public void testAppend()
{
// could possibly split this into different tests
String uri = "/localhost/user/folders/files/%00%0F";
Name name = new Name(uri);
Name name2 = new Name("/localhost").append(new Name("/user/folders/"));
Assert.AssertEquals("Name constructed by appending names has " + name2.size()
+ " components instead of 3", 3, name2.size());
Assert.AssertTrue("Name constructed with append has wrong suffix", name2
.get(2).getValue().equals(new Blob("folders")));
name2 = name2.append("files");
Assert.AssertEquals("Name constructed by appending string has " + name2.size()
+ " components instead of 4", 4, name2.size());
name2 = name2.appendSegment(15);
Assert.AssertTrue(
"Name constructed by appending segment has wrong segment value",
name2.get(4).getValue()
.equals(new Blob(new int[] { 0x00, 0x0F })));
Assert.AssertTrue(
"Name constructed with append is not equal to URI constructed name",
name2.equals(name));
Assert.AssertEquals("Name constructed with append has wrong URI",
name.toUri(), name2.toUri());
}
/// <summary>
/// Get the public key name from the full certificate name.
/// </summary>
///
/// <param name="certificateName">The full certificate name.</param>
/// <returns>The related public key name.</returns>
public static Name certificateNameToPublicKeyName(Name certificateName)
{
String idString = "ID-CERT";
bool foundIdString = false;
int idCertComponentIndex = certificateName.size() - 1;
for (; idCertComponentIndex + 1 > 0; --idCertComponentIndex) {
if (certificateName.get(idCertComponentIndex).toEscapedString()
.equals(idString)) {
foundIdString = true;
break;
}
}
if (!foundIdString)
throw new Exception("Incorrect identity certificate name "
+ certificateName.toUri());
Name tempName = certificateName.getSubName(0, idCertComponentIndex);
String keyString = "KEY";
bool foundKeyString = false;
int keyComponentIndex = 0;
for (; keyComponentIndex < tempName.size(); keyComponentIndex++) {
if (tempName.get(keyComponentIndex).toEscapedString()
.equals(keyString)) {
foundKeyString = true;
break;
}
}
if (!foundKeyString)
throw new Exception("Incorrect identity certificate name "
+ certificateName.toUri());
return tempName.getSubName(0, keyComponentIndex).append(
tempName.getSubName(keyComponentIndex + 1, tempName.size()
- keyComponentIndex - 1));
}
/// <summary>
/// Check if this Interest's name matches the given name (using Name.match)
/// and the given name also conforms to the interest selectors.
/// </summary>
///
/// <param name="name">The name to check.</param>
/// <returns>True if the name and interest selectors match, otherwise false.</returns>
public bool matchesName(Name name)
{
if (!getName().match(name))
return false;
if (minSuffixComponents_ >= 0 &&
// Add 1 for the implicit digest.
!(name.size() + 1 - getName().size() >= minSuffixComponents_))
return false;
if (maxSuffixComponents_ >= 0 &&
// Add 1 for the implicit digest.
!(name.size() + 1 - getName().size() <= maxSuffixComponents_))
return false;
if (getExclude().size() > 0 && name.size() > getName().size()
&& getExclude().matches(name.get(getName().size())))
return false;
return true;
}
static void Main(string[] args)
{
var face = new Face
(new TcpTransport(), new TcpTransport.ConnectionInfo("localhost"));
// For now, when setting face.setCommandSigningInfo, use a key chain with
// a default private key instead of the system default key chain. This
// is OK for now because NFD is configured to skip verification, so it
// ignores the system default key chain.
var identityStorage = new MemoryIdentityStorage();
var privateKeyStorage = new MemoryPrivateKeyStorage();
var keyChain = new KeyChain
(new IdentityManager(identityStorage, privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
keyChain.setFace(face);
// Initialize the storage.
var keyName = new Name("/testname/DSK-123");
var certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER));
privateKeyStorage.setKeyPairForKeyName
(keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER),
new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER));
face.setCommandSigningInfo(keyChain, certificateName);
var echo = new Echo(keyChain, certificateName);
var prefix = new Name("/testecho");
Console.Out.WriteLine("Register prefix " + prefix.toUri());
face.registerPrefix(prefix, echo, echo);
// The main event loop.
// Wait to receive one interest for the prefix.
while (echo.responseCount_ < 1) {
face.processEvents();
// We need to sleep for a few milliseconds so we don't use 100% of
// the CPU.
