commit fa2bce7d5763a52343a9eef437765b25058fe147
author Yumin Xia <me@yumin-xia.com> Sun Apr 09 16:20:25 2017 -0700
committer Yumin Xia <me@yumin-xia.com> Thu Nov 02 14:31:03 2017 -0700
tree 6f8c2a96e1ed100530d772c840e317229d614a70
parent db8e9370f04a3b84eba95021695336e7b0e98a01

Add certificate fetcher of ndns-appcert and ndns-cert

Validators are updated accordingly

Change-Id: Ibdee00b8f20243448a2ba3011ca87f85ce1ea516

src/mgmt/management-tool.cpp

diff --git a/src/mgmt/management-tool.cpp b/src/mgmt/management-tool.cpp
index d4d64e1..8d01211 100644
--- a/src/mgmt/management-tool.cpp
+++ b/src/mgmt/management-tool.cpp
@@ -125,7 +125,7 @@
     dkey = m_keyChain.createKey(dkeyIdentity);
     m_keyChain.deleteCertificate(dkey, dkey.getDefaultCertificate().getName());
 
-    dkeyCert = CertHelper::createCertificate(m_keyChain, dkey, dkey, label::CERT_RR_TYPE.toUri(), time::days(90));
+    dkeyCert = CertHelper::createCertificate(m_keyChain, dkey, dkey, label::CERT_RR_TYPE.toUri(), certValidity);
     dkeyCert.setFreshnessPeriod(cacheTtl);
     m_keyChain.addCertificate(dkey, dkeyCert);
     NDNS_LOG_INFO("Generated DKEY: " << dkeyCert.getName());
@@ -141,7 +141,7 @@
     // delete automatically generated certificates,
     // because its issue is 'self' instead of CERT_RR_TYPE
     m_keyChain.deleteCertificate(ksk, ksk.getDefaultCertificate().getName());
-    kskCert = CertHelper::createCertificate(m_keyChain, ksk, dkey, label::CERT_RR_TYPE.toUri(), time::days(90));
+    kskCert = CertHelper::createCertificate(m_keyChain, ksk, dkey, label::CERT_RR_TYPE.toUri(), certValidity);
     kskCert.setFreshnessPeriod(cacheTtl);
     m_keyChain.addCertificate(ksk, kskCert);
     NDNS_LOG_INFO("Generated KSK: " << kskCert.getName());
@@ -298,10 +298,6 @@
 void
 ManagementTool::addRrset(Rrset& rrset)
 {
-  if (rrset.getLabel().size() > 1) {
-    BOOST_THROW_EXCEPTION(Error("Cannot add rrset with label size > 1, should use addMultiLevelLabelRrset instead"));
-  }
-
   // check that it does not override existing AUTH
   Rrset rrsetCopy = rrset;
   rrsetCopy.setType(label::NS_RR_TYPE);
@@ -362,7 +358,11 @@
   }
 
   if (needResign) {
-    m_keyChain.sign(*data, signingByCertificate(dskCertName));
+    // TODO validityPeriod should be able to be configured
+    SignatureInfo info;
+    info.setValidityPeriod(security::ValidityPeriod(time::system_clock::now(),
+                                                    time::system_clock::now() + DEFAULT_CERT_TTL));
+    m_keyChain.sign(*data, signingByCertificate(dskCertName).setSignatureInfo(info));
   }
 
   // create response for the input data