security: Move KeyChain to security::v1 namespace and deprecated it
Change-Id: Ic4b6915ca15998a83b410f3f8fac027f797ee7ca
Refs: #3098
diff --git a/src/face.cpp b/src/face.cpp
index 430f65e..9f78680 100644
--- a/src/face.cpp
+++ b/src/face.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,7 +23,6 @@
#include "detail/face-impl.hpp"
#include "encoding/tlv.hpp"
-#include "security/key-chain.hpp"
#include "security/signing-helpers.hpp"
#include "util/time.hpp"
#include "util/random.hpp"
diff --git a/src/face.hpp b/src/face.hpp
index 6c6c957..1940928 100644
--- a/src/face.hpp
+++ b/src/face.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -31,6 +31,7 @@
#include "encoding/nfd-constants.hpp"
#include "lp/nack.hpp"
#include "security/signing-info.hpp"
+#include "security/key-chain.hpp"
#define NDN_FACE_KEEP_DEPRECATED_REGISTRATION_SIGNING
@@ -52,11 +53,6 @@
class RegisteredPrefixId;
class InterestFilterId;
-namespace security {
-class KeyChain;
-} // namespace security
-using security::KeyChain;
-
namespace nfd {
class Controller;
} // namespace nfd
diff --git a/src/mgmt/dispatcher.cpp b/src/mgmt/dispatcher.cpp
index a7f4a06..a7fac52 100644
--- a/src/mgmt/dispatcher.cpp
+++ b/src/mgmt/dispatcher.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -44,7 +44,7 @@
};
}
-Dispatcher::Dispatcher(Face& face, security::KeyChain& keyChain,
+Dispatcher::Dispatcher(Face& face, security::v1::KeyChain& keyChain,
const security::SigningInfo& signingInfo,
size_t imsCapacity)
: m_face(face)
diff --git a/src/mgmt/dispatcher.hpp b/src/mgmt/dispatcher.hpp
index b19aba6..7df61f7 100644
--- a/src/mgmt/dispatcher.hpp
+++ b/src/mgmt/dispatcher.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -145,7 +145,7 @@
* \param signingInfo signing parameters to sign Data with \p keyChain
* \param imsCapacity capacity of the internal InMemoryStorage used by dispatcher
*/
- Dispatcher(Face& face, security::KeyChain& keyChain,
+ Dispatcher(Face& face, security::v1::KeyChain& keyChain,
const security::SigningInfo& signingInfo = security::SigningInfo(),
size_t imsCapacity = 256);
@@ -462,7 +462,7 @@
std::unordered_map<Name, TopPrefixEntry> m_topLevelPrefixes;
Face& m_face;
- security::KeyChain& m_keyChain;
+ security::v1::KeyChain& m_keyChain;
security::SigningInfo m_signingInfo;
typedef std::unordered_map<PartialName, InterestHandler> HandlerMap;
diff --git a/src/mgmt/nfd/controller.cpp b/src/mgmt/nfd/controller.cpp
index cfb7956..4ccb895 100644
--- a/src/mgmt/nfd/controller.cpp
+++ b/src/mgmt/nfd/controller.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -36,7 +36,7 @@
const uint32_t Controller::ERROR_LBOUND = 400;
ValidatorNull Controller::s_validatorNull;
-Controller::Controller(Face& face, KeyChain& keyChain, Validator& validator)
+Controller::Controller(Face& face, security::v1::KeyChain& keyChain, Validator& validator)
: m_face(face)
, m_keyChain(keyChain)
, m_validator(validator)
diff --git a/src/mgmt/nfd/controller.hpp b/src/mgmt/nfd/controller.hpp
index 3d3808c..aa4b285 100644
--- a/src/mgmt/nfd/controller.hpp
+++ b/src/mgmt/nfd/controller.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -27,11 +27,11 @@
#include "status-dataset.hpp"
#include "command-options.hpp"
#include "../../security/validator-null.hpp"
+#include "../../security/key-chain.hpp"
namespace ndn {
namespace security {
-class KeyChain;
class Validator;
} // namespace security
class Face;
@@ -66,7 +66,7 @@
/** \brief construct a Controller that uses face for transport,
* and uses the passed KeyChain to sign commands
*/
- Controller(Face& face, security::KeyChain& keyChain, security::Validator& validator = s_validatorNull);
+ Controller(Face& face, security::v1::KeyChain& keyChain, security::Validator& validator = s_validatorNull);
/** \brief start command execution
*/
@@ -170,7 +170,7 @@
protected:
Face& m_face;
- security::KeyChain& m_keyChain;
+ security::v1::KeyChain& m_keyChain;
security::Validator& m_validator;
private:
diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index 4f43139..31b26ea 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -17,951 +17,23 @@
* <http://www.gnu.org/licenses/>.
*
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
*/
-#ifndef NDN_SECURITY_KEY_CHAIN_HPP
-#define NDN_SECURITY_KEY_CHAIN_HPP
+/**
+ * @file security/key-chain.hpp
+ */
-#include "sec-public-info.hpp"
-#include "sec-tpm.hpp"
-#include "key-params.hpp"
-#include "secured-bag.hpp"
-#include "signature-sha256-with-rsa.hpp"
-#include "signature-sha256-with-ecdsa.hpp"
-#include "digest-sha256.hpp"
-#include "signing-info.hpp"
-
-#include "../interest.hpp"
-#include "../util/crypto.hpp"
-#include "../util/random.hpp"
-#include <initializer_list>
+#include "security-common.hpp"
+#include "v1/key-chain.hpp"
+#include "v2/key-chain.hpp"
namespace ndn {
namespace security {
-/**
- * @brief The packet signing interface.
- */
-class KeyChain : noncopyable
-{
-public:
- class Error : public std::runtime_error
- {
- public:
- explicit
- Error(const std::string& what)
- : std::runtime_error(what)
- {
- }
- };
-
- /**
- * @brief Error thrown when the supplied TPM locator to KeyChain constructor does not match
- * the locator stored in PIB
- */
- class MismatchError : public Error
- {
- public:
- explicit
- MismatchError(const std::string& what)
- : Error(what)
- {
- }
- };
-
- typedef function<unique_ptr<SecPublicInfo> (const std::string&)> PibCreateFunc;
- typedef function<unique_ptr<SecTpm>(const std::string&)> TpmCreateFunc;
-
- /**
- * @brief Register a new PIB
- * @param aliases List of schemes with which this PIB will be associated.
- * The first alias in the list is considered a canonical name of the PIB instance.
- */
- template<class PibType>
- static void
- registerPib(std::initializer_list<std::string> aliases);
-
- /**
- * @brief Register a new TPM
- * @param aliases List of schemes with which this TPM will be associated
- * The first alias in the list is considered a canonical name of the TPM instance.
- */
- template<class TpmType>
- static void
- registerTpm(std::initializer_list<std::string> aliases);
-
- /**
- * @brief Get default PIB locator
- */
- static std::string
- getDefaultPibLocator();
-
- /**
- * @brief Create a PIB according to @p pibLocator
- */
- static unique_ptr<SecPublicInfo>
- createPib(const std::string& pibLocator);
-
- /**
- * @brief Get default TPM locator
- */
- static std::string
- getDefaultTpmLocator();
-
- /**
- * @brief Create a TPM according to @p tpmLocator
- */
- static unique_ptr<SecTpm>
- createTpm(const std::string& tpmLocator);
-
- /**
- * @brief Constructor to create KeyChain with default PIB and TPM
- *
- * Default PIB and TPM are platform-dependent and can be overriden system-wide or on
- * per-use basis.
- *
- * @todo Add detailed description about config file behavior here
- */
- KeyChain();
-
- /**
- * @brief KeyChain constructor
- *
- * @sa http://redmine.named-data.net/issues/2260
- *
- * @param pibLocator PIB locator
- * @param tpmLocator TPM locator
- * @param allowReset if true, the PIB will be reset when the supplied tpmLocator
- * mismatches the one in PIB
- */
- KeyChain(const std::string& pibLocator,
- const std::string& tpmLocator,
- bool allowReset = false);
-
- virtual
- ~KeyChain();
-
- /**
- * @brief Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a
- * self-signed certificate of the KSK.
- *
- * @param identityName The name of the identity.
- * @param params The key parameter if a key needs to be generated for the identity.
- * @return The name of the default certificate of the identity.
- */
- Name
- createIdentity(const Name& identityName, const KeyParams& params = DEFAULT_KEY_PARAMS);
-
- /**
- * @brief Generate a pair of RSA keys for the specified identity.
- *
- * @param identityName The name of the identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param keySize The size of the key.
- * @return The generated key name.
- * @see generateEcdsaKeyPair
- */
- Name
- generateRsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 2048);
-
- /**
- * @brief Generate a pair of ECDSA keys for the specified identity.
- *
- * @param identityName The name of the identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param keySize The size of the key.
- * @return The generated key name.
- * @see generateRsaKeyPair
- */
- Name
- generateEcdsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 256);
-
- /**
- * @brief Generate a pair of RSA keys for the specified identity and set it as default key for
- * the identity.
- *
- * @param identityName The name of the identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param keySize The size of the key.
- * @return The generated key name.
- * @see generateRsaKeyPair, generateEcdsaKeyPair, generateEcdsaKeyPairAsDefault
- */
- Name
- generateRsaKeyPairAsDefault(const Name& identityName, bool isKsk = false, uint32_t keySize = 2048);
-
- /**
- * @brief Generate a pair of ECDSA keys for the specified identity and set it as default key for
- * the identity.
- *
- * @param identityName The name of the identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param keySize The size of the key.
- * @return The generated key name.
- * @see generateRsaKeyPair, generateEcdsaKeyPair, generateRsaKeyPairAsDefault
- */
- Name
- generateEcdsaKeyPairAsDefault(const Name& identityName, bool isKsk = false, uint32_t keySize = 256);
-
- /**
- * @brief prepare an unsigned identity certificate
- *
- * @param keyName Key name, e.g., `/<identity_name>/ksk-123456`.
- * @param signingIdentity The signing identity.
- * @param notBefore Refer to v1::IdentityCertificate.
- * @param notAfter Refer to v1::IdentityCertificate.
- * @param subjectDescription Refer to v1::IdentityCertificate.
- * @param certPrefix Prefix before `KEY` component. By default, KeyChain will infer the
- * certificate name according to the relation between the signingIdentity and
- * the subject identity. If signingIdentity is a prefix of the subject identity,
- * `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted
- * after subject identity (i.e., before `ksk-....`).
- * @return v1::IdentityCertificate.
- */
- shared_ptr<v1::IdentityCertificate>
- prepareUnsignedIdentityCertificate(const Name& keyName,
- const Name& signingIdentity,
- const time::system_clock::TimePoint& notBefore,
- const time::system_clock::TimePoint& notAfter,
- const std::vector<security::v1::CertificateSubjectDescription>& subjectDescription,
- const Name& certPrefix = DEFAULT_PREFIX);
-
- /**
- * @brief prepare an unsigned identity certificate
- *
- * @param keyName Key name, e.g., `/<identity_name>/ksk-123456`.
- * @param publicKey Public key to sign.
- * @param signingIdentity The signing identity.
- * @param notBefore Refer to v1::IdentityCertificate.
- * @param notAfter Refer to v1::IdentityCertificate.
- * @param subjectDescription Refer to v1::IdentityCertificate.
- * @param certPrefix Prefix before `KEY` component. By default, KeyChain will infer the
- * certificate name according to the relation between the signingIdentity and
- * the subject identity. If signingIdentity is a prefix of the subject identity,
- * `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted
- * after subject identity (i.e., before `ksk-....`).
- * @return v1::IdentityCertificate.
- */
- shared_ptr<v1::IdentityCertificate>
- prepareUnsignedIdentityCertificate(const Name& keyName,
- const v1::PublicKey& publicKey,
- const Name& signingIdentity,
- const time::system_clock::TimePoint& notBefore,
- const time::system_clock::TimePoint& notAfter,
- const std::vector<security::v1::CertificateSubjectDescription>& subjectDescription,
- const Name& certPrefix = DEFAULT_PREFIX);
-
- /**
- * @brief Sign data according to the supplied signing information
- *
- * This method uses the supplied signing information @p params to create the SignatureInfo block:
- * - it selects a private key and its certificate to sign the packet
- * - sets the KeyLocator field with the certificate name, and
- * - adds other requested information to the SignatureInfo block).
- *
- * After that, the method assigns the created SignatureInfo to the data packets, generate a
- * signature and sets as part of the SignatureValue block.
- *
- * @param data The data to sign
- * @param params The signing parameters.
- * @throws Error if signing fails.
- * @see SigningInfo
- */
- void
- sign(Data& data, const SigningInfo& params = DEFAULT_SIGNING_INFO);
-
- /**
- * @brief Sign interest according to the supplied signing information
- *
- * This method uses the supplied signing information @p params to create the SignatureInfo block:
- * - it selects a private key and its certificate to sign the packet
- * - sets the KeyLocator field with the certificate name, and
- * - adds other requested information to the SignatureInfo block).
- *
- * After that, the method appends the created SignatureInfo to the interest name, generate a
- * signature and appends it as part of the SignatureValue block to the interest name.
- *
- * @param interest The interest to sign
- * @param params The signing parameters.
- * @throws Error if signing fails.
- * @see SigningInfo
- */
- void
- sign(Interest& interest, const SigningInfo& params = DEFAULT_SIGNING_INFO);
-
- /**
- * @brief Sign buffer according to the supplied signing information
- *
- * @param buffer The buffer to sign
- * @param bufferLength The buffer size
- * @param params The signing parameters.
- * @return a SignatureValue TLV block
- * @throws Error if signing fails.
- * @see SigningInfo
- */
- Block
- sign(const uint8_t* buffer, size_t bufferLength, const SigningInfo& params);
-
- /**
- * @deprecated use sign sign(T&, const SigningInfo&)
- * @brief Sign packet with a particular certificate.
- *
- * @param packet The packet to be signed.
- * @param certificateName The certificate name of the key to use for signing.
- * @throws SecPublicInfo::Error if certificate does not exist.
- */
- template<typename T>
- void
- sign(T& packet, const Name& certificateName);
-
- /**
- * @deprecated Use sign(const uint8_t*, size_t, const SigningInfo&) instead
- * @brief Sign the byte array using a particular certificate.
- *
- * @param buffer The byte array to be signed.
- * @param bufferLength the length of buffer.
- * @param certificateName The certificate name of the signing key.
- * @return The Signature.
- * @throws SecPublicInfo::Error if certificate does not exist.
- */
- Signature
- sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
-
- /**
- * @deprecated use sign sign(T&, const SigningInfo&)
- * @brief Sign packet using the default certificate of a particular identity.
- *
- * If there is no default certificate of that identity, this method will create a self-signed
- * certificate.
- *
- * @param packet The packet to be signed.
- * @param identityName The signing identity name.
- */
- template<typename T>
- void
- signByIdentity(T& packet, const Name& identityName);
-
- /**
- * @deprecated use sign(const uint8_t*, size_t, const SigningInfo&) instead
- * @brief Sign the byte array using the default certificate of a particular identity.
- *
- * @param buffer The byte array to be signed.
- * @param bufferLength the length of buffer.
- * @param identityName The identity name.
- * @return The Signature.
- */
- Signature
- signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
-
- /**
- * @deprecated use sign(Data&, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256))
- * @brief Set Sha256 weak signature for @p data
- */
- void
- signWithSha256(Data& data);
-
- /**
- * @deprecated use sign(Interest&, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256))
- * @brief Set Sha256 weak signature for @p interest
- */
- void
- signWithSha256(Interest& interest);
-
- /**
- * @brief Generate a self-signed certificate for a public key.
- *
- * @param keyName The name of the public key
- * @return The generated certificate, shared_ptr<v1::IdentityCertificate>() if selfSign fails
- */
- shared_ptr<v1::IdentityCertificate>
- selfSign(const Name& keyName);
-
- /**
- * @brief Self-sign the supplied identity certificate.
- *
- * @param cert The supplied cert.
- * @throws SecTpm::Error if the private key does not exist.
- */
- void
- selfSign(v1::IdentityCertificate& cert);
-
- /**
- * @brief delete a certificate.
- *
- * @param certificateName The certificate to be deleted.
- * @throws KeyChain::Error if certificate cannot be deleted.
- */
- void
- deleteCertificate(const Name& certificateName);
-
- /**
- * @brief delete a key.
- *
- * @param keyName The key to be deleted.
- * @throws KeyChain::Error if key cannot be deleted.
- */
- void
- deleteKey(const Name& keyName);
-
- /**
- * @brief delete an identity.
- *
- * @param identity The identity to be deleted.
- * @throws KeyChain::Error if identity cannot be deleted.
- */
- void
- deleteIdentity(const Name& identity);
-
- /**
- * @brief export an identity.
- *
- * @param identity The identity to export.
- * @param passwordStr The password to secure the private key.
- * @return The encoded export data.
- * @throws SecPublicInfo::Error if anything goes wrong in exporting.
- */
- shared_ptr<SecuredBag>
- exportIdentity(const Name& identity, const std::string& passwordStr);
-
- /**
- * @brief import an identity.
- *
- * @param securedBag The encoded import data.
- * @param passwordStr The password to secure the private key.
