security: renaming sub-classess of SecPublicInfo and SecTpm and adapting corresponding interfaces
Following classes have been modified
BasicIdentityStorage -> SecPublicInfoSqlite3
OSXPrivateKeyStorage -> SecTpmOsx
MemoryIdentityStorage -> SecPublicInfoMemory
MemoryPrivateKeyStorage -> SecTpmMemory
Change-Id: I7441d1cf046b3aa9b19cbbaa4351bd5be84847d0
diff --git a/include/ndn-cpp/security/identity/memory-identity-storage.hpp b/include/ndn-cpp/security/identity/sec-public-info-memory.hpp
similarity index 84%
rename from include/ndn-cpp/security/identity/memory-identity-storage.hpp
rename to include/ndn-cpp/security/identity/sec-public-info-memory.hpp
index 57f8050..734d4d7 100644
--- a/include/ndn-cpp/security/identity/memory-identity-storage.hpp
+++ b/include/ndn-cpp/security/identity/sec-public-info-memory.hpp
@@ -5,29 +5,29 @@
* See COPYING for copyright and distribution information.
*/
-#ifndef NDN_MEMORY_IDENTITY_STORAGE_HPP
-#define NDN_MEMORY_IDENTITY_STORAGE_HPP
+#ifndef NDN_SEC_PUBLIC_INFO_MEMORY_HPP
+#define NDN_SEC_PUBLIC_INFO_MEMORY_HPP
#include <vector>
#include <map>
-#include "identity-storage.hpp"
+#include "sec-public-info.hpp"
namespace ndn {
/**
- * MemoryIdentityStorage extends IdentityStorage and implements its methods to store identity, public key and certificate objects in memory.
- * The application must get the objects through its own means and add the objects to the MemoryIdentityStorage object.
- * To use permanent file-based storage, see BasicIdentityStorage.
+ * MemoryKeyMetaInfo extends IdentityStorage and implements its methods to store identity, public key and certificate objects in memory.
+ * The application must get the objects through its own means and add the objects to the MemoryKeyMetaInfo object.
+ * To use permanent file-based storage, see BasicKeyMetaInfo.
*/
-class MemoryIdentityStorage : public IdentityStorage {
+class SecPublicInfoMemory : public SecPublicInfo {
public:
- struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+ struct Error : public SecPublicInfo::Error { Error(const std::string &what) : SecPublicInfo::Error(what) {} };
/**
* The virtual Destructor.
*/
virtual
- ~MemoryIdentityStorage();
+ ~SecPublicInfoMemory();
/**
* Check if the specified identity already exists.
@@ -57,7 +57,7 @@
* @return true if the key exists, otherwise false.
*/
virtual bool
- doesKeyExist(const Name& keyName);
+ doesPublicKeyExist(const Name& keyName);
/**
* Add a public key to the identity storage.
@@ -66,7 +66,7 @@
* @param publicKeyDer A blob of the public key DER to be added.
*/
virtual void
- addKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer);
+ addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer);
/**
* Get the public key DER blob from the identity storage.
@@ -74,21 +74,21 @@
* @return The DER Blob. If not found, return a Blob with a null pointer.
*/
virtual ptr_lib::shared_ptr<PublicKey>
- getKey(const Name& keyName);
+ getPublicKey(const Name& keyName);
/**
* Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
* @param keyName name of the key
*/
virtual void
- activateKey(const Name& keyName);
+ activatePublicKey(const Name& keyName);
/**
* Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
* @param keyName name of the key
*/
virtual void
- deactivateKey(const Name& keyName);
+ deactivatePublicKey(const Name& keyName);
/**
* Check if the specified certificate already exists.
@@ -142,30 +142,6 @@
virtual Name
getDefaultCertificateNameForKey(const Name& keyName);
- /**
- * Set the default identity. If the identityName does not exist, then clear the default identity
- * so that getDefaultIdentity() returns an empty name.
- * @param identityName The default identity name.
- */
- virtual void
- setDefaultIdentity(const Name& identityName);
-
- /**
- * Set the default key name for the specified identity.
- * @param keyName The key name.
- * @param identityNameCheck (optional) The identity name to check the keyName.
- */
- virtual void
- setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck = Name());
-
- /**
- * Set the default key name for the specified identity.
- * @param keyName The key name.
- * @param certificateName The certificate name.
- */
- virtual void
- setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName);
-
virtual std::vector<Name>
getAllIdentities(bool isDefault);
@@ -180,6 +156,32 @@
virtual std::vector<Name>
getAllCertificateNamesOfKey(const Name& keyName, bool isDefault);
+
+protected:
+ /**
+ * Set the default identity. If the identityName does not exist, then clear the default identity
+ * so that getDefaultIdentity() returns an empty name.
+ * @param identityName The default identity name.
+ */
+ virtual void
+ setDefaultIdentityInternal(const Name& identityName);
+
+ /**
+ * Set the default key name for the specified identity.
+ * @param keyName The key name.
+ * @param identityNameCheck (optional) The identity name to check the keyName.
+ */
+ virtual void
+ setDefaultKeyNameForIdentityInternal(const Name& keyName);
+
+ /**
+ * Set the default key name for the specified identity.
+ * @param keyName The key name.
+ * @param certificateName The certificate name.
+ */
+ virtual void
+ setDefaultCertificateNameForKeyInternal(const Name& certificateName);
+
private:
class KeyRecord {
diff --git a/include/ndn-cpp/security/identity/basic-identity-storage.hpp b/include/ndn-cpp/security/identity/sec-public-info-sqlite3.hpp
similarity index 81%
rename from include/ndn-cpp/security/identity/basic-identity-storage.hpp
rename to include/ndn-cpp/security/identity/sec-public-info-sqlite3.hpp
index 0dc3e5d..335b724 100644
--- a/include/ndn-cpp/security/identity/basic-identity-storage.hpp
+++ b/include/ndn-cpp/security/identity/sec-public-info-sqlite3.hpp
@@ -6,8 +6,8 @@
* See COPYING for copyright and distribution information.
*/
-#ifndef NDN_BASIC_IDENTITY_STORAGE_H
-#define NDN_BASIC_IDENTITY_STORAGE_H
+#ifndef NDN_SEC_PUBLIC_INFO_SQLITE3_HPP
+#define NDN_SEC_PUBLIC_INFO_SQLITE3_HPP
// Only compile if ndn-cpp-config.h defines NDN_CPP_HAVE_SQLITE3.
#include <ndn-cpp/ndn-cpp-config.h>
@@ -15,7 +15,7 @@
#include <sqlite3.h>
#include "../../common.hpp"
-#include "identity-storage.hpp"
+#include "sec-public-info.hpp"
namespace ndn
{
@@ -24,19 +24,19 @@
* BasicIdentityStorage extends IdentityStorage to implement a basic storage of identity, public keys and certificates
* using SQLite.
*/
-class BasicIdentityStorage : public IdentityStorage {
+class SecPublicInfoSqlite3 : public SecPublicInfo {
public:
- struct Error : public IdentityStorage::Error { Error(const std::string &what) : IdentityStorage::Error(what) {} };
+ struct Error : public SecPublicInfo::Error { Error(const std::string &what) : SecPublicInfo::Error(what) {} };
- BasicIdentityStorage();
+ SecPublicInfoSqlite3();
/**
* The virtual Destructor.
*/
virtual
- ~BasicIdentityStorage();
+ ~SecPublicInfoSqlite3();
- // from IdentityStorage
+ // from SecPublicInfo
/**
* Check if the specified identity already exists.
* @param identityName The identity name.
@@ -65,7 +65,7 @@
* @return true if the key exists, otherwise false.
*/
virtual bool
- doesKeyExist(const Name& keyName);
+ doesPublicKeyExist(const Name& keyName);
/**
* Add a public key to the identity storage.
@@ -74,7 +74,7 @@
* @param publicKeyDer A blob of the public key DER to be added.
*/
virtual void
- addKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer);
+ addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer);
/**
* Get the public key DER blob from the identity storage.
@@ -82,21 +82,21 @@
* @return The DER Blob. If not found, return a Blob with a null pointer.
*/
virtual ptr_lib::shared_ptr<PublicKey>
- getKey(const Name& keyName);
+ getPublicKey(const Name& keyName);
/**
* Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
* @param keyName name of the key
*/
- virtual void
- activateKey(const Name& keyName);
+ virtual inline void
+ activatePublicKey(const Name& keyName);
/**
* Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
* @param keyName name of the key
*/
- virtual void
- deactivateKey(const Name& keyName);
+ virtual inline void
+ deactivatePublicKey(const Name& keyName);
/**
* Check if the specified certificate already exists.
@@ -110,7 +110,7 @@
* Add a certificate in to the identity storage without checking if the identity and key exists.
* @param certificate The certificate to be added.
*/
- void
+ virtual void
addAnyCertificate (const IdentityCertificate& certificate);
/**
@@ -127,11 +127,11 @@
* @return The requested certificate. If not found, return a shared_ptr with a null pointer.
*/
virtual ptr_lib::shared_ptr<IdentityCertificate>
- getCertificate(const Name &certificateName, bool allowAny = false);
+ getCertificate(const Name &certificateName, bool allowAny);
/*****************************************
- * Get/Set Default *
+ * Default Getter *
*****************************************/
/**
@@ -157,31 +157,6 @@
virtual Name
getDefaultCertificateNameForKey(const Name& keyName);
- /**
- * Set the default identity. If the identityName does not exist, then clear the default identity
- * so that getDefaultIdentity() returns an empty name.
- * @param identityName The default identity name.
- */
- virtual void
- setDefaultIdentity(const Name& identityName);
-
- /**
- * Set the default key name for the specified identity.
- * @param keyName The key name.
- * @param identityNameCheck (optional) The identity name to check the keyName.
- */
- virtual void
- setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck = Name());
-
- /**
- * Set the default key name for the specified identity.
- * @param keyName The key name.
- * @param certificateName The certificate name.
- */
- virtual void
- setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName);
-
-
virtual std::vector<Name>
getAllIdentities(bool isDefault);
@@ -197,14 +172,50 @@
virtual std::vector<Name>
getAllCertificateNamesOfKey(const Name& keyName, bool isDefault);
-private:
+protected:
+ /**
+ * Set the default identity. If the identityName does not exist, then clear the default identity
+ * so that getDefaultIdentity() returns an empty name.
+ * @param identityName The default identity name.
+ */
+ virtual void
+ setDefaultIdentityInternal(const Name& identityName);
+ /**
+ * Set the default key name for the specified identity.
+ * @param keyName The key name.
+ * @param identityNameCheck (optional) The identity name to check the keyName.
+ */
virtual void
+ setDefaultKeyNameForIdentityInternal(const Name& keyName);
+
+ /**
+ * Set the default key name for the specified identity.
+ * @param keyName The key name.
+ * @param certificateName The certificate name.
+ */
+ virtual void
+ setDefaultCertificateNameForKeyInternal(const Name& certificateName);
+
+private:
+ void
updateKeyStatus(const Name& keyName, bool isActive);
sqlite3 *database_;
};
+void
+SecPublicInfoSqlite3::activatePublicKey(const Name& keyName)
+{
+ updateKeyStatus(keyName, true);
+}
+
+void
+SecPublicInfoSqlite3::deactivatePublicKey(const Name& keyName)
+{
+ updateKeyStatus(keyName, false);
+}
+
}
#endif // NDN_CPP_HAVE_SQLITE3
diff --git a/include/ndn-cpp/security/identity/memory-private-key-storage.hpp b/include/ndn-cpp/security/identity/sec-tpm-memory.hpp
similarity index 88%
rename from include/ndn-cpp/security/identity/memory-private-key-storage.hpp
rename to include/ndn-cpp/security/identity/sec-tpm-memory.hpp
index ee4f706..5761597 100644
--- a/include/ndn-cpp/security/identity/memory-private-key-storage.hpp
+++ b/include/ndn-cpp/security/identity/sec-tpm-memory.hpp
@@ -5,11 +5,11 @@
* See COPYING for copyright and distribution information.
*/
-#ifndef NDN_MEMORY_PRIVATE_KEY_STORAGE_HPP
-#define NDN_MEMORY_PRIVATE_KEY_STORAGE_HPP
+#ifndef NDN_SEC_TPM_MEMORY_HPP
+#define NDN_SEC_TPM_MEMORY_HPP
#include <map>
-#include "private-key-storage.hpp"
+#include "sec-tpm.hpp"
struct rsa_st;
@@ -19,15 +19,15 @@
* MemoryPrivateKeyStorage extends PrivateKeyStorage to implement a simple in-memory private key store. You should
* initialize by calling setKeyPairForKeyName.
*/
-class MemoryPrivateKeyStorage : public PrivateKeyStorage {
+class SecTpmMemory : public SecTpm {
public:
- struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+ struct Error : public SecTpm::Error { Error(const std::string &what) : SecTpm::Error(what) {} };
/**
* The virtual destructor
*/
virtual
- ~MemoryPrivateKeyStorage();
+ ~SecTpmMemory();
/**
* Set the public and private key for the keyName.
@@ -48,7 +48,7 @@
* @param keySize The size of the key pair.
*/
virtual void
- generateKeyPair(const Name& keyName, KeyType keyType, int keySize);
+ generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize);
/**
* Get the public key
@@ -56,7 +56,7 @@
* @return The public key.
*/
virtual ptr_lib::shared_ptr<PublicKey>
- getPublicKey(const Name& keyName);
+ getPublicKeyFromTpm(const Name& keyName);
/**
* Fetch the private key for keyName and sign the data, returning a signature Blob.
@@ -101,7 +101,7 @@
* @param keySize The size of the key.
*/
virtual void
- generateKey(const Name& keyName, KeyType keyType, int keySize);
+ generateSymmetricKey(const Name& keyName, KeyType keyType, int keySize);
/**
* Check if a particular key exists.
diff --git a/include/ndn-cpp/security/identity/osx-private-key-storage.hpp b/include/ndn-cpp/security/identity/sec-tpm-osx.hpp
similarity index 77%
rename from include/ndn-cpp/security/identity/osx-private-key-storage.hpp
rename to include/ndn-cpp/security/identity/sec-tpm-osx.hpp
index 6ac28ea..0b90fd0 100644
--- a/include/ndn-cpp/security/identity/osx-private-key-storage.hpp
+++ b/include/ndn-cpp/security/identity/sec-tpm-osx.hpp
@@ -5,48 +5,48 @@
* See COPYING for copyright and distribution information.
