示例#1
0
  @Test
  public void testValidityPeriodChecking() throws ParseException {
    Certificate certificate = new Certificate();
    certificate.setName(new Name("/ndn/site1/ksk-1416425377094/KEY/0123/%FD%00%00%01I%C9%8B"));
    certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0);
    certificate.setContent(new Blob(PUBLIC_KEY, false));

    certificate.setSignature(new Sha256WithRsaSignature());
    Sha256WithRsaSignature signatureInfo = (Sha256WithRsaSignature) certificate.getSignature();

    signatureInfo.getKeyLocator().setType(KeyLocatorType.KEYNAME);
    signatureInfo.getKeyLocator().setKeyName(new Name("/ndn/site1/ksk-2516425377094/KEY"));

    double notBefore = fromIsoString("20150819T120000");
    double notAfter = fromIsoString("20150823T120000");
    signatureInfo.getValidityPeriod().setPeriod(notBefore, notAfter);

    signatureInfo.setSignature(new Blob(SIG_VALUE, false));

    assertEquals(false, certificate.isInValidityPeriod(fromIsoString("20150819T115959")));
    assertEquals(true, certificate.isInValidityPeriod(fromIsoString("20150819T120000")));
    assertEquals(true, certificate.isInValidityPeriod(fromIsoString("20150823T120000")));
    assertEquals(false, certificate.isInValidityPeriod(fromIsoString("20150823T120001")));
    assertEquals(false, certificate.isInValidityPeriod(fromIsoString("20150921T130000")));
  }
示例#2
0
  /**
   * Create an identity certificate for a public key supplied by the caller.
   *
   * @param certificatePrefix The name of public key to be signed.
   * @param publicKey The public key to be signed.
   * @param signerCertificateName The name of signing certificate.
   * @param notBefore The notBefore value in the validity field of the generated certificate.
   * @param notAfter The notAfter vallue in validity field of the generated certificate.
   * @return The generated identity certificate.
   */
  public final IdentityCertificate createIdentityCertificate(
      Name certificatePrefix,
      PublicKey publicKey,
      Name signerCertificateName,
      double notBefore,
      double notAfter)
      throws SecurityException {
    IdentityCertificate certificate = new IdentityCertificate();
    Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);

    Name certificateName = new Name(certificatePrefix);
    certificateName.append("ID-CERT").appendVersion((long) Common.getNowMilliseconds());

    certificate.setName(certificateName);
    certificate.setNotBefore(notBefore);
    certificate.setNotAfter(notAfter);
    certificate.setPublicKeyInfo(publicKey);
    certificate.addSubjectDescription(
        new CertificateSubjectDescription("2.5.4.41", keyName.toUri()));
    try {
      certificate.encode();
    } catch (DerEncodingException ex) {
      throw new SecurityException("DerDecodingException: " + ex);
    } catch (DerDecodingException ex) {
      throw new SecurityException("DerEncodingException: " + ex);
    }

    Sha256WithRsaSignature sha256Sig = new Sha256WithRsaSignature();

    KeyLocator keyLocator = new KeyLocator();
    keyLocator.setType(KeyLocatorType.KEYNAME);
    keyLocator.setKeyName(signerCertificateName);

    sha256Sig.setKeyLocator(keyLocator);

    certificate.setSignature(sha256Sig);

    SignedBlob unsignedData = certificate.wireEncode();

    IdentityCertificate signerCertificate;
    try {
      signerCertificate = getCertificate(signerCertificateName);
    } catch (DerDecodingException ex) {
      throw new SecurityException("DerDecodingException: " + ex);
    }
    Name signerkeyName = signerCertificate.getPublicKeyName();

    Blob sigBits = privateKeyStorage_.sign(unsignedData.signedBuf(), signerkeyName);

    sha256Sig.setSignature(sigBits);

    return certificate;
  }
示例#3
0
  /**
   * Return a new Signature object based on the signature algorithm of the public key with keyName
   * (derived from certificateName).
   *
   * @param certificateName The certificate name.
   * @param digestAlgorithm Set digestAlgorithm[0] to the signature algorithm's digest algorithm,
   *     e.g. DigestAlgorithm.SHA256.
   * @return A new object of the correct subclass of Signature.
   */
  private Signature makeSignatureByCertificate(
      Name certificateName, DigestAlgorithm[] digestAlgorithm) throws SecurityException {
    Name keyName = IdentityCertificate.certificateNameToPublicKeyName(certificateName);
    PublicKey publicKey = privateKeyStorage_.getPublicKey(keyName);
    KeyType keyType = publicKey.getKeyType();

    if (keyType == KeyType.RSA) {
      Sha256WithRsaSignature signature = new Sha256WithRsaSignature();
      digestAlgorithm[0] = DigestAlgorithm.SHA256;

      signature.getKeyLocator().setType(KeyLocatorType.KEYNAME);
      signature.getKeyLocator().setKeyName(certificateName.getPrefix(-1));

      return signature;
    } else if (keyType == KeyType.ECDSA) {
      Sha256WithEcdsaSignature signature = new Sha256WithEcdsaSignature();
      digestAlgorithm[0] = DigestAlgorithm.SHA256;

      signature.getKeyLocator().setType(KeyLocatorType.KEYNAME);
      signature.getKeyLocator().setKeyName(certificateName.getPrefix(-1));

      return signature;
    } else throw new SecurityException("Key type is not recognized");
  }