public void testSetters()
{
CertificateV2 certificate = new CertificateV2();
certificate.setName(new Name(
"/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"));
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);
certificate.setContent(new Blob(PUBLIC_KEY, false));
certificate.setSignature(generateFakeSignature());
Assert.AssertEquals(new Name(
"/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"),
certificate.getName());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-1416425377094"),
certificate.getKeyName());
Assert.AssertEquals(new Name("/ndn/site1"), certificate.getIdentity());
Assert.AssertEquals(new Name.Component("0123"), certificate.getIssuerId());
Assert.AssertEquals(new Name.Component("ksk-1416425377094"),
certificate.getKeyId());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-2516425377094"), net.named_data.jndn.KeyLocator
.getFromSignature(certificate.getSignature()).getKeyName());
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T050000"), certificate
.getValidityPeriod().getNotBefore(), 0);
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060000"), certificate
.getValidityPeriod().getNotAfter(), 0);
try {
certificate.getPublicKey();
} catch (Exception ex) {
Assert.Fail(ex.Message);
}
}
public void testEmptyContent()
{
Data data = new Data(certificateBase_);
data.setContent(new Blob());
data.setSignature(generateFakeSignature());
try {
new CertificateV2(data);
Assert.Fail("The CertificateV2 constructor did not throw an exception");
} catch (CertificateV2.Error ex) {
} catch (Exception ex_0) {
Assert.Fail("The CertificateV2 constructor did not throw an exception");
}
CertificateV2 certificate = new CertificateV2(certificateBase_);
certificate.setContent(new Blob());
certificate.setSignature(generateFakeSignature());
try {
certificate.getPublicKey();
Assert.Fail("getPublicKey did not throw an exception");
} catch (CertificateV2.Error ex_1) {
} catch (Exception ex_2) {
Assert.Fail("getPublicKey did not throw an exception");
}
}
/// <summary>
/// Verify the Interest packet using the public key in the certificate, where
/// the last two name components are the SignatureInfo and signature bytes.
/// This does not check the type of public key or digest algorithm against the
/// type of SignatureInfo such as Sha256WithRsaSignature.
/// </summary>
///
/// <param name="interest">The Interest packet to verify.</param>
/// <param name="certificate">The certificate containing the public key.</param>
/// <param name="digestAlgorithm">(optional) The digest algorithm. If omitted, use SHA256.</param>
/// <param name="wireFormat"></param>
/// <returns>True if verification succeeds, false if verification fails or
/// cannot decode the Interest or public key.</returns>
/// <exception cref="System.ArgumentException">for an invalid public key type ordigestAlgorithm.</exception>
public static bool verifyInterestSignature(Interest interest,
CertificateV2 certificate, DigestAlgorithm digestAlgorithm,
WireFormat wireFormat)
{
try {
return(verifyInterestSignature(interest,
certificate.getPublicKey(), digestAlgorithm, wireFormat));
} catch (CertificateV2.Error ex) {
return(false);
}
}
/// <summary>
/// Verify the Data packet using the public key in the certificate. This does
/// not check the type of public key or digest algorithm against the type of
/// SignatureInfo in the Data packet such as Sha256WithRsaSignature.
/// </summary>
///
/// <param name="data">The Data packet to verify.</param>
/// <param name="certificate">The certificate containing the public key.</param>
/// <param name="digestAlgorithm">The digest algorithm.</param>
/// <param name="wireFormat">A WireFormat object used to encode the Data packet.</param>
/// <returns>True if verification succeeds, false if verification fails or for
/// an error decoding the public key.</returns>
/// <exception cref="System.ArgumentException">for an invalid public key type ordigestAlgorithm.</exception>
public static bool verifyDataSignature(Data data,
CertificateV2 certificate, DigestAlgorithm digestAlgorithm,
WireFormat wireFormat)
{
try {
return(verifyDataSignature(data, certificate.getPublicKey(),
digestAlgorithm, wireFormat));
} catch (CertificateV2.Error ex) {
return(false);
}
}
/// <summary>
/// Authorize a member identified by memberCertificate to decrypt data under
/// the policy.
/// </summary>
///
/// <param name="memberCertificate"></param>
/// <returns>The published KDK Data packet.</returns>
public Data addMember(CertificateV2 memberCertificate)
{
Name kdkName = new Name(nacKey_.getIdentityName());
kdkName.append(net.named_data.jndn.encrypt.EncryptorV2.NAME_COMPONENT_KDK)
.append(nacKey_.getName().get(-1))
// key-id
.append(net.named_data.jndn.encrypt.EncryptorV2.NAME_COMPONENT_ENCRYPTED_BY)
.append(memberCertificate.getKeyName());
int secretLength = 32;
byte[] secret = new byte[secretLength];
net.named_data.jndn.util.Common.getRandom().nextBytes(secret);
// To be compatible with OpenSSL which uses a null-terminated string,
// replace each 0 with 1. And to be compatible with the Java security
// library which interprets the secret as a char array converted to UTF8,
// limit each byte to the ASCII range 1 to 127.
for (int i = 0; i < secretLength; ++i)
{
if (secret[i] == 0)
{
secret[i] = 1;
}
secret[i] &= 0x7f;
}
SafeBag kdkSafeBag = keyChain_.exportSafeBag(
nacKey_.getDefaultCertificate(), ILOG.J2CsMapping.NIO.ByteBuffer.wrap(secret));
PublicKey memberKey = new PublicKey(memberCertificate.getPublicKey());
EncryptedContent encryptedContent = new EncryptedContent();
encryptedContent.setPayload(kdkSafeBag.wireEncode());
encryptedContent.setPayloadKey(memberKey.encrypt(secret,
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep));
Data kdkData = new Data(kdkName);
kdkData.setContent(encryptedContent.wireEncodeV2());
// FreshnessPeriod can serve as a soft access control for revoking access.
kdkData.getMetaInfo().setFreshnessPeriod(
DEFAULT_KDK_FRESHNESS_PERIOD_MS);
keyChain_.sign(kdkData, new SigningInfo(identity_));
storage_.insert(kdkData);
return(kdkData);
}
public void testConstructor()
{
CertificateV2 certificate = new CertificateV2();
certificate.wireDecode(new Blob(CERT, false));
Assert.AssertEquals(new Name(
"/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"),
certificate.getName());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-1416425377094"),
certificate.getKeyName());
Assert.AssertEquals(new Name("/ndn/site1"), certificate.getIdentity());
Assert.AssertEquals(new Name.Component("0123"), certificate.getIssuerId());
Assert.AssertEquals(new Name.Component("ksk-1416425377094"),
certificate.getKeyId());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-2516425377094"), net.named_data.jndn.KeyLocator
.getFromSignature(certificate.getSignature()).getKeyName());
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150814T223739"), certificate
.getValidityPeriod().getNotBefore(), 0);
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150818T223738"), certificate
.getValidityPeriod().getNotAfter(), 0);
try {
certificate.getPublicKey();
} catch (Exception ex) {
Assert.Fail(ex.Message);
}
Data data = new Data();
data.wireDecode(new Blob(CERT, false));
CertificateV2 certificate2 = new CertificateV2(data);
Assert.AssertEquals(certificate.getName(), certificate2.getName());
Assert.AssertTrue(certificate.getPublicKey().equals(
certificate2.getPublicKey()));
}