/// <summary> /// Encode the certificate fields in DER format. /// </summary> /// /// <returns>The DER encoded contents of the certificate.</returns> private net.named_data.jndn.encoding.der.DerNode.DerSequence toDer() { net.named_data.jndn.encoding.der.DerNode.DerSequence root = new net.named_data.jndn.encoding.der.DerNode.DerSequence(); net.named_data.jndn.encoding.der.DerNode.DerSequence validity = new net.named_data.jndn.encoding.der.DerNode.DerSequence(); net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime notBefore = new net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime(getNotBefore()); net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime notAfter = new net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime(getNotAfter()); validity.addChild(notBefore); validity.addChild(notAfter); root.addChild(validity); net.named_data.jndn.encoding.der.DerNode.DerSequence subjectList = new net.named_data.jndn.encoding.der.DerNode.DerSequence(); for (int i = 0; i < subjectDescriptionList_.Count; ++i) { subjectList .addChild(((CertificateSubjectDescription)subjectDescriptionList_[i]).toDer()); } root.addChild(subjectList); root.addChild(key_.toDer()); if (extensionList_.Count > 0) { net.named_data.jndn.encoding.der.DerNode.DerSequence extensionList = new net.named_data.jndn.encoding.der.DerNode.DerSequence(); for (int i_0 = 0; i_0 < extensionList_.Count; ++i_0) { extensionList.addChild(((CertificateExtension)extensionList_[i_0]).toDer()); } root.addChild(extensionList); } return(root); }
/// <summary> /// Populate the fields by the decoding DER data from the Content. /// </summary> /// private void decode() { DerNode parsedNode = net.named_data.jndn.encoding.der.DerNode.parse(getContent().buf()); // We need to ensure that there are: // validity (notBefore, notAfter) // subject list // public key // (optional) extension list IList rootChildren = parsedNode.getChildren(); // 1st: validity info IList validityChildren = net.named_data.jndn.encoding.der.DerNode.getSequence(rootChildren, 0) .getChildren(); notBefore_ = ((Double)((net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime)validityChildren[0]).toVal()); notAfter_ = ((Double)((net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime)validityChildren[1]).toVal()); // 2nd: subjectList IList subjectChildren = net.named_data.jndn.encoding.der.DerNode.getSequence(rootChildren, 1) .getChildren(); for (int i = 0; i < subjectChildren.Count; ++i) { net.named_data.jndn.encoding.der.DerNode.DerSequence sd = net.named_data.jndn.encoding.der.DerNode.getSequence(subjectChildren, i); IList descriptionChildren = sd.getChildren(); String oidStr = (String)((DerNode)descriptionChildren[0]) .toVal(); String value_ren = "" + ((Blob)((DerNode)descriptionChildren[1]).toVal()); addSubjectDescription(new CertificateSubjectDescription(oidStr, value_ren)); } // 3rd: public key Blob publicKeyInfo = ((DerNode)rootChildren[2]).encode(); try { key_ = new PublicKey(publicKeyInfo); } catch (UnrecognizedKeyFormatException ex) { throw new DerDecodingException(ex.Message); } if (rootChildren.Count > 3) { IList extensionChildren = net.named_data.jndn.encoding.der.DerNode.getSequence(rootChildren, 3) .getChildren(); for (int i_0 = 0; i_0 < extensionChildren.Count; ++i_0) { net.named_data.jndn.encoding.der.DerNode.DerSequence extInfo = net.named_data.jndn.encoding.der.DerNode.getSequence(extensionChildren, i_0); IList children = extInfo.getChildren(); String oidStr_1 = (String)((DerNode)children[0]).toVal(); bool isCritical = (bool)(((Boolean)((net.named_data.jndn.encoding.der.DerNode.DerBoolean)children[1]).toVal())); Blob value_2 = (Blob)((DerNode)children[2]).toVal(); addExtension(new CertificateExtension(oidStr_1, isCritical, value_2)); } } }
