security: Simplify (unify) implementation of v2::KeyChain::selfSign
Change-Id: Iec052adfe76fbaad6862caa4a61091aa5f6b10ac
Refs: #2926
diff --git a/src/security/pib/pib.cpp b/src/security/pib/pib.cpp
index 6c5f316..68b9add 100644
--- a/src/security/pib/pib.cpp
+++ b/src/security/pib/pib.cpp
@@ -21,11 +21,14 @@
#include "pib.hpp"
#include "pib-impl.hpp"
+#include "util/logger.hpp"
namespace ndn {
namespace security {
namespace pib {
+NDN_LOG_INIT(ndn.security.pib.Pib);
+
Pib::Pib(const std::string& scheme, const std::string& location, shared_ptr<PibImpl> impl)
: m_scheme(scheme)
, m_location(location)
@@ -86,8 +89,9 @@
{
BOOST_ASSERT(m_identities.isConsistent());
- if (m_isDefaultIdentityLoaded && m_defaultIdentity.getName() == identity)
+ if (m_isDefaultIdentityLoaded && m_defaultIdentity.getName() == identity) {
m_isDefaultIdentityLoaded = false;
+ }
m_identities.remove(identity);
}
@@ -115,6 +119,7 @@
m_defaultIdentity = m_identities.add(identityName);
m_isDefaultIdentityLoaded = true;
+ NDN_LOG_DEBUG("Default identity is set to " << identityName);
m_impl->setDefaultIdentity(identityName);
return m_defaultIdentity;
@@ -128,6 +133,7 @@
if (!m_isDefaultIdentityLoaded) {
m_defaultIdentity = m_identities.get(m_impl->getDefaultIdentity());
m_isDefaultIdentityLoaded = true;
+ NDN_LOG_DEBUG("Default identity is " << m_defaultIdentity.getName());
}
BOOST_ASSERT(m_impl->getDefaultIdentity() == m_defaultIdentity.getName());
diff --git a/src/security/v2/key-chain.cpp b/src/security/v2/key-chain.cpp
index d0fd486..f3ebc62 100644
--- a/src/security/v2/key-chain.cpp
+++ b/src/security/v2/key-chain.cpp
@@ -22,6 +22,7 @@
#include "key-chain.hpp"
#include "../../util/config-file.hpp"
+#include "../../util/logger.hpp"
#include "../pib/pib-sqlite3.hpp"
#include "../pib/pib-memory.hpp"
@@ -71,6 +72,8 @@
namespace v2 {
+NDN_LOG_INIT(ndn.security.v2.KeyChain);
+
std::string KeyChain::s_defaultPibLocator;
std::string KeyChain::s_defaultTpmLocator;
@@ -230,6 +233,7 @@
key.getDefaultCertificate();
}
catch (const Pib::Error&) {
+ NDN_LOG_DEBUG("No default cert for " << key.getName() << ", requesting self-signing");
selfSign(key);
}
@@ -269,6 +273,8 @@
// set up key info in PIB
ConstBufferPtr pubKey = m_tpm->getPublicKey(keyName);
Key key = identity.addKey(pubKey->buf(), pubKey->size(), keyName);
+
+ NDN_LOG_DEBUG("Requesting self-signing for newly created key " << key.getName());
selfSign(key);
return key;
@@ -561,17 +567,11 @@
certificate.setContent(key.getPublicKey().buf(), key.getPublicKey().size());
// set signature-info
- SignatureInfo sigInfo;
- sigInfo.setKeyLocator(key.getName());
- sigInfo.setSignatureType(getSignatureType(key.getKeyType(), DigestAlgorithm::SHA256));
- sigInfo.setValidityPeriod(ValidityPeriod(time::system_clock::now(),
- time::system_clock::now() + time::days(1000 * 3365)));
- certificate.setSignature(Signature(sigInfo));
+ SignatureInfo signatureInfo;
+ signatureInfo.setValidityPeriod(ValidityPeriod(time::system_clock::now(),
+ time::system_clock::now() + time::days(1000 * 365)));
- EncodingBuffer encoder;
- certificate.wireEncode(encoder, true);
- Block sigValue = sign(encoder.buf(), encoder.size(), key.getName(), DigestAlgorithm::SHA256);
- certificate.wireEncode(encoder, sigValue);
+ sign(certificate, SigningInfo(key).setSignatureInfo(signatureInfo));
key.addCertificate(certificate);
return certificate;
@@ -646,13 +646,13 @@
case SigningInfo::SIGNER_TYPE_PIB_ID: {
identity = params.getPibIdentity();
if (!identity)
- BOOST_THROW_EXCEPTION(InvalidSigningInfoError("PIB Identity is invalid"));
+ BOOST_THROW_EXCEPTION(InvalidSigningInfoError("PIB identity is invalid"));
break;
}
case SigningInfo::SIGNER_TYPE_PIB_KEY: {
key = params.getPibKey();
if (!key)
- BOOST_THROW_EXCEPTION(InvalidSigningInfoError("PIB Key is invalid"));
+ BOOST_THROW_EXCEPTION(InvalidSigningInfoError("PIB key is invalid"));
break;
}
default: {