public void testSetters()
{
CertificateV2 certificate = new CertificateV2();
certificate.setName(new Name(
"/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"));
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);
certificate.setContent(new Blob(PUBLIC_KEY, false));
certificate.setSignature(generateFakeSignature());
Assert.AssertEquals(new Name(
"/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"),
certificate.getName());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-1416425377094"),
certificate.getKeyName());
Assert.AssertEquals(new Name("/ndn/site1"), certificate.getIdentity());
Assert.AssertEquals(new Name.Component("0123"), certificate.getIssuerId());
Assert.AssertEquals(new Name.Component("ksk-1416425377094"),
certificate.getKeyId());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-2516425377094"), net.named_data.jndn.KeyLocator
.getFromSignature(certificate.getSignature()).getKeyName());
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T050000"), certificate
.getValidityPeriod().getNotBefore(), 0);
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060000"), certificate
.getValidityPeriod().getNotAfter(), 0);
try {
certificate.getPublicKey();
} catch (Exception ex) {
Assert.Fail(ex.Message);
}
}
/// <summary>
/// Add a self-signed certificate made from the key and issuer ID.
/// </summary>
///
/// <param name="key">The key for the certificate.</param>
/// <param name="issuerId">The issuer ID name component for the certificate name.</param>
/// <returns>The new certificate.</returns>
internal CertificateV2 addCertificate(PibKey key, String issuerId)
{
Name certificateName = new Name(key.getName());
certificateName.append(issuerId).appendVersion(3);
CertificateV2 certificate = new CertificateV2();
certificate.setName(certificateName);
// Set the MetaInfo.
certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY);
// One hour.
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0);
// Set the content.
certificate.setContent(key.getPublicKey());
SigningInfo paras = new SigningInfo(key);
// Validity period of 10 days.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
paras.setValidityPeriod(new ValidityPeriod(now, now + 10 * 24 * 3600
* 1000.0d));
keyChain_.sign(certificate, paras);
return(certificate);
}
public void testOverwrite()
{
/* foreach */
foreach (PibDataFixture2 fixture in pibImpls)
{
PibImpl pib = fixture.pib;
// Check for id1Key1, which should not exist.
pib.removeIdentity(fixture.id1);
Assert.AssertEquals(false, pib.hasKey(fixture.id1Key1Name));
// Add id1Key1.
pib.addKey(fixture.id1, fixture.id1Key1Name, fixture.id1Key1.buf());
Assert.AssertEquals(true, pib.hasKey(fixture.id1Key1Name));
Blob keyBits = pib.getKeyBits(fixture.id1Key1Name);
Assert.AssertTrue(keyBits.equals(fixture.id1Key1));
// To check overwrite, add a key with the same name.
pib.addKey(fixture.id1, fixture.id1Key1Name, fixture.id1Key2.buf());
Blob keyBits2 = pib.getKeyBits(fixture.id1Key1Name);
Assert.AssertTrue(keyBits2.equals(fixture.id1Key2));
// Check for id1Key1Cert1, which should not exist.
pib.removeIdentity(fixture.id1);
Assert.AssertEquals(false,
pib.hasCertificate(fixture.id1Key1Cert1.getName()));
// Add id1Key1Cert1.
pib.addKey(fixture.id1, fixture.id1Key1Name, fixture.id1Key1.buf());
pib.addCertificate(fixture.id1Key1Cert1);
Assert.AssertEquals(true,
pib.hasCertificate(fixture.id1Key1Cert1.getName()));
CertificateV2 cert = pib.getCertificate(fixture.id1Key1Cert1
.getName());
Assert.AssertTrue(cert.wireEncode().equals(
fixture.id1Key1Cert1.wireEncode()));
// Create a fake certificate with the same name.
CertificateV2 cert2 = fixture.id1Key2Cert1;
cert2.setName(fixture.id1Key1Cert1.getName());
cert2.setSignature(fixture.id1Key2Cert1.getSignature());
pib.addCertificate(cert2);
CertificateV2 cert3 = pib.getCertificate(fixture.id1Key1Cert1
.getName());
Assert.AssertTrue(cert3.wireEncode().equals(cert2.wireEncode()));
// Check that both the key and certificate are overwritten.
Blob keyBits3 = pib.getKeyBits(fixture.id1Key1Name);
Assert.AssertTrue(keyBits3.equals(fixture.id1Key2));
}
}
public void testValidityPeriodChecking()
{
CertificateV2 certificate = new CertificateV2();
certificate.setName(new Name(
"/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"));
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);
certificate.setContent(new Blob(PUBLIC_KEY, false));
certificate.setSignature(generateFakeSignature());
Assert.AssertEquals(true,
certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T050000")));
Assert.AssertEquals(true,
certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060000")));
Assert.AssertEquals(false,
certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T045959")));
Assert.AssertEquals(false,
certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060001")));
}
internal void makeCertificate(PibKey key, PibKey signer)
{
// Copy the default certificate.
CertificateV2 request = new CertificateV2(key.getDefaultCertificate());
request.setName(new Name(key.getName()).append("looper").appendVersion(
1));
// Set SigningInfo.
SigningInfo // Set SigningInfo.
paras = new SigningInfo(signer);
// Validity period from 100 days before to 100 days after now.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
paras.setValidityPeriod(new ValidityPeriod(now - 100 * 24 * 3600
* 1000.0d, now + 100 * 24 * 3600 * 1000.0d));
fixture_.keyChain_.sign(request, paras);
fixture_.keyChain_.addCertificate(key, request);
fixture_.cache_.insert(request);
}
public void processInterest(Interest interest, OnData onData,
OnTimeout onTimeout, OnNetworkNack onNetworkNack)
{
try {
// Create another key for the same identity and sign it properly.
PibKey parentKey = outer_TestValidator.fixture_.keyChain_
.createKey(outer_TestValidator.fixture_.subIdentity_);
PibKey requestedKey = outer_TestValidator.fixture_.subIdentity_.getKey(interest
.getName());
// Copy the Name.
Name certificateName = new Name(requestedKey.getName());
certificateName.append("looper").appendVersion(1);
CertificateV2 certificate = new CertificateV2();
certificate.setName(certificateName);
// Set the MetaInfo.
certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY);
// Set the freshness period to one hour.
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);
// Set the content.
certificate.setContent(requestedKey.getPublicKey());
// Set SigningInfo.
SigningInfo // Set SigningInfo.
paras = new SigningInfo(parentKey);
// Validity period from 10 days before to 10 days after now.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
paras.setValidityPeriod(new ValidityPeriod(now - 10 * 24
* 3600 * 1000.0d, now + 10 * 24 * 3600 * 1000.0d));
outer_TestValidator.fixture_.keyChain_.sign(certificate, paras);
onData.onData(interest, certificate);
} catch (Exception ex) {
Assert.Fail("Error in InfiniteCertificateChain: " + ex);
}
}
/// <summary>
/// Issue a certificate for subIdentityName signed by issuer. If the identity
/// does not exist, it is created. A new key is generated as the default key
/// for the identity. A default certificate for the key is signed by the
/// issuer using its default certificate.
/// </summary>
///
/// <param name="subIdentityName">The name to issue the certificate for.</param>
/// <param name="issuer">The identity of the signer.</param>
/// <param name="params"></param>
/// <returns>The sub identity.</returns>
internal PibIdentity addSubCertificate(Name subIdentityName, PibIdentity issuer,
KeyParams paras)
{
PibIdentity subIdentity = addIdentity(subIdentityName, paras);
CertificateV2 request = subIdentity.getDefaultKey()
.getDefaultCertificate();
request.setName(request.getKeyName().append("parent").appendVersion(1));
SigningInfo certificateParams = new SigningInfo(issuer);
// Validity period of 20 years.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
certificateParams.setValidityPeriod(new ValidityPeriod(now, now + 20
* 365 * 24 * 3600 * 1000.0d));
// Skip the AdditionalDescription.
keyChain_.sign(request, certificateParams);
keyChain_.setDefaultCertificate(subIdentity.getDefaultKey(), request);
return(subIdentity);
}
public void testManagement()
{
Name identityName = new Name("/test/id");
Name identity2Name = new Name("/test/id2");
Assert.AssertEquals(0, fixture_.keyChain_.getPib().getIdentities_().size());
try {
fixture_.keyChain_.getPib().getDefaultIdentity();
Assert.Fail("Did not throw the expected exception");
} catch (Pib.Error ex) {
} catch (Exception ex_0) {
Assert.Fail("Did not throw the expected exception");
}
// Create an identity.
PibIdentity id = fixture_.keyChain_.createIdentityV2(identityName);
Assert.AssertTrue(id != null);
Assert.AssertTrue(fixture_.keyChain_.getPib().getIdentities_()
.getIdentities_().Contains(identityName));
// The first added identity becomes the default identity.
try {
fixture_.keyChain_.getPib().getDefaultIdentity();
} catch (Exception ex_1) {
Assert.Fail("Unexpected exception: " + ex_1.Message);
}
// The default key of the added identity must exist.
PibKey key = null;
try {
key = id.getDefaultKey();
} catch (Exception ex_2) {
Assert.Fail("Unexpected exception: " + ex_2.Message);
}
// The default certificate of the default key must exist.
try {
key.getDefaultCertificate();
} catch (Exception ex_3) {
Assert.Fail("Unexpected exception: " + ex_3.Message);
}
// Delete the key.
Name key1Name = key.getName();
try {
id.getKey(key1Name);
} catch (Exception ex_4) {
Assert.Fail("Unexpected exception: " + ex_4.Message);
}
Assert.AssertEquals(1, id.getKeys_().size());
fixture_.keyChain_.deleteKey(id, key);
/* TODO: Implement key validity.
* // The key instance should not be valid anymore.
* assertTrue(!key);
*/
try {
id.getKey(key1Name);
Assert.Fail("Did not throw the expected exception");
} catch (Pib.Error ex_5) {
} catch (Exception ex_6) {
Assert.Fail("Did not throw the expected exception");
}
Assert.AssertEquals(0, id.getKeys_().size());
// Create another key.
fixture_.keyChain_.createKey(id);
// The added key becomes the default key.
try {
id.getDefaultKey();
} catch (Exception ex_7) {
Assert.Fail("Unexpected exception: " + ex_7.Message);
}
PibKey key2 = id.getDefaultKey();
Assert.AssertTrue(key2 != null);
Assert.AssertTrue(!key2.getName().equals(key1Name));
Assert.AssertEquals(1, id.getKeys_().size());
try {
key2.getDefaultCertificate();
} catch (Exception ex_8) {
Assert.Fail("Unexpected exception: " + ex_8.Message);
}
// Create a third key.
PibKey key3 = fixture_.keyChain_.createKey(id);
Assert.AssertTrue(!key3.getName().equals(key2.getName()));
// The added key will not be the default key, because the default key already exists.
Assert.AssertTrue(id.getDefaultKey().getName().equals(key2.getName()));
Assert.AssertEquals(2, id.getKeys_().size());
try {
key3.getDefaultCertificate();
} catch (Exception ex_9) {
Assert.Fail("Unexpected exception: " + ex_9.Message);
}
// Delete the certificate.
Assert.AssertEquals(1, key3.getCertificates_().size());
CertificateV2 key3Cert1 = (CertificateV2)ILOG.J2CsMapping.Collections.Collections.ToArray(key3.getCertificates_()
.getCertificates_().Values)[0];
Name key3CertName = key3Cert1.getName();
fixture_.keyChain_.deleteCertificate(key3, key3CertName);
Assert.AssertEquals(0, key3.getCertificates_().size());
try {
key3.getDefaultCertificate();
Assert.Fail("Did not throw the expected exception");
} catch (Pib.Error ex_10) {
} catch (Exception ex_11) {
Assert.Fail("Did not throw the expected exception");
}
// Add a certificate.
fixture_.keyChain_.addCertificate(key3, key3Cert1);
Assert.AssertEquals(1, key3.getCertificates_().size());
try {
key3.getDefaultCertificate();
} catch (Exception ex_12) {
Assert.Fail("Unexpected exception: " + ex_12.Message);
}
// Overwriting the certificate should work.
fixture_.keyChain_.addCertificate(key3, key3Cert1);
Assert.AssertEquals(1, key3.getCertificates_().size());
// Add another certificate.
CertificateV2 key3Cert2 = new CertificateV2(key3Cert1);
Name key3Cert2Name = new Name(key3.getName());
key3Cert2Name.append("Self");
key3Cert2Name.appendVersion(1);
key3Cert2.setName(key3Cert2Name);
fixture_.keyChain_.addCertificate(key3, key3Cert2);
Assert.AssertEquals(2, key3.getCertificates_().size());
// Set the default certificate.
Assert.AssertTrue(key3.getDefaultCertificate().getName().equals(key3CertName));
fixture_.keyChain_.setDefaultCertificate(key3, key3Cert2);
Assert.AssertTrue(key3.getDefaultCertificate().getName().equals(key3Cert2Name));
// Set the default key.
Assert.AssertTrue(id.getDefaultKey().getName().equals(key2.getName()));
fixture_.keyChain_.setDefaultKey(id, key3);
Assert.AssertTrue(id.getDefaultKey().getName().equals(key3.getName()));
// Set the default identity.
PibIdentity id2 = fixture_.keyChain_.createIdentityV2(identity2Name);
Assert.AssertTrue(fixture_.keyChain_.getPib().getDefaultIdentity().getName()
.equals(id.getName()));
fixture_.keyChain_.setDefaultIdentity(id2);
Assert.AssertTrue(fixture_.keyChain_.getPib().getDefaultIdentity().getName()
.equals(id2.getName()));
// Delete an identity.
fixture_.keyChain_.deleteIdentity(id);
/* TODO: Implement identity validity.
* // The identity instance should not be valid any more.
* BOOST_CHECK(!id);
*/
try {
fixture_.keyChain_.getPib().getIdentity(identityName);
Assert.Fail("Did not throw the expected exception");
} catch (Pib.Error ex_13) {
} catch (Exception ex_14) {
Assert.Fail("Did not throw the expected exception");
}
Assert.AssertTrue(!fixture_.keyChain_.getPib().getIdentities_()
.getIdentities_().Contains(identityName));
}
private static CertificateV2 makeSelfSignedCertificate(Name keyName,
Blob privateKeyBag, Blob publicKeyEncoding, ByteBuffer password,
DigestAlgorithm digestAlgorithm, WireFormat wireFormat)
{
CertificateV2 certificate = new CertificateV2();
// Set the name.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
Name certificateName = new Name(keyName);
certificateName.append("self").appendVersion((long)now);
certificate.setName(certificateName);
// Set the MetaInfo.
certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY);
// Set a one-hour freshness period.
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);
// Set the content.
PublicKey publicKey = null;
try {
publicKey = new PublicKey(publicKeyEncoding);
} catch (UnrecognizedKeyFormatException ex) {
// Promote to Pib.Error.
throw new Pib.Error("Error decoding public key " + ex);
}
certificate.setContent(publicKey.getKeyDer());
// Create a temporary in-memory Tpm and import the private key.
Tpm tpm = new Tpm("", "", new TpmBackEndMemory());
tpm.importPrivateKey_(keyName, privateKeyBag.buf(), password);
// Set the signature info.
if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.RSA)
{
certificate.setSignature(new Sha256WithRsaSignature());
}
else if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.EC)
{
certificate.setSignature(new Sha256WithEcdsaSignature());
}
else
{
throw new AssertionError("Unsupported key type");
}
Signature signatureInfo = certificate.getSignature();
net.named_data.jndn.KeyLocator.getFromSignature(signatureInfo).setType(
net.named_data.jndn.KeyLocatorType.KEYNAME);
net.named_data.jndn.KeyLocator.getFromSignature(signatureInfo).setKeyName(keyName);
// Set a 20-year validity period.
net.named_data.jndn.security.ValidityPeriod.getFromSignature(signatureInfo).setPeriod(now,
now + 20 * 365 * 24 * 3600 * 1000.0d);
// Encode once to get the signed portion.
SignedBlob encoding = certificate.wireEncode(wireFormat);
Blob signatureBytes = tpm.sign(encoding.signedBuf(), keyName,
digestAlgorithm);
signatureInfo.setSignature(signatureBytes);
// Encode again to include the signature.
certificate.wireEncode(wireFormat);
return(certificate);
}
