/// <summary>
/// Create a new SignedBlob as a copy of the given signedBlob.
/// </summary>
///
/// <param name="signedBlob">The SignedBlob to copy.</param>
public SignedBlob(SignedBlob signedBlob)
: base(signedBlob.buf(), false)
{
signedPortionBeginOffset_ = signedBlob.signedPortionBeginOffset_;
signedPortionEndOffset_ = signedBlob.signedPortionEndOffset_;
setSignedBuffer();
}
/// <summary>
/// Create a new Data object with default values and where the signature is a
/// blank Sha256WithRsaSignature.
/// </summary>
///
public Data()
{
this.signature_ = new ChangeCounter(
new Sha256WithRsaSignature());
this.name_ = new ChangeCounter(new Name());
this.metaInfo_ = new ChangeCounter(new MetaInfo());
this.content_ = new Blob();
this.lpPacket_ = null;
this.defaultWireEncoding_ = new SignedBlob();
this.defaultFullName_ = new Name();
this.getDefaultWireEncodingChangeCount_ = 0;
this.changeCount_ = 0;
}
/// <summary>
/// Check the type of signatureInfo to get the KeyLocator. Look in the
/// IdentityStorage for the public key with the name in the KeyLocator (if
/// available) and use it to verify the signedBlob. If the public key can't be
/// found, return false. (This is a generalized method which can verify both a
/// Data packet and an interest.)
/// </summary>
///
/// <param name="signatureInfo"></param>
/// <param name="signedBlob">the SignedBlob with the signed portion to verify.</param>
/// <param name="failureReason"></param>
/// <returns>True if the signature is verified, false if failed.</returns>
private bool verify(Signature signatureInfo, SignedBlob signedBlob,
String[] failureReason)
{
Blob publicKeyDer = null;
if (net.named_data.jndn.KeyLocator.canGetFromSignature(signatureInfo)) {
publicKeyDer = getPublicKeyDer(
net.named_data.jndn.KeyLocator.getFromSignature(signatureInfo), failureReason);
if (publicKeyDer.isNull())
return false;
}
if (net.named_data.jndn.security.policy.PolicyManager.verifySignature(signatureInfo, signedBlob, publicKeyDer))
return true;
else {
failureReason[0] = "The signature did not verify with the given public key";
return false;
}
}
/// <summary>
/// Check the type of signature and use the publicKeyDer to verify the
/// signedBlob using the appropriate signature algorithm.
/// </summary>
///
/// <param name="signature"></param>
/// <param name="signedBlob">the SignedBlob with the signed portion to verify.</param>
/// <param name="publicKeyDer"></param>
/// <returns>True if the signature is verified, false if failed.</returns>
/// <exception cref="System.Security.SecurityException">if the signature type is not recognized or ifpublicKeyDer can't be decoded.</exception>
protected internal static bool verifySignature(
net.named_data.jndn.Signature signature, SignedBlob signedBlob,
Blob publicKeyDer)
{
if (signature is Sha256WithRsaSignature) {
if (publicKeyDer.isNull())
return false;
return verifySha256WithRsaSignature(signature.getSignature(),
signedBlob, publicKeyDer);
} else if (signature is Sha256WithEcdsaSignature) {
if (publicKeyDer.isNull())
return false;
return verifySha256WithEcdsaSignature(signature.getSignature(),
signedBlob, publicKeyDer);
} else if (signature is DigestSha256Signature)
return verifyDigestSha256Signature(signature.getSignature(),
signedBlob);
else
// We don't expect this to happen.
throw new SecurityException(
"PolicyManager.verify: Signature type is unknown");
}
/// <summary>
/// Verify the RSA signature on the SignedBlob using the given public key.
/// </summary>
///
/// <param name="signature">The signature bits.</param>
/// <param name="signedBlob">the SignedBlob with the signed portion to verify.</param>
/// <param name="publicKeyDer">The DER-encoded public key used to verify the signature.</param>
/// <returns>true if the signature verifies, false if not.</returns>
protected internal static bool verifySha256WithRsaSignature(Blob signature,
SignedBlob signedBlob, Blob publicKeyDer)
{
KeyFactory keyFactory = null;
try {
keyFactory = System.KeyFactory.getInstance("RSA");
} catch (Exception exception) {
// Don't expect this to happen.
throw new SecurityException("RSA is not supported: "
+ exception.Message);
}
System.SecurityPublicKey publicKey = null;
try {
publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(
publicKeyDer.getImmutableArray()));
} catch (InvalidKeySpecException exception_0) {
// Don't expect this to happen.
throw new SecurityException("X509EncodedKeySpec is not supported: "
+ exception_0.Message);
}
System.SecuritySignature rsaSignature = null;
try {
rsaSignature = System.SecuritySignature.getInstance("SHA256withRSA");
} catch (Exception e) {
// Don't expect this to happen.
throw new SecurityException(
"SHA256withRSA algorithm is not supported");
}
try {
rsaSignature.initVerify(publicKey);
} catch (InvalidKeyException exception_1) {
throw new SecurityException("InvalidKeyException: "
+ exception_1.Message);
}
try {
rsaSignature.update(signedBlob.signedBuf());
return rsaSignature.verify(signature.getImmutableArray());
} catch (SignatureException exception_2) {
throw new SecurityException("SignatureException: "
+ exception_2.Message);
}
}
/// <summary>
/// Verify the DigestSha256 signature on the SignedBlob by verifying that the
/// digest of SignedBlob equals the signature.
