data packet name.
* @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
*/
void
signData(Data& data, const Name& certificateName = Name(), WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
/**
* Check the signature on the Data object and call either onVerify or onVerifyFailed.
* We use callback functions because verify may fetch information to check the signature.
* @param data
* @param onVerified
* @param onVerifyFailed
*/
void
verifyData
(const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
/**
* Set the Face which will be used to fetch required certificates.
* @param face A pointer to the Face object.
*/
void
setFace(Face* face) { face_ = face; }
private:
ptr_lib::shared_ptr<IdentityManager> identityManager_;
Face* face_;
const int maxSteps_;
};
}
#endif