security: Preliminary work with security module changes

Change-Id: I36d86ac22fdc8aa71eed229236673993753489a2
diff --git a/include/ndn-cpp/security/encryption/encryption-manager.hpp b/include/ndn-cpp/security/encryption/encryption-manager.hpp
index e6d29e9..44eafb7 100644
--- a/include/ndn-cpp/security/encryption/encryption-manager.hpp
+++ b/include/ndn-cpp/security/encryption/encryption-manager.hpp
@@ -20,11 +20,11 @@
   virtual void 
   createSymmetricKey(const Name& keyName, KeyType keyType, const Name& signkeyName = Name(), bool isSymmetric = true) = 0;
 
-  virtual Blob
+  virtual ConstBufferPtr
   encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = false, 
           EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT) = 0;
 
-  virtual Blob
+  virtual ConstBufferPtr
   decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = false, 
           EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT) = 0;
 };
diff --git a/include/ndn-cpp/security/identity/identity-manager.hpp b/include/ndn-cpp/security/identity/identity-manager.hpp
index d5f49f4..4273f6b 100644
--- a/include/ndn-cpp/security/identity/identity-manager.hpp
+++ b/include/ndn-cpp/security/identity/identity-manager.hpp
@@ -9,18 +9,22 @@
 #ifndef NDN_IDENTITY_MANAGER_HPP
 #define NDN_IDENTITY_MANAGER_HPP
 
-#include "../certificate/identity-certificate.hpp"
 #include "identity-storage.hpp"
-#include "../certificate/public-key.hpp"
 #include "private-key-storage.hpp"
 
+#include "../../data.hpp"
+
 namespace ndn {
 
+class IdentityCertificate;
+
 /**
  * An IdentityManager is the interface of operations related to identity, keys, and certificates.
  */
 class IdentityManager {
 public:
+  struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+
   IdentityManager(const ptr_lib::shared_ptr<IdentityStorage>& identityStorage, const ptr_lib::shared_ptr<PrivateKeyStorage>& privateKeyStorage)
   : identityStorage_(identityStorage), privateKeyStorage_(privateKeyStorage)
   {
@@ -91,11 +95,11 @@
    * @param keyName The name of the key.
    * @return The public key.
    */
-  ptr_lib::shared_ptr<PublicKey>
-  getPublicKey(const Name& keyName)
-  {
-    return PublicKey::fromDer(identityStorage_->getKey(keyName));
-  }
+  // ptr_lib::shared_ptr<PublicKey>
+  // getPublicKey(const Name& keyName)
+  // {
+  //   return PublicKey::fromDer(identityStorage_->getKey(keyName));
+  // }
 
   /**
    * Create an identity certificate for a public key managed by this IdentityManager.
@@ -160,22 +164,22 @@
    * @param certificateName The name of the requested certificate.
    * @return the requested certificate which is valid.
    */
-  ptr_lib::shared_ptr<IdentityCertificate>
-  getCertificate(const Name& certificateName)
-  {
-    return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, false));
-  }
+  // ptr_lib::shared_ptr<IdentityCertificate>
+  // getCertificate(const Name& certificateName)
+  // {
+  //   return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, false));
+  // }
     
   /**
    * Get a certificate even if the certificate is not valid anymore.
    * @param certificateName The name of the requested certificate.
    * @return the requested certificate.
    */
-  ptr_lib::shared_ptr<IdentityCertificate>
-  getAnyCertificate(const Name& certificateName)
-  {
-    return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, true));
-  }
+  // ptr_lib::shared_ptr<IdentityCertificate>
+  // getAnyCertificate(const Name& certificateName)
+  // {
+  //   return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, true));
+  // }
     
   /**
    * Get the default certificate name for the specified identity, which will be used when signing is performed based on identity.
@@ -206,22 +210,10 @@
    * @param certificateName The signing certificate name.
    * @return The generated signature.
    */
-  ptr_lib::shared_ptr<Signature>
+  Signature
   signByCertificate(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
 
   /**
-   * Sign the byte array data based on the certificate name.
-   * @param buffer The byte array to be signed.
-   * @param certificateName The signing certificate name.
-   * @return The generated signature.
-   */
-  ptr_lib::shared_ptr<Signature>
-  signByCertificate(const std::vector<uint8_t>& buffer, const Name& certificateName) 
-  {
-    return signByCertificate(&buffer[0], buffer.size(), certificateName);
-  }
-
-  /**
    * Sign data packet based on the certificate name.
    * Note: the caller must make sure the timestamp in data is correct, for example with 
    * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
@@ -230,7 +222,7 @@
    * @param wireFormat The WireFormat for calling encodeData, or WireFormat::getDefaultWireFormat() if omitted.
    */
   void 
-  signByCertificate(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
+  signByCertificate(Data& data, const Name& certificateName);
 
