blob: 4e804cc83d98cc66ec830dea23802a5946bf806d [file] [log] [blame]
Jeff Thompson25b4e612013-10-10 16:03:24 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
Jeff Thompson47c93cf2013-08-09 00:38:48 -07002/**
Jeff Thompson7687dc02013-09-13 11:54:07 -07003 * Copyright (C) 2013 Regents of the University of California.
Jeff Thompsonba16b8f2013-12-16 13:11:47 -08004 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
Jeff Thompson7687dc02013-09-13 11:54:07 -07005 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson47c93cf2013-08-09 00:38:48 -07006 * See COPYING for copyright and distribution information.
7 */
8
9#ifndef NDN_KEY_CHAIN_HPP
Jeff Thompson2d27e2f2013-08-09 12:55:00 -070010#define NDN_KEY_CHAIN_HPP
Jeff Thompson47c93cf2013-08-09 00:38:48 -070011
Jeff Thompson7a67cb62013-08-26 11:43:18 -070012#include "../data.hpp"
Jeff Thompson2ce8f492013-09-17 18:01:25 -070013#include "../face.hpp"
14#include "identity/identity-manager.hpp"
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070015#include "encryption/encryption-manager.hpp"
Jeff Thompsonba16b8f2013-12-16 13:11:47 -080016#include "policy/validation-request.hpp"
Jeff Thompson47c93cf2013-08-09 00:38:48 -070017
18namespace ndn {
19
Jeff Thompson29ce3102013-09-27 11:47:48 -070020class PolicyManager;
21
Jeff Thompson2ce8f492013-09-17 18:01:25 -070022/**
Jeff Thompsonba16b8f2013-12-16 13:11:47 -080023 * KeyChain is the main class of the security library.
Jeff Thompsonffa36f92013-09-20 08:42:41 -070024 *
Jeff Thompsonba16b8f2013-12-16 13:11:47 -080025 * The KeyChain class provides a set of interfaces to the security library such as identity management, policy configuration
Jeff Thompsonffa36f92013-09-20 08:42:41 -070026 * and packet signing and verification.
27 */
Jeff Thompson47c93cf2013-08-09 00:38:48 -070028class KeyChain {
29public:
Alexander Afanasyev64a3d812014-01-05 23:35:05 -080030 struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
Jeff Thompson2ce8f492013-09-17 18:01:25 -070031
Alexander Afanasyev64a3d812014-01-05 23:35:05 -080032 KeyChain(IdentityManager *identityManager, PolicyManager *policyManager);
33
34 /**
35 * @brief Set the Face which will be used to fetch required certificates.
36 * @param face A pointer to the Face object.
37 *
38 * Setting face is necessary for keychain operation that involve fetching data.
39 */
40 void
41 setFace(const ptr_lib::shared_ptr<Face> &face) { face_ = face; }
42
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070043 /*****************************************
44 * Identity Management *
45 *****************************************/
46
Alexander Afanasyev64a3d812014-01-05 23:35:05 -080047 inline IdentityManager&
48 identities()
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070049 {
Alexander Afanasyev64a3d812014-01-05 23:35:05 -080050 return *identityManager_;
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070051 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070052
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070053 /*****************************************
54 * Policy Management *
55 *****************************************/
56
Alexander Afanasyev64a3d812014-01-05 23:35:05 -080057 inline PolicyManager&
58 policies()
59 {
60 return *policyManager_;
61 }
62
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070063 /*****************************************
64 * Sign/Verify *
65 *****************************************/
66
Jeff Thompson47c93cf2013-08-09 00:38:48 -070067 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -070068 * Wire encode the Data object, sign it and set its signature.
Jeff Thompsonade5b1e2013-08-09 12:16:45 -070069 * Note: the caller must make sure the timestamp is correct, for example with
Jeff Thompsonfec716d2013-09-11 13:54:36 -070070 * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
Jeff Thompson2ce8f492013-09-17 18:01:25 -070071 * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
Jeff Thompson9296f0c2013-09-23 18:10:27 -070072 * @param certificateName The certificate name of the key to use for signing. If omitted, infer the signing identity from the data packet name.
Jeff Thompson8d24fe12013-09-18 15:54:51 -070073 * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
Jeff Thompson3c73da42013-08-12 11:19:05 -070074 */
Jeff Thompson2ce8f492013-09-17 18:01:25 -070075 void
Alexander Afanasyev64a3d812014-01-05 23:35:05 -080076 sign(Data& data, const Name& certificateName);
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070077
Jeff Thompson29ce3102013-09-27 11:47:48 -070078 /**
Jeff Thompsonc01e1782013-10-21 14:08:42 -070079 * Sign the byte array using a certificate name and return a Signature object.
80 * @param buffer The byte array to be signed.
81 * @param bufferLength the length of buffer.
82 * @param certificateName The certificate name used to get the signing key and which will be put into KeyLocator.
83 * @return The Signature.
84 */
Alexander Afanasyev64a3d812014-01-05 23:35:05 -080085 Signature
Jeff Thompsonc01e1782013-10-21 14:08:42 -070086 sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
87
88 /**
Jeff Thompson29ce3102013-09-27 11:47:48 -070089 * Wire encode the Data object, sign it and set its signature.
90 * Note: the caller must make sure the timestamp is correct, for example with
91 * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
92 * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
93 * @param identityName The identity name for the key to use for signing. If omitted, infer the signing identity from the data packet name.
94 * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
95 */
96 void
Alexander Afanasyev64a3d812014-01-05 23:35:05 -080097 signByIdentity(Data& data, const Name& identityName = Name());
Jeff Thompson3c73da42013-08-12 11:19:05 -070098
99 /**
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700100 * Sign the byte array using an identity name and return a Signature object.
101 * @param buffer The byte array to be signed.
102 * @param bufferLength the length of buffer.
103 * @param identityName The identity name.
104 * @return The Signature.
105 */
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800106 Signature
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700107 signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
108
109 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700110 * Check the signature on the Data object and call either onVerify or onVerifyFailed.
111 * We use callback functions because verify may fetch information to check the signature.
Jeff Thompson29ce3102013-09-27 11:47:48 -0700112 * @param data The Data object with the signature to check. It is an error if data does not have a wireEncoding.
113 * To set the wireEncoding, you can call data.wireDecode.
114 * @param onVerified If the signature is verified, this calls onVerified(data).
115 * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700116 */
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700117 void
Jeff Thompson7c5d2312013-09-25 16:07:15 -0700118 verifyData
119 (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700120
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700121 /*****************************************
122 * Encrypt/Decrypt *
123 *****************************************/
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800124 // todo
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700125
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700126private:
Jeff Thompsoncda349e2013-11-05 17:37:39 -0800127 void
128 onCertificateData
129 (const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
130
131 void
132 onCertificateInterestTimeout
133 (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed,
134 const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
135
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800136private:
137 std::auto_ptr<IdentityManager> identityManager_;
138 std::auto_ptr<PolicyManager> policyManager_;
139 // std::auto_ptr<EncryptionManager> encryptionManager_;
140 ptr_lib::shared_ptr<Face> face_;
141
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700142 const int maxSteps_;
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700143};
144
145}
146
147#endif