/// <summary>
/// Check if the given name matches this filter. Match if name starts with this
/// filter's prefix. If this filter has the optional regexFilter then the
/// remaining components match the regexFilter regular expression.
/// For example, the following InterestFilter:
/// InterestFilter("/hello", "<world><>+")
/// will match all Interests, whose name has the prefix `/hello` which is
/// followed by a component `world` and has at least one more component after it.
/// Examples:
/// /hello/world/!
/// /hello/world/x/y/z
/// Note that the regular expression will need to match all remaining components
/// (e.g., there are implicit heading `^` and trailing `$` symbols in the
/// regular expression).
/// </summary>
///
/// <param name="name">The name to check against this filter.</param>
/// <returns>True if name matches this filter, otherwise false.</returns>
public bool doesMatch(Name name)
{
if (name.size() < prefix_.size())
return false;
if (hasRegexFilter()) {
// Perform a prefix match and regular expression match for the remaining
// components.
if (!prefix_.match(name))
return false;
return null != net.named_data.jndn.util.NdnRegexMatcher.match(regexFilterPattern_,
name.getSubName(prefix_.size()));
} else
// Just perform a prefix match.
return prefix_.match(name);
}
static void Main(string[] args)
{
var interest = new Interest();
interest.wireDecode(new Blob(TlvInterest));
Console.Out.WriteLine("Interest:");
dumpInterest(interest);
// Set the name again to clear the cached encoding so we encode again.
interest.setName(interest.getName());
var encoding = interest.wireEncode();
Console.Out.WriteLine("");
Console.Out.WriteLine("Re-encoded interest " + encoding.toHex());
var reDecodedInterest = new Interest();
reDecodedInterest.wireDecode(encoding);
Console.Out.WriteLine("");
Console.Out.WriteLine("Re-decoded Interest:");
dumpInterest(reDecodedInterest);
var freshInterest = new Interest(new Name("/ndn/abc"));
freshInterest.setMinSuffixComponents(4);
freshInterest.setMaxSuffixComponents(6);
freshInterest.setInterestLifetimeMilliseconds(30000);
freshInterest.setChildSelector(1);
freshInterest.setMustBeFresh(true);
freshInterest.getKeyLocator().setType(KeyLocatorType.KEY_LOCATOR_DIGEST);
freshInterest.getKeyLocator().setKeyData
(new Blob(new byte[] {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }));
freshInterest.getExclude().appendComponent(new Name("abc").get(0)).appendAny();
var identityStorage = new MemoryIdentityStorage();
var privateKeyStorage = new MemoryPrivateKeyStorage();
var keyChain = new KeyChain
(new IdentityManager(identityStorage, privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
// Initialize the storage.
var keyName = new Name("/testname/DSK-123");
var certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER));
privateKeyStorage.setKeyPairForKeyName
(keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER),
new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER));
// Make a Face just so that we can sign the interest.
var face = new Face("localhost");
face.setCommandSigningInfo(keyChain, certificateName);
face.makeCommandInterest(freshInterest);
Interest reDecodedFreshInterest = new Interest();
reDecodedFreshInterest.wireDecode(freshInterest.wireEncode());
Console.Out.WriteLine("");
Console.Out.WriteLine("Re-decoded fresh Interest:");
dumpInterest(reDecodedFreshInterest);
VerifyCallbacks callbacks = new VerifyCallbacks("Freshly-signed Interest");
keyChain.verifyInterest(reDecodedFreshInterest, callbacks, callbacks);
}
/// <summary>
/// Get the public key name from the full certificate name.
