make: Global change: Move all public headers to include folder. Change source to including public headers using #include <ndn-cpp/*>. Split some header files to minimize exposing C .h files.
diff --git a/include/ndn-cpp/security/identity/basic-identity-storage.hpp b/include/ndn-cpp/security/identity/basic-identity-storage.hpp
new file mode 100644
index 0000000..2e0db30
--- /dev/null
+++ b/include/ndn-cpp/security/identity/basic-identity-storage.hpp
@@ -0,0 +1,211 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_BASIC_IDENTITY_STORAGE_H
+#define NDN_BASIC_IDENTITY_STORAGE_H
+
+// Only compile if ndn-cpp-config.h defines NDN_CPP_HAVE_SQLITE3.
+#include <ndn-cpp/ndn-cpp-config.h>
+#ifdef NDN_CPP_HAVE_SQLITE3
+
+#include <sqlite3.h>
+#include "../../common.hpp"
+#include "identity-storage.hpp"
+
+namespace ndn
+{
+
+/**
+ * BasicIdentityStorage extends IdentityStorage to implement a basic storage of identity, public keys and certificates
+ * using SQLite.
+ */
+class BasicIdentityStorage : public IdentityStorage {
+public:
+ BasicIdentityStorage();
+
+ /**
+ * The virtual Destructor.
+ */
+ virtual
+ ~BasicIdentityStorage();
+
+ /**
+ * Check if the specified identity already exists.
+ * @param identityName The identity name.
+ * @return true if the identity exists, otherwise false.
+ */
+ virtual bool
+ doesIdentityExist(const Name& identityName);
+
+ /**
+ * Add a new identity. An exception will be thrown if the identity already exists.
+ * @param identityName The identity name to be added.
+ */
+ virtual void
+ addIdentity(const Name& identityName);
+
+ /**
+ * Revoke the identity.
+ * @return true if the identity was revoked, false if not.
+ */
+ virtual bool
+ revokeIdentity();
+
+ /**
+ * Generate a name for a new key belonging to the identity.
+ * @param identityName The identity name.
+ * @param useKsk If true, generate a KSK name, otherwise a DSK name.
+ * @return The generated key name.
+ */
+ virtual Name
+ getNewKeyName(const Name& identityName, bool useKsk);
+
+ /**
+ * Check if the specified key already exists.
+ * @param keyName The name of the key.
+ * @return true if the key exists, otherwise false.
+ */
+ virtual bool
+ doesKeyExist(const Name& keyName);
+
+ /**
+ * Extract the key name from the certificate name.
+ * @param certificateName The certificate name to be processed.
+ */
+ virtual Name
+ getKeyNameForCertificate(const Name& certificateName);
+
+ /**
+ * Add a public key to the identity storage.
+ * @param keyName The name of the public key to be added.
+ * @param keyType Type of the public key to be added.
+ * @param publicKeyDer A blob of the public key DER to be added.
+ */
+ virtual void
+ addKey(const Name& keyName, KeyType keyType, const Blob& publicKeyDer);
+
+ /**
+ * Get the public key DER blob from the identity storage.
+ * @param keyName The name of the requested public key.
+ * @return The DER Blob. If not found, return a Blob with a null pointer.
+ */
+ virtual Blob
+ getKey(const Name& keyName);
+
+ /**
+ * Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
+ * @param keyName name of the key
+ */
+ virtual void
+ activateKey(const Name& keyName);
+
+ /**
+ * Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
+ * @param keyName name of the key
+ */
+ virtual void
+ deactivateKey(const Name& keyName);
+
+ /**
+ * Check if the specified certificate already exists.
+ * @param certificateName The name of the certificate.
+ * @return true if the certificate exists, otherwise false.
+ */
+ virtual bool
+ doesCertificateExist(const Name& certificateName);
+
+ /**
+ * Add a certificate in to the identity storage without checking if the identity and key exists.
+ * @param certificate The certificate to be added.
+ */
+ void
+ addAnyCertificate (const Certificate& certificate);
+
+ /**
+ * Add a certificate to the identity storage.
+ * @param certificate The certificate to be added.
+ */
+ virtual void
+ addCertificate(const Certificate& certificate);
+
+ /**
+ * Get a certificate from the identity storage.
+ * @param certificateName The name of the requested certificate.
+ * @param allowAny If false, only a valid certificate will be returned, otherwise validity is disregarded.
+ * @return The requested certificate. If not found, return a shared_ptr with a null pointer.
+ */
+ virtual ptr_lib::shared_ptr<Certificate>
+ getCertificate(const Name &certificateName, bool allowAny = false);
+
+
+ /*****************************************
+ * Get/Set Default *
+ *****************************************/
+
+ /**
+ * Get the default identity.
+ * @param return The name of default identity, or an empty name if there is no default.
+ */
+ virtual Name
+ getDefaultIdentity();
+
+ /**
+ * Get the default key name for the specified identity.
+ * @param identityName The identity name.
