security: Adapt PIB to NDN Certificate Format version 2.0
The certificate format can be found at docs/specs/certificate-format.rst
Change-Id: I5656837f09ce327e06a0cb1abdf16ac28fe0b823
Refs: #3202
diff --git a/src/security/pib/certificate-container.cpp b/src/security/pib/certificate-container.cpp
index a05dd52..fa8d058 100644
--- a/src/security/pib/certificate-container.cpp
+++ b/src/security/pib/certificate-container.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -24,6 +24,7 @@
namespace ndn {
namespace security {
+namespace pib {
CertificateContainer::const_iterator::const_iterator(std::set<Name>::const_iterator it,
shared_ptr<PibImpl> impl)
@@ -32,7 +33,7 @@
{
}
-v1::IdentityCertificate
+v2::Certificate
CertificateContainer::const_iterator::operator*()
{
return m_impl->getCertificate(*m_it);
@@ -100,5 +101,6 @@
return m_certNames.size();
}
+} // namespace pib
} // namespace security
} // namespace ndn
diff --git a/src/security/pib/certificate-container.hpp b/src/security/pib/certificate-container.hpp
index 8e77e43..eba765e 100644
--- a/src/security/pib/certificate-container.hpp
+++ b/src/security/pib/certificate-container.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,10 +23,11 @@
#define NDN_SECURITY_PIB_CERTIFICATE_CONTAINER_HPP
#include <set>
-#include "../v1/identity-certificate.hpp"
+#include "../v2/certificate.hpp"
namespace ndn {
namespace security {
+namespace pib {
class PibImpl;
@@ -40,7 +41,7 @@
friend class CertificateContainer;
public:
- v1::IdentityCertificate
+ v2::Certificate
operator*();
const_iterator&
@@ -87,6 +88,10 @@
shared_ptr<PibImpl> m_impl;
};
+} // namespace pib
+
+using pib::CertificateContainer;
+
} // namespace security
} // namespace ndn
diff --git a/src/security/pib/identity-container.cpp b/src/security/pib/identity-container.cpp
index 605be8b..77076af 100644
--- a/src/security/pib/identity-container.cpp
+++ b/src/security/pib/identity-container.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -24,6 +24,7 @@
namespace ndn {
namespace security {
+namespace pib {
IdentityContainer::const_iterator::const_iterator(std::set<Name>::const_iterator it,
shared_ptr<PibImpl> impl)
@@ -100,5 +101,6 @@
return m_identities.size();
}
+} // namespace pib
} // namespace security
} // namespace ndn
diff --git a/src/security/pib/identity-container.hpp b/src/security/pib/identity-container.hpp
index 1de18c7..1ac30e1 100644
--- a/src/security/pib/identity-container.hpp
+++ b/src/security/pib/identity-container.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -27,6 +27,7 @@
namespace ndn {
namespace security {
+namespace pib {
class PibImpl;
@@ -88,6 +89,10 @@
shared_ptr<PibImpl> m_impl;
};
+} // namespace pib
+
+using pib::IdentityContainer;
+
} // namespace security
} // namespace ndn
diff --git a/src/security/pib/identity.cpp b/src/security/pib/identity.cpp
index 176814c..11cad88 100644
--- a/src/security/pib/identity.cpp
+++ b/src/security/pib/identity.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -25,8 +25,7 @@
namespace ndn {
namespace security {
-
-const name::Component Identity::EMPTY_KEY_ID;
+namespace pib {
Identity::Identity()
: m_hasDefaultKey(false)
@@ -52,49 +51,45 @@
const Name&
Identity::getName() const
{
- validityCheck();
-
return m_name;
}
Key
-Identity::addKey(const v1::PublicKey& publicKey, const name::Component& keyId)
+Identity::addKey(const uint8_t* key, size_t keyLen, const Name& keyName)
{
- validityCheck();
-
- name::Component actualKeyId = keyId;
- if (actualKeyId == EMPTY_KEY_ID) {
- const Block& digest = publicKey.computeDigest();
- actualKeyId = name::Component(digest.wire(), digest.size());
+ if (m_name != v2::extractIdentityFromKeyName(keyName)) {
+ BOOST_THROW_EXCEPTION(Pib::Error("Key name `" + keyName.toUri() + "` does not match identity "
+ "`" + m_name.toUri() + "`"));
}
- if (!m_needRefreshKeys && m_keys.find(actualKeyId) == m_keys.end()) {
- // if we have already loaded all the keys, but the new key is not one of them
- // the KeyContainer should be refreshed
- m_needRefreshKeys = true;
- }
+ // if we have already loaded all the keys, but the new key is not one of them the
+ // KeyContainer should be refreshed
+ m_needRefreshKeys = m_needRefreshKeys || m_keys.find(keyName) == m_keys.end();
- return Key(m_name, actualKeyId, publicKey, m_impl);
+ return Key(keyName, key, keyLen, m_impl);
}
void
-Identity::removeKey(const name::Component& keyId)
+Identity::removeKey(const Name& keyName)
{
+ if (m_name != v2::extractIdentityFromKeyName(keyName)) {
+ BOOST_THROW_EXCEPTION(Pib::Error("Key name `" + keyName.toUri() + "` does not match identity "
+ "`" + m_name.toUri() + "`"));
+ }
+
validityCheck();
- if (m_hasDefaultKey && m_defaultKey.getKeyId() == keyId)
+ if (m_hasDefaultKey && m_defaultKey.getName() == keyName)
m_hasDefaultKey = false;
- m_impl->removeKey(m_name, keyId);
+ m_impl->removeKey(keyName);
m_needRefreshKeys = true;
}
Key
-Identity::getKey(const name::Component& keyId) const
+Identity::getKey(const Name& keyName) const
{
- validityCheck();
-
- return Key(m_name, keyId, m_impl);
+ return Key(keyName, m_impl);
}
const KeyContainer&
@@ -111,22 +106,24 @@
}
Key&
-Identity::setDefaultKey(const name::Component& keyId)
+Identity::setDefaultKey(const Name& keyName)
{
validityCheck();
- m_defaultKey = Key(m_name, keyId, m_impl);
+ m_defaultKey = Key(keyName, m_impl);
m_hasDefaultKey = true;
- m_impl->setDefaultKeyOfIdentity(m_name, keyId);
+ m_impl->setDefaultKeyOfIdentity(m_name, keyName);
return m_defaultKey;
}
Key&
-Identity::setDefaultKey(const v1::PublicKey& publicKey, const name::Component& keyId)
+Identity::setDefaultKey(const uint8_t* key, size_t keyLen, const Name& keyName)
{
- const Key& keyEntry = addKey(publicKey, keyId);
- return setDefaultKey(keyEntry.getKeyId());
+ validityCheck();
+
+ addKey(key, keyLen, keyName);
+ return setDefaultKey(keyName);
}
Key&
@@ -135,7 +132,7 @@
validityCheck();
if (!m_hasDefaultKey) {
- m_defaultKey = Key(m_name, m_impl->getDefaultKeyOfIdentity(m_name), m_impl);
+ m_defaultKey = Key(m_impl->getDefaultKeyOfIdentity(m_name), m_impl);
m_hasDefaultKey = true;
}
@@ -156,9 +153,11 @@
void
Identity::validityCheck() const
{
- if (m_impl == nullptr)
- BOOST_THROW_EXCEPTION(std::domain_error("Invalid Identity instance"));
+ if (m_impl == nullptr) {
+ BOOST_THROW_EXCEPTION(std::domain_error("Invalid identity instance"));
+ }
}
+} // namespace pib
} // namespace security
} // namespace ndn
diff --git a/src/security/pib/identity.hpp b/src/security/pib/identity.hpp
index 3c081ef..0a6ca60 100644
--- a/src/security/pib/identity.hpp
+++ b/src/security/pib/identity.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -26,29 +26,20 @@
namespace ndn {
namespace security {
-
-class PibImpl;
-class Pib;
-class IdentityContainer;
+namespace pib {
/**
* @brief represents an identity
*
- * Identity is at the top level in PIB's Identity-Key-Certificate hierarchy.
- * An identity has a Name, and contains one or more keys, one of which is set
- * as the default key of this identity. Properties of a key can be accessed
- * after obtaining a Key object.
+ * Identity is at the top level in PIB's Identity-Key-Certificate hierarchy. An identity has a
+ * Name, and contains zero or more keys, at most one of which is set as the default key of this
+ * identity. Properties of a key can be accessed after obtaining a Key object.
*
- * @throw PibImpl::Error when underlying implementation has non-semantic error.
+ * @throw Pib::Error when underlying implementation has non-semantic error.
*/
class Identity
{
public:
- friend class Pib;
- friend class IdentityContainer;
- friend class KeyChain;
-
-public:
/**
* @brief Default Constructor
*
@@ -60,27 +51,35 @@
* try {
* id = pib.getIdentity(...);
* }
- * catch (Pib::Error&) {
+ * catch (const Pib::Error&) {
* ...
* }
*
- * An Identity instance created using the constructor is invalid. Calling a
+ * An Identity instance created using this constructor is invalid. Calling a
* member method on an invalid Identity instance may cause an std::domain_error.
*/
Identity();
+ /**
+ * @brief Create an Identity with @p identityName.
+ *
+ * @param identityName The name of the Identity.
+ * @param impl The backend implementation.
+ * @param needInit If true, create the identity in backend when the identity does not exist.
+ * Otherwise, throw Pib::Error when the identity does not exist.
+ */
+ Identity(const Name& identityName, shared_ptr<PibImpl> impl, bool needInit = false);
+
/// @brief Get the name of the identity.
const Name&
getName() const;
/**
- * @brief Get a key with id @p keyId.
- *
- * @param keyId The id of the key to get.
+ * @brief Get a key with @p keyName.
* @throw Pib::Error if the key does not exist.
*/
Key
- getKey(const name::Component& keyId) const;
+ getKey(const Name& keyName) const;
/// @brief Get all the keys for this Identity.
const KeyContainer&
@@ -102,65 +101,48 @@
operator!() const;
NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE: // write operations should be private
-
/**
- * @brief Add a key.
+ * @brief Add a @p key (in PKCS#8 format) with @p keyName.
*
* If the key already exists, do nothing.
*
* If no default key is set before, the new key will be set as the default key of the identity.
*
- * @param publicKey The public key to add.
- * @param keyId The key id component of the new key to add.
- * By default, the keyId will be set to the hash of the public key bits.
* @return the added key or existing key with the same key id.
*/
Key
- addKey(const v1::PublicKey& publicKey, const name::Component& keyId = EMPTY_KEY_ID);
+ addKey(const uint8_t* key, size_t keyLen, const Name& keyName);
/**
- * @brief Remove a key.
- *
- * @param keyId The key id component of the key to delete.
+ * @brief Remove a key with @p keyName
*/
void
- removeKey(const name::Component& keyId);
+ removeKey(const Name& keyName);
/**
- * @brief Set the key with id @p keyId as the default key.
+ * @brief Set the key with id @p keyName.
*
- * @param keyId The key id component of the default key.
* @return The default key
* @throws Pib::Error if the key does not exist.
*/
Key&
- setDefaultKey(const name::Component& keyId);
+ setDefaultKey(const Name& keyName);
/**
- * @brief Set the default key.
+ * @brief Set the default key with @p keyName (in PKCS#8 format).
*
* If the key does not exist, add the key and set it as the default of the Identity.
* If the key exists, simply set it as the default key of the Identity.
*
- * @param publicKey The public key to add.
- * @param keyId The key id component of the default key.
+ * @param key The public key to add.
+ * @param keyLen The length of the key.
* @return the default key
*/
Key&
- setDefaultKey(const v1::PublicKey& publicKey, const name::Component& keyId = EMPTY_KEY_ID);
+ setDefaultKey(const uint8_t* key, size_t keyLen, const Name& keyName);
NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
/**
- * @brief Create an Identity with @p identityName.
- *
- * @param identityName The name of the Identity.
- * @param impl The backend implementation.
- * @param needInit If true, create the identity in backend when the identity does not exist.
- * Otherwise, throw Pib::Error when the identity does not exist.
- */
- Identity(const Name& identityName, shared_ptr<PibImpl> impl, bool needInit = false);
-
- /**
* @brief Check the validity of this instance
*
* @throws std::domain_error if the instance is invalid
@@ -168,14 +150,6 @@
void
validityCheck() const;
-public:
- /**
- * @brief The default value of keyId when add a new key.
- *
- * An empty keyId implies that the key digest should be used as the actual keyId.
- */
- static const name::Component EMPTY_KEY_ID;
-
private:
Name m_name;
@@ -188,6 +162,10 @@
shared_ptr<PibImpl> m_impl;
};
+} // namespace pib
+
+using pib::Identity;
+
} // namespace security
} // namespace ndn
diff --git a/src/security/pib/key-container.cpp b/src/security/pib/key-container.cpp
index ca30ab9..7653955 100644
--- a/src/security/pib/key-container.cpp
+++ b/src/security/pib/key-container.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -24,9 +24,10 @@
namespace ndn {
namespace security {
+namespace pib {
KeyContainer::const_iterator::const_iterator(const Name& identity,
- std::set<name::Component>::const_iterator it,
+ std::set<Name>::const_iterator it,
shared_ptr<PibImpl> impl)
: m_identity(identity)
, m_it(it)
@@ -37,7 +38,7 @@
Key
KeyContainer::const_iterator::operator*()
{
- return Key(m_identity, *m_it, m_impl);
+ return Key(*m_it, m_impl);
}
KeyContainer::const_iterator&
@@ -71,11 +72,9 @@
{
}
-KeyContainer::KeyContainer(const Name& identity,
- std::set<name::Component>&& keyIds,
- shared_ptr<PibImpl> impl)
+KeyContainer::KeyContainer(const Name& identity, std::set<Name>&& keyNames, shared_ptr<PibImpl> impl)
: m_identity(identity)
- , m_keyIds(keyIds)
+ , m_keyNames(keyNames)
, m_impl(impl)
{
}
@@ -83,26 +82,27 @@
KeyContainer::const_iterator
KeyContainer::begin() const
{
- return const_iterator(m_identity, m_keyIds.begin(), m_impl);
+ return const_iterator(m_identity, m_keyNames.begin(), m_impl);
}
KeyContainer::const_iterator
KeyContainer::end() const
{
- return const_iterator(m_identity, m_keyIds.end(), m_impl);
+ return const_iterator(m_identity, m_keyNames.end(), m_impl);
}
KeyContainer::const_iterator
-KeyContainer::find(const name::Component& keyId) const
+KeyContainer::find(const Name& keyName) const
{
- return const_iterator(m_identity, m_keyIds.find(keyId), m_impl);
+ return const_iterator(m_identity, m_keyNames.find(keyName), m_impl);
}
size_t
KeyContainer::size() const
{
- return m_keyIds.size();
+ return m_keyNames.size();
}
+} // namespace pib
} // namespace security
} // namespace ndn
diff --git a/src/security/pib/key-container.hpp b/src/security/pib/key-container.hpp
index 7d88da9..a593132 100644
--- a/src/security/pib/key-container.hpp
+++ b/src/security/pib/key-container.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -27,6 +27,7 @@
namespace ndn {
namespace security {
+namespace pib {
