/// <summary> /// Check if the given name matches this filter. Match if name starts with this /// filter's prefix. If this filter has the optional regexFilter then the /// remaining components match the regexFilter regular expression. /// For example, the following InterestFilter: /// InterestFilter("/hello", "<world><>+") /// will match all Interests, whose name has the prefix `/hello` which is /// followed by a component `world` and has at least one more component after it. /// Examples: /// /hello/world/! /// /hello/world/x/y/z /// Note that the regular expression will need to match all remaining components /// (e.g., there are implicit heading `^` and trailing `$` symbols in the /// regular expression). /// </summary> /// /// <param name="name">The name to check against this filter.</param> /// <returns>True if name matches this filter, otherwise false.</returns> public bool doesMatch(Name name) { if (name.size() < prefix_.size()) return false; if (hasRegexFilter()) { // Perform a prefix match and regular expression match for the remaining // components. if (!prefix_.match(name)) return false; return null != net.named_data.jndn.util.NdnRegexMatcher.match(regexFilterPattern_, name.getSubName(prefix_.size())); } else // Just perform a prefix match. return prefix_.match(name); }
static void Main(string[] args) { var interest = new Interest(); interest.wireDecode(new Blob(TlvInterest)); Console.Out.WriteLine("Interest:"); dumpInterest(interest); // Set the name again to clear the cached encoding so we encode again. interest.setName(interest.getName()); var encoding = interest.wireEncode(); Console.Out.WriteLine(""); Console.Out.WriteLine("Re-encoded interest " + encoding.toHex()); var reDecodedInterest = new Interest(); reDecodedInterest.wireDecode(encoding); Console.Out.WriteLine(""); Console.Out.WriteLine("Re-decoded Interest:"); dumpInterest(reDecodedInterest); var freshInterest = new Interest(new Name("/ndn/abc")); freshInterest.setMinSuffixComponents(4); freshInterest.setMaxSuffixComponents(6); freshInterest.setInterestLifetimeMilliseconds(30000); freshInterest.setChildSelector(1); freshInterest.setMustBeFresh(true); freshInterest.getKeyLocator().setType(KeyLocatorType.KEY_LOCATOR_DIGEST); freshInterest.getKeyLocator().setKeyData (new Blob(new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F })); freshInterest.getExclude().appendComponent(new Name("abc").get(0)).appendAny(); var identityStorage = new MemoryIdentityStorage(); var privateKeyStorage = new MemoryPrivateKeyStorage(); var keyChain = new KeyChain (new IdentityManager(identityStorage, privateKeyStorage), new SelfVerifyPolicyManager(identityStorage)); // Initialize the storage. var keyName = new Name("/testname/DSK-123"); var certificateName = keyName.getSubName(0, keyName.size() - 1).append ("KEY").append(keyName.get(-1)).append("ID-CERT").append("0"); identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER)); privateKeyStorage.setKeyPairForKeyName (keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER), new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER)); // Make a Face just so that we can sign the interest. var face = new Face("localhost"); face.setCommandSigningInfo(keyChain, certificateName); face.makeCommandInterest(freshInterest); Interest reDecodedFreshInterest = new Interest(); reDecodedFreshInterest.wireDecode(freshInterest.wireEncode()); Console.Out.WriteLine(""); Console.Out.WriteLine("Re-decoded fresh Interest:"); dumpInterest(reDecodedFreshInterest); VerifyCallbacks callbacks = new VerifyCallbacks("Freshly-signed Interest"); keyChain.verifyInterest(reDecodedFreshInterest, callbacks, callbacks); }
