NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.3: NDN, CCN, CCNx, content centric networks
API Documentation
certificate.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2017 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  *
21  * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
22  * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
23  */
24 
25 #include "certificate.hpp"
27 #include "../../encoding/block-helpers.hpp"
28 #include "../../util/indented-stream.hpp"
29 #include "../transform.hpp"
30 
31 namespace ndn {
32 namespace security {
33 namespace v2 {
34 
35 BOOST_CONCEPT_ASSERT((WireEncodable<Certificate>));
36 BOOST_CONCEPT_ASSERT((WireDecodable<Certificate>));
37 
38 // /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version]
39 
40 const ssize_t Certificate::VERSION_OFFSET = -1;
41 const ssize_t Certificate::ISSUER_ID_OFFSET = -2;
42 const ssize_t Certificate::KEY_ID_OFFSET = -3;
43 const ssize_t Certificate::KEY_COMPONENT_OFFSET = -4;
44 const size_t Certificate::MIN_CERT_NAME_LENGTH = 4;
45 const size_t Certificate::MIN_KEY_NAME_LENGTH = 2;
47 
49 {
51 }
52 
54  : Data(data)
55 {
56  if (!isValidName(getName())) {
57  BOOST_THROW_EXCEPTION(Data::Error("Name does not follow the naming convention for certificate"));
58  }
60  BOOST_THROW_EXCEPTION(Data::Error("ContentType is not KEY"));
61  }
62  if (getFreshnessPeriod() < time::seconds::zero()) {
63  BOOST_THROW_EXCEPTION(Data::Error("FreshnessPeriod is not set"));
64  }
65  if (getContent().value_size() == 0) {
66  BOOST_THROW_EXCEPTION(Data::Error("Content is empty"));
67  }
68 }
69 
71  : Certificate(Data(data))
72 {
73 }
74 
76  : Certificate(Data(block))
77 {
78 }
79 
80 Name
82 {
83  return getName().getPrefix(KEY_ID_OFFSET + 1);
84 }
85 
86 Name
88 {
90 }
91 
94 {
95  return getName().at(KEY_ID_OFFSET);
96 }
97 
100 {
101  return getName().at(ISSUER_ID_OFFSET);
102 }
103 
104 Buffer
106 {
107  if (getContent().value_size() == 0)
108  BOOST_THROW_EXCEPTION(Data::Error("Content is empty"));
109  return Buffer(getContent().value(), getContent().value_size());
110 }
111 
114 {
116 }
117 
118 bool
120 {
122 }
123 
124 const Block&
125 Certificate::getExtension(uint32_t type) const
126 {
128 }
129 
130 bool
132 {
133  // /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version]
134  return (certName.size() >= Certificate::MIN_CERT_NAME_LENGTH &&
135  certName.get(Certificate::KEY_COMPONENT_OFFSET) == Certificate::KEY_COMPONENT);
136 }
137 
138 std::ostream&
139 operator<<(std::ostream& os, const Certificate& cert)
140 {
141  os << "Certificate name:\n";
142  os << " " << cert.getName() << "\n";
143  os << "Validity:\n";
144  {
145  os << " NotBefore: " << time::toIsoString(cert.getValidityPeriod().getPeriod().first) << "\n";
146  os << " NotAfter: " << time::toIsoString(cert.getValidityPeriod().getPeriod().second) << "\n";
147  }
148 
149  try {
151  os << "Additional Description:\n";
152  for (const auto& item : v2::AdditionalDescription(info)) {
153  os << " " << item.first << ": " << item.second << "\n";
154  }
155  }
156  catch (const SignatureInfo::Error&) {
157  // ignore
158  }
159 
160  os << "Public key bits:\n";
161  {
162  using namespace transform;
163  util::IndentedStream os2(os, " ");
164  bufferSource(cert.getPublicKey().data(), cert.getPublicKey().size()) >> base64Encode() >> streamSink(os2);
165  }
166 
167  os << "Signature Information:\n";
168  {
169  os << " Signature Type: " << static_cast<tlv::SignatureTypeValue>(cert.getSignature().getType()) << "\n";
170 
171  if (cert.getSignature().hasKeyLocator()) {
172  os << " Key Locator: ";
173  const KeyLocator& keyLocator = cert.getSignature().getKeyLocator();
174  if (keyLocator.getType() == KeyLocator::KeyLocator_Name && keyLocator.getName() == cert.getKeyName()) {
175  os << "Self-Signed ";
176  }
177  os << keyLocator << "\n";
178  }
179  }
180 
181  return os;
182 }
183 
184 Name
186 {
187  if (!Certificate::isValidName(certName)) {
188  BOOST_THROW_EXCEPTION(std::invalid_argument("Certificate name `" + certName.toUri() + "` "
189  "does not follow the naming conventions"));
190  }
191 
192  return certName.getPrefix(Certificate::KEY_COMPONENT_OFFSET); // trim everything after and including "KEY"
193 }
194 
195 Name
197 {
198  if (!Certificate::isValidName(certName)) {
199  BOOST_THROW_EXCEPTION(std::invalid_argument("Certificate name `" + certName.toUri() + "` "
200  "does not follow the naming conventions"));
201  }
202 
203  return certName.getPrefix(Certificate::KEY_ID_OFFSET + 1); // trim everything after key id
204 }
205 
206 } // namespace v2
207 } // namespace security
208 } // namespace ndn
bool isValid(const time::system_clock::TimePoint &ts=time::system_clock::now()) const
Check if the certificate is valid at ts.
Data & setContentType(uint32_t type)
Definition: data.cpp:241
Copyright (c) 2011-2015 Regents of the University of California.
static const ssize_t KEY_ID_OFFSET
The certificate following the certificate format naming convention.
Definition: certificate.hpp:81
Name getKeyName() const
Get key name.
Definition: certificate.cpp:81
const Block & getTypeSpecificTlv(uint32_t type) const
Get SignatureType-specific sub-element.
static const size_t MIN_KEY_NAME_LENGTH
const time::milliseconds & getFreshnessPeriod() const
Definition: data.hpp:210
uint32_t getContentType() const
Definition: data.hpp:201
Abstraction of AdditionalDescription.
Name extractKeyNameFromCertName(const Name &certName)
Extract key name from the certificate name certName.
const Signature & getSignature() const
Get Signature.
Definition: data.hpp:182
bool hasKeyLocator() const
Check if KeyLocator exists in SignatureInfo.
Definition: signature.hpp:120
const KeyLocator & getKeyLocator() const
Get KeyLocator.
Definition: signature.hpp:129
ValidityPeriod getValidityPeriod() const
Get validity period of the certificate.
Represents a TLV element of NDN packet format.
Definition: block.hpp:42
indicates KeyLocator contains a Name
Definition: key-locator.hpp:49
static const size_t MIN_CERT_NAME_LENGTH
Catch-all error for security policy errors that don&#39;t fit in other categories.
Definition: base.hpp:79
const SignatureInfo & getSignatureInfo() const
Get SignatureInfo.
Definition: signature.hpp:69
std::string toUri() const
Get URI representation of the name.
Definition: name.cpp:122
const Name & getName() const
get Name element
name::Component getKeyId() const
Get key ID.
Definition: certificate.cpp:93
Abstraction of validity period.
std::pair< time::system_clock::TimePoint, time::system_clock::TimePoint > getPeriod() const
Get the stored validity period.
static const ssize_t KEY_COMPONENT_OFFSET
Type getType() const
static const ssize_t VERSION_OFFSET
unique_ptr< Sink > streamSink(std::ostream &os)
Definition: stream-sink.cpp:53
security::ValidityPeriod getValidityPeriod() const
Get ValidityPeriod.
name::Component getIssuerId() const
Get issuer ID.
Definition: certificate.cpp:99
const Block & getExtension(uint32_t type) const
Get extension with TLV type.
size_t size() const
Get number of components.
Definition: name.hpp:154
Name getIdentity() const
Get identity name.
Definition: certificate.cpp:87
Represents an absolute name.
Definition: name.hpp:42
std::string toIsoString(const system_clock::TimePoint &timePoint)
Convert to the ISO string representation of the time (YYYYMMDDTHHMMSS,fffffffff)
Definition: time.cpp:131
const Component & at(ssize_t i) const
Get the component at the given index.
Definition: name.cpp:185
Buffer getPublicKey() const
Get public key bits (in PKCS#8 format)
tlv::SignatureTypeValue getType() const
Get SignatureType.
Definition: signature.cpp:44
time_point TimePoint
Definition: time.hpp:90
std::ostream & operator<<(std::ostream &os, const AdditionalDescription &other)
const Name & getName() const
Get name.
Definition: data.hpp:121
Component holds a read-only name component value.
static bool isValidName(const Name &certName)
Check if the specified name follows the naming convention for the certificate.
const Block & getContent() const
Get Content.
Definition: data.cpp:185
SignatureTypeValue
Definition: tlv.hpp:99
indicates content is a public key
Definition: tlv.hpp:136
bool isValid(const time::system_clock::TimePoint &now=time::system_clock::now()) const
Check if now falls within the validity period.
static const name::Component KEY_COMPONENT
PartialName getPrefix(ssize_t nComponents) const
Extract a prefix of the name.
Definition: name.hpp:210
static const ssize_t ISSUER_ID_OFFSET
a concept check for TLV abstraction with .wireEncode method
Definition: concepts.hpp:44
Represents a Data packet.
Definition: data.hpp:35
a concept check for TLV abstraction with .wireDecode method and constructible from Block ...
Definition: concepts.hpp:80
General-purpose automatically managed/resized buffer.
Definition: buffer.hpp:40
Output to stream with specified indent or prefix.
const Component & get(ssize_t i) const
Get the component at the given index.
Definition: name.hpp:164
unique_ptr< Transform > base64Encode(bool needBreak)
Name extractIdentityFromCertName(const Name &certName)
Extract identity namespace from the certificate name certName.