Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 04b22a9a0ecf9f2046d3a6cd4269250185464e2e / . / src / security / key-chain.cpp
blob: ba9060d55bf58f022cbbb680cbc841b854cdc9c3 [file] [log] [blame]
Jeff Thompson25b4e612013-10-10 16:03:24 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]2/**
Jeff Thompson7687dc02013-09-13 11:54:07 -0700[diff] [blame]3 * Copyright (C) 2013 Regents of the University of California.
Jeff Thompsonba16b8f2013-12-16 13:11:47 -0800[diff] [blame]4 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
Jeff Thompson7687dc02013-09-13 11:54:07 -0700[diff] [blame]5 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]6 * See COPYING for copyright and distribution information.
7 */
8
Jeff Thompson25b4e612013-10-10 16:03:24 -0700[diff] [blame]9#include <ndn-cpp/security/key-chain.hpp>
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]10
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]11#include <ndn-cpp/security/policy/policy-manager.hpp>
12
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]13using namespace std;
Jeff Thompson2381da82013-11-06 14:34:09 -0800[diff] [blame]14using namespace ndn::func_lib;
Jeff Thompson9bdeb6d2013-11-06 14:30:07 -0800[diff] [blame]15#if NDN_CPP_HAVE_STD_FUNCTION
Jeff Thompson09324ed2013-11-06 14:40:35 -0800[diff] [blame]16// In the std library, the placeholders are in a different namespace than boost.
17using namespace ndn::func_lib::placeholders;
Jeff Thompson9bdeb6d2013-11-06 14:30:07 -0800[diff] [blame]18#endif
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]19
20namespace ndn {
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]21
22const ptr_lib::shared_ptr<IdentityManager> KeyChain::DefaultIdentityManager = ptr_lib::shared_ptr<IdentityManager>();
23const ptr_lib::shared_ptr<PolicyManager> KeyChain::DefaultPolicyManager = ptr_lib::shared_ptr<PolicyManager>();
24const ptr_lib::shared_ptr<EncryptionManager> KeyChain::DefaultEncryptionManager = ptr_lib::shared_ptr<EncryptionManager>();
25
26
27KeyChain::KeyChain(const ptr_lib::shared_ptr<IdentityManager> &identityManager /* = DefaultIdentityManager */,
28 const ptr_lib::shared_ptr<PolicyManager> &policyManager /* = DefaultPolicyManager */,
29 const ptr_lib::shared_ptr<EncryptionManager> &encryptionManager /* = DefaultEncryptionManager */)
30 : identityManager_(identityManager)
31 , policyManager_(policyManager)
32 , encryptionManager_(encryptionManager)
33 , maxSteps_(100)
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]34{
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]35// #ifdef USE_SIMPLE_POLICY_MANAGER
36// Ptr<SimplePolicyManager> policyManager = Ptr<SimplePolicyManager>(new SimplePolicyManager());
37// Ptr<IdentityPolicyRule> rule1 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>",
38// "^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
39// ">", "\\1\\2", "\\1", true));
40// Ptr<IdentityPolicyRule> rule2 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
41// "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>",
42// "==", "\\1", "\\1\\2", true));
43// Ptr<IdentityPolicyRule> rule3 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^(<>*)$",
44// "^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
45// ">", "\\1", "\\1", true));
46// policyManager->addVerificationPolicyRule(rule1);
47// policyManager->addVerificationPolicyRule(rule2);
48// policyManager->addVerificationPolicyRule(rule3);
49
50// policyManager->addSigningPolicyRule(rule3);
51
52// m_policyManager = policyManager;
53// #endif
54
55// if (!policyManager_)
56// {
57// policyManager_ = new NoVerifyPolicyManager();
58// }
59
60// #ifdef USE_BASIC_ENCRYPTION_MANAGER
61// encryptionManager_ = new BasicEncryptionManager(m_identityManager->getPrivateStorage(), "/tmp/encryption.db");
62// #endif
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]63}
64
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]65
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]66void
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]67KeyChain::signByIdentity(Data& data, const Name& identityName)
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]68{
69 Name signingCertificateName;
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]70
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]71 if (identityName.getComponentCount() == 0) {
72 Name inferredIdentity = policyManager_->inferSigningIdentity(data.getName());
73 if (inferredIdentity.getComponentCount() == 0)
74 signingCertificateName = identityManager_->getDefaultCertificateName();
75 else
76 signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(inferredIdentity);