/// </summary>
///
/// <param name="signature">The signature bits.</param>
/// <param name="signedBlob">the SignedBlob with the signed portion to verify.</param>
/// <returns>true if the signature verifies, false if not.</returns>
protected internal static bool verifyDigestSha256Signature(Blob signature,
SignedBlob signedBlob)
{
// Set signedPortionDigest to the digest of the signed portion of the signedBlob.
byte[] signedPortionDigest = net.named_data.jndn.util.Common
.digestSha256(signedBlob.signedBuf());
return ILOG.J2CsMapping.Collections.Arrays.Equals(signedPortionDigest,signature.getImmutableArray());
}
/// <summary>
/// Create a deep copy of the given data object, including a clone of the
/// signature object.
/// </summary>
///
/// <param name="data">The data object to copy.</param>
public Data(Data data)
{
this.signature_ = new ChangeCounter(
new Sha256WithRsaSignature());
this.name_ = new ChangeCounter(new Name());
this.metaInfo_ = new ChangeCounter(new MetaInfo());
this.content_ = new Blob();
this.lpPacket_ = null;
this.defaultWireEncoding_ = new SignedBlob();
this.defaultFullName_ = new Name();
this.getDefaultWireEncodingChangeCount_ = 0;
this.changeCount_ = 0;
try {
signature_
.set((data.signature_ == null) ? (net.named_data.jndn.util.ChangeCountable) (new Sha256WithRsaSignature())
: (net.named_data.jndn.util.ChangeCountable) ((Signature) data.getSignature().Clone()));
} catch (Exception e) {
// We don't expect this to happen, so just treat it as if we got a null pointer.
throw new NullReferenceException(
"Data.setSignature: unexpected exception in clone(): "
+ e.Message);
}
name_.set(new Name(data.getName()));
metaInfo_.set(new MetaInfo(data.getMetaInfo()));
content_ = data.content_;
setDefaultWireEncoding(data.defaultWireEncoding_, null);
}
/// <summary>
/// Encode this Data for a particular wire format. If wireFormat is the default
/// wire format, also set the defaultWireEncoding field to the encoded result.
/// </summary>
///
/// <param name="wireFormat">A WireFormat object used to encode the input.</param>
/// <returns>The encoded buffer.</returns>
public SignedBlob wireEncode(WireFormat wireFormat)
{
if (!getDefaultWireEncoding().isNull()
&& getDefaultWireEncodingFormat() == wireFormat)
// We already have an encoding in the desired format.
return getDefaultWireEncoding();
int[] signedPortionBeginOffset = new int[1];
int[] signedPortionEndOffset = new int[1];
Blob encoding = wireFormat.encodeData(this, signedPortionBeginOffset,
signedPortionEndOffset);
SignedBlob wireEncoding = new SignedBlob(encoding,
signedPortionBeginOffset[0], signedPortionEndOffset[0]);
if (wireFormat == net.named_data.jndn.encoding.WireFormat.getDefaultWireFormat())
// This is the default wire encoding.
setDefaultWireEncoding(wireEncoding,
net.named_data.jndn.encoding.WireFormat.getDefaultWireFormat());
return wireEncoding;
}
private void setDefaultWireEncoding(SignedBlob defaultWireEncoding,
WireFormat defaultWireEncodingFormat)
{
defaultWireEncoding_ = defaultWireEncoding;
defaultWireEncodingFormat_ = defaultWireEncodingFormat;
// Set getDefaultWireEncodingChangeCount_ so that the next call to
// getDefaultWireEncoding() won't clear defaultWireEncoding_.
getDefaultWireEncodingChangeCount_ = getChangeCount();
}
/// <summary>
/// Return a pointer to the defaultWireEncoding, which was encoded with
/// getDefaultWireEncodingFormat().
/// </summary>
///
/// <returns>The default wire encoding. Its pointer may be null.</returns>
public SignedBlob getDefaultWireEncoding()
{
if (getDefaultWireEncodingChangeCount_ != getChangeCount()) {
// The values have changed, so the default wire encoding is invalidated.
defaultWireEncoding_ = new SignedBlob();
defaultWireEncodingFormat_ = null;
getDefaultWireEncodingChangeCount_ = getChangeCount();
}
return defaultWireEncoding_;
}
/// <summary>
/// Create a new Interest with the given name and interest lifetime and "none"
/// for other values.
/// </summary>
///
/// <param name="name">The name for the interest.</param>
/// <param name="interestLifetimeMilliseconds"></param>
public Interest(Name name, double interestLifetimeMilliseconds)
{
this.name_ = new ChangeCounter(new Name());
this.minSuffixComponents_ = -1;
this.maxSuffixComponents_ = -1;
this.keyLocator_ = new ChangeCounter(
new KeyLocator());
this.exclude_ = new ChangeCounter(new Exclude());
this.childSelector_ = -1;
this.mustBeFresh_ = true;
this.interestLifetimeMilliseconds_ = -1;
this.nonce_ = new Blob();
this.getNonceChangeCount_ = 0;
this.lpPacket_ = null;
this.linkWireEncoding_ = new Blob();
this.linkWireEncodingFormat_ = null;
this.link_ = new ChangeCounter(null);
this.selectedDelegationIndex_ = -1;
this.defaultWireEncoding_ = new SignedBlob();
this.getDefaultWireEncodingChangeCount_ = 0;
this.changeCount_ = 0;
if (name != null)
name_.set(new Name(name));
interestLifetimeMilliseconds_ = interestLifetimeMilliseconds;
}
/// <summary>
/// Create a new interest as a deep copy of the given interest.
/// </summary>
///
/// <param name="interest">The interest to copy.</param>
public Interest(Interest interest)
{
this.name_ = new ChangeCounter(new Name());
this.minSuffixComponents_ = -1;
this.maxSuffixComponents_ = -1;
this.keyLocator_ = new ChangeCounter(
new KeyLocator());
this.exclude_ = new ChangeCounter(new Exclude());
this.childSelector_ = -1;
this.mustBeFresh_ = true;
this.interestLifetimeMilliseconds_ = -1;
this.nonce_ = new Blob();
this.getNonceChangeCount_ = 0;
this.lpPacket_ = null;
this.linkWireEncoding_ = new Blob();
this.linkWireEncodingFormat_ = null;
this.link_ = new ChangeCounter(null);
this.selectedDelegationIndex_ = -1;
this.defaultWireEncoding_ = new SignedBlob();
this.getDefaultWireEncodingChangeCount_ = 0;
this.changeCount_ = 0;
name_.set(new Name(interest.getName()));
minSuffixComponents_ = interest.minSuffixComponents_;
maxSuffixComponents_ = interest.maxSuffixComponents_;
keyLocator_.set(new KeyLocator(interest.getKeyLocator()));
exclude_.set(new Exclude(interest.getExclude()));
childSelector_ = interest.childSelector_;
mustBeFresh_ = interest.mustBeFresh_;
interestLifetimeMilliseconds_ = interest.interestLifetimeMilliseconds_;
nonce_ = interest.getNonce();
linkWireEncoding_ = interest.linkWireEncoding_;
linkWireEncodingFormat_ = interest.linkWireEncodingFormat_;
if (interest.link_.get() != null)
link_.set(new Link((Link) interest.link_.get()));
selectedDelegationIndex_ = interest.selectedDelegationIndex_;
setDefaultWireEncoding(interest.getDefaultWireEncoding(),
interest.defaultWireEncodingFormat_);
}
/// <summary>
/// Create a new SignedBlob as a copy of the given signedBlob.
/// </summary>
///
/// <param name="signedBlob">The SignedBlob to copy.</param>
public SignedBlob(SignedBlob signedBlob) : base(signedBlob.buf(), false)
{
signedPortionBeginOffset_ = signedBlob.signedPortionBeginOffset_;
signedPortionEndOffset_ = signedBlob.signedPortionEndOffset_;
setSignedBuffer();
}
/// <summary>
/// Check the type of signatureInfo to get the KeyLocator. Look in the
/// IdentityStorage for the public key with the name in the KeyLocator and use
/// it to verify the signedBlob. If the public key can't be found, return
/// false. (This is a generalized method which can verify both a Data packet
/// and an interest.)
/// </summary>
///
/// <param name="signatureInfo"></param>
/// <param name="signedBlob">the SignedBlob with the signed portion to verify.</param>
/// <param name="failureReason"></param>
/// <returns>True if the signature verifies, False if not.</returns>
private bool verify(Signature signatureInfo, SignedBlob signedBlob,
String[] failureReason)
{
// We have already checked once that there is a key locator.
KeyLocator keyLocator = net.named_data.jndn.KeyLocator.getFromSignature(signatureInfo);
if (keyLocator.getType() == net.named_data.jndn.KeyLocatorType.KEYNAME) {
// Assume the key name is a certificate name.
Name signatureName = keyLocator.getKeyName();
IdentityCertificate certificate = refreshManager_
.getCertificate(signatureName);
if (certificate == null)
certificate = certificateCache_.getCertificate(signatureName);
if (certificate == null) {
failureReason[0] = "Cannot find a certificate with name "
+ signatureName.toUri();
return false;
}
Blob publicKeyDer = certificate.getPublicKeyInfo().getKeyDer();
if (publicKeyDer.isNull()) {
// We don't expect this to happen.
failureReason[0] = "There is no public key in the certificate with name "
+ certificate.getName().toUri();
return false;
}
if (net.named_data.jndn.security.policy.PolicyManager.verifySignature(signatureInfo, signedBlob, publicKeyDer))
return true;
else {
failureReason[0] = "The signature did not verify with the given public key";
return false;
}
} else {
failureReason[0] = "The KeyLocator does not have a key name";
return false;
}
}