Exemple #1
0
        public void testCreateDKeyData()
        {
            // Create the group manager.
            GroupManager manager = new GroupManager(new Name("Alice"), new Name(
                                                        "data_type"), new Sqlite3GroupManagerDb(
                                                        dKeyDatabaseFilePath.FullName), 2048, 1, keyChain);

            Blob newCertificateBlob            = certificate.wireEncode();
            IdentityCertificate newCertificate = new IdentityCertificate();

            newCertificate.wireDecode(newCertificateBlob);

            // Encrypt the D-KEY.
            Data data = friendAccess.createDKeyData(manager, "20150825T000000",
                                                    "20150827T000000", new Name("/ndn/memberA/KEY"),
                                                    decryptKeyBlob, newCertificate.getPublicKeyInfo().getKeyDer());

            // Verify the encrypted D-KEY.
            Blob dataContent = data.getContent();

            // Get the nonce key.
            // dataContent is a sequence of the two EncryptedContent.
            EncryptedContent encryptedNonce = new EncryptedContent();

            encryptedNonce.wireDecode(dataContent);
            Assert.AssertEquals(0, encryptedNonce.getInitialVector().size());
            Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep,
                                encryptedNonce.getAlgorithmType());

            Blob          blobNonce     = encryptedNonce.getPayload();
            EncryptParams decryptParams = new EncryptParams(
                net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep);
            Blob nonce = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(decryptKeyBlob, blobNonce,
                                                                               decryptParams);

            // Get the D-KEY.
            // Use the size of encryptedNonce to find the start of encryptedPayload.
            ByteBuffer payloadContent = dataContent.buf().duplicate();

            payloadContent.position(encryptedNonce.wireEncode().size());
            EncryptedContent encryptedPayload = new EncryptedContent();

            encryptedPayload.wireDecode(payloadContent);
            Assert.AssertEquals(16, encryptedPayload.getInitialVector().size());
            Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc,
                                encryptedPayload.getAlgorithmType());

            decryptParams.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc);
            decryptParams.setInitialVector(encryptedPayload.getInitialVector());
            Blob blobPayload  = encryptedPayload.getPayload();
            Blob largePayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(nonce, blobPayload,
                                                                                      decryptParams);

            Assert.AssertTrue(largePayload.equals(decryptKeyBlob));
        }
        /// <summary>
        /// Get a certificate from the identity storage.
        /// </summary>
        ///
        /// <param name="certificateName">The name of the requested certificate.</param>
        /// <returns>The requested certificate.</returns>
        /// <exception cref="System.Security.SecurityException">if the certificate doesn't exist.</exception>
        public override IdentityCertificate getCertificate(Name certificateName)
        {
            Blob certificateDer = (Blob)ILOG.J2CsMapping.Collections.Collections.Get(certificateStore_, certificateName
                                                                                     .toUri());

            if (certificateDer == null)
            {
                throw new SecurityException(
                          "MemoryIdentityStorage.getKey: The certificate does not exist");
            }

            IdentityCertificate certificate = new IdentityCertificate();

            try {
                certificate.wireDecode(certificateDer);
            } catch (EncodingException ex) {
                throw new SecurityException(
                          "MemoryIdentityStorage.getKey: The certificate cannot be decoded");
            }
            return(certificate);
        }
Exemple #3
0
        /// <summary>
        /// Fetch a certificate from the cache.
        /// </summary>
        ///
        /// <param name="certificateName"></param>
        /// <returns>A new copy of the IdentityCertificate, or null if not found.</returns>
        public IdentityCertificate getCertificate(Name certificateName)
        {
            Blob certData = (Blob)ILOG.J2CsMapping.Collections.Collections.Get(cache_, certificateName.toUri());

            if (certData == null)
            {
                return(null);
            }

            IdentityCertificate cert = new IdentityCertificate();

            try {
                cert.wireDecode(certData.buf());
            } catch (EncodingException ex) {
                ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(CertificateCache).FullName).log(
                    ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null, ex);
                throw new Exception(ex.Message);
            }

            return(cert);
        }
Exemple #4
0
        /// <summary>
        /// Get a certificate from the identity storage.
        /// </summary>
        ///
        /// <param name="certificateName">The name of the requested certificate.</param>
        /// <returns>The requested certificate.</returns>
        /// <exception cref="System.Security.SecurityException">if the certificate doesn't exist.</exception>
        public sealed override IdentityCertificate getCertificate(Name certificateName)
        {
            try {
                PreparedStatement statement;
                statement = database_.prepareStatement(net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.SELECT_getCertificate);
                statement.setString(1, certificateName.toUri());

                IdentityCertificate certificate = new IdentityCertificate();
                try {
                    SqlDataReader result = statement.executeQuery();

                    if (result.NextResult())
                    {
                        try {
                            certificate.wireDecode(new Blob(result
                                                            .getBytes("certificate_data"), false));
                        } catch (EncodingException ex) {
                            throw new SecurityException(
                                      "BasicIdentityStorage: Error decoding certificate data: "
                                      + ex);
                        }
                    }
                    else
                    {
                        throw new SecurityException(
                                  "BasicIdentityStorage.getKey: The key certificate not exist");
                    }
                } finally {
                    statement.close();
                }

                return(certificate);
            } catch (SQLException exception) {
                throw new SecurityException("BasicIdentityStorage: SQLite error: "
                                            + exception);
            }
        }
        public void testRefresh10s()
        {
            StringBuilder encodedData = new StringBuilder();
            TextReader    dataFile    = new FileReader(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName, "testData")).FullName);

            // Use "try/finally instead of "try-with-resources" or "using"
            // which are not supported before Java 7.
            try {
                String line;
                while ((line = dataFile.readLine()) != null)
                {
                    encodedData.append(line);
                }
            } finally {
                dataFile.close();
            }

            byte[] decodedData = net.named_data.jndn.util.Common.base64Decode(encodedData.toString());
            Data   data        = new Data();

            data.wireDecode(new Blob(decodedData, false));

            // This test is needed, since the KeyChain will express interests in unknown
            // certificates.
            VerificationResult vr = doVerify(policyManager_, data);

            Assert.AssertTrue(
                "ConfigPolicyManager did not create ValidationRequest for unknown certificate",
                vr.hasFurtherSteps_);
            Assert.AssertEquals(
                "ConfigPolicyManager called success callback with pending ValidationRequest",
                0, vr.successCount_);
            Assert.AssertEquals(
                "ConfigPolicyManager called failure callback with pending ValidationRequest",
                0, vr.failureCount_);

            // Now save the cert data to our anchor directory, and wait.
            // We have to sign it with the current identity or the policy manager will
            // create an interest for the signing certificate.
            IdentityCertificate cert = new IdentityCertificate();

            byte[] certData = net.named_data.jndn.util.Common.base64Decode(CERT_DUMP);
            cert.wireDecode(new Blob(certData, false));
            keyChain_.signByIdentity(cert, identityName_);
            Blob   signedCertBlob = cert.wireEncode();
            String encodedCert    = net.named_data.jndn.util.Common.base64Encode(signedCertBlob
                                                                                 .getImmutableArray());
            var certFile = (new StreamWriter(
                                testCertFile_.FullName));

            try {
                certFile.Write(encodedCert, 0, encodedCert.Substring(0, encodedCert.Length));
                certFile.flush();
            } finally {
                certFile.close();
            }

            // Still too early for refresh to pick it up.
            vr = doVerify(policyManager_, data);

            Assert.AssertTrue("ConfigPolicyManager refresh occured sooner than specified",
                              vr.hasFurtherSteps_);
            Assert.AssertEquals(
                "ConfigPolicyManager called success callback with pending ValidationRequest",
                0, vr.successCount_);
            Assert.AssertEquals(
                "ConfigPolicyManager called failure callback with pending ValidationRequest",
                0, vr.failureCount_);

            ILOG.J2CsMapping.Threading.ThreadWrapper.sleep(6000);

            // Now we should find it.
            vr = doVerify(policyManager_, data);

            Assert.AssertFalse("ConfigPolicyManager did not refresh certificate store",
                               vr.hasFurtherSteps_);
            Assert.AssertEquals("Verification success called " + vr.successCount_
                                + " times instead of 1", 1, vr.successCount_);
            Assert.AssertEquals("ConfigPolicyManager did not verify valid signed data", 0,
                                vr.failureCount_);
        }