/** * Add a public key to the identity storage. Also call addIdentity to ensure that the identityName * for the key exists. * * @param keyName The name of the public key to be added. * @param keyType Type of the public key to be added. * @param publicKeyDer A blob of the public key DER to be added. * @throws SecurityException if a key with the keyName already exists. */ public final void addKey(Name keyName, KeyType keyType, Blob publicKeyDer) throws SecurityException { if (keyName.size() == 0) return; checkAddKey(keyName); String keyId = keyName.get(-1).toEscapedString(); Name identityName = keyName.getPrefix(-1); addIdentity(identityName); try { PreparedStatement statement = database_.prepareStatement( "INSERT INTO Key (identity_name, key_identifier, key_type, public_key) values (?, ?, ?, ?)"); statement.setString(1, identityName.toUri()); statement.setString(2, keyId); statement.setInt(3, keyType.getNumericType()); statement.setBytes(4, publicKeyDer.getImmutableArray()); try { statement.executeUpdate(); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
/** * Set a key as the default key of an identity. The identity name is inferred from keyName. * * @param keyName The name of the key. * @param identityNameCheck The identity name to check that the keyName contains the same identity * name. If an empty name, it is ignored. */ public final void setDefaultKeyNameForIdentity(Name keyName, Name identityNameCheck) throws SecurityException { checkSetDefaultKeyNameForIdentity(keyName, identityNameCheck); String keyId = keyName.get(-1).toEscapedString(); Name identityName = keyName.getPrefix(-1); try { // Reset the previous default Key. PreparedStatement statement = database_.prepareStatement( "UPDATE Key SET default_key=0 WHERE " + WHERE_setDefaultKeyNameForIdentity_reset); statement.setString(1, identityName.toUri()); try { statement.executeUpdate(); } finally { statement.close(); } // Set the current default Key. statement = database_.prepareStatement( "UPDATE Key SET default_key=1 WHERE " + WHERE_setDefaultKeyNameForIdentity_set); statement.setString(1, identityName.toUri()); statement.setString(2, keyId); try { statement.executeUpdate(); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
@Before public void setUp() throws SecurityException { face_ = new Face(); // For now, when setting face.setCommandSigningInfo, use a key chain with // a default private key instead of the system default key chain. This // is OK for now because NFD is configured to skip verification, so it // ignores the system default key chain. // On a platform which supports it, it would be better to use the default // KeyChain constructor. MemoryIdentityStorage identityStorage = new MemoryIdentityStorage(); MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage(); KeyChain keyChain = new KeyChain( new IdentityManager(identityStorage, privateKeyStorage), new SelfVerifyPolicyManager(identityStorage)); keyChain.setFace(face_); // Initialize the storage. Name keyName = new Name("/testname/DSK-123"); Name certificateName = keyName .getSubName(0, keyName.size() - 1) .append("KEY") .append(keyName.get(-1)) .append("ID-CERT") .append("0"); identityStorage.addKey(keyName, KeyType.RSA, new Blob(DEFAULT_RSA_PUBLIC_KEY_DER, false)); privateKeyStorage.setKeyPairForKeyName( keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER); face_.setCommandSigningInfo(keyChain, certificateName); }
/** * Create an identity certificate for a public key supplied by the caller. * * @param certificatePrefix The name of public key to be signed. * @param publicKey The public key to be signed. * @param signerCertificateName The name of signing certificate. * @param notBefore The notBefore value in the validity field of the generated certificate. * @param notAfter The notAfter vallue in validity field of the generated certificate. * @return The generated identity certificate. */ public final IdentityCertificate createIdentityCertificate( Name certificatePrefix, PublicKey publicKey, Name signerCertificateName, double notBefore, double notAfter) throws SecurityException { IdentityCertificate certificate = new IdentityCertificate(); Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix); Name