public void Perform()
{
if (_repackOptions.KeyContainer != null || (_repackOptions.KeyFile != null && File.Exists(_repackOptions.KeyFile)))
{
var publicKey = default(byte[]);
if (_repackOptions.KeyContainer != null)
{
StrongNameKeyPair snkp = new StrongNameKeyPair(_repackOptions.KeyContainer);
publicKey = snkp.PublicKey;
if (!_repackOptions.DelaySign)
{
KeyInfo = new SigningInfo(snkp);
}
}
else if (_repackOptions.KeyFile != null && File.Exists(_repackOptions.KeyFile))
{
var keyFileContents = File.ReadAllBytes(_repackOptions.KeyFile);
publicKey = CryptoService.GetPublicKey(new WriterParameters {
StrongNameKeyBlob = keyFileContents
});
if (!_repackOptions.DelaySign)
{
KeyInfo = new SigningInfo(keyFileContents);
}
}
_repackContext.TargetAssemblyDefinition.Name.PublicKey = publicKey;
_repackContext.TargetAssemblyDefinition.Name.Attributes |= AssemblyAttributes.PublicKey;
_repackContext.TargetAssemblyMainModule.Attributes |= ModuleAttributes.StrongNameSigned;
}
else
{
_repackContext.TargetAssemblyDefinition.Name.PublicKey = null;
_repackContext.TargetAssemblyMainModule.Attributes &= ~ModuleAttributes.StrongNameSigned;
}
}
public void testExpiredCertificate()
{
// Copy the default certificate.
Data expiredCertificate_0 = new Data(fixture_.subIdentity_
.getDefaultKey().getDefaultCertificate());
SigningInfo info = new SigningInfo(fixture_.identity_);
// Validity period from 2 hours ago do 1 hour ago.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
info.setValidityPeriod(new ValidityPeriod(now - 2 * 3600 * 1000,
now - 3600 * 1000.0d));
fixture_.keyChain_.sign(expiredCertificate_0, info);
try {
new CertificateV2(expiredCertificate_0).wireEncode();
} catch (Exception ex) {
Assert.Fail("Unexpected exception: " + ex.Message);
}
ValidatorFixture.TestFace.ProcessInterest originalProcessInterest_1 = fixture_.face_.processInterest_;
fixture_.face_.processInterest_ = new TestValidator.Anonymous_C1(originalProcessInterest_1, expiredCertificate_0);
Data data = new Data(new Name(
"/Security/V2/ValidatorFixture/Sub1/Sub2/Data"));
fixture_.keyChain_.sign(data, new SigningInfo(fixture_.subIdentity_));
validateExpectFailure(data, "Signed by an expired certificate");
Assert.AssertEquals(1, fixture_.face_.sentInterests_.Count);
}
public void testFromString()
{
SigningInfo infoDefault = new SigningInfo("");
Assert.AssertEquals(net.named_data.jndn.security.SigningInfo.SignerType.NULL, infoDefault.getSignerType());
Assert.AssertTrue(new Name().equals(infoDefault.getSignerName()));
Assert.AssertEquals(net.named_data.jndn.security.DigestAlgorithm.SHA256, infoDefault.getDigestAlgorithm());
SigningInfo infoId = new SigningInfo("id:/my-identity");
Assert.AssertEquals(net.named_data.jndn.security.SigningInfo.SignerType.ID, infoId.getSignerType());
Assert.AssertTrue(new Name("/my-identity").equals(infoId.getSignerName()));
Assert.AssertEquals(net.named_data.jndn.security.DigestAlgorithm.SHA256, infoId.getDigestAlgorithm());
SigningInfo infoKey = new SigningInfo("key:/my-key");
Assert.AssertEquals(net.named_data.jndn.security.SigningInfo.SignerType.KEY, infoKey.getSignerType());
Assert.AssertTrue(new Name("/my-key").equals(infoKey.getSignerName()));
Assert.AssertEquals(net.named_data.jndn.security.DigestAlgorithm.SHA256, infoKey.getDigestAlgorithm());
SigningInfo infoCert = new SigningInfo("cert:/my-cert");
Assert.AssertEquals(net.named_data.jndn.security.SigningInfo.SignerType.CERT, infoCert.getSignerType());
Assert.AssertTrue(new Name("/my-cert").equals(infoCert.getSignerName()));
Assert.AssertEquals(net.named_data.jndn.security.DigestAlgorithm.SHA256, infoCert.getDigestAlgorithm());
SigningInfo infoSha = new SigningInfo(
"id:/localhost/identity/digest-sha256");
Assert.AssertEquals(net.named_data.jndn.security.SigningInfo.SignerType.SHA256, infoSha.getSignerType());
Assert.AssertTrue(new Name().equals(infoSha.getSignerName()));
Assert.AssertEquals(net.named_data.jndn.security.DigestAlgorithm.SHA256, infoSha.getDigestAlgorithm());
}
/// <summary>
/// Add a self-signed certificate made from the key and issuer ID.
/// </summary>
///
/// <param name="key">The key for the certificate.</param>
/// <param name="issuerId">The issuer ID name component for the certificate name.</param>
/// <returns>The new certificate.</returns>
internal CertificateV2 addCertificate(PibKey key, String issuerId)
{
Name certificateName = new Name(key.getName());
certificateName.append(issuerId).appendVersion(3);
CertificateV2 certificate = new CertificateV2();
certificate.setName(certificateName);
// Set the MetaInfo.
certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY);
// One hour.
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0);
// Set the content.
certificate.setContent(key.getPublicKey());
SigningInfo paras = new SigningInfo(key);
// Validity period of 10 days.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
paras.setValidityPeriod(new ValidityPeriod(now, now + 10 * 24 * 3600
* 1000.0d));
keyChain_.sign(certificate, paras);
return(certificate);
}
public BuildMains(WIXSharpProject project)
{
SignInstaller = project.GetSignInstaller();
Options = project.GetOptions();
bootstrapper = new BuildBootstrapperCode(project);
AppInfo = project.GetApplication();
}
public BuildMains(SigningInfo signinstaller, SetupOptions options, BuildBootstrapperCode bootstrap, ApplicationInfo appinfo)
{
SignInstaller = signinstaller;
Options = options;
bootstrapper = bootstrap;
AppInfo = appinfo;
}
public static SigningInfo GetSignInfo(HttpRequest currentRequest)
{
var signingInfo = new SigningInfo();
signingInfo.customerOrg = currentRequest.Params["CustomerOrg"];
signingInfo.authMetod = Convert.ToInt32(currentRequest.Params["Authmetod"]);
signingInfo.notifyMe = Convert.ToBoolean(currentRequest.Params["NotifyMe"]);
signingInfo.senderMail = currentRequest.Params["SenderEmail"];
signingInfo.LCID = Convert.ToInt32(currentRequest.Params["lcid"]);
signingInfo.signMethod = Convert.ToInt32(currentRequest.Params["SigningMetod"]);
signingInfo.SendSMS = Convert.ToBoolean(currentRequest.Params["SendSMS"]);
signingInfo.SMSText = currentRequest.Params["SMSText"];
signingInfo.isInk = Convert.ToBoolean(currentRequest.Params["Ink"]);
signingInfo.signingMetodText = "ink";
if (!string.IsNullOrWhiteSpace(currentRequest.Params["Daystolive"]))
{
signingInfo.daysToLive = Convert.ToInt32(currentRequest.Params["Daystolive"]);
}
else
{
signingInfo.daysToLive = 60;
}
return(signingInfo);
}
public void testBasic()
{
Name identityName = new Name("/my-identity");
Name keyName = new Name("/my-key");
Name certificateName = new Name("/my-cert");
SigningInfo info = new SigningInfo();
Assert.AssertEquals(net.named_data.jndn.security.SigningInfo.SignerType.NULL, info.getSignerType());
Assert.AssertTrue(new Name().equals(info.getSignerName()));
Assert.AssertEquals(net.named_data.jndn.security.DigestAlgorithm.SHA256, info.getDigestAlgorithm());
info.setSigningIdentity(identityName);
Assert.AssertEquals(net.named_data.jndn.security.SigningInfo.SignerType.ID, info.getSignerType());
Assert.AssertTrue(identityName.equals(info.getSignerName()));
Assert.AssertEquals(net.named_data.jndn.security.DigestAlgorithm.SHA256, info.getDigestAlgorithm());
SigningInfo infoId = new SigningInfo(net.named_data.jndn.security.SigningInfo.SignerType.ID,
identityName);
Assert.AssertEquals(net.named_data.jndn.security.SigningInfo.SignerType.ID, infoId.getSignerType());
Assert.AssertTrue(identityName.equals(infoId.getSignerName()));
Assert.AssertEquals(net.named_data.jndn.security.DigestAlgorithm.SHA256, infoId.getDigestAlgorithm());
info.setSigningKeyName(keyName);
Assert.AssertEquals(net.named_data.jndn.security.SigningInfo.SignerType.KEY, info.getSignerType());
Assert.AssertTrue(keyName.equals(info.getSignerName()));
Assert.AssertEquals(net.named_data.jndn.security.DigestAlgorithm.SHA256, info.getDigestAlgorithm());
SigningInfo infoKey = new SigningInfo(net.named_data.jndn.security.SigningInfo.SignerType.KEY,
keyName);
Assert.AssertEquals(net.named_data.jndn.security.SigningInfo.SignerType.KEY, infoKey.getSignerType());
Assert.AssertTrue(keyName.equals(infoKey.getSignerName()));
Assert.AssertEquals(net.named_data.jndn.security.DigestAlgorithm.SHA256, infoKey.getDigestAlgorithm());
info.setSigningCertificateName(certificateName);
Assert.AssertEquals(net.named_data.jndn.security.SigningInfo.SignerType.CERT, info.getSignerType());
Assert.AssertTrue(certificateName.equals(info.getSignerName()));
Assert.AssertEquals(net.named_data.jndn.security.DigestAlgorithm.SHA256, info.getDigestAlgorithm());
SigningInfo infoCert = new SigningInfo(net.named_data.jndn.security.SigningInfo.SignerType.CERT,
certificateName);
Assert.AssertEquals(net.named_data.jndn.security.SigningInfo.SignerType.CERT, infoCert.getSignerType());
Assert.AssertTrue(certificateName.equals(infoCert.getSignerName()));
Assert.AssertEquals(net.named_data.jndn.security.DigestAlgorithm.SHA256, infoCert.getDigestAlgorithm());
info.setSha256Signing();
Assert.AssertEquals(net.named_data.jndn.security.SigningInfo.SignerType.SHA256, info.getSignerType());
Assert.AssertTrue(new Name().equals(info.getSignerName()));
Assert.AssertEquals(net.named_data.jndn.security.DigestAlgorithm.SHA256, info.getDigestAlgorithm());
SigningInfo infoSha256 = new SigningInfo(net.named_data.jndn.security.SigningInfo.SignerType.SHA256);
Assert.AssertEquals(net.named_data.jndn.security.SigningInfo.SignerType.SHA256, infoSha256.getSignerType());
Assert.AssertTrue(new Name().equals(infoSha256.getSignerName()));
Assert.AssertEquals(net.named_data.jndn.security.DigestAlgorithm.SHA256, infoSha256.getDigestAlgorithm());
}
public void testChaining()
{
SigningInfo info = new SigningInfo()
.setSigningIdentity(new Name("/identity"))
.setSigningKeyName(new Name("/key/name"))
.setSigningCertificateName(new Name("/cert/name"))
.setPibIdentity(null).setPibKey(null).setSha256Signing()
.setDigestAlgorithm(net.named_data.jndn.security.DigestAlgorithm.SHA256);
Assert.AssertEquals("id:/localhost/identity/digest-sha256", "" + info);
}
/// <summary>
/// Serializes this instance of <see cref="SslKey" /> into a <see cref="Carbon.Json.JsonNode" />.
/// </summary>
/// <param name="container">The <see cref="Carbon.Json.JsonObject"/> container to serialize this object into. If the caller
/// passes in <c>null</c>, a new instance will be created and returned to the caller.</param>
/// <param name="serializationMode">Allows the caller to choose the depth of the serialization. See <see cref="Microsoft.Rest.ClientRuntime.SerializationMode"/>.</param>
/// <returns>
/// a serialized instance of <see cref="SslKey" /> as a <see cref="Carbon.Json.JsonNode" />.
/// </returns>
public Carbon.Json.JsonNode ToJson(Carbon.Json.JsonObject container, Microsoft.Rest.ClientRuntime.SerializationMode serializationMode)
{
container = container ?? new Carbon.Json.JsonObject();
bool returnNow = false;
BeforeToJson(ref container, ref returnNow);
if (returnNow)
{
return(container);
}
AddIf(null != ExpireDatetime ? (Carbon.Json.JsonNode) new Carbon.Json.JsonString(ExpireDatetime?.ToString(@"yyyy'-'MM'-'dd'T'HH':'mm':'ss.fffffffK", System.Globalization.CultureInfo.InvariantCulture)) : null, "expire_datetime", container.Add);
AddIf(null != KeyName ? (Carbon.Json.JsonNode) new Carbon.Json.JsonString(KeyName) : null, "key_name", container.Add);
AddIf(null != KeyType ? (Carbon.Json.JsonNode) new Carbon.Json.JsonString(KeyType) : null, "key_type", container.Add);
AddIf(null != SigningInfo ? (Carbon.Json.JsonNode)SigningInfo.ToJson(null) : null, "signing_info", container.Add);
AfterToJson(ref container);
return(container);
}
internal void makeCertificate(PibKey key, PibKey signer)
{
// Copy the default certificate.
