security: Preliminary work with security module changes
Change-Id: I36d86ac22fdc8aa71eed229236673993753489a2
diff --git a/include/ndn-cpp/security/key-chain.hpp b/include/ndn-cpp/security/key-chain.hpp
index 4248850..4e804cc 100644
--- a/include/ndn-cpp/security/key-chain.hpp
+++ b/include/ndn-cpp/security/key-chain.hpp
@@ -27,176 +27,39 @@
*/
class KeyChain {
public:
- KeyChain
- (const ptr_lib::shared_ptr<IdentityManager>& identityManager, const ptr_lib::shared_ptr<PolicyManager>& policyManager);
+ struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+ KeyChain(IdentityManager *identityManager, PolicyManager *policyManager);
+
+ /**
+ * @brief Set the Face which will be used to fetch required certificates.
+ * @param face A pointer to the Face object.
+ *
+ * Setting face is necessary for keychain operation that involve fetching data.
+ */
+ void
+ setFace(const ptr_lib::shared_ptr<Face> &face) { face_ = face; }
+
/*****************************************
* Identity Management *
*****************************************/
- /**
- * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
- * @param identityName The name of the identity.
- * @return The key name of the auto-generated KSK of the identity.
- */
- Name
- createIdentity(const Name& identityName)
+ inline IdentityManager&
+ identities()
{
- return identityManager_->createIdentity(identityName);
+ return *identityManager_;
}
- /**
- * Get the default identity.
- * @return The default identity name.
- */
- Name
- getDefaultIdentity()
- {
- return identityManager_->getDefaultIdentity();
- }
-
- /**
- * Generate a pair of RSA keys for the specified identity.
- * @param identityName The name of the identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param keySize The size of the key.
- * @return The generated key name.
- */
- Name
- generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048)
- {
- return identityManager_->generateRSAKeyPair(identityName, isKsk, keySize);
- }
-
- /**
- * Set a key as the default key of an identity.
- * @param keyName The name of the key.
- * @param identityName the name of the identity. If not specified, the identity name is inferred from the keyName.
- */
- void
- setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name())
- {
- return identityManager_->setDefaultKeyForIdentity(keyName, identityName);
- }
-
- /**
- * Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
- * @param identityName The name of the identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param keySize The size of the key.
- * @return The generated key name.
- */
- Name
- generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048)
- {
- return identityManager_->generateRSAKeyPairAsDefault(identityName, isKsk, keySize);
- }
-
- /**
- * Create a public key signing request.
- * @param keyName The name of the key.
- * @returns The signing request data.
- */
- Blob
- createSigningRequest(const Name& keyName)
- {
- return identityManager_->getPublicKey(keyName)->getKeyDer();
- }
-
- /**
- * Install an identity certificate into the public key identity storage.
- * @param certificate The certificate to to added.
- */
- void
- installIdentityCertificate(const IdentityCertificate& certificate)
- {
- identityManager_->addCertificate(certificate);
- }
-
- /**
- * Set the certificate as the default for its corresponding key.
- * @param certificateName The certificate.
- */
- void
- setDefaultCertificateForKey(const IdentityCertificate& certificate)
- {
- identityManager_->setDefaultCertificateForKey(certificate);
- }
-
- /**
- * Get a certificate with the specified name.
- * @param certificateName The name of the requested certificate.
- * @return the requested certificate which is valid.
- */
- ptr_lib::shared_ptr<Certificate>
- getCertificate(const Name& certificateName)
- {
- return identityManager_->getCertificate(certificateName);
- }
-
- /**
- * Get a certificate even if the certificate is not valid anymore.
- * @param certificateName The name of the requested certificate.
- * @return the requested certificate.
- */
- ptr_lib::shared_ptr<Certificate>
- getAnyCertificate(const Name& certificateName)
- {
- return identityManager_->getAnyCertificate(certificateName);
- }
-
- /**
- * Get an identity certificate with the specified name.
- * @param certificateName The name of the requested certificate.
- * @return the requested certificate which is valid.
- */
- ptr_lib::shared_ptr<IdentityCertificate>
- getIdentityCertificate(const Name& certificateName)
- {
- return identityManager_->getCertificate(certificateName);
- }
-
- /**
- * Get an identity certificate even if the certificate is not valid anymore.
- * @param certificateName The name of the requested certificate.
- * @return the requested certificate.
- */
- ptr_lib::shared_ptr<IdentityCertificate>
- getAnyIdentityCertificate(const Name& certificateName)
- {
- return identityManager_->getAnyCertificate(certificateName);
- }
-
- /**
- * Revoke a key
- * @param keyName the name of the key that will be revoked
- */
- void
- revokeKey(const Name & keyName)
- {
- //TODO: Implement
- }
-
- /**
- * Revoke a certificate
- * @param certificateName the name of the certificate that will be revoked
- */
- void
- revokeCertificate(const Name & certificateName)
- {
- //TODO: Implement
- }
-
- ptr_lib::shared_ptr<IdentityManager>
- getIdentityManager() { return identityManager_; }
-
/*****************************************
* Policy Management *
*****************************************/
- const ptr_lib::shared_ptr<PolicyManager>&
- getPolicyManager() { return policyManager_; }
-
+ inline PolicyManager&
+ policies()
+ {
+ return *policyManager_;
+ }
+
/*****************************************
* Sign/Verify *
*****************************************/
@@ -210,7 +73,7 @@
* @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
*/
void
- sign(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
+ sign(Data& data, const Name& certificateName);
/**
* Sign the byte array using a certificate name and return a Signature object.
@@ -219,22 +82,10 @@
* @param certificateName The certificate name used to get the signing key and which will be put into KeyLocator.
* @return The Signature.
*/
- ptr_lib::shared_ptr<Signature>
+ Signature
sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
/**
- * Sign the byte array using a certificate name and return a Signature object.
- * @param buffer The byte array to be signed.
- * @param certificateName The certificate name used to get the signing key and which will be put into KeyLocator.
- * @return The Signature.
- */
- ptr_lib::shared_ptr<Signature>
- sign(const std::vector<uint8_t>& buffer, const Name& certificateName)
- {
- return sign(&buffer[0], buffer.size(), certificateName);
- }
-
- /**
* Wire encode the Data object, sign it and set its signature.
* Note: the caller must make sure the timestamp is correct, for example with
* data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
@@ -243,7 +94,7 @@
* @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
*/
void
- signByIdentity(Data& data, const Name& identityName = Name(), WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
+ signByIdentity(Data& data, const Name& identityName = Name());
/**
* Sign the byte array using an identity name and return a Signature object.
@@ -252,22 +103,10 @@
* @param identityName The identity name.
* @return The Signature.
*/
- ptr_lib::shared_ptr<Signature>
+ Signature
signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
/**
- * Sign the byte array using an identity name and return a Signature object.
- * @param buffer The byte array to be signed.
- * @param identityName The identity name.
- * @return The Signature.
- */
- ptr_lib::shared_ptr<Signature>
- signByIdentity(const std::vector<uint8_t>& buffer, const Name& identityName)
- {
- return signByIdentity(&buffer[0], buffer.size(), identityName);
- }
-
- /**
* Check the signature on the Data object and call either onVerify or onVerifyFailed.
* We use callback functions because verify may fetch information to check the signature.
* @param data The Data object with the signature to check. It is an error if data does not have a wireEncoding.
@@ -282,57 +121,8 @@
/*****************************************
* Encrypt/Decrypt *
*****************************************/
-
- /**
- * Generate a symmetric key.
- * @param keyName The name of the generated key.
- * @param keyType The type of the key, e.g. KEY_TYPE_AES
- */
- void
- generateSymmetricKey(const Name& keyName, KeyType keyType)
- {
- encryptionManager_->createSymmetricKey(keyName, keyType);
- }
-
- /**
- * Encrypt a byte array.
- * @param keyName The name of the encrypting key.
- * @param data The byte array that will be encrypted.
- * @param dataLength The length of data.
- * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used.
- * @param encryptMode the encryption mode
- * @return the encrypted data as an immutable Blob.
- */
- Blob
- encrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true,
- EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT)
- {
- return encryptionManager_->encrypt(keyName, data, dataLength, useSymmetric, encryptMode);
- }
-
- /**
- * Decrypt a byte array.
- * @param keyName The name of the decrypting key.
- * @param data The byte array that will be decrypted.
- * @param dataLength The length of data.
- * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used.
- * @param encryptMode the encryption mode
- * @return the decrypted data as an immutable Blob.
- */
- Blob
- decrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true,
- EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT)
- {
- return encryptionManager_->decrypt(keyName, data, dataLength, useSymmetric, encryptMode);
- }
+ // todo
- /**
- * Set the Face which will be used to fetch required certificates.
- * @param face A pointer to the Face object.
- */
- void
- setFace(Face* face) { face_ = face; }
-
private:
void
onCertificateData
@@ -343,10 +133,12 @@
(const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed,
const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
- ptr_lib::shared_ptr<IdentityManager> identityManager_;
- ptr_lib::shared_ptr<PolicyManager> policyManager_;
- ptr_lib::shared_ptr<EncryptionManager> encryptionManager_;
- Face* face_;
+private:
+ std::auto_ptr<IdentityManager> identityManager_;
+ std::auto_ptr<PolicyManager> policyManager_;
+ // std::auto_ptr<EncryptionManager> encryptionManager_;
+ ptr_lib::shared_ptr<Face> face_;
+
const int maxSteps_;
};