certificateName = new Name(certificatePrefix); certificateName.append("ID-CERT").appendVersion((long) Common.getNowMilliseconds()); certificate.setName(certificateName); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); certificate.setPublicKeyInfo(publicKey); certificate.addSubjectDescription( new CertificateSubjectDescription("2.5.4.41", keyName.toUri())); try { certificate.encode(); } catch (DerEncodingException ex) { throw new SecurityException("DerDecodingException: " + ex); } catch (DerDecodingException ex) { throw new SecurityException("DerEncodingException: " + ex); } Sha256WithRsaSignature sha256Sig = new Sha256WithRsaSignature(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(KeyLocatorType.KEYNAME); keyLocator.setKeyName(signerCertificateName); sha256Sig.setKeyLocator(keyLocator); certificate.setSignature(sha256Sig); SignedBlob unsignedData = certificate.wireEncode(); IdentityCertificate signerCertificate; try { signerCertificate = getCertificate(signerCertificateName); } catch (DerDecodingException ex) { throw new SecurityException("DerDecodingException: " + ex); } Name signerkeyName = signerCertificate.getPublicKeyName(); Blob sigBits = privateKeyStorage_.sign(unsignedData.signedBuf(), signerkeyName); sha256Sig.setSignature(sigBits); return certificate; }
/** * Set the default identity. If the identityName does not exist, then clear the default identity * so that getDefaultIdentity() throws an exception. * * @param identityName The default identity name. */ public final void setDefaultIdentity(Name identityName) throws SecurityException { try { // Reset the previous default identity. PreparedStatement statement = database_.prepareStatement( "UPDATE Identity SET default_identity=0 WHERE " + WHERE_setDefaultIdentity_reset); try { statement.executeUpdate(); } finally { statement.close(); } // Set the current default identity. statement = database_.prepareStatement( "UPDATE Identity SET default_identity=1 WHERE " + WHERE_setDefaultIdentity_set); statement.setString(1, identityName.toUri()); try { statement.executeUpdate(); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
/** * Delete a certificate. * * @param certificateName The certificate name. */ public void deleteCertificateInfo(Name certificateName) throws SecurityException { if (certificateName.size() == 0) return; try { PreparedStatement statement = database_.prepareStatement( "DELETE FROM Certificate WHERE " + WHERE_deleteCertificateInfo); statement.setString(1, certificateName.toUri()); try { statement.executeUpdate(); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
/** * Generate a self-signed certificate for a public key. * * @param keyName The name of the public key. * @return The generated certificate. */ public IdentityCertificate selfSign(Name keyName) throws SecurityException { IdentityCertificate certificate = new IdentityCertificate(); Blob keyBlob = identityStorage_.getKey(keyName); PublicKey publicKey = new PublicKey(keyBlob); Calendar calendar = Calendar.getInstance(); double notBefore = (double) calendar.getTimeInMillis(); calendar.add(Calendar.YEAR, 2); double notAfter = (double) calendar.getTimeInMillis(); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); Name certificateName = keyName .getPrefix(-1) .append("KEY") .append(keyName.get(-1)) .append("ID-CERT") .appendVersion((long) certificate.getNotBefore()); certificate.setName(certificateName); certificate.setPublicKeyInfo(publicKey); certificate.addSubjectDescription( new CertificateSubjectDescription("2.5.4.41", keyName.toUri())); try { certificate.encode(); } catch (DerEncodingException ex) { // We don't expect this to happen. Logger.getLogger(IdentityManager.class.getName()).log(Level.SEVERE, null, ex); return null; } catch (DerDecodingException ex) { // We don't expect this to happen. Logger.getLogger(IdentityManager.class.getName()).log(Level.SEVERE, null, ex); return null; } signByCertificate(certificate, certificate.getName()); return certificate; }
private static boolean isCorrectName(Name name) { int i = name.size() - 1; String idString = "ID-CERT"; for (; i >= 0; i--) { if (name.get(i).toEscapedString().equals(idString)) break; } if (i < 0) return false; int keyIdx = 0; String keyString = "KEY"; for (; keyIdx < name.size(); keyIdx++) { if (name.get(keyIdx).toEscapedString().equals(keyString)) break; } if (keyIdx >= name.size()) return false; return true; }
/** * In table Key, set 'active' to isActive for the keyName. * * @param keyName The name of the key. * @param isActive The value for the 'active' field. */ protected void updateKeyStatus(Name keyName, boolean isActive) throws SecurityException { String keyId = keyName.get(-1).toEscapedString(); Name identityName = keyName.getPrefix(-1); try { PreparedStatement statement = database_.prepareStatement("UPDATE Key SET active=? WHERE " + WHERE_updateKeyStatus); statement.setInt(1, (isActive ? 1 : 0)); statement.setString(2, identityName.toUri()); statement.setString(3, keyId); try { statement.executeUpdate(); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
/** * Check if the specified key already exists. * * @param keyName The name of the key. * @return true if the key exists, otherwise false. */ public final boolean doesKeyExist(Name keyName) throws SecurityException { String keyId = keyName.get(-1).toEscapedString(); Name identityName = keyName.getPrefix(-1); try { PreparedStatement statement = database_.prepareStatement(SELECT_doesKeyExist); statement.setString(1, identityName.toUri()); statement.setString(2, keyId); try { ResultSet result = statement.executeQuery(); if (result.next()) return result.getInt(1) > 0; else return false; } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
/** * Delete a public key and related certificates. * * @param keyName The key name. */ public void deletePublicKeyInfo(Name keyName) throws SecurityException { if (keyName.size() == 0) return; String keyId = keyName.get(-1).toEscapedString(); Name identityName = keyName.getPrefix(-1); try { PreparedStatement statement = database_.prepareStatement("DELETE FROM Certificate WHERE " + WHERE_deletePublicKeyInfo); statement.setString(1, identityName.toUri()); statement.setString(2, keyId); try { statement.executeUpdate(); } finally { statement.close(); } statement = database_.prepareStatement("DELETE FROM Key WHERE " + WHERE_deletePublicKeyInfo); statement.setString(1, identityName.toUri()); statement.setString(2, keyId); try { statement.executeUpdate(); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
private static Name getKeyNameFromCertificatePrefix(Name certificatePrefix) throws SecurityException { Name result = new Name(); String keyString = "KEY"; int i = 0; for (; i < certificatePrefix.size(); i++) { if (certificatePrefix.get(i).toEscapedString().equals(keyString)) break; } if (i >= certificatePrefix.size()) throw new SecurityException("Identity Certificate Prefix does not have a KEY component"); result.append(certificatePrefix.getSubName(0, i)); result.append(certificatePrefix.getSubName(i + 1, certificatePrefix.size() - i - 1)); return result; }
/** * Get the public key DER blob from the identity storage. * * @param keyName The name of the requested public key. * @return The DER Blob. If not found, return a Blob with a null pointer. */ public final Blob getKey(Name keyName) throws SecurityException { if (!doesKeyExist(keyName)) return new Blob(); String keyId = keyName.get(-1).toEscapedString(); Name identityName = keyName.getPrefix(-1); try { PreparedStatement statement = database_.prepareStatement(SELECT_getKey); statement.setString(1, identityName.toUri()); statement.setString(2, keyId); try { ResultSet result = statement.executeQuery(); if (result.next()) return new Blob(result.getBytes("public_key")); else return new Blob(); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
