inline void
CommandInterestGenerator::generate(Interest& interest,
const Name& certificateName /*= Name()*/)
{
if (certificateName.empty())
m_keyChain.sign(interest);
else
m_keyChain.sign(interest,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_CERT,
certificateName));
}
void
CommandInterestGenerator::generate
(Interest& interest, KeyChain& keyChain, const Name& certificateName,
WireFormat& wireFormat)
{
MillisecondsSince1970 timestamp = ::round(ndn_getNowMilliseconds());
while (timestamp <= lastTimestamp_)
timestamp += 1.0;
// The timestamp is encoded as a TLV nonNegativeInteger.
TlvEncoder encoder(8);
encoder.writeNonNegativeInteger((uint64_t)timestamp);
interest.getName().append(Blob(encoder.finish()));
// The random value is a TLV nonNegativeInteger too, but we know it is 8 bytes,
// so we don't need to call the nonNegativeInteger encoder.
uint8_t randomBuffer[8];
ndn_Error error;
if ((error = CryptoLite::generateRandomBytes(randomBuffer, sizeof(randomBuffer))))
throw runtime_error(ndn_getErrorString(error));
interest.getName().append(randomBuffer, sizeof(randomBuffer));
keyChain.sign(interest, certificateName, wireFormat);
if (interest.getInterestLifetimeMilliseconds() < 0)
// The caller has not set the interest lifetime, so set it here.
interest.setInterestLifetimeMilliseconds(1000.0);
// We successfully signed the interest, so update the timestamp.
lastTimestamp_ = timestamp;
}
void
DummyClientFace::enableRegistrationReply()
{
onSendInterest.connect([this] (const Interest& interest) {
static const Name localhostRegistration("/localhost/nfd/rib");
if (!localhostRegistration.isPrefixOf(interest.getName()))
return;
nfd::ControlParameters params(interest.getName().get(-5).blockFromValue());
params.setFaceId(1);
params.setOrigin(0);
if (interest.getName().get(3) == name::Component("register")) {
params.setCost(0);
}
nfd::ControlResponse resp;
resp.setCode(200);
resp.setBody(params.wireEncode());
shared_ptr<Data> data = make_shared<Data>(interest.getName());
data->setContent(resp.wireEncode());
KeyChain keyChain;
keyChain.sign(*data, security::SigningInfo(security::SigningInfo::SIGNER_TYPE_SHA256));
this->getIoService().post([this, data] { this->receive(*data); });
});
}
void
CommandInterestGenerator::generate
(Interest& interest, KeyChain& keyChain, const Name& certificateName,
WireFormat& wireFormat)
{
prepareCommandInterestName(interest, wireFormat);
keyChain.sign(interest, certificateName, wireFormat);
if (interest.getInterestLifetimeMilliseconds() < 0)
// The caller has not set the interest lifetime, so set it here.
interest.setInterestLifetimeMilliseconds(1000.0);
}
void onHelloInterest(const InterestFilter& filter, const Interest& interest){
// std::cout <<"Received hello interest\n";
std::cout << "\n\n\n----------this is test No. " <<++count << "------\n"<< std::endl;
Name fileName(interest.getName());
int *content = new int[3];
content[0] = m_FileSize;
content[1] = m_SegmentSize;
content[2] = m_ContentSize;
fileBuffer = new char[m_FileSize];
shared_ptr<Data> data = make_shared<Data>();
data->setName(fileName);
data->setFreshnessPeriod(time::seconds(10));
data->setContent(reinterpret_cast<const uint8_t*>(content), 3 * sizeof(int));
m_keyChain.sign(*data);
// m_keyChain.signWithSha256(*data);
m_face.put(*data);
}
int
ndnsec_cert_gen(int argc, char** argv)
{
using boost::tokenizer;
using boost::escaped_list_separator;
using namespace ndn;
using namespace ndn::time;
namespace po = boost::program_options;
std::string notBeforeStr;
std::string notAfterStr;
std::string subjectName;
std::string requestFile("-");
std::string signId;
std::string subjectInfo;
std::string certPrefix;
bool hasSignId = false;
po::options_description description(
"General Usage\n"
" ndnsec cert-gen [-h] [-S date] [-E date] [-N subject-name] [-I subject-info] "
"[-s sign-id] [-p cert-prefix] request\n"
"General options");
description.add_options()
("help,h", "produce help message")
("not-before,S", po::value<std::string>(¬BeforeStr),
"certificate starting date, YYYYMMDDhhmmss")
("not-after,E", po::value<std::string>(¬AfterStr),
"certificate ending date, YYYYMMDDhhmmss")
("subject-name,N", po::value<std::string>(&subjectName),
"subject name")
("subject-info,I", po::value<std::string>(&subjectInfo),
"subject info, pairs of OID and string description: "
"\"2.5.4.10 'University of California, Los Angeles'\"")
("sign-id,s", po::value<std::string>(&signId),
"signing Identity, system default identity if not specified")
("cert-prefix,p", po::value<std::string>(&certPrefix),
"cert prefix, which is the part of certificate name before "
"KEY component")
("request,r", po::value<std::string>(&requestFile),
"request file name, - for stdin")
;
po::positional_options_description p;
p.add("request", 1);
po::variables_map vm;
try
{
po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
vm);
po::notify(vm);
}
catch (const std::exception& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
return 1;
}
if (vm.count("help") != 0)
{
std::cerr << description << std::endl;
return 0;
}
if (vm.count("sign-id") != 0)
{
hasSignId = true;
}
if (vm.count("subject-name") == 0)
{
std::cerr << "subject_name must be specified" << std::endl;
return 1;
}
std::vector<CertificateSubjectDescription> subjectDescription;
subjectDescription.push_back(CertificateSubjectDescription(oid::ATTRIBUTE_NAME, subjectName));
tokenizer<escaped_list_separator<char> > subjectInfoItems
(subjectInfo, escaped_list_separator<char>("\\", " \t", "'\""));
tokenizer<escaped_list_separator<char> >::iterator it =
subjectInfoItems.begin();
while (it != subjectInfoItems.end())
{
std::string oid = *it;
it++;
if (it == subjectInfoItems.end())
{
std::cerr << "ERROR: unmatched info for oid [" << oid << "]" << std::endl;
return 1;
}
std::string value = *it;
subjectDescription.push_back(CertificateSubjectDescription(OID(oid), value));
it++;
}
system_clock::TimePoint notBefore;
system_clock::TimePoint notAfter;
if (vm.count("not-before") == 0)
{
notBefore = system_clock::now();
}
else
{
notBefore = fromIsoString(notBeforeStr.substr(0, 8) + "T" +
notBeforeStr.substr(8, 6));
}
if (vm.count("not-after") == 0)
{
notAfter = notBefore + days(365);
}
else
{
notAfter = fromIsoString(notAfterStr.substr(0, 8) + "T" +
notAfterStr.substr(8, 6));
if (notAfter < notBefore)
{
std::cerr << "not-before is later than not-after" << std::endl;
return 1;
}
}
if (vm.count("request") == 0)
{
std::cerr << "request file must be specified" << std::endl;
return 1;
}
shared_ptr<IdentityCertificate> selfSignedCertificate
= getIdentityCertificate(requestFile);
if (!static_cast<bool>(selfSignedCertificate))
{
std::cerr << "ERROR: input error" << std::endl;
return 1;
}
KeyChain keyChain;
Name keyName = selfSignedCertificate->getPublicKeyName();
Name signIdName;
Name prefix(certPrefix);
if (!hasSignId)
signIdName = keyChain.getDefaultIdentity();
else
signIdName = Name(signId);
shared_ptr<IdentityCertificate> certificate =
keyChain.prepareUnsignedIdentityCertificate(keyName, selfSignedCertificate->getPublicKeyInfo(),
signIdName, notBefore, notAfter,
subjectDescription, prefix);
if (!static_cast<bool>(certificate))
{
std::cerr << "ERROR: key name is not formated correctly or does not match certificate name."
