Update validation related codes to security v2
Change-Id: I5467b87092820666c04f22623f0f1665ce9a1194
diff --git a/src/util/cert-helper.cpp b/src/util/cert-helper.cpp
new file mode 100644
index 0000000..b4f3cab
--- /dev/null
+++ b/src/util/cert-helper.cpp
@@ -0,0 +1,126 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2014-2017, Regents of the University of California.
+ *
+ * This file is part of NDNS (Named Data Networking Domain Name Service).
+ * See AUTHORS.md for complete list of NDNS authors and contributors.
+ *
+ * NDNS is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * NDNS, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "cert-helper.hpp"
+
+namespace ndn {
+namespace ndns {
+
+security::Identity
+CertHelper::getIdentity(const KeyChain& keyChain, const Name& identityName)
+{
+ return keyChain.getPib().getIdentity(identityName);
+}
+
+bool
+CertHelper::doesIdentityExist(const KeyChain& keyChain, const Name& identityName)
+{
+ try {
+ keyChain.getPib().getIdentity(identityName);
+ return true;
+ } catch (const std::exception&) {
+ return false;
+ }
+}
+
+security::v2::Certificate
+CertHelper::getCertificate(const KeyChain& keyChain,
+ const Name& identity,
+ const Name& certName)
+{
+ security::Identity id = keyChain.getPib().getIdentity(identity);
+ for (const auto& key : id.getKeys()) {
+ for (const auto& cert : key.getCertificates()) {
+ if (cert.getName() == certName) {
+ return cert;
+ }
+ }
+ }
+ BOOST_THROW_EXCEPTION(std::runtime_error(certName.toUri() + " does not exist"));
+}
+
+Name
+CertHelper::getIdentityNameFromCert(const Name& certName)
+{
+ static Name::Component keyComp("KEY");
+ for (size_t i = 0; i < certName.size(); ++i) {
+ if (certName.get(i) == keyComp) {
+ return certName.getPrefix(i);
+ }
+ }
+ BOOST_THROW_EXCEPTION(std::runtime_error(certName.toUri() + " is not a legal cert name"));
+}
+
+security::v2::Certificate
+CertHelper::getCertificate(const KeyChain& keyChain,
+ const Name& certName)
+{
+ Name identityName = getIdentityNameFromCert(certName);
+ return getCertificate(keyChain, identityName, certName);
+}
+
+const Name&
+CertHelper::getDefaultKeyNameOfIdentity(const KeyChain& keyChain, const Name& identityName)
+{
+ return getIdentity(keyChain, identityName).getDefaultKey().getName();
+}
+
+const Name&
+CertHelper::getDefaultCertificateNameOfIdentity(const KeyChain& keyChain, const Name& identityName)
+{
+ return getIdentity(keyChain, identityName).getDefaultKey()
+ .getDefaultCertificate()
+ .getName();
+}
+
+security::v2::Certificate
+CertHelper::createCertificate(KeyChain& keyChain,
+ const security::Key& key,
+ const security::Key& signingKey,
+ const std::string& issuer,
+ const time::seconds& certValidity)
+{
+ Name certificateName = key.getName();
+ certificateName
+ .append(issuer)
+ .appendVersion();
+ security::v2::Certificate certificate;
+ certificate.setName(certificateName);
+
+ // set metainfo
+ certificate.setContentType(ndn::tlv::ContentType_Key);
+ certificate.setFreshnessPeriod(time::hours(1));
+
+ // set content
+ certificate.setContent(key.getPublicKey().data(), key.getPublicKey().size());
+
+ // set signature-info
+ // to overcome the round-up issue in ndn-cxx setPeriod (notBefore is round up to the the next whole second)
+ // notBefore = now() - 1 second
+ SignatureInfo info;
+ info.setValidityPeriod(security::ValidityPeriod(time::system_clock::now() - time::seconds(1),
+ time::system_clock::now() + certValidity));
+
+ keyChain.sign(certificate, signingByKey(signingKey).setSignatureInfo(info));
+ return certificate;
+}
+
+} // namespace ndns
+} // namespace ndn
+
diff --git a/src/util/cert-helper.hpp b/src/util/cert-helper.hpp
new file mode 100644
index 0000000..8e7297f
--- /dev/null
+++ b/src/util/cert-helper.hpp
@@ -0,0 +1,70 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/*
+ * Copyright (c) 2014-2017, Regents of the University of California.
+ *
+ * This file is part of NDNS (Named Data Networking Domain Name Service).
+ * See AUTHORS.md for complete list of NDNS authors and contributors.
+ *
+ * NDNS is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * NDNS, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef NDNS_UTIL_CERT_HELPER_HPP
+#define NDNS_UTIL_CERT_HELPER_HPP
+
+#include "common.hpp"
+#include <ndn-cxx/security/key-chain.hpp>
+#include <ndn-cxx/encoding/tlv.hpp>
+#include <ndn-cxx/security/signing-helpers.hpp>
+
+namespace ndn {
+namespace ndns {
+
+class CertHelper
+{
+public:
+ static security::Identity
+ getIdentity(const KeyChain& keyChain, const Name& identityName);
+
+ static bool
+ doesIdentityExist(const KeyChain& keyChain, const Name& identityName);
+
+ static Name
+ getIdentityNameFromCert(const Name& certName);
+
+ static security::v2::Certificate
+ getCertificate(const KeyChain& keyChain,
+ const Name& identity,
+ const Name& certName);
+
+ static security::v2::Certificate
+ getCertificate(const KeyChain& keyChain,
+ const Name& certName);
+
+ static const Name&
+ getDefaultKeyNameOfIdentity(const KeyChain& keyChain, const Name& identityName);
+
+ static const Name&
+ getDefaultCertificateNameOfIdentity(const KeyChain& keyChain, const Name& identityName);
+
+ static security::v2::Certificate
+ createCertificate(KeyChain& keyChain,
+ const security::Key& key,
+ const security::Key& signingKey,
+ const std::string& issuer,
+ const time::seconds& certValidity = time::days(10));
+};
+
+
+} // namespace ndns
+} // namespace ndn
+
+#endif // NDNS_UTIL_CERT_HELPER_HPP
diff --git a/src/util/util.cpp b/src/util/util.cpp
index 3c8adb8..47fbc52 100644
--- a/src/util/util.cpp
+++ b/src/util/util.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2014-2016, Regents of the University of California.
+/*
+ * Copyright (c) 2014-2017, Regents of the University of California.
*
* This file is part of NDNS (Named Data Networking Domain Name Service).
* See AUTHORS.md for complete list of NDNS authors and contributors.
@@ -18,11 +18,16 @@
*/
#include "util.hpp"
-#include <ndn-cxx/security/v1/cryptopp.hpp>
+
+#include <ndn-cxx/security/transform.hpp>
namespace ndn {
namespace ndns {
+using security::transform::base64Encode;
+using security::transform::streamSink;
+using security::transform::bufferSource;
+
NdnsContentType
toNdnsContentType(const std::string& str)
{
@@ -45,17 +50,14 @@
void
output(const Data& data, std::ostream& os, const bool isPretty)
{
- using namespace CryptoPP;
const Block& block = data.wireEncode();
if (!isPretty) {
- StringSource ss(block.wire(), block.size(), true,
- new Base64Encoder(new FileSink(os), true, 64));
+ bufferSource(block.wire(), block.size()) >> base64Encode() >> streamSink(os);
}
else {
os << "Name: " << data.getName().toUri() << std::endl;
os << "KeyLocator: " << data.getSignature().getKeyLocator().getName().toUri() << std::endl;
- StringSource ss(block.wire(), block.size(), true,
- new Base64Encoder(new FileSink(os), true, 64));
+ bufferSource(block.wire(), block.size()) >> base64Encode() >> streamSink(os);
os << std::endl;
}
}