def _makeSelfSignedCertificate(
keyName, privateKeyBag, publicKeyEncoding, password, digestAlgorithm,
wireFormat):
certificate = CertificateV2()
# Set the name.
now = Common.getNowMilliseconds()
certificateName = Name(keyName)
certificateName.append("self").appendVersion(int(now))
certificate.setName(certificateName)
# Set the MetaInfo.
certificate.getMetaInfo().setType(ContentType.KEY)
# Set a one-hour freshness period.
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0)
# Set the content.
publicKey = PublicKey(publicKeyEncoding)
certificate.setContent(publicKey.getKeyDer())
# Create a temporary in-memory Tpm and import the private key.
tpm = Tpm("", "", TpmBackEndMemory())
tpm._importPrivateKey(keyName, privateKeyBag.toBytes(), password)
# Set the signature info.
if publicKey.getKeyType() == KeyType.RSA:
certificate.setSignature(Sha256WithRsaSignature())
elif publicKey.getKeyType() == KeyType.EC:
certificate.setSignature(Sha256WithEcdsaSignature())
else:
raise ValueError("Unsupported key type")
signatureInfo = certificate.getSignature()
KeyLocator.getFromSignature(signatureInfo).setType(KeyLocatorType.KEYNAME)
KeyLocator.getFromSignature(signatureInfo).setKeyName(keyName)
# Set a 20-year validity period.
ValidityPeriod.getFromSignature(signatureInfo).setPeriod(
now, now + 20 * 365 * 24 * 3600 * 1000.0)
# Encode once to get the signed portion.
encoding = certificate.wireEncode(wireFormat)
signatureBytes = tpm.sign(encoding.toSignedBytes(), keyName,
digestAlgorithm)
signatureInfo.setSignature(signatureBytes)
# Encode again to include the signature.
certificate.wireEncode(wireFormat)
return certificate
def _makeSelfSignedCertificate(keyName, privateKeyBag, publicKeyEncoding,
password, digestAlgorithm, wireFormat):
certificate = CertificateV2()
# Set the name.
now = Common.getNowMilliseconds()
certificateName = Name(keyName)
certificateName.append("self").appendVersion(int(now))
certificate.setName(certificateName)
# Set the MetaInfo.
certificate.getMetaInfo().setType(ContentType.KEY)
# Set a one-hour freshness period.
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0)
# Set the content.
publicKey = PublicKey(publicKeyEncoding)
certificate.setContent(publicKey.getKeyDer())
# Create a temporary in-memory Tpm and import the private key.
tpm = Tpm("", "", TpmBackEndMemory())
tpm._importPrivateKey(keyName, privateKeyBag.toBytes(), password)
# Set the signature info.
if publicKey.getKeyType() == KeyType.RSA:
certificate.setSignature(Sha256WithRsaSignature())
elif publicKey.getKeyType() == KeyType.EC:
certificate.setSignature(Sha256WithEcdsaSignature())
else:
raise ValueError("Unsupported key type")
signatureInfo = certificate.getSignature()
KeyLocator.getFromSignature(signatureInfo).setType(
KeyLocatorType.KEYNAME)
KeyLocator.getFromSignature(signatureInfo).setKeyName(keyName)
# Set a 20-year validity period.
ValidityPeriod.getFromSignature(signatureInfo).setPeriod(
now, now + 20 * 365 * 24 * 3600 * 1000.0)
# Encode once to get the signed portion.
encoding = certificate.wireEncode(wireFormat)
signatureBytes = tpm.sign(encoding.toSignedBytes(), keyName,
digestAlgorithm)
signatureInfo.setSignature(signatureBytes)
# Encode again to include the signature.
certificate.wireEncode(wireFormat)
return certificate
def __init__(self, keyName, arg2, arg3=None):
self._defaultCertificate = None
if isinstance(arg2, PibImpl):
# PibKeyImpl(keyName, pibImpl)
pibImpl = arg2
self._identityName = PibKey.extractIdentityFromKeyName(keyName)
self._keyName = Name(keyName)
self._certificates = PibCertificateContainer(keyName, pibImpl)
self._pibImpl = pibImpl
if pibImpl == None:
raise ValueError("The pibImpl is None")
self._keyEncoding = self._pibImpl.getKeyBits(self._keyName)
try:
publicKey = PublicKey(self._keyEncoding)
except:
# We don't expect this since we just fetched the encoding.
raise Pib.Error("Error decoding public key")
self._keyType = publicKey.getKeyType()
else:
# PibKeyImpl(keyName, keyEncoding, pibImpl)
keyEncoding = arg2
pibImpl = arg3
self._identityName = PibKey.extractIdentityFromKeyName(keyName)
self._keyName = Name(keyName)
self._keyEncoding = Blob(keyEncoding, True)
self._certificates = PibCertificateContainer(keyName, pibImpl)
self._pibImpl = pibImpl
if pibImpl == None:
raise ValueError("The pibImpl is None")
try:
publicKey = PublicKey(self._keyEncoding)
self._keyType = publicKey.getKeyType()
except:
raise ValueError("Invalid key encoding")
self._pibImpl.addKey(self._identityName, self._keyName,
keyEncoding)
def __init__(self, keyName, arg2, arg3 = None):
self._defaultCertificate = None
if isinstance(arg2, PibImpl):
# PibKeyImpl(keyName, pibImpl)
pibImpl = arg2
self._identityName = PibKey.extractIdentityFromKeyName(keyName)
self._keyName = Name(keyName)
self._certificates = PibCertificateContainer(keyName, pibImpl)
self._pibImpl = pibImpl
if pibImpl == None:
raise ValueError("The pibImpl is None")
self._keyEncoding = self._pibImpl.getKeyBits(self._keyName)
try:
publicKey = PublicKey(self._keyEncoding)
except:
# We don't expect this since we just fetched the encoding.
raise Pib.Error("Error decoding public key")
self._keyType = publicKey.getKeyType()
else:
# PibKeyImpl(keyName, keyEncoding, pibImpl)
keyEncoding = arg2
pibImpl = arg3
self._identityName = PibKey.extractIdentityFromKeyName(keyName)
self._keyName = Name(keyName)
self._keyEncoding = Blob(keyEncoding, True)
self._certificates = PibCertificateContainer(keyName, pibImpl)
self._pibImpl = pibImpl
if pibImpl == None:
raise ValueError("The pibImpl is None")
try:
publicKey = PublicKey(self._keyEncoding)
self._keyType = publicKey.getKeyType()
except:
raise ValueError("Invalid key encoding")
self._pibImpl.addKey(self._identityName, self._keyName, keyEncoding)
