blob: 961cf95ed988f9895d6cdaebc269281b4e858d9a [file] [log] [blame]
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
/**
* Copyright (C) 2013 Regents of the University of California.
* @author: Yingdi Yu <yingdi@cs.ucla.edu>
* @author: Jeff Thompson <jefft0@remap.ucla.edu>
* See COPYING for copyright and distribution information.
*/
#ifndef NDN_SEC_PUBLIC_INFO_HPP
#define NDN_SEC_PUBLIC_INFO_HPP
#include "../../name.hpp"
#include "../security-common.hpp"
#include "../certificate/public-key.hpp"
#include "../certificate/identity-certificate.hpp"
namespace ndn {
/**
* SecPublicInfo is a base class for the storage of identity, public keys and certificates.
* Private keys are stored in SecTpm.
* This is an abstract base class. A subclass must implement the methods.
*/
class SecPublicInfo {
public:
struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
/**
* The virtual Destructor.
*/
virtual
~SecPublicInfo() {}
/**
* Check if the specified identity already exists.
* @param identityName The identity name.
* @return true if the identity exists, otherwise false.
*/
virtual bool
doesIdentityExist(const Name& identityName) = 0;
/**
* Add a new identity. An exception will be thrown if the identity already exists.
* @param identityName The identity name to be added.
*/
virtual void
addIdentity(const Name& identityName) = 0;
/**
* Revoke the identity.
* @return true if the identity was revoked, false if not.
*/
virtual bool
revokeIdentity() = 0;
/**
* Check if the specified key already exists.
* @param keyName The name of the key.
* @return true if the key exists, otherwise false.
*/
virtual bool
doesPublicKeyExist(const Name& keyName) = 0;
/**
* Add a public key to the identity storage.
* @param keyName The name of the public key to be added.
* @param keyType Type of the public key to be added.
* @param publicKeyDer A blob of the public key DER to be added.
*/
virtual void
addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer) = 0;
/**
* Get the public key DER blob from the identity storage.
* @param keyName The name of the requested public key.
* @return The DER Blob. If not found, return a Blob with a null pointer.
*/
virtual ptr_lib::shared_ptr<PublicKey>
getPublicKey(const Name& keyName) = 0;
/**
* Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
* @param keyName name of the key
*/
virtual void
activatePublicKey(const Name& keyName) = 0;
/**
* Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
* @param keyName name of the key
*/
virtual void
deactivatePublicKey(const Name& keyName) = 0;
/**
* Check if the specified certificate already exists.
* @param certificateName The name of the certificate.
* @return true if the certificate exists, otherwise false.
*/
virtual bool
doesCertificateExist(const Name& certificateName) = 0;
/**
* Add a certificate to the identity storage.
* @param certificate The certificate to be added. This makes a copy of the certificate.
*/
virtual void
addCertificate(const IdentityCertificate& certificate) = 0;
/**
* Get a certificate from the identity storage.
* @param certificateName The name of the requested certificate.
* @param allowAny If false, only a valid certificate will be returned, otherwise validity is disregarded.
* @return The requested certificate. If not found, return a shared_ptr with a null pointer.
*/
virtual ptr_lib::shared_ptr<IdentityCertificate>
getCertificate(const Name &certificateName) = 0;
/*****************************************
* Default Getter *
*****************************************/
/**
* Get the default identity.
* @param return The name of default identity, or an empty name if there is no default.
*/
virtual Name
getDefaultIdentity() = 0;
/**
* Get the default key name for the specified identity.
* @param identityName The identity name.
* @return The default key name.
*/
virtual Name
getDefaultKeyNameForIdentity(const Name& identityName) = 0;
/**
* Get the default certificate name for the specified key.
* @param keyName The key name.
* @return The default certificate name.
*/
virtual Name
getDefaultCertificateNameForKey(const Name& keyName) = 0;
virtual std::vector<Name>
getAllIdentities(bool isDefault) = 0;
virtual std::vector<Name>
getAllKeyNames(bool isDefault) = 0;
virtual std::vector<Name>
getAllKeyNamesOfIdentity(const Name& identity, bool isDefault) = 0;
virtual std::vector<Name>
getAllCertificateNames(bool isDefault) = 0;
virtual std::vector<Name>
getAllCertificateNamesOfKey(const Name& keyName, bool isDefault) = 0;
protected:
/*****************************************
* Default Setter *
*****************************************/
/**
* Set the default identity. If the identityName does not exist, then clear the default identity
* so that getDefaultIdentity() returns an empty name.
* @param identityName The default identity name.
*/
virtual void
setDefaultIdentityInternal(const Name& identityName) = 0;
/**
* Set the default key name for the corresponding identity.
* @param keyName The key name.
*/
virtual void
setDefaultKeyNameForIdentityInternal(const Name& keyName) = 0;
/**
* Set the default certificate name for the corresponding key.
* @param certificateName The certificate name.