/** * Return a new Signature object based on the signature algorithm of the public key with keyName * (derived from certificateName). * * @param certificateName The certificate name. * @param digestAlgorithm Set digestAlgorithm[0] to the signature algorithm's digest algorithm, * e.g. DigestAlgorithm.SHA256. * @return A new object of the correct subclass of Signature. */ private Signature makeSignatureByCertificate( Name certificateName, DigestAlgorithm[] digestAlgorithm) throws SecurityException { Name keyName = IdentityCertificate.certificateNameToPublicKeyName(certificateName); PublicKey publicKey = privateKeyStorage_.getPublicKey(keyName); KeyType keyType = publicKey.getKeyType(); if (keyType == KeyType.RSA) { Sha256WithRsaSignature signature = new Sha256WithRsaSignature(); digestAlgorithm[0] = DigestAlgorithm.SHA256; signature.getKeyLocator().setType(KeyLocatorType.KEYNAME); signature.getKeyLocator().setKeyName(certificateName.getPrefix(-1)); return signature; } else if (keyType == KeyType.ECDSA) { Sha256WithEcdsaSignature signature = new Sha256WithEcdsaSignature(); digestAlgorithm[0] = DigestAlgorithm.SHA256; signature.getKeyLocator().setType(KeyLocatorType.KEYNAME); signature.getKeyLocator().setKeyName(certificateName.getPrefix(-1)); return signature; } else throw new SecurityException("Key type is not recognized"); }
/** * Get the default certificate name for the specified key. * * @param keyName The key name. * @return The default certificate name. * @throws SecurityException if the default certificate name for the key name is not set. */ public final Name getDefaultCertificateNameForKey(Name keyName) throws SecurityException { String keyId = keyName.get(-1).toEscapedString(); Name identityName = keyName.getPrefix(-1); try { PreparedStatement statement = database_.prepareStatement(SELECT_getDefaultCertificateNameForKey); statement.setString(1, identityName.toUri()); statement.setString(2, keyId); try { ResultSet result = statement.executeQuery(); if (result.next()) return new Name(result.getString("cert_name")); else throw new SecurityException( "BasicIdentityStorage.getDefaultCertificateNameForKey: The default certificate for the key name is not defined"); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
/** * Check if the specified certificate already exists. * * @param certificateName The name of the certificate. * @return True if the certificate exists, otherwise false. */ public final boolean doesCertificateExist(Name certificateName) throws SecurityException { try { PreparedStatement statement = database_.prepareStatement(SELECT_doesCertificateExist); statement.setString(1, certificateName.toUri()); try { ResultSet result = statement.executeQuery(); if (result.next()) return result.getInt(1) > 0; else return false; } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
/** * Add a new identity. Do nothing if the identity already exists. * * @param identityName The identity name to be added. */ public final void addIdentity(Name identityName) throws SecurityException { if (doesIdentityExist(identityName)) return; try { PreparedStatement statement = database_.prepareStatement("INSERT INTO Identity (identity_name) values (?)"); statement.setString(1, identityName.toUri()); try { statement.executeUpdate(); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
/** * Add a certificate to the identity storage. * * @param certificate The certificate to be added. This makes a copy of the certificate. * @throws SecurityException if the certificate is already installed. */ public final void addCertificate(IdentityCertificate certificate) throws SecurityException { checkAddCertificate(certificate); Name certificateName = certificate.getName(); Name keyName = certificate.getPublicKeyName(); // Insert the certificate. try { PreparedStatement statement = database_.prepareStatement( "INSERT INTO Certificate (cert_name, cert_issuer, identity_name, key_identifier, not_before, not_after, certificate_data) " + "values (?, ?, ?, ?, datetime(?, 'unixepoch'), datetime(?, 'unixepoch'), ?)"); statement.setString(1, certificateName.toUri()); Name signerName = KeyLocator.getFromSignature(certificate.getSignature()).getKeyName(); statement.setString(2, signerName.toUri()); String keyId = keyName.get(-1).toEscapedString(); Name identity = keyName.getPrefix(-1); statement.setString(3, identity.toUri()); statement.setString(4, keyId); // Convert from milliseconds to seconds since 1/1/1970. statement.setLong(5, (long) (Math.floor(certificate.getNotBefore() / 1000.0))); statement.setLong(6, (long) (Math.floor(certificate.getNotAfter() / 1000.0))); // wireEncode returns the cached encoding if available. statement.setBytes(7, certificate.wireEncode().getImmutableArray()); try { statement.executeUpdate(); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
