security: Continue porting security elements to the updated framework Change-Id: I682156142a8714b2756ca429903a19d2b9064e13

commit: e64788e1998d648e928aa4e50517f5135dd24958 [log] [tgz]
author: Alexander Afanasyev <alexander.afanasyev@ucla.edu> Sun Jan 05 22:38:21 2014 -0800
committer: Alexander Afanasyev <alexander.afanasyev@ucla.edu> Thu Jan 09 15:14:01 2014 -0800
tree: b4752def2d3678e8c002f01f534511a9695d1dcb
parent: b695b9558346c1e88eb42eb13d5237a9f99b3b7a [diff] [blame]
diff --git a/src/security/identity/identity-manager.cpp b/src/security/identity/identity-manager.cpp
index ce90cc5..1befdcd 100644
--- a/src/security/identity/identity-manager.cpp
+++ b/src/security/identity/identity-manager.cpp

@@ -90,6 +90,8 @@
 Name
 IdentityManager::generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk, int keySize)
 {
+  defaultCertificate_.reset();
+  
   Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
 
   info().setDefaultKeyNameForIdentity(keyName, identityName);
@@ -104,10 +106,14 @@
                                            const MillisecondsSince1970& notAfter)
 {
   Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);
+
+  ptr_lib::shared_ptr<PublicKey> pubKey = info().getKey(keyName);
+  if (!pubKey)
+    throw Error("Requested public key [" + keyName.toUri() + "] doesn't exist");
   
   ptr_lib::shared_ptr<IdentityCertificate> certificate =
     createIdentityCertificate(certificatePrefix,
-                              *info().getKey(keyName),
+                              *pubKey,
                               signerCertificateName,
                               notBefore, notAfter);
 
@@ -148,11 +154,15 @@
   
   Name certificateName = keyName.getSubName(0, keyName.size() - 1);
   certificateName.append("KEY").append(keyName.get(keyName.size() - 1)).append("ID-CERT").appendVersion();
+
+  ptr_lib::shared_ptr<PublicKey> pubKey = info().getKey(keyName);
+  if (!pubKey)
+    throw Error("Requested public key [" + keyName.toUri() + "] doesn't exist");
   
   certificate->setName(certificateName);
   certificate->setNotBefore(ndn_getNowMilliseconds());
   certificate->setNotAfter(ndn_getNowMilliseconds() + 630720000 /* 20 years*/);
-  certificate->setPublicKeyInfo(*info().getKey(keyName));
+  certificate->setPublicKeyInfo(*pubKey);
   certificate->addSubjectDescription(CertificateSubjectDescription("2.5.4.41", keyName.toUri()));
   certificate->encode();
 
@@ -183,6 +193,8 @@
 void
 IdentityManager::setDefaultCertificateForKey(const IdentityCertificate& certificate)
 {
+  defaultCertificate_.reset();
+  
   Name keyName = certificate.getPublicKeyName();
   
   if(!info().doesKeyExist(keyName))
@@ -190,11 +202,30 @@
 
   info().setDefaultCertificateNameForKey(keyName, certificate.getName());
 }
-  
+
+void
+IdentityManager::sign(Data &data)
+{
+  if (!defaultCertificate_)
+    {
+      defaultCertificate_ = info().getCertificate(
+                                                  info().getDefaultCertificateNameForIdentity(
+                                                                                              info().getDefaultIdentity()));
+
+      if(!defaultCertificate_)
+        throw Error("Default IdentityCertificate cannot be determined");
+    }
+
+  signByCertificate(data, *defaultCertificate_);
+}
+
 Signature
 IdentityManager::signByCertificate(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
 {
   ptr_lib::shared_ptr<IdentityCertificate> cert = info().getCertificate(certificateName);
+  if (!cert)
+    throw Error("Requested certificate [" + certificateName.toUri() + "] doesn't exist");
+
   SignatureSha256WithRsa signature;
   signature.setKeyLocator(certificateName.getPrefix(-1)); // implicit conversion should take care
 
@@ -207,6 +238,9 @@
 IdentityManager::signByCertificate(Data &data, const Name &certificateName)
 {
   ptr_lib::shared_ptr<IdentityCertificate> cert = info().getCertificate(certificateName);
+  if (!cert)
+    throw Error("Requested certificate [" + certificateName.toUri() + "] doesn't exist");
+
   SignatureSha256WithRsa signature;
   signature.setKeyLocator(certificateName.getPrefix(-1)); // implicit conversion should take care
 
@@ -216,6 +250,17 @@
 }
 
 void
+IdentityManager::signByCertificate(Data& data, const IdentityCertificate& certificate)
+{
+  SignatureSha256WithRsa signature;
+  signature.setKeyLocator(certificate.getName().getPrefix(-1));
+
+  // For temporary usage, we support RSA + SHA256 only, but will support more.
+  signature.setValue(tpm().sign(data, signature, certificate.getPublicKeyName(), DIGEST_ALGORITHM_SHA256));
+  data.setSignature(signature);
+}
+
+void
 IdentityManager::selfSign (IdentityCertificate& cert)
 {
   SignatureSha256WithRsa signature;
commit	e64788e1998d648e928aa4e50517f5135dd24958	[log] [tgz]
author	Alexander Afanasyev <alexander.afanasyev@ucla.edu>	Sun Jan 05 22:38:21 2014 -0800
committer	Alexander Afanasyev <alexander.afanasyev@ucla.edu>	Thu Jan 09 15:14:01 2014 -0800
tree	b4752def2d3678e8c002f01f534511a9695d1dcb
parent	b695b9558346c1e88eb42eb13d5237a9f99b3b7a [diff] [blame]