Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / bd04b0719d31883ce541fb620d5ee0454205f989 / . / ndn-cpp / security / identity / identity-manager.cpp
blob: a5adfc3af69cb5c6c7cab63f39062503643dc9ab [file] [log] [blame]
/**
* Copyright (C) 2013 Regents of the University of California.
* @author: Yingdi Yu <yingdi@cs.ucla.edu>
* @author: Jeff Thompson <jefft0@remap.ucla.edu>
* See COPYING for copyright and distribution information.
*/
#include "../../sha256-with-rsa-signature.hpp"
#include "identity-manager.hpp"
using namespace std;
using namespace ndn::ptr_lib;
namespace ndn {
void
IdentityManager::signByCertificate(Data &data, const Name &certificateName, WireFormat& wireFormat)
{
Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName);
// For temporary usage, we support RSA + SHA256 only, but will support more.
data.setSignature(Sha256WithRsaSignature());
// Get a pointer to the clone which Data made.
Sha256WithRsaSignature *signature = dynamic_cast<Sha256WithRsaSignature*>(data.getSignature());
DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256;
signature->getKeyLocator().setType(ndn_KeyLocatorType_KEYNAME);
signature->getKeyLocator().setKeyName(certificateName);
// Omit the certificate digest.
signature->getKeyLocator().setKeyNameType((ndn_KeyNameType)-1);
// Ignore witness and leave the digestAlgorithm as the default.
signature->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKey->getDigest());
// Encode once to get the signed portion.
SignedBlob encoding = data.wireEncode(wireFormat);
signature->setSignature
(privateKeyStorage_->sign(encoding.signedBuf(), encoding.signedSize(), keyName, digestAlgorithm));
// Encode again to include the signature.
data.wireEncode(wireFormat);
}
}