/** * Get a certificate from the identity storage. * * @param certificateName The name of the requested certificate. * @param allowAny If false, only a valid certificate will be returned, otherwise validity is * disregarded. * @return The requested certificate. If not found, return null. */ public final IdentityCertificate getCertificate(Name certificateName, boolean allowAny) throws SecurityException { if (doesCertificateExist(certificateName)) { try { PreparedStatement statement; if (!allowAny) { throw new UnsupportedOperationException( "BasicIdentityStorage.getCertificate for !allowAny is not implemented"); /* statement = database_.prepareStatement ("SELECT certificate_data FROM Certificate " + "WHERE cert_name=? AND not_before<datetime(?, 'unixepoch') AND not_after>datetime(?, 'unixepoch') and valid_flag=1"); statement.setString(1, certificateName.toUri()); sqlite3_bind_int64(statement, 2, (sqlite3_int64)floor(ndn_getNowMilliseconds() / 1000.0)); sqlite3_bind_int64(statement, 3, (sqlite3_int64)floor(ndn_getNowMilliseconds() / 1000.0)); */ } else { statement = database_.prepareStatement(SELECT_getCertificate); statement.setString(1, certificateName.toUri()); } IdentityCertificate certificate = new IdentityCertificate(); try { ResultSet result = statement.executeQuery(); if (result.next()) { try { certificate.wireDecode(new Blob(result.getBytes("certificate_data"))); } catch (EncodingException ex) { throw new SecurityException( "BasicIdentityStorage: Error decoding certificate data: " + ex); } } } finally { statement.close(); } return certificate; } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } } else return new IdentityCertificate(); }
/** * Get the default key name for the specified identity. * * @param identityName The identity name. * @return The default key name. * @throws SecurityException if the default key name for the identity is not set. */ public final Name getDefaultKeyNameForIdentity(Name identityName) throws SecurityException { try { PreparedStatement statement = database_.prepareStatement(SELECT_getDefaultKeyNameForIdentity); statement.setString(1, identityName.toUri()); try { ResultSet result = statement.executeQuery(); if (result.next()) return new Name(identityName).append(result.getString("key_identifier")); else throw new SecurityException( "BasicIdentityStorage.getDefaultKeyNameForIdentity: The default key for the identity is not defined"); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
/** * Append all the key names of a particular identity to the nameList. * * @param identityName The identity name to search for. * @param nameList Append result names to nameList. * @param isDefault If true, add only the default key name. If false, add only the non-default key * names. */ public void getAllKeyNamesOfIdentity(Name identityName, ArrayList nameList, boolean isDefault) throws SecurityException { try { String sql = isDefault ? SELECT_getAllKeyNamesOfIdentity_default_true : SELECT_getAllKeyNamesOfIdentity_default_false; PreparedStatement statement = database_.prepareStatement(sql); statement.setString(1, identityName.toUri()); try { ResultSet result = statement.executeQuery(); while (result.next()) nameList.add(new Name(identityName).append(result.getString("key_identifier"))); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
/** * Delete an identity and related public keys and certificates. * * @param identityName The identity name. */ public void deleteIdentityInfo(Name identityName) throws SecurityException { String identity = identityName.toUri(); try { PreparedStatement statement = database_.prepareStatement("DELETE FROM Certificate WHERE " + WHERE_deleteIdentityInfo); statement.setString(1, identity); try { statement.executeUpdate(); } finally { statement.close(); } statement = database_.prepareStatement("DELETE FROM Key WHERE " + WHERE_deleteIdentityInfo); statement.setString(1, identity); try { statement.executeUpdate(); } finally { statement.close(); } statement = database_.prepareStatement("DELETE FROM Identity WHERE " + WHERE_deleteIdentityInfo); statement.setString(1, identity); try { statement.executeUpdate(); } finally { statement.close(); } } catch (SQLException exception) { throw new SecurityException("BasicIdentityStorage: SQLite error: " + exception); } }
/** * Prepare an unsigned identity certificate. * * @param keyName The key name, e.g., `/{identity_name}/ksk-123456`. * @param publicKey The public key to sign. * @param signingIdentity The signing identity. * @param notBefore See IdentityCertificate. * @param notAfter See IdentityCertificate. * @param subjectDescription A list of CertificateSubjectDescription. See IdentityCertificate. If * null or empty, this adds a an ATTRIBUTE_NAME based on the keyName. * @param certPrefix The prefix before the `KEY` component. If null, this infers the certificate * name according to the relation between the signingIdentity and the subject identity. If the * signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the * signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before * `ksk-...`). * @return The unsigned IdentityCertificate, or null if the inputs are invalid. */ public final IdentityCertificate prepareUnsignedIdentityCertificate( Name keyName, PublicKey publicKey, Name signingIdentity, double notBefore, double notAfter, List subjectDescription, Name certPrefix) throws SecurityException { if (keyName.size() < 1) return null; String tempKeyIdPrefix = keyName.get(-1).toEscapedString(); if (tempKeyIdPrefix.length() < 4) return null; String keyIdPrefix = tempKeyIdPrefix.substring(0, 4); if (!keyIdPrefix.equals("ksk-") && !keyIdPrefix.equals("dsk-")) return null; IdentityCertificate certificate = new IdentityCertificate(); Name certName = new Name(); if (certPrefix == null) { // No certificate prefix hint, so infer the prefix. if (signingIdentity.match(keyName)) certName .append(signingIdentity) .append("KEY") .append(keyName.getSubName(signingIdentity.size())) .append("ID-CERT") .appendVersion((long) Common.getNowMilliseconds()); else certName .append(keyName.getPrefix(-1)) .append("KEY") .append(keyName.get(-1)) .append("ID-CERT") .appendVersion((long) Common.getNowMilliseconds()); } else { // A cert prefix hint is supplied, so determine the cert name. if (certPrefix.match(keyName) && !certPrefix.equals(keyName)) certName .append(certPrefix) .append("KEY") .append(keyName.getSubName(certPrefix.size())) .append("ID-CERT") .appendVersion((long) Common.getNowMilliseconds()); else return null; } certificate.setName(certName); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); certificate.setPublicKeyInfo(publicKey); if (subjectDescription == null || subjectDescription.isEmpty()) certificate.addSubjectDescription( new CertificateSubjectDescription("2.5.4.41", keyName.getPrefix(-1).toUri())); else { for (int i = 0; i < subjectDescription.size(); ++i) certificate.addSubjectDescription( (CertificateSubjectDescription) subjectDescription.get(i)); } try { certificate.encode(); } catch (DerEncodingException ex) { throw new SecurityException("DerEncodingException: " + ex); } catch (DerDecodingException ex) { throw new SecurityException("DerDecodingException: " + ex); } return certificate; }
/** * Get the public key name from the full certificate name. * * @param certificateName The full certificate name. * @return The related public key name. */ public static Name certificateNameToPublicKeyName(Name certificateName) { String idString = "ID-CERT"; boolean foundIdString = false; int idCertComponentIndex = certificateName.size() - 1; for (; idCertComponentIndex + 1 > 0; --idCertComponentIndex) { if (certificateName.get(idCertComponentIndex).toEscapedString().equals(idString)) { foundIdString = true; break; } } if (!foundIdString) throw new Error("Incorrect identity certificate name " + certificateName.toUri()); Name tempName = certificateName.getSubName(0, idCertComponentIndex); String keyString = "KEY"; boolean foundKeyString = false; int keyComponentIndex = 0; for (; keyComponentIndex < tempName.size(); keyComponentIndex++) { if (tempName.get(keyComponentIndex).toEscapedString().equals(keyString)) { foundKeyString = true; break; } } if (!foundKeyString) throw new Error("Incorrect identity certificate name " + certificateName.toUri()); return tempName .getSubName(0, keyComponentIndex) .append( tempName.getSubName(keyComponentIndex + 1, tempName.size() - keyComponentIndex - 1)); }