security: Porting security elements to the updated framework
Change-Id: Ie9ad6ee34f94fc520b9d3c8adf871e2557eaa9b6
diff --git a/include/ndn-cpp/security/identity/basic-identity-storage.hpp b/include/ndn-cpp/security/identity/basic-identity-storage.hpp
index 4954f01..0dc3e5d 100644
--- a/include/ndn-cpp/security/identity/basic-identity-storage.hpp
+++ b/include/ndn-cpp/security/identity/basic-identity-storage.hpp
@@ -26,6 +26,8 @@
*/
class BasicIdentityStorage : public IdentityStorage {
public:
+ struct Error : public IdentityStorage::Error { Error(const std::string &what) : IdentityStorage::Error(what) {} };
+
BasicIdentityStorage();
/**
@@ -34,6 +36,7 @@
virtual
~BasicIdentityStorage();
+ // from IdentityStorage
/**
* Check if the specified identity already exists.
* @param identityName The identity name.
@@ -71,14 +74,14 @@
* @param publicKeyDer A blob of the public key DER to be added.
*/
virtual void
- addKey(const Name& keyName, KeyType keyType, const Blob& publicKeyDer);
+ addKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer);
/**
* Get the public key DER blob from the identity storage.
* @param keyName The name of the requested public key.
* @return The DER Blob. If not found, return a Blob with a null pointer.
*/
- virtual Blob
+ virtual ptr_lib::shared_ptr<PublicKey>
getKey(const Name& keyName);
/**
@@ -123,7 +126,7 @@
* @param allowAny If false, only a valid certificate will be returned, otherwise validity is disregarded.
* @return The requested certificate. If not found, return a shared_ptr with a null pointer.
*/
- virtual ptr_lib::shared_ptr<Data>
+ virtual ptr_lib::shared_ptr<IdentityCertificate>
getCertificate(const Name &certificateName, bool allowAny = false);
diff --git a/include/ndn-cpp/security/identity/identity-manager.hpp b/include/ndn-cpp/security/identity/identity-manager.hpp
index 4273f6b..702ad1f 100644
--- a/include/ndn-cpp/security/identity/identity-manager.hpp
+++ b/include/ndn-cpp/security/identity/identity-manager.hpp
@@ -11,6 +11,7 @@
#include "identity-storage.hpp"
#include "private-key-storage.hpp"
+#include "../certificate/public-key.hpp"
#include "../../data.hpp"
@@ -25,10 +26,20 @@
public:
struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
- IdentityManager(const ptr_lib::shared_ptr<IdentityStorage>& identityStorage, const ptr_lib::shared_ptr<PrivateKeyStorage>& privateKeyStorage)
- : identityStorage_(identityStorage), privateKeyStorage_(privateKeyStorage)
- {
- }
+ IdentityManager(const ptr_lib::shared_ptr<IdentityStorage> &identityStorage = DefaultIdentityStorage,
+ const ptr_lib::shared_ptr<PrivateKeyStorage> &privateKeyStorage = DefaultPrivateKeyStorage);
+
+ inline IdentityStorage&
+ info();
+
+ inline const IdentityStorage&
+ info() const;
+
+ inline PrivateKeyStorage&
+ tpm();
+
+ inline const PrivateKeyStorage&
+ tpm() const;
/**
* Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
@@ -45,7 +56,7 @@
Name
getDefaultIdentity()
{
- return identityStorage_->getDefaultIdentity();
+ return info().getDefaultIdentity();
}
/**
@@ -66,7 +77,7 @@
void
setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name())
{
- identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName);
+ info().setDefaultKeyNameForIdentity(keyName, identityName);
}
/**
@@ -77,7 +88,7 @@
Name
getDefaultKeyNameForIdentity(const Name& identityName = Name())
{
- return identityStorage_->getDefaultKeyNameForIdentity(identityName);
+ return info().getDefaultKeyNameForIdentity(identityName);
}
/**
@@ -95,11 +106,11 @@
* @param keyName The name of the key.
* @return The public key.
*/
- // ptr_lib::shared_ptr<PublicKey>
- // getPublicKey(const Name& keyName)
- // {
- // return PublicKey::fromDer(identityStorage_->getKey(keyName));
- // }
+ ptr_lib::shared_ptr<PublicKey>
+ getPublicKey(const Name& keyName)
+ {
+ return info().getKey(keyName);
+ }
/**
* Create an identity certificate for a public key managed by this IdentityManager.
@@ -109,9 +120,11 @@
* @param notAfter The notAfter vallue in validity field of the generated certificate.
* @return The name of generated identity certificate.
*/
- Name
+ ptr_lib::shared_ptr<IdentityCertificate>
createIdentityCertificate
- (const Name& certificatePrefix, const Name& signerCertificateName, const MillisecondsSince1970& notBefore,
+ (const Name& certificatePrefix,
+ const Name& signerCertificateName,
+ const MillisecondsSince1970& notBefore,
const MillisecondsSince1970& notAfter);
/**
@@ -125,8 +138,11 @@
*/
ptr_lib::shared_ptr<IdentityCertificate>
createIdentityCertificate
- (const Name& certificatePrefix, const PublicKey& publickey, const Name& signerCertificateName,
- const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter);
+ (const Name& certificatePrefix,
+ const PublicKey& publickey,
+ const Name& signerCertificateName,
+ const MillisecondsSince1970& notBefore,
+ const MillisecondsSince1970& notAfter);
/**
* Add a certificate into the public key identity storage.
@@ -135,7 +151,7 @@
void
addCertificate(const IdentityCertificate& certificate)
{
- identityStorage_->addCertificate(certificate);
+ info().addCertificate(certificate);
}
/**
@@ -164,22 +180,22 @@
* @param certificateName The name of the requested certificate.
* @return the requested certificate which is valid.
*/
- // ptr_lib::shared_ptr<IdentityCertificate>
- // getCertificate(const Name& certificateName)
- // {
- // return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, false));
- // }
+ ptr_lib::shared_ptr<IdentityCertificate>
+ getCertificate(const Name& certificateName)
+ {
+ return info().getCertificate(certificateName, false);
+ }
/**
* Get a certificate even if the certificate is not valid anymore.
* @param certificateName The name of the requested certificate.
* @return the requested certificate.
*/
- // ptr_lib::shared_ptr<IdentityCertificate>
- // getAnyCertificate(const Name& certificateName)
- // {
- // return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, true));
- // }
+ ptr_lib::shared_ptr<IdentityCertificate>
+ getAnyCertificate(const Name& certificateName)
+ {
+ return info().getCertificate(certificateName, true);
+ }
/**
* Get the default certificate name for the specified identity, which will be used when signing is performed based on identity.
@@ -189,7 +205,7 @@
Name
getDefaultCertificateNameForIdentity(const Name& identityName)
{
- return identityStorage_->getDefaultCertificateNameForIdentity(identityName);
+ return info().getDefaultCertificateNameForIdentity(identityName);
}
/**
@@ -200,7 +216,7 @@
Name
getDefaultCertificateName()
{
- return identityStorage_->getDefaultCertificateNameForIdentity(getDefaultIdentity());
+ return info().getDefaultCertificateNameForIdentity(getDefaultIdentity());
}
/**
@@ -231,6 +247,16 @@
*/
ptr_lib::shared_ptr<IdentityCertificate>
selfSign(const Name& keyName);
+
+ /**
+ * @brief Self-sign the supplied identity certificate
+ */
+ void
+ selfSign (IdentityCertificate& cert);
+
+public:
+ static const ptr_lib::shared_ptr<IdentityStorage> DefaultIdentityStorage;
+ static const ptr_lib::shared_ptr<PrivateKeyStorage> DefaultPrivateKeyStorage;
private:
/**
@@ -246,11 +272,49 @@
static Name
getKeyNameFromCertificatePrefix(const Name& certificatePrefix);
-
- ptr_lib::shared_ptr<IdentityStorage> identityStorage_;
+
+private:
+ ptr_lib::shared_ptr<IdentityStorage> identityStorage_;
ptr_lib::shared_ptr<PrivateKeyStorage> privateKeyStorage_;
};
+inline IdentityStorage&
+IdentityManager::info()
+{
+ if (!identityStorage_)
+ throw Error("IdentityStorage is not assigned to IdentityManager");
+
+ return *identityStorage_;
+}
+
+inline const IdentityStorage&
+IdentityManager::info() const
+{
+ if (!identityStorage_)
+ throw Error("IdentityStorage is not assigned to IdentityManager");
+
+ return *identityStorage_;
+}
+
+inline PrivateKeyStorage&
+IdentityManager::tpm()
+{
+ if (!identityStorage_)
+ throw Error("PrivateKeyStorage is not assigned to IdentityManager");
+
+ return *privateKeyStorage_;
+}
+
+inline const PrivateKeyStorage&
+IdentityManager::tpm() const
+{
+ if (!identityStorage_)
+ throw Error("PrivateKeyStorage is not assigned to IdentityManager");
+ return *privateKeyStorage_;
+}
+
+
+
}
#endif
diff --git a/include/ndn-cpp/security/identity/identity-storage.hpp b/include/ndn-cpp/security/identity/identity-storage.hpp
index 442e522..87d93fd 100644
--- a/include/ndn-cpp/security/identity/identity-storage.hpp
+++ b/include/ndn-cpp/security/identity/identity-storage.hpp
@@ -11,6 +11,7 @@
#include "../../name.hpp"
#include "../security-common.hpp"
+#include "../certificate/public-key.hpp"
namespace ndn {
@@ -79,14 +80,14 @@
* @param publicKeyDer A blob of the public key DER to be added.
*/
virtual void
- addKey(const Name& keyName, KeyType keyType, const Buffer& publicKeyDer) = 0;
+ addKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer) = 0;
/**
* Get the public key DER blob from the identity storage.
* @param keyName The name of the requested public key.
* @return The DER Blob. If not found, return a Blob with a null pointer.
*/
- virtual Buffer
+ virtual ptr_lib::shared_ptr<PublicKey>
getKey(const Name& keyName) = 0;
/**
@@ -124,7 +125,7 @@
* @param allowAny If false, only a valid certificate will be returned, otherwise validity is disregarded.
* @return The requested certificate. If not found, return a shared_ptr with a null pointer.
*/
- virtual ptr_lib::shared_ptr<Data>
+ virtual ptr_lib::shared_ptr<IdentityCertificate>
getCertificate(const Name &certificateName, bool allowAny = false) = 0;
diff --git a/include/ndn-cpp/security/identity/private-key-storage.hpp b/include/ndn-cpp/security/identity/private-key-storage.hpp
index c789d89..29461bb 100644
--- a/include/ndn-cpp/security/identity/private-key-storage.hpp
+++ b/include/ndn-cpp/security/identity/private-key-storage.hpp
@@ -12,6 +12,7 @@
#include <string>
#include "../security-common.hpp"
#include "../../name.hpp"
+#include "../../data.hpp"
namespace ndn {
@@ -51,8 +52,15 @@
* @return The signature, or a null pointer if signing fails.
*/
virtual ConstBufferPtr
- sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256) = 0;
-
+ sign(const uint8_t *data, size_t dataLength,
+ const Signature &signature,
+ const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256) = 0;
+
+ virtual ConstBufferPtr
+ sign(const Data &data,
+ const Signature &signature,
+ const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256) = 0;
+
/**
* Decrypt data.
* @param keyName The name of the decrypting key.