security: Change in KeyChain creation API
Also, enabling creation of default public/private storages
Change-Id: I77e83b4a7f7e043dce372145d80366b7bc2eb3e0
diff --git a/src/security/identity/identity-manager.cpp b/src/security/identity/identity-manager.cpp
index ce6ff21..0c57212 100644
--- a/src/security/identity/identity-manager.cpp
+++ b/src/security/identity/identity-manager.cpp
@@ -30,9 +30,6 @@
namespace ndn {
-const ptr_lib::shared_ptr<IdentityStorage> IdentityManager::DefaultIdentityStorage = ptr_lib::shared_ptr<IdentityStorage>();
-const ptr_lib::shared_ptr<PrivateKeyStorage> IdentityManager::DefaultPrivateKeyStorage = ptr_lib::shared_ptr<PrivateKeyStorage>();
-
IdentityManager::IdentityManager(const ptr_lib::shared_ptr<IdentityStorage> &identityStorage /* = DefaultIdentityStorage */,
const ptr_lib::shared_ptr<PrivateKeyStorage> &privateKeyStorage /* = DefaultPrivateKeyStorage */)
: identityStorage_(identityStorage)
diff --git a/src/security/identity/osx-private-key-storage.cpp b/src/security/identity/osx-private-key-storage.cpp
index f41f89f..fec7671 100644
--- a/src/security/identity/osx-private-key-storage.cpp
+++ b/src/security/identity/osx-private-key-storage.cpp
@@ -277,13 +277,19 @@
if (!signature) throw Error("Signature is NULL!\n");
- return Block(Tlv::SignatureValue, ptr_lib::make_shared<Buffer>(CFDataGetBytePtr(signature), CFDataGetLength(signature)));
+ return Block(Tlv::SignatureValue,
+ ptr_lib::make_shared<Buffer>(CFDataGetBytePtr(signature), CFDataGetLength(signature)));
}
void
OSXPrivateKeyStorage::sign(Data &data,
const Name& keyName, DigestAlgorithm digestAlgorithm/* = DIGEST_ALGORITHM_SHA256 */)
{
+ const uint8_t *begin = data.wireEncode().value();
+ const uint8_t *end = &*data.getSignature().getInfo().end();
+
+ data.setSignature
+ (sign(begin, end-begin, keyName, digestAlgorithm));
}
ConstBufferPtr
diff --git a/src/security/key-chain.cpp b/src/security/key-chain.cpp
index ba9060d..47db4c1 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/key-chain.cpp
@@ -10,6 +10,9 @@
#include <ndn-cpp/security/policy/policy-manager.hpp>
+#include "identity/basic-identity-storage.hpp"
+
+
using namespace std;
using namespace ndn::func_lib;
#if NDN_CPP_HAVE_STD_FUNCTION
@@ -19,43 +22,66 @@
namespace ndn {
-const ptr_lib::shared_ptr<IdentityManager> KeyChain::DefaultIdentityManager = ptr_lib::shared_ptr<IdentityManager>();
+const ptr_lib::shared_ptr<IdentityStorage> KeyChain::DefaultIdentityStorage = ptr_lib::shared_ptr<IdentityStorage>();
+const ptr_lib::shared_ptr<PrivateKeyStorage> KeyChain::DefaultPrivateKeyStorage = ptr_lib::shared_ptr<PrivateKeyStorage>();
const ptr_lib::shared_ptr<PolicyManager> KeyChain::DefaultPolicyManager = ptr_lib::shared_ptr<PolicyManager>();
const ptr_lib::shared_ptr<EncryptionManager> KeyChain::DefaultEncryptionManager = ptr_lib::shared_ptr<EncryptionManager>();
-
-KeyChain::KeyChain(const ptr_lib::shared_ptr<IdentityManager> &identityManager /* = DefaultIdentityManager */,
+KeyChain::KeyChain(const ptr_lib::shared_ptr<IdentityStorage> &publicInfoStorage /* = DefaultIdentityStorage */,
+ const ptr_lib::shared_ptr<PrivateKeyStorage> &privateKeyStorage /* = DefaultPrivateKeyStorage */,
const ptr_lib::shared_ptr<PolicyManager> &policyManager /* = DefaultPolicyManager */,
const ptr_lib::shared_ptr<EncryptionManager> &encryptionManager /* = DefaultEncryptionManager */)
- : identityManager_(identityManager)
+ : publicInfoStorage_(publicInfoStorage)
+ , privateKeyStorage_(privateKeyStorage)
, policyManager_(policyManager)
, encryptionManager_(encryptionManager)
, maxSteps_(100)
-{
-// #ifdef USE_SIMPLE_POLICY_MANAGER
-// Ptr<SimplePolicyManager> policyManager = Ptr<SimplePolicyManager>(new SimplePolicyManager());
-// Ptr<IdentityPolicyRule> rule1 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>",
-// "^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
-// ">", "\\1\\2", "\\1", true));
-// Ptr<IdentityPolicyRule> rule2 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
-// "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>",
-// "==", "\\1", "\\1\\2", true));
-// Ptr<IdentityPolicyRule> rule3 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^(<>*)$",
-// "^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
-// ">", "\\1", "\\1", true));
-// policyManager->addVerificationPolicyRule(rule1);
-// policyManager->addVerificationPolicyRule(rule2);
-// policyManager->addVerificationPolicyRule(rule3);
+{
+ if (publicInfoStorage_ == DefaultIdentityStorage)
+ {
+ publicInfoStorage_ = ptr_lib::make_shared<BasicIdentityStorage>();
+ }
+
+ if (privateKeyStorage_ == DefaultPrivateKeyStorage)
+ {
+#ifdef USE_OSX_PRIVATEKEY_STORAGE
+ privateStorage_ = ptr_lib::make_shared<OSXPrivatekeyStorage>();
+ // #else
+ // m_privateStorage = Ptr<SimpleKeyStore>::Create();
+#endif
+ }
+
+ identityManager_ = ptr_lib::make_shared<IdentityManager>(publicInfoStorage_, privateKeyStorage_);
+
+ if (policyManager_ == DefaultPolicyManager)
+ {
+ // #ifdef USE_SIMPLE_POLICY_MANAGER
+ // Ptr<SimplePolicyManager> policyManager = Ptr<SimplePolicyManager>(new SimplePolicyManager());
+ // Ptr<IdentityPolicyRule> rule1 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>",
+ // "^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
+ // ">", "\\1\\2", "\\1", true));
+ // Ptr<IdentityPolicyRule> rule2 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
+ // "^([^<KEY>]*)<KEY>(<>*)<ksk-.*><ID-CERT>",
+ // "==", "\\1", "\\1\\2", true));
+ // Ptr<IdentityPolicyRule> rule3 = Ptr<IdentityPolicyRule>(new IdentityPolicyRule("^(<>*)$",
+ // "^([^<KEY>]*)<KEY><dsk-.*><ID-CERT>",
+ // ">", "\\1", "\\1", true));
+ // policyManager->addVerificationPolicyRule(rule1);
+ // policyManager->addVerificationPolicyRule(rule2);
+ // policyManager->addVerificationPolicyRule(rule3);
-// policyManager->addSigningPolicyRule(rule3);
+ // policyManager->addSigningPolicyRule(rule3);
-// m_policyManager = policyManager;
-// #endif
-
-// if (!policyManager_)
-// {
-// policyManager_ = new NoVerifyPolicyManager();
-// }
+ // m_policyManager = policyManager;
+ //
+ // #else
+ // policyManager_ = new NoVerifyPolicyManager();
+ // #endif
+ }
+
+ if (encryptionManager_ == DefaultEncryptionManager)
+ {
+ }
// #ifdef USE_BASIC_ENCRYPTION_MANAGER
// encryptionManager_ = new BasicEncryptionManager(m_identityManager->getPrivateStorage(), "/tmp/encryption.db");