security: Refactoring creation of SecPublicInfo and SecTpm during KeyChain creation
The objective of this refactoring is to allow KeyChains with custom PIB
and TPM. As of this commit, KeyChain no longer hard-codes PIB and TPM
instance creation. Instead, creation is delegated to factory functions,
which need to be statically registered, e.g., using
`NDN_CXX_KEYCHAIN_REGISTER_PIB` and `NDN_CXX_KEYCHAIN_REGISTER_TPM`
macros.
Change-Id: I0d29b5ed8d74d99d8a56c4a6e9024f2587dd125e
Refs: #2384
diff --git a/src/security/key-chain.cpp b/src/security/key-chain.cpp
index 758c2f5..4c7d08f 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/key-chain.cpp
@@ -23,15 +23,16 @@
#include "key-chain.hpp"
+#include "../util/random.hpp"
+#include "../util/config-file.hpp"
+
#include "sec-public-info-sqlite3.hpp"
-#include "sec-tpm-file.hpp"
#ifdef NDN_CXX_HAVE_OSX_SECURITY
#include "sec-tpm-osx.hpp"
-#endif
+#endif // NDN_CXX_HAVE_OSX_SECURITY
-#include "../util/random.hpp"
-#include "../util/config-file.hpp"
+#include "sec-tpm-file.hpp"
namespace ndn {
@@ -40,22 +41,71 @@
const RsaKeyParams KeyChain::DEFAULT_KEY_PARAMS;
+const std::string DEFAULT_PIB_SCHEME = "pib-sqlite3";
+
+#if defined(NDN_CXX_HAVE_OSX_SECURITY) and defined(NDN_CXX_WITH_OSX_KEYCHAIN)
+const std::string DEFAULT_TPM_SCHEME = "tpm-osxkeychain";
+#else
+const std::string DEFAULT_TPM_SCHEME = "tpm-file";
+#endif // defined(NDN_CXX_HAVE_OSX_SECURITY) and defined(NDN_CXX_WITH_OSX_KEYCHAIN)
+
+// When static library is used, not everything is compiled into the resulting binary.
+// Therefore, the following standard PIB and TPMs need to be registered here.
+// http://stackoverflow.com/q/9459980/2150331
+//
+// Also, cannot use Type::SCHEME, as its value may be uninitialized
+NDN_CXX_KEYCHAIN_REGISTER_PIB(SecPublicInfoSqlite3, "pib-sqlite3", "sqlite3");
+
+#ifdef NDN_CXX_HAVE_OSX_SECURITY
+NDN_CXX_KEYCHAIN_REGISTER_TPM(SecTpmOsx, "tpm-osxkeychain", "osx-keychain");
+#endif // NDN_CXX_HAVE_OSX_SECURITY
+
+NDN_CXX_KEYCHAIN_REGISTER_TPM(SecTpmFile, "tpm-file", "file");
+
+static std::map<std::string, KeyChain::PibCreateFunc>&
+getPibFactories()
+{
+ static std::map<std::string, KeyChain::PibCreateFunc> pibFactories;
+ return pibFactories;
+}
+
+static std::map<std::string, KeyChain::TpmCreateFunc>&
+getTpmFactories()
+{
+ static std::map<std::string, KeyChain::TpmCreateFunc> tpmFactories;
+ return tpmFactories;
+}
+
+void
+KeyChain::registerPibImpl(std::initializer_list<std::string> schemes,
+ KeyChain::PibCreateFunc createFunc)
+{
+ for (const std::string& scheme : schemes) {
+ getPibFactories()[scheme] = createFunc;
+ }
+}
+
+void
+KeyChain::registerTpmImpl(std::initializer_list<std::string> schemes,
+ KeyChain::TpmCreateFunc createFunc)
+{
+ for (const std::string& scheme : schemes) {
+ getTpmFactories()[scheme] = createFunc;
+ }
+}
+
KeyChain::KeyChain()
: m_pib(nullptr)
, m_tpm(nullptr)
, m_lastTimestamp(time::toUnixTimestamp(time::system_clock::now()))
{
- initialize("", "", false);
-}
+ ConfigFile config;
+ const ConfigFile::Parsed& parsed = config.getParsedConfiguration();
-template<class T>
-inline
-KeyChain::KeyChain(T traits)
- : m_pib(new typename T::Pib)
- , m_tpm(nullptr)
- , m_lastTimestamp(time::toUnixTimestamp(time::system_clock::now()))
-{
- initialize(T::Pib::SCHEME, T::Tpm::SCHEME, false);
+ std::string pibLocator = parsed.get<std::string>("pib", "");
+ std::string tpmLocator = parsed.get<std::string>("tpm", "");
+
+ initialize(pibLocator, tpmLocator, false);
}
KeyChain::KeyChain(const std::string& pibName,
@@ -65,151 +115,80 @@
, m_tpm(nullptr)
, m_lastTimestamp(time::toUnixTimestamp(time::system_clock::now()))
{
- std::string pibLocator;
- std::string tpmLocator;
-
- if (tpmName == "file")
- tpmLocator = SecTpmFile::SCHEME;
-#if defined(NDN_CXX_HAVE_OSX_SECURITY)
- else if (tpmName == "osx-keychain")
- tpmLocator = SecTpmOsx::SCHEME;
-#endif //NDN_CXX_HAVE_OSX_SECURITY
- else
- tpmLocator = tpmName;
-
- if (pibName == "sqlite3")
- pibLocator = SecPublicInfoSqlite3::SCHEME;
- else
- pibLocator = pibName;
-
- initialize(pibLocator, tpmLocator, allowReset);
+ initialize(pibName, tpmName, allowReset);
}
KeyChain::~KeyChain()
{
- if (m_pib != nullptr)
- delete m_pib;
+}
- if (m_tpm != nullptr)
- delete m_tpm;
+static inline std::tuple<std::string/*type*/, std::string/*location*/>
+parseUri(const std::string& uri)
+{
