bool checkRelation(const Relation& relation, const Name& name1, const Name& name2) { switch (relation) { case RELATION_EQUAL: return (name1 == name2); case RELATION_IS_PREFIX_OF: return name1.isPrefixOf(name2); case RELATION_IS_STRICT_PREFIX_OF: return (name1.isPrefixOf(name2) && name1 != name2); default: return false; } }
void DummyClientFace::enableRegistrationReply() { onSendInterest.connect([this] (const Interest& interest) { static const Name localhostRegistration("/localhost/nfd/rib"); if (!localhostRegistration.isPrefixOf(interest.getName())) return; nfd::ControlParameters params(interest.getName().get(-5).blockFromValue()); params.setFaceId(1); params.setOrigin(0); if (interest.getName().get(3) == name::Component("register")) { params.setCost(0); } nfd::ControlResponse resp; resp.setCode(200); resp.setBody(params.wireEncode()); shared_ptr<Data> data = make_shared<Data>(interest.getName()); data->setContent(resp.wireEncode()); m_keyChain.sign(*data, security::SigningInfo(security::SigningInfo::SIGNER_TYPE_SHA256)); this->getIoService().post([this, data] { this->receive(*data); }); }); }
void AutoPrefixPropagator::afterInsertRibEntry(const Name& prefix) { if (LOCAL_REGISTRATION_PREFIX.isPrefixOf(prefix)) { NFD_LOG_INFO("local registration only for " << prefix); return; } if (prefix == LINK_LOCAL_NFD_PREFIX) { NFD_LOG_INFO("this is a prefix registered by some hub: " << prefix); m_hasConnectedHub = true; return afterHubConnect(); } auto propagateParameters = getPrefixPropagationParameters(prefix); if (!propagateParameters.isValid) { NFD_LOG_INFO("no signing identity available for: " << prefix); return; } auto entryIt = m_propagatedEntries.find(propagateParameters.parameters.getName()); if (entryIt != m_propagatedEntries.end()) { // in addition to PROPAGATED and PROPAGATE_FAIL, the state may also be NEW, // if its propagation was suspended because there was no connectivity to the Hub. NFD_LOG_INFO("prefix has already been propagated: " << propagateParameters.parameters.getName()); return; } afterRibInsert(propagateParameters.parameters, propagateParameters.options); }
AutoPrefixPropagator::PrefixPropagationParameters AutoPrefixPropagator::getPrefixPropagationParameters(const Name& localRibPrefix) { // get all identities from the KeyChain std::vector<Name> identities; m_keyChain.getAllIdentities(identities, false); // get all except the default identities.push_back(m_keyChain.getDefaultIdentity()); // get the default // shortest prefix matching to all identies. Name propagatedPrefix, signingIdentity; bool isFound = false; for (auto&& i : identities) { Name prefix = !i.empty() && IGNORE_COMMPONENT == i.at(-1) ? i.getPrefix(-1) : i; if (prefix.isPrefixOf(localRibPrefix) && (!isFound || i.size() < signingIdentity.size())) { isFound = true; propagatedPrefix = prefix; signingIdentity = i; } } PrefixPropagationParameters propagateParameters; if (!isFound) { propagateParameters.isValid = false; } else { propagateParameters.isValid = true; propagateParameters.parameters = m_controlParameters; propagateParameters.options = m_commandOptions; propagateParameters.parameters.setName(propagatedPrefix); propagateParameters.options.setSigningInfo(signingByIdentity(signingIdentity)); } return propagateParameters; }
BOOST_FIXTURE_TEST_CASE(EcdsaSigningByIdentityNoCert, IdentityManagementFixture) { Data data("/test/data"); Name nonExistingIdentity = Name("/non-existing/identity").appendVersion(); BOOST_CHECK_NO_THROW(m_keyChain.sign(data, signingByIdentity(nonExistingIdentity))); BOOST_CHECK_EQUAL(data.getSignature().getType(), KeyChain::getSignatureType(KeyChain::DEFAULT_KEY_PARAMS.getKeyType(), DigestAlgorithm::SHA256)); BOOST_CHECK(nonExistingIdentity.isPrefixOf(data.getSignature().getKeyLocator().getName())); Name ecdsaIdentity = Name("/ndn/test/ecdsa").appendVersion(); Name ecdsaKeyName = m_keyChain.generateEcdsaKeyPairAsDefault(ecdsaIdentity, false, 256); BOOST_CHECK_NO_THROW(m_keyChain.sign(data, signingByIdentity(ecdsaIdentity))); BOOST_CHECK_EQUAL(data.getSignature().getType(), KeyChain::getSignatureType(EcdsaKeyParams().getKeyType(), DigestAlgorithm::SHA256)); BOOST_CHECK(ecdsaIdentity.isPrefixOf(data.getSignature().getKeyLocator().getName())); }
