security: Preliminary work with security module changes
Change-Id: I36d86ac22fdc8aa71eed229236673993753489a2
diff --git a/include/ndn-cpp/security/identity/identity-manager.hpp b/include/ndn-cpp/security/identity/identity-manager.hpp
index d5f49f4..4273f6b 100644
--- a/include/ndn-cpp/security/identity/identity-manager.hpp
+++ b/include/ndn-cpp/security/identity/identity-manager.hpp
@@ -9,18 +9,22 @@
#ifndef NDN_IDENTITY_MANAGER_HPP
#define NDN_IDENTITY_MANAGER_HPP
-#include "../certificate/identity-certificate.hpp"
#include "identity-storage.hpp"
-#include "../certificate/public-key.hpp"
#include "private-key-storage.hpp"
+#include "../../data.hpp"
+
namespace ndn {
+class IdentityCertificate;
+
/**
* An IdentityManager is the interface of operations related to identity, keys, and certificates.
*/
class IdentityManager {
public:
+ struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+
IdentityManager(const ptr_lib::shared_ptr<IdentityStorage>& identityStorage, const ptr_lib::shared_ptr<PrivateKeyStorage>& privateKeyStorage)
: identityStorage_(identityStorage), privateKeyStorage_(privateKeyStorage)
{
@@ -91,11 +95,11 @@
* @param keyName The name of the key.
* @return The public key.
*/
- ptr_lib::shared_ptr<PublicKey>
- getPublicKey(const Name& keyName)
- {
- return PublicKey::fromDer(identityStorage_->getKey(keyName));
- }
+ // ptr_lib::shared_ptr<PublicKey>
+ // getPublicKey(const Name& keyName)
+ // {
+ // return PublicKey::fromDer(identityStorage_->getKey(keyName));
+ // }
/**
* Create an identity certificate for a public key managed by this IdentityManager.
@@ -160,22 +164,22 @@
* @param certificateName The name of the requested certificate.
* @return the requested certificate which is valid.
*/
- ptr_lib::shared_ptr<IdentityCertificate>
- getCertificate(const Name& certificateName)
- {
- return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, false));
- }
+ // ptr_lib::shared_ptr<IdentityCertificate>
+ // getCertificate(const Name& certificateName)
+ // {
+ // return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, false));
+ // }
/**
* Get a certificate even if the certificate is not valid anymore.
* @param certificateName The name of the requested certificate.
* @return the requested certificate.
*/
- ptr_lib::shared_ptr<IdentityCertificate>
- getAnyCertificate(const Name& certificateName)
- {
- return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, true));
- }
+ // ptr_lib::shared_ptr<IdentityCertificate>
+ // getAnyCertificate(const Name& certificateName)
+ // {
+ // return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, true));
+ // }
/**
* Get the default certificate name for the specified identity, which will be used when signing is performed based on identity.
@@ -206,22 +210,10 @@
* @param certificateName The signing certificate name.
* @return The generated signature.
*/
- ptr_lib::shared_ptr<Signature>
+ Signature
signByCertificate(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
/**
- * Sign the byte array data based on the certificate name.
- * @param buffer The byte array to be signed.
- * @param certificateName The signing certificate name.
- * @return The generated signature.
- */
- ptr_lib::shared_ptr<Signature>
- signByCertificate(const std::vector<uint8_t>& buffer, const Name& certificateName)
- {
- return signByCertificate(&buffer[0], buffer.size(), certificateName);
- }
-
- /**
* Sign data packet based on the certificate name.
* Note: the caller must make sure the timestamp in data is correct, for example with
* data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
@@ -230,7 +222,7 @@
* @param wireFormat The WireFormat for calling encodeData, or WireFormat::getDefaultWireFormat() if omitted.
*/
void
- signByCertificate(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
+ signByCertificate(Data& data, const Name& certificateName);
/**
* Generate a self-signed certificate for a public key.
diff --git a/include/ndn-cpp/security/identity/identity-storage.hpp b/include/ndn-cpp/security/identity/identity-storage.hpp
index 3c298c8..442e522 100644
--- a/include/ndn-cpp/security/identity/identity-storage.hpp
+++ b/include/ndn-cpp/security/identity/identity-storage.hpp
@@ -25,6 +25,8 @@
*/
class IdentityStorage {
public:
+ struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+
/**
* The virtual Destructor.
*/
@@ -77,14 +79,14 @@
* @param publicKeyDer A blob of the public key DER to be added.
*/
virtual void
- addKey(const Name& keyName, KeyType keyType, const Blob& publicKeyDer) = 0;
+ addKey(const Name& keyName, KeyType keyType, const Buffer& publicKeyDer) = 0;
/**
* Get the public key DER blob from the identity storage.
* @param keyName The name of the requested public key.
* @return The DER Blob. If not found, return a Blob with a null pointer.
*/
- virtual Blob
+ virtual Buffer
getKey(const Name& keyName) = 0;
/**
diff --git a/include/ndn-cpp/security/identity/private-key-storage.hpp b/include/ndn-cpp/security/identity/private-key-storage.hpp
index 90556bd..c789d89 100644
--- a/include/ndn-cpp/security/identity/private-key-storage.hpp
+++ b/include/ndn-cpp/security/identity/private-key-storage.hpp
@@ -10,13 +10,13 @@
#define NDN_PRIVATE_KEY_STORAGE_HPP
#include <string>
-#include "../../util/blob.hpp"
-#include "../certificate/public-key.hpp"
#include "../security-common.hpp"
#include "../../name.hpp"
namespace ndn {
+class PublicKey;
+
class PrivateKeyStorage {
public:
/**
@@ -50,15 +50,9 @@
* @param digestAlgorithm the digest algorithm.
* @return The signature, or a null pointer if signing fails.
*/
- virtual Blob
+ virtual ConstBufferPtr
sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256) = 0;
- Blob
- sign(const Blob& data, const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256)
- {
- return sign(data.buf(), data.size(), keyName, digestAlgorithm);
- }
-
/**
* Decrypt data.
* @param keyName The name of the decrypting key.
@@ -67,15 +61,9 @@
* @param isSymmetric If true symmetric encryption is used, otherwise asymmetric encryption is used.
* @return The decrypted data.
*/
- virtual Blob
+ virtual ConstBufferPtr
decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false) = 0;
- Blob
- decrypt(const Name& keyName, const Blob& data, bool isSymmetric = false)
- {
- return decrypt(keyName, data.buf(), data.size(), isSymmetric);
- }
-
/**
* Encrypt data.
* @param keyName The name of the encrypting key.
@@ -84,15 +72,9 @@
* @param isSymmetric If true symmetric encryption is used, otherwise asymmetric encryption is used.
* @return The encrypted data.
*/
- virtual Blob
+ virtual ConstBufferPtr
encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false) = 0;
- Blob
- encrypt(const Name& keyName, const Blob& data, bool isSymmetric = false)
- {
- return encrypt(keyName, data.buf(), data.size(), isSymmetric);
- }
-
/**
* @brief Generate a symmetric key.
* @param keyName The name of the key.