Name IdentityCertificate::certificateNameToPublicKeyName(const Name& certificateName) { int i = certificateName.size() - 1; string idString("ID-CERT"); bool foundIdString = false; for (; i >= 0; i--) { if (certificateName.get(i).toEscapedString() == idString) { foundIdString = true; break; } } if(!foundIdString) throw Error("Incorrect identity certificate name " + certificateName.toUri()); Name tmpName = certificateName.getSubName(0, i); string keyString("KEY"); bool foundKeyString = false; for (i = 0; i < tmpName.size(); i++) { if (tmpName.get(i).toEscapedString() == keyString) { foundKeyString = true; break; } } if(!foundKeyString) throw Error("Incorrect identity certificate name " + certificateName.toUri()); return tmpName.getSubName(0, i).append(tmpName.getSubName(i + 1, tmpName.size() - i - 1)); }
ActionItemPtr ActionLog::AddRemoteAction(shared_ptr<Data> actionData) { Name name = actionData->getName(); // action name: /<device_name>/<appname>/action/<shared-folder>/<action-seq> uint64_t seqno = name.get(-1).toNumber(); std::string sharedFolder = name.get(-2).toUri(); if (sharedFolder != m_sharedFolderName) { _LOG_ERROR("Action doesn't belong to this shared folder"); return ActionItemPtr(); } if (name.get(-3).toUri() != "action") { _LOG_ERROR("not an action"); return ActionItemPtr(); } if (name.get(-4) != m_appName) { _LOG_ERROR("Action doesn't belong to this application"); return ActionItemPtr(); } Name deviceName = name.getSubName(0, name.size() - 4); _LOG_DEBUG("From [" << name << "] extracted deviceName: " << deviceName << ", sharedFolder: " << sharedFolder << ", seqno: " << seqno); return AddRemoteAction(deviceName, seqno, actionData); }
inline size_t calculateSkip(const Name& name, const Name& hint, const Name& zone) { size_t skip = 0; if (!hint.empty()) { // These are only asserts. The caller should supply the right parameters skip = hint.size() + 1 + zone.size(); BOOST_ASSERT(name.size() > skip); BOOST_ASSERT(name.getPrefix(hint.size()) == hint); BOOST_ASSERT(name.get(hint.size()) == FORWARDING_HINT_LABEL); BOOST_ASSERT(name.getSubName(hint.size() + 1, zone.size()) == zone); } else { skip = zone.size(); BOOST_ASSERT(name.size() > skip); BOOST_ASSERT(name.getPrefix(zone.size()) == zone); } BOOST_ASSERT(name.get(skip) == NDNS_ITERATIVE_QUERY || name.get(skip) == NDNS_CERT_QUERY); ++skip; return skip; }
bool InterestFilter::doesMatch(const Name& name) const { if (name.size() < prefix_.size()) return false; if (hasRegexFilter()) { #if NDN_CPP_HAVE_REGEX_LIB // Perform a prefix match and regular expression match for the remaining // components. if (!prefix_.match(name)) return false; return regex_lib::sregex_iterator() != NdnRegexMatcher (regexFilterPattern_, name.getSubName(prefix_.size())).iterator; #else // We should not reach this point because the constructors for regexFilter // don't compile. throw runtime_error("InterestFilter::regexFilter is not supported"); #endif } else // Just perform a prefix match. return prefix_.match(name); }
void setNameComponent(Name& name, ssize_t index, const A& ...a) { Name name2 = name.getPrefix(index); name2.append(name::Component(a...)); name2.append(name.getSubName(name2.size())); name = name2; }
Strategy::ParsedInstanceName Strategy::parseInstanceName(const Name& input) { for (ssize_t i = input.size() - 1; i > 0; --i) { if (input[i].isVersion()) { return {input.getPrefix(i + 1), input[i].toVersion(), input.getSubName(i + 1)}; } } return {input, nullopt, PartialName()}; }
Name IdentityCertificate::certificateNameToPublicKeyName(const Name& certificateName) { int i = certificateName.size() - 1; string idString("ID-CERT"); for (; i >= 0; i--) { if (certificateName.get(i).toEscapedString() == idString) break; } Name tmpName = certificateName.getSubName(0, i); string keyString("KEY"); for (i = 0; i < tmpName.size(); i++) { if (tmpName.get(i).toEscapedString() == keyString) break; } return tmpName.getSubName(0, i).append(tmpName.getSubName(i + 1, tmpName.size() - i - 1)); }
Name IdentityManager::getKeyNameFromCertificatePrefix(const Name & certificatePrefix) { Name result; string keyString("KEY"); int i = 0; for(; i < certificatePrefix.size(); i++) { if (certificatePrefix.get(i).toEscapedString() == keyString) break; } if (i >= certificatePrefix.size()) throw SecurityException("Identity Certificate Prefix does not have a KEY component"); result.append(certificatePrefix.getSubName(0, i)); result.append(certificatePrefix.getSubName(i + 1, certificatePrefix.size()-i-1)); return result; }