<< std::endl;
return 1;
}
keyChain.createIdentity(signIdName);
Name signingCertificateName = keyChain.getDefaultCertificateNameForIdentity(signIdName);
keyChain.sign(*certificate, signingCertificateName);
Block wire = certificate->wireEncode();
try
{
using namespace CryptoPP;
StringSource ss(wire.wire(), wire.size(), true,
new Base64Encoder(new FileSink(std::cout), true, 64));
}
catch (const CryptoPP::Exception& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
return 1;
}
return 0;
}
int
ndnsec_cert_gen(int argc, char** argv)
{
using boost::tokenizer;
using boost::escaped_list_separator;
using namespace ndn;
using namespace ndn::time;
namespace po = boost::program_options;
std::string notBeforeStr;
std::string notAfterStr;
std::string subjectName;
std::string requestFile("-");
std::string signId;
std::string subjectInfo;
bool hasSignId = false;
bool isNack = false;
po::options_description description("General Usage\n ndnsec cert-gen [-h] [-S date] [-E date] [-N subject-name] [-I subject-info] [-s sign-id] request\nGeneral options");
description.add_options()
("help,h", "produce help message")
("not-before,S", po::value<std::string>(¬BeforeStr), "certificate starting date, YYYYMMDDhhmmss")
("not-after,E", po::value<std::string>(¬AfterStr), "certificate ending date, YYYYMMDDhhmmss")
("subject-name,N", po::value<std::string>(&subjectName), "subject name")
("subject-info,I", po::value<std::string>(&subjectInfo), "subject info, pairs of OID and string description: \"2.5.4.10 'University of California, Los Angeles'\"")
("nack", "Generate revocation certificate (NACK)")
("sign-id,s", po::value<std::string>(&signId), "signing Identity, system default identity if not specified")
("request,r", po::value<std::string>(&requestFile), "request file name, - for stdin")
;
po::positional_options_description p;
p.add("request", 1);
po::variables_map vm;
try
{
po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
vm);
po::notify(vm);
}
catch (const std::exception& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
return 1;
}
if (vm.count("help") != 0)
{
std::cerr << description << std::endl;
return 0;
}
if (vm.count("sign-id") != 0)
{
hasSignId = true;
}
if (vm.count("nack") != 0)
{
isNack = true;
}
std::vector<CertificateSubjectDescription> otherSubDescrypt;
tokenizer<escaped_list_separator<char> > subjectInfoItems
(subjectInfo, escaped_list_separator<char> ("\\", " \t", "'\""));
tokenizer<escaped_list_separator<char> >::iterator it =
subjectInfoItems.begin();
while (it != subjectInfoItems.end())
{
std::string oid = *it;
it++;
if (it == subjectInfoItems.end())
{
std::cerr << "ERROR: unmatched info for oid [" << oid << "]" << std::endl;
return 1;
}
std::string value = *it;
otherSubDescrypt.push_back(CertificateSubjectDescription(oid, value));
it++;
}
system_clock::TimePoint notBefore;
system_clock::TimePoint notAfter;
if (vm.count("not-before") == 0)
{
notBefore = system_clock::now();
}
else
{
notBefore = fromIsoString(notBeforeStr.substr(0, 8) + "T" +
notBeforeStr.substr(8, 6));
}
if (vm.count("not-after") == 0)
{
notAfter = notBefore + days(365);
}
else
{
notAfter = fromIsoString(notAfterStr.substr(0, 8) + "T" +
notAfterStr.substr(8, 6));
if (notAfter < notBefore)
{
std::cerr << "not-before is later than not-after" << std::endl;
return 1;
}
}
if (vm.count("request") == 0)
{
std::cerr << "request file must be specified" << std::endl;
return 1;
}
shared_ptr<IdentityCertificate> selfSignedCertificate
= getIdentityCertificate(requestFile);
if (!static_cast<bool>(selfSignedCertificate))
{
std::cerr << "ERROR: input error" << std::endl;
return 1;
}
KeyChain keyChain;
Name keyName = selfSignedCertificate->getPublicKeyName();
Name signIdName;
Name certName;
if (!hasSignId)
signIdName = keyChain.getDefaultIdentity();
else
signIdName = Name(signId);
if (signIdName.isPrefixOf(keyName))
{
// if signee's namespace is a sub-namespace of signer, for example, signer's namespace is
// /ndn/test, signee's namespace is /ndn/test/alice, the generated certificate name is
// /ndn/test/KEY/alice/ksk-1234/ID-CERT/%01%02
certName.append(signIdName)
.append("KEY")
.append(keyName.getSubName(signIdName.size()))
.append("ID-CERT")
.appendVersion();
}
else
{
// if signee's namespace is not a sub-namespace of signer, for example, signer's namespace is
// /ndn/test, signee's namespace is /ndn/ucla/bob, the generated certificate name is
// /ndn/ucla/bob/KEY/ksk-1234/ID-CERT/%01%02
certName.append(keyName.getPrefix(-1))
.append("KEY")
.append(keyName.get(-1))
.append("ID-CERT")
.appendVersion();
}
Block wire;
if (!isNack)
{
if (vm.count("subject-name") == 0)
{
std::cerr << "subject_name must be specified" << std::endl;
return 1;
}
CertificateSubjectDescription subDescryptName("2.5.4.41", subjectName);
IdentityCertificate certificate;
certificate.setName(certName);
certificate.setNotBefore(notBefore);
certificate.setNotAfter(notAfter);
certificate.setPublicKeyInfo(selfSignedCertificate->getPublicKeyInfo());
certificate.addSubjectDescription(subDescryptName);
for (size_t i = 0; i < otherSubDescrypt.size(); i++)
certificate.addSubjectDescription(otherSubDescrypt[i]);
certificate.encode();
keyChain.createIdentity(signIdName);
Name signingCertificateName = keyChain.getDefaultCertificateNameForIdentity(signIdName);
keyChain.sign(certificate, signingCertificateName);
wire = certificate.wireEncode();
}
else
{
Data revocationCert;
// revocationCert.setContent(void*, 0); // empty content
revocationCert.setName(certName);
keyChain.createIdentity(signIdName);
Name signingCertificateName = keyChain.getDefaultCertificateNameForIdentity(signIdName);
keyChain.sign(revocationCert, signingCertificateName);
wire = revocationCert.wireEncode();
}
try
{
using namespace CryptoPP;
StringSource ss(wire.wire(), wire.size(), true,
new Base64Encoder(new FileSink(std::cout), true, 64));
}
catch (const CryptoPP::Exception& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
return 1;
}
return 0;
}
/**
* Loop to encode a data packet nIterations times using C++.
* @param nIterations The number of iterations.
* @param useComplex If true, use a large name, large content and all fields. If false, use a small name, small content
* and only required fields.
* @param useCrypto If true, sign the data packet. If false, use a blank signature.
* @param encoding Set this to the wire encoding.
* @return The number of seconds for all iterations.
*/
static double
benchmarkEncodeDataSecondsCpp(int nIterations, bool useComplex, bool useCrypto, Blob& encoding)
{
Name name;
Blob content;
if (useComplex) {
// Use a large name and content.
name = Name("/ndn/ucla.edu/apps/lwndn-test/numbers.txt/%FD%05%05%E8%0C%CE%1D/%00");
ostringstream contentStream;
int count = 1;
contentStream << (count++);
while (contentStream.str().length() < 1115)
contentStream << " " << (count++);
content = Blob((uint8_t*)contentStream.str().c_str(), contentStream.str().length());
}
else {
// Use a small name and content.
name = Name("/test");
content = Blob((uint8_t*)"abc", 3);
}
Blob finalBlockId((uint8_t*)"\x00", 1);
// Initialize the KeyChain storage in case useCrypto is true.
ptr_lib::shared_ptr<MemoryIdentityStorage> identityStorage(new MemoryIdentityStorage());
ptr_lib::shared_ptr<MemoryPrivateKeyStorage> privateKeyStorage(new MemoryPrivateKeyStorage());
KeyChain keyChain
(ptr_lib::make_shared<IdentityManager>(identityStorage, privateKeyStorage),
ptr_lib::make_shared<SelfVerifyPolicyManager>(identityStorage.get()));
Name keyName("/testname/DSK-123");
Name certificateName = keyName.getSubName(0, keyName.size() - 1).append("KEY").append
(keyName.get(keyName.size() - 1)).append("ID-CERT").append("0");
privateKeyStorage->setKeyPairForKeyName
(keyName, KEY_TYPE_RSA, DEFAULT_RSA_PUBLIC_KEY_DER,
sizeof(DEFAULT_RSA_PUBLIC_KEY_DER), DEFAULT_RSA_PRIVATE_KEY_DER,
sizeof(DEFAULT_RSA_PRIVATE_KEY_DER));
uint8_t signatureBitsArray[256];
memset(signatureBitsArray, 0, sizeof(signatureBitsArray));
Blob signatureBits(signatureBitsArray, sizeof(signatureBitsArray));
double start = getNowSeconds();
for (int i = 0; i < nIterations; ++i) {
Data data(name);
data.setContent(content);
if (useComplex) {
data.getMetaInfo().setFreshnessPeriod(1000);
data.getMetaInfo().setFinalBlockId(finalBlockId);
}
if (useCrypto)
// This sets the signature fields.
keyChain.sign(data, certificateName);
else {
// Imitate IdentityManager::signByCertificate to set up the signature fields, but don't sign.
KeyLocator keyLocator;
keyLocator.setType(ndn_KeyLocatorType_KEYNAME);
keyLocator.setKeyName(certificateName);
Sha256WithRsaSignature* sha256Signature = (Sha256WithRsaSignature*)data.getSignature();
sha256Signature->setKeyLocator(keyLocator);
sha256Signature->setSignature(signatureBits);
}
encoding = data.wireEncode();
}
double finish = getNowSeconds();
return finish - start;
}
int
ndnsec_op_tool(int argc, char** argv)
{
using namespace ndn;
namespace po = boost::program_options;
std::string command;
po::options_description description("General options");
description.add_options()
("help,h", "produce this help message")
("command", po::value<std::string>(&command), "command")
;
po::positional_options_description p;
p.add("command", 1);
po::variables_map vm;
try
{
po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
vm);
po::notify(vm);
}
catch (const std::exception& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
std::cerr << description << std::endl;
return -1;
}
if (vm.count("help") != 0)
{
std::cerr << description << std::endl;
return 0;
}
if (vm.count("command") == 0)
{
std::cerr << "command must be specified" << std::endl;
std::cerr << description << std::endl;
return 1;
}
if (command == "sign") // the content to be signed from stdin
{
KeyChain keyChain;
Buffer dataToSign((istreambuf_iterator<char>(cin)), istreambuf_iterator<char>());
Block value = keyChain.sign(dataToSign.buf(), dataToSign.size(),
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_CERT,
keyChain.getDefaultCertificateName()));
if (value.value_size() == 0)
{
std::cerr << "Error signing with default key" << std::endl;
return -1;
}
std::cout.write(reinterpret_cast<const char*>(value.wire()), value.size());
}
return 0;
}
inline void
CommandInterestGenerator::generateWithIdentity(Interest& interest, const Name& identity)
{
m_keyChain.sign(interest,
security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID, identity));
}