public void testSetters()
{
CertificateV2 certificate = new CertificateV2();
certificate.setName(new Name(
"/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"));
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);
certificate.setContent(new Blob(PUBLIC_KEY, false));
certificate.setSignature(generateFakeSignature());
Assert.AssertEquals(new Name(
"/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"),
certificate.getName());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-1416425377094"),
certificate.getKeyName());
Assert.AssertEquals(new Name("/ndn/site1"), certificate.getIdentity());
Assert.AssertEquals(new Name.Component("0123"), certificate.getIssuerId());
Assert.AssertEquals(new Name.Component("ksk-1416425377094"),
certificate.getKeyId());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-2516425377094"), net.named_data.jndn.KeyLocator
.getFromSignature(certificate.getSignature()).getKeyName());
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T050000"), certificate
.getValidityPeriod().getNotBefore(), 0);
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060000"), certificate
.getValidityPeriod().getNotAfter(), 0);
try {
certificate.getPublicKey();
} catch (Exception ex) {
Assert.Fail(ex.Message);
}
}
/// <summary>
/// Add certificate into the container. If the certificate already exists,
/// this replaces it.
/// </summary>
///
/// <param name="certificate">The certificate to add. This copies the object.</param>
/// <exception cref="System.ArgumentException">if the name of the certificate does notmatch the key name.</exception>
public void add(CertificateV2 certificate)
{
if (!keyName_.equals(certificate.getKeyName()))
{
throw new ArgumentException("The certificate name `"
+ certificate.getKeyName().toUri()
+ "` does not match the key name");
}
Name certificateName = new Name(certificate.getName());
ILOG.J2CsMapping.Collections.Collections.Add(certificateNames_, certificateName);
// Copy the certificate.
ILOG.J2CsMapping.Collections.Collections.Put(certificates_, certificateName, new CertificateV2(certificate));
pibImpl_.addCertificate(certificate);
}
/// <summary>
/// Authorize a member identified by memberCertificate to decrypt data under
/// the policy.
/// </summary>
///
/// <param name="memberCertificate"></param>
/// <returns>The published KDK Data packet.</returns>
public Data addMember(CertificateV2 memberCertificate)
{
Name kdkName = new Name(nacKey_.getIdentityName());
kdkName.append(net.named_data.jndn.encrypt.EncryptorV2.NAME_COMPONENT_KDK)
.append(nacKey_.getName().get(-1))
// key-id
.append(net.named_data.jndn.encrypt.EncryptorV2.NAME_COMPONENT_ENCRYPTED_BY)
.append(memberCertificate.getKeyName());
int secretLength = 32;
byte[] secret = new byte[secretLength];
net.named_data.jndn.util.Common.getRandom().nextBytes(secret);
// To be compatible with OpenSSL which uses a null-terminated string,
// replace each 0 with 1. And to be compatible with the Java security
// library which interprets the secret as a char array converted to UTF8,
// limit each byte to the ASCII range 1 to 127.
for (int i = 0; i < secretLength; ++i)
{
if (secret[i] == 0)
{
secret[i] = 1;
}
secret[i] &= 0x7f;
}
SafeBag kdkSafeBag = keyChain_.exportSafeBag(
nacKey_.getDefaultCertificate(), ILOG.J2CsMapping.NIO.ByteBuffer.wrap(secret));
PublicKey memberKey = new PublicKey(memberCertificate.getPublicKey());
EncryptedContent encryptedContent = new EncryptedContent();
encryptedContent.setPayload(kdkSafeBag.wireEncode());
encryptedContent.setPayloadKey(memberKey.encrypt(secret,
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep));
Data kdkData = new Data(kdkName);
kdkData.setContent(encryptedContent.wireEncodeV2());
// FreshnessPeriod can serve as a soft access control for revoking access.
kdkData.getMetaInfo().setFreshnessPeriod(
DEFAULT_KDK_FRESHNESS_PERIOD_MS);
keyChain_.sign(kdkData, new SigningInfo(identity_));
storage_.insert(kdkData);
return(kdkData);
}
public void testFindByInterest()
{
anchorContainer.insert("group1", certificatePath1.FullName,
400.0d);
Interest interest = new Interest(identity1.getName());
Assert.AssertTrue(anchorContainer.find(interest) != null);
Interest interest1 = new Interest(identity1.getName().getPrefix(-1));
Assert.AssertTrue(anchorContainer.find(interest1) != null);
Interest interest2 = new Interest(
new Name(identity1.getName()).appendVersion(1));
Assert.AssertTrue(anchorContainer.find(interest2) == null);
CertificateV2 certificate3 = fixture.addCertificate(
identity1.getDefaultKey(), "3");
CertificateV2 certificate4 = fixture.addCertificate(
identity1.getDefaultKey(), "4");
CertificateV2 certificate5 = fixture.addCertificate(
identity1.getDefaultKey(), "5");
CertificateV2 certificate3Copy = new CertificateV2(certificate3);
anchorContainer.insert("group2", certificate3Copy);
anchorContainer.insert("group3", certificate4);
anchorContainer.insert("group4", certificate5);
Interest interest3 = new Interest(certificate3.getKeyName());
CertificateV2 foundCertificate = anchorContainer.find(interest3);
Assert.AssertTrue(foundCertificate != null);
Assert.AssertTrue(interest3.getName().isPrefixOf(foundCertificate.getName()));
Assert.AssertTrue(certificate3.getName().equals(foundCertificate.getName()));
interest3.getExclude().appendComponent(
certificate3.getName().get(net.named_data.jndn.security.v2.CertificateV2.ISSUER_ID_OFFSET));
foundCertificate = anchorContainer.find(interest3);
Assert.AssertTrue(foundCertificate != null);
Assert.AssertTrue(interest3.getName().isPrefixOf(foundCertificate.getName()));
Assert.AssertTrue(!foundCertificate.getName().equals(certificate3.getName()));
}
/// <summary>
/// Add the certificate. If a certificate with the same name (without implicit
/// digest) already exists, then overwrite the certificate. If the key or
/// identity does not exist, they will be created. If no default certificate
/// for the key has been set, then set the added certificate as the default for
/// the key. If no default key was set for the identity, it will be set as the
/// default key for the identity. If no default identity was selected, the
/// certificate's identity becomes the default.
/// </summary>
///
/// <param name="certificate">The certificate to add. This copies the object.</param>
public override void addCertificate(CertificateV2 certificate)
{
Name certificateNameCopy = new Name(certificate.getName());
// getKeyName already makes a new Name.
Name keyNameCopy = certificate.getKeyName();
Name identity = certificate.getIdentity();
addKey(identity, keyNameCopy, certificate.getContent().buf());
try {
ILOG.J2CsMapping.Collections.Collections.Put(certificates_, certificateNameCopy, new CertificateV2(
certificate));
} catch (CertificateV2.Error ex) {
// We don't expect an error in the copy constructor.
throw new PibImpl.Error(ex.Message);
}
if (!defaultCertificateNames_.Contains(keyNameCopy))
{
ILOG.J2CsMapping.Collections.Collections.Put(defaultCertificateNames_, keyNameCopy, certificateNameCopy);
}
}
public void testConstructor()
{
CertificateV2 certificate = new CertificateV2();
certificate.wireDecode(new Blob(CERT, false));
Assert.AssertEquals(new Name(
"/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"),
certificate.getName());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-1416425377094"),
certificate.getKeyName());
Assert.AssertEquals(new Name("/ndn/site1"), certificate.getIdentity());
Assert.AssertEquals(new Name.Component("0123"), certificate.getIssuerId());
Assert.AssertEquals(new Name.Component("ksk-1416425377094"),
certificate.getKeyId());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-2516425377094"), net.named_data.jndn.KeyLocator
.getFromSignature(certificate.getSignature()).getKeyName());
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150814T223739"), certificate
.getValidityPeriod().getNotBefore(), 0);
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150818T223738"), certificate
.getValidityPeriod().getNotAfter(), 0);
try {
certificate.getPublicKey();
} catch (Exception ex) {
Assert.Fail(ex.Message);
}
Data data = new Data();
data.wireDecode(new Blob(CERT, false));
CertificateV2 certificate2 = new CertificateV2(data);
Assert.AssertEquals(certificate.getName(), certificate2.getName());
Assert.AssertTrue(certificate.getPublicKey().equals(
certificate2.getPublicKey()));
}
/// <summary>
/// Issue a certificate for subIdentityName signed by issuer. If the identity
/// does not exist, it is created. A new key is generated as the default key
/// for the identity. A default certificate for the key is signed by the
/// issuer using its default certificate.
/// </summary>
///
/// <param name="subIdentityName">The name to issue the certificate for.</param>
/// <param name="issuer">The identity of the signer.</param>
/// <param name="params"></param>
/// <returns>The sub identity.</returns>
internal PibIdentity addSubCertificate(Name subIdentityName, PibIdentity issuer,
KeyParams paras)
{
PibIdentity subIdentity = addIdentity(subIdentityName, paras);
CertificateV2 request = subIdentity.getDefaultKey()
.getDefaultCertificate();
request.setName(request.getKeyName().append("parent").appendVersion(1));
SigningInfo certificateParams = new SigningInfo(issuer);
// Validity period of 20 years.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
certificateParams.setValidityPeriod(new ValidityPeriod(now, now + 20
* 365 * 24 * 3600 * 1000.0d));
// Skip the AdditionalDescription.
keyChain_.sign(request, certificateParams);
keyChain_.setDefaultCertificate(subIdentity.getDefaultKey(), request);
return(subIdentity);
}
/// <summary>
/// Add the certificate. If a certificate with the same name (without implicit
/// digest) already exists, then overwrite the certificate. If the key or
/// identity does not exist, they will be created. If no default certificate
/// for the key has been set, then set the added certificate as the default for
/// the key. If no default key was set for the identity, it will be set as the
/// default key for the identity. If no default identity was selected, the
/// certificate's identity becomes the default.
/// </summary>
///
/// <param name="certificate">The certificate to add. This copies the object.</param>
/// <exception cref="PibImpl.Error">for a non-semantic (database access) error.</exception>
public override void addCertificate(CertificateV2 certificate)
{
// Ensure the key exists.
Blob content = certificate.getContent();
addKey(certificate.getIdentity(), certificate.getKeyName(),
content.buf());
if (!hasCertificate(certificate.getName()))
{
try {
PreparedStatement statement = database_
.prepareStatement(net.named_data.jndn.security.pib.PibSqlite3Base.INSERT_addCertificate);
statement.setBytes(1, certificate.getKeyName().wireEncode()
.getImmutableArray());
statement.setBytes(2, certificate.getName().wireEncode()
.getImmutableArray());
statement.setBytes(3, certificate.wireEncode()
.getImmutableArray());
try {
statement.executeUpdate();
} finally {
statement.close();
}
} catch (SQLException exception) {
throw new PibImpl.Error("PibSqlite3: SQLite error: "
+ exception);
}
}
else
{
try {
PreparedStatement statement_0 = database_
.prepareStatement(net.named_data.jndn.security.pib.PibSqlite3Base.UPDATE_addCertificate);
statement_0.setBytes(1, certificate.wireEncode()
.getImmutableArray());
statement_0.setBytes(2, certificate.getName().wireEncode()
.getImmutableArray());
try {
statement_0.executeUpdate();
} finally {
statement_0.close();
}
} catch (SQLException exception_1) {
throw new PibImpl.Error("PibSqlite3: SQLite error: "
+ exception_1);
}
}
if (!hasDefaultCertificateOfKey(certificate.getKeyName()))
{
try {
setDefaultCertificateOfKey(certificate.getKeyName(),
certificate.getName());
} catch (Pib.Error ex) {
throw new PibImpl.Error(
"PibSqlite3: Error setting the default certificate: "
+ ex);
}
}
}
