Bug #4312
closed
ValidityPeriod of CertificateV2 cannot be set using certificateV2.getValidityPeriod().setPeriod()
0%
Description
If I understand correctly, ValidityPeriod of CertificateV2 is supposed to be set using
certificateV2.getValidityPeriod().setPeriod(now, now + 10 * 24 * 3600 * 1000.0);
However, it doesn't change ValidityPeriod of CertificateV2. If we use
System.out.println(certificateV2.toString());
to print out a cert, ValidityPeriod information is always:
Validity:
NotBefore: 2922789940817T071255
NotAfter: 2922690551202T164704
Due to the same reason, if we use
keyChain.createIdentityV2();
to create a V2 identity, the default cert always has ValidityPeriod
Validity:
NotBefore: 2922789940817T071255
NotAfter: 2922690551202T164704
Updated by Anonymous about 7 years ago
Thanks for the bug report. I see the problem with keyChain.createIdentityV2(). I will fix it. But I don't get the problem using certificateV2.getValidityPeriod().setPeriod directly. Can you post some code that shows the problem?
Updated by Haitao Zhang about 7 years ago
In NDNCERT protocol, the cert requester needs to generate a cert request. I use certificateV2..getValidityPeriod().setPeriod() to set validity period. Here is a piece of example code:
// generate cert request
PibIdentity pibId = keyChain.createIdentityV2(instance.identity);
PibKey pibKey = pibId.getDefaultKey();
CertificateV2 certRequest = new CertificateV2();
// Set the name.
double now = Common.getNowMilliseconds();
Name certificateName = new Name(pibKey.getName());
certificateName.append(NDNCertConfig.COMPONENT_CERT_REQUEST).appendVersion((long) now);
certRequest.setName(certificateName);
// Set the MetaInfo.
certRequest.getMetaInfo().setType(ContentType.KEY);
// Set a 24-hour freshness period.
certRequest.getMetaInfo().setFreshnessPeriod(24 * 3600 * 1000.0);
// Set the content.
certRequest.setContent(pibKey.getPublicKey());
// Set the signature-info.
Signature signatureInfo;
if (pibKey.getKeyType() == KeyType.RSA)
signatureInfo = new Sha256WithRsaSignature();
else if (pibKey.getKeyType() == KeyType.ECDSA)
signatureInfo = new Sha256WithEcdsaSignature();
else
throw new KeyChain.Error("Unsupported key type");
KeyLocator keyLocator = KeyLocator.getFromSignature(signatureInfo);
keyLocator.setType(KeyLocatorType.KEYNAME);
keyLocator.setKeyName(pibKey.getName());
certRequest.setSignature(signatureInfo);
// Set valid period to be 10 days
certRequest.getValidityPeriod().setPeriod
(now, now + 10 * 24 * 3600 * 1000.0);
SigningInfo signingInfo = new SigningInfo(pibKey);
keyChain.sign(certRequest, signingInfo);
Updated by Anonymous about 7 years ago
Thanks a lot. The bug is inside keyChain.sign which resets the ValidityPeriod. (It is also used inside createIdentityV2 .) I'll fix it.
Updated by Anonymous about 7 years ago
- Status changed from New to Feedback
Hi Haitao. I pushed a fix. Please pull the latest from GitHub. A comment on your code above: In security v2, you don't need to create the Signature object in the Data object because the KeyChain.sign method creates in using the info on the SigningInfo. You can replace everything starting from // Set the signature-info. with the following.
SigningInfo signingInfo = new SigningInfo(pibKey);
// Set valid period to be 10 days.
signingInfo.setValidityPeriod
(new ValidityPeriod(now, now + 10 * 24 * 3600 * 1000.0));
keyChain.sign(certRequest, signingInfo);
Let me know if this works.
Updated by Anonymous about 7 years ago
- Status changed from Feedback to Closed
Thanks for the feedback. Closing.