security: Continue porting security elements to the updated framework

Change-Id: I682156142a8714b2756ca429903a19d2b9064e13
diff --git a/src/security/identity/identity-manager.cpp b/src/security/identity/identity-manager.cpp
index ce90cc5..1befdcd 100644
--- a/src/security/identity/identity-manager.cpp
+++ b/src/security/identity/identity-manager.cpp
@@ -90,6 +90,8 @@
 Name
 IdentityManager::generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk, int keySize)
 {
+  defaultCertificate_.reset();
+  
   Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
 
   info().setDefaultKeyNameForIdentity(keyName, identityName);
@@ -104,10 +106,14 @@
                                            const MillisecondsSince1970& notAfter)
 {
   Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);
+
+  ptr_lib::shared_ptr<PublicKey> pubKey = info().getKey(keyName);
+  if (!pubKey)
+    throw Error("Requested public key [" + keyName.toUri() + "] doesn't exist");
   
   ptr_lib::shared_ptr<IdentityCertificate> certificate =
     createIdentityCertificate(certificatePrefix,
-                              *info().getKey(keyName),
+                              *pubKey,
                               signerCertificateName,
                               notBefore, notAfter);
 
@@ -148,11 +154,15 @@
   
   Name certificateName = keyName.getSubName(0, keyName.size() - 1);
   certificateName.append("KEY").append(keyName.get(keyName.size() - 1)).append("ID-CERT").appendVersion();
+
+  ptr_lib::shared_ptr<PublicKey> pubKey = info().getKey(keyName);
+  if (!pubKey)
+    throw Error("Requested public key [" + keyName.toUri() + "] doesn't exist");
   
   certificate->setName(certificateName);
   certificate->setNotBefore(ndn_getNowMilliseconds());
   certificate->setNotAfter(ndn_getNowMilliseconds() + 630720000 /* 20 years*/);
-  certificate->setPublicKeyInfo(*info().getKey(keyName));
+  certificate->setPublicKeyInfo(*pubKey);
   certificate->addSubjectDescription(CertificateSubjectDescription("2.5.4.41", keyName.toUri()));
   certificate->encode();
 
@@ -183,6 +193,8 @@
 void
 IdentityManager::setDefaultCertificateForKey(const IdentityCertificate& certificate)
 {
+  defaultCertificate_.reset();
+  
   Name keyName = certificate.getPublicKeyName();
   
   if(!info().doesKeyExist(keyName))
@@ -190,11 +202,30 @@
 
   info().setDefaultCertificateNameForKey(keyName, certificate.getName());
 }
-  
+
+void
+IdentityManager::sign(Data &data)
+{
+  if (!defaultCertificate_)
+    {
+      defaultCertificate_ = info().getCertificate(
+                                                  info().getDefaultCertificateNameForIdentity(
+                                                                                              info().getDefaultIdentity()));
+
+      if(!defaultCertificate_)
+        throw Error("Default IdentityCertificate cannot be determined");
+    }
+
+  signByCertificate(data, *defaultCertificate_);
+}
+
 Signature
 IdentityManager::signByCertificate(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
 {
   ptr_lib::shared_ptr<IdentityCertificate> cert = info().getCertificate(certificateName);
+  if (!cert)
+    throw Error("Requested certificate [" + certificateName.toUri() + "] doesn't exist");
+
   SignatureSha256WithRsa signature;
   signature.setKeyLocator(certificateName.getPrefix(-1)); // implicit conversion should take care
 
@@ -207,6 +238,9 @@
 IdentityManager::signByCertificate(Data &data, const Name &certificateName)
 {
   ptr_lib::shared_ptr<IdentityCertificate> cert = info().getCertificate(certificateName);
+  if (!cert)
+    throw Error("Requested certificate [" + certificateName.toUri() + "] doesn't exist");
+
   SignatureSha256WithRsa signature;
   signature.setKeyLocator(certificateName.getPrefix(-1)); // implicit conversion should take care
 
@@ -216,6 +250,17 @@
 }
 
 void
+IdentityManager::signByCertificate(Data& data, const IdentityCertificate& certificate)
+{
+  SignatureSha256WithRsa signature;
+  signature.setKeyLocator(certificate.getName().getPrefix(-1));
+
+  // For temporary usage, we support RSA + SHA256 only, but will support more.
+  signature.setValue(tpm().sign(data, signature, certificate.getPublicKeyName(), DIGEST_ALGORITHM_SHA256));
+  data.setSignature(signature);
+}
+
+void
 IdentityManager::selfSign (IdentityCertificate& cert)
 {
   SignatureSha256WithRsa signature;
diff --git a/src/security/identity/memory-identity-storage.cpp b/src/security/identity/memory-identity-storage.cpp
index fae1f14..117ca35 100644
--- a/src/security/identity/memory-identity-storage.cpp
+++ b/src/security/identity/memory-identity-storage.cpp
@@ -138,17 +138,13 @@
 Name 
 MemoryIdentityStorage::getDefaultKeyNameForIdentity(const Name& identityName)
 {
-#if 1
-  throw runtime_error("MemoryIdentityStorage::getDefaultKeyNameForIdentity not implemented");
-#endif
+  return defaultKeyName_;
 }
 
 Name 
 MemoryIdentityStorage::getDefaultCertificateNameForKey(const Name& keyName)
 {
-#if 1
-  throw runtime_error("MemoryIdentityStorage::getDefaultCertificateNameForKey not implemented");
-#endif
+  return defaultCert_;
 }
 
 void 
@@ -165,17 +161,13 @@
 void 
 MemoryIdentityStorage::setDefaultKeyNameForIdentity(const Name& keyName, const Name& identityNameCheck)
 {
-#if 1
-  throw runtime_error("MemoryIdentityStorage::setDefaultKeyNameForIdentity not implemented");
-#endif
+  defaultKeyName_ = identityNameCheck;
 }
 
 void 
 MemoryIdentityStorage::setDefaultCertificateNameForKey(const Name& keyName, const Name& certificateName)  
 {
-#if 1
-  throw runtime_error("MemoryIdentityStorage::setDefaultCertificateNameForKey not implemented");
-#endif
+  defaultCert_ = certificateName;
 }
 
 
diff --git a/src/security/key-chain.cpp b/src/security/key-chain.cpp
index 017a462..ba9060d 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/key-chain.cpp
@@ -62,17 +62,6 @@
 // #endif
 }
 
-void 
-KeyChain::sign(Data& data, const Name& certificateName)
-{
-  identities().signByCertificate(data, certificateName);
-}
-
-Signature
-KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
-{
-  return identities().signByCertificate(buffer, bufferLength, certificateName);
-}
 
 void 
 KeyChain::signByIdentity(Data& data, const Name& identityName)
@@ -95,7 +84,7 @@
   if (!policyManager_->checkSigningPolicy(data.getName(), signingCertificateName))
     throw Error("Signing Cert name does not comply with signing policy");
 
-  identities().signByCertificate(data, signingCertificateName);  
+  identities().signByCertificate(data, signingCertificateName);
 }
 
 Signature