Public Member Functions | |
ContentObject (String digestAlgorithm, ContentName name, SignedInfo signedInfo, byte[] content, Signature signature) | |
We copy the content when we get it. | |
ContentObject (String digestAlgorithm, ContentName name, SignedInfo signedInfo, byte[] content, int offset, int length, Signature signature) | |
ContentObject (String digestAlgorithm, ContentName name, SignedInfo signedInfo, InputStream contentStream, int length) throws IOException | |
Minimum-copy constructor. | |
ContentObject (ContentName name, SignedInfo signedInfo, InputStream contentStream, int length) throws IOException | |
ContentObject (ContentName name, SignedInfo signedInfo, byte[] content, Signature signature) | |
ContentObject (ContentName name, SignedInfo signedInfo, byte[] content, int offset, int length, Signature signature) | |
ContentObject (ContentName name, SignedInfo signedInfo, byte[] content, int offset, int length, PrivateKey signingKey) throws InvalidKeyException, SignatureException | |
Generate a signedInfo and a signature. | |
ContentObject (ContentName name, SignedInfo signedInfo, byte[] content, PrivateKey signingKey) throws InvalidKeyException, SignatureException | |
ContentObject | clone () |
final ContentName | name () |
DKS -- return these as final for now; stopgap till refactor that makes internal version final. | |
ContentName | fullName () |
final SignedInfo | signedInfo () |
final byte[] | content () |
Final here doesn't really make it immutable. | |
final int | contentLength () |
Avoid problems where content().length might be expensive. | |
final Signature | signature () |
void | decode (XMLDecoder decoder) throws ContentDecodingException |
Used by NetworkObject to decode the object from a network stream. | |
void | encode (XMLEncoder encoder) throws ContentEncodingException |
Used by NetworkObject to encode the object to a network stream. | |
long | getElementLabel () |
Allow the encoder/decoder to retrieve the top-level element name programmatically. | |
boolean | validate () |
Make sure all of the necessary fields are filled in prior to attempting to encode. | |
int | hashCode () |
boolean | equals (Object obj) |
void | setSignature (Signature signature) |
External function to set signature if generating it some special way (e.g. | |
void | sign (PrivateKey signingKey) throws InvalidKeyException, SignatureException |
void | sign (String digestAlgorithm, PrivateKey signingKey) throws InvalidKeyException, SignatureException, NoSuchAlgorithmException |
boolean | verify (PublicKey publicKey) throws InvalidKeyException, SignatureException, NoSuchAlgorithmException, ContentEncodingException |
boolean | verify (KeyManager keyManager) throws SignatureException, NoSuchAlgorithmException, ContentEncodingException, InvalidKeyException |
byte[] | computeProxy () throws CertificateEncodingException, ContentEncodingException |
byte[] | prepareContent () throws ContentEncodingException |
byte[] | digest () |
Calculates a digest of the wire representation of this ContentObject. | |
int | compareTo (ContentObject o) |
boolean | isType (ContentType type) |
boolean | isData () |
boolean | isLink () |
boolean | isGone () |
boolean | isNACK () |
boolean | isKey () |
String | toString () |
To aid debugging we output a human readable summary of this object here. | |
Static Public Member Functions | |
static ContentObject | buildContentObject (ContentName name, ContentType type, byte[] contents, PublisherPublicKeyDigest publisher, KeyLocator locator, KeyManager keyManager, Integer freshnessSeconds, byte[] finalBlockID) |
static ContentObject | buildContentObject (ContentName name, ContentType type, byte[] contents, PublisherPublicKeyDigest publisher, KeyLocator locator, KeyManager keyManager, byte[] finalBlockID) |
static ContentObject | buildContentObject (ContentName name, ContentType type, byte[] contents, PublisherPublicKeyDigest publisher, KeyManager keyManager, byte[] finalBlockID) |
static ContentObject | buildContentObject (ContentName name, byte[] contents, PublisherPublicKeyDigest publisher, KeyManager keyManager, byte[] finalBlockID) |
static ContentObject | buildContentObject (ContentName name, byte[] contents) |
static ContentObject | buildContentObject (ContentName name, ContentType type, byte[] contents) |
static ContentObject | buildContentObject (ContentName name, byte[] contents, PublisherPublicKeyDigest publisher) |
static Signature | sign (ContentName name, SignedInfo signedInfo, byte[] content, int offset, int length, PrivateKey signingKey) throws SignatureException, InvalidKeyException |