- */
- void
- importIdentity(const SecuredBag& securedBag, const std::string& passwordStr);
-
- SecPublicInfo&
- getPib()
- {
- return *m_pib;
- }
-
- const SecPublicInfo&
- getPib() const
- {
- return *m_pib;
- }
-
- SecTpm&
- getTpm()
- {
- return *m_tpm;
- }
-
- const SecTpm&
- getTpm() const
- {
- return *m_tpm;
- }
-
- /*******************************
- * Wrapper of SecPublicInfo *
- *******************************/
- bool
- doesIdentityExist(const Name& identityName) const
- {
- return m_pib->doesIdentityExist(identityName);
- }
-
- void
- addIdentity(const Name& identityName)
- {
- return m_pib->addIdentity(identityName);
- }
-
- bool
- doesPublicKeyExist(const Name& keyName) const
- {
- return m_pib->doesPublicKeyExist(keyName);
- }
-
- void
- addPublicKey(const Name& keyName, KeyType keyType, const v1::PublicKey& publicKeyDer)
- {
- return m_pib->addKey(keyName, publicKeyDer);
- }
-
- void
- addKey(const Name& keyName, const v1::PublicKey& publicKeyDer)
- {
- return m_pib->addKey(keyName, publicKeyDer);
- }
-
- shared_ptr<v1::PublicKey>
- getPublicKey(const Name& keyName) const
- {
- return m_pib->getPublicKey(keyName);
- }
-
- bool
- doesCertificateExist(const Name& certificateName) const
- {
- return m_pib->doesCertificateExist(certificateName);
- }
-
- void
- addCertificate(const v1::IdentityCertificate& certificate)
- {
- return m_pib->addCertificate(certificate);
- }
-
- shared_ptr<v1::IdentityCertificate>
- getCertificate(const Name& certificateName) const
- {
- return m_pib->getCertificate(certificateName);
- }
-
- Name
- getDefaultIdentity() const
- {
- return m_pib->getDefaultIdentity();
- }
-
- Name
- getDefaultKeyNameForIdentity(const Name& identityName) const
- {
- return m_pib->getDefaultKeyNameForIdentity(identityName);
- }
-
- /**
- * @brief Get default key parameters for the specified identity
- *
- * If identity has a previously generated key, the returned parameters
- * will include the same type of the key. If there are no existing
- * keys, DEFAULT_KEY_PARAMS is used.
- */
- const KeyParams&
- getDefaultKeyParamsForIdentity(const Name& identityName) const;
-
- Name
- getDefaultCertificateNameForKey(const Name& keyName) const
- {
- return m_pib->getDefaultCertificateNameForKey(keyName);
- }
-
- void
- getAllIdentities(std::vector<Name>& nameList, bool isDefault) const
- {
- return m_pib->getAllIdentities(nameList, isDefault);
- }
-
- void
- getAllKeyNames(std::vector<Name>& nameList, bool isDefault) const
- {
- return m_pib->getAllKeyNames(nameList, isDefault);
- }
-
- void
- getAllKeyNamesOfIdentity(const Name& identity, std::vector<Name>& nameList, bool isDefault) const
- {
- return m_pib->getAllKeyNamesOfIdentity(identity, nameList, isDefault);
- }
-
- void
- getAllCertificateNames(std::vector<Name>& nameList, bool isDefault) const
- {
- return m_pib->getAllCertificateNames(nameList, isDefault);
- }
-
- void
- getAllCertificateNamesOfKey(const Name& keyName,
- std::vector<Name>& nameList,
- bool isDefault) const
- {
- return m_pib->getAllCertificateNamesOfKey(keyName, nameList, isDefault);
- }
-
- void
- deleteCertificateInfo(const Name& certificateName)
- {
- return m_pib->deleteCertificateInfo(certificateName);
- }
-
- void
- deletePublicKeyInfo(const Name& keyName)
- {
- return m_pib->deletePublicKeyInfo(keyName);
- }
-
- void
- deleteIdentityInfo(const Name& identity)
- {
- return m_pib->deleteIdentityInfo(identity);
- }
-
- void
- setDefaultIdentity(const Name& identityName)
- {
- return m_pib->setDefaultIdentity(identityName);
- }
-
- void
- setDefaultKeyNameForIdentity(const Name& keyName)
- {
- return m_pib->setDefaultKeyNameForIdentity(keyName);
- }
-
- void
- setDefaultCertificateNameForKey(const Name& certificateName)
- {
- return m_pib->setDefaultCertificateNameForKey(certificateName);
- }
-
- Name
- getNewKeyName(const Name& identityName, bool useKsk)
- {
- return m_pib->getNewKeyName(identityName, useKsk);
- }
-
- Name
- getDefaultCertificateNameForIdentity(const Name& identityName) const
- {
- return m_pib->getDefaultCertificateNameForIdentity(identityName);
- }
-
- Name
- getDefaultCertificateName() const
- {
- return m_pib->getDefaultCertificateName();
- }
-
- void
- addCertificateAsKeyDefault(const v1::IdentityCertificate& certificate)
- {
- return m_pib->addCertificateAsKeyDefault(certificate);
- }
-
- void
- addCertificateAsIdentityDefault(const v1::IdentityCertificate& certificate)
- {
- return m_pib->addCertificateAsIdentityDefault(certificate);
- }
-
- void
- addCertificateAsSystemDefault(const v1::IdentityCertificate& certificate)
- {
- return m_pib->addCertificateAsSystemDefault(certificate);
- }
-
- shared_ptr<v1::IdentityCertificate>
- getDefaultCertificate() const
- {
- if (!static_cast<bool>(m_pib->getDefaultCertificate()))
- const_cast<KeyChain*>(this)->setDefaultCertificateInternal();
-
- return m_pib->getDefaultCertificate();
- }
-
- void
- refreshDefaultCertificate()
- {
- return m_pib->refreshDefaultCertificate();
- }
-
- /*******************************
- * Wrapper of SecTpm *
- *******************************/
-
- void
- setTpmPassword(const uint8_t* password, size_t passwordLength)
- {
- return m_tpm->setTpmPassword(password, passwordLength);
- }
-
- void
- resetTpmPassword()
- {
- return m_tpm->resetTpmPassword();
- }
-
- void
- setInTerminal(bool inTerminal)
- {
- return m_tpm->setInTerminal(inTerminal);
- }
-
- bool
- getInTerminal() const
- {
- return m_tpm->getInTerminal();
- }
-
- bool
- isLocked() const
- {
- return m_tpm->isLocked();
- }
-
- bool
- unlockTpm(const char* password, size_t passwordLength, bool usePassword)
- {
- return m_tpm->unlockTpm(password, passwordLength, usePassword);
- }
-
- void
- generateKeyPairInTpm(const Name& keyName, const KeyParams& params)
- {
- return m_tpm->generateKeyPairInTpm(keyName, params);
- }
-
- void
- deleteKeyPairInTpm(const Name& keyName)
- {
- return m_tpm->deleteKeyPairInTpm(keyName);
- }
-
- shared_ptr<v1::PublicKey>
- getPublicKeyFromTpm(const Name& keyName) const
- {
- return m_tpm->getPublicKeyFromTpm(keyName);
- }
-
- Block
- signInTpm(const uint8_t* data, size_t dataLength,
- const Name& keyName,
- DigestAlgorithm digestAlgorithm)
- {
- return m_tpm->signInTpm(data, dataLength, keyName, digestAlgorithm);
- }
-
- ConstBufferPtr
- decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
- {
- return m_tpm->decryptInTpm(data, dataLength, keyName, isSymmetric);
- }
-
- ConstBufferPtr
- encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
- {
- return m_tpm->encryptInTpm(data, dataLength, keyName, isSymmetric);
- }
-
- void
- generateSymmetricKeyInTpm(const Name& keyName, const KeyParams& params)
- {
- return m_tpm->generateSymmetricKeyInTpm(keyName, params);
- }
-
- bool
- doesKeyExistInTpm(const Name& keyName, KeyClass keyClass) const
- {
- return m_tpm->doesKeyExistInTpm(keyName, keyClass);
- }
-
- bool
- generateRandomBlock(uint8_t* res, size_t size) const
- {
- return m_tpm->generateRandomBlock(res, size);
- }
-
- void
- addAppToAcl(const Name& keyName, KeyClass keyClass, const std::string& appPath, AclType acl)
- {
- return m_tpm->addAppToAcl(keyName, keyClass, appPath, acl);
- }
-
- ConstBufferPtr
- exportPrivateKeyPkcs5FromTpm(const Name& keyName, const std::string& password)
- {
- return m_tpm->exportPrivateKeyPkcs5FromTpm(keyName, password);
- }
-
- bool
- importPrivateKeyPkcs5IntoTpm(const Name& keyName,
- const uint8_t* buf, size_t size,
- const std::string& password)
- {
- return m_tpm->importPrivateKeyPkcs5IntoTpm(keyName, buf, size, password);
- }
-
-private:
- void
- initialize(const std::string& pibLocatorUri,
- const std::string& tpmLocatorUri,
- bool needReset);
-
- /**
- * @brief Prepare a SignatureInfo TLV according to signing information and return the signing key name
- *
- * @param params The signing parameters.
- * @return The signing key name and prepared SignatureInfo.
- * @throw Error when the requested signing method cannot be satisfied.
- */
- std::tuple<Name, SignatureInfo>
- prepareSignatureInfo(const SigningInfo& params);
-
- /**
- * @brief Internal abstraction of packet signing.
- *
- * @param packet The packet to sign
- * @param params The signing parameters.
- * @throw Error when the signing fails.
- */
- template<typename T>
- void
- signImpl(T& packet, const SigningInfo& params);
-
- /**
- * @brief Set default certificate if it is not initialized
- */
- void
- setDefaultCertificateInternal();
-
- /**
- * @brief Generate a key pair for the specified identity.
- *
- * @param identityName The name of the specified identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param params The parameter of the key.
- * @return The name of the generated key.
- */
- Name
- generateKeyPair(const Name& identityName, bool isKsk = false,
- const KeyParams& params = DEFAULT_KEY_PARAMS);
-
- /**
- * @brief Sign the data using a particular key.
- *
- * @param data Reference to the data packet.
- * @param signature Signature to be added.
- * @param keyName The name of the signing key.
- * @param digestAlgorithm the digest algorithm.
- * @throws Tpm::Error
- */
- void
- signPacketWrapper(Data& data, const Signature& signature,
- const Name& keyName, DigestAlgorithm digestAlgorithm);
-
- /**
- * @brief Sign the interest using a particular key.
- *
- * @param interest Reference to the interest packet.
- * @param signature Signature to be added.
- * @param keyName The name of the signing key.
- * @param digestAlgorithm the digest algorithm.
- * @throws Tpm::Error
- */
- void
- signPacketWrapper(Interest& interest, const Signature& signature,
- const Name& keyName, DigestAlgorithm digestAlgorithm);
-
- /**
- * @brief Generate a SignatureValue block for a buffer @p buf with size @p size using
- * a key with name @p keyName and digest algorithm @p digestAlgorithm.
- */
- Block
- pureSign(const uint8_t* buf, size_t size, const Name& keyName, DigestAlgorithm digestAlgorithm) const;
-
- static void
- registerPibImpl(const std::string& canonicalName,
- std::initializer_list<std::string> aliases, PibCreateFunc createFunc);
-
- static void
- registerTpmImpl(const std::string& canonicalName,
- std::initializer_list<std::string> aliases, TpmCreateFunc createFunc);
-
-public:
- static tlv::SignatureTypeValue
- getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm);
-
-public:
- static const Name DEFAULT_PREFIX;
- static const SigningInfo DEFAULT_SIGNING_INFO;
-
- // RsaKeyParams is set to be default for backward compatibility.
- static const RsaKeyParams DEFAULT_KEY_PARAMS;
-
- typedef std::map<std::string, Block> SignParams;
-
-private:
- std::unique_ptr<SecPublicInfo> m_pib;
- std::unique_ptr<SecTpm> m_tpm;
- time::milliseconds m_lastTimestamp;
-};
-
-template<typename T>
-void
-KeyChain::signImpl(T& packet, const SigningInfo& params)
-{
- Name keyName;
- SignatureInfo sigInfo;
- std::tie(keyName, sigInfo) = prepareSignatureInfo(params);
-
- signPacketWrapper(packet, Signature(sigInfo),
- keyName, params.getDigestAlgorithm());
-}
-
-template<typename T>
-void
-KeyChain::sign(T& packet, const Name& certificateName)
-{
- signImpl(packet, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certificateName));
-}
-
-template<typename T>
-void
-KeyChain::signByIdentity(T& packet, const Name& identityName)
-{
- signImpl(packet, SigningInfo(SigningInfo::SIGNER_TYPE_ID, identityName));
-}
-
-template<class PibType>
-inline void
-KeyChain::registerPib(std::initializer_list<std::string> aliases)
-{
- registerPibImpl(*aliases.begin(), aliases, [] (const std::string& locator) {
- return make_unique<PibType>(locator);
- });
-}
-
-template<class TpmType>
-inline void
-KeyChain::registerTpm(std::initializer_list<std::string> aliases)
-{
- registerTpmImpl(*aliases.begin(), aliases, [] (const std::string& locator) {
- return make_unique<TpmType>(locator);
- });
-}
-
-/**
- * \brief Register SecPib class in ndn-cxx KeyChain
- *
- * This macro should be placed once in the implementation file of the
- * SecPib type within the namespace where the type is declared.
- */
-#define NDN_CXX_KEYCHAIN_REGISTER_PIB(PibType, ...) \
-static class NdnCxxAuto ## PibType ## PibRegistrationClass \
-{ \
-public: \
- NdnCxxAuto ## PibType ## PibRegistrationClass() \
- { \
- ::ndn::KeyChain::registerPib<PibType>({__VA_ARGS__}); \
- } \
-} ndnCxxAuto ## PibType ## PibRegistrationVariable
-
-/**
- * \brief Register SecTpm class in ndn-cxx KeyChain
- *
- * This macro should be placed once in the implementation file of the
- * SecTpm type within the namespace where the type is declared.
- */
-#define NDN_CXX_KEYCHAIN_REGISTER_TPM(TpmType, ...) \
-static class NdnCxxAuto ## TpmType ## TpmRegistrationClass \
-{ \
-public: \
- NdnCxxAuto ## TpmType ## TpmRegistrationClass() \
- { \
- ::ndn::KeyChain::registerTpm<TpmType>({__VA_ARGS__}); \
- } \
-} ndnCxxAuto ## TpmType ## TpmRegistrationVariable
+using security::v1::KeyChain;
} // namespace security
-using security::KeyChain;
+using ndn::security::KeyChain;
} // namespace ndn
-
-#endif // NDN_SECURITY_KEY_CHAIN_HPP
diff --git a/src/security/signing-info.hpp b/src/security/signing-info.hpp
index 6284644..fc91410 100644
--- a/src/security/signing-info.hpp
+++ b/src/security/signing-info.hpp
@@ -28,7 +28,6 @@
#include "pib/key.hpp"
#include "security-common.hpp"
-
namespace ndn {
namespace security {
diff --git a/src/security/key-chain.cpp b/src/security/v1/key-chain.cpp
similarity index 92%
rename from src/security/key-chain.cpp
rename to src/security/v1/key-chain.cpp
index 1896c7a..f70bf05 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/v1/key-chain.cpp
@@ -22,10 +22,10 @@
*/
#include "key-chain.hpp"
-#include "signing-helpers.hpp"
+#include "../signing-helpers.hpp"
-#include "../util/random.hpp"
-#include "../util/config-file.hpp"
+#include "../../util/random.hpp"
+#include "../../util/config-file.hpp"
#include "sec-public-info-sqlite3.hpp"
@@ -37,6 +37,7 @@
namespace ndn {
namespace security {
+namespace v1 {
// Use a GUID as a magic number of KeyChain::DEFAULT_PREFIX identifier
const Name KeyChain::DEFAULT_PREFIX("/723821fd-f534-44b3-80d9-44bf5f58bbbb");
@@ -60,13 +61,13 @@
// http://stackoverflow.com/q/9459980/2150331
//
// Also, cannot use Type::SCHEME, as its value may be uninitialized
-NDN_CXX_KEYCHAIN_REGISTER_PIB(SecPublicInfoSqlite3, "pib-sqlite3", "sqlite3");
+NDN_CXX_V1_KEYCHAIN_REGISTER_PIB(SecPublicInfoSqlite3, "pib-sqlite3", "sqlite3");
#ifdef NDN_CXX_HAVE_OSX_SECURITY
-NDN_CXX_KEYCHAIN_REGISTER_TPM(SecTpmOsx, "tpm-osxkeychain", "osx-keychain");
+NDN_CXX_V1_KEYCHAIN_REGISTER_TPM(SecTpmOsx, "tpm-osxkeychain", "osx-keychain");
#endif // NDN_CXX_HAVE_OSX_SECURITY
-NDN_CXX_KEYCHAIN_REGISTER_TPM(SecTpmFile, "tpm-file", "file");
+NDN_CXX_V1_KEYCHAIN_REGISTER_TPM(SecTpmFile, "tpm-file", "file");
template<class T>
struct Factory
@@ -297,7 +298,7 @@
try {
keyName = m_pib->getDefaultKeyNameForIdentity(identityName);
- shared_ptr<v1::PublicKey> key = m_pib->getPublicKey(keyName);
+ shared_ptr<PublicKey> key = m_pib->getPublicKey(keyName);
if (key->getKeyType() != params.getKeyType()) {
keyName = generateKeyPair(identityName, true, params);
@@ -314,7 +315,7 @@
certName = m_pib->getDefaultCertificateNameForKey(keyName);
}
catch (const SecPublicInfo::Error& e) {
- shared_ptr<v1::IdentityCertificate> selfCert = selfSign(keyName);
+ shared_ptr<IdentityCertificate> selfCert = selfSign(keyName);
m_pib->addCertificateAsIdentityDefault(*selfCert);
certName = selfCert->getName();
}
@@ -361,15 +362,15 @@
}
-shared_ptr<v1::IdentityCertificate>
+shared_ptr<IdentityCertificate>
KeyChain::prepareUnsignedIdentityCertificate(const Name& keyName,
const Name& signingIdentity,
const time::system_clock::TimePoint& notBefore,
const time::system_clock::TimePoint& notAfter,
- const std::vector<v1::CertificateSubjectDescription>& subjectDescription,
+ const std::vector<CertificateSubjectDescription>& subjectDescription,
const Name& certPrefix)
{
- shared_ptr<v1::PublicKey> publicKey;
+ shared_ptr<PublicKey> publicKey;
try {
publicKey = m_pib->getPublicKey(keyName);
}
@@ -382,13 +383,13 @@
subjectDescription, certPrefix);
}
-shared_ptr<v1::IdentityCertificate>
+shared_ptr<IdentityCertificate>
KeyChain::prepareUnsignedIdentityCertificate(const Name& keyName,
- const v1::PublicKey& publicKey,
+ const PublicKey& publicKey,
const Name& signingIdentity,
const time::system_clock::TimePoint& notBefore,
const time::system_clock::TimePoint& notAfter,
- const std::vector<v1::CertificateSubjectDescription>& subjectDescription,
+ const std::vector<CertificateSubjectDescription>& subjectDescription,
const Name& certPrefix)
{
if (keyName.size() < 1)
@@ -427,19 +428,19 @@
return nullptr;
}
- auto certificate = make_shared<v1::IdentityCertificate>();
+ auto certificate = make_shared<IdentityCertificate>();
certificate->setName(certName);
certificate->setNotBefore(notBefore);
certificate->setNotAfter(notAfter);
certificate->setPublicKeyInfo(publicKey);
if (subjectDescription.empty()) {
- v1::CertificateSubjectDescription subjectName(oid::ATTRIBUTE_NAME, keyName.getPrefix(-1).toUri());
+ CertificateSubjectDescription subjectName(oid::ATTRIBUTE_NAME, keyName.getPrefix(-1).toUri());
certificate->addSubjectDescription(subjectName);
}
else {
- std::vector<v1::CertificateSubjectDescription>::const_iterator sdIt = subjectDescription.begin();
- std::vector<v1::CertificateSubjectDescription>::const_iterator sdEnd = subjectDescription.end();
+ std::vector<CertificateSubjectDescription>::const_iterator sdIt = subjectDescription.begin();
+ std::vector<CertificateSubjectDescription>::const_iterator sdEnd = subjectDescription.end();
for(; sdIt != sdEnd; sdIt++)
certificate->addSubjectDescription(*sdIt);
}
@@ -454,7 +455,7 @@
{
SignatureInfo sigInfo = params.getSignatureInfo();
- shared_ptr<v1::IdentityCertificate> signingCert;
+ shared_ptr<IdentityCertificate> signingCert;
switch (params.getSignerType()) {
case SigningInfo::SIGNER_TYPE_NULL: {
@@ -536,7 +537,7 @@
Signature
KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
{
- shared_ptr<v1::IdentityCertificate> certificate = m_pib->getCertificate(certificateName);
+ shared_ptr<IdentityCertificate> certificate = m_pib->getCertificate(certificateName);
if (certificate == nullptr) {
BOOST_THROW_EXCEPTION(SecPublicInfo::Error("certificate does not exist"));
@@ -552,10 +553,10 @@
return sig;
}
-shared_ptr<v1::IdentityCertificate>
+shared_ptr<IdentityCertificate>
KeyChain::selfSign(const Name& keyName)
{
- shared_ptr<v1::PublicKey> pubKey;
+ shared_ptr<PublicKey> pubKey;
try {
pubKey = m_pib->getPublicKey(keyName); // may throw an exception.
