/// <summary> /// Add a certificate to the identity storage. Also call addKey to ensure that /// the certificate key exists. If the certificate is already installed, don't /// replace it. /// </summary> /// /// <param name="certificate"></param> public override sealed void addCertificate(IdentityCertificate certificate) { Name certificateName = certificate.getName(); Name keyName = certificate.getPublicKeyName(); addKey(keyName, certificate.getPublicKeyInfo().getKeyType(), certificate.getPublicKeyInfo().getKeyDer()); if (doesCertificateExist(certificateName)) return; // Insert the certificate. try { PreparedStatement statement = database_ .prepareStatement("INSERT INTO Certificate (cert_name, cert_issuer, identity_name, key_identifier, not_before, not_after, certificate_data) " + "values (?, ?, ?, ?, datetime(?, 'unixepoch'), datetime(?, 'unixepoch'), ?)"); statement.setString(1, certificateName.toUri()); Name signerName = net.named_data.jndn.KeyLocator.getFromSignature( certificate.getSignature()).getKeyName(); statement.setString(2, signerName.toUri()); String keyId = keyName.get(-1).toEscapedString(); Name identity = keyName.getPrefix(-1); statement.setString(3, identity.toUri()); statement.setString(4, keyId); // Convert from milliseconds to seconds since 1/1/1970. statement.setLong(5, (long) (Math.Floor(certificate.getNotBefore() / 1000.0d))); statement.setLong(6, (long) (Math.Floor(certificate.getNotAfter() / 1000.0d))); // wireEncode returns the cached encoding if available. statement.setBytes(7, certificate.wireEncode().getImmutableArray()); try { statement.executeUpdate(); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
/// <summary> /// Fetch a certificate from the cache. /// </summary> /// /// <param name="certificateName"></param> /// <returns>A new copy of the IdentityCertificate, or null if not found.</returns> public IdentityCertificate getCertificate(Name certificateName) { Blob certData = (Blob) ILOG.J2CsMapping.Collections.Collections.Get(cache_,certificateName.toUri()); if (certData == null) return null; IdentityCertificate cert = new IdentityCertificate(); try { cert.wireDecode(certData.buf()); } catch (EncodingException ex) { ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(CertificateCache).FullName).log( ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null, ex); throw new Exception(ex.Message); } return cert; }
/// <summary> /// Prepare an unsigned identity certificate. /// </summary> /// /// <param name="keyName">The key name, e.g., `/{identity_name}/ksk-123456`.</param> /// <param name="publicKey">The public key to sign.</param> /// <param name="signingIdentity">The signing identity.</param> /// <param name="notBefore">See IdentityCertificate.</param> /// <param name="notAfter">See IdentityCertificate.</param> /// <param name="subjectDescription">on the keyName.</param> /// <param name="certPrefix">signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-...`).</param> /// <returns>The unsigned IdentityCertificate, or null if the inputs are invalid.</returns> public IdentityCertificate prepareUnsignedIdentityCertificate( Name keyName, PublicKey publicKey, Name signingIdentity, double notBefore, double notAfter, IList subjectDescription, Name certPrefix) { if (keyName.size() < 1) return null; String tempKeyIdPrefix = keyName.get(-1).toEscapedString(); if (tempKeyIdPrefix.Length < 4) return null; String keyIdPrefix = tempKeyIdPrefix.Substring(0,(4)-(0)); if (!keyIdPrefix.equals("ksk-") && !keyIdPrefix.equals("dsk-")) return null; IdentityCertificate certificate = new IdentityCertificate(); Name certName = new Name(); if (certPrefix == null) { // No certificate prefix hint, so infer the prefix. if (signingIdentity.match(keyName)) certName.append(signingIdentity).append("KEY") .append(keyName.getSubName(signingIdentity.size())) .append("ID-CERT") .appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds()); else certName.append(keyName.getPrefix(-1)).append("KEY") .append(keyName.get(-1)).append("ID-CERT") .appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds()); } else { // A cert prefix hint is supplied, so determine the cert name. if (certPrefix.match(keyName) && !certPrefix.equals(keyName)) certName.append(certPrefix).append("KEY") .append(keyName.getSubName(certPrefix.size())) .append("ID-CERT") .appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds()); else return null; } certificate.setName(certName); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); certificate.setPublicKeyInfo(publicKey); if (subjectDescription == null || (subjectDescription.Count==0)) certificate .addSubjectDescription(new CertificateSubjectDescription( "2.5.4.41", keyName.getPrefix(-1).toUri())); else { for (int i = 0; i < subjectDescription.Count; ++i) certificate .addSubjectDescription((CertificateSubjectDescription) subjectDescription[i]); } try { certificate.encode(); } catch (DerEncodingException ex) { throw new SecurityException("DerEncodingException: " + ex); } catch (DerDecodingException ex_0) { throw new SecurityException("DerDecodingException: " + ex_0); } return certificate; }
/// <summary> /// Create an identity certificate for a public key supplied by the caller. /// </summary> /// /// <param name="certificatePrefix">The name of public key to be signed.</param> /// <param name="publicKey">The public key to be signed.</param> /// <param name="signerCertificateName">The name of signing certificate.</param> /// <param name="notBefore">The notBefore value in the validity field of the generated certificate.</param> /// <param name="notAfter">The notAfter vallue in validity field of the generated certificate.</param> /// <returns>The generated identity certificate.</returns> public IdentityCertificate createIdentityCertificate( Name certificatePrefix, PublicKey publicKey, Name signerCertificateName, double notBefore, double notAfter) { IdentityCertificate certificate = new IdentityCertificate(); Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix); Name certificateName = new Name(certificatePrefix); certificateName.append("ID-CERT").appendVersion( (long) net.named_data.jndn.util.Common.getNowMilliseconds()); certificate.setName(certificateName); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); certificate.setPublicKeyInfo(publicKey); certificate.addSubjectDescription(new CertificateSubjectDescription( "2.5.4.41", keyName.toUri())); try { certificate.encode(); } catch (DerEncodingException ex) { throw new SecurityException("DerDecodingException: " + ex); } catch (DerDecodingException ex_0) { throw new SecurityException("DerEncodingException: " + ex_0); } Sha256WithRsaSignature sha256Sig = new Sha256WithRsaSignature(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(signerCertificateName); sha256Sig.setKeyLocator(keyLocator); certificate.setSignature(sha256Sig); SignedBlob unsignedData = certificate.wireEncode(); IdentityCertificate signerCertificate; try { signerCertificate = getCertificate(signerCertificateName); } catch (DerDecodingException ex_1) { throw new SecurityException("DerDecodingException: " + ex_1); } Name signerkeyName = signerCertificate.getPublicKeyName(); Blob sigBits = privateKeyStorage_.sign(unsignedData.signedBuf(), signerkeyName); sha256Sig.setSignature(sigBits); return certificate; }
/// <summary> /// The copy constructor. /// </summary> /// public IdentityCertificate(IdentityCertificate identityCertificate) : base(identityCertificate) { this.publicKeyName_ = new Name(); publicKeyName_ = identityCertificate.publicKeyName_; }
/// <summary> /// Install an identity certificate into the public key identity storage. /// </summary> /// /// <param name="certificate">The certificate to to added.</param> public void installIdentityCertificate(IdentityCertificate certificate) { identityManager_.addCertificate(certificate); }
/// <summary> /// Get a certificate from the identity storage. /// </summary> /// /// <param name="certificateName">The name of the requested certificate.</param> /// <returns>The requested certificate.</returns> /// <exception cref="System.Security.SecurityException">if the certificate doesn't exist.</exception> public override IdentityCertificate getCertificate(Name certificateName) { Blob certificateDer = (Blob) ILOG.J2CsMapping.Collections.Collections.Get(certificateStore_,certificateName .toUri()); if (certificateDer == null) throw new SecurityException( "MemoryIdentityStorage::getKey: The certificate does not exist"); IdentityCertificate certificate = new IdentityCertificate(); try { certificate.wireDecode(certificateDer); } catch (EncodingException ex) { throw new SecurityException( "MemoryIdentityStorage::getKey: The certificate cannot be decoded"); } return certificate; }
