/**
* Create an identity certificate for a public key supplied by the caller.
*
* @param certificatePrefix The name of public key to be signed.
* @param publicKey The public key to be signed.
* @param signerCertificateName The name of signing certificate.
* @param notBefore The notBefore value in the validity field of the generated certificate.
* @param notAfter The notAfter vallue in validity field of the generated certificate.
* @return The generated identity certificate.
*/
public final IdentityCertificate createIdentityCertificate(
Name certificatePrefix,
PublicKey publicKey,
Name signerCertificateName,
double notBefore,
double notAfter)
throws SecurityException {
IdentityCertificate certificate = new IdentityCertificate();
Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);
Name certificateName = new Name(certificatePrefix);
certificateName.append("ID-CERT").appendVersion((long) Common.getNowMilliseconds());
certificate.setName(certificateName);
certificate.setNotBefore(notBefore);
certificate.setNotAfter(notAfter);
certificate.setPublicKeyInfo(publicKey);
certificate.addSubjectDescription(
new CertificateSubjectDescription("2.5.4.41", keyName.toUri()));
try {
certificate.encode();
} catch (DerEncodingException ex) {
throw new SecurityException("DerDecodingException: " + ex);
} catch (DerDecodingException ex) {
throw new SecurityException("DerEncodingException: " + ex);
}
Sha256WithRsaSignature sha256Sig = new Sha256WithRsaSignature();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(KeyLocatorType.KEYNAME);
keyLocator.setKeyName(signerCertificateName);
sha256Sig.setKeyLocator(keyLocator);
certificate.setSignature(sha256Sig);
SignedBlob unsignedData = certificate.wireEncode();
IdentityCertificate signerCertificate;
try {
signerCertificate = getCertificate(signerCertificateName);
} catch (DerDecodingException ex) {
throw new SecurityException("DerDecodingException: " + ex);
}
Name signerkeyName = signerCertificate.getPublicKeyName();
Blob sigBits = privateKeyStorage_.sign(unsignedData.signedBuf(), signerkeyName);
sha256Sig.setSignature(sigBits);
return certificate;
}
/**
* Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.
*
* @param data The Data object to be signed. This updates its signature and wireEncoding.
* @param wireFormat The WireFormat for calling encodeData.
*/
public final void signWithSha256(Data data, WireFormat wireFormat) {
data.setSignature(new DigestSha256Signature());
// Encode once to get the signed portion.
SignedBlob encoding = data.wireEncode(wireFormat);
// Digest and set the signature.
byte[] signedPortionDigest = Common.digestSha256(encoding.signedBuf());
data.getSignature().setSignature(new Blob(signedPortionDigest, false));
// Encode again to include the signature.
data.wireEncode(wireFormat);
}
/**
* Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and
* append a final name component with the signature bits (which is the digest).
*
* @param interest The Interest object to be signed. This appends name components of SignatureInfo
* and the signature bits.
* @param wireFormat A WireFormat object used to encode the input.
*/
public final void signInterestWithSha256(Interest interest, WireFormat wireFormat) {
DigestSha256Signature signature = new DigestSha256Signature();
// Append the encoded SignatureInfo.
interest.getName().append(wireFormat.encodeSignatureInfo(signature));
// Append an empty signature so that the "signedPortion" is correct.
interest.getName().append(new Name.Component());
// Encode once to get the signed portion.
SignedBlob encoding = interest.wireEncode(wireFormat);
// Digest and set the signature.
byte[] signedPortionDigest = Common.digestSha256(encoding.signedBuf());
signature.setSignature(new Blob(signedPortionDigest, false));
// Remove the empty signature and append the real one.
interest.setName(
interest.getName().getPrefix(-1).append(wireFormat.encodeSignatureValue(signature)));
}
/**
* Sign data packet based on the certificate name.
*
* @param data The Data object to sign and update its signature.
* @param certificateName The Name identifying the certificate which identifies the signing key.
* @param wireFormat The WireFormat for calling encodeData.
*/
public final void signByCertificate(Data data, Name certificateName, WireFormat wireFormat)
throws SecurityException {
DigestAlgorithm[] digestAlgorithm = new DigestAlgorithm[1];
Signature signature = makeSignatureByCertificate(certificateName, digestAlgorithm);
data.setSignature(signature);
// Encode once to get the signed portion.
SignedBlob encoding = data.wireEncode(wireFormat);
data.getSignature()
.setSignature(
privateKeyStorage_.sign(
encoding.signedBuf(),
IdentityCertificate.certificateNameToPublicKeyName(certificateName),
digestAlgorithm[0]));
// Encode again to include the signature.
data.wireEncode(wireFormat);
}
/**
* Append a SignatureInfo to the Interest name, sign the name components and append a final name
* component with the signature bits.
*
* @param interest The Interest object to be signed. This appends name components of SignatureInfo
* and the signature bits.
* @param certificateName The certificate name of the key to use for signing.
* @param wireFormat A WireFormat object used to encode the input.
*/
public final void signInterestByCertificate(
Interest interest, Name certificateName, WireFormat wireFormat) throws SecurityException {
DigestAlgorithm[] digestAlgorithm = new DigestAlgorithm[1];
Signature signature = makeSignatureByCertificate(certificateName, digestAlgorithm);
// Append the encoded SignatureInfo.
interest.getName().append(wireFormat.encodeSignatureInfo(signature));
// Append an empty signature so that the "signedPortion" is correct.
interest.getName().append(new Name.Component());
// Encode once to get the signed portion, and sign.
SignedBlob encoding = interest.wireEncode(wireFormat);
signature.setSignature(
privateKeyStorage_.sign(
encoding.signedBuf(),
IdentityCertificate.certificateNameToPublicKeyName(certificateName),
digestAlgorithm[0]));
// Remove the empty signature and append the real one.
interest.setName(
interest.getName().getPrefix(-1).append(wireFormat.encodeSignatureValue(signature)));
}