CertificateV2 request = new CertificateV2(key.getDefaultCertificate());
request.setName(new Name(key.getName()).append("looper").appendVersion(
1));
// Set SigningInfo.
SigningInfo // Set SigningInfo.
paras = new SigningInfo(signer);
// Validity period from 100 days before to 100 days after now.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
paras.setValidityPeriod(new ValidityPeriod(now - 100 * 24 * 3600
* 1000.0d, now + 100 * 24 * 3600 * 1000.0d));
fixture_.keyChain_.sign(request, paras);
fixture_.keyChain_.addCertificate(key, request);
fixture_.cache_.insert(request);
}
public void processInterest(Interest interest, OnData onData,
OnTimeout onTimeout, OnNetworkNack onNetworkNack)
{
try {
// Create another key for the same identity and sign it properly.
PibKey parentKey = outer_TestValidator.fixture_.keyChain_
.createKey(outer_TestValidator.fixture_.subIdentity_);
PibKey requestedKey = outer_TestValidator.fixture_.subIdentity_.getKey(interest
.getName());
// Copy the Name.
Name certificateName = new Name(requestedKey.getName());
certificateName.append("looper").appendVersion(1);
CertificateV2 certificate = new CertificateV2();
certificate.setName(certificateName);
// Set the MetaInfo.
certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY);
// Set the freshness period to one hour.
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);
// Set the content.
certificate.setContent(requestedKey.getPublicKey());
// Set SigningInfo.
SigningInfo // Set SigningInfo.
paras = new SigningInfo(parentKey);
// Validity period from 10 days before to 10 days after now.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
paras.setValidityPeriod(new ValidityPeriod(now - 10 * 24
* 3600 * 1000.0d, now + 10 * 24 * 3600 * 1000.0d));
outer_TestValidator.fixture_.keyChain_.sign(certificate, paras);
onData.onData(interest, certificate);
} catch (Exception ex) {
Assert.Fail("Error in InfiniteCertificateChain: " + ex);
}
}
/// <summary>
/// Create an EncryptorV2 with the given parameters. This uses the face to
/// register to receive Interests for the prefix {ckPrefix}/CK.
/// </summary>
///
/// <param name="accessPrefix"></param>
/// <param name="ckPrefix"></param>
/// <param name="ckDataSigningInfo"></param>
/// <param name="onError_0">onError.onError(errorCode, message) where errorCode is from the EncryptError.ErrorCode enum, and message is an error string. The encrypt method will continue trying to retrieve the KEK until success (with each attempt separated by RETRY_DELAY_KEK_RETRIEVAL_MS) and onError may be called multiple times. NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.</param>
/// <param name="validator">The validation policy to ensure correctness of the KEK.</param>
/// <param name="keyChain">The KeyChain used to sign Data packets.</param>
/// <param name="face">The Face that will be used to fetch the KEK and publish CK data.</param>
public EncryptorV2(Name accessPrefix, Name ckPrefix,
SigningInfo ckDataSigningInfo, net.named_data.jndn.encrypt.EncryptError.OnError onError_0,
Validator validator, KeyChain keyChain, Face face)
{
this.kekData_ = null;
this.storage_ = new InMemoryStorageRetaining();
this.kekPendingInterestId_ = 0;
// Copy the Name.
accessPrefix_ = new Name(accessPrefix);
ckPrefix_ = new Name(ckPrefix);
ckBits_ = new byte[AES_KEY_SIZE];
ckDataSigningInfo_ = new SigningInfo(ckDataSigningInfo);
isKekRetrievalInProgress_ = false;
onError_ = onError_0;
keyChain_ = keyChain;
face_ = face;
regenerateCk();
ckRegisteredPrefixId_ = face_.registerPrefix(
new Name(ckPrefix).append(NAME_COMPONENT_CK),
new EncryptorV2.Anonymous_C6(this), new EncryptorV2.Anonymous_C5());
}
/// <summary>
/// Issue a certificate for subIdentityName signed by issuer. If the identity
/// does not exist, it is created. A new key is generated as the default key
/// for the identity. A default certificate for the key is signed by the
/// issuer using its default certificate.
/// </summary>
///
/// <param name="subIdentityName">The name to issue the certificate for.</param>
/// <param name="issuer">The identity of the signer.</param>
/// <param name="params"></param>
/// <returns>The sub identity.</returns>
internal PibIdentity addSubCertificate(Name subIdentityName, PibIdentity issuer,
KeyParams paras)
{
PibIdentity subIdentity = addIdentity(subIdentityName, paras);
CertificateV2 request = subIdentity.getDefaultKey()
.getDefaultCertificate();
request.setName(request.getKeyName().append("parent").appendVersion(1));
SigningInfo certificateParams = new SigningInfo(issuer);
// Validity period of 20 years.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
certificateParams.setValidityPeriod(new ValidityPeriod(now, now + 20
* 365 * 24 * 3600 * 1000.0d));
// Skip the AdditionalDescription.
keyChain_.sign(request, certificateParams);
keyChain_.setDefaultCertificate(subIdentity.getDefaultKey(), request);
return(subIdentity);
}
public BuildBootstrapperCode(WIXSharpProject project)
{
application = project.GetApplication();
Options = project.GetOptions();
SignInstaller = project.GetSignInstaller();
}
public BuildBootstrapperCode(ApplicationInfo app, SetupOptions options, SigningInfo sinstaller)
{
application = app;
Options = options;
SignInstaller = sinstaller;
}
public void testRefresh10s()
{
StringBuilder encodedData = new StringBuilder();
TextReader dataFile = new FileReader(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName, "testData")).FullName);
// Use "try/finally instead of "try-with-resources" or "using"
// which are not supported before Java 7.
try {
String line;
while ((line = dataFile.readLine()) != null)
{
encodedData.append(line);
}
} finally {
dataFile.close();
}
byte[] decodedData = net.named_data.jndn.util.Common.base64Decode(encodedData.toString());
Data data = new Data();
data.wireDecode(new Blob(decodedData, false));
// This test is needed, since the KeyChain will express interests in unknown
// certificates.
VerificationResult vr = doVerify(policyManager_, data);
Assert.AssertTrue(
"ConfigPolicyManager did not create ValidationRequest for unknown certificate",
vr.hasFurtherSteps_);
Assert.AssertEquals(
"ConfigPolicyManager called success callback with pending ValidationRequest",
0, vr.successCount_);
Assert.AssertEquals(
"ConfigPolicyManager called failure callback with pending ValidationRequest",
0, vr.failureCount_);
// Now save the cert data to our anchor directory, and wait.
// We have to sign it with the current identity or the policy manager will
// create an interest for the signing certificate.
CertificateV2 cert = new CertificateV2();
byte[] certData = net.named_data.jndn.util.Common.base64Decode(CERT_DUMP);
cert.wireDecode(new Blob(certData, false));
SigningInfo signingInfo = new SigningInfo();
signingInfo.setSigningIdentity(identityName_);
// Make sure the validity period is current for two years.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
signingInfo.setValidityPeriod(new ValidityPeriod(now, now + 2 * 365
* 24 * 3600 * 1000.0d));
keyChain_.sign(cert, signingInfo);
Blob signedCertBlob = cert.wireEncode();
String encodedCert = net.named_data.jndn.util.Common.base64Encode(signedCertBlob
.getImmutableArray());
var certFile = (new StreamWriter(
testCertFile_.FullName));
try {
certFile.Write(encodedCert, 0, encodedCert.Substring(0, encodedCert.Length));
certFile.flush();
} finally {
certFile.close();
}
// Still too early for refresh to pick it up.
vr = doVerify(policyManager_, data);
Assert.AssertTrue("ConfigPolicyManager refresh occured sooner than specified",
vr.hasFurtherSteps_);
Assert.AssertEquals(
"ConfigPolicyManager called success callback with pending ValidationRequest",
0, vr.successCount_);
Assert.AssertEquals(
"ConfigPolicyManager called failure callback with pending ValidationRequest",
0, vr.failureCount_);
ILOG.J2CsMapping.Threading.ThreadWrapper.sleep(6000);
// Now we should find it.
vr = doVerify(policyManager_, data);
Assert.AssertFalse("ConfigPolicyManager did not refresh certificate store",
vr.hasFurtherSteps_);
Assert.AssertEquals("Verification success called " + vr.successCount_
+ " times instead of 1", 1, vr.successCount_);
Assert.AssertEquals("ConfigPolicyManager did not verify valid signed data", 0,
vr.failureCount_);
}