}
@@ -563,7 +564,7 @@
return nullptr;
}
- auto certificate = make_shared<v1::IdentityCertificate>();
+ auto certificate = make_shared<IdentityCertificate>();
Name certificateName = keyName.getPrefix(-1);
certificateName.append("KEY").append(keyName.get(-1)).append("ID-CERT").appendVersion();
@@ -572,7 +573,7 @@
certificate->setNotBefore(time::system_clock::now());
certificate->setNotAfter(time::system_clock::now() + time::days(7300)); // ~20 years
certificate->setPublicKeyInfo(*pubKey);
- certificate->addSubjectDescription(v1::CertificateSubjectDescription(oid::ATTRIBUTE_NAME,
+ certificate->addSubjectDescription(CertificateSubjectDescription(oid::ATTRIBUTE_NAME,
keyName.toUri()));
certificate->encode();
@@ -583,7 +584,7 @@
}
void
-KeyChain::selfSign(v1::IdentityCertificate& cert)
+KeyChain::selfSign(IdentityCertificate& cert)
{
Name keyName = cert.getPublicKeyName();
@@ -614,7 +615,7 @@
BOOST_THROW_EXCEPTION(SecPublicInfo::Error("Fail to export PKCS5 of private key"));
}
- shared_ptr<v1::IdentityCertificate> cert;
+ shared_ptr<IdentityCertificate> cert;
try {
cert = m_pib->getCertificate(m_pib->getDefaultCertificateNameForKey(keyName));
}
@@ -631,7 +632,7 @@
KeyChain::importIdentity(const SecuredBag& securedBag, const std::string& passwordStr)
{
Name certificateName = securedBag.getCertificate().getName();
- Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certificateName);
+ Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certificateName);
Name identity = keyName.getPrefix(-1);
// Add identity
@@ -643,7 +644,7 @@
securedBag.getKey()->size(),
passwordStr);
- shared_ptr<v1::PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
+ shared_ptr<PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
// HACK! We should set key type according to the pkcs8 info.
m_pib->addKey(keyName, *pubKey);
m_pib->setDefaultKeyNameForIdentity(keyName);
@@ -708,7 +709,7 @@
m_tpm->generateKeyPairInTpm(keyName.toUri(), params);
- shared_ptr<v1::PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
+ shared_ptr<PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
m_pib->addKey(keyName, *pubKey);
return keyName;
@@ -838,8 +839,8 @@
default:
BOOST_THROW_EXCEPTION(Error("Unsupported key types"));
}
-
}
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/src/security/v1/key-chain.hpp b/src/security/v1/key-chain.hpp
new file mode 100644
index 0000000..73aab90
--- /dev/null
+++ b/src/security/v1/key-chain.hpp
@@ -0,0 +1,968 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2017 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ *
+ * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
+ */
+
+#ifndef NDN_SECURITY_V1_KEY_CHAIN_HPP
+#define NDN_SECURITY_V1_KEY_CHAIN_HPP
+
+#include "sec-public-info.hpp"
+#include "sec-tpm.hpp"
+#include "secured-bag.hpp"
+#include "../key-params.hpp"
+#include "../signature-sha256-with-rsa.hpp"
+#include "../signature-sha256-with-ecdsa.hpp"
+#include "../digest-sha256.hpp"
+#include "../signing-info.hpp"
+
+#include "../../interest.hpp"
+#include "../../util/crypto.hpp"
+#include "../../util/random.hpp"
+#include <initializer_list>
+
+namespace ndn {
+namespace security {
+namespace v1 {
+
+/**
+ * @brief The packet signing interface.
+ *
+ * @deprecated Use v2::KeyChain
+ */
+class KeyChain : noncopyable
+{
+public:
+ class Error : public std::runtime_error
+ {
+ public:
+ explicit
+ Error(const std::string& what)
+ : std::runtime_error(what)
+ {
+ }
+ };
+
+ /**
+ * @brief Error thrown when the supplied TPM locator to KeyChain constructor does not match
+ * the locator stored in PIB
+ */
+ class MismatchError : public Error
+ {
+ public:
+ explicit
+ MismatchError(const std::string& what)
+ : Error(what)
+ {
+ }
+ };
+
+ typedef function<unique_ptr<SecPublicInfo> (const std::string&)> PibCreateFunc;
+ typedef function<unique_ptr<SecTpm>(const std::string&)> TpmCreateFunc;
+
+ /**
+ * @brief Register a new PIB
+ * @param aliases List of schemes with which this PIB will be associated.
+ * The first alias in the list is considered a canonical name of the PIB instance.
+ */
+ template<class PibType>
+ static void
+ registerPib(std::initializer_list<std::string> aliases);
+
+ /**
+ * @brief Register a new TPM
+ * @param aliases List of schemes with which this TPM will be associated
+ * The first alias in the list is considered a canonical name of the TPM instance.
+ */
+ template<class TpmType>
+ static void
+ registerTpm(std::initializer_list<std::string> aliases);
+
+ /**
+ * @brief Get default PIB locator
+ */
+ static std::string
+ getDefaultPibLocator();
+
+ /**
+ * @brief Create a PIB according to @p pibLocator
+ */
+ static unique_ptr<SecPublicInfo>
+ createPib(const std::string& pibLocator);
+
+ /**
+ * @brief Get default TPM locator
+ */
+ static std::string
+ getDefaultTpmLocator();
+
+ /**
+ * @brief Create a TPM according to @p tpmLocator
+ */
+ static unique_ptr<SecTpm>
+ createTpm(const std::string& tpmLocator);
+
+ /**
+ * @brief Constructor to create KeyChain with default PIB and TPM
+ *
+ * Default PIB and TPM are platform-dependent and can be overriden system-wide or on
+ * per-use basis.
+ *
+ * @todo Add detailed description about config file behavior here
+ */
+ KeyChain();
+
+ /**
+ * @brief KeyChain constructor
+ *
+ * @sa http://redmine.named-data.net/issues/2260
+ *
+ * @param pibLocator PIB locator
+ * @param tpmLocator TPM locator
+ * @param allowReset if true, the PIB will be reset when the supplied tpmLocator
+ * mismatches the one in PIB
+ */
+ KeyChain(const std::string& pibLocator,
+ const std::string& tpmLocator,
+ bool allowReset = false);
+
+ virtual
+ ~KeyChain();
+
+ /**
+ * @brief Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a
+ * self-signed certificate of the KSK.
+ *
+ * @param identityName The name of the identity.
+ * @param params The key parameter if a key needs to be generated for the identity.
+ * @return The name of the default certificate of the identity.
+ */
+ Name
+ createIdentity(const Name& identityName, const KeyParams& params = DEFAULT_KEY_PARAMS);
+
+ /**
+ * @brief Generate a pair of RSA keys for the specified identity.
+ *
+ * @param identityName The name of the identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keySize The size of the key.
+ * @return The generated key name.
+ * @see generateEcdsaKeyPair
+ */
+ Name
+ generateRsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 2048);
+
+ /**
+ * @brief Generate a pair of ECDSA keys for the specified identity.
+ *
+ * @param identityName The name of the identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keySize The size of the key.
+ * @return The generated key name.
+ * @see generateRsaKeyPair
+ */
+ Name
+ generateEcdsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 256);
+
+ /**
+ * @brief Generate a pair of RSA keys for the specified identity and set it as default key for
+ * the identity.
+ *
+ * @param identityName The name of the identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keySize The size of the key.
+ * @return The generated key name.
+ * @see generateRsaKeyPair, generateEcdsaKeyPair, generateEcdsaKeyPairAsDefault
+ */
+ Name
+ generateRsaKeyPairAsDefault(const Name& identityName, bool isKsk = false, uint32_t keySize = 2048);
+
+ /**
+ * @brief Generate a pair of ECDSA keys for the specified identity and set it as default key for
+ * the identity.
+ *
+ * @param identityName The name of the identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keySize The size of the key.
+ * @return The generated key name.
+ * @see generateRsaKeyPair, generateEcdsaKeyPair, generateRsaKeyPairAsDefault
+ */
+ Name
+ generateEcdsaKeyPairAsDefault(const Name& identityName, bool isKsk = false, uint32_t keySize = 256);
+
+ /**
+ * @brief prepare an unsigned identity certificate
+ *
+ * @param keyName Key name, e.g., `/<identity_name>/ksk-123456`.
+ * @param signingIdentity The signing identity.
+ * @param notBefore Refer to IdentityCertificate.
+ * @param notAfter Refer to IdentityCertificate.
+ * @param subjectDescription Refer to IdentityCertificate.
+ * @param certPrefix Prefix before `KEY` component. By default, KeyChain will infer the
+ * certificate name according to the relation between the signingIdentity and
+ * the subject identity. If signingIdentity is a prefix of the subject identity,
+ * `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted
+ * after subject identity (i.e., before `ksk-....`).
+ * @return IdentityCertificate.
+ */
+ shared_ptr<IdentityCertificate>
+ prepareUnsignedIdentityCertificate(const Name& keyName,
+ const Name& signingIdentity,
+ const time::system_clock::TimePoint& notBefore,
+ const time::system_clock::TimePoint& notAfter,
+ const std::vector<CertificateSubjectDescription>& subjectDescription,
+ const Name& certPrefix = DEFAULT_PREFIX);
+
+ /**
+ * @brief prepare an unsigned identity certificate
+ *
+ * @param keyName Key name, e.g., `/<identity_name>/ksk-123456`.
+ * @param publicKey Public key to sign.
+ * @param signingIdentity The signing identity.
+ * @param notBefore Refer to IdentityCertificate.
+ * @param notAfter Refer to IdentityCertificate.
+ * @param subjectDescription Refer to IdentityCertificate.
+ * @param certPrefix Prefix before `KEY` component. By default, KeyChain will infer the
+ * certificate name according to the relation between the signingIdentity and
+ * the subject identity. If signingIdentity is a prefix of the subject identity,
+ * `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted
+ * after subject identity (i.e., before `ksk-....`).
+ * @return IdentityCertificate.
+ */
+ shared_ptr<IdentityCertificate>
+ prepareUnsignedIdentityCertificate(const Name& keyName,
+ const PublicKey& publicKey,
+ const Name& signingIdentity,
+ const time::system_clock::TimePoint& notBefore,
+ const time::system_clock::TimePoint& notAfter,
+ const std::vector<CertificateSubjectDescription>& subjectDescription,
+ const Name& certPrefix = DEFAULT_PREFIX);
+
+ /**
+ * @brief Sign data according to the supplied signing information
+ *
+ * This method uses the supplied signing information @p params to create the SignatureInfo block:
+ * - it selects a private key and its certificate to sign the packet
+ * - sets the KeyLocator field with the certificate name, and
+ * - adds other requested information to the SignatureInfo block).
+ *
+ * After that, the method assigns the created SignatureInfo to the data packets, generate a
+ * signature and sets as part of the SignatureValue block.
+ *
+ * @param data The data to sign
+ * @param params The signing parameters.
+ * @throws Error if signing fails.
+ * @see SigningInfo
+ */
+ void
+ sign(Data& data, const SigningInfo& params = DEFAULT_SIGNING_INFO);
+
+ /**
+ * @brief Sign interest according to the supplied signing information
+ *
+ * This method uses the supplied signing information @p params to create the SignatureInfo block:
+ * - it selects a private key and its certificate to sign the packet
+ * - sets the KeyLocator field with the certificate name, and
+ * - adds other requested information to the SignatureInfo block).
+ *
+ * After that, the method appends the created SignatureInfo to the interest name, generate a
+ * signature and appends it as part of the SignatureValue block to the interest name.
+ *
+ * @param interest The interest to sign
+ * @param params The signing parameters.
+ * @throws Error if signing fails.
+ * @see SigningInfo
+ */
+ void
+ sign(Interest& interest, const SigningInfo& params = DEFAULT_SIGNING_INFO);
+
+ /**
+ * @brief Sign buffer according to the supplied signing information
+ *
+ * @param buffer The buffer to sign
+ * @param bufferLength The buffer size
+ * @param params The signing parameters.
+ * @return a SignatureValue TLV block
+ * @throws Error if signing fails.
+ * @see SigningInfo
+ */
+ Block
+ sign(const uint8_t* buffer, size_t bufferLength, const SigningInfo& params);
+
+ /**
+ * @deprecated use sign sign(T&, const SigningInfo&)
+ * @brief Sign packet with a particular certificate.
+ *
+ * @param packet The packet to be signed.
+ * @param certificateName The certificate name of the key to use for signing.
+ * @throws SecPublicInfo::Error if certificate does not exist.
+ */
+ template<typename T>
+ void
+ sign(T& packet, const Name& certificateName);
+
+ /**
+ * @deprecated Use sign(const uint8_t*, size_t, const SigningInfo&) instead
+ * @brief Sign the byte array using a particular certificate.
+ *
+ * @param buffer The byte array to be signed.
+ * @param bufferLength the length of buffer.
+ * @param certificateName The certificate name of the signing key.
+ * @return The Signature.
+ * @throws SecPublicInfo::Error if certificate does not exist.
+ */
+ Signature
+ sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
+
+ /**
+ * @deprecated use sign sign(T&, const SigningInfo&)
+ * @brief Sign packet using the default certificate of a particular identity.
+ *
+ * If there is no default certificate of that identity, this method will create a self-signed
+ * certificate.
+ *
+ * @param packet The packet to be signed.
+ * @param identityName The signing identity name.
+ */
+ template<typename T>
+ void
+ signByIdentity(T& packet, const Name& identityName);
+
+ /**
+ * @deprecated use sign(const uint8_t*, size_t, const SigningInfo&) instead
+ * @brief Sign the byte array using the default certificate of a particular identity.
+ *
+ * @param buffer The byte array to be signed.
+ * @param bufferLength the length of buffer.
+ * @param identityName The identity name.
+ * @return The Signature.
+ */
+ Signature
+ signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
+
+ /**
+ * @deprecated use sign(Data&, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256))
+ * @brief Set Sha256 weak signature for @p data
+ */
+ void
+ signWithSha256(Data& data);
+
+ /**
+ * @deprecated use sign(Interest&, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256))
+ * @brief Set Sha256 weak signature for @p interest
+ */
+ void
+ signWithSha256(Interest& interest);
+
+ /**
+ * @brief Generate a self-signed certificate for a public key.
+ *
+ * @param keyName The name of the public key
+ * @return The generated certificate, shared_ptr<IdentityCertificate>() if selfSign fails
+ */
+ shared_ptr<IdentityCertificate>
+ selfSign(const Name& keyName);
+
+ /**
+ * @brief Self-sign the supplied identity certificate.
+ *
+ * @param cert The supplied cert.
+ * @throws SecTpm::Error if the private key does not exist.
+ */
+ void
+ selfSign(IdentityCertificate& cert);
+
+ /**
+ * @brief delete a certificate.
+ *
+ * @param certificateName The certificate to be deleted.
+ * @throws KeyChain::Error if certificate cannot be deleted.
+ */
+ void
+ deleteCertificate(const Name& certificateName);
+
+ /**
+ * @brief delete a key.
+ *
+ * @param keyName The key to be deleted.
+ * @throws KeyChain::Error if key cannot be deleted.
+ */
+ void
+ deleteKey(const Name& keyName);
+
+ /**
+ * @brief delete an identity.
+ *
+ * @param identity The identity to be deleted.
+ * @throws KeyChain::Error if identity cannot be deleted.
