security: renaming sub-classess of SecPublicInfo and SecTpm and adapting corresponding interfaces
Following classes have been modified
BasicIdentityStorage -> SecPublicInfoSqlite3
OSXPrivateKeyStorage -> SecTpmOsx
MemoryIdentityStorage -> SecPublicInfoMemory
MemoryPrivateKeyStorage -> SecTpmMemory
Change-Id: I7441d1cf046b3aa9b19cbbaa4351bd5be84847d0
diff --git a/src/security/identity/memory-identity-storage.cpp b/src/security/identity/memory-identity-storage.cpp
deleted file mode 100644
index 81881a8..0000000
--- a/src/security/identity/memory-identity-storage.cpp
+++ /dev/null
@@ -1,205 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#include <ndn-cpp/security/identity/memory-identity-storage.hpp>
-
-#include <algorithm>
-#include <ndn-cpp/security/certificate/identity-certificate.hpp>
-
-using namespace std;
-
-namespace ndn {
-
-MemoryIdentityStorage::~MemoryIdentityStorage()
-{
-}
-
-bool
-MemoryIdentityStorage::doesIdentityExist(const Name& identityName)
-{
- string identityUri = identityName.toUri();
- return find(identityStore_.begin(), identityStore_.end(), identityUri) != identityStore_.end();
-}
-
-void
-MemoryIdentityStorage::addIdentity(const Name& identityName)
-{
- string identityUri = identityName.toUri();
- if (find(identityStore_.begin(), identityStore_.end(), identityUri) != identityStore_.end())
- throw Error("Identity already exists: " + identityUri);
-
- identityStore_.push_back(identityUri);
-}
-
-bool
-MemoryIdentityStorage::revokeIdentity()
-{
-#if 1
- throw runtime_error("MemoryIdentityStorage::revokeIdentity not implemented");
-#endif
-}
-
-bool
-MemoryIdentityStorage::doesKeyExist(const Name& keyName)
-{
- return keyStore_.find(keyName.toUri()) != keyStore_.end();
-}
-
-void
-MemoryIdentityStorage::addKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey)
-{
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
-
- if (!doesIdentityExist(identityName))
- addIdentity(identityName);
-
- if (doesKeyExist(keyName))
- throw Error("a key with the same name already exists!");
-
- keyStore_[keyName.toUri()] = ptr_lib::make_shared<KeyRecord>(keyType, publicKey);
-}
-
-ptr_lib::shared_ptr<PublicKey>
-MemoryIdentityStorage::getKey(const Name& keyName)
-{
- KeyStore::iterator record = keyStore_.find(keyName.toUri());
- if (record == keyStore_.end())
- // Not found. Silently return null.
- return ptr_lib::shared_ptr<PublicKey>();
-
- return ptr_lib::make_shared<PublicKey> (record->second->getKey());
-}
-
-void
-MemoryIdentityStorage::activateKey(const Name& keyName)
-{
-#if 1
- throw runtime_error("MemoryIdentityStorage::activateKey not implemented");
-#endif
-}
-
-void
-MemoryIdentityStorage::deactivateKey(const Name& keyName)
-{
-#if 1
- throw runtime_error("MemoryIdentityStorage::deactivateKey not implemented");
-#endif
-}
-
-bool
-MemoryIdentityStorage::doesCertificateExist(const Name& certificateName)
-{
- return certificateStore_.find(certificateName.toUri()) != certificateStore_.end();
-}
-
-void
-MemoryIdentityStorage::addCertificate(const IdentityCertificate& certificate)
-{
- const Name& certificateName = certificate.getName();
- const Name& keyName = certificate.getPublicKeyName();
-
- if (!doesKeyExist(keyName))
- throw Error("No corresponding Key record for certificate! " + keyName.toUri() + " " + certificateName.toUri());
-
- // Check if certificate has already existed!
- if (doesCertificateExist(certificateName))
- throw Error("Certificate has already been installed!");
-
- // Check if the public key of certificate is the same as the key record.
- ptr_lib::shared_ptr<PublicKey> pubKey = getKey(keyName);
- if (!pubKey || (*pubKey) != certificate.getPublicKeyInfo())
- throw Error("Certificate does not match the public key!");
-
- // Insert the certificate.
- certificateStore_[certificateName.toUri()] = ptr_lib::make_shared<IdentityCertificate> (certificate);
-}
-
-ptr_lib::shared_ptr<IdentityCertificate>
-MemoryIdentityStorage::getCertificate(const Name& certificateName, bool allowAny)
-{
- CertificateStore::iterator record = certificateStore_.find(certificateName.toUri());
- if (record == certificateStore_.end())
- // Not found. Silently return null.
- return ptr_lib::shared_ptr<IdentityCertificate>();
-
- return record->second;
-}
-
-Name
-MemoryIdentityStorage::getDefaultIdentity()
-{
- return Name(defaultIdentity_);
-}
-
-Name
-MemoryIdentityStorage::getDefaultKeyNameForIdentity(const Name& identityName)
-{
- return defaultKeyName_;
-}
-
-Name
-MemoryIdentityStorage::getDefaultCertificateNameForKey(const Name& keyName)
-{
- return defaultCert_;
-}
-
-void
-MemoryIdentityStorage::setDefaultIdentity(const Name& identityName)
-{
- string identityUri = identityName.toUri();
- if (find(identityStore_.begin(), identityStore_.end(), identityUri) != identityStore_.end())
- defaultIdentity_ = identityUri;
- else
- // The identity doesn't exist, so clear the default.
- defaultIdentity_.clear();
-}
-
-void
-MemoryIdentityStorage::setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck)
-{
- defaultKeyName_ = identityNameCheck;
-}
-
-void
-MemoryIdentityStorage::setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName)
-{
- defaultCert_ = certificateName;
-}
-
-
-std::vector<Name>
-MemoryIdentityStorage::getAllIdentities(bool isDefault)
-{
- throw runtime_error("MemoryIdentityStorage::getAllIdentities not implemented");
-}
-
-std::vector<Name>
-MemoryIdentityStorage::getAllKeyNames(bool isDefault)
-{
- throw runtime_error("MemoryIdentityStorage::getAllKeyNames not implemented");
-}
-
-std::vector<Name>
-MemoryIdentityStorage::getAllKeyNamesOfIdentity(const Name& identity, bool isDefault)
-{
- throw runtime_error("MemoryIdentityStorage::getAllKeyNamesOfIdentity not implemented");
-}
-
-std::vector<Name>
-MemoryIdentityStorage::getAllCertificateNames(bool isDefault)
-{
- throw runtime_error("MemoryIdentityStorage::getAllCertificateNames not implemented");
-}
-
-std::vector<Name>
-MemoryIdentityStorage::getAllCertificateNamesOfKey(const Name& keyName, bool isDefault)
-{
- throw runtime_error("MemoryIdentityStorage::getAllCertificateNamesOfKey not implemented");
-}
-
-
-}
diff --git a/src/security/identity/sec-public-info-memory.cpp b/src/security/identity/sec-public-info-memory.cpp
new file mode 100644
index 0000000..3336547
--- /dev/null
+++ b/src/security/identity/sec-public-info-memory.cpp
@@ -0,0 +1,205 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#include <ndn-cpp/security/identity/sec-public-info-memory.hpp>
+
+#include <algorithm>
+#include <ndn-cpp/security/certificate/identity-certificate.hpp>
+
+using namespace std;
+
+namespace ndn {
+
+SecPublicInfoMemory::~SecPublicInfoMemory()
+{
+}
+
+bool
+SecPublicInfoMemory::doesIdentityExist(const Name& identityName)
+{
+ string identityUri = identityName.toUri();
+ return find(identityStore_.begin(), identityStore_.end(), identityUri) != identityStore_.end();
+}
+
+void
+SecPublicInfoMemory::addIdentity(const Name& identityName)
+{
+ string identityUri = identityName.toUri();
+ if (find(identityStore_.begin(), identityStore_.end(), identityUri) != identityStore_.end())
+ throw Error("Identity already exists: " + identityUri);
+
+ identityStore_.push_back(identityUri);
+}
+
+bool
+SecPublicInfoMemory::revokeIdentity()
+{
+#if 1
+ throw runtime_error("SecPublicInfoMemory::revokeIdentity not implemented");
+#endif
+}
+
+bool
+SecPublicInfoMemory::doesPublicKeyExist(const Name& keyName)
+{
+ return keyStore_.find(keyName.toUri()) != keyStore_.end();
+}
+
+void
+SecPublicInfoMemory::addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey)
+{
+ Name identityName = keyName.getSubName(0, keyName.size() - 1);
+
+ if (!doesIdentityExist(identityName))
+ addIdentity(identityName);
+
+ if (doesPublicKeyExist(keyName))
+ throw Error("a key with the same name already exists!");
+
+ keyStore_[keyName.toUri()] = ptr_lib::make_shared<KeyRecord>(keyType, publicKey);
+}
+
+ptr_lib::shared_ptr<PublicKey>
+SecPublicInfoMemory::getPublicKey(const Name& keyName)
+{
+ KeyStore::iterator record = keyStore_.find(keyName.toUri());
+ if (record == keyStore_.end())
+ // Not found. Silently return null.
+ return ptr_lib::shared_ptr<PublicKey>();
+
+ return ptr_lib::make_shared<PublicKey> (record->second->getKey());
+}
+
+void
+SecPublicInfoMemory::activatePublicKey(const Name& keyName)
+{
+#if 1
+ throw runtime_error("SecPublicInfoMemory::activateKey not implemented");
+#endif
+}
+
+void
+SecPublicInfoMemory::deactivatePublicKey(const Name& keyName)
+{
+#if 1
+ throw runtime_error("SecPublicInfoMemory::deactivateKey not implemented");
+#endif
+}
+
+bool
+SecPublicInfoMemory::doesCertificateExist(const Name& certificateName)
+{
+ return certificateStore_.find(certificateName.toUri()) != certificateStore_.end();
+}
+
+void
+SecPublicInfoMemory::addCertificate(const IdentityCertificate& certificate)
+{
+ const Name& certificateName = certificate.getName();
+ const Name& keyName = certificate.getPublicKeyName();
+
+ if (!doesPublicKeyExist(keyName))
+ throw Error("No corresponding Key record for certificate! " + keyName.toUri() + " " + certificateName.toUri());
+
+ // Check if certificate has already existed!
+ if (doesCertificateExist(certificateName))
+ throw Error("Certificate has already been installed!");
+
+ // Check if the public key of certificate is the same as the key record.
+ ptr_lib::shared_ptr<PublicKey> pubKey = getPublicKey(keyName);
+ if (!pubKey || (*pubKey) != certificate.getPublicKeyInfo())
+ throw Error("Certificate does not match the public key!");
+
+ // Insert the certificate.
+ certificateStore_[certificateName.toUri()] = ptr_lib::make_shared<IdentityCertificate> (certificate);
+}
+
+ptr_lib::shared_ptr<IdentityCertificate>
+SecPublicInfoMemory::getCertificate(const Name& certificateName, bool allowAny)
+{
+ CertificateStore::iterator record = certificateStore_.find(certificateName.toUri());
+ if (record == certificateStore_.end())
+ // Not found. Silently return null.
+ return ptr_lib::shared_ptr<IdentityCertificate>();
+
+ return record->second;
+}
+
+Name
+SecPublicInfoMemory::getDefaultIdentity()
+{
+ return Name(defaultIdentity_);
+}
+
+void
+SecPublicInfoMemory::setDefaultIdentityInternal(const Name& identityName)
+{
+ string identityUri = identityName.toUri();
+ if (find(identityStore_.begin(), identityStore_.end(), identityUri) != identityStore_.end())
+ defaultIdentity_ = identityUri;
+ else
+ // The identity doesn't exist, so clear the default.
+ defaultIdentity_.clear();
+}
+
+Name
+SecPublicInfoMemory::getDefaultKeyNameForIdentity(const Name& identityName)
+{
+ return defaultKeyName_;
+}
+
+void
+SecPublicInfoMemory::setDefaultKeyNameForIdentityInternal(const Name& keyName)
+{
+ defaultKeyName_ = keyName;
+}
+
+Name
+SecPublicInfoMemory::getDefaultCertificateNameForKey(const Name& keyName)
+{
+ return defaultCert_;
+}
+
+void
+SecPublicInfoMemory::setDefaultCertificateNameForKeyInternal(const Name& certificateName)
+{
+ defaultCert_ = certificateName;
+}
+
+
+std::vector<Name>
+SecPublicInfoMemory::getAllIdentities(bool isDefault)
+{
+ throw runtime_error("SecPublicInfoMemory::getAllIdentities not implemented");
+}
+
+std::vector<Name>
+SecPublicInfoMemory::getAllKeyNames(bool isDefault)
+{
+ throw runtime_error("SecPublicInfoMemory::getAllKeyNames not implemented");
+}
+
+std::vector<Name>
+SecPublicInfoMemory::getAllKeyNamesOfIdentity(const Name& identity, bool isDefault)
+{
+ throw runtime_error("SecPublicInfoMemory::getAllKeyNamesOfIdentity not implemented");
+}
+
+std::vector<Name>
+SecPublicInfoMemory::getAllCertificateNames(bool isDefault)
+{
+ throw runtime_error("SecPublicInfoMemory::getAllCertificateNames not implemented");
+}
+
+std::vector<Name>
+SecPublicInfoMemory::getAllCertificateNamesOfKey(const Name& keyName, bool isDefault)
+{
+ throw runtime_error("SecPublicInfoMemory::getAllCertificateNamesOfKey not implemented");
+}
+
+
+}
diff --git a/src/security/identity/basic-identity-storage.cpp b/src/security/identity/sec-public-info-sqlite3.cpp
similarity index 86%
rename from src/security/identity/basic-identity-storage.cpp
rename to src/security/identity/sec-public-info-sqlite3.cpp
index 00df15b..78ea986 100644
--- a/src/security/identity/basic-identity-storage.cpp
+++ b/src/security/identity/sec-public-info-sqlite3.cpp
@@ -14,15 +14,15 @@
#include <stdlib.h>
#include <sstream>
#include <fstream>
-#include <ndn-cpp/security/identity/basic-identity-storage.hpp>
#include "../../util/logging.hpp"
-#include "ndn-cpp/data.hpp"
-#include <ndn-cpp/security/certificate/identity-certificate.hpp>
#include "../../c/util/time.h"
+#include <ndn-cpp/data.hpp>
+#include <ndn-cpp/security/certificate/identity-certificate.hpp>
+#include <ndn-cpp/security/identity/sec-public-info-sqlite3.hpp>
#include <ndn-cpp/security/signature/signature-sha256-with-rsa.hpp>
-INIT_LOGGER("BasicIdentityStorage");
+INIT_LOGGER("BasicKeyMetaInfo");
using namespace std;
@@ -85,7 +85,7 @@
return sqlite3_bind_text(statement, index, value.c_str(), value.size(), destructor);
}
-BasicIdentityStorage::BasicIdentityStorage()
+SecPublicInfoSqlite3::SecPublicInfoSqlite3()
{
// Note: We don't use <filesystem> support because it is not "header-only" and require linking to libraries.
// TODO: Handle non-unix file system paths which don't use '/'.
@@ -169,12 +169,12 @@
}
}
-BasicIdentityStorage::~BasicIdentityStorage()
+SecPublicInfoSqlite3::~SecPublicInfoSqlite3()
{
}
bool
-BasicIdentityStorage::doesIdentityExist(const Name& identityName)
+SecPublicInfoSqlite3::doesIdentityExist(const Name& identityName)
{
bool result = false;
@@ -196,7 +196,7 @@
}
void
-BasicIdentityStorage::addIdentity(const Name& identityName)
+SecPublicInfoSqlite3::addIdentity(const Name& identityName)
{
if (doesIdentityExist(identityName))
throw Error("Identity already exists");
@@ -213,17 +213,17 @@
}
bool
-BasicIdentityStorage::revokeIdentity()
+SecPublicInfoSqlite3::revokeIdentity()
{
//TODO:
return false;
}
bool
-BasicIdentityStorage::doesKeyExist(const Name& keyName)
+SecPublicInfoSqlite3::doesPublicKeyExist(const Name& keyName)
{
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identityName = keyName.getPrefix(-1);
sqlite3_stmt *statement;
sqlite3_prepare_v2(database_, "SELECT count(*) FROM Key WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
@@ -246,16 +246,16 @@
}
void
-BasicIdentityStorage::addKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer)
+SecPublicInfoSqlite3::addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer)
{
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identityName = keyName.getPrefix(-1);
if (!doesIdentityExist(identityName))
addIdentity(identityName);
- if (doesKeyExist(keyName))
+ if (doesPublicKeyExist(keyName))
throw Error("a key with the same name already exists!");
sqlite3_stmt *statement;
@@ -272,15 +272,15 @@
}
ptr_lib::shared_ptr<PublicKey>
-BasicIdentityStorage::getKey(const Name& keyName)
+SecPublicInfoSqlite3::getPublicKey(const Name& keyName)
{
- if (!doesKeyExist(keyName)) {
+ if (!doesPublicKeyExist(keyName)) {
_LOG_DEBUG("keyName does not exist");
return ptr_lib::shared_ptr<PublicKey>();
}
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identityName = keyName.getPrefix(-1);
sqlite3_stmt *statement;
sqlite3_prepare_v2(database_, "SELECT public_key FROM Key WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
@@ -300,22 +300,10 @@
}
void
-BasicIdentityStorage::activateKey(const Name& keyName)
+SecPublicInfoSqlite3::updateKeyStatus(const Name& keyName, bool isActive)
{
- updateKeyStatus(keyName, true);
-}
-
-void
-BasicIdentityStorage::deactivateKey(const Name& keyName)
-{
- updateKeyStatus(keyName, false);
-}
-
-void
-BasicIdentityStorage::updateKeyStatus(const Name& keyName, bool isActive)
-{
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identityName = keyName.getPrefix(-1);
sqlite3_stmt *statement;
sqlite3_prepare_v2(database_, "UPDATE Key SET active=? WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
@@ -330,7 +318,7 @@
}
bool
-BasicIdentityStorage::doesCertificateExist(const Name& certificateName)
+SecPublicInfoSqlite3::doesCertificateExist(const Name& certificateName)
{
sqlite3_stmt *statement;
sqlite3_prepare_v2(database_, "SELECT count(*) FROM Certificate WHERE cert_name=?", -1, &statement, 0);
@@ -352,13 +340,13 @@
}
void
-BasicIdentityStorage::addAnyCertificate(const IdentityCertificate& certificate)
+SecPublicInfoSqlite3::addAnyCertificate(const IdentityCertificate& certificate)
{
std::string certificateName = certificate.getName().toUri();
Name keyName = certificate.getPublicKeyName();
- std::string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- std::string identityName = keyName.getSubName(0, keyName.size() - 1).toUri();
+ std::string keyId = keyName.get(-1).toEscapedString();
+ std::string identityName = keyName.getPrefix(-1).toUri();
sqlite3_stmt *statement;
sqlite3_prepare_v2(database_,
@@ -391,24 +379,24 @@
}
void
-BasicIdentityStorage::addCertificate(const IdentityCertificate& certificate)
+SecPublicInfoSqlite3::addCertificate(const IdentityCertificate& certificate)
{
const Name& certificateName = certificate.getName();
Name keyName = certificate.getPublicKeyName();
- if (!doesKeyExist(keyName))
+ if (!doesPublicKeyExist(keyName))
throw Error("No corresponding Key record for certificate!" + keyName.toUri() + " " + certificateName.toUri());
// Check if certificate has already existed!
if (doesCertificateExist(certificateName))
throw Error("Certificate has already been installed!");
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identity = keyName.getSubName(0, keyName.size() - 1);
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identity = keyName.getPrefix(-1);
// Check if the public key of certificate is the same as the key record
- ptr_lib::shared_ptr<PublicKey> pubKey = getKey(keyName);
+ ptr_lib::shared_ptr<PublicKey> pubKey = getPublicKey(keyName);
if (!pubKey || (*pubKey) != certificate.getPublicKeyInfo())
throw Error("Certificate does not match the public key!");
@@ -444,7 +432,7 @@
}
ptr_lib::shared_ptr<IdentityCertificate>
-BasicIdentityStorage::getCertificate(const Name &certificateName, bool allowAny)
+SecPublicInfoSqlite3::getCertificate(const Name &certificateName, bool allowAny)
{
if (doesCertificateExist(certificateName)) {
sqlite3_stmt *statement;
@@ -481,7 +469,7 @@
}
Name
-BasicIdentityStorage::getDefaultIdentity()
+SecPublicInfoSqlite3::getDefaultIdentity()
{
sqlite3_stmt *statement;
sqlite3_prepare_v2(database_, "SELECT identity_name FROM Identity WHERE default_identity=1", -1, &statement, 0);
@@ -498,52 +486,8 @@
return identity;
}
-Name
-BasicIdentityStorage::getDefaultKeyNameForIdentity(const Name& identityName)
-{
- sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_, "SELECT key_identifier FROM Key WHERE identity_name=? AND default_key=1", -1, &statement, 0);
-
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
-
- int res = sqlite3_step(statement);
-
- Name keyName;
-
- if (res == SQLITE_ROW)
- keyName = Name(identityName).append(string(reinterpret_cast<const char *>(sqlite3_column_text(statement, 0)), sqlite3_column_bytes(statement, 0)));
-
- sqlite3_finalize(statement);
-
- return keyName;
-}
-
-Name
-BasicIdentityStorage::getDefaultCertificateNameForKey(const Name& keyName)
-{
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
-
- sqlite3_stmt *statement;
- sqlite3_prepare_v2(database_, "SELECT cert_name FROM Certificate WHERE identity_name=? AND key_identifier=? AND default_cert=1", -1, &statement, 0);
-
- sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
- sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
-
- int res = sqlite3_step(statement);
-
- Name certName;
-
- if (res == SQLITE_ROW)
- certName = Name(string(reinterpret_cast<const char *>(sqlite3_column_text(statement, 0)), sqlite3_column_bytes(statement, 0)));
-
- sqlite3_finalize(statement);
-
- return certName;
-}
-
void
-BasicIdentityStorage::setDefaultIdentity(const Name& identityName)
+SecPublicInfoSqlite3::setDefaultIdentityInternal(const Name& identityName)
{
sqlite3_stmt *statement;
@@ -565,14 +509,31 @@
sqlite3_finalize(statement);
}
-void
-BasicIdentityStorage::setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck)
+Name
+SecPublicInfoSqlite3::getDefaultKeyNameForIdentity(const Name& identityName)
{
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
+ sqlite3_stmt *statement;
+ sqlite3_prepare_v2(database_, "SELECT key_identifier FROM Key WHERE identity_name=? AND default_key=1", -1, &statement, 0);
- if (identityNameCheck.size() > 0 && !identityNameCheck.equals(identityName))
- throw Error("Specified identity name does not match the key name");
+ sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+
+ int res = sqlite3_step(statement);
+
+ Name keyName;
+
+ if (res == SQLITE_ROW)
+ keyName = Name(identityName).append(string(reinterpret_cast<const char *>(sqlite3_column_text(statement, 0)), sqlite3_column_bytes(statement, 0)));
+
+ sqlite3_finalize(statement);
+
+ return keyName;
+}
+
+void
+SecPublicInfoSqlite3::setDefaultKeyNameForIdentityInternal(const Name& keyName)
+{
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identityName = keyName.getPrefix(-1);
sqlite3_stmt *statement;
@@ -597,11 +558,36 @@
sqlite3_finalize(statement);
}
-void
-BasicIdentityStorage::setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName)
+Name
+SecPublicInfoSqlite3::getDefaultCertificateNameForKey(const Name& keyName)
{
- string keyId = keyName.get(keyName.size() - 1).toEscapedString();
- Name identityName = keyName.getSubName(0, keyName.size() - 1);
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identityName = keyName.getPrefix(-1);
+
+ sqlite3_stmt *statement;
+ sqlite3_prepare_v2(database_, "SELECT cert_name FROM Certificate WHERE identity_name=? AND key_identifier=? AND default_cert=1", -1, &statement, 0);
+
+ sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
+ sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
+
+ int res = sqlite3_step(statement);
+
+ Name certName;
+
+ if (res == SQLITE_ROW)
+ certName = Name(string(reinterpret_cast<const char *>(sqlite3_column_text(statement, 0)), sqlite3_column_bytes(statement, 0)));
+
+ sqlite3_finalize(statement);
+
+ return certName;
+}
+
+void
+SecPublicInfoSqlite3::setDefaultCertificateNameForKeyInternal(const Name& certificateName)
+{
+ Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certificateName);
+ string keyId = keyName.get(-1).toEscapedString();
+ Name identityName = keyName.getPrefix(-1);
sqlite3_stmt *statement;
@@ -629,7 +615,7 @@
}
vector<Name>
-BasicIdentityStorage::getAllIdentities(bool isDefault)
+SecPublicInfoSqlite3::getAllIdentities(bool isDefault)
{
sqlite3_stmt *stmt;
if(isDefault)
@@ -646,7 +632,7 @@
}
vector<Name>
-BasicIdentityStorage::getAllKeyNames(bool isDefault)
+SecPublicInfoSqlite3::getAllKeyNames(bool isDefault)
{
sqlite3_stmt *stmt;
if(isDefault)
@@ -666,7 +652,7 @@
}
vector<Name>
-BasicIdentityStorage::getAllKeyNamesOfIdentity(const Name& identity, bool isDefault)
+SecPublicInfoSqlite3::getAllKeyNamesOfIdentity(const Name& identity, bool isDefault)
{
sqlite3_stmt *stmt;
if(isDefault)
@@ -688,7 +674,7 @@
}
vector<Name>
-BasicIdentityStorage::getAllCertificateNames(bool isDefault)
+SecPublicInfoSqlite3::getAllCertificateNames(bool isDefault)
{
sqlite3_stmt *stmt;
if(isDefault)
@@ -705,7 +691,7 @@
}
vector<Name>
-BasicIdentityStorage::getAllCertificateNamesOfKey(const Name& keyName, bool isDefault)
+SecPublicInfoSqlite3::getAllCertificateNamesOfKey(const Name& keyName, bool isDefault)
{
sqlite3_stmt *stmt;
if(isDefault)
@@ -713,7 +699,7 @@
else
sqlite3_prepare_v2 (database_, "SELECT cert_name FROM Certificate WHERE default_cert=0 and identity_name=? and key_identifier=?", -1, &stmt, 0);
- Name identity = keyName.getSubName(0, keyName.size()-1);
+ Name identity = keyName.getPrefix(-1);
sqlite3_bind_text(stmt, 1, identity.toUri().c_str(), identity.toUri().size (), SQLITE_TRANSIENT);
std::string baseKeyName = keyName.get(-1).toEscapedString();
sqlite3_bind_text(stmt, 2, baseKeyName.c_str(), baseKeyName.size(), SQLITE_TRANSIENT);
diff --git a/src/security/identity/memory-private-key-storage.cpp b/src/security/identity/sec-tpm-memory.cpp
similarity index 77%
rename from src/security/identity/memory-private-key-storage.cpp
rename to src/security/identity/sec-tpm-memory.cpp
index e1442be..9561cb9 100644
--- a/src/security/identity/memory-private-key-storage.cpp
+++ b/src/security/identity/sec-tpm-memory.cpp
@@ -5,7 +5,7 @@
* See COPYING for copyright and distribution information.
*/
-#include <ndn-cpp/security/identity/memory-private-key-storage.hpp>
+#include <ndn-cpp/security/identity/sec-tpm-memory.hpp>
#include <ndn-cpp/security/certificate/public-key.hpp>
#include <openssl/ssl.h>
#include <openssl/sha.h>
@@ -18,7 +18,7 @@
/**
* RsaPrivateKey is a simple class to hold an RSA private key.
*/
-class MemoryPrivateKeyStorage::RsaPrivateKey {
+class SecTpmMemory::RsaPrivateKey {
public:
RsaPrivateKey(const uint8_t *keyDer, size_t keyDerLength)
{
@@ -45,21 +45,21 @@
rsa_st * privateKey_;
};
-MemoryPrivateKeyStorage::~MemoryPrivateKeyStorage()
+SecTpmMemory::~SecTpmMemory()
{
}
void
-MemoryPrivateKeyStorage::setKeyPairForKeyName(const Name& keyName,
- uint8_t *publicKeyDer, size_t publicKeyDerLength,
- uint8_t *privateKeyDer, size_t privateKeyDerLength)
+SecTpmMemory::setKeyPairForKeyName(const Name& keyName,
+ uint8_t *publicKeyDer, size_t publicKeyDerLength,
+ uint8_t *privateKeyDer, size_t privateKeyDerLength)
{
publicKeyStore_[keyName.toUri()] = ptr_lib::make_shared<PublicKey>(publicKeyDer, publicKeyDerLength);
privateKeyStore_[keyName.toUri()] = ptr_lib::make_shared<RsaPrivateKey>(privateKeyDer, privateKeyDerLength);
}
void
-MemoryPrivateKeyStorage::generateKeyPair(const Name& keyName, KeyType keyType, int keySize)
+SecTpmMemory::generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize)
{
#if 1
throw Error("MemoryPrivateKeyStorage::generateKeyPair not implemented");
@@ -67,7 +67,7 @@
}
ptr_lib::shared_ptr<PublicKey>
-MemoryPrivateKeyStorage::getPublicKey(const Name& keyName)
+SecTpmMemory::getPublicKeyFromTpm(const Name& keyName)
{
PublicKeyStore::iterator publicKey = publicKeyStore_.find(keyName.toUri());
if (publicKey == publicKeyStore_.end())
@@ -76,9 +76,9 @@
}
Block
-MemoryPrivateKeyStorage::sign(const uint8_t *data, size_t dataLength,
- const Name& keyName,
- DigestAlgorithm digestAlgorithm)
+SecTpmMemory::sign(const uint8_t *data, size_t dataLength,
+ const Name& keyName,
+ DigestAlgorithm digestAlgorithm)
{
if (digestAlgorithm != DIGEST_ALGORITHM_SHA256)
return ConstBufferPtr();
@@ -110,9 +110,9 @@
}
void
-MemoryPrivateKeyStorage::sign(Data &d,
- const Name& keyName,
- DigestAlgorithm digestAlgorithm)
+SecTpmMemory::sign(Data &d,
+ const Name& keyName,
+ DigestAlgorithm digestAlgorithm)
{
if (digestAlgorithm != DIGEST_ALGORITHM_SHA256)
Error("MemoryPrivateKeyStorage::sign only SHA256 digest is supported");
@@ -149,7 +149,7 @@
}
ConstBufferPtr
-MemoryPrivateKeyStorage::decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric)
+SecTpmMemory::decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric)
{
#if 1
throw Error("MemoryPrivateKeyStorage::decrypt not implemented");
@@ -157,7 +157,7 @@
}
ConstBufferPtr
-MemoryPrivateKeyStorage::encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric)
+SecTpmMemory::encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric)
{
#if 1
throw Error("MemoryPrivateKeyStorage::encrypt not implemented");
@@ -165,7 +165,7 @@
}
void
-MemoryPrivateKeyStorage::generateKey(const Name& keyName, KeyType keyType, int keySize)
+SecTpmMemory::generateSymmetricKey(const Name& keyName, KeyType keyType, int keySize)
{
#if 1
throw Error("MemoryPrivateKeyStorage::generateKey not implemented");
@@ -173,7 +173,7 @@
}
bool
-MemoryPrivateKeyStorage::doesKeyExist(const Name& keyName, KeyClass keyClass)
+SecTpmMemory::doesKeyExist(const Name& keyName, KeyClass keyClass)
{
if (keyClass == KEY_CLASS_PUBLIC)
return publicKeyStore_.find(keyName.toUri()) != publicKeyStore_.end();
diff --git a/src/security/identity/osx-private-key-storage.cpp b/src/security/identity/sec-tpm-osx.cpp
similarity index 89%
rename from src/security/identity/osx-private-key-storage.cpp
rename to src/security/identity/sec-tpm-osx.cpp
index 7989f06..9fad367 100644
--- a/src/security/identity/osx-private-key-storage.cpp
+++ b/src/security/identity/sec-tpm-osx.cpp
@@ -12,7 +12,7 @@
#include "../../util/logging.hpp"
-#include <ndn-cpp/security/identity/osx-private-key-storage.hpp>
+#include <ndn-cpp/security/identity/sec-tpm-osx.hpp>
#include <ndn-cpp/security/certificate/public-key.hpp>
#include <CoreFoundation/CoreFoundation.h>
@@ -21,11 +21,11 @@
using namespace std;
-INIT_LOGGER("ndn.OSXPrivateKeyStorage");
+INIT_LOGGER("SecTpmOsx");
namespace ndn
{
- class OSXPrivateKeyStorage::Impl {
+ class SecTpmOsx::Impl {
public:
Impl(const std::string &keychainName)
: keyChainName_ ("" == keychainName ? "login.keychain" : keychainName)
@@ -101,15 +101,15 @@
- OSXPrivateKeyStorage::OSXPrivateKeyStorage(const string & keychainName)
+ SecTpmOsx::SecTpmOsx(const string & keychainName)
: impl_(new Impl(keychainName))
{
OSStatus res = SecKeychainCreate(impl_->keyChainName_.c_str(), //Keychain path
- 0, //Keychain password length
- NULL, //Keychain password
- true, //User prompt
- NULL, //Initial access of Keychain
- &impl_->keyChainRef_); //Keychain reference
+ 0, //Keychain password length
+ NULL, //Keychain password
+ true, //User prompt
+ NULL, //Initial access of Keychain
+ &impl_->keyChainRef_); //Keychain reference
if (res == errSecDuplicateKeychain)
res = SecKeychainOpen(impl_->keyChainName_.c_str(),
@@ -129,12 +129,12 @@
}
}
- OSXPrivateKeyStorage::~OSXPrivateKeyStorage(){
+ SecTpmOsx::~SecTpmOsx(){
//TODO: implement
}
void
- OSXPrivateKeyStorage::generateKeyPair(const Name & keyName, KeyType keyType, int keySize)
+ SecTpmOsx::generateKeyPairInTpm(const Name & keyName, KeyType keyType, int keySize)
{
if(doesKeyExist(keyName, KEY_CLASS_PUBLIC)){
@@ -171,7 +171,7 @@
}
void
- OSXPrivateKeyStorage::generateKey(const Name & keyName, KeyType keyType, int keySize)
+ SecTpmOsx::generateSymmetricKey(const Name & keyName, KeyType keyType, int keySize)
{
if(doesKeyExist(keyName, KEY_CLASS_SYMMETRIC))
@@ -202,7 +202,7 @@
}
ptr_lib::shared_ptr<PublicKey>
- OSXPrivateKeyStorage::getPublicKey(const Name & keyName)
+ SecTpmOsx::getPublicKeyFromTpm(const Name & keyName)
{
_LOG_TRACE("OSXPrivateKeyStorage::getPublickey");
@@ -220,8 +220,7 @@
}
Block
- OSXPrivateKeyStorage::sign(const uint8_t *data, size_t dataLength,
- const Name& keyName, DigestAlgorithm digestAlgorithm/* = DIGEST_ALGORITHM_SHA256*/)
+ SecTpmOsx::sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm)
{
_LOG_TRACE("OSXPrivateKeyStorage::Sign");
@@ -281,8 +280,7 @@
}
void
- OSXPrivateKeyStorage::sign(Data &data,
- const Name& keyName, DigestAlgorithm digestAlgorithm/* = DIGEST_ALGORITHM_SHA256 */)
+ SecTpmOsx::sign(Data &data, const Name& keyName, DigestAlgorithm digestAlgorithm)
{
const uint8_t *begin = data.wireEncode().value();
const uint8_t *end = &*data.getSignature().getInfo().end();
@@ -292,7 +290,7 @@
}
ConstBufferPtr
- OSXPrivateKeyStorage::decrypt(const Name & keyName, const uint8_t* data, size_t dataLength, bool sym)
+ SecTpmOsx::decrypt(const Name & keyName, const uint8_t* data, size_t dataLength, bool sym)
{
_LOG_TRACE("OSXPrivateKeyStorage::Decrypt");
@@ -335,7 +333,7 @@
}
bool
- OSXPrivateKeyStorage::setACL(const Name & keyName, KeyClass keyClass, int acl, const string & appPath)
+ SecTpmOsx::setACL(const Name & keyName, KeyClass keyClass, int acl, const string & appPath)
{
SecKeychainItemRef privateKey = impl_->getKey(keyName, keyClass);
@@ -432,7 +430,7 @@
// }
ConstBufferPtr
- OSXPrivateKeyStorage::encrypt(const Name & keyName, const uint8_t* data, size_t dataLength, bool sym)
+ SecTpmOsx::encrypt(const Name & keyName, const uint8_t* data, size_t dataLength, bool sym)
{
_LOG_TRACE("OSXPrivateKeyStorage::Encrypt");
@@ -468,7 +466,7 @@
}
bool
- OSXPrivateKeyStorage::doesKeyExist(const Name & keyName, KeyClass keyClass)
+ SecTpmOsx::doesKeyExist(const Name & keyName, KeyClass keyClass)
{
_LOG_TRACE("OSXPrivateKeyStorage::doesKeyExist");
@@ -503,7 +501,7 @@
////////////////////////////////
SecKeychainItemRef
- OSXPrivateKeyStorage::Impl::getKey(const Name & keyName, KeyClass keyClass)
+ SecTpmOsx::Impl::getKey(const Name & keyName, KeyClass keyClass)
{
string keyNameUri = toInternalKeyName(keyName, keyClass);
@@ -533,7 +531,8 @@
return keyItem;
}
- string OSXPrivateKeyStorage::Impl::toInternalKeyName(const Name & keyName, KeyClass keyClass)
+ string
+ SecTpmOsx::Impl::toInternalKeyName(const Name & keyName, KeyClass keyClass)
{
string keyUri = keyName.toUri();
@@ -543,7 +542,8 @@
return keyUri;
}
- const CFTypeRef OSXPrivateKeyStorage::Impl::getAsymKeyType(KeyType keyType)
+ const CFTypeRef
+ SecTpmOsx::Impl::getAsymKeyType(KeyType keyType)
{
switch(keyType){
case KEY_TYPE_RSA:
@@ -554,7 +554,8 @@
}
}
- const CFTypeRef OSXPrivateKeyStorage::Impl::getSymKeyType(KeyType keyType)
+ const CFTypeRef
+ SecTpmOsx::Impl::getSymKeyType(KeyType keyType)
{
switch(keyType){
case KEY_TYPE_AES:
@@ -565,7 +566,8 @@
}
}
- const CFTypeRef OSXPrivateKeyStorage::Impl::getKeyClass(KeyClass keyClass)
+ const CFTypeRef
+ SecTpmOsx::Impl::getKeyClass(KeyClass keyClass)
{
switch(keyClass){
case KEY_CLASS_PRIVATE:
@@ -580,7 +582,8 @@
}
}
- const CFStringRef OSXPrivateKeyStorage::Impl::getDigestAlgorithm(DigestAlgorithm digestAlgo)
+ const CFStringRef
+ SecTpmOsx::Impl::getDigestAlgorithm(DigestAlgorithm digestAlgo)
{
switch(digestAlgo){
// case DIGEST_MD2:
@@ -597,7 +600,8 @@
}
}
- long OSXPrivateKeyStorage::Impl::getDigestSize(DigestAlgorithm digestAlgo)
+ long
+ SecTpmOsx::Impl::getDigestSize(DigestAlgorithm digestAlgo)
{
switch(digestAlgo){
case DIGEST_ALGORITHM_SHA256: