/**
* Generate a key pair for the specified identity.
*
* @param identityName The name of the specified identity.
* @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
* @param params The parameters of the key.
* @return The name of the generated key.
*/
private Name generateKeyPair(Name identityName, boolean isKsk, KeyParams params)
throws SecurityException {
Logger.getLogger(this.getClass().getName()).log(Level.INFO, "Get new key ID");
Name keyName = identityStorage_.getNewKeyName(identityName, isKsk);
Logger.getLogger(this.getClass().getName())
.log(Level.INFO, "Generate key pair in private storage");
privateKeyStorage_.generateKeyPair(keyName, params);
Logger.getLogger(this.getClass().getName())
.log(Level.INFO, "Create a key record in public storage");
PublicKey pubKey = privateKeyStorage_.getPublicKey(keyName);
identityStorage_.addKey(keyName, params.getKeyType(), pubKey.getKeyDer());
return keyName;
}
/**
* Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a
* self-signed certificate of the KSK. If a key pair or certificate for the identity already
* exists, use it.
*
* @param identityName The name of the identity.
* @param params The key parameters if a key needs to be generated for the identity.
* @return The name of the default certificate of the identity.
* @throws SecurityException if the identity has already been created.
*/
public final Name createIdentityAndCertificate(Name identityName, KeyParams params)
throws SecurityException {
identityStorage_.addIdentity(identityName);
Name keyName = null;
boolean generateKey = true;
try {
keyName = identityStorage_.getDefaultKeyNameForIdentity(identityName);
PublicKey key = new PublicKey(identityStorage_.getKey(keyName));
if (key.getKeyType() == params.getKeyType())
// The key exists and has the same type, so don't need to generate one.
generateKey = false;
} catch (SecurityException ex) {
}
if (generateKey) {
keyName = generateKeyPair(identityName, true, params);
identityStorage_.setDefaultKeyNameForIdentity(keyName);
}
Name certName = null;
boolean makeCert = true;
try {
certName = identityStorage_.getDefaultCertificateNameForKey(keyName);
// The cert exists, so don't need to make it.
makeCert = false;
} catch (SecurityException ex) {
}
if (makeCert) {
IdentityCertificate selfCert = selfSign(keyName);
addCertificateAsIdentityDefault(selfCert);
certName = selfCert.getName();
}
return certName;
}
/**
* Return a new Signature object based on the signature algorithm of the public key with keyName
* (derived from certificateName).
*
* @param certificateName The certificate name.
* @param digestAlgorithm Set digestAlgorithm[0] to the signature algorithm's digest algorithm,
* e.g. DigestAlgorithm.SHA256.
* @return A new object of the correct subclass of Signature.
*/
private Signature makeSignatureByCertificate(
Name certificateName, DigestAlgorithm[] digestAlgorithm) throws SecurityException {
Name keyName = IdentityCertificate.certificateNameToPublicKeyName(certificateName);
PublicKey publicKey = privateKeyStorage_.getPublicKey(keyName);
KeyType keyType = publicKey.getKeyType();
if (keyType == KeyType.RSA) {
Sha256WithRsaSignature signature = new Sha256WithRsaSignature();
digestAlgorithm[0] = DigestAlgorithm.SHA256;
signature.getKeyLocator().setType(KeyLocatorType.KEYNAME);
signature.getKeyLocator().setKeyName(certificateName.getPrefix(-1));
return signature;
} else if (keyType == KeyType.ECDSA) {
Sha256WithEcdsaSignature signature = new Sha256WithEcdsaSignature();
digestAlgorithm[0] = DigestAlgorithm.SHA256;
signature.getKeyLocator().setType(KeyLocatorType.KEYNAME);
signature.getKeyLocator().setKeyName(certificateName.getPrefix(-1));
return signature;
} else throw new SecurityException("Key type is not recognized");
}