+ */
+ void
+ deleteIdentity(const Name& identity);
+
+ /**
+ * @brief export an identity.
+ *
+ * @param identity The identity to export.
+ * @param passwordStr The password to secure the private key.
+ * @return The encoded export data.
+ * @throws SecPublicInfo::Error if anything goes wrong in exporting.
+ */
+ shared_ptr<SecuredBag>
+ exportIdentity(const Name& identity, const std::string& passwordStr);
+
+ /**
+ * @brief import an identity.
+ *
+ * @param securedBag The encoded import data.
+ * @param passwordStr The password to secure the private key.
+ */
+ void
+ importIdentity(const SecuredBag& securedBag, const std::string& passwordStr);
+
+ SecPublicInfo&
+ getPib()
+ {
+ return *m_pib;
+ }
+
+ const SecPublicInfo&
+ getPib() const
+ {
+ return *m_pib;
+ }
+
+ SecTpm&
+ getTpm()
+ {
+ return *m_tpm;
+ }
+
+ const SecTpm&
+ getTpm() const
+ {
+ return *m_tpm;
+ }
+
+ /*******************************
+ * Wrapper of SecPublicInfo *
+ *******************************/
+ bool
+ doesIdentityExist(const Name& identityName) const
+ {
+ return m_pib->doesIdentityExist(identityName);
+ }
+
+ void
+ addIdentity(const Name& identityName)
+ {
+ return m_pib->addIdentity(identityName);
+ }
+
+ bool
+ doesPublicKeyExist(const Name& keyName) const
+ {
+ return m_pib->doesPublicKeyExist(keyName);
+ }
+
+ void
+ addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer)
+ {
+ return m_pib->addKey(keyName, publicKeyDer);
+ }
+
+ void
+ addKey(const Name& keyName, const PublicKey& publicKeyDer)
+ {
+ return m_pib->addKey(keyName, publicKeyDer);
+ }
+
+ shared_ptr<PublicKey>
+ getPublicKey(const Name& keyName) const
+ {
+ return m_pib->getPublicKey(keyName);
+ }
+
+ bool
+ doesCertificateExist(const Name& certificateName) const
+ {
+ return m_pib->doesCertificateExist(certificateName);
+ }
+
+ void
+ addCertificate(const IdentityCertificate& certificate)
+ {
+ return m_pib->addCertificate(certificate);
+ }
+
+ shared_ptr<IdentityCertificate>
+ getCertificate(const Name& certificateName) const
+ {
+ return m_pib->getCertificate(certificateName);
+ }
+
+ Name
+ getDefaultIdentity() const
+ {
+ return m_pib->getDefaultIdentity();
+ }
+
+ Name
+ getDefaultKeyNameForIdentity(const Name& identityName) const
+ {
+ return m_pib->getDefaultKeyNameForIdentity(identityName);
+ }
+
+ /**
+ * @brief Get default key parameters for the specified identity
+ *
+ * If identity has a previously generated key, the returned parameters
+ * will include the same type of the key. If there are no existing
+ * keys, DEFAULT_KEY_PARAMS is used.
+ */
+ const KeyParams&
+ getDefaultKeyParamsForIdentity(const Name& identityName) const;
+
+ Name
+ getDefaultCertificateNameForKey(const Name& keyName) const
+ {
+ return m_pib->getDefaultCertificateNameForKey(keyName);
+ }
+
+ void
+ getAllIdentities(std::vector<Name>& nameList, bool isDefault) const
+ {
+ return m_pib->getAllIdentities(nameList, isDefault);
+ }
+
+ void
+ getAllKeyNames(std::vector<Name>& nameList, bool isDefault) const
+ {
+ return m_pib->getAllKeyNames(nameList, isDefault);
+ }
+
+ void
+ getAllKeyNamesOfIdentity(const Name& identity, std::vector<Name>& nameList, bool isDefault) const
+ {
+ return m_pib->getAllKeyNamesOfIdentity(identity, nameList, isDefault);
+ }
+
+ void
+ getAllCertificateNames(std::vector<Name>& nameList, bool isDefault) const
+ {
+ return m_pib->getAllCertificateNames(nameList, isDefault);
+ }
+
+ void
+ getAllCertificateNamesOfKey(const Name& keyName,
+ std::vector<Name>& nameList,
+ bool isDefault) const
+ {
+ return m_pib->getAllCertificateNamesOfKey(keyName, nameList, isDefault);
+ }
+
+ void
+ deleteCertificateInfo(const Name& certificateName)
+ {
+ return m_pib->deleteCertificateInfo(certificateName);
+ }
+
+ void
+ deletePublicKeyInfo(const Name& keyName)
+ {
+ return m_pib->deletePublicKeyInfo(keyName);
+ }
+
+ void
+ deleteIdentityInfo(const Name& identity)
+ {
+ return m_pib->deleteIdentityInfo(identity);
+ }
+
+ void
+ setDefaultIdentity(const Name& identityName)
+ {
+ return m_pib->setDefaultIdentity(identityName);
+ }
+
+ void
+ setDefaultKeyNameForIdentity(const Name& keyName)
+ {
+ return m_pib->setDefaultKeyNameForIdentity(keyName);
+ }
+
+ void
+ setDefaultCertificateNameForKey(const Name& certificateName)
+ {
+ return m_pib->setDefaultCertificateNameForKey(certificateName);
+ }
+
+ Name
+ getNewKeyName(const Name& identityName, bool useKsk)
+ {
+ return m_pib->getNewKeyName(identityName, useKsk);
+ }
+
+ Name
+ getDefaultCertificateNameForIdentity(const Name& identityName) const
+ {
+ return m_pib->getDefaultCertificateNameForIdentity(identityName);
+ }
+
+ Name
+ getDefaultCertificateName() const
+ {
+ return m_pib->getDefaultCertificateName();
+ }
+
+ void
+ addCertificateAsKeyDefault(const IdentityCertificate& certificate)
+ {
+ return m_pib->addCertificateAsKeyDefault(certificate);
+ }
+
+ void
+ addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
+ {
+ return m_pib->addCertificateAsIdentityDefault(certificate);
+ }
+
+ void
+ addCertificateAsSystemDefault(const IdentityCertificate& certificate)
+ {
+ return m_pib->addCertificateAsSystemDefault(certificate);
+ }
+
+ shared_ptr<IdentityCertificate>
+ getDefaultCertificate() const
+ {
+ if (!static_cast<bool>(m_pib->getDefaultCertificate()))
+ const_cast<KeyChain*>(this)->setDefaultCertificateInternal();
+
+ return m_pib->getDefaultCertificate();
+ }
+
+ void
+ refreshDefaultCertificate()
+ {
+ return m_pib->refreshDefaultCertificate();
+ }
+
+ /*******************************
+ * Wrapper of SecTpm *
+ *******************************/
+
+ void
+ setTpmPassword(const uint8_t* password, size_t passwordLength)
+ {
+ return m_tpm->setTpmPassword(password, passwordLength);
+ }
+
+ void
+ resetTpmPassword()
+ {
+ return m_tpm->resetTpmPassword();
+ }
+
+ void
+ setInTerminal(bool inTerminal)
+ {
+ return m_tpm->setInTerminal(inTerminal);
+ }
+
+ bool
+ getInTerminal() const
+ {
+ return m_tpm->getInTerminal();
+ }
+
+ bool
+ isLocked() const
+ {
+ return m_tpm->isLocked();
+ }
+
+ bool
+ unlockTpm(const char* password, size_t passwordLength, bool usePassword)
+ {
+ return m_tpm->unlockTpm(password, passwordLength, usePassword);
+ }
+
+ void
+ generateKeyPairInTpm(const Name& keyName, const KeyParams& params)
+ {
+ return m_tpm->generateKeyPairInTpm(keyName, params);
+ }
+
+ void
+ deleteKeyPairInTpm(const Name& keyName)
+ {
+ return m_tpm->deleteKeyPairInTpm(keyName);
+ }
+
+ shared_ptr<PublicKey>
+ getPublicKeyFromTpm(const Name& keyName) const
+ {
+ return m_tpm->getPublicKeyFromTpm(keyName);
+ }
+
+ Block
+ signInTpm(const uint8_t* data, size_t dataLength,
+ const Name& keyName,
+ DigestAlgorithm digestAlgorithm)
+ {
+ return m_tpm->signInTpm(data, dataLength, keyName, digestAlgorithm);
+ }
+
+ ConstBufferPtr
+ decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
+ {
+ return m_tpm->decryptInTpm(data, dataLength, keyName, isSymmetric);
+ }
+
+ ConstBufferPtr
+ encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
+ {
+ return m_tpm->encryptInTpm(data, dataLength, keyName, isSymmetric);
+ }
+
+ void
+ generateSymmetricKeyInTpm(const Name& keyName, const KeyParams& params)
+ {
+ return m_tpm->generateSymmetricKeyInTpm(keyName, params);
+ }
+
+ bool
+ doesKeyExistInTpm(const Name& keyName, KeyClass keyClass) const
+ {
+ return m_tpm->doesKeyExistInTpm(keyName, keyClass);
+ }
+
+ bool
+ generateRandomBlock(uint8_t* res, size_t size) const
+ {
+ return m_tpm->generateRandomBlock(res, size);
+ }
+
+ void
+ addAppToAcl(const Name& keyName, KeyClass keyClass, const std::string& appPath, AclType acl)
+ {
+ return m_tpm->addAppToAcl(keyName, keyClass, appPath, acl);
+ }
+
+ ConstBufferPtr
+ exportPrivateKeyPkcs5FromTpm(const Name& keyName, const std::string& password)
+ {
+ return m_tpm->exportPrivateKeyPkcs5FromTpm(keyName, password);
+ }
+
+ bool
+ importPrivateKeyPkcs5IntoTpm(const Name& keyName,
+ const uint8_t* buf, size_t size,
+ const std::string& password)
+ {
+ return m_tpm->importPrivateKeyPkcs5IntoTpm(keyName, buf, size, password);
+ }
+
+private:
+ void
+ initialize(const std::string& pibLocatorUri,
+ const std::string& tpmLocatorUri,
+ bool needReset);
+
+ /**
+ * @brief Prepare a SignatureInfo TLV according to signing information and return the signing key name
+ *
+ * @param params The signing parameters.
+ * @return The signing key name and prepared SignatureInfo.
+ * @throw Error when the requested signing method cannot be satisfied.
+ */
+ std::tuple<Name, SignatureInfo>
+ prepareSignatureInfo(const SigningInfo& params);
+
+ /**
+ * @brief Internal abstraction of packet signing.
+ *
+ * @param packet The packet to sign
+ * @param params The signing parameters.
+ * @throw Error when the signing fails.
+ */
+ template<typename T>
+ void
+ signImpl(T& packet, const SigningInfo& params);
+
+ /**
+ * @brief Set default certificate if it is not initialized
+ */
+ void
+ setDefaultCertificateInternal();
+
+ /**
+ * @brief Generate a key pair for the specified identity.
+ *
+ * @param identityName The name of the specified identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param params The parameter of the key.
+ * @return The name of the generated key.
+ */
+ Name
+ generateKeyPair(const Name& identityName, bool isKsk = false,
+ const KeyParams& params = DEFAULT_KEY_PARAMS);
+
+ /**
+ * @brief Sign the data using a particular key.
+ *
+ * @param data Reference to the data packet.
+ * @param signature Signature to be added.
+ * @param keyName The name of the signing key.
+ * @param digestAlgorithm the digest algorithm.
+ * @throws Tpm::Error
+ */
+ void
+ signPacketWrapper(Data& data, const Signature& signature,
+ const Name& keyName, DigestAlgorithm digestAlgorithm);
+
+ /**
+ * @brief Sign the interest using a particular key.
+ *
+ * @param interest Reference to the interest packet.
+ * @param signature Signature to be added.
+ * @param keyName The name of the signing key.
+ * @param digestAlgorithm the digest algorithm.
+ * @throws Tpm::Error
+ */
+ void
+ signPacketWrapper(Interest& interest, const Signature& signature,
+ const Name& keyName, DigestAlgorithm digestAlgorithm);
+
+ /**
+ * @brief Generate a SignatureValue block for a buffer @p buf with size @p size using
+ * a key with name @p keyName and digest algorithm @p digestAlgorithm.
+ */
+ Block
+ pureSign(const uint8_t* buf, size_t size, const Name& keyName, DigestAlgorithm digestAlgorithm) const;
+
+ static void
+ registerPibImpl(const std::string& canonicalName,
+ std::initializer_list<std::string> aliases, PibCreateFunc createFunc);
+
+ static void
+ registerTpmImpl(const std::string& canonicalName,
+ std::initializer_list<std::string> aliases, TpmCreateFunc createFunc);
+
+public:
+ static tlv::SignatureTypeValue
+ getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm);
+
+public:
+ static const Name DEFAULT_PREFIX;
+ static const SigningInfo DEFAULT_SIGNING_INFO;
+
+ // RsaKeyParams is set to be default for backward compatibility.
+ static const RsaKeyParams DEFAULT_KEY_PARAMS;
+
+ typedef std::map<std::string, Block> SignParams;
+
+private:
+ std::unique_ptr<SecPublicInfo> m_pib;
+ std::unique_ptr<SecTpm> m_tpm;
+ time::milliseconds m_lastTimestamp;
+};
+
+template<typename T>
+void
+KeyChain::signImpl(T& packet, const SigningInfo& params)
+{
+ Name keyName;
+ SignatureInfo sigInfo;
+ std::tie(keyName, sigInfo) = prepareSignatureInfo(params);
+
+ signPacketWrapper(packet, Signature(sigInfo),
+ keyName, params.getDigestAlgorithm());
+}
+
+template<typename T>
+void
+KeyChain::sign(T& packet, const Name& certificateName)
+{
+ signImpl(packet, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certificateName));
+}
+
+template<typename T>
+void
+KeyChain::signByIdentity(T& packet, const Name& identityName)
+{
+ signImpl(packet, SigningInfo(SigningInfo::SIGNER_TYPE_ID, identityName));
+}
+
+template<class PibType>
+inline void
+KeyChain::registerPib(std::initializer_list<std::string> aliases)
+{
+ registerPibImpl(*aliases.begin(), aliases, [] (const std::string& locator) {
+ return make_unique<PibType>(locator);
+ });
+}
+
+template<class TpmType>
+inline void
+KeyChain::registerTpm(std::initializer_list<std::string> aliases)
+{
+ registerTpmImpl(*aliases.begin(), aliases, [] (const std::string& locator) {
+ return make_unique<TpmType>(locator);
+ });
+}
+
+/**
+ * \brief Register SecPib class in ndn-cxx KeyChain
+ *
+ * This macro should be placed once in the implementation file of the
+ * SecPib type within the namespace where the type is declared.
+ */
+#define NDN_CXX_V1_KEYCHAIN_REGISTER_PIB(PibType, ...) \
+static class NdnCxxAuto ## PibType ## PibRegistrationClass \
+{ \
+public: \
+ NdnCxxAuto ## PibType ## PibRegistrationClass() \
+ { \
+ ::ndn::security::v1::KeyChain::registerPib<PibType>({__VA_ARGS__}); \
+ } \
+} ndnCxxAuto ## PibType ## PibRegistrationVariable
+
+/**
+ * \brief Register SecTpm class in ndn-cxx KeyChain
+ *
+ * This macro should be placed once in the implementation file of the
+ * SecTpm type within the namespace where the type is declared.
+ */
+#define NDN_CXX_V1_KEYCHAIN_REGISTER_TPM(TpmType, ...) \
+static class NdnCxxAuto ## TpmType ## TpmRegistrationClass \
+{ \
+public: \
+ NdnCxxAuto ## TpmType ## TpmRegistrationClass() \
+ { \
+ ::ndn::security::v1::KeyChain::registerTpm<TpmType>({__VA_ARGS__}); \
+ } \
+} ndnCxxAuto ## TpmType ## TpmRegistrationVariable
+
+} // namespace v1
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_V1_KEY_CHAIN_HPP
diff --git a/src/security/sec-public-info-sqlite3.cpp b/src/security/v1/sec-public-info-sqlite3.cpp
similarity index 96%
rename from src/security/sec-public-info-sqlite3.cpp
rename to src/security/v1/sec-public-info-sqlite3.cpp
index b392ba1..efb4e0f 100644
--- a/src/security/sec-public-info-sqlite3.cpp
+++ b/src/security/v1/sec-public-info-sqlite3.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,10 +23,10 @@
*/
#include "sec-public-info-sqlite3.hpp"
-#include "v1/identity-certificate.hpp"
-#include "signature-sha256-with-rsa.hpp"
-#include "signature-sha256-with-ecdsa.hpp"
-#include "../data.hpp"
+#include "identity-certificate.hpp"
+#include "../signature-sha256-with-rsa.hpp"
+#include "../signature-sha256-with-ecdsa.hpp"
+#include "../../data.hpp"
#include <sqlite3.h>
#include <stdio.h>
@@ -37,6 +37,7 @@
namespace ndn {
namespace security {
+namespace v1 {
using std::string;
using std::vector;
@@ -364,7 +365,7 @@
void
SecPublicInfoSqlite3::addKey(const Name& keyName,
- const v1::PublicKey& publicKeyDer)
+ const PublicKey& publicKeyDer)
{
if (keyName.empty())
return;
@@ -397,7 +398,7 @@
sqlite3_finalize(statement);
}
-shared_ptr<v1::PublicKey>
+shared_ptr<PublicKey>
SecPublicInfoSqlite3::getPublicKey(const Name& keyName)
{
if (keyName.empty())
@@ -416,9 +417,9 @@
int res = sqlite3_step(statement);
- shared_ptr<v1::PublicKey> result;
+ shared_ptr<PublicKey> result;
if (res == SQLITE_ROW) {
- result = make_shared<v1::PublicKey>(static_cast<const uint8_t*>(sqlite3_column_blob(statement, 0)),
+ result = make_shared<PublicKey>(static_cast<const uint8_t*>(sqlite3_column_blob(statement, 0)),
sqlite3_column_bytes(statement, 0));
sqlite3_finalize(statement);
return result;
@@ -484,12 +485,12 @@
}
void
-SecPublicInfoSqlite3::addCertificate(const v1::IdentityCertificate& certificate)
+SecPublicInfoSqlite3::addCertificate(const IdentityCertificate& certificate)
{
const Name& certificateName = certificate.getName();
- // KeyName is from v1::IdentityCertificate name, so should be qualified.
+ // KeyName is from IdentityCertificate name, so should be qualified.
Name keyName =
- v1::IdentityCertificate::certificateNameToPublicKeyName(certificate.getName());
+ IdentityCertificate::certificateNameToPublicKeyName(certificate.getName());
addKey(keyName, certificate.getPublicKeyInfo());
@@ -538,7 +539,7 @@
sqlite3_finalize(statement);
}
-shared_ptr<v1::IdentityCertificate>
+shared_ptr<IdentityCertificate>
SecPublicInfoSqlite3::getCertificate(const Name& certificateName)
{
sqlite3_stmt* statement = nullptr;
@@ -552,7 +553,7 @@
int res = sqlite3_step(statement);
if (res == SQLITE_ROW) {
- shared_ptr<v1::IdentityCertificate> certificate = make_shared<v1::IdentityCertificate>();
+ shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>();
try {
certificate->wireDecode(Block(static_cast<const uint8_t*>(sqlite3_column_blob(statement, 0)),
sqlite3_column_bytes(statement, 0)));
@@ -724,7 +725,7 @@
if (!doesCertificateExist(certificateName))
BOOST_THROW_EXCEPTION(Error("certificate does not exist:" + certificateName.toUri()));
- Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certificateName);
+ Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certificateName);
string keyId = keyName.get(-1).toUri();
Name identityName = keyName.getPrefix(-1);
@@ -952,5 +953,6 @@
return SCHEME;
}
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/src/security/sec-public-info-sqlite3.hpp b/src/security/v1/sec-public-info-sqlite3.hpp
similarity index 88%
rename from src/security/sec-public-info-sqlite3.hpp
rename to src/security/v1/sec-public-info-sqlite3.hpp
index fbe7d7e..6e9dfd7 100644
--- a/src/security/sec-public-info-sqlite3.hpp
+++ b/src/security/v1/sec-public-info-sqlite3.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,16 +22,17 @@
* @author Jeff Thompson <jefft0@remap.ucla.edu>
*/
-#ifndef NDN_SECURITY_SEC_PUBLIC_INFO_SQLITE3_HPP
-#define NDN_SECURITY_SEC_PUBLIC_INFO_SQLITE3_HPP
+#ifndef NDN_SECURITY_V1_SEC_PUBLIC_INFO_SQLITE3_HPP
+#define NDN_SECURITY_V1_SEC_PUBLIC_INFO_SQLITE3_HPP
-#include "../common.hpp"
+#include "../../common.hpp"
#include "sec-public-info.hpp"
struct sqlite3;
namespace ndn {
namespace security {
+namespace v1 {
class SecPublicInfoSqlite3 : public SecPublicInfo
{
@@ -78,9 +79,9 @@
doesPublicKeyExist(const Name& keyName);
virtual void
- addKey(const Name& keyName, const v1::PublicKey& publicKeyDer);
+ addKey(const Name& keyName, const PublicKey& publicKeyDer);
- virtual shared_ptr<v1::PublicKey>
+ virtual shared_ptr<PublicKey>
getPublicKey(const Name& keyName);
virtual KeyType
@@ -90,9 +91,9 @@
doesCertificateExist(const Name& certificateName);
virtual void
- addCertificate(const v1::IdentityCertificate& certificate);
+ addCertificate(const IdentityCertificate& certificate);
- virtual shared_ptr<v1::IdentityCertificate>
+ virtual shared_ptr<IdentityCertificate>
getCertificate(const Name& certificateName);
@@ -163,10 +164,8 @@
sqlite3* m_database;
};
+} // namespace v1
} // namespace security
-
-using security::SecPublicInfoSqlite3;
-
} // namespace ndn
-#endif // NDN_SECURITY_SEC_PUBLIC_INFO_SQLITE3_HPP
+#endif // NDN_SECURITY_V1_SEC_PUBLIC_INFO_SQLITE3_HPP
diff --git a/src/security/sec-public-info.cpp b/src/security/v1/sec-public-info.cpp
similarity index 86%
rename from src/security/sec-public-info.cpp
rename to src/security/v1/sec-public-info.cpp
index 7002d36..96c4441 100644
--- a/src/security/sec-public-info.cpp
+++ b/src/security/v1/sec-public-info.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,6 +23,7 @@
namespace ndn {
namespace security {
+namespace v1 {
SecPublicInfo::SecPublicInfo(const std::string& location)
: m_location(location)
@@ -40,7 +41,7 @@
}
void
-SecPublicInfo::addPublicKey(const Name& keyName, KeyType keyType, const v1::PublicKey& publicKey)
+SecPublicInfo::addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey)
{
addKey(keyName, publicKey);
}
@@ -105,7 +106,7 @@
}
void
-SecPublicInfo::addCertificateAsKeyDefault(const v1::IdentityCertificate& certificate)
+SecPublicInfo::addCertificateAsKeyDefault(const IdentityCertificate& certificate)
{
addCertificate(certificate);
setDefaultCertificateNameForKeyInternal(certificate.getName());
@@ -113,35 +114,35 @@
}
void
-SecPublicInfo::addCertificateAsIdentityDefault(const v1::IdentityCertificate& certificate)
+SecPublicInfo::addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
{
addCertificate(certificate);
Name certName = certificate.getName();
- Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certName);
+ Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
setDefaultKeyNameForIdentityInternal(keyName);
setDefaultCertificateNameForKeyInternal(certName);
refreshDefaultCertificate();
}
void
-SecPublicInfo::addCertificateAsSystemDefault(const v1::IdentityCertificate& certificate)
+SecPublicInfo::addCertificateAsSystemDefault(const IdentityCertificate& certificate)
{
addCertificate(certificate);
Name certName = certificate.getName();
- Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certName);
+ Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
setDefaultIdentityInternal(keyName.getPrefix(-1));
setDefaultKeyNameForIdentityInternal(keyName);
setDefaultCertificateNameForKeyInternal(certName);
refreshDefaultCertificate();
}
-shared_ptr<v1::IdentityCertificate>
+shared_ptr<IdentityCertificate>
SecPublicInfo::defaultCertificate()
{
return getDefaultCertificate();
}
-shared_ptr<v1::IdentityCertificate>
+shared_ptr<IdentityCertificate>
SecPublicInfo::getDefaultCertificate()
{
return m_defaultCertificate;
@@ -159,5 +160,6 @@
}
}
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/src/security/sec-public-info.hpp b/src/security/v1/sec-public-info.hpp
similarity index 89%
rename from src/security/sec-public-info.hpp
rename to src/security/v1/sec-public-info.hpp
index 9f24538..7ed6ef4 100644
--- a/src/security/sec-public-info.hpp
+++ b/src/security/v1/sec-public-info.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,16 +19,17 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_SEC_PUBLIC_INFO_HPP
-#define NDN_SECURITY_SEC_PUBLIC_INFO_HPP
+#ifndef NDN_SECURITY_V1_SEC_PUBLIC_INFO_HPP
+#define NDN_SECURITY_V1_SEC_PUBLIC_INFO_HPP
-#include "../name.hpp"
-#include "security-common.hpp"
-#include "v1/public-key.hpp"
-#include "v1/identity-certificate.hpp"
+#include "../../name.hpp"
+#include "../security-common.hpp"
+#include "public-key.hpp"
+#include "identity-certificate.hpp"
namespace ndn {
namespace security {
+namespace v1 {
/**
* @brief SecPublicInfo is a base class for the storage of public information.
@@ -132,7 +133,7 @@
*/
DEPRECATED(
void
- addPublicKey(const Name& keyName, KeyType keyType, const v1::PublicKey& publicKey));
+ addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey));
/**
* @brief Add a public key to the identity storage.
@@ -141,7 +142,7 @@
* @param publicKey Reference to the PublicKey object
*/
virtual void
- addKey(const Name& keyName, const v1::PublicKey& publicKey) = 0;
+ addKey(const Name& keyName, const PublicKey& publicKey) = 0;
/**
* @brief Get shared pointer to PublicKey object from the identity storage
@@ -149,7 +150,7 @@
* @param keyName The name of the requested public key
* @throws SecPublicInfo::Error if public key does not exist
*/
- virtual shared_ptr<v1::PublicKey>
+ virtual shared_ptr<PublicKey>
getPublicKey(const Name& keyName) = 0;
/**
@@ -180,7 +181,7 @@
* @param certificate The certificate to be added
*/
virtual void
- addCertificate(const v1::IdentityCertificate& certificate) = 0;
+ addCertificate(const IdentityCertificate& certificate) = 0;
/**
* @brief Get a shared pointer to identity certificate object from the identity storage
@@ -188,7 +189,7 @@
* @param certificateName The name of the requested certificate
* @throws SecPublicInfo::Error if the certificate does not exist
*/
- virtual shared_ptr<v1::IdentityCertificate>
+ virtual shared_ptr<IdentityCertificate>
getCertificate(const Name& certificateName) = 0;
@@ -404,7 +405,7 @@
* @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
*/
void
- addCertificateAsKeyDefault(const v1::IdentityCertificate& certificate);
+ addCertificateAsKeyDefault(const IdentityCertificate& certificate);
/**
* @brief Add a certificate into the public key identity storage and set the certificate as the
@@ -414,7 +415,7 @@
* @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
*/
void
- addCertificateAsIdentityDefault(const v1::IdentityCertificate& certificate);
+ addCertificateAsIdentityDefault(const IdentityCertificate& certificate);
/**
* @brief Add a certificate into the public key identity storage and set the certificate as the
@@ -424,24 +425,24 @@
* @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
*/
void
- addCertificateAsSystemDefault(const v1::IdentityCertificate& certificate);
+ addCertificateAsSystemDefault(const IdentityCertificate& certificate);
/**
* @brief Get cached default certificate of the default identity
*
- * @return The certificate which might be empty shared_ptr<v1::IdentityCertificate>()
+ * @return The certificate which might be empty shared_ptr<IdentityCertificate>()
* @deprecated Use getDefaultCertificate instead
*/
DEPRECATED(
- shared_ptr<v1::IdentityCertificate>
+ shared_ptr<IdentityCertificate>
defaultCertificate());
/**
* @brief Get cached default certificate of the default identity
*
- * @return The certificate which might be empty shared_ptr<v1::IdentityCertificate>()
+ * @return The certificate which might be empty shared_ptr<IdentityCertificate>()
*/
- shared_ptr<v1::IdentityCertificate>
+ shared_ptr<IdentityCertificate>
getDefaultCertificate();
/**
@@ -451,14 +452,22 @@
refreshDefaultCertificate();
protected:
- shared_ptr<v1::IdentityCertificate> m_defaultCertificate;
+ shared_ptr<IdentityCertificate> m_defaultCertificate;
std::string m_location;
};
+} // namespace v1
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+using v1::SecPublicInfo;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
} // namespace security
-using security::SecPublicInfo;
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+using security::v1::SecPublicInfo;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
} // namespace ndn
-#endif // NDN_SECURITY_SEC_PUBLIC_INFO_HPP
+#endif // NDN_SECURITY_V1_SEC_PUBLIC_INFO_HPP
diff --git a/src/security/sec-tpm-file.cpp b/src/security/v1/sec-tpm-file.cpp
similarity index 98%
rename from src/security/sec-tpm-file.cpp
rename to src/security/v1/sec-tpm-file.cpp
index 931d8fd..adda17f 100644
--- a/src/security/sec-tpm-file.cpp
+++ b/src/security/v1/sec-tpm-file.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -25,12 +25,12 @@
#include "sec-tpm-file.hpp"
-#include "../encoding/buffer-stream.hpp"
+#include "../../encoding/buffer-stream.hpp"
#include <boost/filesystem.hpp>
#include <boost/algorithm/string.hpp>
-#include "v1/cryptopp.hpp"
+#include "cryptopp.hpp"
#include <sys/types.h>
#include <sys/stat.h>
@@ -39,6 +39,7 @@
namespace ndn {
namespace security {
+namespace v1 {
using std::string;
using std::ostringstream;
@@ -232,7 +233,7 @@
boost::filesystem::remove(privateKeyPath);
}
-shared_ptr<v1::PublicKey>
+shared_ptr<PublicKey>
SecTpmFile::getPublicKeyFromTpm(const Name& keyName)
{
string keyURI = keyName.toUri();
@@ -251,7 +252,7 @@
BOOST_THROW_EXCEPTION(Error(e.what()));
}
- return make_shared<v1::PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()),
+ return make_shared<PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()),
os.str().size());
}
@@ -321,7 +322,7 @@
AutoSeededRandomPool rng;
// Read public key
- shared_ptr<v1::PublicKey> pubkeyPtr;
+ shared_ptr<PublicKey> pubkeyPtr;
pubkeyPtr = getPublicKeyFromTpm(keyName);
switch (pubkeyPtr->getKeyType()) {
@@ -587,5 +588,6 @@
}
}
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/src/security/sec-tpm-file.hpp b/src/security/v1/sec-tpm-file.hpp
similarity index 92%
rename from src/security/sec-tpm-file.hpp
rename to src/security/v1/sec-tpm-file.hpp
index ed25d2d..aaaa4ce 100644
--- a/src/security/sec-tpm-file.hpp
+++ b/src/security/v1/sec-tpm-file.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,15 +23,16 @@
* @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
*/
-#ifndef NDN_SECURITY_SEC_TPM_FILE_HPP
-#define NDN_SECURITY_SEC_TPM_FILE_HPP
+#ifndef NDN_SECURITY_V1_SEC_TPM_FILE_HPP
+#define NDN_SECURITY_V1_SEC_TPM_FILE_HPP
-#include "../common.hpp"
+#include "../../common.hpp"
#include "sec-tpm.hpp"
namespace ndn {
namespace security {
+namespace v1 {
class SecTpmFile : public SecTpm
{
@@ -92,7 +93,7 @@
virtual void
deleteKeyPairInTpm(const Name& keyName);
- virtual shared_ptr<v1::PublicKey>
+ virtual shared_ptr<PublicKey>
getPublicKeyFromTpm(const Name& keyName);
virtual Block
@@ -144,10 +145,8 @@
bool m_inTerminal;
};
+} // namespace v1
} // namespace security
-
-using security::SecTpmFile;
-
} // namespace ndn
-#endif // NDN_SECURITY_SEC_TPM_FILE_HPP
+#endif // NDN_SECURITY_V1_SEC_TPM_FILE_HPP
diff --git a/src/security/sec-tpm-osx.cpp b/src/security/v1/sec-tpm-osx.cpp
similarity index 98%
rename from src/security/sec-tpm-osx.cpp
rename to src/security/v1/sec-tpm-osx.cpp
index 671a6f1..f3c3029 100644
--- a/src/security/sec-tpm-osx.cpp
+++ b/src/security/v1/sec-tpm-osx.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,11 +22,11 @@
*/
#include "sec-tpm-osx.hpp"
-#include "v1/public-key.hpp"
+#include "public-key.hpp"
-#include "../encoding/oid.hpp"
-#include "../encoding/buffer-stream.hpp"
-#include "v1/cryptopp.hpp"
+#include "../../encoding/oid.hpp"
+#include "../../encoding/buffer-stream.hpp"
+#include "cryptopp.hpp"
#include <pwd.h>
#include <unistd.h>
@@ -44,6 +44,7 @@
namespace ndn {
namespace security {
+namespace v1 {
using std::string;
@@ -499,7 +500,7 @@
// throw Error("Fail to create a symmetric key");
}
-shared_ptr<v1::PublicKey>
+shared_ptr<PublicKey>
SecTpmOsx::getPublicKeyFromTpm(const Name& keyName)
{
CFReleaser<SecKeychainItemRef> publicKey = m_impl->getKey(keyName, KeyClass::PUBLIC);
@@ -518,7 +519,7 @@
BOOST_THROW_EXCEPTION(Error("Cannot export requested public key from OSX Keychain"));
}
- shared_ptr<v1::PublicKey> key = make_shared<v1::PublicKey>(CFDataGetBytePtr(exportedKey.get()),
+ shared_ptr<PublicKey> key = make_shared<PublicKey>(CFDataGetBytePtr(exportedKey.get()),
CFDataGetLength(exportedKey.get()));
return key;
}
@@ -541,7 +542,7 @@
"in OSX Keychain"));
}
- shared_ptr<v1::PublicKey> publicKey = getPublicKeyFromTpm(keyName);
+ shared_ptr<PublicKey> publicKey = getPublicKeyFromTpm(keyName);
CFReleaser<CFDataRef> exportedKey;
OSStatus res = SecItemExport(privateKey.get(),
@@ -1139,5 +1140,6 @@
}
}
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/src/security/sec-tpm-osx.hpp b/src/security/v1/sec-tpm-osx.hpp
similarity index 94%
rename from src/security/sec-tpm-osx.hpp
rename to src/security/v1/sec-tpm-osx.hpp
index 1713f06..7641514 100644
--- a/src/security/sec-tpm-osx.hpp
+++ b/src/security/v1/sec-tpm-osx.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -21,10 +21,10 @@
* @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
*/
-#ifndef NDN_SECURITY_SEC_TPM_OSX_HPP
-#define NDN_SECURITY_SEC_TPM_OSX_HPP
+#ifndef NDN_SECURITY_V1_SEC_TPM_OSX_HPP
+#define NDN_SECURITY_V1_SEC_TPM_OSX_HPP
-#include "../common.hpp"
+#include "../../common.hpp"
#ifndef NDN_CXX_HAVE_OSX_SECURITY
#error "This files should not be compiled ..."
@@ -34,6 +34,7 @@
namespace ndn {
namespace security {
+namespace v1 {
class SecTpmOsx : public SecTpm
{
@@ -161,10 +162,8 @@
shared_ptr<Impl> m_impl;
};
+} // namespace v1
} // namespace security
-
-using security::SecTpmOsx;
-
} // namespace ndn
-#endif // NDN_SECURITY_SEC_TPM_OSX_HPP
+#endif // NDN_SECURITY_V1_SEC_TPM_OSX_HPP
diff --git a/src/security/sec-tpm.cpp b/src/security/v1/sec-tpm.cpp
similarity index 98%
rename from src/security/sec-tpm.cpp
rename to src/security/v1/sec-tpm.cpp
index 2ce3d66..fae3b7e 100644
--- a/src/security/sec-tpm.cpp
+++ b/src/security/v1/sec-tpm.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,13 +23,14 @@
#include "sec-tpm.hpp"
-#include "../encoding/oid.hpp"
-#include "../encoding/buffer-stream.hpp"
-#include "v1/cryptopp.hpp"
+#include "../../encoding/oid.hpp"
+#include "../../encoding/buffer-stream.hpp"
+#include "cryptopp.hpp"
#include <unistd.h>
namespace ndn {
namespace security {
+namespace v1 {
SecTpm::SecTpm(const std::string& location)
: m_location(location)
@@ -381,5 +382,6 @@
return isInitialized;
}
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/src/security/sec-tpm.hpp b/src/security/v1/sec-tpm.hpp
similarity index 93%
rename from src/security/sec-tpm.hpp
rename to src/security/v1/sec-tpm.hpp
index 3da278e..5acb0c3 100644
--- a/src/security/sec-tpm.hpp
+++ b/src/security/v1/sec-tpm.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -21,18 +21,19 @@
* @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
*/
-#ifndef NDN_SECURITY_SEC_TPM_HPP
-#define NDN_SECURITY_SEC_TPM_HPP
+#ifndef NDN_SECURITY_V1_SEC_TPM_HPP
+#define NDN_SECURITY_V1_SEC_TPM_HPP
-#include "../common.hpp"
-#include "security-common.hpp"
-#include "../name.hpp"
-#include "../data.hpp"
-#include "key-params.hpp"
-#include "v1/public-key.hpp"
+#include "../../common.hpp"
+#include "../security-common.hpp"
+#include "../../name.hpp"
+#include "../../data.hpp"
+#include "../key-params.hpp"
+#include "public-key.hpp"
namespace ndn {
namespace security {
+namespace v1 {
/**
* @brief SecTpm is the base class of the TPM classes.
@@ -301,10 +302,18 @@
std::string m_location;
};
+} // namespace v1
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+using v1::SecTpm;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
} // namespace security
-using security::SecTpm;
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+using security::v1::SecTpm;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
} // namespace ndn
-#endif // NDN_SECURITY_SEC_TPM_HPP
+#endif // NDN_SECURITY_V1_SEC_TPM_HPP
diff --git a/src/security/secured-bag.cpp b/src/security/v1/secured-bag.cpp
similarity index 87%
rename from src/security/secured-bag.cpp
rename to src/security/v1/secured-bag.cpp
index 66fad02..8fccbc6 100644
--- a/src/security/secured-bag.cpp
+++ b/src/security/v1/secured-bag.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,10 +20,12 @@
*/
#include "secured-bag.hpp"
-#include "encoding/tlv-security.hpp"
-#include "util/concepts.hpp"
+#include "../../encoding/tlv-security.hpp"
+#include "../../util/concepts.hpp"
namespace ndn {
+namespace security {
+namespace v1 {
//BOOST_CONCEPT_ASSERT((boost::EqualityComparable<SecuredBag>));
BOOST_CONCEPT_ASSERT((WireEncodable<SecuredBag>));
@@ -41,7 +43,7 @@
this->wireDecode(wire);
}
-SecuredBag::SecuredBag(const v1::IdentityCertificate& cert, ConstBufferPtr key)
+SecuredBag::SecuredBag(const IdentityCertificate& cert, ConstBufferPtr key)
: m_cert(cert)
, m_key(key)
, m_wire(tlv::security::IdentityPackage)
@@ -76,4 +78,6 @@
return m_wire;
}
+} // namespace v1
+} // namespace security
} // namespace ndn
diff --git a/src/security/secured-bag.hpp b/src/security/v1/secured-bag.hpp
similarity index 80%
rename from src/security/secured-bag.hpp
rename to src/security/v1/secured-bag.hpp
index 5dd27fc..fbfb151 100644
--- a/src/security/secured-bag.hpp
+++ b/src/security/v1/secured-bag.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,14 +19,15 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_SECURED_BAG_HPP
-#define NDN_SECURITY_SECURED_BAG_HPP
+#ifndef NDN_SECURITY_V1_SECURED_BAG_HPP
+#define NDN_SECURITY_V1_SECURED_BAG_HPP
-#include "../common.hpp"
-#include "v1/identity-certificate.hpp"
+#include "../../common.hpp"
+#include "identity-certificate.hpp"
namespace ndn {
namespace security {
+namespace v1 {
class SecuredBag
{
@@ -46,7 +47,7 @@
explicit
SecuredBag(const Block& wire);
- SecuredBag(const v1::IdentityCertificate& cert,
+ SecuredBag(const IdentityCertificate& cert,
ConstBufferPtr key);
virtual
@@ -58,7 +59,7 @@
const Block&
wireEncode() const;
- const v1::IdentityCertificate&
+ const IdentityCertificate&
getCertificate() const
{
return m_cert;
@@ -71,16 +72,14 @@
}
private:
- v1::IdentityCertificate m_cert;
+ IdentityCertificate m_cert;
ConstBufferPtr m_key;
mutable Block m_wire;
};
+} // namespace v1
} // namespace security
-
-using security::SecuredBag;
-
} // namespace ndn
-#endif // NDN_SECURITY_SECURED_BAG_HPP
+#endif // NDN_SECURITY_V1_SECURED_BAG_HPP
diff --git a/src/util/dummy-client-face.cpp b/src/util/dummy-client-face.cpp
index 14a7631..f84d997 100644
--- a/src/util/dummy-client-face.cpp
+++ b/src/util/dummy-client-face.cpp
@@ -86,13 +86,13 @@
DummyClientFace::DummyClientFace(const Options& options/* = DummyClientFace::DEFAULT_OPTIONS*/)
: Face(make_shared<DummyClientFace::Transport>())
- , m_internalKeyChain(new KeyChain)
+ , m_internalKeyChain(new security::v1::KeyChain)
, m_keyChain(*m_internalKeyChain)
{
this->construct(options);
}
-DummyClientFace::DummyClientFace(KeyChain& keyChain,
+DummyClientFace::DummyClientFace(security::v1::KeyChain& keyChain,
const Options& options/* = DummyClientFace::DEFAULT_OPTIONS*/)
: Face(make_shared<DummyClientFace::Transport>(), keyChain)
, m_keyChain(keyChain)
@@ -103,13 +103,13 @@
DummyClientFace::DummyClientFace(boost::asio::io_service& ioService,
const Options& options/* = DummyClientFace::DEFAULT_OPTIONS*/)
: Face(make_shared<DummyClientFace::Transport>(), ioService)
- , m_internalKeyChain(new KeyChain)
+ , m_internalKeyChain(new security::v1::KeyChain)
, m_keyChain(*m_internalKeyChain)
{
this->construct(options);
}
-DummyClientFace::DummyClientFace(boost::asio::io_service& ioService, KeyChain& keyChain,
+DummyClientFace::DummyClientFace(boost::asio::io_service& ioService, security::v1::KeyChain& keyChain,
const Options& options/* = DummyClientFace::DEFAULT_OPTIONS*/)
: Face(make_shared<DummyClientFace::Transport>(), ioService, keyChain)
, m_keyChain(keyChain)
diff --git a/src/util/dummy-client-face.hpp b/src/util/dummy-client-face.hpp
index 630913c..cbf22f1 100644
--- a/src/util/dummy-client-face.hpp
+++ b/src/util/dummy-client-face.hpp
@@ -80,7 +80,7 @@
/** \brief Create a dummy face with internal IO service and the specified KeyChain
*/
explicit
- DummyClientFace(KeyChain& keyChain, const Options& options = Options());
+ DummyClientFace(security::v1::KeyChain& keyChain, const Options& options = Options());
/** \brief Create a dummy face with the provided IO service
*/
@@ -89,7 +89,7 @@
/** \brief Create a dummy face with the provided IO service and the specified KeyChain
*/
- DummyClientFace(boost::asio::io_service& ioService, KeyChain& keyChain,
+ DummyClientFace(boost::asio::io_service& ioService, security::v1::KeyChain& keyChain,
const Options& options = Options());
/** \brief cause the Face to receive an interest
@@ -166,8 +166,8 @@
Signal<DummyClientFace, lp::Nack> onSendNack;
private:
- std::unique_ptr<KeyChain> m_internalKeyChain;
- KeyChain& m_keyChain;
+ std::unique_ptr<security::v1::KeyChain> m_internalKeyChain;
+ security::v1::KeyChain& m_keyChain;
std::function<void(time::milliseconds)> m_processEventsOverride;
};
diff --git a/src/util/notification-stream.hpp b/src/util/notification-stream.hpp
index 42d0e36..e9921c0 100644
--- a/src/util/notification-stream.hpp
+++ b/src/util/notification-stream.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -50,7 +50,7 @@
#include "../name.hpp"
#include "../face.hpp"
-#include "../security/key-chain.hpp"
+#include "../security/v1/key-chain.hpp"
#include "concepts.hpp"
diff --git a/tests/identity-management-fixture.cpp b/tests/identity-management-fixture.cpp
index 0b296f7..6767d62 100644
--- a/tests/identity-management-fixture.cpp
+++ b/tests/identity-management-fixture.cpp
@@ -60,11 +60,11 @@
IdentityManagementFixture::saveIdentityCertificate(const Name& identity,
const std::string& filename, bool wantAdd)
{
- shared_ptr<ndn::IdentityCertificate> cert;
+ shared_ptr<security::v1::IdentityCertificate> cert;
try {
cert = m_keyChain.getCertificate(m_keyChain.getDefaultCertificateNameForIdentity(identity));
}
- catch (const ndn::SecPublicInfo::Error&) {
+ catch (const security::v1::SecPublicInfo::Error&) {
if (wantAdd && this->addIdentity(identity)) {
return this->saveIdentityCertificate(identity, filename, false);
}
@@ -73,10 +73,10 @@
m_certFiles.push_back(filename);
try {
- ndn::io::save(*cert, filename);
+ io::save(*cert, filename);
return true;
}
- catch (const ndn::io::Error&) {
+ catch (const io::Error&) {
return false;
}
}
@@ -94,11 +94,11 @@
try {
identityKeyName = m_keyChain.getDefaultKeyNameForIdentity(identity);
}
- catch (const ndn::SecPublicInfo::Error&) {
+ catch (const security::v1::SecPublicInfo::Error&) {
identityKeyName = m_keyChain.generateRsaKeyPairAsDefault(identity, true);
}
- std::vector<ndn::CertificateSubjectDescription> subjectDescription;
- shared_ptr<ndn::IdentityCertificate> identityCert =
+ std::vector<security::v1::CertificateSubjectDescription> subjectDescription;
+ shared_ptr<security::v1::IdentityCertificate> identityCert =
m_keyChain.prepareUnsignedIdentityCertificate(identityKeyName,
issuer,
time::system_clock::now(),
diff --git a/tests/identity-management-fixture.hpp b/tests/identity-management-fixture.hpp
index d792a3f..f96a24c 100644
--- a/tests/identity-management-fixture.hpp
+++ b/tests/identity-management-fixture.hpp
@@ -22,7 +22,7 @@
#ifndef NDN_TESTS_IDENTITY_MANAGEMENT_FIXTURE_HPP
#define NDN_TESTS_IDENTITY_MANAGEMENT_FIXTURE_HPP
-#include "security/key-chain.hpp"
+#include "security/v1/key-chain.hpp"
#include "security/signing-helpers.hpp"
#include <vector>
@@ -46,7 +46,7 @@
/// @brief add identity, return true if succeed.
bool
- addIdentity(const Name& identity, const KeyParams& params = KeyChain::DEFAULT_KEY_PARAMS);
+ addIdentity(const Name& identity, const KeyParams& params = security::v1::KeyChain::DEFAULT_KEY_PARAMS);
/**
* @brief save identity certificate to a file
@@ -68,10 +68,10 @@
*/
bool
addSubCertificate(const Name& identity, const Name& issuer,
- const KeyParams& params = KeyChain::DEFAULT_KEY_PARAMS);
+ const KeyParams& params = security::v1::KeyChain::DEFAULT_KEY_PARAMS);
protected:
- KeyChain m_keyChain;
+ security::v1::KeyChain m_keyChain;
private:
std::vector<Name> m_identities;
diff --git a/tests/integrated/face.cpp b/tests/integrated/face.cpp
index 114544f..799a562 100644
--- a/tests/integrated/face.cpp
+++ b/tests/integrated/face.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -25,7 +25,6 @@
#include "face.hpp"
#include "util/scheduler.hpp"
-#include "security/key-chain.hpp"
#include "identity-management-fixture.hpp"
#include "boost-test.hpp"
diff --git a/tests/key-chain-fixture.hpp b/tests/key-chain-fixture.hpp
index 9301b23..014f572 100644
--- a/tests/key-chain-fixture.hpp
+++ b/tests/key-chain-fixture.hpp
@@ -22,7 +22,6 @@
#ifndef NDN_TESTS_KEY_CHAIN_FIXTURE_HPP
#define NDN_TESTS_KEY_CHAIN_FIXTURE_HPP
-#include "security/key-chain.hpp"
#include "security/v2/key-chain.hpp"
#include "boost-test.hpp"
diff --git a/tests/unit-tests/data.t.cpp b/tests/unit-tests/data.t.cpp
index 2940c77..0cf8aae 100644
--- a/tests/unit-tests/data.t.cpp
+++ b/tests/unit-tests/data.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,7 +20,6 @@
*/
#include "data.hpp"
-#include "security/key-chain.hpp"
#include "security/v1/cryptopp.hpp"
#include "encoding/buffer-stream.hpp"
diff --git a/tests/unit-tests/face.t.cpp b/tests/unit-tests/face.t.cpp
index 0b1c479..7d4c9c8 100644
--- a/tests/unit-tests/face.t.cpp
+++ b/tests/unit-tests/face.t.cpp
@@ -21,7 +21,6 @@
#include "face.hpp"
#include "lp/tags.hpp"
-#include "security/key-chain.hpp"
#include "transport/tcp-transport.hpp"
#include "transport/unix-transport.hpp"
#include "util/dummy-client-face.hpp"
diff --git a/tests/unit-tests/interest.t.cpp b/tests/unit-tests/interest.t.cpp
index 969bdbd..aee782f 100644
--- a/tests/unit-tests/interest.t.cpp
+++ b/tests/unit-tests/interest.t.cpp
@@ -24,7 +24,6 @@
#include "data.hpp"
#include "security/signature-sha256-with-rsa.hpp"
#include "security/digest-sha256.hpp"
-#include "security/key-chain.hpp"
#include "encoding/buffer-stream.hpp"
#include "boost-test.hpp"
diff --git a/tests/unit-tests/link.t.cpp b/tests/unit-tests/link.t.cpp
index 3858036..6e29a5e 100644
--- a/tests/unit-tests/link.t.cpp
+++ b/tests/unit-tests/link.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,7 +20,6 @@
*/
#include "link.hpp"
-#include "security/key-chain.hpp"
#include "security/v1/cryptopp.hpp"
#include "encoding/buffer-stream.hpp"
diff --git a/tests/unit-tests/meta-info.t.cpp b/tests/unit-tests/meta-info.t.cpp
index 3fd8b3c..ad83119 100644
--- a/tests/unit-tests/meta-info.t.cpp
+++ b/tests/unit-tests/meta-info.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,11 +20,10 @@
*/
#include "meta-info.hpp"
-
#include "data.hpp"
-#include "security/key-chain.hpp"
#include "security/v1/cryptopp.hpp"
#include "encoding/buffer-stream.hpp"
+
#include "boost-test.hpp"
namespace ndn {
diff --git a/tests/unit-tests/security/conf/checker.t.cpp b/tests/unit-tests/security/conf/checker.t.cpp
index 5ba5ad8..9ddf43a 100644
--- a/tests/unit-tests/security/conf/checker.t.cpp
+++ b/tests/unit-tests/security/conf/checker.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,7 +20,6 @@
*/
#include "security/conf/checker.hpp"
-#include "security/key-chain.hpp"
#include "boost-test.hpp"
#include "identity-management-fixture.hpp"
diff --git a/tests/unit-tests/security/digest-sha256.t.cpp b/tests/unit-tests/security/digest-sha256.t.cpp
index cbac8e2..732efe6 100644
--- a/tests/unit-tests/security/digest-sha256.t.cpp
+++ b/tests/unit-tests/security/digest-sha256.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,7 +20,6 @@
*/
#include "security/digest-sha256.hpp"
-#include "security/key-chain.hpp"
#include "security/validator.hpp"
#include "util/string-helper.hpp"
diff --git a/tests/unit-tests/security/sec-rule-specific.t.cpp b/tests/unit-tests/security/sec-rule-specific.t.cpp
index e69d0ee..d8c5d24 100644
--- a/tests/unit-tests/security/sec-rule-specific.t.cpp
+++ b/tests/unit-tests/security/sec-rule-specific.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,10 +20,9 @@
*/
#include "security/sec-rule-specific.hpp"
-#include "security/key-chain.hpp"
-#include "identity-management-fixture.hpp"
#include "boost-test.hpp"
+#include "identity-management-fixture.hpp"
namespace ndn {
namespace security {
diff --git a/tests/unit-tests/security/signature-sha256-with-ecdsa.t.cpp b/tests/unit-tests/security/signature-sha256-with-ecdsa.t.cpp
index 448734b..c54ee4c 100644
--- a/tests/unit-tests/security/signature-sha256-with-ecdsa.t.cpp
+++ b/tests/unit-tests/security/signature-sha256-with-ecdsa.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,7 +20,6 @@
*/
#include "security/signature-sha256-with-ecdsa.hpp"
-#include "security/key-chain.hpp"
#include "security/validator.hpp"
#include "util/scheduler.hpp"
diff --git a/tests/unit-tests/security/signature-sha256-with-rsa.t.cpp b/tests/unit-tests/security/signature-sha256-with-rsa.t.cpp
