Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame^] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 2 | /** |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 3 | * Copyright (C) 2013 Regents of the University of California. |
Jeff Thompson | 06e787d | 2013-09-12 19:00:55 -0700 | [diff] [blame] | 4 | * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 5 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 6 | * See COPYING for copyright and distribution information. |
| 7 | */ |
| 8 | |
Jeff Thompson | 0f2096f | 2013-10-01 14:49:42 -0700 | [diff] [blame] | 9 | #if 1 |
| 10 | #include <stdexcept> |
| 11 | #endif |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 12 | #include "../../util/logging.hpp" |
Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame^] | 13 | #include <ndn-cpp/sha256-with-rsa-signature.hpp> |
| 14 | #include <ndn-cpp/security/security-exception.hpp> |
| 15 | #include <ndn-cpp/security/identity/identity-manager.hpp> |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 16 | |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 17 | using namespace std; |
| 18 | using namespace ndn::ptr_lib; |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 19 | |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 20 | namespace ndn { |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 21 | |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 22 | Name |
| 23 | IdentityManager::createIdentity(const Name& identityName) |
| 24 | { |
| 25 | if (!identityStorage_->doesIdentityExist(identityName)) { |
| 26 | _LOG_DEBUG("Create Identity"); |
| 27 | identityStorage_->addIdentity(identityName); |
| 28 | |
| 29 | _LOG_DEBUG("Create Default RSA key pair"); |
| 30 | Name keyName = generateRSAKeyPairAsDefault(identityName, true); |
| 31 | |
| 32 | _LOG_DEBUG("Create self-signed certificate"); |
| 33 | shared_ptr<Certificate> selfCert = selfSign(keyName); |
| 34 | |
| 35 | _LOG_DEBUG("Add self-signed certificate as default"); |
| 36 | addCertificateAsDefault(*selfCert); |
| 37 | |
| 38 | return keyName; |
| 39 | } |
| 40 | else |
| 41 | throw SecurityException("Identity has already been created!"); |
| 42 | } |
| 43 | |
| 44 | Name |
| 45 | IdentityManager::generateRSAKeyPair(const Name& identityName, bool isKsk, int keySize) |
| 46 | { |
| 47 | Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize); |
| 48 | _LOG_DEBUG("OK2"); |
| 49 | return keyName; |
| 50 | } |
| 51 | |
| 52 | Name |
| 53 | IdentityManager::generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk, int keySize) |
| 54 | { |
| 55 | Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize); |
| 56 | |
| 57 | identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName); |
| 58 | |
| 59 | return keyName; |
| 60 | } |
| 61 | |
| 62 | void |
| 63 | IdentityManager::setDefaultCertificateForKey(const Name& certificateName) |
| 64 | { |
| 65 | Name keyName = identityStorage_->getKeyNameForCertificate(certificateName); |
| 66 | |
| 67 | if (!identityStorage_->doesKeyExist(keyName)) |
| 68 | throw SecurityException("No corresponding Key record for certificaite!"); |
| 69 | |
| 70 | identityStorage_->setDefaultCertificateNameForKey (keyName, certificateName); |
| 71 | } |
| 72 | |
| 73 | void |
| 74 | IdentityManager::addCertificateAsIdentityDefault(const Certificate& certificate) |
| 75 | { |
| 76 | identityStorage_->addCertificate(certificate); |
| 77 | |
| 78 | Name keyName = identityStorage_->getKeyNameForCertificate(certificate.getName()); |
| 79 | |
| 80 | setDefaultKeyForIdentity(keyName); |
| 81 | setDefaultCertificateForKey(certificate.getName()); |
| 82 | } |
| 83 | |
Jeff Thompson | 0050abe | 2013-09-17 12:50:25 -0700 | [diff] [blame] | 84 | void |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 85 | IdentityManager::signByCertificate(Data &data, const Name &certificateName, WireFormat& wireFormat) |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 86 | { |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 87 | Name keyName = identityStorage_->getKeyNameForCertificate(certificateName); |
| 88 | |
| 89 | shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName); |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 90 | |
| 91 | // For temporary usage, we support RSA + SHA256 only, but will support more. |
| 92 | data.setSignature(Sha256WithRsaSignature()); |
| 93 | // Get a pointer to the clone which Data made. |
| 94 | Sha256WithRsaSignature *signature = dynamic_cast<Sha256WithRsaSignature*>(data.getSignature()); |
| 95 | DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256; |
| 96 | |
| 97 | signature->getKeyLocator().setType(ndn_KeyLocatorType_KEYNAME); |
| 98 | signature->getKeyLocator().setKeyName(certificateName); |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 99 | // Omit the certificate digest. |
| 100 | signature->getKeyLocator().setKeyNameType((ndn_KeyNameType)-1); |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 101 | // Ignore witness and leave the digestAlgorithm as the default. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 102 | signature->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKey->getDigest()); |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 103 | |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 104 | // Encode once to get the signed portion. |
| 105 | SignedBlob encoding = data.wireEncode(wireFormat); |
| 106 | |
| 107 | signature->setSignature |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 108 | (privateKeyStorage_->sign(encoding.signedBuf(), encoding.signedSize(), keyName, digestAlgorithm)); |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 109 | |
| 110 | // Encode again to include the signature. |
| 111 | data.wireEncode(wireFormat); |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 112 | } |
| 113 | |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 114 | Name |
| 115 | IdentityManager::generateKeyPair (const Name& identityName, bool isKsk, KeyType keyType, int keySize) |
| 116 | { |
| 117 | _LOG_DEBUG("Get new key ID"); |
| 118 | Name keyName = identityStorage_->getNewKeyName(identityName, isKsk); |
| 119 | |
| 120 | _LOG_DEBUG("Generate key pair in private storage"); |
| 121 | privateKeyStorage_->generateKeyPair(keyName.toUri(), keyType, keySize); |
| 122 | |
| 123 | _LOG_DEBUG("Create a key record in public storage"); |
| 124 | shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName); |
| 125 | identityStorage_->addKey(keyName, keyType, publicKey->getKeyDer()); |
| 126 | _LOG_DEBUG("OK"); |
| 127 | return keyName; |
| 128 | } |
| 129 | |
| 130 | shared_ptr<Certificate> |
| 131 | IdentityManager::selfSign (const Name& keyName) |
| 132 | { |
| 133 | #if 1 |
| 134 | throw std::runtime_error("MemoryIdentityStorage::getNewKeyName not implemented"); |
| 135 | #endif |
| 136 | } |
| 137 | |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 138 | } |