security: Change in KeyChain creation API
Also, enabling creation of default public/private storages
Change-Id: I77e83b4a7f7e043dce372145d80366b7bc2eb3e0
diff --git a/include/ndn-cpp/security/identity/identity-manager.hpp b/include/ndn-cpp/security/identity/identity-manager.hpp
index 5ed7771..e1c11df 100644
--- a/include/ndn-cpp/security/identity/identity-manager.hpp
+++ b/include/ndn-cpp/security/identity/identity-manager.hpp
@@ -14,11 +14,10 @@
#include "../certificate/public-key.hpp"
#include "../../data.hpp"
+#include "../certificate/identity-certificate.hpp"
namespace ndn {
-class IdentityCertificate;
-
/**
* An IdentityManager is the interface of operations related to identity, keys, and certificates.
*/
@@ -26,8 +25,8 @@
public:
struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
- IdentityManager(const ptr_lib::shared_ptr<IdentityStorage> &identityStorage = DefaultIdentityStorage,
- const ptr_lib::shared_ptr<PrivateKeyStorage> &privateKeyStorage = DefaultPrivateKeyStorage);
+ IdentityManager(const ptr_lib::shared_ptr<IdentityStorage> &identityStorage,
+ const ptr_lib::shared_ptr<PrivateKeyStorage> &privateKeyStorage);
inline IdentityStorage&
info();
@@ -261,10 +260,6 @@
void
selfSign (IdentityCertificate& cert);
-public:
- static const ptr_lib::shared_ptr<IdentityStorage> DefaultIdentityStorage;
- static const ptr_lib::shared_ptr<PrivateKeyStorage> DefaultPrivateKeyStorage;
-
private:
/**
* Generate a key pair for the specified identity.
diff --git a/include/ndn-cpp/security/key-chain.hpp b/include/ndn-cpp/security/key-chain.hpp
index c39736e..29bd164 100644
--- a/include/ndn-cpp/security/key-chain.hpp
+++ b/include/ndn-cpp/security/key-chain.hpp
@@ -29,7 +29,8 @@
public:
struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
- KeyChain(const ptr_lib::shared_ptr<IdentityManager> &identityManager = DefaultIdentityManager,
+ KeyChain(const ptr_lib::shared_ptr<IdentityStorage> &identityStorage = DefaultIdentityStorage,
+ const ptr_lib::shared_ptr<PrivateKeyStorage> &privateKeyStorage = DefaultPrivateKeyStorage,
const ptr_lib::shared_ptr<PolicyManager> &policyManager = DefaultPolicyManager,
const ptr_lib::shared_ptr<EncryptionManager> &encryptionManager = DefaultEncryptionManager);
@@ -146,7 +147,8 @@
// todo
public:
- static const ptr_lib::shared_ptr<IdentityManager> DefaultIdentityManager;
+ static const ptr_lib::shared_ptr<IdentityStorage> DefaultIdentityStorage;
+ static const ptr_lib::shared_ptr<PrivateKeyStorage> DefaultPrivateKeyStorage;
static const ptr_lib::shared_ptr<PolicyManager> DefaultPolicyManager;
static const ptr_lib::shared_ptr<EncryptionManager> DefaultEncryptionManager;
@@ -161,7 +163,10 @@
const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
private:
- ptr_lib::shared_ptr<IdentityManager> identityManager_;
+ ptr_lib::shared_ptr<IdentityStorage> publicInfoStorage_;
+ ptr_lib::shared_ptr<PrivateKeyStorage> privateKeyStorage_;
+ ptr_lib::shared_ptr<IdentityManager> identityManager_; // uses publicInfo and privateKey storages
+
ptr_lib::shared_ptr<PolicyManager> policyManager_;
ptr_lib::shared_ptr<EncryptionManager> encryptionManager_;
diff --git a/src/security/identity/identity-manager.cpp b/src/security/identity/identity-manager.cpp
index ce6ff21..0c57212 100644
--- a/src/security/identity/identity-manager.cpp
+++ b/src/security/identity/identity-manager.cpp
@@ -30,9 +30,6 @@
namespace ndn {
-const ptr_lib::shared_ptr<IdentityStorage> IdentityManager::DefaultIdentityStorage = ptr_lib::shared_ptr<IdentityStorage>();
-const ptr_lib::shared_ptr<PrivateKeyStorage> IdentityManager::DefaultPrivateKeyStorage = ptr_lib::shared_ptr<PrivateKeyStorage>();
-
IdentityManager::IdentityManager(const ptr_lib::shared_ptr<IdentityStorage> &identityStorage /* = DefaultIdentityStorage */,
const ptr_lib::shared_ptr<PrivateKeyStorage> &privateKeyStorage /* = DefaultPrivateKeyStorage */)
: identityStorage_(identityStorage)
diff --git a/src/security/identity/osx-private-key-storage.cpp b/src/security/identity/osx-private-key-storage.cpp
index f41f89f..fec7671 100644
--- a/src/security/identity/osx-private-key-storage.cpp
+++ b/src/security/identity/osx-private-key-storage.cpp
@@ -277,13 +277,19 @@
if (!signature) throw Error("Signature is NULL!\n");
- return Block(Tlv::SignatureValue, ptr_lib::make_shared<Buffer>(CFDataGetBytePtr(signature), CFDataGetLength(signature)));
+ return Block(Tlv::SignatureValue,
+ ptr_lib::make_shared<Buffer>(CFDataGetBytePtr(signature), CFDataGetLength(signature)));
}
void
OSXPrivateKeyStorage::sign(Data &data,
const Name& keyName, DigestAlgorithm digestAlgorithm/* = DIGEST_ALGORITHM_SHA256 */)
{
+ const uint8_t *begin = data.wireEncode().value();
