/// <summary>
/// Fetch a certificate from the cache.
/// </summary>
///
/// <param name="certificateName"></param>
/// <returns>A new copy of the IdentityCertificate, or null if not found.</returns>
public IdentityCertificate getCertificate(Name certificateName)
{
Blob certData = (Blob) ILOG.J2CsMapping.Collections.Collections.Get(cache_,certificateName.toUri());
if (certData == null)
return null;
IdentityCertificate cert = new IdentityCertificate();
try {
cert.wireDecode(certData.buf());
} catch (EncodingException ex) {
ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(CertificateCache).FullName).log(
ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null, ex);
throw new Exception(ex.Message);
}
return cert;
}
/// <summary>
/// Get a certificate from the identity storage.
/// </summary>
///
/// <param name="certificateName">The name of the requested certificate.</param>
/// <returns>The requested certificate.</returns>
/// <exception cref="System.Security.SecurityException">if the certificate doesn't exist.</exception>
public override IdentityCertificate getCertificate(Name certificateName)
{
Blob certificateDer = (Blob) ILOG.J2CsMapping.Collections.Collections.Get(certificateStore_,certificateName
.toUri());
if (certificateDer == null)
throw new SecurityException(
"MemoryIdentityStorage::getKey: The certificate does not exist");
IdentityCertificate certificate = new IdentityCertificate();
try {
certificate.wireDecode(certificateDer);
} catch (EncodingException ex) {
throw new SecurityException(
"MemoryIdentityStorage::getKey: The certificate cannot be decoded");
}
return certificate;
}
public static IdentityCertificate loadIdentityCertificateFromFile(
String filename)
{
StringBuilder encodedData = new StringBuilder();
try {
TextReader certFile = new FileReader(
filename);
// Use "try/finally instead of "try-with-resources" or "using"
// which are not supported before Java 7.
try {
String line;
while ((line = certFile.readLine()) != null)
encodedData.append(line);
} finally {
certFile.close();
}
} catch (FileNotFoundException ex) {
throw new SecurityException(
"Can't find IdentityCertificate file " + filename
+ ": " + ex.Message);
} catch (IOException ex_0) {
throw new SecurityException(
"Error reading IdentityCertificate file " + filename
+ ": " + ex_0.Message);
}
byte[] decodedData = net.named_data.jndn.util.Common.base64Decode(encodedData.toString());
IdentityCertificate cert = new IdentityCertificate();
try {
cert.wireDecode(new Blob(decodedData, false));
} catch (EncodingException ex_1) {
throw new SecurityException(
"Can't decode the IdentityCertificate from file "
+ filename + ": " + ex_1.Message);
}
return cert;
}
/// <summary>
/// This looks up certificates specified as base64-encoded data or file names.
/// These are cached by filename or encoding to avoid repeated reading of files
/// or decoding.
/// </summary>
///
/// <param name="certID"></param>
/// <param name="isPath"></param>
/// <returns>The certificate object.</returns>
private IdentityCertificate lookupCertificate(String certID, bool isPath)
{
IdentityCertificate cert;
if (!fixedCertificateCache_.Contains(certID)) {
if (isPath)
// Load the certificate data (base64 encoded IdentityCertificate)
cert = net.named_data.jndn.security.policy.ConfigPolicyManager.TrustAnchorRefreshManager
.loadIdentityCertificateFromFile(certID);
else {
byte[] certData = net.named_data.jndn.util.Common.base64Decode(certID);
cert = new IdentityCertificate();
try {
cert.wireDecode(new Blob(certData, false));
} catch (EncodingException ex) {
throw new SecurityException(
"Cannot base64 decode the cert data: "
+ ex.Message);
}
}
String certUri = cert.getName().getPrefix(-1).toUri();
ILOG.J2CsMapping.Collections.Collections.Put(fixedCertificateCache_,certID,certUri);
certificateCache_.insertCertificate(cert);
} else
cert = certificateCache_.getCertificate(new Name(
(String) ILOG.J2CsMapping.Collections.Collections.Get(fixedCertificateCache_,certID)));
return cert;
}
public void testRefresh10s()
{
StringBuilder encodedData = new StringBuilder();
TextReader dataFile = new System.IO.StreamReader(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName,"testData")).OpenWrite());
// Use "try/finally instead of "try-with-resources" or "using"
// which are not supported before Java 7.
try {
String line;
while ((line = dataFile.readLine()) != null)
encodedData.append(line);
} finally {
dataFile.close();
}
byte[] decodedData = net.named_data.jndn.util.Common.base64Decode(encodedData.toString());
Data data = new Data();
data.wireDecode(new Blob(decodedData, false));
// This test is needed, since the KeyChain will express interests in unknown
// certificates.
VerificationResult vr = doVerify(policyManager_, data);
AssertTrue(
"ConfigPolicyManager did not create ValidationRequest for unknown certificate",
vr.hasFurtherSteps_);
AssertEquals(
"ConfigPolicyManager called success callback with pending ValidationRequest",
0, vr.successCount_);
AssertEquals(
"ConfigPolicyManager called failure callback with pending ValidationRequest",
0, vr.failureCount_);
// Now save the cert data to our anchor directory, and wait.
// We have to sign it with the current identity or the policy manager will
// create an interest for the signing certificate.
IdentityCertificate cert = new IdentityCertificate();
byte[] certData = net.named_data.jndn.util.Common.base64Decode(CERT_DUMP);
cert.wireDecode(new Blob(certData, false));
keyChain_.signByIdentity(cert, identityName_);
Blob signedCertBlob = cert.wireEncode();
String encodedCert = net.named_data.jndn.util.Common.base64Encode(signedCertBlob
.getImmutableArray());
BufferedStream certFile = new BufferedStream(new System.IO.StreamWriter(testCertFile_.OpenRead()));
try {
certFile.Write(encodedCert,0,encodedCert.Substring(0,encodedCert.Length));
certFile.flush();
} finally {
certFile.close();
}
// Still too early for refresh to pick it up.
vr = doVerify(policyManager_, data);
AssertTrue("ConfigPolicyManager refresh occured sooner than specified",
vr.hasFurtherSteps_);
AssertEquals(
"ConfigPolicyManager called success callback with pending ValidationRequest",
0, vr.successCount_);
AssertEquals(
"ConfigPolicyManager called failure callback with pending ValidationRequest",
0, vr.failureCount_);
ILOG.J2CsMapping.Threading.ThreadWrapper.sleep(6000);
// Now we should find it.
vr = doVerify(policyManager_, data);
AssertFalse("ConfigPolicyManager did not refresh certificate store",
vr.hasFurtherSteps_);
AssertEquals("Verification success called " + vr.successCount_
+ " times instead of 1", 1, vr.successCount_);
AssertEquals("ConfigPolicyManager did not verify valid signed data", 0,
vr.failureCount_);
}
public void testCreateDKeyData()
{
// Create the group manager.
GroupManager manager = new GroupManager(new Name("Alice"), new Name(
"data_type"), new Sqlite3GroupManagerDb(
System.IO.Path.GetFullPath(dKeyDatabaseFilePath.Name)), 2048, 1, keyChain);
Blob newCertificateBlob = certificate.wireEncode();
IdentityCertificate newCertificate = new IdentityCertificate();
newCertificate.wireDecode(newCertificateBlob);
// Encrypt the D-KEY.
Data data = friendAccess.createDKeyData(manager, "20150825T000000",
"20150827T000000", new Name("/ndn/memberA/KEY"),
decryptKeyBlob, newCertificate.getPublicKeyInfo().getKeyDer());
// Verify the encrypted D-KEY.
Blob dataContent = data.getContent();
// Get the nonce key.
// dataContent is a sequence of the two EncryptedContent.
EncryptedContent encryptedNonce = new EncryptedContent();
encryptedNonce.wireDecode(dataContent);
AssertEquals(0, encryptedNonce.getInitialVector().size());
AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep,
encryptedNonce.getAlgorithmType());
Blob blobNonce = encryptedNonce.getPayload();
EncryptParams decryptParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep);
Blob nonce = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(decryptKeyBlob, blobNonce,
decryptParams);
// Get the D-KEY.
// Use the size of encryptedNonce to find the start of encryptedPayload.
ByteBuffer payloadContent = dataContent.buf().duplicate();
payloadContent.position(encryptedNonce.wireEncode().size());
EncryptedContent encryptedPayload = new EncryptedContent();
encryptedPayload.wireDecode(payloadContent);
AssertEquals(16, encryptedPayload.getInitialVector().size());
AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc,
encryptedPayload.getAlgorithmType());
decryptParams.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc);
decryptParams.setInitialVector(encryptedPayload.getInitialVector());
Blob blobPayload = encryptedPayload.getPayload();
Blob largePayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(nonce, blobPayload,
decryptParams);
AssertTrue(largePayload.equals(decryptKeyBlob));
}
/// <summary>
/// Get a certificate from the identity storage.
/// </summary>
///
/// <param name="certificateName">The name of the requested certificate.</param>
/// <returns>The requested certificate.</returns>
/// <exception cref="System.Security.SecurityException">if the certificate doesn't exist.</exception>
public override sealed IdentityCertificate getCertificate(Name certificateName)
{
try {
PreparedStatement statement;
statement = database_.prepareStatement(net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.SELECT_getCertificate);
statement.setString(1, certificateName.toUri());
IdentityCertificate certificate = new IdentityCertificate();
try {
SqlDataReader result = statement.executeQuery();
if (result.NextResult()) {
try {
certificate.wireDecode(new Blob(result
.getBytes("certificate_data"), false));
} catch (EncodingException ex) {
throw new SecurityException(
"BasicIdentityStorage: Error decoding certificate data: "
+ ex);
}
} else
throw new SecurityException(
"BasicIdentityStorage::getKey: The key certificate not exist");
} finally {
statement.close();
}
return certificate;
} catch (SQLException exception) {
throw new SecurityException("BasicIdentityStorage: SQLite error: "
+ exception);
}
}