class PibImpl;
@@ -37,9 +38,6 @@
class const_iterator
{
public:
- friend class KeyContainer;
-
- public:
Key
operator*();
@@ -56,14 +54,14 @@
operator!=(const const_iterator& other);
private:
- const_iterator(const Name& identity,
- std::set<name::Component>::const_iterator it,
- shared_ptr<PibImpl> impl);
+ const_iterator(const Name& identity, std::set<Name>::const_iterator it, shared_ptr<PibImpl> impl);
private:
Name m_identity;
- std::set<name::Component>::const_iterator m_it;
+ std::set<Name>::const_iterator m_it;
shared_ptr<PibImpl> m_impl;
+
+ friend class KeyContainer;
};
typedef const_iterator iterator;
@@ -71,9 +69,7 @@
public:
KeyContainer();
- KeyContainer(const Name& identity,
- std::set<name::Component>&& keyIds,
- shared_ptr<PibImpl> impl);
+ KeyContainer(const Name& identity, std::set<Name>&& keyNames, shared_ptr<PibImpl> impl);
const_iterator
begin() const;
@@ -82,17 +78,21 @@
end() const;
const_iterator
- find(const name::Component& keyId) const;
+ find(const Name& keyName) const;
size_t
size() const;
private:
Name m_identity;
- std::set<name::Component> m_keyIds;
+ std::set<Name> m_keyNames;
shared_ptr<PibImpl> m_impl;
};
+} // namespace pib
+
+using pib::KeyContainer;
+
} // namespace security
} // namespace ndn
diff --git a/src/security/pib/key.cpp b/src/security/pib/key.cpp
index 51f368c..5890a9c 100644
--- a/src/security/pib/key.cpp
+++ b/src/security/pib/key.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,49 +23,52 @@
#include "pib-impl.hpp"
#include "pib.hpp"
#include "../v2/certificate.hpp"
+#include "../transform/public-key.hpp"
namespace ndn {
namespace security {
+namespace pib {
Key::Key()
- : m_hasDefaultCertificate(false)
+ : m_keyType(KeyType::NONE)
+ , m_hasDefaultCertificate(false)
, m_needRefreshCerts(false)
, m_impl(nullptr)
{
}
-Key::Key(const Name& identityName, const name::Component& keyId,
- const v1::PublicKey& publicKey, shared_ptr<PibImpl> impl)
- : m_id(identityName)
- , m_keyId(keyId)
- , m_key(publicKey)
+Key::Key(const Name& keyName, const uint8_t* key, size_t keyLen, shared_ptr<PibImpl> impl)
+ : m_keyName(keyName)
+ , m_key(key, keyLen)
, m_hasDefaultCertificate(false)
, m_needRefreshCerts(true)
, m_impl(impl)
{
validityCheck();
- m_keyName = m_id;
- m_keyName.append(m_keyId);
+ m_identity = v2::extractIdentityFromKeyName(keyName);
+ m_impl->addIdentity(m_identity);
+ m_impl->addKey(m_identity, m_keyName, key, keyLen);
- m_impl->addIdentity(m_id);
- m_impl->addKey(m_id, m_keyId, publicKey);
+ transform::PublicKey publicKey;
+ publicKey.loadPkcs8(key, keyLen);
+ m_keyType = publicKey.getKeyType();
}
-Key::Key(const Name& identityName, const name::Component& keyId,
- shared_ptr<PibImpl> impl)
- : m_id(identityName)
- , m_keyId(keyId)
+Key::Key(const Name& keyName, shared_ptr<PibImpl> impl)
+ : m_keyName(keyName)
, m_hasDefaultCertificate(false)
, m_needRefreshCerts(true)
, m_impl(impl)
{
validityCheck();
- m_keyName = m_id;
- m_keyName.append(m_keyId);
+ m_identity = v2::extractIdentityFromKeyName(keyName);
+ m_key = m_impl->getKeyBits(m_keyName);
- m_key = m_impl->getKeyBits(m_id, m_keyId);
+ transform::PublicKey key;
+ key.loadPkcs8(m_key.buf(), m_key.size());
+ m_keyType = key.getKeyType();
}
const Name&
@@ -81,18 +84,10 @@
{
validityCheck();
- return m_id;
+ return m_identity;
}
-const name::Component&
-Key::getKeyId() const
-{
- validityCheck();
-
- return m_keyId;
-}
-
-const v1::PublicKey&
+const Buffer&
Key::getPublicKey() const
{
validityCheck();
@@ -101,10 +96,13 @@
}
void
-Key::addCertificate(const v1::IdentityCertificate& certificate)
+Key::addCertificate(const v2::Certificate& certificate)
{
validityCheck();
+ if (certificate.getKeyName() != m_keyName)
+ BOOST_THROW_EXCEPTION(Pib::Error("Certificate name does not match key name"));
+
if (!m_needRefreshCerts &&
m_certificates.find(certificate.getName()) == m_certificates.end()) {
// if we have already loaded all the certificate, but the new certificate is not one of them
@@ -127,7 +125,7 @@
m_needRefreshCerts = true;
}
-v1::IdentityCertificate
+v2::Certificate
Key::getCertificate(const Name& certName) const
{
validityCheck();
@@ -141,38 +139,38 @@
validityCheck();
if (m_needRefreshCerts) {
- m_certificates = CertificateContainer(m_impl->getCertificatesOfKey(m_id, m_keyId), m_impl);
+ m_certificates = CertificateContainer(m_impl->getCertificatesOfKey(m_keyName), m_impl);
m_needRefreshCerts = false;
}
return m_certificates;
}
-const v1::IdentityCertificate&
+const v2::Certificate&
Key::setDefaultCertificate(const Name& certName)
{
validityCheck();
+ m_impl->setDefaultCertificateOfKey(m_keyName, certName);
m_defaultCertificate = m_impl->getCertificate(certName);
- m_impl->setDefaultCertificateOfKey(m_id, m_keyId, certName);
m_hasDefaultCertificate = true;
return m_defaultCertificate;
}
-const v1::IdentityCertificate&
-Key::setDefaultCertificate(const v1::IdentityCertificate& certificate)
+const v2::Certificate&
+Key::setDefaultCertificate(const v2::Certificate& certificate)
{
addCertificate(certificate);
return setDefaultCertificate(certificate.getName());
}
-const v1::IdentityCertificate&
+const v2::Certificate&
Key::getDefaultCertificate() const
{
validityCheck();
if (!m_hasDefaultCertificate) {
- m_defaultCertificate = m_impl->getDefaultCertificateOfKey(m_id, m_keyId);
+ m_defaultCertificate = m_impl->getDefaultCertificateOfKey(m_keyName);
m_hasDefaultCertificate = true;
}
@@ -197,6 +195,8 @@
BOOST_THROW_EXCEPTION(std::domain_error("Invalid Key instance"));
}
+} // namespace pib
+
namespace v2 {
Name
@@ -209,6 +209,24 @@
return keyName;
}
+bool
+isValidKeyName(const Name& keyName)
+{
+ return (keyName.size() > Certificate::MIN_KEY_NAME_LENGTH &&
+ keyName.get(-Certificate::MIN_KEY_NAME_LENGTH) == Certificate::KEY_COMPONENT);
+}
+
+Name
+extractIdentityFromKeyName(const Name& keyName)
+{
+ if (!isValidKeyName(keyName)) {
+ BOOST_THROW_EXCEPTION(std::invalid_argument("Key name `" + keyName.toUri() + "` "
+ "does not follow the naming conventions"));
+ }
+
+ return keyName.getPrefix(-Certificate::MIN_KEY_NAME_LENGTH); // trim everything after and including "KEY"
+}
+
} // namespace v2
} // namespace security
diff --git a/src/security/pib/key.hpp b/src/security/pib/key.hpp
index 53a0ba1..d99e427 100644
--- a/src/security/pib/key.hpp
+++ b/src/security/pib/key.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,34 +22,30 @@
#ifndef NDN_SECURITY_PIB_KEY_HPP
#define NDN_SECURITY_PIB_KEY_HPP
-#include "../v1/identity-certificate.hpp"
+#include "../../data.hpp"
#include "certificate-container.hpp"
+#include "../security-common.hpp"
namespace ndn {
namespace security {
+class KeyChain;
+
+namespace pib {
+
class PibImpl;
-class Identity;
-class KeyContainer;
/**
* @brief represents a key
*
- * Key is at the second level in PIB's Identity-Key-Certificate hierarchy.
- * An Key has a Name (identity + keyId), and contains one or more certificates,
- * one of which is set as the default certificate of this key. A certificate
- * can be directly accessed from a Key object.
- *
- * @throw PibImpl::Error when underlying implementation has non-semantic error.
+ * Key is at the second level in PIB's Identity-Key-Certificate hierarchy. A Key has a Name
+ * (identity + "KEY" + keyId), and contains one or more certificates, one of which is set as
+ * the default certificate of this key. A certificate can be directly accessed from a Key
+ * object.
*/
class Key
{
public:
- friend class Identity;
- friend class KeyContainer;
- friend class KeyChain;
-
-public:
/**
* @brief Default Constructor
*
@@ -59,18 +55,39 @@
*
* Key key;
* try {
- * key = Identity.getKey(...);
+ * key = identity.getKey(...);
* }
- * catch (Pib::Error&) {
+ * catch (const Pib::Error&) {
* ...
* }
*
- * A Key instance created using the constructor is invalid. Calling a
+ * A Key instance created using this constructor is invalid. Calling a
* member method on an invalid Key instance may cause an std::domain_error.
*/
Key();
- /// @brief Get the name of the key.
+ /**
+ * @brief Create a Key with @p keyName
+ *
+ * If the key/identity does not exist in the backend, create it in backend.
+ *
+ * @param keyName Key name
+ * @param key The public key to add.
+ * @param keyLen The length of the key.
+ * @param impl The actual backend implementation.
+ */
+ Key(const Name& keyName, const uint8_t* key, size_t keyLen, shared_ptr<PibImpl> impl);
+
+ /**
+ * @brief Create a Key with @p keyName
+ *
+ * @param keyName Key name
+ * @param impl The actual backend implementation.
+ * @throws Pib::Error if the key does not exist.
+ */
+ Key(const Name& keyName, shared_ptr<PibImpl> impl);
+
+ /// @brief Get the key name.
const Name&
getName() const;
@@ -78,12 +95,15 @@
const Name&
getIdentity() const;
- /// @brief Get the key id of the key.
- const name::Component&
- getKeyId() const;
+ /// @brief Get key type.
+ KeyType
+ getKeyType() const
+ {
+ return m_keyType;
+ }
- /// @brief Get public key
- const v1::PublicKey&
+ /// @brief Get public key.
+ const Buffer&
getPublicKey() const;
/**
@@ -92,10 +112,10 @@
* @return the certificate
* @throws Pib::Error if the certificate does not exist.
*/
- v1::IdentityCertificate
+ v2::Certificate
getCertificate(const Name& certName) const;
- /// @brief Get all the certificates for this key.
+ /// @brief Get all certificates for this key.
const CertificateContainer&
getCertificates() const;
@@ -104,7 +124,7 @@
*
* @throws Pib::Error if the default certificate does not exist.
*/
- const v1::IdentityCertificate&
+ const v2::Certificate&
getDefaultCertificate() const;
/// @brief Check if the Key instance is valid
@@ -115,14 +135,13 @@
operator!() const;
NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE: // write operations should be private
-
/**
* @brief Add a certificate.
*
* @param certificate The certificate to add.
*/
void
- addCertificate(const v1::IdentityCertificate& certificate);
+ addCertificate(const v2::Certificate& certificate);
/**
* @brief Remove a certificate.
@@ -139,7 +158,7 @@
* @return the default certificate
* @throws Pib::Error if the certificate does not exist.
*/
- const v1::IdentityCertificate&
+ const v2::Certificate&
setDefaultCertificate(const Name& certName);
/**
@@ -151,34 +170,11 @@
* @param certificate The certificate to add.
* @return the default certificate
*/
- const v1::IdentityCertificate&
- setDefaultCertificate(const v1::IdentityCertificate& certificate);
+ const v2::Certificate&
+ setDefaultCertificate(const v2::Certificate& certificate);
NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
/**
- * @brief Create a Key with @p identityName and @p keyId.
- *
- * If the key/identity does not exist in the backend, create it in backend.
- *
- * @param identityName The name of the Identity.
- * @param keyId The key id of the key.
- * @param publicKey The public key to add.
- * @param impl The actual backend implementation.
- */
- Key(const Name& identityName, const name::Component& keyId,
- const v1::PublicKey& publicKey, shared_ptr<PibImpl> impl);
-
- /**
- * @brief Create an KeyEntry with @p identityName and @p keyId.
- *
- * @param identityName The name of the Identity.
- * @param keyId The key id of the key.
- * @param impl The actual backend implementation.
- * @throws Pib::Error if the key does not exist.
- */
- Key(const Name& identityName, const name::Component& keyId, shared_ptr<PibImpl> impl);
-
- /**
* @brief Check the validity of this instance
*
* @throws std::domain_error if the instance is invalid
@@ -187,13 +183,13 @@
validityCheck() const;
private:
- Name m_id;
- name::Component m_keyId;
+ Name m_identity;
Name m_keyName;
- v1::PublicKey m_key;
+ Buffer m_key;
+ KeyType m_keyType;
mutable bool m_hasDefaultCertificate;
- mutable v1::IdentityCertificate m_defaultCertificate;
+ mutable v2::Certificate m_defaultCertificate;
mutable bool m_needRefreshCerts;
mutable CertificateContainer m_certificates;
@@ -201,6 +197,10 @@
shared_ptr<PibImpl> m_impl;
};
+} // namespace pib
+
+using pib::Key;
+
namespace v2 {
/**
@@ -209,6 +209,18 @@
Name
constructKeyName(const Name& identity, const name::Component& keyId);
+/**
+ * @brief Check if @p keyName follow the naming conventions for the key name
+ */
+bool
+isValidKeyName(const Name& keyName);
+
+/**
+ * @brief Extract identity namespace from the key name @p keyName
+ */
+Name
+extractIdentityFromKeyName(const Name& keyName);
+
} // namespace v2
} // namespace security
diff --git a/src/security/pib/pib-impl.hpp b/src/security/pib/pib-impl.hpp
index 7aa47a2..6f233f1 100644
--- a/src/security/pib/pib-impl.hpp
+++ b/src/security/pib/pib-impl.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,10 +23,11 @@
#define NDN_SECURITY_PIB_PIB_IMPL_HPP
#include <set>
-#include "../v1/identity-certificate.hpp"
+#include "../v2/certificate.hpp"
namespace ndn {
namespace security {
+namespace pib {
/**
* @brief Abstract class of PIB implementation
@@ -34,7 +35,7 @@
* This class defines the interface that an actual PIB (e.g., one based on sqlite3)
* implementation should provide.
*/
-class PibImpl
+class PibImpl : noncopyable
{
public:
/**
@@ -54,14 +55,10 @@
};
public:
-
virtual
- ~PibImpl()
- {
- }
+ ~PibImpl() = default;
public: // TpmLocator management
-
/**
* @brief Set the corresponding TPM information to @p tpmLocator.
*
@@ -80,7 +77,6 @@
getTpmLocator() const = 0;
public: // Identity management
-
/**
* @brief Check the existence of an identity.
*
@@ -137,16 +133,13 @@
getDefaultIdentity() const = 0;
public: // Key management
-
/**
- * @brief Check the existence of a key.
+ * @brief Check the existence of a key with @p keyName.
*
- * @param identity The name of the belonged identity.
- * @param keyId The key id component.
* @return true if the key exists, otherwise false. Return false if the identity does not exist
*/
virtual bool
- hasKey(const Name& identity, const name::Component& keyId) const = 0;
+ hasKey(const Name& keyName) const = 0;
/**
* @brief Add a key.
@@ -157,67 +150,59 @@
* key of the identity.
*
* @param identity The name of the belonged identity.
- * @param keyId The key id component.
- * @param publicKey The public key bits.
+ * @param keyName The key name.
+ * @param key The public key bits.
+ * @param keyLen The length of the public key.
*/
virtual void
- addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey) = 0;
+ addKey(const Name& identity, const Name& keyName, const uint8_t* key, size_t keyLen) = 0;
/**
- * @brief Remove a key.
+ * @brief Remove a key with @p keyName
*
* If the key does not exist, do nothing.
* Remove related certificates as well.
- *
- * @param identity The name of the belonged identity.
- * @param keyId The key id component.
*/
virtual void
- removeKey(const Name& identity, const name::Component& keyId) = 0;
+ removeKey(const Name& keyName) = 0;
/**
- * @brief Get the key bits of a key.
+ * @brief Get the key bits of a key with name @p keyName.
*
- * @param identity The name of the belonged identity.
- * @param keyId The key id component.
* @return key bits
* @throws Pib::Error if the key does not exist.
*/
- virtual v1::PublicKey
- getKeyBits(const Name& identity, const name::Component& keyId) const = 0;
+ virtual Buffer
+ getKeyBits(const Name& keyName) const = 0;
/**
- * @brief Get all the key ids of an identity with name @p identity
+ * @brief Get all the key names of an identity with name @p identity
*
- * The returned key ids can be used to create a KeyContainer.
- * With key id, identity name, backend implementation, one can create a Key frontend instance.
+ * The returned key names can be used to create a KeyContainer.
+ * With key name, identity name, backend implementation, one can create a Key frontend instance.
*
- * @return the key id name component set. If the identity does not exist, return an empty set.
+ * @return the key name component set. If the identity does not exist, return an empty set.
*/
- virtual std::set<name::Component>
+ virtual std::set<Name>
getKeysOfIdentity(const Name& identity) const = 0;
/**
- * @brief Set an key with id @p keyId as the default key of an identity with name @p identity.
+ * @brief Set an key with @p keyName as the default key of an identity with name @p identity.
*
- * @param identity The name of the belonged identity.
- * @param keyId The key id component.
* @throws Pib::Error if the key does not exist.
*/
virtual void
- setDefaultKeyOfIdentity(const Name& identity, const name::Component& keyId) = 0;
+ setDefaultKeyOfIdentity(const Name& identity, const Name& keyName) = 0;
/**
- * @brief Get the id of the default key of an identity with name @p identity.
+ * @return The name of the default key of an identity with name @p identity.
*
- * @param identity The name of the belonged identity.
* @throws Pib::Error if no default key or the identity does not exist.
*/
- virtual name::Component
+ virtual Name
getDefaultKeyOfIdentity(const Name& identity) const = 0;
public: // Certificate Management
-
/**
* @brief Check the existence of a certificate with name @p certName.
*
@@ -238,7 +223,7 @@
* @param certificate The certificate to add.
*/
virtual void
- addCertificate(const v1::IdentityCertificate& certificate) = 0;
+ addCertificate(const v2::Certificate& certificate) = 0;
/**
* @brief Remove a certificate with name @p certName.
@@ -257,47 +242,38 @@
* @return the certificate.
* @throws Pib::Error if the certificate does not exist.
*/
- virtual v1::IdentityCertificate
+ virtual v2::Certificate
getCertificate(const Name& certName) const = 0;
/**
- * @brief Get a list of certificate names of a key with id @p keyId of @p identity.
+ * @brief Get a list of certificate names of a key with id @p keyName.
*
* The returned certificate names can be used to create a CertificateContainer.
* With certificate name and backend implementation, one can obtain the certificate directly.
*
- * @param identity The name of the belonging identity.
- * @param keyId The key id.
* @return The certificate name set. If the key does not exist, return an empty set.
*/
virtual std::set<Name>
- getCertificatesOfKey(const Name& identity, const name::Component& keyId) const = 0;
+ getCertificatesOfKey(const Name& keyName) const = 0;
/**
- * @brief Set a cert with name @p certName as the default of a key with id @p keyId of @p identity.
+ * @brief Set a cert with name @p certName as the default of a key with @p keyName.
*
- * @param identity The name of the belonging identity.
- * @param keyId The key id.
- * @param certName The name of the certificate.
* @throws Pib::Error if the certificate with name @p certName does not exist.
*/
virtual void
- setDefaultCertificateOfKey(const Name& identity, const name::Component& keyId,
- const Name& certName) = 0;
+ setDefaultCertificateOfKey(const Name& keyName, const Name& certName) = 0;
/**
- * @brief Get the default certificate of a key with id @p keyId of @p identity.
+ * @return Get the default certificate of a key with @p keyName.
*
- * @param identity The name of the belonging identity.
- * @param keyId The key id.
- * @return a pointer to the certificate, null if no default certificate for the key.
* @throws Pib::Error if the default certificate does not exist.
*/
- virtual v1::IdentityCertificate
- getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const = 0;
-
+ virtual v2::Certificate
+ getDefaultCertificateOfKey(const Name& keyName) const = 0;
};
+} // namespace pib
} // namespace security
} // namespace ndn
diff --git a/src/security/pib/pib-memory.cpp b/src/security/pib/pib-memory.cpp
index c472863..719d0c4 100644
--- a/src/security/pib/pib-memory.cpp
+++ b/src/security/pib/pib-memory.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -21,9 +21,11 @@
#include "pib-memory.hpp"
#include "pib.hpp"
+#include "../security-common.hpp"
namespace ndn {
namespace security {
+namespace pib {
PibMemory::PibMemory()
: m_hasDefaultIdentity(false)
@@ -33,6 +35,7 @@
void
PibMemory::setTpmLocator(const std::string& tpmLocator)
{
+ // The locator of PibMemory is always 'tpm-memory:'
BOOST_THROW_EXCEPTION(Error("PibMemory does not need a locator"));
}
@@ -66,9 +69,9 @@
if (identity == m_defaultIdentity)
m_hasDefaultIdentity = false;
- auto keyIds = this->getKeysOfIdentity(identity);
- for (const name::Component& keyId : keyIds) {
- this->removeKey(identity, keyId);
+ auto keyNames = this->getKeysOfIdentity(identity);
+ for (const Name& keyName : keyNames) {
+ this->removeKey(keyName);
}
}
@@ -96,85 +99,75 @@
}
bool
-PibMemory::hasKey(const Name& identity, const name::Component& keyId) const
+PibMemory::hasKey(const Name& keyName) const
{
- return (m_keys.count(getKeyName(identity, keyId)) > 0);
+ return (m_keys.count(keyName) > 0);
}
void
-PibMemory::addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey)
+PibMemory::addKey(const Name& identity, const Name& keyName,
+ const uint8_t* key, size_t keyLen)
{
this->addIdentity(identity);
- Name keyName = getKeyName(identity, keyId);
- m_keys[keyName] = publicKey;
+ m_keys[keyName] = Buffer(key, keyLen);
if (m_defaultKey.find(identity) == m_defaultKey.end())
m_defaultKey[identity] = keyName;
}
void
-PibMemory::removeKey(const Name& identity, const name::Component& keyId)
+PibMemory::removeKey(const Name& keyName)
{
- Name keyName = getKeyName(identity, keyId);
+ Name identity = v2::extractIdentityFromKeyName(keyName);
+
m_keys.erase(keyName);
m_defaultKey.erase(identity);
-
- auto certNames = this->getCertificatesOfKey(identity, keyId);
+ auto certNames = this->getCertificatesOfKey(keyName);
for (const auto& certName : certNames) {
this->removeCertificate(certName);
}
}
-v1::PublicKey
-PibMemory::getKeyBits(const Name& identity, const name::Component& keyId) const
+Buffer
+PibMemory::getKeyBits(const Name& keyName) const
{
- if (!hasKey(identity, keyId))
- BOOST_THROW_EXCEPTION(Pib::Error("No key"));
+ if (!hasKey(keyName))
+ BOOST_THROW_EXCEPTION(Pib::Error("Key `" + keyName.toUri() + "` not found"));
- auto it = m_keys.find(getKeyName(identity, keyId));
+ auto it = m_keys.find(keyName);
return it->second;
}
-std::set<name::Component>
+std::set<Name>
PibMemory::getKeysOfIdentity(const Name& identity) const
{
- std::set<name::Component> ids;
+ std::set<Name> ids;
for (const auto& it : m_keys) {
- if (identity == it.first.getPrefix(-1))
- ids.insert(it.first.get(-1));
+ if (identity == v2::extractIdentityFromKeyName(it.first))
+ ids.insert(it.first);
}
return ids;
}
void
-PibMemory::setDefaultKeyOfIdentity(const Name& identity, const name::Component& keyId)
+PibMemory::setDefaultKeyOfIdentity(const Name& identity, const Name& keyName)
{
- Name keyName = getKeyName(identity, keyId);
-
- if (!hasKey(identity, keyId))
- BOOST_THROW_EXCEPTION(Pib::Error("No key"));
+ if (!hasKey(keyName))
+ BOOST_THROW_EXCEPTION(Pib::Error("Key `" + keyName.toUri() + "` not found"));
m_defaultKey[identity] = keyName;
}
-name::Component
+Name
PibMemory::getDefaultKeyOfIdentity(const Name& identity) const
{
auto it = m_defaultKey.find(identity);
if (it == m_defaultKey.end())
- BOOST_THROW_EXCEPTION(Pib::Error("No default key"));
+ BOOST_THROW_EXCEPTION(Pib::Error("No default key for identity `" + identity.toUri() + "`"));
- return it->second.get(-1);
-}
-
-Name
-PibMemory::getKeyName(const Name& identity, const name::Component& keyId) const
-{
- Name keyName = identity;
- keyName.append(keyId);
- return keyName;
+ return it->second;
}
bool
@@ -184,74 +177,70 @@
}
void
-PibMemory::addCertificate(const v1::IdentityCertificate& certificate)
+PibMemory::addCertificate(const v2::Certificate& certificate)
{
- this->addKey(certificate.getPublicKeyName().getPrefix(-1),
- certificate.getPublicKeyName().get(-1),
- certificate.getPublicKeyInfo());
+ Name certName = certificate.getName();
+ Name keyName = certificate.getKeyName();
+ Name identity = certificate.getIdentity();
- m_certs[certificate.getName()] = certificate;
+ this->addKey(identity, keyName, certificate.getContent().value(), certificate.getContent().value_size());
- const Name& keyName = certificate.getPublicKeyName();
+ m_certs[certName] = certificate;
if (m_defaultCert.find(keyName) == m_defaultCert.end())
- m_defaultCert[keyName] = certificate.getName();
+ m_defaultCert[keyName] = certName;
}
void
PibMemory::removeCertificate(const Name& certName)
{
m_certs.erase(certName);
- m_defaultCert.erase(v1::IdentityCertificate::certificateNameToPublicKeyName(certName));
+ m_defaultCert.erase(v2::extractKeyNameFromCertName(certName));
}
-v1::IdentityCertificate
+v2::Certificate
PibMemory::getCertificate(const Name& certName) const
{
if (!hasCertificate(certName))
- BOOST_THROW_EXCEPTION(Pib::Error("No cert"));
+ BOOST_THROW_EXCEPTION(Pib::Error("Certificate `" + certName.toUri() + "` does not exist"));
auto it = m_certs.find(certName);
return it->second;
}
std::set<Name>
-PibMemory::getCertificatesOfKey(const Name& identity, const name::Component& keyId) const
+PibMemory::getCertificatesOfKey(const Name& keyName) const
{
- Name keyName = getKeyName(identity, keyId);
-
std::set<Name> certNames;
for (const auto& it : m_certs) {
- if (it.second.getPublicKeyName() == keyName)
+ if (v2::extractKeyNameFromCertName(it.second.getName()) == keyName)
certNames.insert(it.first);
}
return certNames;
}
void
-PibMemory::setDefaultCertificateOfKey(const Name& identity, const name::Component& keyId, const Name& certName)
+PibMemory::setDefaultCertificateOfKey(const Name& keyName, const Name& certName)
{
if (!hasCertificate(certName))
- BOOST_THROW_EXCEPTION(Pib::Error("No cert"));
+ BOOST_THROW_EXCEPTION(Pib::Error("Certificate `" + certName.toUri() + "` does not exist"));
- Name keyName = getKeyName(identity, keyId);
m_defaultCert[keyName] = certName;
}
-v1::IdentityCertificate
-PibMemory::getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const
+v2::Certificate
+PibMemory::getDefaultCertificateOfKey(const Name& keyName) const
{
- Name keyName = getKeyName(identity, keyId);
-
auto it = m_defaultCert.find(keyName);
if (it == m_defaultCert.end())
- BOOST_THROW_EXCEPTION(Pib::Error("No default certificate"));
+ BOOST_THROW_EXCEPTION(Pib::Error("No default certificate for key `" + keyName.toUri() + "`"));
auto certIt = m_certs.find(it->second);
if (certIt == m_certs.end())
- BOOST_THROW_EXCEPTION(Pib::Error("No default certificate"));
+ BOOST_THROW_EXCEPTION(Pib::Error("No default certificate for key `" + keyName.toUri() + "`"));
else
return certIt->second;
}
+} // namespace pib
} // namespace security
} // namespace ndn
diff --git a/src/security/pib/pib-memory.hpp b/src/security/pib/pib-memory.hpp
index 0cfe7c1..8bacf5c 100644
--- a/src/security/pib/pib-memory.hpp
+++ b/src/security/pib/pib-memory.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -26,6 +26,7 @@
namespace ndn {
namespace security {
+namespace pib {
/**
* @brief An in-memory implementation of Pib
@@ -80,73 +81,68 @@
public: // Key management
bool
- hasKey(const Name& identity, const name::Component& keyId) const override;
+ hasKey(const Name& keyName) const override;
void
- addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey) override;
+ addKey(const Name& identity, const Name& keyName, const uint8_t* key, size_t keyLen) override;
void
- removeKey(const Name& identity, const name::Component& keyId) override;
+ removeKey(const Name& keyName) override;
- v1::PublicKey
- getKeyBits(const Name& identity, const name::Component& keyId) const override;
+ Buffer
+ getKeyBits(const Name& keyName) const override;
- std::set<name::Component>
+ std::set<Name>
getKeysOfIdentity(const Name& identity) const override;
void
- setDefaultKeyOfIdentity(const Name& identity, const name::Component& keyId) override;
+ setDefaultKeyOfIdentity(const Name& identity, const Name& keyName) override;
- name::Component
+ Name
getDefaultKeyOfIdentity(const Name& identity) const override;
public: // Certificate management
-
bool
hasCertificate(const Name& certName) const override;
void
- addCertificate(const v1::IdentityCertificate& certificate) override;
+ addCertificate(const v2::Certificate& certificate) override;
void
removeCertificate(const Name& certName) override;
- v1::IdentityCertificate
+ v2::Certificate
getCertificate(const Name& certName) const override;
std::set<Name>
- getCertificatesOfKey(const Name& identity, const name::Component& keyId) const override;
+ getCertificatesOfKey(const Name& keyName) const override;
void
- setDefaultCertificateOfKey(const Name& identity, const name::Component& keyId, const Name& certName) override;
+ setDefaultCertificateOfKey(const Name& keyName, const Name& certName) override;
- v1::IdentityCertificate
- getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const override;
-
-private: // Key management
-
- Name
- getKeyName(const Name& identity, const name::Component& keyId) const;
+ v2::Certificate
+ getDefaultCertificateOfKey(const Name& keyName) const override;
private:
-
- std::set<Name> m_identities;
bool m_hasDefaultIdentity;
Name m_defaultIdentity;
- /// @brief keyName => keyBits
- std::map<Name, v1::PublicKey> m_keys;
+ std::set<Name> m_identities;
/// @brief identity => default key Name
std::map<Name, Name> m_defaultKey;
- /// @brief certificate Name => certificate
- std::map<Name, v1::IdentityCertificate> m_certs;
+ /// @brief keyName => keyBits
+ std::map<Name, Buffer> m_keys;
/// @brief keyName => default certificate Name
std::map<Name, Name> m_defaultCert;
+
+ /// @brief certificate Name => certificate
+ std::map<Name, v2::Certificate> m_certs;
};
+} // namespace pib
} // namespace security
} // namespace ndn
diff --git a/src/security/pib/pib-sqlite3.cpp b/src/security/pib/pib-sqlite3.cpp
index dc21610..829a509 100644
--- a/src/security/pib/pib-sqlite3.cpp
+++ b/src/security/pib/pib-sqlite3.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,10 +20,9 @@
*/
#include "pib-sqlite3.hpp"
-
-#include "common.hpp"
#include "pib.hpp"
-#include "util/sqlite3-statement.hpp"
+#include "../security-common.hpp"
+#include "../../util/sqlite3-statement.hpp"
#include <sqlite3.h>
#include <boost/filesystem.hpp>
@@ -31,6 +30,7 @@
namespace ndn {
namespace security {
+namespace pib {
using std::string;
using util::Sqlite3Statement;
@@ -100,7 +100,6 @@
" id INTEGER PRIMARY KEY,\n"
" identity_id INTEGER NOT NULL, \n"
" key_name BLOB NOT NULL, \n"
- " key_type INTEGER NOT NULL, \n"
" key_bits BLOB NOT NULL, \n"
" is_default INTEGER DEFAULT 0, \n"
" FOREIGN KEY(identity_id) \n"
@@ -203,39 +202,28 @@
" WHERE key_id=NEW.key_id; \n"
" END; \n";
-static Name
-getKeyName(const Name& identity, const name::Component& keyId)
-{
- Name keyName = identity;
- keyName.append(keyId);
- return keyName;
-}
-
PibSqlite3::PibSqlite3(const string& dir)
{
// Determine the path of PIB DB
- boost::filesystem::path actualDir;
- if (dir == "") {
+ boost::filesystem::path dbDir;
+ if (!dir.empty()) {
+ dbDir = boost::filesystem::path(dir);
+ }
#ifdef NDN_CXX_HAVE_TESTS
- if (getenv("TEST_HOME") != nullptr) {
- actualDir = boost::filesystem::path(getenv("TEST_HOME")) / ".ndn";
- }
- else
+ else if (getenv("TEST_HOME") != nullptr) {
+ dbDir = boost::filesystem::path(getenv("TEST_HOME")) / ".ndn";
+ }
#endif // NDN_CXX_HAVE_TESTS
- if (getenv("HOME") != nullptr) {
- actualDir = boost::filesystem::path(getenv("HOME")) / ".ndn";
- }
- else {
- actualDir = boost::filesystem::path(".") / ".ndn";
- }
+ else if (getenv("HOME") != nullptr) {
+ dbDir = boost::filesystem::path(getenv("HOME")) / ".ndn";
}
else {
- actualDir = boost::filesystem::path(dir);
+ dbDir = boost::filesystem::current_path() / ".ndn";
}
- boost::filesystem::create_directories(actualDir);
+ boost::filesystem::create_directories(dbDir);
// Open PIB
- int result = sqlite3_open_v2((actualDir / "pib.db").c_str(), &m_database,
+ int result = sqlite3_open_v2((dbDir / "pib.db").c_str(), &m_database,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE,
#ifdef NDN_CXX_DISABLE_SQLITE3_FS_LOCKING
"unix-dotfile"
@@ -244,9 +232,9 @@
#endif
);
- if (result != SQLITE_OK)
- BOOST_THROW_EXCEPTION(PibImpl::Error("PIB DB cannot be opened/created: " + dir));
-
+ if (result != SQLITE_OK) {
+ BOOST_THROW_EXCEPTION(PibImpl::Error("PIB database cannot be opened/created in " + dir));
+ }
// enable foreign key
sqlite3_exec(m_database, "PRAGMA foreign_keys=ON", nullptr, nullptr, nullptr);
@@ -272,8 +260,8 @@
statement.bind(1, tpmLocator, SQLITE_TRANSIENT);
statement.step();
- // no row is updated, tpm_locator does not exist, insert it directly
- if (0 == sqlite3_changes(m_database)) {
+ if (sqlite3_changes(m_database) == 0) {
+ // no row is updated, tpm_locator does not exist, insert it directly
Sqlite3Statement insertStatement(m_database, "INSERT INTO tpmInfo (tpm_locator) values (?)");
insertStatement.bind(1, tpmLocator, SQLITE_TRANSIENT);
insertStatement.step();
@@ -349,10 +337,8 @@
}
bool
-PibSqlite3::hasKey(const Name& identity, const name::Component& keyId) const
+PibSqlite3::hasKey(const Name& keyName) const
{
- Name keyName = getKeyName(identity, keyId);
-
Sqlite3Statement statement(m_database, "SELECT id FROM keys WHERE key_name=?");
statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
@@ -360,56 +346,49 @@
}
void
-PibSqlite3::addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey)
+PibSqlite3::addKey(const Name& identity, const Name& keyName,
+ const uint8_t* key, size_t keyLen)
{
- if (hasKey(identity, keyId)) {
+ if (hasKey(keyName)) {
return;
}
// ensure identity exists
addIdentity(identity);
- // add key
- Name keyName = getKeyName(identity, keyId);
-
Sqlite3Statement statement(m_database,
- "INSERT INTO keys (identity_id, key_name, key_type, key_bits) "
- "VALUES ((SELECT id FROM identities WHERE identity=?), ?, ?, ?)");
+ "INSERT INTO keys (identity_id, key_name, key_bits) "
+ "VALUES ((SELECT id FROM identities WHERE identity=?), ?, ?)");
statement.bind(1, identity.wireEncode(), SQLITE_TRANSIENT);
statement.bind(2, keyName.wireEncode(), SQLITE_TRANSIENT);
- statement.bind(3, static_cast<int>(publicKey.getKeyType()));
- statement.bind(4, publicKey.get().buf(), publicKey.get().size(), SQLITE_STATIC);
+ statement.bind(3, key, keyLen, SQLITE_STATIC);
statement.step();
}
void
-PibSqlite3::removeKey(const Name& identity, const name::Component& keyId)
+PibSqlite3::removeKey(const Name& keyName)
{
- Name keyName = getKeyName(identity, keyId);
-
Sqlite3Statement statement(m_database, "DELETE FROM keys WHERE key_name=?");
statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
statement.step();
}
-v1::PublicKey
-PibSqlite3::getKeyBits(const Name& identity, const name::Component& keyId) const
+Buffer
+PibSqlite3::getKeyBits(const Name& keyName) const
{
- Name keyName = getKeyName(identity, keyId);
-
Sqlite3Statement statement(m_database, "SELECT key_bits FROM keys WHERE key_name=?");
statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
if (statement.step() == SQLITE_ROW)
- return v1::PublicKey(statement.getBlob(0), statement.getSize(0));
+ return Buffer(statement.getBlob(0), statement.getSize(0));
else
- BOOST_THROW_EXCEPTION(Pib::Error("Key does not exist"));
+ BOOST_THROW_EXCEPTION(Pib::Error("Key `" + keyName.toUri() + "` does not exist"));
}
-std::set<name::Component>
+std::set<Name>
PibSqlite3::getKeysOfIdentity(const Name& identity) const
{
- std::set<name::Component> keyNames;
+ std::set<Name> keyNames;
Sqlite3Statement statement(m_database,
"SELECT key_name "
@@ -418,20 +397,17 @@
statement.bind(1, identity.wireEncode(), SQLITE_TRANSIENT);
while (statement.step() == SQLITE_ROW) {
- Name keyName(statement.getBlock(0));
- keyNames.insert(keyName.get(-1));
+ keyNames.insert(Name(statement.getBlock(0)));
}
return keyNames;
}
void
-PibSqlite3::setDefaultKeyOfIdentity(const Name& identity, const name::Component& keyId)
+PibSqlite3::setDefaultKeyOfIdentity(const Name& identity, const Name& keyName)
{
- Name keyName = getKeyName(identity, keyId);
-
- if (!hasKey(identity, keyId)) {
- BOOST_THROW_EXCEPTION(Pib::Error("No such key"));
+ if (!hasKey(keyName)) {
+ BOOST_THROW_EXCEPTION(Pib::Error("Key `" + keyName.toUri() + "` does not exist"));
}
Sqlite3Statement statement(m_database, "UPDATE keys SET is_default=1 WHERE key_name=?");
@@ -439,11 +415,11 @@
statement.step();
}
-name::Component
+Name
PibSqlite3::getDefaultKeyOfIdentity(const Name& identity) const
{
if (!hasIdentity(identity)) {
- BOOST_THROW_EXCEPTION(Pib::Error("Identity does not exist"));
+ BOOST_THROW_EXCEPTION(Pib::Error("Identity `" + identity.toUri() + "` does not exist"));
