security: make some functions static in BackEndOsx, simplify KeyHandleOsx

Change-Id: I178a5fe4bbffe6a5337b546653a90724f3ef41f5
Refs: #4075
diff --git a/src/security/tpm/back-end-osx.cpp b/src/security/tpm/back-end-osx.cpp
index 145ffeb..3a2035e 100644
--- a/src/security/tpm/back-end-osx.cpp
+++ b/src/security/tpm/back-end-osx.cpp
@@ -21,13 +21,13 @@
 
 #include "back-end-osx.hpp"
 #include "key-handle-osx.hpp"
-#include "../transform/private-key.hpp"
 #include "tpm.hpp"
+#include "../transform/private-key.hpp"
 
 #include <CoreServices/CoreServices.h>
-#include <Security/Security.h>
-#include <Security/SecRandom.h>
 #include <Security/SecDigestTransform.h>
+#include <Security/SecRandom.h>
+#include <Security/Security.h>
 
 namespace ndn {
 namespace security {
@@ -52,7 +52,8 @@
   CFReleaser<SecKeychainItemRef>
   getKey(const Name& keyName)
   {
-    CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(), kCFStringEncodingUTF8);
+    CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(),
+                                                                 kCFStringEncodingUTF8);
 
     CFReleaser<CFMutableDictionaryRef> attrDict =
       CFDictionaryCreateMutable(nullptr, 5, &kCFTypeDictionaryKeyCallBacks, nullptr);
@@ -193,19 +194,16 @@
 }
 
 ConstBufferPtr
-BackEndOsx::sign(const KeyRefOsx& key, DigestAlgorithm digestAlgorithm,
-                 const uint8_t* buf, size_t size) const
+BackEndOsx::sign(const KeyRefOsx& key, DigestAlgorithm digestAlgo, const uint8_t* buf, size_t size)
 {
-  CFReleaser<CFDataRef> dataRef = CFDataCreateWithBytesNoCopy(nullptr, buf, size, kCFAllocatorNull);
-
   CFReleaser<CFErrorRef> error;
-  // C-style cast is used as per Apple convention
   CFReleaser<SecTransformRef> signer = SecSignTransformCreate(key.get(), &error.get());
   if (error != nullptr) {
     BOOST_THROW_EXCEPTION(Error("Fail to create signer"));
   }
 
   // Set input
+  CFReleaser<CFDataRef> dataRef = CFDataCreateWithBytesNoCopy(nullptr, buf, size, kCFAllocatorNull);
   SecTransformSetAttribute(signer.get(), kSecTransformInputAttributeName, dataRef.get(), &error.get());
   if (error != nullptr) {
     BOOST_THROW_EXCEPTION(Error("Fail to configure input of signer"));
@@ -214,25 +212,23 @@
   // Enable use of padding
   SecTransformSetAttribute(signer.get(), kSecPaddingKey, kSecPaddingPKCS1Key, &error.get());
   if (error != nullptr) {
-    BOOST_THROW_EXCEPTION(Error("Fail to configure digest algorithm of signer"));
+    BOOST_THROW_EXCEPTION(Error("Fail to configure padding of signer"));
   }
 
-  // Set padding type
-  SecTransformSetAttribute(signer.get(), kSecDigestTypeAttribute, getDigestAlgorithm(digestAlgorithm), &error.get());
+  // Set digest type
+  SecTransformSetAttribute(signer.get(), kSecDigestTypeAttribute, getDigestAlgorithm(digestAlgo), &error.get());
   if (error != nullptr) {
-    BOOST_THROW_EXCEPTION(Error("Fail to configure digest algorithm of signer"));
+    BOOST_THROW_EXCEPTION(Error("Fail to configure digest type of signer"));
   }
 
-  // Set digest attribute
-  long digestSize = getDigestSize(digestAlgorithm);
+  // Set digest length
+  long digestSize = getDigestSize(digestAlgo);
   CFReleaser<CFNumberRef> cfDigestSize = CFNumberCreate(nullptr, kCFNumberLongType, &digestSize);
-  SecTransformSetAttribute(signer.get(),
-                           kSecDigestLengthAttribute,
-                           cfDigestSize.get(),
-                           &error.get());
+  SecTransformSetAttribute(signer.get(), kSecDigestLengthAttribute, cfDigestSize.get(), &error.get());
   if (error != nullptr) {
-    BOOST_THROW_EXCEPTION(Error("Fail to configure digest size of signer"));
+    BOOST_THROW_EXCEPTION(Error("Fail to configure digest length of signer"));
   }
+
   // Actually sign
   // C-style cast is used as per Apple convention
   CFReleaser<CFDataRef> signature = (CFDataRef)SecTransformExecute(signer.get(), &error.get());
@@ -242,31 +238,30 @@
   }
 
   if (signature == nullptr) {
-    BOOST_THROW_EXCEPTION(Error("Signature is NULL!\n"));
+    BOOST_THROW_EXCEPTION(Error("Signature is null"));
   }
 
   return make_shared<Buffer>(CFDataGetBytePtr(signature.get()), CFDataGetLength(signature.get()));
 }
 
 ConstBufferPtr
-BackEndOsx::decrypt(const KeyRefOsx& key, const uint8_t* cipherText, size_t cipherSize) const
+BackEndOsx::decrypt(const KeyRefOsx& key, const uint8_t* cipherText, size_t cipherSize)
 {
-  CFReleaser<CFDataRef> dataRef = CFDataCreateWithBytesNoCopy(nullptr, cipherText, cipherSize, kCFAllocatorNull);
-
   CFReleaser<CFErrorRef> error;
   CFReleaser<SecTransformRef> decryptor = SecDecryptTransformCreate(key.get(), &error.get());
   if (error != nullptr) {
-    BOOST_THROW_EXCEPTION(Error("Fail to create decrypt"));
+    BOOST_THROW_EXCEPTION(Error("Fail to create decryptor"));
   }
 
+  CFReleaser<CFDataRef> dataRef = CFDataCreateWithBytesNoCopy(nullptr, cipherText, cipherSize, kCFAllocatorNull);
   SecTransformSetAttribute(decryptor.get(), kSecTransformInputAttributeName, dataRef.get(), &error.get());
   if (error != nullptr) {
-    BOOST_THROW_EXCEPTION(Error("Fail to configure decrypt"));
+    BOOST_THROW_EXCEPTION(Error("Fail to configure decryptor input"));
   }
 
   SecTransformSetAttribute(decryptor.get(), kSecPaddingKey, kSecPaddingOAEPKey, &error.get());
   if (error != nullptr) {
-    BOOST_THROW_EXCEPTION(Error("Fail to configure decrypt #2"));
+    BOOST_THROW_EXCEPTION(Error("Fail to configure decryptor padding"));
   }
 
   CFReleaser<CFDataRef> output = (CFDataRef)SecTransformExecute(decryptor.get(), &error.get());
@@ -276,13 +271,14 @@
   }
 
   if (output == nullptr) {
-    BOOST_THROW_EXCEPTION(Error("Output is NULL!\n"));
+    BOOST_THROW_EXCEPTION(Error("Output is null"));
   }
+
   return make_shared<Buffer>(CFDataGetBytePtr(output.get()), CFDataGetLength(output.get()));
 }
 
 ConstBufferPtr
-BackEndOsx::derivePublicKey(const KeyRefOsx& key) const
+BackEndOsx::derivePublicKey(const KeyRefOsx& key)
 {
   CFReleaser<CFDataRef> exportedKey;
   OSStatus res = SecItemExport(key.get(),           // secItemOrArray
@@ -308,7 +304,8 @@
 bool
 BackEndOsx::doHasKey(const Name& keyName) const
 {
-  CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(), kCFStringEncodingUTF8);
+  CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(),
+                                                               kCFStringEncodingUTF8);
 
   CFReleaser<CFMutableDictionaryRef> attrDict =
     CFDictionaryCreateMutable(nullptr, 4, &kCFTypeDictionaryKeyCallBacks, nullptr);
@@ -322,7 +319,7 @@
   OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict.get(), (CFTypeRef*)&itemRef.get());
   itemRef.retain();
 
-  return (res == errSecSuccess);
+  return res == errSecSuccess;
 }
 
 unique_ptr<KeyHandle>
@@ -336,7 +333,7 @@
     return nullptr;
   }
 
-  return make_unique<KeyHandleOsx>(*this, (SecKeyRef)keyItem.get());
+  return make_unique<KeyHandleOsx>((SecKeyRef)keyItem.get());
 }
 
 unique_ptr<KeyHandle>
@@ -386,7 +383,7 @@
     }
   }
 
-  unique_ptr<KeyHandle> keyHandle = make_unique<KeyHandleOsx>(*this, privateKey.get());
+  unique_ptr<KeyHandle> keyHandle = make_unique<KeyHandleOsx>(privateKey.get());
   setKeyName(*keyHandle, identityName, params);
 
   SecKeychainAttribute attrs[1]; // maximum number of attributes
@@ -408,7 +405,8 @@
 void
 BackEndOsx::doDeleteKey(const Name& keyName)
 {
-  CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(), kCFStringEncodingUTF8);
+  CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(),
+                                                               kCFStringEncodingUTF8);
 
   CFReleaser<CFMutableDictionaryRef> searchDict =
     CFDictionaryCreateMutable(nullptr, 5, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
@@ -473,7 +471,8 @@
   SecExternalFormat externalFormat = kSecFormatWrappedPKCS8;
   SecExternalItemType externalType = kSecItemTypePrivateKey;
 
-  CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(), kCFStringEncodingUTF8);
+  CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(),
+                                                               kCFStringEncodingUTF8);
   CFReleaser<CFStringRef> passphrase =
     CFStringCreateWithBytes(nullptr, reinterpret_cast<const uint8_t*>(pw), pwLen, kCFStringEncodingUTF8, false);
   CFReleaser<SecAccessRef> access;
@@ -519,7 +518,7 @@
   {
     attrs[attrList.count].tag = kSecKeyPrintName;
     attrs[attrList.count].length = keyUri.size();
-    attrs[attrList.count].data = const_cast<char*>(keyUri.c_str());
+    attrs[attrList.count].data = const_cast<char*>(keyUri.data());
     attrList.count++;
   }
 
diff --git a/src/security/tpm/back-end-osx.hpp b/src/security/tpm/back-end-osx.hpp
index 1a644d9..61f7f68 100644
--- a/src/security/tpm/back-end-osx.hpp
+++ b/src/security/tpm/back-end-osx.hpp
@@ -1,5 +1,5 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
  * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -79,17 +79,16 @@
   /**
    * @brief Sign @p buf with @p key using @p digestAlgorithm.
    */
-  ConstBufferPtr
-  sign(const KeyRefOsx& key, DigestAlgorithm digestAlgorithm, const uint8_t* buf, size_t size) const;
+  static ConstBufferPtr
+  sign(const KeyRefOsx& key, DigestAlgorithm digestAlgorithm, const uint8_t* buf, size_t size);
 
-  ConstBufferPtr
-  decrypt(const KeyRefOsx& key, const uint8_t* cipherText, size_t cipherSize) const;
+  static ConstBufferPtr
+  decrypt(const KeyRefOsx& key, const uint8_t* cipherText, size_t cipherSize);
 
-  ConstBufferPtr
-  derivePublicKey(const KeyRefOsx& key) const;
+  static ConstBufferPtr
+  derivePublicKey(const KeyRefOsx& key);
 
 private: // inherited from tpm::BackEnd
-
   /**
    * @return True if a key with name @p keyName exists in TPM.
    */
diff --git a/src/security/tpm/key-handle-mem.cpp b/src/security/tpm/key-handle-mem.cpp
index d9b5c32..d9fb590 100644
--- a/src/security/tpm/key-handle-mem.cpp
+++ b/src/security/tpm/key-handle-mem.cpp
@@ -20,20 +20,20 @@
  */
 
 #include "key-handle-mem.hpp"
-#include "../transform.hpp"
+#include "../transform/buffer-source.hpp"
 #include "../transform/private-key.hpp"
+#include "../transform/signer-filter.hpp"
+#include "../transform/stream-sink.hpp"
 #include "../../encoding/buffer-stream.hpp"
 
 namespace ndn {
 namespace security {
 namespace tpm {
 
-using transform::PrivateKey;
-
-KeyHandleMem::KeyHandleMem(shared_ptr<PrivateKey> key)
-  : m_key(key)
+KeyHandleMem::KeyHandleMem(shared_ptr<transform::PrivateKey> key)
+  : m_key(std::move(key))
 {
-  BOOST_ASSERT(key != nullptr);
+  BOOST_ASSERT(m_key != nullptr);
 }
 
 ConstBufferPtr
diff --git a/src/security/tpm/key-handle-osx.cpp b/src/security/tpm/key-handle-osx.cpp
index 518a673..05e7023 100644
--- a/src/security/tpm/key-handle-osx.cpp
+++ b/src/security/tpm/key-handle-osx.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+/*
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -26,9 +26,8 @@
 namespace security {
 namespace tpm {
 
-KeyHandleOsx::KeyHandleOsx(const BackEndOsx& impl, const KeyRefOsx& key)
-  : m_impl(impl)
-  , m_key(key)
+KeyHandleOsx::KeyHandleOsx(const KeyRefOsx& key)
+  : m_key(key)
 {
   if (m_key.get() == 0)
     BOOST_THROW_EXCEPTION(Error("key is not set"));
@@ -37,19 +36,19 @@
 ConstBufferPtr
 KeyHandleOsx::doSign(DigestAlgorithm digestAlgorithm, const uint8_t* buf, size_t size) const
 {
-  return m_impl.sign(m_key, digestAlgorithm, buf, size);
+  return BackEndOsx::sign(m_key, digestAlgorithm, buf, size);
 }
 
 ConstBufferPtr
 KeyHandleOsx::doDecrypt(const uint8_t* cipherText, size_t cipherTextLen) const
 {
-  return m_impl.decrypt(m_key, cipherText, cipherTextLen);
+  return BackEndOsx::decrypt(m_key, cipherText, cipherTextLen);
 }
 
 ConstBufferPtr
 KeyHandleOsx::doDerivePublicKey() const
 {
-  return m_impl.derivePublicKey(m_key);
+  return BackEndOsx::derivePublicKey(m_key);
 }
 
 } // namespace tpm
diff --git a/src/security/tpm/key-handle-osx.hpp b/src/security/tpm/key-handle-osx.hpp
index c1b338f..a6e1484 100644
--- a/src/security/tpm/key-handle-osx.hpp
+++ b/src/security/tpm/key-handle-osx.hpp
@@ -1,5 +1,5 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
  * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -33,26 +33,14 @@
 namespace security {
 namespace tpm {
 
-class BackEndOsx;
-
 /**
  * @brief Abstraction of TPM key handle used by the TPM based on OS X Keychain Service.
  */
 class KeyHandleOsx : public KeyHandle
 {
 public:
-  class Error : public KeyHandle::Error
-  {
-  public:
-    explicit
-    Error(const std::string& what)
-      : KeyHandle::Error(what)
-    {
-    }
-  };
-
-public:
-  KeyHandleOsx(const BackEndOsx& impl, const KeyRefOsx& key);
+  explicit
+  KeyHandleOsx(const KeyRefOsx& key);
 
 private:
   ConstBufferPtr
@@ -65,7 +53,6 @@
   doDerivePublicKey() const final;
 
 private:
-  const BackEndOsx& m_impl;
   KeyRefOsx m_key;
 };