security: In IdentityManager::setDefaultCertificateForKey, pass the certificate, not a Name. Make createIdentityCertificate take the certificatePrefix name.
diff --git a/include/ndn-cpp/security/identity/identity-manager.hpp b/include/ndn-cpp/security/identity/identity-manager.hpp
index 5b07fa0..d5f49f4 100644
--- a/include/ndn-cpp/security/identity/identity-manager.hpp
+++ b/include/ndn-cpp/security/identity/identity-manager.hpp
@@ -99,18 +99,20 @@
/**
* Create an identity certificate for a public key managed by this IdentityManager.
- * @param keyName The name of public key to be signed.
+ * @param certificatePrefix The name of public key to be signed.
* @param signerCertificateName The name of signing certificate.
* @param notBefore The notBefore value in the validity field of the generated certificate.
* @param notAfter The notAfter vallue in validity field of the generated certificate.
* @return The name of generated identity certificate.
*/
Name
- createIdentityCertificate(const Name& keyName, const Name& signerCertificateName, const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter);
+ createIdentityCertificate
+ (const Name& certificatePrefix, const Name& signerCertificateName, const MillisecondsSince1970& notBefore,
+ const MillisecondsSince1970& notAfter);
/**
* Create an identity certificate for a public key supplied by the caller.
- * @param keyName The name of public key to be signed.
+ * @param certificatePrefix The name of public key to be signed.
* @param publickey The public key to be signed.
* @param signerCertificateName The name of signing certificate.
* @param notBefore The notBefore value in the validity field of the generated certificate.
@@ -119,7 +121,8 @@
*/
ptr_lib::shared_ptr<IdentityCertificate>
createIdentityCertificate
- (const Name& keyName, const PublicKey& publickey, const Name& signerCertificateName, const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter);
+ (const Name& certificatePrefix, const PublicKey& publickey, const Name& signerCertificateName,
+ const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter);
/**
* Add a certificate into the public key identity storage.
@@ -133,10 +136,10 @@
/**
* Set the certificate as the default for its corresponding key.
- * @param certificateName The name of the certificate.
+ * @param certificateName The certificate.
*/
void
- setDefaultCertificateForKey(const Name& certificateName);
+ setDefaultCertificateForKey(const IdentityCertificate& certificate);
/**
* Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.
@@ -228,6 +231,14 @@
*/
void
signByCertificate(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
+
+ /**
+ * Generate a self-signed certificate for a public key.
+ * @param keyName The name of the public key.
+ * @return The generated certificate.
+ */
+ ptr_lib::shared_ptr<IdentityCertificate>
+ selfSign(const Name& keyName);
private:
/**
@@ -241,13 +252,8 @@
Name
generateKeyPair(const Name& identityName, bool isKsk = false, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048);
- /**
- * Generate a self-signed certificate for a public key.
- * @param keyName The name of the public key.
- * @return The generated certificate.
- */
- ptr_lib::shared_ptr<IdentityCertificate>
- selfSign(const Name& keyName);
+ static Name
+ getKeyNameFromCertificatePrefix(const Name& certificatePrefix);
ptr_lib::shared_ptr<IdentityStorage> identityStorage_;
ptr_lib::shared_ptr<PrivateKeyStorage> privateKeyStorage_;
diff --git a/include/ndn-cpp/security/key-chain.hpp b/include/ndn-cpp/security/key-chain.hpp
index 758c0fa..5d5f6ad 100644
--- a/include/ndn-cpp/security/key-chain.hpp
+++ b/include/ndn-cpp/security/key-chain.hpp
@@ -123,12 +123,12 @@
/**
* Set the certificate as the default for its corresponding key.
- * @param certificateName The name of the certificate.
+ * @param certificateName The certificate.
*/
void
- setDefaultCertificateForKey(const Name& certificateName)
+ setDefaultCertificateForKey(const IdentityCertificate& certificate)
{
- identityManager_->setDefaultCertificateForKey(certificateName);
+ identityManager_->setDefaultCertificateForKey(certificate);
}
/**
@@ -195,6 +195,9 @@
//TODO: Implement
}
+ ptr_lib::shared_ptr<IdentityManager>
+ getIdentityManager() { return identityManager_; }
+
/*****************************************
* Policy Management *
*****************************************/
diff --git a/src/security/identity/identity-manager.cpp b/src/security/identity/identity-manager.cpp
index eb9966e..6ee3082 100644
--- a/src/security/identity/identity-manager.cpp
+++ b/src/security/identity/identity-manager.cpp
@@ -65,7 +65,7 @@
_LOG_DEBUG("Create a key record in public storage");
shared_ptr<PublicKey> pubKey = privateKeyStorage_->getPublicKey(keyName.toUri());
identityStorage_->addKey(keyName, keyType, pubKey->getKeyDer());
- _LOG_DEBUG("OK");
+
return keyName;
}
@@ -73,7 +73,7 @@
IdentityManager::generateRSAKeyPair(const Name& identityName, bool isKsk, int keySize)
{
Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
- _LOG_DEBUG("OK2");
+
return keyName;
}
@@ -88,13 +88,18 @@
}
Name
-IdentityManager::createIdentityCertificate(const Name& keyName, const Name& signerCertificateName, const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter)
+IdentityManager::createIdentityCertificate(const Name& certificatePrefix,
+ const Name& signerCertificateName,
+ const MillisecondsSince1970& notBefore,
+ const MillisecondsSince1970& notAfter)
{
+ Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);
+
Blob keyBlob = identityStorage_->getKey(keyName);
shared_ptr<PublicKey> publicKey = PublicKey::fromDer(keyBlob);
shared_ptr<IdentityCertificate> certificate = createIdentityCertificate
- (keyName, *publicKey, signerCertificateName, notBefore, notAfter);
+ (certificatePrefix, *publicKey, signerCertificateName, notBefore, notAfter);
identityStorage_->addCertificate(*certificate);
@@ -102,20 +107,24 @@
}
ptr_lib::shared_ptr<IdentityCertificate>
-IdentityManager::createIdentityCertificate
- (const Name& keyName, const PublicKey& publicKey, const Name& signerCertificateName, const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter)
+IdentityManager::createIdentityCertificate(const Name& certificatePrefix,
+ const PublicKey& publicKey,
+ const Name& signerCertificateName,
+ const MillisecondsSince1970& notBefore,
+ const MillisecondsSince1970& notAfter)
{
shared_ptr<IdentityCertificate> certificate(new IdentityCertificate());
+ Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);
- Name certificateName;
+ Name certificateName = certificatePrefix;
MillisecondsSince1970 ti = ::ndn_getNowMilliseconds();
// Get the number of seconds.
ostringstream oss;
oss << floor(ti / 1000.0);
- certificateName.append(keyName).append("ID-CERT").append(oss.str());
+ certificateName.append("ID-CERT").append(oss.str());
+
certificate->setName(certificateName);
-
certificate->setNotBefore(notBefore);
certificate->setNotAfter(notAfter);
certificate->setPublicKeyInfo(publicKey);
@@ -135,8 +144,11 @@
SignedBlob unsignedData = certificate->wireEncode();
- Blob sigBits = privateKeyStorage_->sign(unsignedData, keyName);
-
+ shared_ptr<IdentityCertificate> signerCertificate = getCertificate(signerCertificateName);
+ Name signerkeyName = signerCertificate->getPublicKeyName();
+
+ Blob sigBits = privateKeyStorage_->sign(unsignedData, signerkeyName);
+
sha256Sig->setSignature(sigBits);
return certificate;
@@ -147,29 +159,37 @@
{
identityStorage_->addCertificate(certificate);
- Name keyName = identityStorage_->getKeyNameForCertificate(certificate.getName());
-
- setDefaultKeyForIdentity(keyName);
-
- setDefaultCertificateForKey(certificate.getName());
+ setDefaultCertificateForKey(certificate);
}
void
-IdentityManager::setDefaultCertificateForKey(const Name& certificateName)
+IdentityManager::addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
{
- Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
+ identityStorage_->addCertificate(certificate);
+
+ Name keyName = certificate.getPublicKeyName();
+
+ setDefaultKeyForIdentity(keyName);
+
+ setDefaultCertificateForKey(certificate);
+}
+
+void
+IdentityManager::setDefaultCertificateForKey(const IdentityCertificate& certificate)
+{
+ Name keyName = certificate.getPublicKeyName();
if(!identityStorage_->doesKeyExist(keyName))
- throw SecurityException("No corresponding Key record for certificaite!");
+ throw SecurityException("No corresponding Key record for certificate!");
- identityStorage_->setDefaultCertificateNameForKey(keyName, certificateName);
+ identityStorage_->setDefaultCertificateNameForKey(keyName, certificate.getName());
}
ptr_lib::shared_ptr<Signature>
IdentityManager::signByCertificate(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
{
- Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
-
+ shared_ptr<IdentityCertificate> certificate = getCertificate(certificateName);
+ Name keyName = certificate->getPublicKeyName();
shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName.toUri());
Blob sigBits = privateKeyStorage_->sign(buffer, bufferLength, keyName.toUri());
@@ -191,8 +211,8 @@
void
IdentityManager::signByCertificate(Data &data, const Name &certificateName, WireFormat& wireFormat)
{
- Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
-
+ shared_ptr<IdentityCertificate> certificate = getCertificate(certificateName);
+ Name keyName = certificate->getPublicKeyName();
shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName);
// For temporary usage, we support RSA + SHA256 only, but will support more.
@@ -223,8 +243,8 @@
{
shared_ptr<IdentityCertificate> certificate(new IdentityCertificate());
- Name certificateName;
- certificateName.append(keyName).append("ID-CERT").append("0");
+ Name certificateName = keyName.getSubName(0, keyName.size() - 1);
+ certificateName.append("KEY").append(keyName.get(keyName.size() - 1)).append("ID-CERT").append("0");
certificate->setName(certificateName);
Blob keyBlob = identityStorage_->getKey(keyName);
@@ -270,4 +290,25 @@
return certificate;
}
+Name
+IdentityManager::getKeyNameFromCertificatePrefix(const Name & certificatePrefix)
+{
+ Name result;
+
+ string keyString("KEY");
+ int i = 0;
+ for(; i < certificatePrefix.size(); i++) {
+ if (certificatePrefix.get(i).toEscapedString() == keyString)
+ break;
+ }
+
+ if (i >= certificatePrefix.size())
+ throw SecurityException("Identity Certificate Prefix does not have a KEY component");
+
+ result.append(certificatePrefix.getSubName(0, i));
+ result.append(certificatePrefix.getSubName(i + 1, certificatePrefix.size()-i-1));
+
+ return result;
+}
+
}