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]77 }
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]78 else
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]79 signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(identityName);
80
81 if (signingCertificateName.getComponentCount() == 0)
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]82 throw Error("No qualified certificate name found!");
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]83
84 if (!policyManager_->checkSigningPolicy(data.getName(), signingCertificateName))
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]85 throw Error("Signing Cert name does not comply with signing policy");
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]86
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]87 identities().signByCertificate(data, signingCertificateName);
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]88}
89
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]90Signature
Jeff Thompsone9ffe792013-10-22 10:58:48 -0700[diff] [blame]91KeyChain::signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName)
92{
93 Name signingCertificateName = identityManager_->getDefaultCertificateNameForIdentity(identityName);
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]94
Jeff Thompsone9ffe792013-10-22 10:58:48 -0700[diff] [blame]95 if (signingCertificateName.size() == 0)
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]96 throw Error("No qualified certificate name found!");
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]97
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]98 return identities().signByCertificate(buffer, bufferLength, signingCertificateName);
Jeff Thompsone9ffe792013-10-22 10:58:48 -0700[diff] [blame]99}
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]100
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]101void
Jeff Thompson7c5d2312013-09-25 16:07:15 -0700[diff] [blame]102KeyChain::verifyData
Jeff Thompsonce115762013-12-18 14:59:56 -0800[diff] [blame]103 (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount)
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]104{
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]105 if (policies().requireVerify(*data)) {
Jeff Thompsonce115762013-12-18 14:59:56 -0800[diff] [blame]106 ptr_lib::shared_ptr<ValidationRequest> nextStep = policyManager_->checkVerificationPolicy
Jeff Thompsonf309aa62013-10-31 17:03:54 -0700[diff] [blame]107 (data, stepCount, onVerified, onVerifyFailed);
Jeff Thompsoncda349e2013-11-05 17:37:39 -0800[diff] [blame]108 if (nextStep)
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]109 {
110 if (!face_)
111 throw Error("Face should be set prior to verifyData method to call");
112
113 face_->expressInterest
114 (*nextStep->interest_,
115 bind(&KeyChain::onCertificateData, this, _1, _2, nextStep),
116 bind(&KeyChain::onCertificateInterestTimeout, this, _1, nextStep->retry_, onVerifyFailed, data, nextStep));
117 }
Jeff Thompsonf309aa62013-10-31 17:03:54 -0700[diff] [blame]118 }
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]119 else if (policies().skipVerifyAndTrust(*data))
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]120 onVerified(data);
121 else
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]122 onVerifyFailed(data);
Jeff Thompson1e90d8c2013-08-12 16:09:25 -0700[diff] [blame]123}
124
Jeff Thompsoncda349e2013-11-05 17:37:39 -0800[diff] [blame]125void
Jeff Thompsonce115762013-12-18 14:59:56 -0800[diff] [blame]126KeyChain::onCertificateData(const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep)
Jeff Thompsoncda349e2013-11-05 17:37:39 -0800[diff] [blame]127{
128 // Try to verify the certificate (data) according to the parameters in nextStep.
129 verifyData(data, nextStep->onVerified_, nextStep->onVerifyFailed_, nextStep->stepCount_);
130}
131
132void
133KeyChain::onCertificateInterestTimeout
Jeff Thompsonce115762013-12-18 14:59:56 -0800[diff] [blame]134 (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, const ptr_lib::shared_ptr<Data> &data,
135 ptr_lib::shared_ptr<ValidationRequest> nextStep)
Jeff Thompsoncda349e2013-11-05 17:37:39 -0800[diff] [blame]136{
137 if (retry > 0)
138 // Issue the same expressInterest as in verifyData except decrement retry.
139 face_->expressInterest
140 (*interest,
141 bind(&KeyChain::onCertificateData, this, _1, _2, nextStep),
142 bind(&KeyChain::onCertificateInterestTimeout, this, _1, retry - 1, onVerifyFailed, data, nextStep));
143 else
144 onVerifyFailed(data);
145}
146
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]147}