/// <summary> /// Encode the object into a DER syntax tree. /// </summary> /// /// <returns>The encoded DER syntax tree.</returns> public DerNode toDer() { net.named_data.jndn.encoding.der.DerNode.DerSequence root = new net.named_data.jndn.encoding.der.DerNode.DerSequence(); net.named_data.jndn.encoding.der.DerNode.DerOid oid = new net.named_data.jndn.encoding.der.DerNode.DerOid(oid_); // Use Blob to convert the String to a ByteBuffer. net.named_data.jndn.encoding.der.DerNode.DerPrintableString // Use Blob to convert the String to a ByteBuffer. value_ren = new net.named_data.jndn.encoding.der.DerNode.DerPrintableString( new Blob(value_).buf()); root.addChild(oid); root.addChild(value_ren); return(root); }
/// <summary> /// Encode the object into a DER syntax tree. /// </summary> /// /// <returns>The encoded DER syntax tree.</returns> public DerNode toDer() { net.named_data.jndn.encoding.der.DerNode.DerSequence root = new net.named_data.jndn.encoding.der.DerNode.DerSequence (); net.named_data.jndn.encoding.der.DerNode.DerOid oid = new net.named_data.jndn.encoding.der.DerNode.DerOid (oid_); // Use Blob to convert the String to a ByteBuffer. net.named_data.jndn.encoding.der.DerNode.DerPrintableString // Use Blob to convert the String to a ByteBuffer. value_ren = new net.named_data.jndn.encoding.der.DerNode.DerPrintableString ( new Blob(value_).buf()); root.addChild(oid); root.addChild(value_ren); return root; }
/// <summary> /// Encode the object into DER syntax tree. /// </summary> /// /// <returns>The encoded DER syntax tree.</returns> public DerNode toDer() { net.named_data.jndn.encoding.der.DerNode.DerSequence root = new net.named_data.jndn.encoding.der.DerNode.DerSequence(); net.named_data.jndn.encoding.der.DerNode.DerOid extensionId = new net.named_data.jndn.encoding.der.DerNode.DerOid(extensionId_); net.named_data.jndn.encoding.der.DerNode.DerBoolean isCritical = new net.named_data.jndn.encoding.der.DerNode.DerBoolean(isCritical_); net.named_data.jndn.encoding.der.DerNode.DerOctetString extensionValue = new net.named_data.jndn.encoding.der.DerNode.DerOctetString( extensionValue_.buf()); root.addChild(extensionId); root.addChild(isCritical); root.addChild(extensionValue); root.getSize(); return(root); }
/// <summary> /// Encode the private key to a PKCS #8 private key. We do this explicitly here /// to avoid linking to extra OpenSSL libraries. /// </summary> /// /// <param name="privateKeyDer">The input private key DER.</param> /// <param name="oid">The OID of the privateKey.</param> /// <param name="parameters">The DerNode of the parameters for the OID.</param> /// <returns>The PKCS #8 private key DER.</returns> private static Blob encodePkcs8PrivateKey(ByteBuffer privateKeyDer, OID oid, DerNode parameters) { try { net.named_data.jndn.encoding.der.DerNode.DerSequence algorithmIdentifier = new net.named_data.jndn.encoding.der.DerNode.DerSequence(); algorithmIdentifier.addChild(new DerNode.DerOid(oid)); algorithmIdentifier.addChild(parameters); net.named_data.jndn.encoding.der.DerNode.DerSequence result = new net.named_data.jndn.encoding.der.DerNode.DerSequence(); result.addChild(new DerNode.DerInteger(0)); result.addChild(algorithmIdentifier); result.addChild(new DerNode.DerOctetString(privateKeyDer)); return(result.encode()); } catch (DerEncodingException ex) { throw new TpmPrivateKey.Error( "Error encoding PKCS #8 private key: " + ex); } }
/// <summary> /// Encode the certificate fields in DER format. /// </summary> /// /// <returns>The DER encoded contents of the certificate.</returns> private net.named_data.jndn.encoding.der.DerNode.DerSequence toDer() { net.named_data.jndn.encoding.der.DerNode.DerSequence root = new net.named_data.jndn.encoding.der.DerNode.DerSequence (); net.named_data.jndn.encoding.der.DerNode.DerSequence validity = new net.named_data.jndn.encoding.der.DerNode.DerSequence (); net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime notBefore = new net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime (notBefore_); net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime notAfter = new net.named_data.jndn.encoding.der.DerNode.DerGeneralizedTime (notAfter_); validity.addChild(notBefore); validity.addChild(notAfter); root.addChild(validity); net.named_data.jndn.encoding.der.DerNode.DerSequence subjectList = new net.named_data.jndn.encoding.der.DerNode.DerSequence (); for (int i = 0; i < subjectDescriptionList_.Count; ++i) subjectList .addChild(((CertificateSubjectDescription) subjectDescriptionList_[i]).toDer()); root.addChild(subjectList); root.addChild(key_.toDer()); if (extensionList_.Count > 0) { net.named_data.jndn.encoding.der.DerNode.DerSequence extensionList = new net.named_data.jndn.encoding.der.DerNode.DerSequence (); for (int i_0 = 0; i_0 < extensionList_.Count; ++i_0) extensionList.addChild(((CertificateExtension) extensionList_[i_0]).toDer()); root.addChild(extensionList); } return root; }
public void testExtension() { // Now add an extension. String name = "/hello/kitty"; int trustClass = 0; int trustLevel = 300; net.named_data.jndn.encoding.der.DerNode.DerSequence extValueRoot = new net.named_data.jndn.encoding.der.DerNode.DerSequence(); net.named_data.jndn.encoding.der.DerNode.DerOctetString extValueName = new net.named_data.jndn.encoding.der.DerNode.DerOctetString(new Blob(name).buf()); net.named_data.jndn.encoding.der.DerNode.DerInteger extValueTrustClass = new net.named_data.jndn.encoding.der.DerNode.DerInteger(trustClass); net.named_data.jndn.encoding.der.DerNode.DerInteger extValueTrustLevel = new net.named_data.jndn.encoding.der.DerNode.DerInteger(trustLevel); extValueRoot.addChild(extValueName); extValueRoot.addChild(extValueTrustClass); extValueRoot.addChild(extValueTrustLevel); Blob extValueData = extValueRoot.encode(); String oidString = "1.3.6.1.5.32.1"; bool isCritical = true; CertificateExtension certExtension = new CertificateExtension( oidString, isCritical, extValueData); toyCert.encode(); Certificate cert = new Certificate(toyCert); cert.addExtension(certExtension); cert.encode(); Blob certData = cert.getContent(); Data plainData = new Data(); plainData.setContent(certData); // The constructor Certificate(Data) calls decode(). Certificate decodedCert = new Certificate(plainData); Assert.AssertEquals("Wrong number of certificate extensions after decoding", 1, decodedCert.getExtensionList().Count); CertificateExtension decodedExtension = (CertificateExtension)decodedCert .getExtensionList()[0]; Assert.AssertEquals("Certificate extension has the wrong OID after decoding", oidString, "" + decodedExtension.getOid()); Assert.AssertEquals( "Certificate extension has the wrong isCritical value after decoding", isCritical, decodedExtension.getIsCritical()); // Decode and check the extension value. DerNode parsedExtValue = net.named_data.jndn.encoding.der.DerNode.parse(decodedExtension.getValue() .buf()); IList decodedExtValueRoot = parsedExtValue.getChildren(); Assert.AssertEquals( "Wrong number of certificate extension value items after decoding", 3, decodedExtValueRoot.Count); net.named_data.jndn.encoding.der.DerNode.DerOctetString decodedName = (net.named_data.jndn.encoding.der.DerNode.DerOctetString)decodedExtValueRoot[0]; net.named_data.jndn.encoding.der.DerNode.DerInteger decodedTrustClass = (net.named_data.jndn.encoding.der.DerNode.DerInteger)decodedExtValueRoot[1]; net.named_data.jndn.encoding.der.DerNode.DerInteger decodedTrustLevel = (net.named_data.jndn.encoding.der.DerNode.DerInteger)decodedExtValueRoot[2]; Assert.AssertEquals("Wrong extension value name after decoding", name, "" + decodedName.toVal()); Assert.AssertEquals("Wrong extension value trust class after decoding", trustClass, (int)(Int32)decodedTrustClass.toVal()); Assert.AssertEquals("Wrong extension value trust level after decoding", trustLevel, (int)(Int32)decodedTrustLevel.toVal()); }
