Project

General

Profile

Actions

Feature #2451

closed

New Abstraction for Identity Key Certificate

Added by Michael Sweatt almost 10 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
01/29/2015
Due date:
% Done:

100%

Estimated time:

Description

Refactoring code from the SecPubInfo interface, and more precisely the sec-pub-info-sqlite3 concrete implementation into a series of abstractions.

The general design is as follows:

  • SecIdentityManager - a mechanism class that is used to interact with the TPM, Pib, and Identities
  • SecIdentityInfo - a value-semantic class used to manage information relating to a particular identity, including accessing any keys associated with the Identity
  • SecKeyInfo - a value-semantic type used to manage information relating to a particular key including the type of key and associated certificates
  • DbUtil - a utility class to encapsulate common functionality used to access sqlite database

More complete public interfaces are included below.

A current topic relevant to the design that needs to be settled are the circumstances in which we should throw an exception.

class SecIdentityManager {
// A mechanism class to manage access to identities, TPM, and Pib.
public:
  explicit
  SecIdentityManager(const std::string& dir = "");
  // ACCESSORS
  /**
   * @brief Get TPM Locator
   *
   * @throws SecPublicInfo::Error if the TPM info does not exist
  */
  std::string
  getTpmLocator() const;

  /**
   * @brief Get PIB Locator
  */
  std::string
  getPibLocator() const;

  /**
   * @brief Check if the specified identity already exists
   *
   * @param identityName The identity name
   * @return true if the identity exists, otherwise false
  */
  bool
  doesIdentityExist(const Name& identityName) const;

  /**
   * @brief Get name of the default identity
   *
   * @throws SecPublicInfo::Error if there is no default.
  */
  SecIdentityInfo&
  getDefaultIdentity() const;

  /**
   * @brief Get all the identities from public info, return a vector
   * with the results.
  */
  std::vector<SecIdentityInfo>&&
  getAllIdentities() const;

    /**
   * @brief return the scheme of the PibLocator
   */
  std::string
  getScheme() const;

  // MANIPULATORS
  /**
   * @brief Set the corresponding TPM information to @p tpmLocator
   *
   * If the provided @p tpmLocator is different from the existing one, the PIB will be reset,
   * otherwise nothing will be changed.
   *
   * For legacy issue, the TPM info may not exist (some old PIB content may not have this info),
   * this method will simply set the TPM info as provided without changing anything else. Thus an
   * ideal process of handling old PIB is to check if TPM info exists. If it does not exist,
   * then set it to the default value according to configuration.
  */
  void
  setTpmLocator(const std::string& tpmLocator);

  /**
   * @brief Add a new identity
   *
   * if identity already exist, do not add it again
   *
   * @param identityName The identity name to be added
  */
  void
  addIdentity(const Name& identityName);

  /**
   * @brief Set the default identity
   *
   * @param identityName The default identity name
   */
  void
  setDefaultIdentity(const Name& identity);

    /**
   * @brief Delete an identity and related public keys and certificates
   *
   * @param identity The identity name
  */
  void
  deleteIdentityInfo(const Name& identityName);
};

class SecIdentityInfo {

public: 
    //CREATORS
    /** 
      * @brief Create an a new 'SecIdentityInfo' for the identity with the
        specified 'identityName'.
      *
      * @param identityName The identity name
    */
    SecIdentityInfo(Name& identityName);

    //ACCESSORS 
    bool
    doesPublicKeyExist(const Name& keyName) const;

   /**
    * @brief Generate a key name for this identity
    *
    * @param useKsk If true, generate a KSK name, otherwise a DSK name
    * @return The a "SecKeyInfo" for the new key
    */
    SecKeyInfo&
    getNewKeyInfo(bool useKsk) const;

   /**
    * @brief Get all the keys associated with this identity
    * @return A vector of all keys
    */
    std::vector<SecKeyInfo>&& 
    getAllKeys() const;

   /**
    * @brief Get name of the default key name for this identity
    *
    * @throws SecPublicInfo::Error if there is no default
    *
    * @return The keyInfo for the requested key
    */
    SecKeyInfo&
    getDefaultKey() const;

    /**
    * @brief Get the KeyInfo for the key with the specified 'keyName'.
    *
    * @param keyName The name of the desired key 
    *
    * @return The keyInfo for the requested key
    */
    SecKeyInfo&
    getKey(const Name& keyName) const;

   //MANIPULATORS

   /**
    * @brief Delete a public key and related certificates related to the key
    * of the specifed 'name' associated with this identity.
    *
    * @param keyName The key name
    */ 

    void
    deletePublicKeyInfo(const Name& keyName);

   /**
    * @brief Add a public key to the identity storage.
    *
    * @param keyName The name of the public key to be added
    * @param publicKey Reference to the PublicKey object
    */
    void
    addKey(const Name& keyName, const PublicKey& publicKey);


   /**
    * @brief Set the default key name for the corresponding identity
    *
    * @param keyName The key name
    * @throws SecPublicInfo::Error if the key does not exist
    */
    void
    setDefaultKeyName(const Name& keyName) const;
};

class SecKeyInfo {
public:
  SecKeyInfo(const Name& keyName);

   // ACCESSORS
   /**
    * @brief Check if the specified certificate already exists
    *
    * @param certificateName The name of the certificate
    */
   bool
   doesCertificateExist(const Name& certificateName) const;

   /**
   * @brief Get a shared pointer to identity certificate object 
            from the identity storage corresponding to this Key.
   *
   * @param certificateName The name of the requested certificate
   * @throws SecPublicInfo::Error if the certificate does not exist
   */
   shared_ptr<IdentityCertificate>
   getCertificate(const Name& certificateName) const;

   /**
    * @brief Get all the certificate name in public info
    *
    * @return A vector will all certificates for this key.
    */
   std::vector<IdentityCertificate>&&
   getAllCertificates();    

  /**
   * @brief Get the type of the queried public key
   *
   * @note KeyType is also available from PublicKey instance.
   *       This method is more efficient if only KeyType is needed.
   *
   * @param keyName The name of the requested public key
   * @return the type of the key. If the queried key does not exist, KEY_TYPE_NULL will be returned
   */
  virtual KeyType
  getPublicKeyType(const Name& keyName)

  // MANIPULATOR
  /**
   * @brief Add a certificate to the identity storage.
   *
   * It will add the corresponding public key and identity if they do not exist
   *
   * @param certificate The certificate to be added
   */
  void
  addCertificate(const IdentityCertificate& certificate)

  /**
   * @brief Delete a certificate
   *
   * @param certificateName The certificate name
   */
  void
  deleteCertificateInfo(const Name& certificateName)

  /**
   * @brief Add a certificate into the public key identity storage and set the certificate as the
   *        default one of the default identity
   *
   * @param certificate The certificate to be added
   * @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
   */
  void
  addCertificateAsSystemDefault(const IdentityCertificate& certificate);

};

Files

Pib.jpg (50.8 KB) Pib.jpg Alex Afanasyev, 01/31/2015 04:12 PM
pib.vpp (427 KB) pib.vpp Michael Sweatt, 02/03/2015 05:05 PM
pib.vpp (427 KB) pib.vpp Michael Sweatt, 02/12/2015 06:35 PM
Pib.jpg (64.7 KB) Pib.jpg Michael Sweatt, 02/23/2015 02:33 PM
Pib.jpg (387 KB) Pib.jpg Michael Sweatt, 02/25/2015 10:33 PM

Related issues 3 (0 open3 closed)

Blocks ndn-cxx - Bug #2385: Inconsistent interface / use of interface in PIBRejectedYingdi Yu

Actions
Blocks ndn-cxx - Task #2306: Adjust KeyChain exception handlingClosedYingdi Yu12/16/2014

Actions
Blocks ndn-cxx - Feature #1705: Select DigestSha256 signing method with Identity NameClosedYingdi Yu

Actions
Actions

Also available in: Atom PDF