blob: 1d9f100d6fd23f834648fec8c5dc0d4b80f840cf [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -04001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yuf56c68f2014-04-24 21:50:13 -07002/**
Alexander Afanasyevc169a812014-05-20 20:37:29 -04003 * Copyright (c) 2013-2014 Regents of the University of California.
Yingdi Yuf56c68f2014-04-24 21:50:13 -07004 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Yingdi Yuf56c68f2014-04-24 21:50:13 -07006 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -04007 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Yingdi Yuf56c68f2014-04-24 21:50:13 -070020 *
21 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
22 */
23
24#include "key-chain.hpp"
25
26#include "sec-public-info-sqlite3.hpp"
27#include "sec-tpm-file.hpp"
28
29#ifdef NDN_CXX_HAVE_OSX_SECURITY
30#include "sec-tpm-osx.hpp"
31#endif
32
33#include "../util/random.hpp"
34#include "../util/config-file.hpp"
35
36namespace ndn {
37
Yingdi Yu0eb5d722014-06-10 15:06:25 -070038// Use a GUID as a magic number of KeyChain::DEFAULT_PREFIX identifier
39const Name KeyChain::DEFAULT_PREFIX("/723821fd-f534-44b3-80d9-44bf5f58bbbb");
40
Yingdi Yu7036ce22014-06-19 18:53:37 -070041const RsaKeyParams KeyChain::DEFAULT_KEY_PARAMS;
42
Yingdi Yuf56c68f2014-04-24 21:50:13 -070043KeyChain::KeyChain()
44 : m_pib(0)
45 , m_tpm(0)
Yingdi Yu0f5fb692014-06-10 12:07:28 -070046 , m_lastTimestamp(time::toUnixTimestamp(time::system_clock::now()))
Yingdi Yuf56c68f2014-04-24 21:50:13 -070047{
48
49 ConfigFile config;
50 const ConfigFile::Parsed& parsed = config.getParsedConfiguration();
51
52 std::string pibName;
53 try
54 {
55 pibName = parsed.get<std::string>("pib");
56 }
57 catch (boost::property_tree::ptree_bad_path& error)
58 {
59 // pib is not specified, take the default
60 }
61 catch (boost::property_tree::ptree_bad_data& error)
62 {
63 throw ConfigFile::Error(error.what());
64 }
65
66 std::string tpmName;
67 try
68 {
69 tpmName = parsed.get<std::string>("tpm");
70 }
71 catch (boost::property_tree::ptree_bad_path& error)
72 {
73 // tpm is not specified, take the default
74 }
75 catch (boost::property_tree::ptree_bad_data& error)
76 {
77 throw ConfigFile::Error(error.what());
78 }
79
80
81 if (pibName.empty() || pibName == "sqlite3")
82 m_pib = new SecPublicInfoSqlite3;
83 else
84 throw Error("PIB type '" + pibName + "' is not supported");
85
86 if (tpmName.empty())
87#if defined(NDN_CXX_HAVE_OSX_SECURITY) and defined(NDN_CXX_WITH_OSX_KEYCHAIN)
88 m_tpm = new SecTpmOsx();
89#else
90 m_tpm = new SecTpmFile();
91#endif // defined(NDN_CXX_HAVE_OSX_SECURITY) and defined(NDN_CXX_WITH_OSX_KEYCHAIN)
92 else if (tpmName == "osx-keychain")
93#if defined(NDN_CXX_HAVE_OSX_SECURITY)
94 m_tpm = new SecTpmOsx();
95#else
96 throw Error("TPM type '" + tpmName + "' is not supported on this platform");
97#endif // NDN_CXX_HAVE_OSX_SECURITY
98 else if (tpmName == "file")
99 m_tpm = new SecTpmFile();
100 else
101 throw Error("TPM type '" + tpmName + "' is not supported");
102}
103
104KeyChain::KeyChain(const std::string& pibName,
105 const std::string& tpmName)
106 : m_pib(0)
107 , m_tpm(0)
Yingdi Yu0f5fb692014-06-10 12:07:28 -0700108 , m_lastTimestamp(time::toUnixTimestamp(time::system_clock::now()))
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700109{
110 if (pibName == "sqlite3")
111 m_pib = new SecPublicInfoSqlite3;
112 else
113 throw Error("PIB type '" + pibName + "' is not supported");
114
115 if (tpmName == "file")
116 m_tpm = new SecTpmFile;
117#if defined(NDN_CXX_HAVE_OSX_SECURITY)
118 else if (tpmName == "osx-keychain")
119 m_tpm = new SecTpmOsx();
120#endif //NDN_CXX_HAVE_OSX_SECURITY
121 else
122 throw Error("TPM type '" + tpmName + "' is not supported");
123}
124
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700125KeyChain::~KeyChain()
126{
127 if (m_pib != 0)
128 delete m_pib;
129
130 if (m_tpm != 0)
131 delete m_tpm;
132}
133
Yingdi Yu7036ce22014-06-19 18:53:37 -0700134Name
135KeyChain::createIdentity(const Name& identityName, const KeyParams& params)
136{
137 m_pib->addIdentity(identityName);
138
139 Name keyName;
140 try
141 {
142 keyName = m_pib->getDefaultKeyNameForIdentity(identityName);
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700143
144 shared_ptr<PublicKey> key = m_pib->getPublicKey(keyName);
145
146 if (key->getKeyType() != params.getKeyType())
147 {
148 keyName = generateKeyPair(identityName, true, params);
149 m_pib->setDefaultKeyNameForIdentity(keyName);
150 }
Yingdi Yu7036ce22014-06-19 18:53:37 -0700151 }
152 catch (SecPublicInfo::Error& e)
153 {
154 keyName = generateKeyPair(identityName, true, params);
155 m_pib->setDefaultKeyNameForIdentity(keyName);
156 }
157
158 Name certName;
159 try
160 {
161 certName = m_pib->getDefaultCertificateNameForKey(keyName);
162 }
163 catch (SecPublicInfo::Error& e)
164 {
165 shared_ptr<IdentityCertificate> selfCert = selfSign(keyName);
166 m_pib->addCertificateAsIdentityDefault(*selfCert);
167 certName = selfCert->getName();
168 }
169
170 return certName;
171}
172
173Name
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700174KeyChain::generateRsaKeyPairAsDefault(const Name& identityName, bool isKsk, uint32_t keySize)
Yingdi Yu7036ce22014-06-19 18:53:37 -0700175{
176 RsaKeyParams params(keySize);
177
178 Name keyName = generateKeyPair(identityName, isKsk, params);
179
180 m_pib->setDefaultKeyNameForIdentity(keyName);
181
182 return keyName;
183}
184
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700185Name
186KeyChain::generateEcdsaKeyPairAsDefault(const Name& identityName, bool isKsk, uint32_t keySize)
187{
188 EcdsaKeyParams params(keySize);
189
190 Name keyName = generateKeyPair(identityName, isKsk, params);
191
192 m_pib->setDefaultKeyNameForIdentity(keyName);
193
194 return keyName;
195}
196
197
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700198shared_ptr<IdentityCertificate>
199KeyChain::prepareUnsignedIdentityCertificate(const Name& keyName,
200 const Name& signingIdentity,
201 const time::system_clock::TimePoint& notBefore,
202 const time::system_clock::TimePoint& notAfter,
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700203 const std::vector<CertificateSubjectDescription>& subjectDescription,
204 const Name& certPrefix)
205{
206 shared_ptr<PublicKey> publicKey;
207 try
208 {
209 publicKey = m_pib->getPublicKey(keyName);
210 }
211 catch (SecPublicInfo::Error& e)
212 {
213 return shared_ptr<IdentityCertificate>();
214 }
215
216 return prepareUnsignedIdentityCertificate(keyName, *publicKey, signingIdentity,
217 notBefore, notAfter,
218 subjectDescription, certPrefix);
219}
220
221shared_ptr<IdentityCertificate>
222KeyChain::prepareUnsignedIdentityCertificate(const Name& keyName,
223 const PublicKey& publicKey,
224 const Name& signingIdentity,
225 const time::system_clock::TimePoint& notBefore,
226 const time::system_clock::TimePoint& notAfter,
227 const std::vector<CertificateSubjectDescription>& subjectDescription,
228 const Name& certPrefix)
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700229{
230 if (keyName.size() < 1)
231 return shared_ptr<IdentityCertificate>();
232
Alexander Afanasyev9c578182014-05-14 17:28:28 -0700233 std::string keyIdPrefix = keyName.get(-1).toUri().substr(0, 4);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700234 if (keyIdPrefix != "ksk-" && keyIdPrefix != "dsk-")
235 return shared_ptr<IdentityCertificate>();
236
237 shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>();
238 Name certName;
239
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700240 if (certPrefix == KeyChain::DEFAULT_PREFIX)
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700241 {
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700242 // No certificate prefix hint, infer the prefix
243 if (signingIdentity.isPrefixOf(keyName))
244 certName.append(signingIdentity)
245 .append("KEY")
246 .append(keyName.getSubName(signingIdentity.size()))
247 .append("ID-CERT")
248 .appendVersion();
249 else
250 certName.append(keyName.getPrefix(-1))
251 .append("KEY")
252 .append(keyName.get(-1))
253 .append("ID-CERT")
254 .appendVersion();
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700255 }
256 else
257 {
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700258 // cert prefix hint is supplied, determine the cert name.
259 if (certPrefix.isPrefixOf(keyName) && certPrefix != keyName)
260 certName.append(certPrefix)
261 .append("KEY")
262 .append(keyName.getSubName(certPrefix.size()))
263 .append("ID-CERT")
264 .appendVersion();
265 else
266 return shared_ptr<IdentityCertificate>();
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700267 }
268
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700269
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700270 certificate->setName(certName);
271 certificate->setNotBefore(notBefore);
272 certificate->setNotAfter(notAfter);
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700273 certificate->setPublicKeyInfo(publicKey);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700274
275 if (subjectDescription.empty())
276 {
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700277 CertificateSubjectDescription subjectName(oid::ATTRIBUTE_NAME, keyName.getPrefix(-1).toUri());
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700278 certificate->addSubjectDescription(subjectName);
279 }
280 else
281 {
282 std::vector<CertificateSubjectDescription>::const_iterator sdIt =
283 subjectDescription.begin();
284 std::vector<CertificateSubjectDescription>::const_iterator sdEnd =
285 subjectDescription.end();
286 for(; sdIt != sdEnd; sdIt++)
287 certificate->addSubjectDescription(*sdIt);
288 }
289
290 certificate->encode();
291
292 return certificate;
293}
294
295Signature
296KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
297{
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700298 shared_ptr<IdentityCertificate> certificate = m_pib->getCertificate(certificateName);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700299
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700300 shared_ptr<SignatureWithPublicKey> sig =
301 determineSignatureWithPublicKey(certificate->getPublicKeyInfo().getKeyType());
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700302
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700303 if (!static_cast<bool>(sig))
304 throw SecTpm::Error("unknown key type");
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700305
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700306 sig->setKeyLocator(certificate->getName().getPrefix(-1));
307 // For temporary usage, we support SHA256 only, but will support more.
308 sig->setValue(m_tpm->signInTpm(buffer, bufferLength,
309 certificate->getPublicKeyName(),
310 DIGEST_ALGORITHM_SHA256));
311
312 return *sig;
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700313}
314
315shared_ptr<IdentityCertificate>
316KeyChain::selfSign(const Name& keyName)
317{
318 shared_ptr<PublicKey> pubKey;
319 try
320 {
321 pubKey = m_pib->getPublicKey(keyName); // may throw an exception.
322 }
323 catch (SecPublicInfo::Error& e)
324 {
325 return shared_ptr<IdentityCertificate>();
326 }
327
328 shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>();
329
330 Name certificateName = keyName.getPrefix(-1);
331 certificateName.append("KEY").append(keyName.get(-1)).append("ID-CERT").appendVersion();
332
333 certificate->setName(certificateName);
334 certificate->setNotBefore(time::system_clock::now());
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700335 certificate->setNotAfter(time::system_clock::now() + time::days(7300)); // ~20 years
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700336 certificate->setPublicKeyInfo(*pubKey);
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700337 certificate->addSubjectDescription(CertificateSubjectDescription(oid::ATTRIBUTE_NAME,
338 keyName.toUri()));
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700339 certificate->encode();
340
341 selfSign(*certificate);
342 return certificate;
343}
344
345void
346KeyChain::selfSign(IdentityCertificate& cert)
347{
348 Name keyName = IdentityCertificate::certificateNameToPublicKeyName(cert.getName());
349 if (!m_tpm->doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu7036ce22014-06-19 18:53:37 -0700350 throw SecTpm::Error("Private key does not exist");
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700351
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700352 shared_ptr<SignatureWithPublicKey> sig =
353 determineSignatureWithPublicKey(cert.getPublicKeyInfo().getKeyType());
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700354
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700355 if (!static_cast<bool>(sig))
356 throw SecTpm::Error("unknown key type");
357
358 sig->setKeyLocator(cert.getName().getPrefix(-1)); // implicit conversion should take care
359 signPacketWrapper(cert, *sig, keyName, DIGEST_ALGORITHM_SHA256);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700360}
361
362shared_ptr<SecuredBag>
363KeyChain::exportIdentity(const Name& identity, const std::string& passwordStr)
364{
365 if (!m_pib->doesIdentityExist(identity))
Yingdi Yu7036ce22014-06-19 18:53:37 -0700366 throw SecPublicInfo::Error("Identity does not exist");
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700367
368 Name keyName = m_pib->getDefaultKeyNameForIdentity(identity);
369
370 ConstBufferPtr pkcs5;
371 try
372 {
373 pkcs5 = m_tpm->exportPrivateKeyPkcs5FromTpm(keyName, passwordStr);
374 }
375 catch (SecTpm::Error& e)
376 {
377 throw SecPublicInfo::Error("Fail to export PKCS5 of private key");
378 }
379
380 shared_ptr<IdentityCertificate> cert;
381 try
382 {
383 cert = m_pib->getCertificate(m_pib->getDefaultCertificateNameForKey(keyName));
384 }
385 catch (SecPublicInfo::Error& e)
386 {
387 cert = selfSign(keyName);
388 m_pib->addCertificateAsIdentityDefault(*cert);
389 }
390
Alexander Afanasyevb67090a2014-04-29 22:31:01 -0700391 // make_shared on OSX 10.9 has some strange problem here
392 shared_ptr<SecuredBag> secureBag(new SecuredBag(*cert, pkcs5));
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700393
394 return secureBag;
395}
396
397void
398KeyChain::importIdentity(const SecuredBag& securedBag, const std::string& passwordStr)
399{
400 Name certificateName = securedBag.getCertificate().getName();
401 Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certificateName);
402 Name identity = keyName.getPrefix(-1);
403
404 // Add identity
405 m_pib->addIdentity(identity);
406
407 // Add key
408 m_tpm->importPrivateKeyPkcs5IntoTpm(keyName,
409 securedBag.getKey()->buf(),
410 securedBag.getKey()->size(),
411 passwordStr);
412
413 shared_ptr<PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
414 // HACK! We should set key type according to the pkcs8 info.
415 m_pib->addPublicKey(keyName, KEY_TYPE_RSA, *pubKey);
416 m_pib->setDefaultKeyNameForIdentity(keyName);
417
418 // Add cert
419 m_pib->addCertificateAsIdentityDefault(securedBag.getCertificate());
420}
421
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700422shared_ptr<SignatureWithPublicKey>
423KeyChain::determineSignatureWithPublicKey(KeyType keyType, DigestAlgorithm digestAlgorithm)
424{
425 switch (keyType)
426 {
427 case KEY_TYPE_RSA:
428 {
429 // For temporary usage, we support SHA256 only, but will support more.
430 if (digestAlgorithm != DIGEST_ALGORITHM_SHA256)
431 return shared_ptr<SignatureWithPublicKey>();
432
433 return make_shared<SignatureSha256WithRsa>();
434 }
435 case KEY_TYPE_ECDSA:
436 {
437 // For temporary usage, we support SHA256 only, but will support more.
438 if (digestAlgorithm != DIGEST_ALGORITHM_SHA256)
439 return shared_ptr<SignatureWithPublicKey>();
440
441 return make_shared<SignatureSha256WithEcdsa>();
442 }
443 default:
444 return shared_ptr<SignatureWithPublicKey>();
445 }
446}
447
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700448void
449KeyChain::setDefaultCertificateInternal()
450{
451 m_pib->refreshDefaultCertificate();
452
Alexander Afanasyevaab79662014-07-07 17:35:34 -0700453 if (!static_cast<bool>(m_pib->getDefaultCertificate()))
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700454 {
455 Name defaultIdentity;
456 try
457 {
458 defaultIdentity = m_pib->getDefaultIdentity();
459 }
460 catch (SecPublicInfo::Error& e)
461 {
462 uint32_t random = random::generateWord32();
463 defaultIdentity.append("tmp-identity")
464 .append(reinterpret_cast<uint8_t*>(&random), 4);
465 }
466 createIdentity(defaultIdentity);
467 m_pib->setDefaultIdentity(defaultIdentity);
468 m_pib->refreshDefaultCertificate();
469 }
470}
471
Yingdi Yu7036ce22014-06-19 18:53:37 -0700472Name
473KeyChain::generateKeyPair(const Name& identityName, bool isKsk, const KeyParams& params)
474{
475 Name keyName = m_pib->getNewKeyName(identityName, isKsk);
476
477 m_tpm->generateKeyPairInTpm(keyName.toUri(), params);
478
479 shared_ptr<PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
480 m_pib->addKey(keyName, *pubKey);
481
482 return keyName;
483}
484
485void
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700486KeyChain::signPacketWrapper(Data& data, const Signature& signature,
Yingdi Yu7036ce22014-06-19 18:53:37 -0700487 const Name& keyName, DigestAlgorithm digestAlgorithm)
488{
489 data.setSignature(signature);
490
491 EncodingBuffer encoder;
492 data.wireEncode(encoder, true);
493
494 Block signatureValue = m_tpm->signInTpm(encoder.buf(), encoder.size(),
495 keyName, digestAlgorithm);
496 data.wireEncode(encoder, signatureValue);
497}
498
499void
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700500KeyChain::signPacketWrapper(Interest& interest, const Signature& signature,
Yingdi Yu7036ce22014-06-19 18:53:37 -0700501 const Name& keyName, DigestAlgorithm digestAlgorithm)
502{
503 time::milliseconds timestamp = time::toUnixTimestamp(time::system_clock::now());
504 if (timestamp <= m_lastTimestamp)
505 {
506 timestamp = m_lastTimestamp + time::milliseconds(1);
507 }
508
509 Name signedName = interest.getName();
510 signedName
511 .append(name::Component::fromNumber(timestamp.count())) // timestamp
512 .append(name::Component::fromNumber(random::generateWord64())) // nonce
513 .append(signature.getInfo()); // signatureInfo
514
515 Block sigValue = m_tpm->signInTpm(signedName.wireEncode().value(),
516 signedName.wireEncode().value_size(),
517 keyName,
518 digestAlgorithm);
519 sigValue.encode();
520 signedName.append(sigValue); // signatureValue
521 interest.setName(signedName);
522}
523
524Signature
525KeyChain::signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName)
526{
527 Name signingCertificateName;
528 try
529 {
530 signingCertificateName = m_pib->getDefaultCertificateNameForIdentity(identityName);
531 }
532 catch (SecPublicInfo::Error& e)
533 {
534 signingCertificateName = createIdentity(identityName);
535 // Ideally, no exception will be thrown out, unless something goes wrong in the TPM, which
536 // is a fatal error.
537 }
538
539 // We either get or create the signing certificate, sign data! (no exception unless fatal error
540 // in TPM)
541 return sign(buffer, bufferLength, signingCertificateName);
542}
543
544void
545KeyChain::signWithSha256(Data& data)
546{
547 DigestSha256 sig;
548 data.setSignature(sig);
549
550 Block sigValue(Tlv::SignatureValue,
551 crypto::sha256(data.wireEncode().value(),
552 data.wireEncode().value_size() -
553 data.getSignature().getValue().size()));
554 data.setSignatureValue(sigValue);
555}
556
557void
558KeyChain::deleteCertificate(const Name& certificateName)
559{
560 try
561 {
562 if (m_pib->getDefaultCertificateName() == certificateName)
563 return;
564 }
565 catch (SecPublicInfo::Error& e)
566 {
567 // Not a real error, just try to delete the certificate
568 }
569
570 m_pib->deleteCertificateInfo(certificateName);
571}
572
573void
574KeyChain::deleteKey(const Name& keyName)
575{
576 try
577 {
578 if (m_pib->getDefaultKeyNameForIdentity(m_pib->getDefaultIdentity()) == keyName)
579 return;
580 }
581 catch (SecPublicInfo::Error& e)
582 {
583 // Not a real error, just try to delete the key
584 }
585
586 m_pib->deletePublicKeyInfo(keyName);
587 m_tpm->deleteKeyPairInTpm(keyName);
588}
589
590void
591KeyChain::deleteIdentity(const Name& identity)
592{
593 try
594 {
595 if (m_pib->getDefaultIdentity() == identity)
596 return;
597 }
598 catch (SecPublicInfo::Error& e)
599 {
600 // Not a real error, just try to delete the identity
601 }
602
603 std::vector<Name> nameList;
604 m_pib->getAllKeyNamesOfIdentity(identity, nameList, true);
605 m_pib->getAllKeyNamesOfIdentity(identity, nameList, false);
606
607 m_pib->deleteIdentityInfo(identity);
608
609 std::vector<Name>::const_iterator it = nameList.begin();
610 for(; it != nameList.end(); it++)
611 m_tpm->deleteKeyPairInTpm(*it);
612}
613
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700614}