   /**
    * Generate a self-signed certificate for a public key.
diff --git a/include/ndn-cpp/security/identity/identity-storage.hpp b/include/ndn-cpp/security/identity/identity-storage.hpp
index 3c298c8..442e522 100644
--- a/include/ndn-cpp/security/identity/identity-storage.hpp
+++ b/include/ndn-cpp/security/identity/identity-storage.hpp
@@ -25,6 +25,8 @@
  */
 class IdentityStorage {
 public:
+  struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+
   /**
    * The virtual Destructor.
    */
@@ -77,14 +79,14 @@
    * @param publicKeyDer A blob of the public key DER to be added.
    */
   virtual void 
-  addKey(const Name& keyName, KeyType keyType, const Blob& publicKeyDer) = 0;
+  addKey(const Name& keyName, KeyType keyType, const Buffer& publicKeyDer) = 0;
 
   /**
    * Get the public key DER blob from the identity storage.
    * @param keyName The name of the requested public key.
    * @return The DER Blob.  If not found, return a Blob with a null pointer.
    */
-  virtual Blob
+  virtual Buffer
   getKey(const Name& keyName) = 0;
 
   /**
diff --git a/include/ndn-cpp/security/identity/private-key-storage.hpp b/include/ndn-cpp/security/identity/private-key-storage.hpp
index 90556bd..c789d89 100644
--- a/include/ndn-cpp/security/identity/private-key-storage.hpp
+++ b/include/ndn-cpp/security/identity/private-key-storage.hpp
@@ -10,13 +10,13 @@
 #define NDN_PRIVATE_KEY_STORAGE_HPP
 
 #include <string>
-#include "../../util/blob.hpp"
-#include "../certificate/public-key.hpp"
 #include "../security-common.hpp"
 #include "../../name.hpp"
 
 namespace ndn {
 
+class PublicKey;
+
 class PrivateKeyStorage {
 public:
   /**
@@ -50,15 +50,9 @@
    * @param digestAlgorithm the digest algorithm.
    * @return The signature, or a null pointer if signing fails.
    */  
-  virtual Blob 
+  virtual ConstBufferPtr
   sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256) = 0;
     
-  Blob 
-  sign(const Blob& data, const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256)
-  {
-    return sign(data.buf(), data.size(), keyName, digestAlgorithm);
-  }
-  
   /**
    * Decrypt data.
    * @param keyName The name of the decrypting key.
@@ -67,15 +61,9 @@
    * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric encryption is used.
    * @return The decrypted data.
    */
-  virtual Blob 
+  virtual ConstBufferPtr 
   decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false) = 0;
 
-  Blob 
-  decrypt(const Name& keyName, const Blob& data, bool isSymmetric = false)
-  {
-    return decrypt(keyName, data.buf(), data.size(), isSymmetric);
-  }
-
   /**
    * Encrypt data.
    * @param keyName The name of the encrypting key.
@@ -84,15 +72,9 @@
    * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric encryption is used.
    * @return The encrypted data.
    */
-  virtual Blob
+  virtual ConstBufferPtr
   encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false) = 0;
 
-  Blob
-  encrypt(const Name& keyName, const Blob& data, bool isSymmetric = false)
-  {
-    return encrypt(keyName, data.buf(), data.size(), isSymmetric);
-  }
-
   /**
    * @brief Generate a symmetric key.
    * @param keyName The name of the key.
diff --git a/include/ndn-cpp/security/key-chain.hpp b/include/ndn-cpp/security/key-chain.hpp
index 4248850..4e804cc 100644
--- a/include/ndn-cpp/security/key-chain.hpp
+++ b/include/ndn-cpp/security/key-chain.hpp
@@ -27,176 +27,39 @@
  */
 class KeyChain {
 public:
-  KeyChain
-    (const ptr_lib::shared_ptr<IdentityManager>& identityManager, const ptr_lib::shared_ptr<PolicyManager>& policyManager);
+  struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
 
+  KeyChain(IdentityManager *identityManager, PolicyManager *policyManager);
+
+  /**
+   * @brief Set the Face which will be used to fetch required certificates.
+   * @param face A pointer to the Face object.
+   *
+   * Setting face is necessary for keychain operation that involve fetching data.
+   */
+  void
+  setFace(const ptr_lib::shared_ptr<Face> &face) { face_ = face; }
+  
   /*****************************************
    *          Identity Management          *
    *****************************************/
 
-  /**
-   * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
-   * @param identityName The name of the identity.
-   * @return The key name of the auto-generated KSK of the identity.
-   */
-  Name
-  createIdentity(const Name& identityName)
+  inline IdentityManager&
+  identities()
   {
-    return identityManager_->createIdentity(identityName);
+    return *identityManager_;
   }
 
-  /**
-   * Get the default identity.
-   * @return The default identity name.
-   */
-  Name
-  getDefaultIdentity()
-  {
-    return identityManager_->getDefaultIdentity();
-  }
-  
-  /**
-   * Generate a pair of RSA keys for the specified identity.
-   * @param identityName The name of the identity.
-   * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
-   * @param keySize The size of the key.
-   * @return The generated key name.
-   */
-  Name
-  generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048)
-  {
-    return identityManager_->generateRSAKeyPair(identityName, isKsk, keySize);
-  }
-
-  /**
-   * Set a key as the default key of an identity.
-   * @param keyName The name of the key.
-   * @param identityName the name of the identity. If not specified, the identity name is inferred from the keyName.
-   */
-  void
-  setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name())
-  {
-    return identityManager_->setDefaultKeyForIdentity(keyName, identityName);
-  }
-
-  /**
-   * Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
-   * @param identityName The name of the identity.
-   * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
-   * @param keySize The size of the key.
-   * @return The generated key name.
-   */
-  Name
-  generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048)
-  {
-    return identityManager_->generateRSAKeyPairAsDefault(identityName, isKsk, keySize);
-  }
-
-  /**
-   * Create a public key signing request.
-   * @param keyName The name of the key.
-   * @returns The signing request data.
-   */
-  Blob
-  createSigningRequest(const Name& keyName)
-  {
-    return identityManager_->getPublicKey(keyName)->getKeyDer();
-  }
-
-  /**
-   * Install an identity certificate into the public key identity storage.
-   * @param certificate The certificate to to added.
-   */
-  void
-  installIdentityCertificate(const IdentityCertificate& certificate)
-  {
-    identityManager_->addCertificate(certificate);
-  }
-
-  /**
-   * Set the certificate as the default for its corresponding key.
-   * @param certificateName The certificate.
-   */
-  void
-  setDefaultCertificateForKey(const IdentityCertificate& certificate)
-  {
-    identityManager_->setDefaultCertificateForKey(certificate);
-  }
-
-  /**
-   * Get a certificate with the specified name.
-   * @param certificateName The name of the requested certificate.
-   * @return the requested certificate which is valid.
-   */
-  ptr_lib::shared_ptr<Certificate>
-  getCertificate(const Name& certificateName)
-  {
-    return identityManager_->getCertificate(certificateName);
-  }
-
-  /**
-   * Get a certificate even if the certificate is not valid anymore.
-   * @param certificateName The name of the requested certificate.
-   * @return the requested certificate.
-   */
-  ptr_lib::shared_ptr<Certificate>
-  getAnyCertificate(const Name& certificateName)
-  {
-    return identityManager_->getAnyCertificate(certificateName);
-  }
-
-  /**
-   * Get an identity certificate with the specified name.
-   * @param certificateName The name of the requested certificate.
-   * @return the requested certificate which is valid.
-   */
-  ptr_lib::shared_ptr<IdentityCertificate>
-  getIdentityCertificate(const Name& certificateName)
-  {
-    return identityManager_->getCertificate(certificateName);
-  }
-
-  /**
-   * Get an identity certificate even if the certificate is not valid anymore.
-   * @param certificateName The name of the requested certificate.
-   * @return the requested certificate.
-   */
-  ptr_lib::shared_ptr<IdentityCertificate>
-  getAnyIdentityCertificate(const Name& certificateName)
-  {
-    return identityManager_->getAnyCertificate(certificateName);
-  }
-
-  /**
-   * Revoke a key
-   * @param keyName the name of the key that will be revoked
-   */
-  void 
-  revokeKey(const Name & keyName)
-  {
-    //TODO: Implement
-  }
-
-  /**
-   * Revoke a certificate
-   * @param certificateName the name of the certificate that will be revoked
-   */
-  void 
-  revokeCertificate(const Name & certificateName)
-  {
-    //TODO: Implement
-  }
-
-  ptr_lib::shared_ptr<IdentityManager>
-  getIdentityManager() { return identityManager_; }
-  
   /*****************************************
    *           Policy Management           *
    *****************************************/
 
-  const ptr_lib::shared_ptr<PolicyManager>&
-  getPolicyManager() { return policyManager_; }
-  
+  inline PolicyManager&
+  policies()
+  {
+    return *policyManager_;
+  }
+
   /*****************************************
    *              Sign/Verify              *
    *****************************************/
@@ -210,7 +73,7 @@
    * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
    */
   void 
-  sign(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
+  sign(Data& data, const Name& certificateName);
   
