Feature #2451
Updated by Alex Afanasyev almost 10 years ago
Refactoring code from the SecPubInfo interface, and more precisely the sec-pub-info-sqlite3 concrete implementation into a series of abstractions. The general design is as follows: - SecIdentityManager - a mechanism class that is used to interact with the TPM, Pib, and Identities - SecIdentityInfo - a value-semantic class used to manage information relating to a particular identity, including accessing any keys associated with the Identity - SecKeyInfo - a value-semantic type used to manage information relating to a particular key including the type of key and associated certificates - DbUtil - a utility class to encapsulate common functionality used to access sqlite database More complete public interfaces are included below. A current topic relevant to the design that needs to be settled are the circumstances in which we should throw an exception. class SecIdentityManager { // A mechanism class to manage access to identities, TPM, and Pib. public: class Error : public SecPublicInfo::Error { public: explicit SecIdentityManager(const std::string& dir = ""); // ACCESSORS /** * @brief Get TPM Locator * * @throws SecPublicInfo::Error if the TPM info does not exist */ std::string getTpmLocator() const; /** * @brief Get PIB Locator */ std::string getPibLocator() const; /** * @brief Check if the specified identity already exists * * @param identityName The identity name * @return true if the identity exists, otherwise false */ bool doesIdentityExist(const Name& identityName) const; /** * @brief Get name of the default identity * * @throws SecPublicInfo::Error if there is no default. */ SecIdentityInfo& getDefaultIdentity() const; /** * @brief Get all the identities from public info, return a vector * with the results. */ std::vector<SecIdentityInfo>&& getAllIdentities() const; /** * @brief return the scheme of the PibLocator */ std::string getScheme() const; // MANIPULATORS /** * @brief Set the corresponding TPM information to @p tpmLocator * * If the provided @p tpmLocator is different from the existing one, the PIB will be reset, * otherwise nothing will be changed. * * For legacy issue, the TPM info may not exist (some old PIB content may not have this info), * this method will simply set the TPM info as provided without changing anything else. Thus an * ideal process of handling old PIB is to check if TPM info exists. If it does not exist, * then set it to the default value according to configuration. */ void setTpmLocator(const std::string& tpmLocator); /** * @brief Add a new identity * * if identity already exist, do not add it again * * @param identityName The identity name to be added */ void addIdentity(const Name& identityName); /** * @brief Set the default identity * * @param identityName The default identity name */ void setDefaultIdentity(const Name& identity); /** * @brief Delete an identity and related public keys and certificates * * @param identity The identity name */ void deleteIdentityInfo(const Name& identityName); }; class SecIdentityInfo { public: //CREATORS /** * @brief Create an a new 'SecIdentityInfo' for the identity with the specified 'identityName'. * * @param identityName The identity name */ SecIdentityInfo(Name& identityName); //ACCESSORS bool doesPublicKeyExist(const Name& keyName) const; /** * @brief Generate a key name for this identity * * @param useKsk If true, generate a KSK name, otherwise a DSK name * @return The a "SecKeyInfo" for the new key */ SecKeyInfo& getNewKeyInfo(bool useKsk) const; /** * @brief Get all the keys associated with this identity * @return A vector of all keys */ std::vector<SecKeyInfo>&& getAllKeys() const; /** * @brief Get name of the default key name for this identity * * @throws SecPublicInfo::Error if there is no default * * @return The keyInfo for the requested key */ SecKeyInfo& getDefaultKey() const; /** * @brief Get the KeyInfo for the key with the specified 'keyName'. * * @param keyName The name of the desired key * * @return The keyInfo for the requested key */ SecKeyInfo& getKey(const Name& keyName) const; //MANIPULATORS /** * @brief Delete a public key and related certificates related to the key * of the specifed 'name' associated with this identity. * * @param keyName The key name */ void deletePublicKeyInfo(const Name& keyName); /** * @brief Add a public key to the identity storage. * * @param keyName The name of the public key to be added * @param publicKey Reference to the PublicKey object */ void addKey(const Name& keyName, const PublicKey& publicKey); /** * @brief Set the default key name for the corresponding identity * * @param keyName The key name * @throws SecPublicInfo::Error if the key does not exist */ void setDefaultKeyName(const Name& keyName) const; }; class SecKeyInfo { public: SecKeyInfo(const Name& keyName); // ACCESSORS /** * @brief Check if the specified certificate already exists * * @param certificateName The name of the certificate */ bool doesCertificateExist(const Name& certificateName) const; /** * @brief Get a shared pointer to identity certificate object from the identity storage corresponding to this Key. * * @param certificateName The name of the requested certificate * @throws SecPublicInfo::Error if the certificate does not exist */ shared_ptr<IdentityCertificate> getCertificate(const Name& certificateName) const; /** * @brief Get all the certificate name in public info * * @return A vector will all certificates for this key. */ std::vector<IdentityCertificate>&& getAllCertificates(); /** * @brief Get the type of the queried public key * * @note KeyType is also available from PublicKey instance. * This method is more efficient if only KeyType is needed. * * @param keyName The name of the requested public key * @return the type of the key. If the queried key does not exist, KEY_TYPE_NULL will be returned */ virtual KeyType getPublicKeyType(const Name& keyName) // MANIPULATOR /** * @brief Add a certificate to the identity storage. * * It will add the corresponding public key and identity if they do not exist * * @param certificate The certificate to be added */ void addCertificate(const IdentityCertificate& certificate) /** * @brief Delete a certificate * * @param certificateName The certificate name */ void deleteCertificateInfo(const Name& certificateName) /** * @brief Add a certificate into the public key identity storage and set the certificate as the * default one of the default identity * * @param certificate The certificate to be added * @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare) */ void addCertificateAsSystemDefault(const IdentityCertificate& certificate); };