Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
Copyright (C) 2014-2015 Regents of the University of California.

Author(s):
Jeff Thompson <jefft0@remap.ucla.edu>
From code in ndn-cxx by Yingdi Yu <yingdi@cs.ucla.edu> This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. A copy of the GNU Lesser General Public License is in the file COPYING.
 
 
 package net.named_data.jndn.security.identity;
 
An IdentityManager is the interface of operations related to identity, keys, and certificates.
 
 public class IdentityManager {
  
Create a new IdentityManager to use the given identity and private key storage.

Parameters:
identityStorage An object of a subclass of IdentityStorage.
privateKeyStorage An object of a subclass of PrivateKeyStorage.
 
   public IdentityManager
     (IdentityStorage identityStoragePrivateKeyStorage privateKeyStorage)
   {
      = identityStorage;
      = privateKeyStorage;
   }

  
Create a new IdentityManager to use the given IdentityStorage and the default PrivateKeyStorage for your system, which is OSXPrivateKeyStorage for OS X, otherwise FilePrivateKeyStorage.

Parameters:
identityStorage An object of a subclass of IdentityStorage.
 
   public IdentityManager(IdentityStorage identityStoragethrows SecurityException
   {
      = identityStorage;
 
     if (System.getProperty("os.name").equals("Mac OS X"))
       throw new SecurityException
         ("OSXPrivateKeyStorage is not implemented yet. You must create an IdentityManager with a different PrivateKeyStorage.");
     else
   }

  
Create a new IdentityManager to use BasicIdentityStorage and the default PrivateKeyStorage for your system, which is OSXPrivateKeyStorage for OS X, otherwise FilePrivateKeyStorage.
 
   public IdentityManager() throws SecurityException
   {
 
     if (System.getProperty("os.name").equals("Mac OS X"))
       throw new SecurityException
         ("OSXPrivateKeyStorage is not implemented yet. You must create an IdentityManager with a different PrivateKeyStorage.");
     else
  }

  
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. If a key pair or certificate for the identity already exists, use it.

Parameters:
identityName The name of the identity.
params The key parameters if a key needs to be generated for the identity.
Returns:
The name of the default certificate of the identity.
Throws:
net.named_data.jndn.security.SecurityException if the identity has already been created.
  public final Name
  createIdentityAndCertificate(Name identityNameKeyParams params)
    throws SecurityException
  {
    .addIdentity(identityName);
    Name keyName = null;
    boolean generateKey = true;
    try {
      keyName = .getDefaultKeyNameForIdentity(identityName);
      PublicKey key = new PublicKey(.getKey(keyName));
      if (key.getKeyType() == params.getKeyType())
        // The key exists and has the same type, so don't need to generate one.
        generateKey = false;
    } catch (SecurityException ex) {}
    if (generateKey) {
      keyName = generateKeyPair(identityNametrueparams);
      .setDefaultKeyNameForIdentity(keyNameidentityName);
    }
    Name certName = null;
    boolean makeCert = true;
    try {
      certName = .getDefaultCertificateNameForKey(keyName);
      // The cert exists, so don't need to make it.
      makeCert = false;
    } catch (SecurityException ex) {}
    if (makeCert) {
      IdentityCertificate selfCert = selfSign(keyName);
      addCertificateAsIdentityDefault(selfCert);
      certName = selfCert.getName();
    }
    
    return certName;
  }

  
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.

Deprecated:
Use createIdentityAndCertificate which returns the certificate name instead of the key name. You can use IdentityCertificate.certificateNameToPublicKeyName to convert the certificate name to the key name.
Parameters:
identityName The name of the identity.
params The key parameters if a key needs to be generated for the identity.
Returns:
The key name of the auto-generated KSK of the identity.
Throws:
net.named_data.jndn.security.SecurityException if the identity has already been created.
  public final Name
  createIdentity(Name identityNameKeyParams paramsthrows SecurityException
  {
    return IdentityCertificate.certificateNameToPublicKeyName
      (createIdentityAndCertificate(identityNameparams));
  }

  
Delete the identity from the public and private key storage. If the identity to be deleted is the current default system default, this will not delete the identity and will return immediately.

Parameters:
identityName The name of the identity.
  public final void
  deleteIdentity(Name identityNamethrows SecurityException
  {
    try {
      if (.getDefaultIdentity().equals(identityName))
        // Don't delete the default identity!
        return;
    }
    catch (SecurityException ex) {
      // There is no default identity to check.
    }
    // Use ArrayList without generics so it works with older Java compilers.
    ArrayList keysToDelete = new ArrayList();
    .getAllKeyNamesOfIdentity(identityNamekeysToDeletetrue);
    .getAllKeyNamesOfIdentity(identityNamekeysToDeletefalse);
    for (int i = 0; i < keysToDelete.size(); ++i)
      .deleteKeyPair((Name)keysToDelete.get(i));
  }

  
Set the default identity. If the identityName does not exist, then clear the default identity so that getDefaultIdentity() throws an exception.

Parameters:
identityName The default identity name.
  public final void
  setDefaultIdentity(Name identityNamethrows SecurityException
  {
  }

  
Get the default identity.

Returns:
The name of default identity.
Throws:
net.named_data.jndn.security.SecurityException if the default identity is not set.
  public final Name
  {
  }

  
Generate a pair of RSA keys for the specified identity.

Parameters:
identityName The name of the identity.
isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySize The size of the key.
Returns:
The generated key name.
  public final Name
    (Name identityNameboolean isKskint keySizethrows SecurityException
  {
    Name keyName = generateKeyPair(identityNameisKsknew RsaKeyParams(keySize));
    return keyName;
  }

  
Generate a pair of RSA keys for the specified identity and default keySize 2048.

Parameters:
identityName The name of the identity.
isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
Returns:
The generated key name.
  public final Name
  generateRSAKeyPair(Name identityNameboolean isKskthrows SecurityException
  {
    return generateRSAKeyPair(identityNameisKsk, 2048);
  }

  
Generate a pair of RSA keys for the specified identity for a Data-Signing-Key and default keySize 2048.

Parameters:
identityName The name of the identity.
Returns:
The generated key name.
  public final Name
  generateRSAKeyPair(Name identityNamethrows SecurityException
  {
    return generateRSAKeyPair(identityNamefalse, 2048);
  }

  
Generate a pair of ECDSA keys for the specified identity.

Parameters:
identityName The name of the identity.
isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySize The size of the key.
Returns:
The generated key name.
  public final Name
    (Name identityNameboolean isKskint keySizethrows SecurityException
  {
    Name keyName = generateKeyPair(identityNameisKsknew EcdsaKeyParams(keySize));
    return keyName;
  }

  
Generate a pair of ECDSA keys for the specified identity and default keySize 256.

Parameters:
identityName The name of the identity.
isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
Returns:
The generated key name.
  public final Name
  generateEcdsaKeyPair(Name identityNameboolean isKskthrows SecurityException
  {
    return generateEcdsaKeyPair(identityNameisKsk, 256);
  }

  
Generate a pair of ECDSA keys for the specified identity for a Data-Signing-Key and default keySize 256.

Parameters:
identityName The name of the identity.
Returns:
The generated key name.
  public final Name
  generateEcdsaKeyPair(Name identityNamethrows SecurityException
  {
    return generateEcdsaKeyPair(identityNamefalse, 256);
  }

  
Set a key as the default key of an identity.

Parameters:
keyName The name of the key.
identityName the name of the identity. If empty, the identity name is inferred from the keyName.
  public final void
  setDefaultKeyForIdentity(Name keyNameName identityNamethrows SecurityException
  {
    .setDefaultKeyNameForIdentity(keyNameidentityName);
  }

  
Set a key as the default key of an identity, inferred from the keyName.

