def _makeSelfSignedCertificate( keyName, privateKeyBag, publicKeyEncoding, password, digestAlgorithm, wireFormat): certificate = CertificateV2() # Set the name. now = Common.getNowMilliseconds() certificateName = Name(keyName) certificateName.append("self").appendVersion(int(now)) certificate.setName(certificateName) # Set the MetaInfo. certificate.getMetaInfo().setType(ContentType.KEY) # Set a one-hour freshness period. certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0) # Set the content. publicKey = PublicKey(publicKeyEncoding) certificate.setContent(publicKey.getKeyDer()) # Create a temporary in-memory Tpm and import the private key. tpm = Tpm("", "", TpmBackEndMemory()) tpm._importPrivateKey(keyName, privateKeyBag.toBytes(), password) # Set the signature info. if publicKey.getKeyType() == KeyType.RSA: certificate.setSignature(Sha256WithRsaSignature()) elif publicKey.getKeyType() == KeyType.EC: certificate.setSignature(Sha256WithEcdsaSignature()) else: raise ValueError("Unsupported key type") signatureInfo = certificate.getSignature() KeyLocator.getFromSignature(signatureInfo).setType(KeyLocatorType.KEYNAME) KeyLocator.getFromSignature(signatureInfo).setKeyName(keyName) # Set a 20-year validity period. ValidityPeriod.getFromSignature(signatureInfo).setPeriod( now, now + 20 * 365 * 24 * 3600 * 1000.0) # Encode once to get the signed portion. encoding = certificate.wireEncode(wireFormat) signatureBytes = tpm.sign(encoding.toSignedBytes(), keyName, digestAlgorithm) signatureInfo.setSignature(signatureBytes) # Encode again to include the signature. certificate.wireEncode(wireFormat) return certificate
def _makeSelfSignedCertificate(keyName, privateKeyBag, publicKeyEncoding, password, digestAlgorithm, wireFormat): certificate = CertificateV2() # Set the name. now = Common.getNowMilliseconds() certificateName = Name(keyName) certificateName.append("self").appendVersion(int(now)) certificate.setName(certificateName) # Set the MetaInfo. certificate.getMetaInfo().setType(ContentType.KEY) # Set a one-hour freshness period. certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0) # Set the content. publicKey = PublicKey(publicKeyEncoding) certificate.setContent(publicKey.getKeyDer()) # Create a temporary in-memory Tpm and import the private key. tpm = Tpm("", "", TpmBackEndMemory()) tpm._importPrivateKey(keyName, privateKeyBag.toBytes(), password) # Set the signature info. if publicKey.getKeyType() == KeyType.RSA: certificate.setSignature(Sha256WithRsaSignature()) elif publicKey.getKeyType() == KeyType.EC: certificate.setSignature(Sha256WithEcdsaSignature()) else: raise ValueError("Unsupported key type") signatureInfo = certificate.getSignature() KeyLocator.getFromSignature(signatureInfo).setType( KeyLocatorType.KEYNAME) KeyLocator.getFromSignature(signatureInfo).setKeyName(keyName) # Set a 20-year validity period. ValidityPeriod.getFromSignature(signatureInfo).setPeriod( now, now + 20 * 365 * 24 * 3600 * 1000.0) # Encode once to get the signed portion. encoding = certificate.wireEncode(wireFormat) signatureBytes = tpm.sign(encoding.toSignedBytes(), keyName, digestAlgorithm) signatureInfo.setSignature(signatureBytes) # Encode again to include the signature. certificate.wireEncode(wireFormat) return certificate
def __init__(self, keyName, arg2, arg3=None): self._defaultCertificate = None if isinstance(arg2, PibImpl): # PibKeyImpl(keyName, pibImpl) pibImpl = arg2 self._identityName = PibKey.extractIdentityFromKeyName(keyName) self._keyName = Name(keyName) self._certificates = PibCertificateContainer(keyName, pibImpl) self._pibImpl = pibImpl if pibImpl == None: raise ValueError("The pibImpl is None") self._keyEncoding = self._pibImpl.getKeyBits(self._keyName) try: publicKey = PublicKey(self._keyEncoding) except: # We don't expect this since we just fetched the encoding. raise Pib.Error("Error decoding public key") self._keyType = publicKey.getKeyType() else: # PibKeyImpl(keyName, keyEncoding, pibImpl) keyEncoding = arg2 pibImpl = arg3 self._identityName = PibKey.extractIdentityFromKeyName(keyName) self._keyName = Name(keyName) self._keyEncoding = Blob(keyEncoding, True) self._certificates = PibCertificateContainer(keyName, pibImpl) self._pibImpl = pibImpl if pibImpl == None: raise ValueError("The pibImpl is None") try: publicKey = PublicKey(self._keyEncoding) self._keyType = publicKey.getKeyType() except: raise ValueError("Invalid key encoding") self._pibImpl.addKey(self._identityName, self._keyName, keyEncoding)
def __init__(self, keyName, arg2, arg3 = None): self._defaultCertificate = None if isinstance(arg2, PibImpl): # PibKeyImpl(keyName, pibImpl) pibImpl = arg2 self._identityName = PibKey.extractIdentityFromKeyName(keyName) self._keyName = Name(keyName) self._certificates = PibCertificateContainer(keyName, pibImpl) self._pibImpl = pibImpl if pibImpl == None: raise ValueError("The pibImpl is None") self._keyEncoding = self._pibImpl.getKeyBits(self._keyName) try: publicKey = PublicKey(self._keyEncoding) except: # We don't expect this since we just fetched the encoding. raise Pib.Error("Error decoding public key") self._keyType = publicKey.getKeyType() else: # PibKeyImpl(keyName, keyEncoding, pibImpl) keyEncoding = arg2 pibImpl = arg3 self._identityName = PibKey.extractIdentityFromKeyName(keyName) self._keyName = Name(keyName) self._keyEncoding = Blob(keyEncoding, True) self._certificates = PibCertificateContainer(keyName, pibImpl) self._pibImpl = pibImpl if pibImpl == None: raise ValueError("The pibImpl is None") try: publicKey = PublicKey(self._keyEncoding) self._keyType = publicKey.getKeyType() except: raise ValueError("Invalid key encoding") self._pibImpl.addKey(self._identityName, self._keyName, keyEncoding)