security: consolidate creation of identities/keys in the respective containers

Change-Id: I754e5711fd95b97834dd2e9c0ab1830eaff4be35
diff --git a/ndn-cxx/security/pib/identity-container.cpp b/ndn-cxx/security/pib/identity-container.cpp
index c73af9d..1231c45 100644
--- a/ndn-cxx/security/pib/identity-container.cpp
+++ b/ndn-cxx/security/pib/identity-container.cpp
@@ -80,8 +80,9 @@
   }
 
   NDN_LOG_DEBUG("Adding " << identityName);
+  m_pib->addIdentity(identityName);
   auto ret = m_identities.emplace(identityName,
-                                  std::make_shared<detail::IdentityImpl>(identityName, m_pib, true));
+                                  std::make_shared<detail::IdentityImpl>(identityName, m_pib));
   // consistency check
   BOOST_ASSERT(ret.second);
 
@@ -110,7 +111,12 @@
     return Identity(it->second);
   }
 
-  auto id = std::make_shared<detail::IdentityImpl>(identityName, m_pib, false);
+  // check that the identity exists in the backend
+  if (!m_pib->hasIdentity(identityName)) {
+    NDN_THROW(Pib::Error("Identity `" + identityName.toUri() + "` does not exist"));
+  }
+
+  auto id = std::make_shared<detail::IdentityImpl>(identityName, m_pib);
   m_identities[identityName] = id;
   return Identity(id);
 }
diff --git a/ndn-cxx/security/pib/impl/identity-impl.cpp b/ndn-cxx/security/pib/impl/identity-impl.cpp
index 104f847..0256c54 100644
--- a/ndn-cxx/security/pib/impl/identity-impl.cpp
+++ b/ndn-cxx/security/pib/impl/identity-impl.cpp
@@ -30,19 +30,13 @@
 
 NDN_LOG_INIT(ndn.security.Identity);
 
-IdentityImpl::IdentityImpl(const Name& identityName, shared_ptr<PibImpl> pibImpl, bool needInit)
+IdentityImpl::IdentityImpl(const Name& identityName, shared_ptr<PibImpl> pibImpl)
   : m_name(identityName)
   , m_pib(std::move(pibImpl))
-  , m_keys(identityName, m_pib)
+  , m_keys(m_name, m_pib)
 {
   BOOST_ASSERT(m_pib != nullptr);
-
-  if (needInit) {
-    m_pib->addIdentity(m_name);
-  }
-  else if (!m_pib->hasIdentity(m_name)) {
-    NDN_THROW(Pib::Error("Identity " + m_name.toUri() + " does not exist"));
-  }
+  BOOST_ASSERT(m_pib->hasIdentity(m_name));
 }
 
 Key
diff --git a/ndn-cxx/security/pib/impl/identity-impl.hpp b/ndn-cxx/security/pib/impl/identity-impl.hpp
index eb14c89..36f7a3f 100644
--- a/ndn-cxx/security/pib/impl/identity-impl.hpp
+++ b/ndn-cxx/security/pib/impl/identity-impl.hpp
@@ -49,10 +49,9 @@
    *
    * @param identityName The name of the identity.
    * @param pibImpl The PIB backend implementation.
-   * @param needInit If true, create the identity in backend when the identity does not exist.
-   *                 Otherwise, throw Pib::Error when the identity does not exist.
+   * @pre The identity must exist in the backend.
    */
-  IdentityImpl(const Name& identityName, shared_ptr<PibImpl> pibImpl, bool needInit = false);
+  IdentityImpl(const Name& identityName, shared_ptr<PibImpl> pibImpl);
 
   // See security::pib::Identity for the documentation of the following methods
 
diff --git a/ndn-cxx/security/pib/impl/key-impl.cpp b/ndn-cxx/security/pib/impl/key-impl.cpp
index a4bbf34..48d589f 100644
--- a/ndn-cxx/security/pib/impl/key-impl.cpp
+++ b/ndn-cxx/security/pib/impl/key-impl.cpp
@@ -31,40 +31,24 @@
 
 NDN_LOG_INIT(ndn.security.Key);
 
-KeyImpl::KeyImpl(const Name& keyName, span<const uint8_t> key, shared_ptr<PibImpl> pibImpl)
+KeyImpl::KeyImpl(const Name& keyName, Buffer key, shared_ptr<PibImpl> pibImpl)
   : m_identity(extractIdentityFromKeyName(keyName))
   , m_keyName(keyName)
-  , m_key(key.begin(), key.end())
+  , m_key(std::move(key))
   , m_pib(std::move(pibImpl))
-  , m_certificates(keyName, m_pib)
+  , m_certificates(m_keyName, m_pib)
 {
   BOOST_ASSERT(m_pib != nullptr);
+  BOOST_ASSERT(m_pib->hasKey(m_keyName));
 
   transform::PublicKey publicKey;
   try {
-    publicKey.loadPkcs8(key);
+    publicKey.loadPkcs8(m_key);
   }
   catch (const transform::PublicKey::Error&) {
     NDN_THROW_NESTED(std::invalid_argument("Invalid key bits"));
   }
   m_keyType = publicKey.getKeyType();
-
-  m_pib->addKey(m_identity, m_keyName, key);
-}
-
-KeyImpl::KeyImpl(const Name& keyName, shared_ptr<PibImpl> pibImpl)
-  : m_identity(extractIdentityFromKeyName(keyName))
-  , m_keyName(keyName)
-  , m_pib(std::move(pibImpl))
-  , m_certificates(keyName, m_pib)
-{
-  BOOST_ASSERT(m_pib != nullptr);
-
-  m_key = m_pib->getKeyBits(m_keyName);
-
-  transform::PublicKey key;
-  key.loadPkcs8(m_key);
-  m_keyType = key.getKeyType();
 }
 
 void
diff --git a/ndn-cxx/security/pib/impl/key-impl.hpp b/ndn-cxx/security/pib/impl/key-impl.hpp
index 02de2f9..aed4932 100644
--- a/ndn-cxx/security/pib/impl/key-impl.hpp
+++ b/ndn-cxx/security/pib/impl/key-impl.hpp
@@ -46,26 +46,15 @@
 {
 public:
   /**
-   * @brief Create a new key with name @p keyName.
-   *
-   * If the key does not exist in the backend, it will be added.
-   * If a key with the same name already exists, it will be overwritten.
+   * @brief Create a key with name @p keyName.
    *
    * @param keyName The name of the key.
    * @param key The public key bits.
    * @param pibImpl The PIB backend implementation.
+   * @pre The key must exist in the backend.
    * @throw std::invalid_argument @p key is invalid or unsupported.
    */
-  KeyImpl(const Name& keyName, span<const uint8_t> key, shared_ptr<PibImpl> pibImpl);
-
-  /**
-   * @brief Load an existing key with name @p keyName.
-   *
-   * @param keyName The name of the key.
-   * @param pibImpl The PIB backend implementation.
-   * @throw Pib::Error The key does not exist in the backend.
-   */
-  KeyImpl(const Name& keyName, shared_ptr<PibImpl> pibImpl);
+  KeyImpl(const Name& keyName, Buffer key, shared_ptr<PibImpl> pibImpl);
 
   // See security::pib::Key for the documentation of the following methods
 
@@ -136,7 +125,7 @@
 private:
   const Name m_identity;
   const Name m_keyName;
-  Buffer m_key;
+  const Buffer m_key;
   KeyType m_keyType;
 
   const shared_ptr<PibImpl> m_pib;
diff --git a/ndn-cxx/security/pib/impl/pib-sqlite3.cpp b/ndn-cxx/security/pib/impl/pib-sqlite3.cpp
index 06e14cc..0d08fd8 100644
--- a/ndn-cxx/security/pib/impl/pib-sqlite3.cpp
+++ b/ndn-cxx/security/pib/impl/pib-sqlite3.cpp
@@ -439,10 +439,6 @@
 Name
 PibSqlite3::getDefaultKeyOfIdentity(const Name& identity) const
 {
-  if (!hasIdentity(identity)) {
-    NDN_THROW(Pib::Error("Identity `" + identity.toUri() + "` does not exist"));
-  }
-
   Sqlite3Statement statement(m_database,
                              "SELECT key_name "
                              "FROM keys JOIN identities ON keys.identity_id=identities.id "
@@ -576,7 +572,6 @@
                              "FROM certificates JOIN keys ON certificates.key_id=keys.id "
                              "WHERE certificates.is_default=1 AND keys.key_name=?");
   statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
-
   return statement.step() == SQLITE_ROW;
 }
 
diff --git a/ndn-cxx/security/pib/key-container.cpp b/ndn-cxx/security/pib/key-container.cpp
index 3551590..e79d96f 100644
--- a/ndn-cxx/security/pib/key-container.cpp
+++ b/ndn-cxx/security/pib/key-container.cpp
@@ -81,8 +81,9 @@
 
   bool isNew = m_keyNames.insert(keyName).second;
   NDN_LOG_DEBUG((isNew ? "Adding " : "Replacing ") << keyName);
+  m_pib->addKey(m_identity, keyName, keyBits);
 
-  auto key = std::make_shared<detail::KeyImpl>(keyName, keyBits, m_pib);
+  auto key = std::make_shared<detail::KeyImpl>(keyName, Buffer(keyBits.begin(), keyBits.end()), m_pib);
   m_keys[keyName] = key; // use insert_or_assign in C++17
   return Key(key);
 }
@@ -119,7 +120,11 @@
     return Key(it->second);
   }
 
-  auto key = std::make_shared<detail::KeyImpl>(keyName, m_pib);
+  // no need to check that the key exists in the backend
+  // because getKeyBits will throw if it doesn't
+  auto keyBits = m_pib->getKeyBits(keyName);
+
+  auto key = std::make_shared<detail::KeyImpl>(keyName, std::move(keyBits), m_pib);
   m_keys[keyName] = key;
   return Key(key);
 }
diff --git a/tests/unit/security/pib/certificate-container.t.cpp b/tests/unit/security/pib/certificate-container.t.cpp
index 117e8f2..0ba9956 100644
--- a/tests/unit/security/pib/certificate-container.t.cpp
+++ b/tests/unit/security/pib/certificate-container.t.cpp
@@ -30,8 +30,6 @@
 namespace pib {
 namespace tests {
 
-using namespace ndn::security::tests;
-
 BOOST_AUTO_TEST_SUITE(Security)
 BOOST_AUTO_TEST_SUITE(Pib)
 BOOST_FIXTURE_TEST_SUITE(TestCertificateContainer, PibDataFixture)
diff --git a/tests/unit/security/pib/identity-container.t.cpp b/tests/unit/security/pib/identity-container.t.cpp
index 77503a0..893f912 100644
--- a/tests/unit/security/pib/identity-container.t.cpp
+++ b/tests/unit/security/pib/identity-container.t.cpp
@@ -30,8 +30,6 @@
 namespace pib {
 namespace tests {
 
-using namespace ndn::security::tests;
-
 BOOST_AUTO_TEST_SUITE(Security)
 BOOST_AUTO_TEST_SUITE(Pib)
 BOOST_FIXTURE_TEST_SUITE(TestIdentityContainer, PibDataFixture)
diff --git a/tests/unit/security/pib/identity.t.cpp b/tests/unit/security/pib/identity.t.cpp
index 97f2369..5a1816e 100644
--- a/tests/unit/security/pib/identity.t.cpp
+++ b/tests/unit/security/pib/identity.t.cpp
@@ -21,8 +21,6 @@
 
 #include "ndn-cxx/security/pib/identity.hpp"
 #include "ndn-cxx/security/pib/impl/identity-impl.hpp"
-#include "ndn-cxx/security/pib/impl/pib-memory.hpp"
-#include "ndn-cxx/security/pib/pib.hpp"
 
 #include "tests/boost-test.hpp"
 #include "tests/unit/security/pib/pib-data-fixture.hpp"
@@ -32,8 +30,6 @@
 namespace pib {
 namespace tests {
 
-using namespace ndn::security::tests;
-
 BOOST_AUTO_TEST_SUITE(Security)
 BOOST_AUTO_TEST_SUITE(Pib)
 BOOST_FIXTURE_TEST_SUITE(TestIdentity, PibDataFixture)
@@ -44,7 +40,7 @@
   BOOST_TEST(!id);
   BOOST_TEST(id == Identity());
 
-  auto impl = std::make_shared<detail::IdentityImpl>(id1, std::make_shared<PibMemory>(), true);
+  auto impl = std::make_shared<detail::IdentityImpl>(id1, makePibWithIdentity(id1));
   id = Identity(impl);
   BOOST_TEST(id);
   BOOST_TEST(id != Identity());
@@ -58,7 +54,7 @@
 // property of pib::Identity in this test case.
 BOOST_AUTO_TEST_CASE(SharedImpl)
 {
-  auto impl = std::make_shared<detail::IdentityImpl>(id1, std::make_shared<pib::PibMemory>(), true);
+  auto impl = std::make_shared<detail::IdentityImpl>(id1, makePibWithIdentity(id1));
   Identity identity1(impl);
   Identity identity2(impl);
 
diff --git a/tests/unit/security/pib/impl/identity-impl.t.cpp b/tests/unit/security/pib/impl/identity-impl.t.cpp
index 390cee4..b7701aa 100644
--- a/tests/unit/security/pib/impl/identity-impl.t.cpp
+++ b/tests/unit/security/pib/impl/identity-impl.t.cpp
@@ -20,8 +20,6 @@
  */
 
 #include "ndn-cxx/security/pib/impl/identity-impl.hpp"
-#include "ndn-cxx/security/pib/impl/pib-memory.hpp"
-#include "ndn-cxx/security/pib/pib.hpp"
 
 #include "tests/boost-test.hpp"
 #include "tests/unit/security/pib/pib-data-fixture.hpp"
@@ -34,23 +32,26 @@
 
 BOOST_AUTO_TEST_SUITE(Security)
 BOOST_AUTO_TEST_SUITE(Pib)
-BOOST_FIXTURE_TEST_SUITE(TestIdentityImpl, ndn::security::tests::PibDataFixture)
 
 using pib::Pib;
 
-BOOST_AUTO_TEST_CASE(Basic)
+class IdentityImplFixture : public pib::tests::PibDataFixture
 {
-  IdentityImpl identity1(id1, std::make_shared<pib::PibMemory>(), true);
+protected:
+  const shared_ptr<PibImpl> pibImpl = makePibWithIdentity(id1);
+  IdentityImpl identity1{id1, pibImpl};
+};
+
+BOOST_FIXTURE_TEST_SUITE(TestIdentityImpl, IdentityImplFixture)
+
+BOOST_AUTO_TEST_CASE(Properties)
+{
   BOOST_CHECK_EQUAL(identity1.getName(), id1);
 }
 
 BOOST_AUTO_TEST_CASE(KeyOperations)
 {
-  auto pibImpl = std::make_shared<pib::PibMemory>();
-  IdentityImpl identity1(id1, pibImpl, true);
-  BOOST_CHECK_NO_THROW(IdentityImpl(id1, pibImpl, false));
-
-  // identity does not have any key
+  // identity does not have any keys
   BOOST_CHECK_EQUAL(identity1.getKeys().size(), 0);
 
   // get non-existing key, throw Pib::Error
@@ -114,26 +115,19 @@
   BOOST_CHECK_THROW(identity1.getDefaultKey(), Pib::Error);
 }
 
-BOOST_AUTO_TEST_CASE(Overwrite)
+BOOST_AUTO_TEST_CASE(ReplaceKey)
 {
-  IdentityImpl identity1(id1, std::make_shared<pib::PibMemory>(), true);
-
   identity1.addKey(id1Key1, id1Key1Name);
   auto k1 = identity1.getKey(id1Key1Name);
   BOOST_TEST(k1.getPublicKey() == id1Key1, boost::test_tools::per_element());
 
-  identity1.addKey(id1Key2, id1Key1Name); // overwriting key should work
+  identity1.addKey(id1Key2, id1Key1Name); // overwrite key
   auto k2 = identity1.getKey(id1Key1Name);
   BOOST_TEST(k2.getPublicKey() == id1Key2, boost::test_tools::per_element());
 }
 
 BOOST_AUTO_TEST_CASE(Errors)
 {
-  auto pibImpl = std::make_shared<pib::PibMemory>();
-
-  BOOST_CHECK_THROW(IdentityImpl(id1, pibImpl, false), Pib::Error);
-  IdentityImpl identity1(id1, pibImpl, true);
-
   identity1.addKey(id1Key1, id1Key1Name);
   BOOST_CHECK_THROW(identity1.addKey(id2Key1, id2Key1Name), std::invalid_argument);
   BOOST_CHECK_THROW(identity1.removeKey(id2Key1Name), std::invalid_argument);
diff --git a/tests/unit/security/pib/impl/key-impl.t.cpp b/tests/unit/security/pib/impl/key-impl.t.cpp
index dfcd19a..2f883a5 100644
--- a/tests/unit/security/pib/impl/key-impl.t.cpp
+++ b/tests/unit/security/pib/impl/key-impl.t.cpp
@@ -20,8 +20,6 @@
  */
 
 #include "ndn-cxx/security/pib/impl/key-impl.hpp"
-#include "ndn-cxx/security/pib/impl/pib-memory.hpp"
-#include "ndn-cxx/security/pib/pib.hpp"
 
 #include "tests/boost-test.hpp"
 #include "tests/key-chain-fixture.hpp"
@@ -35,34 +33,29 @@
 
 BOOST_AUTO_TEST_SUITE(Security)
 BOOST_AUTO_TEST_SUITE(Pib)
-BOOST_FIXTURE_TEST_SUITE(TestKeyImpl, security::tests::PibDataFixture)
 
 using pib::Pib;
 
-BOOST_AUTO_TEST_CASE(Basic)
+class KeyImplFixture : public pib::tests::PibDataFixture
 {
-  auto pibImpl = make_shared<pib::PibMemory>();
-  KeyImpl key11(id1Key1Name, id1Key1, pibImpl);
+protected:
+  const shared_ptr<PibImpl> pibImpl = makePibWithKey(id1Key1Name, id1Key1);
+  KeyImpl key11{id1Key1Name, id1Key1, pibImpl};
+};
 
-  BOOST_CHECK_EQUAL(key11.getName(), id1Key1Name);
+BOOST_FIXTURE_TEST_SUITE(TestKeyImpl, KeyImplFixture)
+
+BOOST_AUTO_TEST_CASE(Properties)
+{
   BOOST_CHECK_EQUAL(key11.getIdentity(), id1);
+  BOOST_CHECK_EQUAL(key11.getName(), id1Key1Name);
   BOOST_CHECK_EQUAL(key11.getKeyType(), KeyType::EC);
   BOOST_TEST(key11.getPublicKey() == id1Key1, boost::test_tools::per_element());
-
-  KeyImpl key11Bak(id1Key1Name, pibImpl);
-  BOOST_CHECK_EQUAL(key11Bak.getName(), id1Key1Name);
-  BOOST_CHECK_EQUAL(key11Bak.getIdentity(), id1);
-  BOOST_CHECK_EQUAL(key11Bak.getKeyType(), KeyType::EC);
-  BOOST_TEST(key11Bak.getPublicKey() == id1Key1, boost::test_tools::per_element());
 }
 
 BOOST_AUTO_TEST_CASE(CertificateOperations)
 {
-  auto pibImpl = make_shared<pib::PibMemory>();
-  KeyImpl key11(id1Key1Name, id1Key1, pibImpl);
-  BOOST_CHECK_NO_THROW(KeyImpl(id1Key1Name, pibImpl));
-
-  // key does not have any certificate
+  // key does not have any certificates
   BOOST_CHECK_EQUAL(key11.getCertificates().size(), 0);
 
   // get non-existing certificate, throw Pib::Error
@@ -121,56 +114,35 @@
   BOOST_CHECK_THROW(key11.getDefaultCertificate(), Pib::Error);
 }
 
-class OverwriteFixture : public ndn::security::tests::PibDataFixture,
-                         public ndn::tests::KeyChainFixture
+class ReplaceFixture : public ndn::tests::KeyChainFixture,
+                       public KeyImplFixture
 {
 };
 
-BOOST_FIXTURE_TEST_CASE(Overwrite, OverwriteFixture)
+BOOST_FIXTURE_TEST_CASE(ReplaceCertificate, ReplaceFixture)
 {
-  auto pibImpl = make_shared<pib::PibMemory>();
-
-  BOOST_CHECK_THROW(KeyImpl(id1Key1Name, pibImpl), Pib::Error);
-  KeyImpl(id1Key1Name, id1Key1, pibImpl);
-  KeyImpl key1(id1Key1Name, pibImpl);
-
-  KeyImpl(id1Key1Name, id1Key2, pibImpl); // overwriting of the key should work
-  KeyImpl key2(id1Key1Name, pibImpl);
-
-  Buffer key1buf(key1.getPublicKey().begin(), key1.getPublicKey().end());
-  Buffer key2buf(key2.getPublicKey().begin(), key2.getPublicKey().end());
-  BOOST_CHECK(key1buf != key2buf); // key1 cached the original public key
-  BOOST_CHECK(key2buf == id1Key2);
-
-  key1.addCertificate(id1Key1Cert1);
-  BOOST_CHECK_EQUAL(key1.getCertificate(id1Key1Cert1.getName()), id1Key1Cert1);
+  key11.addCertificate(id1Key1Cert1);
+  BOOST_CHECK_EQUAL(key11.getCertificate(id1Key1Cert1.getName()), id1Key1Cert1);
 
   auto otherCert = id1Key1Cert1;
   SignatureInfo info;
   info.setValidityPeriod(ValidityPeriod::makeRelative(-1_s, 10_s));
   m_keyChain.sign(otherCert, SigningInfo().setSignatureInfo(info));
-
   BOOST_TEST(otherCert.getName() == id1Key1Cert1.getName());
   BOOST_TEST(otherCert.getContent() == id1Key1Cert1.getContent());
   BOOST_TEST(otherCert != id1Key1Cert1);
 
-  key1.addCertificate(otherCert);
-  BOOST_TEST(key1.getCertificate(id1Key1Cert1.getName()) == otherCert);
+  key11.addCertificate(otherCert); // overwrite cert
+  BOOST_TEST(key11.getCertificate(id1Key1Cert1.getName()) == otherCert);
 }
 
 BOOST_AUTO_TEST_CASE(Errors)
 {
-  auto pibImpl = make_shared<pib::PibMemory>();
-
-  BOOST_CHECK_THROW(KeyImpl(id1Key1Name, pibImpl), Pib::Error);
-  KeyImpl key11(id1Key1Name, id1Key1, pibImpl);
-
-  BOOST_CHECK_THROW(KeyImpl(Name("/wrong"), pibImpl), std::invalid_argument);
   BOOST_CHECK_THROW(KeyImpl(Name("/wrong"), id1Key1, pibImpl), std::invalid_argument);
-  Buffer wrongKey;
-  BOOST_CHECK_THROW(KeyImpl(id1Key2Name, wrongKey, pibImpl), std::invalid_argument);
 
-  key11.addCertificate(id1Key1Cert1);
+  Buffer invalidKey;
+  BOOST_CHECK_THROW(KeyImpl(id1Key1Name, invalidKey, pibImpl), std::invalid_argument);
+
   BOOST_CHECK_THROW(key11.addCertificate(id1Key2Cert1), std::invalid_argument);
   BOOST_CHECK_THROW(key11.removeCertificate(id1Key2Cert1.getName()), std::invalid_argument);
   BOOST_CHECK_THROW(key11.getCertificate(id1Key2Cert1.getName()), std::invalid_argument);
diff --git a/tests/unit/security/pib/key-container.t.cpp b/tests/unit/security/pib/key-container.t.cpp
index 3e51424..fac7739 100644
--- a/tests/unit/security/pib/key-container.t.cpp
+++ b/tests/unit/security/pib/key-container.t.cpp
@@ -30,8 +30,6 @@
 namespace pib {
 namespace tests {
 
-using namespace ndn::security::tests;
-
 BOOST_AUTO_TEST_SUITE(Security)
 BOOST_AUTO_TEST_SUITE(Pib)
 BOOST_FIXTURE_TEST_SUITE(TestKeyContainer, PibDataFixture)
diff --git a/tests/unit/security/pib/key.t.cpp b/tests/unit/security/pib/key.t.cpp
index 2aa28e1..8265f01 100644
--- a/tests/unit/security/pib/key.t.cpp
+++ b/tests/unit/security/pib/key.t.cpp
@@ -21,8 +21,6 @@
 
 #include "ndn-cxx/security/pib/key.hpp"
 #include "ndn-cxx/security/pib/impl/key-impl.hpp"
-#include "ndn-cxx/security/pib/impl/pib-memory.hpp"
-#include "ndn-cxx/security/pib/pib.hpp"
 
 #include "tests/boost-test.hpp"
 #include "tests/unit/security/pib/pib-data-fixture.hpp"
@@ -32,8 +30,6 @@
 namespace pib {
 namespace tests {
 