std::list<shared_ptr<RibEntry>> Rib::findDescendantsForNonInsertedName(const Name& prefix) const { std::list<shared_ptr<RibEntry>> children; for (std::pair<Name, shared_ptr<RibEntry>> pair : m_rib) { if (prefix.isPrefixOf(pair.first)) { children.push_back(pair.second); } } return children; }
void OnInterest( shared_ptr< const Interest> interest ) override { static VerifierProducer verifier; static Name prefix( "ndn/internal/verify-tag" ); App::OnInterest( interest ); if( prefix.isPrefixOf( interest->getName() ) ) { auto data = verifier.makeData( interest ); if( data != NULL ) m_face->onReceiveData( *data ); } };
std::pair<int64_t,Name> Index::findFirstEntry(const Name& prefix, IndexContainer::const_iterator startingPoint) const { BOOST_ASSERT(startingPoint != m_indexContainer.end()); if (prefix.isPrefixOf(startingPoint->getName())) { return std::make_pair(startingPoint->getId(), startingPoint->getName()); } else { return std::make_pair(0, Name()); } }
shared_ptr<fw::Strategy> StrategyChoice::getStrategy(const Name& strategyName) const { shared_ptr<fw::Strategy> candidate; for (StrategyInstanceTable::const_iterator it = m_strategyInstances.lower_bound(strategyName); it != m_strategyInstances.end() && strategyName.isPrefixOf(it->first); ++it) { switch (it->first.size() - strategyName.size()) { case 0: // exact match return it->second; case 1: // unversioned strategyName matches versioned strategy candidate = it->second; break; } } return candidate; }
shared_ptr<const Data> InMemoryStorage::find(const Name& name) { auto it = m_cache.get<byFullName>().lower_bound(name); // if not found, return null if (it == m_cache.get<byFullName>().end()) { return nullptr; } // if the given name is not the prefix of the lower_bound, return null if (!name.isPrefixOf((*it)->getFullName())) { return nullptr; } afterAccess(*it); return ((*it)->getData()).shared_from_this(); }
std::list<shared_ptr<RibEntry> > Rib::findDescendants(const Name& prefix) const { std::list<shared_ptr<RibEntry> > children; RibTable::const_iterator it = m_rib.find(prefix); if (it != m_rib.end()) { ++it; for (; it != m_rib.end(); ++it) { if (prefix.isPrefixOf(it->first)) { children.push_back((it->second)); } else { break; } } } return children; }
void AutoPrefixPropagator::afterEraseRibEntry(const Name& prefix) { if (LOCAL_REGISTRATION_PREFIX.isPrefixOf(prefix)) { NFD_LOG_INFO("local unregistration only for " << prefix); return; } if (prefix == LINK_LOCAL_NFD_PREFIX) { NFD_LOG_INFO("disconnected to hub with prefix: " << prefix); m_hasConnectedHub = false; return afterHubDisconnect(); } auto propagateParameters = getPrefixPropagationParameters(prefix); if (!propagateParameters.isValid) { NFD_LOG_INFO("no signing identity available for: " << prefix); return; } auto entryIt = m_propagatedEntries.find(propagateParameters.parameters.getName()); if (entryIt == m_propagatedEntries.end()) { NFD_LOG_INFO("prefix has not been propagated yet: " << propagateParameters.parameters.getName()); return; } for (auto&& ribTableEntry : m_rib) { if (propagateParameters.parameters.getName().isPrefixOf(ribTableEntry.first) && propagateParameters.options.getSigningInfo().getSignerName() == getPrefixPropagationParameters(ribTableEntry.first) .options.getSigningInfo().getSignerName()) { NFD_LOG_INFO("should be kept for another RIB entry: " << ribTableEntry.first); return; } } afterRibErase(propagateParameters.parameters.unsetCost(), propagateParameters.options); }
bool ManagementTool::matchCertificate(const Name& certName, const Name& identity) { if (!m_keyChain.doesCertificateExist(certName)) { NDNS_LOG_WARN(certName.toUri() << " is not presented in KeyChain"); return false; } //check its public key information shared_ptr<IdentityCertificate> cert = m_keyChain.getCertificate(certName); Name keyName = cert->getPublicKeyName(); if (!identity.isPrefixOf(keyName) || identity.size()!=keyName.size()-1) { NDNS_LOG_WARN(keyName.toUri() << " is not a key of " << identity.toUri()); return false; } if (!m_keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE)) { NDNS_LOG_WARN("Private key: " << keyName.toUri() << " is not presented in KeyChain"); return false; } return true; }
