security: Change to use IdentityCertificate instead of Certificate where needed.
diff --git a/ndn-cpp/security/identity/basic-identity-storage.cpp b/ndn-cpp/security/identity/basic-identity-storage.cpp
index 3cad5cc..5055dc8 100644
--- a/ndn-cpp/security/identity/basic-identity-storage.cpp
+++ b/ndn-cpp/security/identity/basic-identity-storage.cpp
@@ -392,7 +392,7 @@
 }
 
 void
-BasicIdentityStorage::addAnyCertificate(const Certificate& certificate)
+BasicIdentityStorage::addAnyCertificate(const IdentityCertificate& certificate)
 {
 #if 0
   const Name& certificateName = certificate.getName();
@@ -434,7 +434,7 @@
 }
 
 void 
-BasicIdentityStorage::addCertificate(const Certificate& certificate)
+BasicIdentityStorage::addCertificate(const IdentityCertificate& certificate)
 {
 #if 0
   _LOG_DEBUG("1");
diff --git a/ndn-cpp/security/identity/identity-manager.cpp b/ndn-cpp/security/identity/identity-manager.cpp
index 93e61d4..f5b4657 100644
--- a/ndn-cpp/security/identity/identity-manager.cpp
+++ b/ndn-cpp/security/identity/identity-manager.cpp
@@ -9,39 +9,61 @@
 #if 1
 #include <stdexcept>
 #endif
-#include "../../util/logging.hpp"
+#include <ctime>
+#include <fstream>
+#include <ndn-cpp/key.hpp>
 #include <ndn-cpp/sha256-with-rsa-signature.hpp>
 #include <ndn-cpp/security/security-exception.hpp>
+#include "../../util/logging.hpp"
 #include <ndn-cpp/security/identity/identity-manager.hpp>
 
+INIT_LOGGER("ndn.security.IdentityManager")
+
 using namespace std;
 using namespace ndn::ptr_lib;
 
 namespace ndn {
 
 Name
-IdentityManager::createIdentity(const Name& identityName) 
+IdentityManager::createIdentity(const Name& identityName)
 {
   if (!identityStorage_->doesIdentityExist(identityName)) {
-  	_LOG_DEBUG("Create Identity");
-	  identityStorage_->addIdentity(identityName);
-	
-	  _LOG_DEBUG("Create Default RSA key pair");
-	  Name keyName = generateRSAKeyPairAsDefault(identityName, true);
+  _LOG_DEBUG("Create Identity");
+  identityStorage_->addIdentity(identityName);
+  
+  _LOG_DEBUG("Create Default RSA key pair");
+  Name keyName = generateRSAKeyPairAsDefault(identityName, true);
 
-  	_LOG_DEBUG("Create self-signed certificate");
-	  shared_ptr<Certificate> selfCert = selfSign(keyName); 
-	
-	  _LOG_DEBUG("Add self-signed certificate as default");
-	  addCertificateAsDefault(*selfCert);
+  _LOG_DEBUG("Create self-signed certificate");
+  shared_ptr<IdentityCertificate> selfCert = selfSign(keyName); 
+  
+  _LOG_DEBUG("Add self-signed certificate as default");
 
-    return keyName;
+  addCertificateAsDefault(*selfCert);
+
+  return keyName;
   }
   else
     throw SecurityException("Identity has already been created!");
 }
 
 Name
+IdentityManager::generateKeyPair(const Name& identityName, bool isKsk, KeyType keyType, int keySize)
+{
+  _LOG_DEBUG("Get new key ID");    
+  Name keyName = identityStorage_->getNewKeyName(identityName, isKsk);
+
+  _LOG_DEBUG("Generate key pair in private storage");
+  privateKeyStorage_->generateKeyPair(keyName.toUri(), keyType, keySize);
+
+  _LOG_DEBUG("Create a key record in public storage");
+  shared_ptr<PublicKey> pubKey = privateKeyStorage_->getPublicKey(keyName.toUri());
+  identityStorage_->addKey(keyName, keyType, pubKey->getKeyDer());
+  _LOG_DEBUG("OK");
+  return keyName;
+}
+
+Name
 IdentityManager::generateRSAKeyPair(const Name& identityName, bool isKsk, int keySize)
 {
   Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
@@ -53,45 +75,124 @@
 IdentityManager::generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk, int keySize)
 {
   Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
-  
+
   identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName);
   
-  return keyName;  
+  return keyName;
+}
+
+Name
+IdentityManager::createIdentityCertificate(const Name& keyName, const Name& signerCertificateName, const Time& notBefore, const Time& notAfter)
+{
+  Blob keyBlob = identityStorage_->getKey(keyName);
+  shared_ptr<PublicKey> publicKey = PublicKey::fromDer(keyBlob);
+
+  shared_ptr<IdentityCertificate> certificate = createIdentityCertificate
+    (keyName, *publicKey,  signerCertificateName, notBefore, notAfter);
+
+  identityStorage_->addCertificate(*certificate);
+  
+  return certificate->getName();
+}
+
+ptr_lib::shared_ptr<IdentityCertificate>
+IdentityManager::createIdentityCertificate
+  (const Name& keyName, const PublicKey& publicKey, const Name& signerCertificateName, const Time& notBefore, const Time& notAfter)
+{
+#if 0
+  shared_ptr<IdentityCertificate> certificate(new IdentityCertificate());
+  
+  Name certificateName;
+  TimeInterval ti = time::NowUnixTimestamp();
+  ostringstream oss;
+  oss << ti.total_seconds();
+
+  certificateName.append(keyName).append("ID-CERT").append(oss.str());
+  certificate->setName(certificateName);
+
+  certificate->setNotBefore(notBefore);
+  certificate->setNotAfter(notAfter);
+  certificate->setPublicKeyInfo(publicKey);
+  certificate->addSubjectDescription(CertificateSubDescrypt("2.5.4.41", keyName.toUri()));
+  certificate->encode();
+
+  shared_ptr<Sha256WithRsaSignature> sha256Sig(new Sha256WithRsaSignature());
+
+  KeyLocator keyLocator;    
+  keyLocator.setType(KeyLocator::KEYNAME);
+  keyLocator.setKeyName(signerCertificateName);
+  
+  sha256Sig->setKeyLocator(keyLocator);
+  sha256Sig->setPublisherKeyDigest(*publicKey.getDigest());
+
+  certificate->setSignature(sha256Sig);
+
+  SignedBlob unsignedData = certificate->encodeToUnsignedWire();
+
+  Blob sigBits = privateKeyStorage_->sign(*unsignedData, keyName);
+  
+  sha256Sig->setSignatureBits(*sigBits);
+
+  return certificate;
+#else
+  throw std::runtime_error("not implemented");
+#endif
+}
+
+void
+IdentityManager::addCertificateAsDefault(const IdentityCertificate& certificate)
+{
+  identityStorage_->addCertificate(certificate);
+
+  Name keyName = identityStorage_->getKeyNameForCertificate(certificate.getName());
+  
+  setDefaultKeyForIdentity(keyName);
+
+  setDefaultCertificateForKey(certificate.getName());
 }
 
 void
 IdentityManager::setDefaultCertificateForKey(const Name& certificateName)
 {
   Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
-    
-  if (!identityStorage_->doesKeyExist(keyName))
+  
+  if(!identityStorage_->doesKeyExist(keyName))
     throw SecurityException("No corresponding Key record for certificaite!");
 
-  identityStorage_->setDefaultCertificateNameForKey (keyName, certificateName);
+  identityStorage_->setDefaultCertificateNameForKey(keyName, certificateName);
+}
+  
+ptr_lib::shared_ptr<Signature>
+IdentityManager::signByCertificate(const uint8_t* data, size_t dataLength, const Name& certificateName)
+{    
+#if 0
+  Name keyName = identityStorage_->getKeyNameForCertificate(certName);
+  
+  shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName.toUri());
+
+  Blob sigBits = privateKeyStorage_->sign(blob, keyName.toUri());
+
+  //For temporary usage, we support RSA + SHA256 only, but will support more.
+  shared_ptr<signature::Sha256WithRsa> sha256Sig = shared_ptr<signature::Sha256WithRsa>::Create();
+
+  KeyLocator keyLocator;    
+  keyLocator.setType(KeyLocator::KEYNAME);
+  keyLocator.setKeyName(certName);
+  
+  sha256Sig->setKeyLocator(keyLocator);
+  sha256Sig->setPublisherKeyDigest(*publicKey->getDigest());
+  sha256Sig->setSignatureBits(*sigBits);
+
+  return sha256Sig;
+#else
+  throw std::runtime_error("not implemented");
+#endif
 }
 
 void
-IdentityManager::addCertificateAsIdentityDefault(const Certificate& certificate)
-{
-  identityStorage_->addCertificate(certificate);
-
-  Name keyName = identityStorage_->getKeyNameForCertificate(certificate.getName());
-    
-  setDefaultKeyForIdentity(keyName);
-  setDefaultCertificateForKey(certificate.getName());
-}
-
-void
-IdentityManager::addCertificateAsDefault(const Certificate& certificate)
-{
-  identityStorage_->addCertificate(certificate);    
-  setDefaultCertificateForKey(certificate.getName());
-}
-
-void 
 IdentityManager::signByCertificate(Data &data, const Name &certificateName, WireFormat& wireFormat)
 {
-  Name keyName = identityStorage_->getKeyNameForCertificate(certificateName); 
+  Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
 
   shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName);
 
@@ -115,31 +216,57 @@
     (privateKeyStorage_->sign(encoding.signedBuf(), encoding.signedSize(), keyName, digestAlgorithm));
 
   // Encode again to include the signature.
-  data.wireEncode(wireFormat);  
+  data.wireEncode(wireFormat);
 }
 
-Name
-IdentityManager::generateKeyPair (const Name& identityName, bool isKsk, KeyType keyType, int keySize)
+shared_ptr<IdentityCertificate>
+IdentityManager::selfSign(const Name& keyName)
 {
-  _LOG_DEBUG("Get new key ID");    
-  Name keyName = identityStorage_->getNewKeyName(identityName, isKsk);
+#if 0
+  shared_ptr<IdentityCertificate> certificate = Create<IdentityCertificate>();
+  
+  Name certificateName;
+  certificateName.append(keyName).append("ID-CERT").append("0");
+  certificate->setName(certificateName);
 
-  _LOG_DEBUG("Generate key pair in private storage");
-  privateKeyStorage_->generateKeyPair(keyName.toUri(), keyType, keySize);
+  Blob keyBlob = identityStorage_->getKey(keyName);
+  shared_ptr<PublicKey> publicKey = PublicKey::fromDer(keyBlob);
 
-  _LOG_DEBUG("Create a key record in public storage");
-  shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName);
-  identityStorage_->addKey(keyName, keyType, publicKey->getKeyDer());
-  _LOG_DEBUG("OK");
-  return keyName;
-}
+  tm current = boost::posix_time::to_tm(time::Now());
+  current.tm_hour = 0;
+  current.tm_min  = 0;
+  current.tm_sec  = 0;
+  Time notBefore = boost::posix_time::ptime_from_tm(current);
+  current.tm_year = current.tm_year + 20;
+  Time notAfter = boost::posix_time::ptime_from_tm(current);
 
-shared_ptr<Certificate>
-IdentityManager::selfSign (const Name& keyName)
-{
-#if 1
-  throw std::runtime_error("MemoryIdentityStorage::getNewKeyName not implemented");
+  certificate->setNotBefore(notBefore);
+  certificate->setNotAfter(notAfter);
+  certificate->setPublicKeyInfo(*publicKey);
+  certificate->addSubjectDescription(CertificateSubDescrypt("2.5.4.41", keyName.toUri()));
+  certificate->encode();
+
+  shared_ptr<signature::Sha256WithRsa> sha256Sig = shared_ptr<signature::Sha256WithRsa>::Create();
+
+  KeyLocator keyLocator;    
+  keyLocator.setType(KeyLocator::KEYNAME);
+  keyLocator.setKeyName(certificateName);
+  
+  sha256Sig->setKeyLocator(keyLocator);
+  sha256Sig->setPublisherKeyDigest(*publicKey->getDigest());
+
+  certificate->setSignature(sha256Sig);
+
+  Blob unsignedData = certificate->encodeToUnsignedWire();
+
+  Blob sigBits = privateKeyStorage_->sign(*unsignedData, keyName.toUri());
+  
+  sha256Sig->setSignatureBits(*sigBits);
+
+  return certificate;
+#else
+  throw std::runtime_error("not implemented");
 #endif  
 }
-  
+
 }
diff --git a/ndn-cpp/security/identity/memory-identity-storage.cpp b/ndn-cpp/security/identity/memory-identity-storage.cpp
index 97b18f4..95ab69b 100644
--- a/ndn-cpp/security/identity/memory-identity-storage.cpp
+++ b/ndn-cpp/security/identity/memory-identity-storage.cpp
@@ -116,7 +116,7 @@
 }
 
 void 
-MemoryIdentityStorage::addCertificate(const Certificate& certificate)
+MemoryIdentityStorage::addCertificate(const IdentityCertificate& certificate)
 {
 #if 1
   throw std::runtime_error("MemoryIdentityStorage::addCertificate not implemented");