security: Add a wrapper for export/import information.
Change-Id: I5c226b44573cafdbe8ab7cf1dfe2324f0bc96d54
diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index a083259..e1fcb79 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -12,8 +12,8 @@
#include "identity-certificate.hpp"
#include "public-key.hpp"
#include "signature-sha256-with-rsa.hpp"
+#include "secured-bag.hpp"
#include "../interest.hpp"
-#include "../encoding/tlv-security.hpp"
#include "../util/random.hpp"
//PublicInfo
@@ -456,10 +456,10 @@
*
* @param identity The identity to export.
* @param passwordStr The password to secure the private key.
- * @param The encoded export data.
+ * @return The encoded export data.
* @throws InfoError if anything goes wrong in exporting.
*/
- Block
+ shared_ptr<SecuredBag>
exportIdentity(const Name& identity, const std::string& passwordStr)
{
if (!Info::doesIdentityExist(identity))
@@ -476,8 +476,6 @@
{
throw InfoError("Fail to export PKCS8 of private key");
}
- Block wireKey(tlv::security::KeyPackage, pkcs8);
-
shared_ptr<IdentityCertificate> cert;
try
@@ -489,52 +487,35 @@
cert = selfSign(keyName);
Info::addCertificateAsIdentityDefault(*cert);
}
- Block wireCert(tlv::security::CertificatePackage, cert->wireEncode());
- Block wire(tlv::security::IdentityPackage);
- wire.push_back(wireCert);
- wire.push_back(wireKey);
+ shared_ptr<SecuredBag> secureBag = make_shared<SecuredBag>(boost::cref(*cert), boost::cref(pkcs8));
- return wire;
+ return secureBag;
}
/**
* @brief import an identity.
*
- * @param The encoded import data.
+ * @param securedBag The encoded import data.
* @param passwordStr The password to secure the private key.
*/
void
- importIdentity(const Block& block, const std::string& passwordStr)
+ importIdentity(const SecuredBag& securedBag, const std::string& passwordStr)
{
- try
- {
- block.parse();
-
- Data data;
- data.wireDecode(block.get(tlv::security::CertificatePackage).blockFromValue());
- shared_ptr<IdentityCertificate> cert = make_shared<IdentityCertificate>(data);
-
- Name keyName = IdentityCertificate::certificateNameToPublicKeyName(cert->getName());
- Name identity = keyName.getPrefix(-1);
+ Name keyName = IdentityCertificate::certificateNameToPublicKeyName(securedBag.getCertificate().getName());
+ Name identity = keyName.getPrefix(-1);
- // Add identity
- Info::addIdentity(identity);
+ // Add identity
+ Info::addIdentity(identity);
- // Add key
- Block wireKey = block.get(tlv::security::KeyPackage);
- Tpm::importPrivateKeyPkcs8IntoTpm(keyName, wireKey.value(), wireKey.value_size(), passwordStr);
- shared_ptr<PublicKey> pubKey = Tpm::getPublicKeyFromTpm(keyName.toUri());
- Info::addPublicKey(keyName, KEY_TYPE_RSA, *pubKey); // HACK! We should set key type according to the pkcs8 info.
- Info::setDefaultKeyNameForIdentity(keyName);
+ // Add key
+ Tpm::importPrivateKeyPkcs8IntoTpm(keyName, securedBag.getKey()->buf(), securedBag.getKey()->size(), passwordStr);
+ shared_ptr<PublicKey> pubKey = Tpm::getPublicKeyFromTpm(keyName.toUri());
+ Info::addPublicKey(keyName, KEY_TYPE_RSA, *pubKey); // HACK! We should set key type according to the pkcs8 info.
+ Info::setDefaultKeyNameForIdentity(keyName);
- // Add cert
- Info::addCertificateAsIdentityDefault(*cert);
- }
- catch(Block::Error& e)
- {
- return;
- }
+ // Add cert
+ Info::addCertificateAsIdentityDefault(securedBag.getCertificate());
}
diff --git a/src/security/secured-bag.hpp b/src/security/secured-bag.hpp
new file mode 100644
index 0000000..3a8cd29
--- /dev/null
+++ b/src/security/secured-bag.hpp
@@ -0,0 +1,82 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_SECURITY_SECURED_BAG_HPP
+#define NDN_SECURITY_SECURED_BAG_HPP
+
+#include "../common.hpp"
+#include "identity-certificate.hpp"
+#include "../encoding/tlv-security.hpp"
+
+namespace ndn {
+
+class SecuredBag
+{
+public:
+ struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+
+ SecuredBag()
+ : m_wire(tlv::security::IdentityPackage)
+ {}
+
+ SecuredBag(const IdentityCertificate& cert,
+ ConstBufferPtr key)
+ : m_cert(cert)
+ , m_key(key)
+ , m_wire(tlv::security::IdentityPackage)
+ {
+ Block wireKey(tlv::security::KeyPackage, m_key);
+ Block wireCert(tlv::security::CertificatePackage, cert.wireEncode());
+ m_wire.push_back(wireCert);
+ m_wire.push_back(wireKey);
+ }
+
+ virtual
+ ~SecuredBag()
+ {}
+
+ void
+ wireDecode(const Block &wire)
+ {
+ m_wire = wire;
+ m_wire.parse();
+
+ m_cert.wireDecode(m_wire.get(tlv::security::CertificatePackage).blockFromValue());
+
+ Block wireKey = m_wire.get(tlv::security::KeyPackage);
+ shared_ptr<Buffer> key = make_shared<Buffer>(wireKey.value(), wireKey.value_size());
+ m_key = key;
+ }
+
+ inline const Block&
+ wireEncode() const
+ {
+ m_wire.encode();
+ return m_wire;
+ }
+
+ const IdentityCertificate&
+ getCertificate() const
+ {
+ return m_cert;
+ }
+
+ ConstBufferPtr
+ getKey() const
+ {
+ return m_key;
+ }
+
+private:
+ IdentityCertificate m_cert;
+ ConstBufferPtr m_key;
+
+ mutable Block m_wire;
+};
+
+} // namespace ndn
+
+#endif //NDN_SECURITY_IDENTITY_CERTIFICATE_HPP