forked from cawka/ndn.cxx
diff --git a/ndn-cpp/security/certificate.h b/ndn-cpp/security/certificate.h
new file mode 100644
index 0000000..e0efa91
--- /dev/null
+++ b/ndn-cpp/security/certificate.h
@@ -0,0 +1,43 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013, Regents of the University of California
+ * Alexander Afanasyev
+ *
+ * BSD license, See the LICENSE file for more information
+ *
+ * Author: Alexander Afanasyev <alexander.afanasyev@ucla.edu>
+ */
+
+#ifndef NDN_CERTIFICATE_H
+#define NDN_CERTIFICATE_H
+
+#include "ndn-cpp/data.h"
+
+namespace ndn {
+
+/**
+ * @brief Class representing NDN identity
+ *
+ * - name
+ * - full NDN name of the NDN certificate
+ * - /ndn/ucla.edu/alex/cert/<pubkey.sha256>/<issuer>
+ * - content
+ * - X.509 certificate in DER format (X.509 certificate can include any necessary identity information, as well as is fully extendable)
+ * - Subject:
+ * - full real name, associated with the certificate
+ * - full affiliation, associated with the certificate
+ * - Subject Public Key Info
+ * - Validity
+ * - signature
+ * - issuerCertName (KeyLocator/CertName)
+ * - /ndn/ucla.edu/cert/<pubkey.sha256>/<issuer>
+ *
+ */
+class Certificate : public Data
+{
+public:
+};
+
+} // ndn
+
+#endif // NDN_CERTIFICATE_H
diff --git a/ndn-cpp/security/identity.h b/ndn-cpp/security/identity.h
new file mode 100644
index 0000000..676b3b3
--- /dev/null
+++ b/ndn-cpp/security/identity.h
@@ -0,0 +1,46 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013, Regents of the University of California
+ * Alexander Afanasyev
+ *
+ * BSD license, See the LICENSE file for more information
+ *
+ * Author: Alexander Afanasyev <alexander.afanasyev@ucla.edu>
+ */
+
+#ifndef NDN_IDENTITY_H
+#define NDN_IDENTITY_H
+
+namespace ndn {
+
+/**
+ * @brief Class representing NDN identity
+ *
+ * - name
+ * - (indexing and lookup)
+ * - /ndn/ucla.edu/alex
+ * - contents
+ * - privateKeyName
+ * - unique name of the private key
+ * - private key bits are not exposed anywhere
+ * - /ndn/ucla.edu/alex/privKey/<pubkey.sha256>
+ * - indexed list of certificates
+ * - NDN DATA packets
+ * - easy access data structure of NDN certificate (“parsed DATA packet”)
+ * - link to default certificate
+ * - revocation list
+ * - one or more NDN DATA packets
+ * - name: <identity-name>/revocation-list/<version>(/<seqno>)?
+ * - /ndn/ucla.edu/alex/revocation-list/%FD...01
+ * - initially empty, updated whenever an issued certificate is getting revoked
+ * - revocation always exists
+ *
+ */
+class Identity
+{
+public:
+};
+
+} // ndn
+
+#endif // NDN_IDENTITY_H
diff --git a/ndn-cpp/security/keychain-pkcs12.cc b/ndn-cpp/security/keychain-pkcs12.cc
new file mode 100644
index 0000000..8a01fd5
--- /dev/null
+++ b/ndn-cpp/security/keychain-pkcs12.cc
@@ -0,0 +1,69 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013, Regents of the University of California
+ * Alexander Afanasyev
+ *
+ * BSD license, See the LICENSE file for more information
+ *
+ * Author: Alexander Afanasyev <alexander.afanasyev@ucla.edu>
+ */
+
+#include "keychain-pkcs12.h"
+
+namespace ndn {
+
+/////////////////////////////////////////////////////
+// interface to manage certificates and identities //
+/////////////////////////////////////////////////////
+
+Ptr<const Identity>
+KeychainKeystoreOpenssl::getDefaultIdentity ()
+{
+ return Ptr<const Identity> ();
+}
+
+Ptr<const Identity>
+KeychainKeystoreOpenssl::getIdentity (const Name &identityName)
+{
+ return Ptr<const Identity> ();
+}
+
+Ptr<const Identity>
+KeychainKeystoreOpenssl::generateIdentity (const Name &identityName)
+{
+ return Ptr<const Identity> ();
+}
+
+void
+KeychainKeystoreOpenssl::requestIdentityCertificate (const Identity &identity, std::ostream &os)
+{
+}
+
+Ptr<const Certificate>
+KeychainKeystoreOpenssl::issueCertificate (const Identity &identity, std::istream &is)
+{
+ return Ptr<const Certificate> ();
+}
+
+Ptr<const Certificate>
+KeychainKeystoreOpenssl::issueCertificate (std::istream &is)
+{
+ return Ptr<const Certificate> ();
+}
+
+void
+KeychainKeystoreOpenssl::installIdentityCertificate (const Certificate &cert)
+{
+}
+
+/////////////////////////////////////////////////////
+// interface to sign and encrypt data //
+/////////////////////////////////////////////////////
+Ptr<Signature>
+KeychainKeystoreOpenssl::sign (const Identity &identity, const void *buffer, size_t size)
+{
+ return Ptr<Signature> ();
+}
+
+
+} // ndn
diff --git a/ndn-cpp/security/keychain-pkcs12.h b/ndn-cpp/security/keychain-pkcs12.h
new file mode 100644
index 0000000..898d792
--- /dev/null
+++ b/ndn-cpp/security/keychain-pkcs12.h
@@ -0,0 +1,74 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013, Regents of the University of California
+ * Alexander Afanasyev
+ *
+ * BSD license, See the LICENSE file for more information
+ *
+ * Author: Alexander Afanasyev <alexander.afanasyev@ucla.edu>
+ */
+
+#ifndef NDN_KEYCHAIN_PKCS12_H
+#define NDN_KEYCHAIN_PKCS12_H
+
+#include "keychain.h"
+#include "ndn-cpp/helpers/hash.h"
+
+namespace ndn
+{
+
+/**
+ * @brief Class implementing logic to work with pkcs12 CCNx keystore file (.ccnx_keystore)
+ */
+class KeychainKeystoreOpenssl : public virtual Keychain
+{
+public:
+ KeychainKeystoreOpenssl ();
+ KeychainKeystoreOpenssl (const std::string &path);
+
+public:
+ /////////////////////////////////////////////////////
+ // interface to manage certificates and identities //
+ /////////////////////////////////////////////////////
+
+ virtual Ptr<const Identity>
+ getDefaultIdentity ();
+
+ virtual Ptr<const Identity>
+ getIdentity (const Name &identityName);
+
+ virtual Ptr<const Identity>
+ generateIdentity (const Name &identityName);
+
+ virtual void
+ requestIdentityCertificate (const Identity &identity, std::ostream &os);
+
+ virtual Ptr<const Certificate>
+ issueCertificate (const Identity &identity, std::istream &is);
+
+ virtual Ptr<const Certificate>
+ issueCertificate (std::istream &is);
+
+ virtual void
+ installIdentityCertificate (const Certificate &cert);
+
+public:
+ /////////////////////////////////////////////////////
+ // interface to sign and encrypt data //
+ /////////////////////////////////////////////////////
+ virtual Ptr<Signature>
+ sign (const Identity &identity, const void *buffer, size_t size);
+
+
+private:
+ void
+ initialize (const std::string &pkcs12);
+
+private:
+ Name m_publicKeyName;
+ Hash m_publicKeyDigest;
+};
+
+} // ndn
+
+#endif // NDN_KEYCHAIN_KEYSTORE_OPENSSL_H
diff --git a/ndn-cpp/security/keychain.cc b/ndn-cpp/security/keychain.cc
new file mode 100644
index 0000000..2f7fbe5
--- /dev/null
+++ b/ndn-cpp/security/keychain.cc
@@ -0,0 +1,15 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013, Regents of the University of California
+ * Alexander Afanasyev
+ *
+ * BSD license, See the LICENSE file for more information
+ *
+ * Author: Alexander Afanasyev <alexander.afanasyev@ucla.edu>
+ */
+
+#include "keychain.h"
+
+ndn::Keychain::~Keychain ()
+{
+}
diff --git a/ndn-cpp/security/keychain.h b/ndn-cpp/security/keychain.h
new file mode 100644
index 0000000..83a09dd
--- /dev/null
+++ b/ndn-cpp/security/keychain.h
@@ -0,0 +1,130 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013, Regents of the University of California
+ * Alexander Afanasyev
+ *
+ * BSD license, See the LICENSE file for more information
+ *
+ * Author: Alexander Afanasyev <alexander.afanasyev@ucla.edu>
+ */
+
+#ifndef NDN_KEYCHAIN_H
+#define NDN_KEYCHAIN_H
+
+// #include "ndn-cpp/fields/blob.h"
+// #include "ndn-cpp/fields/name.h"
+
+#include "identity.h"
+#include "certificate.h"
+
+#include <iostream>
+
+namespace ndn {
+
+/**
+ * @brief Interface for a keychain operations
+ *
+ * Keychain has the following set of operations:
+ *
+ * --- interface to manage certificates and identities