System.Threading.Thread.Sleep(5);
}
}
/// <summary>
/// Set a key as the default key of an identity. The identity name is inferred
/// from keyName.
/// </summary>
///
/// <param name="keyName">The name of the key.</param>
/// <param name="identityNameCheck"></param>
public override void setDefaultKeyNameForIdentity(Name keyName,
Name identityNameCheck)
{
Name identityName = keyName.getPrefix(-1);
if (identityNameCheck.size() > 0
&& !identityNameCheck.equals(identityName))
throw new SecurityException(
"The specified identity name does not match the key name");
String identity = identityName.toUri();
if (identityStore_.Contains(identity)) {
((MemoryIdentityStorage.IdentityRecord ) ILOG.J2CsMapping.Collections.Collections.Get(identityStore_,identity))
.setDefaultKey(new Name(keyName));
}
}
/// <summary>
/// Create a KeyChain with the a default name and key pair.
/// </summary>
///
/// <param name="certificateName">Set certificateName[0] to the signing certificateName.</param>
/// <returns>The KeyChain.</returns>
/// <exception cref="System.Security.SecurityException"></exception>
public static KeyChain buildKeyChain(Name[] certificateName)
{
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage();
KeyChain keyChain = new KeyChain(new IdentityManager(identityStorage,
privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
// initialize the storage with
Name keyName = new Name("/testname/DSK-123");
certificateName[0] = keyName.getSubName(0, keyName.size() - 1)
.append("KEY").append(keyName.get(-1)).append("ID-CERT")
.append("0");
identityStorage.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob(
DEFAULT_RSA_PUBLIC_KEY_DER, false));
privateKeyStorage.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER);
return keyChain;
}
/// <summary>
/// Check if the given name matches this filter. Match if name starts with this
/// filter's prefix. If this filter has the optional regexFilter then the
/// remaining components match the regexFilter regular expression.
/// For example, the following InterestFilter:
/// InterestFilter("/hello", "<world><>+")
/// will match all Interests, whose name has the prefix `/hello` which is
/// followed by a component `world` and has at least one more component after it.
/// Examples:
/// /hello/world/!
/// /hello/world/x/y/z
/// Note that the regular expression will need to match all remaining components
/// (e.g., there are implicit heading `^` and trailing `$` symbols in the
/// regular expression).
/// </summary>
///
/// <param name="name">The name to check against this filter.</param>
/// <returns>True if name matches this filter, otherwise false.</returns>
public bool doesMatch(Name name)
{
if (name.size() < prefix_.size())
return false;
if (hasRegexFilter()) {
// Perform a prefix match and regular expression match for the remaining
// components.
if (!prefix_.match(name))
return false;
return null != net.named_data.jndn.util.NdnRegexMatcher.match(regexFilterPattern_,
name.getSubName(prefix_.size()));
} else
// Just perform a prefix match.
return prefix_.match(name);
}
public void testUriConstructor()
{
Name name = new Name(expectedURI);
Assert.AssertEquals("Constructed name has " + name.size()
+ " components instead of 3", 3, name.size());
Assert.AssertEquals("URI is incorrect", expectedURI, name.toUri());
}
static void Main(string[] args)
{
var data = new Data();
data.wireDecode(new Blob(TlvData));
Console.Out.WriteLine("Decoded Data:");
dumpData(data);
// Set the content again to clear the cached encoding so we encode again.
data.setContent(data.getContent());
var encoding = data.wireEncode();
var reDecodedData = new Data();
reDecodedData.wireDecode(encoding);
Console.Out.WriteLine("");
Console.Out.WriteLine("Re-decoded Data:");
dumpData(reDecodedData);
var identityStorage = new MemoryIdentityStorage();
var privateKeyStorage = new MemoryPrivateKeyStorage();
var keyChain = new KeyChain
(new IdentityManager(identityStorage, privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
// Initialize the storage.
var keyName = new Name("/testname/DSK-123");
var certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER));
privateKeyStorage.setKeyPairForKeyName
(keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER),
new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER));
VerifyCallbacks callbacks = new VerifyCallbacks("Re-decoded Data");
keyChain.verifyData(reDecodedData, callbacks, callbacks);
var freshData = new Data(new Name("/ndn/abc"));
freshData.setContent(new Blob("SUCCESS!"));
freshData.getMetaInfo().setFreshnessPeriod(5000);
freshData.getMetaInfo().setFinalBlockId(new Name("/%00%09").get(0));
keyChain.sign(freshData, certificateName);
Console.Out.WriteLine("");
Console.Out.WriteLine("Freshly-signed Data:");
dumpData(freshData);
callbacks = new VerifyCallbacks("Freshly-signed Data");
keyChain.verifyData(freshData, callbacks, callbacks);
}
/// <summary>
/// Throw an exception if it is an error for setDefaultKeyNameForIdentity to
/// set it.