/// </summary>
///
/// <param name="certificateName">The full certificate name.</param>
/// <returns>The related public key name.</returns>
public static Name certificateNameToPublicKeyName(Name certificateName)
{
String idString = "ID-CERT";
bool foundIdString = false;
int idCertComponentIndex = certificateName.size() - 1;
for (; idCertComponentIndex + 1 > 0; --idCertComponentIndex) {
if (certificateName.get(idCertComponentIndex).toEscapedString()
.equals(idString)) {
foundIdString = true;
break;
}
}
if (!foundIdString)
throw new Exception("Incorrect identity certificate name "
+ certificateName.toUri());
Name tempName = certificateName.getSubName(0, idCertComponentIndex);
String keyString = "KEY";
bool foundKeyString = false;
int keyComponentIndex = 0;
for (; keyComponentIndex < tempName.size(); keyComponentIndex++) {
if (tempName.get(keyComponentIndex).toEscapedString()
.equals(keyString)) {
foundKeyString = true;
break;
}
}
if (!foundKeyString)
throw new Exception("Incorrect identity certificate name "
+ certificateName.toUri());
return tempName.getSubName(0, keyComponentIndex).append(
tempName.getSubName(keyComponentIndex + 1, tempName.size()
- keyComponentIndex - 1));
}
/// <summary>
/// Create a KeyChain with the a default name and key pair.
/// </summary>
///
/// <param name="certificateName">Set certificateName[0] to the signing certificateName.</param>
/// <returns>The KeyChain.</returns>
/// <exception cref="System.Security.SecurityException"></exception>
public static KeyChain buildKeyChain(Name[] certificateName)
{
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage();
KeyChain keyChain = new KeyChain(new IdentityManager(identityStorage,
privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
// initialize the storage with
Name keyName = new Name("/testname/DSK-123");
certificateName[0] = keyName.getSubName(0, keyName.size() - 1)
.append("KEY").append(keyName.get(-1)).append("ID-CERT")
.append("0");
identityStorage.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob(
DEFAULT_RSA_PUBLIC_KEY_DER, false));
privateKeyStorage.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER);
return keyChain;
}
public void testSubName()
{
Name name = new Name("/edu/cmu/andrew/user/3498478");
Name subName1 = name.getSubName(0);
Assert.AssertEquals(
"Subname from first component does not match original name",
name, subName1);
Name subName2 = name.getSubName(3);
Assert.AssertEquals("/user/3498478", subName2.toUri());
Name subName3 = name.getSubName(1, 3);
Assert.AssertEquals("/cmu/andrew/user", subName3.toUri());
Name subName4 = name.getSubName(0, 100);
Assert.AssertEquals(
"Subname with more components than original should stop at end of original name",
name, subName4);
Name subName5 = name.getSubName(7, 2);
Assert.AssertEquals("Subname beginning after end of name should be empty",
new Name(), subName5);
Name subName6 = name.getSubName(-1, 7);
Assert.AssertEquals(
"Negative subname with more components than original should stop at end of original name",
new Name("/3498478"), subName6);
Name subName7 = name.getSubName(-5, 5);
Assert.AssertEquals("Subname from (-length) should match original name", name,
subName7);
}
public CredentialStorage()
{
this.identityStorage_ = new MemoryIdentityStorage();
this.privateKeyStorage_ = new MemoryPrivateKeyStorage();
this.keyChain_ = new KeyChain(new IdentityManager(
identityStorage_, privateKeyStorage_), new SelfVerifyPolicyManager(
identityStorage_));
Name keyName = new Name("/testname/DSK-123");
defaultCertName_ = keyName.getSubName(0, keyName.size() - 1)
.append("KEY").append(keyName.get(-1)).append("ID-CERT")
.append("0");
Name ecdsaKeyName = new Name("/testEcdsa/DSK-123");
ecdsaCertName_ = ecdsaKeyName.getSubName(0, ecdsaKeyName.size() - 1)
.append("KEY").append(ecdsaKeyName.get(-1)).append("ID-CERT")
.append("0");
try {
identityStorage_.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob(
DEFAULT_RSA_PUBLIC_KEY_DER, false));
privateKeyStorage_.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER);
#if false // Skip ECDSA for now.
identityStorage_.addKey(ecdsaKeyName, net.named_data.jndn.security.KeyType.ECDSA, new Blob(
DEFAULT_EC_PUBLIC_KEY_DER, false));
privateKeyStorage_.setKeyPairForKeyName(ecdsaKeyName,
net.named_data.jndn.security.KeyType.ECDSA, DEFAULT_EC_PUBLIC_KEY_DER,
DEFAULT_EC_PRIVATE_KEY_DER);
#endif
} catch (SecurityException ex) {
// Don't expect this to happen;
System.Console.Out.WriteLine("Exception setting test keys: " + ex);
identityStorage_ = null;
privateKeyStorage_ = null;
}
}
/// <summary>
/// Add a public key to the identity storage. Also call addIdentity to ensure
/// that the identityName for the key exists. However, if the key already
/// exists, do nothing.
