/// <summary>
/// Return a new Signature object based on the signature algorithm of the
/// public key with keyName (derived from certificateName).
/// </summary>
///
/// <param name="certificateName">The certificate name.</param>
/// <param name="digestAlgorithm"></param>
/// <returns>A new object of the correct subclass of Signature.</returns>
private Signature makeSignatureByCertificate(Name certificateName,
DigestAlgorithm[] digestAlgorithm)
{
Name keyName = net.named_data.jndn.security.certificate.IdentityCertificate
.certificateNameToPublicKeyName(certificateName);
PublicKey publicKey = privateKeyStorage_.getPublicKey(keyName);
KeyType keyType = publicKey.getKeyType();
if (keyType == net.named_data.jndn.security.KeyType.RSA) {
Sha256WithRsaSignature signature = new Sha256WithRsaSignature();
digestAlgorithm[0] = net.named_data.jndn.security.DigestAlgorithm.SHA256;
signature.getKeyLocator().setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
signature.getKeyLocator().setKeyName(certificateName.getPrefix(-1));
return signature;
} else if (keyType == net.named_data.jndn.security.KeyType.ECDSA) {
Sha256WithEcdsaSignature signature_0 = new Sha256WithEcdsaSignature();
digestAlgorithm[0] = net.named_data.jndn.security.DigestAlgorithm.SHA256;
signature_0.getKeyLocator().setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
signature_0.getKeyLocator().setKeyName(certificateName.getPrefix(-1));
return signature_0;
} else
throw new SecurityException("Key type is not recognized");
}
/// <summary>
/// Prepare an unsigned identity certificate.
/// </summary>
///
/// <param name="keyName">The key name, e.g., `/{identity_name}/ksk-123456`.</param>
/// <param name="publicKey">The public key to sign.</param>
/// <param name="signingIdentity">The signing identity.</param>
/// <param name="notBefore">See IdentityCertificate.</param>
/// <param name="notAfter">See IdentityCertificate.</param>
/// <param name="subjectDescription">on the keyName.</param>
/// <param name="certPrefix">signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-...`).</param>
/// <returns>The unsigned IdentityCertificate, or null if the inputs are invalid.</returns>
public IdentityCertificate prepareUnsignedIdentityCertificate(
Name keyName, PublicKey publicKey, Name signingIdentity,
double notBefore, double notAfter, IList subjectDescription,
Name certPrefix)
{
if (keyName.size() < 1)
return null;
String tempKeyIdPrefix = keyName.get(-1).toEscapedString();
if (tempKeyIdPrefix.Length < 4)
return null;
String keyIdPrefix = tempKeyIdPrefix.Substring(0,(4)-(0));
if (!keyIdPrefix.equals("ksk-") && !keyIdPrefix.equals("dsk-"))
return null;
IdentityCertificate certificate = new IdentityCertificate();
Name certName = new Name();
if (certPrefix == null) {
// No certificate prefix hint, so infer the prefix.
if (signingIdentity.match(keyName))
certName.append(signingIdentity).append("KEY")
.append(keyName.getSubName(signingIdentity.size()))
.append("ID-CERT")
.appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds());
else
certName.append(keyName.getPrefix(-1)).append("KEY")
.append(keyName.get(-1)).append("ID-CERT")
.appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds());
} else {
// A cert prefix hint is supplied, so determine the cert name.
