security: Reorganizing source code to prepare for support of two version of NDN certificates
This commit also removes unused ndn_digestSha256 function and deprecates
crypto::sha256 in favor of crypto::computeSha256Digest in util/crypto.hpp.
Change-Id: I24ee50ff073a96b868633bdf2cfade412d3605f3
Refs: #3098
diff --git a/src/security/certificate-cache-ttl.cpp b/src/security/certificate-cache-ttl.cpp
index 2ab13c9..c1ad631 100644
--- a/src/security/certificate-cache-ttl.cpp
+++ b/src/security/certificate-cache-ttl.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -24,6 +24,7 @@
#include "certificate-cache-ttl.hpp"
namespace ndn {
+namespace security {
CertificateCacheTtl::CertificateCacheTtl(boost::asio::io_service& io,
const time::seconds& defaultTtl/* = time::seconds(3600)*/)
@@ -38,19 +39,19 @@
}
void
-CertificateCacheTtl::insertCertificate(shared_ptr<const IdentityCertificate> certificate)
+CertificateCacheTtl::insertCertificate(shared_ptr<const v1::IdentityCertificate> certificate)
{
m_io.dispatch([this, certificate] { this->insert(certificate); });
}
-shared_ptr<const IdentityCertificate>
+shared_ptr<const v1::IdentityCertificate>
CertificateCacheTtl::getCertificate(const Name& certificateName)
{
Cache::iterator it = m_cache.find(certificateName);
if (it != m_cache.end())
return it->second.first;
else
- return shared_ptr<IdentityCertificate>();
+ return shared_ptr<v1::IdentityCertificate>();
}
void
@@ -66,7 +67,7 @@
}
void
-CertificateCacheTtl::insert(shared_ptr<const IdentityCertificate> certificate)
+CertificateCacheTtl::insert(shared_ptr<const v1::IdentityCertificate> certificate)
{
time::milliseconds expire = (certificate->getFreshnessPeriod() >= time::seconds::zero() ?
certificate->getFreshnessPeriod() : m_defaultTtl);
@@ -102,4 +103,5 @@
m_cache.clear();
}
+} // namespace security
} // namespace ndn
diff --git a/src/security/certificate-cache-ttl.hpp b/src/security/certificate-cache-ttl.hpp
index 55cbc5a..e0ef837 100644
--- a/src/security/certificate-cache-ttl.hpp
+++ b/src/security/certificate-cache-ttl.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -29,6 +29,7 @@
#include "../util/scheduler.hpp"
namespace ndn {
+namespace security {
/**
* @brief Cache of validated certificates with freshness-based eviction policy
@@ -47,9 +48,9 @@
~CertificateCacheTtl();
virtual void
- insertCertificate(shared_ptr<const IdentityCertificate> certificate);
+ insertCertificate(shared_ptr<const v1::IdentityCertificate> certificate);
- virtual shared_ptr<const IdentityCertificate>
+ virtual shared_ptr<const v1::IdentityCertificate>
getCertificate(const Name& certificateNameWithoutVersion);
virtual void
@@ -60,7 +61,7 @@
private:
void
- insert(shared_ptr<const IdentityCertificate> certificate);
+ insert(shared_ptr<const v1::IdentityCertificate> certificate);
void
remove(const Name& certificateName);
@@ -69,7 +70,7 @@
removeAll();
protected:
- typedef std::map<Name, std::pair<shared_ptr<const IdentityCertificate>, EventId> > Cache;
+ typedef std::map<Name, std::pair<shared_ptr<const v1::IdentityCertificate>, EventId> > Cache;
time::seconds m_defaultTtl;
Cache m_cache;
@@ -77,6 +78,10 @@
Scheduler m_scheduler;
};
+} // namespace security
+
+using security::CertificateCacheTtl;
+
} // namespace ndn
#endif // NDN_SECURITY_CERTIFICATE_CACHE_TTL_HPP
diff --git a/src/security/certificate-cache.hpp b/src/security/certificate-cache.hpp
index 42f3b88..fa6cb79 100644
--- a/src/security/certificate-cache.hpp
+++ b/src/security/certificate-cache.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -25,9 +25,10 @@
#define NDN_SECURITY_CERTIFICATE_CACHE_HPP
#include "../name.hpp"
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
namespace ndn {
+namespace security {
/**
* @brief Interface for the cache of validated certificates
@@ -41,9 +42,9 @@
}
virtual void
- insertCertificate(shared_ptr<const IdentityCertificate> certificate) = 0;
+ insertCertificate(shared_ptr<const v1::IdentityCertificate> certificate) = 0;
- virtual shared_ptr<const IdentityCertificate>
+ virtual shared_ptr<const v1::IdentityCertificate>
getCertificate(const Name& certificateNameWithoutVersion) = 0;
virtual void
@@ -59,6 +60,10 @@
}
};
+} // namespace security
+
+using security::CertificateCache;
+
} // namespace ndn
#endif // NDN_SECURITY_CERTIFICATE_CACHE_HPP
diff --git a/src/security/certificate-container.cpp b/src/security/certificate-container.cpp
index b18bbcb..a05dd52 100644
--- a/src/security/certificate-container.cpp
+++ b/src/security/certificate-container.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -32,7 +32,7 @@
{
}
-IdentityCertificate
+v1::IdentityCertificate
CertificateContainer::const_iterator::operator*()
{
return m_impl->getCertificate(*m_it);
diff --git a/src/security/certificate-container.hpp b/src/security/certificate-container.hpp
index 1d7b6b4..f0cc408 100644
--- a/src/security/certificate-container.hpp
+++ b/src/security/certificate-container.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,7 +23,7 @@
#define NDN_SECURITY_CERTIFICATE_CONTAINER_HPP
#include <set>
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
namespace ndn {
namespace security {
@@ -40,7 +40,7 @@
friend class CertificateContainer;
public:
- IdentityCertificate
+ v1::IdentityCertificate
operator*();
const_iterator&
diff --git a/src/security/command-interest-validator.cpp b/src/security/command-interest-validator.cpp
index ddba90e..f877f41 100644
--- a/src/security/command-interest-validator.cpp
+++ b/src/security/command-interest-validator.cpp
@@ -20,7 +20,7 @@
*/
#include "command-interest-validator.hpp"
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
#include <boost/lexical_cast.hpp>
namespace ndn {
@@ -146,9 +146,9 @@
}
try {
- keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocator.getName());
+ keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(keyLocator.getName());
}
- catch (const IdentityCertificate::Error&) {
+ catch (const v1::IdentityCertificate::Error&) {
return ErrorCode::BAD_CERT_NAME;
}
diff --git a/src/security/conf/checker.hpp b/src/security/conf/checker.hpp
index c2c4244..c4ec3ca 100644
--- a/src/security/conf/checker.hpp
+++ b/src/security/conf/checker.hpp
@@ -29,7 +29,7 @@
#include "key-locator-checker.hpp"
#include "../../util/io.hpp"
#include "../validator.hpp"
-#include "../identity-certificate.hpp"
+#include "../v1/identity-certificate.hpp"
#include <boost/algorithm/string.hpp>
#include <boost/filesystem.hpp>
@@ -198,10 +198,10 @@
{
public:
FixedSignerChecker(uint32_t sigType,
- const std::vector<shared_ptr<IdentityCertificate>>& signers)
+ const std::vector<shared_ptr<v1::IdentityCertificate>>& signers)
: m_sigType(sigType)
{
- for (std::vector<shared_ptr<IdentityCertificate>>::const_iterator it = signers.begin();
+ for (std::vector<shared_ptr<v1::IdentityCertificate>>::const_iterator it = signers.begin();
it != signers.end(); it++)
m_signers[(*it)->getName().getPrefix(-1)] = (*it);
@@ -295,7 +295,7 @@
}
private:
- typedef std::map<Name, shared_ptr<IdentityCertificate>> SignerList;
+ typedef std::map<Name, shared_ptr<v1::IdentityCertificate>> SignerList;
uint32_t m_sigType;
SignerList m_signers;
};
@@ -394,7 +394,7 @@
std::string sigType = propertyIt->second.data();
propertyIt++;
- std::vector<shared_ptr<IdentityCertificate>> signers;
+ std::vector<shared_ptr<v1::IdentityCertificate>> signers;
for (; propertyIt != configSection.end(); propertyIt++) {
if (!boost::iequals(propertyIt->first, "signer"))
BOOST_THROW_EXCEPTION(Error("Expect <checker.signer> but get <checker." +
@@ -410,7 +410,7 @@
signers));
}
- static shared_ptr<IdentityCertificate>
+ static shared_ptr<v1::IdentityCertificate>
getSigner(const ConfigSection& configSection, const std::string& configFilename)
{
using namespace boost::filesystem;
@@ -436,8 +436,8 @@
if (propertyIt != configSection.end())
BOOST_THROW_EXCEPTION(Error("Expect the end of checker.signer"));
- shared_ptr<IdentityCertificate> idCert
- = io::load<IdentityCertificate>(certfilePath.c_str());
+ shared_ptr<v1::IdentityCertificate> idCert
+ = io::load<v1::IdentityCertificate>(certfilePath.c_str());
if (static_cast<bool>(idCert))
return idCert;
@@ -457,7 +457,7 @@
if (propertyIt != configSection.end())
BOOST_THROW_EXCEPTION(Error("Expect the end of checker.signer"));
- shared_ptr<IdentityCertificate> idCert = io::load<IdentityCertificate>(ss);
+ shared_ptr<v1::IdentityCertificate> idCert = io::load<v1::IdentityCertificate>(ss);
if (static_cast<bool>(idCert))
return idCert;
diff --git a/src/security/cryptopp.hpp b/src/security/cryptopp.hpp
index d7342cf..4c9e959 100644
--- a/src/security/cryptopp.hpp
+++ b/src/security/cryptopp.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,27 +19,15 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_CRYPTOPP_HPP
-#define NDN_SECURITY_CRYPTOPP_HPP
+/**
+ * @file security/cryptopp.hpp
+ * @deprecated Use security/v1/cryptopp.hpp
+ */
-// suppress CryptoPP warnings
-#pragma GCC system_header
-#pragma clang system_header
+#include "security-common.hpp"
-#include <cryptopp/asn.h>
-#include <cryptopp/base64.h>
-#include <cryptopp/des.h>
-#include <cryptopp/files.h>
-#include <cryptopp/filters.h>
-#include <cryptopp/hex.h>
-#include <cryptopp/modes.h>
-#include <cryptopp/osrng.h>
-#include <cryptopp/pssr.h>
-#include <cryptopp/pwdbased.h>
-#include <cryptopp/rsa.h>
-#include <cryptopp/sha.h>
-#include <cryptopp/eccrypto.h>
-#include <cryptopp/oids.h>
-#include <cryptopp/dsa.h>
-
-#endif // NDN_SECURITY_CRYPTOPP_HPP
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+#include "v1/cryptopp.hpp"
+#else
+#error "Deprecated. Use v1/cryptopp.hpp instead."
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
diff --git a/src/security/identity-certificate.hpp b/src/security/identity-certificate.hpp
index b416080..42553a6 100644
--- a/src/security/identity-certificate.hpp
+++ b/src/security/identity-certificate.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -17,84 +17,17 @@
* <http://www.gnu.org/licenses/>.
*
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
*/
-#ifndef NDN_SECURITY_IDENTITY_CERTIFICATE_HPP
-#define NDN_SECURITY_IDENTITY_CERTIFICATE_HPP
+/**
+ * @file security/identity-certificate.hpp
+ * @deprecated Use security/v1/identity-certificate.hpp
+ */
-#include "../common.hpp"
-#include "certificate.hpp"
+#include "security-common.hpp"
-namespace ndn {
-
-class IdentityCertificate : public Certificate
-{
-public:
- class Error : public Certificate::Error
- {
- public:
- explicit
- Error(const std::string& what)
- : Certificate::Error(what)
- {
- }
- };
-
- /**
- * @brief The default constructor.
- */
- IdentityCertificate();
-
- /**
- * @brief Create an IdentityCertificate from the content in the data packet.
- * @param data The data packet with the content to decode.
- */
- explicit
- IdentityCertificate(const Data& data);
-
- /**
- * @brief Create an IdentityCertificate from a block.
- * @param block The raw block of the certificate.
- */
- explicit
- IdentityCertificate(const Block& block);
-
- void
- wireDecode(const Block& wire);
-
- void
- setName(const Name& name);
-
- const Name&
- getPublicKeyName() const
- {
- return m_publicKeyName;
- }
-
- static bool
- isIdentityCertificate(const Certificate& certificate);
-
- /**
- * @brief Get the public key name from the full certificate name.
- * @param certificateName The full certificate name.
- * @return The related public key name.
- */
- static Name
- certificateNameToPublicKeyName(const Name& certificateName);
-
-private:
- static bool
- isCorrectName(const Name& name);
-
- void
- setPublicKeyName();
-
-protected:
- Name m_publicKeyName;
-};
-
-} // namespace ndn
-
-#endif // NDN_SECURITY_IDENTITY_CERTIFICATE_HPP
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+#include "v1/identity-certificate.hpp"
+#else
+#error "Deprecated. Use `v1/identity-certificate.hpp` instead."
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
diff --git a/src/security/identity.cpp b/src/security/identity.cpp
index 9b42ec5..176814c 100644
--- a/src/security/identity.cpp
+++ b/src/security/identity.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -58,7 +58,7 @@
}
Key
-Identity::addKey(const PublicKey& publicKey, const name::Component& keyId)
+Identity::addKey(const v1::PublicKey& publicKey, const name::Component& keyId)
{
validityCheck();
@@ -123,7 +123,7 @@
}
Key&
-Identity::setDefaultKey(const PublicKey& publicKey, const name::Component& keyId)
+Identity::setDefaultKey(const v1::PublicKey& publicKey, const name::Component& keyId)
{
const Key& keyEntry = addKey(publicKey, keyId);
return setDefaultKey(keyEntry.getKeyId());
diff --git a/src/security/identity.hpp b/src/security/identity.hpp
index 0ac8201..1e4bd2c 100644
--- a/src/security/identity.hpp
+++ b/src/security/identity.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -116,7 +116,7 @@
* @return the added key or existing key with the same key id.
*/
Key
- addKey(const PublicKey& publicKey, const name::Component& keyId = EMPTY_KEY_ID);
+ addKey(const v1::PublicKey& publicKey, const name::Component& keyId = EMPTY_KEY_ID);
/**
* @brief Remove a key.
@@ -147,7 +147,7 @@
* @return the default key
*/
Key&
- setDefaultKey(const PublicKey& publicKey, const name::Component& keyId = EMPTY_KEY_ID);
+ setDefaultKey(const v1::PublicKey& publicKey, const name::Component& keyId = EMPTY_KEY_ID);
NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
/**
diff --git a/src/security/key-chain.cpp b/src/security/key-chain.cpp
index 8369cb1..827f9df 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/key-chain.cpp
@@ -298,7 +298,7 @@
try {
keyName = m_pib->getDefaultKeyNameForIdentity(identityName);
- shared_ptr<PublicKey> key = m_pib->getPublicKey(keyName);
+ shared_ptr<v1::PublicKey> key = m_pib->getPublicKey(keyName);
if (key->getKeyType() != params.getKeyType()) {
keyName = generateKeyPair(identityName, true, params);
@@ -315,7 +315,7 @@
certName = m_pib->getDefaultCertificateNameForKey(keyName);
}
catch (const SecPublicInfo::Error& e) {
- shared_ptr<IdentityCertificate> selfCert = selfSign(keyName);
+ shared_ptr<v1::IdentityCertificate> selfCert = selfSign(keyName);
m_pib->addCertificateAsIdentityDefault(*selfCert);
certName = selfCert->getName();
}
@@ -362,15 +362,15 @@
}
-shared_ptr<IdentityCertificate>
+shared_ptr<v1::IdentityCertificate>
KeyChain::prepareUnsignedIdentityCertificate(const Name& keyName,
const Name& signingIdentity,
const time::system_clock::TimePoint& notBefore,
const time::system_clock::TimePoint& notAfter,
- const std::vector<CertificateSubjectDescription>& subjectDescription,
+ const std::vector<v1::CertificateSubjectDescription>& subjectDescription,
const Name& certPrefix)
{
- shared_ptr<PublicKey> publicKey;
+ shared_ptr<v1::PublicKey> publicKey;
try {
publicKey = m_pib->getPublicKey(keyName);
}
@@ -383,13 +383,13 @@
subjectDescription, certPrefix);
}
-shared_ptr<IdentityCertificate>
+shared_ptr<v1::IdentityCertificate>
KeyChain::prepareUnsignedIdentityCertificate(const Name& keyName,
- const PublicKey& publicKey,
+ const v1::PublicKey& publicKey,
const Name& signingIdentity,
const time::system_clock::TimePoint& notBefore,
const time::system_clock::TimePoint& notAfter,
- const std::vector<CertificateSubjectDescription>& subjectDescription,
+ const std::vector<v1::CertificateSubjectDescription>& subjectDescription,
const Name& certPrefix)
{
if (keyName.size() < 1)
@@ -428,21 +428,19 @@
return nullptr;
}
- auto certificate = make_shared<IdentityCertificate>();
+ auto certificate = make_shared<v1::IdentityCertificate>();
certificate->setName(certName);
certificate->setNotBefore(notBefore);
certificate->setNotAfter(notAfter);
certificate->setPublicKeyInfo(publicKey);
if (subjectDescription.empty()) {
- CertificateSubjectDescription subjectName(oid::ATTRIBUTE_NAME, keyName.getPrefix(-1).toUri());
+ v1::CertificateSubjectDescription subjectName(oid::ATTRIBUTE_NAME, keyName.getPrefix(-1).toUri());
certificate->addSubjectDescription(subjectName);
}
else {
- std::vector<CertificateSubjectDescription>::const_iterator sdIt =
- subjectDescription.begin();
- std::vector<CertificateSubjectDescription>::const_iterator sdEnd =
- subjectDescription.end();
+ std::vector<v1::CertificateSubjectDescription>::const_iterator sdIt = subjectDescription.begin();
+ std::vector<v1::CertificateSubjectDescription>::const_iterator sdEnd = subjectDescription.end();
for(; sdIt != sdEnd; sdIt++)
certificate->addSubjectDescription(*sdIt);
}
@@ -457,7 +455,7 @@
{
SignatureInfo sigInfo = params.getSignatureInfo();
- shared_ptr<IdentityCertificate> signingCert;
+ shared_ptr<v1::IdentityCertificate> signingCert;
switch (params.getSignerType()) {
case SigningInfo::SIGNER_TYPE_NULL: {
@@ -539,7 +537,7 @@
Signature
KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
{
- shared_ptr<IdentityCertificate> certificate = m_pib->getCertificate(certificateName);
+ shared_ptr<v1::IdentityCertificate> certificate = m_pib->getCertificate(certificateName);
if (certificate == nullptr) {
BOOST_THROW_EXCEPTION(SecPublicInfo::Error("certificate does not exist"));
@@ -555,10 +553,10 @@
return sig;
}
-shared_ptr<IdentityCertificate>
+shared_ptr<v1::IdentityCertificate>
KeyChain::selfSign(const Name& keyName)
{
- shared_ptr<PublicKey> pubKey;
+ shared_ptr<v1::PublicKey> pubKey;
try {
pubKey = m_pib->getPublicKey(keyName); // may throw an exception.
}
@@ -566,7 +564,7 @@
return nullptr;
}
- auto certificate = make_shared<IdentityCertificate>();
+ auto certificate = make_shared<v1::IdentityCertificate>();
Name certificateName = keyName.getPrefix(-1);
certificateName.append("KEY").append(keyName.get(-1)).append("ID-CERT").appendVersion();
@@ -575,8 +573,8 @@
certificate->setNotBefore(time::system_clock::now());
certificate->setNotAfter(time::system_clock::now() + time::days(7300)); // ~20 years
certificate->setPublicKeyInfo(*pubKey);
- certificate->addSubjectDescription(CertificateSubjectDescription(oid::ATTRIBUTE_NAME,
- keyName.toUri()));
+ certificate->addSubjectDescription(v1::CertificateSubjectDescription(oid::ATTRIBUTE_NAME,
+ keyName.toUri()));
certificate->encode();
certificate->setSignature(Signature(SignatureInfo()));
@@ -586,7 +584,7 @@
}
void
-KeyChain::selfSign(IdentityCertificate& cert)
+KeyChain::selfSign(v1::IdentityCertificate& cert)
{
Name keyName = cert.getPublicKeyName();
@@ -617,7 +615,7 @@
BOOST_THROW_EXCEPTION(SecPublicInfo::Error("Fail to export PKCS5 of private key"));
}
- shared_ptr<IdentityCertificate> cert;
+ shared_ptr<v1::IdentityCertificate> cert;
try {
cert = m_pib->getCertificate(m_pib->getDefaultCertificateNameForKey(keyName));
}
@@ -634,7 +632,7 @@
KeyChain::importIdentity(const SecuredBag& securedBag, const std::string& passwordStr)
{
Name certificateName = securedBag.getCertificate().getName();
- Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certificateName);
+ Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certificateName);
Name identity = keyName.getPrefix(-1);
// Add identity
@@ -646,7 +644,7 @@
securedBag.getKey()->size(),
passwordStr);
- shared_ptr<PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
+ shared_ptr<v1::PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
// HACK! We should set key type according to the pkcs8 info.
m_pib->addKey(keyName, *pubKey);
m_pib->setDefaultKeyNameForIdentity(keyName);
@@ -711,7 +709,7 @@
m_tpm->generateKeyPairInTpm(keyName.toUri(), params);
- shared_ptr<PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
+ shared_ptr<v1::PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
m_pib->addKey(keyName, *pubKey);
return keyName;
@@ -761,7 +759,7 @@
const Name& keyName, DigestAlgorithm digestAlgorithm) const
{
if (keyName == DIGEST_SHA256_IDENTITY)
- return Block(tlv::SignatureValue, crypto::sha256(buf, size));
+ return Block(tlv::SignatureValue, crypto::computeSha256Digest(buf, size));
return m_tpm->signInTpm(buf, size, keyName, digestAlgorithm);
}
@@ -796,8 +794,8 @@
.append(sig.getInfo()); // signatureInfo
Block sigValue(tlv::SignatureValue,
- crypto::sha256(signedName.wireEncode().value(),
- signedName.wireEncode().value_size()));
+ crypto::computeSha256Digest(signedName.wireEncode().value(),
+ signedName.wireEncode().value_size()));
sigValue.encode();
signedName.append(sigValue); // signatureValue
diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index d9963cd..796aa33 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -38,7 +38,6 @@
#include "../util/random.hpp"
#include <initializer_list>
-
namespace ndn {
namespace security {
@@ -210,22 +209,22 @@
*
* @param keyName Key name, e.g., `/<identity_name>/ksk-123456`.
* @param signingIdentity The signing identity.
- * @param notBefore Refer to IdentityCertificate.
- * @param notAfter Refer to IdentityCertificate.
- * @param subjectDescription Refer to IdentityCertificate.
+ * @param notBefore Refer to v1::IdentityCertificate.
+ * @param notAfter Refer to v1::IdentityCertificate.
+ * @param subjectDescription Refer to v1::IdentityCertificate.
* @param certPrefix Prefix before `KEY` component. By default, KeyChain will infer the
* certificate name according to the relation between the signingIdentity and
* the subject identity. If signingIdentity is a prefix of the subject identity,
* `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted
* after subject identity (i.e., before `ksk-....`).
- * @return IdentityCertificate.
+ * @return v1::IdentityCertificate.
*/
- shared_ptr<IdentityCertificate>
+ shared_ptr<v1::IdentityCertificate>
prepareUnsignedIdentityCertificate(const Name& keyName,
const Name& signingIdentity,
const time::system_clock::TimePoint& notBefore,
const time::system_clock::TimePoint& notAfter,
- const std::vector<CertificateSubjectDescription>& subjectDescription,
+ const std::vector<security::v1::CertificateSubjectDescription>& subjectDescription,
const Name& certPrefix = DEFAULT_PREFIX);
/**
@@ -234,23 +233,23 @@
* @param keyName Key name, e.g., `/<identity_name>/ksk-123456`.
* @param publicKey Public key to sign.
* @param signingIdentity The signing identity.
- * @param notBefore Refer to IdentityCertificate.
- * @param notAfter Refer to IdentityCertificate.
- * @param subjectDescription Refer to IdentityCertificate.
+ * @param notBefore Refer to v1::IdentityCertificate.
+ * @param notAfter Refer to v1::IdentityCertificate.
+ * @param subjectDescription Refer to v1::IdentityCertificate.
* @param certPrefix Prefix before `KEY` component. By default, KeyChain will infer the
* certificate name according to the relation between the signingIdentity and
* the subject identity. If signingIdentity is a prefix of the subject identity,
* `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted
* after subject identity (i.e., before `ksk-....`).
- * @return IdentityCertificate.
+ * @return v1::IdentityCertificate.
*/
- shared_ptr<IdentityCertificate>
+ shared_ptr<v1::IdentityCertificate>
prepareUnsignedIdentityCertificate(const Name& keyName,
- const PublicKey& publicKey,
+ const v1::PublicKey& publicKey,
const Name& signingIdentity,
const time::system_clock::TimePoint& notBefore,
const time::system_clock::TimePoint& notAfter,
- const std::vector<CertificateSubjectDescription>& subjectDescription,
+ const std::vector<security::v1::CertificateSubjectDescription>& subjectDescription,
const Name& certPrefix = DEFAULT_PREFIX);
/**
@@ -373,9 +372,9 @@
* @brief Generate a self-signed certificate for a public key.
*
* @param keyName The name of the public key
- * @return The generated certificate, shared_ptr<IdentityCertificate>() if selfSign fails
+ * @return The generated certificate, shared_ptr<v1::IdentityCertificate>() if selfSign fails
*/
- shared_ptr<IdentityCertificate>
+ shared_ptr<v1::IdentityCertificate>
selfSign(const Name& keyName);
/**
@@ -385,7 +384,7 @@
* @throws SecTpm::Error if the private key does not exist.
*/
void
- selfSign(IdentityCertificate& cert);
+ selfSign(v1::IdentityCertificate& cert);
/**
* @brief delete a certificate.
@@ -480,18 +479,18 @@
}
void
- addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer)
+ addPublicKey(const Name& keyName, KeyType keyType, const v1::PublicKey& publicKeyDer)
{
return m_pib->addKey(keyName, publicKeyDer);
}
void
- addKey(const Name& keyName, const PublicKey& publicKeyDer)
+ addKey(const Name& keyName, const v1::PublicKey& publicKeyDer)
{
return m_pib->addKey(keyName, publicKeyDer);
}
- shared_ptr<PublicKey>
+ shared_ptr<v1::PublicKey>
getPublicKey(const Name& keyName) const
{
return m_pib->getPublicKey(keyName);
@@ -504,12 +503,12 @@
}
void
- addCertificate(const IdentityCertificate& certificate)
+ addCertificate(const v1::IdentityCertificate& certificate)
{
return m_pib->addCertificate(certificate);
}
- shared_ptr<IdentityCertificate>
+ shared_ptr<v1::IdentityCertificate>
getCertificate(const Name& certificateName) const
{
return m_pib->getCertificate(certificateName);
@@ -630,24 +629,24 @@
}
void
- addCertificateAsKeyDefault(const IdentityCertificate& certificate)
+ addCertificateAsKeyDefault(const v1::IdentityCertificate& certificate)
{
return m_pib->addCertificateAsKeyDefault(certificate);
}
void
- addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
+ addCertificateAsIdentityDefault(const v1::IdentityCertificate& certificate)
{
return m_pib->addCertificateAsIdentityDefault(certificate);
}
void
- addCertificateAsSystemDefault(const IdentityCertificate& certificate)
+ addCertificateAsSystemDefault(const v1::IdentityCertificate& certificate)
{
return m_pib->addCertificateAsSystemDefault(certificate);
}
- shared_ptr<IdentityCertificate>
+ shared_ptr<v1::IdentityCertificate>
getDefaultCertificate() const
{
if (!static_cast<bool>(m_pib->getDefaultCertificate()))
@@ -714,7 +713,7 @@
return m_tpm->deleteKeyPairInTpm(keyName);
}
- shared_ptr<PublicKey>
+ shared_ptr<v1::PublicKey>
getPublicKeyFromTpm(const Name& keyName) const
{
return m_tpm->getPublicKeyFromTpm(keyName);
diff --git a/src/security/key.cpp b/src/security/key.cpp
index 3d91cad..c59a39d 100644
--- a/src/security/key.cpp
+++ b/src/security/key.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -34,7 +34,7 @@
}
Key::Key(const Name& identityName, const name::Component& keyId,
- const PublicKey& publicKey, shared_ptr<PibImpl> impl)
+ const v1::PublicKey& publicKey, shared_ptr<PibImpl> impl)
: m_id(identityName)
, m_keyId(keyId)
, m_key(publicKey)
@@ -91,7 +91,7 @@
return m_keyId;
}
-const PublicKey&
+const v1::PublicKey&
Key::getPublicKey() const
{
validityCheck();
@@ -100,7 +100,7 @@
}
void
-Key::addCertificate(const IdentityCertificate& certificate)
+Key::addCertificate(const v1::IdentityCertificate& certificate)
{
validityCheck();
@@ -126,7 +126,7 @@
m_needRefreshCerts = true;
}
-IdentityCertificate
+v1::IdentityCertificate
Key::getCertificate(const Name& certName) const
{
validityCheck();
@@ -147,7 +147,7 @@
return m_certificates;
}
-const IdentityCertificate&
+const v1::IdentityCertificate&
Key::setDefaultCertificate(const Name& certName)
{
validityCheck();
@@ -158,14 +158,14 @@
return m_defaultCertificate;
}
-const IdentityCertificate&
-Key::setDefaultCertificate(const IdentityCertificate& certificate)
+const v1::IdentityCertificate&
+Key::setDefaultCertificate(const v1::IdentityCertificate& certificate)
{
addCertificate(certificate);
return setDefaultCertificate(certificate.getName());
}
-const IdentityCertificate&
+const v1::IdentityCertificate&
Key::getDefaultCertificate() const
{
validityCheck();
diff --git a/src/security/key.hpp b/src/security/key.hpp
index 31d7fe7..a237a38 100644
--- a/src/security/key.hpp
+++ b/src/security/key.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,7 +22,7 @@
#ifndef NDN_SECURITY_KEY_HPP
#define NDN_SECURITY_KEY_HPP
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
#include "certificate-container.hpp"
namespace ndn {
@@ -83,7 +83,7 @@
getKeyId() const;
/// @brief Get public key
- const PublicKey&
+ const v1::PublicKey&
getPublicKey() const;
/**
@@ -92,7 +92,7 @@
* @return the certificate
* @throws Pib::Error if the certificate does not exist.
*/
- IdentityCertificate
+ v1::IdentityCertificate
getCertificate(const Name& certName) const;
/// @brief Get all the certificates for this key.
@@ -104,7 +104,7 @@
*
* @throws Pib::Error if the default certificate does not exist.
*/
- const IdentityCertificate&
+ const v1::IdentityCertificate&
getDefaultCertificate() const;
/// @brief Check if the Key instance is valid
@@ -122,7 +122,7 @@
* @param certificate The certificate to add.
*/
void
- addCertificate(const IdentityCertificate& certificate);
+ addCertificate(const v1::IdentityCertificate& certificate);
/**
* @brief Remove a certificate.
@@ -139,7 +139,7 @@
* @return the default certificate
* @throws Pib::Error if the certificate does not exist.
*/
- const IdentityCertificate&
+ const v1::IdentityCertificate&
setDefaultCertificate(const Name& certName);
/**
@@ -151,8 +151,8 @@
* @param certificate The certificate to add.
* @return the default certificate
*/
- const IdentityCertificate&
- setDefaultCertificate(const IdentityCertificate& certificate);
+ const v1::IdentityCertificate&
+ setDefaultCertificate(const v1::IdentityCertificate& certificate);
NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
/**
@@ -166,7 +166,7 @@
* @param impl The actual backend implementation.
*/
Key(const Name& identityName, const name::Component& keyId,
- const PublicKey& publicKey, shared_ptr<PibImpl> impl);
+ const v1::PublicKey& publicKey, shared_ptr<PibImpl> impl);
/**
* @brief Create an KeyEntry with @p identityName and @p keyId.
@@ -190,10 +190,10 @@
Name m_id;
name::Component m_keyId;
Name m_keyName;
- PublicKey m_key;
+ v1::PublicKey m_key;
mutable bool m_hasDefaultCertificate;
- mutable IdentityCertificate m_defaultCertificate;
+ mutable v1::IdentityCertificate m_defaultCertificate;
mutable bool m_needRefreshCerts;
mutable CertificateContainer m_certificates;
diff --git a/src/security/pib-impl.hpp b/src/security/pib-impl.hpp
index 90e7dfc..d2b2324 100644
--- a/src/security/pib-impl.hpp
+++ b/src/security/pib-impl.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,7 +23,7 @@
#define NDN_SECURITY_PIB_IMPL_HPP
#include <set>
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
namespace ndn {
namespace security {
@@ -161,7 +161,7 @@
* @param publicKey The public key bits.
*/
virtual void
- addKey(const Name& identity, const name::Component& keyId, const PublicKey& publicKey) = 0;
+ addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey) = 0;
/**
* @brief Remove a key.
@@ -183,7 +183,7 @@
* @return key bits
* @throws Pib::Error if the key does not exist.
*/
- virtual PublicKey
+ virtual v1::PublicKey
getKeyBits(const Name& identity, const name::Component& keyId) const = 0;
/**
@@ -238,7 +238,7 @@
* @param certificate The certificate to add.
*/
virtual void
- addCertificate(const IdentityCertificate& certificate) = 0;
+ addCertificate(const v1::IdentityCertificate& certificate) = 0;
/**
* @brief Remove a certificate with name @p certName.
@@ -257,7 +257,7 @@
* @return the certificate.
* @throws Pib::Error if the certificate does not exist.
*/
- virtual IdentityCertificate
+ virtual v1::IdentityCertificate
getCertificate(const Name& certName) const = 0;
/**
@@ -293,7 +293,7 @@
* @return a pointer to the certificate, null if no default certificate for the key.
* @throws Pib::Error if the default certificate does not exist.
*/
- virtual IdentityCertificate
+ virtual v1::IdentityCertificate
getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const = 0;
};
diff --git a/src/security/pib-memory.cpp b/src/security/pib-memory.cpp
index 09300f1..c472863 100644
--- a/src/security/pib-memory.cpp
+++ b/src/security/pib-memory.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -102,7 +102,7 @@
}
void
-PibMemory::addKey(const Name& identity, const name::Component& keyId, const PublicKey& publicKey)
+PibMemory::addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey)
{
this->addIdentity(identity);
@@ -127,7 +127,7 @@
}
}
-PublicKey
+v1::PublicKey
PibMemory::getKeyBits(const Name& identity, const name::Component& keyId) const
{
if (!hasKey(identity, keyId))
@@ -184,7 +184,7 @@
}
void
-PibMemory::addCertificate(const IdentityCertificate& certificate)
+PibMemory::addCertificate(const v1::IdentityCertificate& certificate)
{
this->addKey(certificate.getPublicKeyName().getPrefix(-1),
certificate.getPublicKeyName().get(-1),
@@ -201,10 +201,10 @@
PibMemory::removeCertificate(const Name& certName)
{
m_certs.erase(certName);
- m_defaultCert.erase(IdentityCertificate::certificateNameToPublicKeyName(certName));
+ m_defaultCert.erase(v1::IdentityCertificate::certificateNameToPublicKeyName(certName));
}
-IdentityCertificate
+v1::IdentityCertificate
PibMemory::getCertificate(const Name& certName) const
{
if (!hasCertificate(certName))
@@ -237,7 +237,7 @@
m_defaultCert[keyName] = certName;
}
-IdentityCertificate
+v1::IdentityCertificate
PibMemory::getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const
{
Name keyName = getKeyName(identity, keyId);
diff --git a/src/security/pib-memory.hpp b/src/security/pib-memory.hpp
index 377d52d..1a859ce 100644
--- a/src/security/pib-memory.hpp
+++ b/src/security/pib-memory.hpp
@@ -83,12 +83,12 @@
hasKey(const Name& identity, const name::Component& keyId) const override;
virtual void
- addKey(const Name& identity, const name::Component& keyId, const PublicKey& publicKey) override;
+ addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey) override;
virtual void
removeKey(const Name& identity, const name::Component& keyId) override;
- virtual PublicKey
+ virtual v1::PublicKey
getKeyBits(const Name& identity, const name::Component& keyId) const override;
virtual std::set<name::Component>
@@ -106,12 +106,12 @@
hasCertificate(const Name& certName) const override;
virtual void
- addCertificate(const IdentityCertificate& certificate) override;
+ addCertificate(const v1::IdentityCertificate& certificate) override;
virtual void
removeCertificate(const Name& certName) override;
- virtual IdentityCertificate
+ virtual v1::IdentityCertificate
getCertificate(const Name& certName) const override;
virtual std::set<Name>
@@ -120,7 +120,7 @@
virtual void
setDefaultCertificateOfKey(const Name& identity, const name::Component& keyId, const Name& certName) override;
- virtual IdentityCertificate
+ virtual v1::IdentityCertificate
getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const override;
private: // Key management
@@ -135,13 +135,13 @@
Name m_defaultIdentity;
/// @brief keyName => keyBits
- std::map<Name, PublicKey> m_keys;
+ std::map<Name, v1::PublicKey> m_keys;
/// @brief identity => default key Name
std::map<Name, Name> m_defaultKey;
/// @brief certificate Name => certificate
- std::map<Name, IdentityCertificate> m_certs;
+ std::map<Name, v1::IdentityCertificate> m_certs;
/// @brief keyName => default certificate Name
std::map<Name, Name> m_defaultCert;
diff --git a/src/security/pib-sqlite3.cpp b/src/security/pib-sqlite3.cpp
index cbded5b..dc21610 100644
--- a/src/security/pib-sqlite3.cpp
+++ b/src/security/pib-sqlite3.cpp
@@ -360,7 +360,7 @@
}
void
-PibSqlite3::addKey(const Name& identity, const name::Component& keyId, const PublicKey& publicKey)
+PibSqlite3::addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey)
{
if (hasKey(identity, keyId)) {
return;
@@ -392,7 +392,7 @@
statement.step();
}
-PublicKey
+v1::PublicKey
PibSqlite3::getKeyBits(const Name& identity, const name::Component& keyId) const
{
Name keyName = getKeyName(identity, keyId);
@@ -401,7 +401,7 @@
statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
if (statement.step() == SQLITE_ROW)
- return PublicKey(statement.getBlob(0), statement.getSize(0));
+ return v1::PublicKey(statement.getBlob(0), statement.getSize(0));
else
BOOST_THROW_EXCEPTION(Pib::Error("Key does not exist"));
}
@@ -469,7 +469,7 @@
}
void
-PibSqlite3::addCertificate(const IdentityCertificate& certificate)
+PibSqlite3::addCertificate(const v1::IdentityCertificate& certificate)
{
const Name& certName = certificate.getName();
const Name& keyName = certificate.getPublicKeyName();
@@ -498,7 +498,7 @@
statement.step();
}
-IdentityCertificate
+v1::IdentityCertificate
PibSqlite3::getCertificate(const Name& certName) const
{
Sqlite3Statement statement(m_database,
@@ -506,7 +506,7 @@
statement.bind(1, certName.wireEncode(), SQLITE_TRANSIENT);
if (statement.step() == SQLITE_ROW)
- return IdentityCertificate(statement.getBlock(0));
+ return v1::IdentityCertificate(statement.getBlock(0));
else
BOOST_THROW_EXCEPTION(Pib::Error("Certificate does not exit"));
}
@@ -544,7 +544,7 @@
statement.step();
}
-IdentityCertificate
+v1::IdentityCertificate
PibSqlite3::getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const
{
Name keyName = getKeyName(identity, keyId);
@@ -556,7 +556,7 @@
statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
if (statement.step() == SQLITE_ROW)
- return IdentityCertificate(statement.getBlock(0));
+ return v1::IdentityCertificate(statement.getBlock(0));
else
BOOST_THROW_EXCEPTION(Pib::Error("Certificate does not exit"));
}
diff --git a/src/security/pib-sqlite3.hpp b/src/security/pib-sqlite3.hpp
index 7e867cd..f8665c5 100644
--- a/src/security/pib-sqlite3.hpp
+++ b/src/security/pib-sqlite3.hpp
@@ -92,12 +92,12 @@
hasKey(const Name& identity, const name::Component& keyId) const final;
virtual void
- addKey(const Name& identity, const name::Component& keyId, const PublicKey& publicKey) final;
+ addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey) final;
virtual void
removeKey(const Name& identity, const name::Component& keyId) final;
- virtual PublicKey
+ virtual v1::PublicKey
getKeyBits(const Name& identity, const name::Component& keyId) const final;
virtual std::set<name::Component>
@@ -115,12 +115,12 @@
hasCertificate(const Name& certName) const final;
virtual void
- addCertificate(const IdentityCertificate& certificate) final;
+ addCertificate(const v1::IdentityCertificate& certificate) final;
virtual void
removeCertificate(const Name& certName) final;
- virtual IdentityCertificate
+ virtual v1::IdentityCertificate
getCertificate(const Name& certName) const final;
virtual std::set<Name>
@@ -130,7 +130,7 @@
setDefaultCertificateOfKey(const Name& identity, const name::Component& keyId,
const Name& certName) final;
- virtual IdentityCertificate
+ virtual v1::IdentityCertificate
getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const final;
private:
diff --git a/src/security/public-key.hpp b/src/security/public-key.hpp
index 3f90783..8e1a09b 100644
--- a/src/security/public-key.hpp
+++ b/src/security/public-key.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -17,107 +17,17 @@
* <http://www.gnu.org/licenses/>.
*
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
- * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
- * @author Jeff Thompson <jefft0@remap.ucla.edu>
*/
-#ifndef NDN_SECURITY_PUBLIC_KEY_HPP
-#define NDN_SECURITY_PUBLIC_KEY_HPP
+/**
+ * @file security/public-key.hpp
+ * @deprecated Use security/v1/public-key.hpp
+ */
-#include "../common.hpp"
-
-#include "../encoding/buffer.hpp"
-#include "../encoding/block.hpp"
#include "security-common.hpp"
-namespace CryptoPP {
-class BufferedTransformation;
-}
-
-namespace ndn {
-
-class PublicKey
-{
-public:
- class Error : public std::runtime_error
- {
- public:
- explicit
- Error(const std::string& what)
- : std::runtime_error(what)
- {
- }
- };
-
- /**
- * The default constructor.
- */
- PublicKey();
-
- /**
- * @brief Create a new PublicKey from @p keyDerBuf in DER buffer
- *
- * @param keyDerBuf The pointer to the first byte of buffer containing DER of public key
- * @param keyDerSize Size of the buffer
- *
- * @throws PublicKey::Error If DER in buffer cannot be decoded
- */
- PublicKey(const uint8_t* keyDerBuf, size_t keyDerSize);
-
- const Buffer&
- get() const
- {
- return m_key;
- }
-
- void
- set(const uint8_t* keyDerBuf, size_t keyDerSize)
- {
- Buffer buf(keyDerBuf, keyDerSize);
- m_key.swap(buf);
- }
-
- KeyType
- getKeyType() const
- {
- return m_type;
- }
-
- /**
- * @return a KeyDigest block that matches this public key
- */
- const Block&
- computeDigest() const;
-
- void
- encode(CryptoPP::BufferedTransformation& out) const;
-
- void
- decode(CryptoPP::BufferedTransformation& in);
-
- bool
- operator==(const PublicKey& key) const
- {
- return m_key == key.m_key;
- }
-
- bool
- operator!=(const PublicKey& key) const
- {
- return m_key != key.m_key;
- }
-
-private:
- KeyType m_type;
- Buffer m_key;
- mutable Block m_digest;
-};
-
-std::ostream&
-operator<<(std::ostream& os, const PublicKey& key);
-
-} // namespace ndn
-
-#endif //NDN_SECURITY_PUBLIC_KEY_HPP
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+#include "v1/public-key.hpp"
+#else
+#error "Deprecated. Use `v1/public-key.hpp` instead."
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
diff --git a/src/security/sec-public-info-sqlite3.cpp b/src/security/sec-public-info-sqlite3.cpp
index 1be311f..b392ba1 100644
--- a/src/security/sec-public-info-sqlite3.cpp
+++ b/src/security/sec-public-info-sqlite3.cpp
@@ -23,7 +23,7 @@
*/
#include "sec-public-info-sqlite3.hpp"
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
#include "signature-sha256-with-rsa.hpp"
#include "signature-sha256-with-ecdsa.hpp"
#include "../data.hpp"
@@ -36,6 +36,7 @@
#include <boost/filesystem.hpp>
namespace ndn {
+namespace security {
using std::string;
using std::vector;
@@ -363,7 +364,7 @@
void
SecPublicInfoSqlite3::addKey(const Name& keyName,
- const PublicKey& publicKeyDer)
+ const v1::PublicKey& publicKeyDer)
{
if (keyName.empty())
return;
@@ -396,7 +397,7 @@
sqlite3_finalize(statement);
}
-shared_ptr<PublicKey>
+shared_ptr<v1::PublicKey>
SecPublicInfoSqlite3::getPublicKey(const Name& keyName)
{
if (keyName.empty())
@@ -415,10 +416,10 @@
int res = sqlite3_step(statement);
- shared_ptr<PublicKey> result;
+ shared_ptr<v1::PublicKey> result;
if (res == SQLITE_ROW) {
- result = make_shared<PublicKey>(static_cast<const uint8_t*>(sqlite3_column_blob(statement, 0)),
- sqlite3_column_bytes(statement, 0));
+ result = make_shared<v1::PublicKey>(static_cast<const uint8_t*>(sqlite3_column_blob(statement, 0)),
+ sqlite3_column_bytes(statement, 0));
sqlite3_finalize(statement);
return result;
}
@@ -483,12 +484,12 @@
}
void
-SecPublicInfoSqlite3::addCertificate(const IdentityCertificate& certificate)
+SecPublicInfoSqlite3::addCertificate(const v1::IdentityCertificate& certificate)
{
const Name& certificateName = certificate.getName();
- // KeyName is from IdentityCertificate name, so should be qualified.
+ // KeyName is from v1::IdentityCertificate name, so should be qualified.
Name keyName =
- IdentityCertificate::certificateNameToPublicKeyName(certificate.getName());
+ v1::IdentityCertificate::certificateNameToPublicKeyName(certificate.getName());
addKey(keyName, certificate.getPublicKeyInfo());
@@ -537,7 +538,7 @@
sqlite3_finalize(statement);
}
-shared_ptr<IdentityCertificate>
+shared_ptr<v1::IdentityCertificate>
SecPublicInfoSqlite3::getCertificate(const Name& certificateName)
{
sqlite3_stmt* statement = nullptr;
@@ -551,7 +552,7 @@
int res = sqlite3_step(statement);
if (res == SQLITE_ROW) {
- shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>();
+ shared_ptr<v1::IdentityCertificate> certificate = make_shared<v1::IdentityCertificate>();
try {
certificate->wireDecode(Block(static_cast<const uint8_t*>(sqlite3_column_blob(statement, 0)),
sqlite3_column_bytes(statement, 0)));
@@ -723,7 +724,7 @@
if (!doesCertificateExist(certificateName))
BOOST_THROW_EXCEPTION(Error("certificate does not exist:" + certificateName.toUri()));
- Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certificateName);
+ Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certificateName);
string keyId = keyName.get(-1).toUri();
Name identityName = keyName.getPrefix(-1);
@@ -951,4 +952,5 @@
return SCHEME;
}
+} // namespace security
} // namespace ndn
diff --git a/src/security/sec-public-info-sqlite3.hpp b/src/security/sec-public-info-sqlite3.hpp
index 697ff12..fbe7d7e 100644
--- a/src/security/sec-public-info-sqlite3.hpp
+++ b/src/security/sec-public-info-sqlite3.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -31,6 +31,7 @@
struct sqlite3;
namespace ndn {
+namespace security {
class SecPublicInfoSqlite3 : public SecPublicInfo
{
@@ -77,9 +78,9 @@
doesPublicKeyExist(const Name& keyName);
virtual void
- addKey(const Name& keyName, const PublicKey& publicKeyDer);
+ addKey(const Name& keyName, const v1::PublicKey& publicKeyDer);
- virtual shared_ptr<PublicKey>
+ virtual shared_ptr<v1::PublicKey>
getPublicKey(const Name& keyName);
virtual KeyType
@@ -89,9 +90,9 @@
doesCertificateExist(const Name& certificateName);
virtual void
- addCertificate(const IdentityCertificate& certificate);
+ addCertificate(const v1::IdentityCertificate& certificate);
- virtual shared_ptr<IdentityCertificate>
+ virtual shared_ptr<v1::IdentityCertificate>
getCertificate(const Name& certificateName);
@@ -162,6 +163,10 @@
sqlite3* m_database;
};
+} // namespace security
+
+using security::SecPublicInfoSqlite3;
+
} // namespace ndn
#endif // NDN_SECURITY_SEC_PUBLIC_INFO_SQLITE3_HPP
diff --git a/src/security/sec-public-info.cpp b/src/security/sec-public-info.cpp
index 2226f51..7002d36 100644
--- a/src/security/sec-public-info.cpp
+++ b/src/security/sec-public-info.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,6 +22,7 @@
#include "sec-public-info.hpp"
namespace ndn {
+namespace security {
SecPublicInfo::SecPublicInfo(const std::string& location)
: m_location(location)
@@ -39,7 +40,7 @@
}
void
-SecPublicInfo::addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey)
+SecPublicInfo::addPublicKey(const Name& keyName, KeyType keyType, const v1::PublicKey& publicKey)
{
addKey(keyName, publicKey);
}
@@ -104,7 +105,7 @@
}
void
-SecPublicInfo::addCertificateAsKeyDefault(const IdentityCertificate& certificate)
+SecPublicInfo::addCertificateAsKeyDefault(const v1::IdentityCertificate& certificate)
{
addCertificate(certificate);
setDefaultCertificateNameForKeyInternal(certificate.getName());
@@ -112,35 +113,35 @@
}
void
-SecPublicInfo::addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
+SecPublicInfo::addCertificateAsIdentityDefault(const v1::IdentityCertificate& certificate)
{
addCertificate(certificate);
Name certName = certificate.getName();
- Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
+ Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certName);
setDefaultKeyNameForIdentityInternal(keyName);
setDefaultCertificateNameForKeyInternal(certName);
refreshDefaultCertificate();
}
void
-SecPublicInfo::addCertificateAsSystemDefault(const IdentityCertificate& certificate)
+SecPublicInfo::addCertificateAsSystemDefault(const v1::IdentityCertificate& certificate)
{
addCertificate(certificate);
Name certName = certificate.getName();
- Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
+ Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certName);
setDefaultIdentityInternal(keyName.getPrefix(-1));
setDefaultKeyNameForIdentityInternal(keyName);
setDefaultCertificateNameForKeyInternal(certName);
refreshDefaultCertificate();
}
-shared_ptr<IdentityCertificate>
+shared_ptr<v1::IdentityCertificate>
SecPublicInfo::defaultCertificate()
{
return getDefaultCertificate();
}
-shared_ptr<IdentityCertificate>
+shared_ptr<v1::IdentityCertificate>
SecPublicInfo::getDefaultCertificate()
{
return m_defaultCertificate;
@@ -158,4 +159,5 @@
}
}
+} // namespace security
} // namespace ndn
diff --git a/src/security/sec-public-info.hpp b/src/security/sec-public-info.hpp
index c4b7175..9f24538 100644
--- a/src/security/sec-public-info.hpp
+++ b/src/security/sec-public-info.hpp
@@ -24,11 +24,11 @@
#include "../name.hpp"
#include "security-common.hpp"
-#include "public-key.hpp"
-#include "identity-certificate.hpp"
-
+#include "v1/public-key.hpp"
+#include "v1/identity-certificate.hpp"
namespace ndn {
+namespace security {
/**
* @brief SecPublicInfo is a base class for the storage of public information.
@@ -132,7 +132,7 @@
*/
DEPRECATED(
void
- addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey));
+ addPublicKey(const Name& keyName, KeyType keyType, const v1::PublicKey& publicKey));
/**
* @brief Add a public key to the identity storage.
@@ -141,7 +141,7 @@
* @param publicKey Reference to the PublicKey object
*/
virtual void
- addKey(const Name& keyName, const PublicKey& publicKey) = 0;
+ addKey(const Name& keyName, const v1::PublicKey& publicKey) = 0;
/**
* @brief Get shared pointer to PublicKey object from the identity storage
@@ -149,7 +149,7 @@
* @param keyName The name of the requested public key
* @throws SecPublicInfo::Error if public key does not exist
*/
- virtual shared_ptr<PublicKey>
+ virtual shared_ptr<v1::PublicKey>
getPublicKey(const Name& keyName) = 0;
/**
@@ -180,7 +180,7 @@
* @param certificate The certificate to be added
*/
virtual void
- addCertificate(const IdentityCertificate& certificate) = 0;
+ addCertificate(const v1::IdentityCertificate& certificate) = 0;
/**
* @brief Get a shared pointer to identity certificate object from the identity storage
@@ -188,7 +188,7 @@
* @param certificateName The name of the requested certificate
* @throws SecPublicInfo::Error if the certificate does not exist
*/
- virtual shared_ptr<IdentityCertificate>
+ virtual shared_ptr<v1::IdentityCertificate>
getCertificate(const Name& certificateName) = 0;
@@ -404,7 +404,7 @@
* @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
*/
void
- addCertificateAsKeyDefault(const IdentityCertificate& certificate);
+ addCertificateAsKeyDefault(const v1::IdentityCertificate& certificate);
/**
* @brief Add a certificate into the public key identity storage and set the certificate as the
@@ -414,7 +414,7 @@
* @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
*/
void
- addCertificateAsIdentityDefault(const IdentityCertificate& certificate);
+ addCertificateAsIdentityDefault(const v1::IdentityCertificate& certificate);
/**
* @brief Add a certificate into the public key identity storage and set the certificate as the
@@ -424,24 +424,24 @@
* @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
*/
void
- addCertificateAsSystemDefault(const IdentityCertificate& certificate);
+ addCertificateAsSystemDefault(const v1::IdentityCertificate& certificate);
/**
* @brief Get cached default certificate of the default identity
*
- * @return The certificate which might be empty shared_ptr<IdentityCertificate>()
+ * @return The certificate which might be empty shared_ptr<v1::IdentityCertificate>()
* @deprecated Use getDefaultCertificate instead
*/
DEPRECATED(
- shared_ptr<IdentityCertificate>
+ shared_ptr<v1::IdentityCertificate>
defaultCertificate());
/**
* @brief Get cached default certificate of the default identity
*
- * @return The certificate which might be empty shared_ptr<IdentityCertificate>()
+ * @return The certificate which might be empty shared_ptr<v1::IdentityCertificate>()
*/
- shared_ptr<IdentityCertificate>
+ shared_ptr<v1::IdentityCertificate>
getDefaultCertificate();
/**
@@ -451,10 +451,14 @@
refreshDefaultCertificate();
protected:
- shared_ptr<IdentityCertificate> m_defaultCertificate;
+ shared_ptr<v1::IdentityCertificate> m_defaultCertificate;
std::string m_location;
};
+} // namespace security
+
+using security::SecPublicInfo;
+
} // namespace ndn
#endif // NDN_SECURITY_SEC_PUBLIC_INFO_HPP
diff --git a/src/security/sec-tpm-file.cpp b/src/security/sec-tpm-file.cpp
index adb5938..931d8fd 100644
--- a/src/security/sec-tpm-file.cpp
+++ b/src/security/sec-tpm-file.cpp
@@ -30,7 +30,7 @@
#include <boost/filesystem.hpp>
#include <boost/algorithm/string.hpp>
-#include "cryptopp.hpp"
+#include "v1/cryptopp.hpp"
#include <sys/types.h>
#include <sys/stat.h>
@@ -38,6 +38,7 @@
#include <algorithm>
namespace ndn {
+namespace security {
using std::string;
using std::ostringstream;
@@ -231,7 +232,7 @@
boost::filesystem::remove(privateKeyPath);
}
-shared_ptr<PublicKey>
+shared_ptr<v1::PublicKey>
SecTpmFile::getPublicKeyFromTpm(const Name& keyName)
{
string keyURI = keyName.toUri();
@@ -250,7 +251,7 @@
BOOST_THROW_EXCEPTION(Error(e.what()));
}
- return make_shared<PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()),
+ return make_shared<v1::PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()),
os.str().size());
}
@@ -320,7 +321,7 @@
AutoSeededRandomPool rng;
// Read public key
- shared_ptr<PublicKey> pubkeyPtr;
+ shared_ptr<v1::PublicKey> pubkeyPtr;
pubkeyPtr = getPublicKeyFromTpm(keyName);
switch (pubkeyPtr->getKeyType()) {
@@ -586,4 +587,5 @@
}
}
+} // namespace security
} // namespace ndn
diff --git a/src/security/sec-tpm-file.hpp b/src/security/sec-tpm-file.hpp
index e934fd7..ed25d2d 100644
--- a/src/security/sec-tpm-file.hpp
+++ b/src/security/sec-tpm-file.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -31,6 +31,7 @@
#include "sec-tpm.hpp"
namespace ndn {
+namespace security {
class SecTpmFile : public SecTpm
{
@@ -91,7 +92,7 @@
virtual void
deleteKeyPairInTpm(const Name& keyName);
- virtual shared_ptr<PublicKey>
+ virtual shared_ptr<v1::PublicKey>
getPublicKeyFromTpm(const Name& keyName);
virtual Block
@@ -143,6 +144,10 @@
bool m_inTerminal;
};
+} // namespace security
+
+using security::SecTpmFile;
+
} // namespace ndn
#endif // NDN_SECURITY_SEC_TPM_FILE_HPP
diff --git a/src/security/sec-tpm-osx.cpp b/src/security/sec-tpm-osx.cpp
index 92c6add..671a6f1 100644
--- a/src/security/sec-tpm-osx.cpp
+++ b/src/security/sec-tpm-osx.cpp
@@ -22,11 +22,11 @@
*/
#include "sec-tpm-osx.hpp"
-#include "public-key.hpp"
+#include "v1/public-key.hpp"
#include "../encoding/oid.hpp"
#include "../encoding/buffer-stream.hpp"
-#include "cryptopp.hpp"
+#include "v1/cryptopp.hpp"
#include <pwd.h>
#include <unistd.h>
@@ -43,6 +43,7 @@
#include <Security/SecDigestTransform.h>
namespace ndn {
+namespace security {
using std::string;
@@ -498,7 +499,7 @@
// throw Error("Fail to create a symmetric key");
}
-shared_ptr<PublicKey>
+shared_ptr<v1::PublicKey>
SecTpmOsx::getPublicKeyFromTpm(const Name& keyName)
{
CFReleaser<SecKeychainItemRef> publicKey = m_impl->getKey(keyName, KeyClass::PUBLIC);
@@ -517,8 +518,8 @@
BOOST_THROW_EXCEPTION(Error("Cannot export requested public key from OSX Keychain"));
}
- shared_ptr<PublicKey> key = make_shared<PublicKey>(CFDataGetBytePtr(exportedKey.get()),
- CFDataGetLength(exportedKey.get()));
+ shared_ptr<v1::PublicKey> key = make_shared<v1::PublicKey>(CFDataGetBytePtr(exportedKey.get()),
+ CFDataGetLength(exportedKey.get()));
return key;
}
@@ -540,7 +541,7 @@
"in OSX Keychain"));
}
- shared_ptr<PublicKey> publicKey = getPublicKeyFromTpm(keyName);
+ shared_ptr<v1::PublicKey> publicKey = getPublicKeyFromTpm(keyName);
CFReleaser<CFDataRef> exportedKey;
OSStatus res = SecItemExport(privateKey.get(),
@@ -561,9 +562,9 @@
}
uint32_t version = 0;
- OID algorithm;
+ Oid algorithm;
bool hasParameters = false;
- OID algorithmParameter;
+ Oid algorithmParameter;
switch (publicKey->getKeyType()) {
case KeyType::RSA: {
algorithm = oid::RSA; // "RSA encryption"
@@ -646,14 +647,14 @@
BERDecodeUnsigned<uint32_t>(privateKeyInfo, versionNum, INTEGER);
BERSequenceDecoder sequenceDecoder(privateKeyInfo);
{
- OID keyTypeOID;
- keyTypeOID.decode(sequenceDecoder);
+ Oid keyTypeOid;
+ keyTypeOid.decode(sequenceDecoder);
- if (keyTypeOID == oid::RSA)
+ if (keyTypeOid == oid::RSA)
BERDecodeNull(sequenceDecoder);
- else if (keyTypeOID == oid::ECDSA) {
- OID parameterOID;
- parameterOID.decode(sequenceDecoder);
+ else if (keyTypeOid == oid::ECDSA) {
+ Oid parameterOid;
+ parameterOid.decode(sequenceDecoder);
}
else
return false; // Unsupported key type;
@@ -1138,4 +1139,5 @@
}
}
+} // namespace security
} // namespace ndn
diff --git a/src/security/sec-tpm-osx.hpp b/src/security/sec-tpm-osx.hpp
index 5ed93d5..1713f06 100644
--- a/src/security/sec-tpm-osx.hpp
+++ b/src/security/sec-tpm-osx.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -33,6 +33,7 @@
#include "sec-tpm.hpp"
namespace ndn {
+namespace security {
class SecTpmOsx : public SecTpm
{
@@ -84,7 +85,7 @@
deleteKeyPairInTpmInternal(keyName, false);
}
- virtual shared_ptr<PublicKey>
+ virtual shared_ptr<v1::PublicKey>
getPublicKeyFromTpm(const Name& keyName);
virtual Block
@@ -160,6 +161,10 @@
shared_ptr<Impl> m_impl;
};
+} // namespace security
+
+using security::SecTpmOsx;
+
} // namespace ndn
#endif // NDN_SECURITY_SEC_TPM_OSX_HPP
diff --git a/src/security/sec-tpm.cpp b/src/security/sec-tpm.cpp
index 14e71fa..2ce3d66 100644
--- a/src/security/sec-tpm.cpp
+++ b/src/security/sec-tpm.cpp
@@ -25,14 +25,13 @@
#include "../encoding/oid.hpp"
#include "../encoding/buffer-stream.hpp"
-#include "cryptopp.hpp"
+#include "v1/cryptopp.hpp"
#include <unistd.h>
namespace ndn {
+namespace security {
-using std::string;
-
-SecTpm::SecTpm(const string& location)
+SecTpm::SecTpm(const std::string& location)
: m_location(location)
{
}
@@ -48,7 +47,7 @@
}
ConstBufferPtr
-SecTpm::exportPrivateKeyPkcs5FromTpm(const Name& keyName, const string& passwordStr)
+SecTpm::exportPrivateKeyPkcs5FromTpm(const Name& keyName, const std::string& passwordStr)
{
using namespace CryptoPP;
@@ -94,9 +93,9 @@
}
// encode
- OID pbes2Id("1.2.840.113549.1.5.13");
- OID pbkdf2Id("1.2.840.113549.1.5.12");
- OID pbes2encsId("1.2.840.113549.3.7");
+ Oid pbes2Id("1.2.840.113549.1.5.13");
+ Oid pbkdf2Id("1.2.840.113549.1.5.12");
+ Oid pbes2encsId("1.2.840.113549.3.7");
OBufferStream pkcs8Os;
try {
@@ -167,15 +166,15 @@
bool
SecTpm::importPrivateKeyPkcs5IntoTpm(const Name& keyName,
const uint8_t* buf, size_t size,
- const string& passwordStr)
+ const std::string& passwordStr)
{
using namespace CryptoPP;
- OID pbes2Id;
- OID pbkdf2Id;
+ Oid pbes2Id;
+ Oid pbkdf2Id;
SecByteBlock saltBlock;
uint32_t iterationCount;
- OID pbes2encsId;
+ Oid pbes2encsId;
SecByteBlock ivBlock;
SecByteBlock encryptedDataBlock;
@@ -290,11 +289,11 @@
BERDecodeUnsigned<uint32_t>(privateKeyInfo, versionNum, INTEGER);
BERSequenceDecoder sequenceDecoder(privateKeyInfo);
{
- OID keyTypeOID;
- keyTypeOID.decode(sequenceDecoder);
- if (keyTypeOID == oid::RSA)
+ Oid keyTypeOid;
+ keyTypeOid.decode(sequenceDecoder);
+ if (keyTypeOid == oid::RSA)
publicKeyType = KeyType::RSA;
- else if (keyTypeOID == oid::ECDSA)
+ else if (keyTypeOid == oid::ECDSA)
publicKeyType = KeyType::EC;
else
return false; // Unsupported key type;
@@ -382,5 +381,5 @@
return isInitialized;
}
-
+} // namespace security
} // namespace ndn
diff --git a/src/security/sec-tpm.hpp b/src/security/sec-tpm.hpp
index 1ade1d6..3da278e 100644
--- a/src/security/sec-tpm.hpp
+++ b/src/security/sec-tpm.hpp
@@ -28,10 +28,11 @@
#include "security-common.hpp"
#include "../name.hpp"
#include "../data.hpp"
-#include "public-key.hpp"
#include "key-params.hpp"
+#include "v1/public-key.hpp"
namespace ndn {
+namespace security {
/**
* @brief SecTpm is the base class of the TPM classes.
@@ -136,7 +137,7 @@
* @return The public key.
* @throws SecTpm::Error if public key does not exist in TPM.
*/
- virtual shared_ptr<PublicKey>
+ virtual shared_ptr<v1::PublicKey>
getPublicKeyFromTpm(const Name& keyName) = 0;
/**
@@ -300,6 +301,10 @@
std::string m_location;
};
+} // namespace security
+
+using security::SecTpm;
+
} // namespace ndn
#endif // NDN_SECURITY_SEC_TPM_HPP
diff --git a/src/security/secured-bag.cpp b/src/security/secured-bag.cpp
index 1780c3a..66fad02 100644
--- a/src/security/secured-bag.cpp
+++ b/src/security/secured-bag.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -41,7 +41,7 @@
this->wireDecode(wire);
}
-SecuredBag::SecuredBag(const IdentityCertificate& cert, ConstBufferPtr key)
+SecuredBag::SecuredBag(const v1::IdentityCertificate& cert, ConstBufferPtr key)
: m_cert(cert)
, m_key(key)
, m_wire(tlv::security::IdentityPackage)
diff --git a/src/security/secured-bag.hpp b/src/security/secured-bag.hpp
index 3393e8a..5dd27fc 100644
--- a/src/security/secured-bag.hpp
+++ b/src/security/secured-bag.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,9 +23,10 @@
#define NDN_SECURITY_SECURED_BAG_HPP
#include "../common.hpp"
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
namespace ndn {
+namespace security {
class SecuredBag
{
@@ -45,7 +46,7 @@
explicit
SecuredBag(const Block& wire);
- SecuredBag(const IdentityCertificate& cert,
+ SecuredBag(const v1::IdentityCertificate& cert,
ConstBufferPtr key);
virtual
@@ -57,7 +58,7 @@
const Block&
wireEncode() const;
- const IdentityCertificate&
+ const v1::IdentityCertificate&
getCertificate() const
{
return m_cert;
@@ -70,12 +71,16 @@
}
private:
- IdentityCertificate m_cert;
+ v1::IdentityCertificate m_cert;
ConstBufferPtr m_key;
mutable Block m_wire;
};
+} // namespace security
+
+using security::SecuredBag;
+
} // namespace ndn
#endif // NDN_SECURITY_SECURED_BAG_HPP
diff --git a/src/security/security-common.hpp b/src/security/security-common.hpp
index 542e169..bd709f5 100644
--- a/src/security/security-common.hpp
+++ b/src/security/security-common.hpp
@@ -24,6 +24,8 @@
#include "../common.hpp"
+#define NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
namespace ndn {
namespace signed_interest {
diff --git a/src/security/certificate-extension.cpp b/src/security/v1/certificate-extension.cpp
similarity index 94%
rename from src/security/certificate-extension.cpp
rename to src/security/v1/certificate-extension.cpp
index d215662..d871eac 100644
--- a/src/security/certificate-extension.cpp
+++ b/src/security/v1/certificate-extension.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,12 +22,12 @@
* @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
*/
-#include "common.hpp"
-
#include "certificate-extension.hpp"
#include "cryptopp.hpp"
namespace ndn {
+namespace security {
+namespace v1 {
void
CertificateExtension::encode(CryptoPP::BufferedTransformation& out) const
@@ -72,4 +72,6 @@
extension.MessageEnd();
}
+} // namespace v1
+} // namespace security
} // namespace ndn
diff --git a/src/security/certificate-extension.hpp b/src/security/v1/certificate-extension.hpp
similarity index 76%
rename from src/security/certificate-extension.hpp
rename to src/security/v1/certificate-extension.hpp
index 4a42eac..c898835 100644
--- a/src/security/certificate-extension.hpp
+++ b/src/security/v1/certificate-extension.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,18 +23,20 @@
* @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
*/
-#ifndef NDN_SECURITY_CERTIFICATE_EXTENSION_HPP
-#define NDN_SECURITY_CERTIFICATE_EXTENSION_HPP
+#ifndef NDN_SECURITY_V1_CERTIFICATE_EXTENSION_HPP
+#define NDN_SECURITY_V1_CERTIFICATE_EXTENSION_HPP
-#include "../common.hpp"
-#include "../encoding/buffer.hpp"
-#include "../encoding/oid.hpp"
+#include "../../common.hpp"
+#include "../../encoding/buffer.hpp"
+#include "../../encoding/oid.hpp"
namespace CryptoPP {
class BufferedTransformation;
-}
+} // namespace CryptoPP
namespace ndn {
+namespace security {
+namespace v1 {
/**
* A CertificateExtension represents the Extension entry in a certificate.
@@ -64,12 +66,12 @@
* @param isCritical If true, the extension must be handled.
* @param value The extension value.
*/
- CertificateExtension(const OID& oid, const bool isCritical, const Buffer& value)
+ CertificateExtension(const Oid& oid, const bool isCritical, const Buffer& value)
: m_extensionId(oid), m_isCritical(isCritical), m_extensionValue(value)
{
}
- CertificateExtension(const OID& oid, const bool isCritical,
+ CertificateExtension(const Oid& oid, const bool isCritical,
const uint8_t* value, size_t valueSize)
: m_extensionId(oid), m_isCritical(isCritical), m_extensionValue(value, valueSize)
{
@@ -89,7 +91,7 @@
void
decode(CryptoPP::BufferedTransformation& in);
- inline const OID&
+ inline const Oid&
getOid() const
{
return m_extensionId;
@@ -108,11 +110,19 @@
}
protected:
- OID m_extensionId;
+ Oid m_extensionId;
bool m_isCritical;
Buffer m_extensionValue;
};
+} // namespace v1
+} // namespace security
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+/// @deprecated When needed, use explicit namespace
+using security::v1::CertificateExtension;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
} // namespace ndn
-#endif //NDN_SECURITY_CERTIFICATE_EXTENSION_HPP
+#endif // NDN_SECURITY_V1_CERTIFICATE_EXTENSION_HPP
diff --git a/src/security/certificate-subject-description.cpp b/src/security/v1/certificate-subject-description.cpp
similarity index 94%
rename from src/security/certificate-subject-description.cpp
rename to src/security/v1/certificate-subject-description.cpp
index 60f7dbb..1e910c2 100644
--- a/src/security/certificate-subject-description.cpp
+++ b/src/security/v1/certificate-subject-description.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,13 +23,13 @@
* @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
*/
-#include "common.hpp"
-
#include "certificate-subject-description.hpp"
#include "cryptopp.hpp"
namespace ndn {
+namespace security {
+namespace v1 {
void
CertificateSubjectDescription::encode(CryptoPP::BufferedTransformation& out) const
@@ -79,4 +79,6 @@
attributeTypeAndValue.MessageEnd();
}
+} // namespace v1
+} // namespace security
} // namespace ndn
diff --git a/src/security/certificate-subject-description.hpp b/src/security/v1/certificate-subject-description.hpp
similarity index 74%
rename from src/security/certificate-subject-description.hpp
rename to src/security/v1/certificate-subject-description.hpp
index 0e56dfa..00eab76 100644
--- a/src/security/certificate-subject-description.hpp
+++ b/src/security/v1/certificate-subject-description.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,17 +23,19 @@
* @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
*/
-#ifndef NDN_SECURITY_CERTIFICATE_SUBJECT_DESCRIPTION_HPP
-#define NDN_SECURITY_CERTIFICATE_SUBJECT_DESCRIPTION_HPP
+#ifndef NDN_SECURITY_V1_CERTIFICATE_SUBJECT_DESCRIPTION_HPP
+#define NDN_SECURITY_V1_CERTIFICATE_SUBJECT_DESCRIPTION_HPP
-#include "../common.hpp"
-#include "../encoding/oid.hpp"
+#include "../../common.hpp"
+#include "../../encoding/oid.hpp"
namespace CryptoPP {
class BufferedTransformation;
-}
+} // namespace CryptoPP
namespace ndn {
+namespace security {
+namespace v1 {
/**
* A CertificateSubjectDescription represents the SubjectDescription entry in a Certificate.
@@ -52,7 +54,7 @@
* @param oid The oid of the subject description entry.
* @param value The value of the subject description entry.
*/
- CertificateSubjectDescription(const OID& oid, const std::string& value)
+ CertificateSubjectDescription(const Oid& oid, const std::string& value)
: m_oid(oid), m_value(value)
{
}
@@ -76,10 +78,18 @@
}
private:
- OID m_oid;
+ Oid m_oid;
std::string m_value;
};
+} // namespace v1
+} // namespace security
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+/// @deprecated When needed, use explicit namespace
+using security::v1::CertificateSubjectDescription;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
} // namespace ndn
-#endif //NDN_SECURITY_CERTIFICATE_SUBJECT_DESCRIPTION_HPP
+#endif // NDN_SECURITY_V1_CERTIFICATE_SUBJECT_DESCRIPTION_HPP
diff --git a/src/security/certificate.cpp b/src/security/v1/certificate.cpp
similarity index 96%
rename from src/security/certificate.cpp
rename to src/security/v1/certificate.cpp
index 1b004ed..823c994 100644
--- a/src/security/certificate.cpp
+++ b/src/security/v1/certificate.cpp
@@ -23,19 +23,19 @@
* @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
*/
-#include "common.hpp"
-
#include "certificate.hpp"
-#include "../util/time.hpp"
+#include "../../util/time.hpp"
#include "cryptopp.hpp"
-#include "../encoding/cryptopp/asn_ext.hpp"
-#include "../encoding/buffer-stream.hpp"
-#include "../util/concepts.hpp"
-#include "../util/indented-stream.hpp"
+#include "../../encoding/cryptopp/asn_ext.hpp"
+#include "../../encoding/buffer-stream.hpp"
+#include "../../util/concepts.hpp"
+#include "../../util/indented-stream.hpp"
#include <boost/algorithm/string/split.hpp>
namespace ndn {
+namespace security {
+namespace v1 {
BOOST_CONCEPT_ASSERT((WireEncodable<Certificate>));
BOOST_CONCEPT_ASSERT((WireDecodable<Certificate>));
@@ -354,5 +354,6 @@
return os;
}
-
+} // namespace v1
+} // namespace security
} // namespace ndn
diff --git a/src/security/certificate.hpp b/src/security/v1/certificate.hpp
similarity index 89%
rename from src/security/certificate.hpp
rename to src/security/v1/certificate.hpp
index 51efb7d..f2f70bf 100644
--- a/src/security/certificate.hpp
+++ b/src/security/v1/certificate.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,16 +23,18 @@
* @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
*/
-#ifndef NDN_SECURITY_CERTIFICATE_HPP
-#define NDN_SECURITY_CERTIFICATE_HPP
+#ifndef NDN_SECURITY_V1_CERTIFICATE_HPP
+#define NDN_SECURITY_V1_CERTIFICATE_HPP
-#include "../common.hpp"
-#include "../data.hpp"
+#include "../../common.hpp"
+#include "../../data.hpp"
#include "certificate-subject-description.hpp"
#include "certificate-extension.hpp"
#include "public-key.hpp"
namespace ndn {
+namespace security {
+namespace v1 {
class Certificate : public Data
{
@@ -210,6 +212,15 @@
std::ostream&
operator<<(std::ostream& os, const Certificate& cert);
+
+} // namespace v1
+} // namespace security
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+/// @deprecated When needed, use explicit namespace
+using security::v1::Certificate;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
} // namespace ndn
-#endif // NDN_SECURITY_CERTIFICATE_HPP
+#endif // NDN_SECURITY_V1_CERTIFICATE_HPP
diff --git a/src/security/v1/cryptopp.hpp b/src/security/v1/cryptopp.hpp
new file mode 100644
index 0000000..4de66bb
--- /dev/null
+++ b/src/security/v1/cryptopp.hpp
@@ -0,0 +1,45 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_V1_CRYPTOPP_HPP
+#define NDN_SECURITY_V1_CRYPTOPP_HPP
+
+// suppress CryptoPP warnings
+#pragma GCC system_header
+#pragma clang system_header
+
+#include <cryptopp/asn.h>
+#include <cryptopp/base64.h>
+#include <cryptopp/des.h>
+#include <cryptopp/files.h>
+#include <cryptopp/filters.h>
+#include <cryptopp/hex.h>
+#include <cryptopp/modes.h>
+#include <cryptopp/osrng.h>
+#include <cryptopp/pssr.h>
+#include <cryptopp/pwdbased.h>
+#include <cryptopp/rsa.h>
+#include <cryptopp/sha.h>
+#include <cryptopp/eccrypto.h>
+#include <cryptopp/oids.h>
+#include <cryptopp/dsa.h>
+
+#endif // NDN_SECURITY_V1_CRYPTOPP_HPP
diff --git a/src/security/identity-certificate.cpp b/src/security/v1/identity-certificate.cpp
similarity index 95%
rename from src/security/identity-certificate.cpp
rename to src/security/v1/identity-certificate.cpp
index 7a7180d..ea8a946 100644
--- a/src/security/identity-certificate.cpp
+++ b/src/security/v1/identity-certificate.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,12 +19,12 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#include "common.hpp"
-
#include "identity-certificate.hpp"
-#include "../util/concepts.hpp"
+#include "../../util/concepts.hpp"
namespace ndn {
+namespace security {
+namespace v1 {
using std::string;
@@ -143,4 +143,6 @@
tmpName.size() - keyComponentIndex - 1));
}
+} // namespace v1
+} // namespace security
} // namespace ndn
diff --git a/src/security/v1/identity-certificate.hpp b/src/security/v1/identity-certificate.hpp
new file mode 100644
index 0000000..7ea4fe4
--- /dev/null
+++ b/src/security/v1/identity-certificate.hpp
@@ -0,0 +1,110 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ *
+ * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
+ */
+
+#ifndef NDN_SECURITY_V1_IDENTITY_CERTIFICATE_HPP
+#define NDN_SECURITY_V1_IDENTITY_CERTIFICATE_HPP
+
+#include "../../common.hpp"
+#include "certificate.hpp"
+
+namespace ndn {
+namespace security {
+namespace v1 {
+
+class IdentityCertificate : public Certificate
+{
+public:
+ class Error : public Certificate::Error
+ {
+ public:
+ explicit
+ Error(const std::string& what)
+ : Certificate::Error(what)
+ {
+ }
+ };
+
+ /**
+ * @brief The default constructor.
+ */
+ IdentityCertificate();
+
+ /**
+ * @brief Create an IdentityCertificate from the content in the data packet.
+ * @param data The data packet with the content to decode.
+ */
+ explicit
+ IdentityCertificate(const Data& data);
+
+ /**
+ * @brief Create an IdentityCertificate from a block.
+ * @param block The raw block of the certificate.
+ */
+ explicit
+ IdentityCertificate(const Block& block);
+
+ void
+ wireDecode(const Block& wire);
+
+ void
+ setName(const Name& name);
+
+ const Name&
+ getPublicKeyName() const
+ {
+ return m_publicKeyName;
+ }
+
+ static bool
+ isIdentityCertificate(const Certificate& certificate);
+
+ /**
+ * @brief Get the public key name from the full certificate name.
+ * @param certificateName The full certificate name.
+ * @return The related public key name.
+ */
+ static Name
+ certificateNameToPublicKeyName(const Name& certificateName);
+
+private:
+ static bool
+ isCorrectName(const Name& name);
+
+ void
+ setPublicKeyName();
+
+protected:
+ Name m_publicKeyName;
+};
+
+} // namespace v1
+} // namespace security
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+/// @deprecated When needed, use explicit namespace
+using security::v1::IdentityCertificate;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
+} // namespace ndn
+
+#endif // NDN_SECURITY_V1_IDENTITY_CERTIFICATE_HPP
diff --git a/src/security/public-key.cpp b/src/security/v1/public-key.cpp
similarity index 93%
rename from src/security/public-key.cpp
rename to src/security/v1/public-key.cpp
index e366a47..2721dee 100644
--- a/src/security/public-key.cpp
+++ b/src/security/v1/public-key.cpp
@@ -24,11 +24,13 @@
#include "public-key.hpp"
-#include "../encoding/oid.hpp"
-#include "../util/crypto.hpp"
+#include "../../encoding/oid.hpp"
+#include "../../util/crypto.hpp"
#include "cryptopp.hpp"
namespace ndn {
+namespace security {
+namespace v1 {
PublicKey::PublicKey()
: m_type(KeyType::NONE)
@@ -51,7 +53,7 @@
if (m_digest.hasWire())
return m_digest;
else {
- m_digest = Block(tlv::KeyDigest, crypto::sha256(m_key.buf(), m_key.size()));
+ m_digest = Block(tlv::KeyDigest, crypto::computeSha256Digest(m_key.buf(), m_key.size()));
m_digest.encode();
return m_digest;
}
@@ -102,7 +104,7 @@
{
BERSequenceDecoder algorithmInfo(subjectPublicKeyInfo);
{
- OID algorithm;
+ Oid algorithm;
algorithm.decode(algorithmInfo);
if (algorithm == oid::RSA)
@@ -148,4 +150,6 @@
return os;
}
+} // namespace v1
+} // namespace security
} // namespace ndn
diff --git a/src/security/v1/public-key.hpp b/src/security/v1/public-key.hpp
new file mode 100644
index 0000000..6b67535
--- /dev/null
+++ b/src/security/v1/public-key.hpp
@@ -0,0 +1,133 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ *
+ * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
+ * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
+ * @author Jeff Thompson <jefft0@remap.ucla.edu>
+ */
+
+#ifndef NDN_SECURITY_V1_PUBLIC_KEY_HPP
+#define NDN_SECURITY_V1_PUBLIC_KEY_HPP
+
+#include "../../common.hpp"
+
+#include "../../encoding/buffer.hpp"
+#include "../../encoding/block.hpp"
+#include "../security-common.hpp"
+
+namespace CryptoPP {
+class BufferedTransformation;
+} // namespace CryptoPP
+
+namespace ndn {
+namespace security {
+namespace v1 {
+
+class PublicKey
+{
+public:
+ class Error : public std::runtime_error
+ {
+ public:
+ explicit
+ Error(const std::string& what)
+ : std::runtime_error(what)
+ {
+ }
+ };
+
+ /**
+ * The default constructor.
+ */
+ PublicKey();
+
+ /**
+ * @brief Create a new PublicKey from @p keyDerBuf in DER buffer
+ *
+ * @param keyDerBuf The pointer to the first byte of buffer containing DER of public key
+ * @param keyDerSize Size of the buffer
+ *
+ * @throws PublicKey::Error If DER in buffer cannot be decoded
+ */
+ PublicKey(const uint8_t* keyDerBuf, size_t keyDerSize);
+
+ const Buffer&
+ get() const
+ {
+ return m_key;
+ }
+
+ void
+ set(const uint8_t* keyDerBuf, size_t keyDerSize)
+ {
+ Buffer buf(keyDerBuf, keyDerSize);
+ m_key.swap(buf);
+ }
+
+ KeyType
+ getKeyType() const
+ {
+ return m_type;
+ }
+
+ /**
+ * @return a KeyDigest block that matches this public key
+ */
+ const Block&
+ computeDigest() const;
+
+ void
+ encode(CryptoPP::BufferedTransformation& out) const;
+
+ void
+ decode(CryptoPP::BufferedTransformation& in);
+
+ bool
+ operator==(const PublicKey& key) const
+ {
+ return m_key == key.m_key;
+ }
+
+ bool
+ operator!=(const PublicKey& key) const
+ {
+ return m_key != key.m_key;
+ }
+
+private:
+ KeyType m_type;
+ Buffer m_key;
+ mutable Block m_digest;
+};
+
+std::ostream&
+operator<<(std::ostream& os, const PublicKey& key);
+
+} // namespace v1
+} // namespace security
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+/// @deprecated When needed, use explicit namespace
+using security::v1::PublicKey;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
+} // namespace ndn
+
+#endif // NDN_SECURITY_V1_PUBLIC_KEY_HPP
diff --git a/src/security/additional-description.cpp b/src/security/v2/additional-description.cpp
similarity index 96%
rename from src/security/additional-description.cpp
rename to src/security/v2/additional-description.cpp
index c912638..6fdfd53 100644
--- a/src/security/additional-description.cpp
+++ b/src/security/v2/additional-description.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,11 +20,12 @@
*/
#include "additional-description.hpp"
-#include "../util/concepts.hpp"
-#include "../encoding/block-helpers.hpp"
+#include "../../util/concepts.hpp"
+#include "../../encoding/block-helpers.hpp"
namespace ndn {
namespace security {
+namespace v2 {
BOOST_CONCEPT_ASSERT((boost::EqualityComparable<AdditionalDescription>));
BOOST_CONCEPT_ASSERT((WireEncodable<AdditionalDescription>));
@@ -193,5 +194,6 @@
return os;
}
+} // namespace v2
} // namespace security
} // namespace ndn
diff --git a/src/security/additional-description.hpp b/src/security/v2/additional-description.hpp
similarity index 87%
rename from src/security/additional-description.hpp
rename to src/security/v2/additional-description.hpp
index b34cb74..d5142ae 100644
--- a/src/security/additional-description.hpp
+++ b/src/security/v2/additional-description.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,16 +19,17 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_ADDITIONAL_DESCRIPTION_HPP
-#define NDN_SECURITY_ADDITIONAL_DESCRIPTION_HPP
+#ifndef NDN_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
+#define NDN_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
-#include "../common.hpp"
-#include "../encoding/tlv.hpp"
-#include "../encoding/block.hpp"
+#include "../../common.hpp"
+#include "../../encoding/tlv.hpp"
+#include "../../encoding/block.hpp"
#include <map>
namespace ndn {
namespace security {
+namespace v2 {
/**
* @brief Abstraction of AdditionalDescription
@@ -125,7 +126,11 @@
std::ostream&
operator<<(std::ostream& os, const AdditionalDescription& period);
+} // namespace v2
+
+using v2::AdditionalDescription;
+
} // namespace security
} // namespace ndn
-#endif // NDN_SECURITY_ADDITIONAL_DESCRIPTION_HPP
+#endif // NDN_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
diff --git a/src/security/validation-request.hpp b/src/security/validation-request.hpp
index d9aae80..000f61b 100644
--- a/src/security/validation-request.hpp
+++ b/src/security/validation-request.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -27,6 +27,8 @@
#include "../interest.hpp"
namespace ndn {
+namespace security {
+
/// @brief Callback to report a successful Interest validation.
typedef function<void(const shared_ptr<const Interest>&)> OnInterestValidated;
@@ -82,6 +84,14 @@
int m_nSteps;
};
+} // namespace security
+
+using security::ValidationRequest;
+using security::OnInterestValidated;
+using security::OnInterestValidationFailed;
+using security::OnDataValidated;
+using security::OnDataValidationFailed;
+
} // namespace ndn
#endif //NDN_SECURITY_VALIDATION_REQUEST_HPP
diff --git a/src/security/validator-config.cpp b/src/security/validator-config.cpp
index ba37a5a..f643c84 100644
--- a/src/security/validator-config.cpp
+++ b/src/security/validator-config.cpp
@@ -31,6 +31,7 @@
#include <boost/algorithm/string.hpp>
namespace ndn {
+namespace security {
const shared_ptr<CertificateCache> ValidatorConfig::DEFAULT_CERTIFICATE_CACHE;
const time::milliseconds ValidatorConfig::DEFAULT_GRACE_INTERVAL(3000);
@@ -275,8 +276,8 @@
BOOST_THROW_EXCEPTION(Error("Expect the end of trust-anchor!"));
path certfilePath = absolute(file, path(filename).parent_path());
- shared_ptr<IdentityCertificate> idCert =
- io::load<IdentityCertificate>(certfilePath.string());
+ shared_ptr<v1::IdentityCertificate> idCert =
+ io::load<v1::IdentityCertificate>(certfilePath.string());
if (static_cast<bool>(idCert))
{
@@ -303,7 +304,7 @@
if (propertyIt != configSection.end())
BOOST_THROW_EXCEPTION(Error("Expect the end of trust-anchor!"));
- shared_ptr<IdentityCertificate> idCert = io::load<IdentityCertificate>(ss);
+ shared_ptr<v1::IdentityCertificate> idCert = io::load<v1::IdentityCertificate>(ss);
if (static_cast<bool>(idCert))
{
@@ -357,8 +358,8 @@
for (directory_iterator it(dirPath); it != end; it++)
{
- shared_ptr<IdentityCertificate> idCert =
- io::load<IdentityCertificate>(it->path().string());
+ shared_ptr<v1::IdentityCertificate> idCert =
+ io::load<v1::IdentityCertificate>(it->path().string());
if (static_cast<bool>(idCert))
m_staticContainer.add(idCert);
@@ -552,7 +553,7 @@
return onValidationFailed(interest.shared_from_this(),
"Key Locator is not a name");
- Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocator.getName());
+ Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(keyLocator.getName());
bool isMatched = false;
int8_t checkResult = -1;
@@ -594,7 +595,7 @@
return onValidationFailed(interest.shared_from_this(),
"No valid KeyLocator");
}
- catch (IdentityCertificate::Error& e)
+ catch (v1::IdentityCertificate::Error& e)
{
return onValidationFailed(interest.shared_from_this(),
"Cannot determine the signing key");
@@ -710,8 +711,8 @@
for (directory_iterator it(m_path); it != end; it++)
{
- shared_ptr<IdentityCertificate> idCert =
- io::load<IdentityCertificate>(it->path().string());
+ shared_ptr<v1::IdentityCertificate> idCert =
+ io::load<v1::IdentityCertificate>(it->path().string());
if (static_cast<bool>(idCert))
m_certificates.push_back(idCert);
@@ -719,8 +720,8 @@
}
else
{
- shared_ptr<IdentityCertificate> idCert =
- io::load<IdentityCertificate>(m_path.string());
+ shared_ptr<v1::IdentityCertificate> idCert =
+ io::load<v1::IdentityCertificate>(m_path.string());
if (static_cast<bool>(idCert))
m_certificates.push_back(idCert);
@@ -779,7 +780,7 @@
const Name& keyLocatorName = signature.getKeyLocator().getName();
- shared_ptr<const Certificate> trustedCert;
+ shared_ptr<const v1::Certificate> trustedCert;
refreshAnchors();
@@ -838,9 +839,9 @@
"Cannot retrieve signer's cert: " +
signCertificate->getName().toUri());
- shared_ptr<IdentityCertificate> certificate;
+ shared_ptr<v1::IdentityCertificate> certificate;
try {
- certificate = make_shared<IdentityCertificate>(*signCertificate);
+ certificate = make_shared<v1::IdentityCertificate>(*signCertificate);
}
catch (tlv::Error&) {
return onValidationFailed(packet,
@@ -879,4 +880,5 @@
onValidationFailed(packet, failureInfo);
}
+} // namespace security
} // namespace ndn
diff --git a/src/security/validator-config.hpp b/src/security/validator-config.hpp
index db8d17d..8d801ad 100644
--- a/src/security/validator-config.hpp
+++ b/src/security/validator-config.hpp
@@ -31,6 +31,7 @@
#include "conf/common.hpp"
namespace ndn {
+namespace security {
class ValidatorConfig : public Validator
{
@@ -160,20 +161,20 @@
{
}
- const std::list<shared_ptr<IdentityCertificate>>&
+ const std::list<shared_ptr<v1::IdentityCertificate>>&
getAll() const
{
return m_certificates;
}
void
- add(shared_ptr<IdentityCertificate> certificate)
+ add(shared_ptr<v1::IdentityCertificate> certificate)
{
m_certificates.push_back(certificate);
}
protected:
- std::list<shared_ptr<IdentityCertificate>> m_certificates;
+ std::list<shared_ptr<v1::IdentityCertificate>> m_certificates;
};
class DynamicTrustAnchorContainer : public TrustAnchorContainer
@@ -233,9 +234,9 @@
typedef security::conf::Rule<Data> DataRule;
typedef std::vector<shared_ptr<InterestRule>> InterestRuleList;
typedef std::vector<shared_ptr<DataRule>> DataRuleList;
- typedef std::map<Name, shared_ptr<IdentityCertificate>> AnchorList;
+ typedef std::map<Name, shared_ptr<v1::IdentityCertificate>> AnchorList;
typedef std::list<DynamicTrustAnchorContainer> DynamicContainers; // sorted by m_lastRefresh
- typedef std::list<shared_ptr<IdentityCertificate>> CertificateList;
+ typedef std::list<shared_ptr<v1::IdentityCertificate>> CertificateList;
/**
@@ -262,6 +263,10 @@
const time::system_clock::Duration& m_keyTimestampTtl;
};
+} // namespace security
+
+using security::ValidatorConfig;
+
} // namespace ndn
#endif // NDN_SECURITY_VALIDATOR_CONFIG_HPP
diff --git a/src/security/validator-null.hpp b/src/security/validator-null.hpp
index 34b18c8..36448af 100644
--- a/src/security/validator-null.hpp
+++ b/src/security/validator-null.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -28,6 +28,7 @@
#include "validator.hpp"
namespace ndn {
+namespace security {
class ValidatorNull : public Validator
{
@@ -59,6 +60,10 @@
}
};
+} // namespace security
+
+using security::ValidatorNull;
+
} // namespace ndn
#endif //NDN_SECURITY_VALIDATOR_NULL_HPP
diff --git a/src/security/validator-regex.cpp b/src/security/validator-regex.cpp
index 08f4c73..caa2e6c 100644
--- a/src/security/validator-regex.cpp
+++ b/src/security/validator-regex.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -28,6 +28,7 @@
#include "certificate-cache-ttl.hpp"
namespace ndn {
+namespace security {
const shared_ptr<CertificateCache> ValidatorRegex::DEFAULT_CERTIFICATE_CACHE;
@@ -49,7 +50,7 @@
, m_stepLimit(stepLimit)
, m_certificateCache(certificateCache)
{
- if (!static_cast<bool>(m_certificateCache))
+ if (certificateCache == nullptr)
m_certificateCache = make_shared<CertificateCacheTtl>(ref(face.getIoService()));
}
@@ -60,7 +61,7 @@
}
void
-ValidatorRegex::addTrustAnchor(shared_ptr<IdentityCertificate> certificate)
+ValidatorRegex::addTrustAnchor(shared_ptr<v1::IdentityCertificate> certificate)
{
m_trustAnchors[certificate->getName().getPrefix(-1)] = certificate;
}
@@ -71,28 +72,26 @@
const OnDataValidated& onValidated,
const OnDataValidationFailed& onValidationFailed)
{
- shared_ptr<IdentityCertificate> certificate =
- make_shared<IdentityCertificate>(*signCertificate);
+ shared_ptr<v1::IdentityCertificate> certificate =
+ make_shared<v1::IdentityCertificate>(*signCertificate);
- if (!certificate->isTooLate() && !certificate->isTooEarly())
- {
- if (static_cast<bool>(m_certificateCache))
- m_certificateCache->insertCertificate(certificate);
+ if (!certificate->isTooLate() && !certificate->isTooEarly()) {
+ if (m_certificateCache != nullptr)
+ m_certificateCache->insertCertificate(certificate);
- if (verifySignature(*data, certificate->getPublicKeyInfo()))
- return onValidated(data);
- else
- return onValidationFailed(data,
- "Cannot verify signature: " +
- data->getName().toUri());
- }
- else
- {
+ if (verifySignature(*data, certificate->getPublicKeyInfo()))
+ return onValidated(data);
+ else
return onValidationFailed(data,
- "Signing certificate " +
- signCertificate->getName().toUri() +
- " is no longer valid.");
- }
+ "Cannot verify signature: " +
+ data->getName().toUri());
+ }
+ else {
+ return onValidationFailed(data,
+ "Signing certificate " +
+ signCertificate->getName().toUri() +
+ " is no longer valid.");
+ }
}
void
@@ -126,82 +125,76 @@
for (RuleList::iterator it = m_verifyPolicies.begin();
it != m_verifyPolicies.end();
- it++)
- {
- if ((*it)->satisfy(data))
- {
- try
- {
- if (!data.getSignature().hasKeyLocator())
- return onValidationFailed(data.shared_from_this(),
- "Key Locator is missing in Data packet: " +
- data.getName().toUri());
+ it++) {
+ if ((*it)->satisfy(data)) {
+ try {
+ if (!data.getSignature().hasKeyLocator())
+ return onValidationFailed(data.shared_from_this(),
+ "Key Locator is missing in Data packet: " +
+ data.getName().toUri());
- const KeyLocator& keyLocator = data.getSignature().getKeyLocator();
- if (keyLocator.getType() != KeyLocator::KeyLocator_Name)
- return onValidationFailed(data.shared_from_this(),
- "Key Locator is not a name: " +
- data.getName().toUri());
+ const KeyLocator& keyLocator = data.getSignature().getKeyLocator();
+ if (keyLocator.getType() != KeyLocator::KeyLocator_Name)
+ return onValidationFailed(data.shared_from_this(),
+ "Key Locator is not a name: " +
+ data.getName().toUri());
- const Name& keyLocatorName = keyLocator.getName();
- shared_ptr<const Certificate> trustedCert;
- if (m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName) &&
- static_cast<bool>(m_certificateCache))
- trustedCert = m_certificateCache->getCertificate(keyLocatorName);
- else
- trustedCert = m_trustAnchors[keyLocatorName];
+ const Name& keyLocatorName = keyLocator.getName();
+ shared_ptr<const v1::Certificate> trustedCert;
+ if (m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName) &&
+ m_certificateCache != nullptr)
+ trustedCert = m_certificateCache->getCertificate(keyLocatorName);
+ else
+ trustedCert = m_trustAnchors[keyLocatorName];
- if (static_cast<bool>(trustedCert))
- {
- if (verifySignature(data, data.getSignature(), trustedCert->getPublicKeyInfo()))
- return onValidated(data.shared_from_this());
- else
- return onValidationFailed(data.shared_from_this(),
- "Cannot verify signature: " +
- data.getName().toUri());
- }
- else
- {
- // KeyLocator is not a trust anchor
-
- OnDataValidated onKeyValidated =
- bind(&ValidatorRegex::onCertificateValidated, this, _1,
- data.shared_from_this(), onValidated, onValidationFailed);
-
- OnDataValidationFailed onKeyValidationFailed =
- bind(&ValidatorRegex::onCertificateValidationFailed, this, _1, _2,
- data.shared_from_this(), onValidationFailed);
-
- Interest interest(keyLocatorName);
- shared_ptr<ValidationRequest> nextStep =
- make_shared<ValidationRequest>(interest,
- onKeyValidated,
- onKeyValidationFailed,
- 3,
- nSteps + 1);
-
- nextSteps.push_back(nextStep);
-
- return;
- }
- }
- catch (KeyLocator::Error& e)
- {
- return onValidationFailed(data.shared_from_this(),
- "Key Locator is not a name: " +
- data.getName().toUri());
- }
- catch (tlv::Error& e)
- {
- return onValidationFailed(data.shared_from_this(),
- "Cannot decode signature");
- }
+ if (trustedCert != nullptr) {
+ if (verifySignature(data, data.getSignature(), trustedCert->getPublicKeyInfo()))
+ return onValidated(data.shared_from_this());
+ else
+ return onValidationFailed(data.shared_from_this(),
+ "Cannot verify signature: " +
+ data.getName().toUri());
}
+ else {
+ // KeyLocator is not a trust anchor
+
+ OnDataValidated onKeyValidated =
+ bind(&ValidatorRegex::onCertificateValidated, this, _1,
+ data.shared_from_this(), onValidated, onValidationFailed);
+
+ OnDataValidationFailed onKeyValidationFailed =
+ bind(&ValidatorRegex::onCertificateValidationFailed, this, _1, _2,
+ data.shared_from_this(), onValidationFailed);
+
+ Interest interest(keyLocatorName);
+ shared_ptr<ValidationRequest> nextStep =
+ make_shared<ValidationRequest>(interest,
+ onKeyValidated,
+ onKeyValidationFailed,
+ 3,
+ nSteps + 1);
+
+ nextSteps.push_back(nextStep);
+
+ return;
+ }
+ }
+ catch (const KeyLocator::Error& e) {
+ return onValidationFailed(data.shared_from_this(),
+ "Key Locator is not a name: " +
+ data.getName().toUri());
+ }
+ catch (const tlv::Error& e) {
+ return onValidationFailed(data.shared_from_this(),
+ "Cannot decode signature");
+ }
}
+ }
return onValidationFailed(data.shared_from_this(),
"No policy found for data: " + data.getName().toUri());
}
+} // namespace security
} // namespace ndn
diff --git a/src/security/validator-regex.hpp b/src/security/validator-regex.hpp
index b207bbc..7d97f22 100644
--- a/src/security/validator-regex.hpp
+++ b/src/security/validator-regex.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -25,12 +25,13 @@
#define NDN_SECURITY_VALIDATOR_REGEX_HPP
#include "validator.hpp"
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
#include "sec-rule-relative.hpp"
#include "certificate-cache.hpp"
#include "../util/regex.hpp"
namespace ndn {
+namespace security {
class ValidatorRegex : public Validator
{
@@ -79,7 +80,7 @@
* @param certificate The trust anchor
*/
void
- addTrustAnchor(shared_ptr<IdentityCertificate> certificate);
+ addTrustAnchor(shared_ptr<v1::IdentityCertificate> certificate);
protected:
virtual void
@@ -122,9 +123,13 @@
shared_ptr<CertificateCache> m_certificateCache;
RuleList m_mustFailVerify;
RuleList m_verifyPolicies;
- std::map<Name, shared_ptr<IdentityCertificate> > m_trustAnchors;
+ std::map<Name, shared_ptr<v1::IdentityCertificate> > m_trustAnchors;
};
+} // namespace security
+
+using security::ValidatorRegex;
+
} // namespace ndn
#endif // NDN_SECURITY_VALIDATOR_REGEX_HPP
diff --git a/src/security/validator.cpp b/src/security/validator.cpp
index ffb9501..84aaa0f 100644
--- a/src/security/validator.cpp
+++ b/src/security/validator.cpp
@@ -25,12 +25,13 @@
#include "validator.hpp"
#include "../util/crypto.hpp"
-#include "cryptopp.hpp"
+#include "v1/cryptopp.hpp"
namespace ndn {
+namespace security {
-static OID SECP256R1("1.2.840.10045.3.1.7");
-static OID SECP384R1("1.3.132.0.34");
+static Oid SECP256R1("1.2.840.10045.3.1.7");
+static Oid SECP384R1("1.3.132.0.34");
Validator::Validator(Face* face)
: m_face(face)
@@ -101,7 +102,7 @@
}
bool
-Validator::verifySignature(const Data& data, const PublicKey& key)
+Validator::verifySignature(const Data& data, const v1::PublicKey& key)
{
if (!data.getSignature().hasKeyLocator())
return false;
@@ -113,7 +114,7 @@
}
bool
-Validator::verifySignature(const Interest& interest, const PublicKey& key)
+Validator::verifySignature(const Interest& interest, const v1::PublicKey& key)
{
const Name& name = interest.getName();
@@ -142,7 +143,7 @@
Validator::verifySignature(const uint8_t* buf,
const size_t size,
const Signature& sig,
- const PublicKey& key)
+ const v1::PublicKey& key)
{
try {
using namespace CryptoPP;
@@ -181,10 +182,10 @@
{
BERSequenceDecoder algorithmInfo(subjectPublicKeyInfo);
{
- OID algorithm;
+ Oid algorithm;
algorithm.decode(algorithmInfo);
- OID curveId;
+ Oid curveId;
curveId.decode(algorithmInfo);
if (curveId == SECP256R1)
@@ -234,7 +235,7 @@
Validator::verifySignature(const uint8_t* buf, const size_t size, const DigestSha256& sig)
{
try {
- ConstBufferPtr buffer = crypto::sha256(buf, size);
+ ConstBufferPtr buffer = crypto::computeSha256Digest(buf, size);
const Block& sigValue = sig.getValue();
if (buffer != nullptr &&
@@ -321,4 +322,5 @@
}
}
+} // namespace security
} // namespace ndn
diff --git a/src/security/validator.hpp b/src/security/validator.hpp
index e6eec8d..edc0365 100644
--- a/src/security/validator.hpp
+++ b/src/security/validator.hpp
@@ -26,14 +26,15 @@
#define NDN_SECURITY_VALIDATOR_HPP
#include "../face.hpp"
-#include "public-key.hpp"
#include "signature-sha256-with-rsa.hpp"
#include "signature-sha256-with-ecdsa.hpp"
#include "digest-sha256.hpp"
#include "validation-request.hpp"
-#include "identity-certificate.hpp"
+#include "v1/public-key.hpp"
+#include "v1/identity-certificate.hpp"
namespace ndn {
+namespace security {
/**
* @brief provides the interfaces for packet validation.
@@ -105,7 +106,7 @@
/// @brief Verify the data using the publicKey.
static bool
- verifySignature(const Data& data, const PublicKey& publicKey);
+ verifySignature(const Data& data, const v1::PublicKey& publicKey);
/**
* @brief Verify the signed Interest using the publicKey.
@@ -113,11 +114,11 @@
* (Note the signature covers the first n-2 name components).
*/
static bool
- verifySignature(const Interest& interest, const PublicKey& publicKey);
+ verifySignature(const Interest& interest, const v1::PublicKey& publicKey);
/// @brief Verify the blob using the publicKey against the signature.
static bool
- verifySignature(const Buffer& blob, const Signature& sig, const PublicKey& publicKey)
+ verifySignature(const Buffer& blob, const Signature& sig, const v1::PublicKey& publicKey)
{
return verifySignature(blob.buf(), blob.size(), sig, publicKey);
}
@@ -126,7 +127,7 @@
static bool
verifySignature(const Data& data,
const Signature& sig,
- const PublicKey& publicKey)
+ const v1::PublicKey& publicKey)
{
return verifySignature(data.wireEncode().value(),
data.wireEncode().value_size() - data.getSignature().getValue().size(),
@@ -140,7 +141,7 @@
static bool
verifySignature(const Interest& interest,
const Signature& sig,
- const PublicKey& publicKey)
+ const v1::PublicKey& publicKey)
{
if (interest.getName().size() < 2)
return false;
@@ -157,7 +158,7 @@
verifySignature(const uint8_t* buf,
const size_t size,
const Signature& sig,
- const PublicKey& publicKey);
+ const v1::PublicKey& publicKey);
/// @brief Verify the data against the SHA256 signature.
@@ -330,6 +331,10 @@
Face* m_face;
};
+} // namespace security
+
+using security::Validator;
+
} // namespace ndn
#endif // NDN_SECURITY_VALIDATOR_HPP