/// </summary>
///
/// <param name="keyName">The key name.</param>
/// <param name="identityNameCheck">The identity name to check the keyName.</param>
/// <exception cref="System.Security.SecurityException">if the identity name does not match the key nameor other problem.</exception>
protected internal void checkSetDefaultKeyNameForIdentity(Name keyName,
Name identityNameCheck)
{
Name identityName = keyName.getPrefix(-1);
if (identityNameCheck.size() > 0
&& !identityNameCheck.equals(identityName))
throw new SecurityException(
"The specified identity name does not match the key name");
}
private static Name getKeyNameFromCertificatePrefix(Name certificatePrefix)
{
Name result = new Name();
String keyString = "KEY";
int i = 0;
for (; i < certificatePrefix.size(); i++) {
if (certificatePrefix.get(i).toEscapedString().equals(keyString))
break;
}
if (i >= certificatePrefix.size())
throw new SecurityException(
"Identity Certificate Prefix does not have a KEY component");
result.append(certificatePrefix.getSubName(0, i));
result.append(certificatePrefix.getSubName(i + 1,
certificatePrefix.size() - i - 1));
return result;
}
/// <summary>
/// Do the work of registerPrefix to register with NFD.
/// </summary>
///
/// <param name="registeredPrefixId">registeredPrefixTable_ (assuming it has already been done).</param>
/// <param name="prefix"></param>
/// <param name="onInterest"></param>
/// <param name="onRegisterFailed"></param>
/// <param name="onRegisterSuccess"></param>
/// <param name="flags"></param>
/// <param name="commandKeyChain"></param>
/// <param name="commandCertificateName"></param>
/// <param name="wireFormat_0"></param>
/// <param name="face_1"></param>
/// <exception cref="System.Security.SecurityException">If cannot find the private key for thecertificateName.</exception>
private void nfdRegisterPrefix(long registeredPrefixId, Name prefix,
OnInterestCallback onInterest, OnRegisterFailed onRegisterFailed,
OnRegisterSuccess onRegisterSuccess, ForwardingFlags flags,
KeyChain commandKeyChain, Name commandCertificateName,
WireFormat wireFormat_0, Face face_1)
{
if (commandKeyChain == null)
throw new Exception(
"registerPrefix: The command KeyChain has not been set. You must call setCommandSigningInfo.");
if (commandCertificateName.size() == 0)
throw new Exception(
"registerPrefix: The command certificate name has not been set. You must call setCommandSigningInfo.");
ControlParameters controlParameters = new ControlParameters();
controlParameters.setName(prefix);
controlParameters.setForwardingFlags(flags);
Interest commandInterest = new Interest();
// Determine whether to use remote prefix registration.
bool faceIsLocal;
try {
faceIsLocal = isLocal();
} catch (IOException ex) {
logger_.log(
ILOG.J2CsMapping.Util.Logging.Level.INFO,
"Register prefix failed: Error attempting to determine if the face is local: {0}",
ex);
try {
onRegisterFailed.onRegisterFailed(prefix);
} catch (Exception exception) {
logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onRegisterFailed",
exception);
}
return;
}
if (faceIsLocal) {
commandInterest.setName(new Name("/localhost/nfd/rib/register"));
// The interest is answered by the local host, so set a short timeout.
commandInterest.setInterestLifetimeMilliseconds(2000.0d);
} else {
commandInterest.setName(new Name("/localhop/nfd/rib/register"));
// The host is remote, so set a longer timeout.
commandInterest.setInterestLifetimeMilliseconds(4000.0d);
}
// NFD only accepts TlvWireFormat packets.
commandInterest.getName().append(
controlParameters.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get()));
makeCommandInterest(commandInterest, commandKeyChain,
commandCertificateName, net.named_data.jndn.encoding.TlvWireFormat.get());
// Send the registration interest.
