security: renaming sub-classess of SecPublicInfo and SecTpm and adapting corresponding interfaces
Following classes have been modified
BasicIdentityStorage -> SecPublicInfoSqlite3
OSXPrivateKeyStorage -> SecTpmOsx
MemoryIdentityStorage -> SecPublicInfoMemory
MemoryPrivateKeyStorage -> SecTpmMemory
Change-Id: I7441d1cf046b3aa9b19cbbaa4351bd5be84847d0
diff --git a/include/ndn-cpp/security/identity/memory-identity-storage.hpp b/include/ndn-cpp/security/identity/sec-public-info-memory.hpp
similarity index 84%
rename from include/ndn-cpp/security/identity/memory-identity-storage.hpp
rename to include/ndn-cpp/security/identity/sec-public-info-memory.hpp
index 57f8050..734d4d7 100644
--- a/include/ndn-cpp/security/identity/memory-identity-storage.hpp
+++ b/include/ndn-cpp/security/identity/sec-public-info-memory.hpp
@@ -5,29 +5,29 @@
* See COPYING for copyright and distribution information.
*/
-#ifndef NDN_MEMORY_IDENTITY_STORAGE_HPP
-#define NDN_MEMORY_IDENTITY_STORAGE_HPP
+#ifndef NDN_SEC_PUBLIC_INFO_MEMORY_HPP
+#define NDN_SEC_PUBLIC_INFO_MEMORY_HPP
#include <vector>
#include <map>
-#include "identity-storage.hpp"
+#include "sec-public-info.hpp"
namespace ndn {
/**
- * MemoryIdentityStorage extends IdentityStorage and implements its methods to store identity, public key and certificate objects in memory.
- * The application must get the objects through its own means and add the objects to the MemoryIdentityStorage object.
- * To use permanent file-based storage, see BasicIdentityStorage.
+ * MemoryKeyMetaInfo extends IdentityStorage and implements its methods to store identity, public key and certificate objects in memory.
+ * The application must get the objects through its own means and add the objects to the MemoryKeyMetaInfo object.
+ * To use permanent file-based storage, see BasicKeyMetaInfo.
*/
-class MemoryIdentityStorage : public IdentityStorage {
+class SecPublicInfoMemory : public SecPublicInfo {
public:
- struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+ struct Error : public SecPublicInfo::Error { Error(const std::string &what) : SecPublicInfo::Error(what) {} };
/**
* The virtual Destructor.
*/
virtual
- ~MemoryIdentityStorage();
+ ~SecPublicInfoMemory();
/**
* Check if the specified identity already exists.
@@ -57,7 +57,7 @@
* @return true if the key exists, otherwise false.
*/
virtual bool
- doesKeyExist(const Name& keyName);
+ doesPublicKeyExist(const Name& keyName);
/**
* Add a public key to the identity storage.
@@ -66,7 +66,7 @@
* @param publicKeyDer A blob of the public key DER to be added.
*/
virtual void
- addKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer);
+ addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer);
/**
* Get the public key DER blob from the identity storage.
@@ -74,21 +74,21 @@
* @return The DER Blob. If not found, return a Blob with a null pointer.
*/
virtual ptr_lib::shared_ptr<PublicKey>
- getKey(const Name& keyName);
+ getPublicKey(const Name& keyName);
/**
* Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
* @param keyName name of the key
*/
virtual void
- activateKey(const Name& keyName);
+ activatePublicKey(const Name& keyName);
/**
* Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
* @param keyName name of the key
*/
virtual void
- deactivateKey(const Name& keyName);
+ deactivatePublicKey(const Name& keyName);
/**
* Check if the specified certificate already exists.
@@ -142,30 +142,6 @@
virtual Name
getDefaultCertificateNameForKey(const Name& keyName);
- /**
- * Set the default identity. If the identityName does not exist, then clear the default identity
- * so that getDefaultIdentity() returns an empty name.
- * @param identityName The default identity name.
- */
- virtual void
- setDefaultIdentity(const Name& identityName);
-
- /**
- * Set the default key name for the specified identity.
- * @param keyName The key name.
- * @param identityNameCheck (optional) The identity name to check the keyName.
- */
- virtual void
- setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck = Name());
-
- /**
- * Set the default key name for the specified identity.
- * @param keyName The key name.
- * @param certificateName The certificate name.