+ * @return The default key name.
+ */
+ virtual Name
+ getDefaultKeyNameForIdentity(const Name& identityName);
+
+ /**
+ * Get the default certificate name for the specified key.
+ * @param keyName The key name.
+ * @return The default certificate name.
+ */
+ virtual Name
+ getDefaultCertificateNameForKey(const Name& keyName);
+
+ /**
+ * Set the default identity. If the identityName does not exist, then clear the default identity
+ * so that getDefaultIdentity() returns an empty name.
+ * @param identityName The default identity name.
+ */
+ virtual void
+ setDefaultIdentity(const Name& identityName);
+
+ /**
+ * Set the default key name for the specified identity.
+ * @param keyName The key name.
+ * @param identityNameCheck (optional) The identity name to check the keyName.
+ */
+ virtual void
+ setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck = Name());
+
+ /**
+ * Set the default key name for the specified identity.
+ * @param keyName The key name.
+ * @param certificateName The certificate name.
+ */
+ virtual void
+ setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName);
+
+private:
+
+ virtual void
+ updateKeyStatus(const Name& keyName, bool isActive);
+
+ sqlite3 *database_;
+#if 0
+ Time lastUpdated_;
+#endif
+};
+
+}
+
+#endif // NDN_CPP_HAVE_SQLITE3
+
+#endif
diff --git a/include/ndn-cpp/security/identity/identity-manager.hpp b/include/ndn-cpp/security/identity/identity-manager.hpp
new file mode 100644
index 0000000..08f0434
--- /dev/null
+++ b/include/ndn-cpp/security/identity/identity-manager.hpp
@@ -0,0 +1,227 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_IDENTITY_MANAGER_HPP
+#define NDN_IDENTITY_MANAGER_HPP
+
+#include "../certificate/certificate.hpp"
+#include "identity-storage.hpp"
+#include "../certificate/public-key.hpp"
+#include "private-key-storage.hpp"
+
+namespace ndn {
+
+/**
+ * An IdentityManager is the interface of operations related to identity, keys, and certificates.
+ */
+class IdentityManager {
+public:
+ IdentityManager(const ptr_lib::shared_ptr<IdentityStorage>& identityStorage, const ptr_lib::shared_ptr<PrivateKeyStorage>& privateKeyStorage)
+ : identityStorage_(identityStorage), privateKeyStorage_(privateKeyStorage)
+ {
+ }
+
+ /**
+ * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
+ * @param identityName The name of the identity.
+ * @return The key name of the auto-generated KSK of the identity.
+ */
+ Name
+ createIdentity(const Name& identityName);
+
+ /**
+ * Get the default identity.
+ * @return The default identity name.
+ */
+ Name
+ getDefaultIdentity()
+ {
+ return identityStorage_->getDefaultIdentity();
+ }
+
+ /**
+ * Generate a pair of RSA keys for the specified identity.
+ * @param identityName The name of the identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keySize The size of the key.
+ * @return The generated key name.
+ */
+ Name
+ generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048);
+
+ /**
+ * Set a key as the default key of an identity.
+ * @param keyName The name of the key.
+ * @param identityName the name of the identity. If not specified, the identity name is inferred from the keyName.
+ */
+ void
+ setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name())
+ {
+ identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName);
+ }
+
+ /**
+ * Get the default key for an identity.
+ * @param identityName the name of the identity. If omitted, the identity name is inferred from the keyName.
+ * @return The default key name.
+ */
+ Name
+ getDefaultKeyNameForIdentity(const Name& identityName = Name())
+ {
+ return identityStorage_->getDefaultKeyNameForIdentity(identityName);
+ }
+
+ /**
+ * Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
+ * @param identityName The name of the identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keySize The size of the key.
+ * @return The generated key name.
+ */
+ Name
+ generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048);
+
+ /**
+ * Get the public key with the specified name.
+ * @param keyName The name of the key.
+ * @return The public key.
+ */
+ ptr_lib::shared_ptr<PublicKey>
+ getPublicKey(const Name& keyName)
+ {
+ return PublicKey::fromDer(identityStorage_->getKey(keyName));
+ }
+
+ /**
+ * Add a certificate into the public key identity storage.
+ * @param certificate The certificate to to added.
+ */
+ void
+ addCertificate(const Certificate& certificate)
+ {
+ identityStorage_->addCertificate(certificate);
+ }
+
+ /**
+ * Set the certificate as the default for its corresponding key.
+ * @param certificateName The name of the certificate.
+ */
+ void
+ setDefaultCertificateForKey(const Name& certificateName);
+
+ /**
+ * Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.
+ * @param certificate The certificate to be added.
+ */
+ void
+ addCertificateAsIdentityDefault(const Certificate& certificate);
+
+ /**
+ * Add a certificate into the public key identity storage and set the certificate as the default of its corresponding key.
+ * certificate the certificate to be added
+ */
+ void
+ addCertificateAsDefault(const Certificate& certificate)
+ {
+ identityStorage_->addCertificate(certificate);
+ setDefaultCertificateForKey(certificate.getName());
+ }
+
+ /**
+ * Get a certificate with the specified name.
+ * @param certificateName The name of the requested certificate.
+ * @return the requested certificate which is valid.
+ */
+ ptr_lib::shared_ptr<Certificate>
+ getCertificate(const Name& certificateName)
+ {
+ return identityStorage_->getCertificate(certificateName, false);
+ }
+
+ /**
+ * Get a certificate even if the certificate is not valid anymore.
+ * @param certificateName The name of the requested certificate.
+ * @return the requested certificate.
+ */
+ ptr_lib::shared_ptr<Certificate>
+ getAnyCertificate(const Name& certificateName)
+ {
+ return identityStorage_->getCertificate(certificateName, true);
+ }
+
+ /**
+ * Get the default certificate name for the specified identity, which will be used when signing is performed based on identity.
+ * @param identityName The name of the specified identity.
+ * @return The requested certificate name.
+ */
+ Name
+ getDefaultCertificateNameForIdentity(const Name& identityName)
+ {
+ return identityStorage_->getDefaultCertificateNameForIdentity(identityName);
+ }
+
+ /**
+ * Get the default certificate name of the default identity, which will be used when signing is based on identity and
+ * the identity is not specified.
+ * @return The requested certificate name.
+ */
+ Name
+ getDefaultCertificateName()
+ {
+ return identityStorage_->getDefaultCertificateNameForIdentity(getDefaultIdentity());
+ }
+
+#if 0
+ /**
+ * sign blob based on certificate name
+ * @param blob the blob to be signed
+ * @param certificateName the signing certificate name
+ * @return the generated signature
+ */
+ Ptr<Signature>
+ signByCertificate(const Blob& blob, const Name& certificateName);
+#endif
+
+ /**
+ * Sign data packet based on the certificate name.
+ * Note: the caller must make sure the timestamp in data is correct, for example with
+ * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
+ * @param data The Data object to sign and update its signature.
+ * @param certificateName The Name identifying the certificate which identifies the signing key.
+ * @param wireFormat The WireFormat for calling encodeData, or WireFormat::getDefaultWireFormat() if omitted.
+ */
+ void
+ signByCertificate(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
+
+private:
+ /**
+ * Generate a key pair for the specified identity.
+ * @param identityName The name of the specified identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keyType The type of the key pair, e.g. KEY_TYPE_RSA.
+ * @param keySize The size of the key pair.
+ * @return The name of the generated key.
+ */
+ Name
+ generateKeyPair(const Name& identityName, bool isKsk = false, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048);
+
+ /**
+ * Generate a self-signed certificate for a public key.
+ * @param keyName The name of the public key.
+ * @return The generated certificate.
+ */
+ ptr_lib::shared_ptr<Certificate>
+ selfSign(const Name& keyName);
+
+ ptr_lib::shared_ptr<IdentityStorage> identityStorage_;
+ ptr_lib::shared_ptr<PrivateKeyStorage> privateKeyStorage_;
+};
+
+}
+
+#endif
diff --git a/include/ndn-cpp/security/identity/identity-storage.hpp b/include/ndn-cpp/security/identity/identity-storage.hpp
new file mode 100644
index 0000000..db6ab0e
--- /dev/null
+++ b/include/ndn-cpp/security/identity/identity-storage.hpp
@@ -0,0 +1,200 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_IDENTITY_STORAGE_HPP
+#define NDN_IDENTITY_STORAGE_HPP
+
+#include "../../name.hpp"
+#include "../security-common.hpp"
+
+namespace ndn {
+
+class Certificate;
+class Data;
+
+/**
+ * IdentityStorage is a base class for the storage of identity, public keys and certificates.
+ * Private keys are stored in PrivateKeyStorage.
+ * This is an abstract base class. A subclass must implement the methods.
+ */
+class IdentityStorage {
+public:
+ /**
+ * The virtual Destructor.
+ */
+ virtual
+ ~IdentityStorage() {}
+
+ /**
+ * Check if the specified identity already exists.
+ * @param identityName The identity name.
+ * @return true if the identity exists, otherwise false.
+ */
+ virtual bool
+ doesIdentityExist(const Name& identityName) = 0;
+
+ /**
+ * Add a new identity. An exception will be thrown if the identity already exists.
+ * @param identityName The identity name to be added.
+ */
+ virtual void
+ addIdentity(const Name& identityName) = 0;
+
+ /**
+ * Revoke the identity.
+ * @return true if the identity was revoked, false if not.
+ */
+ virtual bool
+ revokeIdentity() = 0;
+
+ /**
+ * Generate a name for a new key belonging to the identity.
+ * @param identityName The identity name.
+ * @param useKsk If true, generate a KSK name, otherwise a DSK name.
+ * @return The generated key name.
+ */
+ virtual Name
+ getNewKeyName(const Name& identityName, bool useKsk) = 0;
+
+ /**
+ * Check if the specified key already exists.
+ * @param keyName The name of the key.
+ * @return true if the key exists, otherwise false.
+ */
+ virtual bool
+ doesKeyExist(const Name& keyName) = 0;
+
+ /**
+ * Extract the key name from the certificate name.
+ * @param certificateName The certificate name to be processed.
+ */
+ virtual Name
+ getKeyNameForCertificate(const Name& certificateName) = 0;
+
+ /**
+ * Add a public key to the identity storage.
+ * @param keyName The name of the public key to be added.
+ * @param keyType Type of the public key to be added.
+ * @param publicKeyDer A blob of the public key DER to be added.
+ */
+ virtual void
+ addKey(const Name& keyName, KeyType keyType, const Blob& publicKeyDer) = 0;
+
+ /**
+ * Get the public key DER blob from the identity storage.
+ * @param keyName The name of the requested public key.
+ * @return The DER Blob. If not found, return a Blob with a null pointer.
+ */
+ virtual Blob
+ getKey(const Name& keyName) = 0;
+
+ /**
+ * Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
+ * @param keyName name of the key
+ */
+ virtual void
+ activateKey(const Name& keyName) = 0;
+
+ /**
+ * Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
+ * @param keyName name of the key
+ */
+ virtual void
+ deactivateKey(const Name& keyName) = 0;
+
+ /**
+ * Check if the specified certificate already exists.
+ * @param certificateName The name of the certificate.
+ * @return true if the certificate exists, otherwise false.
+ */
+ virtual bool
+ doesCertificateExist(const Name& certificateName) = 0;
+
+ /**
+ * Add a certificate to the identity storage.
+ * @param certificate The certificate to be added.
+ */
+ virtual void
+ addCertificate(const Certificate& certificate) = 0;
+
+ /**
+ * Get a certificate from the identity storage.
+ * @param certificateName The name of the requested certificate.
+ * @param allowAny If false, only a valid certificate will be returned, otherwise validity is disregarded.
+ * @return The requested certificate. If not found, return a shared_ptr with a null pointer.
+ */
+ virtual ptr_lib::shared_ptr<Certificate>
+ getCertificate(const Name &certificateName, bool allowAny = false) = 0;
+
+
+ /*****************************************
+ * Get/Set Default *
+ *****************************************/
+
+ /**
+ * Get the default identity.
+ * @param return The name of default identity, or an empty name if there is no default.
+ */
+ virtual Name
+ getDefaultIdentity() = 0;
+
+ /**
+ * Get the default key name for the specified identity.
+ * @param identityName The identity name.
+ * @return The default key name.
+ */
+ virtual Name
+ getDefaultKeyNameForIdentity(const Name& identityName) = 0;
+
+ /**
+ * Get the default certificate name for the specified identity.
+ * @param identityName The identity name.
+ * @return The default certificate name.
+ */
+ Name
+ getDefaultCertificateNameForIdentity(const Name& identityName)
+ {
+ return getDefaultCertificateNameForKey(getDefaultKeyNameForIdentity(identityName));
+ }
+
+ /**
+ * Get the default certificate name for the specified key.
+ * @param keyName The key name.
+ * @return The default certificate name.
+ */
+ virtual Name
+ getDefaultCertificateNameForKey(const Name& keyName) = 0;
+
+ /**
+ * Set the default identity. If the identityName does not exist, then clear the default identity
+ * so that getDefaultIdentity() returns an empty name.
+ * @param identityName The default identity name.
+ */
+ virtual void
+ setDefaultIdentity(const Name& identityName) = 0;
+
+ /**
+ * Set the default key name for the specified identity.
+ * @param keyName The key name.
+ * @param identityNameCheck (optional) The identity name to check the keyName.
+ */
+ virtual void
+ setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck = Name()) = 0;
+
+ /**
+ * Set the default key name for the specified identity.
+ * @param keyName The key name.
+ * @param certificateName The certificate name.
+ */
+ virtual void
+ setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName) = 0;
+};
+
+}
+
+#endif
diff --git a/include/ndn-cpp/security/identity/memory-identity-storage.hpp b/include/ndn-cpp/security/identity/memory-identity-storage.hpp
new file mode 100644
index 0000000..ba0ea5a
--- /dev/null
+++ b/include/ndn-cpp/security/identity/memory-identity-storage.hpp
@@ -0,0 +1,189 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_MEMORY_IDENTITY_STORAGE_HPP
+#define NDN_MEMORY_IDENTITY_STORAGE_HPP
+
+#include <vector>
+#include "identity-storage.hpp"
+
+namespace ndn {
+
+/**
+ * MemoryIdentityStorage extends IdentityStorage and implements its methods to store identity, public key and certificate objects in memory.
+ * The application must get the objects through its own means and add the objects to the MemoryIdentityStorage object.
