private double notBefore_; // MillisecondsSince1970 #endregion Fields #region Constructors /// <summary> /// The default constructor. /// </summary> /// public Certificate() { this.subjectDescriptionList_ = new ArrayList(); this.extensionList_ = new ArrayList(); this.notBefore_ = System.Double.MaxValue; this.notAfter_ = -System.Double.MaxValue; this.key_ = new PublicKey(); }
/// <summary> /// Populate the fields by the decoding DER data from the Content. /// </summary> /// private void decode() { DerNode parsedNode = net.named_data.jndn.encoding.der.DerNode.parse(getContent().buf()); // We need to ensure that there are: // validity (notBefore, notAfter) // subject list // public key // (optional) extension list IList rootChildren = parsedNode.getChildren(); // 1st: validity info IList validityChildren = net.named_data.jndn.encoding.der.DerNode.getSequence(rootChildren, 0) .getChildren(); notBefore_ = ((Double)((net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime )validityChildren[0]).toVal()); notAfter_ = ((Double)((net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime )validityChildren[1]).toVal()); // 2nd: subjectList IList subjectChildren = net.named_data.jndn.encoding.der.DerNode.getSequence(rootChildren, 1) .getChildren(); for (int i = 0; i < subjectChildren.Count; ++i) { net.named_data.jndn.encoding.der.DerNode.DerSequence sd = net.named_data.jndn.encoding.der.DerNode.getSequence(subjectChildren, i); IList descriptionChildren = sd.getChildren(); String oidStr = (String) ((DerNode) descriptionChildren[0]) .toVal(); String value_ren = "" + ((Blob) ((DerNode) descriptionChildren[1]).toVal()); addSubjectDescription(new CertificateSubjectDescription(oidStr, value_ren)); } // 3rd: public key Blob publicKeyInfo = ((DerNode) rootChildren[2]).encode(); try { key_ = new PublicKey(publicKeyInfo); } catch (UnrecognizedKeyFormatException ex) { throw new DerDecodingException(ex.Message); } if (rootChildren.Count > 3) { IList extensionChildren = net.named_data.jndn.encoding.der.DerNode.getSequence(rootChildren, 3) .getChildren(); for (int i_0 = 0; i_0 < extensionChildren.Count; ++i_0) { net.named_data.jndn.encoding.der.DerNode.DerSequence extInfo = net.named_data.jndn.encoding.der.DerNode.getSequence(extensionChildren, i_0); IList children = extInfo.getChildren(); String oidStr_1 = (String) ((DerNode) children[0]).toVal(); bool isCritical = (bool)(((Boolean)((net.named_data.jndn.encoding.der.DerNode.DerBoolean )children[1]).toVal())); Blob value_2 = (Blob) ((DerNode) children[2]).toVal(); addExtension(new CertificateExtension(oidStr_1, isCritical, value_2)); } } }
/// <summary> /// Generate a self-signed certificate for a public key. /// </summary> /// /// <param name="keyName">The name of the public key.</param> /// <returns>The generated certificate.</returns> public IdentityCertificate selfSign(Name keyName) { IdentityCertificate certificate = new IdentityCertificate(); Blob keyBlob = identityStorage_.getKey(keyName); PublicKey publicKey = new PublicKey(keyBlob); Calendar calendar = ILOG.J2CsMapping.Util.Calendar.getInstance(); double notBefore = (double) calendar.getTimeInMillis(); calendar.add(ILOG.J2CsMapping.Util.Calendar.YEAR, 2); double notAfter = (double) calendar.getTimeInMillis(); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); Name certificateName = keyName.getPrefix(-1).append("KEY") .append(keyName.get(-1)).append("ID-CERT") .appendVersion((long) certificate.getNotBefore()); certificate.setName(certificateName); certificate.setPublicKeyInfo(publicKey); certificate.addSubjectDescription(new CertificateSubjectDescription( "2.5.4.41", keyName.toUri())); try { certificate.encode(); } catch (DerEncodingException ex) { // We don't expect this to happen. ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(IdentityManager).FullName).log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null, ex); return null; } catch (DerDecodingException ex_0) { // We don't expect this to happen. ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(IdentityManager).FullName).log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null, ex_0); return null; } signByCertificate(certificate, certificate.getName()); return certificate; }
