security: Change to use IdentityCertificate instead of Certificate where needed.
diff --git a/include/ndn-cpp/data.hpp b/include/ndn-cpp/data.hpp
index 0fe4c99..e918374 100644
--- a/include/ndn-cpp/data.hpp
+++ b/include/ndn-cpp/data.hpp
@@ -134,6 +134,11 @@
Data(const Name& name);
/**
+ * The virtual destructor.
+ */
+ virtual ~Data() {}
+
+ /**
* Encode this Data for a particular wire format. Also, set the wireEncoding field to the encoded result.
* This is not const because it updates the wireEncoding.
* @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
diff --git a/include/ndn-cpp/security/certificate/certificate.hpp b/include/ndn-cpp/security/certificate/certificate.hpp
index 29626b3..0fdd213 100644
--- a/include/ndn-cpp/security/certificate/certificate.hpp
+++ b/include/ndn-cpp/security/certificate/certificate.hpp
@@ -14,7 +14,17 @@
namespace ndn {
class Certificate : public Data {
-
+public:
+ /**
+ * The default constructor.
+ */
+ Certificate();
+
+ /**
+ * Create a Certificate from the content in the data packet.
+ * @param data The data packet with the content to decode.
+ */
+ Certificate(const Data& data);
};
}
diff --git a/include/ndn-cpp/security/certificate/identity-certificate.hpp b/include/ndn-cpp/security/certificate/identity-certificate.hpp
index 4d68231..41035a7 100644
--- a/include/ndn-cpp/security/certificate/identity-certificate.hpp
+++ b/include/ndn-cpp/security/certificate/identity-certificate.hpp
@@ -1,6 +1,7 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
/**
* Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
* @author: Jeff Thompson <jefft0@remap.ucla.edu>
* See COPYING for copyright and distribution information.
*/
@@ -14,7 +15,17 @@
class IdentityCertificate : public Certificate
{
+public:
+ /**
+ * The default constructor.
+ */
+ IdentityCertificate();
+ /**
+ * Create an IdentityCertificate from the content in the data packet.
+ * @param data The data packet with the content to decode.
+ */
+ IdentityCertificate(const Data& data);
};
}
diff --git a/include/ndn-cpp/security/identity/basic-identity-storage.hpp b/include/ndn-cpp/security/identity/basic-identity-storage.hpp
index 2e0db30..ee1a886 100644
--- a/include/ndn-cpp/security/identity/basic-identity-storage.hpp
+++ b/include/ndn-cpp/security/identity/basic-identity-storage.hpp
@@ -123,14 +123,14 @@
* @param certificate The certificate to be added.
*/
void
- addAnyCertificate (const Certificate& certificate);
+ addAnyCertificate (const IdentityCertificate& certificate);
/**
* Add a certificate to the identity storage.
- * @param certificate The certificate to be added.
+ * @param certificate The certificate to be added. This makes a copy of the certificate.
*/
virtual void
- addCertificate(const Certificate& certificate);
+ addCertificate(const IdentityCertificate& certificate);
/**
* Get a certificate from the identity storage.
diff --git a/include/ndn-cpp/security/identity/identity-manager.hpp b/include/ndn-cpp/security/identity/identity-manager.hpp
index 2dd9b6e..d461062 100644
--- a/include/ndn-cpp/security/identity/identity-manager.hpp
+++ b/include/ndn-cpp/security/identity/identity-manager.hpp
@@ -7,13 +7,16 @@
*/
#ifndef NDN_IDENTITY_MANAGER_HPP
-#define NDN_IDENTITY_MANAGER_HPP
+#define NDN_IDENTITY_MANAGER_HPP
-#include "../certificate/certificate.hpp"
+#include "../certificate/identity-certificate.hpp"
#include "identity-storage.hpp"
#include "../certificate/public-key.hpp"
#include "private-key-storage.hpp"
+// TODO: Implement Time values.
+class Time;
+
namespace ndn {
/**
@@ -98,11 +101,35 @@
}
/**
+ * Create an identity certificate for a public key managed by this IdentityManager.
+ * @param keyName The name of public key to be signed.
+ * @param signerCertificateName The name of signing certificate.
+ * @param notBefore The notBefore value in the validity field of the generated certificate.
+ * @param notAfter The notAfter vallue in validity field of the generated certificate.
+ * @return The name of generated identity certificate.
+ */
+ Name
+ createIdentityCertificate(const Name& keyName, const Name& signerCertificateName, const Time& notBefore, const Time& notAfter);
+
+ /**
+ * Create an identity certificate for a public key supplied by the caller.
+ * @param keyName The name of public key to be signed.
+ * @param publickey The public key to be signed.
+ * @param signerCertificateName The name of signing certificate.
+ * @param notBefore The notBefore value in the validity field of the generated certificate.
+ * @param notAfter The notAfter vallue in validity field of the generated certificate.
+ * @return The generated identity certificate.
+ */
+ ptr_lib::shared_ptr<IdentityCertificate>
+ createIdentityCertificate
+ (const Name& keyName, const PublicKey& publickey, const Name& signerCertificateName, const Time& notBefore, const Time& notAfter);
+
+ /**
* Add a certificate into the public key identity storage.
- * @param certificate The certificate to to added.
+ * @param certificate The certificate to to added. This makes a copy of the certificate.
*/
void
- addCertificate(const Certificate& certificate)
+ addCertificate(const IdentityCertificate& certificate)
{
identityStorage_->addCertificate(certificate);
}
@@ -116,27 +143,27 @@
/**
* Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.
- * @param certificate The certificate to be added.
+ * @param certificate The certificate to be added. This makes a copy of the certificate.
*/
void
- addCertificateAsIdentityDefault(const Certificate& certificate);
+ addCertificateAsIdentityDefault(const IdentityCertificate& certificate);
/**
* Add a certificate into the public key identity storage and set the certificate as the default of its corresponding key.
- * certificate the certificate to be added
+ * @param certificate The certificate to be added. This makes a copy of the certificate.
*/
void
- addCertificateAsDefault(const Certificate& certificate);
+ addCertificateAsDefault(const IdentityCertificate& certificate);
/**
* Get a certificate with the specified name.
* @param certificateName The name of the requested certificate.
* @return the requested certificate which is valid.
*/
- ptr_lib::shared_ptr<Certificate>
+ ptr_lib::shared_ptr<IdentityCertificate>
getCertificate(const Name& certificateName)
{
- return identityStorage_->getCertificate(certificateName, false);
+ return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, false));
}
/**
@@ -144,10 +171,10 @@
* @param certificateName The name of the requested certificate.
* @return the requested certificate.
*/
- ptr_lib::shared_ptr<Certificate>
+ ptr_lib::shared_ptr<IdentityCertificate>
getAnyCertificate(const Name& certificateName)
{
- return identityStorage_->getCertificate(certificateName, true);
+ return ptr_lib::make_shared<IdentityCertificate>(*identityStorage_->getCertificate(certificateName, true));
}
/**
@@ -172,16 +199,15 @@
return identityStorage_->getDefaultCertificateNameForIdentity(getDefaultIdentity());
}
-#if 0
/**
- * sign blob based on certificate name
- * @param blob the blob to be signed
- * @param certificateName the signing certificate name
- * @return the generated signature
+ * Sign the byte array data based on the certificate name.
+ * @param data The data to be signed.
+ * @param dataLength the length of data.
+ * @param certificateName The signing certificate name.
+ * @return The generated signature.
*/
- Ptr<Signature>
- signByCertificate(const Blob& blob, const Name& certificateName);
-#endif
+ ptr_lib::shared_ptr<Signature>
+ signByCertificate(const uint8_t* data, size_t dataLength, const Name& certificateName);
/**
* Sign data packet based on the certificate name.
@@ -211,7 +237,7 @@
* @param keyName The name of the public key.
* @return The generated certificate.
*/
- ptr_lib::shared_ptr<Certificate>
+ ptr_lib::shared_ptr<IdentityCertificate>
selfSign(const Name& keyName);
ptr_lib::shared_ptr<IdentityStorage> identityStorage_;
diff --git a/include/ndn-cpp/security/identity/identity-storage.hpp b/include/ndn-cpp/security/identity/identity-storage.hpp
index db6ab0e..d514dc8 100644
--- a/include/ndn-cpp/security/identity/identity-storage.hpp
+++ b/include/ndn-cpp/security/identity/identity-storage.hpp
@@ -15,6 +15,7 @@
namespace ndn {
class Certificate;
+class IdentityCertificate;
class Data;
/**
@@ -117,10 +118,10 @@
/**
* Add a certificate to the identity storage.
- * @param certificate The certificate to be added.
+ * @param certificate The certificate to be added. This makes a copy of the certificate.
*/
virtual void
- addCertificate(const Certificate& certificate) = 0;
+ addCertificate(const IdentityCertificate& certificate) = 0;
/**
* Get a certificate from the identity storage.
diff --git a/include/ndn-cpp/security/identity/memory-identity-storage.hpp b/include/ndn-cpp/security/identity/memory-identity-storage.hpp
index ba0ea5a..cf8f318 100644
--- a/include/ndn-cpp/security/identity/memory-identity-storage.hpp
+++ b/include/ndn-cpp/security/identity/memory-identity-storage.hpp
@@ -113,10 +113,10 @@
/**
* Add a certificate to the identity storage.
- * @param certificate The certificate to be added.
+ * @param certificate The certificate to be added. This makes a copy of the certificate.
*/
virtual void
- addCertificate(const Certificate& certificate);
+ addCertificate(const IdentityCertificate& certificate);
/**
* Get a certificate from the identity storage.
diff --git a/include/ndn-cpp/security/key-chain.hpp b/include/ndn-cpp/security/key-chain.hpp
index 97db9d8..40e24fd 100644
--- a/include/ndn-cpp/security/key-chain.hpp
+++ b/include/ndn-cpp/security/key-chain.hpp
@@ -116,7 +116,7 @@
* @param certificate The certificate to to added.
*/
void
- installIdentityCertificate(const Certificate& certificate)
+ installIdentityCertificate(const IdentityCertificate& certificate)
{
identityManager_->addCertificate(certificate);
}
@@ -134,7 +134,7 @@
/**
* Get a certificate with the specified name.
* @param certificateName The name of the requested certificate.
- * @return the requested certificate.
+ * @return the requested certificate which is valid.
*/
ptr_lib::shared_ptr<Certificate>
getCertificate(const Name& certificateName)
@@ -154,6 +154,28 @@
}
/**
+ * Get an identity certificate with the specified name.
+ * @param certificateName The name of the requested certificate.
+ * @return the requested certificate which is valid.
+ */
+ ptr_lib::shared_ptr<IdentityCertificate>
+ getIdentityCertificate(const Name& certificateName)
+ {
+ return identityManager_->getCertificate(certificateName);
+ }
+
+ /**
+ * Get an identity certificate even if the certificate is not valid anymore.
+ * @param certificateName The name of the requested certificate.
+ * @return the requested certificate.
+ */
+ ptr_lib::shared_ptr<IdentityCertificate>
+ getAnyIdentityCertificate(const Name& certificateName)
+ {
+ return identityManager_->getAnyCertificate(certificateName);
+ }
+
+ /**
* Revoke a key
* @param keyName the name of the key that will be revoked
*/
diff --git a/include/ndn-cpp/util/blob.hpp b/include/ndn-cpp/util/blob.hpp
index af9432d..5bf5654 100644
--- a/include/ndn-cpp/util/blob.hpp
+++ b/include/ndn-cpp/util/blob.hpp
@@ -21,7 +21,7 @@
* of the string. However, like a JavaScript string, it is possible to change the pointer, and so this does allow
* the copy constructor and assignment to change the pointer. Also remember that the pointer can be null.
* (Note that we could have made Blob derive directly from vector<uint8_t> and then explicitly use
- * a pointer to it like shared_ptr<Blob>, but this does not enforce immutability because we can't declare
+ * a pointer to it like Blob, but this does not enforce immutability because we can't declare
* Blob as derived from const vector<uint8_t>.)
*/
class Blob : public ptr_lib::shared_ptr<const std::vector<uint8_t> > {