The certificate following the certificate format naming convention. More...
#include <certificate.hpp>
Public Member Functions | |
Certificate () | |
Certificate (Data &&data) | |
Construct certificate from a data object. More... | |
Certificate (const Data &data) | |
Construct certificate from a data object. More... | |
Certificate (const Block &block) | |
Construct certificate from a wire encoding. More... | |
Name | getKeyName () const |
Get key name. More... | |
Name | getIdentity () const |
Get identity name. More... | |
name::Component | getKeyId () const |
Get key ID. More... | |
name::Component | getIssuerId () const |
Get issuer ID. More... | |
Buffer | getPublicKey () const |
Get public key bits (in PKCS#8 format) More... | |
ValidityPeriod | getValidityPeriod () const |
Get validity period of the certificate. More... | |
bool | isValid (const time::system_clock::TimePoint &ts=time::system_clock::now()) const |
Check if the certificate is valid at ts . More... | |
const Block & | getExtension (uint32_t type) const |
Get extension with TLV type . More... | |
Public Member Functions inherited from ndn::Data | |
Data (const Name &name=Name()) | |
Create a new Data with the given name and empty Content. More... | |
Data (const Block &wire) | |
Create from wire encoding. More... | |
template<encoding::Tag TAG> | |
size_t | wireEncode (EncodingImpl< TAG > &encoder, bool wantUnsignedPortionOnly=false) const |
Fast encoding or block size estimation. More... | |
const Block & | wireEncode (EncodingBuffer &encoder, const Block &signatureValue) const |
Finalize Data packet encoding with the specified SignatureValue. More... | |
const Block & | wireEncode () const |
Encode to a wire format. More... | |
void | wireDecode (const Block &wire) |
Decode from the wire format. More... | |
bool | hasWire () const |
Check if already has wire. More... | |
const Name & | getFullName () const |
Get full name including implicit digest. More... | |
const Name & | getName () const |
Get name. More... | |
Data & | setName (const Name &name) |
Set name. More... | |
const MetaInfo & | getMetaInfo () const |
Get MetaInfo. More... | |
Data & | setMetaInfo (const MetaInfo &metaInfo) |
Set MetaInfo. More... | |
const Block & | getContent () const |
Get Content. More... | |
Data & | setContent (const Block &block) |
Set Content from a block. More... | |
Data & | setContent (const uint8_t *value, size_t valueSize) |
Copy Content value from raw buffer. More... | |
Data & | setContent (const ConstBufferPtr &value) |
Set Content from wire buffer. More... | |
const Signature & | getSignature () const |
Get Signature. More... | |
Data & | setSignature (const Signature &signature) |
Set Signature. More... | |
Data & | setSignatureValue (const Block &value) |
Set SignatureValue. More... | |
uint32_t | getContentType () const |
Data & | setContentType (uint32_t type) |
const time::milliseconds & | getFreshnessPeriod () const |
Data & | setFreshnessPeriod (const time::milliseconds &freshnessPeriod) |
const name::Component & | getFinalBlockId () const |
Data & | setFinalBlockId (const name::Component &finalBlockId) |
Public Member Functions inherited from ndn::PacketBase | |
uint64_t | getCongestionMark () const |
get the value of the CongestionMark tag More... | |
void | setCongestionMark (uint64_t mark) |
set the CongestionMark tag to the specified value More... | |
Public Member Functions inherited from ndn::TagHost | |
template<typename T > | |
shared_ptr< T > | getTag () const |
get a tag item More... | |
template<typename T > | |
void | setTag (shared_ptr< T > tag) const |
set a tag item More... | |
template<typename T > | |
void | removeTag () const |
remove tag item More... | |
Static Public Member Functions | |
static bool | isValidName (const Name &certName) |
Check if the specified name follows the naming convention for the certificate. More... | |
Static Public Attributes | |
static const ssize_t | VERSION_OFFSET = -1 |
static const ssize_t | ISSUER_ID_OFFSET = -2 |
static const ssize_t | KEY_COMPONENT_OFFSET = -4 |
static const ssize_t | KEY_ID_OFFSET = -3 |
static const size_t | MIN_CERT_NAME_LENGTH = 4 |
static const size_t | MIN_KEY_NAME_LENGTH = 2 |
static const name::Component | KEY_COMPONENT |
Additional Inherited Members | |
Protected Member Functions inherited from ndn::Data | |
void | resetWire () |
Clear wire encoding and cached FullName. More... | |
The certificate following the certificate format naming convention.
Overview of NDN certificate format:
CertificateV2 ::= DATA-TLV TLV-LENGTH Name (= /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version]) MetaInfo (.ContentType = KEY) Content (= X509PublicKeyContent) SignatureInfo (= CertificateV2SignatureInfo) SignatureValue X509PublicKeyContent ::= CONTENT-TLV TLV-LENGTH BYTE+ (= public key bits in PKCS#8 format) CertificateV2SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH SignatureType KeyLocator ValidityPeriod ... optional critical or non-critical extension blocks ...
An example of NDN certificate name:
/edu/ucla/cs/yingdi/KEY/%03%CD...%F1/%9F%D3...%B7/%FD%d2...%8E \_________________/ \___________/ \___________/\___________/
Certificate Namespace Key Id Issuer Id Version (Identity) __________________________________/ Key Name
Notes:
Key Id
is opaque name component to identify an instance of the public key for the certificate namespace. The value of Key ID
is controlled by the namespace owner. The library includes helpers for generation of key IDs using 8-byte random number, SHA-256 digest of the public key, timestamp, and the specified numerical identifiers.Issuer Id
is opaque name component to identify issuer of the certificate. The value is controlled by the issuer. The library includes helpers to set issuer ID to a 8-byte random number, SHA-256 digest of the issuer's public key, and the specified numerical identifiers.Key Name
is a logical name of the key used for management pursposes. Key Name includes the certificate namespace, keyword KEY
, and KeyId
components.Definition at line 81 of file certificate.hpp.
ndn::security::v2::Certificate::Certificate | ( | ) |
Definition at line 48 of file certificate.cpp.
