security: Implement interface to IdentityManager.
diff --git a/ndn-cpp/security/certificate/certificate.hpp b/ndn-cpp/security/certificate/certificate.hpp
new file mode 100644
index 0000000..29626b3
--- /dev/null
+++ b/ndn-cpp/security/certificate/certificate.hpp
@@ -0,0 +1,22 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_CERTIFICATE_HPP
+#define NDN_CERTIFICATE_HPP
+
+#include "../../data.hpp"
+
+namespace ndn {
+
+class Certificate : public Data {
+
+};
+
+}
+
+#endif
diff --git a/ndn-cpp/security/identity/identity-manager.cpp b/ndn-cpp/security/identity/identity-manager.cpp
index a5adfc3..e6446cd 100644
--- a/ndn-cpp/security/identity/identity-manager.cpp
+++ b/ndn-cpp/security/identity/identity-manager.cpp
@@ -5,7 +5,9 @@
* See COPYING for copyright and distribution information.
*/
+#include "../../util/logging.hpp"
#include "../../sha256-with-rsa-signature.hpp"
+#include "../security-exception.hpp"
#include "identity-manager.hpp"
using namespace std;
@@ -13,6 +15,68 @@
namespace ndn {
+Name
+IdentityManager::createIdentity(const Name& identityName)
+{
+ if (!identityStorage_->doesIdentityExist(identityName)) {
+ _LOG_DEBUG("Create Identity");
+ identityStorage_->addIdentity(identityName);
+
+ _LOG_DEBUG("Create Default RSA key pair");
+ Name keyName = generateRSAKeyPairAsDefault(identityName, true);
+
+ _LOG_DEBUG("Create self-signed certificate");
+ shared_ptr<Certificate> selfCert = selfSign(keyName);
+
+ _LOG_DEBUG("Add self-signed certificate as default");
+ addCertificateAsDefault(*selfCert);
+
+ return keyName;
+ }
+ else
+ throw SecurityException("Identity has already been created!");
+}
+
+Name
+IdentityManager::generateRSAKeyPair(const Name& identityName, bool isKsk, int keySize)
+{
+ Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
+ _LOG_DEBUG("OK2");
+ return keyName;
+}
+
+Name
+IdentityManager::generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk, int keySize)
+{
+ Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
+
+ identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName);
+
+ return keyName;
+}
+
+void
+IdentityManager::setDefaultCertificateForKey(const Name& certificateName)
+{
+ Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
+
+ if (!identityStorage_->doesKeyExist(keyName))
+ throw SecurityException("No corresponding Key record for certificaite!");
+
+ identityStorage_->setDefaultCertificateNameForKey (keyName, certificateName);
+}
+
+void
+IdentityManager::addCertificateAsIdentityDefault(const Certificate& certificate)
+{
+ identityStorage_->addCertificate(certificate);
+
+ Name keyName = identityStorage_->getKeyNameForCertificate(certificate.getName());
+
+ setDefaultKeyForIdentity(keyName);
+ setDefaultCertificateForKey(certificate.getName());
+}
+
void
IdentityManager::signByCertificate(Data &data, const Name &certificateName, WireFormat& wireFormat)
{
@@ -43,4 +107,28 @@
data.wireEncode(wireFormat);
}
+Name
+IdentityManager::generateKeyPair (const Name& identityName, bool isKsk, KeyType keyType, int keySize)
+{
+ _LOG_DEBUG("Get new key ID");
+ Name keyName = identityStorage_->getNewKeyName(identityName, isKsk);
+
+ _LOG_DEBUG("Generate key pair in private storage");
+ privateKeyStorage_->generateKeyPair(keyName.toUri(), keyType, keySize);
+
+ _LOG_DEBUG("Create a key record in public storage");
+ shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName);
+ identityStorage_->addKey(keyName, keyType, publicKey->getKeyDer());
+ _LOG_DEBUG("OK");
+ return keyName;
+}
+
+shared_ptr<Certificate>
+IdentityManager::selfSign (const Name& keyName)
+{
+#if 1
+ throw std::runtime_error("MemoryIdentityStorage::getNewKeyName not implemented");
+#endif
+}
+
}
diff --git a/ndn-cpp/security/identity/identity-manager.hpp b/ndn-cpp/security/identity/identity-manager.hpp
index fee8b99..1d497ec 100644
--- a/ndn-cpp/security/identity/identity-manager.hpp
+++ b/ndn-cpp/security/identity/identity-manager.hpp
@@ -8,8 +8,9 @@
#ifndef NDN_IDENTITY_MANAGER_HPP
#define NDN_IDENTITY_MANAGER_HPP
-#include "../../data.hpp"
+#include "../certificate/certificate.hpp"
#include "identity-storage.hpp"
+#include "../certificate/public-key.hpp"
#include "private-key-storage.hpp"
namespace ndn {
@@ -24,15 +25,13 @@
{
}
-#if 0
/**
- * Create identity, by default it will create a pair of Key-Signing-Key(KSK) for this identity and a self-signed certificate of the KSK
- * @param identityName the name of the identity
- * @return the key name of the auto-generated KSK of the identity
+ * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
+ * @param identityName The name of the identity.
