NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.5: NDN, CCN, CCNx, content centric networks
API Documentation
ndn::security::v2::Certificate Class Reference

The certificate following the certificate format naming convention. More...

#include <certificate.hpp>

Inheritance diagram for ndn::security::v2::Certificate:
Collaboration diagram for ndn::security::v2::Certificate:

Public Member Functions

 Certificate ()
 
 Certificate (Data &&data)
 Construct certificate from a data object. More...
 
 Certificate (const Data &data)
 Construct certificate from a data object. More...
 
 Certificate (const Block &block)
 Construct certificate from a wire encoding. More...
 
Name getKeyName () const
 Get key name. More...
 
Name getIdentity () const
 Get identity name. More...
 
name::Component getKeyId () const
 Get key ID. More...
 
name::Component getIssuerId () const
 Get issuer ID. More...
 
Buffer getPublicKey () const
 Get public key bits (in PKCS#8 format) More...
 
ValidityPeriod getValidityPeriod () const
 Get validity period of the certificate. More...
 
bool isValid (const time::system_clock::TimePoint &ts=time::system_clock::now()) const
 Check if the certificate is valid at ts. More...
 
const BlockgetExtension (uint32_t type) const
 Get extension with TLV type. More...
 
- Public Member Functions inherited from ndn::Data
 Data (const Name &name=Name())
 Construct an unsigned Data packet with given name and empty Content. More...
 
 Data (const Block &wire)
 Construct a Data packet by decoding from wire. More...
 
template<encoding::Tag TAG>
size_t wireEncode (EncodingImpl< TAG > &encoder, bool wantUnsignedPortionOnly=false) const
 Prepend wire encoding to encoder in NDN Packet Format v0.2. More...
 
const BlockwireEncode (EncodingBuffer &encoder, const Block &signatureValue) const
 Finalize Data packet encoding with the specified SignatureValue. More...
 
const BlockwireEncode () const
 Encode to a Block. More...
 
void wireDecode (const Block &wire)
 Decode from wire in NDN Packet Format v0.2 or v0.3. More...
 
bool hasWire () const
 Check if this instance has cached wire encoding. More...
 
const NamegetFullName () const
 Get full name including implicit digest. More...
 
const NamegetName () const
 Get name. More...
 
DatasetName (const Name &name)
 Set name. More...
 
const MetaInfogetMetaInfo () const
 Get MetaInfo. More...
 
DatasetMetaInfo (const MetaInfo &metaInfo)
 Set MetaInfo. More...
 
const BlockgetContent () const
 Get Content. More...
 
DatasetContent (const Block &block)
 Set Content from a block. More...
 
DatasetContent (const uint8_t *value, size_t valueSize)
 Copy Content value from raw buffer. More...
 
DatasetContent (ConstBufferPtr value)
 Set Content from wire buffer. More...
 
const SignaturegetSignature () const
 Get Signature. More...
 
DatasetSignature (const Signature &signature)
 Set Signature. More...
 
DatasetSignatureValue (const Block &value)
 Set SignatureValue. More...
 
uint32_t getContentType () const
 
DatasetContentType (uint32_t type)
 
time::milliseconds getFreshnessPeriod () const
 
DatasetFreshnessPeriod (time::milliseconds freshnessPeriod)
 
const optional< name::Component > & getFinalBlock () const
 
DatasetFinalBlock (optional< name::Component > finalBlockId)
 
- Public Member Functions inherited from ndn::PacketBase
uint64_t getCongestionMark () const
 get the value of the CongestionMark tag More...
 
void setCongestionMark (uint64_t mark)
 set the CongestionMark tag to the specified value More...
 
- Public Member Functions inherited from ndn::TagHost
template<typename T >
shared_ptr< T > getTag () const
 get a tag item More...
 
template<typename T >
void setTag (shared_ptr< T > tag) const
 set a tag item More...
 
template<typename T >
void removeTag () const
 remove tag item More...
 

Static Public Member Functions

static bool isValidName (const Name &certName)
 Check if the specified name follows the naming convention for the certificate. More...
 

Static Public Attributes

static const ssize_t VERSION_OFFSET = -1
 
static const ssize_t ISSUER_ID_OFFSET = -2
 
static const ssize_t KEY_COMPONENT_OFFSET = -4
 
static const ssize_t KEY_ID_OFFSET = -3
 
static const size_t MIN_CERT_NAME_LENGTH = 4
 
static const size_t MIN_KEY_NAME_LENGTH = 2
 
static const name::Component KEY_COMPONENT
 

Additional Inherited Members

- Protected Member Functions inherited from ndn::Data
void resetWire ()
 Clear wire encoding and cached FullName. More...
 

Detailed Description

The certificate following the certificate format naming convention.

Overview of NDN certificate format:

CertificateV2 ::= DATA-TLV TLV-LENGTH
                    Name      (= /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version])
                    MetaInfo  (.ContentType = KEY)
                    Content   (= X509PublicKeyContent)
                    SignatureInfo (= CertificateV2SignatureInfo)
                    SignatureValue

X509PublicKeyContent ::= CONTENT-TLV TLV-LENGTH
                           BYTE+ (= public key bits in PKCS#8 format)

CertificateV2SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
                                 SignatureType
                                 KeyLocator
                                 ValidityPeriod
                                 ... optional critical or non-critical extension blocks ...

