/// <summary> /// Insert the certificate into the cache. Assumes the timestamp is not yet /// removed from the name. /// </summary> /// /// <param name="certificate">The certificate to copy and insert.</param> public void insertCertificate(IdentityCertificate certificate) { Name certName = certificate.getName().getPrefix(-1); ILOG.J2CsMapping.Collections.Collections.Put(cache_,certName.toUri(),certificate.wireEncode()); }
/// <summary> /// Add a certificate to the identity storage. Also call addKey to ensure that /// the certificate key exists. If the certificate is already installed, don't /// replace it. /// </summary> /// /// <param name="certificate"></param> public override void addCertificate(IdentityCertificate certificate) { Name certificateName = certificate.getName(); Name keyName = certificate.getPublicKeyName(); addKey(keyName, certificate.getPublicKeyInfo().getKeyType(), certificate.getPublicKeyInfo().getKeyDer()); if (doesCertificateExist(certificateName)) return; // Insert the certificate. ILOG.J2CsMapping.Collections.Collections.Put(certificateStore_,certificateName.toUri(),certificate.wireEncode()); }
public void testRefresh10s() { StringBuilder encodedData = new StringBuilder(); TextReader dataFile = new System.IO.StreamReader(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName,"testData")).OpenWrite()); // Use "try/finally instead of "try-with-resources" or "using" // which are not supported before Java 7. try { String line; while ((line = dataFile.readLine()) != null) encodedData.append(line); } finally { dataFile.close(); } byte[] decodedData = net.named_data.jndn.util.Common.base64Decode(encodedData.toString()); Data data = new Data(); data.wireDecode(new Blob(decodedData, false)); // This test is needed, since the KeyChain will express interests in unknown // certificates. VerificationResult vr = doVerify(policyManager_, data); AssertTrue( "ConfigPolicyManager did not create ValidationRequest for unknown certificate", vr.hasFurtherSteps_); AssertEquals( "ConfigPolicyManager called success callback with pending ValidationRequest", 0, vr.successCount_); AssertEquals( "ConfigPolicyManager called failure callback with pending ValidationRequest", 0, vr.failureCount_); // Now save the cert data to our anchor directory, and wait. // We have to sign it with the current identity or the policy manager will // create an interest for the signing certificate. IdentityCertificate cert = new IdentityCertificate(); byte[] certData = net.named_data.jndn.util.Common.base64Decode(CERT_DUMP); cert.wireDecode(new Blob(certData, false)); keyChain_.signByIdentity(cert, identityName_); Blob signedCertBlob = cert.wireEncode(); String encodedCert = net.named_data.jndn.util.Common.base64Encode(signedCertBlob .getImmutableArray()); BufferedStream certFile = new BufferedStream(new System.IO.StreamWriter(testCertFile_.OpenRead())); try { certFile.Write(encodedCert,0,encodedCert.Substring(0,encodedCert.Length)); certFile.flush(); } finally { certFile.close(); } // Still too early for refresh to pick it up. vr = doVerify(policyManager_, data); AssertTrue("ConfigPolicyManager refresh occured sooner than specified", vr.hasFurtherSteps_); AssertEquals( "ConfigPolicyManager called success callback with pending ValidationRequest", 0, vr.successCount_); AssertEquals( "ConfigPolicyManager called failure callback with pending ValidationRequest", 0, vr.failureCount_); ILOG.J2CsMapping.Threading.ThreadWrapper.sleep(6000); // Now we should find it. vr = doVerify(policyManager_, data); AssertFalse("ConfigPolicyManager did not refresh certificate store", vr.hasFurtherSteps_); AssertEquals("Verification success called " + vr.successCount_ + " times instead of 1", 1, vr.successCount_); AssertEquals("ConfigPolicyManager did not verify valid signed data", 0, vr.failureCount_); }
/// <summary> /// Create an identity certificate for a public key supplied by the caller. /// </summary> /// /// <param name="certificatePrefix">The name of public key to be signed.</param> /// <param name="publicKey">The public key to be signed.</param> /// <param name="signerCertificateName">The name of signing certificate.</param> /// <param name="notBefore">The notBefore value in the validity field of the generated certificate.</param> /// <param name="notAfter">The notAfter vallue in validity field of the generated certificate.</param> /// <returns>The generated identity certificate.</returns> public IdentityCertificate createIdentityCertificate( Name certificatePrefix, PublicKey publicKey, Name signerCertificateName, double notBefore, double notAfter) { IdentityCertificate certificate = new IdentityCertificate(); Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix); Name certificateName = new Name(certificatePrefix); certificateName.append("ID-CERT").appendVersion( (long) net.named_data.jndn.util.Common.getNowMilliseconds()); certificate.setName(certificateName); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); certificate.setPublicKeyInfo(publicKey); certificate.addSubjectDescription(new CertificateSubjectDescription( "2.5.4.41", keyName.toUri())); try { certificate.encode(); } catch (DerEncodingException ex) { throw new SecurityException("DerDecodingException: " + ex); } catch (DerDecodingException ex_0) { throw new SecurityException("DerEncodingException: " + ex_0); } Sha256WithRsaSignature sha256Sig = new Sha256WithRsaSignature(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(signerCertificateName); sha256Sig.setKeyLocator(keyLocator); certificate.setSignature(sha256Sig); SignedBlob unsignedData = certificate.wireEncode(); IdentityCertificate signerCertificate; try { signerCertificate = getCertificate(signerCertificateName); } catch (DerDecodingException ex_1) { throw new SecurityException("DerDecodingException: " + ex_1); } Name signerkeyName = signerCertificate.getPublicKeyName(); Blob sigBits = privateKeyStorage_.sign(unsignedData.signedBuf(), signerkeyName); sha256Sig.setSignature(sigBits); return certificate; }
/// <summary> /// Add a certificate to the identity storage. Also call addKey to ensure that /// the certificate key exists. If the certificate is already installed, don't /// replace it. /// </summary> /// /// <param name="certificate"></param> public override sealed void addCertificate(IdentityCertificate certificate) { Name certificateName = certificate.getName(); Name keyName = certificate.getPublicKeyName(); addKey(keyName, certificate.getPublicKeyInfo().getKeyType(), certificate.getPublicKeyInfo().getKeyDer()); if (doesCertificateExist(certificateName)) return; // Insert the certificate. try { PreparedStatement statement = database_ .prepareStatement("INSERT INTO Certificate (cert_name, cert_issuer, identity_name, key_identifier, not_before, not_after, certificate_data) " + "values (?, ?, ?, ?, datetime(?, 'unixepoch'), datetime(?, 'unixepoch'), ?)"); statement.setString(1, certificateName.toUri()); Name signerName = net.named_data.jndn.KeyLocator.getFromSignature( certificate.getSignature()).getKeyName(); statement.setString(2, signerName.toUri()); String keyId = keyName.get(-1).toEscapedString(); Name identity = keyName.getPrefix(-1); statement.setString(3, identity.toUri()); statement.setString(4, keyId); // Convert from milliseconds to seconds since 1/1/1970. statement.setLong(5, (long) (Math.Floor(certificate.getNotBefore() / 1000.0d))); statement.setLong(6, (long) (Math.Floor(certificate.getNotAfter() / 1000.0d))); // wireEncode returns the cached encoding if available. statement.setBytes(7, certificate.wireEncode().getImmutableArray()); try { statement.executeUpdate(); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }