security: Ensure that KeyChain::getDefaultCeritifcate() does not return 0
Change-Id: I46e4bf19d94bc4b5cf017d8305b81696e1b78ab6
Refs: #1740
diff --git a/src/security/key-chain.cpp b/src/security/key-chain.cpp
index 5118468..1d9f100 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/key-chain.cpp
@@ -450,7 +450,7 @@
{
m_pib->refreshDefaultCertificate();
- if (!static_cast<bool>(m_pib->defaultCertificate()))
+ if (!static_cast<bool>(m_pib->getDefaultCertificate()))
{
Name defaultIdentity;
try
diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index 0a6c65c..bb04f5c 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -508,7 +508,10 @@
shared_ptr<IdentityCertificate>
getDefaultCertificate() const
{
- return m_pib->defaultCertificate();
+ if (!static_cast<bool>(m_pib->getDefaultCertificate()))
+ const_cast<KeyChain*>(this)->setDefaultCertificateInternal();
+
+ return m_pib->getDefaultCertificate();
}
void
@@ -731,10 +734,10 @@
void
KeyChain::sign(T& packet)
{
- if (!static_cast<bool>(m_pib->defaultCertificate()))
+ if (!static_cast<bool>(m_pib->getDefaultCertificate()))
setDefaultCertificateInternal();
- sign(packet, *m_pib->defaultCertificate());
+ sign(packet, *m_pib->getDefaultCertificate());
}
template<typename T>
diff --git a/src/security/sec-public-info.hpp b/src/security/sec-public-info.hpp
index 509cd09..743914e 100644
--- a/src/security/sec-public-info.hpp
+++ b/src/security/sec-public-info.hpp
@@ -318,7 +318,7 @@
* @param identityName The default identity name
* @throws SecPublicInfo::Error if the identity does not exist
*/
- inline void
+ void
setDefaultIdentity(const Name& identityName);
/**
@@ -327,7 +327,7 @@
* @param keyName The key name
* @throws SecPublicInfo::Error if either the identity or key does not exist
*/
- inline void
+ void
setDefaultKeyNameForIdentity(const Name& keyName);
/**
@@ -336,7 +336,7 @@
* @param certificateName The certificate name
* @throws SecPublicInfo::Error if either the certificate or key does not exist
*/
- inline void
+ void
setDefaultCertificateNameForKey(const Name& certificateName);
/**
@@ -346,7 +346,7 @@
* @param useKsk If true, generate a KSK name, otherwise a DSK name
* @return The generated key name
*/
- inline Name
+ Name
getNewKeyName(const Name& identityName, bool useKsk);
/**
@@ -356,7 +356,7 @@
* @return The default certificate name
* @throws SecPublicInfo::Error if no certificate is found
*/
- inline Name
+ Name
getDefaultCertificateNameForIdentity(const Name& identityName);
/**
@@ -365,7 +365,7 @@
* @return The requested certificate name
* @throws SecPublicInfo::Error if no certificate is found
*/
- inline Name
+ Name
getDefaultCertificateName();
/**
@@ -374,7 +374,7 @@
* @param certificate The certificate to be added
* @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
*/
- inline void
+ void
addCertificateAsKeyDefault(const IdentityCertificate& certificate);
/**
@@ -384,7 +384,7 @@
* @param certificate The certificate to be added
* @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
*/
- inline void
+ void
addCertificateAsIdentityDefault(const IdentityCertificate& certificate);
/**
@@ -394,21 +394,31 @@
* @param certificate The certificate to be added
* @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
*/
- inline void
+ void
addCertificateAsSystemDefault(const IdentityCertificate& certificate);
/**
* @brief Get cached default certificate of the default identity
*
* @return The certificate which might be empty shared_ptr<IdentityCertificate>()
+ * @deprecated Use getDefaultCertificate instead
*/
- inline shared_ptr<IdentityCertificate>
- defaultCertificate();
+ DEPRECATED(
+ shared_ptr<IdentityCertificate>
+ defaultCertificate());
+
+ /**
+ * @brief Get cached default certificate of the default identity
+ *
+ * @return The certificate which might be empty shared_ptr<IdentityCertificate>()
+ */
+ shared_ptr<IdentityCertificate>
+ getDefaultCertificate();
/**
* @brief try to get the default certificate of the default identity from the public info
*/
- inline void
+ void
refreshDefaultCertificate();
protected:
@@ -508,6 +518,12 @@
inline shared_ptr<IdentityCertificate>
SecPublicInfo::defaultCertificate()
{
+ return getDefaultCertificate();
+}
+
+inline shared_ptr<IdentityCertificate>
+SecPublicInfo::getDefaultCertificate()
+{
return m_defaultCertificate;
}