security: Correct behavior of PibImpl::setDefaultIdentity

The high level logic of Pib class ensures that an identity exists (i.e.,
creates when missing).  With this correction, specific realizations
of the low-level logic (PibSqlite and PibMemory) simply throw an error
if the caller attempts to set a non-existing identity as default.

Change-Id: I9d07ca8db4817b7938c04b05341444f1150948f8
Refs: #4136
diff --git a/ndn-cxx/security/pib/impl/pib-memory.cpp b/ndn-cxx/security/pib/impl/pib-memory.cpp
index c509851..0e10861 100644
--- a/ndn-cxx/security/pib/impl/pib-memory.cpp
+++ b/ndn-cxx/security/pib/impl/pib-memory.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2019 Regents of the University of California.
+ * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -106,7 +106,9 @@
 void
 PibMemory::setDefaultIdentity(const Name& identityName)
 {
-  addIdentity(identityName);
+  if (!hasIdentity(identityName)) {
+    NDN_THROW(Pib::Error("Cannot set non-existing identity `" + identityName.toUri() + "` as default"));
+  }
   m_defaultIdentity = identityName;
   m_hasDefaultIdentity = true;
 }
diff --git a/ndn-cxx/security/pib/impl/pib-sqlite3.cpp b/ndn-cxx/security/pib/impl/pib-sqlite3.cpp
index 0246b9a..a05fa16 100644
--- a/ndn-cxx/security/pib/impl/pib-sqlite3.cpp
+++ b/ndn-cxx/security/pib/impl/pib-sqlite3.cpp
@@ -327,6 +327,9 @@
 void
 PibSqlite3::setDefaultIdentity(const Name& identityName)
 {
+  if (!hasIdentity(identityName)) {
+    NDN_THROW(Pib::Error("Cannot set non-existing identity `" + identityName.toUri() + "` as default"));
+  }
   Sqlite3Statement statement(m_database, "UPDATE identities SET is_default=1 WHERE identity=?");
   statement.bind(1, identityName.wireEncode(), SQLITE_TRANSIENT);
   statement.step();
diff --git a/ndn-cxx/security/pib/pib-impl.hpp b/ndn-cxx/security/pib/pib-impl.hpp
index 3b29ce5..b70d271 100644
--- a/ndn-cxx/security/pib/pib-impl.hpp
+++ b/ndn-cxx/security/pib/pib-impl.hpp
@@ -118,9 +118,9 @@
   /**
    * @brief Set an identity with name @p identityName as the default identity.
    *
-   * If @p identityName identity does not exist, it will be created.
-   *
    * @param identityName The name for the default identity.
+   * @throw Error If @p identityName identity does not exist.
+   *
    */
   virtual void
   setDefaultIdentity(const Name& identityName) = 0;
diff --git a/tests/unit/security/pib/pib-impl.t.cpp b/tests/unit/security/pib/pib-impl.t.cpp
index 24d2b86..e16f658 100644
--- a/tests/unit/security/pib/pib-impl.t.cpp
+++ b/tests/unit/security/pib/pib-impl.t.cpp
@@ -129,6 +129,9 @@
   this->pib.addIdentity(this->id2);
   BOOST_CHECK_EQUAL(this->pib.getDefaultIdentity(), this->id2);
 
+  // try to set non-existing identity as a default
+  BOOST_CHECK_THROW(this->pib.setDefaultIdentity("/non-existing-identity"), Pib::Error);
+
   // get all identities, should contain id1 and id2
   std::set<Name> idNames = this->pib.getIdentities();
   BOOST_CHECK_EQUAL(idNames.size(), 2);