Parameters:
keyName The name of the key.
  public final void
  {
    setDefaultKeyForIdentity(keyNamenew Name());
  }

  
Get the default key for an identity.

Parameters:
identityName the name of the identity. If empty, the identity name is inferred from the keyName.
Returns:
The default key name.
Throws:
net.named_data.jndn.security.SecurityException if the default key name for the identity is not set.
  public final Name
  {
    return .getDefaultKeyNameForIdentity(identityName);
  }

  
Get the default key for an identity, inferred from the keyName.

Returns:
The default key name.
Throws:
net.named_data.jndn.security.SecurityException if the default key name for the identity is not set.
  public final Name
  {
    return getDefaultKeyNameForIdentity(new Name());
  }

  
Generate a pair of RSA keys for the specified identity and set it as default key for the identity.

Parameters:
identityName The name of the identity.
isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySize The size of the key.
Returns:
The generated key name.
  public final Name
    (Name identityNameboolean isKskint keySizethrows SecurityException
  {
    Name keyName = generateKeyPair(identityNameisKsknew RsaKeyParams(keySize));
    .setDefaultKeyNameForIdentity(keyNameidentityName);
    return keyName;
  }

  
Generate a pair of RSA keys for the specified identity and set it as default key for the identity, using the default keySize 2048.

Parameters:
identityName The name of the identity.
isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
Returns:
The generated key name.
  public final Name
  generateRSAKeyPairAsDefault(Name identityNameboolean isKskthrows SecurityException
  {
    return generateRSAKeyPairAsDefault(identityNameisKsk, 2048);
  }

  
Generate a pair of RSA keys for the specified identity and set it as default key for the identity for a Data-Signing-Key and using the default keySize 2048.

Parameters:
identityName The name of the identity.
Returns:
The generated key name.
  public final Name
  {
    return generateRSAKeyPairAsDefault(identityNamefalse, 2048);
  }

  
Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity.

Parameters:
identityName The name of the identity.
isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySize The size of the key.
Returns:
The generated key name.
  public final Name
    (Name identityNameboolean isKskint keySizethrows SecurityException
  {
    Name keyName = generateKeyPair(identityNameisKsknew EcdsaKeyParams(keySize));
    .setDefaultKeyNameForIdentity(keyNameidentityName);
    return keyName;
  }

  
Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity, using the default keySize 256.

Parameters:
identityName The name of the identity.
isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
Returns:
The generated key name.
  public final Name
  generateEcdsaKeyPairAsDefault(Name identityNameboolean isKskthrows SecurityException
  {
    return generateEcdsaKeyPairAsDefault(identityNameisKsk, 256);
  }

  
Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity for a Data-Signing-Key and using the default keySize 256.

Parameters:
identityName The name of the identity.
Returns:
The generated key name.
  public final Name
  {
    return generateEcdsaKeyPairAsDefault(identityNamefalse, 256);
  }

  
Get the public key with the specified name.

Parameters:
keyName The name of the key.
Returns:
The public key.
Throws:
net.named_data.jndn.security.SecurityException if the keyName is not found.
  public final PublicKey
  getPublicKey(Name keyNamethrows SecurityException
  {
    return new PublicKey(.getKey(keyName));
  }

  
Create an identity certificate for a public key managed by this IdentityManager.

Parameters:
certificatePrefix The name of public key to be signed.
signerCertificateName The name of signing certificate.
notBefore The notBefore value in the validity field of the generated certificate as milliseconds since 1970.
notAfter The notAfter value in validity field of the generated certificate as milliseconds since 1970.
Returns:
The name of generated identity certificate.
  public final Name
    (Name certificatePrefixName signerCertificateNamedouble notBefore,
     double notAfterthrows SecurityException
  {
    Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);
    Blob keyBlob = .getKey(keyName);
    PublicKey publicKey = new PublicKey(keyBlob);
      (certificatePrefixpublicKey,  signerCertificateNamenotBeforenotAfter);
    .addCertificate(certificate);
    return certificate.getName();
  }

  
Create an identity certificate for a public key supplied by the caller.

Parameters:
certificatePrefix The name of public key to be signed.
publickey The public key to be signed.
signerCertificateName The name of signing certificate.
notBefore The notBefore value in the validity field of the generated certificate.
notAfter The notAfter vallue in validity field of the generated certificate.
Returns:
The generated identity certificate.
  public final IdentityCertificate
    (Name certificatePrefixPublicKey publickeyName signerCertificateName,
     double notBeforedouble notAfter)
  {
      ("IdentityManager.createIdentityCertificate not implemented");
  }

  
Add a certificate into the public key identity storage.

Parameters:
certificate The certificate to to added. This makes a copy of the certificate.
  public final void
  {
    .addCertificate(certificate);
  }

  
Set the certificate as the default for its corresponding key.

Parameters:
certificate The certificate.
  public final void
    (IdentityCertificate certificatethrows SecurityException
  {
    Name keyName = certificate.getPublicKeyName();
    if (!.doesKeyExist(keyName))
      throw new SecurityException("No corresponding Key record for certificate!");
      (keyNamecertificate.getName());
  }

  
Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.

Parameters:
certificate The certificate to be added. This makes a copy of the certificate.
  public final void
  {
    .addCertificate(certificate);
    Name keyName = certificate.getPublicKeyName();
    setDefaultKeyForIdentity(keyName);
    setDefaultCertificateForKey(certificate);
  }

  
Add a certificate into the public key identity storage and set the certificate as the default of its corresponding key.

Parameters:
certificate The certificate to be added. This makes a copy of the certificate.
  public final void
  {
    .addCertificate(certificate);
    setDefaultCertificateForKey(certificate);
  }

  
Get a certificate with the specified name.

Parameters:
certificateName The name of the requested certificate.
Returns:
the requested certificate which is valid.
  public final IdentityCertificate
  {
    return .getCertificate(certificateNamefalse);
  }

  
Get a certificate even if the certificate is not valid anymore.

Parameters:
certificateName The name of the requested certificate.
Returns:
the requested certificate.
  public final IdentityCertificate
  {
    return .getCertificate(certificateNametrue);
  }

  
Get the default certificate name for the specified identity, which will be used when signing is performed based on identity.

Parameters:
identityName The name of the specified identity.
Returns:
The requested certificate name.
Throws:
net.named_data.jndn.security.SecurityException if the default key name for the identity is not set or the default certificate name for the key name is not set.
  public final Name
  {
  }

  
Get the default certificate name of the default identity, which will be used when signing is based on identity and the identity is not specified.

Returns:
The requested certificate name.
Throws:
net.named_data.jndn.security.SecurityException if the default identity is not set or the default key name for the identity is not set or the default certificate name for the key name is not set.
  public final Name
  {
      (getDefaultIdentity());
  }

  
Sign the byte array data based on the certificate name.

Parameters:
buffer The byte buffer to be signed.
certificateName The signing certificate name.
Returns:
The generated signature.
  public final Signature
  signByCertificate(ByteBuffer bufferName certificateNamethrows SecurityException
  {
    DigestAlgorithm[] digestAlgorithm = new DigestAlgorithm[1];
      (certificateNamedigestAlgorithm);
    signature.setSignature(.sign(buffer,
      IdentityCertificate.certificateNameToPublicKeyName(certificateName),
      digestAlgorithm[0]));
    return signature;
  }

  
Sign data packet based on the certificate name. Use the default WireFormat.getDefaultWireFormat().

Parameters:
data The Data object to sign and update its signature.
certificateName The Name identifying the certificate which identifies the signing key.
  public final void
  signByCertificate(Data dataName certificateNamethrows SecurityException
  {
    signByCertificate(datacertificateName, WireFormat.getDefaultWireFormat());
  }

  
Sign data packet based on the certificate name.

Parameters:
data The Data object to sign and update its signature.
certificateName The Name identifying the certificate which identifies the signing key.
wireFormat The WireFormat for calling encodeData.
  public final void
    (Data dataName certificateNameWireFormat wireFormatthrows SecurityException
  {
    DigestAlgorithm[] digestAlgorithm = new DigestAlgorithm[1];
      (certificateNamedigestAlgorithm);
    data.setSignature(signature);
    // Encode once to get the signed portion.
    SignedBlob encoding = data.wireEncode(wireFormat);
      (.sign(encoding.signedBuf(),
       IdentityCertificate.certificateNameToPublicKeyName(certificateName),
       digestAlgorithm[0]));
    // Encode again to include the signature.
    data.wireEncode(wireFormat);
  }

  
Append a SignatureInfo to the Interest name, sign the name components and append a final name component with the signature bits.

Parameters:
interest The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.
certificateName The certificate name of the key to use for signing.
wireFormat A WireFormat object used to encode the input.
  public final void
    (Interest interestName certificateNameWireFormat wireFormatthrows SecurityException
  {
    DigestAlgorithm[] digestAlgorithm = new DigestAlgorithm[1];
      (certificateNamedigestAlgorithm);
    // Append the encoded SignatureInfo.
    interest.getName().append(wireFormat.encodeSignatureInfo(signature));
    // Append an empty signature so that the "signedPortion" is correct.
    interest.getName().append(new Name.Component());
    // Encode once to get the signed portion, and sign.
    SignedBlob encoding = interest.wireEncode(wireFormat);
    signature.setSignature
      (.sign(encoding.signedBuf(),
       IdentityCertificate.certificateNameToPublicKeyName(certificateName),
       digestAlgorithm[0]));
    // Remove the empty signature and append the real one.
    interest.setName(interest.getName().getPrefix(-1).append
      (wireFormat.encodeSignatureValue(signature)));
  }

  
Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.

Parameters:
data The Data object to be signed. This updates its signature and wireEncoding.
wireFormat The WireFormat for calling encodeData.
  public final void
  signWithSha256(Data dataWireFormat wireFormat)
  {
    // Encode once to get the signed portion.
    SignedBlob encoding = data.wireEncode(wireFormat);
    // Digest and set the signature.
    byte[] signedPortionDigest = Common.digestSha256(encoding.signedBuf());
    data.getSignature().setSignature(new Blob(signedPortionDigest));
    // Encode again to include the signature.
    data.wireEncode(wireFormat);
  }

  
Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and append a final name component with the signature bits (which is the digest).

Parameters:
interest The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.
wireFormat A WireFormat object used to encode the input.
  public final void
  signInterestWithSha256(Interest interestWireFormat wireFormat)
  {
    DigestSha256Signature signature = new DigestSha256Signature();
    // Append the encoded SignatureInfo.
    interest.getName().append(wireFormat.encodeSignatureInfo(signature));
    // Append an empty signature so that the "signedPortion" is correct.
    interest.getName().append(new Name.Component());
    // Encode once to get the signed portion.
    SignedBlob encoding = interest.wireEncode(wireFormat);
    // Digest and set the signature.
    byte[] signedPortionDigest = Common.digestSha256(encoding.signedBuf());
    signature.setSignature(new Blob(signedPortionDigest));
    // Remove the empty signature and append the real one.
    interest.setName(interest.getName().getPrefix(-1).append
      (wireFormat.encodeSignatureValue(signature)));
  }

  
Generate a self-signed certificate for a public key.

Parameters:
keyName The name of the public key.
Returns:
The generated certificate.
  selfSign(Name keyNamethrows SecurityException
  {
    IdentityCertificate certificate = new IdentityCertificate();
    Blob keyBlob = .getKey(keyName);
    PublicKey publicKey = new PublicKey(keyBlob);
    Calendar calendar = Calendar.getInstance();
    double notBefore = (double)calendar.getTimeInMillis();
    calendar.add(., 2);
    double notAfter = (double)calendar.getTimeInMillis();
    certificate.setNotBefore(notBefore);
    certificate.setNotAfter(notAfter);
    Name certificateName = keyName.getPrefix(-1).append("KEY").append
      (keyName.get(-1)).append("ID-CERT").append
      (Name.Component.fromNumber((long)certificate.getNotBefore()));
    certificate.setName(certificateName);
    certificate.setPublicKeyInfo(publicKey);
      ("2.5.4.41"keyName.toUri()));
    try {
      certificate.encode();
    } catch (DerEncodingException ex) {
      // We don't expect this to happen.
      Logger.getLogger(IdentityManager.class.getName()).log(.nullex);
      return null;
    } catch (DerDecodingException ex) {
      // We don't expect this to happen.
      Logger.getLogger(IdentityManager.class.getName()).log(.nullex);
      return null;
    }
    signByCertificate(certificatecertificate.getName());
    return certificate;
  }

  
Generate a key pair for the specified identity.

Parameters:
identityName The name of the specified identity.
isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
params The parameters of the key.
Returns:
The name of the generated key.
  private Name
    (Name identityNameboolean isKskKeyParams paramsthrows SecurityException
  {
    Logger.getLogger(this.getClass().getName()).log
        (."Get new key ID");
    Name keyName = .getNewKeyName(identityNameisKsk);
    Logger.getLogger(this.getClass().getName()).log
        (."Generate key pair in private storage");
    .generateKeyPair(keyNameparams);
    Logger.getLogger(this.getClass().getName()).log
        (."Create a key record in public storage");
    PublicKey pubKey = .getPublicKey(keyName);
    .addKey(keyNameparams.getKeyType(), pubKey.getKeyDer());
    return keyName;
  }
  private static Name
  {
    Name result = new Name();
    String keyString = "KEY";
    int i = 0;
    for(; i < certificatePrefix.size(); i++) {
      if (certificatePrefix.get(i).toEscapedString().equals(keyString))
        break;
    }
    if (i >= certificatePrefix.size())
      throw new SecurityException
        ("Identity Certificate Prefix does not have a KEY component");
    result.append(certificatePrefix.getSubName(0, i));
    result.append
      (certificatePrefix.getSubName(i + 1, certificatePrefix.size()-i-1));
    return result;
  }

  
Return a new Signature object based on the signature algorithm of the public key with keyName (derived from certificateName).

Parameters:
certificateName The certificate name.
digestAlgorithm Set digestAlgorithm[0] to the signature algorithm's digest algorithm, e.g. DigestAlgorithm.SHA256.
Returns:
A new object of the correct subclass of Signature.
  private Signature
    (Name certificateNameDigestAlgorithm[] digestAlgorithmthrows SecurityException
  {
    Name keyName = IdentityCertificate.certificateNameToPublicKeyName
      (certificateName);
    PublicKey publicKey = .getPublicKey(keyName);
    KeyType keyType = publicKey.getKeyType();
    if (keyType == .) {
      Sha256WithRsaSignature signature = new Sha256WithRsaSignature();
      digestAlgorithm[0] = .;
      signature.getKeyLocator().setKeyName(certificateName.getPrefix(-1));
        (publicKey.getDigest());
      return signature;
    }
    else if (keyType == .) {
      Sha256WithEcdsaSignature signature = new Sha256WithEcdsaSignature();
      digestAlgorithm[0] = .;
      signature.getKeyLocator().setKeyName(certificateName.getPrefix(-1));
      return signature;
    }
    else
      throw new SecurityException("Key type is not recognized");
  }
New to GrepCode? Check out our FAQ X