blob: fc914101fb02fe151ef2548a1532f4a937a310e9 [file] [log] [blame]
Yingdi Yu1b0311c2015-06-10 14:58:47 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Alexander Afanasyevc95f5642017-01-04 17:34:26 -08003 * Copyright (c) 2013-2017 Regents of the University of California.
Yingdi Yu1b0311c2015-06-10 14:58:47 -07004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#ifndef NDN_SECURITY_SIGNING_INFO_HPP
23#define NDN_SECURITY_SIGNING_INFO_HPP
24
25#include "../name.hpp"
26#include "../signature-info.hpp"
Alexander Afanasyevd6d78aa2017-01-02 18:14:23 -080027#include "pib/identity.hpp"
28#include "pib/key.hpp"
Yingdi Yu1b0311c2015-06-10 14:58:47 -070029#include "security-common.hpp"
30
Yingdi Yu1b0311c2015-06-10 14:58:47 -070031namespace ndn {
32namespace security {
33
34/**
35 * @brief Signing parameters passed to KeyChain
Alexander Afanasyevd6d78aa2017-01-02 18:14:23 -080036 *
37 * A SigningInfo is invalid if the specified identity/key/certificate does not exist,
38 * or the PIB Identity or Key instance is not valid.
Yingdi Yu1b0311c2015-06-10 14:58:47 -070039 */
40class SigningInfo
41{
42public:
43 class Error : public std::runtime_error
44 {
45 public:
46 explicit
47 Error(const std::string& what)
48 : std::runtime_error(what)
49 {
50 }
51 };
52
53 enum SignerType {
54 /// @brief no signer is specified, use default setting or follow the trust schema
55 SIGNER_TYPE_NULL = 0,
56 /// @brief signer is an identity, use its default key and default certificate
57 SIGNER_TYPE_ID = 1,
58 /// @brief signer is a key, use its default certificate
59 SIGNER_TYPE_KEY = 2,
60 /// @brief signer is a certificate, use it directly
61 SIGNER_TYPE_CERT = 3,
62 /// @brief use sha256 digest, no signer needs to be specified
Alexander Afanasyevd6d78aa2017-01-02 18:14:23 -080063 SIGNER_TYPE_SHA256 = 4,
64 /// @brief given PIB identity handle, use its default key and default certificate
65 SIGNER_TYPE_PIB_ID = 5,
66 /// @brief given PIB key handle, use its default certificate
67 SIGNER_TYPE_PIB_KEY = 6
Yingdi Yu1b0311c2015-06-10 14:58:47 -070068 };
69
70public:
71 /**
72 * @brief Constructor
73 *
74 * @param signerType The type of signer
75 * @param signerName The name of signer; interpretation differs per signerType
76 * @param signatureInfo A semi-prepared SignatureInfo which contains other information except
77 * SignatureType and KeyLocator. If SignatureType and KeyLocator are
78 * specified, they may be overwritten by KeyChain.
79 */
80 explicit
81 SigningInfo(SignerType signerType = SIGNER_TYPE_NULL,
Yingdi Yufe4733a2015-10-22 14:24:12 -070082 const Name& signerName = getEmptyName(),
83 const SignatureInfo& signatureInfo = getEmptySignatureInfo());
Yingdi Yu1b0311c2015-06-10 14:58:47 -070084
85 /**
Alexander Afanasyevd6d78aa2017-01-02 18:14:23 -080086 * @brief Create a signingInfo using pib identity;
87 */
88 explicit
89 SigningInfo(const Identity& identity);
90
91 /**
92 * @brief Create a signingInfo using pib key;
93 */
94 explicit
95 SigningInfo(const Key& key);
96
97 /**
Spencer Lee308bc442015-11-24 02:59:55 -070098 * @brief Construct SigningInfo from its string representation
99 *
100 * @param signingStr The representative signing string for SigningInfo signing method
101 *
102 * Structure of the representative string is as follows:
103 * - default signing: "" (empty string)
104 * - signing with a default certificate of a default key for the identity: `id:/my-identity`
105 * - signing with a default certificate of the key: `key:/my-identity/ksk-1`
106 * - signing with the certificate: `cert:/my-identity/KEY/ksk-1/ID-CERT/%FD%01`
107 * - signing with sha256 digest: `id:/localhost/identity/digest-sha256`
108 */
109 explicit
110 SigningInfo(const std::string& signingStr);
111
112 /**
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700113 * @brief Set signer as an identity with name @p identity
114 * @post Change the signerType to SIGNER_TYPE_ID
115 */
Alexander Afanasyevc95f5642017-01-04 17:34:26 -0800116 SigningInfo&
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700117 setSigningIdentity(const Name& identity);
118
119 /**
120 * @brief Set signer as a key with name @p keyName
