security: refactoring KeyChain and related classess
1. rename IdentityStorage as SecPublicInfo and PrivateKeyStorage as SecTpm.
2. KeyChain is defined as a template of sub-classes of SecPublicInfo and SecTpm, and KeyChain inherits from these two classes rather than has objects of these two classes.
3. rename some methods of SecPublicInfo and SecTpm to clarify usage and avoid conflicts
SecPublicInfo: addKey, getKey, doesKeyExist, activateKey, deactivateKey
SecTpm: generateKeyPair, getPublicKey, generateKey
4. adjust getter/setter of KeyChain & SecPublicInfo
Change-Id: Ib67631ad1c883100b1200a1a381d837bbbdb1d37
diff --git a/include/ndn-cpp/security/identity/sec-public-info.hpp b/include/ndn-cpp/security/identity/sec-public-info.hpp
new file mode 100644
index 0000000..3a46310
--- /dev/null
+++ b/include/ndn-cpp/security/identity/sec-public-info.hpp
@@ -0,0 +1,362 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_SEC_PUBLIC_INFO_HPP
+#define NDN_SEC_PUBLIC_INFO_HPP
+
+#include "../../name.hpp"
+#include "../security-common.hpp"
+#include "../certificate/public-key.hpp"
+#include "../certificate/identity-certificate.hpp"
+
+namespace ndn {
+
+/**
+ * SecPublicInfo is a base class for the storage of identity, public keys and certificates.
+ * Private keys are stored in SecTpm.
+ * This is an abstract base class. A subclass must implement the methods.
+ */
+class SecPublicInfo {
+public:
+ struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+
+ /**
+ * The virtual Destructor.
+ */
+ virtual
+ ~SecPublicInfo() {}
+
+ /**
+ * Check if the specified identity already exists.
+ * @param identityName The identity name.
+ * @return true if the identity exists, otherwise false.
+ */
+ virtual bool
+ doesIdentityExist(const Name& identityName) = 0;
+
+ /**
+ * Add a new identity. An exception will be thrown if the identity already exists.
+ * @param identityName The identity name to be added.
+ */
+ virtual void
+ addIdentity(const Name& identityName) = 0;
+
+ /**
+ * Revoke the identity.
+ * @return true if the identity was revoked, false if not.
+ */
+ virtual bool
+ revokeIdentity() = 0;
+
+ /**
+ * Check if the specified key already exists.
+ * @param keyName The name of the key.
+ * @return true if the key exists, otherwise false.
+ */
+ virtual bool
+ doesPublicKeyExist(const Name& keyName) = 0;
+
+ /**
+ * Add a public key to the identity storage.
+ * @param keyName The name of the public key to be added.
+ * @param keyType Type of the public key to be added.
+ * @param publicKeyDer A blob of the public key DER to be added.
+ */
+ virtual void
+ addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer) = 0;
+
+ /**
+ * Get the public key DER blob from the identity storage.
+ * @param keyName The name of the requested public key.
+ * @return The DER Blob. If not found, return a Blob with a null pointer.
+ */
+ virtual ptr_lib::shared_ptr<PublicKey>
+ getPublicKey(const Name& keyName) = 0;
+
+ /**
+ * Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
+ * @param keyName name of the key
+ */
+ virtual void
+ activatePublicKey(const Name& keyName) = 0;
+
+ /**
+ * Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
+ * @param keyName name of the key
+ */
+ virtual void
+ deactivatePublicKey(const Name& keyName) = 0;
+
+ /**
+ * Check if the specified certificate already exists.
+ * @param certificateName The name of the certificate.
+ * @return true if the certificate exists, otherwise false.
+ */
+ virtual bool
+ doesCertificateExist(const Name& certificateName) = 0;
+
+ /**
+ * Add a certificate to the identity storage.
+ * @param certificate The certificate to be added. This makes a copy of the certificate.
+ */
+ virtual void
+ addCertificate(const IdentityCertificate& certificate) = 0;
+
+ /**
+ * Get a certificate from the identity storage.
+ * @param certificateName The name of the requested certificate.
+ * @param allowAny If false, only a valid certificate will be returned, otherwise validity is disregarded.
+ * @return The requested certificate. If not found, return a shared_ptr with a null pointer.
+ */
+ virtual ptr_lib::shared_ptr<IdentityCertificate>
+ getCertificate(const Name &certificateName, bool allowAny = false) = 0;
+
+
+ /*****************************************
+ * Default Getter *
+ *****************************************/
+
+ /**
+ * Get the default identity.
+ * @param return The name of default identity, or an empty name if there is no default.
+ */
+ virtual Name
+ getDefaultIdentity() = 0;
+
+ /**
+ * Get the default key name for the specified identity.
+ * @param identityName The identity name.
+ * @return The default key name.
+ */
+ virtual Name
+ getDefaultKeyNameForIdentity(const Name& identityName) = 0;
+
+ /**
+ * Get the default certificate name for the specified key.
+ * @param keyName The key name.
+ * @return The default certificate name.
+ */
+ virtual Name
+ getDefaultCertificateNameForKey(const Name& keyName) = 0;
+
+ virtual std::vector<Name>
+ getAllIdentities(bool isDefault) = 0;
+
+ virtual std::vector<Name>
+ getAllKeyNames(bool isDefault) = 0;
+
+ virtual std::vector<Name>
+ getAllKeyNamesOfIdentity(const Name& identity, bool isDefault) = 0;
+
+ virtual std::vector<Name>
+ getAllCertificateNames(bool isDefault) = 0;
+
+ virtual std::vector<Name>
+ getAllCertificateNamesOfKey(const Name& keyName, bool isDefault) = 0;
+
+protected:
+
+ /*****************************************
+ * Default Setter *
+ *****************************************/
+
+ /**
+ * Set the default identity. If the identityName does not exist, then clear the default identity
+ * so that getDefaultIdentity() returns an empty name.
+ * @param identityName The default identity name.
+ */
+ virtual void
+ setDefaultIdentityInternal(const Name& identityName) = 0;
+
+ /**
+ * Set the default key name for the corresponding identity.
+ * @param keyName The key name.
+ */
+ virtual void
+ setDefaultKeyNameForIdentityInternal(const Name& keyName) = 0;
+
+ /**
+ * Set the default certificate name for the corresponding key.
+ * @param certificateName The certificate name.
+ */
+ virtual void
+ setDefaultCertificateNameForKeyInternal(const Name& certificateName) = 0;
+
+public:
+
+ /*****************************************
+ * Helper Methods *
+ *****************************************/
+
+ /**
+ * Set the default identity. If the identityName does not exist, then clear the default identity
+ * so that getDefaultIdentity() returns an empty name.
+ * @param identityName The default identity name.
+ */
+ inline void
+ setDefaultIdentity(const Name& identityName);
+
+ /**
+ * Set the default key name for the corresponding identity.
+ * @param keyName The key name.
+ */
+ inline void
+ setDefaultKeyNameForIdentity(const Name& keyName);
+
+ /**
+ * Set the default certificate name for the corresponding key.
+ * @param certificateName The certificate name.
+ */
+ inline void
+ setDefaultCertificateNameForKey(const Name& certificateName);
+
+ /**
+ * Generate a name for a new key belonging to the identity.
+ * @param identityName The identity name.
+ * @param useKsk If true, generate a KSK name, otherwise a DSK name.
+ * @return The generated key name.
+ */
+ inline Name
+ getNewKeyName(const Name& identityName, bool useKsk);
+
+ /**
+ * Get the default certificate name for the specified identity.
+ * @param identityName The identity name.
+ * @return The default certificate name.
+ */
+ inline Name
+ getDefaultCertificateNameForIdentity(const Name& identityName);
+
+ /**
+ * Get the default certificate name of the default identity, which will be used when signing is based on identity and
+ * the identity is not specified.
+ * @return The requested certificate name.
+ */
+ inline Name
+ getDefaultCertificateName();
+
+ /**
+ * Add a certificate and set the certificate as the default of its corresponding key.
+ * @param certificate The certificate to be added. This makes a copy of the certificate.
+ */
+ inline void
+ addCertificateAsKeyDefault(const IdentityCertificate& certificate);
+
+ /**
+ * Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.
+ * @param certificate The certificate to be added. This makes a copy of the certificate.
+ */
+ inline void
+ addCertificateAsIdentityDefault(const IdentityCertificate& certificate);
+
+ inline ptr_lib::shared_ptr<IdentityCertificate>
+ defaultCertificate();
+
+ inline void
+ refreshDefaultCertificate();
+
+protected:
+ ptr_lib::shared_ptr<IdentityCertificate> defaultCertificate_;
+
+};
+
+void
+SecPublicInfo::setDefaultIdentity(const Name& identityName)
+{
+ setDefaultIdentityInternal(identityName);
+ refreshDefaultCertificate();
+}
+
+void
+SecPublicInfo::setDefaultKeyNameForIdentity(const Name& keyName)
+{
+ setDefaultKeyNameForIdentityInternal(keyName);
+ refreshDefaultCertificate();
+}
+
+void
+SecPublicInfo::setDefaultCertificateNameForKey(const Name& certificateName)
+{
+ setDefaultCertificateNameForKeyInternal(certificateName);
+ refreshDefaultCertificate();
+}
+
+Name
+SecPublicInfo::getDefaultCertificateNameForIdentity(const Name& identityName)
+{
+ return getDefaultCertificateNameForKey(getDefaultKeyNameForIdentity(identityName));
+}
+
+Name
+SecPublicInfo::getNewKeyName (const Name& identityName, bool useKsk)
+{
+ MillisecondsSince1970 ti = getNow();
+ // Get the number of seconds.
+ std::ostringstream oss;
+ oss << floor(ti / 1000.0);
+
+ std::string keyIdStr;
+
+ if (useKsk)
+ keyIdStr = ("KSK-" + oss.str());
+ else
+ keyIdStr = ("DSK-" + oss.str());
+
+ Name keyName = Name(identityName).append(keyIdStr);
+
+ if (doesPublicKeyExist(keyName))
+ throw Error("Key name already exists");
+
+ return keyName;
+}
+
+Name
+SecPublicInfo::getDefaultCertificateName()
+{
+ if(!static_cast<bool>(defaultCertificate_))
+ refreshDefaultCertificate();
+
+ if(!static_cast<bool>(defaultCertificate_))
+ return Name();
+
+ return defaultCertificate_->getName();
+}
+
+void
+SecPublicInfo::addCertificateAsKeyDefault(const IdentityCertificate& certificate)
+{
+ addCertificate(certificate);
+ setDefaultCertificateNameForKeyInternal(certificate.getName());
+ refreshDefaultCertificate();
+}
+
+void
+SecPublicInfo::addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
+{
+ addCertificate(certificate);
+ setDefaultKeyNameForIdentityInternal(certificate.getPublicKeyName());
+ setDefaultCertificateNameForKeyInternal(certificate.getName());
+ refreshDefaultCertificate();
+}
+
+ptr_lib::shared_ptr<IdentityCertificate>
+SecPublicInfo::defaultCertificate()
+{
+ return defaultCertificate_;
+}
+
+void
+SecPublicInfo::refreshDefaultCertificate()
+{
+ defaultCertificate_ = getCertificate(getDefaultCertificateNameForIdentity(getDefaultIdentity()));
+}
+
+
+}
+
+#endif