   /**
    * Sign the byte array using a certificate name and return a Signature object.
@@ -219,22 +82,10 @@
    * @param certificateName The certificate name used to get the signing key and which will be put into KeyLocator.
    * @return The Signature.
    */
-  ptr_lib::shared_ptr<Signature> 
+  Signature
   sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
 
   /**
-   * Sign the byte array using a certificate name and return a Signature object.
-   * @param buffer The byte array to be signed.
-   * @param certificateName The certificate name used to get the signing key and which will be put into KeyLocator.
-   * @return The Signature.
-   */
-  ptr_lib::shared_ptr<Signature> 
-  sign(const std::vector<uint8_t>& buffer, const Name& certificateName)
-  {
-    return sign(&buffer[0], buffer.size(), certificateName);
-  }
-
-  /**
    * Wire encode the Data object, sign it and set its signature.
    * Note: the caller must make sure the timestamp is correct, for example with 
    * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
@@ -243,7 +94,7 @@
    * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
    */
   void 
-  signByIdentity(Data& data, const Name& identityName = Name(), WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
+  signByIdentity(Data& data, const Name& identityName = Name());
 
   /**
    * Sign the byte array using an identity name and return a Signature object.
@@ -252,22 +103,10 @@
    * @param identityName The identity name.
    * @return The Signature.
    */
-  ptr_lib::shared_ptr<Signature> 
+  Signature
   signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
 
   /**
-   * Sign the byte array using an identity name and return a Signature object.
-   * @param buffer The byte array to be signed.
-   * @param identityName The identity name.
-   * @return The Signature.
-   */
-  ptr_lib::shared_ptr<Signature> 
-  signByIdentity(const std::vector<uint8_t>& buffer, const Name& identityName)
-  {
-    return signByIdentity(&buffer[0], buffer.size(), identityName);
-  }
-
-  /**
    * Check the signature on the Data object and call either onVerify or onVerifyFailed. 
    * We use callback functions because verify may fetch information to check the signature.
    * @param data The Data object with the signature to check. It is an error if data does not have a wireEncoding. 
@@ -282,57 +121,8 @@
   /*****************************************
    *           Encrypt/Decrypt             *
    *****************************************/
-
-  /**
-   * Generate a symmetric key.
-   * @param keyName The name of the generated key.
-   * @param keyType The type of the key, e.g. KEY_TYPE_AES
-   */
-  void 
-  generateSymmetricKey(const Name& keyName, KeyType keyType)
-  {
-    encryptionManager_->createSymmetricKey(keyName, keyType);
-  }
-
-  /**
-   * Encrypt a byte array.
-   * @param keyName The name of the encrypting key.
-   * @param data The byte array that will be encrypted.
-   * @param dataLength The length of data.
-   * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used.
-   * @param encryptMode the encryption mode
-   * @return the encrypted data as an immutable Blob.
-   */
-  Blob
-  encrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true, 
-          EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT)
-  {
-    return encryptionManager_->encrypt(keyName, data, dataLength, useSymmetric, encryptMode);
-  }
-
-  /**
-   * Decrypt a byte array.
-   * @param keyName The name of the decrypting key.
-   * @param data The byte array that will be decrypted.
-   * @param dataLength The length of data.
-   * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used.
-   * @param encryptMode the encryption mode
-   * @return the decrypted data as an immutable Blob.
-   */
-  Blob
-  decrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true, 
-          EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT)
-  {
-     return encryptionManager_->decrypt(keyName, data, dataLength, useSymmetric, encryptMode);
-  }
+  // todo
   
-  /**
-   * Set the Face which will be used to fetch required certificates.
-   * @param face A pointer to the Face object.
-   */
-  void
-  setFace(Face* face) { face_ = face; }
-
 private:
   void
   onCertificateData
@@ -343,10 +133,12 @@
     (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed, 
      const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
 
-  ptr_lib::shared_ptr<IdentityManager> identityManager_;
-  ptr_lib::shared_ptr<PolicyManager> policyManager_;
-  ptr_lib::shared_ptr<EncryptionManager> encryptionManager_;
-  Face* face_;
+private:
+  std::auto_ptr<IdentityManager>   identityManager_;
+  std::auto_ptr<PolicyManager>     policyManager_;
+  // std::auto_ptr<EncryptionManager> encryptionManager_;
+  ptr_lib::shared_ptr<Face>        face_;
+  
   const int maxSteps_;
 };