def test_create_d_key_data(self): # Create the group manager. manager = GroupManager( Name("Alice"), Name("data_type"), Sqlite3GroupManagerDb(self.dKeyDatabaseFilePath), 2048, 1, self.keyChain) newCertificateBlob = self.certificate.wireEncode() newCertificate = IdentityCertificate() newCertificate.wireDecode(newCertificateBlob) # Encrypt the D-KEY. data = manager._createDKeyData( "20150825T000000", "20150827T000000", Name("/ndn/memberA/KEY"), self.decryptKeyBlob, newCertificate.getPublicKeyInfo().getKeyDer()) # Verify the encrypted D-KEY. dataContent = data.getContent() # Get the nonce key. # dataContent is a sequence of the two EncryptedContent. encryptedNonce = EncryptedContent() encryptedNonce.wireDecode(dataContent) self.assertEqual(0, encryptedNonce.getInitialVector().size()) self.assertEqual(EncryptAlgorithmType.RsaOaep, encryptedNonce.getAlgorithmType()) blobNonce = encryptedNonce.getPayload() decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep) nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce, decryptParams) # Get the D-KEY. # Use the size of encryptedNonce to find the start of encryptedPayload. payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():] encryptedPayload = EncryptedContent() encryptedPayload.wireDecode(payloadContent) self.assertEqual(16, encryptedPayload.getInitialVector().size()) self.assertEqual(EncryptAlgorithmType.AesCbc, encryptedPayload.getAlgorithmType()) decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc) decryptParams.setInitialVector(encryptedPayload.getInitialVector()) blobPayload = encryptedPayload.getPayload() largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams) self.assertTrue(largePayload.equals(self.decryptKeyBlob))
def addCertificate(self, certificate): """ Add a certificate to the identity storage. :param IdentityCertificate certificate: The certificate to be added. This makes a copy of the certificate. """ #TODO: actually check validity of certificate timestamp certificateName = certificate.getName() if self.doesCertificateExist(certificateName): raise SecurityException("Certificate has already been installed!") certCopy = IdentityCertificate(certificate) makeDefault = 0 keyName = certCopy.getPublicKeyName() keyInfo = certCopy.getPublicKeyInfo() if not self.doesKeyExist(keyName): self.addKey(keyName, keyInfo.getKeyType(), keyInfo.getKeyDer()) makeDefault = 1 else: # see if the key we already have matches this certificate keyBlob = self.getKey(keyName) if (keyBlob.isNull() or keyBlob.toBuffer() != keyInfo.getKeyDer().toBuffer()): raise SecurityException("Certificate does not match public key") keyId = keyName.get(-1).toEscapedString() identityUri = keyName.getPrefix(-1).toUri() certIssuer = certCopy.getSignature().getKeyLocator().getKeyName().toUri() encodedCert = buffer(bytearray(certCopy.wireEncode().buf())) notBefore = certCopy.getNotBefore() notAfter = certCopy.getNotAfter() cursor = self._database.cursor() cursor.execute("INSERT INTO Certificate VALUES(?,?,?,?,?,?,?,?,?)", (certificateName.toUri(), certIssuer, identityUri, keyId, notBefore, notAfter, encodedCert, 1, makeDefault)) self._database.commit() cursor.close()