/// <summary>
/// Encode the certificate fields in DER format.
/// </summary>
///
/// <returns>The DER encoded contents of the certificate.</returns>
private net.named_data.jndn.encoding.der.DerNode.DerSequence toDer()
{
net.named_data.jndn.encoding.der.DerNode.DerSequence root = new net.named_data.jndn.encoding.der.DerNode.DerSequence();
net.named_data.jndn.encoding.der.DerNode.DerSequence validity = new net.named_data.jndn.encoding.der.DerNode.DerSequence();
net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime notBefore = new net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime(getNotBefore());
net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime notAfter = new net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime(getNotAfter());
validity.addChild(notBefore);
validity.addChild(notAfter);
root.addChild(validity);
net.named_data.jndn.encoding.der.DerNode.DerSequence subjectList = new net.named_data.jndn.encoding.der.DerNode.DerSequence();
for (int i = 0; i < subjectDescriptionList_.Count; ++i)
{
subjectList
.addChild(((CertificateSubjectDescription)subjectDescriptionList_[i]).toDer());
}
root.addChild(subjectList);
root.addChild(key_.toDer());
if (extensionList_.Count > 0)
{
net.named_data.jndn.encoding.der.DerNode.DerSequence extensionList = new net.named_data.jndn.encoding.der.DerNode.DerSequence();
for (int i_0 = 0; i_0 < extensionList_.Count; ++i_0)
{
extensionList.addChild(((CertificateExtension)extensionList_[i_0]).toDer());
}
root.addChild(extensionList);
}
return(root);
}
/// <summary>
/// Populate the fields by the decoding DER data from the Content.
/// </summary>
///
private void decode()
{
DerNode parsedNode = net.named_data.jndn.encoding.der.DerNode.parse(getContent().buf());
// We need to ensure that there are:
// validity (notBefore, notAfter)
// subject list
// public key
// (optional) extension list
IList rootChildren = parsedNode.getChildren();
// 1st: validity info
IList validityChildren = net.named_data.jndn.encoding.der.DerNode.getSequence(rootChildren, 0)
.getChildren();
notBefore_ = ((Double)((net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime)validityChildren[0]).toVal());
notAfter_ = ((Double)((net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime)validityChildren[1]).toVal());
// 2nd: subjectList
IList subjectChildren = net.named_data.jndn.encoding.der.DerNode.getSequence(rootChildren, 1)
.getChildren();
for (int i = 0; i < subjectChildren.Count; ++i)
{
net.named_data.jndn.encoding.der.DerNode.DerSequence sd = net.named_data.jndn.encoding.der.DerNode.getSequence(subjectChildren, i);
IList descriptionChildren = sd.getChildren();
String oidStr = (String)((DerNode)descriptionChildren[0])
.toVal();
String value_ren = ""
+ ((Blob)((DerNode)descriptionChildren[1]).toVal());
addSubjectDescription(new CertificateSubjectDescription(oidStr,
value_ren));
}
// 3rd: public key
Blob publicKeyInfo = ((DerNode)rootChildren[2]).encode();
try {
key_ = new PublicKey(publicKeyInfo);
} catch (UnrecognizedKeyFormatException ex) {
throw new DerDecodingException(ex.Message);
}
if (rootChildren.Count > 3)
{
IList extensionChildren = net.named_data.jndn.encoding.der.DerNode.getSequence(rootChildren, 3)
.getChildren();
for (int i_0 = 0; i_0 < extensionChildren.Count; ++i_0)
{
net.named_data.jndn.encoding.der.DerNode.DerSequence extInfo = net.named_data.jndn.encoding.der.DerNode.getSequence(extensionChildren, i_0);
IList children = extInfo.getChildren();
String oidStr_1 = (String)((DerNode)children[0]).toVal();
bool isCritical = (bool)(((Boolean)((net.named_data.jndn.encoding.der.DerNode.DerBoolean)children[1]).toVal()));
Blob value_2 = (Blob)((DerNode)children[2]).toVal();
addExtension(new CertificateExtension(oidStr_1, isCritical, value_2));
}
}
}
/// <summary>
/// Encode the object into a DER syntax tree.
/// </summary>
///
/// <returns>The encoded DER syntax tree.</returns>
public DerNode toDer()
{
net.named_data.jndn.encoding.der.DerNode.DerSequence root = new net.named_data.jndn.encoding.der.DerNode.DerSequence();
net.named_data.jndn.encoding.der.DerNode.DerOid oid = new net.named_data.jndn.encoding.der.DerNode.DerOid(oid_);
// Use Blob to convert the String to a ByteBuffer.
net.named_data.jndn.encoding.der.DerNode.DerPrintableString // Use Blob to convert the String to a ByteBuffer.
value_ren = new net.named_data.jndn.encoding.der.DerNode.DerPrintableString(
new Blob(value_).buf());
root.addChild(oid);
root.addChild(value_ren);
return(root);
}
/// <summary>
/// Encode the object into a DER syntax tree.
/// </summary>
///
/// <returns>The encoded DER syntax tree.</returns>
public DerNode toDer()
{
net.named_data.jndn.encoding.der.DerNode.DerSequence root = new net.named_data.jndn.encoding.der.DerNode.DerSequence ();
net.named_data.jndn.encoding.der.DerNode.DerOid oid = new net.named_data.jndn.encoding.der.DerNode.DerOid (oid_);
// Use Blob to convert the String to a ByteBuffer.
net.named_data.jndn.encoding.der.DerNode.DerPrintableString // Use Blob to convert the String to a ByteBuffer.
value_ren = new net.named_data.jndn.encoding.der.DerNode.DerPrintableString (
new Blob(value_).buf());
root.addChild(oid);
root.addChild(value_ren);
return root;
}
/// <summary>
/// Encode the object into DER syntax tree.
/// </summary>
///
/// <returns>The encoded DER syntax tree.</returns>
public DerNode toDer()
{
net.named_data.jndn.encoding.der.DerNode.DerSequence root = new net.named_data.jndn.encoding.der.DerNode.DerSequence();
net.named_data.jndn.encoding.der.DerNode.DerOid extensionId = new net.named_data.jndn.encoding.der.DerNode.DerOid(extensionId_);
net.named_data.jndn.encoding.der.DerNode.DerBoolean isCritical = new net.named_data.jndn.encoding.der.DerNode.DerBoolean(isCritical_);
net.named_data.jndn.encoding.der.DerNode.DerOctetString extensionValue = new net.named_data.jndn.encoding.der.DerNode.DerOctetString(
extensionValue_.buf());
root.addChild(extensionId);
root.addChild(isCritical);
root.addChild(extensionValue);
root.getSize();
return(root);
}
/// <summary>
/// Encode the private key to a PKCS #8 private key. We do this explicitly here
/// to avoid linking to extra OpenSSL libraries.
/// </summary>
///
/// <param name="privateKeyDer">The input private key DER.</param>
/// <param name="oid">The OID of the privateKey.</param>
/// <param name="parameters">The DerNode of the parameters for the OID.</param>
/// <returns>The PKCS #8 private key DER.</returns>
private static Blob encodePkcs8PrivateKey(ByteBuffer privateKeyDer,
OID oid, DerNode parameters)
{
try {
net.named_data.jndn.encoding.der.DerNode.DerSequence algorithmIdentifier = new net.named_data.jndn.encoding.der.DerNode.DerSequence();
algorithmIdentifier.addChild(new DerNode.DerOid(oid));
algorithmIdentifier.addChild(parameters);
net.named_data.jndn.encoding.der.DerNode.DerSequence result = new net.named_data.jndn.encoding.der.DerNode.DerSequence();
result.addChild(new DerNode.DerInteger(0));
result.addChild(algorithmIdentifier);
result.addChild(new DerNode.DerOctetString(privateKeyDer));
return(result.encode());
} catch (DerEncodingException ex) {
throw new TpmPrivateKey.Error(
"Error encoding PKCS #8 private key: " + ex);
}
}
/// <summary>
/// Encode the certificate fields in DER format.
