public void testExpiredCertificate()
{
// Copy the default certificate.
Data expiredCertificate_0 = new Data(fixture_.subIdentity_
.getDefaultKey().getDefaultCertificate());
SigningInfo info = new SigningInfo(fixture_.identity_);
// Validity period from 2 hours ago do 1 hour ago.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
info.setValidityPeriod(new ValidityPeriod(now - 2 * 3600 * 1000,
now - 3600 * 1000.0d));
fixture_.keyChain_.sign(expiredCertificate_0, info);
try {
new CertificateV2(expiredCertificate_0).wireEncode();
} catch (Exception ex) {
Assert.Fail("Unexpected exception: " + ex.Message);
}
ValidatorFixture.TestFace.ProcessInterest originalProcessInterest_1 = fixture_.face_.processInterest_;
fixture_.face_.processInterest_ = new TestValidator.Anonymous_C1(originalProcessInterest_1, expiredCertificate_0);
Data data = new Data(new Name(
"/Security/V2/ValidatorFixture/Sub1/Sub2/Data"));
fixture_.keyChain_.sign(data, new SigningInfo(fixture_.subIdentity_));
validateExpectFailure(data, "Signed by an expired certificate");
Assert.AssertEquals(1, fixture_.face_.sentInterests_.Count);
}
/// <summary>
/// Add a self-signed certificate made from the key and issuer ID.
/// </summary>
///
/// <param name="key">The key for the certificate.</param>
/// <param name="issuerId">The issuer ID name component for the certificate name.</param>
/// <returns>The new certificate.</returns>
internal CertificateV2 addCertificate(PibKey key, String issuerId)
{
Name certificateName = new Name(key.getName());
certificateName.append(issuerId).appendVersion(3);
CertificateV2 certificate = new CertificateV2();
certificate.setName(certificateName);
// Set the MetaInfo.
certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY);
// One hour.
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0);
// Set the content.
certificate.setContent(key.getPublicKey());
SigningInfo paras = new SigningInfo(key);
// Validity period of 10 days.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
paras.setValidityPeriod(new ValidityPeriod(now, now + 10 * 24 * 3600
* 1000.0d));
keyChain_.sign(certificate, paras);
return(certificate);
}
internal void makeCertificate(PibKey key, PibKey signer)
{
// Copy the default certificate.
CertificateV2 request = new CertificateV2(key.getDefaultCertificate());
request.setName(new Name(key.getName()).append("looper").appendVersion(
1));
// Set SigningInfo.
SigningInfo // Set SigningInfo.
paras = new SigningInfo(signer);
// Validity period from 100 days before to 100 days after now.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
paras.setValidityPeriod(new ValidityPeriod(now - 100 * 24 * 3600
* 1000.0d, now + 100 * 24 * 3600 * 1000.0d));
fixture_.keyChain_.sign(request, paras);
fixture_.keyChain_.addCertificate(key, request);
fixture_.cache_.insert(request);
}
public void processInterest(Interest interest, OnData onData,
OnTimeout onTimeout, OnNetworkNack onNetworkNack)
{
try {
// Create another key for the same identity and sign it properly.
PibKey parentKey = outer_TestValidator.fixture_.keyChain_
.createKey(outer_TestValidator.fixture_.subIdentity_);
PibKey requestedKey = outer_TestValidator.fixture_.subIdentity_.getKey(interest
.getName());
// Copy the Name.
Name certificateName = new Name(requestedKey.getName());
certificateName.append("looper").appendVersion(1);
CertificateV2 certificate = new CertificateV2();
certificate.setName(certificateName);
// Set the MetaInfo.
certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY);
// Set the freshness period to one hour.
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);
// Set the content.
certificate.setContent(requestedKey.getPublicKey());
// Set SigningInfo.
SigningInfo // Set SigningInfo.
paras = new SigningInfo(parentKey);
// Validity period from 10 days before to 10 days after now.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
paras.setValidityPeriod(new ValidityPeriod(now - 10 * 24
* 3600 * 1000.0d, now + 10 * 24 * 3600 * 1000.0d));
outer_TestValidator.fixture_.keyChain_.sign(certificate, paras);
onData.onData(interest, certificate);
} catch (Exception ex) {
Assert.Fail("Error in InfiniteCertificateChain: " + ex);
}
}
/// <summary>
/// Issue a certificate for subIdentityName signed by issuer. If the identity
/// does not exist, it is created. A new key is generated as the default key
/// for the identity. A default certificate for the key is signed by the
/// issuer using its default certificate.