index 75fc6be..494ea71 100644
--- a/tests/unit-tests/security/signature-sha256-with-rsa.t.cpp
+++ b/tests/unit-tests/security/signature-sha256-with-rsa.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,7 +20,6 @@
*/
#include "security/signature-sha256-with-rsa.hpp"
-#include "security/key-chain.hpp"
#include "security/validator.hpp"
#include "util/scheduler.hpp"
diff --git a/tests/unit-tests/security/signing-info.t.cpp b/tests/unit-tests/security/signing-info.t.cpp
index cfada95..f111059 100644
--- a/tests/unit-tests/security/signing-info.t.cpp
+++ b/tests/unit-tests/security/signing-info.t.cpp
@@ -20,7 +20,6 @@
*/
#include "security/signing-info.hpp"
-#include "security/key-chain.hpp"
#include "boost-test.hpp"
diff --git a/tests/unit-tests/security/v1/certificate.t.cpp b/tests/unit-tests/security/v1/certificate.t.cpp
index 043a1fb..5b410c5 100644
--- a/tests/unit-tests/security/v1/certificate.t.cpp
+++ b/tests/unit-tests/security/v1/certificate.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,8 +22,6 @@
#include "security/v1/certificate.hpp"
#include "security/v1/public-key.hpp"
-#include "security/key-chain.hpp"
-
#include "security/v1/cryptopp.hpp"
#include "boost-test.hpp"
diff --git a/tests/unit-tests/security/dummy-keychain.cpp b/tests/unit-tests/security/v1/dummy-keychain.cpp
similarity index 96%
rename from tests/unit-tests/security/dummy-keychain.cpp
rename to tests/unit-tests/security/v1/dummy-keychain.cpp
index c173117..21db30c 100644
--- a/tests/unit-tests/security/dummy-keychain.cpp
+++ b/tests/unit-tests/security/v1/dummy-keychain.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -26,6 +26,7 @@
namespace ndn {
namespace security {
+namespace v1 {
static const uint8_t DUMMY_CERT[] =
"Bv0C8Ac4CAVkdW1teQgDa2V5CANLRVkIEWtzay0xNDE4NjAwMzkxMDUwCAdJRC1D"
@@ -67,14 +68,14 @@
const std::string DummyPublicInfo::SCHEME = "pib-dummy";
const std::string DummyTpm::SCHEME = "tpm-dummy";
-NDN_CXX_KEYCHAIN_REGISTER_PIB(DummyPublicInfo, "pib-dummy", "dummy");
-NDN_CXX_KEYCHAIN_REGISTER_TPM(DummyTpm, "tpm-dummy", "dummy");
+NDN_CXX_V1_KEYCHAIN_REGISTER_PIB(DummyPublicInfo, "pib-dummy", "dummy");
+NDN_CXX_V1_KEYCHAIN_REGISTER_TPM(DummyTpm, "tpm-dummy", "dummy");
typedef DummyPublicInfo DummyPublicInfo2;
typedef DummyTpm DummyTpm2;
-NDN_CXX_KEYCHAIN_REGISTER_PIB(DummyPublicInfo2, "pib-dummy2");
-NDN_CXX_KEYCHAIN_REGISTER_TPM(DummyTpm2, "tpm-dummy2");
+NDN_CXX_V1_KEYCHAIN_REGISTER_PIB(DummyPublicInfo2, "pib-dummy2");
+NDN_CXX_V1_KEYCHAIN_REGISTER_TPM(DummyTpm2, "tpm-dummy2");
DummyPublicInfo::DummyPublicInfo(const std::string& locator)
: SecPublicInfo(locator)
@@ -389,5 +390,6 @@
return DummyTpm::SCHEME;
}
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/tests/unit-tests/security/dummy-keychain.hpp b/tests/unit-tests/security/v1/dummy-keychain.hpp
similarity index 94%
rename from tests/unit-tests/security/dummy-keychain.hpp
rename to tests/unit-tests/security/v1/dummy-keychain.hpp
index 7d5682e..3fe2101 100644
--- a/tests/unit-tests/security/dummy-keychain.hpp
+++ b/tests/unit-tests/security/v1/dummy-keychain.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,13 +19,14 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_TESTS_SECURITY_DUMMY_KEYCHAIN_HPP
-#define NDN_TESTS_SECURITY_DUMMY_KEYCHAIN_HPP
+#ifndef NDN_TESTS_SECURITY_V1_DUMMY_KEYCHAIN_HPP
+#define NDN_TESTS_SECURITY_V1_DUMMY_KEYCHAIN_HPP
-#include "security/key-chain.hpp"
+#include "security/v1/key-chain.hpp"
namespace ndn {
namespace security {
+namespace v1 {
class DummyPublicInfo : public SecPublicInfo
{
@@ -197,7 +198,8 @@
static const std::string SCHEME;
};
+} // namespace v1
} // namespace security
} // namespace ndn
-#endif // NDN_TESTS_SECURITY_DUMMY_KEYCHAIN_HPP
+#endif // NDN_TESTS_SECURITY_V1_DUMMY_KEYCHAIN_HPP
diff --git a/tests/unit-tests/security/key-chain.t.cpp b/tests/unit-tests/security/v1/key-chain.t.cpp
similarity index 98%
rename from tests/unit-tests/security/key-chain.t.cpp
rename to tests/unit-tests/security/v1/key-chain.t.cpp
index 8009daa..6130cae 100644
--- a/tests/unit-tests/security/key-chain.t.cpp
+++ b/tests/unit-tests/security/v1/key-chain.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,13 +19,13 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "security/key-chain.hpp"
+#include "security/v1/key-chain.hpp"
#include "security/validator.hpp"
#include "security/signing-helpers.hpp"
#include "boost-test.hpp"
#include "dummy-keychain.hpp"
-#include "../test-home-env-saver.hpp"
+#include "../../test-home-env-saver.hpp"
#include "key-chain-fixture.hpp"
#include "identity-management-fixture.hpp"
@@ -35,11 +35,13 @@
namespace ndn {
namespace security {
+namespace v1 {
namespace tests {
using namespace ndn::tests;
BOOST_AUTO_TEST_SUITE(Security)
+BOOST_AUTO_TEST_SUITE(V1)
BOOST_FIXTURE_TEST_SUITE(TestKeyChain, TestHomeEnvSaver)
template<class Path>
@@ -419,8 +421,10 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestKeyChain
+BOOST_AUTO_TEST_SUITE_END() // V1
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/tests/unit-tests/security/sec-public-info-sqlite3.t.cpp b/tests/unit-tests/security/v1/sec-public-info-sqlite3.t.cpp
similarity index 95%
rename from tests/unit-tests/security/sec-public-info-sqlite3.t.cpp
rename to tests/unit-tests/security/v1/sec-public-info-sqlite3.t.cpp
index 245babc..e2d668b 100644
--- a/tests/unit-tests/security/sec-public-info-sqlite3.t.cpp
+++ b/tests/unit-tests/security/v1/sec-public-info-sqlite3.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,8 +19,8 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "security/sec-public-info-sqlite3.hpp"
-#include "security/key-chain.hpp"
+#include "security/v1/sec-public-info-sqlite3.hpp"
+#include "security/v1/key-chain.hpp"
#include "security/v1/cryptopp.hpp"
#include "encoding/buffer-stream.hpp"
#include "util/time.hpp"
@@ -32,6 +32,7 @@
namespace ndn {
namespace security {
+namespace v1 {
namespace tests {
class PibTmpPathFixture
@@ -55,6 +56,7 @@
};
BOOST_AUTO_TEST_SUITE(Security)
+BOOST_AUTO_TEST_SUITE(V1)
BOOST_AUTO_TEST_SUITE(TestSecPublicInfoSqlite3)
const std::string RSA_DER("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFoDcNtffwbfFix64fw0\
@@ -145,8 +147,10 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestSecPublicInfoSqlite3
+BOOST_AUTO_TEST_SUITE_END() // V1
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/tests/unit-tests/security/sec-tpm-file.t.cpp b/tests/unit-tests/security/v1/sec-tpm-file.t.cpp
similarity index 98%
rename from tests/unit-tests/security/sec-tpm-file.t.cpp
rename to tests/unit-tests/security/v1/sec-tpm-file.t.cpp
index 68671e8..79e3645 100644
--- a/tests/unit-tests/security/sec-tpm-file.t.cpp
+++ b/tests/unit-tests/security/v1/sec-tpm-file.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,8 +19,8 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "security/sec-tpm-file.hpp"
-#include "security/key-chain.hpp"
+#include "security/v1/sec-tpm-file.hpp"
+#include "security/v1/key-chain.hpp"
#include "security/v1/cryptopp.hpp"
#include "util/time.hpp"
@@ -31,9 +31,11 @@
namespace ndn {
namespace security {
+namespace v1 {
namespace tests {
BOOST_AUTO_TEST_SUITE(Security)
+BOOST_AUTO_TEST_SUITE(V1)
BOOST_AUTO_TEST_SUITE(TestSecTpmFile)
BOOST_AUTO_TEST_CASE(Delete)
@@ -406,8 +408,10 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestSecTpmFile
+BOOST_AUTO_TEST_SUITE_END() // V1
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/tests/unit-tests/security/sec-tpm-osx.t.cpp b/tests/unit-tests/security/v1/sec-tpm-osx.t.cpp
similarity index 98%
rename from tests/unit-tests/security/sec-tpm-osx.t.cpp
rename to tests/unit-tests/security/v1/sec-tpm-osx.t.cpp
index 65ea5c3..2d6fbcc 100644
--- a/tests/unit-tests/security/sec-tpm-osx.t.cpp
+++ b/tests/unit-tests/security/v1/sec-tpm-osx.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,7 +19,7 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "security/sec-tpm-osx.hpp"
+#include "security/v1/sec-tpm-osx.hpp"
#include "security/v1/cryptopp.hpp"
#include "util/time.hpp"
@@ -30,6 +30,7 @@
namespace ndn {
namespace security {
+namespace v1 {
namespace tests {
class OsxKeyChainTestFixture
@@ -63,6 +64,7 @@
};
BOOST_AUTO_TEST_SUITE(Security)
+BOOST_AUTO_TEST_SUITE(V1)
BOOST_FIXTURE_TEST_SUITE(TestSecTpmOsx, OsxKeyChainTestFixture)
BOOST_AUTO_TEST_CASE(Delete)
@@ -361,8 +363,10 @@
}
BOOST_AUTO_TEST_SUITE_END() // TestSecTpmOsx
+BOOST_AUTO_TEST_SUITE_END() // V1
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace tests
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/tests/unit-tests/security/validator-config.t.cpp b/tests/unit-tests/security/validator-config.t.cpp
index 2419e8d..74aab21 100644
--- a/tests/unit-tests/security/validator-config.t.cpp
+++ b/tests/unit-tests/security/validator-config.t.cpp
@@ -21,7 +21,7 @@
#include "security/validator-config.hpp"
-#include "security/key-chain.hpp"
+#include "security/signing-helpers.hpp"
#include "util/io.hpp"
#include "util/scheduler.hpp"
#include "util/dummy-client-face.hpp"
diff --git a/tests/unit-tests/security/validator.t.cpp b/tests/unit-tests/security/validator.t.cpp
index 65c5095..90bd1b9 100644
--- a/tests/unit-tests/security/validator.t.cpp
+++ b/tests/unit-tests/security/validator.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,7 +20,6 @@
*/
#include "security/validator-null.hpp"
-#include "security/key-chain.hpp"
#include "boost-test.hpp"
#include "identity-management-fixture.hpp"
diff --git a/tests/unit-tests/util/in-memory-storage-common.t.cpp b/tests/unit-tests/util/in-memory-storage-common.t.cpp
index e6a3ab7..802b2f7 100644
--- a/tests/unit-tests/util/in-memory-storage-common.t.cpp
+++ b/tests/unit-tests/util/in-memory-storage-common.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,7 +23,8 @@
#include "util/in-memory-storage-fifo.hpp"
#include "util/in-memory-storage-lfu.hpp"
#include "util/in-memory-storage-lru.hpp"
-#include "security/key-chain.hpp"
+#include "util/crypto.hpp"
+#include "security/signature-sha256-with-rsa.hpp"
#include "boost-test.hpp"
#include "../make-interest-data.hpp"
@@ -273,8 +274,7 @@
{
shared_ptr<Data> data = makeData("/digest/compute");
- ndn::ConstBufferPtr digest1 = ndn::crypto::computeSha256Digest(data->wireEncode().wire(),
- data->wireEncode().size());
+ ConstBufferPtr digest1 = crypto::computeSha256Digest(data->wireEncode().wire(), data->wireEncode().size());
BOOST_CHECK_EQUAL(digest1->size(), 32);
InMemoryStorageEntry* entry = new InMemoryStorageEntry();
@@ -372,8 +372,7 @@
shared_ptr<Data> data7 = makeData("/c/c/1");
ims.insert(*data7);
- ndn::ConstBufferPtr digest1 = ndn::crypto::computeSha256Digest(data->wireEncode().wire(),
- data->wireEncode().size());
+ ConstBufferPtr digest1 = crypto::computeSha256Digest(data->wireEncode().wire(), data->wireEncode().size());
Name name("/a");
ims.erase(name);
@@ -394,8 +393,7 @@
shared_ptr<Data> data3 = makeData("/z/z/z");
ims.insert(*data3);
- ndn::ConstBufferPtr digest1 = ndn::crypto::computeSha256Digest(data->wireEncode().wire(),
- data->wireEncode().size());
+ ConstBufferPtr digest1 = crypto::computeSha256Digest(data->wireEncode().wire(), data->wireEncode().size());
shared_ptr<Interest> interest = makeInterest("");
interest->setName(Name(name).appendImplicitSha256Digest(digest1->buf(), digest1->size()));
@@ -486,7 +484,7 @@
shared_ptr<Interest> interest = makeInterest(name);
Name keyName("/somewhere/key");
- ndn::KeyLocator locator(keyName);
+ KeyLocator locator(keyName);
interest->setPublisherPublicKeyLocator(locator);
shared_ptr<const Data> found = ims.find(*interest);
@@ -504,9 +502,9 @@
shared_ptr<Data> data2 = make_shared<Data>(name2);
Name keyName("/somewhere/key");
- const ndn::KeyLocator locator(keyName);
+ const KeyLocator locator(keyName);
- ndn::SignatureSha256WithRsa fakeSignature;
+ SignatureSha256WithRsa fakeSignature;
fakeSignature.setValue(makeEmptyBlock(tlv::SignatureValue));
fakeSignature.setKeyLocator(locator);
@@ -698,7 +696,7 @@
///as Find function is implemented at the base case, therefore testing for one derived class is
///sufficient for all
-class FindFixture : public ndn::tests::UnitTestTimeFixture
+class FindFixture : public tests::UnitTestTimeFixture
{
protected:
FindFixture()
@@ -930,9 +928,9 @@
Name n2 = insert(2, "ndn:/A");
insert(3, "ndn:/A/B");
- uint8_t digest00[ndn::crypto::SHA256_DIGEST_SIZE];
+ uint8_t digest00[crypto::SHA256_DIGEST_SIZE];
std::fill_n(digest00, sizeof(digest00), 0x00);
- uint8_t digestFF[ndn::crypto::SHA256_DIGEST_SIZE];
+ uint8_t digestFF[crypto::SHA256_DIGEST_SIZE];
std::fill_n(digestFF, sizeof(digestFF), 0xFF);
Exclude excludeDigest;
diff --git a/tests/unit-tests/util/in-memory-storage-fifo.t.cpp b/tests/unit-tests/util/in-memory-storage-fifo.t.cpp
index 4404b51..6175837 100644
--- a/tests/unit-tests/util/in-memory-storage-fifo.t.cpp
+++ b/tests/unit-tests/util/in-memory-storage-fifo.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,7 +20,6 @@
*/
#include "util/in-memory-storage-fifo.hpp"
-#include "security/key-chain.hpp"
#include "boost-test.hpp"
#include "../make-interest-data.hpp"
diff --git a/tests/unit-tests/util/in-memory-storage-lfu.t.cpp b/tests/unit-tests/util/in-memory-storage-lfu.t.cpp
index bc52b30..5c37e56 100644
--- a/tests/unit-tests/util/in-memory-storage-lfu.t.cpp
+++ b/tests/unit-tests/util/in-memory-storage-lfu.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,7 +20,6 @@
*/
#include "util/in-memory-storage-lfu.hpp"
-#include "security/key-chain.hpp"
#include "boost-test.hpp"
#include "../make-interest-data.hpp"
diff --git a/tests/unit-tests/util/in-memory-storage-lru.t.cpp b/tests/unit-tests/util/in-memory-storage-lru.t.cpp
index 7585987..67068bd 100644
--- a/tests/unit-tests/util/in-memory-storage-lru.t.cpp
+++ b/tests/unit-tests/util/in-memory-storage-lru.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,7 +20,6 @@
*/
#include "util/in-memory-storage-lru.hpp"
-#include "security/key-chain.hpp"
#include "boost-test.hpp"
#include "../make-interest-data.hpp"
diff --git a/tests/unit-tests/util/in-memory-storage-persistent.t.cpp b/tests/unit-tests/util/in-memory-storage-persistent.t.cpp
index af33ab3..9770ef3 100644
--- a/tests/unit-tests/util/in-memory-storage-persistent.t.cpp
+++ b/tests/unit-tests/util/in-memory-storage-persistent.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,7 +20,6 @@
*/
#include "util/in-memory-storage-persistent.hpp"
-#include "security/key-chain.hpp"
#include "boost-test.hpp"
#include "../make-interest-data.hpp"
diff --git a/tests/unit-tests/util/io.t.cpp b/tests/unit-tests/util/io.t.cpp
index 8ffab07..fcb1f2b 100644
--- a/tests/unit-tests/util/io.t.cpp
+++ b/tests/unit-tests/util/io.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,7 +20,6 @@
*/
#include "util/io.hpp"
-#include "security/key-chain.hpp"
#include "boost-test.hpp"
#include "identity-management-fixture.hpp"
diff --git a/tests/unit-tests/util/segment-fetcher.t.cpp b/tests/unit-tests/util/segment-fetcher.t.cpp
index 462e759..02ef85b 100644
--- a/tests/unit-tests/util/segment-fetcher.t.cpp
+++ b/tests/unit-tests/util/segment-fetcher.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -21,16 +21,15 @@
#include "util/segment-fetcher.hpp"
#include "security/validator-null.hpp"
-#include "../../dummy-validator.hpp"
+#include "lp/nack-header.hpp"
#include "data.hpp"
#include "encoding/block.hpp"
#include "boost-test.hpp"
#include "util/dummy-client-face.hpp"
-#include "security/key-chain.hpp"
-#include "lp/nack-header.hpp"
#include "../identity-management-time-fixture.hpp"