if (certPrefix.match(keyName) && !certPrefix.equals(keyName))
certName.append(certPrefix).append("KEY")
.append(keyName.getSubName(certPrefix.size()))
.append("ID-CERT")
.appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds());
else
return null;
}
certificate.setName(certName);
certificate.setNotBefore(notBefore);
certificate.setNotAfter(notAfter);
certificate.setPublicKeyInfo(publicKey);
if (subjectDescription == null || (subjectDescription.Count==0))
certificate
.addSubjectDescription(new CertificateSubjectDescription(
"2.5.4.41", keyName.getPrefix(-1).toUri()));
else {
for (int i = 0; i < subjectDescription.Count; ++i)
certificate
.addSubjectDescription((CertificateSubjectDescription) subjectDescription[i]);
}
try {
certificate.encode();
} catch (DerEncodingException ex) {
throw new SecurityException("DerEncodingException: " + ex);
} catch (DerDecodingException ex_0) {
throw new SecurityException("DerDecodingException: " + ex_0);
}
return certificate;
}
private static Name certNameFromKeyName(Name keyName, int keyIdx)
{
if (keyIdx < 0)
keyIdx = keyName.size() + keyIdx;
return keyName.getPrefix(keyIdx).append("KEY")
.append(keyName.getSubName(keyIdx)).append("ID-CERT")
.append("0");
}
/// <summary>
/// Throw an exception if it is an error for setDefaultKeyNameForIdentity to
/// set it.
/// </summary>
///
/// <param name="keyName">The key name.</param>
/// <param name="identityNameCheck">The identity name to check the keyName.</param>
/// <exception cref="System.Security.SecurityException">if the identity name does not match the key nameor other problem.</exception>
protected internal void checkSetDefaultKeyNameForIdentity(Name keyName,
Name identityNameCheck)
{
Name identityName = keyName.getPrefix(-1);
if (identityNameCheck.size() > 0
&& !identityNameCheck.equals(identityName))
throw new SecurityException(
"The specified identity name does not match the key name");
}
public void testPrefix()
{
Name name = new Name("/edu/cmu/andrew/user/3498478");
Name prefix1 = name.getPrefix(2);
Assert.AssertEquals("Name prefix has " + prefix1.size()
+ " components instead of 2", 2, prefix1.size());
for (int i = 0; i < 2; ++i)
Assert.AssertTrue(name.get(i).getValue().equals(prefix1.get(i).getValue()));
Name prefix2 = name.getPrefix(100);
Assert.AssertEquals(
"Prefix with more components than original should stop at end of original name",
name, prefix2);
}
/// <summary>
/// Delete a public key and related certificates.
/// </summary>
///
/// <param name="keyName">The key name.</param>
public override void deletePublicKeyInfo(Name keyName)
{
if (keyName.size() == 0)
return;
String keyId = keyName.get(-1).toEscapedString();
Name identityName = keyName.getPrefix(-1);
try {
PreparedStatement statement = database_
.prepareStatement("DELETE FROM Certificate WHERE "
+ net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.WHERE_deletePublicKeyInfo);
statement.setString(1, identityName.toUri());
statement.setString(2, keyId);
try {
statement.executeUpdate();
} finally {
statement.close();
}
statement = database_.prepareStatement("DELETE FROM Key WHERE "
+ net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.WHERE_deletePublicKeyInfo);
statement.setString(1, identityName.toUri());
statement.setString(2, keyId);
try {
statement.executeUpdate();
} finally {
statement.close();
}
} catch (SQLException exception) {
throw new SecurityException("BasicIdentityStorage: SQLite error: "
+ exception);
}
}
/// <summary>
/// In table Key, set 'active' to isActive for the keyName.
/// </summary>
///
/// <param name="keyName">The name of the key.</param>
/// <param name="isActive">The value for the 'active' field.</param>
protected internal override void updateKeyStatus(Name keyName, bool isActive)
{
String keyId = keyName.get(-1).toEscapedString();
Name identityName = keyName.getPrefix(-1);
try {
PreparedStatement statement = database_
.prepareStatement("UPDATE Key SET active=? WHERE "
+ net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.WHERE_updateKeyStatus);
statement.setInt(1, ((isActive) ? 1 : 0));
statement.setString(2, identityName.toUri());
statement.setString(3, keyId);
try {
statement.executeUpdate();
} finally {
statement.close();
}
} catch (SQLException exception) {
throw new SecurityException("BasicIdentityStorage: SQLite error: "
+ exception);
}
}
public void testAutoCreateIdentity()
{
Name keyName1 = new Name(
"/TestSqlIdentityStorage/KeyType/RSA/ksk-12345");
Name identityName = keyName1.getPrefix(-1);
byte[] decodedKey = net.named_data.jndn.util.Common.base64Decode(RSA_DER);
identityStorage.addKey(keyName1, net.named_data.jndn.security.KeyType.RSA, new Blob(decodedKey,
false));
identityStorage.setDefaultKeyNameForIdentity(keyName1);
AssertTrue("Key was not added", identityStorage.doesKeyExist(keyName1));
AssertTrue("Identity for key was not automatically created",
identityStorage.doesIdentityExist(identityName));
AssertTrue("Default key was not set on identity creation",
identityManager.getDefaultKeyNameForIdentity(identityName)
.equals(keyName1));
try {
identityStorage.getDefaultCertificateNameForKey(keyName1);
Fail();
} catch (SecurityException ex) {
}
// We have no private key for signing.
try {
identityManager.selfSign(keyName1);
Fail();
} catch (SecurityException ex_0) {
}
try {
identityStorage.getDefaultCertificateNameForKey(keyName1);
Fail();
} catch (SecurityException ex_1) {
}
try {
identityManager.getDefaultCertificateNameForIdentity(identityName);
Fail();
} catch (SecurityException ex_2) {
}
Name keyName2 = identityManager
.generateRSAKeyPairAsDefault(identityName);
IdentityCertificate cert = identityManager.selfSign(keyName2);
identityManager.addCertificateAsIdentityDefault(cert);
Name certName1 = identityManager
.getDefaultCertificateNameForIdentity(identityName);
Name certName2 = identityStorage
.getDefaultCertificateNameForKey(keyName2);
AssertTrue(
"Key-certificate mapping and identity-certificate mapping are not consistent",
certName1.equals(certName2));
keyChain.deleteIdentity(identityName);
AssertFalse(identityStorage.doesKeyExist(keyName1));
}
/// <summary>
/// Get the public key DER blob from the identity storage.
/// </summary>
///
/// <param name="keyName">The name of the requested public key.</param>
/// <returns>The DER Blob.</returns>
/// <exception cref="System.Security.SecurityException">if the key doesn't exist.</exception>
public override sealed Blob getKey(Name keyName)
{
if (keyName.size() == 0)
throw new SecurityException(
"BasicIdentityStorage::getKey: Empty keyName");
String keyId = keyName.get(-1).toEscapedString();
Name identityName = keyName.getPrefix(-1);
try {
PreparedStatement statement = database_
.prepareStatement(net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.SELECT_getKey);
statement.setString(1, identityName.toUri());
statement.setString(2, keyId);
try {
SqlDataReader result = statement.executeQuery();
if (result.NextResult())
return new Blob(result.getBytes("public_key"), false);
else
throw new SecurityException(
"BasicIdentityStorage::getKey: The key does not exist");
} finally {
statement.close();
}
} catch (SQLException exception) {
throw new SecurityException("BasicIdentityStorage: SQLite error: "
+ exception);
}
}
/// <summary>
/// Set a key as the default key of an identity. The identity name is inferred
/// from keyName.
/// </summary>
///
/// <param name="keyName">The name of the key.</param>
/// <param name="identityNameCheck"></param>
public override sealed void setDefaultKeyNameForIdentity(Name keyName,
Name identityNameCheck)
{
checkSetDefaultKeyNameForIdentity(keyName, identityNameCheck);
String keyId = keyName.get(-1).toEscapedString();
Name identityName = keyName.getPrefix(-1);
try {
// Reset the previous default Key.
PreparedStatement statement = database_
.prepareStatement("UPDATE Key SET default_key=0 WHERE "
+ net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.WHERE_setDefaultKeyNameForIdentity_reset);
statement.setString(1, identityName.toUri());
try {
statement.executeUpdate();
} finally {
statement.close();
}
// Set the current default Key.
statement = database_
.prepareStatement("UPDATE Key SET default_key=1 WHERE "
+ net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.WHERE_setDefaultKeyNameForIdentity_set);
statement.setString(1, identityName.toUri());
statement.setString(2, keyId);
try {
statement.executeUpdate();
} finally {
statement.close();
}
} catch (SQLException exception) {
throw new SecurityException("BasicIdentityStorage: SQLite error: "
+ exception);
}
}
/// <summary>
/// Get the default certificate name for the specified key.
/// </summary>
///
/// <param name="keyName">The key name.</param>
/// <returns>The default certificate name.</returns>
/// <exception cref="System.Security.SecurityException">if the default certificate name for the key nameis not set.</exception>
public override sealed Name getDefaultCertificateNameForKey(Name keyName)
{
String keyId = keyName.get(-1).toEscapedString();
Name identityName = keyName.getPrefix(-1);
try {
PreparedStatement statement = database_
.prepareStatement(net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.SELECT_getDefaultCertificateNameForKey);
statement.setString(1, identityName.toUri());
statement.setString(2, keyId);
try {
SqlDataReader result = statement.executeQuery();
if (result.NextResult())
return new Name((string)result["cert_name"]);
else
throw new SecurityException(
"BasicIdentityStorage.getDefaultCertificateNameForKey: The default certificate for the key name is not defined");
} finally {
statement.close();
}
} catch (SQLException exception) {
throw new SecurityException("BasicIdentityStorage: SQLite error: "
+ exception);
}
}
/// <summary>
/// Append all the certificate names of a particular key name to the nameList.
/// </summary>
///
/// <param name="keyName">The key name to search for.</param>
/// <param name="nameList">Append result names to nameList.</param>
/// <param name="isDefault"></param>
public override void getAllCertificateNamesOfKey(Name keyName, ArrayList nameList,
bool isDefault)
{
try {
String sql = (isDefault) ? net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.SELECT_getAllCertificateNamesOfKey_default_true
: net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.SELECT_getAllCertificateNamesOfKey_default_false;
PreparedStatement statement = database_.prepareStatement(sql);
statement.setString(1, keyName.getPrefix(-1).toUri());
statement.setString(2, keyName.get(-1).toEscapedString());
try {
SqlDataReader result = statement.executeQuery();
while (result.NextResult())
ILOG.J2CsMapping.Collections.Collections.Add(nameList,new Name((string)result["cert_name"]));
} finally {
statement.close();
}
} catch (SQLException exception) {
throw new SecurityException("BasicIdentityStorage: SQLite error: "
+ exception);
}
}
/// <summary>
/// Check if the specified key already exists.
/// </summary>
///
/// <param name="keyName">The name of the key.</param>
/// <returns>true if the key exists, otherwise false.</returns>
public override sealed bool doesKeyExist(Name keyName)
{
String keyId = keyName.get(-1).toEscapedString();
Name identityName = keyName.getPrefix(-1);
try {
PreparedStatement statement = database_
.prepareStatement(net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.SELECT_doesKeyExist);
statement.setString(1, identityName.toUri());
statement.setString(2, keyId);
try {
SqlDataReader result = statement.executeQuery();
if (result.NextResult())
return result.getInt(1) > 0;
else
return false;
} finally {
statement.close();
}
} catch (SQLException exception) {
throw new SecurityException("BasicIdentityStorage: SQLite error: "
+ exception);
}
}
/// <summary>
/// Generate a self-signed certificate for a public key.
/// </summary>
///
/// <param name="keyName">The name of the public key.</param>
/// <returns>The generated certificate.</returns>
public IdentityCertificate selfSign(Name keyName)
{
IdentityCertificate certificate = new IdentityCertificate();
Blob keyBlob = identityStorage_.getKey(keyName);
PublicKey publicKey = new PublicKey(keyBlob);
Calendar calendar = ILOG.J2CsMapping.Util.Calendar.getInstance();
double notBefore = (double) calendar.getTimeInMillis();
calendar.add(ILOG.J2CsMapping.Util.Calendar.YEAR, 2);
double notAfter = (double) calendar.getTimeInMillis();
certificate.setNotBefore(notBefore);
certificate.setNotAfter(notAfter);
Name certificateName = keyName.getPrefix(-1).append("KEY")
.append(keyName.get(-1)).append("ID-CERT")
.appendVersion((long) certificate.getNotBefore());
certificate.setName(certificateName);
certificate.setPublicKeyInfo(publicKey);
certificate.addSubjectDescription(new CertificateSubjectDescription(
"2.5.4.41", keyName.toUri()));
try {
certificate.encode();
} catch (DerEncodingException ex) {
// We don't expect this to happen.
ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(IdentityManager).FullName).log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE,
null, ex);
return null;
} catch (DerDecodingException ex_0) {
// We don't expect this to happen.
ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(IdentityManager).FullName).log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE,
null, ex_0);
return null;
}
signByCertificate(certificate, certificate.getName());
return certificate;
}
private void construct(Name prefix, Name dataType)
{
Name fixedPrefix = new Name(prefix);
Name fixedDataType = new Name(dataType);
// Fill ekeyInfo_ with all permutations of dataType, including the 'E-KEY'
// component of the name. This will be used in createContentKey to send
// interests without reconstructing names every time.
fixedPrefix.append(net.named_data.jndn.encrypt.algo.Encryptor.NAME_COMPONENT_READ);
while (fixedDataType.size() > 0) {
Name nodeName = new Name(fixedPrefix);
nodeName.append(fixedDataType);
nodeName.append(net.named_data.jndn.encrypt.algo.Encryptor.NAME_COMPONENT_E_KEY);
ILOG.J2CsMapping.Collections.Collections.Put(eKeyInfo_,nodeName,new Producer.KeyInfo ());
fixedDataType = fixedDataType.getPrefix(-1);
}
fixedPrefix.append(dataType);
namespace_ = new Name(prefix);
namespace_.append(net.named_data.jndn.encrypt.algo.Encryptor.NAME_COMPONENT_SAMPLE);
namespace_.append(dataType);
}
/// <summary>
/// Set a key as the default key of an identity. The identity name is inferred
/// from keyName.
/// </summary>
///
/// <param name="keyName">The name of the key.</param>
/// <param name="identityNameCheck"></param>
public override void setDefaultKeyNameForIdentity(Name keyName,
Name identityNameCheck)
{
Name identityName = keyName.getPrefix(-1);
if (identityNameCheck.size() > 0
&& !identityNameCheck.equals(identityName))
throw new SecurityException(
"The specified identity name does not match the key name");
String identity = identityName.toUri();
if (identityStore_.Contains(identity)) {
((MemoryIdentityStorage.IdentityRecord ) ILOG.J2CsMapping.Collections.Collections.Get(identityStore_,identity))
.setDefaultKey(new Name(keyName));
}
}
public void testPrepareUnsignedCertificate()
{
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage();
IdentityManager identityManager = new IdentityManager(identityStorage,
privateKeyStorage);
Name keyName = new Name("/test/ksk-1457560485494");
identityStorage.addKey(keyName, net.named_data.jndn.security.KeyType.RSA,
new Blob(PUBLIC_KEY, false));
ArrayList subjectDescriptions = new ArrayList();
ILOG.J2CsMapping.Collections.Collections.Add(subjectDescriptions,new CertificateSubjectDescription(TEST_OID,
"TEST NAME"));
IdentityCertificate newCertificate = identityManager
.prepareUnsignedIdentityCertificate(keyName,
keyName.getPrefix(1), toyCertNotBefore,
toyCertNotAfter, subjectDescriptions);
// Update the generated certificate version to equal the one in toyCert.
newCertificate.setName(new Name(newCertificate.getName().getPrefix(-1)
.append(toyCert.getName().get(-1))));
// Make a copy to test encoding.
IdentityCertificate certificateCopy = new IdentityCertificate(
newCertificate);
Assert.AssertEquals(
"Prepared unsigned certificate dump does not have the expected format",
"" + toyCert, "" + certificateCopy);
}
public void testMatch()
{
Name name = new Name("/edu/cmu/andrew/user/3498478");
Name name2 = new Name(name);
Assert.AssertTrue("Name does not match deep copy of itself", name.match(name2));
name2 = name.getPrefix(2);
Assert.AssertTrue("Name did not match prefix", name2.match(name));
Assert.AssertFalse("Name should not match shorter name", name.match(name2));
Assert.AssertTrue("Empty name should always match another",
new Name().match(name));
}
private void fetchNextSegment(Interest originalInterest_0, Name dataName,
long segment)
{
// Start with the original Interest to preserve any special selectors.
Interest interest = new Interest(originalInterest_0);
// Changing a field clears the nonce so that the library will generate a new one.
interest.setChildSelector(0);
interest.setMustBeFresh(false);
interest.setName(dataName.getPrefix(-1).appendSegment(segment));
try {
face_.expressInterest(interest, this, this);
} catch (IOException ex) {
try {
onError_.onError(net.named_data.jndn.util.SegmentFetcher.ErrorCode.IO_ERROR,
"I/O error fetching the next segment " + ex);
} catch (Exception exception) {
logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception);
}
}
}
/// <summary>
/// Add a new member with the given key named keyName into a schedule named
/// scheduleName. The member's identity name is keyName.getPrefix(-1).
/// </summary>
///
/// <param name="scheduleName">The schedule name.</param>
/// <param name="keyName">The name of the key.</param>
/// <param name="key">A Blob of the public key DER.</param>
/// <exception cref="GroupManagerDb.Error">If there's no schedule named scheduleName, ifthe member's identity name already exists, or other database error.</exception>
public override void addMember(String scheduleName, Name keyName, Blob key)
{
int scheduleId = getScheduleId(scheduleName);
if (scheduleId == -1)
throw new GroupManagerDb.Error("The schedule does not exist");
// Needs to be changed in the future.
Name memberName = keyName.getPrefix(-1);
try {
PreparedStatement statement = database_
.prepareStatement(net.named_data.jndn.encrypt.Sqlite3GroupManagerDbBase.INSERT_addMember);
statement.setInt(1, scheduleId);
statement.setBytes(2, memberName.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get())
.getImmutableArray());
statement.setBytes(3, keyName.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get())
.getImmutableArray());
statement.setBytes(4, key.getImmutableArray());
try {
statement.executeUpdate();
} finally {
statement.close();
}
} catch (SQLException exception) {
throw new GroupManagerDb.Error(
"Sqlite3GroupManagerDb.addMember: SQLite error: "
+ exception);
}
}
/// <summary>
/// Add a public key to the identity storage. Also call addIdentity to ensure
/// that the identityName for the key exists. However, if the key already
/// exists, do nothing.
/// </summary>
///
/// <param name="keyName">The name of the public key to be added.</param>
/// <param name="keyType">Type of the public key to be added.</param>
/// <param name="publicKeyDer">A blob of the public key DER to be added.</param>
public override sealed void addKey(Name keyName, KeyType keyType, Blob publicKeyDer)
{
if (keyName.size() == 0)
return;
if (doesKeyExist(keyName))
return;
String keyId = keyName.get(-1).toEscapedString();
Name identityName = keyName.getPrefix(-1);
addIdentity(identityName);
try {
PreparedStatement statement = database_
.prepareStatement("INSERT INTO Key (identity_name, key_identifier, key_type, public_key) values (?, ?, ?, ?)");
statement.setString(1, identityName.toUri());
statement.setString(2, keyId);
statement.setInt(3, keyType.getNumericType());
statement.setBytes(4, publicKeyDer.getImmutableArray());
try {
statement.executeUpdate();
} finally {
statement.close();
}
} catch (SQLException exception) {
throw new SecurityException("BasicIdentityStorage: SQLite error: "
+ exception);
}
}