/// <summary> /// Get the public key name from the full certificate name. /// </summary> /// /// <param name="certificateName">The full certificate name.</param> /// <returns>The related public key name.</returns> public static Name certificateNameToPublicKeyName(Name certificateName) { String idString = "ID-CERT"; bool foundIdString = false; int idCertComponentIndex = certificateName.size() - 1; for (; idCertComponentIndex + 1 > 0; --idCertComponentIndex) { if (certificateName.get(idCertComponentIndex).toEscapedString() .equals(idString)) { foundIdString = true; break; } } if (!foundIdString) throw new Exception("Incorrect identity certificate name " + certificateName.toUri()); Name tempName = certificateName.getSubName(0, idCertComponentIndex); String keyString = "KEY"; bool foundKeyString = false; int keyComponentIndex = 0; for (; keyComponentIndex < tempName.size(); keyComponentIndex++) { if (tempName.get(keyComponentIndex).toEscapedString() .equals(keyString)) { foundKeyString = true; break; } } if (!foundKeyString) throw new Exception("Incorrect identity certificate name " + certificateName.toUri()); return tempName.getSubName(0, keyComponentIndex).append( tempName.getSubName(keyComponentIndex + 1, tempName.size() - keyComponentIndex - 1)); }
/// <summary> /// Create a KeyChain with the a default name and key pair. /// </summary> /// /// <param name="certificateName">Set certificateName[0] to the signing certificateName.</param> /// <returns>The KeyChain.</returns> /// <exception cref="System.Security.SecurityException"></exception> public static KeyChain buildKeyChain(Name[] certificateName) { MemoryIdentityStorage identityStorage = new MemoryIdentityStorage(); MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage(); KeyChain keyChain = new KeyChain(new IdentityManager(identityStorage, privateKeyStorage), new SelfVerifyPolicyManager(identityStorage)); // initialize the storage with Name keyName = new Name("/testname/DSK-123"); certificateName[0] = keyName.getSubName(0, keyName.size() - 1) .append("KEY").append(keyName.get(-1)).append("ID-CERT") .append("0"); identityStorage.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob( DEFAULT_RSA_PUBLIC_KEY_DER, false)); privateKeyStorage.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER); return keyChain; }
public void testSubName() { Name name = new Name("/edu/cmu/andrew/user/3498478"); Name subName1 = name.getSubName(0); Assert.AssertEquals( "Subname from first component does not match original name", name, subName1); Name subName2 = name.getSubName(3); Assert.AssertEquals("/user/3498478", subName2.toUri()); Name subName3 = name.getSubName(1, 3); Assert.AssertEquals("/cmu/andrew/user", subName3.toUri()); Name subName4 = name.getSubName(0, 100); Assert.AssertEquals( "Subname with more components than original should stop at end of original name", name, subName4); Name subName5 = name.getSubName(7, 2); Assert.AssertEquals("Subname beginning after end of name should be empty", new Name(), subName5); Name subName6 = name.getSubName(-1, 7); Assert.AssertEquals( "Negative subname with more components than original should stop at end of original name", new Name("/3498478"), subName6); Name subName7 = name.getSubName(-5, 5); Assert.AssertEquals("Subname from (-length) should match original name", name, subName7); }
public CredentialStorage() { this.identityStorage_ = new MemoryIdentityStorage(); this.privateKeyStorage_ = new MemoryPrivateKeyStorage(); this.keyChain_ = new KeyChain(new IdentityManager( identityStorage_, privateKeyStorage_), new SelfVerifyPolicyManager( identityStorage_)); Name keyName = new Name("/testname/DSK-123"); defaultCertName_ = keyName.getSubName(0, keyName.size() - 1) .append("KEY").append(keyName.get(-1)).append("ID-CERT") .append("0"); Name ecdsaKeyName = new Name("/testEcdsa/DSK-123"); ecdsaCertName_ = ecdsaKeyName.getSubName(0, ecdsaKeyName.size() - 1) .append("KEY").append(ecdsaKeyName.get(-1)).append("ID-CERT") .append("0"); try { identityStorage_.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob( DEFAULT_RSA_PUBLIC_KEY_DER, false)); privateKeyStorage_.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER); #if false // Skip ECDSA for now. identityStorage_.addKey(ecdsaKeyName, net.named_data.jndn.security.KeyType.ECDSA, new Blob( DEFAULT_EC_PUBLIC_KEY_DER, false)); privateKeyStorage_.setKeyPairForKeyName(ecdsaKeyName, net.named_data.jndn.security.KeyType.ECDSA, DEFAULT_EC_PUBLIC_KEY_DER, DEFAULT_EC_PRIVATE_KEY_DER); #endif } catch (SecurityException ex) { // Don't expect this to happen; System.Console.Out.WriteLine("Exception setting test keys: " + ex); identityStorage_ = null; privateKeyStorage_ = null; } }
/// <summary> /// Add a public key to the identity storage. Also call addIdentity to ensure /// that the identityName for the key exists. However, if the key already /// exists, do nothing. /// </summary> /// /// <param name="keyName">The name of the public key to be added.</param> /// <param name="keyType">Type of the public key to be added.</param> /// <param name="publicKeyDer">A blob of the public key DER to be added.</param> public override void addKey(Name keyName, KeyType keyType, Blob publicKeyDer) { if (keyName.size() == 0) return; if (doesKeyExist(keyName)) return; Name identityName = keyName.getSubName(0, keyName.size() - 1); addIdentity(identityName); ILOG.J2CsMapping.Collections.Collections.Put(keyStore_,keyName.toUri(),new MemoryIdentityStorage.KeyRecord (keyType, publicKeyDer)); }
public void setUp() { MemoryIdentityStorage identityStorage = new MemoryIdentityStorage(); MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage(); keyChain = new KeyChain(new IdentityManager(identityStorage, privateKeyStorage), new SelfVerifyPolicyManager(identityStorage)); // Initialize the storage. Name keyName = new Name("/testname/DSK-123"); certificateName = keyName.getSubName(0, keyName.size() - 1) .append("KEY").append(keyName.get(-1)).append("ID-CERT") .append("0"); try { identityStorage.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob( DEFAULT_RSA_PUBLIC_KEY_DER, false)); privateKeyStorage.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER); } catch (SecurityException ex) { // We don't expect this to happen. ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(TestLink).FullName).log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null, ex); } }
/** * Loop to decode a data packet nIterations times. * @param nIterations The number of iterations. * @param useCrypto If true, verify the signature. If false, don't verify. * @param keyType KeyType.RSA or EC, used if useCrypto is true. * @param encoding The wire encoding to decode. * @return The number of seconds for all iterations. * @throws EncodingException */ private static double benchmarkDecodeDataSeconds(int nIterations, bool useCrypto, KeyType keyType, Blob encoding) { // Initialize the KeyChain storage in case useCrypto is true. MemoryIdentityStorage identityStorage = new MemoryIdentityStorage(); KeyChain keyChain = new KeyChain (new IdentityManager(identityStorage, new MemoryPrivateKeyStorage()), new SelfVerifyPolicyManager(identityStorage)); Name keyName = new Name("/testname/DSK-123"); Name certificateName = keyName.getSubName(0, keyName.size() - 1).append ("KEY").append(keyName.get(-1)).append("ID-CERT").append("0"); identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER)); VerifyCallbacks callbacks = new VerifyCallbacks(); double start = getNowSeconds(); for (int i = 0; i < nIterations; ++i) { Data data = new Data(); data.wireDecode(encoding.buf()); if (useCrypto) keyChain.verifyData(data, callbacks, callbacks); } double finish = getNowSeconds(); return finish - start; }
/** * Loop to encode a data packet nIterations times. * @param nIterations The number of iterations. * @param useComplex If true, use a large name, large content and all fields. * If false, use a small name, small content * and only required fields. * @param useCrypto If true, sign the data packet. If false, use a blank * signature. * @param keyType KeyType.RSA or EC, used if useCrypto is true. * @param encoding Set encoding[0] to the wire encoding. * @return The number of seconds for all iterations. */ private static double benchmarkEncodeDataSeconds(int nIterations, bool useComplex, bool useCrypto, KeyType keyType, Blob[] encoding) { Name name; Blob content; if (useComplex) { // Use a large name and content. name = new Name ("/ndn/ucla.edu/apps/lwndn-test/numbers.txt/%FD%05%05%E8%0C%CE%1D/%00"); StringBuilder contentStream = new StringBuilder(); int count = 1; contentStream.append(count++); while (contentStream.toString().Length < 1115) contentStream.append(" ").append(count++); content = new Blob(contentStream.toString()); } else { // Use a small name and content. name = new Name("/test"); content = new Blob("abc"); } Name.Component finalBlockId = new Name.Component(new Blob(new byte[] { (byte)0 })); // Initialize the KeyChain storage in case useCrypto is true. MemoryIdentityStorage identityStorage = new MemoryIdentityStorage(); MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage(); KeyChain keyChain = new KeyChain (new IdentityManager(identityStorage, privateKeyStorage), new SelfVerifyPolicyManager(identityStorage)); Name keyName = new Name("/testname/DSK-123"); Name certificateName = keyName.getSubName(0, keyName.size() - 1).append ("KEY").append(keyName.get(-1)).append("ID-CERT").append("0"); privateKeyStorage.setKeyPairForKeyName (keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER), new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER)); Blob signatureBits = new Blob(new byte[256]); Blob emptyBlob = new Blob(new byte[0]); double start = getNowSeconds(); for (int i = 0; i < nIterations; ++i) { Data data = new Data(name); data.setContent(content); if (useComplex) { data.getMetaInfo().setFreshnessPeriod(30000); data.getMetaInfo().setFinalBlockId(finalBlockId); } if (useCrypto) // This sets the signature fields. keyChain.sign(data, certificateName); else { // Imitate IdentityManager.signByCertificate to set up the signature // fields, but don't sign. KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(KeyLocatorType.KEYNAME); keyLocator.setKeyName(certificateName); Sha256WithRsaSignature sha256Signature = (Sha256WithRsaSignature)data.getSignature(); sha256Signature.setKeyLocator(keyLocator); sha256Signature.setSignature(signatureBits); } encoding[0] = data.wireEncode(); } double finish = getNowSeconds(); return finish - start; }
/// <summary> /// Prepare an unsigned identity certificate. /// </summary> /// /// <param name="keyName">The key name, e.g., `/{identity_name}/ksk-123456`.</param> /// <param name="publicKey">The public key to sign.</param> /// <param name="signingIdentity">The signing identity.</param> /// <param name="notBefore">See IdentityCertificate.</param> /// <param name="notAfter">See IdentityCertificate.</param> /// <param name="subjectDescription">on the keyName.</param> /// <param name="certPrefix">signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-...`).</param> /// <returns>The unsigned IdentityCertificate, or null if the inputs are invalid.</returns> public IdentityCertificate prepareUnsignedIdentityCertificate( Name keyName, PublicKey publicKey, Name signingIdentity, double notBefore, double notAfter, IList subjectDescription, Name certPrefix) { if (keyName.size() < 1) return null; String tempKeyIdPrefix = keyName.get(-1).toEscapedString(); if (tempKeyIdPrefix.Length < 4) return null; String keyIdPrefix = tempKeyIdPrefix.Substring(0,(4)-(0)); if (!keyIdPrefix.equals("ksk-") && !keyIdPrefix.equals("dsk-")) return null; IdentityCertificate certificate = new IdentityCertificate(); Name certName = new Name(); if (certPrefix == null) { // No certificate prefix hint, so infer the prefix. if (signingIdentity.match(keyName)) certName.append(signingIdentity).append("KEY") .append(keyName.getSubName(signingIdentity.size())) .append("ID-CERT") .appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds()); else certName.append(keyName.getPrefix(-1)).append("KEY") .append(keyName.get(-1)).append("ID-CERT") .appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds()); } else { // A cert prefix hint is supplied, so determine the cert name. if (certPrefix.match(keyName) && !certPrefix.equals(keyName)) certName.append(certPrefix).append("KEY") .append(keyName.getSubName(certPrefix.size())) .append("ID-CERT") .appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds()); else return null; } certificate.setName(certName); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); certificate.setPublicKeyInfo(publicKey); if (subjectDescription == null || (subjectDescription.Count==0)) certificate .addSubjectDescription(new CertificateSubjectDescription( "2.5.4.41", keyName.getPrefix(-1).toUri())); else { for (int i = 0; i < subjectDescription.Count; ++i) certificate .addSubjectDescription((CertificateSubjectDescription) subjectDescription[i]); } try { certificate.encode(); } catch (DerEncodingException ex) { throw new SecurityException("DerEncodingException: " + ex); } catch (DerDecodingException ex_0) { throw new SecurityException("DerDecodingException: " + ex_0); } return certificate; }