public void onVerified(Data data) { IdentityCertificate certificate; try { certificate = new IdentityCertificate(data); } catch (DerDecodingException ex) { try { onValidationFailed_.onInterestValidationFailed( originalInterest_, "Cannot decode certificate " + data.getName().toUri()); } catch (Exception exception) { net.named_data.jndn.security.policy.ConfigPolicyManager.logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onInterestValidationFailed", exception); } return; } outer_ConfigPolicyManager.certificateCache_.insertCertificate(certificate); try { // Now that we stored the needed certificate, increment stepCount and try again // to verify the originalInterest. outer_ConfigPolicyManager.checkVerificationPolicy(originalInterest_, stepCount_ + 1, onVerified_, onValidationFailed_, wireFormat_); } catch (SecurityException ex_0) { try { onValidationFailed_.onInterestValidationFailed( originalInterest_, "Error in checkVerificationPolicy: " + ex_0); } catch (Exception exception_1) { net.named_data.jndn.security.policy.ConfigPolicyManager.logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onInterestValidationFailed", exception_1); } } }
public static IdentityCertificate loadIdentityCertificateFromFile( String filename) { StringBuilder encodedData = new StringBuilder(); try { TextReader certFile = new FileReader( filename); // Use "try/finally instead of "try-with-resources" or "using" // which are not supported before Java 7. try { String line; while ((line = certFile.readLine()) != null) encodedData.append(line); } finally { certFile.close(); } } catch (FileNotFoundException ex) { throw new SecurityException( "Can't find IdentityCertificate file " + filename + ": " + ex.Message); } catch (IOException ex_0) { throw new SecurityException( "Error reading IdentityCertificate file " + filename + ": " + ex_0.Message); } byte[] decodedData = net.named_data.jndn.util.Common.base64Decode(encodedData.toString()); IdentityCertificate cert = new IdentityCertificate(); try { cert.wireDecode(new Blob(decodedData, false)); } catch (EncodingException ex_1) { throw new SecurityException( "Can't decode the IdentityCertificate from file " + filename + ": " + ex_1.Message); } return cert; }
public void testPrepareUnsignedCertificate() { MemoryIdentityStorage identityStorage = new MemoryIdentityStorage(); MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage(); IdentityManager identityManager = new IdentityManager(identityStorage, privateKeyStorage); Name keyName = new Name("/test/ksk-1457560485494"); identityStorage.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob(PUBLIC_KEY, false)); ArrayList subjectDescriptions = new ArrayList(); ILOG.J2CsMapping.Collections.Collections.Add(subjectDescriptions,new CertificateSubjectDescription(TEST_OID, "TEST NAME")); IdentityCertificate newCertificate = identityManager .prepareUnsignedIdentityCertificate(keyName, keyName.getPrefix(1), toyCertNotBefore, toyCertNotAfter, subjectDescriptions); // Update the generated certificate version to equal the one in toyCert. newCertificate.setName(new Name(newCertificate.getName().getPrefix(-1) .append(toyCert.getName().get(-1)))); // Make a copy to test encoding. IdentityCertificate certificateCopy = new IdentityCertificate( newCertificate); Assert.AssertEquals( "Prepared unsigned certificate dump does not have the expected format", "" + toyCert, "" + certificateCopy); }
/// <summary> /// This looks up certificates specified as base64-encoded data or file names. /// These are cached by filename or encoding to avoid repeated reading of files /// or decoding. /// </summary> /// /// <param name="certID"></param> /// <param name="isPath"></param> /// <returns>The certificate object.</returns> private IdentityCertificate lookupCertificate(String certID, bool isPath) { IdentityCertificate cert; if (!fixedCertificateCache_.Contains(certID)) { if (isPath) // Load the certificate data (base64 encoded IdentityCertificate) cert = net.named_data.jndn.security.policy.ConfigPolicyManager.TrustAnchorRefreshManager .loadIdentityCertificateFromFile(certID); else { byte[] certData = net.named_data.jndn.util.Common.base64Decode(certID); cert = new IdentityCertificate(); try { cert.wireDecode(new Blob(certData, false)); } catch (EncodingException ex) { throw new SecurityException( "Cannot base64 decode the cert data: " + ex.Message); } } String certUri = cert.getName().getPrefix(-1).toUri(); ILOG.J2CsMapping.Collections.Collections.Put(fixedCertificateCache_,certID,certUri); certificateCache_.insertCertificate(cert); } else cert = certificateCache_.getCertificate(new Name( (String) ILOG.J2CsMapping.Collections.Collections.Get(fixedCertificateCache_,certID))); return cert; }
public void testRefresh10s() { StringBuilder encodedData = new StringBuilder(); TextReader dataFile = new System.IO.StreamReader(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName,"testData")).OpenWrite()); // Use "try/finally instead of "try-with-resources" or "using" // which are not supported before Java 7. try { String line; while ((line = dataFile.readLine()) != null) encodedData.append(line); } finally { dataFile.close(); } byte[] decodedData = net.named_data.jndn.util.Common.base64Decode(encodedData.toString()); Data data = new Data(); data.wireDecode(new Blob(decodedData, false)); // This test is needed, since the KeyChain will express interests in unknown // certificates. VerificationResult vr = doVerify(policyManager_, data); AssertTrue( "ConfigPolicyManager did not create ValidationRequest for unknown certificate", vr.hasFurtherSteps_); AssertEquals( "ConfigPolicyManager called success callback with pending ValidationRequest", 0, vr.successCount_); AssertEquals( "ConfigPolicyManager called failure callback with pending ValidationRequest", 0, vr.failureCount_); // Now save the cert data to our anchor directory, and wait. // We have to sign it with the current identity or the policy manager will // create an interest for the signing certificate. IdentityCertificate cert = new IdentityCertificate(); byte[] certData = net.named_data.jndn.util.Common.base64Decode(CERT_DUMP); cert.wireDecode(new Blob(certData, false)); keyChain_.signByIdentity(cert, identityName_); Blob signedCertBlob = cert.wireEncode(); String encodedCert = net.named_data.jndn.util.Common.base64Encode(signedCertBlob .getImmutableArray()); BufferedStream certFile = new BufferedStream(new System.IO.StreamWriter(testCertFile_.OpenRead())); try { certFile.Write(encodedCert,0,encodedCert.Substring(0,encodedCert.Length)); certFile.flush(); } finally { certFile.close(); } // Still too early for refresh to pick it up. vr = doVerify(policyManager_, data); AssertTrue("ConfigPolicyManager refresh occured sooner than specified", vr.hasFurtherSteps_); AssertEquals( "ConfigPolicyManager called success callback with pending ValidationRequest", 0, vr.successCount_); AssertEquals( "ConfigPolicyManager called failure callback with pending ValidationRequest", 0, vr.failureCount_); ILOG.J2CsMapping.Threading.ThreadWrapper.sleep(6000); // Now we should find it. vr = doVerify(policyManager_, data); AssertFalse("ConfigPolicyManager did not refresh certificate store", vr.hasFurtherSteps_); AssertEquals("Verification success called " + vr.successCount_ + " times instead of 1", 1, vr.successCount_); AssertEquals("ConfigPolicyManager did not verify valid signed data", 0, vr.failureCount_); }
public TestGroupManager() { this.certificate = new IdentityCertificate(); }
public void testCreateDKeyData() { // Create the group manager. GroupManager manager = new GroupManager(new Name("Alice"), new Name( "data_type"), new Sqlite3GroupManagerDb( System.IO.Path.GetFullPath(dKeyDatabaseFilePath.Name)), 2048, 1, keyChain); Blob newCertificateBlob = certificate.wireEncode(); IdentityCertificate newCertificate = new IdentityCertificate(); newCertificate.wireDecode(newCertificateBlob); // Encrypt the D-KEY. Data data = friendAccess.createDKeyData(manager, "20150825T000000", "20150827T000000", new Name("/ndn/memberA/KEY"), decryptKeyBlob, newCertificate.getPublicKeyInfo().getKeyDer()); // Verify the encrypted D-KEY. Blob dataContent = data.getContent(); // Get the nonce key. // dataContent is a sequence of the two EncryptedContent. EncryptedContent encryptedNonce = new EncryptedContent(); encryptedNonce.wireDecode(dataContent); AssertEquals(0, encryptedNonce.getInitialVector().size()); AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, encryptedNonce.getAlgorithmType()); Blob blobNonce = encryptedNonce.getPayload(); EncryptParams decryptParams = new EncryptParams( net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep); Blob nonce = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(decryptKeyBlob, blobNonce, decryptParams); // Get the D-KEY. // Use the size of encryptedNonce to find the start of encryptedPayload. ByteBuffer payloadContent = dataContent.buf().duplicate(); payloadContent.position(encryptedNonce.wireEncode().size()); EncryptedContent encryptedPayload = new EncryptedContent(); encryptedPayload.wireDecode(payloadContent); AssertEquals(16, encryptedPayload.getInitialVector().size()); AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc, encryptedPayload.getAlgorithmType()); decryptParams.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc); decryptParams.setInitialVector(encryptedPayload.getInitialVector()); Blob blobPayload = encryptedPayload.getPayload(); Blob largePayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(nonce, blobPayload, decryptParams); AssertTrue(largePayload.equals(decryptKeyBlob)); }
/// <summary> /// Generate a self-signed certificate for a public key. /// </summary> /// /// <param name="keyName">The name of the public key.</param> /// <returns>The generated certificate.</returns> public IdentityCertificate selfSign(Name keyName) { IdentityCertificate certificate = new IdentityCertificate(); Blob keyBlob = identityStorage_.getKey(keyName); PublicKey publicKey = new PublicKey(keyBlob); Calendar calendar = ILOG.J2CsMapping.Util.Calendar.getInstance(); double notBefore = (double) calendar.getTimeInMillis(); calendar.add(ILOG.J2CsMapping.Util.Calendar.YEAR, 2); double notAfter = (double) calendar.getTimeInMillis(); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); Name certificateName = keyName.getPrefix(-1).append("KEY") .append(keyName.get(-1)).append("ID-CERT") .appendVersion((long) certificate.getNotBefore()); certificate.setName(certificateName); certificate.setPublicKeyInfo(publicKey); certificate.addSubjectDescription(new CertificateSubjectDescription( "2.5.4.41", keyName.toUri())); try { certificate.encode(); } catch (DerEncodingException ex) { // We don't expect this to happen. ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(IdentityManager).FullName).log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null, ex); return null; } catch (DerDecodingException ex_0) { // We don't expect this to happen. ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(IdentityManager).FullName).log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null, ex_0); return null; } signByCertificate(certificate, certificate.getName()); return certificate; }
/// <summary> /// Add a certificate to the identity storage. Also call addKey to ensure that /// the certificate key exists. If the certificate is already installed, don't /// replace it. /// </summary> /// /// <param name="certificate"></param> public abstract void addCertificate(IdentityCertificate certificate);
/// <summary> /// Set the certificate as the default for its corresponding key. /// </summary> /// /// <param name="certificate">The certificate.</param> public void setDefaultCertificateForKey( IdentityCertificate certificate) { Name keyName = certificate.getPublicKeyName(); if (!identityStorage_.doesKeyExist(keyName)) throw new SecurityException( "No corresponding Key record for certificate!"); identityStorage_.setDefaultCertificateNameForKey(keyName, certificate.getName()); }
/// <summary> /// Add a new member with the given memberCertificate into a schedule named /// scheduleName. If cert is an IdentityCertificate made from memberCertificate, /// then the member's identity name is cert.getPublicKeyName().getPrefix(-1). /// </summary> /// /// <param name="scheduleName">The schedule name.</param> /// <param name="memberCertificate">The member's certificate.</param> /// <exception cref="GroupManagerDb.Error">If there's no schedule named scheduleName, ifthe member's identity name already exists, or other database error.</exception> /// <exception cref="DerDecodingException">for error decoding memberCertificate as acertificate.</exception> public void addMember(String scheduleName, Data memberCertificate) { IdentityCertificate cert = new IdentityCertificate(memberCertificate); database_.addMember(scheduleName, cert.getPublicKeyName(), cert .getPublicKeyInfo().getKeyDer()); }
/// <summary> /// Add a certificate to the identity storage. Also call addKey to ensure that /// the certificate key exists. If the certificate is already installed, don't /// replace it. /// </summary> /// /// <param name="certificate"></param> public override void addCertificate(IdentityCertificate certificate) { Name certificateName = certificate.getName(); Name keyName = certificate.getPublicKeyName(); addKey(keyName, certificate.getPublicKeyInfo().getKeyType(), certificate.getPublicKeyInfo().getKeyDer()); if (doesCertificateExist(certificateName)) return; // Insert the certificate. ILOG.J2CsMapping.Collections.Collections.Put(certificateStore_,certificateName.toUri(),certificate.wireEncode()); }
/// <summary> /// Add a certificate into the public key identity storage. /// </summary> /// /// <param name="certificate"></param> public void addCertificate(IdentityCertificate certificate) { identityStorage_.addCertificate(certificate); }
/// <summary> /// Insert the certificate into the cache. Assumes the timestamp is not yet /// removed from the name. /// </summary> /// /// <param name="certificate">The certificate to copy and insert.</param> public void insertCertificate(IdentityCertificate certificate) { Name certName = certificate.getName().getPrefix(-1); ILOG.J2CsMapping.Collections.Collections.Put(cache_,certName.toUri(),certificate.wireEncode()); }
/// <summary> /// Add a certificate into the public key identity storage and set the /// certificate as the default of its corresponding key. /// </summary> /// /// <param name="certificate"></param> public void addCertificateAsDefault(IdentityCertificate certificate) { identityStorage_.addCertificate(certificate); setDefaultCertificateForKey(certificate); }
/// <summary> /// Set the certificate as the default for its corresponding key. /// </summary> /// /// <param name="certificate">The certificate.</param> public void setDefaultCertificateForKey( IdentityCertificate certificate) { identityManager_.setDefaultCertificateForKey(certificate); }
/// <summary> /// Add a certificate into the public key identity storage and set the /// certificate as the default for its corresponding identity. /// </summary> /// /// <param name="certificate"></param> public void addCertificateAsIdentityDefault( IdentityCertificate certificate) { identityStorage_.addCertificate(certificate); Name keyName = certificate.getPublicKeyName(); setDefaultKeyForIdentity(keyName); setDefaultCertificateForKey(certificate); }
/// <summary> /// Get a certificate from the identity storage. /// </summary> /// /// <param name="certificateName">The name of the requested certificate.</param> /// <returns>The requested certificate.</returns> /// <exception cref="System.Security.SecurityException">if the certificate doesn't exist.</exception> public override sealed IdentityCertificate getCertificate(Name certificateName) { try { PreparedStatement statement; statement = database_.prepareStatement(net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.SELECT_getCertificate); statement.setString(1, certificateName.toUri()); IdentityCertificate certificate = new IdentityCertificate(); try { SqlDataReader result = statement.executeQuery(); if (result.NextResult()) { try { certificate.wireDecode(new Blob(result .getBytes("certificate_data"), false)); } catch (EncodingException ex) { throw new SecurityException( "BasicIdentityStorage: Error decoding certificate data: " + ex); } } else throw new SecurityException( "BasicIdentityStorage::getKey: The key certificate not exist"); } finally { statement.close(); } return certificate; } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }