Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 64a3d810e9636bc0f1a3f0ed5029d8498fa66af6 / . / include / ndn-cpp / security / key-chain.hpp
blob: 4e804cc83d98cc66ec830dea23802a5946bf806d [file] [log] [blame]
Jeff Thompson25b4e612013-10-10 16:03:24 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]2/**
Jeff Thompson7687dc02013-09-13 11:54:07 -0700[diff] [blame]3 * Copyright (C) 2013 Regents of the University of California.
Jeff Thompsonba16b8f2013-12-16 13:11:47 -0800[diff] [blame]4 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
Jeff Thompson7687dc02013-09-13 11:54:07 -0700[diff] [blame]5 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]6 * See COPYING for copyright and distribution information.
7 */
8
9#ifndef NDN_KEY_CHAIN_HPP
Jeff Thompson2d27e2f2013-08-09 12:55:00 -0700[diff] [blame]10#define NDN_KEY_CHAIN_HPP
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]11
Jeff Thompson7a67cb62013-08-26 11:43:18 -0700[diff] [blame]12#include "../data.hpp"
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]13#include "../face.hpp"
14#include "identity/identity-manager.hpp"
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]15#include "encryption/encryption-manager.hpp"
Jeff Thompsonba16b8f2013-12-16 13:11:47 -0800[diff] [blame]16#include "policy/validation-request.hpp"
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]17
18namespace ndn {
19
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]20class PolicyManager;
21
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]22/**
Jeff Thompsonba16b8f2013-12-16 13:11:47 -0800[diff] [blame]23 * KeyChain is the main class of the security library.
Jeff Thompsonffa36f92013-09-20 08:42:41 -0700[diff] [blame]24 *
Jeff Thompsonba16b8f2013-12-16 13:11:47 -0800[diff] [blame]25 * The KeyChain class provides a set of interfaces to the security library such as identity management, policy configuration
Jeff Thompsonffa36f92013-09-20 08:42:41 -0700[diff] [blame]26 * and packet signing and verification.
27 */
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]28class KeyChain {
29public:
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame^]30 struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]31
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame^]32 KeyChain(IdentityManager *identityManager, PolicyManager *policyManager);
33
34 /**
35 * @brief Set the Face which will be used to fetch required certificates.
36 * @param face A pointer to the Face object.
37 *
38 * Setting face is necessary for keychain operation that involve fetching data.
39 */
40 void
41 setFace(const ptr_lib::shared_ptr<Face> &face) { face_ = face; }
42
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]43 /*****************************************
44 * Identity Management *
45 *****************************************/
46
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame^]47 inline IdentityManager&
48 identities()
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]49 {
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame^]50 return *identityManager_;
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]51 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]52
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]53 /*****************************************
54 * Policy Management *
55 *****************************************/
56
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame^]57 inline PolicyManager&
58 policies()
59 {
60 return *policyManager_;
61 }
62
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]63 /*****************************************
64 * Sign/Verify *
65 *****************************************/
66
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]67 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]68 * Wire encode the Data object, sign it and set its signature.
Jeff Thompsonade5b1e2013-08-09 12:16:45 -0700[diff] [blame]69 * Note: the caller must make sure the timestamp is correct, for example with
Jeff Thompsonfec716d2013-09-11 13:54:36 -0700[diff] [blame]70 * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]71 * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]72 * @param certificateName The certificate name of the key to use for signing. If omitted, infer the signing identity from the data packet name.
Jeff Thompson8d24fe12013-09-18 15:54:51 -0700[diff] [blame]73 * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
Jeff Thompson3c73da42013-08-12 11:19:05 -0700[diff] [blame]74 */
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]75 void
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame^]76 sign(Data& data, const Name& certificateName);
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]77
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]78 /**
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]79 * Sign the byte array using a certificate name and return a Signature object.
80 * @param buffer The byte array to be signed.
81 * @param bufferLength the length of buffer.
82 * @param certificateName The certificate name used to get the signing key and which will be put into KeyLocator.
83 * @return The Signature.
84 */
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame^]85 Signature
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]86 sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
87
88 /**
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]89 * Wire encode the Data object, sign it and set its signature.
90 * Note: the caller must make sure the timestamp is correct, for example with
91 * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
92 * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
93 * @param identityName The identity name for the key to use for signing. If omitted, infer the signing identity from the data packet name.
94 * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
95 */
96 void
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame^]97 signByIdentity(Data& data, const Name& identityName = Name());
Jeff Thompson3c73da42013-08-12 11:19:05 -0700[diff] [blame]98
99 /**
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]100 * Sign the byte array using an identity name and return a Signature object.
101 * @param buffer The byte array to be signed.
102 * @param bufferLength the length of buffer.
103 * @param identityName The identity name.
104 * @return The Signature.
105 */
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame^]106 Signature
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]107 signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
108
109 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]110 * Check the signature on the Data object and call either onVerify or onVerifyFailed.
111 * We use callback functions because verify may fetch information to check the signature.
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]112 * @param data The Data object with the signature to check. It is an error if data does not have a wireEncoding.
113 * To set the wireEncoding, you can call data.wireDecode.
114 * @param onVerified If the signature is verified, this calls onVerified(data).
115 * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700[diff] [blame]116 */
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]117 void
Jeff Thompson7c5d2312013-09-25 16:07:15 -0700[diff] [blame]118 verifyData
119 (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700[diff] [blame]120
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]121 /*****************************************
122 * Encrypt/Decrypt *
123 *****************************************/
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame^]124 // todo
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]125
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]126private:
Jeff Thompsoncda349e2013-11-05 17:37:39 -0800[diff] [blame]127 void
128 onCertificateData
129 (const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
130
131 void
132 onCertificateInterestTimeout
133 (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed,
134 const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
135
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame^]136private:
137 std::auto_ptr<IdentityManager> identityManager_;
138 std::auto_ptr<PolicyManager> policyManager_;
139 // std::auto_ptr<EncryptionManager> encryptionManager_;
140 ptr_lib::shared_ptr<Face> face_;
141
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]142 const int maxSteps_;
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]143};
144
145}
146
147#endif