Blame - ndn-cpp/security/identity/basic-identity-storage.cpp - ndn-cxx

blob: cadb59cda6c29d5df426f9284d8e72ea0ca2572a [file] [log] [blame]

Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	1	/* -- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -- */
				2	/**
				3	* Copyright (C) 2013 Regents of the University of California.
				4	* @author: Yingdi Yu <yingdi@cs.ucla.edu>
				5	* See COPYING for copyright and distribution information.
				6	*/
				7
Jeff Thompson	b752300	2013-10-09 10:25:00 -0700	[diff] [blame]	8	// Only compile if ndn-cpp-config.h defines NDN_CPP_HAVE_SQLITE3.
Jeff Thompson	6e22904	2013-10-10 11:09:49 -0700	[diff] [blame]	9	#include <ndn-cpp/ndn-cpp-config.h>
Jeff Thompson	1975def	2013-10-09 17:06:43 -0700	[diff] [blame]	10	#ifdef NDN_CPP_HAVE_SQLITE3
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	11
Jeff Thompson	351ac30	2013-10-19 18:45:00 -0700	[diff] [blame]	12	#include <stdio.h>
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	13	#include <stdlib.h>
				14	#include <sstream>
				15	#include <fstream>
Jeff Thompson	3bd90bc	2013-10-19 16:40:14 -0700	[diff] [blame]	16	#include <math.h>
Jeff Thompson	25b4e61	2013-10-10 16:03:24 -0700	[diff] [blame]	17	#include <ndn-cpp/security/identity/basic-identity-storage.hpp>
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	18	#include "../../util/logging.hpp"
Jeff Thompson	3bd90bc	2013-10-19 16:40:14 -0700	[diff] [blame]	19	#include <ndn-cpp/security/security-exception.hpp>
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	20	#include "ndn-cpp/data.hpp"
Jeff Thompson	9f2b9fc	2013-10-19 18:00:12 -0700	[diff] [blame]	21	#include <ndn-cpp/security/certificate/identity-certificate.hpp>
Jeff Thompson	3bd90bc	2013-10-19 16:40:14 -0700	[diff] [blame]	22	#include "../../c/util/time.h"
Jeff Thompson	9f2b9fc	2013-10-19 18:00:12 -0700	[diff] [blame]	23	#include <ndn-cpp/sha256-with-rsa-signature.hpp>
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	24
				25	INIT_LOGGER("BasicIdentityStorage");
				26
				27	using namespace std;
				28	using namespace ndn::ptr_lib;
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	29
				30	namespace ndn
				31	{
				32
				33	static const string INIT_ID_TABLE = "\
				34	CREATE TABLE IF NOT EXISTS \n \
				35	Identity( \n \
				36	identity_name BLOB NOT NULL, \n \
				37	default_identity INTEGER DEFAULT 0, \n \
				38	\
				39	PRIMARY KEY (identity_name) \n \
				40	); \n \
				41	\
				42	CREATE INDEX identity_index ON Identity(identity_name); \n \
				43	";
				44
				45	static const string INIT_KEY_TABLE = "\
				46	CREATE TABLE IF NOT EXISTS \n \
				47	Key( \n \
				48	identity_name BLOB NOT NULL, \n \
				49	key_identifier BLOB NOT NULL, \n \
				50	key_type INTEGER, \n \
				51	public_key BLOB, \n \
				52	default_key INTEGER DEFAULT 0, \n \
				53	active INTEGER DEFAULT 0, \n \
				54	\
				55	PRIMARY KEY (identity_name, key_identifier) \n \
				56	); \n \
				57	\
				58	CREATE INDEX key_index ON Key(identity_name); \n \
				59	";
				60
				61	static const string INIT_CERT_TABLE = "\
				62	CREATE TABLE IF NOT EXISTS \n \
				63	Certificate( \n \
				64	cert_name BLOB NOT NULL, \n \
				65	cert_issuer BLOB NOT NULL, \n \
				66	identity_name BLOB NOT NULL, \n \
				67	key_identifier BLOB NOT NULL, \n \
				68	not_before TIMESTAMP, \n \
				69	not_after TIMESTAMP, \n \
				70	certificate_data BLOB NOT NULL, \n \
				71	valid_flag INTEGER DEFAULT 0, \n \
				72	default_cert INTEGER DEFAULT 0, \n \
				73	\
				74	PRIMARY KEY (cert_name) \n \
				75	); \n \
				76	\
				77	CREATE INDEX cert_index ON Certificate(cert_name); \n \
				78	CREATE INDEX subject ON Certificate(identity_name); \n \
				79	";
				80
				81	/**
				82	* A utility function to call the normal sqlite3_bind_text where the value and length are value.c_str() and value.size().