void InMemoryStorage::erase(const Name& prefix, const bool isPrefix) { if (isPrefix) { auto it = m_cache.get<byFullName>().lower_bound(prefix); while (it != m_cache.get<byFullName>().end() && prefix.isPrefixOf((*it)->getName())) { // let derived class do something with the entry beforeErase(*it); it = freeEntry(it); } } else { auto it = m_cache.get<byFullName>().find(prefix); if (it == m_cache.get<byFullName>().end()) return; // let derived class do something with the entry beforeErase(*it); freeEntry(it); } if (m_freeEntries.size() > (2 * size())) setCapacity(getCapacity() / 2); }
void RemoteRegistrator::unregisterPrefix(const Name& prefix) { if (prefix == REMOTE_HUB_PREFIX) { NFD_LOG_INFO("disconnected to hub with prefix: " << prefix); // for phase 1: suppose there is at most one hub connected. // if the hub prefix has been unregistered locally, there may // be no connected hub. m_hasConnectedHub = false; clearRefreshEvents(); return; } if (!m_hasConnectedHub) { NFD_LOG_INFO("no hub connected when unregistering " << prefix); return; } std::pair<Name, size_t> identity = findIdentityForRegistration(prefix); if (0 == identity.second) { NFD_LOG_INFO("no proper identity found for unregistering " << prefix); return; } Name prefixForRegistration; if (identity.first.size() == identity.second) { prefixForRegistration = identity.first; } else { prefixForRegistration = identity.first.getPrefix(-1); } RegisteredEntryIt iRegEntry = m_regEntries.find(prefixForRegistration); if (m_regEntries.end() == iRegEntry) { NFD_LOG_INFO("no existing entry found when unregistering " << prefix); return; } for (auto&& entry : m_rib) { if (prefixForRegistration.isPrefixOf(entry.first) && findIdentityForRegistration(entry.first) == identity) { NFD_LOG_INFO("this identity should be kept for other rib entry: " << entry.first); return; } } scheduler::cancel(iRegEntry->second); m_regEntries.erase(iRegEntry); // make copies of m_controlParameters and m_commandOptions to // avoid unreasonable overwriting during concurrent registration // and unregistration. ControlParameters parameters = m_controlParameters; CommandOptions options = m_commandOptions; startUnregistration(parameters.setName(prefixForRegistration).unsetCost(), options.setSigningIdentity(identity.first), m_nRetries); }
int ndnsec_cert_gen(int argc, char** argv) { using boost::tokenizer; using boost::escaped_list_separator; using namespace ndn; using namespace ndn::time; namespace po = boost::program_options; std::string notBeforeStr; std::string notAfterStr; std::string subjectName; std::string requestFile("-"); std::string signId; std::string subjectInfo; bool hasSignId = false; bool isNack = false; po::options_description description("General Usage\n ndnsec cert-gen [-h] [-S date] [-E date] [-N subject-name] [-I subject-info] [-s sign-id] request\nGeneral options"); description.add_options() ("help,h", "produce help message") ("not-before,S", po::value<std::string>(¬BeforeStr), "certificate starting date, YYYYMMDDhhmmss") ("not-after,E", po::value<std::string>(¬AfterStr), "certificate ending date, YYYYMMDDhhmmss") ("subject-name,N", po::value<std::string>(&subjectName), "subject name") ("subject-info,I", po::value<std::string>(&subjectInfo), "subject info, pairs of OID and string description: \"2.5.4.10 'University of California, Los Angeles'\"") ("nack", "Generate revocation certificate (NACK)") ("sign-id,s", po::value<std::string>(&signId), "signing Identity, system default identity if not specified") ("request,r", po::value<std::string>(&requestFile), "request file name, - for stdin") ; po::positional_options_description p; p.add("request", 1); po::variables_map vm; try { po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(), vm); po::notify(vm); } catch (const std::exception& e) { std::cerr << "ERROR: " << e.what() << std::endl; return 1; } if (vm.count("help") != 0) { std::cerr << description << std::endl; return 0; } if (vm.count("sign-id") != 0) { hasSignId = true; } if (vm.count("nack") != 0) { isNack = true; } std::vector<CertificateSubjectDescription> otherSubDescrypt; tokenizer<escaped_list_separator<char> > subjectInfoItems (subjectInfo, escaped_list_separator<char> ("\\", " \t", "'\"")); tokenizer<escaped_list_separator<char> >::iterator it = subjectInfoItems.begin(); while (it != subjectInfoItems.end()) { std::string oid = *it; it++; if (it == subjectInfoItems.end()) { std::cerr << "ERROR: unmatched info for oid [" << oid << "]" << std::endl; return 1; } std::string value = *it; otherSubDescrypt.push_back(CertificateSubjectDescription(oid, value)); it++; } system_clock::TimePoint notBefore; system_clock::TimePoint notAfter; if (vm.count("not-before") == 0) { notBefore = system_clock::now(); } else { notBefore = fromIsoString(notBeforeStr.substr(0, 8) + "T" + notBeforeStr.substr(8, 6)); } if (vm.count("not-after") == 0) { notAfter = notBefore + days(365); } else { notAfter = fromIsoString(notAfterStr.substr(0, 8) + "T" + notAfterStr.substr(8, 6)); if (notAfter < notBefore) { std::cerr << "not-before is later than not-after" << std::endl; return 1; } } if (vm.count("request") == 0) { std::cerr << "request file must be specified" << std::endl; return 1; } shared_ptr<IdentityCertificate> selfSignedCertificate = getIdentityCertificate(requestFile); if (!static_cast<bool>(selfSignedCertificate)) { std::cerr << "ERROR: input error" << std::endl; return 1; } KeyChain keyChain; Name keyName = selfSignedCertificate->getPublicKeyName(); Name signIdName; Name certName; if (!hasSignId) signIdName = keyChain.getDefaultIdentity(); else signIdName = Name(signId); if (signIdName.isPrefixOf(keyName)) { // if signee's namespace is a sub-namespace of signer, for example, signer's namespace is // /ndn/test, signee's namespace is /ndn/test/alice, the generated certificate name is // /ndn/test/KEY/alice/ksk-1234/ID-CERT/%01%02 certName.append(signIdName) .append("KEY") .append(keyName.getSubName(signIdName.size())) .append("ID-CERT") .appendVersion(); } else { // if signee's namespace is not a sub-namespace of signer, for example, signer's namespace is // /ndn/test, signee's namespace is /ndn/ucla/bob, the generated certificate name is // /ndn/ucla/bob/KEY/ksk-1234/ID-CERT/%01%02 certName.append(keyName.getPrefix(-1)) .append("KEY") .append(keyName.get(-1)) .append("ID-CERT") .appendVersion(); } Block wire; if (!isNack) { if (vm.count("subject-name") == 0) { std::cerr << "subject_name must be specified" << std::endl; return 1; } CertificateSubjectDescription subDescryptName("2.5.4.41", subjectName); IdentityCertificate certificate; certificate.setName(certName); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); certificate.setPublicKeyInfo(selfSignedCertificate->getPublicKeyInfo()); certificate.addSubjectDescription(subDescryptName); for (size_t i = 0; i < otherSubDescrypt.size(); i++) certificate.addSubjectDescription(otherSubDescrypt[i]); certificate.encode(); keyChain.createIdentity(signIdName); Name signingCertificateName = keyChain.getDefaultCertificateNameForIdentity(signIdName); keyChain.sign(certificate, signingCertificateName); wire = certificate.wireEncode(); } else { Data revocationCert; // revocationCert.setContent(void*, 0); // empty content revocationCert.setName(certName); keyChain.createIdentity(signIdName); Name signingCertificateName = keyChain.getDefaultCertificateNameForIdentity(signIdName); keyChain.sign(revocationCert, signingCertificateName); wire = revocationCert.wireEncode(); } try { using namespace CryptoPP; StringSource ss(wire.wire(), wire.size(), true, new Base64Encoder(new FileSink(std::cout), true, 64)); } catch (const CryptoPP::Exception& e) { std::cerr << "ERROR: " << e.what() << std::endl; return 1; } return 0; }