commit 0eb5d7274510ca3f1d9224754ad697b359aa782c
author Yingdi Yu <yuyingdi@gmail.com> Tue Jun 10 15:06:25 2014 -0700
committer Alexander Afanasyev <alexander.afanasyev@ucla.edu> Mon Jun 16 08:07:53 2014 -0700
tree 27f3333c3e445aa561cd1dd7f0ff99d5e768f00d
parent 03b114101a97e8c13fb562bbb6e9837450bc4236

security+tools: Allow user to explicitly specify the cert name prefix before 'KEY' component in ndnsec-certgen

Change-Id: I71e137e89b5ab0cd5db7001b39ff76c22a448bd2
Refs: #1659

src/security/key-chain.hpp

diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index 7c95e14..00a2e6b 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -57,6 +57,8 @@
     }
   };
 
+  static const Name DEFAULT_PREFIX;
+
   KeyChain();
 
   template<class KeyChainTraits>
@@ -116,6 +118,11 @@
    * @param notBefore Refer to IdentityCertificate.
    * @param notAfter Refer to IdentityCertificate.
    * @param subjectDescription Refer to IdentityCertificate.
+   * @param certPrefix Prefix before `KEY` component. By default, KeyChain will infer the
+   *                   certificate name according to the relation between the signingIdentity and
+   *                   the subject identity. If signingIdentity is a prefix of the subject identity,
+   *                   `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted
+   *                   after subject identity (i.e., before `ksk-....`).
    * @return IdentityCertificate.
    */
   shared_ptr<IdentityCertificate>
@@ -123,7 +130,33 @@
     const Name& signingIdentity,
     const time::system_clock::TimePoint& notBefore,
     const time::system_clock::TimePoint& notAfter,
-    const std::vector<CertificateSubjectDescription>& subjectDescription);
+    const std::vector<CertificateSubjectDescription>& subjectDescription,
+    const Name& certPrefix = DEFAULT_PREFIX);
+
+  /**
+   * @brief prepare an unsigned identity certificate
+   *
+   * @param keyName Key name, e.g., `/<identity_name>/ksk-123456`.
+   * @param publicKey Public key to sign.
+   * @param signingIdentity The signing identity.
+   * @param notBefore Refer to IdentityCertificate.
+   * @param notAfter Refer to IdentityCertificate.
+   * @param subjectDescription Refer to IdentityCertificate.
+   * @param certPrefix Prefix before `KEY` component. By default, KeyChain will infer the
+   *                   certificate name according to the relation between the signingIdentity and
+   *                   the subject identity. If signingIdentity is a prefix of the subject identity,
+   *                   `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted
+   *                   after subject identity (i.e., before `ksk-....`).
+   * @return IdentityCertificate.
+   */
+  shared_ptr<IdentityCertificate>
+  prepareUnsignedIdentityCertificate(const Name& keyName,
+    const PublicKey& publicKey,
+    const Name& signingIdentity,
+    const time::system_clock::TimePoint& notBefore,
+    const time::system_clock::TimePoint& notAfter,
+    const std::vector<CertificateSubjectDescription>& subjectDescription,
+    const Name& certPrefix = DEFAULT_PREFIX);
 
   /**
    * @brief Sign packet with default identity