Blame - src/security/key-chain.cpp - ndn-cxx

blob: 424a8e8369b1191af9b1806a39f99458ddf9ea59 [file] [log] [blame]

Jeff Thompson	25b4e61	2013-10-10 16:03:24 -0700	[diff] [blame]	1	/* -- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -- */
Jeff Thompson	47c93cf	2013-08-09 00:38:48 -0700	[diff] [blame]	2	/**
Jeff Thompson	7687dc0	2013-09-13 11:54:07 -0700	[diff] [blame]	3	* Copyright (C) 2013 Regents of the University of California.
				4	* @author: Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson	47c93cf	2013-08-09 00:38:48 -0700	[diff] [blame]	5	* See COPYING for copyright and distribution information.
				6	*/
				7
Jeff Thompson	7a67cb6	2013-08-26 11:43:18 -0700	[diff] [blame]	8	#include "../c/util/crypto.h"
				9	#include "../c/encoding/binary-xml-data.h"
				10	#include "../encoding/binary-xml-encoder.hpp"
Jeff Thompson	25b4e61	2013-10-10 16:03:24 -0700	[diff] [blame]	11	#include <ndn-cpp/sha256-with-rsa-signature.hpp>
Jeff Thompson	9296f0c	2013-09-23 18:10:27 -0700	[diff] [blame]	12	#include "../util/logging.hpp"
Jeff Thompson	25b4e61	2013-10-10 16:03:24 -0700	[diff] [blame]	13	#include <ndn-cpp/security/security-exception.hpp>
				14	#include <ndn-cpp/security/policy/policy-manager.hpp>
Jeff Thompson	f309aa6	2013-10-31 17:03:54 -0700	[diff] [blame]	15	#include "policy/validation-request.hpp"
Jeff Thompson	25b4e61	2013-10-10 16:03:24 -0700	[diff] [blame]	16	#include <ndn-cpp/security/key-chain.hpp>
Jeff Thompson	47c93cf	2013-08-09 00:38:48 -0700	[diff] [blame]	17
				18	using namespace std;
Jeff Thompson	d4144fe	2013-09-18 15:59:57 -0700	[diff] [blame]	19	using namespace ndn::ptr_lib;
Jeff Thompson	47c93cf	2013-08-09 00:38:48 -0700	[diff] [blame]	20
				21	namespace ndn {
				22
Jeff Thompson	29ce310	2013-09-27 11:47:48 -0700	[diff] [blame]	23	KeyChain::KeyChain(const shared_ptr<IdentityManager>& identityManager, const shared_ptr<PolicyManager>& policyManager)
				24	: identityManager_(identityManager), policyManager_(policyManager), face_(0), maxSteps_(100)
Jeff Thompson	9296f0c	2013-09-23 18:10:27 -0700	[diff] [blame]	25	{
				26	}
				27
Jeff Thompson	2ce8f49	2013-09-17 18:01:25 -0700	[diff] [blame]	28	void
Jeff Thompson	29ce310	2013-09-27 11:47:48 -0700	[diff] [blame]	29	KeyChain::sign(Data& data, const Name& certificateName, WireFormat& wireFormat)
Jeff Thompson	2ce8f49	2013-09-17 18:01:25 -0700	[diff] [blame]	30	{
Jeff Thompson	29ce310	2013-09-27 11:47:48 -0700	[diff] [blame]	31	identityManager_->signByCertificate(data, certificateName, wireFormat);
				32	}
				33
Jeff Thompson	c01e178	2013-10-21 14:08:42 -0700	[diff] [blame]	34	shared_ptr<Signature>
				35	KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
				36	{
				37	return identityManager_->signByCertificate(buffer, bufferLength, certificateName);
				38	}
				39
Jeff Thompson	29ce310	2013-09-27 11:47:48 -0700	[diff] [blame]	40	void
				41	KeyChain::signByIdentity(Data& data, const Name& identityName, WireFormat& wireFormat)
				42	{
				43	Name signingCertificateName;
Jeff Thompson	9296f0c	2013-09-23 18:10:27 -0700	[diff] [blame]	44
Jeff Thompson	29ce310	2013-09-27 11:47:48 -0700	[diff] [blame]	45	if (identityName.getComponentCount() == 0) {
				46	Name inferredIdentity = policyManager_->inferSigningIdentity(data.getName());
				47	if (inferredIdentity.getComponentCount() == 0)
				48	signingCertificateName = identityManager_->getDefaultCertificateName();
				49	else
				50	signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(inferredIdentity);
Jeff Thompson	2ce8f49	2013-09-17 18:01:25 -0700	[diff] [blame]	51	}
Jeff Thompson	9296f0c	2013-09-23 18:10:27 -0700	[diff] [blame]	52	else
Jeff Thompson	29ce310	2013-09-27 11:47:48 -0700	[diff] [blame]	53	signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(identityName);
				54
				55	if (signingCertificateName.getComponentCount() == 0)
				56	throw SecurityException("No qualified certificate name found!");
