blob: da470f759d022b993fcef385f992004304b258e9 [file] [log] [blame]
Jeff Thompson25b4e612013-10-10 16:03:24 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
Jeff Thompson47c93cf2013-08-09 00:38:48 -07002/**
Jeff Thompson7687dc02013-09-13 11:54:07 -07003 * Copyright (C) 2013 Regents of the University of California.
Jeff Thompsonba16b8f2013-12-16 13:11:47 -08004 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
Jeff Thompson7687dc02013-09-13 11:54:07 -07005 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson47c93cf2013-08-09 00:38:48 -07006 * See COPYING for copyright and distribution information.
7 */
8
9#ifndef NDN_KEY_CHAIN_HPP
Jeff Thompson2d27e2f2013-08-09 12:55:00 -070010#define NDN_KEY_CHAIN_HPP
Jeff Thompson47c93cf2013-08-09 00:38:48 -070011
Jeff Thompson7a67cb62013-08-26 11:43:18 -070012#include "../data.hpp"
Jeff Thompson2ce8f492013-09-17 18:01:25 -070013#include "../face.hpp"
14#include "identity/identity-manager.hpp"
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070015#include "encryption/encryption-manager.hpp"
Jeff Thompsonba16b8f2013-12-16 13:11:47 -080016#include "policy/validation-request.hpp"
Jeff Thompson47c93cf2013-08-09 00:38:48 -070017
18namespace ndn {
19
Jeff Thompson29ce3102013-09-27 11:47:48 -070020class PolicyManager;
21
Jeff Thompson2ce8f492013-09-17 18:01:25 -070022/**
Jeff Thompsonba16b8f2013-12-16 13:11:47 -080023 * KeyChain is the main class of the security library.
Jeff Thompsonffa36f92013-09-20 08:42:41 -070024 *
Jeff Thompsonba16b8f2013-12-16 13:11:47 -080025 * The KeyChain class provides a set of interfaces to the security library such as identity management, policy configuration
Jeff Thompsonffa36f92013-09-20 08:42:41 -070026 * and packet signing and verification.
27 */
Jeff Thompson47c93cf2013-08-09 00:38:48 -070028class KeyChain {
29public:
Alexander Afanasyev64a3d812014-01-05 23:35:05 -080030 struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
Jeff Thompson2ce8f492013-09-17 18:01:25 -070031
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -080032 KeyChain(const ptr_lib::shared_ptr<IdentityManager> &identityManager = DefaultIdentityManager,
33 const ptr_lib::shared_ptr<PolicyManager> &policyManager = DefaultPolicyManager,
34 const ptr_lib::shared_ptr<EncryptionManager> &encryptionManager = DefaultEncryptionManager);
Alexander Afanasyev64a3d812014-01-05 23:35:05 -080035
36 /**
37 * @brief Set the Face which will be used to fetch required certificates.
38 * @param face A pointer to the Face object.
39 *
40 * Setting face is necessary for keychain operation that involve fetching data.
41 */
42 void
43 setFace(const ptr_lib::shared_ptr<Face> &face) { face_ = face; }
44
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070045 /*****************************************
46 * Identity Management *
47 *****************************************/
48
Alexander Afanasyev64a3d812014-01-05 23:35:05 -080049 inline IdentityManager&
50 identities()
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070051 {
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -080052 if (!identityManager_)
53 throw Error("IdentityManager is not assigned to the KeyChain");
54
Alexander Afanasyev64a3d812014-01-05 23:35:05 -080055 return *identityManager_;
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070056 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070057
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070058 /*****************************************
59 * Policy Management *
60 *****************************************/
61
Alexander Afanasyev64a3d812014-01-05 23:35:05 -080062 inline PolicyManager&
63 policies()
64 {
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -080065 if (!policyManager_)
66 throw Error("PolicyManager is not assigned to the KeyChain");
67
Alexander Afanasyev64a3d812014-01-05 23:35:05 -080068 return *policyManager_;
69 }
70
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070071 /*****************************************
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -080072 * Encryption Management *
73 *****************************************/
74
75 inline EncryptionManager&
76 encryption()
77 {
78 if (!encryptionManager_)
79 throw Error("EncryptionManager is not assigned to the KeyChain");
80
81 return *encryptionManager_;
82 }
83
84 /*****************************************
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070085 * Sign/Verify *
86 *****************************************/
87
Jeff Thompson47c93cf2013-08-09 00:38:48 -070088 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -070089 * Wire encode the Data object, sign it and set its signature.
Jeff Thompsonade5b1e2013-08-09 12:16:45 -070090 * Note: the caller must make sure the timestamp is correct, for example with
Jeff Thompsonfec716d2013-09-11 13:54:36 -070091 * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
Jeff Thompson2ce8f492013-09-17 18:01:25 -070092 * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
Jeff Thompson9296f0c2013-09-23 18:10:27 -070093 * @param certificateName The certificate name of the key to use for signing. If omitted, infer the signing identity from the data packet name.
Jeff Thompson3c73da42013-08-12 11:19:05 -070094 */
Jeff Thompson2ce8f492013-09-17 18:01:25 -070095 void
Alexander Afanasyev64a3d812014-01-05 23:35:05 -080096 sign(Data& data, const Name& certificateName);
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070097
Jeff Thompson29ce3102013-09-27 11:47:48 -070098 /**
Jeff Thompsonc01e1782013-10-21 14:08:42 -070099 * Sign the byte array using a certificate name and return a Signature object.
100 * @param buffer The byte array to be signed.
101 * @param bufferLength the length of buffer.
102 * @param certificateName The certificate name used to get the signing key and which will be put into KeyLocator.
103 * @return The Signature.
104 */
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800105 Signature
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700106 sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
107
108 /**
Jeff Thompson29ce3102013-09-27 11:47:48 -0700109 * Wire encode the Data object, sign it and set its signature.
110 * Note: the caller must make sure the timestamp is correct, for example with
111 * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
112 * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
113 * @param identityName The identity name for the key to use for signing. If omitted, infer the signing identity from the data packet name.
Jeff Thompson29ce3102013-09-27 11:47:48 -0700114 */
115 void
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800116 signByIdentity(Data& data, const Name& identityName = Name());
Jeff Thompson3c73da42013-08-12 11:19:05 -0700117
118 /**
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700119 * Sign the byte array using an identity name and return a Signature object.
120 * @param buffer The byte array to be signed.
121 * @param bufferLength the length of buffer.
122 * @param identityName The identity name.
123 * @return The Signature.
124 */
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800125 Signature
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700126 signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
127
128 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700129 * Check the signature on the Data object and call either onVerify or onVerifyFailed.
130 * We use callback functions because verify may fetch information to check the signature.
Jeff Thompson29ce3102013-09-27 11:47:48 -0700131 * @param data The Data object with the signature to check. It is an error if data does not have a wireEncoding.
132 * To set the wireEncoding, you can call data.wireDecode.
133 * @param onVerified If the signature is verified, this calls onVerified(data).
134 * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700135 */
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700136 void
Jeff Thompson7c5d2312013-09-25 16:07:15 -0700137 verifyData
138 (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700139
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700140 /*****************************************
141 * Encrypt/Decrypt *
142 *****************************************/
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800143 // todo
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800144
145public:
146 static const ptr_lib::shared_ptr<IdentityManager> DefaultIdentityManager;
147 static const ptr_lib::shared_ptr<PolicyManager> DefaultPolicyManager;
148 static const ptr_lib::shared_ptr<EncryptionManager> DefaultEncryptionManager;
149
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700150private:
Jeff Thompsoncda349e2013-11-05 17:37:39 -0800151 void
152 onCertificateData
153 (const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
154
155 void
156 onCertificateInterestTimeout
157 (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed,
158 const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
159
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800160private:
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800161 ptr_lib::shared_ptr<IdentityManager> identityManager_;
162 ptr_lib::shared_ptr<PolicyManager> policyManager_;
163 ptr_lib::shared_ptr<EncryptionManager> encryptionManager_;
164
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800165 ptr_lib::shared_ptr<Face> face_;
166
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700167 const int maxSteps_;
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700168};
169
170}
171
172#endif