blob: 961cf95ed988f9895d6cdaebc269281b4e858d9a [file] [log] [blame]
Yingdi Yu31b4af22014-01-14 14:13:00 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
3 * Copyright (C) 2013 Regents of the University of California.
4 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
5 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
6 * See COPYING for copyright and distribution information.
7 */
8
9#ifndef NDN_SEC_PUBLIC_INFO_HPP
10#define NDN_SEC_PUBLIC_INFO_HPP
11
12#include "../../name.hpp"
13#include "../security-common.hpp"
14#include "../certificate/public-key.hpp"
15#include "../certificate/identity-certificate.hpp"
16
Yingdi Yu88663af2014-01-15 15:21:38 -080017
Yingdi Yu31b4af22014-01-14 14:13:00 -080018namespace ndn {
19
20/**
21 * SecPublicInfo is a base class for the storage of identity, public keys and certificates.
22 * Private keys are stored in SecTpm.
23 * This is an abstract base class. A subclass must implement the methods.
24 */
25class SecPublicInfo {
26public:
27 struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
28
29 /**
30 * The virtual Destructor.
31 */
32 virtual
33 ~SecPublicInfo() {}
34
35 /**
36 * Check if the specified identity already exists.
37 * @param identityName The identity name.
38 * @return true if the identity exists, otherwise false.
39 */
40 virtual bool
41 doesIdentityExist(const Name& identityName) = 0;
42
43 /**
44 * Add a new identity. An exception will be thrown if the identity already exists.
45 * @param identityName The identity name to be added.
46 */
47 virtual void
48 addIdentity(const Name& identityName) = 0;
49
50 /**
51 * Revoke the identity.
52 * @return true if the identity was revoked, false if not.
53 */
54 virtual bool
55 revokeIdentity() = 0;
56
57 /**
58 * Check if the specified key already exists.
59 * @param keyName The name of the key.
60 * @return true if the key exists, otherwise false.
61 */
62 virtual bool
63 doesPublicKeyExist(const Name& keyName) = 0;
64
65 /**
66 * Add a public key to the identity storage.
67 * @param keyName The name of the public key to be added.
68 * @param keyType Type of the public key to be added.
69 * @param publicKeyDer A blob of the public key DER to be added.
70 */
71 virtual void
72 addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer) = 0;
73
74 /**
75 * Get the public key DER blob from the identity storage.
76 * @param keyName The name of the requested public key.
77 * @return The DER Blob. If not found, return a Blob with a null pointer.
78 */
79 virtual ptr_lib::shared_ptr<PublicKey>
80 getPublicKey(const Name& keyName) = 0;
81
82 /**
83 * Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
84 * @param keyName name of the key
85 */
86 virtual void
87 activatePublicKey(const Name& keyName) = 0;
88
89 /**
90 * Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
91 * @param keyName name of the key
92 */
93 virtual void
94 deactivatePublicKey(const Name& keyName) = 0;
95
96 /**
97 * Check if the specified certificate already exists.
98 * @param certificateName The name of the certificate.
99 * @return true if the certificate exists, otherwise false.
100 */
101 virtual bool
102 doesCertificateExist(const Name& certificateName) = 0;
103
104 /**
105 * Add a certificate to the identity storage.
106 * @param certificate The certificate to be added. This makes a copy of the certificate.
107 */
108 virtual void
109 addCertificate(const IdentityCertificate& certificate) = 0;
110
111 /**
112 * Get a certificate from the identity storage.
113 * @param certificateName The name of the requested certificate.
114 * @param allowAny If false, only a valid certificate will be returned, otherwise validity is disregarded.
115 * @return The requested certificate. If not found, return a shared_ptr with a null pointer.
116 */
117 virtual ptr_lib::shared_ptr<IdentityCertificate>
Yingdi Yu88663af2014-01-15 15:21:38 -0800118 getCertificate(const Name &certificateName) = 0;
Yingdi Yu31b4af22014-01-14 14:13:00 -0800119
120
121 /*****************************************
122 * Default Getter *
123 *****************************************/
124
125 /**
126 * Get the default identity.
127 * @param return The name of default identity, or an empty name if there is no default.
128 */
129 virtual Name
130 getDefaultIdentity() = 0;
131
132 /**
133 * Get the default key name for the specified identity.
