@Test
public void testValidityPeriodChecking() throws ParseException {
Certificate certificate = new Certificate();
certificate.setName(new Name("/ndn/site1/ksk-1416425377094/KEY/0123/%FD%00%00%01I%C9%8B"));
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0);
certificate.setContent(new Blob(PUBLIC_KEY, false));
certificate.setSignature(new Sha256WithRsaSignature());
Sha256WithRsaSignature signatureInfo = (Sha256WithRsaSignature) certificate.getSignature();
signatureInfo.getKeyLocator().setType(KeyLocatorType.KEYNAME);
signatureInfo.getKeyLocator().setKeyName(new Name("/ndn/site1/ksk-2516425377094/KEY"));
double notBefore = fromIsoString("20150819T120000");
double notAfter = fromIsoString("20150823T120000");
signatureInfo.getValidityPeriod().setPeriod(notBefore, notAfter);
signatureInfo.setSignature(new Blob(SIG_VALUE, false));
assertEquals(false, certificate.isInValidityPeriod(fromIsoString("20150819T115959")));
assertEquals(true, certificate.isInValidityPeriod(fromIsoString("20150819T120000")));
assertEquals(true, certificate.isInValidityPeriod(fromIsoString("20150823T120000")));
assertEquals(false, certificate.isInValidityPeriod(fromIsoString("20150823T120001")));
assertEquals(false, certificate.isInValidityPeriod(fromIsoString("20150921T130000")));
}
/**
* Create an identity certificate for a public key supplied by the caller.
*
* @param certificatePrefix The name of public key to be signed.
* @param publicKey The public key to be signed.
* @param signerCertificateName The name of signing certificate.
* @param notBefore The notBefore value in the validity field of the generated certificate.
* @param notAfter The notAfter vallue in validity field of the generated certificate.
* @return The generated identity certificate.
*/
public final IdentityCertificate createIdentityCertificate(
Name certificatePrefix,
PublicKey publicKey,
Name signerCertificateName,
double notBefore,
double notAfter)
throws SecurityException {
IdentityCertificate certificate = new IdentityCertificate();
Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);
Name certificateName = new Name(certificatePrefix);
certificateName.append("ID-CERT").appendVersion((long) Common.getNowMilliseconds());
certificate.setName(certificateName);
certificate.setNotBefore(notBefore);
certificate.setNotAfter(notAfter);
certificate.setPublicKeyInfo(publicKey);
certificate.addSubjectDescription(
new CertificateSubjectDescription("2.5.4.41", keyName.toUri()));
try {
certificate.encode();
} catch (DerEncodingException ex) {
throw new SecurityException("DerDecodingException: " + ex);
} catch (DerDecodingException ex) {
throw new SecurityException("DerEncodingException: " + ex);
}
Sha256WithRsaSignature sha256Sig = new Sha256WithRsaSignature();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(KeyLocatorType.KEYNAME);
keyLocator.setKeyName(signerCertificateName);
sha256Sig.setKeyLocator(keyLocator);
certificate.setSignature(sha256Sig);
SignedBlob unsignedData = certificate.wireEncode();
IdentityCertificate signerCertificate;
try {
signerCertificate = getCertificate(signerCertificateName);
} catch (DerDecodingException ex) {
throw new SecurityException("DerDecodingException: " + ex);
}
Name signerkeyName = signerCertificate.getPublicKeyName();
Blob sigBits = privateKeyStorage_.sign(unsignedData.signedBuf(), signerkeyName);
sha256Sig.setSignature(sigBits);
return certificate;
}
/**
* Return a new Signature object based on the signature algorithm of the public key with keyName
* (derived from certificateName).
*
* @param certificateName The certificate name.
* @param digestAlgorithm Set digestAlgorithm[0] to the signature algorithm's digest algorithm,
* e.g. DigestAlgorithm.SHA256.
* @return A new object of the correct subclass of Signature.
*/
private Signature makeSignatureByCertificate(
Name certificateName, DigestAlgorithm[] digestAlgorithm) throws SecurityException {
Name keyName = IdentityCertificate.certificateNameToPublicKeyName(certificateName);
PublicKey publicKey = privateKeyStorage_.getPublicKey(keyName);
KeyType keyType = publicKey.getKeyType();
if (keyType == KeyType.RSA) {
Sha256WithRsaSignature signature = new Sha256WithRsaSignature();
digestAlgorithm[0] = DigestAlgorithm.SHA256;
signature.getKeyLocator().setType(KeyLocatorType.KEYNAME);
signature.getKeyLocator().setKeyName(certificateName.getPrefix(-1));
return signature;
} else if (keyType == KeyType.ECDSA) {
Sha256WithEcdsaSignature signature = new Sha256WithEcdsaSignature();
digestAlgorithm[0] = DigestAlgorithm.SHA256;
signature.getKeyLocator().setType(KeyLocatorType.KEYNAME);
signature.getKeyLocator().setKeyName(certificateName.getPrefix(-1));
return signature;
} else throw new SecurityException("Key type is not recognized");
}