static Signature | sign (ContentName name, SignedInfo signedInfo, byte[] content, int offset, int length, String digestAlgorithm, PrivateKey signingKey) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException |
Generate a signature on a name-content mapping. | |
static boolean | verify (ContentObject object, PublicKey publicKey) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, ContentEncodingException |
Want to verify a content object. | |
static boolean | verify (ContentObject object, KeyManager keyManager) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, ContentEncodingException |
static boolean | verify (ContentName name, SignedInfo signedInfo, byte[] content, Signature signature, PublicKey publicKey) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, ContentEncodingException |
Verify the public key signature on a content object. | |
static boolean | verify (byte[] proxy, byte[] signature, SignedInfo signedInfo, String digestAlgorithm, PublicKey publicKey) throws InvalidKeyException, SignatureException, NoSuchAlgorithmException |
static boolean | verify (byte[] proxy, byte[] signature, SignedInfo signedInfo, String digestAlgorithm, KeyManager keyManager) throws InvalidKeyException, SignatureException, NoSuchAlgorithmException |
static byte[] | prepareContent (ContentName name, SignedInfo signedInfo, byte[] content) throws ContentEncodingException |
static byte[] | prepareContent (final ContentName name, final SignedInfo signedInfo, final byte[] content, int start, int length) throws ContentEncodingException |
Prepare digest for signature. | |
Static Public Attributes | |
static boolean | DEBUG_SIGNING = false |
Protected Member Functions | |
byte[] | calcDigest () |
Encode this object and calculate the digest. | |
Protected Attributes | |
ContentName | _name |
SignedInfo | _signedInfo |
byte[] | _content |
byte[] | _digest = null |
Cache of the complete ContentObject's digest. | |
Signature | _signature |
Classes | |
class | SimpleVerifier |
We don't specify a required publisher, and right now we don't enforce that publisherID is the digest of the key used to sign (which could actually be handy to preserve privacy); we just use the key locator and publisherID combined to look up keys in caches (though for right now we only put keys in caches by straight digest; would have to offer option to put keys in caches using some privacy-preserving function as well. More... |
cf. Interest
prepareContent() is called to create the MerkelTree hash. That encoding can be cached because _name, _signedInfo, and _content are only assigned in a constructor or in decode.
org.ccnx.ccn.protocol.ContentObject.ContentObject | ( | String | digestAlgorithm, | |
ContentName | name, | |||
SignedInfo | signedInfo, | |||
byte[] | content, | |||
Signature | signature | |||
) |
We copy the content when we get it.
The intent is for this object to be immutable.
digestAlgorithm | ||
name | ||
signedInfo | ||
content | ||
signature | already immutable |
org.ccnx.ccn.protocol.ContentObject.ContentObject | ( | String | digestAlgorithm, | |
ContentName | name, | |||
SignedInfo | signedInfo, | |||
InputStream | contentStream, | |||
int | length | |||
) | throws IOException |
Minimum-copy constructor.
digestAlgorithm | ||
name | ||
signedInfo | ||
contentStream | a stream from which to read a block of content | |
length | number of bytes to try to read; will size content to this or to the number of bytes left in the stream, whichever is smaller. DKS TODO -- need timeout? |
IOException | if no bytes left in stream |
org.ccnx.ccn.protocol.ContentObject.ContentObject | ( | ContentName | name, | |
SignedInfo | signedInfo, | |||
byte[] | content, | |||
int | offset, | |||
int | length, | |||
PrivateKey | signingKey | |||
) | throws InvalidKeyException, SignatureException |
Generate a signedInfo and a signature.
SignatureException | ||
InvalidKeyException |
final ContentName org.ccnx.ccn.protocol.ContentObject.name | ( | ) |
DKS -- return these as final for now; stopgap till refactor that makes internal version final.
ContentName org.ccnx.ccn.protocol.ContentObject.fullName | ( | ) |
final byte [] org.ccnx.ccn.protocol.ContentObject.content | ( | ) |
Final here doesn't really make it immutable.
There have been proposals to clone() the content on return, but many places use this and it would be expensive.
final int org.ccnx.ccn.protocol.ContentObject.contentLength | ( | ) |
void org.ccnx.ccn.protocol.ContentObject.decode | ( | XMLDecoder | decoder | ) | throws ContentDecodingException [virtual] |
Used by NetworkObject to decode the object from a network stream.