+ size_t pos = uri.find(':');
+ if (pos != std::string::npos) {
+ return std::make_tuple(uri.substr(0, pos),
+ uri.substr(pos + 1));
+ }
+ else {
+ return std::make_tuple(uri, "");
+ }
}
void
-KeyChain::initialize(const std::string& pib,
- const std::string& tpm,
+KeyChain::initialize(const std::string& pibLocatorUri,
+ const std::string& tpmLocatorUri,
bool allowReset)
{
- ConfigFile config;
- const ConfigFile::Parsed& parsed = config.getParsedConfiguration();
+ BOOST_ASSERT(!getPibFactories().empty());
+ BOOST_ASSERT(!getTpmFactories().empty());
- std::string defaultTpmLocator;
+ std::string pibScheme, pibLocation;
+ std::tie(pibScheme, pibLocation) = parseUri(pibLocatorUri);
+
+ std::string tpmScheme, tpmLocation;
+ std::tie(tpmScheme, tpmLocation) = parseUri(tpmLocatorUri);
+
+ // Find PIB and TPM factories
+ if (pibScheme.empty()) {
+ pibScheme = DEFAULT_PIB_SCHEME;
+ }
+ auto pibFactory = getPibFactories().find(pibScheme);
+ if (pibFactory == getPibFactories().end()) {
+ throw Error("PIB scheme '" + pibScheme + "' is not supported");
+ }
+
+ if (tpmScheme.empty()) {
+ tpmScheme = DEFAULT_TPM_SCHEME;
+ }
+ auto tpmFactory = getTpmFactories().find(tpmScheme);
+ if (tpmFactory == getTpmFactories().end()) {
+ throw Error("TPM scheme '" + tpmScheme + "' is not supported");
+ }
+
+ // Create PIB
+ m_pib = pibFactory->second(pibLocation);
+
+ std::string actualTpmLocator = tpmScheme + ":" + tpmLocation;
+
+ // Create TPM, checking that it matches to the previously associated one
try {
- defaultTpmLocator = parsed.get<std::string>("tpm");
- }
- catch (boost::property_tree::ptree_bad_path&) {
- // tpm is not specified, take the default
- }
- catch (boost::property_tree::ptree_bad_data& error) {
- throw ConfigFile::Error(error.what());
- }
-
- if (defaultTpmLocator.empty())
-#if defined(NDN_CXX_HAVE_OSX_SECURITY) and defined(NDN_CXX_WITH_OSX_KEYCHAIN)
- defaultTpmLocator = SecTpmOsx::SCHEME;
-#else
- defaultTpmLocator = SecTpmFile::SCHEME;
-#endif // defined(NDN_CXX_HAVE_OSX_SECURITY) and defined(NDN_CXX_WITH_OSX_KEYCHAIN)
- else if (defaultTpmLocator == "osx-keychain")
-#if defined(NDN_CXX_HAVE_OSX_SECURITY)
- defaultTpmLocator = SecTpmOsx::SCHEME;
-#else
- throw Error("TPM Locator '" + defaultTpmLocator + "' is not supported on this platform");
-#endif // NDN_CXX_HAVE_OSX_SECURITY
- else if (defaultTpmLocator == "file")
- defaultTpmLocator = SecTpmFile::SCHEME;
-
- std::string defaultPibLocator;
- try {
- defaultPibLocator = parsed.get<std::string>("pib");
- }
- catch (boost::property_tree::ptree_bad_path&) {
- // pib is not specified, take the default
- }
- catch (boost::property_tree::ptree_bad_data& error) {
- throw ConfigFile::Error(error.what());
- }
-
- if (defaultPibLocator.empty() || defaultPibLocator == "sqlite3")
- defaultPibLocator = SecPublicInfoSqlite3::SCHEME;
-
- std::string pibLocator = pib;
- std::string tpmLocator = tpm;
-
- if (pibLocator == "")
- pibLocator = defaultPibLocator;
-
- if (defaultPibLocator == pibLocator)
- tpmLocator = defaultTpmLocator;
-
- initializePib(pibLocator);
-
- std::string currentTpmLocator;
- try {
- currentTpmLocator = m_pib->getTpmLocator();
-
- if (currentTpmLocator != tpmLocator) {
- if (!allowReset) {
- // Tpm mismatch, but we do not want to reset PIB
- throw MismatchError("TPM locator supplied and TPM locator in PIB mismatch: " +
- currentTpmLocator + " != " + tpmLocator);
- }
- else {
- // reset is explicitly required
- tpmLocator = currentTpmLocator;
- }
- }
+ if (!allowReset &&
+ !m_pib->getTpmLocator().empty() && m_pib->getTpmLocator() != actualTpmLocator)
+ // Tpm mismatch, but we do not want to reset PIB
+ throw MismatchError("TPM locator supplied does not match TPM locator in PIB: " +
+ m_pib->getTpmLocator() + " != " + actualTpmLocator);
}
catch (SecPublicInfo::Error&) {
// TPM locator is not set in PIB yet.
}
- initializeTpm(tpmLocator); // note that key mismatch may still happen
- // if the TPM locator is initially set to a wrong one
- // or if the PIB was shared by more than one TPMs before.
- // This is due to the old PIB does not have TPM info,
- // new pib should not have this problem.
+ // note that key mismatch may still happen if the TPM locator is initially set to a
+ // wrong one or if the PIB was shared by more than one TPMs before. This is due to the
+ // old PIB does not have TPM info, new pib should not have this problem.
- m_pib->setTpmLocator(tpmLocator);
-}
-
-void
-KeyChain::initializeTpm(const std::string& locator)
-{
- size_t pos = locator.find(':');
- std::string type = locator.substr(0, pos + 1);
- std::string location = locator.substr(pos + 1);
-
- if (type == SecTpmFile::SCHEME)
- m_tpm = new SecTpmFile(location);
-#if defined(NDN_CXX_HAVE_OSX_SECURITY) and defined(NDN_CXX_WITH_OSX_KEYCHAIN)
- else if (type == SecTpmOsx::SCHEME)
- m_tpm = new SecTpmOsx(location);
-#endif
- else
- throw Error("Tpm locator error: Unsupported Tpm type: " + type);
-}
-
-void
-KeyChain::initializePib(const std::string& locator)
-{
- size_t pos = locator.find(':');
- std::string type = locator.substr(0, pos + 1);
- std::string location = locator.substr(pos + 1);
-
- if (type == SecPublicInfoSqlite3::SCHEME)
- m_pib = new SecPublicInfoSqlite3(location);
- else
- throw Error("Pib locator error: Unsupported Pib type: " + type);
+ m_tpm = tpmFactory->second(tpmLocation);
+ m_pib->setTpmLocator(actualTpmLocator);
}
Name
diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index 1973c77..cc45dc3 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -35,18 +35,11 @@
#include "../interest.hpp"
#include "../util/crypto.hpp"
#include "../util/random.hpp"
+#include <initializer_list>
namespace ndn {
-template<class TypePib, class TypeTpm>
-class KeyChainTraits
-{
-public:
- typedef TypePib Pib;
- typedef TypeTpm Tpm;
-};
-
class KeyChain : noncopyable
{
public:
@@ -74,11 +67,34 @@
}
};
- KeyChain();
+ typedef function<unique_ptr<SecPublicInfo> (const std::string&)> PibCreateFunc;
+ typedef function<unique_ptr<SecTpm>(const std::string&)> TpmCreateFunc;
- template<class KeyChainTraits>
- explicit
- KeyChain(KeyChainTraits traits);
+ /**
+ * @brief Register a new PIB
+ * @param schemes List of scheme with which this PIB will be associated
+ */
+ template<class PibType>
+ static void
+ registerPib(std::initializer_list<std::string> schemes);
+
+ /**
+ * @brief Register a new TPM
+ * @param schemes List of scheme with which this TPM will be associated
+ */
+ template<class TpmType>
+ static void
+ registerTpm(std::initializer_list<std::string> schemes);
+
+ /**
+ * @brief Constructor to create KeyChain with default PIB and TPM
+ *
+ * Default PIB and TPM are platform-dependent and can be overriden system-wide or on
+ * per-use basis.
+ *
+ * @todo Add detailed description about config file behavior here
+ */
+ KeyChain();
/**
* @brief KeyChain constructor
@@ -658,16 +674,10 @@
private:
void
- initialize(const std::string& pibLocator,
- const std::string& tpmLocator,
+ initialize(const std::string& pibLocatorUri,
+ const std::string& tpmLocatorUri,
bool needReset);
- void
- initializeTpm(const std::string& locator);
-
- void
- initializePib(const std::string& locator);
-
/**
* @brief Determine signature type
*
@@ -732,14 +742,20 @@
signPacketWrapper(Interest& interest, const Signature& signature,
const Name& keyName, DigestAlgorithm digestAlgorithm);
+ static void
+ registerPibImpl(std::initializer_list<std::string> schemes, PibCreateFunc createFunc);
+
+ static void
+ registerTpmImpl(std::initializer_list<std::string> schemes, TpmCreateFunc createFunc);
+
public:
static const Name DEFAULT_PREFIX;
// RsaKeyParams is set to be default for backward compatibility.
static const RsaKeyParams DEFAULT_KEY_PARAMS;
private:
- SecPublicInfo* m_pib;
- SecTpm* m_tpm;
+ std::unique_ptr<SecPublicInfo> m_pib;
+ std::unique_ptr<SecTpm> m_tpm;
time::milliseconds m_lastTimestamp;
};
@@ -801,6 +817,56 @@
return;
}
+template<class PibType>
+inline void
+KeyChain::registerPib(std::initializer_list<std::string> schemes)
+{
+ registerPibImpl(schemes, [] (const std::string& locator) {
+ return unique_ptr<SecPublicInfo>(new PibType(locator));
+ });
+}
+
+template<class TpmType>
+inline void
+KeyChain::registerTpm(std::initializer_list<std::string> schemes)
+{
+ registerTpmImpl(schemes, [] (const std::string& locator) {
+ return unique_ptr<SecTpm>(new TpmType(locator));
+ });
+}
+
+/**
+ * \brief Register SecPib class in ndn-cxx KeyChain
+ *
+ * This macro should be placed once in the implementation file of the
+ * SecPib type within the namespace where the type is declared.
+ */
+#define NDN_CXX_KEYCHAIN_REGISTER_PIB(PibType, ...) \
+static class NdnCxxAuto ## PibType ## PibRegistrationClass \
+{ \
+public: \
+ NdnCxxAuto ## PibType ## PibRegistrationClass() \
+ { \
+ ::ndn::KeyChain::registerPib<PibType>({__VA_ARGS__}); \
+ } \
+} ndnCxxAuto ## PibType ## PibRegistrationVariable
+
+/**
+ * \brief Register SecTpm class in ndn-cxx KeyChain
+ *
+ * This macro should be placed once in the implementation file of the
+ * SecTpm type within the namespace where the type is declared.