134 * @param identityName The identity name.
135 * @return The default key name.
136 */
137 virtual Name
138 getDefaultKeyNameForIdentity(const Name& identityName) = 0;
139
140 /**
141 * Get the default certificate name for the specified key.
142 * @param keyName The key name.
143 * @return The default certificate name.
144 */
145 virtual Name
146 getDefaultCertificateNameForKey(const Name& keyName) = 0;
147
148 virtual std::vector<Name>
149 getAllIdentities(bool isDefault) = 0;
150
151 virtual std::vector<Name>
152 getAllKeyNames(bool isDefault) = 0;
153
154 virtual std::vector<Name>
155 getAllKeyNamesOfIdentity(const Name& identity, bool isDefault) = 0;
156
157 virtual std::vector<Name>
158 getAllCertificateNames(bool isDefault) = 0;
159
160 virtual std::vector<Name>
161 getAllCertificateNamesOfKey(const Name& keyName, bool isDefault) = 0;
162
163protected:
164
165 /*****************************************
166 * Default Setter *
167 *****************************************/
168
169 /**
170 * Set the default identity. If the identityName does not exist, then clear the default identity
171 * so that getDefaultIdentity() returns an empty name.
172 * @param identityName The default identity name.
173 */
174 virtual void
175 setDefaultIdentityInternal(const Name& identityName) = 0;
176
177 /**
178 * Set the default key name for the corresponding identity.
179 * @param keyName The key name.
180 */
181 virtual void
182 setDefaultKeyNameForIdentityInternal(const Name& keyName) = 0;
183
184 /**
185 * Set the default certificate name for the corresponding key.
186 * @param certificateName The certificate name.
187 */
188 virtual void
189 setDefaultCertificateNameForKeyInternal(const Name& certificateName) = 0;
190
191public:
192
193 /*****************************************
194 * Helper Methods *
195 *****************************************/
196
197 /**
198 * Set the default identity. If the identityName does not exist, then clear the default identity
199 * so that getDefaultIdentity() returns an empty name.
200 * @param identityName The default identity name.
201 */
202 inline void
203 setDefaultIdentity(const Name& identityName);
204
205 /**
206 * Set the default key name for the corresponding identity.
207 * @param keyName The key name.
208 */
209 inline void
210 setDefaultKeyNameForIdentity(const Name& keyName);
211
212 /**
213 * Set the default certificate name for the corresponding key.
214 * @param certificateName The certificate name.
215 */
216 inline void
217 setDefaultCertificateNameForKey(const Name& certificateName);
218
219 /**
220 * Generate a name for a new key belonging to the identity.
221 * @param identityName The identity name.
222 * @param useKsk If true, generate a KSK name, otherwise a DSK name.
223 * @return The generated key name.
224 */
225 inline Name
226 getNewKeyName(const Name& identityName, bool useKsk);
227
228 /**
229 * Get the default certificate name for the specified identity.
230 * @param identityName The identity name.
231 * @return The default certificate name.
232 */
233 inline Name
234 getDefaultCertificateNameForIdentity(const Name& identityName);
235
236 /**
237 * Get the default certificate name of the default identity, which will be used when signing is based on identity and
238 * the identity is not specified.
239 * @return The requested certificate name.
240 */
241 inline Name
242 getDefaultCertificateName();
243
244 /**
245 * Add a certificate and set the certificate as the default of its corresponding key.
246 * @param certificate The certificate to be added. This makes a copy of the certificate.
247 */
248 inline void
249 addCertificateAsKeyDefault(const IdentityCertificate& certificate);
250
251 /**
252 * Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.
253 * @param certificate The certificate to be added. This makes a copy of the certificate.
254 */
255 inline void
256 addCertificateAsIdentityDefault(const IdentityCertificate& certificate);
257
Yingdi Yu88663af2014-01-15 15:21:38 -0800258 inline void
259 addCertificateAsSystemDefault(const IdentityCertificate& certificate);
260
Yingdi Yu31b4af22014-01-14 14:13:00 -0800261 inline ptr_lib::shared_ptr<IdentityCertificate>
262 defaultCertificate();
263
264 inline void
265 refreshDefaultCertificate();
266
267protected:
268 ptr_lib::shared_ptr<IdentityCertificate> defaultCertificate_;
269
270};
271
272void
273SecPublicInfo::setDefaultIdentity(const Name& identityName)
274{
275 setDefaultIdentityInternal(identityName);
276 refreshDefaultCertificate();
277}
278
279void
280SecPublicInfo::setDefaultKeyNameForIdentity(const Name& keyName)
281{
282 setDefaultKeyNameForIdentityInternal(keyName);
283 refreshDefaultCertificate();
284}
285
286void
287SecPublicInfo::setDefaultCertificateNameForKey(const Name& certificateName)
288{
289 setDefaultCertificateNameForKeyInternal(certificateName);
290 refreshDefaultCertificate();
291}
292
293Name
294SecPublicInfo::getDefaultCertificateNameForIdentity(const Name& identityName)
295{
296 return getDefaultCertificateNameForKey(getDefaultKeyNameForIdentity(identityName));
297}
298
299Name
300SecPublicInfo::getNewKeyName (const Name& identityName, bool useKsk)
301{
Yingdi Yu31b4af22014-01-14 14:13:00 -0800302 std::ostringstream oss;
Yingdi Yu31b4af22014-01-14 14:13:00 -0800303
Yingdi Yu31b4af22014-01-14 14:13:00 -0800304 if (useKsk)
Yingdi Yu88663af2014-01-15 15:21:38 -0800305 oss << "ksk-";
Yingdi Yu31b4af22014-01-14 14:13:00 -0800306 else
Yingdi Yu88663af2014-01-15 15:21:38 -0800307 oss << "dsk-";
Yingdi Yu31b4af22014-01-14 14:13:00 -0800308
Yingdi Yu88663af2014-01-15 15:21:38 -0800309 oss << static_cast<int>(getNow()/1000);
310
311 Name keyName = Name(identityName).append(oss.str());
Yingdi Yu31b4af22014-01-14 14:13:00 -0800312
313 if (doesPublicKeyExist(keyName))
314 throw Error("Key name already exists");
315
316 return keyName;
317}
318
319Name
320SecPublicInfo::getDefaultCertificateName()
321{
322 if(!static_cast<bool>(defaultCertificate_))
323 refreshDefaultCertificate();
324
325 if(!static_cast<bool>(defaultCertificate_))
326 return Name();
327
328 return defaultCertificate_->getName();
329}
330
331void
332SecPublicInfo::addCertificateAsKeyDefault(const IdentityCertificate& certificate)
333{
334 addCertificate(certificate);
335 setDefaultCertificateNameForKeyInternal(certificate.getName());
336 refreshDefaultCertificate();
337}
338
339void
340SecPublicInfo::addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
341{
342 addCertificate(certificate);
Yingdi Yu88663af2014-01-15 15:21:38 -0800343 Name certName = certificate.getName();
344 setDefaultKeyNameForIdentityInternal(IdentityCertificate::certificateNameToPublicKeyName(certName));
345 setDefaultCertificateNameForKeyInternal(certName);
346 refreshDefaultCertificate();
347}
348
349void
350SecPublicInfo::addCertificateAsSystemDefault(const IdentityCertificate& certificate)
351{
352 addCertificate(certificate);
353 Name certName = certificate.getName();
354 Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
355 setDefaultIdentityInternal(keyName.getPrefix(-1));
356 setDefaultKeyNameForIdentityInternal(keyName);
357 setDefaultCertificateNameForKeyInternal(certName);
Yingdi Yu31b4af22014-01-14 14:13:00 -0800358 refreshDefaultCertificate();
359}
360
361ptr_lib::shared_ptr<IdentityCertificate>
362SecPublicInfo::defaultCertificate()
363{
364 return defaultCertificate_;
365}
366
367void
368SecPublicInfo::refreshDefaultCertificate()
369{
Yingdi Yu88663af2014-01-15 15:21:38 -0800370 Name certName = getDefaultCertificateNameForIdentity(getDefaultIdentity());
371 if(certName.empty())
372 defaultCertificate_.reset();
373 else
374 defaultCertificate_ = getCertificate(certName);
Yingdi Yu31b4af22014-01-14 14:13:00 -0800375}
376
377
378}
379
380#endif