				57
				58	if (!policyManager_->checkSigningPolicy(data.getName(), signingCertificateName))
Jeff Thompson	9296f0c	2013-09-23 18:10:27 -0700	[diff] [blame]	59	throw SecurityException("Signing Cert name does not comply with signing policy");
Jeff Thompson	29ce310	2013-09-27 11:47:48 -0700	[diff] [blame]	60
Jeff Thompson	56e6265	2013-10-31 16:13:25 -0700	[diff] [blame]	61	identityManager_->signByCertificate(data, signingCertificateName, wireFormat);
Jeff Thompson	2ce8f49	2013-09-17 18:01:25 -0700	[diff] [blame]	62	}
				63
Jeff Thompson	e9ffe79	2013-10-22 10:58:48 -0700	[diff] [blame]	64	shared_ptr<Signature>
				65	KeyChain::signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName)
				66	{
				67	Name signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(identityName);
Jeff Thompson	c01e178	2013-10-21 14:08:42 -0700	[diff] [blame]	68
Jeff Thompson	e9ffe79	2013-10-22 10:58:48 -0700	[diff] [blame]	69	if (signingCertificateName.size() == 0)
				70	throw SecurityException("No qualified certificate name found!");
Jeff Thompson	c01e178	2013-10-21 14:08:42 -0700	[diff] [blame]	71
Jeff Thompson	e9ffe79	2013-10-22 10:58:48 -0700	[diff] [blame]	72	return identityManager_->signByCertificate(buffer, bufferLength, signingCertificateName);
				73	}
Jeff Thompson	c01e178	2013-10-21 14:08:42 -0700	[diff] [blame]	74
Jeff Thompson	2ce8f49	2013-09-17 18:01:25 -0700	[diff] [blame]	75	void
Jeff Thompson	7c5d231	2013-09-25 16:07:15 -0700	[diff] [blame]	76	KeyChain::verifyData
				77	(const shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount)
Jeff Thompson	2ce8f49	2013-09-17 18:01:25 -0700	[diff] [blame]	78	{
Jeff Thompson	2ce8f49	2013-09-17 18:01:25 -0700	[diff] [blame]	79	_LOG_TRACE("Enter Verify");
Jeff Thompson	2ce8f49	2013-09-17 18:01:25 -0700	[diff] [blame]	80
Jeff Thompson	f309aa6	2013-10-31 17:03:54 -0700	[diff] [blame]	81	if (policyManager_->requireVerify(*data)) {
				82	shared_ptr<ValidationRequest> nextStep = policyManager_->checkVerificationPolicy
				83	(data, stepCount, onVerified, onVerifyFailed);
Jeff Thompson	cda349e	2013-11-05 17:37:39 -0800	[diff] [blame^]	84	if (nextStep)
				85	face_->expressInterest
				86	(*nextStep->interest_,
				87	bind(&KeyChain::onCertificateData, this, _1, _2, nextStep),
				88	bind(&KeyChain::onCertificateInterestTimeout, this, _1, nextStep->retry_, onVerifyFailed, data, nextStep));
Jeff Thompson	f309aa6	2013-10-31 17:03:54 -0700	[diff] [blame]	89	}
				90	else if (policyManager_->skipVerifyAndTrust(*data))
Jeff Thompson	2ce8f49	2013-09-17 18:01:25 -0700	[diff] [blame]	91	onVerified(data);
				92	else
Jeff Thompson	29ce310	2013-09-27 11:47:48 -0700	[diff] [blame]	93	onVerifyFailed(data);
Jeff Thompson	1e90d8c	2013-08-12 16:09:25 -0700	[diff] [blame]	94	}
				95
Jeff Thompson	cda349e	2013-11-05 17:37:39 -0800	[diff] [blame^]	96	void
				97	KeyChain::onCertificateData(const shared_ptr<const Interest> &interest, const shared_ptr<Data> &data, shared_ptr<ValidationRequest> nextStep)
				98	{
				99	// Try to verify the certificate (data) according to the parameters in nextStep.
				100	verifyData(data, nextStep->onVerified_, nextStep->onVerifyFailed_, nextStep->stepCount_);
				101	}
				102
				103	void
				104	KeyChain::onCertificateInterestTimeout
				105	(const shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, const shared_ptr<Data> &data,
				106	shared_ptr<ValidationRequest> nextStep)
				107	{
				108	if (retry > 0)
				109	// Issue the same expressInterest as in verifyData except decrement retry.
				110	face_->expressInterest
				111	(*interest,
				112	bind(&KeyChain::onCertificateData, this, _1, _2, nextStep),
				113	bind(&KeyChain::onCertificateInterestTimeout, this, _1, retry - 1, onVerifyFailed, data, nextStep));
				114	else
				115	onVerifyFailed(data);
				116	}
				117
Jeff Thompson	47c93cf	2013-08-09 00:38:48 -0700	[diff] [blame]	118	}