/// <summary>
/// Encrypt the payload using the symmetric key according to params, and return
/// an EncryptedContent.
/// </summary>
///
/// <param name="payload">The data to encrypt.</param>
/// <param name="key">The key value.</param>
/// <param name="keyName">The key name for the EncryptedContent key locator.</param>
/// <param name="params">The parameters for encryption.</param>
/// <returns>A new EncryptedContent.</returns>
private static EncryptedContent encryptSymmetric(Blob payload, Blob key,
Name keyName, EncryptParams paras)
{
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
Blob initialVector = paras.getInitialVector();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.setKeyName(keyName);
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc ||
algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb)
{
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc)
{
if (initialVector.size() != net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE)
{
throw new Exception("incorrect initial vector size");
}
}
Blob encryptedPayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(key, payload, paras);
EncryptedContent result = new EncryptedContent();
result.setAlgorithmType(algorithmType);
result.setKeyLocator(keyLocator);
result.setPayload(encryptedPayload);
result.setInitialVector(initialVector);
return(result);
}
else
{
throw new Exception("Unsupported encryption method");
}
}
/// <summary>
/// Encrypt the payload using the asymmetric key according to params, and
/// return an EncryptedContent.
/// </summary>
///
/// <param name="payload"></param>
/// <param name="key">The key value.</param>
/// <param name="keyName">The key name for the EncryptedContent key locator.</param>
/// <param name="params">The parameters for encryption.</param>
/// <returns>A new EncryptedContent.</returns>
private static EncryptedContent encryptAsymmetric(Blob payload, Blob key,
Name keyName, EncryptParams paras)
{
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.setKeyName(keyName);
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs ||
algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)
{
Blob encryptedPayload = net.named_data.jndn.encrypt.algo.RsaAlgorithm.encrypt(key, payload, paras);
EncryptedContent result = new EncryptedContent();
result.setAlgorithmType(algorithmType);
result.setKeyLocator(keyLocator);
result.setPayload(encryptedPayload);
return(result);
}
else
{
throw new Exception("Unsupported encryption method");
}
}
/// <summary>
/// Decrypt the encryptedData using the keyBits according the encrypt params.
/// </summary>
///
/// <param name="keyBits">The key value (PKCS8-encoded private key).</param>
/// <param name="encryptedData">The data to decrypt.</param>
/// <param name="params">This decrypts according to params.getAlgorithmType().</param>
/// <returns>The decrypted data.</returns>
public static Blob decrypt(Blob keyBits, Blob encryptedData,
EncryptParams paras)
{
PrivateKey privateKey = keyFactory_
.generatePrivate(new PKCS8EncodedKeySpec(keyBits
.getImmutableArray()));
String transformation;
if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs)
{
transformation = "RSA/ECB/PKCS1Padding";
}
else if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)
{
transformation = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
}
else
{
throw new Exception("unsupported padding scheme");
}
Cipher cipher = javax.crypto.Cipher.getInstance(transformation);
cipher.init(javax.crypto.Cipher.DECRYPT_MODE, privateKey);
return(new Blob(cipher.doFinal(encryptedData.getImmutableArray()),
false));
}
/// <summary>
/// Decrypt the encryptedData using the keyBits according the encrypt params.
/// </summary>
///
/// <param name="keyBits">The key value.</param>
/// <param name="encryptedData">The data to decrypt.</param>
/// <param name="params"></param>
/// <returns>The decrypted data.</returns>
public static Blob decrypt(Blob keyBits, Blob encryptedData,
EncryptParams paras)
{
if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb)
{
Cipher cipher = javax.crypto.Cipher.getInstance("AES/ECB/PKCS5PADDING");
cipher.init(javax.crypto.Cipher.DECRYPT_MODE,
new SecretKeySpec(keyBits.getImmutableArray(), "AES"));
return(new Blob(cipher.doFinal(encryptedData.getImmutableArray()),
false));
}
else if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc)
{
if (paras.getInitialVector().size() != BLOCK_SIZE)
{
throw new Exception("incorrect initial vector size");
}
Cipher cipher_0 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher_0.init(javax.crypto.Cipher.DECRYPT_MODE,
new SecretKeySpec(keyBits.getImmutableArray(), "AES"),
new IvParameterSpec(paras.getInitialVector()
.getImmutableArray()));
return(new Blob(cipher_0.doFinal(encryptedData.getImmutableArray()),
false));
}
else
{
throw new Exception("unsupported encryption mode");
}
}
/// <summary>
/// Encrypt the plainData using the keyBits according the encrypt params.
/// </summary>
///
/// <param name="keyBits">The key value (DER-encoded public key).</param>
/// <param name="plainData">The data to encrypt.</param>
/// <param name="params">This encrypts according to params.getAlgorithmType().</param>
/// <returns>The encrypted data.</returns>
public static Blob encrypt(Blob keyBits, Blob plainData,
EncryptParams paras)
{
try {
return(new PublicKey(keyBits).encrypt(plainData,
paras.getAlgorithmType()));
} catch (UnrecognizedKeyFormatException ex) {
throw new InvalidKeyException(ex.Message);
}
}
/// <summary>
/// Prepare an encrypted data packet by encrypting the payload using the key
/// according to the params. In addition, this prepares the encoded
/// EncryptedContent with the encryption result using keyName and params. The
/// encoding is set as the content of the data packet. If params defines an
/// asymmetric encryption algorithm and the payload is larger than the maximum
/// plaintext size, this encrypts the payload with a symmetric key that is
/// asymmetrically encrypted and provided as a nonce in the content of the data
/// packet. The packet's /{dataName}/ is updated to be
/// /{dataName}/FOR/{keyName}
/// </summary>
///
/// <param name="data">The data packet which is updated.</param>
/// <param name="payload">The payload to encrypt.</param>
/// <param name="keyName">The key name for the EncryptedContent.</param>
/// <param name="key">The encryption key value.</param>
/// <param name="params">The parameters for encryption.</param>
public static void encryptData(Data data, Blob payload, Name keyName,
Blob key, EncryptParams paras)
{
data.getName().append(NAME_COMPONENT_FOR).append(keyName);
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc
|| algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) {
EncryptedContent content = encryptSymmetric(payload, key, keyName,
paras);
data.setContent(content.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get()));
} else if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs
|| algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) {
// Java doesn't have a direct way to get the maximum plain text size, so
// try to encrypt the payload first and catch the error if it is too big.
try {
EncryptedContent content_0 = encryptAsymmetric(payload, key,
keyName, paras);
data.setContent(content_0.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get()));
return;
} catch (IllegalBlockSizeException ex) {
// The payload is larger than the maximum plaintext size. Continue.
}
// 128-bit nonce.
ByteBuffer nonceKeyBuffer = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(16);
net.named_data.jndn.util.Common.getRandom().nextBytes(nonceKeyBuffer.array());
Blob nonceKey = new Blob(nonceKeyBuffer, false);
Name nonceKeyName = new Name(keyName);
nonceKeyName.append("nonce");
EncryptParams symmetricParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc, net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE);
EncryptedContent nonceContent = encryptSymmetric(payload, nonceKey,
nonceKeyName, symmetricParams);
EncryptedContent payloadContent = encryptAsymmetric(nonceKey, key,
keyName, paras);
Blob nonceContentEncoding = nonceContent.wireEncode();
Blob payloadContentEncoding = payloadContent.wireEncode();
ByteBuffer content_1 = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(nonceContentEncoding
.size() + payloadContentEncoding.size());
content_1.put(payloadContentEncoding.buf());
content_1.put(nonceContentEncoding.buf());
content_1.flip();
data.setContent(new Blob(content_1, false));
} else
throw new Exception("Unsupported encryption method");
}
public void testEncryptionDecryption()
{
EncryptParams encryptParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb, 16);
Blob key = new Blob(KEY, false);
DecryptKey decryptKey = new DecryptKey(key);
EncryptKey encryptKey = net.named_data.jndn.encrypt.algo.AesAlgorithm.deriveEncryptKey(decryptKey
.getKeyBits());
// Check key loading and key derivation.
Assert.AssertTrue(encryptKey.getKeyBits().equals(key));
Assert.AssertTrue(decryptKey.getKeyBits().equals(key));
Blob plainBlob = new Blob(PLAINTEXT, false);
// Encrypt data in AES_ECB.
Blob cipherBlob = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(encryptKey.getKeyBits(),
plainBlob, encryptParams);
Assert.AssertTrue(cipherBlob.equals(new Blob(CIPHERTEXT_ECB, false)));
// Decrypt data in AES_ECB.
Blob receivedBlob = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(decryptKey.getKeyBits(),
cipherBlob, encryptParams);
Assert.AssertTrue(receivedBlob.equals(plainBlob));
// Encrypt/decrypt data in AES_CBC with auto-generated IV.
encryptParams.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc);
cipherBlob = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(encryptKey.getKeyBits(), plainBlob,
encryptParams);
receivedBlob = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(decryptKey.getKeyBits(),
cipherBlob, encryptParams);
Assert.AssertTrue(receivedBlob.equals(plainBlob));
// Encrypt data in AES_CBC with specified IV.
Blob initialVector = new Blob(INITIAL_VECTOR, false);
encryptParams.setInitialVector(initialVector);
cipherBlob = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(encryptKey.getKeyBits(), plainBlob,
encryptParams);
Assert.AssertTrue(cipherBlob.equals(new Blob(CIPHERTEXT_CBC_IV, false)));
// Decrypt data in AES_CBC with specified IV.
receivedBlob = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(decryptKey.getKeyBits(),
cipherBlob, encryptParams);
Assert.AssertTrue(receivedBlob.equals(plainBlob));
}
/// <summary>
/// Decrypt the encryptedData using the keyBits according the encrypt params.
/// </summary>
///
/// <param name="keyBits">The key value (PKCS8-encoded private key).</param>
/// <param name="encryptedData">The data to decrypt.</param>
/// <param name="params">This decrypts according to params.getAlgorithmType().</param>
/// <returns>The decrypted data.</returns>
public static Blob decrypt(Blob keyBits, Blob encryptedData,
EncryptParams paras)
{
TpmPrivateKey privateKey = new TpmPrivateKey();
try {
privateKey.loadPkcs8(keyBits.buf());
} catch (TpmPrivateKey.Error ex) {
throw new SecurityException("decrypt: Error in loadPkcs8: " + ex);
}
try {
return(privateKey.decrypt(encryptedData.buf(),
paras.getAlgorithmType()));
} catch (TpmPrivateKey.Error ex_0) {
throw new SecurityException("decrypt: Error in decrypt: " + ex_0);
}
}
/// <summary>
/// Decrypt the encryptedData using the keyBits according the encrypt params.
/// </summary>
///
/// <param name="keyBits">The key value (PKCS8-encoded private key).</param>
/// <param name="encryptedData">The data to decrypt.</param>
/// <param name="params">This decrypts according to params.getAlgorithmType().</param>
/// <returns>The decrypted data.</returns>
public static Blob decrypt(Blob keyBits, Blob encryptedData,
EncryptParams paras)
{
PrivateKey privateKey = keyFactory_
.generatePrivate(new PKCS8EncodedKeySpec(keyBits
.getImmutableArray()));
String transformation;
if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs)
transformation = "RSA/ECB/PKCS1Padding";
else if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)
transformation = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
else
throw new Exception("unsupported padding scheme");
Cipher cipher = javax.crypto.Cipher.getInstance(transformation);
cipher.init(javax.crypto.Cipher.DECRYPT_MODE, privateKey);
return new Blob(cipher.doFinal(encryptedData.getImmutableArray()),
false);
}
/// <summary>
/// Decrypt the encryptedData using the keyBits according the encrypt params.
/// </summary>
///
/// <param name="keyBits">The key value.</param>
/// <param name="encryptedData">The data to decrypt.</param>
/// <param name="params"></param>
/// <returns>The decrypted data.</returns>
public static Blob decrypt(Blob keyBits, Blob encryptedData,
EncryptParams paras)
{
if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) {
Cipher cipher = javax.crypto.Cipher.getInstance("AES/ECB/PKCS5PADDING");
cipher.init(javax.crypto.Cipher.DECRYPT_MODE,
new SecretKeySpec(keyBits.getImmutableArray(), "AES"));
return new Blob(cipher.doFinal(encryptedData.getImmutableArray()),
false);
} else if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) {
if (paras.getInitialVector().size() != BLOCK_SIZE)
throw new Exception("incorrect initial vector size");
Cipher cipher_0 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher_0.init(javax.crypto.Cipher.DECRYPT_MODE,
new SecretKeySpec(keyBits.getImmutableArray(), "AES"),
new IvParameterSpec(paras.getInitialVector()
.getImmutableArray()));
return new Blob(cipher_0.doFinal(encryptedData.getImmutableArray()),
false);
} else
throw new Exception("unsupported encryption mode");
}
/// <summary>
/// Prepare an encrypted data packet by encrypting the payload using the key
/// according to the params. In addition, this prepares the encoded
/// EncryptedContent with the encryption result using keyName and params. The
/// encoding is set as the content of the data packet. If params defines an
/// asymmetric encryption algorithm and the payload is larger than the maximum
/// plaintext size, this encrypts the payload with a symmetric key that is
/// asymmetrically encrypted and provided as a nonce in the content of the data
/// packet. The packet's /{dataName}/ is updated to be
/// /{dataName}/FOR/{keyName}
/// </summary>
///
/// <param name="data">The data packet which is updated.</param>
/// <param name="payload">The payload to encrypt.</param>
/// <param name="keyName">The key name for the EncryptedContent.</param>
/// <param name="key">The encryption key value.</param>
/// <param name="params">The parameters for encryption.</param>
public static void encryptData(Data data, Blob payload, Name keyName,
Blob key, EncryptParams paras)
{
Name dataName = data.getName();
dataName.append(NAME_COMPONENT_FOR).append(keyName);
data.setName(dataName);
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc ||
algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb)
{
EncryptedContent content = encryptSymmetric(payload, key, keyName,
paras);
data.setContent(content.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get()));
}
else if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs ||
algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)
{
// Java doesn't have a direct way to get the maximum plain text size, so
// try to encrypt the payload first and catch the error if it is too big.
try {
EncryptedContent content_0 = encryptAsymmetric(payload, key,
keyName, paras);
data.setContent(content_0.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get()));
return;
} catch (IllegalBlockSizeException ex) {
// The payload is larger than the maximum plaintext size. Continue.
}
// 128-bit nonce.
ByteBuffer nonceKeyBuffer = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(16);
net.named_data.jndn.util.Common.getRandom().nextBytes(nonceKeyBuffer.array());
Blob nonceKey = new Blob(nonceKeyBuffer, false);
Name nonceKeyName = new Name(keyName);
nonceKeyName.append("nonce");
EncryptParams symmetricParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc, net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE);
EncryptedContent nonceContent = encryptSymmetric(payload, nonceKey,
nonceKeyName, symmetricParams);
EncryptedContent payloadContent = encryptAsymmetric(nonceKey, key,
keyName, paras);
Blob nonceContentEncoding = nonceContent.wireEncode();
Blob payloadContentEncoding = payloadContent.wireEncode();
ByteBuffer content_1 = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(nonceContentEncoding
.size() + payloadContentEncoding.size());
content_1.put(payloadContentEncoding.buf());
content_1.put(nonceContentEncoding.buf());
content_1.flip();
data.setContent(new Blob(content_1, false));
}
else
{
throw new Exception("Unsupported encryption method");
}
}
/// <summary>
/// Decrypt encryptedContent using keyBits.
/// </summary>
///
/// <param name="encryptedContent">The EncryptedContent to decrypt.</param>
/// <param name="keyBits">The key value.</param>
/// <param name="onPlainText_0"></param>
/// <param name="onError_1">This calls onError.onError(errorCode, message) for an error.</param>
internal static void decrypt(EncryptedContent encryptedContent,
Blob keyBits, Consumer.OnPlainText onPlainText_0, net.named_data.jndn.encrypt.EncryptError.OnError onError_1)
{
Blob payload = encryptedContent.getPayload();
if (encryptedContent.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) {
// Prepare the parameters.
EncryptParams decryptParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc);
decryptParams.setInitialVector(encryptedContent.getInitialVector());
// Decrypt the content.
Blob content;
try {
content = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(keyBits, payload, decryptParams);
} catch (Exception ex) {
try {
onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat,
ex.Message);
} catch (Exception exception) {
logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception);
}
return;
}
try {
onPlainText_0.onPlainText(content);
} catch (Exception ex_2) {
logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onPlainText", ex_2);
}
} else if (encryptedContent.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) {
// Prepare the parameters.
EncryptParams decryptParams_3 = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep);
// Decrypt the content.
Blob content_4;
try {
content_4 = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(keyBits, payload, decryptParams_3);
} catch (Exception ex_5) {
try {
onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat,
ex_5.Message);
} catch (Exception exception_6) {
logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception_6);
}
return;
}
try {
onPlainText_0.onPlainText(content_4);
} catch (Exception ex_7) {
logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onPlainText", ex_7);
}
} else {
try {
onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.UnsupportedEncryptionScheme,
encryptedContent.getAlgorithmType().toString());
} catch (Exception ex_8) {
logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", ex_8);
}
}
}
/// <summary>
/// Encrypt the given content with the content key that covers timeSlot, and
/// update the data packet with the encrypted content and an appropriate data
/// name.
/// </summary>
///
/// <param name="data">An empty Data object which is updated.</param>
/// <param name="timeSlot_0">The time slot as milliseconds since Jan 1, 1970 UTC.</param>
/// <param name="content">The content to encrypt.</param>
/// <param name="onError_1">better error handling the callback should catch and properly handle any exceptions.</param>
public void produce(Data data, double timeSlot_0, Blob content,
net.named_data.jndn.encrypt.EncryptError.OnError onError_1)
{
// Get a content key.
Name contentKeyName = createContentKey(timeSlot_0, null, onError_1);
Blob contentKey = database_.getContentKey(timeSlot_0);
// Produce data.
Name dataName = new Name(namespace_);
dataName.append(net.named_data.jndn.encrypt.Schedule.toIsoString(timeSlot_0));
data.setName(dataName);
EncryptParams paras = new EncryptParams(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc,
16);
net.named_data.jndn.encrypt.algo.Encryptor
.encryptData(data, content, contentKeyName, contentKey, paras);
keyChain_.sign(data);
}
/// <summary>
/// Get the content key from the database_ and encrypt it for the timeSlot
/// using encryptionKey.
/// </summary>
///
/// <param name="encryptionKey">The encryption key value.</param>
/// <param name="eKeyName">The key name for the EncryptedContent.</param>
/// <param name="timeSlot_0">The time slot as milliseconds since Jan 1, 1970 UTC.</param>
/// <param name="onEncryptedKeys_1">encrypted content key Data packets. If onEncryptedKeys is null, this does not use it.</param>
/// <returns>True if encryption succeeds, otherwise false.</returns>
private bool encryptContentKey(Blob encryptionKey, Name eKeyName,
double timeSlot_0, Producer.OnEncryptedKeys onEncryptedKeys_1, net.named_data.jndn.encrypt.EncryptError.OnError onError_2)
{
double timeCount = Math.Round(timeSlot_0,MidpointRounding.AwayFromZero);
Producer.KeyRequest keyRequest = (Producer.KeyRequest ) ILOG.J2CsMapping.Collections.Collections.Get(keyRequests_,timeCount);
Name keyName = new Name(namespace_);
keyName.append(net.named_data.jndn.encrypt.algo.Encryptor.NAME_COMPONENT_C_KEY);
keyName.append(net.named_data.jndn.encrypt.Schedule.toIsoString(getRoundedTimeSlot(timeSlot_0)));
Blob contentKey = database_.getContentKey(timeSlot_0);
Data cKeyData = new Data();
cKeyData.setName(keyName);
EncryptParams paras = new EncryptParams(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep);
try {
net.named_data.jndn.encrypt.algo.Encryptor.encryptData(cKeyData, contentKey, eKeyName,
encryptionKey, paras);
} catch (Exception ex) {
try {
onError_2.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.EncryptionFailure, ex.Message);
} catch (Exception exception) {
logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception);
