/// <summary>
/// Add a certificate to the identity storage. Also call addKey to ensure that
/// the certificate key exists. If the certificate is already installed, don't
/// replace it.
/// </summary>
///
/// <param name="certificate"></param>
public override sealed void addCertificate(IdentityCertificate certificate)
{
Name certificateName = certificate.getName();
Name keyName = certificate.getPublicKeyName();
addKey(keyName, certificate.getPublicKeyInfo().getKeyType(),
certificate.getPublicKeyInfo().getKeyDer());
if (doesCertificateExist(certificateName))
return;
// Insert the certificate.
try {
PreparedStatement statement = database_
.prepareStatement("INSERT INTO Certificate (cert_name, cert_issuer, identity_name, key_identifier, not_before, not_after, certificate_data) "
+ "values (?, ?, ?, ?, datetime(?, 'unixepoch'), datetime(?, 'unixepoch'), ?)");
statement.setString(1, certificateName.toUri());
Name signerName = net.named_data.jndn.KeyLocator.getFromSignature(
certificate.getSignature()).getKeyName();
statement.setString(2, signerName.toUri());
String keyId = keyName.get(-1).toEscapedString();
Name identity = keyName.getPrefix(-1);
statement.setString(3, identity.toUri());
statement.setString(4, keyId);
// Convert from milliseconds to seconds since 1/1/1970.
statement.setLong(5,
(long) (Math.Floor(certificate.getNotBefore() / 1000.0d)));
statement.setLong(6,
(long) (Math.Floor(certificate.getNotAfter() / 1000.0d)));
// wireEncode returns the cached encoding if available.
statement.setBytes(7, certificate.wireEncode().getImmutableArray());
try {
statement.executeUpdate();
} finally {
statement.close();
}
} catch (SQLException exception) {
throw new SecurityException("BasicIdentityStorage: SQLite error: "
+ exception);
}
}
/// <summary>
/// Fetch a certificate from the cache.
/// </summary>
///
/// <param name="certificateName"></param>
/// <returns>A new copy of the IdentityCertificate, or null if not found.</returns>
public IdentityCertificate getCertificate(Name certificateName)
{
Blob certData = (Blob) ILOG.J2CsMapping.Collections.Collections.Get(cache_,certificateName.toUri());
if (certData == null)
return null;
IdentityCertificate cert = new IdentityCertificate();
try {
cert.wireDecode(certData.buf());
} catch (EncodingException ex) {
ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(CertificateCache).FullName).log(
ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null, ex);
throw new Exception(ex.Message);
}
return cert;
}
/// <summary>
/// Prepare an unsigned identity certificate.
/// </summary>
///
/// <param name="keyName">The key name, e.g., `/{identity_name}/ksk-123456`.</param>
/// <param name="publicKey">The public key to sign.</param>
/// <param name="signingIdentity">The signing identity.</param>
/// <param name="notBefore">See IdentityCertificate.</param>
/// <param name="notAfter">See IdentityCertificate.</param>
/// <param name="subjectDescription">on the keyName.</param>
/// <param name="certPrefix">signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-...`).</param>
/// <returns>The unsigned IdentityCertificate, or null if the inputs are invalid.</returns>
public IdentityCertificate prepareUnsignedIdentityCertificate(
Name keyName, PublicKey publicKey, Name signingIdentity,
double notBefore, double notAfter, IList subjectDescription,
Name certPrefix)
{
if (keyName.size() < 1)
return null;
String tempKeyIdPrefix = keyName.get(-1).toEscapedString();
if (tempKeyIdPrefix.Length < 4)
return null;
String keyIdPrefix = tempKeyIdPrefix.Substring(0,(4)-(0));
if (!keyIdPrefix.equals("ksk-") && !keyIdPrefix.equals("dsk-"))
return null;
IdentityCertificate certificate = new IdentityCertificate();
Name certName = new Name();
if (certPrefix == null) {
// No certificate prefix hint, so infer the prefix.
if (signingIdentity.match(keyName))
certName.append(signingIdentity).append("KEY")
.append(keyName.getSubName(signingIdentity.size()))
.append("ID-CERT")
.appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds());
else
certName.append(keyName.getPrefix(-1)).append("KEY")
.append(keyName.get(-1)).append("ID-CERT")
.appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds());
} else {
// A cert prefix hint is supplied, so determine the cert name.
if (certPrefix.match(keyName) && !certPrefix.equals(keyName))
certName.append(certPrefix).append("KEY")
.append(keyName.getSubName(certPrefix.size()))
.append("ID-CERT")
.appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds());
else
return null;
}
certificate.setName(certName);
certificate.setNotBefore(notBefore);
certificate.setNotAfter(notAfter);
certificate.setPublicKeyInfo(publicKey);
if (subjectDescription == null || (subjectDescription.Count==0))
certificate
.addSubjectDescription(new CertificateSubjectDescription(
"2.5.4.41", keyName.getPrefix(-1).toUri()));
else {
for (int i = 0; i < subjectDescription.Count; ++i)
certificate
.addSubjectDescription((CertificateSubjectDescription) subjectDescription[i]);
}
try {
certificate.encode();
} catch (DerEncodingException ex) {
throw new SecurityException("DerEncodingException: " + ex);
} catch (DerDecodingException ex_0) {
throw new SecurityException("DerDecodingException: " + ex_0);
}
return certificate;
}
/// <summary>
/// Create an identity certificate for a public key supplied by the caller.
/// </summary>
///
/// <param name="certificatePrefix">The name of public key to be signed.</param>
/// <param name="publicKey">The public key to be signed.</param>
/// <param name="signerCertificateName">The name of signing certificate.</param>
/// <param name="notBefore">The notBefore value in the validity field of the generated certificate.</param>
/// <param name="notAfter">The notAfter vallue in validity field of the generated certificate.</param>
/// <returns>The generated identity certificate.</returns>
public IdentityCertificate createIdentityCertificate(
Name certificatePrefix, PublicKey publicKey,
Name signerCertificateName, double notBefore, double notAfter)
{
IdentityCertificate certificate = new IdentityCertificate();
Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);
Name certificateName = new Name(certificatePrefix);
certificateName.append("ID-CERT").appendVersion(
(long) net.named_data.jndn.util.Common.getNowMilliseconds());
certificate.setName(certificateName);
certificate.setNotBefore(notBefore);
certificate.setNotAfter(notAfter);
certificate.setPublicKeyInfo(publicKey);
certificate.addSubjectDescription(new CertificateSubjectDescription(
"2.5.4.41", keyName.toUri()));
try {
certificate.encode();
} catch (DerEncodingException ex) {
throw new SecurityException("DerDecodingException: " + ex);
} catch (DerDecodingException ex_0) {
throw new SecurityException("DerEncodingException: " + ex_0);
}
Sha256WithRsaSignature sha256Sig = new Sha256WithRsaSignature();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.setKeyName(signerCertificateName);
sha256Sig.setKeyLocator(keyLocator);
certificate.setSignature(sha256Sig);
SignedBlob unsignedData = certificate.wireEncode();
IdentityCertificate signerCertificate;
try {
signerCertificate = getCertificate(signerCertificateName);
} catch (DerDecodingException ex_1) {
throw new SecurityException("DerDecodingException: " + ex_1);
}
Name signerkeyName = signerCertificate.getPublicKeyName();
Blob sigBits = privateKeyStorage_.sign(unsignedData.signedBuf(),
signerkeyName);
sha256Sig.setSignature(sigBits);
return certificate;
}
/// <summary>
/// The copy constructor.
/// </summary>
///
public IdentityCertificate(IdentityCertificate identityCertificate) : base(identityCertificate)
{
this.publicKeyName_ = new Name();
publicKeyName_ = identityCertificate.publicKeyName_;
}
/// <summary>
/// Install an identity certificate into the public key identity storage.
/// </summary>
///
/// <param name="certificate">The certificate to to added.</param>
public void installIdentityCertificate(IdentityCertificate certificate)
{
identityManager_.addCertificate(certificate);
}
/// <summary>
/// Get a certificate from the identity storage.