/// </summary>
///
/// <param name="keyName">The name of the public key to be added.</param>
/// <param name="keyType">Type of the public key to be added.</param>
/// <param name="publicKeyDer">A blob of the public key DER to be added.</param>
public override void addKey(Name keyName, KeyType keyType, Blob publicKeyDer)
{
if (keyName.size() == 0)
return;
if (doesKeyExist(keyName))
return;
Name identityName = keyName.getSubName(0, keyName.size() - 1);
addIdentity(identityName);
ILOG.J2CsMapping.Collections.Collections.Put(keyStore_,keyName.toUri(),new MemoryIdentityStorage.KeyRecord (keyType, publicKeyDer));
}
public void setUp()
{
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage();
keyChain = new KeyChain(new IdentityManager(identityStorage,
privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
// Initialize the storage.
Name keyName = new Name("/testname/DSK-123");
certificateName = keyName.getSubName(0, keyName.size() - 1)
.append("KEY").append(keyName.get(-1)).append("ID-CERT")
.append("0");
try {
identityStorage.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob(
DEFAULT_RSA_PUBLIC_KEY_DER, false));
privateKeyStorage.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER);
} catch (SecurityException ex) {
// We don't expect this to happen.
ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(TestLink).FullName).log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null,
ex);
}
}
/**
* Loop to decode a data packet nIterations times.
* @param nIterations The number of iterations.
* @param useCrypto If true, verify the signature. If false, don't verify.
* @param keyType KeyType.RSA or EC, used if useCrypto is true.
* @param encoding The wire encoding to decode.
* @return The number of seconds for all iterations.
* @throws EncodingException
*/
private static double benchmarkDecodeDataSeconds(int nIterations, bool useCrypto, KeyType keyType, Blob encoding)
{
// Initialize the KeyChain storage in case useCrypto is true.
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
KeyChain keyChain = new KeyChain
(new IdentityManager(identityStorage, new MemoryPrivateKeyStorage()),
new SelfVerifyPolicyManager(identityStorage));
Name keyName = new Name("/testname/DSK-123");
Name certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER));
VerifyCallbacks callbacks = new VerifyCallbacks();
double start = getNowSeconds();
for (int i = 0; i < nIterations; ++i) {
Data data = new Data();
data.wireDecode(encoding.buf());
if (useCrypto)
keyChain.verifyData(data, callbacks, callbacks);
}
double finish = getNowSeconds();
return finish - start;
}
/**
* Loop to encode a data packet nIterations times.
* @param nIterations The number of iterations.
* @param useComplex If true, use a large name, large content and all fields.
* If false, use a small name, small content
* and only required fields.
* @param useCrypto If true, sign the data packet. If false, use a blank
* signature.
* @param keyType KeyType.RSA or EC, used if useCrypto is true.
* @param encoding Set encoding[0] to the wire encoding.
* @return The number of seconds for all iterations.
*/
private static double benchmarkEncodeDataSeconds(int nIterations, bool useComplex, bool useCrypto, KeyType keyType,
Blob[] encoding)
{
Name name;
Blob content;
if (useComplex) {
// Use a large name and content.
name = new Name
("/ndn/ucla.edu/apps/lwndn-test/numbers.txt/%FD%05%05%E8%0C%CE%1D/%00");
StringBuilder contentStream = new StringBuilder();
int count = 1;
contentStream.append(count++);
while (contentStream.toString().Length < 1115)
contentStream.append(" ").append(count++);
content = new Blob(contentStream.toString());
}
else {
// Use a small name and content.
name = new Name("/test");
content = new Blob("abc");
}
Name.Component finalBlockId =
new Name.Component(new Blob(new byte[] { (byte)0 }));
// Initialize the KeyChain storage in case useCrypto is true.
