Exemplo n.º 1
0
        /// <summary>
        /// Asynchronously fetch a certificate. setCertificateStorage must have been
        /// called first.
        /// If the requested certificate exists in the storage, then this method will
        /// immediately call continueValidation with the certificate. If certificate is
        /// not available, then the implementation-specific doFetch will be called to
        /// asynchronously fetch the certificate. The successfully-retrieved
        /// certificate will be automatically added to the unverified cache of the
        /// certificate storage.
        /// When the requested certificate is retrieved, continueValidation is called.
        /// Otherwise, the fetcher implementation calls state.failed() with the
        /// appropriate error code and diagnostic message.
        /// </summary>
        ///
        /// <param name="certificateRequest"></param>
        /// <param name="state">The validation state.</param>
        /// <param name="continueValidation">is the fetched certificate and state is the ValidationState.</param>
        public void fetch(CertificateRequest certificateRequest,
                          ValidationState state, CertificateFetcher.ValidationContinuation continueValidation)
        {
            if (certificateStorage_ == null)
            {
                throw new Exception(
                          "CertificateFetcher.fetch: You must first call setCertificateStorage");
            }

            CertificateV2 certificate = certificateStorage_
                                        .getUnverifiedCertificateCache().find(
                certificateRequest.interest_);

            if (certificate != null)
            {
                logger_.log(ILOG.J2CsMapping.Util.Logging.Level.FINE,
                            "Found certificate in **un**verified key cache {0}",
                            certificate.getName().toUri());
                continueValidation.continueValidation(certificate, state);
                return;
            }

            // Rename continueValidation to avoid a loop.
            CertificateFetcher.ValidationContinuation outerContinueValidation_0 = continueValidation;
            // Fetch asynchronously.
            doFetch(certificateRequest, state, new CertificateFetcher.Anonymous_C0(this, outerContinueValidation_0));
        }
Exemplo n.º 2
0
        /// <summary>
        /// Read a base-64-encoded certificate from a file.
        /// </summary>
        ///
        /// <param name="filePath">The certificate file path.</param>
        /// <returns>The decoded certificate, or null if there is an error.</returns>
        public static CertificateV2 readCertificate(String filePath)
        {
            StringBuilder encodedData = new StringBuilder();

            try {
                TextReader certificateFile = new FileReader(
                    filePath);
                // Use "try/finally instead of "try-with-resources" or "using"
                // which are not supported before Java 7.
                try {
                    String line;
                    while ((line = certificateFile.readLine()) != null)
                    {
                        encodedData.append(line);
                    }
                } finally {
                    certificateFile.close();
                }
            } catch (FileNotFoundException ex) {
                return(null);
            } catch (IOException ex_0) {
                return(null);
            }

            byte[]        decodedData = net.named_data.jndn.util.Common.base64Decode(encodedData.toString());
            CertificateV2 result      = new CertificateV2();

            try {
                result.wireDecode(new Blob(decodedData, false));
                return(result);
            } catch (Exception ex_1) {
                return(null);
            }
        }
Exemplo n.º 3
0
            public void onData(Interest interest, Data data)
            {
                net.named_data.jndn.security.v2.CertificateFetcherFromNetwork.logger_.log(ILOG.J2CsMapping.Util.Logging.Level.FINE,
                                                                                          "Fetched certificate from network {0}", data
                                                                                          .getName().toUri());