/// </summary>
///
/// <param name="certificateName">The name of the requested certificate.</param>
/// <returns>The requested certificate.</returns>
/// <exception cref="System.Security.SecurityException">if the certificate doesn't exist.</exception>
public override IdentityCertificate getCertificate(Name certificateName)
{
Blob certificateDer = (Blob) ILOG.J2CsMapping.Collections.Collections.Get(certificateStore_,certificateName
.toUri());
if (certificateDer == null)
throw new SecurityException(
"MemoryIdentityStorage::getKey: The certificate does not exist");
IdentityCertificate certificate = new IdentityCertificate();
try {
certificate.wireDecode(certificateDer);
} catch (EncodingException ex) {
throw new SecurityException(
"MemoryIdentityStorage::getKey: The certificate cannot be decoded");
}
return certificate;
}
public void onVerified(Data data)
{
IdentityCertificate certificate;
try {
certificate = new IdentityCertificate(data);
} catch (DerDecodingException ex) {
try {
onValidationFailed_.onInterestValidationFailed(
originalInterest_, "Cannot decode certificate "
+ data.getName().toUri());
} catch (Exception exception) {
net.named_data.jndn.security.policy.ConfigPolicyManager.logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE,
"Error in onInterestValidationFailed", exception);
}
return;
}
outer_ConfigPolicyManager.certificateCache_.insertCertificate(certificate);
try {
// Now that we stored the needed certificate, increment stepCount and try again
// to verify the originalInterest.
outer_ConfigPolicyManager.checkVerificationPolicy(originalInterest_, stepCount_ + 1,
onVerified_, onValidationFailed_, wireFormat_);
} catch (SecurityException ex_0) {
try {
onValidationFailed_.onInterestValidationFailed(
originalInterest_,
"Error in checkVerificationPolicy: " + ex_0);
} catch (Exception exception_1) {
net.named_data.jndn.security.policy.ConfigPolicyManager.logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE,
"Error in onInterestValidationFailed", exception_1);
}
}
}
public static IdentityCertificate loadIdentityCertificateFromFile(
String filename)
{
StringBuilder encodedData = new StringBuilder();
try {
TextReader certFile = new FileReader(
filename);
// Use "try/finally instead of "try-with-resources" or "using"
// which are not supported before Java 7.
try {
String line;
while ((line = certFile.readLine()) != null)
encodedData.append(line);
} finally {
certFile.close();
}
} catch (FileNotFoundException ex) {
throw new SecurityException(
"Can't find IdentityCertificate file " + filename
+ ": " + ex.Message);
} catch (IOException ex_0) {
throw new SecurityException(
"Error reading IdentityCertificate file " + filename
+ ": " + ex_0.Message);
}
byte[] decodedData = net.named_data.jndn.util.Common.base64Decode(encodedData.toString());
IdentityCertificate cert = new IdentityCertificate();
try {
cert.wireDecode(new Blob(decodedData, false));
} catch (EncodingException ex_1) {
throw new SecurityException(
"Can't decode the IdentityCertificate from file "
+ filename + ": " + ex_1.Message);
}
return cert;
}
public void testPrepareUnsignedCertificate()
{
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage();
IdentityManager identityManager = new IdentityManager(identityStorage,
privateKeyStorage);
Name keyName = new Name("/test/ksk-1457560485494");
identityStorage.addKey(keyName, net.named_data.jndn.security.KeyType.RSA,
new Blob(PUBLIC_KEY, false));
ArrayList subjectDescriptions = new ArrayList();
ILOG.J2CsMapping.Collections.Collections.Add(subjectDescriptions,new CertificateSubjectDescription(TEST_OID,
"TEST NAME"));
IdentityCertificate newCertificate = identityManager
.prepareUnsignedIdentityCertificate(keyName,
keyName.getPrefix(1), toyCertNotBefore,
toyCertNotAfter, subjectDescriptions);
// Update the generated certificate version to equal the one in toyCert.
newCertificate.setName(new Name(newCertificate.getName().getPrefix(-1)
.append(toyCert.getName().get(-1))));
// Make a copy to test encoding.
IdentityCertificate certificateCopy = new IdentityCertificate(
newCertificate);
Assert.AssertEquals(
"Prepared unsigned certificate dump does not have the expected format",
"" + toyCert, "" + certificateCopy);
}
/// <summary>
/// This looks up certificates specified as base64-encoded data or file names.
/// These are cached by filename or encoding to avoid repeated reading of files
/// or decoding.
/// </summary>
///
/// <param name="certID"></param>
/// <param name="isPath"></param>
/// <returns>The certificate object.</returns>
private IdentityCertificate lookupCertificate(String certID, bool isPath)
{
IdentityCertificate cert;
if (!fixedCertificateCache_.Contains(certID)) {
if (isPath)
// Load the certificate data (base64 encoded IdentityCertificate)
cert = net.named_data.jndn.security.policy.ConfigPolicyManager.TrustAnchorRefreshManager
.loadIdentityCertificateFromFile(certID);
else {
byte[] certData = net.named_data.jndn.util.Common.base64Decode(certID);
cert = new IdentityCertificate();
try {
cert.wireDecode(new Blob(certData, false));
} catch (EncodingException ex) {
throw new SecurityException(
"Cannot base64 decode the cert data: "
+ ex.Message);
}
}
String certUri = cert.getName().getPrefix(-1).toUri();
ILOG.J2CsMapping.Collections.Collections.Put(fixedCertificateCache_,certID,certUri);
certificateCache_.insertCertificate(cert);
} else
cert = certificateCache_.getCertificate(new Name(
(String) ILOG.J2CsMapping.Collections.Collections.Get(fixedCertificateCache_,certID)));
return cert;
}
public void testRefresh10s()
{
StringBuilder encodedData = new StringBuilder();
TextReader dataFile = new System.IO.StreamReader(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName,"testData")).OpenWrite());
// Use "try/finally instead of "try-with-resources" or "using"
// which are not supported before Java 7.
try {
String line;
while ((line = dataFile.readLine()) != null)
encodedData.append(line);
} finally {
dataFile.close();
}
byte[] decodedData = net.named_data.jndn.util.Common.base64Decode(encodedData.toString());
Data data = new Data();
data.wireDecode(new Blob(decodedData, false));
// This test is needed, since the KeyChain will express interests in unknown
// certificates.
VerificationResult vr = doVerify(policyManager_, data);
AssertTrue(
"ConfigPolicyManager did not create ValidationRequest for unknown certificate",
vr.hasFurtherSteps_);
AssertEquals(
"ConfigPolicyManager called success callback with pending ValidationRequest",
0, vr.successCount_);
AssertEquals(
"ConfigPolicyManager called failure callback with pending ValidationRequest",
0, vr.failureCount_);
// Now save the cert data to our anchor directory, and wait.
// We have to sign it with the current identity or the policy manager will
// create an interest for the signing certificate.
IdentityCertificate cert = new IdentityCertificate();
byte[] certData = net.named_data.jndn.util.Common.base64Decode(CERT_DUMP);
cert.wireDecode(new Blob(certData, false));
keyChain_.signByIdentity(cert, identityName_);
Blob signedCertBlob = cert.wireEncode();
String encodedCert = net.named_data.jndn.util.Common.base64Encode(signedCertBlob
.getImmutableArray());
BufferedStream certFile = new BufferedStream(new System.IO.StreamWriter(testCertFile_.OpenRead()));
try {
certFile.Write(encodedCert,0,encodedCert.Substring(0,encodedCert.Length));
certFile.flush();
} finally {
certFile.close();
}
// Still too early for refresh to pick it up.
vr = doVerify(policyManager_, data);
AssertTrue("ConfigPolicyManager refresh occured sooner than specified",
vr.hasFurtherSteps_);
AssertEquals(
"ConfigPolicyManager called success callback with pending ValidationRequest",
0, vr.successCount_);
AssertEquals(
"ConfigPolicyManager called failure callback with pending ValidationRequest",
0, vr.failureCount_);
ILOG.J2CsMapping.Threading.ThreadWrapper.sleep(6000);
// Now we should find it.
vr = doVerify(policyManager_, data);
AssertFalse("ConfigPolicyManager did not refresh certificate store",
vr.hasFurtherSteps_);
AssertEquals("Verification success called " + vr.successCount_
+ " times instead of 1", 1, vr.successCount_);
AssertEquals("ConfigPolicyManager did not verify valid signed data", 0,
vr.failureCount_);
}
public TestGroupManager()
{
this.certificate = new IdentityCertificate();
}
public void testCreateDKeyData()
{
// Create the group manager.
GroupManager manager = new GroupManager(new Name("Alice"), new Name(
"data_type"), new Sqlite3GroupManagerDb(
System.IO.Path.GetFullPath(dKeyDatabaseFilePath.Name)), 2048, 1, keyChain);
Blob newCertificateBlob = certificate.wireEncode();
IdentityCertificate newCertificate = new IdentityCertificate();
newCertificate.wireDecode(newCertificateBlob);
// Encrypt the D-KEY.
Data data = friendAccess.createDKeyData(manager, "20150825T000000",
"20150827T000000", new Name("/ndn/memberA/KEY"),
decryptKeyBlob, newCertificate.getPublicKeyInfo().getKeyDer());
// Verify the encrypted D-KEY.
Blob dataContent = data.getContent();
// Get the nonce key.
// dataContent is a sequence of the two EncryptedContent.
EncryptedContent encryptedNonce = new EncryptedContent();
encryptedNonce.wireDecode(dataContent);
AssertEquals(0, encryptedNonce.getInitialVector().size());
AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep,
encryptedNonce.getAlgorithmType());
Blob blobNonce = encryptedNonce.getPayload();
EncryptParams decryptParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep);
Blob nonce = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(decryptKeyBlob, blobNonce,
decryptParams);
// Get the D-KEY.
// Use the size of encryptedNonce to find the start of encryptedPayload.
ByteBuffer payloadContent = dataContent.buf().duplicate();
payloadContent.position(encryptedNonce.wireEncode().size());
EncryptedContent encryptedPayload = new EncryptedContent();
encryptedPayload.wireDecode(payloadContent);
AssertEquals(16, encryptedPayload.getInitialVector().size());
AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc,
encryptedPayload.getAlgorithmType());
decryptParams.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc);
decryptParams.setInitialVector(encryptedPayload.getInitialVector());
Blob blobPayload = encryptedPayload.getPayload();
Blob largePayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(nonce, blobPayload,
decryptParams);
AssertTrue(largePayload.equals(decryptKeyBlob));
}
/// <summary>
/// Generate a self-signed certificate for a public key.
/// </summary>
///
/// <param name="keyName">The name of the public key.</param>
/// <returns>The generated certificate.</returns>
public IdentityCertificate selfSign(Name keyName)
{
IdentityCertificate certificate = new IdentityCertificate();
Blob keyBlob = identityStorage_.getKey(keyName);
PublicKey publicKey = new PublicKey(keyBlob);
Calendar calendar = ILOG.J2CsMapping.Util.Calendar.getInstance();
double notBefore = (double) calendar.getTimeInMillis();
calendar.add(ILOG.J2CsMapping.Util.Calendar.YEAR, 2);
double notAfter = (double) calendar.getTimeInMillis();
certificate.setNotBefore(notBefore);
certificate.setNotAfter(notAfter);
Name certificateName = keyName.getPrefix(-1).append("KEY")
.append(keyName.get(-1)).append("ID-CERT")
.appendVersion((long) certificate.getNotBefore());
certificate.setName(certificateName);
certificate.setPublicKeyInfo(publicKey);
certificate.addSubjectDescription(new CertificateSubjectDescription(
"2.5.4.41", keyName.toUri()));
try {
certificate.encode();
} catch (DerEncodingException ex) {
// We don't expect this to happen.
ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(IdentityManager).FullName).log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE,
null, ex);
return null;
} catch (DerDecodingException ex_0) {
// We don't expect this to happen.
ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(IdentityManager).FullName).log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE,
null, ex_0);
return null;
}
signByCertificate(certificate, certificate.getName());
return certificate;
}
/// <summary> /// Add a certificate to the identity storage. Also call addKey to ensure that /// the certificate key exists. If the certificate is already installed, don't /// replace it. /// </summary> /// /// <param name="certificate"></param> public abstract void addCertificate(IdentityCertificate certificate);
/// <summary>
/// Set the certificate as the default for its corresponding key.
/// </summary>
///
/// <param name="certificate">The certificate.</param>
public void setDefaultCertificateForKey(
IdentityCertificate certificate)
{
Name keyName = certificate.getPublicKeyName();
if (!identityStorage_.doesKeyExist(keyName))
throw new SecurityException(
"No corresponding Key record for certificate!");
identityStorage_.setDefaultCertificateNameForKey(keyName,
certificate.getName());
}
/// <summary>
/// Add a new member with the given memberCertificate into a schedule named
/// scheduleName. If cert is an IdentityCertificate made from memberCertificate,
/// then the member's identity name is cert.getPublicKeyName().getPrefix(-1).
/// </summary>
///
/// <param name="scheduleName">The schedule name.</param>
/// <param name="memberCertificate">The member's certificate.</param>
/// <exception cref="GroupManagerDb.Error">If there's no schedule named scheduleName, ifthe member's identity name already exists, or other database error.</exception>
/// <exception cref="DerDecodingException">for error decoding memberCertificate as acertificate.</exception>
public void addMember(String scheduleName, Data memberCertificate)
{
IdentityCertificate cert = new IdentityCertificate(memberCertificate);
database_.addMember(scheduleName, cert.getPublicKeyName(), cert
.getPublicKeyInfo().getKeyDer());
}
/// <summary>
/// Add a certificate to the identity storage. Also call addKey to ensure that
/// the certificate key exists. If the certificate is already installed, don't
/// replace it.
/// </summary>
///
/// <param name="certificate"></param>
public override void addCertificate(IdentityCertificate certificate)
{
Name certificateName = certificate.getName();
Name keyName = certificate.getPublicKeyName();
addKey(keyName, certificate.getPublicKeyInfo().getKeyType(),
certificate.getPublicKeyInfo().getKeyDer());
if (doesCertificateExist(certificateName))
return;
// Insert the certificate.
ILOG.J2CsMapping.Collections.Collections.Put(certificateStore_,certificateName.toUri(),certificate.wireEncode());
}
/// <summary>
/// Add a certificate into the public key identity storage.
/// </summary>
///
/// <param name="certificate"></param>
public void addCertificate(IdentityCertificate certificate)
{
identityStorage_.addCertificate(certificate);
}
/// <summary>
/// Insert the certificate into the cache. Assumes the timestamp is not yet
/// removed from the name.
/// </summary>
///
/// <param name="certificate">The certificate to copy and insert.</param>
public void insertCertificate(IdentityCertificate certificate)
{
Name certName = certificate.getName().getPrefix(-1);
ILOG.J2CsMapping.Collections.Collections.Put(cache_,certName.toUri(),certificate.wireEncode());
}
/// <summary>
/// Add a certificate into the public key identity storage and set the
/// certificate as the default of its corresponding key.
/// </summary>
///
/// <param name="certificate"></param>
public void addCertificateAsDefault(IdentityCertificate certificate)
{
identityStorage_.addCertificate(certificate);
setDefaultCertificateForKey(certificate);
}
/// <summary>
/// Set the certificate as the default for its corresponding key.
/// </summary>
///
/// <param name="certificate">The certificate.</param>
public void setDefaultCertificateForKey(
IdentityCertificate certificate)
{
identityManager_.setDefaultCertificateForKey(certificate);
}
/// <summary>
/// Add a certificate into the public key identity storage and set the
/// certificate as the default for its corresponding identity.
/// </summary>
///
/// <param name="certificate"></param>
public void addCertificateAsIdentityDefault(
IdentityCertificate certificate)
{
identityStorage_.addCertificate(certificate);
Name keyName = certificate.getPublicKeyName();
setDefaultKeyForIdentity(keyName);
setDefaultCertificateForKey(certificate);
}
/// <summary>
/// The copy constructor.
/// </summary>
///
public IdentityCertificate(IdentityCertificate identityCertificate)
: base(identityCertificate)
{
this.publicKeyName_ = new Name();
publicKeyName_ = identityCertificate.publicKeyName_;
}
/// <summary>
/// Get a certificate from the identity storage.
/// </summary>
///
/// <param name="certificateName">The name of the requested certificate.</param>
/// <returns>The requested certificate.</returns>
/// <exception cref="System.Security.SecurityException">if the certificate doesn't exist.</exception>
public override sealed IdentityCertificate getCertificate(Name certificateName)
{
try {
PreparedStatement statement;
statement = database_.prepareStatement(net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.SELECT_getCertificate);
statement.setString(1, certificateName.toUri());
IdentityCertificate certificate = new IdentityCertificate();
try {
SqlDataReader result = statement.executeQuery();
if (result.NextResult()) {
try {
certificate.wireDecode(new Blob(result
.getBytes("certificate_data"), false));
} catch (EncodingException ex) {
throw new SecurityException(
"BasicIdentityStorage: Error decoding certificate data: "
+ ex);
}
} else
throw new SecurityException(
"BasicIdentityStorage::getKey: The key certificate not exist");
} finally {
statement.close();
}
return certificate;
} catch (SQLException exception) {
throw new SecurityException("BasicIdentityStorage: SQLite error: "
+ exception);
}
}
