security: Continue porting security elements to the updated framework

Change-Id: I682156142a8714b2756ca429903a19d2b9064e13
diff --git a/include/ndn-cpp/security/certificate/identity-certificate.hpp b/include/ndn-cpp/security/certificate/identity-certificate.hpp
index 85c8e72..65b07af 100644
--- a/include/ndn-cpp/security/certificate/identity-certificate.hpp
+++ b/include/ndn-cpp/security/certificate/identity-certificate.hpp
@@ -41,6 +41,9 @@
   
   inline void
   wireDecode(const Block &wire);
+
+  inline void
+  setName(const Name &name);
   
   inline const Name &
   getPublicKeyName () const;
@@ -91,6 +94,13 @@
   setPublicKeyName();
 }
 
+inline void
+IdentityCertificate::setName(const Name &name)
+{
+  Certificate::setName(name);
+  setPublicKeyName();
+}
+
 inline const Name &
 IdentityCertificate::getPublicKeyName () const
 {
diff --git a/include/ndn-cpp/security/identity/identity-manager.hpp b/include/ndn-cpp/security/identity/identity-manager.hpp
index 702ad1f..5ed7771 100644
--- a/include/ndn-cpp/security/identity/identity-manager.hpp
+++ b/include/ndn-cpp/security/identity/identity-manager.hpp
@@ -78,6 +78,7 @@
   setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name())
   {
     info().setDefaultKeyNameForIdentity(keyName, identityName);
+    defaultCertificate_.reset();
   }
 
   /**
@@ -218,7 +219,10 @@
   {
     return info().getDefaultCertificateNameForIdentity(getDefaultIdentity());
   }
-        
+
+  void
+  sign(Data &data);
+  
   /**
    * Sign the byte array data based on the certificate name.
    * @param buffer The byte array to be signed.
@@ -240,6 +244,9 @@
   void 
   signByCertificate(Data& data, const Name& certificateName);
 
+  void
+  signByCertificate(Data& data, const IdentityCertificate& certificate);
+
   /**
    * Generate a self-signed certificate for a public key.
    * @param keyName The name of the public key.
@@ -253,11 +260,11 @@
    */
   void
   selfSign (IdentityCertificate& cert);
-  
+
 public:
   static const ptr_lib::shared_ptr<IdentityStorage>   DefaultIdentityStorage;
   static const ptr_lib::shared_ptr<PrivateKeyStorage> DefaultPrivateKeyStorage;
-  
+
 private:
   /**
    * Generate a key pair for the specified identity.
@@ -276,6 +283,8 @@
 private:
   ptr_lib::shared_ptr<IdentityStorage>   identityStorage_;
   ptr_lib::shared_ptr<PrivateKeyStorage> privateKeyStorage_;
+
+  ptr_lib::shared_ptr<IdentityCertificate> defaultCertificate_;
 };
 
 inline IdentityStorage&
@@ -312,8 +321,6 @@
     throw Error("PrivateKeyStorage is not assigned to IdentityManager");
   return *privateKeyStorage_;
 }
-  
-  
 
 }
 
diff --git a/include/ndn-cpp/security/identity/memory-identity-storage.hpp b/include/ndn-cpp/security/identity/memory-identity-storage.hpp
index 5027a73..57f8050 100644
--- a/include/ndn-cpp/security/identity/memory-identity-storage.hpp
+++ b/include/ndn-cpp/security/identity/memory-identity-storage.hpp
@@ -21,6 +21,8 @@
  */
 class MemoryIdentityStorage : public IdentityStorage {
 public:
+  struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+
   /**
    * The virtual Destructor.
    */
@@ -64,14 +66,14 @@
    * @param publicKeyDer A blob of the public key DER to be added.
    */
   virtual void 
-  addKey(const Name& keyName, KeyType keyType, const Blob& publicKeyDer);
+  addKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer);
 
   /**
    * Get the public key DER blob from the identity storage.
    * @param keyName The name of the requested public key.
    * @return The DER Blob.  If not found, return a Blob with a null pointer.
    */
-  virtual Blob
+  virtual ptr_lib::shared_ptr<PublicKey>
   getKey(const Name& keyName);
 
   /**
@@ -109,7 +111,7 @@
    * @param allowAny If false, only a valid certificate will be returned, otherwise validity is disregarded.
    * @return The requested certificate.  If not found, return a shared_ptr with a null pointer.
    */
-  virtual ptr_lib::shared_ptr<Data> 
+  virtual ptr_lib::shared_ptr<IdentityCertificate> 
   getCertificate(const Name &certificateName, bool allowAny = false);
 
 
@@ -182,24 +184,30 @@
 private:
   class KeyRecord {
   public:
-    KeyRecord(KeyType keyType, const Blob &keyDer)
-    : keyType_(keyType), keyDer_(keyDer)
+    KeyRecord(KeyType keyType, const PublicKey &key)
+    : keyType_(keyType), key_(key)
     {
     }
     
     const KeyType getKeyType() const { return keyType_; }
     
-    const Blob& getKeyDer() { return keyDer_; }
+    const PublicKey& getKey() { return key_; }
     
   private:
-    KeyType keyType_;
-    Blob keyDer_;
+    KeyType   keyType_;
+    PublicKey key_;
   };
   
   std::vector<std::string> identityStore_; /**< A list of name URI. */
   std::string defaultIdentity_;            /**< The default identity in identityStore_, or "" if not defined. */
-  std::map<std::string, ptr_lib::shared_ptr<KeyRecord> > keyStore_; /**< The map key is the keyName.toUri() */
-  std::map<std::string, Blob> certificateStore_;                    /**< The map key is the certificateName.toUri() */
+  Name defaultKeyName_;
+  Name defaultCert_;
+
+  typedef std::map< std::string, ptr_lib::shared_ptr<KeyRecord> > KeyStore; /**< The map key is the keyName.toUri() */
+  typedef std::map< std::string, ptr_lib::shared_ptr<IdentityCertificate> > CertificateStore; /**< The map key is the certificateName.toUri() */
+  
+  KeyStore keyStore_; 
+  CertificateStore certificateStore_;                    
 };
 
 }
diff --git a/include/ndn-cpp/security/identity/memory-private-key-storage.hpp b/include/ndn-cpp/security/identity/memory-private-key-storage.hpp
index 6184c94..f267583 100644
--- a/include/ndn-cpp/security/identity/memory-private-key-storage.hpp
+++ b/include/ndn-cpp/security/identity/memory-private-key-storage.hpp
@@ -21,6 +21,8 @@
  */
 class MemoryPrivateKeyStorage : public PrivateKeyStorage {
 public:
+  struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+
   /**
    * The virtual destructor
    */    
@@ -35,9 +37,9 @@
    * @param privateKeyDer The private key DER byte array.
    * @param privateKeyDerLength The length of privateKeyDer.
    */
-  void setKeyPairForKeyName
-    (const Name& keyName, uint8_t *publicKeyDer, size_t publicKeyDerLength, uint8_t *privateKeyDer, 
-     size_t privateKeyDerLength);
+  void setKeyPairForKeyName(const Name& keyName,
+                            uint8_t *publicKeyDer, size_t publicKeyDerLength,
+                            uint8_t *privateKeyDer, size_t privateKeyDerLength);
   
   /**
    * Generate a pair of asymmetric keys.
@@ -64,9 +66,12 @@
    * @param digestAlgorithm the digest algorithm.
    * @return The signature, or a null pointer if signing fails.
    */  
-  virtual Blob 
-  sign(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm);
-    
+  virtual Block 
+  sign(const uint8_t *data, size_t dataLength, const Signature &signature, const Name& keyName, DigestAlgorithm digestAlgorithm);
+
+  virtual Block 
+  sign(const Data &data, const Signature &signature, const Name& keyName, DigestAlgorithm digestAlgorithm);
+  
   /**
    * Decrypt data.
    * @param keyName The name of the decrypting key.
@@ -75,7 +80,7 @@
    * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
    * @return The decrypted data.
    */
-  virtual Blob 
+  virtual ConstBufferPtr 
   decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric);
 
   /**
@@ -86,7 +91,7 @@
    * @param isSymmetric If true symmetric encryption is used, otherwise asymmetric decryption is used.
    * @return The encrypted data.
    */
-  virtual Blob
+  virtual ConstBufferPtr
   encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric);
 
   /**
@@ -108,23 +113,13 @@
   doesKeyExist(const Name& keyName, KeyClass keyClass);  
   
 private:
-  /**
-   * RsaPrivateKey is a simple class to hold an RSA private key.
-   */
-  class RsaPrivateKey {
-  public:
-    RsaPrivateKey(uint8_t *keyDer, size_t keyDerLength);
-    
-    ~RsaPrivateKey();
-    
-    struct rsa_st* getPrivateKey() { return privateKey_; }
-    
-  private:
-    struct rsa_st* privateKey_;
-  };
-    
-  std::map<std::string, ptr_lib::shared_ptr<PublicKey> > publicKeyStore_;      /**< The map key is the keyName.toUri() */
-  std::map<std::string, ptr_lib::shared_ptr<RsaPrivateKey> > privateKeyStore_; /**< The map key is the keyName.toUri() */
+  class RsaPrivateKey;
+
+  typedef std::map<std::string, ptr_lib::shared_ptr<PublicKey> >     PublicKeyStore;
+  typedef std::map<std::string, ptr_lib::shared_ptr<RsaPrivateKey> > PrivateKeyStore;
+  
+  PublicKeyStore  publicKeyStore_;  /**< The map key is the keyName.toUri() */
+  PrivateKeyStore privateKeyStore_; /**< The map key is the keyName.toUri() */
 };
 
 }
diff --git a/include/ndn-cpp/security/identity/private-key-storage.hpp b/include/ndn-cpp/security/identity/private-key-storage.hpp
index 29461bb..9777d64 100644
--- a/include/ndn-cpp/security/identity/private-key-storage.hpp
+++ b/include/ndn-cpp/security/identity/private-key-storage.hpp
@@ -20,6 +20,8 @@
 
 class PrivateKeyStorage {
 public:
+  struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+
   /**
    * The virtual destructor.
    */    
@@ -51,12 +53,12 @@
    * @param digestAlgorithm the digest algorithm.
    * @return The signature, or a null pointer if signing fails.
    */  
-  virtual ConstBufferPtr
+  virtual Block
   sign(const uint8_t *data, size_t dataLength,
        const Signature &signature,
        const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256) = 0;
 
-  virtual ConstBufferPtr
+  virtual Block
   sign(const Data &data,
        const Signature &signature,
        const Name& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256) = 0;
diff --git a/include/ndn-cpp/security/key-chain.hpp b/include/ndn-cpp/security/key-chain.hpp
index da470f7..c39736e 100644
--- a/include/ndn-cpp/security/key-chain.hpp
+++ b/include/ndn-cpp/security/key-chain.hpp
@@ -85,6 +85,9 @@
    *              Sign/Verify              *
    *****************************************/
 
+  inline void 
+  sign(Data& data);
+  
   /**
    * Wire encode the Data object, sign it and set its signature.
    * Note: the caller must make sure the timestamp is correct, for example with 
@@ -92,7 +95,7 @@
    * @param data The Data object to be signed.  This updates its signature and key locator field and wireEncoding.
    * @param certificateName The certificate name of the key to use for signing.  If omitted, infer the signing identity from the data packet name.
    */
-  void 
+  inline void 
   sign(Data& data, const Name& certificateName);
   
   /**
@@ -102,7 +105,7 @@
    * @param certificateName The certificate name used to get the signing key and which will be put into KeyLocator.
    * @return The Signature.
    */
-  Signature
+  inline Signature
   sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
 
   /**
@@ -167,6 +170,24 @@
   const int maxSteps_;
 };
 
+void 
+KeyChain::sign(Data& data)
+{
+  identities().sign(data);
+}
+
+void 
+KeyChain::sign(Data& data, const Name& certificateName)
+{
+  identities().signByCertificate(data, certificateName);
+}
+
+Signature
+KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
+{
+  return identities().signByCertificate(buffer, bufferLength, certificateName);
+}
+
 }
 
 #endif