/// </summary>
///
/// <returns>The DER encoded contents of the certificate.</returns>
private net.named_data.jndn.encoding.der.DerNode.DerSequence toDer()
{
net.named_data.jndn.encoding.der.DerNode.DerSequence root = new net.named_data.jndn.encoding.der.DerNode.DerSequence ();
net.named_data.jndn.encoding.der.DerNode.DerSequence validity = new net.named_data.jndn.encoding.der.DerNode.DerSequence ();
net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime notBefore = new net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime (notBefore_);
net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime notAfter = new net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime (notAfter_);
validity.addChild(notBefore);
validity.addChild(notAfter);
root.addChild(validity);
net.named_data.jndn.encoding.der.DerNode.DerSequence subjectList = new net.named_data.jndn.encoding.der.DerNode.DerSequence ();
for (int i = 0; i < subjectDescriptionList_.Count; ++i)
subjectList
.addChild(((CertificateSubjectDescription) subjectDescriptionList_[i]).toDer());
root.addChild(subjectList);
root.addChild(key_.toDer());
if (extensionList_.Count > 0) {
net.named_data.jndn.encoding.der.DerNode.DerSequence extensionList = new net.named_data.jndn.encoding.der.DerNode.DerSequence ();
for (int i_0 = 0; i_0 < extensionList_.Count; ++i_0)
extensionList.addChild(((CertificateExtension) extensionList_[i_0]).toDer());
root.addChild(extensionList);
}
return root;
}
public void testExtension()
{
// Now add an extension.
String name = "/hello/kitty";
int trustClass = 0;
int trustLevel = 300;
net.named_data.jndn.encoding.der.DerNode.DerSequence extValueRoot = new net.named_data.jndn.encoding.der.DerNode.DerSequence();
net.named_data.jndn.encoding.der.DerNode.DerOctetString extValueName = new net.named_data.jndn.encoding.der.DerNode.DerOctetString(new Blob(name).buf());
net.named_data.jndn.encoding.der.DerNode.DerInteger extValueTrustClass = new net.named_data.jndn.encoding.der.DerNode.DerInteger(trustClass);
net.named_data.jndn.encoding.der.DerNode.DerInteger extValueTrustLevel = new net.named_data.jndn.encoding.der.DerNode.DerInteger(trustLevel);
extValueRoot.addChild(extValueName);
extValueRoot.addChild(extValueTrustClass);
extValueRoot.addChild(extValueTrustLevel);
Blob extValueData = extValueRoot.encode();
String oidString = "1.3.6.1.5.32.1";
bool isCritical = true;
CertificateExtension certExtension = new CertificateExtension(
oidString, isCritical, extValueData);
toyCert.encode();
Certificate cert = new Certificate(toyCert);
cert.addExtension(certExtension);
cert.encode();
Blob certData = cert.getContent();
Data plainData = new Data();
plainData.setContent(certData);
// The constructor Certificate(Data) calls decode().
Certificate decodedCert = new Certificate(plainData);
Assert.AssertEquals("Wrong number of certificate extensions after decoding",
1, decodedCert.getExtensionList().Count);
CertificateExtension decodedExtension = (CertificateExtension)decodedCert
.getExtensionList()[0];
Assert.AssertEquals("Certificate extension has the wrong OID after decoding",
oidString, "" + decodedExtension.getOid());
Assert.AssertEquals(
"Certificate extension has the wrong isCritical value after decoding",
isCritical, decodedExtension.getIsCritical());
// Decode and check the extension value.
DerNode parsedExtValue = net.named_data.jndn.encoding.der.DerNode.parse(decodedExtension.getValue()
.buf());
IList decodedExtValueRoot = parsedExtValue.getChildren();
Assert.AssertEquals(
"Wrong number of certificate extension value items after decoding",
3, decodedExtValueRoot.Count);
net.named_data.jndn.encoding.der.DerNode.DerOctetString decodedName = (net.named_data.jndn.encoding.der.DerNode.DerOctetString)decodedExtValueRoot[0];
net.named_data.jndn.encoding.der.DerNode.DerInteger decodedTrustClass = (net.named_data.jndn.encoding.der.DerNode.DerInteger)decodedExtValueRoot[1];
net.named_data.jndn.encoding.der.DerNode.DerInteger decodedTrustLevel = (net.named_data.jndn.encoding.der.DerNode.DerInteger)decodedExtValueRoot[2];
Assert.AssertEquals("Wrong extension value name after decoding", name, ""
+ decodedName.toVal());
Assert.AssertEquals("Wrong extension value trust class after decoding",
trustClass, (int)(Int32)decodedTrustClass.toVal());
Assert.AssertEquals("Wrong extension value trust level after decoding",
trustLevel, (int)(Int32)decodedTrustLevel.toVal());
}
/// <summary>
/// Encode the object into DER syntax tree.
/// </summary>
///
/// <returns>The encoded DER syntax tree.</returns>
public DerNode toDer()
{
net.named_data.jndn.encoding.der.DerNode.DerSequence root = new net.named_data.jndn.encoding.der.DerNode.DerSequence ();
net.named_data.jndn.encoding.der.DerNode.DerOid extensionId = new net.named_data.jndn.encoding.der.DerNode.DerOid (extensionId_);
net.named_data.jndn.encoding.der.DerNode.DerBoolean isCritical = new net.named_data.jndn.encoding.der.DerNode.DerBoolean (isCritical_);
net.named_data.jndn.encoding.der.DerNode.DerOctetString extensionValue = new net.named_data.jndn.encoding.der.DerNode.DerOctetString (
extensionValue_.buf());
root.addChild(extensionId);
root.addChild(isCritical);
root.addChild(extensionValue);
root.getSize();
return root;
}
public void testExtension()
{
// Now add an extension.
String name = "/hello/kitty";
int trustClass = 0;
int trustLevel = 300;
net.named_data.jndn.encoding.der.DerNode.DerSequence extValueRoot = new net.named_data.jndn.encoding.der.DerNode.DerSequence ();
net.named_data.jndn.encoding.der.DerNode.DerOctetString extValueName = new net.named_data.jndn.encoding.der.DerNode.DerOctetString (new Blob(name).buf());
net.named_data.jndn.encoding.der.DerNode.DerInteger extValueTrustClass = new net.named_data.jndn.encoding.der.DerNode.DerInteger (trustClass);
net.named_data.jndn.encoding.der.DerNode.DerInteger extValueTrustLevel = new net.named_data.jndn.encoding.der.DerNode.DerInteger (trustLevel);
extValueRoot.addChild(extValueName);
extValueRoot.addChild(extValueTrustClass);
extValueRoot.addChild(extValueTrustLevel);
Blob extValueData = extValueRoot.encode();
String oidString = "1.3.6.1.5.32.1";
bool isCritical = true;
CertificateExtension certExtension = new CertificateExtension(
oidString, isCritical, extValueData);
toyCert.encode();
Certificate cert = new Certificate(toyCert);
cert.addExtension(certExtension);
cert.encode();
Blob certData = cert.getContent();
Data plainData = new Data();
plainData.setContent(certData);
// The constructor Certificate(Data) calls decode().
Certificate decodedCert = new Certificate(plainData);
Assert.AssertEquals("Wrong number of certificate extensions after decoding",
1, decodedCert.getExtensionList().Count);
CertificateExtension decodedExtension = (CertificateExtension) decodedCert
.getExtensionList()[0];
Assert.AssertEquals("Certificate extension has the wrong OID after decoding",
oidString, "" + decodedExtension.getOid());
Assert.AssertEquals(
"Certificate extension has the wrong isCritical value after decoding",
isCritical, decodedExtension.getIsCritical());
// Decode and check the extension value.
DerNode parsedExtValue = net.named_data.jndn.encoding.der.DerNode.parse(decodedExtension.getValue()
.buf());
IList decodedExtValueRoot = parsedExtValue.getChildren();
Assert.AssertEquals(
"Wrong number of certificate extension value items after decoding",
3, decodedExtValueRoot.Count);
net.named_data.jndn.encoding.der.DerNode.DerOctetString decodedName = (net.named_data.jndn.encoding.der.DerNode.DerOctetString ) decodedExtValueRoot[0];
net.named_data.jndn.encoding.der.DerNode.DerInteger decodedTrustClass = (net.named_data.jndn.encoding.der.DerNode.DerInteger ) decodedExtValueRoot[1];
net.named_data.jndn.encoding.der.DerNode.DerInteger decodedTrustLevel = (net.named_data.jndn.encoding.der.DerNode.DerInteger ) decodedExtValueRoot[2];
Assert.AssertEquals("Wrong extension value name after decoding", name, ""
+ decodedName.toVal());
Assert.AssertEquals("Wrong extension value trust class after decoding",
trustClass, (int) (Int32) decodedTrustClass.toVal());
Assert.AssertEquals("Wrong extension value trust level after decoding",
trustLevel, (int) (Int32) decodedTrustLevel.toVal());
}
/// <summary>
/// Get the encoded encrypted private key in PKCS #8.
/// </summary>
///
/// <param name="password"></param>
/// <returns>The encoding Blob of the EncryptedPrivateKeyInfo.</returns>
/// <exception cref="TpmPrivateKey.Error">if no private key is loaded, or error encoding.</exception>
public Blob toEncryptedPkcs8(ByteBuffer password)
{
if (keyType_ == null)
{
throw new TpmPrivateKey.Error(
"toEncryptedPkcs8: The private key is not loaded");
}
// Create the derivedKey from the password.
int nIterations = 2048;
byte[] salt = new byte[8];
net.named_data.jndn.util.Common.getRandom().nextBytes(salt);
byte[] derivedKey;
try {
derivedKey = net.named_data.jndn.util.Common.computePbkdf2WithHmacSha1(new Blob(password,
false).getImmutableArray(), salt, nIterations,
DES_EDE3_KEY_LENGTH);
} catch (Exception ex) {
// We don't expect this to happen.
throw new TpmPrivateKey.Error(
"Error computing the derived key using PBKDF2 with HMAC SHA1: "
+ ex);
}
// Use the derived key to get the encrypted pkcs8Encoding.
byte[] encryptedEncoding;
byte[] initialVector = new byte[8];
net.named_data.jndn.util.Common.getRandom().nextBytes(initialVector);
try {
Cipher cipher = javax.crypto.Cipher.getInstance("DESede/CBC/PKCS5Padding");
cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, new SecretKeySpec(derivedKey,
"DESede"), new IvParameterSpec(initialVector));
encryptedEncoding = cipher.doFinal(privateKey_.getEncoded());
} catch (Exception ex_0) {
throw new TpmPrivateKey.Error(
"Error encrypting PKCS #8 key with DES-EDE3-CBC: " + ex_0);
}
try {
// Encode the PBES2 parameters. See https://www.ietf.org/rfc/rfc2898.txt .
net.named_data.jndn.encoding.der.DerNode.DerSequence keyDerivationParameters = new net.named_data.jndn.encoding.der.DerNode.DerSequence();
keyDerivationParameters.addChild(new DerNode.DerOctetString(
ILOG.J2CsMapping.NIO.ByteBuffer.wrap(salt)));
keyDerivationParameters
.addChild(new DerNode.DerInteger(nIterations));
net.named_data.jndn.encoding.der.DerNode.DerSequence keyDerivationAlgorithmIdentifier = new net.named_data.jndn.encoding.der.DerNode.DerSequence();
keyDerivationAlgorithmIdentifier.addChild(new DerNode.DerOid(
PBKDF2_OID));
keyDerivationAlgorithmIdentifier.addChild(keyDerivationParameters);
net.named_data.jndn.encoding.der.DerNode.DerSequence encryptionSchemeAlgorithmIdentifier = new net.named_data.jndn.encoding.der.DerNode.DerSequence();
encryptionSchemeAlgorithmIdentifier.addChild(new DerNode.DerOid(
DES_EDE3_CBC_OID));
encryptionSchemeAlgorithmIdentifier
.addChild(new DerNode.DerOctetString(ILOG.J2CsMapping.NIO.ByteBuffer
.wrap(initialVector)));
net.named_data.jndn.encoding.der.DerNode.DerSequence encryptedKeyParameters = new net.named_data.jndn.encoding.der.DerNode.DerSequence();
encryptedKeyParameters.addChild(keyDerivationAlgorithmIdentifier);
encryptedKeyParameters
.addChild(encryptionSchemeAlgorithmIdentifier);
net.named_data.jndn.encoding.der.DerNode.DerSequence encryptedKeyAlgorithmIdentifier = new net.named_data.jndn.encoding.der.DerNode.DerSequence();
encryptedKeyAlgorithmIdentifier.addChild(new DerNode.DerOid(
PBES2_OID));
encryptedKeyAlgorithmIdentifier.addChild(encryptedKeyParameters);
// Encode the PKCS #8 EncryptedPrivateKeyInfo.
// See https://tools.ietf.org/html/rfc5208.
net.named_data.jndn.encoding.der.DerNode.DerSequence encryptedKey = new net.named_data.jndn.encoding.der.DerNode.DerSequence();
encryptedKey.addChild(encryptedKeyAlgorithmIdentifier);
encryptedKey.addChild(new DerNode.DerOctetString(ILOG.J2CsMapping.NIO.ByteBuffer
.wrap(encryptedEncoding)));
return(encryptedKey.encode());
} catch (DerEncodingException ex_1) {
throw new TpmPrivateKey.Error(
"Error encoding the encryped PKCS #8 private key: " + ex_1);
}
}
