public void testSetters() { CertificateV2 certificate = new CertificateV2(); certificate.setName(new Name( "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B")); certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d); certificate.setContent(new Blob(PUBLIC_KEY, false)); certificate.setSignature(generateFakeSignature()); Assert.AssertEquals(new Name( "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"), certificate.getName()); Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-1416425377094"), certificate.getKeyName()); Assert.AssertEquals(new Name("/ndn/site1"), certificate.getIdentity()); Assert.AssertEquals(new Name.Component("0123"), certificate.getIssuerId()); Assert.AssertEquals(new Name.Component("ksk-1416425377094"), certificate.getKeyId()); Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-2516425377094"), net.named_data.jndn.KeyLocator .getFromSignature(certificate.getSignature()).getKeyName()); Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T050000"), certificate .getValidityPeriod().getNotBefore(), 0); Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060000"), certificate .getValidityPeriod().getNotAfter(), 0); try { certificate.getPublicKey(); } catch (Exception ex) { Assert.Fail(ex.Message); } }
/// <summary> /// Add a self-signed certificate made from the key and issuer ID. /// </summary> /// /// <param name="key">The key for the certificate.</param> /// <param name="issuerId">The issuer ID name component for the certificate name.</param> /// <returns>The new certificate.</returns> internal CertificateV2 addCertificate(PibKey key, String issuerId) { Name certificateName = new Name(key.getName()); certificateName.append(issuerId).appendVersion(3); CertificateV2 certificate = new CertificateV2(); certificate.setName(certificateName); // Set the MetaInfo. certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY); // One hour. certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0); // Set the content. certificate.setContent(key.getPublicKey()); SigningInfo paras = new SigningInfo(key); // Validity period of 10 days. double now = net.named_data.jndn.util.Common.getNowMilliseconds(); paras.setValidityPeriod(new ValidityPeriod(now, now + 10 * 24 * 3600 * 1000.0d)); keyChain_.sign(certificate, paras); return(certificate); }
public void testOverwrite() { /* foreach */ foreach (PibDataFixture2 fixture in pibImpls) { PibImpl pib = fixture.pib; // Check for id1Key1, which should not exist. pib.removeIdentity(fixture.id1); Assert.AssertEquals(false, pib.hasKey(fixture.id1Key1Name)); // Add id1Key1. pib.addKey(fixture.id1, fixture.id1Key1Name, fixture.id1Key1.buf()); Assert.AssertEquals(true, pib.hasKey(fixture.id1Key1Name)); Blob keyBits = pib.getKeyBits(fixture.id1Key1Name); Assert.AssertTrue(keyBits.equals(fixture.id1Key1)); // To check overwrite, add a key with the same name. pib.addKey(fixture.id1, fixture.id1Key1Name, fixture.id1Key2.buf()); Blob keyBits2 = pib.getKeyBits(fixture.id1Key1Name); Assert.AssertTrue(keyBits2.equals(fixture.id1Key2)); // Check for id1Key1Cert1, which should not exist. pib.removeIdentity(fixture.id1); Assert.AssertEquals(false, pib.hasCertificate(fixture.id1Key1Cert1.getName())); // Add id1Key1Cert1. pib.addKey(fixture.id1, fixture.id1Key1Name, fixture.id1Key1.buf()); pib.addCertificate(fixture.id1Key1Cert1); Assert.AssertEquals(true, pib.hasCertificate(fixture.id1Key1Cert1.getName())); CertificateV2 cert = pib.getCertificate(fixture.id1Key1Cert1 .getName()); Assert.AssertTrue(cert.wireEncode().equals( fixture.id1Key1Cert1.wireEncode())); // Create a fake certificate with the same name. CertificateV2 cert2 = fixture.id1Key2Cert1; cert2.setName(fixture.id1Key1Cert1.getName()); cert2.setSignature(fixture.id1Key2Cert1.getSignature()); pib.addCertificate(cert2); CertificateV2 cert3 = pib.getCertificate(fixture.id1Key1Cert1 .getName()); Assert.AssertTrue(cert3.wireEncode().equals(cert2.wireEncode())); // Check that both the key and certificate are overwritten. Blob keyBits3 = pib.getKeyBits(fixture.id1Key1Name); Assert.AssertTrue(keyBits3.equals(fixture.id1Key2)); } }
