blob: 93e61d481bcec95c813f483f7ddfcd244e18bcbe [file] [log] [blame]
Jeff Thompson25b4e612013-10-10 16:03:24 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
Jeff Thompson41471912013-09-12 16:21:50 -07002/**
Jeff Thompson7687dc02013-09-13 11:54:07 -07003 * Copyright (C) 2013 Regents of the University of California.
Jeff Thompson06e787d2013-09-12 19:00:55 -07004 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
Jeff Thompson7687dc02013-09-13 11:54:07 -07005 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson41471912013-09-12 16:21:50 -07006 * See COPYING for copyright and distribution information.
7 */
8
Jeff Thompson0f2096f2013-10-01 14:49:42 -07009#if 1
10#include <stdexcept>
11#endif
Jeff Thompsone7e069b2013-09-27 15:48:48 -070012#include "../../util/logging.hpp"
Jeff Thompson25b4e612013-10-10 16:03:24 -070013#include <ndn-cpp/sha256-with-rsa-signature.hpp>
14#include <ndn-cpp/security/security-exception.hpp>
15#include <ndn-cpp/security/identity/identity-manager.hpp>
Jeff Thompson41471912013-09-12 16:21:50 -070016
Jeff Thompson9296f0c2013-09-23 18:10:27 -070017using namespace std;
18using namespace ndn::ptr_lib;
Jeff Thompson41471912013-09-12 16:21:50 -070019
Jeff Thompson9296f0c2013-09-23 18:10:27 -070020namespace ndn {
Jeff Thompson86e1d752013-09-17 17:22:38 -070021
Jeff Thompsone7e069b2013-09-27 15:48:48 -070022Name
23IdentityManager::createIdentity(const Name& identityName)
24{
25 if (!identityStorage_->doesIdentityExist(identityName)) {
26 _LOG_DEBUG("Create Identity");
27 identityStorage_->addIdentity(identityName);
28
29 _LOG_DEBUG("Create Default RSA key pair");
30 Name keyName = generateRSAKeyPairAsDefault(identityName, true);
31
32 _LOG_DEBUG("Create self-signed certificate");
33 shared_ptr<Certificate> selfCert = selfSign(keyName);
34
35 _LOG_DEBUG("Add self-signed certificate as default");
36 addCertificateAsDefault(*selfCert);
37
38 return keyName;
39 }
40 else
41 throw SecurityException("Identity has already been created!");
42}
43
44Name
45IdentityManager::generateRSAKeyPair(const Name& identityName, bool isKsk, int keySize)
46{
47 Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
48 _LOG_DEBUG("OK2");
49 return keyName;
50}
51
52Name
53IdentityManager::generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk, int keySize)
54{
55 Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
56
57 identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName);
58
59 return keyName;
60}
61
62void
63IdentityManager::setDefaultCertificateForKey(const Name& certificateName)
64{
65 Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
66
67 if (!identityStorage_->doesKeyExist(keyName))
68 throw SecurityException("No corresponding Key record for certificaite!");
69
70 identityStorage_->setDefaultCertificateNameForKey (keyName, certificateName);
71}
72
73void
74IdentityManager::addCertificateAsIdentityDefault(const Certificate& certificate)
75{
76 identityStorage_->addCertificate(certificate);
77
78 Name keyName = identityStorage_->getKeyNameForCertificate(certificate.getName());
79
80 setDefaultKeyForIdentity(keyName);
81 setDefaultCertificateForKey(certificate.getName());
82}
83
Jeff Thompsonf39a5362013-10-10 16:22:44 -070084void
85IdentityManager::addCertificateAsDefault(const Certificate& certificate)
86{
87 identityStorage_->addCertificate(certificate);
88 setDefaultCertificateForKey(certificate.getName());
89}
90
Jeff Thompson0050abe2013-09-17 12:50:25 -070091void
Jeff Thompson86e1d752013-09-17 17:22:38 -070092IdentityManager::signByCertificate(Data &data, const Name &certificateName, WireFormat& wireFormat)
Jeff Thompson41471912013-09-12 16:21:50 -070093{
Jeff Thompson9296f0c2013-09-23 18:10:27 -070094 Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
95
96 shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName);
Jeff Thompson86e1d752013-09-17 17:22:38 -070097
98 // For temporary usage, we support RSA + SHA256 only, but will support more.
99 data.setSignature(Sha256WithRsaSignature());
100 // Get a pointer to the clone which Data made.
101 Sha256WithRsaSignature *signature = dynamic_cast<Sha256WithRsaSignature*>(data.getSignature());
102 DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256;
103
104 signature->getKeyLocator().setType(ndn_KeyLocatorType_KEYNAME);
105 signature->getKeyLocator().setKeyName(certificateName);
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700106 // Omit the certificate digest.
107 signature->getKeyLocator().setKeyNameType((ndn_KeyNameType)-1);
Jeff Thompson86e1d752013-09-17 17:22:38 -0700108 // Ignore witness and leave the digestAlgorithm as the default.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700109 signature->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKey->getDigest());
Jeff Thompson41471912013-09-12 16:21:50 -0700110
Jeff Thompson86e1d752013-09-17 17:22:38 -0700111 // Encode once to get the signed portion.
112 SignedBlob encoding = data.wireEncode(wireFormat);
113
114 signature->setSignature
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700115 (privateKeyStorage_->sign(encoding.signedBuf(), encoding.signedSize(), keyName, digestAlgorithm));
Jeff Thompson86e1d752013-09-17 17:22:38 -0700116
117 // Encode again to include the signature.
118 data.wireEncode(wireFormat);
Jeff Thompson41471912013-09-12 16:21:50 -0700119}
120
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700121Name
122IdentityManager::generateKeyPair (const Name& identityName, bool isKsk, KeyType keyType, int keySize)
123{
124 _LOG_DEBUG("Get new key ID");
125 Name keyName = identityStorage_->getNewKeyName(identityName, isKsk);
126
127 _LOG_DEBUG("Generate key pair in private storage");
128 privateKeyStorage_->generateKeyPair(keyName.toUri(), keyType, keySize);
129
130 _LOG_DEBUG("Create a key record in public storage");
131 shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName);
132 identityStorage_->addKey(keyName, keyType, publicKey->getKeyDer());
133 _LOG_DEBUG("OK");
134 return keyName;
135}
136
137shared_ptr<Certificate>
138IdentityManager::selfSign (const Name& keyName)
139{
140#if 1
141 throw std::runtime_error("MemoryIdentityStorage::getNewKeyName not implemented");
142#endif
143}
144
Jeff Thompson41471912013-09-12 16:21:50 -0700145}