blob: e07b483ba985759a066368097cc307a594e7c05e [file] [log] [blame]
Jeff Thompson25b4e612013-10-10 16:03:24 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
Jeff Thompson41471912013-09-12 16:21:50 -07002/**
Jeff Thompson7687dc02013-09-13 11:54:07 -07003 * Copyright (C) 2013 Regents of the University of California.
Jeff Thompson06e787d2013-09-12 19:00:55 -07004 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
Jeff Thompson7687dc02013-09-13 11:54:07 -07005 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson41471912013-09-12 16:21:50 -07006 * See COPYING for copyright and distribution information.
7 */
8
Jeff Thompson0f2096f2013-10-01 14:49:42 -07009#if 1
10#include <stdexcept>
11#endif
Jeff Thompsone7e069b2013-09-27 15:48:48 -070012#include "../../util/logging.hpp"
Jeff Thompson25b4e612013-10-10 16:03:24 -070013#include <ndn-cpp/sha256-with-rsa-signature.hpp>
14#include <ndn-cpp/security/security-exception.hpp>
15#include <ndn-cpp/security/identity/identity-manager.hpp>
Jeff Thompson41471912013-09-12 16:21:50 -070016
Jeff Thompson9296f0c2013-09-23 18:10:27 -070017using namespace std;
18using namespace ndn::ptr_lib;
Jeff Thompson41471912013-09-12 16:21:50 -070019
Jeff Thompson9296f0c2013-09-23 18:10:27 -070020namespace ndn {
Jeff Thompson86e1d752013-09-17 17:22:38 -070021
Jeff Thompsone7e069b2013-09-27 15:48:48 -070022Name
23IdentityManager::createIdentity(const Name& identityName)
24{
25 if (!identityStorage_->doesIdentityExist(identityName)) {
26 _LOG_DEBUG("Create Identity");
27 identityStorage_->addIdentity(identityName);
28
29 _LOG_DEBUG("Create Default RSA key pair");
30 Name keyName = generateRSAKeyPairAsDefault(identityName, true);
31
32 _LOG_DEBUG("Create self-signed certificate");
33 shared_ptr<Certificate> selfCert = selfSign(keyName);
34
35 _LOG_DEBUG("Add self-signed certificate as default");
36 addCertificateAsDefault(*selfCert);
37
38 return keyName;
39 }
40 else
41 throw SecurityException("Identity has already been created!");
42}
43
44Name
45IdentityManager::generateRSAKeyPair(const Name& identityName, bool isKsk, int keySize)
46{
47 Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
48 _LOG_DEBUG("OK2");
49 return keyName;
50}
51
52Name
53IdentityManager::generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk, int keySize)
54{
55 Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
56
57 identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName);
58
59 return keyName;
60}
61
62void
63IdentityManager::setDefaultCertificateForKey(const Name& certificateName)
64{
65 Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
66
67 if (!identityStorage_->doesKeyExist(keyName))
68 throw SecurityException("No corresponding Key record for certificaite!");
69
70 identityStorage_->setDefaultCertificateNameForKey (keyName, certificateName);
71}
72
73void
74IdentityManager::addCertificateAsIdentityDefault(const Certificate& certificate)
75{
76 identityStorage_->addCertificate(certificate);
77
78 Name keyName = identityStorage_->getKeyNameForCertificate(certificate.getName());
79
80 setDefaultKeyForIdentity(keyName);
81 setDefaultCertificateForKey(certificate.getName());
82}
83
Jeff Thompson0050abe2013-09-17 12:50:25 -070084void
Jeff Thompson86e1d752013-09-17 17:22:38 -070085IdentityManager::signByCertificate(Data &data, const Name &certificateName, WireFormat& wireFormat)
Jeff Thompson41471912013-09-12 16:21:50 -070086{
Jeff Thompson9296f0c2013-09-23 18:10:27 -070087 Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
88
89 shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName);
Jeff Thompson86e1d752013-09-17 17:22:38 -070090
91 // For temporary usage, we support RSA + SHA256 only, but will support more.
92 data.setSignature(Sha256WithRsaSignature());
93 // Get a pointer to the clone which Data made.
94 Sha256WithRsaSignature *signature = dynamic_cast<Sha256WithRsaSignature*>(data.getSignature());
95 DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256;
96
97 signature->getKeyLocator().setType(ndn_KeyLocatorType_KEYNAME);
98 signature->getKeyLocator().setKeyName(certificateName);
Jeff Thompson9296f0c2013-09-23 18:10:27 -070099 // Omit the certificate digest.
100 signature->getKeyLocator().setKeyNameType((ndn_KeyNameType)-1);
Jeff Thompson86e1d752013-09-17 17:22:38 -0700101 // Ignore witness and leave the digestAlgorithm as the default.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700102 signature->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKey->getDigest());
Jeff Thompson41471912013-09-12 16:21:50 -0700103
Jeff Thompson86e1d752013-09-17 17:22:38 -0700104 // Encode once to get the signed portion.
105 SignedBlob encoding = data.wireEncode(wireFormat);
106
107 signature->setSignature
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700108 (privateKeyStorage_->sign(encoding.signedBuf(), encoding.signedSize(), keyName, digestAlgorithm));
Jeff Thompson86e1d752013-09-17 17:22:38 -0700109
110 // Encode again to include the signature.
111 data.wireEncode(wireFormat);
Jeff Thompson41471912013-09-12 16:21:50 -0700112}
113
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700114Name
115IdentityManager::generateKeyPair (const Name& identityName, bool isKsk, KeyType keyType, int keySize)
116{
117 _LOG_DEBUG("Get new key ID");
118 Name keyName = identityStorage_->getNewKeyName(identityName, isKsk);
119
120 _LOG_DEBUG("Generate key pair in private storage");
121 privateKeyStorage_->generateKeyPair(keyName.toUri(), keyType, keySize);
122
123 _LOG_DEBUG("Create a key record in public storage");
124 shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName);
125 identityStorage_->addKey(keyName, keyType, publicKey->getKeyDer());
126 _LOG_DEBUG("OK");
127 return keyName;
128}
129
130shared_ptr<Certificate>
131IdentityManager::selfSign (const Name& keyName)
132{
133#if 1
134 throw std::runtime_error("MemoryIdentityStorage::getNewKeyName not implemented");
135#endif
136}
137
Jeff Thompson41471912013-09-12 16:21:50 -0700138}