+ */
+#define NDN_CXX_KEYCHAIN_REGISTER_TPM(TpmType, ...) \
+static class NdnCxxAuto ## TpmType ## TpmRegistrationClass \
+{ \
+public: \
+ NdnCxxAuto ## TpmType ## TpmRegistrationClass() \
+ { \
+ ::ndn::KeyChain::registerTpm<TpmType>({__VA_ARGS__}); \
+ } \
+} ndnCxxAuto ## TpmType ## TpmRegistrationVariable
+
} // namespace ndn
#endif // NDN_SECURITY_KEY_CHAIN_HPP
diff --git a/src/security/sec-public-info-sqlite3.cpp b/src/security/sec-public-info-sqlite3.cpp
index 99a3d4a..bfd091e 100644
--- a/src/security/sec-public-info-sqlite3.cpp
+++ b/src/security/sec-public-info-sqlite3.cpp
@@ -40,7 +40,7 @@
using std::string;
using std::vector;
-const std::string SecPublicInfoSqlite3::SCHEME("pib-sqlite3:");
+const std::string SecPublicInfoSqlite3::SCHEME("pib-sqlite3");
static const string INIT_TPM_INFO_TABLE =
"CREATE TABLE IF NOT EXISTS "
diff --git a/src/security/sec-public-info.cpp b/src/security/sec-public-info.cpp
index 6b01758..d08ea28 100644
--- a/src/security/sec-public-info.cpp
+++ b/src/security/sec-public-info.cpp
@@ -35,7 +35,7 @@
std::string
SecPublicInfo::getPibLocator()
{
- return this->getScheme() + m_location;
+ return this->getScheme() + ":" + m_location;
}
void
diff --git a/src/security/sec-tpm-file.cpp b/src/security/sec-tpm-file.cpp
index 26862c5..fb3936f 100644
--- a/src/security/sec-tpm-file.cpp
+++ b/src/security/sec-tpm-file.cpp
@@ -23,9 +23,8 @@
* @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
*/
-#include "common.hpp"
-
#include "sec-tpm-file.hpp"
+
#include "../encoding/buffer-stream.hpp"
#include <boost/filesystem.hpp>
@@ -44,7 +43,7 @@
using std::ostringstream;
using std::ofstream;
-const std::string SecTpmFile::SCHEME("tpm-file:");
+const std::string SecTpmFile::SCHEME("tpm-file");
class SecTpmFile::Impl
{
@@ -155,7 +154,7 @@
const EcdsaKeyParams& ecdsaParams = static_cast<const EcdsaKeyParams&>(params);
- OID curveName;
+ CryptoPP::OID curveName;
switch (ecdsaParams.getKeySize())
{
case 256:
diff --git a/src/security/sec-tpm-osx.cpp b/src/security/sec-tpm-osx.cpp
index 593c586..1a30052 100644
--- a/src/security/sec-tpm-osx.cpp
+++ b/src/security/sec-tpm-osx.cpp
@@ -21,10 +21,9 @@
* @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
*/
-#include "common.hpp"
-
#include "sec-tpm-osx.hpp"
#include "public-key.hpp"
+
#include "../encoding/oid.hpp"
#include "../encoding/buffer-stream.hpp"
#include "cryptopp.hpp"
@@ -47,7 +46,7 @@
using std::string;
-const std::string SecTpmOsx::SCHEME("tpm-osxkeychain:");
+const std::string SecTpmOsx::SCHEME("tpm-osxkeychain");
/**
* @brief Helper class to wrap CoreFoundation object pointers
diff --git a/src/security/sec-tpm.cpp b/src/security/sec-tpm.cpp
index d8c6a4f..a4b27f1 100644
--- a/src/security/sec-tpm.cpp
+++ b/src/security/sec-tpm.cpp
@@ -43,7 +43,7 @@
std::string
SecTpm::getTpmLocator()
{
- return this->getScheme() + m_location;
+ return this->getScheme() + ":" + m_location;
}
ConstBufferPtr
diff --git a/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf b/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf
index ebc2bfd..f1cdcf9 100644
--- a/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf
+++ b/tests/unit-tests/security/config-file-empty-home/.ndn/client.conf
@@ -1,4 +1,4 @@
; Empty client.conf is unfeasible in automated tests,
; see tests/unit-tests/security/config-file-readme.txt.
; The test is broken into two: 1) missing pib and 2) missing tpm
-pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
\ No newline at end of file
+pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/
diff --git a/tests/unit-tests/security/config-file-empty2-home/.ndn/client.conf b/tests/unit-tests/security/config-file-empty2-home/.ndn/client.conf
index d50e5ac..98b43c8 100644
--- a/tests/unit-tests/security/config-file-empty2-home/.ndn/client.conf
+++ b/tests/unit-tests/security/config-file-empty2-home/.ndn/client.conf
@@ -1,4 +1,4 @@
; Empty client.conf is unfeasible in automated tests,
; see tests/unit-tests/security/config-file-readme.txt.
