blob: 9028065d5296f4493d936f96170f700ff48cb5cf [file] [log] [blame]
Jeff Thompson25b4e612013-10-10 16:03:24 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
Jeff Thompson41471912013-09-12 16:21:50 -07002/**
Jeff Thompson7687dc02013-09-13 11:54:07 -07003 * Copyright (C) 2013 Regents of the University of California.
Jeff Thompson06e787d2013-09-12 19:00:55 -07004 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
Jeff Thompson7687dc02013-09-13 11:54:07 -07005 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson41471912013-09-12 16:21:50 -07006 * See COPYING for copyright and distribution information.
7 */
8
9#ifndef NDN_IDENTITY_MANAGER_HPP
Jeff Thompsonc69163b2013-10-12 13:49:50 -070010#define NDN_IDENTITY_MANAGER_HPP
Jeff Thompson41471912013-09-12 16:21:50 -070011
Jeff Thompsonc69163b2013-10-12 13:49:50 -070012#include "../certificate/identity-certificate.hpp"
Jeff Thompson9296f0c2013-09-23 18:10:27 -070013#include "identity-storage.hpp"
Jeff Thompsone7e069b2013-09-27 15:48:48 -070014#include "../certificate/public-key.hpp"
Jeff Thompson86e1d752013-09-17 17:22:38 -070015#include "private-key-storage.hpp"
Jeff Thompson41471912013-09-12 16:21:50 -070016
Jeff Thompson958bf9b2013-10-12 17:20:51 -070017namespace ndn {
18
Jeff Thompsonc69163b2013-10-12 13:49:50 -070019// TODO: Implement Time values.
20class Time;
21
Jeff Thompsonffa36f92013-09-20 08:42:41 -070022/**
23 * An IdentityManager is the interface of operations related to identity, keys, and certificates.
24 */
Jeff Thompson41471912013-09-12 16:21:50 -070025class IdentityManager {
26public:
Jeff Thompson9296f0c2013-09-23 18:10:27 -070027 IdentityManager(const ptr_lib::shared_ptr<IdentityStorage>& identityStorage, const ptr_lib::shared_ptr<PrivateKeyStorage>& privateKeyStorage)
28 : identityStorage_(identityStorage), privateKeyStorage_(privateKeyStorage)
Jeff Thompson86e1d752013-09-17 17:22:38 -070029 {
30 }
31
Jeff Thompson9296f0c2013-09-23 18:10:27 -070032 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -070033 * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
34 * @param identityName The name of the identity.
35 * @return The key name of the auto-generated KSK of the identity.
Jeff Thompson9296f0c2013-09-23 18:10:27 -070036 */
37 Name
38 createIdentity(const Name& identityName);
Jeff Thompson9296f0c2013-09-23 18:10:27 -070039
40 /**
41 * Get the default identity.
42 * @return The default identity name.
43 */
44 Name
45 getDefaultIdentity()
46 {
47 return identityStorage_->getDefaultIdentity();
48 }
49
Jeff Thompson9296f0c2013-09-23 18:10:27 -070050 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -070051 * Generate a pair of RSA keys for the specified identity.
52 * @param identityName The name of the identity.
53 * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
54 * @param keySize The size of the key.
55 * @return The generated key name.
Jeff Thompson9296f0c2013-09-23 18:10:27 -070056 */
57 Name
Jeff Thompsone7e069b2013-09-27 15:48:48 -070058 generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048);
Jeff Thompson9296f0c2013-09-23 18:10:27 -070059
60 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -070061 * Set a key as the default key of an identity.
62 * @param keyName The name of the key.
63 * @param identityName the name of the identity. If not specified, the identity name is inferred from the keyName.
Jeff Thompson9296f0c2013-09-23 18:10:27 -070064 */
65 void
Jeff Thompsone7e069b2013-09-27 15:48:48 -070066 setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name())
67 {
68 identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName);
69 }
Jeff Thompson9296f0c2013-09-23 18:10:27 -070070
71 /**
Jeff Thompson18bf6312013-10-04 11:23:55 -070072 * Get the default key for an identity.
73 * @param identityName the name of the identity. If omitted, the identity name is inferred from the keyName.
74 * @return The default key name.
75 */
76 Name
77 getDefaultKeyNameForIdentity(const Name& identityName = Name())
78 {
79 return identityStorage_->getDefaultKeyNameForIdentity(identityName);
80 }
81
82 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -070083 * Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
84 * @param identityName The name of the identity.
85 * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
86 * @param keySize The size of the key.
87 * @return The generated key name.
Jeff Thompson9296f0c2013-09-23 18:10:27 -070088 */
89 Name
Jeff Thompsone7e069b2013-09-27 15:48:48 -070090 generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048);
Jeff Thompson9296f0c2013-09-23 18:10:27 -070091
92 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -070093 * Get the public key with the specified name.
94 * @param keyName The name of the key.
95 * @return The public key.
Jeff Thompson9296f0c2013-09-23 18:10:27 -070096 */
Jeff Thompsone7e069b2013-09-27 15:48:48 -070097 ptr_lib::shared_ptr<PublicKey>
98 getPublicKey(const Name& keyName)
99 {
100 return PublicKey::fromDer(identityStorage_->getKey(keyName));
101 }
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700102
103 /**
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700104 * Create an identity certificate for a public key managed by this IdentityManager.
105 * @param keyName The name of public key to be signed.
106 * @param signerCertificateName The name of signing certificate.
107 * @param notBefore The notBefore value in the validity field of the generated certificate.
108 * @param notAfter The notAfter vallue in validity field of the generated certificate.
109 * @return The name of generated identity certificate.
110 */
111 Name
112 createIdentityCertificate(const Name& keyName, const Name& signerCertificateName, const Time& notBefore, const Time& notAfter);
113
114 /**
115 * Create an identity certificate for a public key supplied by the caller.
116 * @param keyName The name of public key to be signed.
117 * @param publickey The public key to be signed.
118 * @param signerCertificateName The name of signing certificate.
119 * @param notBefore The notBefore value in the validity field of the generated certificate.
120 * @param notAfter The notAfter vallue in validity field of the generated certificate.
121 * @return The generated identity certificate.
122 */
123 ptr_lib::shared_ptr<IdentityCertificate>
124 createIdentityCertificate
125 (const Name& keyName, const PublicKey& publickey, const Name& signerCertificateName, const Time& notBefore, const Time& notAfter);
126
127 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700128 * Add a certificate into the public key identity storage.
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700129 * @param certificate The certificate to to added. This makes a copy of the certificate.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700130 */
131 void
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700132 addCertificate(const IdentityCertificate& certificate)
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700133 {
134 identityStorage_->addCertificate(certificate);
135 }
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700136
137 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700138 * Set the certificate as the default for its corresponding key.
139 * @param certificateName The name of the certificate.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700140 */
141 void
142 setDefaultCertificateForKey(const Name& certificateName);
143
144 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700145 * Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700146 * @param certificate The certificate to be added. This makes a copy of the certificate.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700147 */
148 void
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700149 addCertificateAsIdentityDefault(const IdentityCertificate& certificate);
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700150
151 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700152 * Add a certificate into the public key identity storage and set the certificate as the default of its corresponding key.
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700153 * @param certificate The certificate to be added. This makes a copy of the certificate.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700154 */
155 void
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700156 addCertificateAsDefault(const IdentityCertificate& certificate);
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700157
158 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700159 * Get a certificate with the specified name.
160 * @param certificateName The name of the requested certificate.
161 * @return the requested certificate which is valid.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700162 */
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700163 ptr_lib::shared_ptr<IdentityCertificate>
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700164 getCertificate(const Name& certificateName)
165 {
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700166 return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, false));
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700167 }
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700168
169 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700170 * Get a certificate even if the certificate is not valid anymore.
171 * @param certificateName The name of the requested certificate.
172 * @return the requested certificate.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700173 */
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700174 ptr_lib::shared_ptr<IdentityCertificate>
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700175 getAnyCertificate(const Name& certificateName)
176 {
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700177 return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, true));
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700178 }
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700179
180 /**
181 * Get the default certificate name for the specified identity, which will be used when signing is performed based on identity.
182 * @param identityName The name of the specified identity.
183 * @return The requested certificate name.
184 */
185 Name
186 getDefaultCertificateNameForIdentity(const Name& identityName)
187 {
188 return identityStorage_->getDefaultCertificateNameForIdentity(identityName);
189 }
190
191 /**
192 * Get the default certificate name of the default identity, which will be used when signing is based on identity and
193 * the identity is not specified.
194 * @return The requested certificate name.
195 */
196 Name
197 getDefaultCertificateName()
198 {
199 return identityStorage_->getDefaultCertificateNameForIdentity(getDefaultIdentity());
200 }
201
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700202 /**
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700203 * Sign the byte array data based on the certificate name.
204 * @param data The data to be signed.
205 * @param dataLength the length of data.
206 * @param certificateName The signing certificate name.
207 * @return The generated signature.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700208 */
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700209 ptr_lib::shared_ptr<Signature>
210 signByCertificate(const uint8_t* data, size_t dataLength, const Name& certificateName);
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700211
Jeff Thompson41471912013-09-12 16:21:50 -0700212 /**
Jeff Thompson86e1d752013-09-17 17:22:38 -0700213 * Sign data packet based on the certificate name.
Jeff Thompson41471912013-09-12 16:21:50 -0700214 * Note: the caller must make sure the timestamp in data is correct, for example with
215 * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
216 * @param data The Data object to sign and update its signature.
217 * @param certificateName The Name identifying the certificate which identifies the signing key.
218 * @param wireFormat The WireFormat for calling encodeData, or WireFormat::getDefaultWireFormat() if omitted.
219 */
Jeff Thompson0050abe2013-09-17 12:50:25 -0700220 void
Jeff Thompson86e1d752013-09-17 17:22:38 -0700221 signByCertificate(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
222
223private:
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700224 /**
225 * Generate a key pair for the specified identity.
226 * @param identityName The name of the specified identity.
227 * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
228 * @param keyType The type of the key pair, e.g. KEY_TYPE_RSA.
229 * @param keySize The size of the key pair.
230 * @return The name of the generated key.
231 */
232 Name
233 generateKeyPair(const Name& identityName, bool isKsk = false, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048);
234
235 /**
236 * Generate a self-signed certificate for a public key.
237 * @param keyName The name of the public key.
238 * @return The generated certificate.
239 */
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700240 ptr_lib::shared_ptr<IdentityCertificate>
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700241 selfSign(const Name& keyName);
242
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700243 ptr_lib::shared_ptr<IdentityStorage> identityStorage_;
Jeff Thompson86e1d752013-09-17 17:22:38 -0700244 ptr_lib::shared_ptr<PrivateKeyStorage> privateKeyStorage_;
Jeff Thompson41471912013-09-12 16:21:50 -0700245};
246
247}
248
249#endif