/// <summary> /// Encode the object into DER syntax tree. /// </summary> /// /// <returns>The encoded DER syntax tree.</returns> public DerNode toDer() { net.named_data.jndn.encoding.der.DerNode.DerSequence root = new net.named_data.jndn.encoding.der.DerNode.DerSequence (); net.named_data.jndn.encoding.der.DerNode.DerOid extensionId = new net.named_data.jndn.encoding.der.DerNode.DerOid (extensionId_); net.named_data.jndn.encoding.der.DerNode.DerBoolean isCritical = new net.named_data.jndn.encoding.der.DerNode.DerBoolean (isCritical_); net.named_data.jndn.encoding.der.DerNode.DerOctetString extensionValue = new net.named_data.jndn.encoding.der.DerNode.DerOctetString ( extensionValue_.buf()); root.addChild(extensionId); root.addChild(isCritical); root.addChild(extensionValue); root.getSize(); return root; }
public void testExtension() { // Now add an extension. String name = "/hello/kitty"; int trustClass = 0; int trustLevel = 300; net.named_data.jndn.encoding.der.DerNode.DerSequence extValueRoot = new net.named_data.jndn.encoding.der.DerNode.DerSequence (); net.named_data.jndn.encoding.der.DerNode.DerOctetString extValueName = new net.named_data.jndn.encoding.der.DerNode.DerOctetString (new Blob(name).buf()); net.named_data.jndn.encoding.der.DerNode.DerInteger extValueTrustClass = new net.named_data.jndn.encoding.der.DerNode.DerInteger (trustClass); net.named_data.jndn.encoding.der.DerNode.DerInteger extValueTrustLevel = new net.named_data.jndn.encoding.der.DerNode.DerInteger (trustLevel); extValueRoot.addChild(extValueName); extValueRoot.addChild(extValueTrustClass); extValueRoot.addChild(extValueTrustLevel); Blob extValueData = extValueRoot.encode(); String oidString = "1.3.6.1.5.32.1"; bool isCritical = true; CertificateExtension certExtension = new CertificateExtension( oidString, isCritical, extValueData); toyCert.encode(); Certificate cert = new Certificate(toyCert); cert.addExtension(certExtension); cert.encode(); Blob certData = cert.getContent(); Data plainData = new Data(); plainData.setContent(certData); // The constructor Certificate(Data) calls decode(). Certificate decodedCert = new Certificate(plainData); Assert.AssertEquals("Wrong number of certificate extensions after decoding", 1, decodedCert.getExtensionList().Count); CertificateExtension decodedExtension = (CertificateExtension) decodedCert .getExtensionList()[0]; Assert.AssertEquals("Certificate extension has the wrong OID after decoding", oidString, "" + decodedExtension.getOid()); Assert.AssertEquals( "Certificate extension has the wrong isCritical value after decoding", isCritical, decodedExtension.getIsCritical()); // Decode and check the extension value. DerNode parsedExtValue = net.named_data.jndn.encoding.der.DerNode.parse(decodedExtension.getValue() .buf()); IList decodedExtValueRoot = parsedExtValue.getChildren(); Assert.AssertEquals( "Wrong number of certificate extension value items after decoding", 3, decodedExtValueRoot.Count); net.named_data.jndn.encoding.der.DerNode.DerOctetString decodedName = (net.named_data.jndn.encoding.der.DerNode.DerOctetString ) decodedExtValueRoot[0]; net.named_data.jndn.encoding.der.DerNode.DerInteger decodedTrustClass = (net.named_data.jndn.encoding.der.DerNode.DerInteger ) decodedExtValueRoot[1]; net.named_data.jndn.encoding.der.DerNode.DerInteger decodedTrustLevel = (net.named_data.jndn.encoding.der.DerNode.DerInteger ) decodedExtValueRoot[2]; Assert.AssertEquals("Wrong extension value name after decoding", name, "" + decodedName.toVal()); Assert.AssertEquals("Wrong extension value trust class after decoding", trustClass, (int) (Int32) decodedTrustClass.toVal()); Assert.AssertEquals("Wrong extension value trust level after decoding", trustLevel, (int) (Int32) decodedTrustLevel.toVal()); }
/// <summary> /// Get the encoded encrypted private key in PKCS #8. /// </summary> /// /// <param name="password"></param> /// <returns>The encoding Blob of the EncryptedPrivateKeyInfo.</returns> /// <exception cref="TpmPrivateKey.Error">if no private key is loaded, or error encoding.</exception> public Blob toEncryptedPkcs8(ByteBuffer password) { if (keyType_ == null) { throw new TpmPrivateKey.Error( "toEncryptedPkcs8: The private key is not loaded"); } // Create the derivedKey from the password. int nIterations = 2048; byte[] salt = new byte[8]; net.named_data.jndn.util.Common.getRandom().nextBytes(salt); byte[] derivedKey; try { derivedKey = net.named_data.jndn.util.Common.computePbkdf2WithHmacSha1(new Blob(password, false).getImmutableArray(), salt, nIterations, DES_EDE3_KEY_LENGTH); } catch (Exception ex) { // We don't expect this to happen. throw new TpmPrivateKey.Error( "Error computing the derived key using PBKDF2 with HMAC SHA1: " + ex); } // Use the derived key to get the encrypted pkcs8Encoding. byte[] encryptedEncoding; byte[] initialVector = new byte[8]; net.named_data.jndn.util.Common.getRandom().nextBytes(initialVector); try { Cipher cipher = javax.crypto.Cipher.getInstance("DESede/CBC/PKCS5Padding"); cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, new SecretKeySpec(derivedKey, "DESede"), new IvParameterSpec(initialVector)); encryptedEncoding = cipher.doFinal(privateKey_.getEncoded()); } catch (Exception ex_0) { throw new TpmPrivateKey.Error( "Error encrypting PKCS #8 key with DES-EDE3-CBC: " + ex_0); } try { // Encode the PBES2 parameters. See https://www.ietf.org/rfc/rfc2898.txt . net.named_data.jndn.encoding.der.DerNode.DerSequence keyDerivationParameters = new net.named_data.jndn.encoding.der.DerNode.DerSequence(); keyDerivationParameters.addChild(new DerNode.DerOctetString( ILOG.J2CsMapping.NIO.ByteBuffer.wrap(salt))); keyDerivationParameters .addChild(new DerNode.DerInteger(nIterations)); net.named_data.jndn.encoding.der.DerNode.DerSequence keyDerivationAlgorithmIdentifier = new net.named_data.jndn.encoding.der.DerNode.DerSequence(); keyDerivationAlgorithmIdentifier.addChild(new DerNode.DerOid( PBKDF2_OID)); keyDerivationAlgorithmIdentifier.addChild(keyDerivationParameters); net.named_data.jndn.encoding.der.DerNode.DerSequence encryptionSchemeAlgorithmIdentifier = new net.named_data.jndn.encoding.der.DerNode.DerSequence(); encryptionSchemeAlgorithmIdentifier.addChild(new DerNode.DerOid( DES_EDE3_CBC_OID)); encryptionSchemeAlgorithmIdentifier .addChild(new DerNode.DerOctetString(ILOG.J2CsMapping.NIO.ByteBuffer .wrap(initialVector))); net.named_data.jndn.encoding.der.DerNode.DerSequence encryptedKeyParameters = new net.named_data.jndn.encoding.der.DerNode.DerSequence(); encryptedKeyParameters.addChild(keyDerivationAlgorithmIdentifier); encryptedKeyParameters .addChild(encryptionSchemeAlgorithmIdentifier); net.named_data.jndn.encoding.der.DerNode.DerSequence encryptedKeyAlgorithmIdentifier = new net.named_data.jndn.encoding.der.DerNode.DerSequence(); encryptedKeyAlgorithmIdentifier.addChild(new DerNode.DerOid( PBES2_OID)); encryptedKeyAlgorithmIdentifier.addChild(encryptedKeyParameters); // Encode the PKCS #8 EncryptedPrivateKeyInfo. // See https://tools.ietf.org/html/rfc5208. net.named_data.jndn.encoding.der.DerNode.DerSequence encryptedKey = new net.named_data.jndn.encoding.der.DerNode.DerSequence(); encryptedKey.addChild(encryptedKeyAlgorithmIdentifier); encryptedKey.addChild(new DerNode.DerOctetString(ILOG.J2CsMapping.NIO.ByteBuffer .wrap(encryptedEncoding))); return(encryptedKey.encode()); } catch (DerEncodingException ex_1) { throw new TpmPrivateKey.Error( "Error encoding the encryped PKCS #8 private key: " + ex_1); } }