def _makeSignatureByCertificate(self, certificateName, digestAlgorithm): """ Return a new Signature object based on the signature algorithm of the public key with keyName (derived from certificateName). :param Name certificateName: The full certificate name. :param Array digestAlgorithm: Set digestAlgorithm[0] to the signature algorithm's digest algorithm, e.g. DigestAlgorithm.SHA256 . :return: The related public key name. :rtype: Signature """ keyName = IdentityCertificate.certificateNameToPublicKeyName( certificateName) publicKey = self._privateKeyStorage.getPublicKey(keyName) keyType = publicKey.getKeyType() if keyType == KeyType.RSA: signature = Sha256WithRsaSignature() digestAlgorithm[0] = DigestAlgorithm.SHA256 signature.getKeyLocator().setType(KeyLocatorType.KEYNAME) signature.getKeyLocator().setKeyName(certificateName.getPrefix(-1)) return signature elif keyType == KeyType.ECDSA: signature = Sha256WithEcdsaSignature() digestAlgorithm[0] = DigestAlgorithm.SHA256 signature.getKeyLocator().setType(KeyLocatorType.KEYNAME) signature.getKeyLocator().setKeyName(certificateName.getPrefix(-1)) return signature else: raise SecurityException("Key type is not recognized")
def _makeSelfSignedCertificate(keyName, privateKeyBag, publicKeyEncoding, password, digestAlgorithm, wireFormat): certificate = CertificateV2() # Set the name. now = Common.getNowMilliseconds() certificateName = Name(keyName) certificateName.append("self").appendVersion(int(now)) certificate.setName(certificateName) # Set the MetaInfo. certificate.getMetaInfo().setType(ContentType.KEY) # Set a one-hour freshness period. certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0) # Set the content. publicKey = PublicKey(publicKeyEncoding) certificate.setContent(publicKey.getKeyDer()) # Create a temporary in-memory Tpm and import the private key. tpm = Tpm("", "", TpmBackEndMemory()) tpm._importPrivateKey(keyName, privateKeyBag.toBytes(), password) # Set the signature info. if publicKey.getKeyType() == KeyType.RSA: certificate.setSignature(Sha256WithRsaSignature()) elif publicKey.getKeyType() == KeyType.EC: certificate.setSignature(Sha256WithEcdsaSignature()) else: raise ValueError("Unsupported key type") signatureInfo = certificate.getSignature() KeyLocator.getFromSignature(signatureInfo).setType( KeyLocatorType.KEYNAME) KeyLocator.getFromSignature(signatureInfo).setKeyName(keyName) # Set a 20-year validity period. ValidityPeriod.getFromSignature(signatureInfo).setPeriod( now, now + 20 * 365 * 24 * 3600 * 1000.0) # Encode once to get the signed portion. encoding = certificate.wireEncode(wireFormat) signatureBytes = tpm.sign(encoding.toSignedBytes(), keyName, digestAlgorithm) signatureInfo.setSignature(signatureBytes) # Encode again to include the signature. certificate.wireEncode(wireFormat) return certificate