Implements org.ccnx.ccn.impl.encoding.GenericXMLEncodable.
void org.ccnx.ccn.protocol.ContentObject.encode | ( | XMLEncoder | encoder | ) | throws ContentEncodingException [virtual] |
Used by NetworkObject to encode the object to a network stream.
Implements org.ccnx.ccn.impl.encoding.GenericXMLEncodable.
long org.ccnx.ccn.protocol.ContentObject.getElementLabel | ( | ) | [virtual] |
Allow the encoder/decoder to retrieve the top-level element name programmatically.
This allows subclasses to rename elements without changing their encoder/decoders.
Implements org.ccnx.ccn.impl.encoding.GenericXMLEncodable.
boolean org.ccnx.ccn.protocol.ContentObject.validate | ( | ) | [virtual] |
Make sure all of the necessary fields are filled in prior to attempting to encode.
All implementations of encode(XMLEncoder) should call this for their classes prior to encoding.
Implements org.ccnx.ccn.impl.encoding.GenericXMLEncodable.
void org.ccnx.ccn.protocol.ContentObject.setSignature | ( | Signature | signature | ) |
External function to set signature if generating it some special way (e.g.
with a bulk signer).
signature |
static Signature org.ccnx.ccn.protocol.ContentObject.sign | ( | ContentName | name, | |
SignedInfo | signedInfo, | |||
byte[] | content, | |||
int | offset, | |||
int | length, | |||
String | digestAlgorithm, | |||
PrivateKey | signingKey | |||
) | throws SignatureException, InvalidKeyException, NoSuchAlgorithmException [static] |
Generate a signature on a name-content mapping.
This signature is specific to both this content signedInfo and this name. The SignedInfo no longer contains a proxy for the content, so we sign the content itself directly. This is used with simple algorithms that don't generate a witness.
SignatureException | ||
NoSuchAlgorithmException | ||
InvalidKeyException |
boolean org.ccnx.ccn.protocol.ContentObject.verify | ( | PublicKey | publicKey | ) | throws InvalidKeyException, SignatureException, NoSuchAlgorithmException, ContentEncodingException |
static boolean org.ccnx.ccn.protocol.ContentObject.verify | ( | ContentObject | object, | |
PublicKey | publicKey | |||
) | throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, ContentEncodingException [static] |
Want to verify a content object.
First compute the witness result (e.g. Merkle path root, or possibly content proxy), and make it available to the caller if caller just needs to check whether it matches a previous round. Then verify the actual signature.
verifySignature | If we have a collection of blocks all authenticated by the public key signature, we may only need to verify that signature once. If verifySignature is true, we do that work. If it is false, we simply verify that this piece of content matches that signature; assuming that the caller has already verified that signature. If you're not sure what all this means, you shouldn't be calling this one; use the simple verify above. | |
publicKey | If the caller already knows a public key that should be used to verify the signature, they can pass it in. Otherwise, the key locator in the object will be used to find the key. |
SignatureException | ||
NoSuchAlgorithmException | ||
InvalidKeyException |
static boolean org.ccnx.ccn.protocol.ContentObject.verify | ( | ContentName | name, | |
SignedInfo | signedInfo, | |||
byte[] | content, | |||
Signature | signature, | |||
PublicKey | publicKey | |||
) | throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, ContentEncodingException [static] |
Verify the public key signature on a content object.
Does not verify that the content matches the signature, merely that the signature over the name and content signedInfo is correct and was performed with the indicated public key.
contentProxy | the proxy for the content that was signed. This could be the content itself, a digest of the content, or the root of a Merkle hash tree. |
SignatureException | ||
NoSuchAlgorithmException | ||
ContentEncodingException | ||
InvalidKeyException |
static byte [] org.ccnx.ccn.protocol.ContentObject.prepareContent | ( | final ContentName | name, | |
final SignedInfo | signedInfo, | |||
final byte[] | content, | |||
int | start, | |||
int | length | |||
) | throws ContentEncodingException [static] |
Prepare digest for signature.
DKS TODO -- limit extra copies -- shouldn't be returning a byte array that is just digested.
byte [] org.ccnx.ccn.protocol.ContentObject.digest | ( | ) |
Calculates a digest of the wire representation of this ContentObject.
This is used as the implicit final name component. Note: the value is cached, so subsequent calls are fast.
byte [] org.ccnx.ccn.protocol.ContentObject._digest = null [protected] |
Cache of the complete ContentObject's digest.
Set when first calculated. Used as the implicit last name component.