- */
- virtual void
- setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName);
-
virtual std::vector<Name>
getAllIdentities(bool isDefault);
@@ -180,6 +156,32 @@
virtual std::vector<Name>
getAllCertificateNamesOfKey(const Name& keyName, bool isDefault);
+
+protected:
+ /**
+ * Set the default identity. If the identityName does not exist, then clear the default identity
+ * so that getDefaultIdentity() returns an empty name.
+ * @param identityName The default identity name.
+ */
+ virtual void
+ setDefaultIdentityInternal(const Name& identityName);
+
+ /**
+ * Set the default key name for the specified identity.
+ * @param keyName The key name.
+ * @param identityNameCheck (optional) The identity name to check the keyName.
+ */
+ virtual void
+ setDefaultKeyNameForIdentityInternal(const Name& keyName);
+
+ /**
+ * Set the default key name for the specified identity.
+ * @param keyName The key name.
+ * @param certificateName The certificate name.
+ */
+ virtual void
+ setDefaultCertificateNameForKeyInternal(const Name& certificateName);
+
private:
class KeyRecord {
diff --git a/include/ndn-cpp/security/identity/basic-identity-storage.hpp b/include/ndn-cpp/security/identity/sec-public-info-sqlite3.hpp
similarity index 81%
rename from include/ndn-cpp/security/identity/basic-identity-storage.hpp
rename to include/ndn-cpp/security/identity/sec-public-info-sqlite3.hpp
index 0dc3e5d..335b724 100644
--- a/include/ndn-cpp/security/identity/basic-identity-storage.hpp
+++ b/include/ndn-cpp/security/identity/sec-public-info-sqlite3.hpp
@@ -6,8 +6,8 @@
* See COPYING for copyright and distribution information.
*/
-#ifndef NDN_BASIC_IDENTITY_STORAGE_H
-#define NDN_BASIC_IDENTITY_STORAGE_H
+#ifndef NDN_SEC_PUBLIC_INFO_SQLITE3_HPP
+#define NDN_SEC_PUBLIC_INFO_SQLITE3_HPP
// Only compile if ndn-cpp-config.h defines NDN_CPP_HAVE_SQLITE3.
#include <ndn-cpp/ndn-cpp-config.h>
@@ -15,7 +15,7 @@
#include <sqlite3.h>
#include "../../common.hpp"
-#include "identity-storage.hpp"
+#include "sec-public-info.hpp"
namespace ndn
{
@@ -24,19 +24,19 @@
* BasicIdentityStorage extends IdentityStorage to implement a basic storage of identity, public keys and certificates
* using SQLite.
*/
-class BasicIdentityStorage : public IdentityStorage {
+class SecPublicInfoSqlite3 : public SecPublicInfo {
public:
- struct Error : public IdentityStorage::Error { Error(const std::string &what) : IdentityStorage::Error(what) {} };
+ struct Error : public SecPublicInfo::Error { Error(const std::string &what) : SecPublicInfo::Error(what) {} };
- BasicIdentityStorage();
+ SecPublicInfoSqlite3();
/**
* The virtual Destructor.
*/
virtual
- ~BasicIdentityStorage();
+ ~SecPublicInfoSqlite3();
- // from IdentityStorage
+ // from SecPublicInfo
/**
* Check if the specified identity already exists.
* @param identityName The identity name.
@@ -65,7 +65,7 @@
* @return true if the key exists, otherwise false.
*/
virtual bool
- doesKeyExist(const Name& keyName);
+ doesPublicKeyExist(const Name& keyName);
/**
* Add a public key to the identity storage.
@@ -74,7 +74,7 @@
* @param publicKeyDer A blob of the public key DER to be added.
*/
virtual void
- addKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer);
+ addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer);
/**
* Get the public key DER blob from the identity storage.
@@ -82,21 +82,21 @@
* @return The DER Blob. If not found, return a Blob with a null pointer.
*/
virtual ptr_lib::shared_ptr<PublicKey>
- getKey(const Name& keyName);
+ getPublicKey(const Name& keyName);
/**
* Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
* @param keyName name of the key
*/
- virtual void
- activateKey(const Name& keyName);
+ virtual inline void
+ activatePublicKey(const Name& keyName);
/**
* Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
* @param keyName name of the key
*/
- virtual void
- deactivateKey(const Name& keyName);
+ virtual inline void
+ deactivatePublicKey(const Name& keyName);
/**
* Check if the specified certificate already exists.
