Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 88663af0da21df1d96f0459cd39a6395d7f46281^! / . / include / ndn-cpp / security / identity / sec-public-info.hpp
commit88663af0da21df1d96f0459cd39a6395d7f46281[log] [tgz]
authorYingdi Yu <yuyingdi@gmail.com>Wed Jan 15 15:21:38 2014 -0800
committerYingdi Yu <yuyingdi@gmail.com>Wed Jan 15 16:17:12 2014 -0800
treed406369b674caa7d114460e7eacddb7cff65ed79
parentf4330ee75524c4fbccd24375ea06c1e678e36e70 [diff] [blame]
security: fixing bugs and adding methods

1. changing getCertificate to take only one argument, now validation checking is always enforced.
2. changing KSK-... DSK-... to lower case ksk-..., dsk-...
3. adding a addCertificateAsSystemDefault method to facilitate setting default certificate of the system.
4. using static_cast<int> (rather than floor) to round time.
5. sanity checking for key name in SecPublicInfo and SecPublicInfoSqlite3.

Change-Id: Id67af9873efef3df92458ed7a87623f22167c558

diff --git a/include/ndn-cpp/security/identity/sec-public-info.hpp b/include/ndn-cpp/security/identity/sec-public-info.hpp
index 3a46310..961cf95 100644
--- a/include/ndn-cpp/security/identity/sec-public-info.hpp
+++ b/include/ndn-cpp/security/identity/sec-public-info.hpp

@@ -14,6 +14,7 @@
 #include "../certificate/public-key.hpp"
 #include "../certificate/identity-certificate.hpp"
 
+
 namespace ndn {
 
 /**
@@ -114,7 +115,7 @@
    * @return The requested certificate.  If not found, return a shared_ptr with a null pointer.
    */
   virtual ptr_lib::shared_ptr<IdentityCertificate> 
-  getCertificate(const Name &certificateName, bool allowAny = false) = 0;
+  getCertificate(const Name &certificateName) = 0;
 
 
   /*****************************************
@@ -254,6 +255,9 @@
   inline void
   addCertificateAsIdentityDefault(const IdentityCertificate& certificate);
 
+  inline void
+  addCertificateAsSystemDefault(const IdentityCertificate& certificate);
+
   inline ptr_lib::shared_ptr<IdentityCertificate>
   defaultCertificate();
   
@@ -295,19 +299,16 @@
 Name
 SecPublicInfo::getNewKeyName (const Name& identityName, bool useKsk)
 {
-  MillisecondsSince1970 ti = getNow();
-  // Get the number of seconds.
   std::ostringstream oss;
-  oss << floor(ti / 1000.0);  
 
-  std::string keyIdStr;
-    
   if (useKsk)
-    keyIdStr = ("KSK-" + oss.str());
+    oss << "ksk-";
   else
-    keyIdStr = ("DSK-" + oss.str());
+    oss << "dsk-";
 
-  Name keyName = Name(identityName).append(keyIdStr);
+  oss << static_cast<int>(getNow()/1000);  
+
+  Name keyName = Name(identityName).append(oss.str());
 
   if (doesPublicKeyExist(keyName))
     throw Error("Key name already exists");
@@ -339,8 +340,21 @@
 SecPublicInfo::addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
 {
   addCertificate(certificate);
-  setDefaultKeyNameForIdentityInternal(certificate.getPublicKeyName());
-  setDefaultCertificateNameForKeyInternal(certificate.getName());
+  Name certName = certificate.getName();
+  setDefaultKeyNameForIdentityInternal(IdentityCertificate::certificateNameToPublicKeyName(certName));
+  setDefaultCertificateNameForKeyInternal(certName);
+  refreshDefaultCertificate();
+}
+
+void
+SecPublicInfo::addCertificateAsSystemDefault(const IdentityCertificate& certificate)
+{
+  addCertificate(certificate);
+  Name certName = certificate.getName();
+  Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
+  setDefaultIdentityInternal(keyName.getPrefix(-1));
+  setDefaultKeyNameForIdentityInternal(keyName);
+  setDefaultCertificateNameForKeyInternal(certName);
   refreshDefaultCertificate();
 }
 
@@ -353,7 +367,11 @@
 void
 SecPublicInfo::refreshDefaultCertificate()
 {
-  defaultCertificate_ = getCertificate(getDefaultCertificateNameForIdentity(getDefaultIdentity()));
+  Name certName = getDefaultCertificateNameForIdentity(getDefaultIdentity());
+  if(certName.empty())
+    defaultCertificate_.reset();
+  else
+    defaultCertificate_ = getCertificate(certName);
 }