security: Reorganizing source code to prepare for support of two version of NDN certificates
This commit also removes unused ndn_digestSha256 function and deprecates
crypto::sha256 in favor of crypto::computeSha256Digest in util/crypto.hpp.
Change-Id: I24ee50ff073a96b868633bdf2cfade412d3605f3
Refs: #3098
diff --git a/src/security/key-chain.cpp b/src/security/key-chain.cpp
index 8369cb1..827f9df 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/key-chain.cpp
@@ -298,7 +298,7 @@
try {
keyName = m_pib->getDefaultKeyNameForIdentity(identityName);
- shared_ptr<PublicKey> key = m_pib->getPublicKey(keyName);
+ shared_ptr<v1::PublicKey> key = m_pib->getPublicKey(keyName);
if (key->getKeyType() != params.getKeyType()) {
keyName = generateKeyPair(identityName, true, params);
@@ -315,7 +315,7 @@
certName = m_pib->getDefaultCertificateNameForKey(keyName);
}
catch (const SecPublicInfo::Error& e) {
- shared_ptr<IdentityCertificate> selfCert = selfSign(keyName);
+ shared_ptr<v1::IdentityCertificate> selfCert = selfSign(keyName);
m_pib->addCertificateAsIdentityDefault(*selfCert);
certName = selfCert->getName();
}
@@ -362,15 +362,15 @@
}
-shared_ptr<IdentityCertificate>
+shared_ptr<v1::IdentityCertificate>
KeyChain::prepareUnsignedIdentityCertificate(const Name& keyName,
const Name& signingIdentity,
const time::system_clock::TimePoint& notBefore,
const time::system_clock::TimePoint& notAfter,
- const std::vector<CertificateSubjectDescription>& subjectDescription,
+ const std::vector<v1::CertificateSubjectDescription>& subjectDescription,
const Name& certPrefix)
{
- shared_ptr<PublicKey> publicKey;
+ shared_ptr<v1::PublicKey> publicKey;
try {
publicKey = m_pib->getPublicKey(keyName);
}
@@ -383,13 +383,13 @@
subjectDescription, certPrefix);
}
-shared_ptr<IdentityCertificate>
+shared_ptr<v1::IdentityCertificate>
KeyChain::prepareUnsignedIdentityCertificate(const Name& keyName,
- const PublicKey& publicKey,
+ const v1::PublicKey& publicKey,
const Name& signingIdentity,
const time::system_clock::TimePoint& notBefore,
const time::system_clock::TimePoint& notAfter,
- const std::vector<CertificateSubjectDescription>& subjectDescription,
+ const std::vector<v1::CertificateSubjectDescription>& subjectDescription,
const Name& certPrefix)
{
if (keyName.size() < 1)
@@ -428,21 +428,19 @@
return nullptr;
}
- auto certificate = make_shared<IdentityCertificate>();
+ auto certificate = make_shared<v1::IdentityCertificate>();
certificate->setName(certName);
certificate->setNotBefore(notBefore);
certificate->setNotAfter(notAfter);
certificate->setPublicKeyInfo(publicKey);
if (subjectDescription.empty()) {
- CertificateSubjectDescription subjectName(oid::ATTRIBUTE_NAME, keyName.getPrefix(-1).toUri());
+ v1::CertificateSubjectDescription subjectName(oid::ATTRIBUTE_NAME, keyName.getPrefix(-1).toUri());
certificate->addSubjectDescription(subjectName);
}
else {
- std::vector<CertificateSubjectDescription>::const_iterator sdIt =
- subjectDescription.begin();
- std::vector<CertificateSubjectDescription>::const_iterator sdEnd =
- subjectDescription.end();
+ std::vector<v1::CertificateSubjectDescription>::const_iterator sdIt = subjectDescription.begin();
+ std::vector<v1::CertificateSubjectDescription>::const_iterator sdEnd = subjectDescription.end();
for(; sdIt != sdEnd; sdIt++)
certificate->addSubjectDescription(*sdIt);
}
@@ -457,7 +455,7 @@
{
SignatureInfo sigInfo = params.getSignatureInfo();
- shared_ptr<IdentityCertificate> signingCert;
+ shared_ptr<v1::IdentityCertificate> signingCert;
switch (params.getSignerType()) {
case SigningInfo::SIGNER_TYPE_NULL: {
@@ -539,7 +537,7 @@
Signature
KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
{
- shared_ptr<IdentityCertificate> certificate = m_pib->getCertificate(certificateName);
+ shared_ptr<v1::IdentityCertificate> certificate = m_pib->getCertificate(certificateName);
if (certificate == nullptr) {
BOOST_THROW_EXCEPTION(SecPublicInfo::Error("certificate does not exist"));
@@ -555,10 +553,10 @@
return sig;
}
-shared_ptr<IdentityCertificate>
+shared_ptr<v1::IdentityCertificate>
KeyChain::selfSign(const Name& keyName)
{
- shared_ptr<PublicKey> pubKey;
+ shared_ptr<v1::PublicKey> pubKey;
try {
pubKey = m_pib->getPublicKey(keyName); // may throw an exception.
}
@@ -566,7 +564,7 @@
return nullptr;
}
- auto certificate = make_shared<IdentityCertificate>();
+ auto certificate = make_shared<v1::IdentityCertificate>();
Name certificateName = keyName.getPrefix(-1);
certificateName.append("KEY").append(keyName.get(-1)).append("ID-CERT").appendVersion();
@@ -575,8 +573,8 @@
certificate->setNotBefore(time::system_clock::now());
certificate->setNotAfter(time::system_clock::now() + time::days(7300)); // ~20 years
certificate->setPublicKeyInfo(*pubKey);
- certificate->addSubjectDescription(CertificateSubjectDescription(oid::ATTRIBUTE_NAME,
- keyName.toUri()));
+ certificate->addSubjectDescription(v1::CertificateSubjectDescription(oid::ATTRIBUTE_NAME,
+ keyName.toUri()));
certificate->encode();
certificate->setSignature(Signature(SignatureInfo()));
@@ -586,7 +584,7 @@
}
void
-KeyChain::selfSign(IdentityCertificate& cert)
+KeyChain::selfSign(v1::IdentityCertificate& cert)
{
Name keyName = cert.getPublicKeyName();
@@ -617,7 +615,7 @@
BOOST_THROW_EXCEPTION(SecPublicInfo::Error("Fail to export PKCS5 of private key"));
}
- shared_ptr<IdentityCertificate> cert;
+ shared_ptr<v1::IdentityCertificate> cert;
try {
cert = m_pib->getCertificate(m_pib->getDefaultCertificateNameForKey(keyName));
}
@@ -634,7 +632,7 @@
KeyChain::importIdentity(const SecuredBag& securedBag, const std::string& passwordStr)
{
Name certificateName = securedBag.getCertificate().getName();
- Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certificateName);
+ Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certificateName);
Name identity = keyName.getPrefix(-1);
// Add identity
@@ -646,7 +644,7 @@
securedBag.getKey()->size(),
passwordStr);
- shared_ptr<PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
+ shared_ptr<v1::PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
// HACK! We should set key type according to the pkcs8 info.
m_pib->addKey(keyName, *pubKey);
m_pib->setDefaultKeyNameForIdentity(keyName);
@@ -711,7 +709,7 @@
m_tpm->generateKeyPairInTpm(keyName.toUri(), params);
- shared_ptr<PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
+ shared_ptr<v1::PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
m_pib->addKey(keyName, *pubKey);
return keyName;
@@ -761,7 +759,7 @@
const Name& keyName, DigestAlgorithm digestAlgorithm) const
{
if (keyName == DIGEST_SHA256_IDENTITY)
- return Block(tlv::SignatureValue, crypto::sha256(buf, size));
+ return Block(tlv::SignatureValue, crypto::computeSha256Digest(buf, size));
return m_tpm->signInTpm(buf, size, keyName, digestAlgorithm);
}
@@ -796,8 +794,8 @@
.append(sig.getInfo()); // signatureInfo
Block sigValue(tlv::SignatureValue,
- crypto::sha256(signedName.wireEncode().value(),
- signedName.wireEncode().value_size()));
+ crypto::computeSha256Digest(signedName.wireEncode().value(),
+ signedName.wireEncode().value_size()));
sigValue.encode();
signedName.append(sigValue); // signatureValue