@@ -110,7 +110,7 @@
* Add a certificate in to the identity storage without checking if the identity and key exists.
* @param certificate The certificate to be added.
*/
- void
+ virtual void
addAnyCertificate (const IdentityCertificate& certificate);
/**
@@ -127,11 +127,11 @@
* @return The requested certificate. If not found, return a shared_ptr with a null pointer.
*/
virtual ptr_lib::shared_ptr<IdentityCertificate>
- getCertificate(const Name &certificateName, bool allowAny = false);
+ getCertificate(const Name &certificateName, bool allowAny);
/*****************************************
- * Get/Set Default *
+ * Default Getter *
*****************************************/
/**
@@ -157,31 +157,6 @@
virtual Name
getDefaultCertificateNameForKey(const Name& keyName);
- /**
- * Set the default identity. If the identityName does not exist, then clear the default identity
- * so that getDefaultIdentity() returns an empty name.
- * @param identityName The default identity name.
- */
- virtual void
- setDefaultIdentity(const Name& identityName);
-
- /**
- * Set the default key name for the specified identity.
- * @param keyName The key name.
- * @param identityNameCheck (optional) The identity name to check the keyName.
- */
- virtual void
- setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck = Name());
-
- /**
- * Set the default key name for the specified identity.
- * @param keyName The key name.
- * @param certificateName The certificate name.
- */
- virtual void
- setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName);
-
-
virtual std::vector<Name>
getAllIdentities(bool isDefault);
@@ -197,14 +172,50 @@
virtual std::vector<Name>
getAllCertificateNamesOfKey(const Name& keyName, bool isDefault);
-private:
+protected:
+ /**
+ * Set the default identity. If the identityName does not exist, then clear the default identity
+ * so that getDefaultIdentity() returns an empty name.
+ * @param identityName The default identity name.
+ */
+ virtual void
+ setDefaultIdentityInternal(const Name& identityName);
+ /**
+ * Set the default key name for the specified identity.
+ * @param keyName The key name.
+ * @param identityNameCheck (optional) The identity name to check the keyName.
+ */
virtual void
+ setDefaultKeyNameForIdentityInternal(const Name& keyName);
+
+ /**
+ * Set the default key name for the specified identity.
+ * @param keyName The key name.
+ * @param certificateName The certificate name.
+ */
+ virtual void
+ setDefaultCertificateNameForKeyInternal(const Name& certificateName);
+
+private:
+ void
updateKeyStatus(const Name& keyName, bool isActive);
sqlite3 *database_;
};
+void
+SecPublicInfoSqlite3::activatePublicKey(const Name& keyName)
+{
+ updateKeyStatus(keyName, true);
+}
+
+void
+SecPublicInfoSqlite3::deactivatePublicKey(const Name& keyName)
+{
+ updateKeyStatus(keyName, false);
+}
+
}
#endif // NDN_CPP_HAVE_SQLITE3
diff --git a/include/ndn-cpp/security/identity/memory-private-key-storage.hpp b/include/ndn-cpp/security/identity/sec-tpm-memory.hpp
similarity index 88%
rename from include/ndn-cpp/security/identity/memory-private-key-storage.hpp
rename to include/ndn-cpp/security/identity/sec-tpm-memory.hpp
index ee4f706..5761597 100644
--- a/include/ndn-cpp/security/identity/memory-private-key-storage.hpp
+++ b/include/ndn-cpp/security/identity/sec-tpm-memory.hpp
@@ -5,11 +5,11 @@
* See COPYING for copyright and distribution information.
*/
-#ifndef NDN_MEMORY_PRIVATE_KEY_STORAGE_HPP
-#define NDN_MEMORY_PRIVATE_KEY_STORAGE_HPP
+#ifndef NDN_SEC_TPM_MEMORY_HPP
+#define NDN_SEC_TPM_MEMORY_HPP
#include <map>
-#include "private-key-storage.hpp"
+#include "sec-tpm.hpp"
struct rsa_st;
@@ -19,15 +19,15 @@
* MemoryPrivateKeyStorage extends PrivateKeyStorage to implement a simple in-memory private key store. You should
* initialize by calling setKeyPairForKeyName.
*/
-class MemoryPrivateKeyStorage : public PrivateKeyStorage {
+class SecTpmMemory : public SecTpm {
public:
- struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+ struct Error : public SecTpm::Error { Error(const std::string &what) : SecTpm::Error(what) {} };
/**
* The virtual destructor
*/
virtual
- ~MemoryPrivateKeyStorage();
+ ~SecTpmMemory();
/**
* Set the public and private key for the keyName.
@@ -48,7 +48,7 @@
* @param keySize The size of the key pair.
*/
virtual void
- generateKeyPair(const Name& keyName, KeyType keyType, int keySize);
+ generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize);
/**
* Get the public key
@@ -56,7 +56,7 @@
* @return The public key.
*/
virtual ptr_lib::shared_ptr<PublicKey>
- getPublicKey(const Name& keyName);
+ getPublicKeyFromTpm(const Name& keyName);
/**
* Fetch the private key for keyName and sign the data, returning a signature Blob.
@@ -101,7 +101,7 @@
* @param keySize The size of the key.
*/
virtual void
- generateKey(const Name& keyName, KeyType keyType, int keySize);
+ generateSymmetricKey(const Name& keyName, KeyType keyType, int keySize);
/**
* Check if a particular key exists.
diff --git a/include/ndn-cpp/security/identity/osx-private-key-storage.hpp b/include/ndn-cpp/security/identity/sec-tpm-osx.hpp
similarity index 77%
rename from include/ndn-cpp/security/identity/osx-private-key-storage.hpp
rename to include/ndn-cpp/security/identity/sec-tpm-osx.hpp
index 6ac28ea..0b90fd0 100644
--- a/include/ndn-cpp/security/identity/osx-private-key-storage.hpp
+++ b/include/ndn-cpp/security/identity/sec-tpm-osx.hpp
@@ -5,48 +5,48 @@
* See COPYING for copyright and distribution information.
*/
-#ifndef NDN_OSX_PRIVATEKEY_STORAGE_H
-#define NDN_OSX_PRIVATEKEY_STORAGE_H
+#ifndef NDN_SEC_TPM_OSX_HPP
+#define NDN_SEC_TPM_OSX_HPP
// Only compile if ndn-cpp-config.h defines NDN_CPP_HAVE_OSX_SECURITY 1.
#include <ndn-cpp/ndn-cpp-config.h>
#if NDN_CPP_HAVE_OSX_SECURITY
#include "../../common.hpp"
-#include "private-key-storage.hpp"
+#include "sec-tpm.hpp"
namespace ndn
{
-class OSXPrivateKeyStorage : public PrivateKeyStorage {
+class SecTpmOsx : public SecTpm {
public:
+ struct Error : public SecTpm::Error { Error(const std::string &what) : SecTpm::Error(what) {} };
+
/**
- * constructor of OSXPrivateKeyStorage
+ * constructor of OSXKeyChainTpm
* @param keychainName the name of keychain
*/
- OSXPrivateKeyStorage(const std::string & keychainName = "");
+ SecTpmOsx(const std::string & keychainName = "");
/**
- * destructor of OSXPrivateKeyStore
+ * destructor of OSXKeyChainTpm
*/
virtual
- ~OSXPrivateKeyStorage();
+ ~SecTpmOsx();
- // From PrivateKeyStorage
+ // From TrustedPlatformModule
virtual void
- generateKeyPair(const Name& keyName, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048);
+ generateKeyPairInTpm(const Name& keyName, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048);
virtual ptr_lib::shared_ptr<PublicKey>
- getPublicKey(const Name& keyName);
+ getPublicKeyFromTpm(const Name& keyName);
virtual Block
- sign(const uint8_t *data, size_t dataLength,
- const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256);
+ sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm);
virtual void
- sign(Data &data,
- const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256);
+ sign(Data &data, const Name& keyName, DigestAlgorithm digestAlgorithm);
/**
* Decrypt data.
@@ -57,7 +57,7 @@
* @return The decrypted data.
*/
virtual ConstBufferPtr
- decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false);
+ decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric);
/**
* Encrypt data.
@@ -68,7 +68,7 @@
* @return The encrypted data.
*/
virtual ConstBufferPtr
- encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric = false);
+ encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric);
/**
* Generate a symmetric key.
@@ -77,7 +77,7 @@
* @param keySize The size of the key.
*/
virtual void
- generateKey(const Name& keyName, KeyType keyType = KEY_TYPE_AES, int keySize = 256);
+ generateSymmetricKey(const Name& keyName, KeyType keyType, int keySize);
/**
* Check if a particular key exists.