public void setPublicKeyInfo(PublicKey key) { key_ = key; }
/// <summary> /// Prepare an unsigned identity certificate. /// </summary> /// /// <param name="keyName">The key name, e.g., `/{identity_name}/ksk-123456`.</param> /// <param name="publicKey">The public key to sign.</param> /// <param name="signingIdentity">The signing identity.</param> /// <param name="notBefore">See IdentityCertificate.</param> /// <param name="notAfter">See IdentityCertificate.</param> /// <param name="subjectDescription">on the keyName.</param> /// <param name="certPrefix">signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-...`).</param> /// <returns>The unsigned IdentityCertificate, or null if the inputs are invalid.</returns> public IdentityCertificate prepareUnsignedIdentityCertificate( Name keyName, PublicKey publicKey, Name signingIdentity, double notBefore, double notAfter, IList subjectDescription, Name certPrefix) { if (keyName.size() < 1) return null; String tempKeyIdPrefix = keyName.get(-1).toEscapedString(); if (tempKeyIdPrefix.Length < 4) return null; String keyIdPrefix = tempKeyIdPrefix.Substring(0,(4)-(0)); if (!keyIdPrefix.equals("ksk-") && !keyIdPrefix.equals("dsk-")) return null; IdentityCertificate certificate = new IdentityCertificate(); Name certName = new Name(); if (certPrefix == null) { // No certificate prefix hint, so infer the prefix. if (signingIdentity.match(keyName)) certName.append(signingIdentity).append("KEY") .append(keyName.getSubName(signingIdentity.size())) .append("ID-CERT") .appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds()); else certName.append(keyName.getPrefix(-1)).append("KEY") .append(keyName.get(-1)).append("ID-CERT") .appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds()); } else { // A cert prefix hint is supplied, so determine the cert name. if (certPrefix.match(keyName) && !certPrefix.equals(keyName)) certName.append(certPrefix).append("KEY") .append(keyName.getSubName(certPrefix.size())) .append("ID-CERT") .appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds()); else return null; } certificate.setName(certName); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); certificate.setPublicKeyInfo(publicKey); if (subjectDescription == null || (subjectDescription.Count==0)) certificate .addSubjectDescription(new CertificateSubjectDescription( "2.5.4.41", keyName.getPrefix(-1).toUri())); else { for (int i = 0; i < subjectDescription.Count; ++i) certificate .addSubjectDescription((CertificateSubjectDescription) subjectDescription[i]); } try { certificate.encode(); } catch (DerEncodingException ex) { throw new SecurityException("DerEncodingException: " + ex); } catch (DerDecodingException ex_0) { throw new SecurityException("DerDecodingException: " + ex_0); } return certificate; }
/// <summary> /// Prepare an unsigned identity certificate. This infers the certificate name /// according to the relation between the signingIdentity and the subject /// identity. If the signingIdentity is a prefix of the subject identity, `KEY` /// will be inserted after the signingIdentity, otherwise `KEY` is inserted /// after subject identity (i.e., before `ksk-...`). /// </summary> /// /// <param name="keyName">The key name, e.g., `/{identity_name}/ksk-123456`.</param> /// <param name="publicKey">The public key to sign.</param> /// <param name="signingIdentity">The signing identity.</param> /// <param name="notBefore">See IdentityCertificate.</param> /// <param name="notAfter">See IdentityCertificate.</param> /// <param name="subjectDescription">on the keyName.</param> /// <returns>The unsigned IdentityCertificate, or null if the inputs are invalid.</returns> public IdentityCertificate prepareUnsignedIdentityCertificate( Name keyName, PublicKey publicKey, Name signingIdentity, double notBefore, double notAfter, IList subjectDescription) { return prepareUnsignedIdentityCertificate(keyName, publicKey, signingIdentity, notBefore, notAfter, subjectDescription, null); }
/// <summary> /// Use the keyName to get the public key from the identity storage and /// prepare an unsigned identity certificate. /// </summary> /// /// <param name="keyName">The key name, e.g., `/{identity_name}/ksk-123456`.</param> /// <param name="signingIdentity">The signing identity.</param> /// <param name="notBefore">See IdentityCertificate.</param> /// <param name="notAfter">See IdentityCertificate.</param> /// <param name="subjectDescription">on the keyName.</param> /// <param name="certPrefix">signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-...`).</param> /// <returns>The unsigned IdentityCertificate, or null the public is not in the /// identity storage or if the inputs are invalid.</returns> public IdentityCertificate prepareUnsignedIdentityCertificate( Name keyName, Name signingIdentity, double notBefore, double notAfter, IList subjectDescription, Name certPrefix) { PublicKey publicKey; try { publicKey = new PublicKey(identityStorage_.getKey(keyName)); } catch (SecurityException e) { return null; } return prepareUnsignedIdentityCertificate(keyName, publicKey, signingIdentity, notBefore, notAfter, subjectDescription, certPrefix); }
/// <summary> /// Create an identity certificate for a public key supplied by the caller. /// </summary> /// /// <param name="certificatePrefix">The name of public key to be signed.</param> /// <param name="publicKey">The public key to be signed.</param> /// <param name="signerCertificateName">The name of signing certificate.</param> /// <param name="notBefore">The notBefore value in the validity field of the generated certificate.</param> /// <param name="notAfter">The notAfter vallue in validity field of the generated certificate.</param> /// <returns>The generated identity certificate.</returns> public IdentityCertificate createIdentityCertificate( Name certificatePrefix, PublicKey publicKey, Name signerCertificateName, double notBefore, double notAfter) { IdentityCertificate certificate = new IdentityCertificate(); Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix); Name certificateName = new Name(certificatePrefix); certificateName.append("ID-CERT").appendVersion( (long) net.named_data.jndn.util.Common.getNowMilliseconds()); certificate.setName(certificateName); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); certificate.setPublicKeyInfo(publicKey); certificate.addSubjectDescription(new CertificateSubjectDescription( "2.5.4.41", keyName.toUri())); try { certificate.encode(); } catch (DerEncodingException ex) { throw new SecurityException("DerDecodingException: " + ex); } catch (DerDecodingException ex_0) { throw new SecurityException("DerEncodingException: " + ex_0); } Sha256WithRsaSignature sha256Sig = new Sha256WithRsaSignature(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(signerCertificateName); sha256Sig.setKeyLocator(keyLocator); certificate.setSignature(sha256Sig); SignedBlob unsignedData = certificate.wireEncode(); IdentityCertificate signerCertificate; try { signerCertificate = getCertificate(signerCertificateName); } catch (DerDecodingException ex_1) { throw new SecurityException("DerDecodingException: " + ex_1); } Name signerkeyName = signerCertificate.getPublicKeyName(); Blob sigBits = privateKeyStorage_.sign(unsignedData.signedBuf(), signerkeyName); sha256Sig.setSignature(sigBits); return certificate; }
/// <summary> /// Create an identity certificate for a public key managed by this IdentityManager. /// </summary> /// /// <param name="certificatePrefix">The name of public key to be signed.</param> /// <param name="signerCertificateName">The name of signing certificate.</param> /// <param name="notBefore"></param> /// <param name="notAfter"></param> /// <returns>The name of generated identity certificate.</returns> public Name createIdentityCertificate(Name certificatePrefix, Name signerCertificateName, double notBefore, double notAfter) { Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix); Blob keyBlob = identityStorage_.getKey(keyName); PublicKey publicKey = new PublicKey(keyBlob); IdentityCertificate certificate = createIdentityCertificate( certificatePrefix, publicKey, signerCertificateName, notBefore, notAfter); identityStorage_.addCertificate(certificate); return certificate.getName(); }
/// <summary> /// Create an identity by creating a pair of Key-Signing-Key (KSK) for this /// identity and a self-signed certificate of the KSK. If a key pair or /// certificate for the identity already exists, use it. /// </summary> /// /// <param name="identityName">The name of the identity.</param> /// <param name="params">The key parameters if a key needs to be generated for the identity.</param> /// <returns>The name of the default certificate of the identity.</returns> /// <exception cref="System.Security.SecurityException">if the identity has already been created.</exception> public Name createIdentityAndCertificate(Name identityName, KeyParams paras) { identityStorage_.addIdentity(identityName); Name keyName = null; bool generateKey = true; try { keyName = identityStorage_ .getDefaultKeyNameForIdentity(identityName); PublicKey key = new PublicKey(identityStorage_.getKey(keyName)); if (key.getKeyType() == paras.getKeyType()) // The key exists and has the same type, so don't need to generate one. generateKey = false; } catch (SecurityException ex) { } if (generateKey) { keyName = generateKeyPair(identityName, true, paras); identityStorage_.setDefaultKeyNameForIdentity(keyName); } Name certName = null; bool makeCert = true; try { certName = identityStorage_ .getDefaultCertificateNameForKey(keyName); // The cert exists, so don't need to make it. makeCert = false; } catch (SecurityException ex_0) { } if (makeCert) { IdentityCertificate selfCert = selfSign(keyName); addCertificateAsIdentityDefault(selfCert); certName = selfCert.getName(); } return certName; }
public void setUp() { // Don't show INFO log messages. ILOG.J2CsMapping.Util.Logging.Logger.getLogger("").setLevel(ILOG.J2CsMapping.Util.Logging.Level.WARNING); FileInfo policyConfigDirectory = net.named_data.jndn.tests.integration_tests.IntegrationTestsCommon .getPolicyConfigDirectory(); dKeyDatabaseFilePath = new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName,"manager-d-key-test.db")); dKeyDatabaseFilePath.delete(); eKeyDatabaseFilePath = new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName,"manager-e-key-test.db")); eKeyDatabaseFilePath.delete(); intervalDatabaseFilePath = new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName,"manager-interval-test.db")); intervalDatabaseFilePath.delete(); groupKeyDatabaseFilePath = new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName,"manager-group-key-test.db")); groupKeyDatabaseFilePath.delete(); RsaKeyParams paras = new RsaKeyParams(); DecryptKey memberDecryptKey = net.named_data.jndn.encrypt.algo.RsaAlgorithm.generateKey(paras); decryptKeyBlob = memberDecryptKey.getKeyBits(); EncryptKey memberEncryptKey = net.named_data.jndn.encrypt.algo.RsaAlgorithm .deriveEncryptKey(decryptKeyBlob); encryptKeyBlob = memberEncryptKey.getKeyBits(); // Generate the certificate. certificate.setName(new Name("/ndn/memberA/KEY/ksk-123/ID-CERT/123")); PublicKey contentPublicKey = new PublicKey(encryptKeyBlob); certificate.setPublicKeyInfo(contentPublicKey); certificate.encode(); Blob signatureInfoBlob = new Blob(SIG_INFO, false); Blob signatureValueBlob = new Blob(SIG_VALUE, false); Signature signature = net.named_data.jndn.encoding.TlvWireFormat.get().decodeSignatureInfoAndValue( signatureInfoBlob.buf(), signatureValueBlob.buf()); certificate.setSignature(signature); certificate.wireEncode(); // Set up the keyChain. MemoryIdentityStorage identityStorage = new MemoryIdentityStorage(); MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage(); keyChain = new KeyChain(new IdentityManager(identityStorage, privateKeyStorage), new NoVerifyPolicyManager()); Name identityName = new Name("TestGroupManager"); keyChain.createIdentityAndCertificate(identityName); keyChain.getIdentityManager().setDefaultIdentity(identityName); net.named_data.jndn.encrypt.GroupManager.setFriendAccess(this); }