public void testValidityPeriodChecking() { CertificateV2 certificate = new CertificateV2(); certificate.setName(new Name( "/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B")); certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d); certificate.setContent(new Blob(PUBLIC_KEY, false)); certificate.setSignature(generateFakeSignature()); Assert.AssertEquals(true, certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T050000"))); Assert.AssertEquals(true, certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060000"))); Assert.AssertEquals(false, certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T045959"))); Assert.AssertEquals(false, certificate.isValid(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20141111T060001"))); }
internal void makeCertificate(PibKey key, PibKey signer) { // Copy the default certificate. CertificateV2 request = new CertificateV2(key.getDefaultCertificate()); request.setName(new Name(key.getName()).append("looper").appendVersion( 1)); // Set SigningInfo. SigningInfo // Set SigningInfo. paras = new SigningInfo(signer); // Validity period from 100 days before to 100 days after now. double now = net.named_data.jndn.util.Common.getNowMilliseconds(); paras.setValidityPeriod(new ValidityPeriod(now - 100 * 24 * 3600 * 1000.0d, now + 100 * 24 * 3600 * 1000.0d)); fixture_.keyChain_.sign(request, paras); fixture_.keyChain_.addCertificate(key, request); fixture_.cache_.insert(request); }
public void processInterest(Interest interest, OnData onData, OnTimeout onTimeout, OnNetworkNack onNetworkNack) { try { // Create another key for the same identity and sign it properly. PibKey parentKey = outer_TestValidator.fixture_.keyChain_ .createKey(outer_TestValidator.fixture_.subIdentity_); PibKey requestedKey = outer_TestValidator.fixture_.subIdentity_.getKey(interest .getName()); // Copy the Name. Name certificateName = new Name(requestedKey.getName()); certificateName.append("looper").appendVersion(1); CertificateV2 certificate = new CertificateV2(); certificate.setName(certificateName); // Set the MetaInfo. certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY); // Set the freshness period to one hour. certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d); // Set the content. certificate.setContent(requestedKey.getPublicKey()); // Set SigningInfo. SigningInfo // Set SigningInfo. paras = new SigningInfo(parentKey); // Validity period from 10 days before to 10 days after now. double now = net.named_data.jndn.util.Common.getNowMilliseconds(); paras.setValidityPeriod(new ValidityPeriod(now - 10 * 24 * 3600 * 1000.0d, now + 10 * 24 * 3600 * 1000.0d)); outer_TestValidator.fixture_.keyChain_.sign(certificate, paras); onData.onData(interest, certificate); } catch (Exception ex) { Assert.Fail("Error in InfiniteCertificateChain: " + ex); } }
/// <summary> /// Issue a certificate for subIdentityName signed by issuer. If the identity /// does not exist, it is created. A new key is generated as the default key /// for the identity. A default certificate for the key is signed by the /// issuer using its default certificate. /// </summary> /// /// <param name="subIdentityName">The name to issue the certificate for.</param> /// <param name="issuer">The identity of the signer.</param> /// <param name="params"></param> /// <returns>The sub identity.</returns> internal PibIdentity addSubCertificate(Name subIdentityName, PibIdentity issuer, KeyParams paras) { PibIdentity subIdentity = addIdentity(subIdentityName, paras); CertificateV2 request = subIdentity.getDefaultKey() .getDefaultCertificate(); request.setName(request.getKeyName().append("parent").appendVersion(1)); SigningInfo certificateParams = new SigningInfo(issuer); // Validity period of 20 years. double now = net.named_data.jndn.util.Common.getNowMilliseconds(); certificateParams.setValidityPeriod(new ValidityPeriod(now, now + 20 * 365 * 24 * 3600 * 1000.0d)); // Skip the AdditionalDescription. keyChain_.sign(request, certificateParams); keyChain_.setDefaultCertificate(subIdentity.getDefaultKey(), request); return(subIdentity); }
public void testManagement() { Name identityName = new Name("/test/id"); Name identity2Name = new Name("/test/id2"); Assert.AssertEquals(0, fixture_.keyChain_.getPib().getIdentities_().size()); try { fixture_.keyChain_.getPib().getDefaultIdentity(); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex) { } catch (Exception ex_0) { Assert.Fail("Did not throw the expected exception"); } // Create an identity. PibIdentity id = fixture_.keyChain_.createIdentityV2(identityName); Assert.AssertTrue(id != null); Assert.AssertTrue(fixture_.keyChain_.getPib().getIdentities_() .getIdentities_().Contains(identityName)); // The first added identity becomes the default identity. try { fixture_.keyChain_.getPib().getDefaultIdentity(); } catch (Exception ex_1) { Assert.Fail("Unexpected exception: " + ex_1.Message); } // The default key of the added identity must exist. PibKey key = null; try { key = id.getDefaultKey(); } catch (Exception ex_2) { Assert.Fail("Unexpected exception: " + ex_2.Message); } // The default certificate of the default key must exist. try { key.getDefaultCertificate(); } catch (Exception ex_3) { Assert.Fail("Unexpected exception: " + ex_3.Message); } // Delete the key. Name key1Name = key.getName(); try { id.getKey(key1Name); } catch (Exception ex_4) { Assert.Fail("Unexpected exception: " + ex_4.Message); } Assert.AssertEquals(1, id.getKeys_().size()); fixture_.keyChain_.deleteKey(id, key); /* TODO: Implement key validity. * // The key instance should not be valid anymore. * assertTrue(!key); */ try { id.getKey(key1Name); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_5) { } catch (Exception ex_6) { Assert.Fail("Did not throw the expected exception"); } Assert.AssertEquals(0, id.getKeys_().size()); // Create another key. fixture_.keyChain_.createKey(id); // The added key becomes the default key. try { id.getDefaultKey(); } catch (Exception ex_7) { Assert.Fail("Unexpected exception: " + ex_7.Message); } PibKey key2 = id.getDefaultKey(); Assert.AssertTrue(key2 != null); Assert.AssertTrue(!key2.getName().equals(key1Name)); Assert.AssertEquals(1, id.getKeys_().size()); try { key2.getDefaultCertificate(); } catch (Exception ex_8) { Assert.Fail("Unexpected exception: " + ex_8.Message); } // Create a third key. PibKey key3 = fixture_.keyChain_.createKey(id); Assert.AssertTrue(!key3.getName().equals(key2.getName())); // The added key will not be the default key, because the default key already exists. Assert.AssertTrue(id.getDefaultKey().getName().equals(key2.getName())); Assert.AssertEquals(2, id.getKeys_().size()); try { key3.getDefaultCertificate(); } catch (Exception ex_9) { Assert.Fail("Unexpected exception: " + ex_9.Message); } // Delete the certificate. Assert.AssertEquals(1, key3.getCertificates_().size()); CertificateV2 key3Cert1 = (CertificateV2)ILOG.J2CsMapping.Collections.Collections.ToArray(key3.getCertificates_() .getCertificates_().Values)[0]; Name key3CertName = key3Cert1.getName(); fixture_.keyChain_.deleteCertificate(key3, key3CertName); Assert.AssertEquals(0, key3.getCertificates_().size()); try { key3.getDefaultCertificate(); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_10) { } catch (Exception ex_11) { Assert.Fail("Did not throw the expected exception"); } // Add a certificate. fixture_.keyChain_.addCertificate(key3, key3Cert1); Assert.AssertEquals(1, key3.getCertificates_().size()); try { key3.getDefaultCertificate(); } catch (Exception ex_12) { Assert.Fail("Unexpected exception: " + ex_12.Message); } // Overwriting the certificate should work. fixture_.keyChain_.addCertificate(key3, key3Cert1); Assert.AssertEquals(1, key3.getCertificates_().size()); // Add another certificate. CertificateV2 key3Cert2 = new CertificateV2(key3Cert1); Name key3Cert2Name = new Name(key3.getName()); key3Cert2Name.append("Self"); key3Cert2Name.appendVersion(1); key3Cert2.setName(key3Cert2Name); fixture_.keyChain_.addCertificate(key3, key3Cert2); Assert.AssertEquals(2, key3.getCertificates_().size()); // Set the default certificate. Assert.AssertTrue(key3.getDefaultCertificate().getName().equals(key3CertName)); fixture_.keyChain_.setDefaultCertificate(key3, key3Cert2); Assert.AssertTrue(key3.getDefaultCertificate().getName().equals(key3Cert2Name)); // Set the default key. Assert.AssertTrue(id.getDefaultKey().getName().equals(key2.getName())); fixture_.keyChain_.setDefaultKey(id, key3); Assert.AssertTrue(id.getDefaultKey().getName().equals(key3.getName())); // Set the default identity. PibIdentity id2 = fixture_.keyChain_.createIdentityV2(identity2Name); Assert.AssertTrue(fixture_.keyChain_.getPib().getDefaultIdentity().getName() .equals(id.getName())); fixture_.keyChain_.setDefaultIdentity(id2); Assert.AssertTrue(fixture_.keyChain_.getPib().getDefaultIdentity().getName() .equals(id2.getName())); // Delete an identity. fixture_.keyChain_.deleteIdentity(id); /* TODO: Implement identity validity. * // The identity instance should not be valid any more. * BOOST_CHECK(!id); */ try { fixture_.keyChain_.getPib().getIdentity(identityName); Assert.Fail("Did not throw the expected exception"); } catch (Pib.Error ex_13) { } catch (Exception ex_14) { Assert.Fail("Did not throw the expected exception"); } Assert.AssertTrue(!fixture_.keyChain_.getPib().getIdentities_() .getIdentities_().Contains(identityName)); }
private static CertificateV2 makeSelfSignedCertificate(Name keyName, Blob privateKeyBag, Blob publicKeyEncoding, ByteBuffer password, DigestAlgorithm digestAlgorithm, WireFormat wireFormat) { CertificateV2 certificate = new CertificateV2(); // Set the name. double now = net.named_data.jndn.util.Common.getNowMilliseconds(); Name certificateName = new Name(keyName); certificateName.append("self").appendVersion((long)now); certificate.setName(certificateName); // Set the MetaInfo. certificate.getMetaInfo().setType(net.named_data.jndn.ContentType.KEY); // Set a one-hour freshness period. certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0d); // Set the content. PublicKey publicKey = null; try { publicKey = new PublicKey(publicKeyEncoding); } catch (UnrecognizedKeyFormatException ex) { // Promote to Pib.Error. throw new Pib.Error("Error decoding public key " + ex); } certificate.setContent(publicKey.getKeyDer()); // Create a temporary in-memory Tpm and import the private key. Tpm tpm = new Tpm("", "", new TpmBackEndMemory()); tpm.importPrivateKey_(keyName, privateKeyBag.buf(), password); // Set the signature info. if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.RSA) { certificate.setSignature(new Sha256WithRsaSignature()); } else if (publicKey.getKeyType() == net.named_data.jndn.security.KeyType.EC) { certificate.setSignature(new Sha256WithEcdsaSignature()); } else { throw new AssertionError("Unsupported key type"); } Signature signatureInfo = certificate.getSignature(); net.named_data.jndn.KeyLocator.getFromSignature(signatureInfo).setType( net.named_data.jndn.KeyLocatorType.KEYNAME); net.named_data.jndn.KeyLocator.getFromSignature(signatureInfo).setKeyName(keyName); // Set a 20-year validity period. net.named_data.jndn.security.ValidityPeriod.getFromSignature(signatureInfo).setPeriod(now, now + 20 * 365 * 24 * 3600 * 1000.0d); // Encode once to get the signed portion. SignedBlob encoding = certificate.wireEncode(wireFormat); Blob signatureBytes = tpm.sign(encoding.signedBuf(), keyName, digestAlgorithm); signatureInfo.setSignature(signatureBytes); // Encode again to include the signature. certificate.wireEncode(wireFormat); return(certificate); }