}
return false;
}
keyChain_.sign(cKeyData);
ILOG.J2CsMapping.Collections.Collections.Add(keyRequest.encryptedKeys,cKeyData);
updateKeyRequest(keyRequest, timeCount, onEncryptedKeys_1);
return true;
}
public void testContentAsymmetricEncryptSmall()
{
/* foreach */
foreach (TestEncryptor.AsymmetricEncryptInput input in encryptorRsaTestInputs) {
Blob rawContent = new Blob(toBuffer(new int[] { 0x01, 0x23, 0x45,
0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76,
0x54, 0x32, 0x10, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74,
0x73 }), false);
Data data = new Data();
RsaKeyParams rsaParams = new RsaKeyParams(1024);
Name keyName = new Name("test");
DecryptKey decryptKey = net.named_data.jndn.encrypt.algo.RsaAlgorithm.generateKey(rsaParams);
EncryptKey encryptKey = net.named_data.jndn.encrypt.algo.RsaAlgorithm.deriveEncryptKey(decryptKey
.getKeyBits());
Blob eKey = encryptKey.getKeyBits();
Blob dKey = decryptKey.getKeyBits();
EncryptParams encryptParams = new EncryptParams(input.type());
net.named_data.jndn.encrypt.algo.Encryptor.encryptData(data, rawContent, keyName, eKey,
encryptParams);
Assert.AssertEquals(input.testName(), new Name("/FOR").append(keyName),
data.getName());
EncryptedContent extractContent = new EncryptedContent();
extractContent.wireDecode(data.getContent());
Assert.AssertEquals(input.testName(), keyName, extractContent
.getKeyLocator().getKeyName());
Assert.AssertEquals(input.testName(), 0, extractContent.getInitialVector()
.size());
Assert.AssertEquals(input.testName(), input.type(),
extractContent.getAlgorithmType());
Blob recovered = extractContent.getPayload();
Blob decrypted = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(dKey, recovered,
encryptParams);
Assert.AssertTrue(input.testName(), rawContent.equals(decrypted));
}
}
public void testKeyGeneration()
{
AesKeyParams keyParams = new AesKeyParams(128);
DecryptKey decryptKey = net.named_data.jndn.encrypt.algo.AesAlgorithm.generateKey(keyParams);
EncryptKey encryptKey = net.named_data.jndn.encrypt.algo.AesAlgorithm.deriveEncryptKey(decryptKey
.getKeyBits());
Blob plainBlob = new Blob(PLAINTEXT, false);
// Encrypt/decrypt data in AES_CBC with auto-generated IV.
EncryptParams encryptParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb, 16);
Blob cipherBlob = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(encryptKey.getKeyBits(),
plainBlob, encryptParams);
Blob receivedBlob = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(decryptKey.getKeyBits(),
cipherBlob, encryptParams);
Assert.AssertTrue(receivedBlob.equals(plainBlob));
}
public void testGetGroupKey()
{
// Create the group manager.
GroupManager manager = new GroupManager(new Name("Alice"), new Name(
"data_type"), new Sqlite3GroupManagerDb(
System.IO.Path.GetFullPath(groupKeyDatabaseFilePath.Name)), 1024, 1, keyChain);
setManager(manager);
// Get the data list from the group manager.
double timePoint1 = net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150825T093000");
IList result = manager.getGroupKey(timePoint1);
AssertEquals(4, result.Count);
// The first data packet contains the group's encryption key (public key).
Data data = (Data) result[0];
AssertEquals(
"/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000",
data.getName().toUri());
EncryptKey groupEKey = new EncryptKey(data.getContent());
// Get the second data packet and decrypt.
data = (Data) result[1];
AssertEquals(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123",
data.getName().toUri());
/////////////////////////////////////////////////////// Start decryption.
Blob dataContent = data.getContent();
// Get the nonce key.
// dataContent is a sequence of the two EncryptedContent.
EncryptedContent encryptedNonce = new EncryptedContent();
encryptedNonce.wireDecode(dataContent);
AssertEquals(0, encryptedNonce.getInitialVector().size());
AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep,
encryptedNonce.getAlgorithmType());
EncryptParams decryptParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep);
Blob blobNonce = encryptedNonce.getPayload();
Blob nonce = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(decryptKeyBlob, blobNonce,
decryptParams);
// Get the payload.
// Use the size of encryptedNonce to find the start of encryptedPayload.
ByteBuffer payloadContent = dataContent.buf().duplicate();
payloadContent.position(encryptedNonce.wireEncode().size());
EncryptedContent encryptedPayload = new EncryptedContent();
encryptedPayload.wireDecode(payloadContent);
AssertEquals(16, encryptedPayload.getInitialVector().size());
AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc,
encryptedPayload.getAlgorithmType());
decryptParams.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc);
decryptParams.setInitialVector(encryptedPayload.getInitialVector());
Blob blobPayload = encryptedPayload.getPayload();
Blob largePayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(nonce, blobPayload,
decryptParams);
// Get the group D-KEY.
DecryptKey groupDKey = new DecryptKey(largePayload);
/////////////////////////////////////////////////////// End decryption.
// Check the D-KEY.
EncryptKey derivedGroupEKey = net.named_data.jndn.encrypt.algo.RsaAlgorithm.deriveEncryptKey(groupDKey
.getKeyBits());
AssertTrue(groupEKey.getKeyBits().equals(derivedGroupEKey.getKeyBits()));
// Check the third data packet.
data = (Data) result[2];
AssertEquals(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberB/ksk-123",
data.getName().toUri());
// Check the fourth data packet.
data = (Data) result[3];
AssertEquals(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberC/ksk-123",
data.getName().toUri());
// Check invalid time stamps for getting the group key.
double timePoint2 = net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150826T083000");
AssertEquals(0, manager.getGroupKey(timePoint2).Count);
double timePoint3 = net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150827T023000");
AssertEquals(0, manager.getGroupKey(timePoint3).Count);
}
/// <summary>
/// Encrypt the payload using the symmetric key according to params, and return
/// an EncryptedContent.
/// </summary>
///
/// <param name="payload">The data to encrypt.</param>
/// <param name="key">The key value.</param>
/// <param name="keyName">The key name for the EncryptedContent key locator.</param>
/// <param name="params">The parameters for encryption.</param>
/// <returns>A new EncryptedContent.</returns>
private static EncryptedContent encryptSymmetric(Blob payload, Blob key,
Name keyName, EncryptParams paras)
{
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
Blob initialVector = paras.getInitialVector();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.setKeyName(keyName);
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc
|| algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) {
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) {
if (initialVector.size() != net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE)
throw new Exception("incorrect initial vector size");
}
Blob encryptedPayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(key, payload, paras);
EncryptedContent result = new EncryptedContent();
result.setAlgorithmType(algorithmType);
result.setKeyLocator(keyLocator);
result.setPayload(encryptedPayload);
result.setInitialVector(initialVector);
return result;
} else
throw new Exception("Unsupported encryption method");
}
/// <summary>
/// Encrypt the payload using the asymmetric key according to params, and
/// return an EncryptedContent.
/// </summary>
///
/// <param name="payload"></param>
/// <param name="key">The key value.</param>
/// <param name="keyName">The key name for the EncryptedContent key locator.</param>
/// <param name="params">The parameters for encryption.</param>
/// <returns>A new EncryptedContent.</returns>
private static EncryptedContent encryptAsymmetric(Blob payload, Blob key,
Name keyName, EncryptParams paras)
{
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.setKeyName(keyName);
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs
|| algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) {
Blob encryptedPayload = net.named_data.jndn.encrypt.algo.RsaAlgorithm.encrypt(key, payload, paras);
EncryptedContent result = new EncryptedContent();
result.setAlgorithmType(algorithmType);
result.setKeyLocator(keyLocator);
result.setPayload(encryptedPayload);
return result;
} else
throw new Exception("Unsupported encryption method");
}
public void testContentAsymmetricEncryptLarge()
{
/* foreach */
foreach (TestEncryptor.AsymmetricEncryptInput input in encryptorRsaTestInputs) {
Blob largeContent = new Blob(toBuffer(new int[] { 0x73, 0x5a, 0xbd,
0x47, 0x0c, 0xfe, 0xf8, 0x7d, 0x2e, 0x17, 0xaa, 0x11, 0x6f,
0x23, 0xc5, 0x10, 0x23, 0x36, 0x88, 0xc4, 0x2a, 0x0f, 0x9a,
0x72, 0x54, 0x31, 0xa8, 0xb3, 0x51, 0x18, 0x9f, 0x0e, 0x1b,
0x93, 0x62, 0xd9, 0xc4, 0xf5, 0xf4, 0x3d, 0x61, 0x9a, 0xca,
0x05, 0x65, 0x6b, 0xc6, 0x41, 0xf9, 0xd5, 0x1c, 0x67, 0xc1,
0xd0, 0xd5, 0x6f, 0x7b, 0x70, 0xb8, 0x8f, 0xdb, 0x19, 0x68,
0x7c, 0xe0, 0x2d, 0x04, 0x49, 0xa9, 0xa2, 0x77, 0x4e, 0xfc,
0x60, 0x0d, 0x7c, 0x1b, 0x93, 0x6c, 0xd2, 0x61, 0xc4, 0x6b,
0x01, 0xe9, 0x12, 0x28, 0x6d, 0xf5, 0x78, 0xe9, 0x99, 0x0b,
0x9c, 0x4f, 0x90, 0x34, 0x3e, 0x06, 0x92, 0x57, 0xe3, 0x7a,
0x8f, 0x13, 0xc7, 0xf3, 0xfe, 0xf0, 0xe2, 0x59, 0x48, 0x15,
0xb9, 0xdb, 0x77, 0x07, 0x1d, 0x6d, 0xb5, 0x65, 0x17, 0xdf,
0x76, 0x6f, 0xb5, 0x43, 0xde, 0x71, 0xac, 0xf1, 0x22, 0xbf,
0xb2, 0xe5, 0xd9, 0x22, 0xf1, 0x67, 0x76, 0x71, 0x0c, 0xff,
0x99, 0x7b, 0x94, 0x9b, 0x24, 0x20, 0x80, 0xe3, 0xcc, 0x06,
0x4a, 0xed, 0xdf, 0xec, 0x50, 0xd5, 0x87, 0x3d, 0xa0, 0x7d,
0x9c, 0xe5, 0x13, 0x10, 0x98, 0x14, 0xc3, 0x90, 0x10, 0xd9,
0x25, 0x9a, 0x59, 0xe9, 0x37, 0x26, 0xfd, 0x87, 0xd7, 0xf4,
0xf9, 0x11, 0x91, 0xad, 0x5c, 0x00, 0x95, 0xf5, 0x2b, 0x37,
0xf7, 0x4e, 0xb4, 0x4b, 0x42, 0x7c, 0xb3, 0xad, 0xd6, 0x33,
0x5f, 0x0b, 0x84, 0x57, 0x7f, 0xa7, 0x07, 0x73, 0x37, 0x4b,
0xab, 0x2e, 0xfb, 0xfe, 0x1e, 0xcb, 0xb6, 0x4a, 0xc1, 0x21,
0x5f, 0xec, 0x92, 0xb7, 0xac, 0x97, 0x75, 0x20, 0xc9, 0xd8,
0x9e, 0x93, 0xd5, 0x12, 0x7a, 0x64, 0xb9, 0x4c, 0xed, 0x49,
0x87, 0x44, 0x5b, 0x4f, 0x90, 0x34, 0x3e, 0x06, 0x92, 0x57,
0xe3, 0x7a, 0x8f, 0x13, 0xc7, 0xf3, 0xfe, 0xf0, 0xe2, 0x59,
0x48, 0x15, 0xb9, 0xdb, 0x77, 0x07, 0x1d, 0x6d, 0xb5, 0x65,
0x17, 0xdf, 0x76, 0x6f, 0xb5, 0x43, 0xde, 0x71, 0xac, 0xf1,
0x22, 0xbf, 0xb2, 0xe5, 0xd9 }), false);
Data data = new Data();
RsaKeyParams rsaParams = new RsaKeyParams(1024);
Name keyName = new Name("test");
DecryptKey decryptKey = net.named_data.jndn.encrypt.algo.RsaAlgorithm.generateKey(rsaParams);
EncryptKey encryptKey = net.named_data.jndn.encrypt.algo.RsaAlgorithm.deriveEncryptKey(decryptKey
.getKeyBits());
Blob eKey = encryptKey.getKeyBits();
Blob dKey = decryptKey.getKeyBits();
EncryptParams encryptParams = new EncryptParams(input.type());
net.named_data.jndn.encrypt.algo.Encryptor.encryptData(data, largeContent, keyName, eKey,
encryptParams);
Assert.AssertEquals(input.testName(), new Name("/FOR").append(keyName),
data.getName());
Blob largeDataContent = data.getContent();
// largeDataContent is a sequence of the two EncryptedContent.
EncryptedContent encryptedNonce = new EncryptedContent();
encryptedNonce.wireDecode(largeDataContent);
Assert.AssertEquals(input.testName(), keyName, encryptedNonce
.getKeyLocator().getKeyName());
Assert.AssertEquals(input.testName(), 0, encryptedNonce.getInitialVector()
.size());
Assert.AssertEquals(input.testName(), input.type(),
encryptedNonce.getAlgorithmType());
// Use the size of encryptedNonce to find the start of encryptedPayload.
ByteBuffer payloadContent = largeDataContent.buf().duplicate();
payloadContent.position(encryptedNonce.wireEncode().size());
EncryptedContent encryptedPayload = new EncryptedContent();
encryptedPayload.wireDecode(payloadContent);
Name nonceKeyName = new Name(keyName);
nonceKeyName.append("nonce");
Assert.AssertEquals(input.testName(), nonceKeyName, encryptedPayload
.getKeyLocator().getKeyName());
Assert.AssertEquals(input.testName(), 16, encryptedPayload
.getInitialVector().size());
Assert.AssertEquals(input.testName(), net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc,
encryptedPayload.getAlgorithmType());
Assert.AssertTrue(input.testName(), encryptedNonce.wireEncode().size()
+ encryptedPayload.wireEncode().size() == largeDataContent
.size());
Blob blobNonce = encryptedNonce.getPayload();
Blob nonce = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(dKey, blobNonce, encryptParams);
encryptParams.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc);
encryptParams.setInitialVector(encryptedPayload.getInitialVector());
Blob bufferPayload = encryptedPayload.getPayload();
Blob largePayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(nonce, bufferPayload,
encryptParams);
Assert.AssertTrue(input.testName(), largeContent.equals(largePayload));
}
}
public void testEncryptionDecryption()
{
EncryptParams encryptParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, 0);
Blob privateKeyBlob = new Blob(net.named_data.jndn.util.Common.base64Decode(PRIVATE_KEY), false);
Blob publicKeyBlob = new Blob(net.named_data.jndn.util.Common.base64Decode(PUBLIC_KEY), false);
DecryptKey decryptKey = new DecryptKey(privateKeyBlob);
EncryptKey encryptKey = net.named_data.jndn.encrypt.algo.RsaAlgorithm.deriveEncryptKey(decryptKey
.getKeyBits());
Blob encodedPublic = publicKeyBlob;
Blob derivedPublicKey = encryptKey.getKeyBits();
Assert.AssertTrue(encodedPublic.equals(derivedPublicKey));
Blob plainBlob = new Blob(PLAINTEXT, false);
Blob encryptBlob = net.named_data.jndn.encrypt.algo.RsaAlgorithm.encrypt(encryptKey.getKeyBits(),
plainBlob, encryptParams);
Blob receivedBlob = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(decryptKey.getKeyBits(),
encryptBlob, encryptParams);
Assert.AssertTrue(plainBlob.equals(receivedBlob));
Blob cipherBlob = new Blob(CIPHERTEXT_OAEP, false);
Blob decryptedBlob = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(decryptKey.getKeyBits(),
cipherBlob, encryptParams);
Assert.AssertTrue(plainBlob.equals(decryptedBlob));
// Now test RsaPkcs.
encryptParams = new EncryptParams(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs, 0);
encryptBlob = net.named_data.jndn.encrypt.algo.RsaAlgorithm.encrypt(encryptKey.getKeyBits(), plainBlob,
encryptParams);
receivedBlob = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(decryptKey.getKeyBits(),
encryptBlob, encryptParams);
Assert.AssertTrue(plainBlob.equals(receivedBlob));
cipherBlob = new Blob(CIPHERTEXT_PKCS, false);
decryptedBlob = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(decryptKey.getKeyBits(),
cipherBlob, encryptParams);
Assert.AssertTrue(plainBlob.equals(decryptedBlob));
}
public void testCreateDKeyData()
{
// Create the group manager.
GroupManager manager = new GroupManager(new Name("Alice"), new Name(
"data_type"), new Sqlite3GroupManagerDb(
System.IO.Path.GetFullPath(dKeyDatabaseFilePath.Name)), 2048, 1, keyChain);
Blob newCertificateBlob = certificate.wireEncode();
IdentityCertificate newCertificate = new IdentityCertificate();
newCertificate.wireDecode(newCertificateBlob);
// Encrypt the D-KEY.
Data data = friendAccess.createDKeyData(manager, "20150825T000000",
"20150827T000000", new Name("/ndn/memberA/KEY"),
decryptKeyBlob, newCertificate.getPublicKeyInfo().getKeyDer());
// Verify the encrypted D-KEY.
Blob dataContent = data.getContent();
// Get the nonce key.
// dataContent is a sequence of the two EncryptedContent.
EncryptedContent encryptedNonce = new EncryptedContent();
encryptedNonce.wireDecode(dataContent);
AssertEquals(0, encryptedNonce.getInitialVector().size());
AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep,
encryptedNonce.getAlgorithmType());
Blob blobNonce = encryptedNonce.getPayload();
EncryptParams decryptParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep);
Blob nonce = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(decryptKeyBlob, blobNonce,
decryptParams);
// Get the D-KEY.
// Use the size of encryptedNonce to find the start of encryptedPayload.
ByteBuffer payloadContent = dataContent.buf().duplicate();
payloadContent.position(encryptedNonce.wireEncode().size());
EncryptedContent encryptedPayload = new EncryptedContent();
encryptedPayload.wireDecode(payloadContent);
AssertEquals(16, encryptedPayload.getInitialVector().size());
AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc,
encryptedPayload.getAlgorithmType());
decryptParams.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc);
decryptParams.setInitialVector(encryptedPayload.getInitialVector());
Blob blobPayload = encryptedPayload.getPayload();
Blob largePayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(nonce, blobPayload,
decryptParams);
AssertTrue(largePayload.equals(decryptKeyBlob));
}
/// <summary>
/// Create a D-KEY Data packet with an EncryptedContent for the given private
/// key, encrypted with the certificate key.
/// </summary>
///
/// <param name="startTimeStamp">The start time stamp string to put in the name.</param>
/// <param name="endTimeStamp">The end time stamp string to put in the name.</param>
/// <param name="keyName"></param>
/// <param name="privateKeyBlob">A Blob of the encoded private key.</param>
/// <param name="certificateKey"></param>
/// <returns>The Data packet.</returns>
/// <exception cref="System.Security.SecurityException">for an error using the security KeyChain.</exception>
private Data createDKeyData(String startTimeStamp, String endTimeStamp,
Name keyName, Blob privateKeyBlob, Blob certificateKey)
{
Name name = new Name(namespace_);
name.append(net.named_data.jndn.encrypt.algo.Encryptor.NAME_COMPONENT_D_KEY);
name.append(startTimeStamp).append(endTimeStamp);
Data data = new Data(name);
data.getMetaInfo().setFreshnessPeriod(
freshnessHours_ * MILLISECONDS_IN_HOUR);
EncryptParams encryptParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep);
try {
net.named_data.jndn.encrypt.algo.Encryptor.encryptData(data, privateKeyBlob, keyName,
certificateKey, encryptParams);
} catch (Exception ex) {
// Consolidate errors such as InvalidKeyException.
throw new SecurityException(
"createDKeyData: Error in encryptData: " + ex.Message);
}
keyChain_.sign(data);
return data;
}