public void testCreateDKeyData()
{
// Create the group manager.
GroupManager manager = new GroupManager(new Name("Alice"), new Name(
"data_type"), new Sqlite3GroupManagerDb(
dKeyDatabaseFilePath.FullName), 2048, 1, keyChain);
Blob newCertificateBlob = certificate.wireEncode();
IdentityCertificate newCertificate = new IdentityCertificate();
newCertificate.wireDecode(newCertificateBlob);
// Encrypt the D-KEY.
Data data = friendAccess.createDKeyData(manager, "20150825T000000",
"20150827T000000", new Name("/ndn/memberA/KEY"),
decryptKeyBlob, newCertificate.getPublicKeyInfo().getKeyDer());
// Verify the encrypted D-KEY.
Blob dataContent = data.getContent();
// Get the nonce key.
// dataContent is a sequence of the two EncryptedContent.
EncryptedContent encryptedNonce = new EncryptedContent();
encryptedNonce.wireDecode(dataContent);
Assert.AssertEquals(0, encryptedNonce.getInitialVector().size());
Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep,
encryptedNonce.getAlgorithmType());
Blob blobNonce = encryptedNonce.getPayload();
EncryptParams decryptParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep);
Blob nonce = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(decryptKeyBlob, blobNonce,
decryptParams);
// Get the D-KEY.
// Use the size of encryptedNonce to find the start of encryptedPayload.
ByteBuffer payloadContent = dataContent.buf().duplicate();
payloadContent.position(encryptedNonce.wireEncode().size());
EncryptedContent encryptedPayload = new EncryptedContent();
encryptedPayload.wireDecode(payloadContent);
Assert.AssertEquals(16, encryptedPayload.getInitialVector().size());
Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc,
encryptedPayload.getAlgorithmType());
decryptParams.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc);
decryptParams.setInitialVector(encryptedPayload.getInitialVector());
Blob blobPayload = encryptedPayload.getPayload();
Blob largePayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(nonce, blobPayload,
decryptParams);
Assert.AssertTrue(largePayload.equals(decryptKeyBlob));
}
/// <summary>
/// Get a certificate from the identity storage.
/// </summary>
///
/// <param name="certificateName">The name of the requested certificate.</param>
/// <returns>The requested certificate.</returns>
/// <exception cref="System.Security.SecurityException">if the certificate doesn't exist.</exception>
public override IdentityCertificate getCertificate(Name certificateName)
{
Blob certificateDer = (Blob)ILOG.J2CsMapping.Collections.Collections.Get(certificateStore_, certificateName
.toUri());
if (certificateDer == null)
{
throw new SecurityException(
"MemoryIdentityStorage.getKey: The certificate does not exist");
}
IdentityCertificate certificate = new IdentityCertificate();
try {
certificate.wireDecode(certificateDer);
} catch (EncodingException ex) {
throw new SecurityException(
"MemoryIdentityStorage.getKey: The certificate cannot be decoded");
}
return(certificate);
}
/// <summary>
/// Fetch a certificate from the cache.
/// </summary>
///
/// <param name="certificateName"></param>
/// <returns>A new copy of the IdentityCertificate, or null if not found.</returns>
public IdentityCertificate getCertificate(Name certificateName)
{
Blob certData = (Blob)ILOG.J2CsMapping.Collections.Collections.Get(cache_, certificateName.toUri());
if (certData == null)
{
return(null);
}
IdentityCertificate cert = new IdentityCertificate();
try {
cert.wireDecode(certData.buf());
} catch (EncodingException ex) {
ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(CertificateCache).FullName).log(
ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null, ex);
throw new Exception(ex.Message);
}
return(cert);
}
/// <summary>
/// Get a certificate from the identity storage.
/// </summary>
///
/// <param name="certificateName">The name of the requested certificate.</param>
/// <returns>The requested certificate.</returns>
/// <exception cref="System.Security.SecurityException">if the certificate doesn't exist.</exception>
public sealed override IdentityCertificate getCertificate(Name certificateName)
{
try {
PreparedStatement statement;
statement = database_.prepareStatement(net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.SELECT_getCertificate);
statement.setString(1, certificateName.toUri());
IdentityCertificate certificate = new IdentityCertificate();
try {
SqlDataReader result = statement.executeQuery();
if (result.NextResult())
{
try {
certificate.wireDecode(new Blob(result
.getBytes("certificate_data"), false));
} catch (EncodingException ex) {
throw new SecurityException(
"BasicIdentityStorage: Error decoding certificate data: "
+ ex);
}
}
else
{
throw new SecurityException(
"BasicIdentityStorage.getKey: The key certificate not exist");
}
} finally {
statement.close();
}
return(certificate);
} catch (SQLException exception) {
throw new SecurityException("BasicIdentityStorage: SQLite error: "
+ exception);
}
}
public void testRefresh10s()
{
StringBuilder encodedData = new StringBuilder();
TextReader dataFile = new FileReader(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName, "testData")).FullName);
// Use "try/finally instead of "try-with-resources" or "using"
// which are not supported before Java 7.
try {
String line;
while ((line = dataFile.readLine()) != null)
{
encodedData.append(line);
}
} finally {
dataFile.close();
}
byte[] decodedData = net.named_data.jndn.util.Common.base64Decode(encodedData.toString());
Data data = new Data();
data.wireDecode(new Blob(decodedData, false));
// This test is needed, since the KeyChain will express interests in unknown
// certificates.
VerificationResult vr = doVerify(policyManager_, data);
Assert.AssertTrue(
"ConfigPolicyManager did not create ValidationRequest for unknown certificate",
vr.hasFurtherSteps_);
Assert.AssertEquals(
"ConfigPolicyManager called success callback with pending ValidationRequest",
0, vr.successCount_);
Assert.AssertEquals(
"ConfigPolicyManager called failure callback with pending ValidationRequest",
0, vr.failureCount_);
// Now save the cert data to our anchor directory, and wait.
// We have to sign it with the current identity or the policy manager will
// create an interest for the signing certificate.
IdentityCertificate cert = new IdentityCertificate();
byte[] certData = net.named_data.jndn.util.Common.base64Decode(CERT_DUMP);
cert.wireDecode(new Blob(certData, false));
keyChain_.signByIdentity(cert, identityName_);
Blob signedCertBlob = cert.wireEncode();
String encodedCert = net.named_data.jndn.util.Common.base64Encode(signedCertBlob
.getImmutableArray());
var certFile = (new StreamWriter(
testCertFile_.FullName));
try {
certFile.Write(encodedCert, 0, encodedCert.Substring(0, encodedCert.Length));
certFile.flush();
} finally {
certFile.close();
}
// Still too early for refresh to pick it up.
vr = doVerify(policyManager_, data);
Assert.AssertTrue("ConfigPolicyManager refresh occured sooner than specified",
vr.hasFurtherSteps_);
Assert.AssertEquals(
"ConfigPolicyManager called success callback with pending ValidationRequest",
0, vr.successCount_);
Assert.AssertEquals(
"ConfigPolicyManager called failure callback with pending ValidationRequest",
0, vr.failureCount_);
ILOG.J2CsMapping.Threading.ThreadWrapper.sleep(6000);
// Now we should find it.
vr = doVerify(policyManager_, data);
Assert.AssertFalse("ConfigPolicyManager did not refresh certificate store",
vr.hasFurtherSteps_);
Assert.AssertEquals("Verification success called " + vr.successCount_
+ " times instead of 1", 1, vr.successCount_);
Assert.AssertEquals("ConfigPolicyManager did not verify valid signed data", 0,
vr.failureCount_);
}