| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 1 | /** |
| Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 2 | * Copyright (C) 2013 Regents of the University of California. |
| Jeff Thompson | 06e787d | 2013-09-12 19:00:55 -0700 | [diff] [blame] | 3 | * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
| Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 4 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 5 | * See COPYING for copyright and distribution information. |
| 6 | */ |
| 7 | |
| Jeff Thompson | 0f2096f | 2013-10-01 14:49:42 -0700 | [diff] [blame] | 8 | #if 1 |
| 9 | #include <stdexcept> |
| 10 | #endif |
| Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 11 | #include "../../util/logging.hpp" |
| Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 12 | #include "../../sha256-with-rsa-signature.hpp" |
| Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 13 | #include "../security-exception.hpp" |
| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 14 | #include "identity-manager.hpp" |
| 15 | |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 16 | using namespace std; |
| 17 | using namespace ndn::ptr_lib; |
| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 18 | |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 19 | namespace ndn { |
| Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 20 | |
| Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 21 | Name |
| 22 | IdentityManager::createIdentity(const Name& identityName) |
| 23 | { |
| 24 | if (!identityStorage_->doesIdentityExist(identityName)) { |
| 25 | _LOG_DEBUG("Create Identity"); |
| 26 | identityStorage_->addIdentity(identityName); |
| 27 | |
| 28 | _LOG_DEBUG("Create Default RSA key pair"); |
| 29 | Name keyName = generateRSAKeyPairAsDefault(identityName, true); |
| 30 | |
| 31 | _LOG_DEBUG("Create self-signed certificate"); |
| 32 | shared_ptr<Certificate> selfCert = selfSign(keyName); |
| 33 | |
| 34 | _LOG_DEBUG("Add self-signed certificate as default"); |
| 35 | addCertificateAsDefault(*selfCert); |
| 36 | |
| 37 | return keyName; |
| 38 | } |
| 39 | else |
| 40 | throw SecurityException("Identity has already been created!"); |
| 41 | } |
| 42 | |
| 43 | Name |
| 44 | IdentityManager::generateRSAKeyPair(const Name& identityName, bool isKsk, int keySize) |
| 45 | { |
| 46 | Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize); |
| 47 | _LOG_DEBUG("OK2"); |
| 48 | return keyName; |
| 49 | } |
| 50 | |
| 51 | Name |
| 52 | IdentityManager::generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk, int keySize) |
| 53 | { |
| 54 | Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize); |
| 55 | |
| 56 | identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName); |
| 57 | |
| 58 | return keyName; |
| 59 | } |
| 60 | |
| 61 | void |
| 62 | IdentityManager::setDefaultCertificateForKey(const Name& certificateName) |
| 63 | { |
| 64 | Name keyName = identityStorage_->getKeyNameForCertificate(certificateName); |
| 65 | |
| 66 | if (!identityStorage_->doesKeyExist(keyName)) |
| 67 | throw SecurityException("No corresponding Key record for certificaite!"); |
| 68 | |
| 69 | identityStorage_->setDefaultCertificateNameForKey (keyName, certificateName); |
| 70 | } |
| 71 | |
| 72 | void |
| 73 | IdentityManager::addCertificateAsIdentityDefault(const Certificate& certificate) |
| 74 | { |
| 75 | identityStorage_->addCertificate(certificate); |
| 76 | |
| 77 | Name keyName = identityStorage_->getKeyNameForCertificate(certificate.getName()); |
| 78 | |
| 79 | setDefaultKeyForIdentity(keyName); |
| 80 | setDefaultCertificateForKey(certificate.getName()); |
| 81 | } |
| 82 | |
| Jeff Thompson | 0050abe | 2013-09-17 12:50:25 -0700 | [diff] [blame] | 83 | void |
| Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 84 | IdentityManager::signByCertificate(Data &data, const Name &certificateName, WireFormat& wireFormat) |
| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 85 | { |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 86 | Name keyName = identityStorage_->getKeyNameForCertificate(certificateName); |
| 87 | |
| 88 | shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName); |
| Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 89 | |
| 90 | // For temporary usage, we support RSA + SHA256 only, but will support more. |
| 91 | data.setSignature(Sha256WithRsaSignature()); |
| 92 | // Get a pointer to the clone which Data made. |
| 93 | Sha256WithRsaSignature *signature = dynamic_cast<Sha256WithRsaSignature*>(data.getSignature()); |
| 94 | DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256; |
| 95 | |
| 96 | signature->getKeyLocator().setType(ndn_KeyLocatorType_KEYNAME); |
| 97 | signature->getKeyLocator().setKeyName(certificateName); |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 98 | // Omit the certificate digest. |
| 99 | signature->getKeyLocator().setKeyNameType((ndn_KeyNameType)-1); |
| Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 100 | // Ignore witness and leave the digestAlgorithm as the default. |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 101 | signature->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKey->getDigest()); |
| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 102 | |
| Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 103 | // Encode once to get the signed portion. |
| 104 | SignedBlob encoding = data.wireEncode(wireFormat); |
| 105 | |
| 106 | signature->setSignature |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 107 | (privateKeyStorage_->sign(encoding.signedBuf(), encoding.signedSize(), keyName, digestAlgorithm)); |
| Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 108 | |
| 109 | // Encode again to include the signature. |
| 110 | data.wireEncode(wireFormat); |
| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 111 | } |
| 112 | |
| Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 113 | Name |
| 114 | IdentityManager::generateKeyPair (const Name& identityName, bool isKsk, KeyType keyType, int keySize) |
| 115 | { |
| 116 | _LOG_DEBUG("Get new key ID"); |
| 117 | Name keyName = identityStorage_->getNewKeyName(identityName, isKsk); |
| 118 | |
| 119 | _LOG_DEBUG("Generate key pair in private storage"); |
| 120 | privateKeyStorage_->generateKeyPair(keyName.toUri(), keyType, keySize); |
| 121 | |
| 122 | _LOG_DEBUG("Create a key record in public storage"); |
| 123 | shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName); |
| 124 | identityStorage_->addKey(keyName, keyType, publicKey->getKeyDer()); |
| 125 | _LOG_DEBUG("OK"); |
| 126 | return keyName; |
| 127 | } |
| 128 | |
| 129 | shared_ptr<Certificate> |
| 130 | IdentityManager::selfSign (const Name& keyName) |
| 131 | { |
| 132 | #if 1 |
| 133 | throw std::runtime_error("MemoryIdentityStorage::getNewKeyName not implemented"); |
| 134 | #endif |
| 135 | } |
| 136 | |
| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 137 | } |