security: In IdentityManager::setDefaultCertificateForKey, pass the certificate, not a Name. Make createIdentityCertificate take the certificatePrefix name.
diff --git a/src/security/identity/identity-manager.cpp b/src/security/identity/identity-manager.cpp
index eb9966e..6ee3082 100644
--- a/src/security/identity/identity-manager.cpp
+++ b/src/security/identity/identity-manager.cpp
@@ -65,7 +65,7 @@
_LOG_DEBUG("Create a key record in public storage");
shared_ptr<PublicKey> pubKey = privateKeyStorage_->getPublicKey(keyName.toUri());
identityStorage_->addKey(keyName, keyType, pubKey->getKeyDer());
- _LOG_DEBUG("OK");
+
return keyName;
}
@@ -73,7 +73,7 @@
IdentityManager::generateRSAKeyPair(const Name& identityName, bool isKsk, int keySize)
{
Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
- _LOG_DEBUG("OK2");
+
return keyName;
}
@@ -88,13 +88,18 @@
}
Name
-IdentityManager::createIdentityCertificate(const Name& keyName, const Name& signerCertificateName, const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter)
+IdentityManager::createIdentityCertificate(const Name& certificatePrefix,
+ const Name& signerCertificateName,
+ const MillisecondsSince1970& notBefore,
+ const MillisecondsSince1970& notAfter)
{
+ Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);
+
Blob keyBlob = identityStorage_->getKey(keyName);
shared_ptr<PublicKey> publicKey = PublicKey::fromDer(keyBlob);
shared_ptr<IdentityCertificate> certificate = createIdentityCertificate
- (keyName, *publicKey, signerCertificateName, notBefore, notAfter);
+ (certificatePrefix, *publicKey, signerCertificateName, notBefore, notAfter);
identityStorage_->addCertificate(*certificate);
@@ -102,20 +107,24 @@
}
ptr_lib::shared_ptr<IdentityCertificate>
-IdentityManager::createIdentityCertificate
- (const Name& keyName, const PublicKey& publicKey, const Name& signerCertificateName, const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter)
+IdentityManager::createIdentityCertificate(const Name& certificatePrefix,
+ const PublicKey& publicKey,
+ const Name& signerCertificateName,
+ const MillisecondsSince1970& notBefore,
+ const MillisecondsSince1970& notAfter)
{
shared_ptr<IdentityCertificate> certificate(new IdentityCertificate());
+ Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);
- Name certificateName;
+ Name certificateName = certificatePrefix;
MillisecondsSince1970 ti = ::ndn_getNowMilliseconds();
// Get the number of seconds.
ostringstream oss;
oss << floor(ti / 1000.0);
- certificateName.append(keyName).append("ID-CERT").append(oss.str());
+ certificateName.append("ID-CERT").append(oss.str());
+
certificate->setName(certificateName);
-
certificate->setNotBefore(notBefore);
certificate->setNotAfter(notAfter);
certificate->setPublicKeyInfo(publicKey);
@@ -135,8 +144,11 @@
SignedBlob unsignedData = certificate->wireEncode();
- Blob sigBits = privateKeyStorage_->sign(unsignedData, keyName);
-
+ shared_ptr<IdentityCertificate> signerCertificate = getCertificate(signerCertificateName);
+ Name signerkeyName = signerCertificate->getPublicKeyName();
+
+ Blob sigBits = privateKeyStorage_->sign(unsignedData, signerkeyName);
+
sha256Sig->setSignature(sigBits);
return certificate;
@@ -147,29 +159,37 @@
{
identityStorage_->addCertificate(certificate);
- Name keyName = identityStorage_->getKeyNameForCertificate(certificate.getName());
-
- setDefaultKeyForIdentity(keyName);
-
- setDefaultCertificateForKey(certificate.getName());
+ setDefaultCertificateForKey(certificate);
}
void
-IdentityManager::setDefaultCertificateForKey(const Name& certificateName)
+IdentityManager::addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
{
- Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
+ identityStorage_->addCertificate(certificate);
+
+ Name keyName = certificate.getPublicKeyName();
+
+ setDefaultKeyForIdentity(keyName);
+
+ setDefaultCertificateForKey(certificate);
+}
+
+void
+IdentityManager::setDefaultCertificateForKey(const IdentityCertificate& certificate)
+{
+ Name keyName = certificate.getPublicKeyName();
if(!identityStorage_->doesKeyExist(keyName))
- throw SecurityException("No corresponding Key record for certificaite!");
+ throw SecurityException("No corresponding Key record for certificate!");
- identityStorage_->setDefaultCertificateNameForKey(keyName, certificateName);
+ identityStorage_->setDefaultCertificateNameForKey(keyName, certificate.getName());
}
ptr_lib::shared_ptr<Signature>
IdentityManager::signByCertificate(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
{
- Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
-
+ shared_ptr<IdentityCertificate> certificate = getCertificate(certificateName);
+ Name keyName = certificate->getPublicKeyName();
shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName.toUri());
Blob sigBits = privateKeyStorage_->sign(buffer, bufferLength, keyName.toUri());
@@ -191,8 +211,8 @@
void
IdentityManager::signByCertificate(Data &data, const Name &certificateName, WireFormat& wireFormat)
{
- Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
-
+ shared_ptr<IdentityCertificate> certificate = getCertificate(certificateName);
+ Name keyName = certificate->getPublicKeyName();
shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName);
// For temporary usage, we support RSA + SHA256 only, but will support more.
@@ -223,8 +243,8 @@
{
shared_ptr<IdentityCertificate> certificate(new IdentityCertificate());
- Name certificateName;
- certificateName.append(keyName).append("ID-CERT").append("0");
+ Name certificateName = keyName.getSubName(0, keyName.size() - 1);
+ certificateName.append("KEY").append(keyName.get(keyName.size() - 1)).append("ID-CERT").append("0");
certificate->setName(certificateName);
Blob keyBlob = identityStorage_->getKey(keyName);
@@ -270,4 +290,25 @@
return certificate;
}
+Name
+IdentityManager::getKeyNameFromCertificatePrefix(const Name & certificatePrefix)
+{
+ Name result;
+
+ string keyString("KEY");
+ int i = 0;
+ for(; i < certificatePrefix.size(); i++) {
+ if (certificatePrefix.get(i).toEscapedString() == keyString)
+ break;
+ }
+
+ if (i >= certificatePrefix.size())
+ throw SecurityException("Identity Certificate Prefix does not have a KEY component");
+
+ result.append(certificatePrefix.getSubName(0, i));
+ result.append(certificatePrefix.getSubName(i + 1, certificatePrefix.size()-i-1));
+
+ return result;
+}
+
}