security: Simplify (unify) implementation of v2::KeyChain::selfSign Change-Id: Iec052adfe76fbaad6862caa4a61091aa5f6b10ac Refs: #2926

commit: 83eb1cc88e8e3eb5cabf858419f2a3ad841819dc [log] [tgz]
author: Alexander Afanasyev <alexander.afanasyev@ucla.edu> Wed Jan 04 17:34:34 2017 -0800
committer: Alexander Afanasyev <alexander.afanasyev@ucla.edu> Mon Jan 09 13:20:55 2017 -0800
tree: 037e65fb2f951a8e2b6f8978197cdd0e201e1375
parent: d6d78aa0a495e82d427d23e4bd0214c3cf88048d [diff] [blame]
diff --git a/src/security/v2/key-chain.cpp b/src/security/v2/key-chain.cpp
index d0fd486..f3ebc62 100644
--- a/src/security/v2/key-chain.cpp
+++ b/src/security/v2/key-chain.cpp

@@ -22,6 +22,7 @@
 #include "key-chain.hpp"
 
 #include "../../util/config-file.hpp"
+#include "../../util/logger.hpp"
 
 #include "../pib/pib-sqlite3.hpp"
 #include "../pib/pib-memory.hpp"
@@ -71,6 +72,8 @@
 
 namespace v2 {
 
+NDN_LOG_INIT(ndn.security.v2.KeyChain);
+
 std::string KeyChain::s_defaultPibLocator;
 std::string KeyChain::s_defaultTpmLocator;
 
@@ -230,6 +233,7 @@
     key.getDefaultCertificate();
   }
   catch (const Pib::Error&) {
+    NDN_LOG_DEBUG("No default cert for " << key.getName() << ", requesting self-signing");
     selfSign(key);
   }
 
@@ -269,6 +273,8 @@
   // set up key info in PIB
   ConstBufferPtr pubKey = m_tpm->getPublicKey(keyName);
   Key key = identity.addKey(pubKey->buf(), pubKey->size(), keyName);
+
+  NDN_LOG_DEBUG("Requesting self-signing for newly created key " << key.getName());
   selfSign(key);
 
   return key;
@@ -561,17 +567,11 @@
   certificate.setContent(key.getPublicKey().buf(), key.getPublicKey().size());
 
   // set signature-info
-  SignatureInfo sigInfo;
-  sigInfo.setKeyLocator(key.getName());
-  sigInfo.setSignatureType(getSignatureType(key.getKeyType(), DigestAlgorithm::SHA256));
-  sigInfo.setValidityPeriod(ValidityPeriod(time::system_clock::now(),
-                                           time::system_clock::now() + time::days(1000 * 3365)));
-  certificate.setSignature(Signature(sigInfo));
+  SignatureInfo signatureInfo;
+  signatureInfo.setValidityPeriod(ValidityPeriod(time::system_clock::now(),
+                                                 time::system_clock::now() + time::days(1000 * 365)));
 
-  EncodingBuffer encoder;
-  certificate.wireEncode(encoder, true);
-  Block sigValue = sign(encoder.buf(), encoder.size(), key.getName(), DigestAlgorithm::SHA256);
-  certificate.wireEncode(encoder, sigValue);
+  sign(certificate, SigningInfo(key).setSignatureInfo(signatureInfo));
 
   key.addCertificate(certificate);
   return certificate;
@@ -646,13 +646,13 @@
     case SigningInfo::SIGNER_TYPE_PIB_ID: {
       identity = params.getPibIdentity();
       if (!identity)
-        BOOST_THROW_EXCEPTION(InvalidSigningInfoError("PIB Identity is invalid"));
+        BOOST_THROW_EXCEPTION(InvalidSigningInfoError("PIB identity is invalid"));
       break;
     }
     case SigningInfo::SIGNER_TYPE_PIB_KEY: {
       key = params.getPibKey();
       if (!key)
-        BOOST_THROW_EXCEPTION(InvalidSigningInfoError("PIB Key is invalid"));
+        BOOST_THROW_EXCEPTION(InvalidSigningInfoError("PIB key is invalid"));
       break;
     }
     default: {
commit	83eb1cc88e8e3eb5cabf858419f2a3ad841819dc	[log] [tgz]
author	Alexander Afanasyev <alexander.afanasyev@ucla.edu>	Wed Jan 04 17:34:34 2017 -0800
committer	Alexander Afanasyev <alexander.afanasyev@ucla.edu>	Mon Jan 09 13:20:55 2017 -0800
tree	037e65fb2f951a8e2b6f8978197cdd0e201e1375
parent	d6d78aa0a495e82d427d23e4bd0214c3cf88048d [diff] [blame]