void
IdentityManager::setDefaultCertificateForKey(const IdentityCertificate& certificate)
{
Name keyName = certificate.getPublicKeyName();
if(!identityStorage_->doesKeyExist(keyName))
throw SecurityException("No corresponding Key record for certificate!");
identityStorage_->setDefaultCertificateNameForKey(keyName, certificate.getName());
}
void
SecPublicInfoMemory::addCertificate(const IdentityCertificate& certificate)
{
const Name& certificateName = certificate.getName();
const Name& keyName = certificate.getPublicKeyName();
const Name& identity = keyName.getPrefix(-1);
addIdentity(identity);
addPublicKey(keyName, KEY_TYPE_RSA, certificate.getPublicKeyInfo());
m_certificateStore[certificateName.toUri()] = make_shared<IdentityCertificate>(certificate);
}
void
IdentityManager::addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
{
identityStorage_->addCertificate(certificate);
Name keyName = certificate.getPublicKeyName();
setDefaultKeyForIdentity(keyName);
setDefaultCertificateForKey(certificate);
}
void
SecPublicInfoMemory::addCertificate(const IdentityCertificate& certificate)
{
const Name& certificateName = certificate.getName();
const Name& keyName = certificate.getPublicKeyName();
if (!doesPublicKeyExist(keyName))
throw Error("No corresponding Key record for certificate! " + keyName.toUri() + " " + certificateName.toUri());
// Check if certificate has already existed!
if (doesCertificateExist(certificateName))
throw Error("Certificate has already been installed!");
// Check if the public key of certificate is the same as the key record.
ptr_lib::shared_ptr<PublicKey> pubKey = getPublicKey(keyName);
if (!pubKey || (*pubKey) != certificate.getPublicKeyInfo())
throw Error("Certificate does not match the public key!");
// Insert the certificate.
certificateStore_[certificateName.toUri()] = ptr_lib::make_shared<IdentityCertificate> (certificate);
}
void
MemoryIdentityStorage::addCertificate(const IdentityCertificate& certificate)
{
const Name& certificateName = certificate.getName();
Name keyName = certificate.getPublicKeyName();
if (!doesKeyExist(keyName))
throw SecurityException("No corresponding Key record for certificate! " + keyName.toUri() + " " + certificateName.toUri());
// Check if certificate already exists.
if (doesCertificateExist(certificateName))
throw SecurityException("Certificate has already been installed!");
// Check if the public key of certificate is the same as the key record.
Blob keyBlob = getKey(keyName);
if (!keyBlob || (*keyBlob) != *(certificate.getPublicKeyInfo().getKeyDer()))
throw SecurityException("Certificate does not match the public key!");
// Insert the certificate.
// wireEncode returns the cached encoding if available.
certificateStore_[certificateName.toUri()] = certificate.wireEncode();
}
int64_t
PibDb::addCertificate(const IdentityCertificate& certificate)
{
const Name& certName = certificate.getName();
const Name& keyName = certificate.getPublicKeyName();
if (!hasKey(keyName))
addKey(keyName, certificate.getPublicKeyInfo());
sqlite3_stmt* statement;
sqlite3_prepare_v2(m_database,
"INSERT INTO certificates \
(key_id, certificate_name, certificate_data) \
values ((SELECT id FROM keys WHERE key_name=?), ?, ?)",
-1, &statement, nullptr);
sqlite3_bind_block(statement, 1, keyName.wireEncode(), SQLITE_TRANSIENT);
sqlite3_bind_block(statement, 2, certName.wireEncode(), SQLITE_TRANSIENT);
sqlite3_bind_block(statement, 3, certificate.wireEncode(), SQLITE_STATIC);
sqlite3_step(statement);
sqlite3_finalize(statement);
return sqlite3_last_insert_rowid(m_database);
}
void
PibDb::updateMgmtCertificate(const IdentityCertificate& certificate)
{
const Name& keyName = certificate.getPublicKeyName();
// Name of mgmt key should be "/localhost/pib/[UserName]/mgmt/[KeyID]"
if (keyName.size() != 5 ||
keyName.compare(0, 2, LOCALHOST_PIB) ||
keyName.get(3) != MGMT_LABEL)
throw Error("PibDb::updateMgmtCertificate: certificate does not follow the naming convention");
string owner = keyName.get(2).toUri();
sqlite3_stmt* statement;
if (!m_owner.empty()) {
if (m_owner != owner)
throw Error("PibDb::updateMgmtCertificate: owner name does not match");
else {
sqlite3_prepare_v2(m_database,
"UPDATE mgmt SET local_management_cert=? WHERE owner=?",
-1, &statement, nullptr);
}
}
else {
sqlite3_prepare_v2(m_database,
"INSERT INTO mgmt (local_management_cert, owner) VALUES (?, ?)",
-1, &statement, nullptr);
}
sqlite3_bind_block(statement, 1, certificate.wireEncode(), SQLITE_TRANSIENT);
sqlite3_bind_string(statement, 2, owner, SQLITE_TRANSIENT);
sqlite3_step(statement);
sqlite3_finalize(statement);
m_owner = owner;
mgmtCertificateChanged();
}