private static Name getKeyNameFromCertificatePrefix(Name certificatePrefix) { Name result = new Name(); String keyString = "KEY"; int i = 0; for (; i < certificatePrefix.size(); i++) { if (certificatePrefix.get(i).toEscapedString().equals(keyString)) break; } if (i >= certificatePrefix.size()) throw new SecurityException( "Identity Certificate Prefix does not have a KEY component"); result.append(certificatePrefix.getSubName(0, i)); result.append(certificatePrefix.getSubName(i + 1, certificatePrefix.size() - i - 1)); return result; }
private static Name certNameFromKeyName(Name keyName, int keyIdx) { if (keyIdx < 0) keyIdx = keyName.size() + keyIdx; return keyName.getPrefix(keyIdx).append("KEY") .append(keyName.getSubName(keyIdx)).append("ID-CERT") .append("0"); }
static void Main(string[] args) { var data = new Data(); data.wireDecode(new Blob(TlvData)); Console.Out.WriteLine("Decoded Data:"); dumpData(data); // Set the content again to clear the cached encoding so we encode again. data.setContent(data.getContent()); var encoding = data.wireEncode(); var reDecodedData = new Data(); reDecodedData.wireDecode(encoding); Console.Out.WriteLine(""); Console.Out.WriteLine("Re-decoded Data:"); dumpData(reDecodedData); var identityStorage = new MemoryIdentityStorage(); var privateKeyStorage = new MemoryPrivateKeyStorage(); var keyChain = new KeyChain (new IdentityManager(identityStorage, privateKeyStorage), new SelfVerifyPolicyManager(identityStorage)); // Initialize the storage. var keyName = new Name("/testname/DSK-123"); var certificateName = keyName.getSubName(0, keyName.size() - 1).append ("KEY").append(keyName.get(-1)).append("ID-CERT").append("0"); identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER)); privateKeyStorage.setKeyPairForKeyName (keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER), new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER)); VerifyCallbacks callbacks = new VerifyCallbacks("Re-decoded Data"); keyChain.verifyData(reDecodedData, callbacks, callbacks); var freshData = new Data(new Name("/ndn/abc")); freshData.setContent(new Blob("SUCCESS!")); freshData.getMetaInfo().setFreshnessPeriod(5000); freshData.getMetaInfo().setFinalBlockId(new Name("/%00%09").get(0)); keyChain.sign(freshData, certificateName); Console.Out.WriteLine(""); Console.Out.WriteLine("Freshly-signed Data:"); dumpData(freshData); callbacks = new VerifyCallbacks("Freshly-signed Data"); keyChain.verifyData(freshData, callbacks, callbacks); }
static void Main(string[] args) { var face = new Face (new TcpTransport(), new TcpTransport.ConnectionInfo("localhost")); // For now, when setting face.setCommandSigningInfo, use a key chain with // a default private key instead of the system default key chain. This // is OK for now because NFD is configured to skip verification, so it // ignores the system default key chain. var identityStorage = new MemoryIdentityStorage(); var privateKeyStorage = new MemoryPrivateKeyStorage(); var keyChain = new KeyChain (new IdentityManager(identityStorage, privateKeyStorage), new SelfVerifyPolicyManager(identityStorage)); keyChain.setFace(face); // Initialize the storage. var keyName = new Name("/testname/DSK-123"); var certificateName = keyName.getSubName(0, keyName.size() - 1).append ("KEY").append(keyName.get(-1)).append("ID-CERT").append("0"); identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER)); privateKeyStorage.setKeyPairForKeyName (keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER), new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER)); face.setCommandSigningInfo(keyChain, certificateName); var echo = new Echo(keyChain, certificateName); var prefix = new Name("/testecho"); Console.Out.WriteLine("Register prefix " + prefix.toUri()); face.registerPrefix(prefix, echo, echo); // The main event loop. // Wait to receive one interest for the prefix. while (echo.responseCount_ < 1) { face.processEvents(); // We need to sleep for a few milliseconds so we don't use 100% of // the CPU. System.Threading.Thread.Sleep(5); } }