Exemple #1
0
        public void testSetters()
        {
            CertificateV2 certificate = new CertificateV2();

            certificate.setName(new Name(
                                    "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"));
            certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);
            certificate.setContent(new Blob(PUBLIC_KEY, false));
            certificate.setSignature(generateFakeSignature());

            Assert.AssertEquals(new Name(
                                    "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"),
                                certificate.getName());
            Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-1416425377094"),
                                certificate.getKeyName());
            Assert.AssertEquals(new Name("/ndn/site1"), certificate.getIdentity());
            Assert.AssertEquals(new Name.Component("0123"), certificate.getIssuerId());
            Assert.AssertEquals(new Name.Component("ksk-1416425377094"),
                                certificate.getKeyId());
            Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-2516425377094"), net.named_data.jndn.KeyLocator
                                .getFromSignature(certificate.getSignature()).getKeyName());
            Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T050000"), certificate
                                .getValidityPeriod().getNotBefore(), 0);
            Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060000"), certificate
                                .getValidityPeriod().getNotAfter(), 0);

            try {
                certificate.getPublicKey();
            } catch (Exception ex) {
                Assert.Fail(ex.Message);
            }
        }
        /// <summary>
        /// Add certificate into the container. If the certificate already exists,
        /// this replaces it.
        /// </summary>
        ///
        /// <param name="certificate">The certificate to add. This copies the object.</param>
        /// <exception cref="System.ArgumentException">if the name of the certificate does notmatch the key name.</exception>
        public void add(CertificateV2 certificate)
        {
            if (!keyName_.equals(certificate.getKeyName()))
            {
                throw new ArgumentException("The certificate name `"
                                            + certificate.getKeyName().toUri()
                                            + "` does not match the key name");
            }

            Name certificateName = new Name(certificate.getName());

            ILOG.J2CsMapping.Collections.Collections.Add(certificateNames_, certificateName);
            // Copy the certificate.
            ILOG.J2CsMapping.Collections.Collections.Put(certificates_, certificateName, new CertificateV2(certificate));
            pibImpl_.addCertificate(certificate);
        }
        /// <summary>
        /// Authorize a member identified by memberCertificate to decrypt data under
        /// the policy.
        /// </summary>
        ///
        /// <param name="memberCertificate"></param>
        /// <returns>The published KDK Data packet.</returns>
        public Data addMember(CertificateV2 memberCertificate)
        {
            Name kdkName = new Name(nacKey_.getIdentityName());

            kdkName.append(net.named_data.jndn.encrypt.EncryptorV2.NAME_COMPONENT_KDK)
            .append(nacKey_.getName().get(-1))
            // key-id
            .append(net.named_data.jndn.encrypt.EncryptorV2.NAME_COMPONENT_ENCRYPTED_BY)
            .append(memberCertificate.getKeyName());

            int secretLength = 32;

            byte[] secret = new byte[secretLength];
            net.named_data.jndn.util.Common.getRandom().nextBytes(secret);
            // To be compatible with OpenSSL which uses a null-terminated string,
            // replace each 0 with 1. And to be compatible with the Java security
            // library which interprets the secret as a char array converted to UTF8,
            // limit each byte to the ASCII range 1 to 127.
            for (int i = 0; i < secretLength; ++i)
            {
                if (secret[i] == 0)
                {
                    secret[i] = 1;
                }

                secret[i] &= 0x7f;
            }

            SafeBag kdkSafeBag = keyChain_.exportSafeBag(
                nacKey_.getDefaultCertificate(), ILOG.J2CsMapping.NIO.ByteBuffer.wrap(secret));

            PublicKey memberKey = new PublicKey(memberCertificate.getPublicKey());

            EncryptedContent encryptedContent = new EncryptedContent();

            encryptedContent.setPayload(kdkSafeBag.wireEncode());
            encryptedContent.setPayloadKey(memberKey.encrypt(secret,
                                                             net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep));

            Data kdkData = new Data(kdkName);

            kdkData.setContent(encryptedContent.wireEncodeV2());
            // FreshnessPeriod can serve as a soft access control for revoking access.
            kdkData.getMetaInfo().setFreshnessPeriod(
                DEFAULT_KDK_FRESHNESS_PERIOD_MS);
            keyChain_.sign(kdkData, new SigningInfo(identity_));

            storage_.insert(kdkData);

            return(kdkData);
        }
        public void testFindByInterest()
        {
            anchorContainer.insert("group1", certificatePath1.FullName,
                                   400.0d);
            Interest interest = new Interest(identity1.getName());

            Assert.AssertTrue(anchorContainer.find(interest) != null);
            Interest interest1 = new Interest(identity1.getName().getPrefix(-1));

            Assert.AssertTrue(anchorContainer.find(interest1) != null);
            Interest interest2 = new Interest(
                new Name(identity1.getName()).appendVersion(1));

            Assert.AssertTrue(anchorContainer.find(interest2) == null);

            CertificateV2 certificate3 = fixture.addCertificate(
                identity1.getDefaultKey(), "3");
            CertificateV2 certificate4 = fixture.addCertificate(
                identity1.getDefaultKey(), "4");
            CertificateV2 certificate5 = fixture.addCertificate(
                identity1.getDefaultKey(), "5");

            CertificateV2 certificate3Copy = new CertificateV2(certificate3);

            anchorContainer.insert("group2", certificate3Copy);
            anchorContainer.insert("group3", certificate4);
            anchorContainer.insert("group4", certificate5);

            Interest      interest3        = new Interest(certificate3.getKeyName());
            CertificateV2 foundCertificate = anchorContainer.find(interest3);

            Assert.AssertTrue(foundCertificate != null);
            Assert.AssertTrue(interest3.getName().isPrefixOf(foundCertificate.getName()));
            Assert.AssertTrue(certificate3.getName().equals(foundCertificate.getName()));

            interest3.getExclude().appendComponent(
                certificate3.getName().get(net.named_data.jndn.security.v2.CertificateV2.ISSUER_ID_OFFSET));
            foundCertificate = anchorContainer.find(interest3);
            Assert.AssertTrue(foundCertificate != null);
            Assert.AssertTrue(interest3.getName().isPrefixOf(foundCertificate.getName()));
            Assert.AssertTrue(!foundCertificate.getName().equals(certificate3.getName()));
        }
Exemple #5
0
        /// <summary>
        /// Add the certificate. If a certificate with the same name (without implicit
        /// digest) already exists, then overwrite the certificate. If the key or
        /// identity does not exist, they will be created. If no default certificate
        /// for the key has been set, then set the added certificate as the default for
        /// the key. If no default key was set for the identity, it will be set as the
        /// default key for the identity. If no default identity was selected, the
        /// certificate's identity becomes the default.
        /// </summary>
        ///
        /// <param name="certificate">The certificate to add. This copies the object.</param>
        public override void addCertificate(CertificateV2 certificate)
        {
            Name certificateNameCopy = new Name(certificate.getName());
            // getKeyName already makes a new Name.
            Name keyNameCopy = certificate.getKeyName();
            Name identity    = certificate.getIdentity();

            addKey(identity, keyNameCopy, certificate.getContent().buf());

            try {
                ILOG.J2CsMapping.Collections.Collections.Put(certificates_, certificateNameCopy, new CertificateV2(
                                                                 certificate));
            } catch (CertificateV2.Error ex) {
                // We don't expect an error in the copy constructor.
                throw new PibImpl.Error(ex.Message);
            }
            if (!defaultCertificateNames_.Contains(keyNameCopy))
            {
                ILOG.J2CsMapping.Collections.Collections.Put(defaultCertificateNames_, keyNameCopy, certificateNameCopy);
            }
        }
Exemple #6
0
        public void testConstructor()
        {
            CertificateV2 certificate = new CertificateV2();

            certificate.wireDecode(new Blob(CERT, false));

            Assert.AssertEquals(new Name(
                                    "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"),
                                certificate.getName());
            Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-1416425377094"),
                                certificate.getKeyName());
            Assert.AssertEquals(new Name("/ndn/site1"), certificate.getIdentity());
            Assert.AssertEquals(new Name.Component("0123"), certificate.getIssuerId());
            Assert.AssertEquals(new Name.Component("ksk-1416425377094"),
                                certificate.getKeyId());
            Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-2516425377094"), net.named_data.jndn.KeyLocator
                                .getFromSignature(certificate.getSignature()).getKeyName());
            Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150814T223739"), certificate
                                .getValidityPeriod().getNotBefore(), 0);
            Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150818T223738"), certificate
                                .getValidityPeriod().getNotAfter(), 0);

            try {
                certificate.getPublicKey();
            } catch (Exception ex) {
                Assert.Fail(ex.Message);
            }

            Data data = new Data();

            data.wireDecode(new Blob(CERT, false));
            CertificateV2 certificate2 = new CertificateV2(data);

            Assert.AssertEquals(certificate.getName(), certificate2.getName());
            Assert.AssertTrue(certificate.getPublicKey().equals(
                                  certificate2.getPublicKey()));
        }
        /// <summary>
        /// Issue a certificate for subIdentityName signed by issuer. If the identity
        /// does not exist, it is created. A new key is generated as the default key
        /// for the identity. A default certificate for the key is signed by the
        /// issuer using its default certificate.
        /// </summary>
        ///
        /// <param name="subIdentityName">The name to issue the certificate for.</param>
        /// <param name="issuer">The identity of the signer.</param>
        /// <param name="params"></param>
        /// <returns>The sub identity.</returns>
        internal PibIdentity addSubCertificate(Name subIdentityName, PibIdentity issuer,
                                               KeyParams paras)
        {
            PibIdentity subIdentity = addIdentity(subIdentityName, paras);

            CertificateV2 request = subIdentity.getDefaultKey()
                                    .getDefaultCertificate();

            request.setName(request.getKeyName().append("parent").appendVersion(1));

            SigningInfo certificateParams = new SigningInfo(issuer);
            // Validity period of 20 years.
            double now = net.named_data.jndn.util.Common.getNowMilliseconds();

            certificateParams.setValidityPeriod(new ValidityPeriod(now, now + 20
                                                                   * 365 * 24 * 3600 * 1000.0d));

            // Skip the AdditionalDescription.

            keyChain_.sign(request, certificateParams);
            keyChain_.setDefaultCertificate(subIdentity.getDefaultKey(), request);

            return(subIdentity);
        }
Exemple #8
0
        /// <summary>
        /// Add the certificate. If a certificate with the same name (without implicit
        /// digest) already exists, then overwrite the certificate. If the key or
        /// identity does not exist, they will be created. If no default certificate
        /// for the key has been set, then set the added certificate as the default for
        /// the key. If no default key was set for the identity, it will be set as the
        /// default key for the identity. If no default identity was selected, the
        /// certificate's identity becomes the default.
        /// </summary>
        ///
        /// <param name="certificate">The certificate to add. This copies the object.</param>
        /// <exception cref="PibImpl.Error">for a non-semantic (database access) error.</exception>
        public override void addCertificate(CertificateV2 certificate)
        {
            // Ensure the key exists.
            Blob content = certificate.getContent();

            addKey(certificate.getIdentity(), certificate.getKeyName(),
                   content.buf());

            if (!hasCertificate(certificate.getName()))
            {
                try {
                    PreparedStatement statement = database_
                                                  .prepareStatement(net.named_data.jndn.security.pib.PibSqlite3Base.INSERT_addCertificate);
                    statement.setBytes(1, certificate.getKeyName().wireEncode()
                                       .getImmutableArray());
                    statement.setBytes(2, certificate.getName().wireEncode()
                                       .getImmutableArray());
                    statement.setBytes(3, certificate.wireEncode()
                                       .getImmutableArray());

                    try {
                        statement.executeUpdate();
                    } finally {
                        statement.close();
                    }
                } catch (SQLException exception) {
                    throw new PibImpl.Error("PibSqlite3: SQLite error: "
                                            + exception);
                }
            }
            else
            {
                try {
                    PreparedStatement statement_0 = database_
                                                    .prepareStatement(net.named_data.jndn.security.pib.PibSqlite3Base.UPDATE_addCertificate);
                    statement_0.setBytes(1, certificate.wireEncode()
                                         .getImmutableArray());
                    statement_0.setBytes(2, certificate.getName().wireEncode()
                                         .getImmutableArray());

                    try {
                        statement_0.executeUpdate();
                    } finally {
                        statement_0.close();
                    }
                } catch (SQLException exception_1) {
                    throw new PibImpl.Error("PibSqlite3: SQLite error: "
                                            + exception_1);
                }
            }

            if (!hasDefaultCertificateOfKey(certificate.getKeyName()))
            {
                try {
                    setDefaultCertificateOfKey(certificate.getKeyName(),
                                               certificate.getName());
                } catch (Pib.Error ex) {
                    throw new PibImpl.Error(
                              "PibSqlite3: Error setting the default certificate: "
                              + ex);
                }
            }
        }