public void testOverwrite() { PibMemory pibImpl = new PibMemory(); try { new PibKeyImpl(fixture.id1Key1Name, pibImpl); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex) { } catch (Exception ex_0) { Assert.Fail("Did not throw the expected exception"); } new PibKeyImpl(fixture.id1Key1Name, fixture.id1Key1.buf(), pibImpl); PibKeyImpl key1 = new PibKeyImpl(fixture.id1Key1Name, pibImpl); // Overwriting the key should work. new PibKeyImpl(fixture.id1Key1Name, fixture.id1Key2.buf(), pibImpl); PibKeyImpl key2 = new PibKeyImpl(fixture.id1Key1Name, pibImpl); // key1 should have cached the original public key. Assert.AssertTrue(!key1.getPublicKey().equals(key2.getPublicKey())); Assert.AssertTrue(key2.getPublicKey().equals(fixture.id1Key2)); key1.addCertificate(fixture.id1Key1Cert1); // Use the wire encoding to check equivalence. Assert.AssertTrue(key1.getCertificate(fixture.id1Key1Cert1.getName()) .wireEncode().equals(fixture.id1Key1Cert1.wireEncode())); CertificateV2 otherCert = new CertificateV2(fixture.id1Key1Cert1); ((Sha256WithRsaSignature)otherCert.getSignature()).getValidityPeriod() .setPeriod(net.named_data.jndn.util.Common.getNowMilliseconds(), net.named_data.jndn.util.Common.getNowMilliseconds() + 1000); // Don't bother resigning so we don't have to load a private key. Assert.AssertTrue(fixture.id1Key1Cert1.getName().equals(otherCert.getName())); Assert.AssertTrue(otherCert.getContent().equals( fixture.id1Key1Cert1.getContent())); Assert.AssertFalse(otherCert.wireEncode().equals( fixture.id1Key1Cert1.wireEncode())); key1.addCertificate(otherCert); Assert.AssertTrue(key1.getCertificate(fixture.id1Key1Cert1.getName()) .wireEncode().equals(otherCert.wireEncode())); }
public void testOverwrite() { /* foreach */ foreach (PibDataFixture2 fixture in pibImpls) { PibImpl pib = fixture.pib; // Check for id1Key1, which should not exist. pib.removeIdentity(fixture.id1); Assert.AssertEquals(false, pib.hasKey(fixture.id1Key1Name)); // Add id1Key1. pib.addKey(fixture.id1, fixture.id1Key1Name, fixture.id1Key1.buf()); Assert.AssertEquals(true, pib.hasKey(fixture.id1Key1Name)); Blob keyBits = pib.getKeyBits(fixture.id1Key1Name); Assert.AssertTrue(keyBits.equals(fixture.id1Key1)); // To check overwrite, add a key with the same name. pib.addKey(fixture.id1, fixture.id1Key1Name, fixture.id1Key2.buf()); Blob keyBits2 = pib.getKeyBits(fixture.id1Key1Name); Assert.AssertTrue(keyBits2.equals(fixture.id1Key2)); // Check for id1Key1Cert1, which should not exist. pib.removeIdentity(fixture.id1); Assert.AssertEquals(false, pib.hasCertificate(fixture.id1Key1Cert1.getName())); // Add id1Key1Cert1. pib.addKey(fixture.id1, fixture.id1Key1Name, fixture.id1Key1.buf()); pib.addCertificate(fixture.id1Key1Cert1); Assert.AssertEquals(true, pib.hasCertificate(fixture.id1Key1Cert1.getName())); CertificateV2 cert = pib.getCertificate(fixture.id1Key1Cert1 .getName()); Assert.AssertTrue(cert.wireEncode().equals( fixture.id1Key1Cert1.wireEncode())); // Create a fake certificate with the same name. CertificateV2 cert2 = fixture.id1Key2Cert1; cert2.setName(fixture.id1Key1Cert1.getName()); cert2.setSignature(fixture.id1Key2Cert1.getSignature()); pib.addCertificate(cert2); CertificateV2 cert3 = pib.getCertificate(fixture.id1Key1Cert1 .getName()); Assert.AssertTrue(cert3.wireEncode().equals(cert2.wireEncode())); // Check that both the key and certificate are overwritten. Blob keyBits3 = pib.getKeyBits(fixture.id1Key1Name); Assert.AssertTrue(keyBits3.equals(fixture.id1Key2)); } }
public void testRefresh10s() { StringBuilder encodedData = new StringBuilder(); TextReader dataFile = new FileReader(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName, "testData")).FullName); // Use "try/finally instead of "try-with-resources" or "using" // which are not supported before Java 7. try { String line; while ((line = dataFile.readLine()) != null) { encodedData.append(line); } } finally { dataFile.close(); } byte[] decodedData = net.named_data.jndn.util.Common.base64Decode(encodedData.toString()); Data data = new Data(); data.wireDecode(new Blob(decodedData, false)); // This test is needed, since the KeyChain will express interests in unknown // certificates. VerificationResult vr = doVerify(policyManager_, data); Assert.AssertTrue( "ConfigPolicyManager did not create ValidationRequest for unknown certificate", vr.hasFurtherSteps_); Assert.AssertEquals( "ConfigPolicyManager called success callback with pending ValidationRequest", 0, vr.successCount_); Assert.AssertEquals( "ConfigPolicyManager called failure callback with pending ValidationRequest", 0, vr.failureCount_); // Now save the cert data to our anchor directory, and wait. // We have to sign it with the current identity or the policy manager will // create an interest for the signing certificate. CertificateV2 cert = new CertificateV2(); byte[] certData = net.named_data.jndn.util.Common.base64Decode(CERT_DUMP); cert.wireDecode(new Blob(certData, false)); SigningInfo signingInfo = new SigningInfo(); signingInfo.setSigningIdentity(identityName_); // Make sure the validity period is current for two years. double now = net.named_data.jndn.util.Common.getNowMilliseconds(); signingInfo.setValidityPeriod(new ValidityPeriod(now, now + 2 * 365 * 24 * 3600 * 1000.0d)); keyChain_.sign(cert, signingInfo); Blob signedCertBlob = cert.wireEncode(); String encodedCert = net.named_data.jndn.util.Common.base64Encode(signedCertBlob .getImmutableArray()); var certFile = (new StreamWriter( testCertFile_.FullName)); try { certFile.Write(encodedCert, 0, encodedCert.Substring(0, encodedCert.Length)); certFile.flush(); } finally { certFile.close(); } // Still too early for refresh to pick it up. vr = doVerify(policyManager_, data); Assert.AssertTrue("ConfigPolicyManager refresh occured sooner than specified", vr.hasFurtherSteps_); Assert.AssertEquals( "ConfigPolicyManager called success callback with pending ValidationRequest", 0, vr.successCount_); Assert.AssertEquals( "ConfigPolicyManager called failure callback with pending ValidationRequest", 0, vr.failureCount_); ILOG.J2CsMapping.Threading.ThreadWrapper.sleep(6000); // Now we should find it. vr = doVerify(policyManager_, data); Assert.AssertFalse("ConfigPolicyManager did not refresh certificate store", vr.hasFurtherSteps_); Assert.AssertEquals("Verification success called " + vr.successCount_ + " times instead of 1", 1, vr.successCount_); Assert.AssertEquals("ConfigPolicyManager did not verify valid signed data", 0, vr.failureCount_); }
public void testBasic() { PibMemory pibImpl = new PibMemory(); // Start with an empty container. PibCertificateContainer container = new PibCertificateContainer( fixture.id1Key1Name, pibImpl); Assert.AssertEquals(0, container.size()); Assert.AssertEquals(0, container.getCertificates_().Count); // Add a certificate. container.add(fixture.id1Key1Cert1); Assert.AssertEquals(1, container.size()); Assert.AssertEquals(1, container.getCertificates_().Count); Assert.AssertTrue(container.getCertificates_().Contains( fixture.id1Key1Cert1.getName())); // Add the same certificate again. container.add(fixture.id1Key1Cert1); Assert.AssertEquals(1, container.size()); Assert.AssertEquals(1, container.getCertificates_().Count); Assert.AssertTrue(container.getCertificates_().Contains( fixture.id1Key1Cert1.getName())); // Add another certificate. container.add(fixture.id1Key1Cert2); Assert.AssertEquals(2, container.size()); Assert.AssertEquals(2, container.getCertificates_().Count); Assert.AssertTrue(container.getCertificates_().Contains( fixture.id1Key1Cert1.getName())); Assert.AssertTrue(container.getCertificates_().Contains( fixture.id1Key1Cert2.getName())); // Get the certificates. try { container.get(fixture.id1Key1Cert1.getName()); } catch (Exception ex) { Assert.Fail("Unexpected exception: " + ex.Message); } try { container.get(fixture.id1Key1Cert2.getName()); } catch (Exception ex_0) { Assert.Fail("Unexpected exception: " + ex_0.Message); } Name id1Key1Cert3Name = new Name(fixture.id1Key1Name); id1Key1Cert3Name.append("issuer").appendVersion(3); try { container.get(id1Key1Cert3Name); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_1) { } catch (Exception ex_2) { Assert.Fail("Did not throw the expected exception"); } // Check the certificates. CertificateV2 cert1 = container.get(fixture.id1Key1Cert1.getName()); CertificateV2 cert2 = container.get(fixture.id1Key1Cert2.getName()); // Use the wire encoding to check equivalence. Assert.AssertTrue(cert1.wireEncode().equals(fixture.id1Key1Cert1.wireEncode())); Assert.AssertTrue(cert2.wireEncode().equals(fixture.id1Key1Cert2.wireEncode())); // Create another container with the same PibImpl. The cache should be empty. PibCertificateContainer container2 = new PibCertificateContainer( fixture.id1Key1Name, pibImpl); Assert.AssertEquals(2, container2.size()); Assert.AssertEquals(0, container2.getCertificates_().Count); // Get a certificate. The cache should be filled. try { container2.get(fixture.id1Key1Cert1.getName()); } catch (Exception ex_3) { Assert.Fail("Unexpected exception: " + ex_3.Message); } Assert.AssertEquals(2, container2.size()); Assert.AssertEquals(1, container2.getCertificates_().Count); try { container2.get(fixture.id1Key1Cert2.getName()); } catch (Exception ex_4) { Assert.Fail("Unexpected exception: " + ex_4.Message); } Assert.AssertEquals(2, container2.size()); Assert.AssertEquals(2, container2.getCertificates_().Count); // Remove a certificate. container2.remove(fixture.id1Key1Cert1.getName()); Assert.AssertEquals(1, container2.size()); Assert.AssertEquals(1, container2.getCertificates_().Count); Assert.AssertTrue(!container2.getCertificates_().Contains( fixture.id1Key1Cert1.getName())); Assert.AssertTrue(container2.getCertificates_().Contains( fixture.id1Key1Cert2.getName())); // Remove another certificate. container2.remove(fixture.id1Key1Cert2.getName()); Assert.AssertEquals(0, container2.size()); Assert.AssertEquals(0, container2.getCertificates_().Count); Assert.AssertTrue(!container2.getCertificates_().Contains( fixture.id1Key1Cert2.getName())); }
public void testCertificateOperation() { PibMemory pibImpl = new PibMemory(); PibKeyImpl key11 = new PibKeyImpl(fixture.id1Key1Name, fixture.id1Key1.buf(), pibImpl); try { new PibKeyImpl(fixture.id1Key1Name, pibImpl); } catch (Exception ex) { Assert.Fail("Unexpected exception: " + ex.Message); } // The key should not have any certificates. Assert.AssertEquals(0, key11.getCertificates_().size()); // Getting a non-existing certificate should throw Pib.Error. try { key11.getCertificate(fixture.id1Key1Cert1.getName()); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_0) { } catch (Exception ex_1) { Assert.Fail("Did not throw the expected exception"); } // Getting the non-existing default certificate should throw Pib.Error. try { key11.getDefaultCertificate(); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_2) { } catch (Exception ex_3) { Assert.Fail("Did not throw the expected exception"); } // Setting a non-existing certificate as the default should throw Pib.Error. try { key11.setDefaultCertificate(fixture.id1Key1Cert1.getName()); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_4) { } catch (Exception ex_5) { Assert.Fail("Did not throw the expected exception"); } // Add a certificate. key11.addCertificate(fixture.id1Key1Cert1); try { key11.getCertificate(fixture.id1Key1Cert1.getName()); } catch (Exception ex_6) { Assert.Fail("Unexpected exception: " + ex_6.Message); } // The new certificate becomes the default when there was no default. try { key11.getDefaultCertificate(); } catch (Exception ex_7) { Assert.Fail("Unexpected exception: " + ex_7.Message); } CertificateV2 defaultCert0 = key11.getDefaultCertificate(); Assert.AssertTrue(fixture.id1Key1Cert1.getName() .equals(defaultCert0.getName())); // Use the wire encoding to check equivalence. Assert.AssertTrue(fixture.id1Key1Cert1.wireEncode().equals( defaultCert0.wireEncode())); // Remove the certificate. key11.removeCertificate(fixture.id1Key1Cert1.getName()); try { key11.getCertificate(fixture.id1Key1Cert1.getName()); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_8) { } catch (Exception ex_9) { Assert.Fail("Did not throw the expected exception"); } try { key11.getDefaultCertificate(); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_10) { } catch (Exception ex_11) { Assert.Fail("Did not throw the expected exception"); } // Set the default certificate directly. try { key11.setDefaultCertificate(fixture.id1Key1Cert1); } catch (Exception ex_12) { Assert.Fail("Unexpected exception: " + ex_12.Message); } try { key11.getDefaultCertificate(); } catch (Exception ex_13) { Assert.Fail("Unexpected exception: " + ex_13.Message); } try { key11.getCertificate(fixture.id1Key1Cert1.getName()); } catch (Exception ex_14) { Assert.Fail("Unexpected exception: " + ex_14.Message); } // Check the default cert. CertificateV2 defaultCert1 = key11.getDefaultCertificate(); Assert.AssertTrue(fixture.id1Key1Cert1.getName() .equals(defaultCert1.getName())); Assert.AssertTrue(defaultCert1.wireEncode().equals( fixture.id1Key1Cert1.wireEncode())); // Add another certificate. key11.addCertificate(fixture.id1Key1Cert2); Assert.AssertEquals(2, key11.getCertificates_().size()); // Set the default certificate using a name. try { key11.setDefaultCertificate(fixture.id1Key1Cert2.getName()); } catch (Exception ex_15) { Assert.Fail("Unexpected exception: " + ex_15.Message); } try { key11.getDefaultCertificate(); } catch (Exception ex_16) { Assert.Fail("Unexpected exception: " + ex_16.Message); } CertificateV2 defaultCert2 = key11.getDefaultCertificate(); Assert.AssertTrue(fixture.id1Key1Cert2.getName() .equals(defaultCert2.getName())); Assert.AssertTrue(defaultCert2.wireEncode().equals( fixture.id1Key1Cert2.wireEncode())); // Remove a certificate. key11.removeCertificate(fixture.id1Key1Cert1.getName()); try { key11.getCertificate(fixture.id1Key1Cert1.getName()); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_17) { } catch (Exception ex_18) { Assert.Fail("Did not throw the expected exception"); } Assert.AssertEquals(1, key11.getCertificates_().size()); // Set the default certificate directly again, which should change the default. try { key11.setDefaultCertificate(fixture.id1Key1Cert1); } catch (Exception ex_19) { Assert.Fail("Unexpected exception: " + ex_19.Message); } CertificateV2 defaultCert3 = key11.getDefaultCertificate(); Assert.AssertTrue(fixture.id1Key1Cert1.getName() .equals(defaultCert3.getName())); Assert.AssertTrue(defaultCert3.wireEncode().equals( fixture.id1Key1Cert1.wireEncode())); Assert.AssertEquals(2, key11.getCertificates_().size()); // Remove all certificates. key11.removeCertificate(fixture.id1Key1Cert1.getName()); try { key11.getCertificate(fixture.id1Key1Cert1.getName()); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_20) { } catch (Exception ex_21) { Assert.Fail("Did not throw the expected exception"); } Assert.AssertEquals(1, key11.getCertificates_().size()); key11.removeCertificate(fixture.id1Key1Cert2.getName()); try { key11.getCertificate(fixture.id1Key1Cert2.getName()); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_22) { } catch (Exception ex_23) { Assert.Fail("Did not throw the expected exception"); } try { key11.getDefaultCertificate(); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_24) { } catch (Exception ex_25) { Assert.Fail("Did not throw the expected exception"); } Assert.AssertEquals(0, key11.getCertificates_().size()); }
/// <summary> /// Add the certificate. If a certificate with the same name (without implicit /// digest) already exists, then overwrite the certificate. If the key or /// identity does not exist, they will be created. If no default certificate /// for the key has been set, then set the added certificate as the default for /// the key. If no default key was set for the identity, it will be set as the /// default key for the identity. If no default identity was selected, the /// certificate's identity becomes the default. /// </summary> /// /// <param name="certificate">The certificate to add. This copies the object.</param> /// <exception cref="PibImpl.Error">for a non-semantic (database access) error.</exception> public override void addCertificate(CertificateV2 certificate) { // Ensure the key exists. Blob content = certificate.getContent(); addKey(certificate.getIdentity(), certificate.getKeyName(), content.buf()); if (!hasCertificate(certificate.getName())) { try { PreparedStatement statement = database_ .prepareStatement(net.named_data.jndn.security.pib.PibSqlite3Base.INSERT_addCertificate); statement.setBytes(1, certificate.getKeyName().wireEncode() .getImmutableArray()); statement.setBytes(2, certificate.getName().wireEncode() .getImmutableArray()); statement.setBytes(3, certificate.wireEncode() .getImmutableArray()); try { statement.executeUpdate(); } finally { statement.close(); } } catch (SQLException exception) { throw new PibImpl.Error("PibSqlite3: SQLite error: " + exception); } } else { try { PreparedStatement statement_0 = database_ .prepareStatement(net.named_data.jndn.security.pib.PibSqlite3Base.UPDATE_addCertificate); statement_0.setBytes(1, certificate.wireEncode() .getImmutableArray()); statement_0.setBytes(2, certificate.getName().wireEncode() .getImmutableArray()); try { statement_0.executeUpdate(); } finally { statement_0.close(); } } catch (SQLException exception_1) { throw new PibImpl.Error("PibSqlite3: SQLite error: " + exception_1); } } if (!hasDefaultCertificateOfKey(certificate.getKeyName())) { try { setDefaultCertificateOfKey(certificate.getKeyName(), certificate.getName()); } catch (Pib.Error ex) { throw new PibImpl.Error( "PibSqlite3: Error setting the default certificate: " + ex); } } }
private static CertificateV2 makeSelfSignedCertificate(Name keyName, Blob privateKeyBag, Blob publicKeyEncoding, ByteBuffer password, DigestAlgorithm digestAlgorithm, WireFormat wireFormat) { CertificateV2 certificate = new CertificateV2(); // Set the name. double now = net.named_data.jndn.util.Common.getNowMilliseconds(); Name certificateName = new Name(keyName); certificateName.append("self").appendVersion((long)now); certificate.setName(certificateName); // Set the MetaInfo. certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY); // Set a one-hour freshness period. certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d); // Set the content. PublicKey publicKey = null; try { publicKey = new PublicKey(publicKeyEncoding); } catch (UnrecognizedKeyFormatException ex) { // Promote to Pib.Error. throw new Pib.Error("Error decoding public key " + ex); } certificate.setContent(publicKey.getKeyDer()); // Create a temporary in-memory Tpm and import the private key. Tpm tpm = new Tpm("", "", new TpmBackEndMemory()); tpm.importPrivateKey_(keyName, privateKeyBag.buf(), password); // Set the signature info. if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.RSA) { certificate.setSignature(new Sha256WithRsaSignature()); } else if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.EC) { certificate.setSignature(new Sha256WithEcdsaSignature()); } else { throw new AssertionError("Unsupported key type"); } Signature signatureInfo = certificate.getSignature(); net.named_data.jndn.KeyLocator.getFromSignature(signatureInfo).setType( net.named_data.jndn.KeyLocatorType.KEYNAME); net.named_data.jndn.KeyLocator.getFromSignature(signatureInfo).setKeyName(keyName); // Set a 20-year validity period. net.named_data.jndn.security.ValidityPeriod.getFromSignature(signatureInfo).setPeriod(now, now + 20 * 365 * 24 * 3600 * 1000.0d); // Encode once to get the signed portion. SignedBlob encoding = certificate.wireEncode(wireFormat); Blob signatureBytes = tpm.sign(encoding.signedBuf(), keyName, digestAlgorithm); signatureInfo.setSignature(signatureBytes); // Encode again to include the signature. certificate.wireEncode(wireFormat); return(certificate); }