*/
-#ifndef NDN_OSX_PRIVATEKEY_STORAGE_H
-#define NDN_OSX_PRIVATEKEY_STORAGE_H
+#ifndef NDN_SEC_TPM_OSX_HPP
+#define NDN_SEC_TPM_OSX_HPP
// Only compile if ndn-cpp-config.h defines NDN_CPP_HAVE_OSX_SECURITY 1.
#include <ndn-cpp/ndn-cpp-config.h>
#if NDN_CPP_HAVE_OSX_SECURITY
#include "../../common.hpp"
-#include "private-key-storage.hpp"
+#include "sec-tpm.hpp"
namespace ndn
{
-class OSXPrivateKeyStorage : public PrivateKeyStorage {
+class SecTpmOsx : public SecTpm {
public:
+ struct Error : public SecTpm::Error { Error(const std::string &what) : SecTpm::Error(what) {} };
+
/**
- * constructor of OSXPrivateKeyStorage
+ * constructor of OSXKeyChainTpm
* @param keychainName the name of keychain
*/
- OSXPrivateKeyStorage(const std::string & keychainName = "");
+ SecTpmOsx(const std::string & keychainName = "");
/**
- * destructor of OSXPrivateKeyStore
+ * destructor of OSXKeyChainTpm
*/
virtual
- ~OSXPrivateKeyStorage();
+ ~SecTpmOsx();
- // From PrivateKeyStorage
+ // From TrustedPlatformModule
virtual void
- generateKeyPair(const Name& keyName, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048);
+ generateKeyPairInTpm(const Name& keyName, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048);
virtual ptr_lib::shared_ptr<PublicKey>
- getPublicKey(const Name& keyName);
+ getPublicKeyFromTpm(const Name& keyName);
virtual Block
- sign(const uint8_t *data, size_t dataLength,
- const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256);
+ sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm);
virtual void
- sign(Data &data,
- const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256);
+ sign(Data &data, const Name& keyName, DigestAlgorithm digestAlgorithm);
/**
* Decrypt data.
@@ -57,7 +57,7 @@
* @return The decrypted data.
*/
virtual ConstBufferPtr
- decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false);
+ decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric);
/**
* Encrypt data.
@@ -68,7 +68,7 @@
* @return The encrypted data.
*/
virtual ConstBufferPtr
- encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false);
+ encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric);
/**
* Generate a symmetric key.
@@ -77,7 +77,7 @@
* @param keySize The size of the key.
*/
virtual void
- generateKey(const Name& keyName, KeyType keyType = KEY_TYPE_AES, int keySize = 256);
+ generateSymmetricKey(const Name& keyName, KeyType keyType, int keySize);
/**
* Check if a particular key exists.
diff --git a/src/security/identity/memory-identity-storage.cpp b/src/security/identity/memory-identity-storage.cpp
deleted file mode 100644
index 81881a8..0000000
--- a/src/security/identity/memory-identity-storage.cpp
+++ /dev/null
@@ -1,205 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#include <ndn-cpp/security/identity/memory-identity-storage.hpp>
-
-#include <algorithm>
-#include <ndn-cpp/security/certificate/identity-certificate.hpp>
-
-using namespace std;
-
-namespace ndn {
-
-MemoryIdentityStorage::~MemoryIdentityStorage()
-{
-}
-
-bool
-MemoryIdentityStorage::doesIdentityExist(const Name& identityName)
-{
- string identityUri = identityName.toUri();
- return find(identityStore_.begin(), identityStore_.end(), identityUri) != identityStore_.end();
-}
-
-void
-MemoryIdentityStorage::addIdentity(const Name& identityName)
-{
- string identityUri = identityName.toUri();
- if (find(identityStore_.begin(), identityStore_.end(), identityUri) != identityStore_.end())
- throw Error("Identity already exists: " + identityUri);
-
- identityStore_.push_back(identityUri);
-}
-
-bool
-MemoryIdentityStorage::revokeIdentity()
-{
-#if 1
- throw runtime_error("MemoryIdentityStorage::revokeIdentity not implemented");
-#endif
-}
-
-bool
-MemoryIdentityStorage::doesKeyExist(const Name& keyName)
-{
- return keyStore_.find(keyName.toUri()) != keyStore_.end();
-}
-
-void
-MemoryIdentityStorage::addKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey)
-{
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
-
- if (!doesIdentityExist(identityName))
- addIdentity(identityName);
-
- if (doesKeyExist(keyName))
- throw Error("a key with the same name already exists!");
-
- keyStore_[keyName.toUri()] = ptr_lib::make_shared<KeyRecord>(keyType, publicKey);
-}
-
-ptr_lib::shared_ptr<PublicKey>
-MemoryIdentityStorage::getKey(const Name& keyName)
-{
- KeyStore::iterator record = keyStore_.find(keyName.toUri());
- if (record == keyStore_.end())
- // Not found. Silently return null.
- return ptr_lib::shared_ptr<PublicKey>();
-
- return ptr_lib::make_shared<PublicKey> (record->second->getKey());
-}
-
-void
-MemoryIdentityStorage::activateKey(const Name& keyName)
-{
-#if 1
- throw runtime_error("MemoryIdentityStorage::activateKey not implemented");
-#endif
-}
-
-void
-MemoryIdentityStorage::deactivateKey(const Name& keyName)
-{
-#if 1
- throw runtime_error("MemoryIdentityStorage::deactivateKey not implemented");
-#endif
-}
-
-bool
-MemoryIdentityStorage::doesCertificateExist(const Name& certificateName)
-{
- return certificateStore_.find(certificateName.toUri()) != certificateStore_.end();
-}
-
-void
-MemoryIdentityStorage::addCertificate(const IdentityCertificate& certificate)
-{
- const Name& certificateName = certificate.getName();
- const Name& keyName = certificate.getPublicKeyName();
-
- if (!doesKeyExist(keyName))
- throw Error("No corresponding Key record for certificate! " + keyName.toUri() + " " + certificateName.toUri());
-
- // Check if certificate has already existed!
- if (doesCertificateExist(certificateName))
- throw Error("Certificate has already been installed!");
-
- // Check if the public key of certificate is the same as the key record.
- ptr_lib::shared_ptr<PublicKey> pubKey = getKey(keyName);
- if (!pubKey || (*pubKey) != certificate.getPublicKeyInfo())
- throw Error("Certificate does not match the public key!");
-
- // Insert the certificate.
- certificateStore_[certificateName.toUri()] = ptr_lib::make_shared<IdentityCertificate> (certificate);
-}
-
-ptr_lib::shared_ptr<IdentityCertificate>
-MemoryIdentityStorage::getCertificate(const Name& certificateName, bool allowAny)
-{
- CertificateStore::iterator record = certificateStore_.find(certificateName.toUri());
- if (record == certificateStore_.end())
- // Not found. Silently return null.
