security: Continue porting security elements to the updated framework
Change-Id: I682156142a8714b2756ca429903a19d2b9064e13
diff --git a/include/ndn-cpp/security/certificate/identity-certificate.hpp b/include/ndn-cpp/security/certificate/identity-certificate.hpp
index 85c8e72..65b07af 100644
--- a/include/ndn-cpp/security/certificate/identity-certificate.hpp
+++ b/include/ndn-cpp/security/certificate/identity-certificate.hpp
@@ -41,6 +41,9 @@
inline void
wireDecode(const Block &wire);
+
+ inline void
+ setName(const Name &name);
inline const Name &
getPublicKeyName () const;
@@ -91,6 +94,13 @@
setPublicKeyName();
}
+inline void
+IdentityCertificate::setName(const Name &name)
+{
+ Certificate::setName(name);
+ setPublicKeyName();
+}
+
inline const Name &
IdentityCertificate::getPublicKeyName () const
{
diff --git a/include/ndn-cpp/security/identity/identity-manager.hpp b/include/ndn-cpp/security/identity/identity-manager.hpp
index 702ad1f..5ed7771 100644
--- a/include/ndn-cpp/security/identity/identity-manager.hpp
+++ b/include/ndn-cpp/security/identity/identity-manager.hpp
@@ -78,6 +78,7 @@
setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name())
{
info().setDefaultKeyNameForIdentity(keyName, identityName);
+ defaultCertificate_.reset();
}
/**
@@ -218,7 +219,10 @@
{
return info().getDefaultCertificateNameForIdentity(getDefaultIdentity());
}
-
+
+ void
+ sign(Data &data);
+
/**
* Sign the byte array data based on the certificate name.
* @param buffer The byte array to be signed.
@@ -240,6 +244,9 @@
void
signByCertificate(Data& data, const Name& certificateName);
+ void
+ signByCertificate(Data& data, const IdentityCertificate& certificate);
+
/**
* Generate a self-signed certificate for a public key.
* @param keyName The name of the public key.
@@ -253,11 +260,11 @@
*/
void
selfSign (IdentityCertificate& cert);
-
+
public:
static const ptr_lib::shared_ptr<IdentityStorage> DefaultIdentityStorage;
static const ptr_lib::shared_ptr<PrivateKeyStorage> DefaultPrivateKeyStorage;
-
+
private:
/**
* Generate a key pair for the specified identity.
@@ -276,6 +283,8 @@
private:
ptr_lib::shared_ptr<IdentityStorage> identityStorage_;
ptr_lib::shared_ptr<PrivateKeyStorage> privateKeyStorage_;
+
+ ptr_lib::shared_ptr<IdentityCertificate> defaultCertificate_;
};
inline IdentityStorage&
@@ -312,8 +321,6 @@
throw Error("PrivateKeyStorage is not assigned to IdentityManager");
return *privateKeyStorage_;
}
-
-
}
diff --git a/include/ndn-cpp/security/identity/memory-identity-storage.hpp b/include/ndn-cpp/security/identity/memory-identity-storage.hpp
index 5027a73..57f8050 100644
--- a/include/ndn-cpp/security/identity/memory-identity-storage.hpp
+++ b/include/ndn-cpp/security/identity/memory-identity-storage.hpp
@@ -21,6 +21,8 @@
*/
class MemoryIdentityStorage : public IdentityStorage {
public:
+ struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+
/**
* The virtual Destructor.
*/
@@ -64,14 +66,14 @@
* @param publicKeyDer A blob of the public key DER to be added.
*/
virtual void
- addKey(const Name& keyName, KeyType keyType, const Blob& publicKeyDer);
+ addKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer);
/**
* Get the public key DER blob from the identity storage.
* @param keyName The name of the requested public key.
* @return The DER Blob. If not found, return a Blob with a null pointer.
*/
- virtual Blob
+ virtual ptr_lib::shared_ptr<PublicKey>
getKey(const Name& keyName);
/**
@@ -109,7 +111,7 @@
* @param allowAny If false, only a valid certificate will be returned, otherwise validity is disregarded.
* @return The requested certificate. If not found, return a shared_ptr with a null pointer.
*/
- virtual ptr_lib::shared_ptr<Data>
+ virtual ptr_lib::shared_ptr<IdentityCertificate>
getCertificate(const Name &certificateName, bool allowAny = false);
@@ -182,24 +184,30 @@
private:
class KeyRecord {
public:
- KeyRecord(KeyType keyType, const Blob &keyDer)
- : keyType_(keyType), keyDer_(keyDer)
+ KeyRecord(KeyType keyType, const PublicKey &key)
+ : keyType_(keyType), key_(key)
{
}
const KeyType getKeyType() const { return keyType_; }
- const Blob& getKeyDer() { return keyDer_; }
+ const PublicKey& getKey() { return key_; }
private:
- KeyType keyType_;
- Blob keyDer_;
+ KeyType keyType_;
+ PublicKey key_;
};
std::vector<std::string> identityStore_; /**< A list of name URI. */
std::string defaultIdentity_; /**< The default identity in identityStore_, or "" if not defined. */
- std::map<std::string, ptr_lib::shared_ptr<KeyRecord> > keyStore_; /**< The map key is the keyName.toUri() */
- std::map<std::string, Blob> certificateStore_; /**< The map key is the certificateName.toUri() */
+ Name defaultKeyName_;
+ Name defaultCert_;
+
+ typedef std::map< std::string, ptr_lib::shared_ptr<KeyRecord> > KeyStore; /**< The map key is the keyName.toUri() */
+ typedef std::map< std::string, ptr_lib::shared_ptr<IdentityCertificate> > CertificateStore; /**< The map key is the certificateName.toUri() */
+
+ KeyStore keyStore_;
+ CertificateStore certificateStore_;
};
}
diff --git a/include/ndn-cpp/security/identity/memory-private-key-storage.hpp b/include/ndn-cpp/security/identity/memory-private-key-storage.hpp
index 6184c94..f267583 100644
--- a/include/ndn-cpp/security/identity/memory-private-key-storage.hpp
+++ b/include/ndn-cpp/security/identity/memory-private-key-storage.hpp
@@ -21,6 +21,8 @@
*/
class MemoryPrivateKeyStorage : public PrivateKeyStorage {
public:
+ struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+
/**
* The virtual destructor
*/
@@ -35,9 +37,9 @@
* @param privateKeyDer The private key DER byte array.
* @param privateKeyDerLength The length of privateKeyDer.
*/
- void setKeyPairForKeyName
- (const Name& keyName, uint8_t *publicKeyDer, size_t publicKeyDerLength, uint8_t *privateKeyDer,
- size_t privateKeyDerLength);
+ void setKeyPairForKeyName(const Name& keyName,
+ uint8_t *publicKeyDer, size_t publicKeyDerLength,
+ uint8_t *privateKeyDer, size_t privateKeyDerLength);
/**
* Generate a pair of asymmetric keys.
@@ -64,9 +66,12 @@
* @param digestAlgorithm the digest algorithm.
* @return The signature, or a null pointer if signing fails.
*/
- virtual Blob
- sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm);
-
+ virtual Block
+ sign(const uint8_t *data, size_t dataLength, const Signature &signature, const Name& keyName, DigestAlgorithm digestAlgorithm);
+
+ virtual Block
+ sign(const Data &data, const Signature &signature, const Name& keyName, DigestAlgorithm digestAlgorithm);
+
/**
* Decrypt data.
* @param keyName The name of the decrypting key.
@@ -75,7 +80,7 @@
* @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
* @return The decrypted data.
*/
- virtual Blob
+ virtual ConstBufferPtr
decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric);
/**
@@ -86,7 +91,7 @@
* @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
* @return The encrypted data.
*/
- virtual Blob
+ virtual ConstBufferPtr
encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric);
/**
@@ -108,23 +113,13 @@
doesKeyExist(const Name& keyName, KeyClass keyClass);
private:
- /**
- * RsaPrivateKey is a simple class to hold an RSA private key.
- */
- class RsaPrivateKey {
- public:
- RsaPrivateKey(uint8_t *keyDer, size_t keyDerLength);
-
- ~RsaPrivateKey();
-
- struct rsa_st* getPrivateKey() { return privateKey_; }
-
- private:
- struct rsa_st* privateKey_;
- };
-
- std::map<std::string, ptr_lib::shared_ptr<PublicKey> > publicKeyStore_; /**< The map key is the keyName.toUri() */
- std::map<std::string, ptr_lib::shared_ptr<RsaPrivateKey> > privateKeyStore_; /**< The map key is the keyName.toUri() */
+ class RsaPrivateKey;
+
+ typedef std::map<std::string, ptr_lib::shared_ptr<PublicKey> > PublicKeyStore;
+ typedef std::map<std::string, ptr_lib::shared_ptr<RsaPrivateKey> > PrivateKeyStore;
+
+ PublicKeyStore publicKeyStore_; /**< The map key is the keyName.toUri() */
+ PrivateKeyStore privateKeyStore_; /**< The map key is the keyName.toUri() */
};
}
diff --git a/include/ndn-cpp/security/identity/private-key-storage.hpp b/include/ndn-cpp/security/identity/private-key-storage.hpp
index 29461bb..9777d64 100644
--- a/include/ndn-cpp/security/identity/private-key-storage.hpp
+++ b/include/ndn-cpp/security/identity/private-key-storage.hpp
@@ -20,6 +20,8 @@
class PrivateKeyStorage {
public:
+ struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+
/**
* The virtual destructor.
*/
@@ -51,12 +53,12 @@
* @param digestAlgorithm the digest algorithm.
* @return The signature, or a null pointer if signing fails.
*/
- virtual ConstBufferPtr
+ virtual Block
sign(const uint8_t *data, size_t dataLength,
const Signature &signature,
const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256) = 0;
- virtual ConstBufferPtr
+ virtual Block
sign(const Data &data,
const Signature &signature,
const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256) = 0;
diff --git a/include/ndn-cpp/security/key-chain.hpp b/include/ndn-cpp/security/key-chain.hpp
index da470f7..c39736e 100644
--- a/include/ndn-cpp/security/key-chain.hpp
+++ b/include/ndn-cpp/security/key-chain.hpp
@@ -85,6 +85,9 @@
* Sign/Verify *
*****************************************/
+ inline void
+ sign(Data& data);
+
/**
* Wire encode the Data object, sign it and set its signature.
* Note: the caller must make sure the timestamp is correct, for example with
@@ -92,7 +95,7 @@
* @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
* @param certificateName The certificate name of the key to use for signing. If omitted, infer the signing identity from the data packet name.
*/
- void
+ inline void
sign(Data& data, const Name& certificateName);
/**
@@ -102,7 +105,7 @@
* @param certificateName The certificate name used to get the signing key and which will be put into KeyLocator.
* @return The Signature.
*/
- Signature
+ inline Signature
sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
/**
@@ -167,6 +170,24 @@
const int maxSteps_;
};
+void
+KeyChain::sign(Data& data)
+{
+ identities().sign(data);
+}
+
+void
+KeyChain::sign(Data& data, const Name& certificateName)
+{
+ identities().signByCertificate(data, certificateName);
+}
+
+Signature
+KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
+{
+ return identities().signByCertificate(buffer, bufferLength, certificateName);
+}
+
}
#endif