Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 2 | /** |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 3 | * Copyright (C) 2013 Regents of the University of California. |
Jeff Thompson | 06e787d | 2013-09-12 19:00:55 -0700 | [diff] [blame] | 4 | * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 5 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 6 | * See COPYING for copyright and distribution information. |
| 7 | */ |
| 8 | |
| 9 | #ifndef NDN_IDENTITY_MANAGER_HPP |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 10 | #define NDN_IDENTITY_MANAGER_HPP |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 11 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 12 | #include "../certificate/identity-certificate.hpp" |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 13 | #include "identity-storage.hpp" |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 14 | #include "../certificate/public-key.hpp" |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 15 | #include "private-key-storage.hpp" |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 16 | |
Jeff Thompson | 958bf9b | 2013-10-12 17:20:51 -0700 | [diff] [blame^] | 17 | namespace ndn { |
| 18 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 19 | // TODO: Implement Time values. |
| 20 | class Time; |
| 21 | |
Jeff Thompson | ffa36f9 | 2013-09-20 08:42:41 -0700 | [diff] [blame] | 22 | /** |
| 23 | * An IdentityManager is the interface of operations related to identity, keys, and certificates. |
| 24 | */ |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 25 | class IdentityManager { |
| 26 | public: |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 27 | IdentityManager(const ptr_lib::shared_ptr<IdentityStorage>& identityStorage, const ptr_lib::shared_ptr<PrivateKeyStorage>& privateKeyStorage) |
| 28 | : identityStorage_(identityStorage), privateKeyStorage_(privateKeyStorage) |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 29 | { |
| 30 | } |
| 31 | |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 32 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 33 | * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. |
| 34 | * @param identityName The name of the identity. |
| 35 | * @return The key name of the auto-generated KSK of the identity. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 36 | */ |
| 37 | Name |
| 38 | createIdentity(const Name& identityName); |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 39 | |
| 40 | /** |
| 41 | * Get the default identity. |
| 42 | * @return The default identity name. |
| 43 | */ |
| 44 | Name |
| 45 | getDefaultIdentity() |
| 46 | { |
| 47 | return identityStorage_->getDefaultIdentity(); |
| 48 | } |
| 49 | |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 50 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 51 | * Generate a pair of RSA keys for the specified identity. |
| 52 | * @param identityName The name of the identity. |
| 53 | * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK). |
| 54 | * @param keySize The size of the key. |
| 55 | * @return The generated key name. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 56 | */ |
| 57 | Name |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 58 | generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048); |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 59 | |
| 60 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 61 | * Set a key as the default key of an identity. |
| 62 | * @param keyName The name of the key. |
| 63 | * @param identityName the name of the identity. If not specified, the identity name is inferred from the keyName. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 64 | */ |
| 65 | void |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 66 | setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name()) |
| 67 | { |
| 68 | identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName); |
| 69 | } |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 70 | |
| 71 | /** |
Jeff Thompson | 18bf631 | 2013-10-04 11:23:55 -0700 | [diff] [blame] | 72 | * Get the default key for an identity. |
| 73 | * @param identityName the name of the identity. If omitted, the identity name is inferred from the keyName. |
| 74 | * @return The default key name. |
| 75 | */ |
| 76 | Name |
| 77 | getDefaultKeyNameForIdentity(const Name& identityName = Name()) |
| 78 | { |
| 79 | return identityStorage_->getDefaultKeyNameForIdentity(identityName); |
| 80 | } |
| 81 | |
| 82 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 83 | * Generate a pair of RSA keys for the specified identity and set it as default key for the identity. |
| 84 | * @param identityName The name of the identity. |
| 85 | * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK). |
| 86 | * @param keySize The size of the key. |
| 87 | * @return The generated key name. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 88 | */ |
| 89 | Name |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 90 | generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048); |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 91 | |
| 92 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 93 | * Get the public key with the specified name. |
| 94 | * @param keyName The name of the key. |
| 95 | * @return The public key. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 96 | */ |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 97 | ptr_lib::shared_ptr<PublicKey> |
| 98 | getPublicKey(const Name& keyName) |
| 99 | { |
| 100 | return PublicKey::fromDer(identityStorage_->getKey(keyName)); |
| 101 | } |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 102 | |
| 103 | /** |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 104 | * Create an identity certificate for a public key managed by this IdentityManager. |
| 105 | * @param keyName The name of public key to be signed. |
| 106 | * @param signerCertificateName The name of signing certificate. |
| 107 | * @param notBefore The notBefore value in the validity field of the generated certificate. |
| 108 | * @param notAfter The notAfter vallue in validity field of the generated certificate. |
| 109 | * @return The name of generated identity certificate. |
| 110 | */ |
| 111 | Name |
| 112 | createIdentityCertificate(const Name& keyName, const Name& signerCertificateName, const Time& notBefore, const Time& notAfter); |
| 113 | |
| 114 | /** |
| 115 | * Create an identity certificate for a public key supplied by the caller. |
| 116 | * @param keyName The name of public key to be signed. |
| 117 | * @param publickey The public key to be signed. |
| 118 | * @param signerCertificateName The name of signing certificate. |
| 119 | * @param notBefore The notBefore value in the validity field of the generated certificate. |
| 120 | * @param notAfter The notAfter vallue in validity field of the generated certificate. |
| 121 | * @return The generated identity certificate. |
| 122 | */ |
| 123 | ptr_lib::shared_ptr<IdentityCertificate> |
| 124 | createIdentityCertificate |
| 125 | (const Name& keyName, const PublicKey& publickey, const Name& signerCertificateName, const Time& notBefore, const Time& notAfter); |
| 126 | |
| 127 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 128 | * Add a certificate into the public key identity storage. |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 129 | * @param certificate The certificate to to added. This makes a copy of the certificate. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 130 | */ |