- return ptr_lib::shared_ptr<IdentityCertificate>();
-
- return record->second;
-}
-
-Name
-MemoryIdentityStorage::getDefaultIdentity()
-{
- return Name(defaultIdentity_);
-}
-
-Name
-MemoryIdentityStorage::getDefaultKeyNameForIdentity(const Name& identityName)
-{
- return defaultKeyName_;
-}
-
-Name
-MemoryIdentityStorage::getDefaultCertificateNameForKey(const Name& keyName)
-{
- return defaultCert_;
-}
-
-void
-MemoryIdentityStorage::setDefaultIdentity(const Name& identityName)
-{
- string identityUri = identityName.toUri();
- if (find(identityStore_.begin(), identityStore_.end(), identityUri) != identityStore_.end())
- defaultIdentity_ = identityUri;
- else
- // The identity doesn't exist, so clear the default.
- defaultIdentity_.clear();
-}
-
-void
-MemoryIdentityStorage::setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck)
-{
- defaultKeyName_ = identityNameCheck;
-}
-
-void
-MemoryIdentityStorage::setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName)
-{
- defaultCert_ = certificateName;
-}
-
-
-std::vector<Name>
-MemoryIdentityStorage::getAllIdentities(bool isDefault)
-{
- throw runtime_error("MemoryIdentityStorage::getAllIdentities not implemented");
-}
-
-std::vector<Name>
-MemoryIdentityStorage::getAllKeyNames(bool isDefault)
-{
- throw runtime_error("MemoryIdentityStorage::getAllKeyNames not implemented");
-}
-
-std::vector<Name>
-MemoryIdentityStorage::getAllKeyNamesOfIdentity(const Name& identity, bool isDefault)
-{
- throw runtime_error("MemoryIdentityStorage::getAllKeyNamesOfIdentity not implemented");
-}
-
-std::vector<Name>
-MemoryIdentityStorage::getAllCertificateNames(bool isDefault)
-{
- throw runtime_error("MemoryIdentityStorage::getAllCertificateNames not implemented");
-}
-
-std::vector<Name>
-MemoryIdentityStorage::getAllCertificateNamesOfKey(const Name& keyName, bool isDefault)
-{
- throw runtime_error("MemoryIdentityStorage::getAllCertificateNamesOfKey not implemented");
-}
-
-
-}
diff --git a/src/security/identity/sec-public-info-memory.cpp b/src/security/identity/sec-public-info-memory.cpp
new file mode 100644
index 0000000..3336547
--- /dev/null
+++ b/src/security/identity/sec-public-info-memory.cpp
@@ -0,0 +1,205 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#include <ndn-cpp/security/identity/sec-public-info-memory.hpp>
+
+#include <algorithm>
+#include <ndn-cpp/security/certificate/identity-certificate.hpp>
+
+using namespace std;
+
+namespace ndn {
+
+SecPublicInfoMemory::~SecPublicInfoMemory()
+{
+}
+
+bool
+SecPublicInfoMemory::doesIdentityExist(const Name& identityName)
+{
+ string identityUri = identityName.toUri();
+ return find(identityStore_.begin(), identityStore_.end(), identityUri) != identityStore_.end();
+}
+
+void
+SecPublicInfoMemory::addIdentity(const Name& identityName)
+{
+ string identityUri = identityName.toUri();
+ if (find(identityStore_.begin(), identityStore_.end(), identityUri) != identityStore_.end())
+ throw Error("Identity already exists: " + identityUri);
+
+ identityStore_.push_back(identityUri);
+}
+
+bool
+SecPublicInfoMemory::revokeIdentity()
+{
+#if 1
+ throw runtime_error("SecPublicInfoMemory::revokeIdentity not implemented");
+#endif
+}
+
+bool
+SecPublicInfoMemory::doesPublicKeyExist(const Name& keyName)
+{
+ return keyStore_.find(keyName.toUri()) != keyStore_.end();
+}
+
+void
+SecPublicInfoMemory::addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey)
+{
+ Name identityName = keyName.getSubName(0, keyName.size() - 1);
+
+ if (!doesIdentityExist(identityName))
+ addIdentity(identityName);
+
+ if (doesPublicKeyExist(keyName))
+ throw Error("a key with the same name already exists!");
+
+ keyStore_[keyName.toUri()] = ptr_lib::make_shared<KeyRecord>(keyType, publicKey);
+}
+
+ptr_lib::shared_ptr<PublicKey>
+SecPublicInfoMemory::getPublicKey(const Name& keyName)
+{
+ KeyStore::iterator record = keyStore_.find(keyName.toUri());
+ if (record == keyStore_.end())
+ // Not found. Silently return null.
+ return ptr_lib::shared_ptr<PublicKey>();
+
+ return ptr_lib::make_shared<PublicKey> (record->second->getKey());
+}
+
+void
+SecPublicInfoMemory::activatePublicKey(const Name& keyName)
+{
+#if 1
+ throw runtime_error("SecPublicInfoMemory::activateKey not implemented");
+#endif
+}
+
+void
+SecPublicInfoMemory::deactivatePublicKey(const Name& keyName)
+{
+#if 1
+ throw runtime_error("SecPublicInfoMemory::deactivateKey not implemented");
+#endif
+}
+
+bool
+SecPublicInfoMemory::doesCertificateExist(const Name& certificateName)
+{
+ return certificateStore_.find(certificateName.toUri()) != certificateStore_.end();
+}
+
+void
+SecPublicInfoMemory::addCertificate(const IdentityCertificate& certificate)
+{
+ const Name& certificateName = certificate.getName();
+ const Name& keyName = certificate.getPublicKeyName();
+
+ if (!doesPublicKeyExist(keyName))
+ throw Error("No corresponding Key record for certificate! " + keyName.toUri() + " " + certificateName.toUri());
+
+ // Check if certificate has already existed!
+ if (doesCertificateExist(certificateName))
+ throw Error("Certificate has already been installed!");
+
+ // Check if the public key of certificate is the same as the key record.
+ ptr_lib::shared_ptr<PublicKey> pubKey = getPublicKey(keyName);
+ if (!pubKey || (*pubKey) != certificate.getPublicKeyInfo())
+ throw Error("Certificate does not match the public key!");
+
+ // Insert the certificate.
+ certificateStore_[certificateName.toUri()] = ptr_lib::make_shared<IdentityCertificate> (certificate);
+}
+
+ptr_lib::shared_ptr<IdentityCertificate>
+SecPublicInfoMemory::getCertificate(const Name& certificateName, bool allowAny)
+{
+ CertificateStore::iterator record = certificateStore_.find(certificateName.toUri());
+ if (record == certificateStore_.end())
+ // Not found. Silently return null.
+ return ptr_lib::shared_ptr<IdentityCertificate>();
+
+ return record->second;
+}
+
+Name
+SecPublicInfoMemory::getDefaultIdentity()
+{
+ return Name(defaultIdentity_);
+}
+
+void
+SecPublicInfoMemory::setDefaultIdentityInternal(const Name& identityName)
+{
+ string identityUri = identityName.toUri();
+ if (find(identityStore_.begin(), identityStore_.end(), identityUri) != identityStore_.end())
+ defaultIdentity_ = identityUri;
+ else
+ // The identity doesn't exist, so clear the default.
+ defaultIdentity_.clear();
+}
+
+Name
+SecPublicInfoMemory::getDefaultKeyNameForIdentity(const Name& identityName)
+{
+ return defaultKeyName_;
+}
+
+void
+SecPublicInfoMemory::setDefaultKeyNameForIdentityInternal(const Name& keyName)
+{
+ defaultKeyName_ = keyName;
+}
+
+Name
+SecPublicInfoMemory::getDefaultCertificateNameForKey(const Name& keyName)
+{
+ return defaultCert_;
+}
+
+void
+SecPublicInfoMemory::setDefaultCertificateNameForKeyInternal(const Name& certificateName)
+{
+ defaultCert_ = certificateName;
+}
+
+
+std::vector<Name>
+SecPublicInfoMemory::getAllIdentities(bool isDefault)
+{
+ throw runtime_error("SecPublicInfoMemory::getAllIdentities not implemented");
+}
+
+std::vector<Name>
+SecPublicInfoMemory::getAllKeyNames(bool isDefault)
+{
+ throw runtime_error("SecPublicInfoMemory::getAllKeyNames not implemented");
+}
+
+std::vector<Name>
+SecPublicInfoMemory::getAllKeyNamesOfIdentity(const Name& identity, bool isDefault)
+{
+ throw runtime_error("SecPublicInfoMemory::getAllKeyNamesOfIdentity not implemented");
+}
+
+std::vector<Name>
+SecPublicInfoMemory::getAllCertificateNames(bool isDefault)
+{
+ throw runtime_error("SecPublicInfoMemory::getAllCertificateNames not implemented");
+}
+
+std::vector<Name>
+SecPublicInfoMemory::getAllCertificateNamesOfKey(const Name& keyName, bool isDefault)
+{
+ throw runtime_error("SecPublicInfoMemory::getAllCertificateNamesOfKey not implemented");
+}
+
+
+}
diff --git a/src/security/identity/basic-identity-storage.cpp b/src/security/identity/sec-public-info-sqlite3.cpp
similarity index 86%
rename from src/security/identity/basic-identity-storage.cpp
rename to src/security/identity/sec-public-info-sqlite3.cpp
index 00df15b..78ea986 100644
--- a/src/security/identity/basic-identity-storage.cpp
+++ b/src/security/identity/sec-public-info-sqlite3.cpp
@@ -14,15 +14,15 @@
#include <stdlib.h>
#include <sstream>
#include <fstream>
-#include <ndn-cpp/security/identity/basic-identity-storage.hpp>
#include "../../util/logging.hpp"
-#include "ndn-cpp/data.hpp"
-#include <ndn-cpp/security/certificate/identity-certificate.hpp>
#include "../../c/util/time.h"
+#include <ndn-cpp/data.hpp>
+#include <ndn-cpp/security/certificate/identity-certificate.hpp>
+#include <ndn-cpp/security/identity/sec-public-info-sqlite3.hpp>
#include <ndn-cpp/security/signature/signature-sha256-with-rsa.hpp>
-INIT_LOGGER("BasicIdentityStorage");
+INIT_LOGGER("BasicKeyMetaInfo");
using namespace std;
@@ -85,7 +85,7 @@
return sqlite3_bind_text(statement, index, value.c_str(), value.size(), destructor);
}
-BasicIdentityStorage::BasicIdentityStorage()
+SecPublicInfoSqlite3::SecPublicInfoSqlite3()
{
// Note: We don't use <filesystem> support because it is not "header-only" and require linking to libraries.
// TODO: Handle non-unix file system paths which don't use '/'.
@@ -169,12 +169,12 @@
}
}
-BasicIdentityStorage::~BasicIdentityStorage()
+SecPublicInfoSqlite3::~SecPublicInfoSqlite3()
{
}
bool
-BasicIdentityStorage::doesIdentityExist(const Name& identityName)
+SecPublicInfoSqlite3::doesIdentityExist(const Name& identityName)
{
bool result = false;
@@ -196,7 +196,7 @@
}
void
-BasicIdentityStorage::addIdentity(const Name& identityName)
+SecPublicInfoSqlite3::addIdentity(const Name& identityName)
{
if (doesIdentityExist(identityName))
throw Error("Identity already exists");
@@ -213,17 +213,17 @@
}
bool
-BasicIdentityStorage::revokeIdentity()
+SecPublicInfoSqlite3::revokeIdentity()
{
//TODO:
return false;
}
bool
-BasicIdentityStorage::doesKeyExist(const Name& keyName)
+SecPublicInfoSqlite3::doesPublicKeyExist(const Name& keyName)
{
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identityName = keyName.getPrefix(-1);
sqlite3_stmt *statement;
sqlite3_prepare_v2(database_, "SELECT count(*) FROM Key WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
@@ -246,16 +246,16 @@
}
void
-BasicIdentityStorage::addKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer)
+SecPublicInfoSqlite3::addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer)
{
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identityName = keyName.getPrefix(-1);
if (!doesIdentityExist(identityName))
addIdentity(identityName);
- if (doesKeyExist(keyName))
+ if (doesPublicKeyExist(keyName))
throw Error("a key with the same name already exists!");
sqlite3_stmt *statement;
@@ -272,15 +272,15 @@
}
ptr_lib::shared_ptr<PublicKey>
-BasicIdentityStorage::getKey(const Name& keyName)
+SecPublicInfoSqlite3::getPublicKey(const Name& keyName)
{
- if (!doesKeyExist(keyName)) {
+ if (!doesPublicKeyExist(keyName)) {
_LOG_DEBUG("keyName does not exist");
return ptr_lib::shared_ptr<PublicKey>();
}
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identityName = keyName.getPrefix(-1);
sqlite3_stmt *statement;
sqlite3_prepare_v2(database_, "SELECT public_key FROM Key WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
@@ -300,22 +300,10 @@
}
void
-BasicIdentityStorage::activateKey(const Name& keyName)
+SecPublicInfoSqlite3::updateKeyStatus(const Name& keyName, bool isActive)
{
- updateKeyStatus(keyName, true);
-}
-
-void
-BasicIdentityStorage::deactivateKey(const Name& keyName)
-{
- updateKeyStatus(keyName, false);
-}
-
-void
-BasicIdentityStorage::updateKeyStatus(const Name& keyName, bool isActive)
-{
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identityName = keyName.getPrefix(-1);
sqlite3_stmt *statement;
sqlite3_prepare_v2(database_, "UPDATE Key SET active=? WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
@@ -330,7 +318,7 @@
}
bool
-BasicIdentityStorage::doesCertificateExist(const Name& certificateName)
+SecPublicInfoSqlite3::doesCertificateExist(const Name& certificateName)
{
sqlite3_stmt *statement;
sqlite3_prepare_v2(database_, "SELECT count(*) FROM Certificate WHERE cert_name=?", -1, &statement, 0);
@@ -352,13 +340,13 @@
}
void
-BasicIdentityStorage::addAnyCertificate(const IdentityCertificate& certificate)
+SecPublicInfoSqlite3::addAnyCertificate(const IdentityCertificate& certificate)
{
std::string certificateName = certificate.getName().toUri();
Name keyName = certificate.getPublicKeyName();
- std::string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- std::string identityName = keyName.getSubName(0, keyName.size() - 1).toUri();
+ std::string keyId = keyName.get(-1).toEscapedString();
+ std::string identityName = keyName.getPrefix(-1).toUri();
sqlite3_stmt *statement;
sqlite3_prepare_v2(database_,
@@ -391,24 +379,24 @@
}
void
-BasicIdentityStorage::addCertificate(const IdentityCertificate& certificate)
+SecPublicInfoSqlite3::addCertificate(const IdentityCertificate& certificate)
{
const Name& certificateName = certificate.getName();
Name keyName = certificate.getPublicKeyName();
- if (!doesKeyExist(keyName))
+ if (!doesPublicKeyExist(keyName))
throw Error("No corresponding Key record for certificate!" + keyName.toUri() + " " + certificateName.toUri());
// Check if certificate has already existed!
if (doesCertificateExist(certificateName))
throw Error("Certificate has already been installed!");
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identity = keyName.getSubName(0, keyName.size() - 1);
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identity = keyName.getPrefix(-1);
// Check if the public key of certificate is the same as the key record
- ptr_lib::shared_ptr<PublicKey> pubKey = getKey(keyName);
+ ptr_lib::shared_ptr<PublicKey> pubKey = getPublicKey(keyName);
if (!pubKey || (*pubKey) != certificate.getPublicKeyInfo())
throw Error("Certificate does not match the public key!");
@@ -444,7 +432,7 @@
}
ptr_lib::shared_ptr<IdentityCertificate>
-BasicIdentityStorage::getCertificate(const Name &certificateName, bool allowAny)
+SecPublicInfoSqlite3::getCertificate(const Name &certificateName, bool allowAny)
{
if (doesCertificateExist(certificateName)) {
sqlite3_stmt *statement;
@@ -481,7 +469,7 @@
}
Name
-BasicIdentityStorage::getDefaultIdentity()
+SecPublicInfoSqlite3::getDefaultIdentity()
{
sqlite3_stmt *statement;
sqlite3_prepare_v2(database_, "SELECT identity_name FROM Identity WHERE default_identity=1", -1, &statement, 0);
@@ -498,52 +486,8 @@
return identity;
}
-Name
-BasicIdentityStorage::getDefaultKeyNameForIdentity(const Name& identityName)
-{
- sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_, "SELECT key_identifier FROM Key WHERE identity_name=? AND default_key=1", -1, &statement, 0);
-
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
-
- int res = sqlite3_step(statement);
-
- Name keyName;
-
- if (res == SQLITE_ROW)
- keyName = Name(identityName).append(string(reinterpret_cast<const char *>(sqlite3_column_text(statement, 0)), sqlite3_column_bytes(statement, 0)));
-
- sqlite3_finalize(statement);
-
- return keyName;
-}
-
-Name
-BasicIdentityStorage::getDefaultCertificateNameForKey(const Name& keyName)
-{
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
-
- sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_, "SELECT cert_name FROM Certificate WHERE identity_name=? AND key_identifier=? AND default_cert=1", -1, &statement, 0);
-
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
- sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
-
- int res = sqlite3_step(statement);
-
- Name certName;
-
- if (res == SQLITE_ROW)
- certName = Name(string(reinterpret_cast<const char *>(sqlite3_column_text(statement, 0)), sqlite3_column_bytes(statement, 0)));
-
- sqlite3_finalize(statement);
-
- return certName;
-}
-
void
-BasicIdentityStorage::setDefaultIdentity(const Name& identityName)
+SecPublicInfoSqlite3::setDefaultIdentityInternal(const Name& identityName)
{
sqlite3_stmt *statement;
@@ -565,14 +509,31 @@
sqlite3_finalize(statement);
}
-void
-BasicIdentityStorage::setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck)
+Name
+SecPublicInfoSqlite3::getDefaultKeyNameForIdentity(const Name& identityName)
{
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
+ sqlite3_stmt *statement;
+ sqlite3_prepare_v2(database_, "SELECT key_identifier FROM Key WHERE identity_name=? AND default_key=1", -1, &statement, 0);
- if (identityNameCheck.size() > 0 && !identityNameCheck.equals(identityName))
- throw Error("Specified identity name does not match the key name");
+ sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+
+ int res = sqlite3_step(statement);
+
+ Name keyName;
+
+ if (res == SQLITE_ROW)
+ keyName = Name(identityName).append(string(reinterpret_cast<const char *>(sqlite3_column_text(statement, 0)), sqlite3_column_bytes(statement, 0)));
+
+ sqlite3_finalize(statement);
+
+ return keyName;
+}
+
+void
+SecPublicInfoSqlite3::setDefaultKeyNameForIdentityInternal(const Name& keyName)
+{
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identityName = keyName.getPrefix(-1);
sqlite3_stmt *statement;
@@ -597,11 +558,36 @@
sqlite3_finalize(statement);
}
-void
-BasicIdentityStorage::setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName)
+Name
+SecPublicInfoSqlite3::getDefaultCertificateNameForKey(const Name& keyName)
{
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identityName = keyName.getPrefix(-1);
+
+ sqlite3_stmt *statement;
+ sqlite3_prepare_v2(database_, "SELECT cert_name FROM Certificate WHERE identity_name=? AND key_identifier=? AND default_cert=1", -1, &statement, 0);
+
+ sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
+
+ int res = sqlite3_step(statement);
+
+ Name certName;
+
+ if (res == SQLITE_ROW)
+ certName = Name(string(reinterpret_cast<const char *>(sqlite3_column_text(statement, 0)), sqlite3_column_bytes(statement, 0)));
+
+ sqlite3_finalize(statement);
+
+ return certName;
+}
+
+void
+SecPublicInfoSqlite3::setDefaultCertificateNameForKeyInternal(const Name& certificateName)
+{
+ Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certificateName);
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identityName = keyName.getPrefix(-1);
sqlite3_stmt *statement;
@@ -629,7 +615,7 @@
}
vector<Name>
-BasicIdentityStorage::getAllIdentities(bool isDefault)
+SecPublicInfoSqlite3::getAllIdentities(bool isDefault)
{
sqlite3_stmt *stmt;
if(isDefault)
@@ -646,7 +632,7 @@
}
vector<Name>
-BasicIdentityStorage::getAllKeyNames(bool isDefault)
+SecPublicInfoSqlite3::getAllKeyNames(bool isDefault)
{
sqlite3_stmt *stmt;
if(isDefault)
@@ -666,7 +652,7 @@
}
vector<Name>
-BasicIdentityStorage::getAllKeyNamesOfIdentity(const Name& identity, bool isDefault)
+SecPublicInfoSqlite3::getAllKeyNamesOfIdentity(const Name& identity, bool isDefault)
{
sqlite3_stmt *stmt;
if(isDefault)
@@ -688,7 +674,7 @@
}
vector<Name>
-BasicIdentityStorage::getAllCertificateNames(bool isDefault)
+SecPublicInfoSqlite3::getAllCertificateNames(bool isDefault)
{
sqlite3_stmt *stmt;
if(isDefault)
@@ -705,7 +691,7 @@
}
vector<Name>
-BasicIdentityStorage::getAllCertificateNamesOfKey(const Name& keyName, bool isDefault)
+SecPublicInfoSqlite3::getAllCertificateNamesOfKey(const Name& keyName, bool isDefault)
{
sqlite3_stmt *stmt;
if(isDefault)
@@ -713,7 +699,7 @@
else
sqlite3_prepare_v2 (database_, "SELECT cert_name FROM Certificate WHERE default_cert=0 and identity_name=? and key_identifier=?", -1, &stmt, 0);
- Name identity = keyName.getSubName(0, keyName.size()-1);
+ Name identity = keyName.getPrefix(-1);
sqlite3_bind_text(stmt, 1, identity.toUri().c_str(), identity.toUri().size (), SQLITE_TRANSIENT);
std::string baseKeyName = keyName.get(-1).toEscapedString();
sqlite3_bind_text(stmt, 2, baseKeyName.c_str(), baseKeyName.size(), SQLITE_TRANSIENT);
diff --git a/src/security/identity/memory-private-key-storage.cpp b/src/security/identity/sec-tpm-memory.cpp
similarity index 77%
rename from src/security/identity/memory-private-key-storage.cpp
rename to src/security/identity/sec-tpm-memory.cpp
index e1442be..9561cb9 100644
--- a/src/security/identity/memory-private-key-storage.cpp
+++ b/src/security/identity/sec-tpm-memory.cpp
@@ -5,7 +5,7 @@
* See COPYING for copyright and distribution information.