; The test is broken into two: 1) missing pib and 2) missing tpm
-tpm=tpm-file:/tmp/test/ndn-cxx/keychain/empty-file/
\ No newline at end of file
+tpm=tpm-file:/tmp/test/ndn-cxx/keychain/empty-file/
diff --git a/tests/unit-tests/security/config-file-home/.ndn/client.conf b/tests/unit-tests/security/config-file-home/.ndn/client.conf
index 47c9406..8823a78 100644
--- a/tests/unit-tests/security/config-file-home/.ndn/client.conf
+++ b/tests/unit-tests/security/config-file-home/.ndn/client.conf
@@ -1,2 +1,2 @@
pib=pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-file/
-tpm=tpm-file:/tmp/test/ndn-cxx/keychain/sqlite3-file/
\ No newline at end of file
+tpm=tpm-file:/tmp/test/ndn-cxx/keychain/sqlite3-file/
diff --git a/tests/unit-tests/security/dummy-keychain.cpp b/tests/unit-tests/security/dummy-keychain.cpp
new file mode 100644
index 0000000..c7ae04c
--- /dev/null
+++ b/tests/unit-tests/security/dummy-keychain.cpp
@@ -0,0 +1,389 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2015 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "dummy-keychain.hpp"
+
+#include "util/io.hpp"
+#include <boost/iostreams/device/array.hpp>
+
+namespace ndn {
+namespace security {
+
+static const uint8_t DUMMY_CERT[] =
+ "Bv0C8Ac4CAVkdW1teQgDa2V5CANLRVkIEWtzay0xNDE4NjAwMzkxMDUwCAdJRC1D"
+ "RVJUCAn9AAABSkssIl4UAxgBAhX9AXMwggFvMCIYDzIwMTQxMjE0MjMzOTUxWhgP"
+ "MjAzNDEyMDkyMzM5NTFaMCUwIwYDVQQpExwvZHVtbXkva2V5L2tzay0xNDE4NjAw"
+ "MzkxMDUwMIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAxUfhv54Jdgeq"
+ "0wmQ/ru9ew/ByCKcQawaZT9Xm9o/sMahwQ9IbNx2Dz4Jkelaxra7+DI0QP3pYctv"
+ "Ykn/jwq5y3cO0LJQB+kf/7FtSKG9qBEv8aqq5hDVteBUKiyUXqDmQzbe+mTcJ9Yd"
+ "D7siF1dhrjnM3KL1xpcXu3QaV5m/I6cKVwYrJxp3JKr6k5pHhxJlPIyUu7oU3kFW"
+ "7bHq2uq4ec9gBXCKwA64IVYVQm1GVDk+V0wr7pw9qD6QNa7eMzrCME6vfM0deSiU"
+ "a4TovUJDQFDsM287kYm3tZu7iuJzmOC63tl4YZdyqyOgnqSrUGE1soNHfLokI13H"
+ "hSwxok7nuQIBERY0GwEBHC8HLQgFZHVtbXkIA2tleQgDS0VZCBFrc2stMTQxODYw"
+ "MDM5MTA1MAgHSUQtQ0VSVBf9AQBLLJoQt9HE93NI3Mv1JCb3ezBCWMwTDnZA+XQV"
+ "UgVSvISJfU/lo2sne0SfGp4KsUhj206CDpuh3q0Th5gKSJeysy/bv66V2m2G8aDn"
+ "OkJ7Ut+2o/QnFpIMJz+oZf2f9Z0Pchocmkv8y4Fj02t8HCuFO1ekEvOcocZvWbKy"
+ "HX+P0OdefPzSC535/rsNHXTzgPsoV+yb13vrm4wPeqPPBs+scQYneIFKkRkGE5PU"
+ "pkncAMBN6iWgmSA2RcjcbmT6utCjJTqWviX1XPQtHoF/hBGC0D/TtQDgwVGGibXB"
+ "zb+klRHvCC/uUIfjU2HrE705kaw8btPhTP5/PMe8YKkk+hjh";
+
+static const uint8_t DUMMY_SIGNATURE[] =
+ {0x17, 0xfd, 0x01, 0x00, 0x93, 0x15, 0x09, 0x49, 0x79, 0x9e, 0xb7, 0x9c, 0xd3, 0xc1, 0xbf, 0x61,
+ 0x89, 0xd5, 0xd9, 0xca, 0xf2, 0xb0, 0x14, 0xae, 0x72, 0x7c, 0x1f, 0x8f, 0xf5, 0xb1, 0x70, 0xd6,
+ 0x9b, 0x8f, 0xf8, 0xd7, 0x2d, 0xbc, 0x92, 0x6f, 0x7d, 0x77, 0x96, 0x46, 0xea, 0xd4, 0x7d, 0x90,
+ 0xbc, 0x7a, 0xeb, 0xe2, 0x03, 0x93, 0xb1, 0xd2, 0x62, 0xec, 0x9d, 0xff, 0x9c, 0x9c, 0x2a, 0x14,
+ 0x7d, 0x23, 0xca, 0x29, 0x3d, 0x15, 0x1a, 0x40, 0x42, 0x2c, 0x59, 0x33, 0x8a, 0xf7, 0xc0, 0x6b,
+ 0xc4, 0x9c, 0xf3, 0xc4, 0x99, 0xa4, 0x1a, 0x60, 0xf5, 0x28, 0x7d, 0x4c, 0xef, 0x43, 0x7d, 0xbd,
+ 0x7d, 0x00, 0x51, 0xee, 0x41, 0xf5, 0x25, 0x80, 0xce, 0xe6, 0x64, 0x4f, 0x75, 0x54, 0xf3, 0xb2,
+ 0x99, 0x9a, 0x0f, 0x93, 0x9a, 0x28, 0x1d, 0xfe, 0x12, 0x8a, 0xe0, 0xc1, 0x02, 0xeb, 0xa4, 0x35,
+ 0x52, 0x88, 0xac, 0x44, 0x1a, 0x44, 0x82, 0x97, 0x4f, 0x5f, 0xa8, 0xd8, 0x9f, 0x67, 0x38, 0xa8,
+ 0x64, 0xb6, 0x62, 0x99, 0xbd, 0x96, 0x3c, 0xf5, 0x86, 0x09, 0x5c, 0x97, 0x6b, 0x8f, 0xae, 0xe0,
+ 0x60, 0xe7, 0x23, 0x98, 0x6a, 0xee, 0xc1, 0xb0, 0x14, 0xbe, 0x46, 0x2c, 0xfb, 0xa7, 0x27, 0x73,
+ 0xe4, 0xf3, 0x26, 0x33, 0xba, 0x99, 0xd4, 0x01, 0x38, 0xa8, 0xf2, 0x9e, 0x87, 0xe0, 0x71, 0x0b,
+ 0x25, 0x44, 0x07, 0x35, 0x88, 0xab, 0x67, 0x27, 0x56, 0x0e, 0xb5, 0xb5, 0xe8, 0x27, 0xb4, 0x49,
+ 0xdc, 0xb8, 0x48, 0x31, 0xff, 0x99, 0x48, 0xab, 0x11, 0xb4, 0xa0, 0xdf, 0x8a, 0x6d, 0xff, 0x43,
+ 0x69, 0x32, 0xa7, 0xbc, 0x63, 0x9d, 0x0f, 0xe0, 0x95, 0x34, 0x36, 0x25, 0x4b, 0x3e, 0x36, 0xbd,
+ 0x81, 0x91, 0x0b, 0x91, 0x9f, 0x3a, 0x04, 0xa2, 0x44, 0x28, 0x19, 0xa1, 0x38, 0x21, 0x4f, 0x25,
+ 0x59, 0x8a, 0x48, 0xc2};
+
+const std::string DummyPublicInfo::SCHEME = "pib-dummy";
+const std::string DummyTpm::SCHEME = "tpm-dummy";
+
+NDN_CXX_KEYCHAIN_REGISTER_PIB(DummyPublicInfo, "pib-dummy", "dummy");
+NDN_CXX_KEYCHAIN_REGISTER_TPM(DummyTpm, "tpm-dummy", "dummy");
+
+DummyPublicInfo::DummyPublicInfo(const std::string& locator)
+ : SecPublicInfo(locator)
+{
+}
+
+bool
+DummyPublicInfo::doesIdentityExist(const Name& identityName)
+{
+ return true;
+}
+
+void