}
Sqlite3Statement statement(m_database,
@@ -453,11 +429,10 @@
statement.bind(1, identity.wireEncode(), SQLITE_TRANSIENT);
if (statement.step() == SQLITE_ROW) {
- Name keyName(statement.getBlock(0));
- return keyName.get(-1);
+ return Name(statement.getBlock(0));
}
else
- BOOST_THROW_EXCEPTION(Pib::Error("No default key"));
+ BOOST_THROW_EXCEPTION(Pib::Error("No default key for identity `" + identity.toUri() + "`"));
}
bool
@@ -469,23 +444,18 @@
}
void
-PibSqlite3::addCertificate(const v1::IdentityCertificate& certificate)
+PibSqlite3::addCertificate(const v2::Certificate& certificate)
{
- const Name& certName = certificate.getName();
- const Name& keyName = certificate.getPublicKeyName();
-
- name::Component keyId = keyName.get(-1);
- Name identityName = keyName.getPrefix(-1);
-
// ensure key exists
- addKey(identityName, keyId, certificate.getPublicKeyInfo());
+ const Block& content = certificate.getContent();
+ addKey(certificate.getIdentity(), certificate.getKeyName(), content.value(), content.value_size());
Sqlite3Statement statement(m_database,
"INSERT INTO certificates "
"(key_id, certificate_name, certificate_data) "
"VALUES ((SELECT id FROM keys WHERE key_name=?), ?, ?)");
- statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
- statement.bind(2, certName.wireEncode(), SQLITE_TRANSIENT);
+ statement.bind(1, certificate.getKeyName().wireEncode(), SQLITE_TRANSIENT);
+ statement.bind(2, certificate.getName().wireEncode(), SQLITE_TRANSIENT);
statement.bind(3, certificate.wireEncode(), SQLITE_STATIC);
statement.step();
}
@@ -498,7 +468,7 @@
statement.step();
}
-v1::IdentityCertificate
+v2::Certificate
PibSqlite3::getCertificate(const Name& certName) const
{
Sqlite3Statement statement(m_database,
@@ -506,18 +476,16 @@
statement.bind(1, certName.wireEncode(), SQLITE_TRANSIENT);
if (statement.step() == SQLITE_ROW)
- return v1::IdentityCertificate(statement.getBlock(0));
+ return v2::Certificate(statement.getBlock(0));
else
- BOOST_THROW_EXCEPTION(Pib::Error("Certificate does not exit"));
+ BOOST_THROW_EXCEPTION(Pib::Error("Certificate `" + certName.toUri() + "` does not exit"));
}
std::set<Name>
-PibSqlite3::getCertificatesOfKey(const Name& identity, const name::Component& keyId) const
+PibSqlite3::getCertificatesOfKey(const Name& keyName) const
{
std::set<Name> certNames;
- Name keyName = getKeyName(identity, keyId);
-
Sqlite3Statement statement(m_database,
"SELECT certificate_name "
"FROM certificates JOIN keys ON certificates.key_id=keys.id "
@@ -531,11 +499,10 @@
}
void
-PibSqlite3::setDefaultCertificateOfKey(const Name& identity, const name::Component& keyId,
- const Name& certName)
+PibSqlite3::setDefaultCertificateOfKey(const Name& keyName, const Name& certName)
{
if (!hasCertificate(certName)) {
- BOOST_THROW_EXCEPTION(Pib::Error("Certificate does not exist"));
+ BOOST_THROW_EXCEPTION(Pib::Error("Certificate `" + certName.toUri() + "` does not exist"));
}
Sqlite3Statement statement(m_database,
@@ -544,11 +511,9 @@
statement.step();
}
-v1::IdentityCertificate
-PibSqlite3::getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const
+v2::Certificate
+PibSqlite3::getDefaultCertificateOfKey(const Name& keyName) const
{
- Name keyName = getKeyName(identity, keyId);
-
Sqlite3Statement statement(m_database,
"SELECT certificate_data "
"FROM certificates JOIN keys ON certificates.key_id=keys.id "
@@ -556,10 +521,11 @@
statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
if (statement.step() == SQLITE_ROW)
- return v1::IdentityCertificate(statement.getBlock(0));
+ return v2::Certificate(statement.getBlock(0));
else
- BOOST_THROW_EXCEPTION(Pib::Error("Certificate does not exit"));
+ BOOST_THROW_EXCEPTION(Pib::Error("No default certificate for key `" + keyName.toUri() + "`"));
}
+} // namespace pib
} // namespace security
} // namespace ndn
diff --git a/src/security/pib/pib-sqlite3.hpp b/src/security/pib/pib-sqlite3.hpp
index 7e4b2c5..bd5819a 100644
--- a/src/security/pib/pib-sqlite3.hpp
+++ b/src/security/pib/pib-sqlite3.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -28,6 +28,7 @@
namespace ndn {
namespace security {
+namespace pib {
/**
* @brief Pib backend implementation based on SQLite3 database
@@ -87,56 +88,55 @@
getDefaultIdentity() const final;
public: // Key management
-
bool
- hasKey(const Name& identity, const name::Component& keyId) const final;
+ hasKey(const Name& keyName) const final;
void
- addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey) final;
+ addKey(const Name& identity, const Name& keyName,
+ const uint8_t* key, size_t keyLen) final;
void
- removeKey(const Name& identity, const name::Component& keyId) final;
+ removeKey(const Name& keyName) final;
- v1::PublicKey
- getKeyBits(const Name& identity, const name::Component& keyId) const final;
+ Buffer
+ getKeyBits(const Name& keyName) const final;
- std::set<name::Component>
+ std::set<Name>
getKeysOfIdentity(const Name& identity) const final;
void
- setDefaultKeyOfIdentity(const Name& identity, const name::Component& keyId) final;
+ setDefaultKeyOfIdentity(const Name& identity, const Name& keyName) final;
- name::Component
+ Name
getDefaultKeyOfIdentity(const Name& identity) const final;
public: // Certificate Management
-
bool
hasCertificate(const Name& certName) const final;
void
- addCertificate(const v1::IdentityCertificate& certificate) final;
+ addCertificate(const v2::Certificate& certificate) final;
void
removeCertificate(const Name& certName) final;
- v1::IdentityCertificate
+ v2::Certificate
getCertificate(const Name& certName) const final;
std::set<Name>
- getCertificatesOfKey(const Name& identity, const name::Component& keyId) const final;
+ getCertificatesOfKey(const Name& keyName) const final;
void
- setDefaultCertificateOfKey(const Name& identity, const name::Component& keyId,
- const Name& certName) final;
+ setDefaultCertificateOfKey(const Name& keyName, const Name& certName) final;
- v1::IdentityCertificate
- getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const final;
+ v2::Certificate
+ getDefaultCertificateOfKey(const Name& keyName) const final;
private:
sqlite3* m_database;
};
+} // namespace pib
} // namespace security
} // namespace ndn
diff --git a/src/security/pib/pib.cpp b/src/security/pib/pib.cpp
index 511c96a..73f53d0 100644
--- a/src/security/pib/pib.cpp
+++ b/src/security/pib/pib.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -24,6 +24,7 @@
namespace ndn {
namespace security {
+namespace pib {
Pib::Pib(const std::string scheme, const std::string& location, shared_ptr<PibImpl> impl)
: m_scheme(scheme)
@@ -115,6 +116,6 @@
return m_defaultIdentity;
}
-
+} // namespace pib
} // namespace security
} // namespace ndn
diff --git a/src/security/pib/pib.hpp b/src/security/pib/pib.hpp
index 5c5a11c..8f68f1f 100644
--- a/src/security/pib/pib.hpp
+++ b/src/security/pib/pib.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -28,6 +28,9 @@
namespace security {
class KeyChain;
+
+namespace pib {
+
class PibImpl;
/**
@@ -181,6 +184,10 @@
shared_ptr<PibImpl> m_impl;
};
+} // namespace pib
+
+using pib::Pib;
+
} // namespace security
} // namespace ndn