+ * - identities are permanently stored
+ * - certificates can be cached (or stored permanently, if user is willing to)
+ * --- interface to sign and encrypt data
+ *
+ */
+class Keychain
+{
+public:
+ /**
+ * @brief Virtual destructor
+ */
+ virtual
+ ~Keychain ();
+
+ /////////////////////////////////////////////////////
+ // interface to manage certificates and identities //
+ /////////////////////////////////////////////////////
+
+ /**
+ * @brief Get default identity
+ */
+ virtual Ptr<const Identity>
+ getDefaultIdentity () = 0;
+
+ /**
+ * @brief Get identity by name
+ * @param identityName name of the requested identity
+ */
+ virtual Ptr<const Identity>
+ getIdentity (const Name &identityName) = 0;
+
+ /**
+ * @brief Create a self-certified identity
+ * @param identityName name of the identity to create
+ */
+ virtual Ptr<const Identity>
+ generateIdentity (const Name &identityName) = 0;
+
+ /**
+ * @brief Create identity certification request
+ * @param identity identity for which create the request
+ * @param os output stream which will receive the request
+ */
+ virtual void
+ requestIdentityCertificate (const Identity &identity, std::ostream &os) = 0;
+
+ /**
+ * @brief Issue a certificate using parameters from the input stream (formatted as request)
+ * @param identity Identity which will be used to issue the certificate
+ * @param is input stream from which to read parameters of the certificate
+ *
+ * @returns smart pointer to a signed certificate
+ */
+ virtual Ptr<const Certificate>
+ issueCertificate (const Identity &identity, std::istream &is) = 0;
+
+ /**
+ * @brief Issue a certificate using parameters from the input stream (formatted as request)
+ *
+ * Same as another version, but using the default identity
+ *
+ * @returns smart pointer to a signed certificate
+ */
+ virtual Ptr<const Certificate>
+ issueCertificate (std::istream &is) = 0;
+
+ /**
+ * @brief Install identity certificate
+ * @param cert certificate to install
+ */
+ virtual void
+ installIdentityCertificate (const Certificate &cert) = 0;
+
+public:
+ /////////////////////////////////////////////////////
+ // interface to sign and encrypt data //
+ /////////////////////////////////////////////////////
+
+ /**
+ * @brief Sign data using specified identity
+ * @param identity selected identity to sign data
+ * @param buffer pointer to the data to sign
+ * @param size length of data to sign
+ *
+ * @return pointer to base class of a signature object (depending on identity,
+ * different types signature can be produced)
+ */
+ virtual Ptr<Signature>
+ sign (const Identity &identity, const void *buffer, size_t size) = 0;
+
+ // TBD
+ // /**
+ // * @brief Decrypt data using the specified identity
+ // */
+ // virtual ?
+ // decrypt (Ptr<Identity> identity, const void *buffer, size_t size, ?) = 0;
+};
+
+} // ndn
+
+#endif // NDN_KEYCHAIN_H
diff --git a/ndn-cpp/security/verifier.h b/ndn-cpp/security/verifier.h
new file mode 100644
index 0000000..cb98243
--- /dev/null
+++ b/ndn-cpp/security/verifier.h
@@ -0,0 +1,38 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013, Regents of the University of California
+ * Alexander Afanasyev
+ *
+ * BSD license, See the LICENSE file for more information
+ *
+ * Author: Alexander Afanasyev <alexander.afanasyev@ucla.edu>
+ */
+
+#ifndef NDN_VERIFIER_H
+#define NDN_VERIFIER_H
+
+namespace ndn {
+
+/**
+ * @brief Interface for NDN DATA packet verification (trust model)
+ *
+ * --- interface to verify DATA packets
+ * - application selects required implementation
+ * - at least two build-in models:
+ * = hierarchical (default)
+ * = simple chain (without authorization)
+ * - uses NDN keychain as a backend to cache certificates
+ */
+class Verifier
+{
+public:
+ /**
+ * @brief Virtual destructor
+ */
+ virtual
+ ~Verifier ();
+};
+
+} // ndn
+
+#endif // NDN_VERIFIER_H