+DummyPublicInfo::addIdentity(const Name& identityName)
+{
+}
+
+bool
+DummyPublicInfo::revokeIdentity()
+{
+ return true;
+}
+
+bool
+DummyPublicInfo::doesPublicKeyExist(const Name& keyName)
+{
+ return true;
+}
+
+void
+DummyPublicInfo::addKey(const Name& keyName, const PublicKey& publicKey)
+{
+}
+
+shared_ptr<PublicKey>
+DummyPublicInfo::getPublicKey(const Name& keyName)
+{
+ static shared_ptr<PublicKey> publicKey = nullptr;
+ if (publicKey == nullptr) {
+ typedef boost::iostreams::stream<boost::iostreams::array_source> arrayStream;
+ arrayStream
+ is(reinterpret_cast<const char*>(DUMMY_CERT), sizeof(DUMMY_CERT));
+ auto cert = io::load<IdentityCertificate>(is, io::NO_ENCODING);
+ publicKey = make_shared<PublicKey>(cert->getPublicKeyInfo());
+ }
+
+ return publicKey;
+}
+
+KeyType
+DummyPublicInfo::getPublicKeyType(const Name& keyName)
+{
+ return KEY_TYPE_RSA;
+}
+
+bool
+DummyPublicInfo::doesCertificateExist(const Name& certificateName)
+{
+ return true;
+}
+
+void
+DummyPublicInfo::addCertificate(const IdentityCertificate& certificate)
+{
+}
+
+shared_ptr<IdentityCertificate>
+DummyPublicInfo::getCertificate(const Name& certificateName)
+{
+ static shared_ptr<IdentityCertificate> cert = nullptr;
+ if (cert == nullptr) {
+ typedef boost::iostreams::stream<boost::iostreams::array_source> arrayStream;
+ arrayStream
+ is(reinterpret_cast<const char*>(DUMMY_CERT), sizeof(DUMMY_CERT));
+ cert = io::load<IdentityCertificate>(is, io::BASE_64);
+ }
+
+ return cert;
+}
+
+Name
+DummyPublicInfo::getDefaultIdentity()
+{
+ return "/dummy/key";
+}
+
+Name
+DummyPublicInfo::getDefaultKeyNameForIdentity(const Name& identityName)
+{
+ return "/dummy/key/ksk-1418600391050";
+}
+
+Name
+DummyPublicInfo::getDefaultCertificateNameForKey(const Name& keyName)
+{
+ return "/dummy/key/KEY/ksk-1418600391050/ID-CERT/%FD%00%00%01JK%2C%22%5E";
+}
+
+void
+DummyPublicInfo::getAllIdentities(std::vector<Name>& nameList, bool isDefault)
+{
+ if (isDefault) {
+ nameList.push_back("/dummy");
+ }
+}
+
+void
+DummyPublicInfo::getAllKeyNames(std::vector<Name>& nameList, bool isDefault)
+{
+ if (isDefault) {
+ nameList.push_back("/dummy/key/ksk-1418600391050");
+ }
+}
+
+void
+DummyPublicInfo::getAllKeyNamesOfIdentity(const Name& identity, std::vector<Name>& nameList,
+ bool isDefault)
+{
+ if (isDefault) {
+ nameList.push_back("/dummy/key/ksk-1418600391050");
+ }
+}
+
+void
+DummyPublicInfo::getAllCertificateNames(std::vector<Name>& nameList, bool isDefault)
+{
+ if (isDefault) {
+ nameList.push_back("/dummy/key/KEY/ksk-1418600391050/ID-CERT/%FD%00%00%01JK%2C%22%5E");
+ }
+}
+
+void
+DummyPublicInfo::getAllCertificateNamesOfKey(const Name& keyName, std::vector<Name>& nameList,
+ bool isDefault)
+{
+ if (isDefault) {
+ nameList.push_back("/dummy/key/KEY/ksk-1418600391050/ID-CERT/%FD%00%00%01JK%2C%22%5E");
+ }
+}
+
+void
+DummyPublicInfo::deleteCertificateInfo(const Name& certificateName)
+{
+}
+
+void
+DummyPublicInfo::deletePublicKeyInfo(const Name& keyName)
+{
+}
+
+void
+DummyPublicInfo::deleteIdentityInfo(const Name& identity)
+{
+}
+
+void
+DummyPublicInfo::setDefaultIdentityInternal(const Name& identityName)
+{
+}
+
+void
+DummyPublicInfo::setDefaultKeyNameForIdentityInternal(const Name& keyName)
+{
+}
+
+void
+DummyPublicInfo::setDefaultCertificateNameForKeyInternal(const Name& certificateName)
+{
+}
+
+void
+DummyPublicInfo::setTpmLocator(const std::string& tpmLocator)
+{
+ m_tpmLocator = tpmLocator;
+}
+
+std::string
+DummyPublicInfo::getTpmLocator()
+{
+ return m_tpmLocator;
+}
+
+std::string
+DummyPublicInfo::getScheme()
+{
+ return DummyPublicInfo::SCHEME;
+}
+
+//////////////////////////////////////////////////////////////////////////////////////////
+//////////////////////////////////////////////////////////////////////////////////////////
+//////////////////////////////////////////////////////////////////////////////////////////
+//////////////////////////////////////////////////////////////////////////////////////////
+
+DummyTpm::DummyTpm(const std::string& locator)
+ : SecTpm(locator)
+{
+}
+
+void
+DummyTpm::setTpmPassword(const uint8_t* password, size_t passwordLength)
+{
+}
+
+void
+DummyTpm::resetTpmPassword()
+{
+}
+
+void
+DummyTpm::setInTerminal(bool inTerminal)
+{
+}
+
+bool
+DummyTpm::getInTerminal() const
+{
+ return false;
+}
+
+bool
+DummyTpm::isLocked()
+{
+ return false;
+}
+
+bool
+DummyTpm::unlockTpm(const char* password, size_t passwordLength, bool usePassword)
