security: Added initial implementation of signByCertificate.
diff --git a/ndn-cpp/security/identity/identity-manager.cpp b/ndn-cpp/security/identity/identity-manager.cpp
index 3955518..0378c5f 100644
--- a/ndn-cpp/security/identity/identity-manager.cpp
+++ b/ndn-cpp/security/identity/identity-manager.cpp
@@ -5,14 +5,68 @@
* See COPYING for copyright and distribution information.
*/
+#if 1
+#include "../../c/util/crypto.h"
+#endif
+#include "../../sha256-with-rsa-signature.hpp"
#include "identity-manager.hpp"
namespace ndn {
+#if 1
+static unsigned char DEFAULT_PUBLIC_KEY_DER[] = {
+0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81,
+0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xE1, 0x7D, 0x30, 0xA7, 0xD8, 0x28, 0xAB, 0x1B, 0x84, 0x0B, 0x17,
+0x54, 0x2D, 0xCA, 0xF6, 0x20, 0x7A, 0xFD, 0x22, 0x1E, 0x08, 0x6B, 0x2A, 0x60, 0xD1, 0x6C, 0xB7, 0xF5, 0x44, 0x48, 0xBA,
+0x9F, 0x3F, 0x08, 0xBC, 0xD0, 0x99, 0xDB, 0x21, 0xDD, 0x16, 0x2A, 0x77, 0x9E, 0x61, 0xAA, 0x89, 0xEE, 0xE5, 0x54, 0xD3,
+0xA4, 0x7D, 0xE2, 0x30, 0xBC, 0x7A, 0xC5, 0x90, 0xD5, 0x24, 0x06, 0x7C, 0x38, 0x98, 0xBB, 0xA6, 0xF5, 0xDC, 0x43, 0x60,
+0xB8, 0x45, 0xED, 0xA4, 0x8C, 0xBD, 0x9C, 0xF1, 0x26, 0xA7, 0x23, 0x44, 0x5F, 0x0E, 0x19, 0x52, 0xD7, 0x32, 0x5A, 0x75,
+0xFA, 0xF5, 0x56, 0x14, 0x4F, 0x9A, 0x98, 0xAF, 0x71, 0x86, 0xB0, 0x27, 0x86, 0x85, 0xB8, 0xE2, 0xC0, 0x8B, 0xEA, 0x87,
+0x17, 0x1B, 0x4D, 0xEE, 0x58, 0x5C, 0x18, 0x28, 0x29, 0x5B, 0x53, 0x95, 0xEB, 0x4A, 0x17, 0x77, 0x9F, 0x02, 0x03, 0x01,
+0x00, 01
+};
+#endif
+
void
-IdentityManager::signByCertificate(const Data &data, const Name &certificateName, WireFormat& wireFormat)
+IdentityManager::signByCertificate(Data &data, const Name &certificateName, WireFormat& wireFormat)
{
+#if 0
+ Name keyName = m_publicStorage->getKeyNameForCertificate(certName);
+
+ Ptr<Publickey> publickey = m_privateStorage->getPublickey (keyName.toUri());
+#else
+ Name keyName;
+#endif
+
+ // For temporary usage, we support RSA + SHA256 only, but will support more.
+ data.setSignature(Sha256WithRsaSignature());
+ // Get a pointer to the clone which Data made.
+ Sha256WithRsaSignature *signature = dynamic_cast<Sha256WithRsaSignature*>(data.getSignature());
+ DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256;
+
+ signature->getKeyLocator().setType(ndn_KeyLocatorType_KEYNAME);
+ signature->getKeyLocator().setKeyName(certificateName);
+ signature->getKeyLocator().setKeyNameType(ndn_KeyNameType_PUBLISHER_CERTIFICATE_DIGEST);
+#if 0
+ signature->getKeyLocator().setKeyData(certificateDigest);
+#endif
+ // Ignore witness and leave the digestAlgorithm as the default.
+#if 0
+ signature->getPublisherPublicKeyDigest().setPublisherKeyDigest (*publickey->getDigest ());
+#else
+ unsigned char publicKeyDigest[SHA256_DIGEST_LENGTH];
+ ndn_digestSha256(DEFAULT_PUBLIC_KEY_DER, sizeof(DEFAULT_PUBLIC_KEY_DER), publicKeyDigest);
+ signature->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKeyDigest, sizeof(publicKeyDigest));
+#endif
+ // Encode once to get the signed portion.
+ SignedBlob encoding = data.wireEncode(wireFormat);
+
+ signature->setSignature
+ (privateKeyStorage_->sign(encoding.signedBuf(), encoding.signedSize(), keyName.toUri(), digestAlgorithm));
+
+ // Encode again to include the signature.
+ data.wireEncode(wireFormat);
}
}
diff --git a/ndn-cpp/security/identity/identity-manager.hpp b/ndn-cpp/security/identity/identity-manager.hpp
index 86a35b6..4f4c8c2 100644
--- a/ndn-cpp/security/identity/identity-manager.hpp
+++ b/ndn-cpp/security/identity/identity-manager.hpp
@@ -9,13 +9,19 @@
#define NDN_IDENTITY_MANAGER_HPP
#include "../../data.hpp"
+#include "private-key-storage.hpp"
namespace ndn {
class IdentityManager {
public:
+ IdentityManager(const ptr_lib::shared_ptr<PrivateKeyStorage> &privateKeyStorage)
+ : privateKeyStorage_(privateKeyStorage)
+ {
+ }
+
/**
- *
+ * Sign data packet based on the certificate name.
* Note: the caller must make sure the timestamp in data is correct, for example with
* data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
* @param data The Data object to sign and update its signature.
@@ -23,7 +29,10 @@
* @param wireFormat The WireFormat for calling encodeData, or WireFormat::getDefaultWireFormat() if omitted.
*/
void
- signByCertificate(const Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
+ signByCertificate(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
+
+private:
+ ptr_lib::shared_ptr<PrivateKeyStorage> privateKeyStorage_;
};
}