예제 #1
0
        /// <summary>
        /// Prepare an unsigned identity certificate.
        /// </summary>
        ///
        /// <param name="keyName">The key name, e.g., `/{identity_name}/ksk-123456`.</param>
        /// <param name="publicKey">The public key to sign.</param>
        /// <param name="signingIdentity">The signing identity.</param>
        /// <param name="notBefore">See IdentityCertificate.</param>
        /// <param name="notAfter">See IdentityCertificate.</param>
        /// <param name="subjectDescription">on the keyName.</param>
        /// <param name="certPrefix">signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-...`).</param>
        /// <returns>The unsigned IdentityCertificate, or null if the inputs are invalid.</returns>
        public IdentityCertificate prepareUnsignedIdentityCertificate(
				Name keyName, PublicKey publicKey, Name signingIdentity,
				double notBefore, double notAfter, IList subjectDescription,
				Name certPrefix)
        {
            if (keyName.size() < 1)
                return null;

            String tempKeyIdPrefix = keyName.get(-1).toEscapedString();
            if (tempKeyIdPrefix.Length < 4)
                return null;
            String keyIdPrefix = tempKeyIdPrefix.Substring(0,(4)-(0));
            if (!keyIdPrefix.equals("ksk-") && !keyIdPrefix.equals("dsk-"))
                return null;

            IdentityCertificate certificate = new IdentityCertificate();
            Name certName = new Name();

            if (certPrefix == null) {
                // No certificate prefix hint, so infer the prefix.
                if (signingIdentity.match(keyName))
                    certName.append(signingIdentity).append("KEY")
                            .append(keyName.getSubName(signingIdentity.size()))
                            .append("ID-CERT")
                            .appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds());
                else
                    certName.append(keyName.getPrefix(-1)).append("KEY")
                            .append(keyName.get(-1)).append("ID-CERT")
                            .appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds());
            } else {
                // A cert prefix hint is supplied, so determine the cert name.
                if (certPrefix.match(keyName) && !certPrefix.equals(keyName))
                    certName.append(certPrefix).append("KEY")
                            .append(keyName.getSubName(certPrefix.size()))
                            .append("ID-CERT")
                            .appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds());
                else
                    return null;
            }

            certificate.setName(certName);
            certificate.setNotBefore(notBefore);
            certificate.setNotAfter(notAfter);
            certificate.setPublicKeyInfo(publicKey);

            if (subjectDescription == null || (subjectDescription.Count==0))
                certificate
                        .addSubjectDescription(new CertificateSubjectDescription(
                                "2.5.4.41", keyName.getPrefix(-1).toUri()));
            else {
                for (int i = 0; i < subjectDescription.Count; ++i)
                    certificate
                            .addSubjectDescription((CertificateSubjectDescription) subjectDescription[i]);
            }

            try {
                certificate.encode();
            } catch (DerEncodingException ex) {
                throw new SecurityException("DerEncodingException: " + ex);
            } catch (DerDecodingException ex_0) {
                throw new SecurityException("DerDecodingException: " + ex_0);
            }

            return certificate;
        }
예제 #2
0
        public void testMatch()
        {
            Name name = new Name("/edu/cmu/andrew/user/3498478");
            Name name2 = new Name(name);
            Assert.AssertTrue("Name does not match deep copy of itself", name.match(name2));

            name2 = name.getPrefix(2);
            Assert.AssertTrue("Name did not match prefix", name2.match(name));
            Assert.AssertFalse("Name should not match shorter name", name.match(name2));
            Assert.AssertTrue("Empty name should always match another",
                    new Name().match(name));
        }
예제 #3
0
        /// <summary>
        /// Determines if a name satisfies the relation to another name, based on
        /// matchRelation.
        /// </summary>
        ///
        /// <param name="name"></param>
        /// <param name="matchName"></param>
        /// <param name="matchRelation">name as a prefix "is-strict-prefix-of" - passes if the name has the other name as a prefix, and is not equal "equal" - passes if the two names are equal</param>
        /// <returns>True if matches.</returns>
        private static bool matchesRelation(Name name, Name matchName,
				String matchRelation)
        {
            bool passed = false;
            if (matchRelation.equals("is-strict-prefix-of")) {
                if (matchName.size() == name.size())
                    passed = false;
                else if (matchName.match(name))
                    passed = true;
            } else if (matchRelation.equals("is-prefix-of")) {
                if (matchName.match(name))
                    passed = true;
            } else if (matchRelation.equals("equal")) {
                if (matchName.equals(name))
                    passed = true;
            }

            return passed;
        }