| /** |
| * Copyright (C) 2013 Regents of the University of California. |
| * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
| * See COPYING for copyright and distribution information. |
| */ |
| |
| #ifndef NDN_KEY_CHAIN_HPP |
| #define NDN_KEY_CHAIN_HPP |
| |
| #include "../data.hpp" |
| #include "../face.hpp" |
| #include "identity/identity-manager.hpp" |
| |
| namespace ndn { |
| |
| /** |
| * An OnVerified function object is used to pass a callback to verifyData to report a successful verification. |
| */ |
| typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerified; |
| |
| /** |
| * An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verification. |
| */ |
| typedef func_lib::function<void()> OnVerifyFailed; |
| |
| /** |
| * Keychain is main class of security library. |
| * |
| * The Keychain class provides a set of interfaces to the security library such as identity management, policy configuration |
| * and packet signing and verification. |
| */ |
| class KeyChain { |
| public: |
| KeyChain(const ptr_lib::shared_ptr<IdentityStorage>& identityStorage, const ptr_lib::shared_ptr<PrivateKeyStorage>& privateKeyStorage); |
| |
| /** |
| * Get the default certificate name for the specified identity, which will be used when signing is performed based on identity. |
| * @param identityName The name of the specified identity. |
| * @return The requested certificate name. |
| */ |
| Name |
| getDefaultCertificateNameForIdentity(const Name& identityName) |
| { |
| return identityManager_.getDefaultCertificateNameForIdentity(identityName); |
| } |
| |
| /** |
| * Examine the data packet Name and infer the identity name for signing the content. |
| * @param name The data packet name to examine. |
| * @return A new identity name for signing a data packet. |
| */ |
| Name |
| inferSigningIdentity(const Name& name) |
| { |
| #if 0 |
| policyManager_->inferSigningIdentity(name) |
| #else |
| return Name(); |
| #endif |
| } |
| |
| /** |
| * Wire encode the Data object, sign it and set its signature. |
| * Note: the caller must make sure the timestamp is correct, for example with |
| * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0). |
| * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding. |
| * @param certificateName The certificate name of the key to use for signing. If omitted, infer the signing identity from the data packet name. |
| * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat(). |
| */ |
| void |
| signData(Data& data, const Name& certificateName = Name(), WireFormat& wireFormat = *WireFormat::getDefaultWireFormat()); |
| |
| /** |
| * Check the signature on the Data object and call either onVerify or onVerifyFailed. |
| * We use callback functions because verify may fetch information to check the signature. |
| * @param data |
| * @param onVerified |
| * @param onVerifyFailed |
| */ |
| void |
| verifyData(const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed); |
| |
| /** |
| * Set the Face which will be used to fetch required certificates. |
| * @param face A pointer to the Face object. |
| */ |
| void |
| setFace(Face* face) { face_ = face; } |
| |
| private: |
| IdentityManager identityManager_; |
| Face* face_; |
| const int maxSteps_; |
| }; |
| |
| } |
| |
| #endif |