/// <summary>
/// Add a certificate to the identity storage. Also call addKey to ensure that
/// the certificate key exists. If the certificate is already installed, don't
/// replace it.
/// </summary>
///
/// <param name="certificate"></param>
public sealed override void addCertificate(IdentityCertificate certificate)
{
Name certificateName = certificate.getName();
Name keyName = certificate.getPublicKeyName();
addKey(keyName, certificate.getPublicKeyInfo().getKeyType(),
certificate.getPublicKeyInfo().getKeyDer());
if (doesCertificateExist(certificateName))
{
return;
}
// Insert the certificate.
try {
PreparedStatement statement = database_
.prepareStatement("INSERT INTO Certificate (cert_name, cert_issuer, identity_name, key_identifier, not_before, not_after, certificate_data) "
+ "values (?, ?, ?, ?, datetime(?, 'unixepoch'), datetime(?, 'unixepoch'), ?)");
statement.setString(1, certificateName.toUri());
Name signerName = net.named_data.jndn.KeyLocator.getFromSignature(
certificate.getSignature()).getKeyName();
statement.setString(2, signerName.toUri());
String keyId = keyName.get(-1).toEscapedString();
Name identity = keyName.getPrefix(-1);
statement.setString(3, identity.toUri());
statement.setString(4, keyId);
// Convert from milliseconds to seconds since 1/1/1970.
statement.setLong(5,
(long)(Math.Floor(certificate.getNotBefore() / 1000.0d)));
statement.setLong(6,
(long)(Math.Floor(certificate.getNotAfter() / 1000.0d)));
// wireEncode returns the cached encoding if available.
statement.setBytes(7, certificate.wireEncode().getImmutableArray());
try {
statement.executeUpdate();
} finally {
statement.close();
}
} catch (SQLException exception) {
throw new SecurityException("BasicIdentityStorage: SQLite error: "
+ exception);
}
}
/// <summary>
/// Add a new member with the given memberCertificate into a schedule named
/// scheduleName. If cert is an IdentityCertificate made from memberCertificate,
/// then the member's identity name is cert.getPublicKeyName().getPrefix(-1).
/// </summary>
///
/// <param name="scheduleName">The schedule name.</param>
/// <param name="memberCertificate">The member's certificate.</param>
/// <exception cref="GroupManagerDb.Error">If there's no schedule named scheduleName, ifthe member's identity name already exists, or other database error.</exception>
/// <exception cref="DerDecodingException">for error decoding memberCertificate as acertificate.</exception>
public void addMember(String scheduleName, Data memberCertificate)
{
IdentityCertificate cert = new IdentityCertificate(memberCertificate);
database_.addMember(scheduleName, cert.getPublicKeyName(), cert
.getPublicKeyInfo().getKeyDer());
}
/// <summary>
/// Add a certificate to the identity storage. Also call addKey to ensure that
/// the certificate key exists. If the certificate is already installed, don't
/// replace it.
/// </summary>
///
/// <param name="certificate"></param>
public override void addCertificate(IdentityCertificate certificate)
{
Name certificateName = certificate.getName();
Name keyName = certificate.getPublicKeyName();
addKey(keyName, certificate.getPublicKeyInfo().getKeyType(),
certificate.getPublicKeyInfo().getKeyDer());
if (doesCertificateExist(certificateName))
{
return;
}
// Insert the certificate.
ILOG.J2CsMapping.Collections.Collections.Put(certificateStore_, certificateName.toUri(), certificate.wireEncode());
}
public void testCreateDKeyData()
{
// Create the group manager.
GroupManager manager = new GroupManager(new Name("Alice"), new Name(
"data_type"), new Sqlite3GroupManagerDb(
dKeyDatabaseFilePath.FullName), 2048, 1, keyChain);
Blob newCertificateBlob = certificate.wireEncode();
IdentityCertificate newCertificate = new IdentityCertificate();
newCertificate.wireDecode(newCertificateBlob);
// Encrypt the D-KEY.
Data data = friendAccess.createDKeyData(manager, "20150825T000000",
"20150827T000000", new Name("/ndn/memberA/KEY"),
decryptKeyBlob, newCertificate.getPublicKeyInfo().getKeyDer());
// Verify the encrypted D-KEY.
Blob dataContent = data.getContent();
// Get the nonce key.
// dataContent is a sequence of the two EncryptedContent.
EncryptedContent encryptedNonce = new EncryptedContent();
encryptedNonce.wireDecode(dataContent);
Assert.AssertEquals(0, encryptedNonce.getInitialVector().size());
Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep,
encryptedNonce.getAlgorithmType());
Blob blobNonce = encryptedNonce.getPayload();
EncryptParams decryptParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep);
Blob nonce = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(decryptKeyBlob, blobNonce,
decryptParams);
// Get the D-KEY.
// Use the size of encryptedNonce to find the start of encryptedPayload.
ByteBuffer payloadContent = dataContent.buf().duplicate();
payloadContent.position(encryptedNonce.wireEncode().size());
EncryptedContent encryptedPayload = new EncryptedContent();
encryptedPayload.wireDecode(payloadContent);
Assert.AssertEquals(16, encryptedPayload.getInitialVector().size());
Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc,
encryptedPayload.getAlgorithmType());
decryptParams.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc);
decryptParams.setInitialVector(encryptedPayload.getInitialVector());
Blob blobPayload = encryptedPayload.getPayload();
Blob largePayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(nonce, blobPayload,
decryptParams);
Assert.AssertTrue(largePayload.equals(decryptKeyBlob));
}