References ndn::tlv::ContentType_Key, and ndn::Data::setContentType().
|
explicit |
Construct certificate from a data object.
tlv::Error | if data does not follow certificate format |
Definition at line 53 of file certificate.cpp.
References ndn::tlv::ContentType_Key, ndn::Data::getContent(), ndn::Data::getContentType(), ndn::Data::getFreshnessPeriod(), ndn::Data::getName(), and isValidName().
|
explicit |
Construct certificate from a data object.
tlv::Error | if data does not follow certificate format |
Definition at line 70 of file certificate.cpp.
|
explicit |
Construct certificate from a wire encoding.
tlv::Error | if wire encoding is invalid or does not follow certificate format |
Definition at line 75 of file certificate.cpp.
Name ndn::security::v2::Certificate::getKeyName | ( | ) | const |
Get key name.
Definition at line 81 of file certificate.cpp.
References ndn::Data::getName(), ndn::Name::getPrefix(), and KEY_ID_OFFSET.
Referenced by ndn::security::pib::CertificateContainer::add(), ndn::security::pib::PibMemory::addCertificate(), ndn::security::pib::PibSqlite3::addCertificate(), ndn::security::v2::KeyChain::addCertificate(), ndn::security::v2::KeyChain::exportSafeBag(), ndn::security::v2::KeyChain::importSafeBag(), and ndn::security::v2::operator<<().
Name ndn::security::v2::Certificate::getIdentity | ( | ) | const |
Get identity name.
Definition at line 87 of file certificate.cpp.
References ndn::Data::getName(), ndn::Name::getPrefix(), and KEY_COMPONENT_OFFSET.
Referenced by ndn::security::pib::PibMemory::addCertificate(), ndn::security::pib::PibSqlite3::addCertificate(), ndn::security::v2::KeyChain::exportSafeBag(), and ndn::security::v2::KeyChain::importSafeBag().
name::Component ndn::security::v2::Certificate::getKeyId | ( | ) | const |
Get key ID.
Definition at line 93 of file certificate.cpp.
References ndn::Name::at(), ndn::Data::getName(), and KEY_ID_OFFSET.
name::Component ndn::security::v2::Certificate::getIssuerId | ( | ) | const |
Get issuer ID.
Definition at line 99 of file certificate.cpp.
References ndn::Name::at(), ndn::Data::getName(), and ISSUER_ID_OFFSET.
Buffer ndn::security::v2::Certificate::getPublicKey | ( | ) | const |
Get public key bits (in PKCS#8 format)
Error | If content is empty |
Definition at line 105 of file certificate.cpp.
References ndn::Data::getContent().
Referenced by ndn::security::v2::KeyChain::importSafeBag(), and ndn::security::v2::operator<<().
ValidityPeriod ndn::security::v2::Certificate::getValidityPeriod | ( | ) | const |
Get validity period of the certificate.
Definition at line 113 of file certificate.cpp.
References ndn::Data::getSignature(), ndn::Signature::getSignatureInfo(), and ndn::SignatureInfo::getValidityPeriod().
Referenced by ndn::security::v2::CertificateCache::insert(), and ndn::security::v2::operator<<().
bool ndn::security::v2::Certificate::isValid | ( | const time::system_clock::TimePoint & | ts = time::system_clock::now() | ) | const |
Check if the certificate is valid at ts
.
Definition at line 119 of file certificate.cpp.
References ndn::Data::getSignature(), ndn::Signature::getSignatureInfo(), ndn::SignatureInfo::getValidityPeriod(), and ndn::security::ValidityPeriod::isValid().
Referenced by ndn::security::v2::Validator::validate().
const Block & ndn::security::v2::Certificate::getExtension | ( | uint32_t | type | ) | const |
Get extension with TLV type
.
ndn::SignatureInfo::Error | if the specified block type does not exist |
Definition at line 125 of file certificate.cpp.
References ndn::Data::getSignature(), ndn::Signature::getSignatureInfo(), and ndn::SignatureInfo::getTypeSpecificTlv().
|
static |
Check if the specified name follows the naming convention for the certificate.
Definition at line 131 of file certificate.cpp.
References ndn::Name::get(), KEY_COMPONENT, and ndn::Name::size().
Referenced by Certificate(), ndn::security::v2::KeyChain::deleteCertificate(), ndn::security::v2::extractIdentityFromCertName(), ndn::security::v2::extractKeyNameFromCertName(), ndn::security::pib::CertificateContainer::get(), and ndn::security::pib::CertificateContainer::remove().
|
static |
Definition at line 166 of file certificate.hpp.
|
static |
Definition at line 167 of file certificate.hpp.
Referenced by getIssuerId().
|
static |
Definition at line 168 of file certificate.hpp.
Referenced by getIdentity().
|
static |
Definition at line 169 of file certificate.hpp.
Referenced by getKeyId(), and getKeyName().
|
static |
Definition at line 170 of file certificate.hpp.
|
static |
Definition at line 171 of file certificate.hpp.
|
static |
Definition at line 172 of file certificate.hpp.
Referenced by isValidName().