+ * @return The key name of the auto-generated KSK of the identity.
*/
Name
createIdentity(const Name& identityName);
-#endif
/**
* Get the default identity.
@@ -44,87 +43,104 @@
return identityStorage_->getDefaultIdentity();
}
-#if 0
/**
- * Generate a pair of RSA keys for the specified identity
- * @param identityName the name of the identity
- * @param ksk create a KSK or not, true for KSK, false for DSK
- * @param keySize the size of the key
- * @return the generated key name
+ * Generate a pair of RSA keys for the specified identity.
+ * @param identityName The name of the identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keySize The size of the key.
+ * @return The generated key name.
*/
Name
- generateRSAKeyPair(const Name& identityName, bool ksk = false, int keySize = 2048);
+ generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048);
/**
- * Set a key as the default key of an identity
- * @param keyName the name of the key
- * @param identityName the name of the identity, if not specified the identity name can be inferred from the keyName
+ * Set a key as the default key of an identity.
+ * @param keyName The name of the key.
+ * @param identityName the name of the identity. If not specified, the identity name is inferred from the keyName.
*/
void
- setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name());
+ setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name())
+ {
+ identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName);
+ }
/**
- * Generate a pair of RSA keys for the specified identity and set it as default key of the identity
- * @param identityName the name of the identity
- * @param ksk create a KSK or not, true for KSK, false for DSK
- * @param keySize the size of the key
- * @return the generated key name
+ * Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
+ * @param identityName The name of the identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keySize The size of the key.
+ * @return The generated key name.
*/
Name
- generateRSAKeyPairAsDefault(const Name& identityName, bool ksk = false, int keySize = 2048);
+ generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048);
/**
- * Get public key with the specified name
- * @param keyName name of the key
- * @return the public key
+ * Get the public key with the specified name.
+ * @param keyName The name of the key.
+ * @return The public key.
*/
- Ptr<Publickey>
- getPublickey(const Name& keyName);
+ ptr_lib::shared_ptr<PublicKey>
+ getPublicKey(const Name& keyName)
+ {
+ return PublicKey::fromDer(identityStorage_->getKey(keyName));
+ }
/**
- * Add a certificate into the public storage
- * @param certificate the certificate to to added
+ * Add a certificate into the public key identity storage.
+ * @param certificate The certificate to to added.
*/
void
- addCertificate(Ptr<Certificate> certificate);
+ addCertificate(const Certificate& certificate)
+ {
+ identityStorage_->addCertificate(certificate);
+ }
/**
- * Set the certificate as the default of its corresponding key
- * @param certificateName name of the certificate
+ * Set the certificate as the default for its corresponding key.
+ * @param certificateName The name of the certificate.
*/
void
setDefaultCertificateForKey(const Name& certificateName);
/**
- * Add a certificate into the public storage and set the certificate as the default of its corresponding identity
- * @param certificate the certificate to be added
+ * Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.
+ * @param certificate The certificate to be added.
*/
void
addCertificateAsIdentityDefault(const Certificate& certificate);
/**
- * Add a certificate into the public storage and set the certificate as the default of its corresponding key
+ * Add a certificate into the public key identity storage and set the certificate as the default of its corresponding key.
* certificate the certificate to be added
*/
void
- addCertificateAsDefault(const Certificate& certificate);
+ addCertificateAsDefault(const Certificate& certificate)
+ {
+ identityStorage_->addCertificate(certificate);
+ setDefaultCertificateForKey(certificate.getName());
+ }
/**
- * Get a certificate with the specified name
- * @param certificateName name of the requested certificate
- * @return the requested certificate
+ * Get a certificate with the specified name.
+ * @param certificateName The name of the requested certificate.
+ * @return the requested certificate which is valid.
*/
- Ptr<Certificate>
- getCertificate(const Name& certificateName);
+ ptr_lib::shared_ptr<Certificate>
+ getCertificate(const Name& certificateName)
+ {
+ return identityStorage_->getCertificate(certificateName, false);
+ }
/**
- * Get a certificate even if the certificate is not valid anymore
- * @param certificateName name of the requested certificate
- * @return the requested certificate
+ * Get a certificate even if the certificate is not valid anymore.
+ * @param certificateName The name of the requested certificate.
+ * @return the requested certificate.
*/
- Ptr<Certificate>
- getAnyCertificate(const Name& certificateName);
-#endif
+ ptr_lib::shared_ptr<Certificate>
+ getAnyCertificate(const Name& certificateName)
+ {
+ return identityStorage_->getCertificate(certificateName, true);
+ }
/**
* Get the default certificate name for the specified identity, which will be used when signing is performed based on identity.
@@ -150,23 +166,6 @@
#if 0
/**
- * Sign blob based on identity
- * @param blob the blob to be signed
- * @param identityName the signing identity name
- * @return the generated signature
- */
- Ptr<Signature>
- signByIdentity(const Blob& blob, const Name& identityName);
-
- /**
- * Sign data based on identity
- * @param data the data packet to be signed, on return the Signature inside the data packet will be set
- * @param identityName the signing identity name
- */
- void
- signByIdentity(Data& data, const Name& identityName);
-
- /**
* sign blob based on certificate name
* @param blob the blob to be signed
* @param certificateName the signing certificate name
@@ -188,6 +187,25 @@
signByCertificate(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
private:
+ /**
+ * Generate a key pair for the specified identity.
+ * @param identityName The name of the specified identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keyType The type of the key pair, e.g. KEY_TYPE_RSA.
+ * @param keySize The size of the key pair.
+ * @return The name of the generated key.
+ */
+ Name
+ generateKeyPair(const Name& identityName, bool isKsk = false, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048);
+
+ /**
+ * Generate a self-signed certificate for a public key.
+ * @param keyName The name of the public key.
+ * @return The generated certificate.
+ */
+ ptr_lib::shared_ptr<Certificate>
+ selfSign(const Name& keyName);
+
ptr_lib::shared_ptr<IdentityStorage> identityStorage_;
ptr_lib::shared_ptr<PrivateKeyStorage> privateKeyStorage_;
};
diff --git a/ndn-cpp/security/key-chain.hpp b/ndn-cpp/security/key-chain.hpp
index 5a1198a..7e718e6 100644
--- a/ndn-cpp/security/key-chain.hpp
+++ b/ndn-cpp/security/key-chain.hpp
@@ -41,7 +41,6 @@
* Identity Management *
*****************************************/
-#if 0
/**
* Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
* @param identityName The name of the identity.
@@ -52,7 +51,6 @@
{
return identityManager_->createIdentity(identityName);
}
-#endif
/**
* Get the default identity.
@@ -64,87 +62,115 @@
return identityManager_->getDefaultIdentity();
}
-#if 0
/**
- * Generate a pair of RSA keys for the specified identity
- * @param identity the name of the identity
- * @param ksk create a KSK or not, true for KSK, false for DSK
- * @param keySize the size of the key
- * @return the generated key name
+ * Generate a pair of RSA keys for the specified identity.
+ * @param identityName The name of the identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keySize The size of the key.
+ * @return The generated key name.
*/
Name
- generateRSAKeyPair (const Name& identity, bool ksk = false, int keySize = 2048);
+ generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048)
+ {
+ return identityManager_->generateRSAKeyPair(identityName, isKsk, keySize);
+ }
/**
- * Set a key as the default key of an identity
- * @param keyName the name of the key
- * @param identity the name of the identity, if not specified the identity name can be inferred from the keyName
+ * Set a key as the default key of an identity.
+ * @param keyName The name of the key.
+ * @param identityName the name of the identity. If not specified, the identity name is inferred from the keyName.
*/
void
- setDefaultKeyForIdentity (const Name& keyName, const Name& identity = Name());
+ setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name())
+ {
+ return identityManager_->setDefaultKeyForIdentity(keyName, identityName);
+ }
/**
- * Generate a pair of RSA keys for the specified identity and set it as default key of the identity
- * @param identity the name of the identity
- * @param ksk create a KSK or not, true for KSK, false for DSK
- * @param keySize the size of the key
- * @return the generated key name
+ * Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
+ * @param identityName The name of the identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keySize The size of the key.
+ * @return The generated key name.
*/
Name
- generateRSAKeyPairAsDefault (const Name& identity, bool ksk = false, int keySize = 2048);
+ generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048)
+ {
+ return identityManager_->generateRSAKeyPairAsDefault(identityName, isKsk, keySize);
+ }
/**
- * Create a public key signing request
- * @param keyName the name of the key
- * @returns signing request blob
+ * Create a public key signing request.
+ * @param keyName The name of the key.
+ * @returns The signing request data.
*/
- Ptr<Blob>
- createSigningRequest(const Name& keyName);
+ Blob
+ createSigningRequest(const Name& keyName)
+ {
+ return identityManager_->getPublicKey(keyName)->getKeyDer();
+ }
/**
- * Install a certificate into identity
- * @param certificate the certificate in terms of Data packet
- */
- void
- installCertificate(Ptr<Certificate> certificate);
-
- /**
- * Set a certificate as the default certificate name of the corresponding key
- * @param certificateName the name of the certificate
+ * Install a certificate into the public key identity storage.
+ * @param certificate The certificate to to added.
*/
void
- setDefaultCertificateForKey(const Name& certificateName);
+ installCertificate(const Certificate& certificate)
+ {
+ identityManager_->addCertificate(certificate);
+ }
/**
- * Get certificate
- * @param certificateName name of the certificate
- * @returns certificate that is valid
+ * Set the certificate as the default for its corresponding key.
+ * @param certificateName The name of the certificate.
*/
- Ptr<Certificate>
- getCertificate(const Name& certificateName);
+ void
+ setDefaultCertificateForKey(const Name& certificateName)
+ {
+ identityManager_->setDefaultCertificateForKey(certificateName);
+ }
/**
- * Get certificate even if it is not valid
- * @param certificateName name of the certificate
- * @returns certificate that is valid
+ * Get a certificate with the specified name.
+ * @param certificateName The name of the requested certificate.
+ * @return the requested certificate.
*/
- Ptr<Certificate>
- getAnyCertificate(const Name& certName);
+ ptr_lib::shared_ptr<Certificate>
+ getCertificate(const Name& certificateName)
+ {
+ return identityManager_->getCertificate(certificateName);
+ }
+
+ /**
+ * Get a certificate even if the certificate is not valid anymore.
+ * @param certificateName The name of the requested certificate.
+ * @return the requested certificate.
+ */
+ ptr_lib::shared_ptr<Certificate>
+ getAnyCertificate(const Name& certificateName)
+ {
+ return identityManager_->getAnyCertificate(certificateName);
+ }
/**
* Revoke a key
* @param keyName the name of the key that will be revoked
*/
void
- revokeKey(const Name & keyName);
+ revokeKey(const Name & keyName)
+ {
+ //TODO: Implement
+ }
/**
* Revoke a certificate
* @param certificateName the name of the certificate that will be revoked
*/
void
- revokeCertificate(const Name & certificateName);
-#endif
+ revokeCertificate(const Name & certificateName)
+ {
+ //TODO: Implement
+ }
/*****************************************
* Policy Management *