security: Add prepareUnsignedIdentityCertificate method in KeyChain
Change-Id: Iee553db9aa050a3e02e59917ee72e3cb3a84d22e
diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index d0ae51a..a083259 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -110,6 +110,76 @@
}
/**
+ * @brief prepare an unsigned identity certificate
+ *
+ * @param keyName Key name, e.g., /<identity_name>/ksk-123456.
+ * @param signingIdentity The signing identity.
+ * @param notBefore Refer to IdentityCertificate.
+ * @param notAfter Refer to IdentityCertificate.
+ * @param subjectDescription Refer to IdentityCertificate.
+ * @return IdentityCertificate.
+ */
+ shared_ptr<IdentityCertificate>
+ prepareUnsignedIdentityCertificate(const Name& keyName,
+ const Name& signingIdentity,
+ const MillisecondsSince1970& notBefore,
+ const MillisecondsSince1970& notAfter,
+ const std::vector<CertificateSubjectDescription>& subjectDescription)
+
+ {
+ if(keyName.size() < 1)
+ return shared_ptr<IdentityCertificate>();
+
+ std::string keyIdPrefix = keyName.get(-1).toEscapedString().substr(0, 4);
+ if(keyIdPrefix != "ksk-" && keyIdPrefix != "dsk-")
+ return shared_ptr<IdentityCertificate>();
+
+ shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>();
+ Name certName;
+
+ if(signingIdentity.isPrefixOf(keyName))
+ {
+ certName.append(signingIdentity).append("KEY").append(keyName.getSubName(signingIdentity.size())).append("ID-CERT").appendVersion();
+ }
+ else
+ {
+ certName.append(keyName.getPrefix(-1)).append("KEY").append(keyName.get(-1)).append("ID-CERT").appendVersion();
+ }
+
+ certificate->setName(certName);
+ certificate->setNotBefore(notBefore);
+ certificate->setNotAfter(notAfter);
+
+ shared_ptr<PublicKey> publicKey;
+ try
+ {
+ publicKey = Info::getPublicKey(keyName);
+ }
+ catch(InfoError& e)
+ {
+ return shared_ptr<IdentityCertificate>();
+ }
+ certificate->setPublicKeyInfo(*publicKey);
+
+ if(subjectDescription.empty())
+ {
+ CertificateSubjectDescription subDescryptName("2.5.4.41", keyName.getPrefix(-1).toUri());
+ certificate->addSubjectDescription(subDescryptName);
+ }
+ else
+ {
+ std::vector<CertificateSubjectDescription>::const_iterator sdIt = subjectDescription.begin();
+ std::vector<CertificateSubjectDescription>::const_iterator sdEnd = subjectDescription.end();
+ for(; sdIt != sdEnd; sdIt++)
+ certificate->addSubjectDescription(*sdIt);
+ }
+
+ certificate->encode();
+
+ return certificate;
+ }
+
+ /**
* @brief Sign packet with default identity
*
* on return signatureInfo and signatureValue in the packet are set.
diff --git a/tests/security/test-keychain.cpp b/tests/security/test-keychain.cpp
index bd44894..fb8ee23 100644
--- a/tests/security/test-keychain.cpp
+++ b/tests/security/test-keychain.cpp
@@ -52,6 +52,68 @@
BOOST_REQUIRE(keyChain.doesCertificateExist(certName) == false);
}
+BOOST_AUTO_TEST_CASE (PrepareIdentityCertificate)
+{
+ KeyChainImpl<SecPublicInfoSqlite3, SecTpmFile> keyChain;
+
+ Name identity(string("/TestKeyChain/PrepareIdentityCertificate/") + boost::lexical_cast<std::string>(time::now()));
+ keyChain.createIdentity(identity);
+
+ vector<CertificateSubjectDescription> subjectDescription;
+ Name lowerIdentity = identity;
+ lowerIdentity.append("Lower").append(boost::lexical_cast<std::string>(time::now()));
+ Name lowerKeyName = keyChain.generateRSAKeyPair(lowerIdentity, true);
+ shared_ptr<IdentityCertificate> idCert
+ = keyChain.prepareUnsignedIdentityCertificate(lowerKeyName, identity,
+ time::now() / 1000000,
+ time::now() / 1000000 + 630720000,
+ subjectDescription);
+ BOOST_CHECK(static_cast<bool>(idCert));
+ BOOST_CHECK(idCert->getName().getPrefix(5) == Name().append(identity).append("KEY").append("Lower"));
+
+
+ Name anotherIdentity(string("/TestKeyChain/PrepareIdentityCertificate/Another/") + boost::lexical_cast<std::string>(time::now()));
+ Name anotherKeyName = keyChain.generateRSAKeyPair(anotherIdentity, true);
+ shared_ptr<IdentityCertificate> idCert2
+ = keyChain.prepareUnsignedIdentityCertificate(anotherKeyName, identity,
+ time::now() / 1000000,
+ time::now() / 1000000 + 630720000,
+ subjectDescription);
+ BOOST_CHECK(static_cast<bool>(idCert2));
+ BOOST_CHECK(idCert2->getName().getPrefix(5) == Name().append(anotherIdentity).append("KEY"));
+
+
+ Name wrongKeyName1;
+ shared_ptr<IdentityCertificate> idCert3
+ = keyChain.prepareUnsignedIdentityCertificate(wrongKeyName1, identity,
+ time::now() / 1000000,
+ time::now() / 1000000 + 630720000,
+ subjectDescription);
+ BOOST_CHECK(!static_cast<bool>(idCert3));
+
+
+ Name wrongKeyName2("/TestKeyChain/PrepareIdentityCertificate");
+ shared_ptr<IdentityCertificate> idCert4
+ = keyChain.prepareUnsignedIdentityCertificate(wrongKeyName2, identity,
+ time::now() / 1000000,
+ time::now() / 1000000 + 630720000,
+ subjectDescription);
+ BOOST_CHECK(!static_cast<bool>(idCert4));
+
+
+ Name wrongKeyName3("/TestKeyChain/PrepareIdentityCertificate/ksk-1234");
+ shared_ptr<IdentityCertificate> idCert5
+ = keyChain.prepareUnsignedIdentityCertificate(wrongKeyName3, identity,
+ time::now() / 1000000,
+ time::now() / 1000000 + 630720000,
+ subjectDescription);
+ BOOST_CHECK(!static_cast<bool>(idCert5));
+
+ keyChain.deleteIdentity(identity);
+ keyChain.deleteIdentity(lowerIdentity);
+ keyChain.deleteIdentity(anotherIdentity);
+}
+
BOOST_AUTO_TEST_SUITE_END()
} // namespace ndn