/// <summary>
/// Authorize a member identified by memberCertificate to decrypt data under
/// the policy.
/// </summary>
///
/// <param name="memberCertificate"></param>
/// <returns>The published KDK Data packet.</returns>
public Data addMember(CertificateV2 memberCertificate)
{
Name kdkName = new Name(nacKey_.getIdentityName());
kdkName.append(net.named_data.jndn.encrypt.EncryptorV2.NAME_COMPONENT_KDK)
.append(nacKey_.getName().get(-1))
// key-id
.append(net.named_data.jndn.encrypt.EncryptorV2.NAME_COMPONENT_ENCRYPTED_BY)
.append(memberCertificate.getKeyName());
int secretLength = 32;
byte[] secret = new byte[secretLength];
net.named_data.jndn.util.Common.getRandom().nextBytes(secret);
// To be compatible with OpenSSL which uses a null-terminated string,
// replace each 0 with 1. And to be compatible with the Java security
// library which interprets the secret as a char array converted to UTF8,
// limit each byte to the ASCII range 1 to 127.
for (int i = 0; i < secretLength; ++i)
{
if (secret[i] == 0)
{
secret[i] = 1;
}
secret[i] &= 0x7f;
}
SafeBag kdkSafeBag = keyChain_.exportSafeBag(
nacKey_.getDefaultCertificate(), ILOG.J2CsMapping.NIO.ByteBuffer.wrap(secret));
PublicKey memberKey = new PublicKey(memberCertificate.getPublicKey());
EncryptedContent encryptedContent = new EncryptedContent();
encryptedContent.setPayload(kdkSafeBag.wireEncode());
encryptedContent.setPayloadKey(memberKey.encrypt(secret,
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep));
Data kdkData = new Data(kdkName);
kdkData.setContent(encryptedContent.wireEncodeV2());
// FreshnessPeriod can serve as a soft access control for revoking access.
kdkData.getMetaInfo().setFreshnessPeriod(
DEFAULT_KDK_FRESHNESS_PERIOD_MS);
keyChain_.sign(kdkData, new SigningInfo(identity_));
storage_.insert(kdkData);
return(kdkData);
}