+ const uint8_t *end = &*data.getSignature().getInfo().end();
+
+ data.setSignature
+ (sign(begin, end-begin, keyName, digestAlgorithm));
}
ConstBufferPtr
diff --git a/src/security/key-chain.cpp b/src/security/key-chain.cpp
index ba9060d..47db4c1 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/key-chain.cpp
@@ -10,6 +10,9 @@
#include <ndn-cpp/security/policy/policy-manager.hpp>
+#include "identity/basic-identity-storage.hpp"
+
+
using namespace std;
using namespace ndn::func_lib;
#if NDN_CPP_HAVE_STD_FUNCTION
@@ -19,43 +22,66 @@
namespace ndn {
-const ptr_lib::shared_ptr<IdentityManager> KeyChain::DefaultIdentityManager = ptr_lib::shared_ptr<IdentityManager>();
+const ptr_lib::shared_ptr<IdentityStorage> KeyChain::DefaultIdentityStorage = ptr_lib::shared_ptr<IdentityStorage>();
+const ptr_lib::shared_ptr<PrivateKeyStorage> KeyChain::DefaultPrivateKeyStorage = ptr_lib::shared_ptr<PrivateKeyStorage>();
const ptr_lib::shared_ptr<PolicyManager> KeyChain::DefaultPolicyManager = ptr_lib::shared_ptr<PolicyManager>();
const ptr_lib::shared_ptr<EncryptionManager> KeyChain::DefaultEncryptionManager = ptr_lib::shared_ptr<EncryptionManager>();
-
-KeyChain::KeyChain(const ptr_lib::shared_ptr<IdentityManager> &identityManager /* = DefaultIdentityManager */,
+KeyChain::KeyChain(const ptr_lib::shared_ptr<IdentityStorage> &publicInfoStorage /* = DefaultIdentityStorage */,
+ const ptr_lib::shared_ptr<PrivateKeyStorage> &privateKeyStorage /* = DefaultPrivateKeyStorage */,
const ptr_lib::shared_ptr<PolicyManager> &policyManager /* = DefaultPolicyManager */,
const ptr_lib::shared_ptr<EncryptionManager> &encryptionManager /* = DefaultEncryptionManager */)
- : identityManager_(identityManager)
+ : publicInfoStorage_(publicInfoStorage)
+ , privateKeyStorage_(privateKeyStorage)
, policyManager_(policyManager)
, encryptionManager_(encryptionManager)
, maxSteps_(100)
-{
-// #ifdef USE_SIMPLE_POLICY_MANAGER
-// Ptr<SimplePolicyManager> policyManager = Ptr<SimplePolicyManager>(new SimplePolicyManager());
-// Ptr<IdentityPolicyRule> rule1 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>",
-// "^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
-// ">", "\\1\\2", "\\1", true));
-// Ptr<IdentityPolicyRule> rule2 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
-// "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>",
-// "==", "\\1", "\\1\\2", true));
-// Ptr<IdentityPolicyRule> rule3 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^(<>*)$",
-// "^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
-// ">", "\\1", "\\1", true));
-// policyManager->addVerificationPolicyRule(rule1);
-// policyManager->addVerificationPolicyRule(rule2);
-// policyManager->addVerificationPolicyRule(rule3);
+{
+ if (publicInfoStorage_ == DefaultIdentityStorage)
+ {
+ publicInfoStorage_ = ptr_lib::make_shared<BasicIdentityStorage>();
+ }
+
+ if (privateKeyStorage_ == DefaultPrivateKeyStorage)
+ {
+#ifdef USE_OSX_PRIVATEKEY_STORAGE
+ privateStorage_ = ptr_lib::make_shared<OSXPrivatekeyStorage>();
+ // #else
+ // m_privateStorage = Ptr<SimpleKeyStore>::Create();
+#endif
+ }
+
+ identityManager_ = ptr_lib::make_shared<IdentityManager>(publicInfoStorage_, privateKeyStorage_);
+
+ if (policyManager_ == DefaultPolicyManager)
+ {
+ // #ifdef USE_SIMPLE_POLICY_MANAGER
+ // Ptr<SimplePolicyManager> policyManager = Ptr<SimplePolicyManager>(new SimplePolicyManager());
+ // Ptr<IdentityPolicyRule> rule1 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>",
+ // "^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
+ // ">", "\\1\\2", "\\1", true));
+ // Ptr<IdentityPolicyRule> rule2 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
+ // "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>",
+ // "==", "\\1", "\\1\\2", true));
+ // Ptr<IdentityPolicyRule> rule3 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^(<>*)$",
+ // "^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
+ // ">", "\\1", "\\1", true));
+ // policyManager->addVerificationPolicyRule(rule1);
+ // policyManager->addVerificationPolicyRule(rule2);
+ // policyManager->addVerificationPolicyRule(rule3);
-// policyManager->addSigningPolicyRule(rule3);
+ // policyManager->addSigningPolicyRule(rule3);
-// m_policyManager = policyManager;
-// #endif
-
-// if (!policyManager_)
-// {
-// policyManager_ = new NoVerifyPolicyManager();
-// }
+ // m_policyManager = policyManager;
+ //
+ // #else
+ // policyManager_ = new NoVerifyPolicyManager();
+ // #endif
+ }
+
+ if (encryptionManager_ == DefaultEncryptionManager)
+ {
+ }
// #ifdef USE_BASIC_ENCRYPTION_MANAGER
// encryptionManager_ = new BasicEncryptionManager(m_identityManager->getPrivateStorage(), "/tmp/encryption.db");