security: Separate TPM locator modification and database resetting in PIB
Change-Id: I80c2805b6e1204b95d59a090a6a04e1ee62fb6e5
Refs: #3203
diff --git a/src/security/pib/pib-impl.hpp b/src/security/pib/pib-impl.hpp
index 6f233f1..9b343f5 100644
--- a/src/security/pib/pib-impl.hpp
+++ b/src/security/pib/pib-impl.hpp
@@ -60,12 +60,9 @@
public: // TpmLocator management
/**
- * @brief Set the corresponding TPM information to @p tpmLocator.
+ * @brief Set the corresponding TPM information to @p tpmLocator
*
- * If the provided @p tpmLocator is different from the existing one, the
- * content in PIB will be cleaned up, otherwise nothing will be changed.
- *
- * @param tpmLocator The name for the new TPM locator
+ * This method does not reset contents of the PIB
*/
virtual void
setTpmLocator(const std::string& tpmLocator) = 0;
@@ -108,7 +105,15 @@
virtual void
removeIdentity(const Name& identity) = 0;
- /// @brief Get the name of all the identities
+ /**
+ * @brief Erasing all certificates, keys, and identities
+ */
+ virtual void
+ clearIdentities() = 0;
+
+ /**
+ * @brief Get the name of all the identities
+ */
virtual std::set<Name>
getIdentities() const = 0;
diff --git a/src/security/pib/pib-memory.cpp b/src/security/pib/pib-memory.cpp
index 719d0c4..edf2ce9 100644
--- a/src/security/pib/pib-memory.cpp
+++ b/src/security/pib/pib-memory.cpp
@@ -35,14 +35,13 @@
void
PibMemory::setTpmLocator(const std::string& tpmLocator)
{
- // The locator of PibMemory is always 'tpm-memory:'
- BOOST_THROW_EXCEPTION(Error("PibMemory does not need a locator"));
+ m_tpmLocator = tpmLocator;
}
std::string
PibMemory::getTpmLocator() const
{
- return "tpm-memory:";
+ return m_tpmLocator;
}
bool
@@ -75,6 +74,18 @@
}
}
+void
+PibMemory::clearIdentities()
+{
+ m_hasDefaultIdentity = false;
+ m_defaultIdentity.clear();
+ m_identities.clear();
+ m_defaultKey.clear();
+ m_keys.clear();
+ m_defaultCert.clear();
+ m_certs.clear();
+}
+
std::set<Name>
PibMemory::getIdentities() const
{
diff --git a/src/security/pib/pib-memory.hpp b/src/security/pib/pib-memory.hpp
index 8bacf5c..c48f9fc 100644
--- a/src/security/pib/pib-memory.hpp
+++ b/src/security/pib/pib-memory.hpp
@@ -51,7 +51,6 @@
PibMemory();
public: // TpmLocator management
-
void
setTpmLocator(const std::string& tpmLocator) override;
@@ -59,7 +58,6 @@
getTpmLocator() const override;
public: // Identity management
-
bool
hasIdentity(const Name& identity) const override;
@@ -69,6 +67,9 @@
void
removeIdentity(const Name& identity) override;
+ void
+ clearIdentities() override;
+
std::set<Name>
getIdentities() const override;
@@ -79,7 +80,6 @@
getDefaultIdentity() const override;
public: // Key management
-
bool
hasKey(const Name& keyName) const override;
@@ -124,6 +124,8 @@
getDefaultCertificateOfKey(const Name& keyName) const override;
private:
+ std::string m_tpmLocator;
+
bool m_hasDefaultIdentity;
Name m_defaultIdentity;
diff --git a/src/security/pib/pib-sqlite3.cpp b/src/security/pib/pib-sqlite3.cpp
index 829a509..8d8c437 100644
--- a/src/security/pib/pib-sqlite3.cpp
+++ b/src/security/pib/pib-sqlite3.cpp
@@ -41,17 +41,6 @@
" tpm_locator BLOB \n"
" ); \n"
" \n"
- "CREATE TRIGGER IF NOT EXISTS \n"
- " tpm_update_trigger \n"
- " BEFORE UPDATE ON tpmInfo \n"
- " WHEN NEW.tpm_locator!=OLD.tpm_locator \n"
- " BEGIN \n"
- " DELETE FROM certificates; \n"
- " DELETE FROM keys; \n"
- " DELETE FROM identities; \n"
- " END; \n"
- " \n"
- " \n"
"CREATE TABLE IF NOT EXISTS \n"
" identities( \n"
" id INTEGER PRIMARY KEY,\n"
@@ -273,12 +262,10 @@
{
Sqlite3Statement statement(m_database, "SELECT tpm_locator FROM tpmInfo");
int res = statement.step();
-
- string tpmLocator;
if (res == SQLITE_ROW)
return statement.getString(0);
else
- BOOST_THROW_EXCEPTION(Pib::Error("TPM info does not exist"));
+ return "";
}
bool
@@ -305,6 +292,13 @@
statement.step();
}
+void
+PibSqlite3::clearIdentities()
+{
+ Sqlite3Statement statement(m_database, "DELETE FROM identities");
+ statement.step();
+}
+
std::set<Name>
PibSqlite3::getIdentities() const
{
diff --git a/src/security/pib/pib-sqlite3.hpp b/src/security/pib/pib-sqlite3.hpp
index bd5819a..806a29c 100644
--- a/src/security/pib/pib-sqlite3.hpp
+++ b/src/security/pib/pib-sqlite3.hpp
@@ -60,7 +60,6 @@
~PibSqlite3();
public: // TpmLocator management
-
void
setTpmLocator(const std::string& tpmLocator) final;
@@ -68,7 +67,6 @@
getTpmLocator() const final;
public: // Identity management
-
bool
hasIdentity(const Name& identity) const final;
@@ -78,6 +76,9 @@
void
removeIdentity(const Name& identity) final;
+ void
+ clearIdentities() final;
+
std::set<Name>
getIdentities() const final;
diff --git a/src/security/pib/pib.cpp b/src/security/pib/pib.cpp
index 73f53d0..a29018e 100644
--- a/src/security/pib/pib.cpp
+++ b/src/security/pib/pib.cpp
@@ -26,7 +26,7 @@
namespace security {
namespace pib {
-Pib::Pib(const std::string scheme, const std::string& location, shared_ptr<PibImpl> impl)
+Pib::Pib(const std::string& scheme, const std::string& location, shared_ptr<PibImpl> impl)
: m_scheme(scheme)
, m_location(location)
, m_hasDefaultIdentity(false)
@@ -35,9 +35,7 @@
{
}
-Pib::~Pib()
-{
-}
+Pib::~Pib() = default;
std::string
Pib::getPibLocator() const
@@ -48,13 +46,31 @@
void
Pib::setTpmLocator(const std::string& tpmLocator)
{
+ if (tpmLocator == m_impl->getTpmLocator()) {
+ return;
+ }
+ reset();
m_impl->setTpmLocator(tpmLocator);
}
std::string
Pib::getTpmLocator() const
{
- return m_impl->getTpmLocator();
+ std::string tpmLocator = m_impl->getTpmLocator();
+ if (tpmLocator.empty()) {
+ BOOST_THROW_EXCEPTION(Pib::Error("TPM info does not exist"));
+ }
+ return tpmLocator;
+}
+
+void
+Pib::reset()
+{
+ m_impl->clearIdentities();
+ m_impl->setTpmLocator("");
+
+ m_hasDefaultIdentity = false;
+ m_needRefreshIdentities = true;
}
Identity
diff --git a/src/security/pib/pib.hpp b/src/security/pib/pib.hpp
index 8f68f1f..3d73098 100644
--- a/src/security/pib/pib.hpp
+++ b/src/security/pib/pib.hpp
@@ -66,7 +66,6 @@
};
public:
-
~Pib();
/**
@@ -87,21 +86,26 @@
/**
* @brief Set the corresponding TPM information to @p tpmLocator.
*
- * If the provided @p tpmLocator is different from the existing one, the
- * PIB will be reset, otherwise nothing will be changed.
- *
- * @param tpmLocator The name for the new TPM locator
+ * If the provided @p tpmLocator is different from the existing one, PIB will be reset.
+ * Otherwise, nothing will be changed.
*/
void
setTpmLocator(const std::string& tpmLocator);
/**
* @brief Get TPM Locator
+ * @throws Error if TPM locator is empty
*/
std::string
getTpmLocator() const;
/**
+ * @brief Reset content in PIB, including reset of the TPM locator
+ */
+ void
+ reset();
+
+ /**
* @brief Get an identity with name @p identityName.
*
* @param identityName The name for the identity to get.
@@ -163,7 +167,7 @@
* @param location The location for the Pib
* @param impl The backend implementation
*/
- Pib(const std::string scheme, const std::string& location, shared_ptr<PibImpl> impl);
+ Pib(const std::string& scheme, const std::string& location, shared_ptr<PibImpl> impl);
shared_ptr<PibImpl>
getImpl()