Gitiles
Code Review Sign In
gerrit.named-data.net / ndns / d6b3bda24b001e9bc909188c25f45a084b8c3046 / . / src / mgmt / management-tool.cpp
blob: 10e8aae68ab7ad9d3ddb5dd70eea378be424381c [file] [log] [blame]
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2014, Regents of the University of California.
4 *
5 * This file is part of NDNS (Named Data Networking Domain Name Service).
6 * See AUTHORS.md for complete list of NDNS authors and contributors.
7 *
8 * NDNS is free software: you can redistribute it and/or modify it under the terms
9 * of the GNU General Public License as published by the Free Software Foundation,
10 * either version 3 of the License, or (at your option) any later version.
11 *
12 * NDNS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
13 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
14 * PURPOSE. See the GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * NDNS, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20#include "management-tool.hpp"
21#include "logger.hpp"
22#include "ndns-label.hpp"
23#include "ndns-tlv.hpp"
24
25#include <string>
26#include <iomanip>
27
28#include <boost/filesystem/operations.hpp>
29#include <boost/filesystem/path.hpp>
30#include <boost/algorithm/string/replace.hpp>
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]31#include <boost/lexical_cast.hpp>
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]32
33#include <ndn-cxx/util/io.hpp>
34#include <ndn-cxx/util/regex.hpp>
35#include <ndn-cxx/encoding/oid.hpp>
36#include <ndn-cxx/security/cryptopp.hpp>
37
38namespace ndn {
39namespace ndns {
40
41NDNS_LOG_INIT("ManagementTool");
42
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]43ManagementTool::ManagementTool(const std::string& dbFile, KeyChain& keyChain)
44 : m_keyChain(keyChain)
45 , m_dbMgr(dbFile)
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]46{
47}
48
49void
50ManagementTool::createZone(const Name &zoneName,
51 const Name& parentZoneName,
52 const time::seconds& cacheTtl,
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]53 const time::seconds& certValidity,
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]54 const Name& kskCertName,
55 const Name& dskCertName)
56{
57 bool isRoot = zoneName == ROOT_ZONE;
58
59 //check preconditions
60 Zone zone(zoneName, cacheTtl);
61 if (m_dbMgr.find(zone)) {
62 throw Error(zoneName.toUri() + " is already presented in the NDNS db");
63 }
64
65 if (!isRoot && parentZoneName.equals(zoneName)) {
66 throw Error("Parent zone name can not be the zone itself");
67 }
68
69 if (!isRoot && !parentZoneName.isPrefixOf(zoneName)) {
70 throw Error(parentZoneName.toUri() + " is not a prefix of " + zoneName.toUri());
71 }
72
73 if (kskCertName != DEFAULT_CERT) {
74 if (!matchCertificate(kskCertName, zoneName)) {
75 throw Error("Cannot verify KSK certificate");
76 }
77 }
78
79 if (dskCertName != DEFAULT_CERT) {
80 if (!matchCertificate(dskCertName, zoneName)) {
81 throw Error("Cannot verify DSK certificate");
82 }
83 }
84
85 if (kskCertName == DEFAULT_CERT && isRoot) {
86 throw Error("Cannot generate KSK for root zone");
87 }
88
89 //first generate KSK and DSK to the keyChain system, and add DSK as default
90 NDNS_LOG_INFO("Start generating KSK and DSK and their corresponding certificates");
91 time::system_clock::TimePoint notBefore = time::system_clock::now();
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]92 time::system_clock::TimePoint notAfter = notBefore + certValidity;
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]93 shared_ptr<IdentityCertificate> kskCert;
94
95 if (kskCertName == DEFAULT_CERT) {
96 //create KSK's certificate
97 Name kskName = m_keyChain.generateRsaKeyPair(zoneName, true);
98 std::vector<CertificateSubjectDescription> kskDesc;
99 kskCert = m_keyChain.prepareUnsignedIdentityCertificate(kskName, zoneName, notBefore, notAfter,