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage();
KeyChain keyChain = new KeyChain
(new IdentityManager(identityStorage, privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
Name keyName = new Name("/testname/DSK-123");
Name certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
privateKeyStorage.setKeyPairForKeyName
(keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER),
new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER));
Blob signatureBits = new Blob(new byte[256]);
Blob emptyBlob = new Blob(new byte[0]);
double start = getNowSeconds();
for (int i = 0; i < nIterations; ++i) {
Data data = new Data(name);
data.setContent(content);
if (useComplex) {
data.getMetaInfo().setFreshnessPeriod(30000);
data.getMetaInfo().setFinalBlockId(finalBlockId);
}
if (useCrypto)
// This sets the signature fields.
keyChain.sign(data, certificateName);
else {
// Imitate IdentityManager.signByCertificate to set up the signature
// fields, but don't sign.
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(KeyLocatorType.KEYNAME);
keyLocator.setKeyName(certificateName);
Sha256WithRsaSignature sha256Signature =
(Sha256WithRsaSignature)data.getSignature();
sha256Signature.setKeyLocator(keyLocator);
sha256Signature.setSignature(signatureBits);
}
encoding[0] = data.wireEncode();
}
double finish = getNowSeconds();
return finish - start;
}
/// <summary>
/// Prepare an unsigned identity certificate.
/// </summary>
///
/// <param name="keyName">The key name, e.g., `/{identity_name}/ksk-123456`.</param>
/// <param name="publicKey">The public key to sign.</param>
/// <param name="signingIdentity">The signing identity.</param>
/// <param name="notBefore">See IdentityCertificate.</param>
/// <param name="notAfter">See IdentityCertificate.</param>
/// <param name="subjectDescription">on the keyName.</param>
/// <param name="certPrefix">signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-...`).</param>
/// <returns>The unsigned IdentityCertificate, or null if the inputs are invalid.</returns>
public IdentityCertificate prepareUnsignedIdentityCertificate(
Name keyName, PublicKey publicKey, Name signingIdentity,
double notBefore, double notAfter, IList subjectDescription,
Name certPrefix)
{
if (keyName.size() < 1)
return null;
String tempKeyIdPrefix = keyName.get(-1).toEscapedString();
if (tempKeyIdPrefix.Length < 4)
return null;
String keyIdPrefix = tempKeyIdPrefix.Substring(0,(4)-(0));
if (!keyIdPrefix.equals("ksk-") && !keyIdPrefix.equals("dsk-"))
return null;
IdentityCertificate certificate = new IdentityCertificate();
Name certName = new Name();
if (certPrefix == null) {
// No certificate prefix hint, so infer the prefix.
if (signingIdentity.match(keyName))
certName.append(signingIdentity).append("KEY")
.append(keyName.getSubName(signingIdentity.size()))
.append("ID-CERT")
.appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds());
else
certName.append(keyName.getPrefix(-1)).append("KEY")
.append(keyName.get(-1)).append("ID-CERT")
.appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds());
} else {
// A cert prefix hint is supplied, so determine the cert name.
if (certPrefix.match(keyName) && !certPrefix.equals(keyName))
certName.append(certPrefix).append("KEY")
.append(keyName.getSubName(certPrefix.size()))
.append("ID-CERT")
.appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds());
else
return null;
}
certificate.setName(certName);
certificate.setNotBefore(notBefore);
certificate.setNotAfter(notAfter);
certificate.setPublicKeyInfo(publicKey);
if (subjectDescription == null || (subjectDescription.Count==0))
certificate
.addSubjectDescription(new CertificateSubjectDescription(
"2.5.4.41", keyName.getPrefix(-1).toUri()));
else {
for (int i = 0; i < subjectDescription.Count; ++i)
certificate
.addSubjectDescription((CertificateSubjectDescription) subjectDescription[i]);
}
try {
certificate.encode();
} catch (DerEncodingException ex) {
throw new SecurityException("DerEncodingException: " + ex);
} catch (DerDecodingException ex_0) {
throw new SecurityException("DerDecodingException: " + ex_0);
}
return certificate;
}
private static Name getKeyNameFromCertificatePrefix(Name certificatePrefix)
{
Name result = new Name();
String keyString = "KEY";
int i = 0;
for (; i < certificatePrefix.size(); i++) {
if (certificatePrefix.get(i).toEscapedString().equals(keyString))
break;
}
if (i >= certificatePrefix.size())
throw new SecurityException(
"Identity Certificate Prefix does not have a KEY component");
result.append(certificatePrefix.getSubName(0, i));
result.append(certificatePrefix.getSubName(i + 1,
certificatePrefix.size() - i - 1));
return result;
}
private static Name certNameFromKeyName(Name keyName, int keyIdx)
{
if (keyIdx < 0)
keyIdx = keyName.size() + keyIdx;
return keyName.getPrefix(keyIdx).append("KEY")
.append(keyName.getSubName(keyIdx)).append("ID-CERT")
.append("0");
}
static void Main(string[] args)
{
var data = new Data();
data.wireDecode(new Blob(TlvData));
Console.Out.WriteLine("Decoded Data:");
dumpData(data);
// Set the content again to clear the cached encoding so we encode again.
data.setContent(data.getContent());
var encoding = data.wireEncode();
var reDecodedData = new Data();
reDecodedData.wireDecode(encoding);
Console.Out.WriteLine("");
Console.Out.WriteLine("Re-decoded Data:");
dumpData(reDecodedData);
var identityStorage = new MemoryIdentityStorage();
var privateKeyStorage = new MemoryPrivateKeyStorage();
var keyChain = new KeyChain
(new IdentityManager(identityStorage, privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
// Initialize the storage.
var keyName = new Name("/testname/DSK-123");
var certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER));
privateKeyStorage.setKeyPairForKeyName
(keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER),
new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER));
VerifyCallbacks callbacks = new VerifyCallbacks("Re-decoded Data");
keyChain.verifyData(reDecodedData, callbacks, callbacks);
var freshData = new Data(new Name("/ndn/abc"));
freshData.setContent(new Blob("SUCCESS!"));
freshData.getMetaInfo().setFreshnessPeriod(5000);
freshData.getMetaInfo().setFinalBlockId(new Name("/%00%09").get(0));
keyChain.sign(freshData, certificateName);
Console.Out.WriteLine("");
Console.Out.WriteLine("Freshly-signed Data:");
dumpData(freshData);
callbacks = new VerifyCallbacks("Freshly-signed Data");
keyChain.verifyData(freshData, callbacks, callbacks);
}
static void Main(string[] args)
{
var face = new Face
(new TcpTransport(), new TcpTransport.ConnectionInfo("localhost"));
// For now, when setting face.setCommandSigningInfo, use a key chain with
// a default private key instead of the system default key chain. This
// is OK for now because NFD is configured to skip verification, so it
// ignores the system default key chain.
var identityStorage = new MemoryIdentityStorage();
var privateKeyStorage = new MemoryPrivateKeyStorage();
var keyChain = new KeyChain
(new IdentityManager(identityStorage, privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
keyChain.setFace(face);
// Initialize the storage.
var keyName = new Name("/testname/DSK-123");
var certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER));
privateKeyStorage.setKeyPairForKeyName
(keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER),
new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER));
face.setCommandSigningInfo(keyChain, certificateName);
var echo = new Echo(keyChain, certificateName);
var prefix = new Name("/testecho");
Console.Out.WriteLine("Register prefix " + prefix.toUri());
face.registerPrefix(prefix, echo, echo);
// The main event loop.
// Wait to receive one interest for the prefix.
while (echo.responseCount_ < 1) {
face.processEvents();
// We need to sleep for a few milliseconds so we don't use 100% of
// the CPU.
System.Threading.Thread.Sleep(5);
}
}