121 * @post Change the signerType to SIGNER_TYPE_KEY
122 */
Alexander Afanasyevc95f5642017-01-04 17:34:26 -0800123 SigningInfo&
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700124 setSigningKeyName(const Name& keyName);
125
126 /**
127 * @brief Set signer as a certificate with name @p certificateName
128 * @post Change the signerType to SIGNER_TYPE_CERT
129 */
Alexander Afanasyevc95f5642017-01-04 17:34:26 -0800130 SigningInfo&
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700131 setSigningCertName(const Name& certificateName);
132
133 /**
134 * @brief Set Sha256 as the signing method
135 * @post Reset signerName, also change the signerType to SIGNER_TYPE_SHA256
136 */
Alexander Afanasyevc95f5642017-01-04 17:34:26 -0800137 SigningInfo&
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700138 setSha256Signing();
139
140 /**
Alexander Afanasyevd6d78aa2017-01-02 18:14:23 -0800141 * @brief Set signer as a PIB identity handler @p identity
142 * @post Change the signerType to SIGNER_TYPE_PIB_ID
143 */
144 SigningInfo&
145 setPibIdentity(const Identity& identity);
146
147 /**
148 * @brief Set signer as a PIB key handler @p key
149 * @post Change the signerType to SIGNER_TYPE_PIB_KEY
150 */
151 SigningInfo&
152 setPibKey(const Key& key);
153
154 /**
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700155 * @return Type of the signer
156 */
157 SignerType
158 getSignerType() const
159 {
160 return m_type;
161 }
162
163 /**
164 * @return Name of signer; interpretation differs per signerType
165 */
166 const Name&
167 getSignerName() const
168 {
169 return m_name;
170 }
171
172 /**
Alexander Afanasyevd6d78aa2017-01-02 18:14:23 -0800173 * @pre signerType must be SIGNER_TYPE_PIB_ID
174 * @return the identity handler of signer
175 */
176 const Identity&
177 getPibIdentity() const
178 {
179 BOOST_ASSERT(m_type == SIGNER_TYPE_PIB_ID);
180 return m_identity;
181 }
182
183 /**
184 * @pre signerType must be SIGNER_TYPE_PIB_KEY
185 * @return the key handler of signer
186 */
187 const Key&
188 getPibKey() const
189 {
190 BOOST_ASSERT(m_type == SIGNER_TYPE_PIB_KEY);
191 return m_key;
192 }
193
194 /**
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700195 * @brief Set the digest algorithm for public key operations
196 */
Alexander Afanasyevc95f5642017-01-04 17:34:26 -0800197 SigningInfo&
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700198 setDigestAlgorithm(const DigestAlgorithm& algorithm)
199 {
200 m_digestAlgorithm = algorithm;
Alexander Afanasyevc95f5642017-01-04 17:34:26 -0800201 return *this;
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700202 }
203
204 /**
205 * @return The digest algorithm for public key operations
206 */
207 DigestAlgorithm
208 getDigestAlgorithm() const
209 {
210 return m_digestAlgorithm;
211 }
212
213 /**
214 * @brief Set a semi-prepared SignatureInfo;
215 */
Alexander Afanasyevc95f5642017-01-04 17:34:26 -0800216 SigningInfo&
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700217 setSignatureInfo(const SignatureInfo& signatureInfo);
218
219 /**
220 * @return Semi-prepared SignatureInfo
221 */
222 const SignatureInfo&
223 getSignatureInfo() const
224 {
225 return m_info;
226 }
227
228public:
Yingdi Yufe4733a2015-10-22 14:24:12 -0700229 static const Name&
230 getEmptyName();
231
232 static const SignatureInfo&
233 getEmptySignatureInfo();
234
235 /**
236 * @brief A localhost identity to indicate that the signature is generated using SHA-256.
237 */
238 static const Name&
239 getDigestSha256Identity();
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700240
241private:
242 SignerType m_type;
243 Name m_name;
Alexander Afanasyevd6d78aa2017-01-02 18:14:23 -0800244 Identity m_identity;
245 Key m_key;
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700246 DigestAlgorithm m_digestAlgorithm;
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700247 SignatureInfo m_info;
248};
249
Spencer Lee308bc442015-11-24 02:59:55 -0700250std::ostream&
251operator<<(std::ostream& os, const SigningInfo& si);
252
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700253} // namespace security
254} // namespace ndn
255
256#endif // NDN_SECURITY_SIGNING_INFO_HPP