void MemoryIdentityStorage::addKey(const Name& keyName, KeyType keyType, const Blob& publicKeyDer) { Name identityName = keyName.getSubName(0, keyName.size() - 1); addIdentity(identityName); if (doesKeyExist(keyName)) throw SecurityException("a key with the same name already exists!"); keyStore_[keyName.toUri()] = ptr_lib::make_shared<KeyRecord>(keyType, publicKeyDer); }
bool NameComponents::extractInfo(const ndn::Name& name, NamespaceInfo& info) { bool goodName = false; static Name ndnrtcSubName(NameComponents::NameComponentApp); Name subName; int i; for (i = name.size()-2; i > 0 && !goodName; --i) { subName = name.getSubName(i); goodName = ndnrtcSubName.match(subName); } if (goodName) { info.basePrefix_ = name.getSubName(0, i+1); if ((goodName = subName[1].isVersion())) { info.apiVersion_ = subName[1].toVersion(); if (subName.size() > 2 && (goodName = (subName[2] == Name::Component(NameComponents::NameComponentAudio) || subName[2] == Name::Component(NameComponents::NameComponentVideo))) ) { info.streamType_ = (subName[2] == Name::Component(NameComponents::NameComponentAudio) ? MediaStreamParams::MediaStreamType::MediaStreamTypeAudio : MediaStreamParams::MediaStreamType::MediaStreamTypeVideo ); if (info.streamType_ == MediaStreamParams::MediaStreamType::MediaStreamTypeAudio) return extractAudioStreamInfo(subName.getSubName(3), info); else return extractVideoStreamInfo(subName.getSubName(3), info); } } } return false; }
void SecPublicInfoMemory::addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey) { Name identityName = keyName.getSubName(0, keyName.size() - 1); if (!doesIdentityExist(identityName)) addIdentity(identityName); if (doesPublicKeyExist(keyName)) throw Error("a key with the same name already exists!"); keyStore_[keyName.toUri()] = ptr_lib::make_shared<KeyRecord>(keyType, publicKey); }
Name IdentityCertificate::certificateNameToPublicKeyName(const Name& certificateName) { string idString("ID-CERT"); bool foundIdString = false; size_t idCertComponentIndex = certificateName.size() - 1; for (; idCertComponentIndex + 1 > 0; --idCertComponentIndex) { if (certificateName.get(idCertComponentIndex).toUri() == idString) { foundIdString = true; break; } } if (!foundIdString) throw Error("Incorrect identity certificate name " + certificateName.toUri()); Name tmpName = certificateName.getSubName(0, idCertComponentIndex); string keyString("KEY"); bool foundKeyString = false; size_t keyComponentIndex = 0; for (; keyComponentIndex < tmpName.size(); keyComponentIndex++) { if (tmpName.get(keyComponentIndex).toUri() == keyString) { foundKeyString = true; break; } } if (!foundKeyString) throw Error("Incorrect identity certificate name " + certificateName.toUri()); return tmpName .getSubName(0, keyComponentIndex) .append(tmpName.getSubName(keyComponentIndex + 1, tmpName.size() - keyComponentIndex - 1)); }
int ndnsec_cert_gen(int argc, char** argv) { using boost::tokenizer; using boost::escaped_list_separator; using namespace ndn; using namespace ndn::time; namespace po = boost::program_options; std::string notBeforeStr; std::string notAfterStr; std::string subjectName; std::string requestFile("-"); std::string signId; std::string subjectInfo; bool hasSignId = false; bool isNack = false; po::options_description description("General Usage\n ndnsec cert-gen [-h] [-S date] [-E date] [-N subject-name] [-I subject-info] [-s sign-id] request\nGeneral options"); description.add_options() ("help,h", "produce help message") ("not-before,S", po::value<std::string>(¬BeforeStr), "certificate starting date, YYYYMMDDhhmmss") ("not-after,E", po::value<std::string>(¬AfterStr), "certificate ending date, YYYYMMDDhhmmss") ("subject-name,N", po::value<std::string>(&subjectName), "subject name") ("subject-info,I", po::value<std::string>(&subjectInfo), "subject info, pairs of OID and string description: \"2.5.4.10 'University of California, Los Angeles'\"") ("nack", "Generate revocation certificate (NACK)") ("sign-id,s", po::value<std::string>(&signId), "signing Identity, system default identity if not specified") ("request,r", po::value<std::string>(&requestFile), "request file name, - for stdin") ; po::positional_options_description p; p.add("request", 1); po::variables_map vm; try { po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(), vm); po::notify(vm); } catch (const std::exception& e) { std::cerr << "ERROR: " << e.what() << std::endl; return 1; } if (vm.count("help") != 0) { std::cerr << description << std::endl; return 0; } if (vm.count("sign-id") != 0) { hasSignId = true; } if (vm.count("nack") != 0) { isNack = true; } std::vector<CertificateSubjectDescription> otherSubDescrypt; tokenizer<escaped_list_separator<char> > subjectInfoItems (subjectInfo, escaped_list_separator<char> ("\\", " \t", "'\"")); tokenizer<escaped_list_separator<char> >::iterator it = subjectInfoItems.begin(); while (it != subjectInfoItems.end()) { std::string oid = *it; it++; if (it == subjectInfoItems.end()) { std::cerr << "ERROR: unmatched info for oid [" << oid << "]" << std::endl; return 1; } std::string value = *it; otherSubDescrypt.push_back(CertificateSubjectDescription(oid, value)); it++; } system_clock::TimePoint notBefore; system_clock::TimePoint notAfter; if (vm.count("not-before") == 0) { notBefore = system_clock::now(); } else { notBefore = fromIsoString(notBeforeStr.substr(0, 8) + "T" + notBeforeStr.substr(8, 6)); } if (vm.count("not-after") == 0) { notAfter = notBefore + days(365); } else { notAfter = fromIsoString(notAfterStr.substr(0, 8) + "T" + notAfterStr.substr(8, 6)); if (notAfter < notBefore) { std::cerr << "not-before is later than not-after" << std::endl; return 1; } } if (vm.count("request") == 0) { std::cerr << "request file must be specified" << std::endl; return 1; } shared_ptr<IdentityCertificate> selfSignedCertificate = getIdentityCertificate(requestFile); if (!static_cast<bool>(selfSignedCertificate)) { std::cerr << "ERROR: input error" << std::endl; return 1; } KeyChain keyChain; Name keyName = selfSignedCertificate->getPublicKeyName(); Name signIdName; Name certName; if (!hasSignId) signIdName = keyChain.getDefaultIdentity(); else signIdName = Name(signId); if (signIdName.isPrefixOf(keyName)) { // if signee's namespace is a sub-namespace of signer, for example, signer's namespace is // /ndn/test, signee's namespace is /ndn/test/alice, the generated certificate name is // /ndn/test/KEY/alice/ksk-1234/ID-CERT/%01%02 certName.append(signIdName) .append("KEY") .append(keyName.getSubName(signIdName.size())) .append("ID-CERT") .appendVersion(); } else { // if signee's namespace is not a sub-namespace of signer, for example, signer's namespace is // /ndn/test, signee's namespace is /ndn/ucla/bob, the generated certificate name is // /ndn/ucla/bob/KEY/ksk-1234/ID-CERT/%01%02 certName.append(keyName.getPrefix(-1)) .append("KEY") .append(keyName.get(-1)) .append("ID-CERT") .appendVersion(); } Block wire; if (!isNack) { if (vm.count("subject-name") == 0) { std::cerr << "subject_name must be specified" << std::endl; return 1; } CertificateSubjectDescription subDescryptName("2.5.4.41", subjectName); IdentityCertificate certificate; certificate.setName(certName); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); certificate.setPublicKeyInfo(selfSignedCertificate->getPublicKeyInfo()); certificate.addSubjectDescription(subDescryptName); for (size_t i = 0; i < otherSubDescrypt.size(); i++) certificate.addSubjectDescription(otherSubDescrypt[i]); certificate.encode(); keyChain.createIdentity(signIdName); Name signingCertificateName = keyChain.getDefaultCertificateNameForIdentity(signIdName); keyChain.sign(certificate, signingCertificateName); wire = certificate.wireEncode(); } else { Data revocationCert; // revocationCert.setContent(void*, 0); // empty content revocationCert.setName(certName); keyChain.createIdentity(signIdName); Name signingCertificateName = keyChain.getDefaultCertificateNameForIdentity(signIdName); keyChain.sign(revocationCert, signingCertificateName); wire = revocationCert.wireEncode(); } try { using namespace CryptoPP; StringSource ss(wire.wire(), wire.size(), true, new Base64Encoder(new FileSink(std::cout), true, 64)); } catch (const CryptoPP::Exception& e) { std::cerr << "ERROR: " << e.what() << std::endl; return 1; } return 0; }