| 131 | void |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 132 | addCertificate(const IdentityCertificate& certificate) |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 133 | { |
| 134 | identityStorage_->addCertificate(certificate); |
| 135 | } |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 136 | |
| 137 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 138 | * Set the certificate as the default for its corresponding key. |
| 139 | * @param certificateName The name of the certificate. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 140 | */ |
| 141 | void |
| 142 | setDefaultCertificateForKey(const Name& certificateName); |
| 143 | |
| 144 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 145 | * Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity. |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 146 | * @param certificate The certificate to be added. This makes a copy of the certificate. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 147 | */ |
| 148 | void |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 149 | addCertificateAsIdentityDefault(const IdentityCertificate& certificate); |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 150 | |
| 151 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 152 | * Add a certificate into the public key identity storage and set the certificate as the default of its corresponding key. |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 153 | * @param certificate The certificate to be added. This makes a copy of the certificate. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 154 | */ |
| 155 | void |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 156 | addCertificateAsDefault(const IdentityCertificate& certificate); |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 157 | |
| 158 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 159 | * Get a certificate with the specified name. |
| 160 | * @param certificateName The name of the requested certificate. |
| 161 | * @return the requested certificate which is valid. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 162 | */ |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 163 | ptr_lib::shared_ptr<IdentityCertificate> |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 164 | getCertificate(const Name& certificateName) |
| 165 | { |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 166 | return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, false)); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 167 | } |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 168 | |
| 169 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 170 | * Get a certificate even if the certificate is not valid anymore. |
| 171 | * @param certificateName The name of the requested certificate. |
| 172 | * @return the requested certificate. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 173 | */ |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 174 | ptr_lib::shared_ptr<IdentityCertificate> |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 175 | getAnyCertificate(const Name& certificateName) |
| 176 | { |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 177 | return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, true)); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 178 | } |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 179 | |
| 180 | /** |
| 181 | * Get the default certificate name for the specified identity, which will be used when signing is performed based on identity. |
| 182 | * @param identityName The name of the specified identity. |
| 183 | * @return The requested certificate name. |
| 184 | */ |
| 185 | Name |
| 186 | getDefaultCertificateNameForIdentity(const Name& identityName) |
| 187 | { |
| 188 | return identityStorage_->getDefaultCertificateNameForIdentity(identityName); |
| 189 | } |
| 190 | |
| 191 | /** |
| 192 | * Get the default certificate name of the default identity, which will be used when signing is based on identity and |
| 193 | * the identity is not specified. |
| 194 | * @return The requested certificate name. |
| 195 | */ |
| 196 | Name |
| 197 | getDefaultCertificateName() |
| 198 | { |
| 199 | return identityStorage_->getDefaultCertificateNameForIdentity(getDefaultIdentity()); |
| 200 | } |
| 201 | |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 202 | /** |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 203 | * Sign the byte array data based on the certificate name. |
| 204 | * @param data The data to be signed. |
| 205 | * @param dataLength the length of data. |
| 206 | * @param certificateName The signing certificate name. |
| 207 | * @return The generated signature. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 208 | */ |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 209 | ptr_lib::shared_ptr<Signature> |
| 210 | signByCertificate(const uint8_t* data, size_t dataLength, const Name& certificateName); |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 211 | |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 212 | /** |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 213 | * Sign data packet based on the certificate name. |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 214 | * Note: the caller must make sure the timestamp in data is correct, for example with |
| 215 | * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0). |
| 216 | * @param data The Data object to sign and update its signature. |
| 217 | * @param certificateName The Name identifying the certificate which identifies the signing key. |
| 218 | * @param wireFormat The WireFormat for calling encodeData, or WireFormat::getDefaultWireFormat() if omitted. |
| 219 | */ |
Jeff Thompson | 0050abe | 2013-09-17 12:50:25 -0700 | [diff] [blame] | 220 | void |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 221 | signByCertificate(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat()); |
| 222 | |
| 223 | private: |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 224 | /** |
| 225 | * Generate a key pair for the specified identity. |
| 226 | * @param identityName The name of the specified identity. |
| 227 | * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK). |
| 228 | * @param keyType The type of the key pair, e.g. KEY_TYPE_RSA. |
| 229 | * @param keySize The size of the key pair. |
| 230 | * @return The name of the generated key. |
| 231 | */ |
| 232 | Name |
| 233 | generateKeyPair(const Name& identityName, bool isKsk = false, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048); |
| 234 | |
| 235 | /** |
| 236 | * Generate a self-signed certificate for a public key. |
| 237 | * @param keyName The name of the public key. |
| 238 | * @return The generated certificate. |
| 239 | */ |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 240 | ptr_lib::shared_ptr<IdentityCertificate> |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 241 | selfSign(const Name& keyName); |
| 242 | |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 243 | ptr_lib::shared_ptr<IdentityStorage> identityStorage_; |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 244 | ptr_lib::shared_ptr<PrivateKeyStorage> privateKeyStorage_; |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 245 | }; |
| 246 | |
| 247 | } |
| 248 | |
| 249 | #endif |