make: Global change: Move all public headers to include folder. Change source to including public headers using #include <ndn-cpp/*>. Split some header files to minimize exposing C .h files.
diff --git a/ndn-cpp/security/certificate/certificate.hpp b/ndn-cpp/security/certificate/certificate.hpp
deleted file mode 100644
index 29626b3..0000000
--- a/ndn-cpp/security/certificate/certificate.hpp
+++ /dev/null
@@ -1,22 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_CERTIFICATE_HPP
-#define NDN_CERTIFICATE_HPP
-
-#include "../../data.hpp"
-
-namespace ndn {
-
-class Certificate : public Data {
-
-};
-
-}
-
-#endif
diff --git a/ndn-cpp/security/certificate/oid.cpp b/ndn-cpp/security/certificate/oid.cpp
index 6ae1942..b03d93e 100644
--- a/ndn-cpp/security/certificate/oid.cpp
+++ b/ndn-cpp/security/certificate/oid.cpp
@@ -8,7 +8,7 @@
#include <stdlib.h>
#include <sstream>
-#include "oid.hpp"
+#include <ndn-cpp/security/certificate/oid.hpp>
using namespace std;
diff --git a/ndn-cpp/security/certificate/oid.hpp b/ndn-cpp/security/certificate/oid.hpp
deleted file mode 100644
index bcbcfe9..0000000
--- a/ndn-cpp/security/certificate/oid.hpp
+++ /dev/null
@@ -1,62 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_OID_HPP
-#define NDN_OID_HPP
-
-#include <vector>
-#include <string>
-
-namespace ndn {
-
-class OID {
-public:
- OID ()
- {
- }
-
- OID(const std::string& oid);
-
- OID(const std::vector<int>& oid)
- : oid_(oid)
- {
- }
-
- const std::vector<int> &
- getIntegerList() const
- {
- return oid_;
- }
-
- void
- setIntegerList(const std::vector<int>& value){
- oid_ = value;
- }
-
- std::string
- toString();
-
- bool operator == (const OID& oid)
- {
- return equal(oid);
- }
-
- bool operator != (const OID& oid)
- {
- return !equal(oid);
- }
-
-private:
- bool equal(const OID& oid);
-
- std::vector<int> oid_;
-};
-
-}
-
-#endif
diff --git a/ndn-cpp/security/certificate/public-key.cpp b/ndn-cpp/security/certificate/public-key.cpp
index 3565ac3..cd88f7e 100644
--- a/ndn-cpp/security/certificate/public-key.cpp
+++ b/ndn-cpp/security/certificate/public-key.cpp
@@ -6,9 +6,9 @@
* See COPYING for copyright and distribution information.
*/
-#include "../security-exception.hpp"
+#include <ndn-cpp/security//security-exception.hpp>
#include "../../c/util/crypto.h"
-#include "public-key.hpp"
+#include <ndn-cpp/security/certificate/public-key.hpp>
using namespace std;
using namespace ndn::ptr_lib;
diff --git a/ndn-cpp/security/certificate/public-key.hpp b/ndn-cpp/security/certificate/public-key.hpp
deleted file mode 100644
index 7db3f49..0000000
--- a/ndn-cpp/security/certificate/public-key.hpp
+++ /dev/null
@@ -1,72 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_PUBLIC_KEY_HPP
-#define NDN_PUBLIC_KEY_HPP
-
-#include "../../util/blob.hpp"
-#include "oid.hpp"
-#include "../security-common.hpp"
-
-namespace ndn {
-
-class PublicKey {
-public:
- /**
- * The default constructor.
- */
- PublicKey() {}
-
- /**
- * Constructor
- * @param algorithm The algorithm of the public key.
- * @param keyDer The blob of the PublicKeyInfo in terms of DER.
- */
- PublicKey(const OID& algorithm, const Blob& keyDer)
- : algorithm_(algorithm), keyDer_(keyDer)
- {
- }
-
-#if 0
- /**
- * Encode the public key into DER.
- * @return the encoded DER syntax tree.
- */
- Ptr<der::DerNode>
- toDer();
-#endif
-
- /**
- * Decode the public key from DER blob.
- * @param keyDer The DER blob.
- * @return The decoded public key.
- */
- static ptr_lib::shared_ptr<PublicKey>
- fromDer(const Blob& keyDer);
-
- /*
- * @brief get the digest of the public key
- * @param digestAlgorithm The digest algorithm. If omitted, use DIGEST_SHA256 by default.
- */
- Blob
- getDigest(DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256) const;
-
- /*
- * Get the raw bytes of the public key in DER format.
- */
- const Blob&
- getKeyDer() const { return keyDer_; }
-
-private:
- OID algorithm_; /**< Algorithm */
- Blob keyDer_; /**< PublicKeyInfo in DER */
-};
-
-}
-
-#endif
diff --git a/ndn-cpp/security/encryption/encryption-manager.hpp b/ndn-cpp/security/encryption/encryption-manager.hpp
deleted file mode 100644
index 88a69c8..0000000
--- a/ndn-cpp/security/encryption/encryption-manager.hpp
+++ /dev/null
@@ -1,34 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_ENCRYPTION_MANAGER_HPP
-#define NDN_ENCRYPTION_MANAGER_HPP
-
-#include "../../name.hpp"
-#include "../security-common.hpp"
-
-namespace ndn {
-
-class EncryptionManager {
-public:
- virtual ~EncryptionManager() {}
-
- virtual void
- createSymmetricKey(const Name& keyName, KeyType keyType, const Name& signkeyName = Name(), bool isSymmetric = true) = 0;
-
- virtual Blob
- encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = false,
- EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT) = 0;
-
- virtual Blob
- decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = false,
- EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT) = 0;
-};
-
-}
-
-#endif
diff --git a/ndn-cpp/security/identity/basic-identity-storage.cpp b/ndn-cpp/security/identity/basic-identity-storage.cpp
index e383a32..3cad5cc 100644
--- a/ndn-cpp/security/identity/basic-identity-storage.cpp
+++ b/ndn-cpp/security/identity/basic-identity-storage.cpp
@@ -15,9 +15,9 @@
#include <stdlib.h>
#include <sstream>
#include <fstream>
-#include "basic-identity-storage.hpp"
+#include <ndn-cpp/security/identity/basic-identity-storage.hpp>
#include "../../util/logging.hpp"
-#include "../security-exception.hpp"
+#include <ndn-cpp/security//security-exception.hpp>
#include "ndn-cpp/data.hpp"
#if 0
diff --git a/ndn-cpp/security/identity/basic-identity-storage.hpp b/ndn-cpp/security/identity/basic-identity-storage.hpp
deleted file mode 100644
index 2e0db30..0000000
--- a/ndn-cpp/security/identity/basic-identity-storage.hpp
+++ /dev/null
@@ -1,211 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_BASIC_IDENTITY_STORAGE_H
-#define NDN_BASIC_IDENTITY_STORAGE_H
-
-// Only compile if ndn-cpp-config.h defines NDN_CPP_HAVE_SQLITE3.
-#include <ndn-cpp/ndn-cpp-config.h>
-#ifdef NDN_CPP_HAVE_SQLITE3
-
-#include <sqlite3.h>
-#include "../../common.hpp"
-#include "identity-storage.hpp"
-
-namespace ndn
-{
-
-/**
- * BasicIdentityStorage extends IdentityStorage to implement a basic storage of identity, public keys and certificates
- * using SQLite.
- */
-class BasicIdentityStorage : public IdentityStorage {
-public:
- BasicIdentityStorage();
-
- /**
- * The virtual Destructor.
- */
- virtual
- ~BasicIdentityStorage();
-
- /**
- * Check if the specified identity already exists.
- * @param identityName The identity name.
- * @return true if the identity exists, otherwise false.
- */
- virtual bool
- doesIdentityExist(const Name& identityName);
-
- /**
- * Add a new identity. An exception will be thrown if the identity already exists.
- * @param identityName The identity name to be added.
- */
- virtual void
- addIdentity(const Name& identityName);
-
- /**
- * Revoke the identity.
- * @return true if the identity was revoked, false if not.
- */
- virtual bool
- revokeIdentity();
-
- /**
- * Generate a name for a new key belonging to the identity.
- * @param identityName The identity name.
- * @param useKsk If true, generate a KSK name, otherwise a DSK name.
- * @return The generated key name.
- */
- virtual Name
- getNewKeyName(const Name& identityName, bool useKsk);
-
- /**
- * Check if the specified key already exists.
- * @param keyName The name of the key.
- * @return true if the key exists, otherwise false.
- */
- virtual bool
- doesKeyExist(const Name& keyName);
-
- /**
- * Extract the key name from the certificate name.
- * @param certificateName The certificate name to be processed.
- */
- virtual Name
- getKeyNameForCertificate(const Name& certificateName);
-
- /**
- * Add a public key to the identity storage.
- * @param keyName The name of the public key to be added.
- * @param keyType Type of the public key to be added.
- * @param publicKeyDer A blob of the public key DER to be added.
- */
- virtual void
- addKey(const Name& keyName, KeyType keyType, const Blob& publicKeyDer);
-
- /**
- * Get the public key DER blob from the identity storage.
- * @param keyName The name of the requested public key.
- * @return The DER Blob. If not found, return a Blob with a null pointer.
- */
- virtual Blob
- getKey(const Name& keyName);
-
- /**
- * Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
- * @param keyName name of the key
- */
- virtual void
- activateKey(const Name& keyName);
-
- /**
- * Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
- * @param keyName name of the key
- */
- virtual void
- deactivateKey(const Name& keyName);
-
- /**
- * Check if the specified certificate already exists.
- * @param certificateName The name of the certificate.
- * @return true if the certificate exists, otherwise false.
- */
- virtual bool
- doesCertificateExist(const Name& certificateName);
-
- /**
- * Add a certificate in to the identity storage without checking if the identity and key exists.
- * @param certificate The certificate to be added.
- */
- void
- addAnyCertificate (const Certificate& certificate);
-
- /**
- * Add a certificate to the identity storage.
- * @param certificate The certificate to be added.
- */
- virtual void
- addCertificate(const Certificate& certificate);
-
- /**
- * Get a certificate from the identity storage.
- * @param certificateName The name of the requested certificate.
- * @param allowAny If false, only a valid certificate will be returned, otherwise validity is disregarded.
- * @return The requested certificate. If not found, return a shared_ptr with a null pointer.
- */
- virtual ptr_lib::shared_ptr<Certificate>
- getCertificate(const Name &certificateName, bool allowAny = false);
-
-
- /*****************************************
- * Get/Set Default *
- *****************************************/
-
- /**
- * Get the default identity.
- * @param return The name of default identity, or an empty name if there is no default.
- */
- virtual Name
- getDefaultIdentity();
-
- /**
- * Get the default key name for the specified identity.
- * @param identityName The identity name.
- * @return The default key name.
- */
- virtual Name
- getDefaultKeyNameForIdentity(const Name& identityName);
-
- /**
- * Get the default certificate name for the specified key.
- * @param keyName The key name.
- * @return The default certificate name.
- */
- virtual Name
- getDefaultCertificateNameForKey(const Name& keyName);
-
- /**
- * Set the default identity. If the identityName does not exist, then clear the default identity
- * so that getDefaultIdentity() returns an empty name.
- * @param identityName The default identity name.
- */
- virtual void
- setDefaultIdentity(const Name& identityName);
-
- /**
- * Set the default key name for the specified identity.
- * @param keyName The key name.
- * @param identityNameCheck (optional) The identity name to check the keyName.
- */
- virtual void
- setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck = Name());
-
- /**
- * Set the default key name for the specified identity.
- * @param keyName The key name.
- * @param certificateName The certificate name.
- */
- virtual void
- setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName);
-
-private:
-
- virtual void
- updateKeyStatus(const Name& keyName, bool isActive);
-
- sqlite3 *database_;
-#if 0
- Time lastUpdated_;
-#endif
-};
-
-}
-
-#endif // NDN_CPP_HAVE_SQLITE3
-
-#endif
diff --git a/ndn-cpp/security/identity/identity-manager.cpp b/ndn-cpp/security/identity/identity-manager.cpp
index e669a20..e07b483 100644
--- a/ndn-cpp/security/identity/identity-manager.cpp
+++ b/ndn-cpp/security/identity/identity-manager.cpp
@@ -1,3 +1,4 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
/**
* Copyright (C) 2013 Regents of the University of California.
* @author: Yingdi Yu <yingdi@cs.ucla.edu>
@@ -9,9 +10,9 @@
#include <stdexcept>
#endif
#include "../../util/logging.hpp"
-#include "../../sha256-with-rsa-signature.hpp"
-#include "../security-exception.hpp"
-#include "identity-manager.hpp"
+#include <ndn-cpp/sha256-with-rsa-signature.hpp>
+#include <ndn-cpp/security/security-exception.hpp>
+#include <ndn-cpp/security/identity/identity-manager.hpp>
using namespace std;
using namespace ndn::ptr_lib;
diff --git a/ndn-cpp/security/identity/identity-manager.hpp b/ndn-cpp/security/identity/identity-manager.hpp
deleted file mode 100644
index c53607f..0000000
--- a/ndn-cpp/security/identity/identity-manager.hpp
+++ /dev/null
@@ -1,226 +0,0 @@
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_IDENTITY_MANAGER_HPP
-#define NDN_IDENTITY_MANAGER_HPP
-
-#include "../certificate/certificate.hpp"
-#include "identity-storage.hpp"
-#include "../certificate/public-key.hpp"
-#include "private-key-storage.hpp"
-
-namespace ndn {
-
-/**
- * An IdentityManager is the interface of operations related to identity, keys, and certificates.
- */
-class IdentityManager {
-public:
- IdentityManager(const ptr_lib::shared_ptr<IdentityStorage>& identityStorage, const ptr_lib::shared_ptr<PrivateKeyStorage>& privateKeyStorage)
- : identityStorage_(identityStorage), privateKeyStorage_(privateKeyStorage)
- {
- }
-
- /**
- * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
- * @param identityName The name of the identity.
- * @return The key name of the auto-generated KSK of the identity.
- */
- Name
- createIdentity(const Name& identityName);
-
- /**
- * Get the default identity.
- * @return The default identity name.
- */
- Name
- getDefaultIdentity()
- {
- return identityStorage_->getDefaultIdentity();
- }
-
- /**
- * Generate a pair of RSA keys for the specified identity.
- * @param identityName The name of the identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param keySize The size of the key.
- * @return The generated key name.
- */
- Name
- generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048);
-
- /**
- * Set a key as the default key of an identity.
- * @param keyName The name of the key.
- * @param identityName the name of the identity. If not specified, the identity name is inferred from the keyName.
- */
- void
- setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name())
- {
- identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName);
- }
-
- /**
- * Get the default key for an identity.
- * @param identityName the name of the identity. If omitted, the identity name is inferred from the keyName.
- * @return The default key name.
- */
- Name
- getDefaultKeyNameForIdentity(const Name& identityName = Name())
- {
- return identityStorage_->getDefaultKeyNameForIdentity(identityName);
- }
-
- /**
- * Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
- * @param identityName The name of the identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param keySize The size of the key.
- * @return The generated key name.
- */
- Name
- generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048);
-
- /**
- * Get the public key with the specified name.
- * @param keyName The name of the key.
- * @return The public key.
- */
- ptr_lib::shared_ptr<PublicKey>
- getPublicKey(const Name& keyName)
- {
- return PublicKey::fromDer(identityStorage_->getKey(keyName));
- }
-
- /**
- * Add a certificate into the public key identity storage.
- * @param certificate The certificate to to added.
- */
- void
- addCertificate(const Certificate& certificate)
- {
- identityStorage_->addCertificate(certificate);
- }
-
- /**
- * Set the certificate as the default for its corresponding key.
- * @param certificateName The name of the certificate.
- */
- void
- setDefaultCertificateForKey(const Name& certificateName);
-
- /**
- * Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.
- * @param certificate The certificate to be added.
- */
- void
- addCertificateAsIdentityDefault(const Certificate& certificate);
-
- /**
- * Add a certificate into the public key identity storage and set the certificate as the default of its corresponding key.
- * certificate the certificate to be added
- */
- void
- addCertificateAsDefault(const Certificate& certificate)
- {
- identityStorage_->addCertificate(certificate);
- setDefaultCertificateForKey(certificate.getName());
- }
-
- /**
- * Get a certificate with the specified name.
- * @param certificateName The name of the requested certificate.
- * @return the requested certificate which is valid.
- */
- ptr_lib::shared_ptr<Certificate>
- getCertificate(const Name& certificateName)
- {
- return identityStorage_->getCertificate(certificateName, false);
- }
-
- /**
- * Get a certificate even if the certificate is not valid anymore.
- * @param certificateName The name of the requested certificate.
- * @return the requested certificate.
- */
- ptr_lib::shared_ptr<Certificate>
- getAnyCertificate(const Name& certificateName)
- {
- return identityStorage_->getCertificate(certificateName, true);
- }
-
- /**
- * Get the default certificate name for the specified identity, which will be used when signing is performed based on identity.
- * @param identityName The name of the specified identity.
- * @return The requested certificate name.
- */
- Name
- getDefaultCertificateNameForIdentity(const Name& identityName)
- {
- return identityStorage_->getDefaultCertificateNameForIdentity(identityName);
- }
-
- /**
- * Get the default certificate name of the default identity, which will be used when signing is based on identity and
- * the identity is not specified.
- * @return The requested certificate name.
- */
- Name
- getDefaultCertificateName()
- {
- return identityStorage_->getDefaultCertificateNameForIdentity(getDefaultIdentity());
- }
-
-#if 0
- /**
- * sign blob based on certificate name
- * @param blob the blob to be signed
- * @param certificateName the signing certificate name
- * @return the generated signature
- */
- Ptr<Signature>
- signByCertificate(const Blob& blob, const Name& certificateName);
-#endif
-
- /**
- * Sign data packet based on the certificate name.
- * Note: the caller must make sure the timestamp in data is correct, for example with
- * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
- * @param data The Data object to sign and update its signature.
- * @param certificateName The Name identifying the certificate which identifies the signing key.
- * @param wireFormat The WireFormat for calling encodeData, or WireFormat::getDefaultWireFormat() if omitted.
- */
- void
- signByCertificate(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
-
-private:
- /**
- * Generate a key pair for the specified identity.
- * @param identityName The name of the specified identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param keyType The type of the key pair, e.g. KEY_TYPE_RSA.
- * @param keySize The size of the key pair.
- * @return The name of the generated key.
- */
- Name
- generateKeyPair(const Name& identityName, bool isKsk = false, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048);
-
- /**
- * Generate a self-signed certificate for a public key.
- * @param keyName The name of the public key.
- * @return The generated certificate.
- */
- ptr_lib::shared_ptr<Certificate>
- selfSign(const Name& keyName);
-
- ptr_lib::shared_ptr<IdentityStorage> identityStorage_;
- ptr_lib::shared_ptr<PrivateKeyStorage> privateKeyStorage_;
-};
-
-}
-
-#endif
diff --git a/ndn-cpp/security/identity/identity-storage.hpp b/ndn-cpp/security/identity/identity-storage.hpp
deleted file mode 100644
index db6ab0e..0000000
--- a/ndn-cpp/security/identity/identity-storage.hpp
+++ /dev/null
@@ -1,200 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_IDENTITY_STORAGE_HPP
-#define NDN_IDENTITY_STORAGE_HPP
-
-#include "../../name.hpp"
-#include "../security-common.hpp"
-
-namespace ndn {
-
-class Certificate;
-class Data;
-
-/**
- * IdentityStorage is a base class for the storage of identity, public keys and certificates.
- * Private keys are stored in PrivateKeyStorage.
- * This is an abstract base class. A subclass must implement the methods.
- */
-class IdentityStorage {
-public:
- /**
- * The virtual Destructor.
- */
- virtual
- ~IdentityStorage() {}
-
- /**
- * Check if the specified identity already exists.
- * @param identityName The identity name.
- * @return true if the identity exists, otherwise false.
- */
- virtual bool
- doesIdentityExist(const Name& identityName) = 0;
-
- /**
- * Add a new identity. An exception will be thrown if the identity already exists.
- * @param identityName The identity name to be added.
- */
- virtual void
- addIdentity(const Name& identityName) = 0;
-
- /**
- * Revoke the identity.
- * @return true if the identity was revoked, false if not.
- */
- virtual bool
- revokeIdentity() = 0;
-
- /**
- * Generate a name for a new key belonging to the identity.
- * @param identityName The identity name.
- * @param useKsk If true, generate a KSK name, otherwise a DSK name.
- * @return The generated key name.
- */
- virtual Name
- getNewKeyName(const Name& identityName, bool useKsk) = 0;
-
- /**
- * Check if the specified key already exists.
- * @param keyName The name of the key.
- * @return true if the key exists, otherwise false.
- */
- virtual bool
- doesKeyExist(const Name& keyName) = 0;
-
- /**
- * Extract the key name from the certificate name.
- * @param certificateName The certificate name to be processed.
- */
- virtual Name
- getKeyNameForCertificate(const Name& certificateName) = 0;
-
- /**
- * Add a public key to the identity storage.
- * @param keyName The name of the public key to be added.
- * @param keyType Type of the public key to be added.
- * @param publicKeyDer A blob of the public key DER to be added.
- */
- virtual void
- addKey(const Name& keyName, KeyType keyType, const Blob& publicKeyDer) = 0;
-
- /**
- * Get the public key DER blob from the identity storage.
- * @param keyName The name of the requested public key.
- * @return The DER Blob. If not found, return a Blob with a null pointer.
- */
- virtual Blob
- getKey(const Name& keyName) = 0;
-
- /**
- * Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
- * @param keyName name of the key
- */
- virtual void
- activateKey(const Name& keyName) = 0;
-
- /**
- * Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
- * @param keyName name of the key
- */
- virtual void
- deactivateKey(const Name& keyName) = 0;
-
- /**
- * Check if the specified certificate already exists.
- * @param certificateName The name of the certificate.
- * @return true if the certificate exists, otherwise false.
- */
- virtual bool
- doesCertificateExist(const Name& certificateName) = 0;
-
- /**
- * Add a certificate to the identity storage.
- * @param certificate The certificate to be added.
- */
- virtual void
- addCertificate(const Certificate& certificate) = 0;
-
- /**
- * Get a certificate from the identity storage.
- * @param certificateName The name of the requested certificate.
- * @param allowAny If false, only a valid certificate will be returned, otherwise validity is disregarded.
- * @return The requested certificate. If not found, return a shared_ptr with a null pointer.
- */
- virtual ptr_lib::shared_ptr<Certificate>
- getCertificate(const Name &certificateName, bool allowAny = false) = 0;
-
-
- /*****************************************
- * Get/Set Default *
- *****************************************/
-
- /**
- * Get the default identity.
- * @param return The name of default identity, or an empty name if there is no default.
- */
- virtual Name
- getDefaultIdentity() = 0;
-
- /**
- * Get the default key name for the specified identity.
- * @param identityName The identity name.
- * @return The default key name.
- */
- virtual Name
- getDefaultKeyNameForIdentity(const Name& identityName) = 0;
-
- /**
- * Get the default certificate name for the specified identity.
- * @param identityName The identity name.
- * @return The default certificate name.
- */
- Name
- getDefaultCertificateNameForIdentity(const Name& identityName)
- {
- return getDefaultCertificateNameForKey(getDefaultKeyNameForIdentity(identityName));
- }
-
- /**
- * Get the default certificate name for the specified key.
- * @param keyName The key name.
- * @return The default certificate name.
- */
- virtual Name
- getDefaultCertificateNameForKey(const Name& keyName) = 0;
-
- /**
- * Set the default identity. If the identityName does not exist, then clear the default identity
- * so that getDefaultIdentity() returns an empty name.
- * @param identityName The default identity name.
- */
- virtual void
- setDefaultIdentity(const Name& identityName) = 0;
-
- /**
- * Set the default key name for the specified identity.
- * @param keyName The key name.
- * @param identityNameCheck (optional) The identity name to check the keyName.
- */
- virtual void
- setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck = Name()) = 0;
-
- /**
- * Set the default key name for the specified identity.
- * @param keyName The key name.
- * @param certificateName The certificate name.
- */
- virtual void
- setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName) = 0;
-};
-
-}
-
-#endif
diff --git a/ndn-cpp/security/identity/memory-identity-storage.cpp b/ndn-cpp/security/identity/memory-identity-storage.cpp
index bc2bd34..97b18f4 100644
--- a/ndn-cpp/security/identity/memory-identity-storage.cpp
+++ b/ndn-cpp/security/identity/memory-identity-storage.cpp
@@ -9,8 +9,8 @@
#include <stdexcept>
#endif
#include <algorithm>
-#include "../security-exception.hpp"
-#include "memory-identity-storage.hpp"
+#include <ndn-cpp/security/security-exception.hpp>
+#include <ndn-cpp/security/identity/memory-identity-storage.hpp>
using namespace std;
using namespace ndn::ptr_lib;
diff --git a/ndn-cpp/security/identity/memory-identity-storage.hpp b/ndn-cpp/security/identity/memory-identity-storage.hpp
deleted file mode 100644
index ba0ea5a..0000000
--- a/ndn-cpp/security/identity/memory-identity-storage.hpp
+++ /dev/null
@@ -1,189 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_MEMORY_IDENTITY_STORAGE_HPP
-#define NDN_MEMORY_IDENTITY_STORAGE_HPP
-
-#include <vector>
-#include "identity-storage.hpp"
-
-namespace ndn {
-
-/**
- * MemoryIdentityStorage extends IdentityStorage and implements its methods to store identity, public key and certificate objects in memory.
- * The application must get the objects through its own means and add the objects to the MemoryIdentityStorage object.
- * To use permanent file-based storage, see BasicIdentityStorage.
- */
-class MemoryIdentityStorage : public IdentityStorage {
-public:
- /**
- * The virtual Destructor.
- */
- virtual
- ~MemoryIdentityStorage();
-
- /**
- * Check if the specified identity already exists.
- * @param identityName The identity name.
- * @return true if the identity exists, otherwise false.
- */
- virtual bool
- doesIdentityExist(const Name& identityName);
-
- /**
- * Add a new identity. An exception will be thrown if the identity already exists.
- * @param identityName The identity name to be added.
- */
- virtual void
- addIdentity(const Name& identityName);
-
- /**
- * Revoke the identity.
- * @return true if the identity was revoked, false if not.
- */
- virtual bool
- revokeIdentity();
-
- /**
- * Generate a name for a new key belonging to the identity.
- * @param identityName The identity name.
- * @param useKsk If true, generate a KSK name, otherwise a DSK name.
- * @return The generated key name.
- */
- virtual Name
- getNewKeyName(const Name& identityName, bool useKsk);
-
- /**
- * Check if the specified key already exists.
- * @param keyName The name of the key.
- * @return true if the key exists, otherwise false.
- */
- virtual bool
- doesKeyExist(const Name& keyName);
-
- /**
- * Extract the key name from the certificate name.
- * @param certificateName The certificate name to be processed.
- */
- virtual Name
- getKeyNameForCertificate(const Name& certificateName);
-
- /**
- * Add a public key to the identity storage.
- * @param keyName The name of the public key to be added.
- * @param keyType Type of the public key to be added.
- * @param publicKeyDer A blob of the public key DER to be added.
- */
- virtual void
- addKey(const Name& keyName, KeyType keyType, const Blob& publicKeyDer);
-
- /**
- * Get the public key DER blob from the identity storage.
- * @param keyName The name of the requested public key.
- * @return The DER Blob. If not found, return a Blob with a null pointer.
- */
- virtual Blob
- getKey(const Name& keyName);
-
- /**
- * Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
- * @param keyName name of the key
- */
- virtual void
- activateKey(const Name& keyName);
-
- /**
- * Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
- * @param keyName name of the key
- */
- virtual void
- deactivateKey(const Name& keyName);
-
- /**
- * Check if the specified certificate already exists.
- * @param certificateName The name of the certificate.
- * @return true if the certificate exists, otherwise false.
- */
- virtual bool
- doesCertificateExist(const Name& certificateName);
-
- /**
- * Add a certificate to the identity storage.
- * @param certificate The certificate to be added.
- */
- virtual void
- addCertificate(const Certificate& certificate);
-
- /**
- * Get a certificate from the identity storage.
- * @param certificateName The name of the requested certificate.
- * @param allowAny If false, only a valid certificate will be returned, otherwise validity is disregarded.
- * @return The requested certificate. If not found, return a shared_ptr with a null pointer.
- */
- virtual ptr_lib::shared_ptr<Certificate>
- getCertificate(const Name &certificateName, bool allowAny = false);
-
-
- /*****************************************
- * Get/Set Default *
- *****************************************/
-
- /**
- * Get the default identity.
- * @param return The name of default identity, or an empty name if there is no default.
- */
- virtual Name
- getDefaultIdentity();
-
- /**
- * Get the default key name for the specified identity.
- * @param identityName The identity name.
- * @return The default key name.
- */
- virtual Name
- getDefaultKeyNameForIdentity(const Name& identityName);
-
- /**
- * Get the default certificate name for the specified key.
- * @param keyName The key name.
- * @return The default certificate name.
- */
- virtual Name
- getDefaultCertificateNameForKey(const Name& keyName);
-
- /**
- * Set the default identity. If the identityName does not exist, then clear the default identity
- * so that getDefaultIdentity() returns an empty name.
- * @param identityName The default identity name.
- */
- virtual void
- setDefaultIdentity(const Name& identityName);
-
- /**
- * Set the default key name for the specified identity.
- * @param keyName The key name.
- * @param identityNameCheck (optional) The identity name to check the keyName.
- */
- virtual void
- setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck = Name());
-
- /**
- * Set the default key name for the specified identity.
- * @param keyName The key name.
- * @param certificateName The certificate name.
- */
- virtual void
- setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName);
-
-private:
- std::vector<std::string> identityStore_; /**< A list of name URI. */
- std::string defaultIdentity_; /**< The default identity in identityStore_, or "" if not defined. */
-};
-
-}
-
-#endif
diff --git a/ndn-cpp/security/identity/memory-private-key-storage.cpp b/ndn-cpp/security/identity/memory-private-key-storage.cpp
index af2ac13..09f1c66 100644
--- a/ndn-cpp/security/identity/memory-private-key-storage.cpp
+++ b/ndn-cpp/security/identity/memory-private-key-storage.cpp
@@ -9,8 +9,8 @@
#include <stdexcept>
#endif
#include "../../c/util/crypto.h"
-#include "../security-exception.hpp"
-#include "memory-private-key-storage.hpp"
+#include <ndn-cpp/security/security-exception.hpp>
+#include <ndn-cpp/security/identity/memory-private-key-storage.hpp>
using namespace std;
using namespace ndn::ptr_lib;
diff --git a/ndn-cpp/security/identity/memory-private-key-storage.hpp b/ndn-cpp/security/identity/memory-private-key-storage.hpp
deleted file mode 100644
index 02f8fbc..0000000
--- a/ndn-cpp/security/identity/memory-private-key-storage.hpp
+++ /dev/null
@@ -1,132 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_MEMORY_PRIVATE_KEY_STORAGE_HPP
-#define NDN_MEMORY_PRIVATE_KEY_STORAGE_HPP
-
-#include <map>
-#include "private-key-storage.hpp"
-
-struct rsa_st;
-
-namespace ndn {
-
-/**
- * MemoryPrivateKeyStorage extends PrivateKeyStorage to implement a simple in-memory private key store. You should
- * initialize by calling setKeyPairForKeyName.
- */
-class MemoryPrivateKeyStorage : public PrivateKeyStorage {
-public:
- /**
- * The virtual destructor
- */
- virtual
- ~MemoryPrivateKeyStorage();
-
- /**
- * Set the public and private key for the keyName.
- * @param keyName The key name.
- * @param publicKeyDer The public key DER byte array.
- * @param publicKeyDerLength The length of publicKeyDer.
- * @param privateKeyDer The private key DER byte array.
- * @param privateKeyDerLength The length of privateKeyDer.
- */
- void setKeyPairForKeyName
- (const Name& keyName, uint8_t *publicKeyDer, size_t publicKeyDerLength, uint8_t *privateKeyDer,
- size_t privateKeyDerLength);
-
- /**
- * Generate a pair of asymmetric keys.
- * @param keyName The name of the key pair.
- * @param keyType The type of the key pair, e.g. KEY_TYPE_RSA.
- * @param keySize The size of the key pair.
- */
- virtual void
- generateKeyPair(const Name& keyName, KeyType keyType, int keySize);
-
- /**
- * Get the public key
- * @param keyName The name of public key.
- * @return The public key.
- */
- virtual ptr_lib::shared_ptr<PublicKey>
- getPublicKey(const Name& keyName);
-
- /**
- * Fetch the private key for keyName and sign the data, returning a signature Blob.
- * @param data Pointer to the input byte array.
- * @param dataLength The length of data.
- * @param keyName The name of the signing key.
- * @param digestAlgorithm the digest algorithm.
- * @return The signature, or a null pointer if signing fails.
- */
- virtual Blob
- sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm);
-
- /**
- * Decrypt data.
- * @param keyName The name of the decrypting key.
- * @param data The byte to be decrypted.
- * @param dataLength the length of data.
- * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
- * @return The decrypted data.
- */
- virtual Blob
- decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric);
-
- /**
- * Encrypt data.
- * @param keyName The name of the encrypting key.
- * @param data The byte to be encrypted.
- * @param dataLength the length of data.
- * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
- * @return The encrypted data.
- */
- virtual Blob
- encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric);
-
- /**
- * @brief Generate a symmetric key.
- * @param keyName The name of the key.
- * @param keyType The type of the key, e.g. KEY_TYPE_AES.
- * @param keySize The size of the key.
- */
- virtual void
- generateKey(const Name& keyName, KeyType keyType, int keySize);
-
- /**
- * Check if a particular key exists.
- * @param keyName The name of the key.
- * @param keyClass The class of the key, e.g. KEY_CLASS_PUBLIC, KEY_CLASS_PRIVATE, or KEY_CLASS_SYMMETRIC.
- * @return True if the key exists, otherwise false.
- */
- virtual bool
- doesKeyExist(const Name& keyName, KeyClass keyClass);
-
-private:
- /**
- * RsaPrivateKey is a simple class to hold an RSA private key.
- */
- class RsaPrivateKey {
- public:
- RsaPrivateKey(uint8_t *keyDer, size_t keyDerLength);
-
- ~RsaPrivateKey();
-
- struct rsa_st* getPrivateKey() { return privateKey_; }
-
- private:
- struct rsa_st* privateKey_;
- };
-
- std::map<std::string, ptr_lib::shared_ptr<PublicKey> > publicKeyStore_; /**< The map key is the keyName.toUri() */
- std::map<std::string, ptr_lib::shared_ptr<RsaPrivateKey> > privateKeyStore_; /**< The map key is the keyName.toUri() */
-};
-
-}
-
-#endif
diff --git a/ndn-cpp/security/identity/osx-private-key-storage.cpp b/ndn-cpp/security/identity/osx-private-key-storage.cpp
index 5cca7ca..5728ad7 100644
--- a/ndn-cpp/security/identity/osx-private-key-storage.cpp
+++ b/ndn-cpp/security/identity/osx-private-key-storage.cpp
@@ -14,8 +14,8 @@
#include <CoreFoundation/CoreFoundation.h>
#include "../../util/logging.hpp"
-#include "osx-private-key-storage.hpp"
-#include "../security-exception.hpp"
+#include <ndn-cpp/security/identity/osx-private-key-storage.hpp>
+#include <ndn-cpp/security/security-exception.hpp>
using namespace std;
using namespace ndn::ptr_lib;
diff --git a/ndn-cpp/security/identity/osx-private-key-storage.hpp b/ndn-cpp/security/identity/osx-private-key-storage.hpp
deleted file mode 100644
index 729bf9e..0000000
--- a/ndn-cpp/security/identity/osx-private-key-storage.hpp
+++ /dev/null
@@ -1,205 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_OSX_PRIVATEKEY_STORAGE_H
-#define NDN_OSX_PRIVATEKEY_STORAGE_H
-
-// Only compile if ndn-cpp-config.h defines NDN_CPP_HAVE_OSX_SECURITY 1.
-#include <ndn-cpp/ndn-cpp-config.h>
-#if NDN_CPP_HAVE_OSX_SECURITY
-
-#include "../../common.hpp"
-#include "private-key-storage.hpp"
-
-#include <CoreFoundation/CoreFoundation.h>
-#include <Security/Security.h>
-#include <CoreServices/CoreServices.h>
-
-namespace ndn
-{
-
-class OSXPrivateKeyStorage : public PrivateKeyStorage {
-public:
- /**
- * constructor of OSXPrivateKeyStorage
- * @param keychainName the name of keychain
- */
- OSXPrivateKeyStorage(const std::string & keychainName = "");
-
- /**
- * destructor of OSXPrivateKeyStore
- */
- virtual
- ~OSXPrivateKeyStorage();
-
- /**
- * Generate a pair of asymmetric keys.
- * @param keyName The name of the key pair.
- * @param keyType The type of the key pair, e.g. KEY_TYPE_RSA.
- * @param keySize The size of the key pair.
- */
- virtual void
- generateKeyPair(const Name& keyName, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048);
-
- /**
- * Get the public key
- * @param keyName The name of public key.
- * @return The public key.
- */
- virtual ptr_lib::shared_ptr<PublicKey>
- getPublicKey(const Name& keyName);
-
- /**
- * Fetch the private key for keyName and sign the data, returning a signature Blob.
- * @param data Pointer to the input byte array.
- * @param dataLength The length of data.
- * @param keyName The name of the signing key.
- * @param digestAlgorithm the digest algorithm.
- * @return The signature, or a null pointer if signing fails.
- */
- virtual Blob
- sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256);
-
- /**
- * Decrypt data.
- * @param keyName The name of the decrypting key.
- * @param data The byte to be decrypted.
- * @param dataLength the length of data.
- * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
- * @return The decrypted data.
- */
- virtual Blob
- decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false);
-
- /**
- * Encrypt data.
- * @param keyName The name of the encrypting key.
- * @param data The byte to be encrypted.
- * @param dataLength the length of data.
- * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
- * @return The encrypted data.
- */
- virtual Blob
- encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false);
-
- /**
- * Generate a symmetric key.
- * @param keyName The name of the key.
- * @param keyType The type of the key, e.g. KEY_TYPE_AES.
- * @param keySize The size of the key.
- */
- virtual void
- generateKey(const Name& keyName, KeyType keyType = KEY_TYPE_AES, int keySize = 256);
-
- /**
- * Check if a particular key exists.
- * @param keyName The name of the key.
- * @param keyClass The class of the key, e.g. KEY_CLASS_PUBLIC, KEY_CLASS_PRIVATE, or KEY_CLASS_SYMMETRIC.
- * @return True if the key exists, otherwise false.
- */
- virtual bool
- doesKeyExist(const Name& keyName, KeyClass keyClass);
-
- /**
- * configure ACL of a particular key
- * @param keyName the name of key
- * @param keyClass the class of key, e.g. Private Key
- * @param acl the new acl of the key
- * @param appPath the absolute path to the application
- * @returns true if setting succeeds
- */
- bool
- setACL(const Name & keyName, KeyClass keyClass, int acl, const std::string & appPath);
-
- /**
- * verify data (test only)
- * @param keyName the name of key
- * @param pData the data to be verified
- * @param pSig the signature associated with the data
- * @param digestAlgo digest algorithm
- * @return true if signature can be verified, otherwise false
- */
- bool
- verifyData(const Name & keyName, const Blob & pData, const Blob & pSig, DigestAlgorithm digestAlgo = DIGEST_ALGORITHM_SHA256);
-
- private:
- /**
- * convert NDN name of a key to internal name of the key
- * @param keyName the NDN name of the key
- * @param keyClass the class of the key
- * @return the internal key name
- */
- std::string
- toInternalKeyName(const Name & keyName, KeyClass keyClass);
-
- /**
- * Get key
- * @param keyName the name of the key
- * @param keyClass the class of the key
- * @returns pointer to the key
- */
- SecKeychainItemRef
- getKey(const Name & keyName, KeyClass keyClass);
-
- /**
- * convert keyType to MAC OS symmetric key key type
- * @param keyType
- * @returns MAC OS key type
- */
- const CFTypeRef
- getSymKeyType(KeyType keyType);
-
- /**
- * convert keyType to MAC OS asymmetirc key type
- * @param keyType
- * @returns MAC OS key type
- */
- const CFTypeRef
- getAsymKeyType(KeyType keyType);
-
- /**
- * convert keyClass to MAC OS key class
- * @param keyClass
- * @returns MAC OS key class
- */
- const CFTypeRef
- getKeyClass(KeyClass keyClass);
-
- /**
- * convert digestAlgo to MAC OS algorithm id
- * @param digestAlgo
- * @returns MAC OS algorithm id
- */
- const CFStringRef
- getDigestAlgorithm(DigestAlgorithm digestAlgo);
-
- /**
- * convert format to MAC OS key format
- * @param format
- * @returns MAC OS keyformat
- */
- SecExternalFormat
- getFormat(KeyFormat format);
-
- /**
- * get the digest size of the corresponding algorithm
- * @param digestAlgo the digest algorithm
- * @return digest size
- */
- long
- getDigestSize(DigestAlgorithm digestAlgo);
-
- const std::string keyChainName_;
- SecKeychainRef keyChainRef_;
- SecKeychainRef originalDefaultKeyChain_;
-};
-
-}
-
-#endif NDN_CPP_HAVE_OSX_SECURITY
-
-#endif
diff --git a/ndn-cpp/security/identity/private-key-storage.hpp b/ndn-cpp/security/identity/private-key-storage.hpp
deleted file mode 100644
index 0ff0077..0000000
--- a/ndn-cpp/security/identity/private-key-storage.hpp
+++ /dev/null
@@ -1,116 +0,0 @@
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_PRIVATE_KEY_STORAGE_HPP
-#define NDN_PRIVATE_KEY_STORAGE_HPP
-
-#include <string>
-#include "../../util/blob.hpp"
-#include "../certificate/public-key.hpp"
-#include "../security-common.hpp"
-#include "../../name.hpp"
-
-namespace ndn {
-
-class PrivateKeyStorage {
-public:
- /**
- * The virtual destructor.
- */
- virtual
- ~PrivateKeyStorage() {}
-
- /**
- * Generate a pair of asymmetric keys.
- * @param keyName The name of the key pair.
- * @param keyType The type of the key pair, e.g. KEY_TYPE_RSA.
- * @param keySize The size of the key pair.
- */
- virtual void
- generateKeyPair(const Name& keyName, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048) = 0;
-
- /**
- * Get the public key
- * @param keyName The name of public key.
- * @return The public key.
- */
- virtual ptr_lib::shared_ptr<PublicKey>
- getPublicKey(const Name& keyName) = 0;
-
- /**
- * Fetch the private key for keyName and sign the data, returning a signature Blob.
- * @param data Pointer to the input byte array.
- * @param dataLength The length of data.
- * @param keyName The name of the signing key.
- * @param digestAlgorithm the digest algorithm.
- * @return The signature, or a null pointer if signing fails.
- */
- virtual Blob
- sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256) = 0;
-
- Blob
- sign(const Blob& data, const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256)
- {
- sign(data.buf(), data.size(), keyName, digestAlgorithm);
- }
-
- /**
- * Decrypt data.
- * @param keyName The name of the decrypting key.
- * @param data The byte to be decrypted.
- * @param dataLength the length of data.
- * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
- * @return The decrypted data.
- */
- virtual Blob
- decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false) = 0;
-
- Blob
- decrypt(const Name& keyName, const Blob& data, bool isSymmetric = false)
- {
- decrypt(keyName, data.buf(), data.size(), isSymmetric);
- }
-
- /**
- * Encrypt data.
- * @param keyName The name of the encrypting key.
- * @param data The byte to be encrypted.
- * @param dataLength the length of data.
- * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
- * @return The encrypted data.
- */
- virtual Blob
- encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false) = 0;
-
- Blob
- encrypt(const Name& keyName, const Blob& data, bool isSymmetric = false)
- {
- encrypt(keyName, data.buf(), data.size(), isSymmetric);
- }
-
- /**
- * @brief Generate a symmetric key.
- * @param keyName The name of the key.
- * @param keyType The type of the key, e.g. KEY_TYPE_AES.
- * @param keySize The size of the key.
- */
- virtual void
- generateKey(const Name& keyName, KeyType keyType = KEY_TYPE_AES, int keySize = 256) = 0;
-
- /**
- * Check if a particular key exists.
- * @param keyName The name of the key.
- * @param keyClass The class of the key, e.g. KEY_CLASS_PUBLIC, KEY_CLASS_PRIVATE, or KEY_CLASS_SYMMETRIC.
- * @return True if the key exists, otherwise false.
- */
- virtual bool
- doesKeyExist(const Name& keyName, KeyClass keyClass) = 0;
-};
-
-}
-
-#endif
diff --git a/ndn-cpp/security/key-chain.cpp b/ndn-cpp/security/key-chain.cpp
index 5bcc4c1..3f47e3e 100644
--- a/ndn-cpp/security/key-chain.cpp
+++ b/ndn-cpp/security/key-chain.cpp
@@ -1,3 +1,4 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
/**
* Copyright (C) 2013 Regents of the University of California.
* @author: Jeff Thompson <jefft0@remap.ucla.edu>
@@ -7,11 +8,11 @@
#include "../c/util/crypto.h"
#include "../c/encoding/binary-xml-data.h"
#include "../encoding/binary-xml-encoder.hpp"
-#include "../sha256-with-rsa-signature.hpp"
+#include <ndn-cpp/sha256-with-rsa-signature.hpp>
#include "../util/logging.hpp"
-#include "policy/policy-manager.hpp"
-#include "security-exception.hpp"
-#include "key-chain.hpp"
+#include <ndn-cpp/security/security-exception.hpp>
+#include <ndn-cpp/security/policy/policy-manager.hpp>
+#include <ndn-cpp/security/key-chain.hpp>
using namespace std;
using namespace ndn::ptr_lib;
diff --git a/ndn-cpp/security/key-chain.hpp b/ndn-cpp/security/key-chain.hpp
deleted file mode 100644
index 7114e4e..0000000
--- a/ndn-cpp/security/key-chain.hpp
+++ /dev/null
@@ -1,284 +0,0 @@
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_KEY_CHAIN_HPP
-#define NDN_KEY_CHAIN_HPP
-
-#include "../data.hpp"
-#include "../face.hpp"
-#include "identity/identity-manager.hpp"
-#include "encryption/encryption-manager.hpp"
-
-namespace ndn {
-
-class PolicyManager;
-
-/**
- * An OnVerified function object is used to pass a callback to verifyData to report a successful verification.
- */
-typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerified;
-
-/**
- * An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verification.
- */
-typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerifyFailed;
-
-/**
- * Keychain is the main class of the security library.
- *
- * The Keychain class provides a set of interfaces to the security library such as identity management, policy configuration
- * and packet signing and verification.
- */
-class KeyChain {
-public:
- KeyChain
- (const ptr_lib::shared_ptr<IdentityManager>& identityManager, const ptr_lib::shared_ptr<PolicyManager>& policyManager);
-
- /*****************************************
- * Identity Management *
- *****************************************/
-
- /**
- * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
- * @param identityName The name of the identity.
- * @return The key name of the auto-generated KSK of the identity.
- */
- Name
- createIdentity(const Name& identityName)
- {
- return identityManager_->createIdentity(identityName);
- }
-
- /**
- * Get the default identity.
- * @return The default identity name.
- */
- Name
- getDefaultIdentity()
- {
- return identityManager_->getDefaultIdentity();
- }
-
- /**
- * Generate a pair of RSA keys for the specified identity.
- * @param identityName The name of the identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param keySize The size of the key.
- * @return The generated key name.
- */
- Name
- generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048)
- {
- return identityManager_->generateRSAKeyPair(identityName, isKsk, keySize);
- }
-
- /**
- * Set a key as the default key of an identity.
- * @param keyName The name of the key.
- * @param identityName the name of the identity. If not specified, the identity name is inferred from the keyName.
- */
- void
- setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name())
- {
- return identityManager_->setDefaultKeyForIdentity(keyName, identityName);
- }
-
- /**
- * Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
- * @param identityName The name of the identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param keySize The size of the key.
- * @return The generated key name.
- */
- Name
- generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048)
- {
- return identityManager_->generateRSAKeyPairAsDefault(identityName, isKsk, keySize);
- }
-
- /**
- * Create a public key signing request.
- * @param keyName The name of the key.
- * @returns The signing request data.
- */
- Blob
- createSigningRequest(const Name& keyName)
- {
- return identityManager_->getPublicKey(keyName)->getKeyDer();
- }
-
- /**
- * Install an identity certificate into the public key identity storage.
- * @param certificate The certificate to to added.
- */
- void
- installIdentityCertificate(const Certificate& certificate)
- {
- identityManager_->addCertificate(certificate);
- }
-
- /**
- * Set the certificate as the default for its corresponding key.
- * @param certificateName The name of the certificate.
- */
- void
- setDefaultCertificateForKey(const Name& certificateName)
- {
- identityManager_->setDefaultCertificateForKey(certificateName);
- }
-
- /**
- * Get a certificate with the specified name.
- * @param certificateName The name of the requested certificate.
- * @return the requested certificate.
- */
- ptr_lib::shared_ptr<Certificate>
- getCertificate(const Name& certificateName)
- {
- return identityManager_->getCertificate(certificateName);
- }
-
- /**
- * Get a certificate even if the certificate is not valid anymore.
- * @param certificateName The name of the requested certificate.
- * @return the requested certificate.
- */
- ptr_lib::shared_ptr<Certificate>
- getAnyCertificate(const Name& certificateName)
- {
- return identityManager_->getAnyCertificate(certificateName);
- }
-
- /**
- * Revoke a key
- * @param keyName the name of the key that will be revoked
- */
- void
- revokeKey(const Name & keyName)
- {
- //TODO: Implement
- }
-
- /**
- * Revoke a certificate
- * @param certificateName the name of the certificate that will be revoked
- */
- void
- revokeCertificate(const Name & certificateName)
- {
- //TODO: Implement
- }
-
- /*****************************************
- * Policy Management *
- *****************************************/
-
- const ptr_lib::shared_ptr<PolicyManager>&
- getPolicyManager() { return policyManager_; }
-
- /*****************************************
- * Sign/Verify *
- *****************************************/
-
- /**
- * Wire encode the Data object, sign it and set its signature.
- * Note: the caller must make sure the timestamp is correct, for example with
- * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
- * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
- * @param certificateName The certificate name of the key to use for signing. If omitted, infer the signing identity from the data packet name.
- * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
- */
- void
- sign(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
-
- /**
- * Wire encode the Data object, sign it and set its signature.
- * Note: the caller must make sure the timestamp is correct, for example with
- * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
- * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
- * @param identityName The identity name for the key to use for signing. If omitted, infer the signing identity from the data packet name.
- * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
- */
- void
- signByIdentity(Data& data, const Name& identityName = Name(), WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
-
- /**
- * Check the signature on the Data object and call either onVerify or onVerifyFailed.
- * We use callback functions because verify may fetch information to check the signature.
- * @param data The Data object with the signature to check. It is an error if data does not have a wireEncoding.
- * To set the wireEncoding, you can call data.wireDecode.
- * @param onVerified If the signature is verified, this calls onVerified(data).
- * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
- */
- void
- verifyData
- (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
-
- /*****************************************
- * Encrypt/Decrypt *
- *****************************************/
-
- /**
- * Generate a symmetric key.
- * @param keyName The name of the generated key.
- * @param keyType The type of the key, e.g. KEY_TYPE_AES
- */
- void
- generateSymmetricKey(const Name& keyName, KeyType keyType)
- {
- encryptionManager_->createSymmetricKey(keyName, keyType);
- }
-
- /**
- * Encrypt a byte array.
- * @param keyName The name of the encrypting key.
- * @param data The byte array that will be encrypted.
- * @param dataLength The length of data.
- * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used.
- * @param encryptMode the encryption mode
- * @return the encrypted data as an immutable Blob.
- */
- Blob
- encrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true,
- EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT)
- {
- return encryptionManager_->encrypt(keyName, data, dataLength, useSymmetric, encryptMode);
- }
-
- /**
- * Decrypt a byte array.
- * @param keyName The name of the decrypting key.
- * @param data The byte array that will be decrypted.
- * @param dataLength The length of data.
- * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used.
- * @param encryptMode the encryption mode
- * @return the decrypted data as an immutable Blob.
- */
- Blob
- decrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true,
- EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT)
- {
- return encryptionManager_->decrypt(keyName, data, dataLength, useSymmetric, encryptMode);
- }
-
- /**
- * Set the Face which will be used to fetch required certificates.
- * @param face A pointer to the Face object.
- */
- void
- setFace(Face* face) { face_ = face; }
-
-private:
- ptr_lib::shared_ptr<IdentityManager> identityManager_;
- ptr_lib::shared_ptr<PolicyManager> policyManager_;
- ptr_lib::shared_ptr<EncryptionManager> encryptionManager_;
- Face* face_;
- const int maxSteps_;
-};
-
-}
-
-#endif
diff --git a/ndn-cpp/security/policy/no-verify-policy-manager.cpp b/ndn-cpp/security/policy/no-verify-policy-manager.cpp
index 172845e..e49ae75 100644
--- a/ndn-cpp/security/policy/no-verify-policy-manager.cpp
+++ b/ndn-cpp/security/policy/no-verify-policy-manager.cpp
@@ -6,7 +6,7 @@
* See COPYING for copyright and distribution information.
*/
-#include "no-verify-policy-manager.hpp"
+#include <ndn-cpp/security/policy/no-verify-policy-manager.hpp>
using namespace std;
using namespace ndn::ptr_lib;
diff --git a/ndn-cpp/security/policy/no-verify-policy-manager.hpp b/ndn-cpp/security/policy/no-verify-policy-manager.hpp
deleted file mode 100644
index 8b72eda..0000000
--- a/ndn-cpp/security/policy/no-verify-policy-manager.hpp
+++ /dev/null
@@ -1,72 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_NO_VERIFY_POLICY_MANAGER_HPP
-#define NDN_NO_VERIFY_POLICY_MANAGER_HPP
-
-#include "policy-manager.hpp"
-
-namespace ndn {
-
-class NoVerifyPolicyManager : public PolicyManager {
-public:
- /**
- * The virtual destructor.
- */
- virtual
- ~NoVerifyPolicyManager();
-
- /**
- * Override to always skip verification and trust as valid.
- * @param data The received data packet.
- * @return true.
- */
- virtual bool
- skipVerifyAndTrust(const Data& data);
-
- /**
- * Override to return false for no verification rule for the received data.
- * @param data The received data packet.
- * @return false.
- */
- virtual bool
- requireVerify(const Data& data);
-
- /**
- * Override to call onVerified(data) and to indicate no further verification step.
- * @param data The Data object with the signature to check.
- * @param stepCount The number of verification steps that have been done, used to track the verification progress.
- * @param onVerified This does override to call onVerified(data).
- * @param onVerifyFailed Override to ignore this.
- * @return null for no further step.
- */
- virtual ptr_lib::shared_ptr<ValidationRequest>
- checkVerificationPolicy
- (const ptr_lib::shared_ptr<Data>& data, const int& stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed);
-
- /**
- * Override to always indicate that the signing certificate name and data name satisfy the signing policy.
- * @param dataName The name of data to be signed.
- * @param certificateName The name of signing certificate.
- * @return true to indicate that the signing certificate can be used to sign the data.
- */
- virtual bool
- checkSigningPolicy(const Name& dataName, const Name& certificateName);
-
- /**
- * Override to indicate that the signing identity cannot be inferred.
- * @param dataName The name of data to be signed.
- * @return An empty name because cannot infer.
- */
- virtual Name
- inferSigningIdentity(const Name& dataName);
-};
-
-}
-
-#endif
diff --git a/ndn-cpp/security/policy/policy-manager.hpp b/ndn-cpp/security/policy/policy-manager.hpp
deleted file mode 100644
index 458f84f..0000000
--- a/ndn-cpp/security/policy/policy-manager.hpp
+++ /dev/null
@@ -1,79 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_POLICY_MANAGER_HPP
-#define NDN_POLICY_MANAGER_HPP
-
-#include "../../data.hpp"
-#include "../key-chain.hpp"
-
-namespace ndn {
-
-class ValidationRequest;
-
-/**
- * A PolicyManager is an abstract base class to represent the policy for verifying data packets.
- * You must create an object of a subclass.
- */
-class PolicyManager {
-public:
- /**
- * The virtual destructor.
- */
- virtual
- ~PolicyManager() {}
-
- /**
- * Check if the received data packet can escape from verification and be trusted as valid.
- * @param data The received data packet.
- * @return true if the data does not need to be verified to be trusted as valid, otherwise false.
- */
- virtual bool
- skipVerifyAndTrust(const Data& data) = 0;
-
- /**
- * Check if this PolicyManager has a verification rule for the received data.
- * @param data The received data packet.
- * @return true if the data must be verified, otherwise false.
- */
- virtual bool
- requireVerify(const Data& data) = 0;
-
- /**
- * Check whether the received data packet complies with the verification policy, and get the indication of the next verification step.
- * @param data The Data object with the signature to check.
- * @param stepCount The number of verification steps that have been done, used to track the verification progress.
- * @param onVerified If the signature is verified, this calls onVerified(data).
- * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
- * @return the indication of next verification step, null if there is no further step.
- */
- virtual ptr_lib::shared_ptr<ValidationRequest>
- checkVerificationPolicy
- (const ptr_lib::shared_ptr<Data>& data, const int& stepCount, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed) = 0;
-
- /**
- * Check if the signing certificate name and data name satisfy the signing policy.
- * @param dataName The name of data to be signed.
- * @param certificateName The name of signing certificate.
- * @return true if the signing certificate can be used to sign the data, otherwise false.
- */
- virtual bool
- checkSigningPolicy(const Name& dataName, const Name& certificateName) = 0;
-
- /**
- * Infer the signing identity name according to the policy. If the signing identity cannot be inferred, return an empty name.
- * @param dataName The name of data to be signed.
- * @return The signing identity or an empty name if cannot infer.
- */
- virtual Name
- inferSigningIdentity(const Name& dataName) = 0;
-};
-
-}
-
-#endif
diff --git a/ndn-cpp/security/security-common.hpp b/ndn-cpp/security/security-common.hpp
deleted file mode 100644
index 1222480..0000000
--- a/ndn-cpp/security/security-common.hpp
+++ /dev/null
@@ -1,47 +0,0 @@
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_SECURITY_COMMON_HPP
-#define NDN_SECURITY_COMMON_HPP
-
-namespace ndn {
-
-enum KeyType {
- KEY_TYPE_RSA,
- // KEY_TYPE_DSA,
- KEY_TYPE_AES,
- // KEY_TYPE_DES,
- // KEY_TYPE_RC4,
- // KEY_TYPE_RC2
-};
-
-enum KeyClass {
- KEY_CLASS_PUBLIC,
- KEY_CLASS_PRIVATE,
- KEY_CLASS_SYMMETRIC
-};
-
-enum KeyFormat {
- KEY_FORMAT_PUBLIC_OPENSSL,
-};
-
-enum DigestAlgorithm {
- // DIGEST_ALGORITHM_MD2,
- // DIGEST_ALGORITHM_MD5,
- // DIGEST_ALGORITHM_SHA1,
- DIGEST_ALGORITHM_SHA256
-};
-
-enum EncryptMode {
- ENCRYPT_MODE_DEFAULT,
- ENCRYPT_MODE_CFB_AES,
- // ENCRYPT_MODE_CBC_AES
-};
-
-}
-
-#endif
diff --git a/ndn-cpp/security/security-exception.cpp b/ndn-cpp/security/security-exception.cpp
index b4bbd22..b4acfad 100644
--- a/ndn-cpp/security/security-exception.cpp
+++ b/ndn-cpp/security/security-exception.cpp
@@ -6,7 +6,7 @@
* See COPYING for copyright and distribution information.
*/
-#include "security-exception.hpp"
+#include <ndn-cpp/security/security-exception.hpp>
using namespace std;
namespace ndn {
diff --git a/ndn-cpp/security/security-exception.hpp b/ndn-cpp/security/security-exception.hpp
deleted file mode 100644
index f14948f..0000000
--- a/ndn-cpp/security/security-exception.hpp
+++ /dev/null
@@ -1,49 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_SECURITY_EXCEPTION_HPP
-#define NDN_SECURITY_EXCEPTION_HPP
-
-#include <exception>
-#include <string>
-
-namespace ndn {
-
-class SecurityException : public std::exception {
-public:
- SecurityException(const std::string& errorMessage) throw();
-
- virtual ~SecurityException() throw();
-
- std::string Msg() { return errorMessage_; }
-
- virtual const char* what() const throw() { return errorMessage_.c_str(); }
-
-private:
- const std::string errorMessage_;
-};
-
-class UnrecognizedKeyFormatException : public SecurityException {
-public:
- UnrecognizedKeyFormatException(const std::string& errorMessage)
- : SecurityException(errorMessage)
- {
- }
-};
-
-class UnrecognizedDigestAlgorithmException : public SecurityException {
-public:
- UnrecognizedDigestAlgorithmException(const std::string& errorMessage)
- : SecurityException(errorMessage)
- {
- }
-};
-
-}
-
-#endif