An example of NDN certificate name:

/edu/ucla/cs/yingdi/KEY/%03%CD...%F1/%9F%D3...%B7/%FD%d2...%8E
\_________________/    \___________/ \___________/\___________/

Certificate Namespace Key Id Issuer Id Version (Identity) __________________________________/ Key Name

Notes:

  • Key Id is opaque name component to identify an instance of the public key for the certificate namespace. The value of Key ID is controlled by the namespace owner. The library includes helpers for generation of key IDs using 8-byte random number, SHA-256 digest of the public key, timestamp, and the specified numerical identifiers.
  • Issuer Id is opaque name component to identify issuer of the certificate. The value is controlled by the issuer. The library includes helpers to set issuer ID to a 8-byte random number, SHA-256 digest of the issuer's public key, and the specified numerical identifiers.
  • Key Name is a logical name of the key used for management pursposes. Key Name includes the certificate namespace, keyword KEY, and KeyId components.
See also
doc/specs/certificate-format.rst

Definition at line 81 of file certificate.hpp.

Constructor & Destructor Documentation

◆ Certificate() [1/4]

ndn::security::v2::Certificate::Certificate ( )

Definition at line 48 of file certificate.cpp.

References ndn::tlv::ContentType_Key, and ndn::Data::setContentType().

◆ Certificate() [2/4]

ndn::security::v2::Certificate::Certificate ( Data &&  data)
explicit

Construct certificate from a data object.

Exceptions
tlv::Errorif data does not follow certificate format

Definition at line 53 of file certificate.cpp.

References ndn::tlv::ContentType_Key, ndn::Data::getContent(), ndn::Data::getContentType(), ndn::Data::getFreshnessPeriod(), ndn::Data::getName(), isValidName(), NDN_THROW, and ndn::to_string().

◆ Certificate() [3/4]

ndn::security::v2::Certificate::Certificate ( const Data data)
explicit

Construct certificate from a data object.

Exceptions
tlv::Errorif data does not follow certificate format

Definition at line 70 of file certificate.cpp.

◆ Certificate() [4/4]

ndn::security::v2::Certificate::Certificate ( const Block block)
explicit

Construct certificate from a wire encoding.

Exceptions
tlv::Errorif wire encoding is invalid or does not follow certificate format

Definition at line 75 of file certificate.cpp.

Member Function Documentation

◆ getKeyName()

◆ getIdentity()

◆ getKeyId()

name::Component ndn::security::v2::Certificate::getKeyId ( ) const

Get key ID.

Definition at line 93 of file certificate.cpp.

References ndn::Name::at(), ndn::Data::getName(), and KEY_ID_OFFSET.

◆ getIssuerId()

name::Component ndn::security::v2::Certificate::getIssuerId ( ) const

Get issuer ID.

Definition at line 99 of file certificate.cpp.

References ndn::Name::at(), ndn::Data::getName(), and ISSUER_ID_OFFSET.

◆ getPublicKey()

Buffer ndn::security::v2::Certificate::getPublicKey ( ) const

Get public key bits (in PKCS#8 format)

Exceptions
ErrorIf content is empty

Definition at line 105 of file certificate.cpp.

References ndn::Data::getContent(), and NDN_THROW.

Referenced by ndn::security::v2::KeyChain::importSafeBag(), and ndn::security::v2::operator<<().

◆ getValidityPeriod()

ValidityPeriod ndn::security::v2::Certificate::getValidityPeriod ( ) const

◆ isValid()

bool ndn::security::v2::Certificate::isValid ( const time::system_clock::TimePoint ts = time::system_clock::now()) const

◆ getExtension()

const Block & ndn::security::v2::Certificate::getExtension ( uint32_t  type) const

Get extension with TLV type.

Exceptions
ndn::SignatureInfo::Errorif the specified block type does not exist

Definition at line 125 of file certificate.cpp.

References ndn::Data::getSignature(), ndn::Signature::getSignatureInfo(), and ndn::SignatureInfo::getTypeSpecificTlv().

◆ isValidName()

bool ndn::security::v2::Certificate::isValidName ( const Name certName)
static

Member Data Documentation

◆ VERSION_OFFSET

const ssize_t ndn::security::v2::Certificate::VERSION_OFFSET = -1
static

Definition at line 166 of file certificate.hpp.

◆ ISSUER_ID_OFFSET

const ssize_t ndn::security::v2::Certificate::ISSUER_ID_OFFSET = -2
static

Definition at line 167 of file certificate.hpp.

Referenced by getIssuerId().

◆ KEY_COMPONENT_OFFSET

const ssize_t ndn::security::v2::Certificate::KEY_COMPONENT_OFFSET = -4
static

◆ KEY_ID_OFFSET

const ssize_t ndn::security::v2::Certificate::KEY_ID_OFFSET = -3
static

◆ MIN_CERT_NAME_LENGTH

const size_t ndn::security::v2::Certificate::MIN_CERT_NAME_LENGTH = 4
static

Definition at line 170 of file certificate.hpp.

Referenced by isValidName().

◆ MIN_KEY_NAME_LENGTH

const size_t ndn::security::v2::Certificate::MIN_KEY_NAME_LENGTH = 2
static

◆ KEY_COMPONENT

const name::Component ndn::security::v2::Certificate::KEY_COMPONENT
static

The documentation for this class was generated from the following files: