Example #1
0
        public void testSetters()
        {
            CertificateV2 certificate = new CertificateV2();

            certificate.setName(new Name(
                                    "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"));
            certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);
            certificate.setContent(new Blob(PUBLIC_KEY, false));
            certificate.setSignature(generateFakeSignature());

            Assert.AssertEquals(new Name(
                                    "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"),
                                certificate.getName());
            Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-1416425377094"),
                                certificate.getKeyName());
            Assert.AssertEquals(new Name("/ndn/site1"), certificate.getIdentity());
            Assert.AssertEquals(new Name.Component("0123"), certificate.getIssuerId());
            Assert.AssertEquals(new Name.Component("ksk-1416425377094"),
                                certificate.getKeyId());
            Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-2516425377094"), net.named_data.jndn.KeyLocator
                                .getFromSignature(certificate.getSignature()).getKeyName());
            Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T050000"), certificate
                                .getValidityPeriod().getNotBefore(), 0);
            Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060000"), certificate
                                .getValidityPeriod().getNotAfter(), 0);

            try {
                certificate.getPublicKey();
            } catch (Exception ex) {
                Assert.Fail(ex.Message);
            }
        }
Example #2
0
        public void testEmptyContent()
        {
            Data data = new Data(certificateBase_);

            data.setContent(new Blob());
            data.setSignature(generateFakeSignature());

            try {
                new CertificateV2(data);
                Assert.Fail("The CertificateV2 constructor did not throw an exception");
            } catch (CertificateV2.Error ex) {
            } catch (Exception ex_0) {
                Assert.Fail("The CertificateV2 constructor did not throw an exception");
            }

            CertificateV2 certificate = new CertificateV2(certificateBase_);

            certificate.setContent(new Blob());
            certificate.setSignature(generateFakeSignature());
            try {
                certificate.getPublicKey();
                Assert.Fail("getPublicKey did not throw an exception");
            } catch (CertificateV2.Error ex_1) {
            } catch (Exception ex_2) {
                Assert.Fail("getPublicKey did not throw an exception");
            }
        }
 /// <summary>
 /// Verify the Interest packet using the public key in the certificate, where
 /// the last two name components are the SignatureInfo and signature bytes.
 /// This does not check the type of public key or digest algorithm against the
 /// type of SignatureInfo such as Sha256WithRsaSignature.
 /// </summary>
 ///
 /// <param name="interest">The Interest packet to verify.</param>
 /// <param name="certificate">The certificate containing the public key.</param>
 /// <param name="digestAlgorithm">(optional) The digest algorithm. If omitted, use SHA256.</param>
 /// <param name="wireFormat"></param>
 /// <returns>True if verification succeeds, false if verification fails or
 /// cannot decode the Interest or public key.</returns>
 /// <exception cref="System.ArgumentException">for an invalid public key type ordigestAlgorithm.</exception>
 public static bool verifyInterestSignature(Interest interest,
                                            CertificateV2 certificate, DigestAlgorithm digestAlgorithm,
                                            WireFormat wireFormat)
 {
     try {
         return(verifyInterestSignature(interest,
                                        certificate.getPublicKey(), digestAlgorithm, wireFormat));
     } catch (CertificateV2.Error ex) {
         return(false);
     }
 }
 /// <summary>
 /// Verify the Data packet using the public key in the certificate. This does
 /// not check the type of public key or digest algorithm against the type of
 /// SignatureInfo in the Data packet such as Sha256WithRsaSignature.
 /// </summary>
 ///
 /// <param name="data">The Data packet to verify.</param>
 /// <param name="certificate">The certificate containing the public key.</param>
 /// <param name="digestAlgorithm">The digest algorithm.</param>
 /// <param name="wireFormat">A WireFormat object used to encode the Data packet.</param>
 /// <returns>True if verification succeeds, false if verification fails or for
 /// an error decoding the public key.</returns>
 /// <exception cref="System.ArgumentException">for an invalid public key type ordigestAlgorithm.</exception>
 public static bool verifyDataSignature(Data data,
                                        CertificateV2 certificate, DigestAlgorithm digestAlgorithm,
                                        WireFormat wireFormat)
 {
     try {
         return(verifyDataSignature(data, certificate.getPublicKey(),
                                    digestAlgorithm, wireFormat));
     } catch (CertificateV2.Error ex) {
         return(false);
     }
 }
Example #5
0
        /// <summary>
        /// Authorize a member identified by memberCertificate to decrypt data under
        /// the policy.
        /// </summary>
        ///
        /// <param name="memberCertificate"></param>
        /// <returns>The published KDK Data packet.</returns>
        public Data addMember(CertificateV2 memberCertificate)
        {
            Name kdkName = new Name(nacKey_.getIdentityName());

            kdkName.append(net.named_data.jndn.encrypt.EncryptorV2.NAME_COMPONENT_KDK)
            .append(nacKey_.getName().get(-1))
            // key-id
            .append(net.named_data.jndn.encrypt.EncryptorV2.NAME_COMPONENT_ENCRYPTED_BY)
            .append(memberCertificate.getKeyName());

            int secretLength = 32;

            byte[] secret = new byte[secretLength];
            net.named_data.jndn.util.Common.getRandom().nextBytes(secret);
            // To be compatible with OpenSSL which uses a null-terminated string,
            // replace each 0 with 1. And to be compatible with the Java security
            // library which interprets the secret as a char array converted to UTF8,
            // limit each byte to the ASCII range 1 to 127.
            for (int i = 0; i < secretLength; ++i)
            {
                if (secret[i] == 0)
                {
                    secret[i] = 1;
                }

                secret[i] &= 0x7f;
            }

            SafeBag kdkSafeBag = keyChain_.exportSafeBag(
                nacKey_.getDefaultCertificate(), ILOG.J2CsMapping.NIO.ByteBuffer.wrap(secret));

            PublicKey memberKey = new PublicKey(memberCertificate.getPublicKey());

            EncryptedContent encryptedContent = new EncryptedContent();

            encryptedContent.setPayload(kdkSafeBag.wireEncode());
            encryptedContent.setPayloadKey(memberKey.encrypt(secret,
                                                             net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep));

            Data kdkData = new Data(kdkName);

            kdkData.setContent(encryptedContent.wireEncodeV2());
            // FreshnessPeriod can serve as a soft access control for revoking access.
            kdkData.getMetaInfo().setFreshnessPeriod(
                DEFAULT_KDK_FRESHNESS_PERIOD_MS);
            keyChain_.sign(kdkData, new SigningInfo(identity_));

            storage_.insert(kdkData);

            return(kdkData);
        }
Example #6
0
        public void testConstructor()
        {
            CertificateV2 certificate = new CertificateV2();

            certificate.wireDecode(new Blob(CERT, false));

            Assert.AssertEquals(new Name(
                                    "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"),
                                certificate.getName());
            Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-1416425377094"),
                                certificate.getKeyName());
            Assert.AssertEquals(new Name("/ndn/site1"), certificate.getIdentity());
            Assert.AssertEquals(new Name.Component("0123"), certificate.getIssuerId());
            Assert.AssertEquals(new Name.Component("ksk-1416425377094"),
                                certificate.getKeyId());
            Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-2516425377094"), net.named_data.jndn.KeyLocator
                                .getFromSignature(certificate.getSignature()).getKeyName());
            Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150814T223739"), certificate
                                .getValidityPeriod().getNotBefore(), 0);
            Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150818T223738"), certificate
                                .getValidityPeriod().getNotAfter(), 0);

            try {
                certificate.getPublicKey();
            } catch (Exception ex) {
                Assert.Fail(ex.Message);
            }

            Data data = new Data();

            data.wireDecode(new Blob(CERT, false));
            CertificateV2 certificate2 = new CertificateV2(data);

            Assert.AssertEquals(certificate.getName(), certificate2.getName());
            Assert.AssertTrue(certificate.getPublicKey().equals(
                                  certificate2.getPublicKey()));
        }