Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /** |
| 3 | * Copyright (C) 2013 Regents of the University of California. |
| 4 | * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
| 5 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
| 6 | * See COPYING for copyright and distribution information. |
| 7 | */ |
| 8 | |
| 9 | #ifndef NDN_SEC_PUBLIC_INFO_HPP |
| 10 | #define NDN_SEC_PUBLIC_INFO_HPP |
| 11 | |
| 12 | #include "../../name.hpp" |
| 13 | #include "../security-common.hpp" |
| 14 | #include "../certificate/public-key.hpp" |
| 15 | #include "../certificate/identity-certificate.hpp" |
| 16 | |
Yingdi Yu | 88663af | 2014-01-15 15:21:38 -0800 | [diff] [blame] | 17 | |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 18 | namespace ndn { |
| 19 | |
| 20 | /** |
| 21 | * SecPublicInfo is a base class for the storage of identity, public keys and certificates. |
| 22 | * Private keys are stored in SecTpm. |
| 23 | * This is an abstract base class. A subclass must implement the methods. |
| 24 | */ |
| 25 | class SecPublicInfo { |
| 26 | public: |
| 27 | struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} }; |
| 28 | |
| 29 | /** |
| 30 | * The virtual Destructor. |
| 31 | */ |
| 32 | virtual |
| 33 | ~SecPublicInfo() {} |
| 34 | |
| 35 | /** |
| 36 | * Check if the specified identity already exists. |
| 37 | * @param identityName The identity name. |
| 38 | * @return true if the identity exists, otherwise false. |
| 39 | */ |
| 40 | virtual bool |
| 41 | doesIdentityExist(const Name& identityName) = 0; |
| 42 | |
| 43 | /** |
| 44 | * Add a new identity. An exception will be thrown if the identity already exists. |
| 45 | * @param identityName The identity name to be added. |
| 46 | */ |
| 47 | virtual void |
| 48 | addIdentity(const Name& identityName) = 0; |
| 49 | |
| 50 | /** |
| 51 | * Revoke the identity. |
| 52 | * @return true if the identity was revoked, false if not. |
| 53 | */ |
| 54 | virtual bool |
| 55 | revokeIdentity() = 0; |
| 56 | |
| 57 | /** |
| 58 | * Check if the specified key already exists. |
| 59 | * @param keyName The name of the key. |
| 60 | * @return true if the key exists, otherwise false. |
| 61 | */ |
| 62 | virtual bool |
| 63 | doesPublicKeyExist(const Name& keyName) = 0; |
| 64 | |
| 65 | /** |
| 66 | * Add a public key to the identity storage. |
| 67 | * @param keyName The name of the public key to be added. |
| 68 | * @param keyType Type of the public key to be added. |
| 69 | * @param publicKeyDer A blob of the public key DER to be added. |
| 70 | */ |
| 71 | virtual void |
| 72 | addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer) = 0; |
| 73 | |
| 74 | /** |
| 75 | * Get the public key DER blob from the identity storage. |
| 76 | * @param keyName The name of the requested public key. |
| 77 | * @return The DER Blob. If not found, return a Blob with a null pointer. |
| 78 | */ |
| 79 | virtual ptr_lib::shared_ptr<PublicKey> |
| 80 | getPublicKey(const Name& keyName) = 0; |
| 81 | |
| 82 | /** |
| 83 | * Activate a key. If a key is marked as inactive, its private part will not be used in packet signing. |
| 84 | * @param keyName name of the key |
| 85 | */ |
| 86 | virtual void |
| 87 | activatePublicKey(const Name& keyName) = 0; |
| 88 | |
| 89 | /** |
| 90 | * Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing. |
| 91 | * @param keyName name of the key |
| 92 | */ |
| 93 | virtual void |
| 94 | deactivatePublicKey(const Name& keyName) = 0; |
| 95 | |
| 96 | /** |
| 97 | * Check if the specified certificate already exists. |
| 98 | * @param certificateName The name of the certificate. |
| 99 | * @return true if the certificate exists, otherwise false. |