+{
+ return true;
+}
+
+void
+DummyTpm::generateKeyPairInTpm(const Name& keyName, const KeyParams& params)
+{
+}
+
+void
+DummyTpm::deleteKeyPairInTpm(const Name& keyName)
+{
+}
+
+shared_ptr<PublicKey>
+DummyTpm::getPublicKeyFromTpm(const Name& keyName)
+{
+ return nullptr;
+}
+
+Block
+DummyTpm::signInTpm(const uint8_t* data, size_t dataLength, const Name& keyName,
+ DigestAlgorithm digestAlgorithm)
+{
+ return Block(DUMMY_SIGNATURE, sizeof(DUMMY_SIGNATURE));
+}
+
+ConstBufferPtr
+DummyTpm::decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName,
+ bool isSymmetric)
+{
+ throw Error("Not supported");
+}
+
+ConstBufferPtr
+DummyTpm::encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName,
+ bool isSymmetric)
+{
+ throw Error("Not supported");
+}
+
+void
+DummyTpm::generateSymmetricKeyInTpm(const Name& keyName, const KeyParams& params)
+{
+}
+
+bool
+DummyTpm::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass)
+{
+ return true;
+}
+
+bool
+DummyTpm::generateRandomBlock(uint8_t* res, size_t size)
+{
+ return false;
+}
+
+void
+DummyTpm::addAppToAcl(const Name& keyName, KeyClass keyClass, const std::string& appPath,
+ AclType acl)
+{
+}
+
+ConstBufferPtr
+DummyTpm::exportPrivateKeyPkcs8FromTpm(const Name& keyName)
+{
+ throw Error("Not supported");
+}
+
+bool
+DummyTpm::importPrivateKeyPkcs8IntoTpm(const Name& keyName, const uint8_t* buffer,
+ size_t bufferSize)
+{
+ return false;
+}
+
+bool
+DummyTpm::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buffer, size_t bufferSize)
+{
+ return false;
+}
+
+std::string
+DummyTpm::getScheme()
+{
+ return DummyTpm::SCHEME;
+}
+
+} // namespace security
+} // namespace ndn
diff --git a/tests/unit-tests/security/dummy-keychain.hpp b/tests/unit-tests/security/dummy-keychain.hpp
new file mode 100644
index 0000000..5c95edf
--- /dev/null
+++ b/tests/unit-tests/security/dummy-keychain.hpp
@@ -0,0 +1,203 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2015 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_TESTS_SECURITY_DUMMY_KEYCHAIN_HPP
+#define NDN_TESTS_SECURITY_DUMMY_KEYCHAIN_HPP
+
+#include "security/key-chain.hpp"
+
+namespace ndn {
+namespace security {
+
+class DummyPublicInfo : public SecPublicInfo
+{
+public:
+ explicit
+ DummyPublicInfo(const std::string& locator);
+
+ virtual bool
+ doesIdentityExist(const Name& identityName);
+
+ virtual void
+ addIdentity(const Name& identityName);
+
+ virtual bool
+ revokeIdentity();
+
+ virtual bool
+ doesPublicKeyExist(const Name& keyName);
+
+ virtual void
+ addKey(const Name& keyName, const PublicKey& publicKey);
+
+ virtual shared_ptr<PublicKey>
+ getPublicKey(const Name& keyName);
+
+ virtual KeyType
+ getPublicKeyType(const Name& keyName);
+
+ virtual bool
+ doesCertificateExist(const Name& certificateName);
+
+ virtual void
+ addCertificate(const IdentityCertificate& certificate);
+
+ virtual shared_ptr<IdentityCertificate>
+ getCertificate(const Name& certificateName);
+
+ virtual Name
+ getDefaultIdentity();
+
+ virtual Name
+ getDefaultKeyNameForIdentity(const Name& identityName);
+
+ virtual Name
+ getDefaultCertificateNameForKey(const Name& keyName);
+
+ virtual void
+ getAllIdentities(std::vector<Name>& nameList, bool isDefault);
+
+ virtual void
+ getAllKeyNames(std::vector<Name>& nameList, bool isDefault);
+
+ virtual void
+ getAllKeyNamesOfIdentity(const Name& identity, std::vector<Name>& nameList, bool isDefault);
+
+ virtual void
+ getAllCertificateNames(std::vector<Name>& nameList, bool isDefault);
+
+ virtual void
+ getAllCertificateNamesOfKey(const Name& keyName, std::vector<Name>& nameList, bool isDefault);
+
+ virtual void
+ deleteCertificateInfo(const Name& certificateName);
+
+ virtual void
+ deletePublicKeyInfo(const Name& keyName);
+
+ virtual void
+ deleteIdentityInfo(const Name& identity);
+
+ virtual void
+ setTpmLocator(const std::string& tpmLocator);
+
+ virtual std::string
+ getTpmLocator();
+
+protected:
+ virtual void
+ setDefaultIdentityInternal(const Name& identityName);
+
+ virtual void
+ setDefaultKeyNameForIdentityInternal(const Name& keyName);
+
+ virtual void
+ setDefaultCertificateNameForKeyInternal(const Name& certificateName);
+
+ virtual std::string
+ getScheme();
+
+public:
+ static const std::string SCHEME;
+
+private:
+ std::string m_tpmLocator;
+};
+
+//////////////////////////////////////////////////////////////////////////////////////////
