/** * Append a timestamp component and a random value component to interest's name. This ensures that * the timestamp is greater than the timestamp used in the previous call. Then use keyChain to * sign the interest which appends a SignatureInfo component and a component with the signature * bits. If the interest lifetime is not set, this sets it. * * @param interest The interest whose name is append with components. * @param keyChain The KeyChain for calling sign. * @param certificateName The certificate name of the key to use for signing. * @param wireFormat A WireFormat object used to encode the SignatureInfo and to encode interest * name for signing. */ public void generate( Interest interest, KeyChain keyChain, Name certificateName, WireFormat wireFormat) throws SecurityException { double timestamp; synchronized (lastTimestampLock_) { timestamp = Math.round(Common.getNowMilliseconds()); while (timestamp <= lastTimestamp_) timestamp += 1.0; // Update the timestamp now while it is locked. In the small chance that // signing fails, it just means that we have bumped the timestamp. lastTimestamp_ = timestamp; } // The timestamp is encoded as a TLV nonNegativeInteger. TlvEncoder encoder = new TlvEncoder(8); encoder.writeNonNegativeInteger((long) timestamp); interest.getName().append(new Blob(encoder.getOutput(), false)); // The random value is a TLV nonNegativeInteger too, but we know it is 8 bytes, // so we don't need to call the nonNegativeInteger encoder. ByteBuffer randomBuffer = ByteBuffer.allocate(8); // Note: SecureRandom is thread safe. Common.getRandom().nextBytes(randomBuffer.array()); interest.getName().append(new Blob(randomBuffer, false)); keyChain.sign(interest, certificateName, wireFormat); if (interest.getInterestLifetimeMilliseconds() < 0) // The caller has not set the interest lifetime, so set it here. interest.setInterestLifetimeMilliseconds(1000.0); }
/** * Make and sign a command interest to enable or disable LocalControlHeader. * * @param enable If true, use "enable-local-control". Otherwise, use "disable-local-control". * @param localControlFeature The value for the ControlParameters as follows: 1 = IncomingFaceId, * 2 = NextHopFaceId, 3 = CachingPolicy. * @return */ private Interest makeLocalControlCommand(boolean enable, int localControlFeature) throws SecurityException { ControlParameters controlParameters = new ControlParameters(); controlParameters.setLocalControlFeature(localControlFeature); Interest interest = new Interest(new Name("/localhost/nfd/faces")); interest.getName().append(enable ? "enable-local-control" : "disable-local-control"); interest.getName().append(controlParameters.wireEncode()); face_.makeCommandInterest(interest); return interest; }
/** * Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and * append a final name component with the signature bits (which is the digest). * * @param interest The Interest object to be signed. This appends name components of SignatureInfo * and the signature bits. * @param wireFormat A WireFormat object used to encode the input. */ public final void signInterestWithSha256(Interest interest, WireFormat wireFormat) { DigestSha256Signature signature = new DigestSha256Signature(); // Append the encoded SignatureInfo. interest.getName().append(wireFormat.encodeSignatureInfo(signature)); // Append an empty signature so that the "signedPortion" is correct. interest.getName().append(new Name.Component()); // Encode once to get the signed portion. SignedBlob encoding = interest.wireEncode(wireFormat); // Digest and set the signature. byte[] signedPortionDigest = Common.digestSha256(encoding.signedBuf()); signature.setSignature(new Blob(signedPortionDigest, false)); // Remove the empty signature and append the real one. interest.setName( interest.getName().getPrefix(-1).append(wireFormat.encodeSignatureValue(signature))); }
/** * Append a SignatureInfo to the Interest name, sign the name components and append a final name * component with the signature bits. * * @param interest The Interest object to be signed. This appends name components of SignatureInfo * and the signature bits. * @param certificateName The certificate name of the key to use for signing. * @param wireFormat A WireFormat object used to encode the input. */ public final void signInterestByCertificate( Interest interest, Name certificateName, WireFormat wireFormat) throws SecurityException { DigestAlgorithm[] digestAlgorithm = new DigestAlgorithm[1]; Signature signature = makeSignatureByCertificate(certificateName, digestAlgorithm); // Append the encoded SignatureInfo. interest.getName().append(wireFormat.encodeSignatureInfo(signature)); // Append an empty signature so that the "signedPortion" is correct. interest.getName().append(new Name.Component()); // Encode once to get the signed portion, and sign. SignedBlob encoding = interest.wireEncode(wireFormat); signature.setSignature( privateKeyStorage_.sign( encoding.signedBuf(), IdentityCertificate.certificateNameToPublicKeyName(certificateName), digestAlgorithm[0])); // Remove the empty signature and append the real one. interest.setName( interest.getName().getPrefix(-1).append(wireFormat.encodeSignatureValue(signature))); }