예제 #1
0
        public void testSetters()
        {
            CertificateV2 certificate = new CertificateV2();

            certificate.setName(new Name(
                                    "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"));
            certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);
            certificate.setContent(new Blob(PUBLIC_KEY, false));
            certificate.setSignature(generateFakeSignature());

            Assert.AssertEquals(new Name(
                                    "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"),
                                certificate.getName());
            Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-1416425377094"),
                                certificate.getKeyName());
            Assert.AssertEquals(new Name("/ndn/site1"), certificate.getIdentity());
            Assert.AssertEquals(new Name.Component("0123"), certificate.getIssuerId());
            Assert.AssertEquals(new Name.Component("ksk-1416425377094"),
                                certificate.getKeyId());
            Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-2516425377094"), net.named_data.jndn.KeyLocator
                                .getFromSignature(certificate.getSignature()).getKeyName());
            Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T050000"), certificate
                                .getValidityPeriod().getNotBefore(), 0);
            Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060000"), certificate
                                .getValidityPeriod().getNotAfter(), 0);

            try {
                certificate.getPublicKey();
            } catch (Exception ex) {
                Assert.Fail(ex.Message);
            }
        }
        /// <summary>
        /// Add a self-signed certificate made from the key and issuer ID.
        /// </summary>
        ///
        /// <param name="key">The key for the certificate.</param>
        /// <param name="issuerId">The issuer ID name component for the certificate name.</param>
        /// <returns>The new certificate.</returns>
        internal CertificateV2 addCertificate(PibKey key, String issuerId)
        {
            Name certificateName = new Name(key.getName());

            certificateName.append(issuerId).appendVersion(3);
            CertificateV2 certificate = new CertificateV2();

            certificate.setName(certificateName);

            // Set the MetaInfo.
            certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY);
            // One hour.
            certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0);

            // Set the content.
            certificate.setContent(key.getPublicKey());

            SigningInfo paras = new SigningInfo(key);
            // Validity period of 10 days.
            double now = net.named_data.jndn.util.Common.getNowMilliseconds();

            paras.setValidityPeriod(new ValidityPeriod(now, now + 10 * 24 * 3600
                                                       * 1000.0d));

            keyChain_.sign(certificate, paras);
            return(certificate);
        }
예제 #3
0
        public void testOverwrite()
        {
            /* foreach */
            foreach (PibDataFixture2 fixture  in  pibImpls)
            {
                PibImpl pib = fixture.pib;

                // Check for id1Key1, which should not exist.
                pib.removeIdentity(fixture.id1);
                Assert.AssertEquals(false, pib.hasKey(fixture.id1Key1Name));

                // Add id1Key1.
                pib.addKey(fixture.id1, fixture.id1Key1Name, fixture.id1Key1.buf());
                Assert.AssertEquals(true, pib.hasKey(fixture.id1Key1Name));
                Blob keyBits = pib.getKeyBits(fixture.id1Key1Name);
                Assert.AssertTrue(keyBits.equals(fixture.id1Key1));

                // To check overwrite, add a key with the same name.
                pib.addKey(fixture.id1, fixture.id1Key1Name, fixture.id1Key2.buf());
                Blob keyBits2 = pib.getKeyBits(fixture.id1Key1Name);
                Assert.AssertTrue(keyBits2.equals(fixture.id1Key2));

                // Check for id1Key1Cert1, which should not exist.
                pib.removeIdentity(fixture.id1);
                Assert.AssertEquals(false,
                                    pib.hasCertificate(fixture.id1Key1Cert1.getName()));

                // Add id1Key1Cert1.
                pib.addKey(fixture.id1, fixture.id1Key1Name, fixture.id1Key1.buf());
                pib.addCertificate(fixture.id1Key1Cert1);
                Assert.AssertEquals(true,
                                    pib.hasCertificate(fixture.id1Key1Cert1.getName()));

                CertificateV2 cert = pib.getCertificate(fixture.id1Key1Cert1
                                                        .getName());
                Assert.AssertTrue(cert.wireEncode().equals(
                                      fixture.id1Key1Cert1.wireEncode()));

                // Create a fake certificate with the same name.
                CertificateV2 cert2 = fixture.id1Key2Cert1;
                cert2.setName(fixture.id1Key1Cert1.getName());
                cert2.setSignature(fixture.id1Key2Cert1.getSignature());
                pib.addCertificate(cert2);

                CertificateV2 cert3 = pib.getCertificate(fixture.id1Key1Cert1
                                                         .getName());
                Assert.AssertTrue(cert3.wireEncode().equals(cert2.wireEncode()));

                // Check that both the key and certificate are overwritten.
                Blob keyBits3 = pib.getKeyBits(fixture.id1Key1Name);
                Assert.AssertTrue(keyBits3.equals(fixture.id1Key2));
            }
        }
예제 #4
0
        public void testValidityPeriodChecking()
        {
            CertificateV2 certificate = new CertificateV2();

            certificate.setName(new Name(
                                    "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"));
            certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);
            certificate.setContent(new Blob(PUBLIC_KEY, false));
            certificate.setSignature(generateFakeSignature());

            Assert.AssertEquals(true,
                                certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T050000")));
            Assert.AssertEquals(true,
                                certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060000")));
            Assert.AssertEquals(false,
                                certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T045959")));
            Assert.AssertEquals(false,
                                certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060001")));
        }
예제 #5
0
        internal void makeCertificate(PibKey key, PibKey signer)
        {
            // Copy the default certificate.
            CertificateV2 request = new CertificateV2(key.getDefaultCertificate());

            request.setName(new Name(key.getName()).append("looper").appendVersion(
                                1));

            // Set SigningInfo.
            SigningInfo             // Set SigningInfo.
                paras = new SigningInfo(signer);
            // Validity period from 100 days before to 100 days after now.
            double now = net.named_data.jndn.util.Common.getNowMilliseconds();

            paras.setValidityPeriod(new ValidityPeriod(now - 100 * 24 * 3600
                                                       * 1000.0d, now + 100 * 24 * 3600 * 1000.0d));
            fixture_.keyChain_.sign(request, paras);
            fixture_.keyChain_.addCertificate(key, request);

            fixture_.cache_.insert(request);
        }
예제 #6
0
            public void processInterest(Interest interest, OnData onData,
                                        OnTimeout onTimeout, OnNetworkNack onNetworkNack)
            {
                try {
                    // Create another key for the same identity and sign it properly.
                    PibKey parentKey = outer_TestValidator.fixture_.keyChain_
                                       .createKey(outer_TestValidator.fixture_.subIdentity_);
                    PibKey requestedKey = outer_TestValidator.fixture_.subIdentity_.getKey(interest
                                                                                           .getName());

                    // Copy the Name.
                    Name certificateName = new Name(requestedKey.getName());
                    certificateName.append("looper").appendVersion(1);
                    CertificateV2 certificate = new CertificateV2();
                    certificate.setName(certificateName);

                    // Set the MetaInfo.
                    certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY);
                    // Set the freshness period to one hour.
                    certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);

                    // Set the content.
                    certificate.setContent(requestedKey.getPublicKey());

                    // Set SigningInfo.
                    SigningInfo                             // Set SigningInfo.
                        paras = new SigningInfo(parentKey);
                    // Validity period from 10 days before to 10 days after now.
                    double now = net.named_data.jndn.util.Common.getNowMilliseconds();
                    paras.setValidityPeriod(new ValidityPeriod(now - 10 * 24
                                                               * 3600 * 1000.0d, now + 10 * 24 * 3600 * 1000.0d));

                    outer_TestValidator.fixture_.keyChain_.sign(certificate, paras);
                    onData.onData(interest, certificate);
                } catch (Exception ex) {
                    Assert.Fail("Error in InfiniteCertificateChain: " + ex);
                }
            }
        /// <summary>
        /// Issue a certificate for subIdentityName signed by issuer. If the identity
        /// does not exist, it is created. A new key is generated as the default key
        /// for the identity. A default certificate for the key is signed by the
        /// issuer using its default certificate.
        /// </summary>
        ///
        /// <param name="subIdentityName">The name to issue the certificate for.</param>
        /// <param name="issuer">The identity of the signer.</param>
        /// <param name="params"></param>
        /// <returns>The sub identity.</returns>
        internal PibIdentity addSubCertificate(Name subIdentityName, PibIdentity issuer,
                                               KeyParams paras)
        {
            PibIdentity subIdentity = addIdentity(subIdentityName, paras);

            CertificateV2 request = subIdentity.getDefaultKey()
                                    .getDefaultCertificate();

            request.setName(request.getKeyName().append("parent").appendVersion(1));

            SigningInfo certificateParams = new SigningInfo(issuer);
            // Validity period of 20 years.
            double now = net.named_data.jndn.util.Common.getNowMilliseconds();

            certificateParams.setValidityPeriod(new ValidityPeriod(now, now + 20
                                                                   * 365 * 24 * 3600 * 1000.0d));

            // Skip the AdditionalDescription.

            keyChain_.sign(request, certificateParams);
            keyChain_.setDefaultCertificate(subIdentity.getDefaultKey(), request);

            return(subIdentity);
        }
예제 #8
0
        public void testManagement()
        {
            Name identityName  = new Name("/test/id");
            Name identity2Name = new Name("/test/id2");

            Assert.AssertEquals(0, fixture_.keyChain_.getPib().getIdentities_().size());
            try {
                fixture_.keyChain_.getPib().getDefaultIdentity();
                Assert.Fail("Did not throw the expected exception");
            } catch (Pib.Error ex) {
            } catch (Exception ex_0) {
                Assert.Fail("Did not throw the expected exception");
            }

            // Create an identity.
            PibIdentity id = fixture_.keyChain_.createIdentityV2(identityName);

            Assert.AssertTrue(id != null);
            Assert.AssertTrue(fixture_.keyChain_.getPib().getIdentities_()
                              .getIdentities_().Contains(identityName));

            // The first added identity becomes the default identity.
            try {
                fixture_.keyChain_.getPib().getDefaultIdentity();
            } catch (Exception ex_1) {
                Assert.Fail("Unexpected exception: " + ex_1.Message);
            }

            // The default key of the added identity must exist.
            PibKey key = null;

            try {
                key = id.getDefaultKey();
            } catch (Exception ex_2) {
                Assert.Fail("Unexpected exception: " + ex_2.Message);
            }

            // The default certificate of the default key must exist.
            try {
                key.getDefaultCertificate();
            } catch (Exception ex_3) {
                Assert.Fail("Unexpected exception: " + ex_3.Message);
            }

            // Delete the key.
            Name key1Name = key.getName();

            try {
                id.getKey(key1Name);
            } catch (Exception ex_4) {
                Assert.Fail("Unexpected exception: " + ex_4.Message);
            }

            Assert.AssertEquals(1, id.getKeys_().size());
            fixture_.keyChain_.deleteKey(id, key);

            /* TODO: Implement key validity.
             *  // The key instance should not be valid anymore.
             *  assertTrue(!key);
             */

            try {
                id.getKey(key1Name);
                Assert.Fail("Did not throw the expected exception");
            } catch (Pib.Error ex_5) {
            } catch (Exception ex_6) {
                Assert.Fail("Did not throw the expected exception");
            }

            Assert.AssertEquals(0, id.getKeys_().size());

            // Create another key.
            fixture_.keyChain_.createKey(id);
            // The added key becomes the default key.
            try {
                id.getDefaultKey();
            } catch (Exception ex_7) {
                Assert.Fail("Unexpected exception: " + ex_7.Message);
            }

            PibKey key2 = id.getDefaultKey();

            Assert.AssertTrue(key2 != null);
            Assert.AssertTrue(!key2.getName().equals(key1Name));
            Assert.AssertEquals(1, id.getKeys_().size());
            try {
                key2.getDefaultCertificate();
            } catch (Exception ex_8) {
                Assert.Fail("Unexpected exception: " + ex_8.Message);
            }

            // Create a third key.
            PibKey key3 = fixture_.keyChain_.createKey(id);

            Assert.AssertTrue(!key3.getName().equals(key2.getName()));
            // The added key will not be the default key, because the default key already exists.
            Assert.AssertTrue(id.getDefaultKey().getName().equals(key2.getName()));
            Assert.AssertEquals(2, id.getKeys_().size());
            try {
                key3.getDefaultCertificate();
            } catch (Exception ex_9) {
                Assert.Fail("Unexpected exception: " + ex_9.Message);
            }

            // Delete the certificate.
            Assert.AssertEquals(1, key3.getCertificates_().size());
            CertificateV2 key3Cert1 = (CertificateV2)ILOG.J2CsMapping.Collections.Collections.ToArray(key3.getCertificates_()
                                                                                                      .getCertificates_().Values)[0];
            Name key3CertName = key3Cert1.getName();

            fixture_.keyChain_.deleteCertificate(key3, key3CertName);
            Assert.AssertEquals(0, key3.getCertificates_().size());
            try {
                key3.getDefaultCertificate();
                Assert.Fail("Did not throw the expected exception");
            } catch (Pib.Error ex_10) {
            } catch (Exception ex_11) {
                Assert.Fail("Did not throw the expected exception");
            }

            // Add a certificate.
            fixture_.keyChain_.addCertificate(key3, key3Cert1);
            Assert.AssertEquals(1, key3.getCertificates_().size());
            try {
                key3.getDefaultCertificate();
            } catch (Exception ex_12) {
                Assert.Fail("Unexpected exception: " + ex_12.Message);
            }

            // Overwriting the certificate should work.
            fixture_.keyChain_.addCertificate(key3, key3Cert1);
            Assert.AssertEquals(1, key3.getCertificates_().size());
            // Add another certificate.
            CertificateV2 key3Cert2     = new CertificateV2(key3Cert1);
            Name          key3Cert2Name = new Name(key3.getName());

            key3Cert2Name.append("Self");
            key3Cert2Name.appendVersion(1);
            key3Cert2.setName(key3Cert2Name);
            fixture_.keyChain_.addCertificate(key3, key3Cert2);
            Assert.AssertEquals(2, key3.getCertificates_().size());

            // Set the default certificate.
            Assert.AssertTrue(key3.getDefaultCertificate().getName().equals(key3CertName));
            fixture_.keyChain_.setDefaultCertificate(key3, key3Cert2);
            Assert.AssertTrue(key3.getDefaultCertificate().getName().equals(key3Cert2Name));

            // Set the default key.
            Assert.AssertTrue(id.getDefaultKey().getName().equals(key2.getName()));
            fixture_.keyChain_.setDefaultKey(id, key3);
            Assert.AssertTrue(id.getDefaultKey().getName().equals(key3.getName()));

            // Set the default identity.
            PibIdentity id2 = fixture_.keyChain_.createIdentityV2(identity2Name);

            Assert.AssertTrue(fixture_.keyChain_.getPib().getDefaultIdentity().getName()
                              .equals(id.getName()));
            fixture_.keyChain_.setDefaultIdentity(id2);
            Assert.AssertTrue(fixture_.keyChain_.getPib().getDefaultIdentity().getName()
                              .equals(id2.getName()));

            // Delete an identity.
            fixture_.keyChain_.deleteIdentity(id);

            /* TODO: Implement identity validity.
             *  // The identity instance should not be valid any more.
             *  BOOST_CHECK(!id);
             */
            try {
                fixture_.keyChain_.getPib().getIdentity(identityName);
                Assert.Fail("Did not throw the expected exception");
            } catch (Pib.Error ex_13) {
            } catch (Exception ex_14) {
                Assert.Fail("Did not throw the expected exception");
            }

            Assert.AssertTrue(!fixture_.keyChain_.getPib().getIdentities_()
                              .getIdentities_().Contains(identityName));
        }
예제 #9
0
        private static CertificateV2 makeSelfSignedCertificate(Name keyName,
                                                               Blob privateKeyBag, Blob publicKeyEncoding, ByteBuffer password,
                                                               DigestAlgorithm digestAlgorithm, WireFormat wireFormat)
        {
            CertificateV2 certificate = new CertificateV2();

            // Set the name.
            double now             = net.named_data.jndn.util.Common.getNowMilliseconds();
            Name   certificateName = new Name(keyName);

            certificateName.append("self").appendVersion((long)now);
            certificate.setName(certificateName);

            // Set the MetaInfo.
            certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY);
            // Set a one-hour freshness period.
            certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d);

            // Set the content.
            PublicKey publicKey = null;

            try {
                publicKey = new PublicKey(publicKeyEncoding);
            } catch (UnrecognizedKeyFormatException ex) {
                // Promote to Pib.Error.
                throw new Pib.Error("Error decoding public key " + ex);
            }
            certificate.setContent(publicKey.getKeyDer());

            // Create a temporary in-memory Tpm and import the private key.
            Tpm tpm = new Tpm("", "", new TpmBackEndMemory());

            tpm.importPrivateKey_(keyName, privateKeyBag.buf(), password);

            // Set the signature info.
            if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.RSA)
            {
                certificate.setSignature(new Sha256WithRsaSignature());
            }
            else if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.EC)
            {
                certificate.setSignature(new Sha256WithEcdsaSignature());
            }
            else
            {
                throw new AssertionError("Unsupported key type");
            }
            Signature signatureInfo = certificate.getSignature();

            net.named_data.jndn.KeyLocator.getFromSignature(signatureInfo).setType(
                net.named_data.jndn.KeyLocatorType.KEYNAME);
            net.named_data.jndn.KeyLocator.getFromSignature(signatureInfo).setKeyName(keyName);

            // Set a 20-year validity period.
            net.named_data.jndn.security.ValidityPeriod.getFromSignature(signatureInfo).setPeriod(now,
                                                                                                  now + 20 * 365 * 24 * 3600 * 1000.0d);

            // Encode once to get the signed portion.
            SignedBlob encoding       = certificate.wireEncode(wireFormat);
            Blob       signatureBytes = tpm.sign(encoding.signedBuf(), keyName,
                                                 digestAlgorithm);

            signatureInfo.setSignature(signatureBytes);

            // Encode again to include the signature.
            certificate.wireEncode(wireFormat);

            return(certificate);
        }