+//////////////////////////////////////////////////////////////////////////////////////////
+
+class DummyTpm : public SecTpm
+{
+public:
+ explicit
+ DummyTpm(const std::string& locator);
+
+ virtual void
+ setTpmPassword(const uint8_t* password, size_t passwordLength);
+
+ virtual void
+ resetTpmPassword();
+
+ virtual void
+ setInTerminal(bool inTerminal);
+
+ virtual bool
+ getInTerminal() const;
+
+ virtual bool
+ isLocked();
+
+ virtual bool
+ unlockTpm(const char* password, size_t passwordLength, bool usePassword);
+
+ virtual void
+ generateKeyPairInTpm(const Name& keyName, const KeyParams& params);
+
+ virtual void
+ deleteKeyPairInTpm(const Name& keyName);
+
+ virtual shared_ptr<PublicKey>
+ getPublicKeyFromTpm(const Name& keyName);
+
+ virtual Block
+ signInTpm(const uint8_t* data, size_t dataLength, const Name& keyName,
+ DigestAlgorithm digestAlgorithm);
+
+ virtual ConstBufferPtr
+ decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric);
+
+ virtual ConstBufferPtr
+ encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric);
+
+ virtual void
+ generateSymmetricKeyInTpm(const Name& keyName, const KeyParams& params);
+
+ virtual bool
+ doesKeyExistInTpm(const Name& keyName, KeyClass keyClass);
+
+ virtual bool
+ generateRandomBlock(uint8_t* res, size_t size);
+
+ virtual void
+ addAppToAcl(const Name& keyName, KeyClass keyClass, const std::string& appPath, AclType acl);
+
+ virtual std::string
+ getScheme();
+
+protected:
+ virtual ConstBufferPtr
+ exportPrivateKeyPkcs8FromTpm(const Name& keyName);
+
+ virtual bool
+ importPrivateKeyPkcs8IntoTpm(const Name& keyName, const uint8_t* buffer, size_t bufferSize);
+
+ virtual bool
+ importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buffer, size_t bufferSize);
+
+public:
+ static const std::string SCHEME;
+};
+
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_TESTS_SECURITY_DUMMY_KEYCHAIN_HPP
diff --git a/tests/unit-tests/security/test-keychain.cpp b/tests/unit-tests/security/test-keychain.cpp
index 70e8e01..2595270 100644
--- a/tests/unit-tests/security/test-keychain.cpp
+++ b/tests/unit-tests/security/test-keychain.cpp
@@ -24,6 +24,7 @@
#include <boost/filesystem.hpp>
#include "boost-test.hpp"
+#include "dummy-keychain.hpp"
namespace ndn {
namespace tests {
@@ -40,6 +41,14 @@
BOOST_REQUIRE_NO_THROW(KeyChain());
+ KeyChain keyChain;
+ BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(),
+ "pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-file/");
+ BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(),
+ "tpm-file:/tmp/test/ndn-cxx/keychain/sqlite3-file/");
+ BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(),
+ "tpm-file:/tmp/test/ndn-cxx/keychain/sqlite3-file/");
+
path pibPath(absolute(std::getenv("TEST_HOME")));
pibPath /= ".ndn/ndnsec-public-info.db";
@@ -68,6 +77,19 @@
#endif
BOOST_REQUIRE_NO_THROW(KeyChain());
+ KeyChain keyChain;
+ BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(),
+ "pib-sqlite3:/tmp/test/ndn-cxx/keychain/sqlite3-empty/");
+
+#if defined(NDN_CXX_HAVE_OSX_SECURITY)
+ BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(), "tpm-osxkeychain:");
+ BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-osxkeychain:");
+#else
+ BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(),
+ "tpm-file:");
+ BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(),
+ "tpm-file:");
+#endif
#if defined(NDN_CXX_HAVE_OSX_SECURITY)
if (!HOME.empty())
@@ -90,6 +112,14 @@
BOOST_REQUIRE_NO_THROW(KeyChain());
+ KeyChain keyChain;
+ BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(),
+ "pib-sqlite3:");
+ BOOST_CHECK_EQUAL(keyChain.getPib().getTpmLocator(),
+ "tpm-file:/tmp/test/ndn-cxx/keychain/empty-file/");
+ BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(),
+ "tpm-file:/tmp/test/ndn-cxx/keychain/empty-file/");
+
path pibPath(absolute(std::getenv("TEST_HOME")));
pibPath /= ".ndn/ndnsec-public-info.db";
@@ -297,6 +327,17 @@
BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), false);
}
+BOOST_AUTO_TEST_CASE(KeyChainWithCustomTpmAndPib)
+{
+ BOOST_REQUIRE_NO_THROW((KeyChain("pib-dummy", "tpm-dummy")));
+ BOOST_REQUIRE_NO_THROW((KeyChain("dummy", "dummy")));
+ BOOST_REQUIRE_NO_THROW((KeyChain("dummy:", "dummy:")));
+ BOOST_REQUIRE_NO_THROW((KeyChain("dummy:/something", "dummy:/something")));
+
+ KeyChain keyChain("dummy", "dummy");
+ BOOST_CHECK_EQUAL(keyChain.getDefaultIdentity(), "/dummy/key");
+}
+
BOOST_AUTO_TEST_SUITE_END()
} // namespace tests