Project

General

Profile

Actions

Bug #4312

closed

ValidityPeriod of CertificateV2 cannot be set using certificateV2.getValidityPeriod().setPeriod()

Added by Haitao Zhang over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

If I understand correctly, ValidityPeriod of CertificateV2 is supposed to be set using

certificateV2.getValidityPeriod().setPeriod(now, now + 10 * 24 * 3600 * 1000.0);

However, it doesn't change ValidityPeriod of CertificateV2. If we use

System.out.println(certificateV2.toString());

to print out a cert, ValidityPeriod information is always:

Validity:
   NotBefore: 2922789940817T071255
   NotAfter: 2922690551202T164704

Due to the same reason, if we use

keyChain.createIdentityV2();

to create a V2 identity, the default cert always has ValidityPeriod

Validity:
   NotBefore: 2922789940817T071255
   NotAfter: 2922690551202T164704
Actions #1

Updated by Anonymous over 6 years ago

Thanks for the bug report. I see the problem with keyChain.createIdentityV2(). I will fix it. But I don't get the problem using certificateV2.getValidityPeriod().setPeriod directly. Can you post some code that shows the problem?

Actions #2

Updated by Haitao Zhang over 6 years ago

In NDNCERT protocol, the cert requester needs to generate a cert request. I use certificateV2..getValidityPeriod().setPeriod() to set validity period. Here is a piece of example code:

//  generate cert request
      PibIdentity pibId = keyChain.createIdentityV2(instance.identity);
      PibKey pibKey = pibId.getDefaultKey();

      CertificateV2 certRequest = new CertificateV2();

      // Set the name.
      double now = Common.getNowMilliseconds();
      Name certificateName = new Name(pibKey.getName());
      certificateName.append(NDNCertConfig.COMPONENT_CERT_REQUEST).appendVersion((long) now);
      certRequest.setName(certificateName);

      // Set the MetaInfo.
      certRequest.getMetaInfo().setType(ContentType.KEY);
      // Set a 24-hour freshness period.
      certRequest.getMetaInfo().setFreshnessPeriod(24 * 3600 * 1000.0);

      // Set the content.
      certRequest.setContent(pibKey.getPublicKey());

      // Set the signature-info.
      Signature signatureInfo;
      if (pibKey.getKeyType() == KeyType.RSA)
        signatureInfo = new Sha256WithRsaSignature();
      else if (pibKey.getKeyType() == KeyType.ECDSA)
        signatureInfo = new Sha256WithEcdsaSignature();
      else
        throw new KeyChain.Error("Unsupported key type");
      KeyLocator keyLocator = KeyLocator.getFromSignature(signatureInfo);
      keyLocator.setType(KeyLocatorType.KEYNAME);
      keyLocator.setKeyName(pibKey.getName());
      certRequest.setSignature(signatureInfo);

      // Set valid period to be 10 days
      certRequest.getValidityPeriod().setPeriod
        (now, now + 10 * 24 * 3600 * 1000.0);

      SigningInfo signingInfo = new SigningInfo(pibKey);
      keyChain.sign(certRequest, signingInfo);
Actions #3

Updated by Anonymous over 6 years ago

Thanks a lot. The bug is inside keyChain.sign which resets the ValidityPeriod. (It is also used inside createIdentityV2 .) I'll fix it.

Actions #4

Updated by Anonymous over 6 years ago

  • Status changed from New to Feedback

Hi Haitao. I pushed a fix. Please pull the latest from GitHub. A comment on your code above: In security v2, you don't need to create the Signature object in the Data object because the KeyChain.sign method creates in using the info on the SigningInfo. You can replace everything starting from // Set the signature-info. with the following.

  SigningInfo signingInfo = new SigningInfo(pibKey);
  // Set valid period to be 10 days.
  signingInfo.setValidityPeriod
    (new ValidityPeriod(now, now + 10 * 24 * 3600 * 1000.0));
  keyChain.sign(certRequest, signingInfo);

Let me know if this works.

Actions #5

Updated by Haitao Zhang over 6 years ago

It works now. Thanks!

Actions #6

Updated by Anonymous over 6 years ago

  • Status changed from Feedback to Closed

Thanks for the feedback. Closing.

Actions

Also available in: Atom PDF