/// <summary> /// Set this to type SignerType.ID according to the given PibIdentity. /// This does not change the digest algorithm. /// </summary> /// /// <param name="identity">identity.getName().</param> /// <returns>This SigningInfo.</returns> public SigningInfo setPibIdentity(PibIdentity identity) { reset(net.named_data.jndn.security.SigningInfo.SignerType.ID); if (identity != null) { name_ = identity.getName(); } identity_ = identity; return(this); }
/// <summary> /// Create an AccessManagerV2 to serve the NAC public key for other data /// producers to fetch, and to serve encrypted versions of the private keys /// (as safe bags) for authorized consumers to fetch. /// KEK and KDK naming: /// [identity]/NAC/[dataset]/KEK /[key-id] (== KEK, public key) /// [identity]/NAC/[dataset]/KDK/[key-id] /ENCRYPTED-BY/[user]/KEY/[key-id] (== KDK, encrypted private key) /// \_____________ ______________/ /// \/ /// registered with NFD /// </summary> /// /// <param name="identity"></param> /// <param name="dataset">The name of dataset that this manager is controlling.</param> /// <param name="keyChain">The KeyChain used to sign Data packets.</param> /// <param name="face"></param> public AccessManagerV2(PibIdentity identity, Name dataset, KeyChain keyChain, Face face) { this.storage_ = new InMemoryStorageRetaining(); identity_ = identity; keyChain_ = keyChain; face_ = face; // The NAC identity is: <identity>/NAC/<dataset> // Generate the NAC key. PibIdentity nacIdentity = keyChain_.createIdentityV2( new Name(identity.getName()).append( net.named_data.jndn.encrypt.EncryptorV2.NAME_COMPONENT_NAC).append(dataset), new RsaKeyParams()); nacKey_ = nacIdentity.getDefaultKey(); if (nacKey_.getKeyType() != net.named_data.jndn.security.KeyType.RSA) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.INFO, "Cannot re-use existing KEK/KDK pair, as it is not an RSA key, regenerating"); nacKey_ = keyChain_.createKey(nacIdentity, new RsaKeyParams()); } Name.Component nacKeyId = nacKey_.getName().get(-1); Name kekPrefix = new Name(nacKey_.getIdentityName()) .append(net.named_data.jndn.encrypt.EncryptorV2.NAME_COMPONENT_KEK); Data kekData = new Data(nacKey_.getDefaultCertificate()); kekData.setName(new Name(kekPrefix).append(nacKeyId)); kekData.getMetaInfo().setFreshnessPeriod( DEFAULT_KEK_FRESHNESS_PERIOD_MS); keyChain_.sign(kekData, new SigningInfo(identity_)); // A KEK looks like a certificate, but doesn't have a ValidityPeriod. storage_.insert(kekData); OnInterestCallback serveFromStorage = new AccessManagerV2.Anonymous_C1(this); OnRegisterFailed onRegisterFailed = new AccessManagerV2.Anonymous_C0(); kekRegisteredPrefixId_ = face_.registerPrefix(kekPrefix, serveFromStorage, onRegisterFailed); Name kdkPrefix = new Name(nacKey_.getIdentityName()).append( net.named_data.jndn.encrypt.EncryptorV2.NAME_COMPONENT_KDK).append(nacKeyId); kdkRegisteredPrefixId_ = face_.registerPrefix(kdkPrefix, serveFromStorage, onRegisterFailed); }
public void testBasic() { PibMemory pibImpl = new PibMemory(); // Start with an empty container. PibIdentityContainer container = new PibIdentityContainer(pibImpl); Assert.AssertEquals(0, container.size()); Assert.AssertEquals(0, container.getIdentities_().Count); // Add the first identity. PibIdentity identity11 = container.add(fixture.id1); Assert.AssertTrue(fixture.id1.equals(identity11.getName())); Assert.AssertEquals(1, container.size()); Assert.AssertEquals(1, container.getIdentities_().Count); Assert.AssertTrue(container.getIdentities_().Contains(fixture.id1)); // Add the same identity again. PibIdentity identity12 = container.add(fixture.id1); Assert.AssertTrue(fixture.id1.equals(identity12.getName())); Assert.AssertEquals(1, container.size()); Assert.AssertEquals(1, container.getIdentities_().Count); Assert.AssertTrue(container.getIdentities_().Contains(fixture.id1)); // Add the second identity. PibIdentity identity21 = container.add(fixture.id2); Assert.AssertTrue(fixture.id2.equals(identity21.getName())); Assert.AssertEquals(2, container.size()); Assert.AssertEquals(2, container.getIdentities_().Count); Assert.AssertTrue(container.getIdentities_().Contains(fixture.id1)); Assert.AssertTrue(container.getIdentities_().Contains(fixture.id2)); // Get identities. try { container.get(fixture.id1); } catch (Exception ex) { Assert.Fail("Unexpected exception: " + ex.Message); } try { container.get(fixture.id2); } catch (Exception ex_0) { Assert.Fail("Unexpected exception: " + ex_0.Message); } try { container.get(new Name("/non-existing")); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_1) { } catch (Exception ex_2) { Assert.Fail("Did not throw the expected exception"); } // Check the identity. PibIdentity identity1 = container.get(fixture.id1); PibIdentity identity2 = container.get(fixture.id2); Assert.AssertTrue(fixture.id1.equals(identity1.getName())); Assert.AssertTrue(fixture.id2.equals(identity2.getName())); // Create another container from the same PibImpl. The cache should be empty. PibIdentityContainer container2 = new PibIdentityContainer(pibImpl); Assert.AssertEquals(2, container2.size()); Assert.AssertEquals(0, container2.getIdentities_().Count); // Get keys. The cache should be filled. try { container2.get(fixture.id1); } catch (Exception ex_3) { Assert.Fail("Unexpected exception: " + ex_3.Message); } Assert.AssertEquals(2, container2.size()); Assert.AssertEquals(1, container2.getIdentities_().Count); try { container2.get(fixture.id2); } catch (Exception ex_4) { Assert.Fail("Unexpected exception: " + ex_4.Message); } Assert.AssertEquals(2, container2.size()); Assert.AssertEquals(2, container2.getIdentities_().Count); // Remove a key. container2.remove(fixture.id1); Assert.AssertEquals(1, container2.size()); Assert.AssertEquals(1, container2.getIdentities_().Count); Assert.AssertTrue(!container2.getIdentities_().Contains(fixture.id1)); Assert.AssertTrue(container2.getIdentities_().Contains(fixture.id2)); // Remove another key. container2.remove(fixture.id2); Assert.AssertEquals(0, container2.size()); Assert.AssertEquals(0, container2.getIdentities_().Count); Assert.AssertTrue(!container2.getIdentities_().Contains(fixture.id2)); }
public void testManagement() { Name identityName = new Name("/test/id"); Name identity2Name = new Name("/test/id2"); Assert.AssertEquals(0, fixture_.keyChain_.getPib().getIdentities_().size()); try { fixture_.keyChain_.getPib().getDefaultIdentity(); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex) { } catch (Exception ex_0) { Assert.Fail("Did not throw the expected exception"); } // Create an identity. PibIdentity id = fixture_.keyChain_.createIdentityV2(identityName); Assert.AssertTrue(id != null); Assert.AssertTrue(fixture_.keyChain_.getPib().getIdentities_() .getIdentities_().Contains(identityName)); // The first added identity becomes the default identity. try { fixture_.keyChain_.getPib().getDefaultIdentity(); } catch (Exception ex_1) { Assert.Fail("Unexpected exception: " + ex_1.Message); } // The default key of the added identity must exist. PibKey key = null; try { key = id.getDefaultKey(); } catch (Exception ex_2) { Assert.Fail("Unexpected exception: " + ex_2.Message); } // The default certificate of the default key must exist. try { key.getDefaultCertificate(); } catch (Exception ex_3) { Assert.Fail("Unexpected exception: " + ex_3.Message); } // Delete the key. Name key1Name = key.getName(); try { id.getKey(key1Name); } catch (Exception ex_4) { Assert.Fail("Unexpected exception: " + ex_4.Message); } Assert.AssertEquals(1, id.getKeys_().size()); fixture_.keyChain_.deleteKey(id, key); /* TODO: Implement key validity. * // The key instance should not be valid anymore. * assertTrue(!key); */ try { id.getKey(key1Name); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_5) { } catch (Exception ex_6) { Assert.Fail("Did not throw the expected exception"); } Assert.AssertEquals(0, id.getKeys_().size()); // Create another key. fixture_.keyChain_.createKey(id); // The added key becomes the default key. try { id.getDefaultKey(); } catch (Exception ex_7) { Assert.Fail("Unexpected exception: " + ex_7.Message); } PibKey key2 = id.getDefaultKey(); Assert.AssertTrue(key2 != null); Assert.AssertTrue(!key2.getName().equals(key1Name)); Assert.AssertEquals(1, id.getKeys_().size()); try { key2.getDefaultCertificate(); } catch (Exception ex_8) { Assert.Fail("Unexpected exception: " + ex_8.Message); } // Create a third key. PibKey key3 = fixture_.keyChain_.createKey(id); Assert.AssertTrue(!key3.getName().equals(key2.getName())); // The added key will not be the default key, because the default key already exists. Assert.AssertTrue(id.getDefaultKey().getName().equals(key2.getName())); Assert.AssertEquals(2, id.getKeys_().size()); try { key3.getDefaultCertificate(); } catch (Exception ex_9) { Assert.Fail("Unexpected exception: " + ex_9.Message); } // Delete the certificate. Assert.AssertEquals(1, key3.getCertificates_().size()); CertificateV2 key3Cert1 = (CertificateV2)ILOG.J2CsMapping.Collections.Collections.ToArray(key3.getCertificates_() .getCertificates_().Values)[0]; Name key3CertName = key3Cert1.getName(); fixture_.keyChain_.deleteCertificate(key3, key3CertName); Assert.AssertEquals(0, key3.getCertificates_().size()); try { key3.getDefaultCertificate(); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_10) { } catch (Exception ex_11) { Assert.Fail("Did not throw the expected exception"); } // Add a certificate. fixture_.keyChain_.addCertificate(key3, key3Cert1); Assert.AssertEquals(1, key3.getCertificates_().size()); try { key3.getDefaultCertificate(); } catch (Exception ex_12) { Assert.Fail("Unexpected exception: " + ex_12.Message); } // Overwriting the certificate should work. fixture_.keyChain_.addCertificate(key3, key3Cert1); Assert.AssertEquals(1, key3.getCertificates_().size()); // Add another certificate. CertificateV2 key3Cert2 = new CertificateV2(key3Cert1); Name key3Cert2Name = new Name(key3.getName()); key3Cert2Name.append("Self"); key3Cert2Name.appendVersion(1); key3Cert2.setName(key3Cert2Name); fixture_.keyChain_.addCertificate(key3, key3Cert2); Assert.AssertEquals(2, key3.getCertificates_().size()); // Set the default certificate. Assert.AssertTrue(key3.getDefaultCertificate().getName().equals(key3CertName)); fixture_.keyChain_.setDefaultCertificate(key3, key3Cert2); Assert.AssertTrue(key3.getDefaultCertificate().getName().equals(key3Cert2Name)); // Set the default key. Assert.AssertTrue(id.getDefaultKey().getName().equals(key2.getName())); fixture_.keyChain_.setDefaultKey(id, key3); Assert.AssertTrue(id.getDefaultKey().getName().equals(key3.getName())); // Set the default identity. PibIdentity id2 = fixture_.keyChain_.createIdentityV2(identity2Name); Assert.AssertTrue(fixture_.keyChain_.getPib().getDefaultIdentity().getName() .equals(id.getName())); fixture_.keyChain_.setDefaultIdentity(id2); Assert.AssertTrue(fixture_.keyChain_.getPib().getDefaultIdentity().getName() .equals(id2.getName())); // Delete an identity. fixture_.keyChain_.deleteIdentity(id); /* TODO: Implement identity validity. * // The identity instance should not be valid any more. * BOOST_CHECK(!id); */ try { fixture_.keyChain_.getPib().getIdentity(identityName); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_13) { } catch (Exception ex_14) { Assert.Fail("Did not throw the expected exception"); } Assert.AssertTrue(!fixture_.keyChain_.getPib().getIdentities_() .getIdentities_().Contains(identityName)); }
internal Interest makeCommandInterest(PibIdentity identity) { return(signer_.makeCommandInterest(new Name(identity.getName()) .append("CMD"), new SigningInfo(identity))); }
public void testInsert() { // Static anchorContainer.insert("group1", certificate1); Assert.AssertTrue(anchorContainer.find(certificate1.getName()) != null); Assert.AssertTrue(anchorContainer.find(identity1.getName()) != null); CertificateV2 certificate = anchorContainer .find(certificate1.getName()); try { // Re-inserting the same certificate should do nothing. anchorContainer.insert("group1", certificate1); } catch (Exception ex) { Assert.Fail("Unexpected exception: " + ex.Message); } // It should still be the same instance of the certificate. Assert.AssertTrue(certificate == anchorContainer.find(certificate1.getName())); // Cannot add a dynamic group when the static already exists. try { anchorContainer.insert("group1", certificatePath1.FullName, 400.0d); Assert.Fail("Did not throw the expected exception"); } catch (TrustAnchorContainer.Error ex_0) { } catch (Exception ex_1) { Assert.Fail("Did not throw the expected exception"); } Assert.AssertEquals(1, anchorContainer.getGroup("group1").size()); Assert.AssertEquals(1, anchorContainer.size()); // From file anchorContainer.insert("group2", certificatePath2.FullName, 400.0d); Assert.AssertTrue(anchorContainer.find(certificate2.getName()) != null); Assert.AssertTrue(anchorContainer.find(identity2.getName()) != null); try { anchorContainer.insert("group2", certificate2); Assert.Fail("Did not throw the expected exception"); } catch (TrustAnchorContainer.Error ex_2) { } catch (Exception ex_3) { Assert.Fail("Did not throw the expected exception"); } try { anchorContainer.insert("group2", certificatePath2.FullName, 400.0d); Assert.Fail("Did not throw the expected exception"); } catch (TrustAnchorContainer.Error ex_4) { } catch (Exception ex_5) { Assert.Fail("Did not throw the expected exception"); } Assert.AssertEquals(1, anchorContainer.getGroup("group2").size()); Assert.AssertEquals(2, anchorContainer.size()); certificatePath2.delete(); // Wait for the refresh period to expire. ILOG.J2CsMapping.Threading.ThreadWrapper.sleep(500); Assert.AssertTrue(anchorContainer.find(identity2.getName()) == null); Assert.AssertTrue(anchorContainer.find(certificate2.getName()) == null); Assert.AssertEquals(0, anchorContainer.getGroup("group2").size()); Assert.AssertEquals(1, anchorContainer.size()); TrustAnchorGroup group = anchorContainer.getGroup("group1"); Assert.AssertTrue(group is StaticTrustAnchorGroup); StaticTrustAnchorGroup staticGroup = (StaticTrustAnchorGroup)group; Assert.AssertEquals(1, staticGroup.size()); staticGroup.remove(certificate1.getName()); Assert.AssertEquals(0, staticGroup.size()); Assert.AssertEquals(0, anchorContainer.size()); try { anchorContainer.getGroup("non-existing-group"); Assert.Fail("Did not throw the expected exception"); } catch (TrustAnchorContainer.Error ex_6) { } catch (Exception ex_7) { Assert.Fail("Did not throw the expected exception"); } }