Node.RegisterResponse response = new Node.RegisterResponse (
new RegisterResponse.Info(prefix, onRegisterFailed,
onRegisterSuccess, registeredPrefixId, onInterest, face_1),
this);
try {
expressInterest(getNextEntryId(), commandInterest, response,
response, null, wireFormat_0, face_1);
} catch (IOException ex_2) {
// Can't send the interest. Call onRegisterFailed.
logger_.log(
ILOG.J2CsMapping.Util.Logging.Level.INFO,
"Register prefix failed: Error sending the register prefix interest to the forwarder: {0}",
ex_2);
try {
onRegisterFailed.onRegisterFailed(prefix);
} catch (Exception exception_3) {
logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onRegisterFailed",
exception_3);
}
}
}
/// <summary>
/// Encode the name as NDN-TLV to the encoder.
/// </summary>
///
/// <param name="name">The name to encode.</param>
/// <param name="signedPortionBeginOffset">name component and ends just before the final name component (which is assumed to be a signature for a signed interest).</param>
/// <param name="signedPortionEndOffset">name component and ends just before the final name component (which is assumed to be a signature for a signed interest).</param>
/// <param name="encoder">The TlvEncoder to receive the encoding.</param>
private static void encodeName(Name name, int[] signedPortionBeginOffset,
int[] signedPortionEndOffset, TlvEncoder encoder)
{
int saveLength = encoder.getLength();
// Encode the components backwards.
int signedPortionEndOffsetFromBack = 0;
for (int i = name.size() - 1; i >= 0; --i) {
encodeNameComponent(name.get(i), encoder);
if (i == name.size() - 1)
signedPortionEndOffsetFromBack = encoder.getLength();
}
int signedPortionBeginOffsetFromBack = encoder.getLength();
encoder.writeTypeAndLength(net.named_data.jndn.encoding.tlv.Tlv.Name, encoder.getLength() - saveLength);
signedPortionBeginOffset[0] = encoder.getLength()
- signedPortionBeginOffsetFromBack;
if (name.size() == 0)
// There is no "final component", so set signedPortionEndOffset
// arbitrarily.
signedPortionEndOffset[0] = signedPortionBeginOffset[0];
else
signedPortionEndOffset[0] = encoder.getLength()
- signedPortionEndOffsetFromBack;
}
/// <summary>
/// Determines if a name satisfies the relation to another name, based on
/// matchRelation.
/// </summary>
///
/// <param name="name"></param>
/// <param name="matchName"></param>
/// <param name="matchRelation">name as a prefix "is-strict-prefix-of" - passes if the name has the other name as a prefix, and is not equal "equal" - passes if the two names are equal</param>
/// <returns>True if matches.</returns>
private static bool matchesRelation(Name name, Name matchName,
String matchRelation)
{
bool passed = false;
if (matchRelation.equals("is-strict-prefix-of")) {
if (matchName.size() == name.size())
passed = false;
else if (matchName.match(name))
passed = true;
} else if (matchRelation.equals("is-prefix-of")) {
if (matchName.match(name))
passed = true;
} else if (matchRelation.equals("equal")) {
if (matchName.equals(name))
passed = true;
}
return passed;
}
private static Name certNameFromKeyName(Name keyName, int keyIdx)
{
if (keyIdx < 0)
keyIdx = keyName.size() + keyIdx;
return keyName.getPrefix(keyIdx).append("KEY")
.append(keyName.getSubName(keyIdx)).append("ID-CERT")
.append("0");
}
/// <summary>
/// Check if the last component in the name is a segment number.
/// </summary>
///
/// <param name="name">The name to check.</param>
/// <returns>True if the name ends with a segment number, otherwise false.</returns>
private static bool endsWithSegmentNumber(Name name)
{
return name.size() >= 1 && name.get(-1).isSegment();
}
/// <summary>
/// Wire encode the Data object, sign it and set its signature.
/// </summary>
///
/// <param name="data"></param>
/// <param name="identityName"></param>
/// <param name="wireFormat">A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().</param>
public void signByIdentity(Data data, Name identityName,
WireFormat wireFormat)
{
Name signingCertificateName;
if (identityName.size() == 0) {
Name inferredIdentity = policyManager_.inferSigningIdentity(data
.getName());
if (inferredIdentity.size() == 0)
signingCertificateName = identityManager_
.getDefaultCertificateName();
else
signingCertificateName = identityManager_
.getDefaultCertificateNameForIdentity(inferredIdentity);
} else
signingCertificateName = identityManager_
.getDefaultCertificateNameForIdentity(identityName);
if (signingCertificateName.size() == 0)
throw new SecurityException("No qualified certificate name found!");
if (!policyManager_.checkSigningPolicy(data.getName(),
signingCertificateName))
throw new SecurityException(
"Signing Cert name does not comply with signing policy");
identityManager_.signByCertificate(data, signingCertificateName,
wireFormat);
}
public CredentialStorage()
{
this.identityStorage_ = new MemoryIdentityStorage();
this.privateKeyStorage_ = new MemoryPrivateKeyStorage();
this.keyChain_ = new KeyChain(new IdentityManager(
identityStorage_, privateKeyStorage_), new SelfVerifyPolicyManager(
identityStorage_));
Name keyName = new Name("/testname/DSK-123");
defaultCertName_ = keyName.getSubName(0, keyName.size() - 1)
.append("KEY").append(keyName.get(-1)).append("ID-CERT")
.append("0");
Name ecdsaKeyName = new Name("/testEcdsa/DSK-123");
ecdsaCertName_ = ecdsaKeyName.getSubName(0, ecdsaKeyName.size() - 1)
.append("KEY").append(ecdsaKeyName.get(-1)).append("ID-CERT")
.append("0");
try {
identityStorage_.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob(
DEFAULT_RSA_PUBLIC_KEY_DER, false));
privateKeyStorage_.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER);
#if false // Skip ECDSA for now.
identityStorage_.addKey(ecdsaKeyName, net.named_data.jndn.security.KeyType.ECDSA, new Blob(
DEFAULT_EC_PUBLIC_KEY_DER, false));
privateKeyStorage_.setKeyPairForKeyName(ecdsaKeyName,
net.named_data.jndn.security.KeyType.ECDSA, DEFAULT_EC_PUBLIC_KEY_DER,
DEFAULT_EC_PRIVATE_KEY_DER);
#endif
} catch (SecurityException ex) {
// Don't expect this to happen;
System.Console.Out.WriteLine("Exception setting test keys: " + ex);
identityStorage_ = null;
privateKeyStorage_ = null;
}
}
public void setUp()
{
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage();
keyChain = new KeyChain(new IdentityManager(identityStorage,
privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
// Initialize the storage.
Name keyName = new Name("/testname/DSK-123");
certificateName = keyName.getSubName(0, keyName.size() - 1)
.append("KEY").append(keyName.get(-1)).append("ID-CERT")
.append("0");
try {
identityStorage.addKey(keyName, net.named_data.jndn.security.KeyType.RSA, new Blob(
DEFAULT_RSA_PUBLIC_KEY_DER, false));
privateKeyStorage.setKeyPairForKeyName(keyName, net.named_data.jndn.security.KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER);
} catch (SecurityException ex) {
// We don't expect this to happen.
ILOG.J2CsMapping.Util.Logging.Logger.getLogger(typeof(TestLink).FullName).log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, null,
ex);
}
}
private static bool isCorrectName(Name name)
{
int i = name.size() - 1;
String idString = "ID-CERT";
for (; i >= 0; i--) {
if (name.get(i).toEscapedString().equals(idString))
break;
}
if (i < 0)
return false;
int keyIdx = 0;
String keyString = "KEY";
for (; keyIdx < name.size(); keyIdx++) {
if (name.get(keyIdx).toEscapedString().equals(keyString))
break;
}
if (keyIdx >= name.size())
return false;
return true;
}
/// <summary>
/// Prepare an unsigned identity certificate.
/// </summary>
///
/// <param name="keyName">The key name, e.g., `/{identity_name}/ksk-123456`.</param>
/// <param name="publicKey">The public key to sign.</param>
/// <param name="signingIdentity">The signing identity.</param>
/// <param name="notBefore">See IdentityCertificate.</param>
/// <param name="notAfter">See IdentityCertificate.</param>
/// <param name="subjectDescription">on the keyName.</param>
/// <param name="certPrefix">signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-...`).</param>
/// <returns>The unsigned IdentityCertificate, or null if the inputs are invalid.</returns>
public IdentityCertificate prepareUnsignedIdentityCertificate(
Name keyName, PublicKey publicKey, Name signingIdentity,
double notBefore, double notAfter, IList subjectDescription,
Name certPrefix)
{
if (keyName.size() < 1)
return null;
String tempKeyIdPrefix = keyName.get(-1).toEscapedString();
if (tempKeyIdPrefix.Length < 4)
return null;
String keyIdPrefix = tempKeyIdPrefix.Substring(0,(4)-(0));
if (!keyIdPrefix.equals("ksk-") && !keyIdPrefix.equals("dsk-"))
return null;
IdentityCertificate certificate = new IdentityCertificate();
Name certName = new Name();
if (certPrefix == null) {
// No certificate prefix hint, so infer the prefix.
