/// <summary> /// Prepare an unsigned identity certificate. /// </summary> /// /// <param name="keyName">The key name, e.g., `/{identity_name}/ksk-123456`.</param> /// <param name="publicKey">The public key to sign.</param> /// <param name="signingIdentity">The signing identity.</param> /// <param name="notBefore">See IdentityCertificate.</param> /// <param name="notAfter">See IdentityCertificate.</param> /// <param name="subjectDescription">on the keyName.</param> /// <param name="certPrefix">signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-...`).</param> /// <returns>The unsigned IdentityCertificate, or null if the inputs are invalid.</returns> public IdentityCertificate prepareUnsignedIdentityCertificate( Name keyName, PublicKey publicKey, Name signingIdentity, double notBefore, double notAfter, IList subjectDescription, Name certPrefix) { if (keyName.size() < 1) return null; String tempKeyIdPrefix = keyName.get(-1).toEscapedString(); if (tempKeyIdPrefix.Length < 4) return null; String keyIdPrefix = tempKeyIdPrefix.Substring(0,(4)-(0)); if (!keyIdPrefix.equals("ksk-") && !keyIdPrefix.equals("dsk-")) return null; IdentityCertificate certificate = new IdentityCertificate(); Name certName = new Name(); if (certPrefix == null) { // No certificate prefix hint, so infer the prefix. if (signingIdentity.match(keyName)) certName.append(signingIdentity).append("KEY") .append(keyName.getSubName(signingIdentity.size())) .append("ID-CERT") .appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds()); else certName.append(keyName.getPrefix(-1)).append("KEY") .append(keyName.get(-1)).append("ID-CERT") .appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds()); } else { // A cert prefix hint is supplied, so determine the cert name. if (certPrefix.match(keyName) && !certPrefix.equals(keyName)) certName.append(certPrefix).append("KEY") .append(keyName.getSubName(certPrefix.size())) .append("ID-CERT") .appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds()); else return null; } certificate.setName(certName); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); certificate.setPublicKeyInfo(publicKey); if (subjectDescription == null || (subjectDescription.Count==0)) certificate .addSubjectDescription(new CertificateSubjectDescription( "2.5.4.41", keyName.getPrefix(-1).toUri())); else { for (int i = 0; i < subjectDescription.Count; ++i) certificate .addSubjectDescription((CertificateSubjectDescription) subjectDescription[i]); } try { certificate.encode(); } catch (DerEncodingException ex) { throw new SecurityException("DerEncodingException: " + ex); } catch (DerDecodingException ex_0) { throw new SecurityException("DerDecodingException: " + ex_0); } return certificate; }
/// <summary> /// Generate a self-signed certificate for a public key. /// </summary> /// /// <param name="keyName">The name of the public key.</param> /// <returns>The generated certificate.</returns> public IdentityCertificate selfSign(Name keyName) { IdentityCertificate certificate = new IdentityCertificate(); Blob keyBlob = identityStorage_.getKey(keyName); PublicKey publicKey = new PublicKey(keyBlob); Calendar calendar = ILOG.J2CsMapping.Util.Calendar.getInstance(); double notBefore = (double) calendar.getTimeInMillis(); calendar.add(ILOG.J2CsMapping.Util.Calendar.YEAR, 2); double notAfter = (double) calendar.getTimeInMillis(); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); Name certificateName = keyName.getPrefix(-1).append("KEY") .append(keyName.get(-1)).append("ID-CERT") .appendVersion((long) certificate.getNotBefore()); certificate.setName(certificateName); certificate.setPublicKeyInfo(publicKey); certificate.addSubjectDescription(new CertificateSubjectDescription( "2.5.4.41", keyName.toUri())); try { certificate.encode(); } catch (DerEncodingException ex) { // We don't expect this to happen. ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(IdentityManager).FullName).log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null, ex); return null; } catch (DerDecodingException ex_0) { // We don't expect this to happen. ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(IdentityManager).FullName).log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null, ex_0); return null; } signByCertificate(certificate, certificate.getName()); return certificate; }
/// <summary> /// Create an identity certificate for a public key supplied by the caller. /// </summary> /// /// <param name="certificatePrefix">The name of public key to be signed.</param> /// <param name="publicKey">The public key to be signed.</param> /// <param name="signerCertificateName">The name of signing certificate.</param> /// <param name="notBefore">The notBefore value in the validity field of the generated certificate.</param> /// <param name="notAfter">The notAfter vallue in validity field of the generated certificate.</param> /// <returns>The generated identity certificate.</returns> public IdentityCertificate createIdentityCertificate( Name certificatePrefix, PublicKey publicKey, Name signerCertificateName, double notBefore, double notAfter) { IdentityCertificate certificate = new IdentityCertificate(); Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix); Name certificateName = new Name(certificatePrefix); certificateName.append("ID-CERT").appendVersion( (long) net.named_data.jndn.util.Common.getNowMilliseconds()); certificate.setName(certificateName); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); certificate.setPublicKeyInfo(publicKey); certificate.addSubjectDescription(new CertificateSubjectDescription( "2.5.4.41", keyName.toUri())); try { certificate.encode(); } catch (DerEncodingException ex) { throw new SecurityException("DerDecodingException: " + ex); } catch (DerDecodingException ex_0) { throw new SecurityException("DerEncodingException: " + ex_0); } Sha256WithRsaSignature sha256Sig = new Sha256WithRsaSignature(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(signerCertificateName); sha256Sig.setKeyLocator(keyLocator); certificate.setSignature(sha256Sig); SignedBlob unsignedData = certificate.wireEncode(); IdentityCertificate signerCertificate; try { signerCertificate = getCertificate(signerCertificateName); } catch (DerDecodingException ex_1) { throw new SecurityException("DerDecodingException: " + ex_1); } Name signerkeyName = signerCertificate.getPublicKeyName(); Blob sigBits = privateKeyStorage_.sign(unsignedData.signedBuf(), signerkeyName); sha256Sig.setSignature(sigBits); return certificate; }