blob: 164a34f65d0a65de7fb3b8d5420ca9b0920687c8 [file] [log] [blame]
Yumin Xia2c509c22017-02-09 14:37:36 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/*
Alexander Afanasyev60514ec2020-06-03 14:18:53 -04003 * Copyright (c) 2014-2020, Regents of the University of California.
Yumin Xia2c509c22017-02-09 14:37:36 -08004 *
5 * This file is part of NDNS (Named Data Networking Domain Name Service).
6 * See AUTHORS.md for complete list of NDNS authors and contributors.
7 *
8 * NDNS is free software: you can redistribute it and/or modify it under the terms
9 * of the GNU General Public License as published by the Free Software Foundation,
10 * either version 3 of the License, or (at your option) any later version.
11 *
12 * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
13 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
14 * PURPOSE. See the GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * NDNS, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20#include "cert-helper.hpp"
21
22namespace ndn {
23namespace ndns {
24
25security::Identity
26CertHelper::getIdentity(const KeyChain& keyChain, const Name& identityName)
27{
28 return keyChain.getPib().getIdentity(identityName);
29}
30
31bool
32CertHelper::doesIdentityExist(const KeyChain& keyChain, const Name& identityName)
33{
34 try {
35 keyChain.getPib().getIdentity(identityName);
36 return true;
37 } catch (const std::exception&) {
38 return false;
39 }
40}
41
Alexander Afanasyev60514ec2020-06-03 14:18:53 -040042security::Certificate
Yumin Xia2c509c22017-02-09 14:37:36 -080043CertHelper::getCertificate(const KeyChain& keyChain,
44 const Name& identity,
45 const Name& certName)
46{
47 security::Identity id = keyChain.getPib().getIdentity(identity);
48 for (const auto& key : id.getKeys()) {
49 for (const auto& cert : key.getCertificates()) {
50 if (cert.getName() == certName) {
51 return cert;
52 }
53 }
54 }
55 BOOST_THROW_EXCEPTION(std::runtime_error(certName.toUri() + " does not exist"));
56}
57
58Name
59CertHelper::getIdentityNameFromCert(const Name& certName)
60{
61 static Name::Component keyComp("KEY");
62 for (size_t i = 0; i < certName.size(); ++i) {
63 if (certName.get(i) == keyComp) {
64 return certName.getPrefix(i);
65 }
66 }
67 BOOST_THROW_EXCEPTION(std::runtime_error(certName.toUri() + " is not a legal cert name"));
68}
69
Alexander Afanasyev60514ec2020-06-03 14:18:53 -040070security::Certificate
Yumin Xia2c509c22017-02-09 14:37:36 -080071CertHelper::getCertificate(const KeyChain& keyChain,
72 const Name& certName)
73{
74 Name identityName = getIdentityNameFromCert(certName);
75 return getCertificate(keyChain, identityName, certName);
76}
77
78const Name&
79CertHelper::getDefaultKeyNameOfIdentity(const KeyChain& keyChain, const Name& identityName)
80{
81 return getIdentity(keyChain, identityName).getDefaultKey().getName();
82}
83
84const Name&
85CertHelper::getDefaultCertificateNameOfIdentity(const KeyChain& keyChain, const Name& identityName)
86{
87 return getIdentity(keyChain, identityName).getDefaultKey()
88 .getDefaultCertificate()
89 .getName();
90}
91
Alexander Afanasyev60514ec2020-06-03 14:18:53 -040092security::Certificate
Yumin Xia2c509c22017-02-09 14:37:36 -080093CertHelper::createCertificate(KeyChain& keyChain,
94 const security::Key& key,
95 const security::Key& signingKey,
96 const std::string& issuer,
97 const time::seconds& certValidity)
98{
99 Name certificateName = key.getName();
100 certificateName
101 .append(issuer)
102 .appendVersion();
Alexander Afanasyev60514ec2020-06-03 14:18:53 -0400103 security::Certificate certificate;
Yumin Xia2c509c22017-02-09 14:37:36 -0800104 certificate.setName(certificateName);
105
106 // set metainfo
107 certificate.setContentType(ndn::tlv::ContentType_Key);
108 certificate.setFreshnessPeriod(time::hours(1));
109
110 // set content
111 certificate.setContent(key.getPublicKey().data(), key.getPublicKey().size());
112
113 // set signature-info
114 // to overcome the round-up issue in ndn-cxx setPeriod (notBefore is round up to the the next whole second)
115 // notBefore = now() - 1 second
116 SignatureInfo info;
117 info.setValidityPeriod(security::ValidityPeriod(time::system_clock::now() - time::seconds(1),
118 time::system_clock::now() + certValidity));
119
120 keyChain.sign(certificate, signingByKey(signingKey).setSignatureInfo(info));
121 return certificate;
122}
123
124} // namespace ndns
125} // namespace ndn
126