                CertificateV2 certificate;

                try {
                    certificate = new CertificateV2(data);
                } catch (Exception ex) {
                    state.fail(new ValidationError(
                                   net.named_data.jndn.security.v2.ValidationError.MALFORMED_CERTIFICATE,
                                   "Fetched a malformed certificate `"
                                   + data.getName().toUri() + "` (" + ex
                                   + ")"));
                    return;
                }

                try {
                    continueValidation.continueValidation(certificate,
                                                          state);
                } catch (Exception ex_0) {
                    state.fail(new ValidationError(
                                   net.named_data.jndn.security.v2.ValidationError.CANNOT_RETRIEVE_CERTIFICATE,
                                   "Error in continueValidation: " + ex_0));
                }
            }
 public override void verifyOriginalPacket_(CertificateV2 trustedCertificate)
 {
     if (net.named_data.jndn.security.VerificationHelpers.verifyInterestSignature(interest_,
                                                                                  trustedCertificate))
     {
         logger_.log(ILOG.J2CsMapping.Util.Logging.Level.FINE, "OK signature for interest `{0}`",
                     interest_.getName().toUri());
         for (int i = 0; i < successCallbacks_.Count; ++i)
         {
             try {
                 successCallbacks_[i].successCallback(interest_);
             } catch (Exception exception) {
                 logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in successCallback",
                             exception);
             }
         }
         setOutcome(true);
     }
     else
     {
         fail(new ValidationError(net.named_data.jndn.security.v2.ValidationError.INVALID_SIGNATURE,
                                  "Invalid signature of interest `"
                                  + interest_.getName().toUri() + "`"));
     }
 }
Exemplo n.º 5
0
        /// <summary>
        /// Verify signatures of certificates in the certificate chain. On return, the
        /// certificate chain contains a list of certificates successfully verified by
        /// trustedCertificate.
        /// When the certificate chain cannot be verified, this method will call
        /// fail() with the INVALID_SIGNATURE error code and the appropriate message.
        /// This is only called by the Validator class.
        /// </summary>
        ///
        /// <returns>The certificate to validate the original data packet, either the
        /// last entry in the certificate chain or trustedCertificate if the
        /// certificate chain is empty. However, return null if the signature of at
        /// least one certificate in the chain is invalid, in which case all unverified
        /// certificates have been removed from the certificate chain.</returns>
        public CertificateV2 verifyCertificateChain_(
            CertificateV2 trustedCertificate)
        {
            CertificateV2 validatedCertificate = trustedCertificate;

            for (int i = 0; i < certificateChain_.Count; ++i)
            {
                CertificateV2 certificateToValidate = certificateChain_[i];

                if (!net.named_data.jndn.security.VerificationHelpers.verifyDataSignature(certificateToValidate,
                                                                                          validatedCertificate))
                {
                    fail(new ValidationError(net.named_data.jndn.security.v2.ValidationError.INVALID_SIGNATURE,
                                             "Invalid signature of certificate `"
                                             + certificateToValidate.getName().toUri() + "`"));
                    // Remove this and remaining certificates in the chain.
                    while (certificateChain_.Count > i)
                    {
                        ILOG.J2CsMapping.Collections.Collections.RemoveAt(certificateChain_, i);
                    }

                    return(null);
                }
                else
                {
                    logger_.log(ILOG.J2CsMapping.Util.Logging.Level.FINE, "OK signature for certificate `{0}`",
                                certificateToValidate.getName().toUri());
                    validatedCertificate = certificateToValidate;
                }
            }

            return(validatedCertificate);
        }
Exemplo n.º 6
0
        /// <summary>
        /// Find the certificate by the given key name.
        /// </summary>
        ///
        /// <param name="certificatePrefix"></param>
        /// <returns>The found certificate, or null if not found. You must not modify
        /// the returned object. If you need to modify it, then make a copy.</returns>
        public CertificateV2 find(Name certificatePrefix)
        {
            if (certificatePrefix.size() > 0 &&
                certificatePrefix.get(-1).isImplicitSha256Digest())
            {
                logger_.log(ILOG.J2CsMapping.Util.Logging.Level.FINE,
                            "Certificate search using a name with an implicit digest is not yet supported");
            }

            refresh();

            Name entryKey = (Name)certificatesByName_
                            .ceilingKey(certificatePrefix);

            if (entryKey == null)
            {
                return(null);
            }

            CertificateV2 certificate = ((CertificateCacheV2.Entry)certificatesByName_[entryKey]).certificate_;

            if (!certificatePrefix.isPrefixOf(certificate.getName()))
            {
                return(null);
            }
            return(certificate);
        }
Exemplo n.º 7
0
        /// <summary>
        /// Find a certificate for the given interest.
        /// </summary>
        ///
        /// <param name="interest">The input interest packet.</param>
        /// <returns>The found certificate, or null if not found.</returns>
        /// @note Interest with implicit digest is not supported.
        /// @note ChildSelector is not supported.
        public CertificateV2 find(Interest interest)
        {
            refresh();

            Name firstKey = (Name)anchors_.anchorsByName_.ceilingKey(interest
                                                                     .getName());

            if (firstKey == null)
            {
                return(null);
            }

            /* foreach */
            foreach (Object key  in  anchors_.anchorsByName_.navigableKeySet().tailSet(
                         firstKey))
            {
                CertificateV2 certificate = (CertificateV2)anchors_.anchorsByName_[(Name)key];
                if (!interest.getName().isPrefixOf(certificate.getName()))
                {
                    break;
                }

                try {
                    if (interest.matchesData(certificate))
                    {
                        return(certificate);
                    }
                } catch (EncodingException ex) {
                    // We don't expect this to happen.
                    throw new Exception("Error in matchesData: " + ex);
                }
            }

            return(null);
        }
Exemplo n.º 8
0
        /// <summary>
        /// Insert the certificate into the cache. The inserted certificate will be
        /// removed no later than its NotAfter time, or maxLifetimeMilliseconds given
        /// to the constructor.
        /// </summary>
        ///
        /// <param name="certificate">The certificate object, which is copied.</param>
        public void insert(CertificateV2 certificate)
        {
            double notAfterTime = certificate.getValidityPeriod().getNotAfter();
            // nowOffsetMilliseconds_ is only used for testing.
            double now = net.named_data.jndn.util.Common.getNowMilliseconds() + nowOffsetMilliseconds_;

            if (notAfterTime < now)
            {
                logger_.log(
                    ILOG.J2CsMapping.Util.Logging.Level.FINE,
                    "Not adding {0}: already expired at {1}",
                    new Object[] { certificate.getName().toUri(),
                                   net.named_data.jndn.encrypt.Schedule.toIsoString(notAfterTime) });
                return;
            }

            double removalTime = Math.Min(notAfterTime, now
                                          + maxLifetimeMilliseconds_);

            if (removalTime < nextRefreshTime_)
            {
                // We need to run refresh() sooner.)
                nextRefreshTime_ = removalTime;
            }

            double removalHours = (removalTime - now) / (3600 * 1000.0d);

            logger_.log(ILOG.J2CsMapping.Util.Logging.Level.FINE, "Adding {0}, will remove in {1} hours",
                        new Object[] { certificate.getName().toUri(), removalHours });
            CertificateV2 certificateCopy = new CertificateV2(certificate);

            ILOG.J2CsMapping.Collections.Collections.Put(certificatesByName_, certificateCopy.getName(), new CertificateCacheV2.Entry(
                                                             certificateCopy, removalTime));
        }
        /// <summary>
        /// Load the static anchor certificate. If a certificate with the name is
        /// already added, do nothing.
        /// </summary>
        ///
        /// <param name="certificate">The certificate to add, which is copied.</param>
        public void add(CertificateV2 certificate)
        {
            if (ILOG.J2CsMapping.Collections.Collections.Contains(certificate.getName(), anchorNames_))
            {
                return;
            }

            // Copy the certificate name.
            ILOG.J2CsMapping.Collections.Collections.Add(anchorNames_, new Name(certificate.getName()));
            // This copies the certificate.
            certificates_.add(certificate);
        }
Exemplo n.º 10
0
        /// <summary>
        /// Find a trusted certificate in the trust anchor container or in the
        /// verified cache.
        /// </summary>
        ///
        /// <param name="interestForCertificate">The Interest for the certificate.</param>
        /// <returns>The found certificate, or null if not found.</returns>
        public CertificateV2 findTrustedCertificate(
            Interest interestForCertificate)
        {
            CertificateV2 certificate = trustAnchors_.find(interestForCertificate);

            if (certificate != null)
            {
                return(certificate);
            }

            certificate = verifiedCertificateCache_.find(interestForCertificate);
            return(certificate);
        }
Exemplo n.º 11
0
            /// <summary>
            /// Add the certificate to the container.
            /// </summary>
            ///
            /// <param name="certificate">The certificate to add, which is copied.</param>
            public override void add(CertificateV2 certificate)
            {
                CertificateV2 certificateCopy;

                try {
                    certificateCopy = new CertificateV2(certificate);
                } catch (CertificateV2.Error ex) {
                    // We don't expect this from the copy constructor.
                    throw new Exception(
                              "Error in CertificateV2 copy constructor: " + ex);
                }
                ILOG.J2CsMapping.Collections.Collections.Put(anchorsByName_, certificateCopy.getName(), certificateCopy);
            }
Exemplo n.º 12
0
        /// <summary>
        /// Find the certificate by the given interest.
        /// </summary>
        ///
        /// <param name="interest">The input interest object.</param>
        /// <returns>The found certificate which matches the interest, or null if not
        /// found. You must not modify the returned object. If you need to modify it,
        /// then make a copy.</returns>
        /// @note ChildSelector is not supported.
        public CertificateV2 find(Interest interest)
        {
            if (interest.getChildSelector() >= 0)
            {
                logger_.log(
                    ILOG.J2CsMapping.Util.Logging.Level.FINE,
                    "Certificate search using a ChildSelector is not supported. Searching as if this selector not specified");
            }

            if (interest.getName().size() > 0 &&
                interest.getName().get(-1).isImplicitSha256Digest())
            {
                logger_.log(ILOG.J2CsMapping.Util.Logging.Level.FINE,
                            "Certificate search using a name with an implicit digest is not yet supported");
            }

            refresh();

            Name firstKey = (Name)certificatesByName_.ceilingKey(interest
                                                                 .getName());

            if (firstKey == null)
            {
                return(null);
            }

            /* foreach */
            foreach (Object key  in  certificatesByName_.navigableKeySet().tailSet(
                         firstKey))
            {
                CertificateV2 certificate = ((CertificateCacheV2.Entry)certificatesByName_[(Name)key]).certificate_;
                if (!interest.getName().isPrefixOf(certificate.getName()))
                {
                    break;
                }

                try {
                    if (interest.matchesData(certificate))
                    {
                        return(certificate);
                    }
                } catch (EncodingException ex) {
                    // We don't expect this. Promote to Error.
                    throw new Exception("Error in Interest.matchesData: " + ex);
                }
            }

            return(null);
        }
Exemplo n.º 13
0
        /// <summary>
        /// Request a certificate for further validation.
        /// </summary>
        ///
        /// <param name="certificateRequest">The certificate request.</param>
        /// <param name="state">The current validation state.</param>
        internal void requestCertificate(CertificateRequest certificateRequest,
                                         ValidationState state)
        {
            if (state.getDepth() >= maxDepth_)
            {
                state.fail(new ValidationError(
                               net.named_data.jndn.security.v2.ValidationError.EXCEEDED_DEPTH_LIMIT,
                               "Exceeded validation depth limit"));
                return;
            }

            if (state
                .hasSeenCertificateName(certificateRequest.interest_.getName()))
            {
                state.fail(new ValidationError(net.named_data.jndn.security.v2.ValidationError.LOOP_DETECTED,
                                               "Validation loop detected for certificate `"
                                               + certificateRequest.interest_.getName().toUri()
                                               + "`"));
                return;
            }

            logger_.log(ILOG.J2CsMapping.Util.Logging.Level.FINE, "Retrieving {0}", certificateRequest.interest_
                        .getName().toUri());

            CertificateV2 certificate_0 = findTrustedCertificate(certificateRequest.interest_);

            if (certificate_0 != null)
            {
                logger_.log(ILOG.J2CsMapping.Util.Logging.Level.FINE, "Found trusted certificate {0}",
                            certificate_0.getName().toUri());

                certificate_0 = state.verifyCertificateChain_(certificate_0);
                if (certificate_0 != null)
                {
                    state.verifyOriginalPacket_(certificate_0);
                }

                for (int i = 0; i < state.getCertificateChain_().Count; ++i)
                {
                    cacheVerifiedCertificate(state.getCertificateChain_()[i]);
                }

                return;
            }

            certificateFetcher_.fetch(certificateRequest, state,
                                      new Validator.Anonymous_C0(this));
        }
Exemplo n.º 14
0
        private void loadCertificate(String file, HashedSet <Name> oldAnchorNames)
        {
            CertificateV2 certificate = net.named_data.jndn.security.v2.TrustAnchorGroup.readCertificate(file);

            if (certificate != null)
            {
                if (!ILOG.J2CsMapping.Collections.Collections.Contains(certificate.getName(), anchorNames_))
                {
                    ILOG.J2CsMapping.Collections.Collections.Add(anchorNames_, certificate.getName());
                    certificates_.add(certificate);
                }
                else
                {
                    ILOG.J2CsMapping.Collections.Collections.Remove(oldAnchorNames, certificate.getName());
                }
            }
        }
Exemplo n.º 15
0
        /// <summary>
        /// Recursively validate the certificates in the certification chain.
        /// </summary>
        ///
        /// <param name="certificate_0">The certificate to check.</param>
        /// <param name="state">The current validation state.</param>
        internal void validateCertificate(CertificateV2 certificate_0,
                                          ValidationState state)
        {
            logger_.log(ILOG.J2CsMapping.Util.Logging.Level.FINE, "Start validating certificate {0}", certificate_0
                        .getName().toUri());

            if (!certificate_0.isValid())
            {
                state.fail(new ValidationError(net.named_data.jndn.security.v2.ValidationError.EXPIRED_CERTIFICATE,
                                               "Retrieved certificate is not yet valid or expired `"
                                               + certificate_0.getName().toUri() + "`"));
                return;
            }

            policy_.checkCertificatePolicy(certificate_0, state,
                                           new Validator.Anonymous_C1(this, certificate_0));
        }
Exemplo n.º 16
0
        /// <summary>
        /// Search for a certificate across all groups (longest prefix match).
        /// </summary>
        ///
        /// <param name="keyName">The key name prefix for searching for the certificate.</param>
        /// <returns>The found certificate, or null if not found.</returns>
        public CertificateV2 find(Name keyName)
        {
            refresh();

            Name nameKey = (Name)anchors_.anchorsByName_.ceilingKey(keyName);

            if (nameKey == null)
            {
                return(null);
            }
            CertificateV2 certificate = (CertificateV2)anchors_.anchorsByName_[nameKey];

            if (!keyName.isPrefixOf(certificate.getName()))
            {
                return(null);
            }
            return(certificate);
        }
Exemplo n.º 17
0
        /// <summary>
        /// Insert a static trust anchor. If the certificate (having the same name
        /// without considering implicit digest) already exists in the group with
        /// groupId, then do nothing.
        /// </summary>
        ///
        /// <param name="groupId">The certificate group id.</param>
        /// <param name="certificate">The certificate to insert, which is copied.</param>
        /// <exception cref="TrustAnchorContainer.Error">If groupId is a dynamic anchor group .</exception>
        public void insert(String groupId, CertificateV2 certificate)
        {
            TrustAnchorGroup group = ILOG.J2CsMapping.Collections.Collections.Get(groups_, groupId);

            if (group == null)
            {
                group = new StaticTrustAnchorGroup(anchors_, groupId);
                ILOG.J2CsMapping.Collections.Collections.Put(groups_, groupId, group);
            }

            if (!(group  is  StaticTrustAnchorGroup))
            {
                throw new TrustAnchorContainer.Error(
                          "Cannot add a static anchor to the non-static anchor group "
                          + groupId);
            }

            ((StaticTrustAnchorGroup)group).add(certificate);
        }
Exemplo n.º 18
0
 public override void verifyOriginalPacket_(CertificateV2 trustedCertificate)
 {
     if (net.named_data.jndn.security.VerificationHelpers.verifyDataSignature(data_, trustedCertificate))
     {
         logger_.log(ILOG.J2CsMapping.Util.Logging.Level.FINE, "OK signature for data `{0}`", data_
                     .getName().toUri());
         try {
             successCallback_.successCallback(data_);
         } catch (Exception exception) {
             logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in successCallback", exception);
         }
         setOutcome(true);
     }
     else
     {
         fail(new ValidationError(net.named_data.jndn.security.v2.ValidationError.INVALID_SIGNATURE,
                                  "Invalid signature of data `" + data_.getName().toUri()
                                  + "`"));
     }
 }
Exemplo n.º 19
0
 /// <summary>
 /// Create a new CertificateCacheV2.Entry with the given values.
 /// </summary>
 ///
 /// <param name="certificate">The certificate.</param>
 /// <param name="removalTime"></param>
 public Entry(CertificateV2 certificate, double removalTime)
 {
     certificate_ = certificate;
     removalTime_ = removalTime;
 }
Exemplo n.º 20
0
 public Anonymous_C1(Validator paramouter_Validator,
                     CertificateV2 certificate_0)
 {
     this.certificate     = certificate_0;
     this.outer_Validator = paramouter_Validator;
 }
Exemplo n.º 21
0
        /// <summary>
        /// Process the trust-anchor configuration section and call
        /// validator_.loadAnchor as needed.
        /// </summary>
        ///
        /// <param name="configSection"></param>
        /// <param name="inputName">Used for log messages, etc.</param>
        private void processConfigTrustAnchor(BoostInfoTree configSection,
                                              String inputName)
        {
            String anchorType = configSection.getFirstValue("type");

            if (anchorType == null)
            {
                throw new ValidatorConfigError("Expected <trust-anchor.type>");
            }

            if (anchorType.Equals("file", StringComparison.InvariantCultureIgnoreCase))
            {
                // Get trust-anchor.file .
                String fileName = configSection.getFirstValue("file-name");
                if (fileName == null)
                {
                    throw new ValidatorConfigError(
                              "Expected <trust-anchor.file-name>");
                }

                double refreshPeriod = getRefreshPeriod(configSection);
                try {
                    validator_.loadAnchor(fileName, fileName, refreshPeriod, false);
                } catch (TrustAnchorContainer.Error ex) {
                    throw new ValidatorConfigError("Error in loadAnchor: " + ex);
                }

                return;
            }
            else if (anchorType.Equals("base64", StringComparison.InvariantCultureIgnoreCase))
            {
                // Get trust-anchor.base64-string .
                String base64String = configSection.getFirstValue("base64-string");
                if (base64String == null)
                {
                    throw new ValidatorConfigError(
                              "Expected <trust-anchor.base64-string>");
                }

                byte[]        encoding    = net.named_data.jndn.util.Common.base64Decode(base64String);
                CertificateV2 certificate = new CertificateV2();
                try {
                    certificate.wireDecode(new Blob(encoding));
                } catch (Exception ex_0) {
                    throw new ValidatorConfigError(
                              "Cannot decode certificate from base64-string: " + ex_0);
                }
                try {
                    validator_.loadAnchor("", certificate);
                } catch (TrustAnchorContainer.Error ex_1) {
                    throw new ValidatorConfigError("Error in loadAnchor: " + ex_1);
                }

                return;
            }
            else if (anchorType.Equals("dir", StringComparison.InvariantCultureIgnoreCase))
            {
                // Get trust-anchor.dir .
                String dirString = configSection.getFirstValue("dir");
                if (dirString == null)
                {
                    throw new ValidatorConfigError("Expected <trust-anchor.dir>");
                }

                double refreshPeriod_2 = getRefreshPeriod(configSection);
                try {
                    validator_
                    .loadAnchor(dirString, dirString, refreshPeriod_2, true);
                } catch (TrustAnchorContainer.Error ex_3) {
                    throw new ValidatorConfigError("Error in loadAnchor: " + ex_3);
                }

                return;
            }
            else if (anchorType.Equals("any", StringComparison.InvariantCultureIgnoreCase))
            {
                shouldBypass_ = true;
            }
            else
            {
                throw new ValidatorConfigError("Unsupported trust-anchor.type");
            }
        }
Exemplo n.º 22
0
 /// <summary>
 /// Add the certificate to the container.
 /// </summary>
 ///
 /// <param name="certificate">The certificate to add, which is copied.</param>
 public abstract void add(CertificateV2 certificate);
Exemplo n.º 23
0
 /// <summary>
 /// Check the certificate against the policy.
 /// This base class implementation just calls checkPolicy(Data, ...). Your
 /// derived class may override.
 /// Depending on implementation of the policy, this check can be done
 /// synchronously or asynchronously.
 /// See the checkPolicy(Data) documentation for the semantics.
 /// </summary>
 ///
 /// <param name="certificate">The certificate to check.</param>
 /// <param name="state">The ValidationState of this validation.</param>
 /// <param name="continueValidation"></param>
 public void checkCertificatePolicy(CertificateV2 certificate,
                                    ValidationState state, ValidationPolicy.ValidationContinuation continueValidation)
 {
     checkPolicy(certificate, state, continueValidation);
 }
Exemplo n.º 24
0
 /// <summary>
 /// Cache the unverified certificate for a period of time (5 minutes).
 /// </summary>
 ///
 /// <param name="certificate">The certificate packet, which is copied.</param>
 public void cacheUnverifiedCertificate(CertificateV2 certificate)
 {
     unverifiedCertificateCache_.insert(certificate);
 }
Exemplo n.º 25
0
 /// <summary>
 /// Verify the signature of the original packet. This is only called by the
 /// Validator class.
 /// </summary>
 ///
 /// <param name="trustedCertificate">The certificate that signs the original packet.</param>
 public abstract void verifyOriginalPacket_(CertificateV2 trustedCertificate);
Exemplo n.º 26
0
 /// <summary>
 /// Add the certificate to the top of the certificate chain.
 /// If the certificate chain is empty, then the certificate should be the
 /// signer of the original packet. If the certificate chain is not empty, then
 /// the certificate should be the signer of the front of the certificate chain.
 /// </summary>
 ///
 /// @note This function does not verify the signature bits.
 /// <param name="certificate">The certificate to add, which is copied.</param>
 public void addCertificate(CertificateV2 certificate)
 {
     certificateChain_.Insert(0, new CertificateV2(certificate));
 }
Exemplo n.º 27
0
 /// <summary>
 /// Load a static trust anchor. Static trust anchors are permanently associated
 /// with the validator and never expire.
 /// </summary>
 ///
 /// <param name="groupId">The certificate group id.</param>
 /// <param name="certificate"></param>
 public void loadAnchor(String groupId, CertificateV2 certificate)
 {
     trustAnchors_.insert(groupId, certificate);
 }
Exemplo n.º 28
0
 public void continueValidation(CertificateV2 certificate,
                                ValidationState state)
 {
     outer_CertificateFetcher.certificateStorage_.cacheUnverifiedCertificate(certificate);
     outerContinueValidation.continueValidation(certificate, state);
 }
Exemplo n.º 29
0
 public void continueValidation(CertificateV2 certificate_0,
                                ValidationState state)
 {
     outer_Validator.validateCertificate(certificate_0, state);
 }