public void testSetters()
{
CertificateV2 certificate = new CertificateV2();
certificate.setName(new Name(
"/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"));
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);
certificate.setContent(new Blob(PUBLIC_KEY, false));
certificate.setSignature(generateFakeSignature());
Assert.AssertEquals(new Name(
"/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"),
certificate.getName());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-1416425377094"),
certificate.getKeyName());
Assert.AssertEquals(new Name("/ndn/site1"), certificate.getIdentity());
Assert.AssertEquals(new Name.Component("0123"), certificate.getIssuerId());
Assert.AssertEquals(new Name.Component("ksk-1416425377094"),
certificate.getKeyId());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-2516425377094"), net.named_data.jndn.KeyLocator
.getFromSignature(certificate.getSignature()).getKeyName());
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T050000"), certificate
.getValidityPeriod().getNotBefore(), 0);
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060000"), certificate
.getValidityPeriod().getNotAfter(), 0);
try {
certificate.getPublicKey();
} catch (Exception ex) {
Assert.Fail(ex.Message);
}
}
public void testOverwrite()
{
PibMemory pibImpl = new PibMemory();
try {
new PibKeyImpl(fixture.id1Key1Name, pibImpl);
Assert.Fail("Did not throw the expected exception");
} catch (Pib.Error ex) {
} catch (Exception ex_0) {
Assert.Fail("Did not throw the expected exception");
}
new PibKeyImpl(fixture.id1Key1Name, fixture.id1Key1.buf(), pibImpl);
PibKeyImpl key1 = new PibKeyImpl(fixture.id1Key1Name, pibImpl);
// Overwriting the key should work.
new PibKeyImpl(fixture.id1Key1Name, fixture.id1Key2.buf(), pibImpl);
PibKeyImpl key2 = new PibKeyImpl(fixture.id1Key1Name, pibImpl);
// key1 should have cached the original public key.
Assert.AssertTrue(!key1.getPublicKey().equals(key2.getPublicKey()));
Assert.AssertTrue(key2.getPublicKey().equals(fixture.id1Key2));
key1.addCertificate(fixture.id1Key1Cert1);
// Use the wire encoding to check equivalence.
Assert.AssertTrue(key1.getCertificate(fixture.id1Key1Cert1.getName())
.wireEncode().equals(fixture.id1Key1Cert1.wireEncode()));
CertificateV2 otherCert = new CertificateV2(fixture.id1Key1Cert1);
((Sha256WithRsaSignature)otherCert.getSignature()).getValidityPeriod()
.setPeriod(net.named_data.jndn.util.Common.getNowMilliseconds(),
net.named_data.jndn.util.Common.getNowMilliseconds() + 1000);
// Don't bother resigning so we don't have to load a private key.
Assert.AssertTrue(fixture.id1Key1Cert1.getName().equals(otherCert.getName()));
Assert.AssertTrue(otherCert.getContent().equals(
fixture.id1Key1Cert1.getContent()));
Assert.AssertFalse(otherCert.wireEncode().equals(
fixture.id1Key1Cert1.wireEncode()));
key1.addCertificate(otherCert);
Assert.AssertTrue(key1.getCertificate(fixture.id1Key1Cert1.getName())
.wireEncode().equals(otherCert.wireEncode()));
}
public void testConstructor()
{
CertificateV2 certificate = new CertificateV2();
certificate.wireDecode(new Blob(CERT, false));
Assert.AssertEquals(new Name(
"/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"),
certificate.getName());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-1416425377094"),
certificate.getKeyName());
Assert.AssertEquals(new Name("/ndn/site1"), certificate.getIdentity());
Assert.AssertEquals(new Name.Component("0123"), certificate.getIssuerId());
Assert.AssertEquals(new Name.Component("ksk-1416425377094"),
certificate.getKeyId());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-2516425377094"), net.named_data.jndn.KeyLocator
.getFromSignature(certificate.getSignature()).getKeyName());
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150814T223739"), certificate
.getValidityPeriod().getNotBefore(), 0);
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150818T223738"), certificate
.getValidityPeriod().getNotAfter(), 0);
try {
certificate.getPublicKey();
} catch (Exception ex) {
Assert.Fail(ex.Message);
}
Data data = new Data();
data.wireDecode(new Blob(CERT, false));
CertificateV2 certificate2 = new CertificateV2(data);
Assert.AssertEquals(certificate.getName(), certificate2.getName());
Assert.AssertTrue(certificate.getPublicKey().equals(
certificate2.getPublicKey()));
}
private static CertificateV2 makeSelfSignedCertificate(Name keyName,
Blob privateKeyBag, Blob publicKeyEncoding, ByteBuffer password,
DigestAlgorithm digestAlgorithm, WireFormat wireFormat)
{
CertificateV2 certificate = new CertificateV2();
// Set the name.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
Name certificateName = new Name(keyName);
certificateName.append("self").appendVersion((long)now);
certificate.setName(certificateName);
// Set the MetaInfo.
certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY);
// Set a one-hour freshness period.
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);
// Set the content.
PublicKey publicKey = null;
try {
publicKey = new PublicKey(publicKeyEncoding);
} catch (UnrecognizedKeyFormatException ex) {
// Promote to Pib.Error.
throw new Pib.Error("Error decoding public key " + ex);
}
certificate.setContent(publicKey.getKeyDer());
// Create a temporary in-memory Tpm and import the private key.
Tpm tpm = new Tpm("", "", new TpmBackEndMemory());
tpm.importPrivateKey_(keyName, privateKeyBag.buf(), password);
// Set the signature info.
if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.RSA)
{
certificate.setSignature(new Sha256WithRsaSignature());
}
else if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.EC)
{
certificate.setSignature(new Sha256WithEcdsaSignature());
}
else
{
throw new AssertionError("Unsupported key type");
}
Signature signatureInfo = certificate.getSignature();
net.named_data.jndn.KeyLocator.getFromSignature(signatureInfo).setType(
net.named_data.jndn.KeyLocatorType.KEYNAME);
net.named_data.jndn.KeyLocator.getFromSignature(signatureInfo).setKeyName(keyName);
// Set a 20-year validity period.
net.named_data.jndn.security.ValidityPeriod.getFromSignature(signatureInfo).setPeriod(now,
now + 20 * 365 * 24 * 3600 * 1000.0d);
// Encode once to get the signed portion.
SignedBlob encoding = certificate.wireEncode(wireFormat);
Blob signatureBytes = tpm.sign(encoding.signedBuf(), keyName,
digestAlgorithm);
signatureInfo.setSignature(signatureBytes);
// Encode again to include the signature.
certificate.wireEncode(wireFormat);
return(certificate);
}
