Пример #1
0
  /**
   * Append a timestamp component and a random value component to interest's name. This ensures that
   * the timestamp is greater than the timestamp used in the previous call. Then use keyChain to
   * sign the interest which appends a SignatureInfo component and a component with the signature
   * bits. If the interest lifetime is not set, this sets it.
   *
   * @param interest The interest whose name is append with components.
   * @param keyChain The KeyChain for calling sign.
   * @param certificateName The certificate name of the key to use for signing.
   * @param wireFormat A WireFormat object used to encode the SignatureInfo and to encode interest
   *     name for signing.
   */
  public void generate(
      Interest interest, KeyChain keyChain, Name certificateName, WireFormat wireFormat)
      throws SecurityException {
    double timestamp;
    synchronized (lastTimestampLock_) {
      timestamp = Math.round(Common.getNowMilliseconds());
      while (timestamp <= lastTimestamp_) timestamp += 1.0;
      // Update the timestamp now while it is locked. In the small chance that
      //   signing fails, it just means that we have bumped the timestamp.
      lastTimestamp_ = timestamp;
    }

    // The timestamp is encoded as a TLV nonNegativeInteger.
    TlvEncoder encoder = new TlvEncoder(8);
    encoder.writeNonNegativeInteger((long) timestamp);
    interest.getName().append(new Blob(encoder.getOutput(), false));

    // The random value is a TLV nonNegativeInteger too, but we know it is 8 bytes,
    //   so we don't need to call the nonNegativeInteger encoder.
    ByteBuffer randomBuffer = ByteBuffer.allocate(8);
    // Note: SecureRandom is thread safe.
    Common.getRandom().nextBytes(randomBuffer.array());
    interest.getName().append(new Blob(randomBuffer, false));

    keyChain.sign(interest, certificateName, wireFormat);

    if (interest.getInterestLifetimeMilliseconds() < 0)
      // The caller has not set the interest lifetime, so set it here.
      interest.setInterestLifetimeMilliseconds(1000.0);
  }
Пример #2
0
  /**
   * Make and sign a command interest to enable or disable LocalControlHeader.
   *
   * @param enable If true, use "enable-local-control". Otherwise, use "disable-local-control".
   * @param localControlFeature The value for the ControlParameters as follows: 1 = IncomingFaceId,
   *     2 = NextHopFaceId, 3 = CachingPolicy.
   * @return
   */
  private Interest makeLocalControlCommand(boolean enable, int localControlFeature)
      throws SecurityException {
    ControlParameters controlParameters = new ControlParameters();
    controlParameters.setLocalControlFeature(localControlFeature);

    Interest interest = new Interest(new Name("/localhost/nfd/faces"));
    interest.getName().append(enable ? "enable-local-control" : "disable-local-control");
    interest.getName().append(controlParameters.wireEncode());
    face_.makeCommandInterest(interest);

    return interest;
  }
Пример #3
0
  /**
   * Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and
   * append a final name component with the signature bits (which is the digest).
   *
   * @param interest The Interest object to be signed. This appends name components of SignatureInfo
   *     and the signature bits.
   * @param wireFormat A WireFormat object used to encode the input.
   */
  public final void signInterestWithSha256(Interest interest, WireFormat wireFormat) {
    DigestSha256Signature signature = new DigestSha256Signature();
    // Append the encoded SignatureInfo.
    interest.getName().append(wireFormat.encodeSignatureInfo(signature));

    // Append an empty signature so that the "signedPortion" is correct.
    interest.getName().append(new Name.Component());
    // Encode once to get the signed portion.
    SignedBlob encoding = interest.wireEncode(wireFormat);

    // Digest and set the signature.
    byte[] signedPortionDigest = Common.digestSha256(encoding.signedBuf());
    signature.setSignature(new Blob(signedPortionDigest, false));

    // Remove the empty signature and append the real one.
    interest.setName(
        interest.getName().getPrefix(-1).append(wireFormat.encodeSignatureValue(signature)));
  }
Пример #4
0
  /**
   * Append a SignatureInfo to the Interest name, sign the name components and append a final name
   * component with the signature bits.
   *
   * @param interest The Interest object to be signed. This appends name components of SignatureInfo
   *     and the signature bits.
   * @param certificateName The certificate name of the key to use for signing.
   * @param wireFormat A WireFormat object used to encode the input.
   */
  public final void signInterestByCertificate(
      Interest interest, Name certificateName, WireFormat wireFormat) throws SecurityException {
    DigestAlgorithm[] digestAlgorithm = new DigestAlgorithm[1];
    Signature signature = makeSignatureByCertificate(certificateName, digestAlgorithm);

    // Append the encoded SignatureInfo.
    interest.getName().append(wireFormat.encodeSignatureInfo(signature));

    // Append an empty signature so that the "signedPortion" is correct.
    interest.getName().append(new Name.Component());
    // Encode once to get the signed portion, and sign.
    SignedBlob encoding = interest.wireEncode(wireFormat);
    signature.setSignature(
        privateKeyStorage_.sign(
            encoding.signedBuf(),
            IdentityCertificate.certificateNameToPublicKeyName(certificateName),
            digestAlgorithm[0]));

    // Remove the empty signature and append the real one.
    interest.setName(
        interest.getName().getPrefix(-1).append(wireFormat.encodeSignatureValue(signature)));
  }