Feature #2451
Updated by Alex Afanasyev almost 10 years ago
Refactoring code from the SecPubInfo interface, and more precisely the sec-pub-info-sqlite3 concrete implementation into a series of abstractions.
The general design is as follows:
- SecIdentityManager - a mechanism class that is used to interact with the TPM, Pib, and Identities
- SecIdentityInfo - a value-semantic class used to manage information relating to a particular identity,
including accessing any keys associated with the Identity
- SecKeyInfo - a value-semantic type used to manage information relating to a particular key including
the type of key and associated certificates
- DbUtil - a utility class to encapsulate common functionality used to access sqlite database
More complete public interfaces are included below.
A current topic relevant to the design that needs to be settled are the circumstances in which we should throw an exception.
class SecIdentityManager {
// A mechanism class to manage access to identities, TPM, and Pib.
public:
class Error : public SecPublicInfo::Error
{
public:
explicit
SecIdentityManager(const std::string& dir = "");
// ACCESSORS
/**
* @brief Get TPM Locator
*
* @throws SecPublicInfo::Error if the TPM info does not exist
*/
std::string
getTpmLocator() const;
/**
* @brief Get PIB Locator
*/
std::string
getPibLocator() const;
/**
* @brief Check if the specified identity already exists
*
* @param identityName The identity name
* @return true if the identity exists, otherwise false
*/
bool
doesIdentityExist(const Name& identityName) const;
/**
* @brief Get name of the default identity
*
* @throws SecPublicInfo::Error if there is no default.
*/
SecIdentityInfo&
getDefaultIdentity() const;
/**
* @brief Get all the identities from public info, return a vector
* with the results.
*/
std::vector<SecIdentityInfo>&&
getAllIdentities() const;
/**
* @brief return the scheme of the PibLocator
*/
std::string
getScheme() const;
// MANIPULATORS
/**
* @brief Set the corresponding TPM information to @p tpmLocator
*
* If the provided @p tpmLocator is different from the existing one, the PIB will be reset,
* otherwise nothing will be changed.
*
* For legacy issue, the TPM info may not exist (some old PIB content may not have this info),
* this method will simply set the TPM info as provided without changing anything else. Thus an
* ideal process of handling old PIB is to check if TPM info exists. If it does not exist,
* then set it to the default value according to configuration.
*/
void
setTpmLocator(const std::string& tpmLocator);
/**
* @brief Add a new identity
*
* if identity already exist, do not add it again
*
* @param identityName The identity name to be added
*/
void
addIdentity(const Name& identityName);
/**
* @brief Set the default identity
*
* @param identityName The default identity name
*/
void
setDefaultIdentity(const Name& identity);
/**
* @brief Delete an identity and related public keys and certificates
*
* @param identity The identity name
*/
void
deleteIdentityInfo(const Name& identityName);
};
class SecIdentityInfo {
public:
//CREATORS
/**
* @brief Create an a new 'SecIdentityInfo' for the identity with the
specified 'identityName'.
*
* @param identityName The identity name
*/
SecIdentityInfo(Name& identityName);
//ACCESSORS
bool
doesPublicKeyExist(const Name& keyName) const;
/**
* @brief Generate a key name for this identity
*
* @param useKsk If true, generate a KSK name, otherwise a DSK name
* @return The a "SecKeyInfo" for the new key
*/
SecKeyInfo&
getNewKeyInfo(bool useKsk) const;
/**
* @brief Get all the keys associated with this identity
* @return A vector of all keys
*/
std::vector<SecKeyInfo>&&
getAllKeys() const;
/**
* @brief Get name of the default key name for this identity
*
* @throws SecPublicInfo::Error if there is no default
*
* @return The keyInfo for the requested key
*/
SecKeyInfo&
getDefaultKey() const;
/**
* @brief Get the KeyInfo for the key with the specified 'keyName'.
*
* @param keyName The name of the desired key
*
* @return The keyInfo for the requested key
*/
SecKeyInfo&
getKey(const Name& keyName) const;
//MANIPULATORS
/**
* @brief Delete a public key and related certificates related to the key
* of the specifed 'name' associated with this identity.
*
* @param keyName The key name
*/
void
deletePublicKeyInfo(const Name& keyName);
/**
* @brief Add a public key to the identity storage.
*
* @param keyName The name of the public key to be added
* @param publicKey Reference to the PublicKey object
*/
void
addKey(const Name& keyName, const PublicKey& publicKey);
/**
* @brief Set the default key name for the corresponding identity
*
* @param keyName The key name
* @throws SecPublicInfo::Error if the key does not exist
*/
void
setDefaultKeyName(const Name& keyName) const;
};
class SecKeyInfo {
public:
SecKeyInfo(const Name& keyName);
// ACCESSORS
/**
* @brief Check if the specified certificate already exists
*
* @param certificateName The name of the certificate
*/
bool
doesCertificateExist(const Name& certificateName) const;
/**
* @brief Get a shared pointer to identity certificate object
from the identity storage corresponding to this Key.
*
* @param certificateName The name of the requested certificate
* @throws SecPublicInfo::Error if the certificate does not exist
*/
shared_ptr<IdentityCertificate>
getCertificate(const Name& certificateName) const;
/**
* @brief Get all the certificate name in public info
*
* @return A vector will all certificates for this key.
*/
std::vector<IdentityCertificate>&&
getAllCertificates();
/**
* @brief Get the type of the queried public key
*
* @note KeyType is also available from PublicKey instance.
* This method is more efficient if only KeyType is needed.
*
* @param keyName The name of the requested public key
* @return the type of the key. If the queried key does not exist, KEY_TYPE_NULL will be returned
*/
virtual KeyType
getPublicKeyType(const Name& keyName)
// MANIPULATOR
/**
* @brief Add a certificate to the identity storage.
*
* It will add the corresponding public key and identity if they do not exist
*
* @param certificate The certificate to be added
*/
void
addCertificate(const IdentityCertificate& certificate)
/**
* @brief Delete a certificate
*
* @param certificateName The certificate name
*/
void
deleteCertificateInfo(const Name& certificateName)
/**
* @brief Add a certificate into the public key identity storage and set the certificate as the
* default one of the default identity
*
* @param certificate The certificate to be added
* @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
*/
void
addCertificateAsSystemDefault(const IdentityCertificate& certificate);
};