/// <summary>
/// Get the certificate with name certificateName.
/// </summary>
///
/// <param name="certificateName">The name of the certificate.</param>
/// <returns>A copy of the certificate.</returns>
/// <exception cref="Pib.Error">if the certificate does not exist.</exception>
/// <exception cref="PibImpl.Error">for a non-semantic (database access) error.</exception>
public override CertificateV2 getCertificate(Name certificateName)
{
try {
PreparedStatement statement = database_
.prepareStatement("SELECT certificate_data FROM certificates WHERE certificate_name=?");
statement.setBytes(1, certificateName.wireEncode()
.getImmutableArray());
try {
SqlDataReader result = statement.executeQuery();
if (result.NextResult())
{
CertificateV2 certificate = new CertificateV2();
try {
certificate.wireDecode(new Blob(result.getBytes(1)));
} catch (EncodingException ex) {
throw new PibImpl.Error(
"PibSqlite3: Error decoding certificate: " + ex);
}
return(certificate);
}
else
{
throw new Pib.Error("Certificate `"
+ certificateName.toUri() + "` does not exit");
}
} finally {
statement.close();
}
} catch (SQLException exception) {
throw new PibImpl.Error("PibSqlite3: SQLite error: " + exception);
}
}
/// <summary>
/// Get the default certificate for the key with eyName.
/// </summary>
///
/// <param name="keyName">The name of the key.</param>
/// <returns>A copy of the default certificate.</returns>
/// <exception cref="Pib.Error">if the default certificate does not exist.</exception>
/// <exception cref="PibImpl.Error">for a non-semantic (database access) error.</exception>
public override CertificateV2 getDefaultCertificateOfKey(Name keyName)
{
try {
PreparedStatement statement = database_
.prepareStatement("SELECT certificate_data "
+ net.named_data.jndn.security.pib.PibSqlite3Base.FROM_WHERE_getDefaultCertificateOfKey);
statement.setBytes(1, keyName.wireEncode().getImmutableArray());
try {
SqlDataReader result = statement.executeQuery();
if (result.NextResult())
{
CertificateV2 certificate = new CertificateV2();
try {
certificate.wireDecode(new Blob(result.getBytes(1)));
} catch (EncodingException ex) {
throw new PibImpl.Error(
"PibSqlite3: Error decoding certificate: " + ex);
}
return(certificate);
}
else
{
throw new Pib.Error("No default certificate for key `"
+ keyName.toUri() + "`");
}
} finally {
statement.close();
}
} catch (SQLException exception) {
throw new PibImpl.Error("PibSqlite3: SQLite error: " + exception);
}
}
public void setUp()
{
CertificateV2 certificateBase = new CertificateV2();
certificateBase.wireDecode(new Blob(CERT, false));
// Check no throw.
CertificateV2 temp1 = new CertificateV2(certificateBase);
certificateBase_ = new Data(certificateBase);
certificateBase_.setSignature(generateFakeSignature());
// Check no throw.
CertificateV2 temp2 = new CertificateV2(certificateBase_);
}
public void testConstructor()
{
CertificateV2 certificate = new CertificateV2();
certificate.wireDecode(new Blob(CERT, false));
Assert.AssertEquals(new Name(
"/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"),
certificate.getName());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-1416425377094"),
certificate.getKeyName());
Assert.AssertEquals(new Name("/ndn/site1"), certificate.getIdentity());
Assert.AssertEquals(new Name.Component("0123"), certificate.getIssuerId());
Assert.AssertEquals(new Name.Component("ksk-1416425377094"),
certificate.getKeyId());
Assert.AssertEquals(new Name("/ndn/site1/KEY/ksk-2516425377094"), net.named_data.jndn.KeyLocator
.getFromSignature(certificate.getSignature()).getKeyName());
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150814T223739"), certificate
.getValidityPeriod().getNotBefore(), 0);
Assert.AssertEquals(net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150818T223738"), certificate
.getValidityPeriod().getNotAfter(), 0);
try {
certificate.getPublicKey();
} catch (Exception ex) {
Assert.Fail(ex.Message);
}
Data data = new Data();
data.wireDecode(new Blob(CERT, false));
CertificateV2 certificate2 = new CertificateV2(data);
Assert.AssertEquals(certificate.getName(), certificate2.getName());
Assert.AssertTrue(certificate.getPublicKey().equals(
certificate2.getPublicKey()));
}
public void testPrintCertificateInfo()
{
String expectedCertificateInfo = "Certificate name:\n"
+ " /ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B\n"
+ "Validity:\n"
+ " NotBefore: 20150814T223739\n"
+ " NotAfter: 20150818T223738\n"
+ "Public key bits:\n"
+ "MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCeBj5HhbI0N6qFR6wDJIO1nKgF\n"
+ "OiQe64kBu+mbssMirGjj8GwCzmimxNCnBpCcqhsIHYtDmjNnRG0hoxuImpdeWcQV\n"
+ "C9ksvVEHYYKtwbjXv5vPfSTCY/OXF+v+YiW6W02Kwnq9Q4qPuPLxxWow01CMyJrf\n"
+ "7+0153pi6nZ8uwgmxwIBEQ==\n" + "Signature Information:\n"
+ " Signature Type: SignatureSha256WithRsa\n"
+ " Key Locator: Name=/ndn/site1/KEY/ksk-2516425377094\n";
CertificateV2 certificate = new CertificateV2();
certificate.wireDecode(new Blob(CERT, false));
StringBuilder actual = new StringBuilder();
certificate.printCertificate(actual);
Assert.AssertEquals(expectedCertificateInfo, actual.toString());
}
public void testRefresh10s()
{
StringBuilder encodedData = new StringBuilder();
TextReader dataFile = new FileReader(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName, "testData")).FullName);
// Use "try/finally instead of "try-with-resources" or "using"
// which are not supported before Java 7.
try {
String line;
while ((line = dataFile.readLine()) != null)
{
encodedData.append(line);
}
} finally {
dataFile.close();
}
byte[] decodedData = net.named_data.jndn.util.Common.base64Decode(encodedData.toString());
Data data = new Data();
data.wireDecode(new Blob(decodedData, false));
// This test is needed, since the KeyChain will express interests in unknown
// certificates.
VerificationResult vr = doVerify(policyManager_, data);
Assert.AssertTrue(
"ConfigPolicyManager did not create ValidationRequest for unknown certificate",
vr.hasFurtherSteps_);
Assert.AssertEquals(
"ConfigPolicyManager called success callback with pending ValidationRequest",
0, vr.successCount_);
Assert.AssertEquals(
"ConfigPolicyManager called failure callback with pending ValidationRequest",
0, vr.failureCount_);
// Now save the cert data to our anchor directory, and wait.
// We have to sign it with the current identity or the policy manager will
// create an interest for the signing certificate.
CertificateV2 cert = new CertificateV2();
byte[] certData = net.named_data.jndn.util.Common.base64Decode(CERT_DUMP);
cert.wireDecode(new Blob(certData, false));
SigningInfo signingInfo = new SigningInfo();
signingInfo.setSigningIdentity(identityName_);
// Make sure the validity period is current for two years.
double now = net.named_data.jndn.util.Common.getNowMilliseconds();
signingInfo.setValidityPeriod(new ValidityPeriod(now, now + 2 * 365
* 24 * 3600 * 1000.0d));
keyChain_.sign(cert, signingInfo);
Blob signedCertBlob = cert.wireEncode();
String encodedCert = net.named_data.jndn.util.Common.base64Encode(signedCertBlob
.getImmutableArray());
var certFile = (new StreamWriter(
testCertFile_.FullName));
try {
certFile.Write(encodedCert, 0, encodedCert.Substring(0, encodedCert.Length));
certFile.flush();
} finally {
certFile.close();
}
// Still too early for refresh to pick it up.
vr = doVerify(policyManager_, data);
Assert.AssertTrue("ConfigPolicyManager refresh occured sooner than specified",
vr.hasFurtherSteps_);
Assert.AssertEquals(
"ConfigPolicyManager called success callback with pending ValidationRequest",
0, vr.successCount_);
Assert.AssertEquals(
"ConfigPolicyManager called failure callback with pending ValidationRequest",
0, vr.failureCount_);
ILOG.J2CsMapping.Threading.ThreadWrapper.sleep(6000);
// Now we should find it.
vr = doVerify(policyManager_, data);
Assert.AssertFalse("ConfigPolicyManager did not refresh certificate store",
vr.hasFurtherSteps_);
Assert.AssertEquals("Verification success called " + vr.successCount_
+ " times instead of 1", 1, vr.successCount_);
Assert.AssertEquals("ConfigPolicyManager did not verify valid signed data", 0,
vr.failureCount_);
}