-using namespace ndn::security::tests;
-
 BOOST_AUTO_TEST_SUITE(Security)
 BOOST_AUTO_TEST_SUITE(Pib)
 BOOST_FIXTURE_TEST_SUITE(TestKey, PibDataFixture)
@@ -44,7 +40,8 @@
   BOOST_TEST(!key);
   BOOST_TEST(key == Key());
 
-  auto impl = std::make_shared<detail::KeyImpl>(id1Key1Name, id1Key1, std::make_shared<pib::PibMemory>());
+  auto impl = std::make_shared<detail::KeyImpl>(id1Key1Name, id1Key1,
+                                                makePibWithKey(id1Key1Name, id1Key1));
   key = Key(impl);
   BOOST_TEST(key);
   BOOST_TEST(key != Key());
@@ -59,7 +56,7 @@
 BOOST_AUTO_TEST_CASE(SharedImpl)
 {
   auto keyImpl = std::make_shared<detail::KeyImpl>(id1Key1Name, id1Key1,
-                                                   std::make_shared<pib::PibMemory>());
+                                                   makePibWithKey(id1Key1Name, id1Key1));
   Key key1(keyImpl);
   Key key2(keyImpl);
 
diff --git a/tests/unit/security/pib/pib-data-fixture.cpp b/tests/unit/security/pib/pib-data-fixture.cpp
index 4fb5e36..c160042 100644
--- a/tests/unit/security/pib/pib-data-fixture.cpp
+++ b/tests/unit/security/pib/pib-data-fixture.cpp
@@ -20,8 +20,8 @@
  */
 
 #include "tests/unit/security/pib/pib-data-fixture.hpp"
+#include "ndn-cxx/security/pib/impl/pib-memory.hpp"
 
-// #include "ndn-cxx/security/pib/impl/pib-memory.hpp"
 // #include "ndn-cxx/security/tpm/impl/back-end-mem.hpp"
 // #include "ndn-cxx/security/tpm/tpm.hpp"
 // #include "ndn-cxx/util/string-helper.hpp"
@@ -32,6 +32,7 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 namespace tests {
 
 // class TestCertDataGenerator
@@ -378,36 +379,42 @@
   , id2Key1(id2Key1Cert1.getPublicKey())
   , id2Key2(id2Key2Cert1.getPublicKey())
 {
-  BOOST_ASSERT(id1Key1Cert1.getPublicKey() == id1Key1Cert2.getPublicKey());
-  BOOST_ASSERT(id1Key2Cert1.getPublicKey() == id1Key2Cert2.getPublicKey());
-  BOOST_ASSERT(id2Key1Cert1.getPublicKey() == id2Key1Cert2.getPublicKey());
-  BOOST_ASSERT(id2Key2Cert1.getPublicKey() == id2Key2Cert2.getPublicKey());
-
-  BOOST_ASSERT(id1Key1Cert1.getPublicKey() == id1Key1);
-  BOOST_ASSERT(id1Key1Cert2.getPublicKey() == id1Key1);
-  BOOST_ASSERT(id1Key2Cert1.getPublicKey() == id1Key2);
-  BOOST_ASSERT(id1Key2Cert2.getPublicKey() == id1Key2);
-
-  BOOST_ASSERT(id2Key1Cert1.getPublicKey() == id2Key1);
-  BOOST_ASSERT(id2Key1Cert2.getPublicKey() == id2Key1);
-  BOOST_ASSERT(id2Key2Cert1.getPublicKey() == id2Key2);
-  BOOST_ASSERT(id2Key2Cert2.getPublicKey() == id2Key2);
-
   BOOST_ASSERT(id1Key1Cert2.getIdentity() == id1);
   BOOST_ASSERT(id1Key2Cert1.getIdentity() == id1);
   BOOST_ASSERT(id1Key2Cert2.getIdentity() == id1);
-
   BOOST_ASSERT(id2Key1Cert2.getIdentity() == id2);
   BOOST_ASSERT(id2Key2Cert1.getIdentity() == id2);
   BOOST_ASSERT(id2Key2Cert2.getIdentity() == id2);
 
