Beispiel #1
0
  /**
   * Create an identity certificate for a public key supplied by the caller.
   *
   * @param certificatePrefix The name of public key to be signed.
   * @param publicKey The public key to be signed.
   * @param signerCertificateName The name of signing certificate.
   * @param notBefore The notBefore value in the validity field of the generated certificate.
   * @param notAfter The notAfter vallue in validity field of the generated certificate.
   * @return The generated identity certificate.
   */
  public final IdentityCertificate createIdentityCertificate(
      Name certificatePrefix,
      PublicKey publicKey,
      Name signerCertificateName,
      double notBefore,
      double notAfter)
      throws SecurityException {
    IdentityCertificate certificate = new IdentityCertificate();
    Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);

    Name certificateName = new Name(certificatePrefix);
    certificateName.append("ID-CERT").appendVersion((long) Common.getNowMilliseconds());

    certificate.setName(certificateName);
    certificate.setNotBefore(notBefore);
    certificate.setNotAfter(notAfter);
    certificate.setPublicKeyInfo(publicKey);
    certificate.addSubjectDescription(
        new CertificateSubjectDescription("2.5.4.41", keyName.toUri()));
    try {
      certificate.encode();
    } catch (DerEncodingException ex) {
      throw new SecurityException("DerDecodingException: " + ex);
    } catch (DerDecodingException ex) {
      throw new SecurityException("DerEncodingException: " + ex);
    }

    Sha256WithRsaSignature sha256Sig = new Sha256WithRsaSignature();

    KeyLocator keyLocator = new KeyLocator();
    keyLocator.setType(KeyLocatorType.KEYNAME);
    keyLocator.setKeyName(signerCertificateName);

    sha256Sig.setKeyLocator(keyLocator);

    certificate.setSignature(sha256Sig);

    SignedBlob unsignedData = certificate.wireEncode();

    IdentityCertificate signerCertificate;
    try {
      signerCertificate = getCertificate(signerCertificateName);
    } catch (DerDecodingException ex) {
      throw new SecurityException("DerDecodingException: " + ex);
    }
    Name signerkeyName = signerCertificate.getPublicKeyName();

    Blob sigBits = privateKeyStorage_.sign(unsignedData.signedBuf(), signerkeyName);

    sha256Sig.setSignature(sigBits);

    return certificate;
  }
Beispiel #2
0
  /**
   * Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.
   *
   * @param data The Data object to be signed. This updates its signature and wireEncoding.
   * @param wireFormat The WireFormat for calling encodeData.
   */
  public final void signWithSha256(Data data, WireFormat wireFormat) {
    data.setSignature(new DigestSha256Signature());

    // Encode once to get the signed portion.
    SignedBlob encoding = data.wireEncode(wireFormat);

    // Digest and set the signature.
    byte[] signedPortionDigest = Common.digestSha256(encoding.signedBuf());
    data.getSignature().setSignature(new Blob(signedPortionDigest, false));

    // Encode again to include the signature.
    data.wireEncode(wireFormat);
  }
Beispiel #3
0
  /**
   * Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and
   * append a final name component with the signature bits (which is the digest).
   *
   * @param interest The Interest object to be signed. This appends name components of SignatureInfo
   *     and the signature bits.
   * @param wireFormat A WireFormat object used to encode the input.
   */
  public final void signInterestWithSha256(Interest interest, WireFormat wireFormat) {
    DigestSha256Signature signature = new DigestSha256Signature();
    // Append the encoded SignatureInfo.
    interest.getName().append(wireFormat.encodeSignatureInfo(signature));

    // Append an empty signature so that the "signedPortion" is correct.
    interest.getName().append(new Name.Component());
    // Encode once to get the signed portion.
    SignedBlob encoding = interest.wireEncode(wireFormat);

    // Digest and set the signature.
    byte[] signedPortionDigest = Common.digestSha256(encoding.signedBuf());
    signature.setSignature(new Blob(signedPortionDigest, false));

    // Remove the empty signature and append the real one.
    interest.setName(
        interest.getName().getPrefix(-1).append(wireFormat.encodeSignatureValue(signature)));
  }
Beispiel #4
0
  /**
   * Sign data packet based on the certificate name.
   *
   * @param data The Data object to sign and update its signature.
   * @param certificateName The Name identifying the certificate which identifies the signing key.
   * @param wireFormat The WireFormat for calling encodeData.
   */
  public final void signByCertificate(Data data, Name certificateName, WireFormat wireFormat)
      throws SecurityException {
    DigestAlgorithm[] digestAlgorithm = new DigestAlgorithm[1];
    Signature signature = makeSignatureByCertificate(certificateName, digestAlgorithm);

    data.setSignature(signature);
    // Encode once to get the signed portion.
    SignedBlob encoding = data.wireEncode(wireFormat);

    data.getSignature()
        .setSignature(
            privateKeyStorage_.sign(
                encoding.signedBuf(),
                IdentityCertificate.certificateNameToPublicKeyName(certificateName),
                digestAlgorithm[0]));

    // Encode again to include the signature.
    data.wireEncode(wireFormat);
  }
Beispiel #5
0
  /**
   * Append a SignatureInfo to the Interest name, sign the name components and append a final name
   * component with the signature bits.
   *
   * @param interest The Interest object to be signed. This appends name components of SignatureInfo
   *     and the signature bits.
   * @param certificateName The certificate name of the key to use for signing.
   * @param wireFormat A WireFormat object used to encode the input.
   */
  public final void signInterestByCertificate(
      Interest interest, Name certificateName, WireFormat wireFormat) throws SecurityException {
    DigestAlgorithm[] digestAlgorithm = new DigestAlgorithm[1];
    Signature signature = makeSignatureByCertificate(certificateName, digestAlgorithm);

    // Append the encoded SignatureInfo.
    interest.getName().append(wireFormat.encodeSignatureInfo(signature));

    // Append an empty signature so that the "signedPortion" is correct.
    interest.getName().append(new Name.Component());
    // Encode once to get the signed portion, and sign.
    SignedBlob encoding = interest.wireEncode(wireFormat);
    signature.setSignature(
        privateKeyStorage_.sign(
            encoding.signedBuf(),
            IdentityCertificate.certificateNameToPublicKeyName(certificateName),
            digestAlgorithm[0]));

    // Remove the empty signature and append the real one.
    interest.setName(
        interest.getName().getPrefix(-1).append(wireFormat.encodeSignatureValue(signature)));
  }