/// <summary> /// Add a self-signed certificate made from the key and issuer ID. /// </summary> /// /// <param name="key">The key for the certificate.</param> /// <param name="issuerId">The issuer ID name component for the certificate name.</param> /// <returns>The new certificate.</returns> internal CertificateV2 addCertificate(PibKey key, String issuerId) { Name certificateName = new Name(key.getName()); certificateName.append(issuerId).appendVersion(3); CertificateV2 certificate = new CertificateV2(); certificate.setName(certificateName); // Set the MetaInfo. certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY); // One hour. certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0); // Set the content. certificate.setContent(key.getPublicKey()); SigningInfo paras = new SigningInfo(key); // Validity period of 10 days. double now = net.named_data.jndn.util.Common.getNowMilliseconds(); paras.setValidityPeriod(new ValidityPeriod(now, now + 10 * 24 * 3600 * 1000.0d)); keyChain_.sign(certificate, paras); return(certificate); }
public void testSetters() { CertificateV2 certificate = new CertificateV2(); certificate.setName(new Name( "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B")); certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d); certificate.setContent(new Blob(PUBLIC_KEY, false)); certificate.setSignature(generateFakeSignature()); Assert.AssertEquals(new Name( "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"), certificate.getName()); Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-1416425377094"), certificate.getKeyName()); Assert.AssertEquals(new Name("/ndn/site1"), certificate.getIdentity()); Assert.AssertEquals(new Name.Component("0123"), certificate.getIssuerId()); Assert.AssertEquals(new Name.Component("ksk-1416425377094"), certificate.getKeyId()); Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-2516425377094"), net.named_data.jndn.KeyLocator .getFromSignature(certificate.getSignature()).getKeyName()); Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T050000"), certificate .getValidityPeriod().getNotBefore(), 0); Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060000"), certificate .getValidityPeriod().getNotAfter(), 0); try { certificate.getPublicKey(); } catch (Exception ex) { Assert.Fail(ex.Message); } }
public void processInterest(Interest interest, OnData onData, OnTimeout onTimeout, OnNetworkNack onNetworkNack) { try { // Create another key for the same identity and sign it properly. PibKey parentKey = outer_TestValidator.fixture_.keyChain_ .createKey(outer_TestValidator.fixture_.subIdentity_); PibKey requestedKey = outer_TestValidator.fixture_.subIdentity_.getKey(interest .getName()); // Copy the Name. Name certificateName = new Name(requestedKey.getName()); certificateName.append("looper").appendVersion(1); CertificateV2 certificate = new CertificateV2(); certificate.setName(certificateName); // Set the MetaInfo. certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY); // Set the freshness period to one hour. certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d); // Set the content. certificate.setContent(requestedKey.getPublicKey()); // Set SigningInfo. SigningInfo // Set SigningInfo. paras = new SigningInfo(parentKey); // Validity period from 10 days before to 10 days after now. double now = net.named_data.jndn.util.Common.getNowMilliseconds(); paras.setValidityPeriod(new ValidityPeriod(now - 10 * 24 * 3600 * 1000.0d, now + 10 * 24 * 3600 * 1000.0d)); outer_TestValidator.fixture_.keyChain_.sign(certificate, paras); onData.onData(interest, certificate); } catch (Exception ex) { Assert.Fail("Error in InfiniteCertificateChain: " + ex); } }
public void testValidityPeriodChecking() { CertificateV2 certificate = new CertificateV2(); certificate.setName(new Name( "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B")); certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d); certificate.setContent(new Blob(PUBLIC_KEY, false)); certificate.setSignature(generateFakeSignature()); Assert.AssertEquals(true, certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T050000"))); Assert.AssertEquals(true, certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060000"))); Assert.AssertEquals(false, certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T045959"))); Assert.AssertEquals(false, certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060001"))); }
private static CertificateV2 makeSelfSignedCertificate(Name keyName, Blob privateKeyBag, Blob publicKeyEncoding, ByteBuffer password, DigestAlgorithm digestAlgorithm, WireFormat wireFormat) { CertificateV2 certificate = new CertificateV2(); // Set the name. double now = net.named_data.jndn.util.Common.getNowMilliseconds(); Name certificateName = new Name(keyName); certificateName.append("self").appendVersion((long)now); certificate.setName(certificateName); // Set the MetaInfo. certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY); // Set a one-hour freshness period. certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d); // Set the content. PublicKey publicKey = null; try { publicKey = new PublicKey(publicKeyEncoding); } catch (UnrecognizedKeyFormatException ex) { // Promote to Pib.Error. throw new Pib.Error("Error decoding public key " + ex); } certificate.setContent(publicKey.getKeyDer()); // Create a temporary in-memory Tpm and import the private key. Tpm tpm = new Tpm("", "", new TpmBackEndMemory()); tpm.importPrivateKey_(keyName, privateKeyBag.buf(), password); // Set the signature info. if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.RSA) { certificate.setSignature(new Sha256WithRsaSignature()); } else if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.EC) { certificate.setSignature(new Sha256WithEcdsaSignature()); } else { throw new AssertionError("Unsupported key type"); } Signature signatureInfo = certificate.getSignature(); net.named_data.jndn.KeyLocator.getFromSignature(signatureInfo).setType( net.named_data.jndn.KeyLocatorType.KEYNAME); net.named_data.jndn.KeyLocator.getFromSignature(signatureInfo).setKeyName(keyName); // Set a 20-year validity period. net.named_data.jndn.security.ValidityPeriod.getFromSignature(signatureInfo).setPeriod(now, now + 20 * 365 * 24 * 3600 * 1000.0d); // Encode once to get the signed portion. SignedBlob encoding = certificate.wireEncode(wireFormat); Blob signatureBytes = tpm.sign(encoding.signedBuf(), keyName, digestAlgorithm); signatureInfo.setSignature(signatureBytes); // Encode again to include the signature. certificate.wireEncode(wireFormat); return(certificate); }