*/
-#include <ndn-cpp/security/identity/memory-private-key-storage.hpp>
+#include <ndn-cpp/security/identity/sec-tpm-memory.hpp>
#include <ndn-cpp/security/certificate/public-key.hpp>
#include <openssl/ssl.h>
#include <openssl/sha.h>
@@ -18,7 +18,7 @@
/**
* RsaPrivateKey is a simple class to hold an RSA private key.
*/
-class MemoryPrivateKeyStorage::RsaPrivateKey {
+class SecTpmMemory::RsaPrivateKey {
public:
RsaPrivateKey(const uint8_t *keyDer, size_t keyDerLength)
{
@@ -45,21 +45,21 @@
rsa_st * privateKey_;
};
-MemoryPrivateKeyStorage::~MemoryPrivateKeyStorage()
+SecTpmMemory::~SecTpmMemory()
{
}
void
-MemoryPrivateKeyStorage::setKeyPairForKeyName(const Name& keyName,
- uint8_t *publicKeyDer, size_t publicKeyDerLength,
- uint8_t *privateKeyDer, size_t privateKeyDerLength)
+SecTpmMemory::setKeyPairForKeyName(const Name& keyName,
+ uint8_t *publicKeyDer, size_t publicKeyDerLength,
+ uint8_t *privateKeyDer, size_t privateKeyDerLength)
{
publicKeyStore_[keyName.toUri()] = ptr_lib::make_shared<PublicKey>(publicKeyDer, publicKeyDerLength);
privateKeyStore_[keyName.toUri()] = ptr_lib::make_shared<RsaPrivateKey>(privateKeyDer, privateKeyDerLength);
}
void
-MemoryPrivateKeyStorage::generateKeyPair(const Name& keyName, KeyType keyType, int keySize)
+SecTpmMemory::generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize)
{
#if 1
throw Error("MemoryPrivateKeyStorage::generateKeyPair not implemented");
@@ -67,7 +67,7 @@
}
ptr_lib::shared_ptr<PublicKey>
-MemoryPrivateKeyStorage::getPublicKey(const Name& keyName)
+SecTpmMemory::getPublicKeyFromTpm(const Name& keyName)
{
PublicKeyStore::iterator publicKey = publicKeyStore_.find(keyName.toUri());
if (publicKey == publicKeyStore_.end())
@@ -76,9 +76,9 @@
}
Block
-MemoryPrivateKeyStorage::sign(const uint8_t *data, size_t dataLength,
- const Name& keyName,
- DigestAlgorithm digestAlgorithm)
+SecTpmMemory::sign(const uint8_t *data, size_t dataLength,
+ const Name& keyName,
+ DigestAlgorithm digestAlgorithm)
{
if (digestAlgorithm != DIGEST_ALGORITHM_SHA256)
return ConstBufferPtr();
@@ -110,9 +110,9 @@
}
void
-MemoryPrivateKeyStorage::sign(Data &d,
- const Name& keyName,
- DigestAlgorithm digestAlgorithm)
+SecTpmMemory::sign(Data &d,
+ const Name& keyName,
+ DigestAlgorithm digestAlgorithm)
{
if (digestAlgorithm != DIGEST_ALGORITHM_SHA256)
Error("MemoryPrivateKeyStorage::sign only SHA256 digest is supported");
@@ -149,7 +149,7 @@
}
ConstBufferPtr
-MemoryPrivateKeyStorage::decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric)
+SecTpmMemory::decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric)
{
#if 1
throw Error("MemoryPrivateKeyStorage::decrypt not implemented");
@@ -157,7 +157,7 @@
}
ConstBufferPtr
-MemoryPrivateKeyStorage::encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric)
+SecTpmMemory::encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric)
{
#if 1
throw Error("MemoryPrivateKeyStorage::encrypt not implemented");
@@ -165,7 +165,7 @@
}
void
-MemoryPrivateKeyStorage::generateKey(const Name& keyName, KeyType keyType, int keySize)
+SecTpmMemory::generateSymmetricKey(const Name& keyName, KeyType keyType, int keySize)
{
#if 1
throw Error("MemoryPrivateKeyStorage::generateKey not implemented");
@@ -173,7 +173,7 @@
}
bool
-MemoryPrivateKeyStorage::doesKeyExist(const Name& keyName, KeyClass keyClass)
+SecTpmMemory::doesKeyExist(const Name& keyName, KeyClass keyClass)
{
if (keyClass == KEY_CLASS_PUBLIC)
return publicKeyStore_.find(keyName.toUri()) != publicKeyStore_.end();
diff --git a/src/security/identity/osx-private-key-storage.cpp b/src/security/identity/sec-tpm-osx.cpp
similarity index 89%
rename from src/security/identity/osx-private-key-storage.cpp
rename to src/security/identity/sec-tpm-osx.cpp
index 7989f06..9fad367 100644
--- a/src/security/identity/osx-private-key-storage.cpp
+++ b/src/security/identity/sec-tpm-osx.cpp
@@ -12,7 +12,7 @@
#include "../../util/logging.hpp"
-#include <ndn-cpp/security/identity/osx-private-key-storage.hpp>
+#include <ndn-cpp/security/identity/sec-tpm-osx.hpp>
#include <ndn-cpp/security/certificate/public-key.hpp>
#include <CoreFoundation/CoreFoundation.h>
@@ -21,11 +21,11 @@
using namespace std;
-INIT_LOGGER("ndn.OSXPrivateKeyStorage");
+INIT_LOGGER("SecTpmOsx");
namespace ndn
{
- class OSXPrivateKeyStorage::Impl {
+ class SecTpmOsx::Impl {
public:
Impl(const std::string &keychainName)
: keyChainName_ ("" == keychainName ? "login.keychain" : keychainName)
@@ -101,15 +101,15 @@
- OSXPrivateKeyStorage::OSXPrivateKeyStorage(const string & keychainName)
+ SecTpmOsx::SecTpmOsx(const string & keychainName)
: impl_(new Impl(keychainName))
{