if (signingIdentity.match(keyName))
certName.append(signingIdentity).append("KEY")
.append(keyName.getSubName(signingIdentity.size()))
.append("ID-CERT")
.appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds());
else
certName.append(keyName.getPrefix(-1)).append("KEY")
.append(keyName.get(-1)).append("ID-CERT")
.appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds());
} else {
// A cert prefix hint is supplied, so determine the cert name.
if (certPrefix.match(keyName) && !certPrefix.equals(keyName))
certName.append(certPrefix).append("KEY")
.append(keyName.getSubName(certPrefix.size()))
.append("ID-CERT")
.appendVersion((long) net.named_data.jndn.util.Common.getNowMilliseconds());
else
return null;
}
certificate.setName(certName);
certificate.setNotBefore(notBefore);
certificate.setNotAfter(notAfter);
certificate.setPublicKeyInfo(publicKey);
if (subjectDescription == null || (subjectDescription.Count==0))
certificate
.addSubjectDescription(new CertificateSubjectDescription(
"2.5.4.41", keyName.getPrefix(-1).toUri()));
else {
for (int i = 0; i < subjectDescription.Count; ++i)
certificate
.addSubjectDescription((CertificateSubjectDescription) subjectDescription[i]);
}
try {
certificate.encode();
} catch (DerEncodingException ex) {
throw new SecurityException("DerEncodingException: " + ex);
} catch (DerDecodingException ex_0) {
throw new SecurityException("DerDecodingException: " + ex_0);
}
return certificate;
}
private void construct(Name prefix, Name dataType)
{
Name fixedPrefix = new Name(prefix);
Name fixedDataType = new Name(dataType);
// Fill ekeyInfo_ with all permutations of dataType, including the 'E-KEY'
// component of the name. This will be used in createContentKey to send
// interests without reconstructing names every time.
fixedPrefix.append(net.named_data.jndn.encrypt.algo.Encryptor.NAME_COMPONENT_READ);
while (fixedDataType.size() > 0) {
Name nodeName = new Name(fixedPrefix);
nodeName.append(fixedDataType);
nodeName.append(net.named_data.jndn.encrypt.algo.Encryptor.NAME_COMPONENT_E_KEY);
ILOG.J2CsMapping.Collections.Collections.Put(eKeyInfo_,nodeName,new Producer.KeyInfo ());
fixedDataType = fixedDataType.getPrefix(-1);
}
fixedPrefix.append(dataType);
namespace_ = new Name(prefix);
namespace_.append(net.named_data.jndn.encrypt.algo.Encryptor.NAME_COMPONENT_SAMPLE);
namespace_.append(dataType);
}
public void signData(Data data, Name certificateName)
{
if (certificateName.size() == 0)
certificateName = defaultCertName_;
keyChain_.sign(data, certificateName);
}
/**
* Loop to decode a data packet nIterations times.
* @param nIterations The number of iterations.
* @param useCrypto If true, verify the signature. If false, don't verify.
* @param keyType KeyType.RSA or EC, used if useCrypto is true.
* @param encoding The wire encoding to decode.
* @return The number of seconds for all iterations.
* @throws EncodingException
*/
private static double benchmarkDecodeDataSeconds(int nIterations, bool useCrypto, KeyType keyType, Blob encoding)
{
// Initialize the KeyChain storage in case useCrypto is true.
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
KeyChain keyChain = new KeyChain
(new IdentityManager(identityStorage, new MemoryPrivateKeyStorage()),
new SelfVerifyPolicyManager(identityStorage));
Name keyName = new Name("/testname/DSK-123");
Name certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER));
VerifyCallbacks callbacks = new VerifyCallbacks();
double start = getNowSeconds();
for (int i = 0; i < nIterations; ++i) {
Data data = new Data();
data.wireDecode(encoding.buf());
if (useCrypto)
keyChain.verifyData(data, callbacks, callbacks);
}
double finish = getNowSeconds();
return finish - start;
}
/**
* Loop to encode a data packet nIterations times.
* @param nIterations The number of iterations.
* @param useComplex If true, use a large name, large content and all fields.
* If false, use a small name, small content
* and only required fields.
* @param useCrypto If true, sign the data packet. If false, use a blank
* signature.
* @param keyType KeyType.RSA or EC, used if useCrypto is true.
* @param encoding Set encoding[0] to the wire encoding.
* @return The number of seconds for all iterations.
*/
private static double benchmarkEncodeDataSeconds(int nIterations, bool useComplex, bool useCrypto, KeyType keyType,
Blob[] encoding)
{
Name name;
Blob content;
if (useComplex) {
// Use a large name and content.
name = new Name
("/ndn/ucla.edu/apps/lwndn-test/numbers.txt/%FD%05%05%E8%0C%CE%1D/%00");
StringBuilder contentStream = new StringBuilder();
int count = 1;
contentStream.append(count++);
while (contentStream.toString().Length < 1115)
contentStream.append(" ").append(count++);
content = new Blob(contentStream.toString());
}
else {
// Use a small name and content.
name = new Name("/test");
content = new Blob("abc");
}
Name.Component finalBlockId =
new Name.Component(new Blob(new byte[] { (byte)0 }));
// Initialize the KeyChain storage in case useCrypto is true.
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage();
KeyChain keyChain = new KeyChain
(new IdentityManager(identityStorage, privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
Name keyName = new Name("/testname/DSK-123");
Name certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
privateKeyStorage.setKeyPairForKeyName
(keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER),
new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER));
Blob signatureBits = new Blob(new byte[256]);
Blob emptyBlob = new Blob(new byte[0]);
double start = getNowSeconds();
for (int i = 0; i < nIterations; ++i) {
Data data = new Data(name);
data.setContent(content);
if (useComplex) {
data.getMetaInfo().setFreshnessPeriod(30000);
data.getMetaInfo().setFinalBlockId(finalBlockId);
}
if (useCrypto)
// This sets the signature fields.
keyChain.sign(data, certificateName);
else {
// Imitate IdentityManager.signByCertificate to set up the signature
// fields, but don't sign.
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(KeyLocatorType.KEYNAME);
keyLocator.setKeyName(certificateName);
Sha256WithRsaSignature sha256Signature =
(Sha256WithRsaSignature)data.getSignature();
sha256Signature.setKeyLocator(keyLocator);
sha256Signature.setSignature(signatureBits);
}
encoding[0] = data.wireEncode();
}
double finish = getNowSeconds();
return finish - start;
}
/// <summary>
/// Add a public key to the identity storage. Also call addIdentity to ensure
/// that the identityName for the key exists. However, if the key already
/// exists, do nothing.
/// </summary>
///
/// <param name="keyName">The name of the public key to be added.</param>
/// <param name="keyType">Type of the public key to be added.</param>
/// <param name="publicKeyDer">A blob of the public key DER to be added.</param>
public override void addKey(Name keyName, KeyType keyType, Blob publicKeyDer)
{
if (keyName.size() == 0)
return;
if (doesKeyExist(keyName))
return;
Name identityName = keyName.getSubName(0, keyName.size() - 1);
addIdentity(identityName);
ILOG.J2CsMapping.Collections.Collections.Put(keyStore_,keyName.toUri(),new MemoryIdentityStorage.KeyRecord (keyType, publicKeyDer));
}
/// <summary>
/// Compare a subset of this name to a subset of the other name, equivalent to
/// this.getSubName(iStartComponent, nComponents).compare
/// (other.getSubName(iOtherStartComponent, nOtherComponents)).
/// </summary>
///
/// <param name="iStartComponent">name.size() - N.</param>
/// <param name="nComponents"></param>
/// <param name="other">The other Name to compare with.</param>
/// <param name="iOtherStartComponent">starting from other.size() - N.</param>
/// <param name="nOtherComponents">until the end of the name.</param>
/// <returns>0 If the sub names compare equal, -1 if this sub name comes before
/// the other sub name in the canonical ordering, or 1 if after.</returns>
public int compare(int iStartComponent, int nComponents, Name other,
int iOtherStartComponent, int nOtherComponents)
{
if (iStartComponent < 0)
iStartComponent = size() - (-iStartComponent);
if (iOtherStartComponent < 0)
iOtherStartComponent = other.size() - (-iOtherStartComponent);
nComponents = Math.Min(nComponents,size() - iStartComponent);
nOtherComponents = Math.Min(nOtherComponents,other.size()
- iOtherStartComponent);
int count = Math.Min(nComponents,nOtherComponents);
for (int i = 0; i < count; ++i) {
int comparison = components_[iStartComponent + i].compare(
other.components_[iOtherStartComponent + i]);
if (comparison == 0)
// The components at this index are equal, so check the next components.
continue;
// Otherwise, the result is based on the components at this index.
return comparison;
}
// The components up to min(this.size(), other.size()) are equal, so the
// shorter name is less.
if (nComponents < nOtherComponents)
return -1;
else if (nComponents > nOtherComponents)
return 1;
else
return 0;
}
/// <summary>
/// Get the public key DER blob from the identity storage.
/// </summary>
///
/// <param name="keyName">The name of the requested public key.</param>
/// <returns>The DER Blob.</returns>
/// <exception cref="System.Security.SecurityException">if the key doesn't exist.</exception>
public override Blob getKey(Name keyName)
{
if (keyName.size() == 0)
throw new SecurityException(
"MemoryIdentityStorage::getKey: Empty keyName");
MemoryIdentityStorage.KeyRecord keyRecord = (MemoryIdentityStorage.KeyRecord ) ILOG.J2CsMapping.Collections.Collections.Get(keyStore_,keyName.toUri());
if (keyRecord == null)
throw new SecurityException(
"MemoryIdentityStorage::getKey: The key does not exist");
return keyRecord.getKeyDer();
}
static void Main(string[] args)
{
var interest = new Interest();
interest.wireDecode(new Blob(TlvInterest));
Console.Out.WriteLine("Interest:");
dumpInterest(interest);
// Set the name again to clear the cached encoding so we encode again.
interest.setName(interest.getName());
var encoding = interest.wireEncode();
Console.Out.WriteLine("");
Console.Out.WriteLine("Re-encoded interest " + encoding.toHex());
var reDecodedInterest = new Interest();
reDecodedInterest.wireDecode(encoding);
Console.Out.WriteLine("");
Console.Out.WriteLine("Re-decoded Interest:");
dumpInterest(reDecodedInterest);
var freshInterest = new Interest(new Name("/ndn/abc"));
freshInterest.setMinSuffixComponents(4);
freshInterest.setMaxSuffixComponents(6);
freshInterest.setInterestLifetimeMilliseconds(30000);
freshInterest.setChildSelector(1);
freshInterest.setMustBeFresh(true);
freshInterest.getKeyLocator().setType(KeyLocatorType.KEY_LOCATOR_DIGEST);
freshInterest.getKeyLocator().setKeyData
(new Blob(new byte[] {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }));
freshInterest.getExclude().appendComponent(new Name("abc").get(0)).appendAny();
var identityStorage = new MemoryIdentityStorage();
var privateKeyStorage = new MemoryPrivateKeyStorage();
var keyChain = new KeyChain
(new IdentityManager(identityStorage, privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
// Initialize the storage.
var keyName = new Name("/testname/DSK-123");
var certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER));
privateKeyStorage.setKeyPairForKeyName
(keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER),
new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER));
// Make a Face just so that we can sign the interest.
var face = new Face("localhost");
face.setCommandSigningInfo(keyChain, certificateName);
face.makeCommandInterest(freshInterest);
Interest reDecodedFreshInterest = new Interest();
reDecodedFreshInterest.wireDecode(freshInterest.wireEncode());
Console.Out.WriteLine("");
Console.Out.WriteLine("Re-decoded fresh Interest:");
dumpInterest(reDecodedFreshInterest);
VerifyCallbacks callbacks = new VerifyCallbacks("Freshly-signed Interest");
keyChain.verifyInterest(reDecodedFreshInterest, callbacks, callbacks);
}
/// <summary>
/// Get the public key DER blob from the identity storage.
/// </summary>
///
/// <param name="keyName">The name of the requested public key.</param>
/// <returns>The DER Blob.</returns>
/// <exception cref="System.Security.SecurityException">if the key doesn't exist.</exception>
public override sealed Blob getKey(Name keyName)
{
if (keyName.size() == 0)
throw new SecurityException(
"BasicIdentityStorage::getKey: Empty keyName");
String keyId = keyName.get(-1).toEscapedString();
Name identityName = keyName.getPrefix(-1);
try {
PreparedStatement statement = database_
.prepareStatement(net.named_data.jndn.security.identity.Sqlite3IdentityStorageBase.SELECT_getKey);
statement.setString(1, identityName.toUri());
statement.setString(2, keyId);
try {
SqlDataReader result = statement.executeQuery();
if (result.NextResult())
return new Blob(result.getBytes("public_key"), false);
else
throw new SecurityException(
"BasicIdentityStorage::getKey: The key does not exist");
} finally {
statement.close();
}
} catch (SQLException exception) {
throw new SecurityException("BasicIdentityStorage: SQLite error: "
+ exception);
}
}
