Project

General

Profile

Actions

Task #2306

closed

Adjust KeyChain exception handling

Added by Yingdi Yu almost 10 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
12/16/2014
Due date:
% Done:

100%

Estimated time:

Description

KeyChain and related classes may throw some exceptions.
Some exceptions, however, could be avoided.

For example, when getting a public key which does not exist, current implementation throws an exception.
However, since the return value is a shared pointer to the public key, it is more reasonable to return a empty pointer in this case.

Another example is getting default settings in PIB.
Current implementation throws exceptions if the requested default setting is not available.
However, since neither key name nor certificate name could be empty, an empty name as a return value can be a good indicator that these two types of default settings are not available.
For default identity, since now PIB has at least one identity "/localhost/identity/digest-sha256", when default identity is not set, PIB can automatically set "/localhost/identity/digest-sha256" as the default identity.

The third example is signing.
Current implementation may throw exception when the requested signing identity or key or certificate is not available.
With the "/localhost/identity/digest-sha256", if the situation above happens, DigestSha256 will be used to "sign" packets.
The purpose is that signing should never fail, even if a weak signature is used.
Therefore, an application should check if its keychain is well configured during the initialization stage.


Related issues 2 (0 open2 closed)

Blocked by ndn-cxx - Feature #2451: New Abstraction for Identity Key CertificateClosedYingdi Yu01/29/2015

Actions
Blocks ndn-cxx - Task #2926: Refactor KeyChainClosedYingdi Yu

Actions
Actions

Also available in: Atom PDF