| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 1 | /** |
| Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 2 | * Copyright (C) 2013 Regents of the University of California. |
| Jeff Thompson | 06e787d | 2013-09-12 19:00:55 -0700 | [diff] [blame] | 3 | * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
| Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 4 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 5 | * See COPYING for copyright and distribution information. |
| 6 | */ |
| 7 | |
| Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame^] | 8 | #include "../../util/logging.hpp" |
| Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 9 | #include "../../sha256-with-rsa-signature.hpp" |
| Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame^] | 10 | #include "../security-exception.hpp" |
| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 11 | #include "identity-manager.hpp" |
| 12 | |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 13 | using namespace std; |
| 14 | using namespace ndn::ptr_lib; |
| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 15 | |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 16 | namespace ndn { |
| Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 17 | |
| Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame^] | 18 | Name |
| 19 | IdentityManager::createIdentity(const Name& identityName) |
| 20 | { |
| 21 | if (!identityStorage_->doesIdentityExist(identityName)) { |
| 22 | _LOG_DEBUG("Create Identity"); |
| 23 | identityStorage_->addIdentity(identityName); |
| 24 | |
| 25 | _LOG_DEBUG("Create Default RSA key pair"); |
| 26 | Name keyName = generateRSAKeyPairAsDefault(identityName, true); |
| 27 | |
| 28 | _LOG_DEBUG("Create self-signed certificate"); |
| 29 | shared_ptr<Certificate> selfCert = selfSign(keyName); |
| 30 | |
| 31 | _LOG_DEBUG("Add self-signed certificate as default"); |
| 32 | addCertificateAsDefault(*selfCert); |
| 33 | |
| 34 | return keyName; |
| 35 | } |
| 36 | else |
| 37 | throw SecurityException("Identity has already been created!"); |
| 38 | } |
| 39 | |
| 40 | Name |
| 41 | IdentityManager::generateRSAKeyPair(const Name& identityName, bool isKsk, int keySize) |
| 42 | { |
| 43 | Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize); |
| 44 | _LOG_DEBUG("OK2"); |
| 45 | return keyName; |
| 46 | } |
| 47 | |
| 48 | Name |
| 49 | IdentityManager::generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk, int keySize) |
| 50 | { |
| 51 | Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize); |
| 52 | |
| 53 | identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName); |
| 54 | |
| 55 | return keyName; |
| 56 | } |
| 57 | |
| 58 | void |
| 59 | IdentityManager::setDefaultCertificateForKey(const Name& certificateName) |
| 60 | { |
| 61 | Name keyName = identityStorage_->getKeyNameForCertificate(certificateName); |
| 62 | |
| 63 | if (!identityStorage_->doesKeyExist(keyName)) |
| 64 | throw SecurityException("No corresponding Key record for certificaite!"); |
| 65 | |
| 66 | identityStorage_->setDefaultCertificateNameForKey (keyName, certificateName); |
| 67 | } |
| 68 | |
| 69 | void |
| 70 | IdentityManager::addCertificateAsIdentityDefault(const Certificate& certificate) |
| 71 | { |
| 72 | identityStorage_->addCertificate(certificate); |
| 73 | |
| 74 | Name keyName = identityStorage_->getKeyNameForCertificate(certificate.getName()); |
| 75 | |
| 76 | setDefaultKeyForIdentity(keyName); |
| 77 | setDefaultCertificateForKey(certificate.getName()); |
| 78 | } |
| 79 | |
| Jeff Thompson | 0050abe | 2013-09-17 12:50:25 -0700 | [diff] [blame] | 80 | void |
| Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 81 | IdentityManager::signByCertificate(Data &data, const Name &certificateName, WireFormat& wireFormat) |
| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 82 | { |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 83 | Name keyName = identityStorage_->getKeyNameForCertificate(certificateName); |
| 84 | |
| 85 | shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName); |
| Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 86 | |
| 87 | // For temporary usage, we support RSA + SHA256 only, but will support more. |
| 88 | data.setSignature(Sha256WithRsaSignature()); |
| 89 | // Get a pointer to the clone which Data made. |
| 90 | Sha256WithRsaSignature *signature = dynamic_cast<Sha256WithRsaSignature*>(data.getSignature()); |
| 91 | DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256; |
| 92 | |
| 93 | signature->getKeyLocator().setType(ndn_KeyLocatorType_KEYNAME); |
| 94 | signature->getKeyLocator().setKeyName(certificateName); |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 95 | // Omit the certificate digest. |
| 96 | signature->getKeyLocator().setKeyNameType((ndn_KeyNameType)-1); |
| Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 97 | // Ignore witness and leave the digestAlgorithm as the default. |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 98 | signature->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKey->getDigest()); |
| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 99 | |
| Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 100 | // Encode once to get the signed portion. |
| 101 | SignedBlob encoding = data.wireEncode(wireFormat); |
| 102 | |
| 103 | signature->setSignature |
| Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 104 | (privateKeyStorage_->sign(encoding.signedBuf(), encoding.signedSize(), keyName, digestAlgorithm)); |
| Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 105 | |
| 106 | // Encode again to include the signature. |
| 107 | data.wireEncode(wireFormat); |
| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 108 | } |
| 109 | |
| Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame^] | 110 | Name |
| 111 | IdentityManager::generateKeyPair (const Name& identityName, bool isKsk, KeyType keyType, int keySize) |
| 112 | { |
| 113 | _LOG_DEBUG("Get new key ID"); |
| 114 | Name keyName = identityStorage_->getNewKeyName(identityName, isKsk); |
| 115 | |
| 116 | _LOG_DEBUG("Generate key pair in private storage"); |
| 117 | privateKeyStorage_->generateKeyPair(keyName.toUri(), keyType, keySize); |
| 118 | |
| 119 | _LOG_DEBUG("Create a key record in public storage"); |
| 120 | shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName); |
| 121 | identityStorage_->addKey(keyName, keyType, publicKey->getKeyDer()); |
| 122 | _LOG_DEBUG("OK"); |
| 123 | return keyName; |
| 124 | } |
| 125 | |
| 126 | shared_ptr<Certificate> |
| 127 | IdentityManager::selfSign (const Name& keyName) |
| 128 | { |
| 129 | #if 1 |
| 130 | throw std::runtime_error("MemoryIdentityStorage::getNewKeyName not implemented"); |
| 131 | #endif |
| 132 | } |
| 133 | |
| Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 134 | } |