*/
virtual void
setDefaultCertificateNameForKeyInternal(const Name& certificateName) = 0;
public:
/*****************************************
* Helper Methods *
*****************************************/
/**
* Set the default identity. If the identityName does not exist, then clear the default identity
* so that getDefaultIdentity() returns an empty name.
* @param identityName The default identity name.
*/
inline void
setDefaultIdentity(const Name& identityName);
/**
* Set the default key name for the corresponding identity.
* @param keyName The key name.
*/
inline void
setDefaultKeyNameForIdentity(const Name& keyName);
/**
* Set the default certificate name for the corresponding key.
* @param certificateName The certificate name.
*/
inline void
setDefaultCertificateNameForKey(const Name& certificateName);
/**
* Generate a name for a new key belonging to the identity.
* @param identityName The identity name.
* @param useKsk If true, generate a KSK name, otherwise a DSK name.
* @return The generated key name.
*/
inline Name
getNewKeyName(const Name& identityName, bool useKsk);
/**
* Get the default certificate name for the specified identity.
* @param identityName The identity name.
* @return The default certificate name.
*/
inline Name
getDefaultCertificateNameForIdentity(const Name& identityName);
/**
* Get the default certificate name of the default identity, which will be used when signing is based on identity and
* the identity is not specified.
* @return The requested certificate name.
*/
inline Name
getDefaultCertificateName();
/**
* Add a certificate and set the certificate as the default of its corresponding key.
* @param certificate The certificate to be added. This makes a copy of the certificate.
*/
inline void
addCertificateAsKeyDefault(const IdentityCertificate& certificate);
/**
* Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.
* @param certificate The certificate to be added. This makes a copy of the certificate.
*/
inline void
addCertificateAsIdentityDefault(const IdentityCertificate& certificate);
inline void
addCertificateAsSystemDefault(const IdentityCertificate& certificate);
inline ptr_lib::shared_ptr<IdentityCertificate>
defaultCertificate();
inline void
refreshDefaultCertificate();
protected:
ptr_lib::shared_ptr<IdentityCertificate> defaultCertificate_;
};
void
SecPublicInfo::setDefaultIdentity(const Name& identityName)
{
setDefaultIdentityInternal(identityName);
refreshDefaultCertificate();
}
void
SecPublicInfo::setDefaultKeyNameForIdentity(const Name& keyName)
{
setDefaultKeyNameForIdentityInternal(keyName);
refreshDefaultCertificate();
}
void
SecPublicInfo::setDefaultCertificateNameForKey(const Name& certificateName)
{
setDefaultCertificateNameForKeyInternal(certificateName);
refreshDefaultCertificate();
}
Name
SecPublicInfo::getDefaultCertificateNameForIdentity(const Name& identityName)
{
return getDefaultCertificateNameForKey(getDefaultKeyNameForIdentity(identityName));
}
Name
SecPublicInfo::getNewKeyName (const Name& identityName, bool useKsk)
{
std::ostringstream oss;
if (useKsk)
oss << "ksk-";
else
oss << "dsk-";
oss << static_cast<int>(getNow()/1000);
Name keyName = Name(identityName).append(oss.str());
if (doesPublicKeyExist(keyName))
throw Error("Key name already exists");
return keyName;
}
Name
SecPublicInfo::getDefaultCertificateName()
{
if(!static_cast<bool>(defaultCertificate_))
refreshDefaultCertificate();
if(!static_cast<bool>(defaultCertificate_))
return Name();
return defaultCertificate_->getName();
}
void
SecPublicInfo::addCertificateAsKeyDefault(const IdentityCertificate& certificate)
{
addCertificate(certificate);
setDefaultCertificateNameForKeyInternal(certificate.getName());
refreshDefaultCertificate();
}
void
SecPublicInfo::addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
{
addCertificate(certificate);
Name certName = certificate.getName();
setDefaultKeyNameForIdentityInternal(IdentityCertificate::certificateNameToPublicKeyName(certName));
setDefaultCertificateNameForKeyInternal(certName);
refreshDefaultCertificate();
}
void
SecPublicInfo::addCertificateAsSystemDefault(const IdentityCertificate& certificate)
{
addCertificate(certificate);
Name certName = certificate.getName();
Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
setDefaultIdentityInternal(keyName.getPrefix(-1));
setDefaultKeyNameForIdentityInternal(keyName);
setDefaultCertificateNameForKeyInternal(certName);
refreshDefaultCertificate();
}
ptr_lib::shared_ptr<IdentityCertificate>
SecPublicInfo::defaultCertificate()
{
return defaultCertificate_;
}
void
SecPublicInfo::refreshDefaultCertificate()
{
Name certName = getDefaultCertificateNameForIdentity(getDefaultIdentity());
if(certName.empty())
defaultCertificate_.reset();
else
defaultCertificate_ = getCertificate(certName);
}
}
#endif