| 100 | */ |
| 101 | virtual bool |
| 102 | doesCertificateExist(const Name& certificateName) = 0; |
| 103 | |
| 104 | /** |
| 105 | * Add a certificate to the identity storage. |
| 106 | * @param certificate The certificate to be added. This makes a copy of the certificate. |
| 107 | */ |
| 108 | virtual void |
| 109 | addCertificate(const IdentityCertificate& certificate) = 0; |
| 110 | |
| 111 | /** |
| 112 | * Get a certificate from the identity storage. |
| 113 | * @param certificateName The name of the requested certificate. |
| 114 | * @param allowAny If false, only a valid certificate will be returned, otherwise validity is disregarded. |
| 115 | * @return The requested certificate. If not found, return a shared_ptr with a null pointer. |
| 116 | */ |
| 117 | virtual ptr_lib::shared_ptr<IdentityCertificate> |
Yingdi Yu | 88663af | 2014-01-15 15:21:38 -0800 | [diff] [blame] | 118 | getCertificate(const Name &certificateName) = 0; |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 119 | |
| 120 | |
| 121 | /***************************************** |
| 122 | * Default Getter * |
| 123 | *****************************************/ |
| 124 | |
| 125 | /** |
| 126 | * Get the default identity. |
| 127 | * @param return The name of default identity, or an empty name if there is no default. |
| 128 | */ |
| 129 | virtual Name |
| 130 | getDefaultIdentity() = 0; |
| 131 | |
| 132 | /** |
| 133 | * Get the default key name for the specified identity. |
| 134 | * @param identityName The identity name. |
| 135 | * @return The default key name. |
| 136 | */ |
| 137 | virtual Name |
| 138 | getDefaultKeyNameForIdentity(const Name& identityName) = 0; |
| 139 | |
| 140 | /** |
| 141 | * Get the default certificate name for the specified key. |
| 142 | * @param keyName The key name. |
| 143 | * @return The default certificate name. |
| 144 | */ |
| 145 | virtual Name |
| 146 | getDefaultCertificateNameForKey(const Name& keyName) = 0; |
| 147 | |
| 148 | virtual std::vector<Name> |
| 149 | getAllIdentities(bool isDefault) = 0; |
| 150 | |
| 151 | virtual std::vector<Name> |
| 152 | getAllKeyNames(bool isDefault) = 0; |
| 153 | |
| 154 | virtual std::vector<Name> |
| 155 | getAllKeyNamesOfIdentity(const Name& identity, bool isDefault) = 0; |
| 156 | |
| 157 | virtual std::vector<Name> |
| 158 | getAllCertificateNames(bool isDefault) = 0; |
| 159 | |
| 160 | virtual std::vector<Name> |
| 161 | getAllCertificateNamesOfKey(const Name& keyName, bool isDefault) = 0; |
| 162 | |
| 163 | protected: |
| 164 | |
| 165 | /***************************************** |
| 166 | * Default Setter * |
| 167 | *****************************************/ |
| 168 | |
| 169 | /** |
| 170 | * Set the default identity. If the identityName does not exist, then clear the default identity |
| 171 | * so that getDefaultIdentity() returns an empty name. |
| 172 | * @param identityName The default identity name. |
| 173 | */ |
| 174 | virtual void |
| 175 | setDefaultIdentityInternal(const Name& identityName) = 0; |
| 176 | |
| 177 | /** |
| 178 | * Set the default key name for the corresponding identity. |
| 179 | * @param keyName The key name. |
| 180 | */ |
| 181 | virtual void |
| 182 | setDefaultKeyNameForIdentityInternal(const Name& keyName) = 0; |
| 183 | |
| 184 | /** |
| 185 | * Set the default certificate name for the corresponding key. |
| 186 | * @param certificateName The certificate name. |
| 187 | */ |
| 188 | virtual void |
| 189 | setDefaultCertificateNameForKeyInternal(const Name& certificateName) = 0; |
| 190 | |
| 191 | public: |
| 192 | |
| 193 | /***************************************** |
| 194 | * Helper Methods * |
| 195 | *****************************************/ |
| 196 | |
| 197 | /** |
| 198 | * Set the default identity. If the identityName does not exist, then clear the default identity |
| 199 | * so that getDefaultIdentity() returns an empty name. |
| 200 | * @param identityName The default identity name. |
| 201 | */ |
| 202 | inline void |
| 203 | setDefaultIdentity(const Name& identityName); |
| 204 | |
| 205 | /** |
| 206 | * Set the default key name for the corresponding identity. |
| 207 | * @param keyName The key name. |
| 208 | */ |
| 209 | inline void |
| 210 | setDefaultKeyNameForIdentity(const Name& keyName); |
| 211 | |
| 212 | /** |
| 213 | * Set the default certificate name for the corresponding key. |
| 214 | * @param certificateName The certificate name. |
| 215 | */ |
| 216 | inline void |
| 217 | setDefaultCertificateNameForKey(const Name& certificateName); |
| 218 | |
| 219 | /** |
| 220 | * Generate a name for a new key belonging to the identity. |
| 221 | * @param identityName The identity name. |
| 222 | * @param useKsk If true, generate a KSK name, otherwise a DSK name. |
| 223 | * @return The generated key name. |
| 224 | */ |
| 225 | inline Name |
| 226 | getNewKeyName(const Name& identityName, bool useKsk); |
| 227 | |
| 228 | /** |
| 229 | * Get the default certificate name for the specified identity. |
| 230 | * @param identityName The identity name. |
| 231 | * @return The default certificate name. |
| 232 | */ |
| 233 | inline Name |
| 234 | getDefaultCertificateNameForIdentity(const Name& identityName); |
| 235 | |
| 236 | /** |
| 237 | * Get the default certificate name of the default identity, which will be used when signing is based on identity and |
| 238 | * the identity is not specified. |
| 239 | * @return The requested certificate name. |
| 240 | */ |
| 241 | inline Name |
| 242 | getDefaultCertificateName(); |
| 243 | |
| 244 | /** |
| 245 | * Add a certificate and set the certificate as the default of its corresponding key. |
| 246 | * @param certificate The certificate to be added. This makes a copy of the certificate. |
| 247 | */ |
| 248 | inline void |
| 249 | addCertificateAsKeyDefault(const IdentityCertificate& certificate); |
| 250 | |
| 251 | /** |
| 252 | * Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity. |
| 253 | * @param certificate The certificate to be added. This makes a copy of the certificate. |
| 254 | */ |
| 255 | inline void |
| 256 | addCertificateAsIdentityDefault(const IdentityCertificate& certificate); |
| 257 | |
Yingdi Yu | 88663af | 2014-01-15 15:21:38 -0800 | [diff] [blame] | 258 | inline void |
| 259 | addCertificateAsSystemDefault(const IdentityCertificate& certificate); |
| 260 | |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 261 | inline ptr_lib::shared_ptr<IdentityCertificate> |
| 262 | defaultCertificate(); |
| 263 | |
| 264 | inline void |
| 265 | refreshDefaultCertificate(); |
| 266 | |
| 267 | protected: |
| 268 | ptr_lib::shared_ptr<IdentityCertificate> defaultCertificate_; |
| 269 | |
| 270 | }; |
| 271 | |
| 272 | void |
| 273 | SecPublicInfo::setDefaultIdentity(const Name& identityName) |
| 274 | { |
| 275 | setDefaultIdentityInternal(identityName); |
| 276 | refreshDefaultCertificate(); |
| 277 | } |
| 278 | |
| 279 | void |
| 280 | SecPublicInfo::setDefaultKeyNameForIdentity(const Name& keyName) |
| 281 | { |
| 282 | setDefaultKeyNameForIdentityInternal(keyName); |
| 283 | refreshDefaultCertificate(); |
| 284 | } |
| 285 | |
| 286 | void |
| 287 | SecPublicInfo::setDefaultCertificateNameForKey(const Name& certificateName) |
| 288 | { |
| 289 | setDefaultCertificateNameForKeyInternal(certificateName); |
| 290 | refreshDefaultCertificate(); |
| 291 | } |
| 292 | |
| 293 | Name |
| 294 | SecPublicInfo::getDefaultCertificateNameForIdentity(const Name& identityName) |
| 295 | { |
| 296 | return getDefaultCertificateNameForKey(getDefaultKeyNameForIdentity(identityName)); |
| 297 | } |
| 298 | |
| 299 | Name |
| 300 | SecPublicInfo::getNewKeyName (const Name& identityName, bool useKsk) |
| 301 | { |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 302 | std::ostringstream oss; |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 303 | |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 304 | if (useKsk) |
Yingdi Yu | 88663af | 2014-01-15 15:21:38 -0800 | [diff] [blame] | 305 | oss << "ksk-"; |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 306 | else |
Yingdi Yu | 88663af | 2014-01-15 15:21:38 -0800 | [diff] [blame] | 307 | oss << "dsk-"; |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 308 | |
Yingdi Yu | 88663af | 2014-01-15 15:21:38 -0800 | [diff] [blame] | 309 | oss << static_cast<int>(getNow()/1000); |
| 310 | |
| 311 | Name keyName = Name(identityName).append(oss.str()); |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 312 | |
| 313 | if (doesPublicKeyExist(keyName)) |
| 314 | throw Error("Key name already exists"); |
| 315 | |
| 316 | return keyName; |
| 317 | } |
| 318 | |
| 319 | Name |
| 320 | SecPublicInfo::getDefaultCertificateName() |
| 321 | { |
| 322 | if(!static_cast<bool>(defaultCertificate_)) |
| 323 | refreshDefaultCertificate(); |
| 324 | |
| 325 | if(!static_cast<bool>(defaultCertificate_)) |
| 326 | return Name(); |
| 327 | |
| 328 | return defaultCertificate_->getName(); |
| 329 | } |
| 330 | |
| 331 | void |
| 332 | SecPublicInfo::addCertificateAsKeyDefault(const IdentityCertificate& certificate) |
| 333 | { |
| 334 | addCertificate(certificate); |
| 335 | setDefaultCertificateNameForKeyInternal(certificate.getName()); |
| 336 | refreshDefaultCertificate(); |
| 337 | } |
| 338 | |
| 339 | void |
| 340 | SecPublicInfo::addCertificateAsIdentityDefault(const IdentityCertificate& certificate) |
| 341 | { |
| 342 | addCertificate(certificate); |
Yingdi Yu | 88663af | 2014-01-15 15:21:38 -0800 | [diff] [blame] | 343 | Name certName = certificate.getName(); |
| 344 | setDefaultKeyNameForIdentityInternal(IdentityCertificate::certificateNameToPublicKeyName(certName)); |
| 345 | setDefaultCertificateNameForKeyInternal(certName); |
| 346 | refreshDefaultCertificate(); |
| 347 | } |
| 348 | |
| 349 | void |
| 350 | SecPublicInfo::addCertificateAsSystemDefault(const IdentityCertificate& certificate) |
| 351 | { |
| 352 | addCertificate(certificate); |
| 353 | Name certName = certificate.getName(); |
| 354 | Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName); |
| 355 | setDefaultIdentityInternal(keyName.getPrefix(-1)); |
| 356 | setDefaultKeyNameForIdentityInternal(keyName); |
| 357 | setDefaultCertificateNameForKeyInternal(certName); |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 358 | refreshDefaultCertificate(); |
| 359 | } |
| 360 | |
| 361 | ptr_lib::shared_ptr<IdentityCertificate> |
| 362 | SecPublicInfo::defaultCertificate() |
| 363 | { |
| 364 | return defaultCertificate_; |
| 365 | } |
| 366 | |
| 367 | void |
| 368 | SecPublicInfo::refreshDefaultCertificate() |
| 369 | { |
Yingdi Yu | 88663af | 2014-01-15 15:21:38 -0800 | [diff] [blame] | 370 | Name certName = getDefaultCertificateNameForIdentity(getDefaultIdentity()); |
| 371 | if(certName.empty()) |
| 372 | defaultCertificate_.reset(); |
| 373 | else |
| 374 | defaultCertificate_ = getCertificate(certName); |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 375 | } |
| 376 | |
| 377 | |
| 378 | } |
| 379 | |
| 380 | #endif |