/// <summary>
/// Create a KeyChain with the a default name and key pair.
/// </summary>
///
/// <param name="certificateName">Set certificateName[0] to the signing certificateName.</param>
/// <returns>The KeyChain.</returns>
/// <exception cref="System.Security.SecurityException"></exception>
public static KeyChain buildKeyChain(Name[] certificateName)
{
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage();
KeyChain keyChain = new KeyChain(new IdentityManager(identityStorage,
privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
// initialize the storage with
Name keyName = new Name("/testname/DSK-123");
certificateName[0] = keyName.getSubName(0, keyName.size() - 1)
.append("KEY").append(keyName.get(-1)).append("ID-CERT")
.append("0");
identityStorage.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob(
DEFAULT_RSA_PUBLIC_KEY_DER, false));
privateKeyStorage.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER);
return keyChain;
}
static void Main(string[] args)
{
var interest = new Interest();
interest.wireDecode(new Blob(TlvInterest));
Console.Out.WriteLine("Interest:");
dumpInterest(interest);
// Set the name again to clear the cached encoding so we encode again.
interest.setName(interest.getName());
var encoding = interest.wireEncode();
Console.Out.WriteLine("");
Console.Out.WriteLine("Re-encoded interest " + encoding.toHex());
var reDecodedInterest = new Interest();
reDecodedInterest.wireDecode(encoding);
Console.Out.WriteLine("");
Console.Out.WriteLine("Re-decoded Interest:");
dumpInterest(reDecodedInterest);
var freshInterest = new Interest(new Name("/ndn/abc"));
freshInterest.setMinSuffixComponents(4);
freshInterest.setMaxSuffixComponents(6);
freshInterest.setInterestLifetimeMilliseconds(30000);
freshInterest.setChildSelector(1);
freshInterest.setMustBeFresh(true);
freshInterest.getKeyLocator().setType(KeyLocatorType.KEY_LOCATOR_DIGEST);
freshInterest.getKeyLocator().setKeyData
(new Blob(new byte[] {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }));
freshInterest.getExclude().appendComponent(new Name("abc").get(0)).appendAny();
var identityStorage = new MemoryIdentityStorage();
var privateKeyStorage = new MemoryPrivateKeyStorage();
var keyChain = new KeyChain
(new IdentityManager(identityStorage, privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
// Initialize the storage.
var keyName = new Name("/testname/DSK-123");
var certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER));
privateKeyStorage.setKeyPairForKeyName
(keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER),
new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER));
// Make a Face just so that we can sign the interest.
var face = new Face("localhost");
face.setCommandSigningInfo(keyChain, certificateName);
face.makeCommandInterest(freshInterest);
Interest reDecodedFreshInterest = new Interest();
reDecodedFreshInterest.wireDecode(freshInterest.wireEncode());
Console.Out.WriteLine("");
Console.Out.WriteLine("Re-decoded fresh Interest:");
dumpInterest(reDecodedFreshInterest);
VerifyCallbacks callbacks = new VerifyCallbacks("Freshly-signed Interest");
keyChain.verifyInterest(reDecodedFreshInterest, callbacks, callbacks);
}
public void setUp()
{
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage();
keyChain = new KeyChain(new IdentityManager(identityStorage,
privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
// Initialize the storage.
Name keyName = new Name("/testname/DSK-123");
certificateName = keyName.getSubName(0, keyName.size() - 1)
.append("KEY").append(keyName.get(-1)).append("ID-CERT")
.append("0");
try {
identityStorage.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob(
DEFAULT_RSA_PUBLIC_KEY_DER, false));
privateKeyStorage.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER);
} catch (SecurityException ex) {
// We don't expect this to happen.
ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(TestLink).FullName).log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null,
ex);
}
}
public CredentialStorage()
{
this.identityStorage_ = new MemoryIdentityStorage();
this.privateKeyStorage_ = new MemoryPrivateKeyStorage();
this.keyChain_ = new KeyChain(new IdentityManager(
identityStorage_, privateKeyStorage_), new SelfVerifyPolicyManager(
identityStorage_));
Name keyName = new Name("/testname/DSK-123");
defaultCertName_ = keyName.getSubName(0, keyName.size() - 1)
.append("KEY").append(keyName.get(-1)).append("ID-CERT")
.append("0");
Name ecdsaKeyName = new Name("/testEcdsa/DSK-123");
ecdsaCertName_ = ecdsaKeyName.getSubName(0, ecdsaKeyName.size() - 1)
.append("KEY").append(ecdsaKeyName.get(-1)).append("ID-CERT")
.append("0");
try {
identityStorage_.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob(
DEFAULT_RSA_PUBLIC_KEY_DER, false));
privateKeyStorage_.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER);
#if false // Skip ECDSA for now.
identityStorage_.addKey(ecdsaKeyName, net.named_data.jndn.security.KeyType.ECDSA, new Blob(
DEFAULT_EC_PUBLIC_KEY_DER, false));
privateKeyStorage_.setKeyPairForKeyName(ecdsaKeyName,
net.named_data.jndn.security.KeyType.ECDSA, DEFAULT_EC_PUBLIC_KEY_DER,
DEFAULT_EC_PRIVATE_KEY_DER);
#endif
} catch (SecurityException ex) {
// Don't expect this to happen;
System.Console.Out.WriteLine("Exception setting test keys: " + ex);
identityStorage_ = null;
privateKeyStorage_ = null;
}
}
/**
* Loop to decode a data packet nIterations times.
* @param nIterations The number of iterations.
* @param useCrypto If true, verify the signature. If false, don't verify.
* @param keyType KeyType.RSA or EC, used if useCrypto is true.
* @param encoding The wire encoding to decode.
* @return The number of seconds for all iterations.
* @throws EncodingException
*/
private static double benchmarkDecodeDataSeconds(int nIterations, bool useCrypto, KeyType keyType, Blob encoding)
{
// Initialize the KeyChain storage in case useCrypto is true.
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
KeyChain keyChain = new KeyChain
(new IdentityManager(identityStorage, new MemoryPrivateKeyStorage()),
new SelfVerifyPolicyManager(identityStorage));
Name keyName = new Name("/testname/DSK-123");
Name certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER));
VerifyCallbacks callbacks = new VerifyCallbacks();
double start = getNowSeconds();
for (int i = 0; i < nIterations; ++i) {
Data data = new Data();
data.wireDecode(encoding.buf());
if (useCrypto)
keyChain.verifyData(data, callbacks, callbacks);
}
double finish = getNowSeconds();
return finish - start;
}
/**
* Loop to encode a data packet nIterations times.
* @param nIterations The number of iterations.
* @param useComplex If true, use a large name, large content and all fields.
* If false, use a small name, small content
* and only required fields.
* @param useCrypto If true, sign the data packet. If false, use a blank
* signature.
* @param keyType KeyType.RSA or EC, used if useCrypto is true.
* @param encoding Set encoding[0] to the wire encoding.
* @return The number of seconds for all iterations.
*/
private static double benchmarkEncodeDataSeconds(int nIterations, bool useComplex, bool useCrypto, KeyType keyType,
Blob[] encoding)
{
Name name;
Blob content;
if (useComplex) {
// Use a large name and content.
name = new Name
("/ndn/ucla.edu/apps/lwndn-test/numbers.txt/%FD%05%05%E8%0C%CE%1D/%00");
StringBuilder contentStream = new StringBuilder();
int count = 1;
contentStream.append(count++);
while (contentStream.toString().Length < 1115)
contentStream.append(" ").append(count++);
content = new Blob(contentStream.toString());
}
else {
// Use a small name and content.
name = new Name("/test");
content = new Blob("abc");
}
Name.Component finalBlockId =
new Name.Component(new Blob(new byte[] { (byte)0 }));
// Initialize the KeyChain storage in case useCrypto is true.
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage();
KeyChain keyChain = new KeyChain
(new IdentityManager(identityStorage, privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
Name keyName = new Name("/testname/DSK-123");
Name certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
privateKeyStorage.setKeyPairForKeyName
(keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER),
new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER));
Blob signatureBits = new Blob(new byte[256]);
Blob emptyBlob = new Blob(new byte[0]);
double start = getNowSeconds();
for (int i = 0; i < nIterations; ++i) {
Data data = new Data(name);
data.setContent(content);
if (useComplex) {
data.getMetaInfo().setFreshnessPeriod(30000);
data.getMetaInfo().setFinalBlockId(finalBlockId);
}
if (useCrypto)
// This sets the signature fields.
keyChain.sign(data, certificateName);
else {
// Imitate IdentityManager.signByCertificate to set up the signature
// fields, but don't sign.
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(KeyLocatorType.KEYNAME);
keyLocator.setKeyName(certificateName);
Sha256WithRsaSignature sha256Signature =
(Sha256WithRsaSignature)data.getSignature();
sha256Signature.setKeyLocator(keyLocator);
sha256Signature.setSignature(signatureBits);
}
encoding[0] = data.wireEncode();
}
double finish = getNowSeconds();
return finish - start;
}
public void testPrepareUnsignedCertificate()
{
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage();
IdentityManager identityManager = new IdentityManager(identityStorage,
privateKeyStorage);
Name keyName = new Name("/test/ksk-1457560485494");
identityStorage.addKey(keyName, net.named_data.jndn.security.KeyType.RSA,
new Blob(PUBLIC_KEY, false));
ArrayList subjectDescriptions = new ArrayList();
ILOG.J2CsMapping.Collections.Collections.Add(subjectDescriptions,new CertificateSubjectDescription(TEST_OID,
"TEST NAME"));
IdentityCertificate newCertificate = identityManager
.prepareUnsignedIdentityCertificate(keyName,
keyName.getPrefix(1), toyCertNotBefore,
toyCertNotAfter, subjectDescriptions);
// Update the generated certificate version to equal the one in toyCert.
newCertificate.setName(new Name(newCertificate.getName().getPrefix(-1)
.append(toyCert.getName().get(-1))));
// Make a copy to test encoding.
IdentityCertificate certificateCopy = new IdentityCertificate(
newCertificate);
Assert.AssertEquals(
"Prepared unsigned certificate dump does not have the expected format",
"" + toyCert, "" + certificateCopy);
}
public void setUp()
{
policyConfigDirectory = net.named_data.jndn.tests.integration_tests.IntegrationTestsCommon
.getPolicyConfigDirectory();
identityStorage = new MemoryIdentityStorage();
privateKeyStorage = new MemoryPrivateKeyStorage();
// Not using keychain for verification so we don't need to set the
// policy manager.
keyChain = new KeyChain(new IdentityManager(identityStorage,
privateKeyStorage));
identityName = new Name("/SecurityTestSecRule/Basic/Longer");
Name keyName = new Name(identityName).append("ksk-2439872");
defaultCertName = certNameFromKeyName(keyName);
identityStorage.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob(
DEFAULT_RSA_PUBLIC_KEY_DER, false));
privateKeyStorage.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER);
keyName = new Name("/SecurityTestSecRule/Basic/ksk-0923489");
identityStorage.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob(
DEFAULT_RSA_PUBLIC_KEY_DER, false));
privateKeyStorage.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER);
shortCertName = certNameFromKeyName(keyName, -2);
net.named_data.jndn.security.policy.ConfigPolicyManager.setFriendAccess(this);
}
static void Main(string[] args)
{
var data = new Data();
data.wireDecode(new Blob(TlvData));
Console.Out.WriteLine("Decoded Data:");
dumpData(data);
// Set the content again to clear the cached encoding so we encode again.
data.setContent(data.getContent());
var encoding = data.wireEncode();
var reDecodedData = new Data();
reDecodedData.wireDecode(encoding);
Console.Out.WriteLine("");
Console.Out.WriteLine("Re-decoded Data:");
dumpData(reDecodedData);
var identityStorage = new MemoryIdentityStorage();
var privateKeyStorage = new MemoryPrivateKeyStorage();
var keyChain = new KeyChain
(new IdentityManager(identityStorage, privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
// Initialize the storage.
var keyName = new Name("/testname/DSK-123");
var certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER));
privateKeyStorage.setKeyPairForKeyName
(keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER),
new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER));
VerifyCallbacks callbacks = new VerifyCallbacks("Re-decoded Data");
keyChain.verifyData(reDecodedData, callbacks, callbacks);
var freshData = new Data(new Name("/ndn/abc"));
freshData.setContent(new Blob("SUCCESS!"));
freshData.getMetaInfo().setFreshnessPeriod(5000);
freshData.getMetaInfo().setFinalBlockId(new Name("/%00%09").get(0));
keyChain.sign(freshData, certificateName);
Console.Out.WriteLine("");
Console.Out.WriteLine("Freshly-signed Data:");
dumpData(freshData);
callbacks = new VerifyCallbacks("Freshly-signed Data");
keyChain.verifyData(freshData, callbacks, callbacks);
}
public void setUp()
{
// Don't show INFO log messages.
ILOG.J2CsMapping.Util.Logging.Logger.getLogger("").setLevel(ILOG.J2CsMapping.Util.Logging.Level.WARNING);
policyConfigDirectory_ = net.named_data.jndn.tests.integration_tests.IntegrationTestsCommon
.getPolicyConfigDirectory();
testCertFile_ = new FileInfo(System.IO.Path.Combine(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName,"certs")).FullName,"test.cert"));
identityStorage_ = new MemoryIdentityStorage();
privateKeyStorage_ = new MemoryPrivateKeyStorage();
identityManager_ = new IdentityManager(identityStorage_,
privateKeyStorage_);
policyManager_ = new ConfigPolicyManager(System.IO.Path.GetFullPath(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName,"simple_rules.conf")).Name));
identityName_ = new Name("/TestConfigPolicyManager/temp");
// To match the anchor cert.
Name keyName = new Name(identityName_).append("ksk-1416010123");
identityStorage_.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob(
DEFAULT_RSA_PUBLIC_KEY_DER, false));
privateKeyStorage_.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER);
IdentityCertificate cert = identityManager_.selfSign(keyName);
identityStorage_.setDefaultKeyNameForIdentity(keyName);
identityManager_.addCertificateAsDefault(cert);
face_ = new Face("localhost");
keyChain_ = new KeyChain(identityManager_, policyManager_);
keyName_ = keyName;
net.named_data.jndn.security.policy.ConfigPolicyManager.setFriendAccess(this);
}
static void Main(string[] args)
{
var face = new Face
(new TcpTransport(), new TcpTransport.ConnectionInfo("localhost"));
// For now, when setting face.setCommandSigningInfo, use a key chain with
// a default private key instead of the system default key chain. This
// is OK for now because NFD is configured to skip verification, so it
// ignores the system default key chain.
var identityStorage = new MemoryIdentityStorage();
var privateKeyStorage = new MemoryPrivateKeyStorage();
var keyChain = new KeyChain
(new IdentityManager(identityStorage, privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
keyChain.setFace(face);
// Initialize the storage.
var keyName = new Name("/testname/DSK-123");
var certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER));
privateKeyStorage.setKeyPairForKeyName
(keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER),
new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER));
face.setCommandSigningInfo(keyChain, certificateName);
var echo = new Echo(keyChain, certificateName);
var prefix = new Name("/testecho");
Console.Out.WriteLine("Register prefix " + prefix.toUri());
face.registerPrefix(prefix, echo, echo);
// The main event loop.
// Wait to receive one interest for the prefix.
while (echo.responseCount_ < 1) {
face.processEvents();
// We need to sleep for a few milliseconds so we don't use 100% of
// the CPU.
System.Threading.Thread.Sleep(5);
}
}
public void testVerifyDigestSha256()
{
// Create a KeyChain but we don't need to add keys.
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage();
KeyChain keyChain = new KeyChain(new IdentityManager(identityStorage,
privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
Interest interest = new Interest(new Name("/test/signed-interest"));
keyChain.signWithSha256(interest);
VerifyInterestCounter counter = new VerifyInterestCounter();
keyChain.verifyInterest(interest, counter, counter);
Assert.AssertEquals("Signature verification failed", 0,
counter.onValidationFailedCallCount_);
Assert.AssertEquals("Verification callback was not used", 1,
counter.onVerifiedCallCount_);
}
public void setUp()
{
// Don't show INFO log messages.
ILOG.J2CsMapping.Util.Logging.Logger.getLogger("").setLevel(ILOG.J2CsMapping.Util.Logging.Level.WARNING);
FileInfo policyConfigDirectory = net.named_data.jndn.tests.integration_tests.IntegrationTestsCommon
.getPolicyConfigDirectory();
dKeyDatabaseFilePath = new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName,"manager-d-key-test.db"));
dKeyDatabaseFilePath.delete();
eKeyDatabaseFilePath = new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName,"manager-e-key-test.db"));
eKeyDatabaseFilePath.delete();
intervalDatabaseFilePath = new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName,"manager-interval-test.db"));
intervalDatabaseFilePath.delete();
groupKeyDatabaseFilePath = new FileInfo(System.IO.Path.Combine(policyConfigDirectory.FullName,"manager-group-key-test.db"));
groupKeyDatabaseFilePath.delete();
RsaKeyParams paras = new RsaKeyParams();
DecryptKey memberDecryptKey = net.named_data.jndn.encrypt.algo.RsaAlgorithm.generateKey(paras);
decryptKeyBlob = memberDecryptKey.getKeyBits();
EncryptKey memberEncryptKey = net.named_data.jndn.encrypt.algo.RsaAlgorithm
.deriveEncryptKey(decryptKeyBlob);
encryptKeyBlob = memberEncryptKey.getKeyBits();
// Generate the certificate.
certificate.setName(new Name("/ndn/memberA/KEY/ksk-123/ID-CERT/123"));
PublicKey contentPublicKey = new PublicKey(encryptKeyBlob);
certificate.setPublicKeyInfo(contentPublicKey);
certificate.encode();
Blob signatureInfoBlob = new Blob(SIG_INFO, false);
Blob signatureValueBlob = new Blob(SIG_VALUE, false);
Signature signature = net.named_data.jndn.encoding.TlvWireFormat.get().decodeSignatureInfoAndValue(
signatureInfoBlob.buf(), signatureValueBlob.buf());
certificate.setSignature(signature);
certificate.wireEncode();
// Set up the keyChain.
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage();
keyChain = new KeyChain(new IdentityManager(identityStorage,
privateKeyStorage), new NoVerifyPolicyManager());
Name identityName = new Name("TestGroupManager");
keyChain.createIdentityAndCertificate(identityName);
keyChain.getIdentityManager().setDefaultIdentity(identityName);
net.named_data.jndn.encrypt.GroupManager.setFriendAccess(this);
}
