27 #include "../signature-sha256-with-rsa.hpp" 28 #include "../signature-sha256-with-ecdsa.hpp" 29 #include "../../data.hpp" 36 #include <boost/filesystem.hpp> 48 "CREATE TABLE IF NOT EXISTS " 50 " tpm_locator BLOB NOT NULL," 51 " PRIMARY KEY (tpm_locator) " 55 "CREATE TABLE IF NOT EXISTS " 57 " identity_name BLOB NOT NULL, " 58 " default_identity INTEGER DEFAULT 0, " 59 " PRIMARY KEY (identity_name) " 61 "CREATE INDEX identity_index ON Identity(identity_name);";
64 "CREATE TABLE IF NOT EXISTS " 66 " identity_name BLOB NOT NULL, " 67 " key_identifier BLOB NOT NULL, " 70 " default_key INTEGER DEFAULT 0, " 71 " active INTEGER DEFAULT 0, " 72 " PRIMARY KEY (identity_name, key_identifier)" 74 "CREATE INDEX key_index ON Key(identity_name); ";
78 "CREATE TABLE IF NOT EXISTS " 80 " cert_name BLOB NOT NULL, " 81 " cert_issuer BLOB NOT NULL, " 82 " identity_name BLOB NOT NULL, " 83 " key_identifier BLOB NOT NULL, " 84 " not_before TIMESTAMP, " 85 " not_after TIMESTAMP, " 86 " certificate_data BLOB NOT NULL, " 87 " valid_flag INTEGER DEFAULT 1, " 88 " default_cert INTEGER DEFAULT 0, " 89 " PRIMARY KEY (cert_name) " 91 "CREATE INDEX cert_index ON Certificate(cert_name); " 92 "CREATE INDEX subject ON Certificate(identity_name);";
102 void(*destructor)(
void*))
104 return sqlite3_bind_text(statement, index, value.c_str(), value.size(), destructor);
110 return string(reinterpret_cast<const char*>(sqlite3_column_text(statement, column)),
111 sqlite3_column_bytes(statement, column));
116 , m_database(nullptr)
118 boost::filesystem::path identityDir;
120 #ifdef NDN_CXX_HAVE_TESTS 121 if (getenv(
"TEST_HOME") !=
nullptr) {
122 identityDir = boost::filesystem::path(getenv(
"TEST_HOME")) /
".ndn";
125 #endif // NDN_CXX_HAVE_TESTS 126 if (getenv(
"HOME") !=
nullptr) {
127 identityDir = boost::filesystem::path(getenv(
"HOME")) /
".ndn";
130 identityDir = boost::filesystem::path(
".") /
".ndn";
134 identityDir = boost::filesystem::path(dir);
136 boost::filesystem::create_directories(identityDir);
139 int res = sqlite3_open_v2((identityDir /
"ndnsec-public-info.db").c_str(), &m_database,
140 SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE,
141 #ifdef NDN_CXX_DISABLE_SQLITE3_FS_LOCKING
147 if (res != SQLITE_OK)
148 BOOST_THROW_EXCEPTION(
Error(
"identity DB cannot be opened/created"));
151 BOOST_ASSERT(m_database !=
nullptr);
153 initializeTable(
"TpmInfo", INIT_TPM_INFO_TABLE);
154 initializeTable(
"Identity", INIT_ID_TABLE);
155 initializeTable(
"Key", INIT_KEY_TABLE);
156 initializeTable(
"Certificate", INIT_CERT_TABLE);
161 sqlite3_close(m_database);
162 m_database =
nullptr;
166 SecPublicInfoSqlite3::doesTableExist(
const string& tableName)
169 bool doesTableExist =
false;
170 string checkingString =
171 "SELECT name FROM sqlite_master WHERE type='table' AND name='" + tableName +
"'";
173 sqlite3_stmt* statement =
nullptr;
174 sqlite3_prepare_v2(m_database, checkingString.c_str(), -1, &statement, 0);
176 int result = sqlite3_step(statement);
177 if (result == SQLITE_ROW)
178 doesTableExist =
true;
179 sqlite3_finalize(statement);
181 return doesTableExist;
185 SecPublicInfoSqlite3::initializeTable(
const string& tableName,
const string& initCommand)
188 if (!doesTableExist(tableName)) {
189 char* errorMessage = 0;
190 int result = sqlite3_exec(m_database, initCommand.c_str(), NULL, NULL, &errorMessage);
192 if (result != SQLITE_OK && errorMessage != 0) {
193 sqlite3_free(errorMessage);
202 SecPublicInfoSqlite3::deleteTable(
const string& tableName)
204 string query =
"DROP TABLE IF EXISTS " + tableName;
206 sqlite3_stmt* statement =
nullptr;
207 sqlite3_prepare_v2(m_database, query.c_str(), -1, &statement, 0);
209 sqlite3_step(statement);
210 sqlite3_finalize(statement);
221 setTpmLocatorInternal(tpmLocator,
false);
225 if (currentTpm == tpmLocator)
228 setTpmLocatorInternal(tpmLocator,
true);
234 sqlite3_stmt* statement =
nullptr;
235 sqlite3_prepare_v2(m_database,
"SELECT tpm_locator FROM TpmInfo", -1, &statement, 0);
237 int res = sqlite3_step(statement);
239 if (res == SQLITE_ROW) {
241 sqlite3_finalize(statement);
245 sqlite3_finalize(statement);
251 SecPublicInfoSqlite3::setTpmLocatorInternal(
const string& tpmLocator,
bool needReset)
253 sqlite3_stmt* statement =
nullptr;
256 deleteTable(
"Identity");
258 deleteTable(
"Certificate");
260 initializeTable(
"Identity", INIT_ID_TABLE);
261 initializeTable(
"Key", INIT_KEY_TABLE);
262 initializeTable(
"Certificate", INIT_CERT_TABLE);
264 sqlite3_prepare_v2(m_database,
"UPDATE TpmInfo SET tpm_locator = ?",
270 sqlite3_prepare_v2(m_database,
"INSERT INTO TpmInfo (tpm_locator) VALUES (?)",
275 sqlite3_step(statement);
276 sqlite3_finalize(statement);
282 return string(
"pib-sqlite3:").append(
m_location);
290 sqlite3_stmt* statement =
nullptr;
291 sqlite3_prepare_v2(m_database,
292 "SELECT count(*) FROM Identity WHERE identity_name=?",
296 int res = sqlite3_step(statement);
298 if (res == SQLITE_ROW) {
299 int countAll = sqlite3_column_int(statement, 0);
304 sqlite3_finalize(statement);
315 sqlite3_stmt* statement =
nullptr;
317 sqlite3_prepare_v2(m_database,
318 "INSERT OR REPLACE INTO Identity (identity_name) values (?)",
323 sqlite3_step(statement);
325 sqlite3_finalize(statement);
339 BOOST_THROW_EXCEPTION(
Error(
"Incorrect key name " + keyName.
toUri()));
341 string keyId = keyName.
get(-1).
toUri();
344 sqlite3_stmt* statement =
nullptr;
345 sqlite3_prepare_v2(m_database,
346 "SELECT count(*) FROM Key WHERE identity_name=? AND key_identifier=?",
352 int res = sqlite3_step(statement);
354 bool keyIdExist =
false;
355 if (res == SQLITE_ROW) {
356 int countAll = sqlite3_column_int(statement, 0);
361 sqlite3_finalize(statement);
376 string keyId = keyName.
get(-1).
toUri();
381 sqlite3_stmt* statement =
nullptr;
382 sqlite3_prepare_v2(m_database,
383 "INSERT OR REPLACE INTO Key \ 384 (identity_name, key_identifier, key_type, public_key) \ 385 values (?, ?, ?, ?)",
390 sqlite3_bind_int(statement, 3, static_cast<int>(publicKeyDer.
getKeyType()));
391 sqlite3_bind_blob(statement, 4,
393 publicKeyDer.
get().size(),
396 sqlite3_step(statement);
398 sqlite3_finalize(statement);
401 shared_ptr<PublicKey>
405 BOOST_THROW_EXCEPTION(
Error(
"SecPublicInfoSqlite3::getPublicKey Empty keyName"));
407 string keyId = keyName.
get(-1).
toUri();
410 sqlite3_stmt* statement =
nullptr;
411 sqlite3_prepare_v2(m_database,
412 "SELECT public_key FROM Key WHERE identity_name=? AND key_identifier=?",
418 int res = sqlite3_step(statement);
420 shared_ptr<PublicKey> result;
421 if (res == SQLITE_ROW) {
422 result = make_shared<PublicKey>(
static_cast<const uint8_t*
>(sqlite3_column_blob(statement, 0)),
423 sqlite3_column_bytes(statement, 0));
424 sqlite3_finalize(statement);
428 sqlite3_finalize(statement);
429 BOOST_THROW_EXCEPTION(
Error(
"SecPublicInfoSqlite3::getPublicKey public key does not exist"));
439 string keyId = keyName.
get(-1).
toUri();
442 sqlite3_stmt* statement =
nullptr;
443 sqlite3_prepare_v2(m_database,
444 "SELECT key_type FROM Key WHERE identity_name=? AND key_identifier=?",
450 int res = sqlite3_step(statement);
452 if (res == SQLITE_ROW) {
453 int typeValue = sqlite3_column_int(statement, 0);
454 sqlite3_finalize(statement);
455 return static_cast<KeyType>(typeValue);
458 sqlite3_finalize(statement);
466 sqlite3_stmt* statement =
nullptr;
467 sqlite3_prepare_v2(m_database,
468 "SELECT count(*) FROM Certificate WHERE cert_name=?",
473 int res = sqlite3_step(statement);
475 bool certExist =
false;
476 if (res == SQLITE_ROW) {
477 int countAll = sqlite3_column_int(statement, 0);
482 sqlite3_finalize(statement);
490 const Name& certificateName = certificate.
getName();
500 string keyId = keyName.
get(-1).
toUri();
504 sqlite3_stmt* statement =
nullptr;
505 sqlite3_prepare_v2(m_database,
506 "INSERT OR REPLACE INTO Certificate \ 507 (cert_name, cert_issuer, identity_name, key_identifier, \ 508 not_before, not_after, certificate_data) \ 509 values (?, ?, ?, ?, datetime(?, 'unixepoch'), datetime(?, 'unixepoch'), ?)",
527 sqlite3_bind_int64(statement, 5,
529 sqlite3_bind_int64(statement, 6,
532 sqlite3_bind_blob(statement, 7,
537 sqlite3_step(statement);
539 sqlite3_finalize(statement);
542 shared_ptr<IdentityCertificate>
545 sqlite3_stmt* statement =
nullptr;
547 sqlite3_prepare_v2(m_database,
548 "SELECT certificate_data FROM Certificate WHERE cert_name=?",
553 int res = sqlite3_step(statement);
555 if (res == SQLITE_ROW) {
556 shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>();
558 certificate->wireDecode(
Block(static_cast<const uint8_t*>(sqlite3_column_blob(statement, 0)),
559 sqlite3_column_bytes(statement, 0)));
562 sqlite3_finalize(statement);
563 BOOST_THROW_EXCEPTION(
Error(
"SecPublicInfoSqlite3::getCertificate certificate cannot be " 567 sqlite3_finalize(statement);
571 sqlite3_finalize(statement);
572 BOOST_THROW_EXCEPTION(
Error(
"SecPublicInfoSqlite3::getCertificate certificate does not " 581 sqlite3_stmt* statement =
nullptr;
582 sqlite3_prepare_v2(m_database,
583 "SELECT identity_name FROM Identity WHERE default_identity=1",
586 int res = sqlite3_step(statement);
588 if (res == SQLITE_ROW) {
590 sqlite3_finalize(statement);
594 sqlite3_finalize(statement);
595 BOOST_THROW_EXCEPTION(
Error(
"SecPublicInfoSqlite3::getDefaultIdentity no default identity"));
600 SecPublicInfoSqlite3::setDefaultIdentityInternal(
const Name& identityName)
604 sqlite3_stmt* statement =
nullptr;
607 sqlite3_prepare_v2(m_database,
608 "UPDATE Identity SET default_identity=0 WHERE default_identity=1",
611 while (sqlite3_step(statement) == SQLITE_ROW)
614 sqlite3_finalize(statement);
617 sqlite3_prepare_v2(m_database,
618 "UPDATE Identity SET default_identity=1 WHERE identity_name=?",
623 sqlite3_step(statement);
625 sqlite3_finalize(statement);
631 sqlite3_stmt* statement =
nullptr;
632 sqlite3_prepare_v2(m_database,
633 "SELECT key_identifier FROM Key WHERE identity_name=? AND default_key=1",
638 int res = sqlite3_step(statement);
640 if (res == SQLITE_ROW) {
641 Name keyName = identityName;
642 keyName.
append(
string(reinterpret_cast<const char*>(sqlite3_column_text(statement, 0)),
643 sqlite3_column_bytes(statement, 0)));
644 sqlite3_finalize(statement);
648 sqlite3_finalize(statement);
649 BOOST_THROW_EXCEPTION(
Error(
"SecPublicInfoSqlite3::getDefaultKeyNameForIdentity key not " 655 SecPublicInfoSqlite3::setDefaultKeyNameForIdentityInternal(
const Name& keyName)
658 BOOST_THROW_EXCEPTION(
Error(
"Key does not exist:" + keyName.
toUri()));
660 string keyId = keyName.
get(-1).
toUri();
663 sqlite3_stmt* statement =
nullptr;
666 sqlite3_prepare_v2(m_database,
667 "UPDATE Key SET default_key=0 WHERE default_key=1 and identity_name=?",
672 while (sqlite3_step(statement) == SQLITE_ROW)
675 sqlite3_finalize(statement);
678 sqlite3_prepare_v2(m_database,
679 "UPDATE Key SET default_key=1 WHERE identity_name=? AND key_identifier=?",
685 sqlite3_step(statement);
687 sqlite3_finalize(statement);
694 BOOST_THROW_EXCEPTION(
Error(
"SecPublicInfoSqlite3::getDefaultCertificateNameForKey wrong key"));
696 string keyId = keyName.
get(-1).
toUri();
699 sqlite3_stmt* statement =
nullptr;
700 sqlite3_prepare_v2(m_database,
701 "SELECT cert_name FROM Certificate \ 702 WHERE identity_name=? AND key_identifier=? AND default_cert=1",
708 int res = sqlite3_step(statement);
710 if (res == SQLITE_ROW) {
711 Name certName(
string(reinterpret_cast<const char*>(sqlite3_column_text(statement, 0)),
712 sqlite3_column_bytes(statement, 0)));
713 sqlite3_finalize(statement);
717 sqlite3_finalize(statement);
718 BOOST_THROW_EXCEPTION(
Error(
"certificate not found"));
723 SecPublicInfoSqlite3::setDefaultCertificateNameForKeyInternal(
const Name& certificateName)
726 BOOST_THROW_EXCEPTION(
Error(
"certificate does not exist:" + certificateName.
toUri()));
729 string keyId = keyName.
get(-1).
toUri();
732 sqlite3_stmt* statement =
nullptr;
735 sqlite3_prepare_v2(m_database,
736 "UPDATE Certificate SET default_cert=0 \ 737 WHERE default_cert=1 AND identity_name=? AND key_identifier=?",
743 while (sqlite3_step(statement) == SQLITE_ROW)
746 sqlite3_finalize(statement);
749 sqlite3_prepare_v2(m_database,
750 "UPDATE Certificate SET default_cert=1 \ 751 WHERE identity_name=? AND key_identifier=? AND cert_name=?",
758 sqlite3_step(statement);
760 sqlite3_finalize(statement);
768 sqlite3_prepare_v2(m_database,
769 "SELECT identity_name FROM Identity WHERE default_identity=1",
772 sqlite3_prepare_v2(m_database,
773 "SELECT identity_name FROM Identity WHERE default_identity=0",
776 while (sqlite3_step(stmt) == SQLITE_ROW)
777 nameList.push_back(
Name(
string(reinterpret_cast<const char*>(sqlite3_column_text(stmt, 0)),
778 sqlite3_column_bytes(stmt, 0))));
780 sqlite3_finalize(stmt);
789 sqlite3_prepare_v2(m_database,
790 "SELECT identity_name, key_identifier FROM Key WHERE default_key=1",
793 sqlite3_prepare_v2(m_database,
794 "SELECT identity_name, key_identifier FROM Key WHERE default_key=0",
797 while (sqlite3_step(stmt) == SQLITE_ROW) {
798 Name keyName(
string(reinterpret_cast<const char*>(sqlite3_column_text(stmt, 0)),
799 sqlite3_column_bytes(stmt, 0)));
800 keyName.
append(
string(reinterpret_cast<const char*>(sqlite3_column_text(stmt, 1)),
801 sqlite3_column_bytes(stmt, 1)));
802 nameList.push_back(keyName);
804 sqlite3_finalize(stmt);
809 vector<Name>& nameList,
815 sqlite3_prepare_v2(m_database,
816 "SELECT key_identifier FROM Key WHERE default_key=1 and identity_name=?",
819 sqlite3_prepare_v2(m_database,
820 "SELECT key_identifier FROM Key WHERE default_key=0 and identity_name=?",
825 while (sqlite3_step(stmt) == SQLITE_ROW) {
826 Name keyName(identity);
827 keyName.
append(
string(reinterpret_cast<const char*>(sqlite3_column_text(stmt, 0)),
828 sqlite3_column_bytes(stmt, 0)));
829 nameList.push_back(keyName);
831 sqlite3_finalize(stmt);
840 sqlite3_prepare_v2(m_database,
841 "SELECT cert_name FROM Certificate WHERE default_cert=1",
844 sqlite3_prepare_v2(m_database,
845 "SELECT cert_name FROM Certificate WHERE default_cert=0",
848 while (sqlite3_step(stmt) == SQLITE_ROW)
849 nameList.push_back(
string(reinterpret_cast<const char*>(sqlite3_column_text(stmt, 0)),
850 sqlite3_column_bytes(stmt, 0)));
852 sqlite3_finalize(stmt);
857 vector<Name>& nameList,
865 sqlite3_prepare_v2(m_database,
866 "SELECT cert_name FROM Certificate \ 867 WHERE default_cert=1 and identity_name=? and key_identifier=?",
870 sqlite3_prepare_v2(m_database,
871 "SELECT cert_name FROM Certificate \ 872 WHERE default_cert=0 and identity_name=? and key_identifier=?",
878 std::string baseKeyName = keyName.
get(-1).
toUri();
881 while (sqlite3_step(stmt) == SQLITE_ROW)
882 nameList.push_back(
string(reinterpret_cast<const char*>(sqlite3_column_text(stmt, 0)),
883 sqlite3_column_bytes(stmt, 0)));
885 sqlite3_finalize(stmt);
891 if (certName.
empty())
895 sqlite3_prepare_v2(m_database,
"DELETE FROM Certificate WHERE cert_name=?", -1, &stmt, 0);
898 sqlite3_finalize(stmt);
908 string keyId = keyName.
get(-1).
toUri();
911 sqlite3_prepare_v2(m_database,
912 "DELETE FROM Certificate WHERE identity_name=? and key_identifier=?",
917 sqlite3_finalize(stmt);
919 sqlite3_prepare_v2(m_database,
920 "DELETE FROM Key WHERE identity_name=? and key_identifier=?",
925 sqlite3_finalize(stmt);
931 string identity = identityName.
toUri();
934 sqlite3_prepare_v2(m_database,
"DELETE FROM Certificate WHERE identity_name=?", -1, &stmt, 0);
937 sqlite3_finalize(stmt);
939 sqlite3_prepare_v2(m_database,
"DELETE FROM Key WHERE identity_name=?", -1, &stmt, 0);
942 sqlite3_finalize(stmt);
944 sqlite3_prepare_v2(m_database,
"DELETE FROM Identity WHERE identity_name=?", -1, &stmt, 0);
947 sqlite3_finalize(stmt);
951 SecPublicInfoSqlite3::getScheme()
static Name certificateNameToPublicKeyName(const Name &certificateName)
Get the public key name from the full certificate name.
Copyright (c) 2013-2017 Regents of the University of California.
static const string INIT_CERT_TABLE
const Buffer & get() const
virtual Name getDefaultCertificateNameForKey(const Name &keyName)
Get name of the default certificate name for the specified key.
virtual Name getDefaultKeyNameForIdentity(const Name &identityName)
Get name of the default key name for the specified identity.
virtual shared_ptr< PublicKey > getPublicKey(const Name &keyName)
Get shared pointer to PublicKey object from the identity storage.
virtual bool doesCertificateExist(const Name &certificateName)
Check if the specified certificate already exists.
virtual void addCertificate(const IdentityCertificate &certificate)
Add a certificate to the identity storage.
virtual bool revokeIdentity()
Revoke the identity.
virtual KeyType getPublicKeyType(const Name &keyName)
Get the type of the queried public key.
const Signature & getSignature() const
Get Signature.
static const string INIT_TPM_INFO_TABLE
const KeyLocator & getKeyLocator() const
Get KeyLocator.
Represents a TLV element of NDN packet format.
static int sqlite3_bind_string(sqlite3_stmt *statement, int index, const string &value, void(*destructor)(void *))
A utility function to call the normal sqlite3_bind_text where the value and length are value...
virtual void setTpmLocator(const std::string &tpmLocator)
Set the corresponding TPM information to tpmLocator.
virtual void deleteCertificateInfo(const Name &certificateName)
Delete a certificate.
virtual bool doesPublicKeyExist(const Name &keyName)
Check if the specified key already exists.
virtual void deletePublicKeyInfo(const Name &keyName)
Delete a public key and related certificates.
virtual shared_ptr< IdentityCertificate > getCertificate(const Name &certificateName)
Get a shared pointer to identity certificate object from the identity storage.
virtual void getAllCertificateNamesOfKey(const Name &keyName, std::vector< Name > &nameList, bool isDefault)
Get all the certificate name of a particular key name.
Name & append(const Component &component)
Append a component.
virtual void addKey(const Name &keyName, const PublicKey &publicKeyDer)
Add a public key to the identity storage.
std::string toUri() const
Get URI representation of the name.
const Name & getName() const
get Name element
KeyType getKeyType() const
static const std::string SCHEME
size_t wireEncode(EncodingImpl< TAG > &encoder, bool wantUnsignedPortionOnly=false) const
Fast encoding or block size estimation.
PublicKey & getPublicKeyInfo()
static const string INIT_ID_TABLE
virtual bool doesIdentityExist(const Name &identityName)
Check if the specified identity already exists.
SecPublicInfoSqlite3(const std::string &dir="")
virtual std::string getTpmLocator()
Get TPM Locator.
void toUri(std::ostream &os) const
Write *this to the output stream, escaping characters according to the NDN URI Scheme.
virtual void addIdentity(const Name &identityName)
Add a new identity.
SecPublicInfo is a base class for the storage of public information.
virtual void getAllKeyNames(std::vector< Name > &nameList, bool isDefault)
Get all the key names from public info.
static string sqlite3_column_string(sqlite3_stmt *statement, int column)
Represents an absolute name.
virtual void deleteIdentityInfo(const Name &identity)
Delete an identity and related public keys and certificates.
virtual void getAllIdentities(std::vector< Name > &nameList, bool isDefault)
Get all the identities from public info.
time::system_clock::TimePoint & getNotAfter()
const Name & getName() const
Get name.
milliseconds toUnixTimestamp(const system_clock::TimePoint &point)
Convert system_clock::TimePoint to UNIX timestamp.
bool empty() const
Check if name is empty.
PartialName getPrefix(ssize_t nComponents) const
Extract a prefix of the name.
virtual Name getDefaultIdentity()
Get name of the default identity.
virtual std::string getPibLocator()
virtual void getAllCertificateNames(std::vector< Name > &nameList, bool isDefault)
Get all the certificate name in public info.
virtual ~SecPublicInfoSqlite3()
static const string INIT_KEY_TABLE
const Component & get(ssize_t i) const
Get the component at the given index.
represents an error in TLV encoding or decoding
time::system_clock::TimePoint & getNotBefore()
virtual void getAllKeyNamesOfIdentity(const Name &identity, std::vector< Name > &nameList, bool isDefault)
Get all the key names of a particular identity.