Use KeyChain::makeCertificate()
Change-Id: Iaf6d643feaecb9b208772067a071fbbafdf7c5a8
diff --git a/src/ca-module.cpp b/src/ca-module.cpp
index b5547e0..9ac7453 100644
--- a/src/ca-module.cpp
+++ b/src/ca-module.cpp
@@ -481,22 +481,12 @@
Certificate
CaModule::issueCertificate(const RequestState& requestState)
{
- auto period = requestState.cert.getValidityPeriod();
- Certificate newCert;
-
- Name certName = requestState.cert.getKeyName();
- certName.append("NDNCERT").appendVersion();
- newCert.setName(certName);
- newCert.setContent(requestState.cert.getContent());
- newCert.setFreshnessPeriod(1_h);
- NDN_LOG_TRACE("cert request content " << requestState.cert);
- SignatureInfo signatureInfo;
- signatureInfo.setValidityPeriod(period);
- ndn::security::SigningInfo signingInfo(ndn::security::SigningInfo::SIGNER_TYPE_ID,
- m_config.caProfile.caPrefix, signatureInfo);
- // Note: we should use KeyChain::makeCertificate() in future.
- m_keyChain.sign(newCert, signingInfo);
- NDN_LOG_TRACE("new cert got signed" << newCert);
+ ndn::security::MakeCertificateOptions opts;
+ opts.issuerId = Name::Component("NDNCERT");
+ opts.validity = requestState.cert.getValidityPeriod();
+ auto newCert = m_keyChain.makeCertificate(requestState.cert,
+ signingByIdentity(m_config.caProfile.caPrefix), opts);
+ NDN_LOG_TRACE("Signed new certificate: " << newCert);
return newCert;
}
diff --git a/src/requester-request.cpp b/src/requester-request.cpp
index 3523d77..0e8565e 100644
--- a/src/requester-request.cpp
+++ b/src/requester-request.cpp
@@ -122,28 +122,19 @@
const time::system_clock::time_point& notBefore,
const time::system_clock::time_point& notAfter)
{
- if (!m_caProfile.caPrefix.isPrefixOf(keyName)) {
+ if (keyName.empty() || !m_caProfile.caPrefix.isPrefixOf(keyName)) {
return nullptr;
}
- if (keyName.empty()) {
- return nullptr;
- }
- else {
- const auto& pib = m_keyChain.getPib();
- ndn::security::pib::Identity identity;
- m_identityName = ndn::security::extractIdentityFromKeyName(keyName);
- identity = pib.getIdentity(m_identityName);
- m_keyPair = identity.getKey(keyName);
- }
+ m_identityName = ndn::security::extractIdentityFromKeyName(keyName);
+ auto identity = m_keyChain.getPib().getIdentity(m_identityName);
+ m_keyPair = identity.getKey(keyName);
+
// generate certificate request
- Certificate certRequest;
- certRequest.setName(Name(keyName).append("cert-request").appendVersion());
- certRequest.setContentType(ndn::tlv::ContentType_Key);
- certRequest.setContent(m_keyPair.getPublicKey());
- SignatureInfo signatureInfo;
- signatureInfo.setValidityPeriod(ndn::security::ValidityPeriod(notBefore, notAfter));
- m_keyChain.sign(certRequest, signingByKey(keyName).setSignatureInfo(signatureInfo));
+ ndn::security::MakeCertificateOptions opts;
+ opts.issuerId = Name::Component("cert-request");
+ opts.validity.emplace(notBefore, notAfter);
+ auto certRequest = m_keyChain.makeCertificate(m_keyPair, signingByKey(keyName), opts);
// generate Interest packet
Name interestName = m_caProfile.caPrefix;