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]100 kskDesc, parentZoneName);
101 kskCert->setFreshnessPeriod(cacheTtl);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]102
103 m_keyChain.selfSign(*kskCert);
104 m_keyChain.addCertificate(*kskCert);
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]105 NDNS_LOG_INFO("Generated KSK: " << kskCert->getName());
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]106 }
107 else {
108 kskCert = m_keyChain.getCertificate(kskCertName);
109 }
110
111 Name dskName;
112 shared_ptr<IdentityCertificate> dskCert;
113 if (dskCertName == DEFAULT_CERT) {
114 dskName = m_keyChain.generateRsaKeyPairAsDefault(zoneName, false);
115 //create DSK's certificate
116 std::vector<CertificateSubjectDescription> dskDesc;
117 dskCert = m_keyChain.prepareUnsignedIdentityCertificate(dskName, zoneName, notBefore, notAfter,
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]118 dskDesc, zoneName);
119 dskCert->setFreshnessPeriod(cacheTtl);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]120 m_keyChain.sign(*dskCert, kskCert->getName());
121 m_keyChain.addCertificateAsKeyDefault(*dskCert);
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]122 NDNS_LOG_INFO("Generated DSK: " << dskCert->getName());
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]123 }
124 else {
125 dskCert = m_keyChain.getCertificate(dskCertName);
126 dskName = dskCert->getPublicKeyName();
127 m_keyChain.setDefaultKeyNameForIdentity(dskName);
128 m_keyChain.setDefaultCertificateNameForKey(dskCert->getName());
129 }
130
131 //second add zone to the database
132 NDNS_LOG_INFO("Start adding new zone to data base");
133 addZone(zone);
134
135 //third create ID-cert
136 NDNS_LOG_INFO("Start creating DSK's ID-CERT");
137 addIdCert(zone, dskCert, cacheTtl);
138}
139
140void
141ManagementTool::deleteZone(const Name& zoneName)
142{
143 //check pre-conditions
144 Zone zone(zoneName);
145 if (!m_dbMgr.find(zone)) {
146 throw Error(zoneName.toUri() + " is not presented in the NDNS db");
147 }
148
149 //first remove all rrsets of this zone from local ndns database
150 std::vector<Rrset> rrsets = m_dbMgr.findRrsets(zone);
151 for (Rrset& rrset : rrsets) {
152 m_dbMgr.remove(rrset);
153 }
154
155 //second remove zone from local ndns database
156 removeZone(zone);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]157}
158
159void
160ManagementTool::exportCertificate(const Name& certName, const std::string& outFile)
161{
162 //search for the certificate, start from KeyChain then local NDNS database
163 shared_ptr<IdentityCertificate> cert;
164 if (m_keyChain.doesCertificateExist(certName)) {
165 cert = m_keyChain.getCertificate(certName);
166 }
167 else {
168 shared_ptr<Regex> regex = make_shared<Regex>("(<>*)<KEY>(<>+)<ID-CERT><>");
169 if (regex->match(certName) != true) {
170 throw Error("Certificate name is illegal");
171 }
172 Name zoneName = regex->expand("\\1");
173 Name label = regex->expand("\\2");
174
175 Zone zone(zoneName);
176 Rrset rrset(&zone);
177 rrset.setLabel(label);
178 rrset.setType(label::CERT_RR_TYPE);
179 if (m_dbMgr.find(rrset)) {
180 Data data(rrset.getData());
181 cert = make_shared<IdentityCertificate>(data);
182 }
183 else {
184 throw Error("Cannot find the cert: " + certName.toUri());
185 }
186 }
187
188 if (outFile == DEFAULT_IO) {
189 ndn::io::save(*cert, std::cout);
190 }
191 else {
192 ndn::io::save(*cert, outFile);
193 NDNS_LOG_INFO("save cert to file: " << outFile);
194 }
195}
196
197void
198ManagementTool::addRrSet(const Name& zoneName,
199 const Name& label,
200 const name::Component& type,
201 NdnsType ndnsType,
202 const uint64_t version,
203 const std::vector<std::string>& contents,
204 const Name& inputDskCertName,
205 const time::seconds& ttl)
206{
207 // check pre-condition
208 Zone zone(zoneName);
209 if (!m_dbMgr.find(zone)) {
210 throw Error(zoneName.toUri() + " is not presented in the NDNS db");
211 }
212