/// </summary>
///
/// <param name="subIdentityName">The name to issue the certificate for.</param>
/// <param name="issuer">The identity of the signer.</param>
/// <param name="params"></param>
/// <returns>The sub identity.</returns>
internal PibIdentity addSubCertificate(Name subIdentityName, PibIdentity issuer,
KeyParams paras)
{
PibIdentity subIdentity = addIdentity(subIdentityName, paras);
CertificateV2 request = subIdentity.getDefaultKey()
.getDefaultCertificate();
request.setName(request.getKeyName().append("parent").appendVersion(1));
SigningInfo certificateParams = new SigningInfo(issuer);
// Validity period of 20 years.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
certificateParams.setValidityPeriod(new ValidityPeriod(now, now + 20
* 365 * 24 * 3600 * 1000.0d));
// Skip the AdditionalDescription.
keyChain_.sign(request, certificateParams);
keyChain_.setDefaultCertificate(subIdentity.getDefaultKey(), request);
return(subIdentity);
}
public void testRefresh10s()
{
StringBuilder encodedData = new StringBuilder();
TextReader dataFile = new FileReader(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName, "testData")).FullName);
// Use "try/finally instead of "try-with-resources" or "using"
// which are not supported before Java 7.
try {
String line;
while ((line = dataFile.readLine()) != null)
{
encodedData.append(line);
}
} finally {
dataFile.close();
}
byte[] decodedData = net.named_data.jndn.util.Common.base64Decode(encodedData.toString());
Data data = new Data();
data.wireDecode(new Blob(decodedData, false));
// This test is needed, since the KeyChain will express interests in unknown
// certificates.
VerificationResult vr = doVerify(policyManager_, data);
Assert.AssertTrue(
"ConfigPolicyManager did not create ValidationRequest for unknown certificate",
vr.hasFurtherSteps_);
Assert.AssertEquals(
"ConfigPolicyManager called success callback with pending ValidationRequest",
0, vr.successCount_);
Assert.AssertEquals(
"ConfigPolicyManager called failure callback with pending ValidationRequest",
0, vr.failureCount_);
// Now save the cert data to our anchor directory, and wait.
// We have to sign it with the current identity or the policy manager will
// create an interest for the signing certificate.
CertificateV2 cert = new CertificateV2();
byte[] certData = net.named_data.jndn.util.Common.base64Decode(CERT_DUMP);
cert.wireDecode(new Blob(certData, false));
SigningInfo signingInfo = new SigningInfo();
signingInfo.setSigningIdentity(identityName_);
// Make sure the validity period is current for two years.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
signingInfo.setValidityPeriod(new ValidityPeriod(now, now + 2 * 365
* 24 * 3600 * 1000.0d));
keyChain_.sign(cert, signingInfo);
Blob signedCertBlob = cert.wireEncode();
String encodedCert = net.named_data.jndn.util.Common.base64Encode(signedCertBlob
.getImmutableArray());
var certFile = (new StreamWriter(
testCertFile_.FullName));
try {
certFile.Write(encodedCert, 0, encodedCert.Substring(0, encodedCert.Length));
certFile.flush();
} finally {
certFile.close();
}
// Still too early for refresh to pick it up.
vr = doVerify(policyManager_, data);
Assert.AssertTrue("ConfigPolicyManager refresh occured sooner than specified",
vr.hasFurtherSteps_);
Assert.AssertEquals(
"ConfigPolicyManager called success callback with pending ValidationRequest",
0, vr.successCount_);
Assert.AssertEquals(
"ConfigPolicyManager called failure callback with pending ValidationRequest",
0, vr.failureCount_);
ILOG.J2CsMapping.Threading.ThreadWrapper.sleep(6000);
// Now we should find it.
vr = doVerify(policyManager_, data);
Assert.AssertFalse("ConfigPolicyManager did not refresh certificate store",
vr.hasFurtherSteps_);
Assert.AssertEquals("Verification success called " + vr.successCount_
+ " times instead of 1", 1, vr.successCount_);
Assert.AssertEquals("ConfigPolicyManager did not verify valid signed data", 0,
vr.failureCount_);
}