				83	*/
				84	static int sqlite3_bind_text(sqlite3_stmt* statement, int index, const string& value, void(destructor)(void))
				85	{
				86	return sqlite3_bind_text(statement, index, value.c_str(), value.size(), destructor);
				87	}
				88
				89	BasicIdentityStorage::BasicIdentityStorage()
				90	{
Jeff Thompson	351ac30	2013-10-19 18:45:00 -0700	[diff] [blame]	91	// Note: We don't use <filesystem> support because it is not "header-only" and require linking to libraries.
				92	// TOOD: Handle non-unix file system paths which don't use '/'.
				93	const char* home = getenv("HOME");
				94	if (!home \|\| *home == '\0')
				95	// Don't expect this to happen;
				96	home = ".";
				97	string homeDir(home);
				98	if (homeDir[homeDir.size() - 1] == '/')
				99	// Strip the ending '/'.
				100	homeDir.erase(homeDir.size() - 1);
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	101
Jeff Thompson	351ac30	2013-10-19 18:45:00 -0700	[diff] [blame]	102	string identityDir = homeDir + '/' + ".ndn-identity";
				103	::system(("mkdir " + identityDir).c_str());
				104
				105	int res = sqlite3_open((identityDir + '/' + "identity.db").c_str(), &database_);
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	106
				107	if (res != SQLITE_OK)
Jeff Thompson	351ac30	2013-10-19 18:45:00 -0700	[diff] [blame]	108	throw SecurityException("identity DB cannot be opened/created");
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	109
				110	//Check if Key table exists;
				111	sqlite3_stmt *statement;
				112	sqlite3_prepare_v2(database_, "SELECT name FROM sqlite_master WHERE type='table' And name='Identity'", -1, &statement, 0);
Jeff Thompson	351ac30	2013-10-19 18:45:00 -0700	[diff] [blame]	113	res = sqlite3_step(statement);
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	114
				115	bool idTableExists = false;
				116	if (res == SQLITE_ROW)
				117	idTableExists = true;
				118
				119	sqlite3_finalize(statement);
				120
				121	if (!idTableExists) {
				122	char *errorMessage = 0;
				123	res = sqlite3_exec(database_, INIT_ID_TABLE.c_str(), NULL, NULL, &errorMessage);
				124
				125	if (res != SQLITE_OK && errorMessage != 0) {
				126	_LOG_TRACE("Init \"error\" in Identity: " << errorMessage);
				127	sqlite3_free(errorMessage);
				128	}
				129	}
				130
				131	//Check if Key table exists;
				132	sqlite3_prepare_v2(database_, "SELECT name FROM sqlite_master WHERE type='table' And name='Key'", -1, &statement, 0);
				133	res = sqlite3_step(statement);
				134
				135	bool keyTableExists = false;
				136	if (res == SQLITE_ROW)
				137	keyTableExists = true;
				138
				139	sqlite3_finalize(statement);
				140
				141	if (!keyTableExists) {
				142	char *errorMessage = 0;
				143	res = sqlite3_exec(database_, INIT_KEY_TABLE.c_str(), NULL, NULL, &errorMessage);
				144
				145	if (res != SQLITE_OK && errorMessage != 0) {
				146	_LOG_TRACE("Init \"error\" in KEY: " << errorMessage);
				147	sqlite3_free(errorMessage);
				148	}
				149	}
				150
				151	//Check if Certificate table exists;
				152	sqlite3_prepare_v2(database_, "SELECT name FROM sqlite_master WHERE type='table' And name='Certificate'", -1, &statement, 0);
				153	res = sqlite3_step(statement);
				154
				155	bool idCertificateTableExists = false;
				156	if (res == SQLITE_ROW)
				157	idCertificateTableExists = true;
				158
				159	sqlite3_finalize(statement);
				160
				161	if (!idCertificateTableExists) {
				162	char *errorMessage = 0;
				163	res = sqlite3_exec(database_, INIT_CERT_TABLE.c_str(), NULL, NULL, &errorMessage);
				164
				165	if (res != SQLITE_OK && errorMessage != 0) {
				166	_LOG_TRACE("Init \"error\" in ID-CERT: " << errorMessage);
				167	sqlite3_free(errorMessage);
				168	}
				169	}
				170	}
				171
				172	BasicIdentityStorage::~BasicIdentityStorage()
				173	{
				174	}
				175
				176	bool
				177	BasicIdentityStorage::doesIdentityExist(const Name& identityName)
				178	{
				179	bool result = false;
				180
				181	sqlite3_stmt *statement;
				182	sqlite3_prepare_v2(database_, "SELECT count(*) FROM Identity WHERE identity_name=?", -1, &statement, 0);
				183
				184	sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
				185	int res = sqlite3_step(statement);
				186
				187	if (res == SQLITE_ROW) {
				188	int countAll = sqlite3_column_int(statement, 0);
				189	if (countAll > 0)
				190	result = true;
				191	}
				192
				193	sqlite3_finalize(statement);
				194
				195	return result;
				196	}
				197
				198	void
				199	BasicIdentityStorage::addIdentity(const Name& identityName)
				200	{
				201	if (doesIdentityExist(identityName))
				202	throw SecurityException("Identity already exists");
				203
				204	sqlite3_stmt *statement;
				205
				206	sqlite3_prepare_v2(database_, "INSERT INTO Identity (identity_name) values (?)", -1, &statement, 0);
				207
				208	sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
				209
				210	int res = sqlite3_step(statement);
				211
				212	sqlite3_finalize(statement);
				213	}
				214
				215	bool
				216	BasicIdentityStorage::revokeIdentity()
				217	{
				218	//TODO:
				219	return false;
				220	}
				221
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	222	Name
				223	BasicIdentityStorage::getNewKeyName(const Name& identityName, bool useKsk)
				224	{
Jeff Thompson	9f2b9fc	2013-10-19 18:00:12 -0700	[diff] [blame]	225	MillisecondsSince1970 ti = ::ndn_getNowMilliseconds();
				226	// Get the number of seconds.
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	227	ostringstream oss;
Jeff Thompson	9f2b9fc	2013-10-19 18:00:12 -0700	[diff] [blame]	228	oss << floor(ti / 1000.0);
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	229
				230	string keyIdStr;
				231
				232	if (useKsk)
				233	keyIdStr = ("KSK-" + oss.str());
				234	else
				235	keyIdStr = ("DSK-" + oss.str());
				236
				237
				238	Name keyName = Name(identityName).append(keyIdStr);
				239
				240	if (doesKeyExist(keyName))
				241	throw SecurityException("Key name already exists");
				242
				243	return keyName;
Jeff Thompson	1975def	2013-10-09 17:06:43 -0700	[diff] [blame]	244	}
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	245
				246	bool
				247	BasicIdentityStorage::doesKeyExist(const Name& keyName)
				248	{
				249	string keyId = keyName.get(keyName.size() - 1).toEscapedString();
				250	Name identityName = keyName.getSubName(0, keyName.size() - 1);
				251
				252	sqlite3_stmt *statement;
				253	sqlite3_prepare_v2(database_, "SELECT count(*) FROM Key WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
				254
				255	sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
				256	sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
				257
				258	int res = sqlite3_step(statement);
				259
				260	bool keyIdExist = false;
				261	if (res == SQLITE_ROW) {
				262	int countAll = sqlite3_column_int(statement, 0);
				263	if (countAll > 0)
				264	keyIdExist = true;
				265	}
				266
				267	sqlite3_finalize(statement);
				268
				269	return keyIdExist;
				270	}
				271
				272	Name
				273	BasicIdentityStorage::getKeyNameForCertificate(const Name& certificateName)
				274	{
				275	int i = certificateName.size() - 1;
				276
				277	for (; i >= 0; --i) {
				278	if (certificateName.get(i).toEscapedString() == string("ID-CERT"))
				279	break;
				280	}
				281
				282	return certificateName.getSubName(0, i);
				283	}
				284
				285	void
				286	BasicIdentityStorage::addKey(const Name& keyName, KeyType keyType, const Blob& publicKeyDer)
				287	{
				288	string keyId = keyName.get(keyName.size() - 1).toEscapedString();
				289	Name identityName = keyName.getSubName(0, keyName.size() - 1);
				290
				291
				292	if (!doesIdentityExist(identityName))
				293	addIdentity(identityName);
				294
				295	if (doesKeyExist(keyName))
				296	throw SecurityException("a key with the same name already exists!");
				297
				298	sqlite3_stmt *statement;
				299	sqlite3_prepare_v2(database_, "INSERT INTO Key (identity_name, key_identifier, key_type, public_key) values (?, ?, ?, ?)", -1, &statement, 0);
				300
				301	sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
				302	sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
				303	sqlite3_bind_int(statement, 3, (int)keyType);
				304	sqlite3_bind_blob(statement, 4, publicKeyDer.buf(), publicKeyDer.size(), SQLITE_TRANSIENT);
				305
				306	int res = sqlite3_step(statement);
				307
				308	sqlite3_finalize(statement);
				309	}
				310
				311	Blob
				312	BasicIdentityStorage::getKey(const Name& keyName)
				313	{
				314	if (!doesKeyExist(keyName)) {
				315	_LOG_DEBUG("keyName does not exist");
				316	return Blob();
				317	}
				318
				319	string keyId = keyName.get(keyName.size() - 1).toEscapedString();
				320	Name identityName = keyName.getSubName(0, keyName.size() - 1);
				321
				322	sqlite3_stmt *statement;
				323	sqlite3_prepare_v2(database_, "SELECT public_key FROM Key WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
				324
				325	sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
				326	sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
				327
				328	int res = sqlite3_step(statement);
				329
				330	Blob result;
				331	if (res == SQLITE_ROW)
				332	result = Blob(static_cast<const uint8_t*>(sqlite3_column_blob(statement, 0)), sqlite3_column_bytes(statement, 0));
				333
				334	sqlite3_finalize(statement);
				335
				336	return result;
				337	}
				338
				339	void
				340	BasicIdentityStorage::activateKey(const Name& keyName)
				341	{
				342	updateKeyStatus(keyName, true);
				343	}
				344
				345	void
				346	BasicIdentityStorage::deactivateKey(const Name& keyName)
				347	{
				348	updateKeyStatus(keyName, false);
				349	}
				350
				351	void
				352	BasicIdentityStorage::updateKeyStatus(const Name& keyName, bool isActive)
				353	{
				354	string keyId = keyName.get(keyName.size() - 1).toEscapedString();
				355	Name identityName = keyName.getSubName(0, keyName.size() - 1);
				356
				357	sqlite3_stmt *statement;
				358	sqlite3_prepare_v2(database_, "UPDATE Key SET active=? WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
				359
				360	sqlite3_bind_int(statement, 1, (isActive ? 1 : 0));
				361	sqlite3_bind_text(statement, 2, identityName.toUri(), SQLITE_TRANSIENT);
				362	sqlite3_bind_text(statement, 3, keyId, SQLITE_TRANSIENT);
				363
				364	int res = sqlite3_step(statement);
				365
				366	sqlite3_finalize(statement);
				367	}
				368
				369	bool
				370	BasicIdentityStorage::doesCertificateExist(const Name& certificateName)
				371	{
				372	sqlite3_stmt *statement;
				373	sqlite3_prepare_v2(database_, "SELECT count(*) FROM Certificate WHERE cert_name=?", -1, &statement, 0);
				374
				375	sqlite3_bind_text(statement, 1, certificateName.toUri(), SQLITE_TRANSIENT);
				376
				377	int res = sqlite3_step(statement);
				378
				379	bool certExist = false;
				380	if (res == SQLITE_ROW) {
				381	int countAll = sqlite3_column_int(statement, 0);
				382	if (countAll > 0)
				383	certExist = true;
				384	}
				385
				386	sqlite3_finalize(statement);
				387
				388	return certExist;
				389	}
				390
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	391	void
Jeff Thompson	c69163b	2013-10-12 13:49:50 -0700	[diff] [blame]	392	BasicIdentityStorage::addAnyCertificate(const IdentityCertificate& certificate)
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	393	{
				394	const Name& certificateName = certificate.getName();
				395	Name keyName = getKeyNameForCertificate(certificateName);
				396
Jeff Thompson	9f2b9fc	2013-10-19 18:00:12 -0700	[diff] [blame]	397	string keyId = keyName.get(keyName.size() - 1).toEscapedString();
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	398	Name identityName = keyName.getSubName(0, keyName.size() - 1);
				399
				400	sqlite3_stmt *statement;
				401	sqlite3_prepare_v2(database_,
				402	"INSERT INTO Certificate (cert_name, cert_issuer, identity_name, key_identifier, not_before, not_after, certificate_data)\
				403	values (?, ?, ?, ?, datetime(?, 'unixepoch'), datetime(?, 'unixepoch'), ?)",
				404	-1, &statement, 0);
				405
				406
				407	_LOG_DEBUG("certName: " << certificateName.toUri().c_str());
				408	sqlite3_bind_text(statement, 1, certificateName.toUri(), SQLITE_TRANSIENT);
				409
Jeff Thompson	9f2b9fc	2013-10-19 18:00:12 -0700	[diff] [blame]	410	const Sha256WithRsaSignature* signature = dynamic_cast<const Sha256WithRsaSignature*>(certificate.getSignature());
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	411	const Name& signerName = signature->getKeyLocator().getKeyName();
				412	sqlite3_bind_text(statement, 2, signerName.toUri(), SQLITE_TRANSIENT);
				413
				414	sqlite3_bind_text(statement, 3, identityName.toUri(), SQLITE_TRANSIENT);
				415	sqlite3_bind_text(statement, 4, keyId, SQLITE_TRANSIENT);
				416
Jeff Thompson	9f2b9fc	2013-10-19 18:00:12 -0700	[diff] [blame]	417	// Convert from milliseconds to seconds since 1/1/1970.
				418	sqlite3_bind_int64(statement, 5, (sqlite3_int64)floor(certificate.getNotBefore() / 1000.0));
				419	sqlite3_bind_int64(statement, 6, (sqlite3_int64)floor(certificate.getNotAfter() / 1000.0));
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	420
Jeff Thompson	9f2b9fc	2013-10-19 18:00:12 -0700	[diff] [blame]	421	if (!certificate.getDefaultWireEncoding())
				422	certificate.wireEncode();
				423	sqlite3_bind_blob(statement, 7, certificate.getDefaultWireEncoding().buf(), certificate.getDefaultWireEncoding().size(), SQLITE_TRANSIENT);
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	424
				425	int res = sqlite3_step(statement);
				426
				427	sqlite3_finalize(statement);
				428	}
				429
				430	void
Jeff Thompson	c69163b	2013-10-12 13:49:50 -0700	[diff] [blame]	431	BasicIdentityStorage::addCertificate(const IdentityCertificate& certificate)
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	432	{
				433	_LOG_DEBUG("1");
				434	const Name& certificateName = certificate.getName();
				435	Name keyName = getKeyNameForCertificate(certificateName);
				436
				437	_LOG_DEBUG("2");
				438	if (!doesKeyExist(keyName))
				439	{
				440	_LOG_DEBUG("here wrong");
				441	throw SecurityException("No corresponding Key record for the certificate!");
				442	}
				443
				444	// Check if certificate has already existed!
				445	if (doesCertificateExist(certificateName))
				446	throw SecurityException("Certificate has already been installed!");
				447
				448	_LOG_DEBUG("3");
				449	string keyId = keyName.get(keyName.size() - 1).toEscapedString();
				450	Name identity = keyName.getSubName(0, keyName.size() - 1);
				451
				452	// Check if the public key of certificate is the same as the key record
				453
Jeff Thompson	9f2b9fc	2013-10-19 18:00:12 -0700	[diff] [blame]	454	Blob keyBlob = getKey(keyName);
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	455
Jeff Thompson	9f2b9fc	2013-10-19 18:00:12 -0700	[diff] [blame]	456	if (!keyBlob \|\| (keyBlob) != (certificate.getPublicKeyInfo().getKeyDer()))
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	457	throw SecurityException("Certificate does not match the public key!");
				458
				459	_LOG_DEBUG("4");
				460	// Insert the certificate
				461	sqlite3_stmt *statement;
				462	sqlite3_prepare_v2(database_,
				463	"INSERT INTO Certificate (cert_name, cert_issuer, identity_name, key_identifier, not_before, not_after, certificate_data)\
				464	values (?, ?, ?, ?, datetime(?, 'unixepoch'), datetime(?, 'unixepoch'), ?)",
				465	-1, &statement, 0);
				466
				467	_LOG_DEBUG("certName: " << certificateName.toUri().c_str());
				468	sqlite3_bind_text(statement, 1, certificateName.toUri(), SQLITE_TRANSIENT);
				469
Jeff Thompson	9f2b9fc	2013-10-19 18:00:12 -0700	[diff] [blame]	470	const Sha256WithRsaSignature* signature = dynamic_cast<const Sha256WithRsaSignature*>(certificate.getSignature());
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	471	const Name & signerName = signature->getKeyLocator().getKeyName();
				472	sqlite3_bind_text(statement, 2, signerName.toUri(), SQLITE_TRANSIENT);
				473
				474	sqlite3_bind_text(statement, 3, identity.toUri(), SQLITE_TRANSIENT);
				475	sqlite3_bind_text(statement, 4, keyId, SQLITE_TRANSIENT);
				476
Jeff Thompson	9f2b9fc	2013-10-19 18:00:12 -0700	[diff] [blame]	477	// Convert from milliseconds to seconds since 1/1/1970.
				478	sqlite3_bind_int64(statement, 5, (sqlite3_int64)floor(certificate.getNotBefore() / 1000.0));
				479	sqlite3_bind_int64(statement, 6, (sqlite3_int64)floor(certificate.getNotAfter() / 1000.0));
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	480
Jeff Thompson	9f2b9fc	2013-10-19 18:00:12 -0700	[diff] [blame]	481	if (!certificate.getDefaultWireEncoding())
				482	certificate.wireEncode();
				483	sqlite3_bind_blob(statement, 7, certificate.getDefaultWireEncoding().buf(), certificate.getDefaultWireEncoding().size(), SQLITE_TRANSIENT);
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	484
				485	int res = sqlite3_step(statement);
				486
				487	sqlite3_finalize(statement);
				488	}
				489
Jeff Thompson	3bd90bc	2013-10-19 16:40:14 -0700	[diff] [blame]	490	shared_ptr<Data>
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	491	BasicIdentityStorage::getCertificate(const Name &certificateName, bool allowAny)
				492	{
				493	if (doesCertificateExist(certificateName)) {
				494	sqlite3_stmt *statement;
				495	if (!allowAny) {
				496	sqlite3_prepare_v2(database_,
				497	"SELECT certificate_data FROM Certificate \
				498	WHERE cert_name=? AND not_before<datetime(?, 'unixepoch') AND not_after>datetime(?, 'unixepoch') and valid_flag=1",
				499	-1, &statement, 0);
				500
				501	sqlite3_bind_text(statement, 1, certificateName.toUri(), SQLITE_TRANSIENT);
Jeff Thompson	3bd90bc	2013-10-19 16:40:14 -0700	[diff] [blame]	502	sqlite3_bind_int64(statement, 2, (sqlite3_int64)floor(ndn_getNowMilliseconds() / 1000.0));
				503	sqlite3_bind_int64(statement, 3, (sqlite3_int64)floor(ndn_getNowMilliseconds() / 1000.0));
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	504	}
				505	else {
				506	sqlite3_prepare_v2(database_,
				507	"SELECT certificate_data FROM Certificate WHERE cert_name=?", -1, &statement, 0);
				508
				509	sqlite3_bind_text(statement, 1, certificateName.toUri(), SQLITE_TRANSIENT);
				510	}
				511
				512	int res = sqlite3_step(statement);
				513
Jeff Thompson	4d00479	2013-10-21 16:56:58 -0700	[diff] [blame^]	514	shared_ptr<Data> data(new Data());
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	515
				516	if (res == SQLITE_ROW)
Jeff Thompson	3bd90bc	2013-10-19 16:40:14 -0700	[diff] [blame]	517	data->wireDecode((const uint8_t*)sqlite3_column_blob(statement, 0), sqlite3_column_bytes(statement, 0));
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	518	sqlite3_finalize(statement);
				519
Jeff Thompson	3bd90bc	2013-10-19 16:40:14 -0700	[diff] [blame]	520	return data;
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	521	}
				522	else {
				523	_LOG_DEBUG("Certificate does not exist!");
Jeff Thompson	3bd90bc	2013-10-19 16:40:14 -0700	[diff] [blame]	524	return shared_ptr<Data>();
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	525	}
Jeff Thompson	1975def	2013-10-09 17:06:43 -0700	[diff] [blame]	526	}
Jeff Thompson	7ca11f2	2013-10-04 19:01:30 -0700	[diff] [blame]	527
				528	Name
				529	BasicIdentityStorage::getDefaultIdentity()
				530	{
				531	sqlite3_stmt *statement;
				532	sqlite3_prepare_v2(database_, "SELECT identity_name FROM Identity WHERE default_identity=1", -1, &statement, 0);
				533
				534	int res = sqlite3_step(statement);
				535
				536	Name identity;
				537
				538	if (res == SQLITE_ROW)
				539	identity = Name(string(reinterpret_cast<const char *>(sqlite3_column_text(statement, 0)), sqlite3_column_bytes(statement, 0)));
				540
				541	sqlite3_finalize(statement);
				542
				543	return identity;
				544	}
				545
				546	Name
				547	BasicIdentityStorage::getDefaultKeyNameForIdentity(const Name& identityName)
				548	{
				549	sqlite3_stmt *statement;
				550	sqlite3_prepare_v2(database_, "SELECT key_identifier FROM Key WHERE identity_name=? AND default_key=1", -1, &statement, 0);
				551
				552	sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
				553
				554	int res = sqlite3_step(statement);
				555
				556	Name keyName;
				557
				558	if (res == SQLITE_ROW)
				559	keyName = Name(identityName).append(string(reinterpret_cast<const char *>(sqlite3_column_text(statement, 0)), sqlite3_column_bytes(statement, 0)));
				560
				561	sqlite3_finalize(statement);
				562
				563	return keyName;
				564	}
				565
				566	Name
				567	BasicIdentityStorage::getDefaultCertificateNameForKey(const Name& keyName)
				568	{
				569	string keyId = keyName.get(keyName.size() - 1).toEscapedString();
				570	Name identityName = keyName.getSubName(0, keyName.size() - 1);
				571
				572	sqlite3_stmt *statement;
				573	sqlite3_prepare_v2(database_, "SELECT cert_name FROM Certificate WHERE identity_name=? AND key_identifier=? AND default_cert=1", -1, &statement, 0);
				574
				575	sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
				576	sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
				577
				578	int res = sqlite3_step(statement);
				579
				580	Name certName;
				581
				582	if (res == SQLITE_ROW)
				583	certName = Name(string(reinterpret_cast<const char *>(sqlite3_column_text(statement, 0)), sqlite3_column_bytes(statement, 0)));
				584
				585	sqlite3_finalize(statement);
				586
				587	return certName;
				588	}
				589
				590	void
				591	BasicIdentityStorage::setDefaultIdentity(const Name& identityName)
				592	{
				593	sqlite3_stmt *statement;
				594
				595	//Reset previous default identity
				596	sqlite3_prepare_v2(database_, "UPDATE Identity SET default_identity=0 WHERE default_identity=1", -1, &statement, 0);
				597
				598	while (sqlite3_step(statement) == SQLITE_ROW)
				599	{}
				600
				601	sqlite3_finalize(statement);
				602
				603	//Set current default identity
				604	sqlite3_prepare_v2(database_, "UPDATE Identity SET default_identity=1 WHERE identity_name=?", -1, &statement, 0);
				605
				606	sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
				607
				608	sqlite3_step(statement);
				609
				610	sqlite3_finalize(statement);
				611	}
				612
				613	void
				614	BasicIdentityStorage::setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck)
				615	{
				616	string keyId = keyName.get(keyName.size() - 1).toEscapedString();
				617	Name identityName = keyName.getSubName(0, keyName.size() - 1);
				618
				619	if (identityNameCheck.size() > 0 && !identityNameCheck.equals(identityName))
				620	throw SecurityException("Specified identity name does not match the key name");
				621
				622	sqlite3_stmt *statement;
				623
				624	//Reset previous default Key
				625	sqlite3_prepare_v2(database_, "UPDATE Key SET default_key=0 WHERE default_key=1 and identity_name=?", -1, &statement, 0);
				626
				627	sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
				628
				629	while (sqlite3_step(statement) == SQLITE_ROW)
				630	{}
				631
				632	sqlite3_finalize(statement);
				633
				634	//Set current default Key
				635	sqlite3_prepare_v2(database_, "UPDATE Key SET default_key=1 WHERE identity_name=? AND key_identifier=?", -1, &statement, 0);
				636
				637	sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
				638	sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
				639
				640	sqlite3_step(statement);
				641
				642	sqlite3_finalize(statement);
				643	}
				644
				645	void
				646	BasicIdentityStorage::setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName)
				647	{
				648	string keyId = keyName.get(keyName.size() - 1).toEscapedString();
				649	Name identityName = keyName.getSubName(0, keyName.size() - 1);
				650
				651	sqlite3_stmt *statement;
				652
				653	//Reset previous default Key
				654	sqlite3_prepare_v2(database_, "UPDATE Certificate SET default_cert=0 WHERE default_cert=1 AND identity_name=? AND key_identifier=?", -1, &statement, 0);
				655
				656	sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
				657	sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
				658
				659	while (sqlite3_step(statement) == SQLITE_ROW)
				660	{}
				661
				662	sqlite3_finalize(statement);
				663
				664	//Set current default Key
				665	sqlite3_prepare_v2(database_, "UPDATE Certificate SET default_cert=1 WHERE identity_name=? AND key_identifier=? AND cert_name=?", -1, &statement, 0);
				666
				667	sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
				668	sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
				669	sqlite3_bind_text(statement, 3, certificateName.toUri(), SQLITE_TRANSIENT);
				670
				671	sqlite3_step(statement);
				672
				673	sqlite3_finalize(statement);
				674	}
				675
				676	}
				677
Jeff Thompson	b752300	2013-10-09 10:25:00 -0700	[diff] [blame]	678	#endif // NDN_CPP_HAVE_SQLITE3