security: fixing bugs and adding methods
1. changing getCertificate to take only one argument, now validation checking is always enforced.
2. changing KSK-... DSK-... to lower case ksk-..., dsk-...
3. adding a addCertificateAsSystemDefault method to facilitate setting default certificate of the system.
4. using static_cast<int> (rather than floor) to round time.
5. sanity checking for key name in SecPublicInfo and SecPublicInfoSqlite3.
Change-Id: Id67af9873efef3df92458ed7a87623f22167c558
diff --git a/include/ndn-cpp/security/identity/sec-public-info.hpp b/include/ndn-cpp/security/identity/sec-public-info.hpp
index 3a46310..961cf95 100644
--- a/include/ndn-cpp/security/identity/sec-public-info.hpp
+++ b/include/ndn-cpp/security/identity/sec-public-info.hpp
@@ -14,6 +14,7 @@
#include "../certificate/public-key.hpp"
#include "../certificate/identity-certificate.hpp"
+
namespace ndn {
/**
@@ -114,7 +115,7 @@
* @return The requested certificate. If not found, return a shared_ptr with a null pointer.
*/
virtual ptr_lib::shared_ptr<IdentityCertificate>
- getCertificate(const Name &certificateName, bool allowAny = false) = 0;
+ getCertificate(const Name &certificateName) = 0;
/*****************************************
@@ -254,6 +255,9 @@
inline void
addCertificateAsIdentityDefault(const IdentityCertificate& certificate);
+ inline void
+ addCertificateAsSystemDefault(const IdentityCertificate& certificate);
+
inline ptr_lib::shared_ptr<IdentityCertificate>
defaultCertificate();
@@ -295,19 +299,16 @@
Name
SecPublicInfo::getNewKeyName (const Name& identityName, bool useKsk)
{
- MillisecondsSince1970 ti = getNow();
- // Get the number of seconds.
std::ostringstream oss;
- oss << floor(ti / 1000.0);
- std::string keyIdStr;
-
if (useKsk)
- keyIdStr = ("KSK-" + oss.str());
+ oss << "ksk-";
else
- keyIdStr = ("DSK-" + oss.str());
+ oss << "dsk-";
- Name keyName = Name(identityName).append(keyIdStr);
+ oss << static_cast<int>(getNow()/1000);
+
+ Name keyName = Name(identityName).append(oss.str());
if (doesPublicKeyExist(keyName))
throw Error("Key name already exists");
@@ -339,8 +340,21 @@
SecPublicInfo::addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
{
addCertificate(certificate);
- setDefaultKeyNameForIdentityInternal(certificate.getPublicKeyName());
- setDefaultCertificateNameForKeyInternal(certificate.getName());
+ Name certName = certificate.getName();
+ setDefaultKeyNameForIdentityInternal(IdentityCertificate::certificateNameToPublicKeyName(certName));
+ setDefaultCertificateNameForKeyInternal(certName);
+ refreshDefaultCertificate();
+}
+
+void
+SecPublicInfo::addCertificateAsSystemDefault(const IdentityCertificate& certificate)
+{
+ addCertificate(certificate);
+ Name certName = certificate.getName();
+ Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
+ setDefaultIdentityInternal(keyName.getPrefix(-1));
+ setDefaultKeyNameForIdentityInternal(keyName);
+ setDefaultCertificateNameForKeyInternal(certName);
refreshDefaultCertificate();
}
@@ -353,7 +367,11 @@
void
SecPublicInfo::refreshDefaultCertificate()
{
- defaultCertificate_ = getCertificate(getDefaultCertificateNameForIdentity(getDefaultIdentity()));
+ Name certName = getDefaultCertificateNameForIdentity(getDefaultIdentity());
+ if(certName.empty())
+ defaultCertificate_.reset();
+ else
+ defaultCertificate_ = getCertificate(certName);
}