Yumin Xia | 2c509c2 | 2017-02-09 14:37:36 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
| 2 | /* |
Alexander Afanasyev | 60514ec | 2020-06-03 14:18:53 -0400 | [diff] [blame] | 3 | * Copyright (c) 2014-2020, Regents of the University of California. |
Yumin Xia | 2c509c2 | 2017-02-09 14:37:36 -0800 | [diff] [blame] | 4 | * |
| 5 | * This file is part of NDNS (Named Data Networking Domain Name Service). |
| 6 | * See AUTHORS.md for complete list of NDNS authors and contributors. |
| 7 | * |
| 8 | * NDNS is free software: you can redistribute it and/or modify it under the terms |
| 9 | * of the GNU General Public License as published by the Free Software Foundation, |
| 10 | * either version 3 of the License, or (at your option) any later version. |
| 11 | * |
| 12 | * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; |
| 13 | * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR |
| 14 | * PURPOSE. See the GNU General Public License for more details. |
| 15 | * |
| 16 | * You should have received a copy of the GNU General Public License along with |
| 17 | * NDNS, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>. |
| 18 | */ |
| 19 | |
| 20 | #include "cert-helper.hpp" |
| 21 | |
| 22 | namespace ndn { |
| 23 | namespace ndns { |
| 24 | |
| 25 | security::Identity |
| 26 | CertHelper::getIdentity(const KeyChain& keyChain, const Name& identityName) |
| 27 | { |
| 28 | return keyChain.getPib().getIdentity(identityName); |
| 29 | } |
| 30 | |
| 31 | bool |
| 32 | CertHelper::doesIdentityExist(const KeyChain& keyChain, const Name& identityName) |
| 33 | { |
| 34 | try { |
| 35 | keyChain.getPib().getIdentity(identityName); |
| 36 | return true; |
| 37 | } catch (const std::exception&) { |
| 38 | return false; |
| 39 | } |
| 40 | } |
| 41 | |
Alexander Afanasyev | 60514ec | 2020-06-03 14:18:53 -0400 | [diff] [blame] | 42 | security::Certificate |
Yumin Xia | 2c509c2 | 2017-02-09 14:37:36 -0800 | [diff] [blame] | 43 | CertHelper::getCertificate(const KeyChain& keyChain, |
| 44 | const Name& identity, |
| 45 | const Name& certName) |
| 46 | { |
| 47 | security::Identity id = keyChain.getPib().getIdentity(identity); |
| 48 | for (const auto& key : id.getKeys()) { |
| 49 | for (const auto& cert : key.getCertificates()) { |
| 50 | if (cert.getName() == certName) { |
| 51 | return cert; |
| 52 | } |
| 53 | } |
| 54 | } |
| 55 | BOOST_THROW_EXCEPTION(std::runtime_error(certName.toUri() + " does not exist")); |
| 56 | } |
| 57 | |
| 58 | Name |
| 59 | CertHelper::getIdentityNameFromCert(const Name& certName) |
| 60 | { |
| 61 | static Name::Component keyComp("KEY"); |
| 62 | for (size_t i = 0; i < certName.size(); ++i) { |
| 63 | if (certName.get(i) == keyComp) { |
| 64 | return certName.getPrefix(i); |
| 65 | } |
| 66 | } |
| 67 | BOOST_THROW_EXCEPTION(std::runtime_error(certName.toUri() + " is not a legal cert name")); |
| 68 | } |
| 69 | |
Alexander Afanasyev | 60514ec | 2020-06-03 14:18:53 -0400 | [diff] [blame] | 70 | security::Certificate |
Yumin Xia | 2c509c2 | 2017-02-09 14:37:36 -0800 | [diff] [blame] | 71 | CertHelper::getCertificate(const KeyChain& keyChain, |
| 72 | const Name& certName) |
| 73 | { |
| 74 | Name identityName = getIdentityNameFromCert(certName); |
| 75 | return getCertificate(keyChain, identityName, certName); |
| 76 | } |
| 77 | |
| 78 | const Name& |
| 79 | CertHelper::getDefaultKeyNameOfIdentity(const KeyChain& keyChain, const Name& identityName) |
| 80 | { |
| 81 | return getIdentity(keyChain, identityName).getDefaultKey().getName(); |
| 82 | } |
| 83 | |
| 84 | const Name& |
| 85 | CertHelper::getDefaultCertificateNameOfIdentity(const KeyChain& keyChain, const Name& identityName) |
| 86 | { |
| 87 | return getIdentity(keyChain, identityName).getDefaultKey() |
| 88 | .getDefaultCertificate() |
| 89 | .getName(); |
| 90 | } |
| 91 | |
Alexander Afanasyev | 60514ec | 2020-06-03 14:18:53 -0400 | [diff] [blame] | 92 | security::Certificate |
Yumin Xia | 2c509c2 | 2017-02-09 14:37:36 -0800 | [diff] [blame] | 93 | CertHelper::createCertificate(KeyChain& keyChain, |
| 94 | const security::Key& key, |
| 95 | const security::Key& signingKey, |
| 96 | const std::string& issuer, |
| 97 | const time::seconds& certValidity) |
| 98 | { |
| 99 | Name certificateName = key.getName(); |
| 100 | certificateName |
| 101 | .append(issuer) |
| 102 | .appendVersion(); |
Alexander Afanasyev | 60514ec | 2020-06-03 14:18:53 -0400 | [diff] [blame] | 103 | security::Certificate certificate; |
Yumin Xia | 2c509c2 | 2017-02-09 14:37:36 -0800 | [diff] [blame] | 104 | certificate.setName(certificateName); |
| 105 | |
| 106 | // set metainfo |
| 107 | certificate.setContentType(ndn::tlv::ContentType_Key); |
| 108 | certificate.setFreshnessPeriod(time::hours(1)); |
| 109 | |
| 110 | // set content |
| 111 | certificate.setContent(key.getPublicKey().data(), key.getPublicKey().size()); |
| 112 | |
| 113 | // set signature-info |
| 114 | // to overcome the round-up issue in ndn-cxx setPeriod (notBefore is round up to the the next whole second) |
| 115 | // notBefore = now() - 1 second |
| 116 | SignatureInfo info; |
| 117 | info.setValidityPeriod(security::ValidityPeriod(time::system_clock::now() - time::seconds(1), |
| 118 | time::system_clock::now() + certValidity)); |
| 119 | |
| 120 | keyChain.sign(certificate, signingByKey(signingKey).setSignatureInfo(info)); |
| 121 | return certificate; |
| 122 | } |
| 123 | |
| 124 | } // namespace ndns |
| 125 | } // namespace ndn |
| 126 | |