public void testPrepareUnsignedCertificate() { MemoryIdentityStorage identityStorage = new MemoryIdentityStorage(); MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage(); IdentityManager identityManager = new IdentityManager(identityStorage, privateKeyStorage); Name keyName = new Name("/test/ksk-1457560485494"); identityStorage.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob(PUBLIC_KEY, false)); ArrayList subjectDescriptions = new ArrayList(); ILOG.J2CsMapping.Collections.Collections.Add(subjectDescriptions, new CertificateSubjectDescription(TEST_OID, "TEST NAME")); IdentityCertificate newCertificate = identityManager .prepareUnsignedIdentityCertificate(keyName, keyName.getPrefix(1), toyCertNotBefore, toyCertNotAfter, subjectDescriptions); // Update the generated certificate version to equal the one in toyCert. newCertificate.setName(new Name(newCertificate.getName().getPrefix(-1) .append(toyCert.getName().get(-1)))); // Make a copy to test encoding. IdentityCertificate certificateCopy = new IdentityCertificate( newCertificate); Assert.AssertEquals( "Prepared unsigned certificate dump does not have the expected format", "" + toyCert, "" + certificateCopy); }
public void testCertificateAddDelete() { Name identityName = new Name("/TestIdentityStorage/Identity") .appendVersion((long)getNowSeconds()); identityManager.createIdentityAndCertificate(identityName, net.named_data.jndn.security.KeyChain.getDefaultKeyParams()); Name keyName1 = identityManager .getDefaultKeyNameForIdentity(identityName); IdentityCertificate cert2 = identityManager.selfSign(keyName1); identityStorage.addCertificate(cert2); Name certName2 = cert2.getName(); Name certName1 = identityManager .getDefaultCertificateNameForIdentity(identityName); Assert.AssertFalse( "New certificate was set as default without explicit request", certName1.equals(certName2)); identityStorage.deleteCertificateInfo(certName1); Assert.AssertTrue(identityStorage.doesCertificateExist(certName2)); Assert.AssertFalse(identityStorage.doesCertificateExist(certName1)); keyChain.deleteIdentity(identityName); Assert.AssertFalse(identityStorage.doesCertificateExist(certName2)); }
/// <summary> /// Add a new member with the given memberCertificate into a schedule named /// scheduleName. If cert is an IdentityCertificate made from memberCertificate, /// then the member's identity name is cert.getPublicKeyName().getPrefix(-1). /// </summary> /// /// <param name="scheduleName">The schedule name.</param> /// <param name="memberCertificate">The member's certificate.</param> /// <exception cref="GroupManagerDb.Error">If there's no schedule named scheduleName, ifthe member's identity name already exists, or other database error.</exception> /// <exception cref="DerDecodingException">for error decoding memberCertificate as acertificate.</exception> public void addMember(String scheduleName, Data memberCertificate) { IdentityCertificate cert = new IdentityCertificate(memberCertificate); database_.addMember(scheduleName, cert.getPublicKeyName(), cert .getPublicKeyInfo().getKeyDer()); }
public void testCreateDKeyData() { // Create the group manager. GroupManager manager = new GroupManager(new Name("Alice"), new Name( "data_type"), new Sqlite3GroupManagerDb( dKeyDatabaseFilePath.FullName), 2048, 1, keyChain); Blob newCertificateBlob = certificate.wireEncode(); IdentityCertificate newCertificate = new IdentityCertificate(); newCertificate.wireDecode(newCertificateBlob); // Encrypt the D-KEY. Data data = friendAccess.createDKeyData(manager, "20150825T000000", "20150827T000000", new Name("/ndn/memberA/KEY"), decryptKeyBlob, newCertificate.getPublicKeyInfo().getKeyDer()); // Verify the encrypted D-KEY. Blob dataContent = data.getContent(); // Get the nonce key. // dataContent is a sequence of the two EncryptedContent. EncryptedContent encryptedNonce = new EncryptedContent(); encryptedNonce.wireDecode(dataContent); Assert.AssertEquals(0, encryptedNonce.getInitialVector().size()); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, encryptedNonce.getAlgorithmType()); Blob blobNonce = encryptedNonce.getPayload(); EncryptParams decryptParams = new EncryptParams( net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep); Blob nonce = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(decryptKeyBlob, blobNonce, decryptParams); // Get the D-KEY. // Use the size of encryptedNonce to find the start of encryptedPayload. ByteBuffer payloadContent = dataContent.buf().duplicate(); payloadContent.position(encryptedNonce.wireEncode().size()); EncryptedContent encryptedPayload = new EncryptedContent(); encryptedPayload.wireDecode(payloadContent); Assert.AssertEquals(16, encryptedPayload.getInitialVector().size()); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc, encryptedPayload.getAlgorithmType()); decryptParams.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc); decryptParams.setInitialVector(encryptedPayload.getInitialVector()); Blob blobPayload = encryptedPayload.getPayload(); Blob largePayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(nonce, blobPayload, decryptParams); Assert.AssertTrue(largePayload.equals(decryptKeyBlob)); }
/// <summary> /// Get the default certificate from the identity storage and return its name. /// If there is no default identity or default certificate, then create one. /// </summary> /// /// <returns>The default certificate name.</returns> private Name prepareDefaultCertificateName() { IdentityCertificate signingCertificate = identityManager_ .getDefaultCertificate(); if (signingCertificate == null) { setDefaultCertificate(); signingCertificate = identityManager_.getDefaultCertificate(); } return(signingCertificate.getName()); }
/// <summary> /// Add a certificate to the identity storage. Also call addKey to ensure that /// the certificate key exists. If the certificate is already installed, don't /// replace it. /// </summary> /// /// <param name="certificate"></param> public sealed override void addCertificate(IdentityCertificate certificate) { Name certificateName = certificate.getName(); Name keyName = certificate.getPublicKeyName(); addKey(keyName, certificate.getPublicKeyInfo().getKeyType(), certificate.getPublicKeyInfo().getKeyDer()); if (doesCertificateExist(certificateName)) { return; } // Insert the certificate. try { PreparedStatement statement = database_ .prepareStatement("INSERT INTO Certificate (cert_name, cert_issuer, identity_name, key_identifier, not_before, not_after, certificate_data) " + "values (?, ?, ?, ?, datetime(?, 'unixepoch'), datetime(?, 'unixepoch'), ?)"); statement.setString(1, certificateName.toUri()); Name signerName = net.named_data.jndn.KeyLocator.getFromSignature( certificate.getSignature()).getKeyName(); statement.setString(2, signerName.toUri()); String keyId = keyName.get(-1).toEscapedString(); Name identity = keyName.getPrefix(-1); statement.setString(3, identity.toUri()); statement.setString(4, keyId); // Convert from milliseconds to seconds since 1/1/1970. statement.setLong(5, (long)(Math.Floor(certificate.getNotBefore() / 1000.0d))); statement.setLong(6, (long)(Math.Floor(certificate.getNotAfter() / 1000.0d))); // wireEncode returns the cached encoding if available. statement.setBytes(7, certificate.wireEncode().getImmutableArray()); try { statement.executeUpdate(); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
/// <summary> /// Add a certificate to the identity storage. Also call addKey to ensure that /// the certificate key exists. If the certificate is already installed, don't /// replace it. /// </summary> /// /// <param name="certificate"></param> public override void addCertificate(IdentityCertificate certificate) { Name certificateName = certificate.getName(); Name keyName = certificate.getPublicKeyName(); addKey(keyName, certificate.getPublicKeyInfo().getKeyType(), certificate.getPublicKeyInfo().getKeyDer()); if (doesCertificateExist(certificateName)) { return; } // Insert the certificate. ILOG.J2CsMapping.Collections.Collections.Put(certificateStore_, certificateName.toUri(), certificate.wireEncode()); }
/// <summary> /// Get a certificate from the identity storage. /// </summary> /// /// <param name="certificateName">The name of the requested certificate.</param> /// <returns>The requested certificate.</returns> /// <exception cref="System.Security.SecurityException">if the certificate doesn't exist.</exception> public override IdentityCertificate getCertificate(Name certificateName) { Blob certificateDer = (Blob)ILOG.J2CsMapping.Collections.Collections.Get(certificateStore_, certificateName .toUri()); if (certificateDer == null) { throw new SecurityException( "MemoryIdentityStorage.getKey: The certificate does not exist"); } IdentityCertificate certificate = new IdentityCertificate(); try { certificate.wireDecode(certificateDer); } catch (EncodingException ex) { throw new SecurityException( "MemoryIdentityStorage.getKey: The certificate cannot be decoded"); } return(certificate); }
/// <summary> /// Fetch a certificate from the cache. /// </summary> /// /// <param name="certificateName"></param> /// <returns>A new copy of the IdentityCertificate, or null if not found.</returns> public IdentityCertificate getCertificate(Name certificateName) { Blob certData = (Blob)ILOG.J2CsMapping.Collections.Collections.Get(cache_, certificateName.toUri()); if (certData == null) { return(null); } IdentityCertificate cert = new IdentityCertificate(); try { cert.wireDecode(certData.buf()); } catch (EncodingException ex) { ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(CertificateCache).FullName).log( ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null, ex); throw new Exception(ex.Message); } return(cert); }
/// <summary> /// Get a certificate from the identity storage. /// </summary> /// /// <param name="certificateName">The name of the requested certificate.</param> /// <returns>The requested certificate.</returns> /// <exception cref="System.Security.SecurityException">if the certificate doesn't exist.</exception> public sealed override IdentityCertificate getCertificate(Name certificateName) { try { PreparedStatement statement; statement = database_.prepareStatement(net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.SELECT_getCertificate); statement.setString(1, certificateName.toUri()); IdentityCertificate certificate = new IdentityCertificate(); try { SqlDataReader result = statement.executeQuery(); if (result.NextResult()) { try { certificate.wireDecode(new Blob(result .getBytes("certificate_data"), false)); } catch (EncodingException ex) { throw new SecurityException( "BasicIdentityStorage: Error decoding certificate data: " + ex); } } else { throw new SecurityException( "BasicIdentityStorage.getKey: The key certificate not exist"); } } finally { statement.close(); } return(certificate); } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
public void setUp() { // Don't show INFO log messages. ILOG.J2CsMapping.Util.Logging.Logger.getLogger("").setLevel(ILOG.J2CsMapping.Util.Logging.Level.WARNING); policyConfigDirectory_ = net.named_data.jndn.tests.integration_tests.IntegrationTestsCommon .getPolicyConfigDirectory(); testCertFile_ = new FileInfo(System.IO.Path.Combine(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName, "certs")).FullName, "test.cert")); identityStorage_ = new MemoryIdentityStorage(); privateKeyStorage_ = new MemoryPrivateKeyStorage(); identityManager_ = new IdentityManager(identityStorage_, privateKeyStorage_); policyManager_ = new ConfigPolicyManager(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName, "simple_rules.conf")).FullName); identityName_ = new Name("/TestConfigPolicyManager/temp"); // To match the anchor cert. Name keyName = new Name(identityName_).append("ksk-1416010123"); identityStorage_.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob( DEFAULT_RSA_PUBLIC_KEY_DER, false)); privateKeyStorage_.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER); IdentityCertificate cert = identityManager_.selfSign(keyName); identityStorage_.setDefaultKeyNameForIdentity(keyName); identityManager_.addCertificateAsDefault(cert); face_ = new Face("localhost"); keyChain_ = new KeyChain(identityManager_, policyManager_); keyName_ = keyName; net.named_data.jndn.security.policy.ConfigPolicyManager.setFriendAccess(this); }
public void testEcdsaIdentity() { if (!testEcdsa_) { return; } Name identityName = new Name("/TestSqlIdentityStorage/KeyType/ECDSA"); Name keyName = identityManager .generateEcdsaKeyPairAsDefault(identityName); IdentityCertificate cert = identityManager.selfSign(keyName); identityManager.addCertificateAsIdentityDefault(cert); // Check the self-signature. VerifyCounter counter = new VerifyCounter(); keyChain.verifyData(cert, counter, counter); Assert.AssertEquals("Verification callback was not used.", 1, counter.onVerifiedCallCount_); keyChain.deleteIdentity(identityName); Assert.AssertFalse(identityStorage.doesKeyExist(keyName)); }
public void testRefresh10s() { StringBuilder encodedData = new StringBuilder(); TextReader dataFile = new FileReader(new FileInfo(System.IO.Path.Combine(policyConfigDirectory_.FullName, "testData")).FullName); // Use "try/finally instead of "try-with-resources" or "using" // which are not supported before Java 7. try { String line; while ((line = dataFile.readLine()) != null) { encodedData.append(line); } } finally { dataFile.close(); } byte[] decodedData = net.named_data.jndn.util.Common.base64Decode(encodedData.toString()); Data data = new Data(); data.wireDecode(new Blob(decodedData, false)); // This test is needed, since the KeyChain will express interests in unknown // certificates. VerificationResult vr = doVerify(policyManager_, data); Assert.AssertTrue( "ConfigPolicyManager did not create ValidationRequest for unknown certificate", vr.hasFurtherSteps_); Assert.AssertEquals( "ConfigPolicyManager called success callback with pending ValidationRequest", 0, vr.successCount_); Assert.AssertEquals( "ConfigPolicyManager called failure callback with pending ValidationRequest", 0, vr.failureCount_); // Now save the cert data to our anchor directory, and wait. // We have to sign it with the current identity or the policy manager will // create an interest for the signing certificate. IdentityCertificate cert = new IdentityCertificate(); byte[] certData = net.named_data.jndn.util.Common.base64Decode(CERT_DUMP); cert.wireDecode(new Blob(certData, false)); keyChain_.signByIdentity(cert, identityName_); Blob signedCertBlob = cert.wireEncode(); String encodedCert = net.named_data.jndn.util.Common.base64Encode(signedCertBlob .getImmutableArray()); var certFile = (new StreamWriter( testCertFile_.FullName)); try { certFile.Write(encodedCert, 0, encodedCert.Substring(0, encodedCert.Length)); certFile.flush(); } finally { certFile.close(); } // Still too early for refresh to pick it up. vr = doVerify(policyManager_, data); Assert.AssertTrue("ConfigPolicyManager refresh occured sooner than specified", vr.hasFurtherSteps_); Assert.AssertEquals( "ConfigPolicyManager called success callback with pending ValidationRequest", 0, vr.successCount_); Assert.AssertEquals( "ConfigPolicyManager called failure callback with pending ValidationRequest", 0, vr.failureCount_); ILOG.J2CsMapping.Threading.ThreadWrapper.sleep(6000); // Now we should find it. vr = doVerify(policyManager_, data); Assert.AssertFalse("ConfigPolicyManager did not refresh certificate store", vr.hasFurtherSteps_); Assert.AssertEquals("Verification success called " + vr.successCount_ + " times instead of 1", 1, vr.successCount_); Assert.AssertEquals("ConfigPolicyManager did not verify valid signed data", 0, vr.failureCount_); }
/// <summary> /// Add a certificate to the identity storage. Also call addKey to ensure that /// the certificate key exists. If the certificate is already installed, don't /// replace it. /// </summary> /// /// <param name="certificate"></param> public abstract void addCertificate(IdentityCertificate certificate);
public void testAutoCreateIdentity() { Name keyName1 = new Name( "/TestSqlIdentityStorage/KeyType/RSA/ksk-12345"); Name identityName = keyName1.getPrefix(-1); byte[] decodedKey = net.named_data.jndn.util.Common.base64Decode(RSA_DER); identityStorage.addKey(keyName1, net.named_data.jndn.security.KeyType.RSA, new Blob(decodedKey, false)); identityStorage.setDefaultKeyNameForIdentity(keyName1); Assert.AssertTrue("Key was not added", identityStorage.doesKeyExist(keyName1)); Assert.AssertTrue("Identity for key was not automatically created", identityStorage.doesIdentityExist(identityName)); Assert.AssertTrue("Default key was not set on identity creation", identityManager.getDefaultKeyNameForIdentity(identityName) .equals(keyName1)); try { identityStorage.getDefaultCertificateNameForKey(keyName1); Assert.Fail(); } catch (SecurityException ex) { } // We have no private key for signing. try { identityManager.selfSign(keyName1); Assert.Fail(); } catch (SecurityException ex_0) { } try { identityStorage.getDefaultCertificateNameForKey(keyName1); Assert.Fail(); } catch (SecurityException ex_1) { } try { identityManager.getDefaultCertificateNameForIdentity(identityName); Assert.Fail(); } catch (SecurityException ex_2) { } Name keyName2 = identityManager .generateRSAKeyPairAsDefault(identityName); IdentityCertificate cert = identityManager.selfSign(keyName2); identityManager.addCertificateAsIdentityDefault(cert); Name certName1 = identityManager .getDefaultCertificateNameForIdentity(identityName); Name certName2 = identityStorage .getDefaultCertificateNameForKey(keyName2); Assert.AssertTrue( "Key-certificate mapping and identity-certificate mapping are not consistent", certName1.equals(certName2)); keyChain.deleteIdentity(identityName); Assert.AssertFalse(identityStorage.doesKeyExist(keyName1)); }
public void testStress() { Name identityName = new Name("/TestSecPublicInfoSqlite3/Delete") .appendVersion((long)getNowSeconds()); // ndn-cxx returns the cert name, but the IndentityManager docstring // specifies a key. Name certName1 = keyChain.createIdentityAndCertificate(identityName); Name keyName1 = net.named_data.jndn.security.certificate.IdentityCertificate .certificateNameToPublicKeyName(certName1); Name keyName2 = keyChain.generateRSAKeyPairAsDefault(identityName); IdentityCertificate cert2 = identityManager.selfSign(keyName2); Name certName2 = cert2.getName(); identityManager.addCertificateAsDefault(cert2); Name keyName3 = keyChain.generateRSAKeyPairAsDefault(identityName); IdentityCertificate cert3 = identityManager.selfSign(keyName3); Name certName3 = cert3.getName(); identityManager.addCertificateAsDefault(cert3); IdentityCertificate cert4 = identityManager.selfSign(keyName3); identityManager.addCertificateAsDefault(cert4); Name certName4 = cert4.getName(); IdentityCertificate cert5 = identityManager.selfSign(keyName3); identityManager.addCertificateAsDefault(cert5); Name certName5 = cert5.getName(); Assert.AssertTrue(identityStorage.doesIdentityExist(identityName)); Assert.AssertTrue(identityStorage.doesKeyExist(keyName1)); Assert.AssertTrue(identityStorage.doesKeyExist(keyName2)); Assert.AssertTrue(identityStorage.doesKeyExist(keyName3)); Assert.AssertTrue(identityStorage.doesCertificateExist(certName1)); Assert.AssertTrue(identityStorage.doesCertificateExist(certName2)); Assert.AssertTrue(identityStorage.doesCertificateExist(certName3)); Assert.AssertTrue(identityStorage.doesCertificateExist(certName4)); Assert.AssertTrue(identityStorage.doesCertificateExist(certName5)); identityStorage.deleteCertificateInfo(certName5); Assert.AssertFalse(identityStorage.doesCertificateExist(certName5)); Assert.AssertTrue(identityStorage.doesCertificateExist(certName4)); Assert.AssertTrue(identityStorage.doesCertificateExist(certName3)); Assert.AssertTrue(identityStorage.doesKeyExist(keyName2)); identityStorage.deletePublicKeyInfo(keyName3); Assert.AssertFalse(identityStorage.doesCertificateExist(certName4)); Assert.AssertFalse(identityStorage.doesCertificateExist(certName3)); Assert.AssertFalse(identityStorage.doesKeyExist(keyName3)); Assert.AssertTrue(identityStorage.doesKeyExist(keyName2)); Assert.AssertTrue(identityStorage.doesKeyExist(keyName1)); Assert.AssertTrue(identityStorage.doesIdentityExist(identityName)); keyChain.deleteIdentity(identityName); Assert.AssertFalse(identityStorage.doesCertificateExist(certName2)); Assert.AssertFalse(identityStorage.doesKeyExist(keyName2)); Assert.AssertFalse(identityStorage.doesCertificateExist(certName1)); Assert.AssertFalse(identityStorage.doesKeyExist(keyName1)); Assert.AssertFalse(identityStorage.doesIdentityExist(identityName)); }
/// <summary> /// Install an identity certificate into the public key identity storage. /// </summary> /// /// <param name="certificate">The certificate to to added.</param> public void installIdentityCertificate(IdentityCertificate certificate) { identityManager_.addCertificate(certificate); }
/// <summary> /// Set the certificate as the default for its corresponding key. /// </summary> /// /// <param name="certificate">The certificate.</param> public void setDefaultCertificateForKey( IdentityCertificate certificate) { identityManager_.setDefaultCertificateForKey(certificate); }
/// <summary> /// Insert the certificate into the cache. Assumes the timestamp is not yet /// removed from the name. /// </summary> /// /// <param name="certificate">The certificate to copy and insert.</param> public void insertCertificate(IdentityCertificate certificate) { Name certName = certificate.getName().getPrefix(-1); ILOG.J2CsMapping.Collections.Collections.Put(cache_, certName.toUri(), certificate.wireEncode()); }