213 if (ndnsType == NDNS_UNKNOWN) {
214 throw Error("The ndns type is unknown");
215 }
216
217 if (type == label::CERT_RR_TYPE) {
218 throw Error("It cannot handle ID-CERT rrset type");
219 }
220
221 // check strange rr type and ndns type combination
222 if (type == label::NS_RR_TYPE && ndnsType == NDNS_RAW) {
223 throw Error("NS cannot be of the type NDNS_RAW");
224 }
225
226 if (type == label::TXT_RR_TYPE && ndnsType != NDNS_RESP) {
227 throw Error("TXT cannot be of the type NDNS_RAW or NDNS_AUTH");
228 }
229
230 if (ndnsType == NDNS_RAW && contents.size() != 1) {
231 throw Error("NDNS_RAW must contain a single content element");
232 }
233
234 Name dskName;
235 Name dskCertName = inputDskCertName;
236 if (dskCertName == DEFAULT_CERT) {
237 dskName = m_keyChain.getDefaultKeyNameForIdentity(zoneName);
238 dskCertName = m_keyChain.getDefaultCertificateNameForKey(dskName);
239 }
240 else {
241 if (!matchCertificate(dskCertName, zoneName)) {
242 throw Error("Cannot verify certificate");
243 }
244 }
245
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]246 time::seconds actualTtl = ttl;
247 if (ttl == DEFAULT_RR_TTL)
248 actualTtl = zone.getTtl();
249
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]250 // set rrset
251 Rrset rrset(&zone);
252 rrset.setLabel(label);
253 rrset.setType(type);
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]254 rrset.setTtl(actualTtl);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]255
256 // set response
257 Response re;
258 re.setZone(zoneName);
259 re.setQueryType(label::NDNS_ITERATIVE_QUERY);
260 re.setRrLabel(label);
261 re.setRrType(type);
262 re.setNdnsType(ndnsType);
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]263 re.setFreshnessPeriod(actualTtl);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]264
265 //set content according to ndns type
266 if (ndnsType == NDNS_RAW) {
267 Block tmp = ndn::dataBlock(ndn::tlv::Content, contents[0].c_str(), contents[0].length());
268 re.setAppContent(tmp);
269 }
270 else if (ndnsType != NDNS_AUTH) {
271 if (contents.empty()) {
272 re.addRr("");
273 }
274 else {
275 for (const auto& item : contents) {
276 re.addRr(item);
277 }
278 }
279 }
280
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]281 if (version != VERSION_USE_UNIX_TIMESTAMP) {
282 name::Component tmp = name::Component::fromVersion(version);
283 re.setVersion(tmp);
284 }
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]285 shared_ptr<Data> data = re.toData();
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]286 m_keyChain.sign(*data, dskCertName);
287
288 rrset.setVersion(re.getVersion());
289 rrset.setData(data->wireEncode());
290
291 if (m_dbMgr.find(rrset)) {
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]292 throw Error("Duplicate " + boost::lexical_cast<std::string>(rrset));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]293 }
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]294 NDNS_LOG_INFO("Added " << rrset);
295
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]296 m_dbMgr.insert(rrset);
297}
298
299void
300ManagementTool::addRrSet(const Name& zoneName,
301 const std::string& inFile,
302 const time::seconds& ttl,
303 const Name& inputDskCertName)
304{
305 //check precondition
306 Zone zone(zoneName);
307 if (!m_dbMgr.find(zone)) {
308 throw Error(zoneName.toUri() + " is not presented in the NDNS db");
309 }
310
311 Name dskName;
312 Name dskCertName = inputDskCertName;
313 if (dskCertName == DEFAULT_CERT) {
314 dskName = m_keyChain.getDefaultKeyNameForIdentity(zoneName);
315 dskCertName = m_keyChain.getDefaultCertificateNameForKey(dskName);
316 }
317 else {
318 if (!matchCertificate(dskCertName, zoneName)) {
319 throw Error("Cannot verify certificate");
320 }
321 }
322
323 if (inFile != DEFAULT_IO) {
324 boost::filesystem::path dir = boost::filesystem::path(inFile);
325 if (!boost::filesystem::exists(dir) || boost::filesystem::is_directory(dir)) {
326 throw Error("Data: " + inFile + " does not exist");
327 }
328 }
329
330 //first load the data
331 shared_ptr<Data> data;
332 if (inFile == DEFAULT_IO)
333 data = ndn::io::load<ndn::Data>(std::cin);
334 else
335 data = ndn::io::load<ndn::Data>(inFile);
336
337 //determine whether the data is a self-signed certificate
338 shared_ptr<Regex> regex1 = make_shared<Regex>("(<>*)<KEY>(<>+)<ID-CERT><>");
339 if (regex1->match(data->getName())) {
340 IdentityCertificate scert(*data);
341 Name keyName = scert.getPublicKeyName();
342 Name keyLocator = scert.getSignature().getKeyLocator().getName();
343
344 //if it is, extract the content and name from the data, and resign it using the dsk.
345 shared_ptr<Regex> regex2 = make_shared<Regex>("(<>*)<KEY>(<>+)<ID-CERT>");
346 BOOST_VERIFY(regex2->match(keyLocator) == true);
347 if (keyName == regex2->expand("\\1\\2")) {
348 shared_ptr<Data> pre = data;
349 Name name = pre->getName();
350 //check whether the name is legal or not. if not converting it to a legal name
351 if (zoneName != regex1->expand("\\1")) {
352 Name comp1 = regex1->expand("\\1").getSubName(zoneName.size());
353 Name comp2 = regex1->expand("\\2");
354 name = zoneName;
355 name.append("KEY");
356 name.append(comp1);
357 name.append(comp2);
358 name.append("ID-CERT");
359 name.append(pre->getName().get(-1));
360 }
361
362 data = make_shared<Data>();
363 data->setName(name);
364 data->setContent(pre->getContent());
365
366 m_keyChain.sign(*data, dskCertName);
367 }
368 }
369
370 // create response for the input data
371 Response re;
372 Name hint;
373 re.fromData(hint, zoneName, *data);
374 Name label = re.getRrLabel();
375 name::Component type = re.getRrType();
376
377 Rrset rrset(&zone);
378 rrset.setLabel(label);
379 rrset.setType(type);
380 if (ttl == DEFAULT_RR_TTL)
381 rrset.setTtl(zone.getTtl());
382 else
383 rrset.setTtl(ttl);
384 rrset.setVersion(re.getVersion());
385 rrset.setData(data->wireEncode());
386
387 if (m_dbMgr.find(rrset)) {
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]388 throw Error("Duplicate " + boost::lexical_cast<std::string>(rrset));
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]389 }
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]390 NDNS_LOG_INFO("Added " << rrset);
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]391 m_dbMgr.insert(rrset);
392}
393
394void
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]395ManagementTool::listZone(const Name& zoneName, std::ostream& os, const bool printRaw)
396{
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]397 Zone zone(zoneName);
398 if (!m_dbMgr.find(zone)) {
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]399 throw Error("Zone " + zoneName.toUri() + " is not found in the database");
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]400 }
401
402 //first output the zone name
403 os << "; Zone " << zoneName.toUri() << std::endl << std::endl;
404
405 //second output all rrsets
406 std::vector<Rrset> rrsets = m_dbMgr.findRrsets(zone);
407
408 //set width for different columns
409 size_t labelWidth = 0;
410 size_t ttlWidth = 0;
411 size_t typeWidth = 0;
412 for (Rrset& rrset : rrsets) {
413 Data data(rrset.getData());
414 Response re;
415 Name hint;
416 re.fromData(hint, zoneName, data);
417
418 if (rrset.getLabel().toUri().size() > labelWidth)
419 labelWidth = rrset.getLabel().toUri().size();
420
421 std::stringstream seconds;
422 seconds << rrset.getTtl().count();
423 if (seconds.str().size() > ttlWidth)
424 ttlWidth = seconds.str().size();
425
426 if (rrset.getType().toUri().size() > typeWidth)
427 typeWidth = rrset.getType().toUri().size();
428 }
429
430 //output
431 for (Rrset& rrset : rrsets) {
432 Data data(rrset.getData());
433 Response re;
434 Name hint;
435 re.fromData(hint, zoneName, data);
436 int iteration = re.getNdnsType() == NDNS_RAW || re.getNdnsType() == NDNS_AUTH ?
437 1 : re.getRrs().size();
438 const std::vector<Block> &rrs = re.getRrs();
439
440 if (re.getNdnsType() != NDNS_RAW && re.getNdnsType() != NDNS_AUTH) {
441 os << "; rrset=" << rrset.getLabel().toUri()
442 << " type=" << rrset.getType().toUri()
443 << " version=" << rrset.getVersion().toUri()
444 << " signed-by=" << data.getSignature().getKeyLocator().getName().toUri()
445 << std::endl;
446 }
447
448 for (int i = 0; i < iteration; i++) {
449 os.setf(os.left);
450 os.width(labelWidth + 2);
451 os << rrset.getLabel().toUri();
452
453 os.width(ttlWidth + 2);
454 os << rrset.getTtl().count();
455
456 os.width(typeWidth + 2);
457 os << rrset.getType().toUri();
458
459 if (re.getNdnsType() != NDNS_RAW && re.getNdnsType() != NDNS_AUTH) {
460 using namespace CryptoPP;
461 if (rrset.getType() == label::TXT_RR_TYPE) {
462 os.write(reinterpret_cast<const char*>(rrs[i].value()), rrs[i].value_size());
463 os << std::endl;
464 }
465 else if (rrset.getType() == label::NS_RR_TYPE) {
466 //TODO output the NS data once we have it
467 os << std::endl;
468 }
469 else {
470 StringSource ss(rrs[i].wire(), rrs[i].size(), true,
471 new Base64Encoder(new FileSink(os), true, 64));
472 }
473 }
474 }
475
476 if (re.getNdnsType() == NDNS_RAW || re.getNdnsType() == NDNS_AUTH) {
477 os.width();
478 os << "; content-type=" << re.getNdnsType()
479 << " version=" << rrset.getVersion().toUri()
480 << " signed-by=" << data.getSignature().getKeyLocator().getName().toUri();
481 os << std::endl;
482
483 if (printRaw && re.getNdnsType() == NDNS_RAW) {
484 using namespace CryptoPP;
485 std::stringstream sstream;
486 StringSource ss(re.getAppContent().wire(), re.getAppContent().size(), true,
487 new Base64Encoder(new FileSink(sstream), true, 64));
488
489 std::string content = sstream.str();
490 std::string delimiter = "\n";
491 size_t pos = 0;
492 std::string token;
493 while ((pos = content.find(delimiter)) != std::string::npos) {
494 token = content.substr(0, pos);
495 os << "; " << token << std::endl;
496 content.erase(0, pos + delimiter.length());
497 }
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]498 }
Alexander Afanasyevd6b3bda2014-11-25 17:33:58 -0800[diff] [blame^]499 os << std::endl;
Jiewen Tan870b29b2014-11-17 19:09:49 -0800[diff] [blame]500 }
501 else {
502 os << std::endl;
503 }
504 }
505}
506
507void
508ManagementTool::listAllZones(std::ostream& os) {
509 std::vector<Zone> zones = m_dbMgr.listZones();
510
511 size_t nameWidth = 0;
512 for (const Zone& zone : zones) {
513 if (zone.getName().toUri().size() > nameWidth)
514 nameWidth = zone.getName().toUri().size();
515 }
516
517 for (const Zone& zone : zones) {
518 os.setf(os.left);
519 os.width(nameWidth + 2);
520 os << zone.getName().toUri();
521
522 os << "; default-ttl=" << zone.getTtl().count();
523 os << " default-key=" << m_keyChain.getDefaultKeyNameForIdentity(zone.getName());
524 os << " default-certificate="
525 << m_keyChain.getDefaultCertificateNameForIdentity(zone.getName());
526 os << std::endl;
527 }
528}
529
530void
531ManagementTool::removeRrSet(const Name& zoneName, const Name& label, const name::Component& type)
532{
533 Zone zone(zoneName);
534 Rrset rrset(&zone);
535 rrset.setLabel(label);
536 rrset.setType(type);
537
538 if (!m_dbMgr.find(rrset)) {
539 return;
540 }
541 NDNS_LOG_INFO("Remove rrset with zone-id: " << zone.getId() << " label: " << label << " type: "
542 << type);
543 m_dbMgr.remove(rrset);
544}
545
546void
547ManagementTool::getRrSet(const Name& zoneName,
548 const Name& label,
549 const name::Component& type,
550 std::ostream& os)
551{
552 Zone zone(zoneName);
553 Rrset rrset(&zone);
554 rrset.setLabel(label);
555 rrset.setType(type);
556
557 if (!m_dbMgr.find(rrset)) {
558 os << "No record is found" << std::endl;
559 return;
560 }
561
562 using namespace CryptoPP;
563 StringSource ss(rrset.getData().wire(), rrset.getData().size(), true,
564 new Base64Encoder(new FileSink(os), true, 64));
565}
566
567void
568ManagementTool::addIdCert(Zone& zone, shared_ptr<IdentityCertificate> cert,
569 const time::seconds& ttl)
570{
571 Rrset rrset(&zone);
572 size_t size = zone.getName().size();
573 Name label = cert->getName().getSubName(size + 1, cert->getName().size() - size - 3);
574 rrset.setLabel(label);
575 rrset.setType(label::CERT_RR_TYPE);
576 rrset.setTtl(ttl);
577 rrset.setVersion(cert->getName().get(-1));
578 rrset.setData(cert->wireEncode());
579
580 if (m_dbMgr.find(rrset)) {
581 throw Error("ID-CERT with label=" + label.toUri() +
582 " is already presented in local NDNS databse");
583 }
584 NDNS_LOG_INFO("Add rrset with zone-id: " << zone.getId() << " label: " << label << " type: "
585 << label::CERT_RR_TYPE);
586 m_dbMgr.insert(rrset);
587}
588
589void
590ManagementTool::addZone(Zone& zone)
591{
592 if (m_dbMgr.find(zone)) {
593 throw Error("Zone with Name=" + zone.getName().toUri() +
594 " is already presented in local NDNS databse");
595 }
596 NDNS_LOG_INFO("Add zone with Name: " << zone.getName().toUri());
597 m_dbMgr.insert(zone);
598}
599
600void
601ManagementTool::removeZone(Zone& zone)
602{
603 if (!m_dbMgr.find(zone)) {
604 return;
605 }
606 NDNS_LOG_INFO("Remove zone with Name: " << zone.getName().toUri());
607 m_dbMgr.remove(zone);
608}
609
610bool
611ManagementTool::matchCertificate(const Name& certName, const Name& identity)
612{
613 if (!m_keyChain.doesCertificateExist(certName)) {
614 NDNS_LOG_WARN(certName.toUri() << " is not presented in KeyChain");
615 return false;
616 }
617
618 //check its public key information
619 shared_ptr<IdentityCertificate> cert = m_keyChain.getCertificate(certName);
620 Name keyName = cert->getPublicKeyName();
621
622 if (!identity.isPrefixOf(keyName) || identity.size()!=keyName.size()-1) {
623 NDNS_LOG_WARN(keyName.toUri() << " is not a key of " << identity.toUri());
624 return false;
625 }
626
627 if (!m_keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE)) {
628 NDNS_LOG_WARN("Private key: " << keyName.toUri() << " is not presented in KeyChain");
629 return false;
630 }
631
632 return true;
633}
634
635} // namespace ndns
636} // namespace ndn