+ * To use permanent file-based storage, see BasicIdentityStorage.
+ */
+class MemoryIdentityStorage : public IdentityStorage {
+public:
+ /**
+ * The virtual Destructor.
+ */
+ virtual
+ ~MemoryIdentityStorage();
+
+ /**
+ * Check if the specified identity already exists.
+ * @param identityName The identity name.
+ * @return true if the identity exists, otherwise false.
+ */
+ virtual bool
+ doesIdentityExist(const Name& identityName);
+
+ /**
+ * Add a new identity. An exception will be thrown if the identity already exists.
+ * @param identityName The identity name to be added.
+ */
+ virtual void
+ addIdentity(const Name& identityName);
+
+ /**
+ * Revoke the identity.
+ * @return true if the identity was revoked, false if not.
+ */
+ virtual bool
+ revokeIdentity();
+
+ /**
+ * Generate a name for a new key belonging to the identity.
+ * @param identityName The identity name.
+ * @param useKsk If true, generate a KSK name, otherwise a DSK name.
+ * @return The generated key name.
+ */
+ virtual Name
+ getNewKeyName(const Name& identityName, bool useKsk);
+
+ /**
+ * Check if the specified key already exists.
+ * @param keyName The name of the key.
+ * @return true if the key exists, otherwise false.
+ */
+ virtual bool
+ doesKeyExist(const Name& keyName);
+
+ /**
+ * Extract the key name from the certificate name.
+ * @param certificateName The certificate name to be processed.
+ */
+ virtual Name
+ getKeyNameForCertificate(const Name& certificateName);
+
+ /**
+ * Add a public key to the identity storage.
+ * @param keyName The name of the public key to be added.
+ * @param keyType Type of the public key to be added.
+ * @param publicKeyDer A blob of the public key DER to be added.
+ */
+ virtual void
+ addKey(const Name& keyName, KeyType keyType, const Blob& publicKeyDer);
+
+ /**
+ * Get the public key DER blob from the identity storage.
+ * @param keyName The name of the requested public key.
+ * @return The DER Blob. If not found, return a Blob with a null pointer.
+ */
+ virtual Blob
+ getKey(const Name& keyName);
+
+ /**
+ * Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
+ * @param keyName name of the key
+ */
+ virtual void
+ activateKey(const Name& keyName);
+
+ /**
+ * Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
+ * @param keyName name of the key
+ */
+ virtual void
+ deactivateKey(const Name& keyName);
+
+ /**
+ * Check if the specified certificate already exists.
+ * @param certificateName The name of the certificate.
+ * @return true if the certificate exists, otherwise false.
+ */
+ virtual bool
+ doesCertificateExist(const Name& certificateName);
+
+ /**
+ * Add a certificate to the identity storage.
+ * @param certificate The certificate to be added.
+ */
+ virtual void
+ addCertificate(const Certificate& certificate);
+
+ /**
+ * Get a certificate from the identity storage.
+ * @param certificateName The name of the requested certificate.
+ * @param allowAny If false, only a valid certificate will be returned, otherwise validity is disregarded.
+ * @return The requested certificate. If not found, return a shared_ptr with a null pointer.
+ */
+ virtual ptr_lib::shared_ptr<Certificate>
+ getCertificate(const Name &certificateName, bool allowAny = false);
+
+
+ /*****************************************
+ * Get/Set Default *
+ *****************************************/
+
+ /**
+ * Get the default identity.
+ * @param return The name of default identity, or an empty name if there is no default.
+ */
+ virtual Name
+ getDefaultIdentity();
+
+ /**
+ * Get the default key name for the specified identity.
+ * @param identityName The identity name.
+ * @return The default key name.
+ */
+ virtual Name
+ getDefaultKeyNameForIdentity(const Name& identityName);
+
+ /**
+ * Get the default certificate name for the specified key.
+ * @param keyName The key name.
+ * @return The default certificate name.
+ */
+ virtual Name
+ getDefaultCertificateNameForKey(const Name& keyName);
+
+ /**
+ * Set the default identity. If the identityName does not exist, then clear the default identity
+ * so that getDefaultIdentity() returns an empty name.
+ * @param identityName The default identity name.
+ */
+ virtual void
+ setDefaultIdentity(const Name& identityName);
+
+ /**
+ * Set the default key name for the specified identity.
+ * @param keyName The key name.
+ * @param identityNameCheck (optional) The identity name to check the keyName.
+ */
+ virtual void
+ setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck = Name());
+
+ /**
+ * Set the default key name for the specified identity.
+ * @param keyName The key name.
+ * @param certificateName The certificate name.
+ */
+ virtual void
+ setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName);
+
+private:
+ std::vector<std::string> identityStore_; /**< A list of name URI. */
+ std::string defaultIdentity_; /**< The default identity in identityStore_, or "" if not defined. */
+};
+
+}
+
+#endif
diff --git a/include/ndn-cpp/security/identity/memory-private-key-storage.hpp b/include/ndn-cpp/security/identity/memory-private-key-storage.hpp
new file mode 100644
index 0000000..02f8fbc
--- /dev/null
+++ b/include/ndn-cpp/security/identity/memory-private-key-storage.hpp
@@ -0,0 +1,132 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_MEMORY_PRIVATE_KEY_STORAGE_HPP
+#define NDN_MEMORY_PRIVATE_KEY_STORAGE_HPP
+
+#include <map>
+#include "private-key-storage.hpp"
+
+struct rsa_st;
+
+namespace ndn {
+
+/**
+ * MemoryPrivateKeyStorage extends PrivateKeyStorage to implement a simple in-memory private key store. You should
+ * initialize by calling setKeyPairForKeyName.
+ */
+class MemoryPrivateKeyStorage : public PrivateKeyStorage {
+public:
+ /**
+ * The virtual destructor
+ */
+ virtual
+ ~MemoryPrivateKeyStorage();
+
+ /**
+ * Set the public and private key for the keyName.
+ * @param keyName The key name.
+ * @param publicKeyDer The public key DER byte array.
+ * @param publicKeyDerLength The length of publicKeyDer.
+ * @param privateKeyDer The private key DER byte array.
+ * @param privateKeyDerLength The length of privateKeyDer.
+ */
+ void setKeyPairForKeyName
+ (const Name& keyName, uint8_t *publicKeyDer, size_t publicKeyDerLength, uint8_t *privateKeyDer,
+ size_t privateKeyDerLength);
+
+ /**
+ * Generate a pair of asymmetric keys.
+ * @param keyName The name of the key pair.
+ * @param keyType The type of the key pair, e.g. KEY_TYPE_RSA.
+ * @param keySize The size of the key pair.
+ */
+ virtual void
+ generateKeyPair(const Name& keyName, KeyType keyType, int keySize);
+
+ /**
+ * Get the public key
+ * @param keyName The name of public key.
+ * @return The public key.
+ */
+ virtual ptr_lib::shared_ptr<PublicKey>
+ getPublicKey(const Name& keyName);
+
+ /**
+ * Fetch the private key for keyName and sign the data, returning a signature Blob.
+ * @param data Pointer to the input byte array.
+ * @param dataLength The length of data.
+ * @param keyName The name of the signing key.
+ * @param digestAlgorithm the digest algorithm.
+ * @return The signature, or a null pointer if signing fails.
+ */
+ virtual Blob
+ sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm);
+
+ /**
+ * Decrypt data.
+ * @param keyName The name of the decrypting key.
+ * @param data The byte to be decrypted.
+ * @param dataLength the length of data.
+ * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
+ * @return The decrypted data.
+ */
+ virtual Blob
+ decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric);
+
+ /**
+ * Encrypt data.
+ * @param keyName The name of the encrypting key.
+ * @param data The byte to be encrypted.
+ * @param dataLength the length of data.
+ * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
+ * @return The encrypted data.
+ */
+ virtual Blob
+ encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric);
+
+ /**
+ * @brief Generate a symmetric key.
+ * @param keyName The name of the key.
+ * @param keyType The type of the key, e.g. KEY_TYPE_AES.
+ * @param keySize The size of the key.
+ */
+ virtual void
+ generateKey(const Name& keyName, KeyType keyType, int keySize);
+
+ /**
+ * Check if a particular key exists.
+ * @param keyName The name of the key.
+ * @param keyClass The class of the key, e.g. KEY_CLASS_PUBLIC, KEY_CLASS_PRIVATE, or KEY_CLASS_SYMMETRIC.
+ * @return True if the key exists, otherwise false.
+ */
+ virtual bool
+ doesKeyExist(const Name& keyName, KeyClass keyClass);
+
+private:
+ /**
+ * RsaPrivateKey is a simple class to hold an RSA private key.
+ */
+ class RsaPrivateKey {
+ public:
+ RsaPrivateKey(uint8_t *keyDer, size_t keyDerLength);
+
+ ~RsaPrivateKey();
+
+ struct rsa_st* getPrivateKey() { return privateKey_; }
+
+ private:
+ struct rsa_st* privateKey_;
+ };
+
+ std::map<std::string, ptr_lib::shared_ptr<PublicKey> > publicKeyStore_; /**< The map key is the keyName.toUri() */
+ std::map<std::string, ptr_lib::shared_ptr<RsaPrivateKey> > privateKeyStore_; /**< The map key is the keyName.toUri() */
+};
+
+}
+
+#endif
diff --git a/include/ndn-cpp/security/identity/osx-private-key-storage.hpp b/include/ndn-cpp/security/identity/osx-private-key-storage.hpp
new file mode 100644
index 0000000..729bf9e
--- /dev/null
+++ b/include/ndn-cpp/security/identity/osx-private-key-storage.hpp
@@ -0,0 +1,205 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_OSX_PRIVATEKEY_STORAGE_H
+#define NDN_OSX_PRIVATEKEY_STORAGE_H
+
+// Only compile if ndn-cpp-config.h defines NDN_CPP_HAVE_OSX_SECURITY 1.
+#include <ndn-cpp/ndn-cpp-config.h>
+#if NDN_CPP_HAVE_OSX_SECURITY
+
+#include "../../common.hpp"
+#include "private-key-storage.hpp"
+
+#include <CoreFoundation/CoreFoundation.h>
+#include <Security/Security.h>
+#include <CoreServices/CoreServices.h>
+
+namespace ndn
+{
+
+class OSXPrivateKeyStorage : public PrivateKeyStorage {
+public:
+ /**
+ * constructor of OSXPrivateKeyStorage
+ * @param keychainName the name of keychain
+ */
+ OSXPrivateKeyStorage(const std::string & keychainName = "");
+
+ /**
+ * destructor of OSXPrivateKeyStore
+ */
+ virtual
+ ~OSXPrivateKeyStorage();
+
+ /**
+ * Generate a pair of asymmetric keys.
+ * @param keyName The name of the key pair.
+ * @param keyType The type of the key pair, e.g. KEY_TYPE_RSA.
+ * @param keySize The size of the key pair.
+ */
+ virtual void
+ generateKeyPair(const Name& keyName, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048);
+
+ /**
+ * Get the public key
+ * @param keyName The name of public key.
+ * @return The public key.
+ */
+ virtual ptr_lib::shared_ptr<PublicKey>
+ getPublicKey(const Name& keyName);
+
+ /**
+ * Fetch the private key for keyName and sign the data, returning a signature Blob.
+ * @param data Pointer to the input byte array.
+ * @param dataLength The length of data.
+ * @param keyName The name of the signing key.
+ * @param digestAlgorithm the digest algorithm.
+ * @return The signature, or a null pointer if signing fails.
+ */
+ virtual Blob
+ sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256);
+
+ /**
+ * Decrypt data.
+ * @param keyName The name of the decrypting key.
+ * @param data The byte to be decrypted.
+ * @param dataLength the length of data.
+ * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
+ * @return The decrypted data.
+ */
+ virtual Blob
+ decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false);
+
+ /**
+ * Encrypt data.
+ * @param keyName The name of the encrypting key.
+ * @param data The byte to be encrypted.
+ * @param dataLength the length of data.
+ * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
+ * @return The encrypted data.
+ */
+ virtual Blob
+ encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false);
+
+ /**
+ * Generate a symmetric key.
+ * @param keyName The name of the key.
+ * @param keyType The type of the key, e.g. KEY_TYPE_AES.
+ * @param keySize The size of the key.
+ */
+ virtual void
+ generateKey(const Name& keyName, KeyType keyType = KEY_TYPE_AES, int keySize = 256);
+
+ /**
+ * Check if a particular key exists.
+ * @param keyName The name of the key.
+ * @param keyClass The class of the key, e.g. KEY_CLASS_PUBLIC, KEY_CLASS_PRIVATE, or KEY_CLASS_SYMMETRIC.
+ * @return True if the key exists, otherwise false.
+ */
+ virtual bool
+ doesKeyExist(const Name& keyName, KeyClass keyClass);
+
+ /**
+ * configure ACL of a particular key
+ * @param keyName the name of key
+ * @param keyClass the class of key, e.g. Private Key
+ * @param acl the new acl of the key
+ * @param appPath the absolute path to the application
+ * @returns true if setting succeeds
+ */
+ bool
+ setACL(const Name & keyName, KeyClass keyClass, int acl, const std::string & appPath);
+
+ /**
+ * verify data (test only)
+ * @param keyName the name of key
+ * @param pData the data to be verified
+ * @param pSig the signature associated with the data
+ * @param digestAlgo digest algorithm
+ * @return true if signature can be verified, otherwise false
+ */
+ bool
+ verifyData(const Name & keyName, const Blob & pData, const Blob & pSig, DigestAlgorithm digestAlgo = DIGEST_ALGORITHM_SHA256);
+
+ private:
+ /**
+ * convert NDN name of a key to internal name of the key
+ * @param keyName the NDN name of the key
+ * @param keyClass the class of the key
+ * @return the internal key name
+ */
+ std::string
+ toInternalKeyName(const Name & keyName, KeyClass keyClass);
+
+ /**
+ * Get key
+ * @param keyName the name of the key
+ * @param keyClass the class of the key
+ * @returns pointer to the key
+ */
+ SecKeychainItemRef
+ getKey(const Name & keyName, KeyClass keyClass);
+
+ /**
+ * convert keyType to MAC OS symmetric key key type
+ * @param keyType
+ * @returns MAC OS key type
+ */
+ const CFTypeRef
+ getSymKeyType(KeyType keyType);
+
+ /**
+ * convert keyType to MAC OS asymmetirc key type
+ * @param keyType
+ * @returns MAC OS key type
+ */
+ const CFTypeRef
+ getAsymKeyType(KeyType keyType);
+
+ /**
+ * convert keyClass to MAC OS key class
+ * @param keyClass
+ * @returns MAC OS key class
+ */
+ const CFTypeRef
+ getKeyClass(KeyClass keyClass);
+
+ /**
+ * convert digestAlgo to MAC OS algorithm id
+ * @param digestAlgo
+ * @returns MAC OS algorithm id
+ */
+ const CFStringRef
+ getDigestAlgorithm(DigestAlgorithm digestAlgo);
+
+ /**
+ * convert format to MAC OS key format
+ * @param format
+ * @returns MAC OS keyformat
+ */
+ SecExternalFormat
+ getFormat(KeyFormat format);
+
+ /**
+ * get the digest size of the corresponding algorithm
+ * @param digestAlgo the digest algorithm
+ * @return digest size
+ */
+ long
+ getDigestSize(DigestAlgorithm digestAlgo);
+
+ const std::string keyChainName_;
+ SecKeychainRef keyChainRef_;
+ SecKeychainRef originalDefaultKeyChain_;
+};
+
+}
+
+#endif NDN_CPP_HAVE_OSX_SECURITY
+
+#endif
diff --git a/include/ndn-cpp/security/identity/private-key-storage.hpp b/include/ndn-cpp/security/identity/private-key-storage.hpp
new file mode 100644
index 0000000..8917c92
--- /dev/null
+++ b/include/ndn-cpp/security/identity/private-key-storage.hpp
@@ -0,0 +1,117 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_PRIVATE_KEY_STORAGE_HPP
+#define NDN_PRIVATE_KEY_STORAGE_HPP
+
+#include <string>
+#include "../../util/blob.hpp"
+#include "../certificate/public-key.hpp"
+#include "../security-common.hpp"
+#include "../../name.hpp"
+
+namespace ndn {
+
+class PrivateKeyStorage {
+public:
+ /**
+ * The virtual destructor.
+ */
+ virtual
+ ~PrivateKeyStorage() {}
+
+ /**
+ * Generate a pair of asymmetric keys.
+ * @param keyName The name of the key pair.
+ * @param keyType The type of the key pair, e.g. KEY_TYPE_RSA.
+ * @param keySize The size of the key pair.
+ */
+ virtual void
+ generateKeyPair(const Name& keyName, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048) = 0;
+
+ /**
+ * Get the public key
+ * @param keyName The name of public key.
+ * @return The public key.
+ */
+ virtual ptr_lib::shared_ptr<PublicKey>
+ getPublicKey(const Name& keyName) = 0;
+
+ /**
+ * Fetch the private key for keyName and sign the data, returning a signature Blob.
+ * @param data Pointer to the input byte array.
+ * @param dataLength The length of data.
+ * @param keyName The name of the signing key.
+ * @param digestAlgorithm the digest algorithm.
+ * @return The signature, or a null pointer if signing fails.
+ */
+ virtual Blob
+ sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256) = 0;
+
+ Blob
+ sign(const Blob& data, const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256)
+ {
+ sign(data.buf(), data.size(), keyName, digestAlgorithm);
+ }
+
+ /**
+ * Decrypt data.
+ * @param keyName The name of the decrypting key.
+ * @param data The byte to be decrypted.
+ * @param dataLength the length of data.
+ * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
+ * @return The decrypted data.
+ */
+ virtual Blob
+ decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false) = 0;
+
+ Blob
+ decrypt(const Name& keyName, const Blob& data, bool isSymmetric = false)
+ {
+ decrypt(keyName, data.buf(), data.size(), isSymmetric);
+ }
+
+ /**
+ * Encrypt data.
+ * @param keyName The name of the encrypting key.
+ * @param data The byte to be encrypted.
+ * @param dataLength the length of data.
+ * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
+ * @return The encrypted data.
+ */
+ virtual Blob
+ encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false) = 0;
+
+ Blob
+ encrypt(const Name& keyName, const Blob& data, bool isSymmetric = false)
+ {
+ encrypt(keyName, data.buf(), data.size(), isSymmetric);
+ }
+
+ /**
+ * @brief Generate a symmetric key.
+ * @param keyName The name of the key.
+ * @param keyType The type of the key, e.g. KEY_TYPE_AES.
+ * @param keySize The size of the key.
+ */
+ virtual void
+ generateKey(const Name& keyName, KeyType keyType = KEY_TYPE_AES, int keySize = 256) = 0;
+
+ /**
+ * Check if a particular key exists.
+ * @param keyName The name of the key.
+ * @param keyClass The class of the key, e.g. KEY_CLASS_PUBLIC, KEY_CLASS_PRIVATE, or KEY_CLASS_SYMMETRIC.
+ * @return True if the key exists, otherwise false.
+ */
+ virtual bool
+ doesKeyExist(const Name& keyName, KeyClass keyClass) = 0;
+};
+
+}
+
+#endif