security: introduce KeyChain::makeCertificate
KeyChain::makeCertificate() captures a common routine of creating and
signing a certificate. Having it in the library allows deduplicating
similar code elsewhere.
Also add "find by certificate name" tests for CertificateCache and
TrustAnchorContainer.
refs #5112
Change-Id: I954587e1c03d6b372e3b4f04e702339d1ff1533e
diff --git a/tools/ndnsec/sign-req.cpp b/tools/ndnsec/sign-req.cpp
index f4655af..e202bc5 100644
--- a/tools/ndnsec/sign-req.cpp
+++ b/tools/ndnsec/sign-req.cpp
@@ -22,6 +22,8 @@
#include "ndnsec.hpp"
#include "util.hpp"
+#include "ndn-cxx/security/signing-helpers.hpp"
+
namespace ndn {
namespace ndnsec {
@@ -81,28 +83,10 @@
}
// Create signing request (similar to self-signed certificate)
- security::Certificate certificate;
-
- // set name
- Name certificateName = key.getName();
- certificateName
- .append("cert-request")
- .appendVersion();
- certificate.setName(certificateName);
-
- // set metainfo
- certificate.setContentType(tlv::ContentType_Key);
- certificate.setFreshnessPeriod(1_h);
-
- // set content
- certificate.setContent(key.getPublicKey());
-
- // set signature-info
- SignatureInfo signatureInfo;
- auto now = time::system_clock::now();
- signatureInfo.setValidityPeriod(security::ValidityPeriod(now, now + 10_days));
-
- keyChain.sign(certificate, security::SigningInfo(key).setSignatureInfo(signatureInfo));
+ security::MakeCertificateOptions opts;
+ opts.issuerId = name::Component::fromEscapedString("cert-request");
+ opts.validity = security::ValidityPeriod::makeRelative(-1_s, 10_days);
+ auto certificate = keyChain.makeCertificate(key, security::signingByKey(key), opts);
io::save(certificate, std::cout);