#include "../make-interest-data.hpp"
+#include "../../dummy-validator.hpp"
namespace ndn {
namespace util {
diff --git a/tests/unit-tests/util/simple-notification.hpp b/tests/unit-tests/util/simple-notification.hpp
index ce6ec90..23f26f8 100644
--- a/tests/unit-tests/util/simple-notification.hpp
+++ b/tests/unit-tests/util/simple-notification.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2016, Regents of the University of California,
+ * Copyright (c) 2014-2017, Regents of the University of California,
* Arizona Board of Regents,
* Colorado State University,
* University Pierre & Marie Curie, Sorbonne University,
@@ -31,7 +31,6 @@
#include "common.hpp"
#include "encoding/encoding-buffer.hpp"
-#include "security/key-chain.hpp"
namespace ndn {
namespace util {
diff --git a/tools/ndnsec/cert-dump.hpp b/tools/ndnsec/cert-dump.hpp
index cd56e6e..2cfc661 100644
--- a/tools/ndnsec/cert-dump.hpp
+++ b/tools/ndnsec/cert-dump.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -130,7 +130,7 @@
shared_ptr<v1::IdentityCertificate> certificate;
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
if (isIdentityName || isKeyName || isCertName) {
if (isIdentityName) {
diff --git a/tools/ndnsec/cert-gen.hpp b/tools/ndnsec/cert-gen.hpp
index 04da040..4be98a1 100644
--- a/tools/ndnsec/cert-gen.hpp
+++ b/tools/ndnsec/cert-gen.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -37,7 +37,7 @@
using namespace ndn::security;
namespace po = boost::program_options;
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
std::string notBeforeStr;
std::string notAfterStr;
@@ -46,7 +46,7 @@
Name signId;
std::string subjectInfo;
std::vector<std::string> signedInfo;
- Name certPrefix = KeyChain::DEFAULT_PREFIX; // to avoid displaying the default value
+ Name certPrefix = ndn::security::v1::KeyChain::DEFAULT_PREFIX; // to avoid displaying the default value
po::options_description description(
"General Usage\n"
diff --git a/tools/ndnsec/cert-install.hpp b/tools/ndnsec/cert-install.hpp
index a1416ff..f37f04a 100644
--- a/tools/ndnsec/cert-install.hpp
+++ b/tools/ndnsec/cert-install.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -188,7 +188,7 @@
if (!static_cast<bool>(cert))
return 1;
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
if (isSystemDefault) {
keyChain.addCertificateAsIdentityDefault(*cert);
diff --git a/tools/ndnsec/cert-revoke.hpp b/tools/ndnsec/cert-revoke.hpp
index 6aa8d02..6e948e0 100644
--- a/tools/ndnsec/cert-revoke.hpp
+++ b/tools/ndnsec/cert-revoke.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -33,12 +33,12 @@
using namespace ndn::security;
namespace po = boost::program_options;
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
std::string requestFile("-");
Name signId = keyChain.getDefaultIdentity();
bool hasSignId = false;
- Name certPrefix = KeyChain::DEFAULT_PREFIX;
+ Name certPrefix = ndn::security::v1::KeyChain::DEFAULT_PREFIX;
po::options_description description("General Usage\n ndnsec cert-revoke [-h] request\n"
"General options");
@@ -108,7 +108,7 @@
}
Name certName;
- if (certPrefix == KeyChain::DEFAULT_PREFIX) {
+ if (certPrefix == ndn::security::v1::KeyChain::DEFAULT_PREFIX) {
certName = revokedCertificate->getName().getPrefix(-1);
}
else {
@@ -157,7 +157,7 @@
std::cerr << "ERROR: Cannot determine the signing key!" << std::endl;
return 1;
}
- catch (const SecPublicInfo::Error& e) {
+ catch (const v1::SecPublicInfo::Error& e) {
std::cerr << "ERROR: Incomplete or corrupted PIB (" << e.what() << ")" << std::endl;
return 1;
}
diff --git a/tools/ndnsec/delete.hpp b/tools/ndnsec/delete.hpp
index 0c96af4..420af1c 100644
--- a/tools/ndnsec/delete.hpp
+++ b/tools/ndnsec/delete.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -82,7 +82,7 @@
else if (vm.count("delete-key") != 0 || vm.count("delete-key2") != 0)
isDeleteKey = true;
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
try {
if (isDeleteCert) {
@@ -114,15 +114,15 @@
std::cerr << "OK: Delete identity: " << name << std::endl;
}
}
- catch (const SecPublicInfo::Error& e) {
+ catch (const ndn::security::v1::SecPublicInfo::Error& e) {
std::cerr << "ERROR: Cannot delete the item: " << e.what() << std::endl;
return 2;
}
- catch (const SecTpm::Error& e) {
+ catch (const ndn::security::v1::SecTpm::Error& e) {
std::cerr << "ERROR: Cannot delete the item: " << e.what() << std::endl;
return 2;
}
- catch (const KeyChain::Error& e) {
+ catch (const ndn::security::v1::KeyChain::Error& e) {
std::cerr << "ERROR: " << e.what() << std::endl;
return 2;
}
diff --git a/tools/ndnsec/dsk-gen.hpp b/tools/ndnsec/dsk-gen.hpp
index 4f994c3..207100e 100644
--- a/tools/ndnsec/dsk-gen.hpp
+++ b/tools/ndnsec/dsk-gen.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -77,7 +77,7 @@
shared_ptr<v1::IdentityCertificate> kskCert;
Name signingCertName;
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
try {
Name defaultCertName = keyChain.getDefaultCertificateNameForIdentity(identityName);
diff --git a/tools/ndnsec/export.hpp b/tools/ndnsec/export.hpp
index cd0c786..45c3d32 100644
--- a/tools/ndnsec/export.hpp
+++ b/tools/ndnsec/export.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -79,7 +79,7 @@
Name identity(identityStr);
if (!isPrivateExport) {
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
shared_ptr<security::v1::IdentityCertificate> cert
= keyChain.getCertificate(keyChain.getDefaultCertificateNameForIdentity(identity));
@@ -93,7 +93,7 @@
else {
Block wire;
try {
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
int count = 3;
while (!getPassword(exportPassword, "Passphrase for the private key: ")) {
@@ -104,7 +104,7 @@
return 1;
}
}
- shared_ptr<SecuredBag> securedBag = keyChain.exportIdentity(identity, exportPassword);
+ shared_ptr<ndn::security::v1::SecuredBag> securedBag = keyChain.exportIdentity(identity, exportPassword);
memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
if (output == "-")
diff --git a/tools/ndnsec/get-default.hpp b/tools/ndnsec/get-default.hpp
index 41f4f2a..b701015 100644
--- a/tools/ndnsec/get-default.hpp
+++ b/tools/ndnsec/get-default.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -26,7 +26,6 @@
#include "util.hpp"
-
int
ndnsec_get_default(int argc, char** argv)
{
@@ -85,7 +84,7 @@
isQuiet = true;
}
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
if (vm.count("key") != 0)
{
diff --git a/tools/ndnsec/import.hpp b/tools/ndnsec/import.hpp
index 3a42c1b..41cf602 100644
--- a/tools/ndnsec/import.hpp
+++ b/tools/ndnsec/import.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -79,13 +79,13 @@
{
try
{
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
- shared_ptr<SecuredBag> securedBag;
+ shared_ptr<ndn::security::v1::SecuredBag> securedBag;
if (input == "-")
- securedBag = io::load<SecuredBag>(std::cin);
+ securedBag = io::load<ndn::security::v1::SecuredBag>(std::cin);
else
- securedBag = io::load<SecuredBag>(input);
+ securedBag = io::load<ndn::security::v1::SecuredBag>(input);
int count = 3;
while (!getPassword(importPassword, "Passphrase for the private key: "))
diff --git a/tools/ndnsec/key-gen.hpp b/tools/ndnsec/key-gen.hpp
index 1384ac8..5be5ce7 100644
--- a/tools/ndnsec/key-gen.hpp
+++ b/tools/ndnsec/key-gen.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -85,7 +85,7 @@
bool isKsk = (vm.count("dsk") == 0);
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
Name keyName;
try {
diff --git a/tools/ndnsec/list.hpp b/tools/ndnsec/list.hpp
index 8a750f2..d7d3c4f 100644
--- a/tools/ndnsec/list.hpp
+++ b/tools/ndnsec/list.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -27,7 +27,7 @@
#include "util.hpp"
void
-printCertificate(ndn::KeyChain& keyChain,
+printCertificate(ndn::security::v1::KeyChain& keyChain,
const ndn::Name& certName,
bool isDefault,
int verboseLevel)
@@ -47,7 +47,7 @@
}
void
-printKey(ndn::KeyChain& keyChain,
+printKey(ndn::security::v1::KeyChain& keyChain,
const ndn::Name& keyName,
bool isDefault,
int verboseLevel)
@@ -74,7 +74,7 @@
}
void
-printIdentity(ndn::KeyChain& keyChain,
+printIdentity(ndn::security::v1::KeyChain& keyChain,
const ndn::Name& identity,
bool isDefault,
int verboseLevel)
@@ -154,7 +154,7 @@
verboseLevel = std::max(verboseLevel, tmpVerboseLevel);
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
std::vector<Name> defaultIdentities;
keyChain.getAllIdentities(defaultIdentities, true);
diff --git a/tools/ndnsec/main.cpp b/tools/ndnsec/main.cpp
index f0c97b7..b86fee1 100644
--- a/tools/ndnsec/main.cpp
+++ b/tools/ndnsec/main.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,6 +23,10 @@
#include "version.hpp"
+#include "security/key-chain.hpp"
+#include "security/v1/certificate-subject-description.hpp"
+#include "security/v1/secured-bag.hpp"
+
#include "util.hpp"
#include "list.hpp"
#include "get-default.hpp"
@@ -37,12 +41,13 @@
#include "export.hpp"
#include "import.hpp"
#include "delete.hpp"
-#include "sig-verify.hpp"
#include "set-acl.hpp"
#include "unlock-tpm.hpp"
#include "op-tool.hpp"
using namespace ndn;
+using namespace ndn::security;
+using namespace ndn::security::v1;
std::string ndnsec_helper("\
help Show all commands.\n\
@@ -60,7 +65,6 @@
delete Delete identity/key/certificate.\n\
export Export an identity package.\n\
import Import an identity package.\n\
- sig-verify Verify the signature of a Data packet.\n\
set-acl Configure ACL of a private key.\n\
unlock-tpm Unlock Tpm.\n\
op-tool Operator tool.\n\
@@ -95,7 +99,6 @@
else if (command == "delete") { return ndnsec_delete(argc - 1, argv + 1); }
else if (command == "export") { return ndnsec_export(argc - 1, argv + 1); }
else if (command == "import") { return ndnsec_import(argc - 1, argv + 1); }
- else if (command == "sig-verify") { return ndnsec_sig_verify(argc - 1, argv + 1); }
else if (command == "set-acl") { return ndnsec_set_acl(argc - 1, argv + 1); }
else if (command == "unlock-tpm") { return ndnsec_unlock_tpm(argc - 1, argv + 1); }
else if (command == "op-tool") { return ndnsec_op_tool(argc - 1, argv + 1); }
diff --git a/tools/ndnsec/op-tool.hpp b/tools/ndnsec/op-tool.hpp
index 5766949..971ad98 100644
--- a/tools/ndnsec/op-tool.hpp
+++ b/tools/ndnsec/op-tool.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -72,7 +72,7 @@
if (command == "sign") // the content to be signed from stdin
{
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
Buffer dataToSign((std::istreambuf_iterator<char>(std::cin)), std::istreambuf_iterator<char>());
diff --git a/tools/ndnsec/set-acl.hpp b/tools/ndnsec/set-acl.hpp
index ca639b6..cf12d55 100644
--- a/tools/ndnsec/set-acl.hpp
+++ b/tools/ndnsec/set-acl.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -79,7 +79,7 @@
return 1;
}
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
keyChain.addAppToAcl(keyName, KeyClass::PRIVATE, appPath, AclType::PRIVATE);
return 0;
diff --git a/tools/ndnsec/set-default.hpp b/tools/ndnsec/set-default.hpp
index ed23b6f..d1ff7fa 100644
--- a/tools/ndnsec/set-default.hpp
+++ b/tools/ndnsec/set-default.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -73,7 +73,7 @@
return 1;
}
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
if (vm.count("default_key") != 0)
{
diff --git a/tools/ndnsec/sig-verify.hpp b/tools/ndnsec/sig-verify.hpp
deleted file mode 100644
index 28107ce..0000000
--- a/tools/ndnsec/sig-verify.hpp
+++ /dev/null
@@ -1,128 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2015 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
- */
-
-#ifndef NDN_TOOLS_NDNSEC_SIG_VERIFY_HPP
-#define NDN_TOOLS_NDNSEC_SIG_VERIFY_HPP
-
-#include "util.hpp"
-
-// using namespace ndn;
-// namespace po = boost::program_options;
-
-// shared_ptr<IdentityCertificate>
-// getCertificate(const std::string& certString)
-// {
-// std::string decoded;
-// CryptoPP::StringSource ss2(reinterpret_cast<const unsigned char *>(certString.c_str()), certString.size(), true,
-// new CryptoPP::Base64Decoder(new CryptoPP::StringSink(decoded)));
-
-// Data data;
-// data.wireDecode(Block(make_shared<Buffer>(decoded.begin(), decoded.end())));
-
-// shared_ptr<IdentityCertificate> identityCertificate = make_shared<IdentityCertificate>(data);
-
-// return identityCertificate;
-// }
-
-// bool
-// verifySignature(shared_ptr<IdentityCertificate> certificate, bool isDataPacket)
-// {
-// throw std::runtime_error("Not supported yet");
-// // if(isDataPacket)
-// // {
-// // std::string decoded;
-// // CryptoPP::FileSource ss2(cin, true,
-// // new CryptoPP::Base64Decoder(new CryptoPP::StringSink(decoded)));
-
-// // Data data;
-// // data.wireDecode(make_shared<Buffer>(decoded.c_str(), decoded.size()));
-// // return PolicyManager::verifySignature(data, certificate->getPublicKeyInfo());
-// // }
-// // else
-// // {
-// // // The first two bytes indicates the boundary of the of the signed data and signature.
-// // // for example, if the size of the signed data is 300, then the boundary should be 300, so the first two bytes should be: 0x01 0x2C
-// // shared_ptr<Blob> input = shared_ptr<Blob>(new Blob ((istreambuf_iterator<char>(cin)), istreambuf_iterator<char>()));
-// // size_t size = input->at(0);
-// // size = ((size << 8) + input->at(1));
-
-// // Blob signedBlob(input->buf()+2, size);
-// // Blob signature(input->buf()+2+size, input->size()-2-size);
-
-// // return PolicyManager::verifySignature(signedBlob, signature, certificate->getPublicKeyInfo());
-// // }
-// }
-
-int
-ndnsec_sig_verify(int argc, char** argv)
-{
- std::cerr << "Not supported yet" << std::endl;
- return 1;
- // bool isDataPacket = false;
- // std::string certString;
-
- // po::options_description desc("General Usage\n ndn-sig-verify [-h] [-d] certificate\nGeneral options");
- // desc.add_options()
- // ("help,h", "produce help message")
- // ("data,d", "if specified, input from stdin will be treated as a Data packet, otherwise binary data")
- // ("certificate,c", po::value<std::string>(&certString), "the certificate bits")
- // ;
-
- // po::positional_options_description p;
- // p.add("certificate", 1);
-
- // po::variables_map vm;
- // try
- // {
- // po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
- // po::notify(vm);
- // }
- // catch( const std::exception& e)
- // {
- // std::cerr << e.what() << std::endl;
- // std::cerr << desc << std::endl;
- // return 1;
- // }
-
- // if (vm.count("help") || vm.count("certificate")==0)
- // {
- // std::cerr << desc << std::endl;
- // return 1;
- // }
- // if (vm.count("data"))
- // isDataPacket = true;
-
- // try
- // {
- // shared_ptr<IdentityCertificate> certificate = getCertificate(certString);
- // bool res = verifySignature(certificate, isDataPacket);
- // return (res ? 0 : 1);
- // }
- // catch(const std::exception &e)
- // {
- // std::cerr << "ERROR: " << e.what() << std::endl;
- // return 1;
- // }
-}
-
-#endif // NDN_TOOLS_NDNSEC_SIG_VERIFY_HPP
diff --git a/tools/ndnsec/sign-req.hpp b/tools/ndnsec/sign-req.hpp
index bb8906e..425839f 100644
--- a/tools/ndnsec/sign-req.hpp
+++ b/tools/ndnsec/sign-req.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -78,7 +78,7 @@
shared_ptr<v1::IdentityCertificate> selfSignCert;
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
if (isKeyName)
selfSignCert = keyChain.selfSign(name);
diff --git a/tools/ndnsec/unlock-tpm.hpp b/tools/ndnsec/unlock-tpm.hpp
index 2127848..927bc81 100644
--- a/tools/ndnsec/unlock-tpm.hpp
+++ b/tools/ndnsec/unlock-tpm.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -62,7 +62,7 @@
bool isUnlocked = false;
- KeyChain keyChain;
+ ndn::security::v1::KeyChain keyChain;
char* password;
password = getpass("Password to unlock the TPM: ");