   BOOST_ASSERT(id1Key1Cert2.getKeyName() == id1Key1Name);
   BOOST_ASSERT(id1Key2Cert2.getKeyName() == id1Key2Name);
-
   BOOST_ASSERT(id2Key1Cert2.getKeyName() == id2Key1Name);
   BOOST_ASSERT(id2Key2Cert2.getKeyName() == id2Key2Name);
+
+  BOOST_ASSERT(id1Key1Cert2.getPublicKey() == id1Key1);
+  BOOST_ASSERT(id1Key2Cert2.getPublicKey() == id1Key2);
+  BOOST_ASSERT(id2Key1Cert2.getPublicKey() == id2Key1);
+  BOOST_ASSERT(id2Key2Cert2.getPublicKey() == id2Key2);
+}
+
+shared_ptr<PibImpl>
+PibDataFixture::makePibWithIdentity(const Name& idName)
+{
+  auto pib = std::make_shared<PibMemory>();
+  pib->addIdentity(idName);
+  return pib;
+}
+
+shared_ptr<PibImpl>
+PibDataFixture::makePibWithKey(const Name& keyName, span<const uint8_t> key)
+{
+  auto pib = std::make_shared<PibMemory>();
+  pib->addIdentity(extractIdentityFromKeyName(keyName));
+  pib->addKey(extractIdentityFromKeyName(keyName), keyName, key);
+  return pib;
 }
 
 } // namespace tests
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit/security/pib/pib-data-fixture.hpp b/tests/unit/security/pib/pib-data-fixture.hpp
index 0009d0f..66e7fbf 100644
--- a/tests/unit/security/pib/pib-data-fixture.hpp
+++ b/tests/unit/security/pib/pib-data-fixture.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2020 Regents of the University of California.
+ * Copyright (c) 2013-2022 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -23,9 +23,11 @@
 #define NDN_CXX_TESTS_UNIT_SECURITY_PIB_PIB_DATA_FIXTURE_HPP
 
 #include "ndn-cxx/security/certificate.hpp"
+#include "ndn-cxx/security/pib/pib-impl.hpp"
 
 namespace ndn {
 namespace security {
+namespace pib {
 namespace tests {
 
 class PibDataFixture
@@ -33,6 +35,12 @@
 public:
   PibDataFixture();
 
+  NDN_CXX_NODISCARD static shared_ptr<PibImpl>
+  makePibWithIdentity(const Name& idName);
+
+  NDN_CXX_NODISCARD static shared_ptr<PibImpl>
+  makePibWithKey(const Name& keyName, span<const uint8_t> key);
+
 public:
   Certificate id1Key1Cert1;
   Certificate id1Key1Cert2;
@@ -58,6 +66,7 @@
 };
 
 } // namespace tests
+} // namespace pib
 } // namespace security
 } // namespace ndn
 
diff --git a/tests/unit/security/pib/pib-impl.t.cpp b/tests/unit/security/pib/pib-impl.t.cpp
index 097b1c0..3d579c6 100644
--- a/tests/unit/security/pib/pib-impl.t.cpp
+++ b/tests/unit/security/pib/pib-impl.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2021 Regents of the University of California.
+ * Copyright (c) 2013-2022 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -21,7 +21,6 @@
 
 #include "ndn-cxx/security/pib/impl/pib-memory.hpp"
 #include "ndn-cxx/security/pib/impl/pib-sqlite3.hpp"
-#include "ndn-cxx/security/pib/pib.hpp"
 #include "ndn-cxx/security/security-common.hpp"
 
 #include "tests/boost-test.hpp"
@@ -35,8 +34,6 @@
 namespace pib {
 namespace tests {
 
-using namespace ndn::security::tests;
-
 BOOST_AUTO_TEST_SUITE(Security)
 BOOST_AUTO_TEST_SUITE(Pib)
 BOOST_AUTO_TEST_SUITE(TestPibImpl)
diff --git a/tests/unit/security/pib/pib.t.cpp b/tests/unit/security/pib/pib.t.cpp
index c0d4f28..929082e 100644
--- a/tests/unit/security/pib/pib.t.cpp
+++ b/tests/unit/security/pib/pib.t.cpp
@@ -30,8 +30,6 @@
 namespace pib {
 namespace tests {
 
-using namespace ndn::security::tests;
-
 BOOST_AUTO_TEST_SUITE(Security)
 BOOST_AUTO_TEST_SUITE(Pib)
 BOOST_FIXTURE_TEST_SUITE(TestPib, PibDataFixture)