OSStatus res = SecKeychainCreate(impl_->keyChainName_.c_str(), //Keychain path
- 0, //Keychain password length
- NULL, //Keychain password
- true, //User prompt
- NULL, //Initial access of Keychain
- &impl_->keyChainRef_); //Keychain reference
+ 0, //Keychain password length
+ NULL, //Keychain password
+ true, //User prompt
+ NULL, //Initial access of Keychain
+ &impl_->keyChainRef_); //Keychain reference
if (res == errSecDuplicateKeychain)
res = SecKeychainOpen(impl_->keyChainName_.c_str(),
@@ -129,12 +129,12 @@
}
}
- OSXPrivateKeyStorage::~OSXPrivateKeyStorage(){
+ SecTpmOsx::~SecTpmOsx(){
//TODO: implement
}
void
- OSXPrivateKeyStorage::generateKeyPair(const Name & keyName, KeyType keyType, int keySize)
+ SecTpmOsx::generateKeyPairInTpm(const Name & keyName, KeyType keyType, int keySize)
{
if(doesKeyExist(keyName, KEY_CLASS_PUBLIC)){
@@ -171,7 +171,7 @@
}
void
- OSXPrivateKeyStorage::generateKey(const Name & keyName, KeyType keyType, int keySize)
+ SecTpmOsx::generateSymmetricKey(const Name & keyName, KeyType keyType, int keySize)
{
if(doesKeyExist(keyName, KEY_CLASS_SYMMETRIC))
@@ -202,7 +202,7 @@
}
ptr_lib::shared_ptr<PublicKey>
- OSXPrivateKeyStorage::getPublicKey(const Name & keyName)
+ SecTpmOsx::getPublicKeyFromTpm(const Name & keyName)
{
_LOG_TRACE("OSXPrivateKeyStorage::getPublickey");
@@ -220,8 +220,7 @@
}
Block
- OSXPrivateKeyStorage::sign(const uint8_t *data, size_t dataLength,
- const Name& keyName, DigestAlgorithm digestAlgorithm/* = DIGEST_ALGORITHM_SHA256*/)
+ SecTpmOsx::sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm)
{
_LOG_TRACE("OSXPrivateKeyStorage::Sign");
@@ -281,8 +280,7 @@
}
void
- OSXPrivateKeyStorage::sign(Data &data,
- const Name& keyName, DigestAlgorithm digestAlgorithm/* = DIGEST_ALGORITHM_SHA256 */)
+ SecTpmOsx::sign(Data &data, const Name& keyName, DigestAlgorithm digestAlgorithm)
{
const uint8_t *begin = data.wireEncode().value();
const uint8_t *end = &*data.getSignature().getInfo().end();
@@ -292,7 +290,7 @@
}
ConstBufferPtr
- OSXPrivateKeyStorage::decrypt(const Name & keyName, const uint8_t* data, size_t dataLength, bool sym)
+ SecTpmOsx::decrypt(const Name & keyName, const uint8_t* data, size_t dataLength, bool sym)
{
_LOG_TRACE("OSXPrivateKeyStorage::Decrypt");
@@ -335,7 +333,7 @@
}
bool
- OSXPrivateKeyStorage::setACL(const Name & keyName, KeyClass keyClass, int acl, const string & appPath)
+ SecTpmOsx::setACL(const Name & keyName, KeyClass keyClass, int acl, const string & appPath)
{
SecKeychainItemRef privateKey = impl_->getKey(keyName, keyClass);
@@ -432,7 +430,7 @@
// }
ConstBufferPtr
- OSXPrivateKeyStorage::encrypt(const Name & keyName, const uint8_t* data, size_t dataLength, bool sym)
+ SecTpmOsx::encrypt(const Name & keyName, const uint8_t* data, size_t dataLength, bool sym)
{
_LOG_TRACE("OSXPrivateKeyStorage::Encrypt");
@@ -468,7 +466,7 @@
}
bool
- OSXPrivateKeyStorage::doesKeyExist(const Name & keyName, KeyClass keyClass)
+ SecTpmOsx::doesKeyExist(const Name & keyName, KeyClass keyClass)
{
_LOG_TRACE("OSXPrivateKeyStorage::doesKeyExist");
@@ -503,7 +501,7 @@
////////////////////////////////
SecKeychainItemRef
- OSXPrivateKeyStorage::Impl::getKey(const Name & keyName, KeyClass keyClass)
+ SecTpmOsx::Impl::getKey(const Name & keyName, KeyClass keyClass)
{
string keyNameUri = toInternalKeyName(keyName, keyClass);
@@ -533,7 +531,8 @@
return keyItem;
}
- string OSXPrivateKeyStorage::Impl::toInternalKeyName(const Name & keyName, KeyClass keyClass)
+ string
+ SecTpmOsx::Impl::toInternalKeyName(const Name & keyName, KeyClass keyClass)
{
string keyUri = keyName.toUri();
@@ -543,7 +542,8 @@
return keyUri;
}
- const CFTypeRef OSXPrivateKeyStorage::Impl::getAsymKeyType(KeyType keyType)
+ const CFTypeRef
+ SecTpmOsx::Impl::getAsymKeyType(KeyType keyType)
{
switch(keyType){
case KEY_TYPE_RSA:
@@ -554,7 +554,8 @@
}
}
- const CFTypeRef OSXPrivateKeyStorage::Impl::getSymKeyType(KeyType keyType)
+ const CFTypeRef
+ SecTpmOsx::Impl::getSymKeyType(KeyType keyType)
{
switch(keyType){
case KEY_TYPE_AES:
@@ -565,7 +566,8 @@
}
}
- const CFTypeRef OSXPrivateKeyStorage::Impl::getKeyClass(KeyClass keyClass)
+ const CFTypeRef
+ SecTpmOsx::Impl::getKeyClass(KeyClass keyClass)
{
switch(keyClass){
case KEY_CLASS_PRIVATE:
@@ -580,7 +582,8 @@
}
}
- const CFStringRef OSXPrivateKeyStorage::Impl::getDigestAlgorithm(DigestAlgorithm digestAlgo)
+ const CFStringRef
+ SecTpmOsx::Impl::getDigestAlgorithm(DigestAlgorithm digestAlgo)
{
switch(digestAlgo){
// case DIGEST_MD2:
@@ -597,7 +600,8 @@
}
}
- long OSXPrivateKeyStorage::Impl::getDigestSize(DigestAlgorithm digestAlgo)
+ long
+ SecTpmOsx::Impl::getDigestSize(DigestAlgorithm digestAlgo)
{
switch(digestAlgo){
case DIGEST_ALGORITHM_SHA256: