NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.5: NDN, CCN, CCNx, content centric networks
API Documentation
certificate.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2022 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  *
21  * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
22  * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
23  */
24 
29 
30 namespace ndn {
31 namespace security {
32 inline namespace v2 {
33 
34 BOOST_CONCEPT_ASSERT((WireEncodable<Certificate>));
35 BOOST_CONCEPT_ASSERT((WireDecodable<Certificate>));
36 
37 // /<IdentityName>/KEY/<KeyId>/<IssuerId>/<Version>
38 const ssize_t Certificate::VERSION_OFFSET = -1;
39 const ssize_t Certificate::ISSUER_ID_OFFSET = -2;
40 const ssize_t Certificate::KEY_ID_OFFSET = -3;
41 const ssize_t Certificate::KEY_COMPONENT_OFFSET = -4;
42 const size_t Certificate::MIN_CERT_NAME_LENGTH = 4;
43 const size_t Certificate::MIN_KEY_NAME_LENGTH = 2;
46 
48 {
50 }
51 
53  : Data(std::move(data))
54 {
55  if (!isValidName(getName())) {
56  NDN_THROW(Data::Error("Name does not follow the naming convention for certificate"));
57  }
59  NDN_THROW(Data::Error("Expecting ContentType Key, got " + to_string(getContentType())));
60  }
61  if (getFreshnessPeriod() < time::seconds::zero()) {
62  NDN_THROW(Data::Error("FreshnessPeriod is not set"));
63  }
64  if (getContent().value_size() == 0) {
65  NDN_THROW(Data::Error("Content is empty"));
66  }
67 }
68 
70  : Certificate(Data(data))
71 {
72 }
73 
75  : Certificate(Data(block))
76 {
77 }
78 
79 Name
81 {
82  return getName().getPrefix(KEY_ID_OFFSET + 1);
83 }
84 
85 Name
87 {
89 }
90 
93 {
94  return getName().at(KEY_ID_OFFSET);
95 }
96 
99 {
100  return getName().at(ISSUER_ID_OFFSET);
101 }
102 
103 Buffer
105 {
106  if (getContent().value_size() == 0)
107  NDN_THROW(Data::Error("Certificate Content is empty"));
108 
109  return {getContent().value_begin(), getContent().value_end()};
110 }
111 
114 {
116 }
117 
118 bool
120 {
122 }
123 
124 Block
125 Certificate::getExtension(uint32_t type) const
126 {
127  auto block = getSignatureInfo().getCustomTlv(type);
128  if (!block) {
129  NDN_THROW(Error("TLV-TYPE " + to_string(type) + " sub-element does not exist in SignatureInfo"));
130  }
131  return *block;
132 }
133 
134 bool
136 {
137  // /<IdentityName>/KEY/<KeyId>/<IssuerId>/<Version>
138  return certName.size() >= Certificate::MIN_CERT_NAME_LENGTH &&
140 }
141 
142 std::ostream&
143 operator<<(std::ostream& os, const Certificate& cert)
144 {
145  os << "Certificate Name:\n"
146  << " " << cert.getName() << "\n";
147 
148  auto optAddlDesc = cert.getSignatureInfo().getCustomTlv(tlv::AdditionalDescription);
149  if (optAddlDesc) {
150  os << "Additional Description:\n";
151  try {
152  AdditionalDescription additionalDesc(*optAddlDesc);
153  for (const auto& item : additionalDesc) {
154  os << " " << item.first << ": " << item.second << "\n";
155  }
156  }
157  catch (const tlv::Error&) {
158  using namespace transform;
159  util::IndentedStream os2(os, " ");
160  bufferSource(optAddlDesc->value_bytes()) >> base64Encode() >> streamSink(os2);
161  }
162  }
163 
164  os << "Public Key:\n";
165  {
166  using namespace transform;
167 
168  os << " Key Type: ";
169  try {
170  PublicKey key;
171  key.loadPkcs8(cert.getPublicKey());
172  os << key.getKeySize() << "-bit " << key.getKeyType();
173  }
174  catch (const std::runtime_error&) {
175  os << "Unknown (" << cert.getContent().value_size() << " bytes)";
176  }
177  os << "\n";
178 
179  if (cert.getContent().value_size() > 0) {
180  util::IndentedStream os2(os, " ");
181  bufferSource(cert.getPublicKey()) >> base64Encode() >> streamSink(os2);
182  }
183  }
184 
185  try {
186  const auto& validityPeriod = cert.getValidityPeriod().getPeriod();
187  os << "Validity:\n"
188  << " Not Before: " << time::toIsoExtendedString(validityPeriod.first) << "\n"
189  << " Not After: " << time::toIsoExtendedString(validityPeriod.second) << "\n";
190  }
191  catch (const tlv::Error&) {
192  // ignore
193  }
194 
195  os << "Signature Information:\n"
196  << " Signature Type: " << static_cast<tlv::SignatureTypeValue>(cert.getSignatureType()) << "\n";
197 
198  auto keyLoc = cert.getKeyLocator();
199  if (keyLoc) {
200  os << " Key Locator: " << *keyLoc << "\n";
201  if (keyLoc->getType() == tlv::Name && keyLoc->getName() == cert.getKeyName()) {
202  os << " Self-Signed: yes\n";
203  }
204  }
205 
206  return os;
207 }
208 
209 Name
211 {
212  if (!Certificate::isValidName(certName)) {
213  NDN_THROW(std::invalid_argument("Certificate name `" + certName.toUri() + "` "
214  "does not respect the naming conventions"));
215  }
216 
217  return certName.getPrefix(Certificate::KEY_COMPONENT_OFFSET); // trim everything after and including "KEY"
218 }
219 
220 Name
222 {
223  if (!Certificate::isValidName(certName)) {
224  NDN_THROW(std::invalid_argument("Certificate name `" + certName.toUri() + "` "
225  "does not respect the naming conventions"));
226  }
227 
228  return certName.getPrefix(Certificate::KEY_ID_OFFSET + 1); // trim everything after key id
229 }
230 
231 } // inline namespace v2
232 } // namespace security
233 } // namespace ndn
PartialName getPrefix(ssize_t nComponents) const
Returns a prefix of the name.
Definition: name.hpp:209
Data & setContentType(uint32_t type)
Definition: data.cpp:336
Copyright (c) 2011-2015 Regents of the University of California.
static const ssize_t KEY_ID_OFFSET
Represents an NDN certificate following the version 2.0 format.
Definition: certificate.hpp:60
Buffer getPublicKey() const
Get public key bits (in PKCS#8 format)
name::Component getIssuerId() const
Get issuer ID.
Definition: certificate.cpp:98
static const size_t MIN_KEY_NAME_LENGTH
std::string to_string(const T &val)
Definition: backports.hpp:86
Name getIdentity() const
Get identity name.
Definition: certificate.cpp:86
Represents an AdditionalDescription TLV element.
public key, certificate
Definition: tlv.hpp:163
Name extractKeyNameFromCertName(const Name &certName)
Extract key name from the certificate name certName.
const_iterator value_begin() const noexcept
Get begin iterator of TLV-VALUE.
Definition: block.hpp:301
STL namespace.
size_t value_size() const noexcept
Return the size of TLV-VALUE, i.e., the TLV-LENGTH.
Definition: block.hpp:321
Represents a TLV element of the NDN packet format.
Definition: block.hpp:44
optional< KeyLocator > getKeyLocator() const noexcept
Get KeyLocator.
Definition: data.hpp:314
bool isValid(const time::system_clock::TimePoint &now=time::system_clock::now()) const
Check if now falls within the validity period.
static const size_t MIN_CERT_NAME_LENGTH
optional< Block > getCustomTlv(uint32_t type) const
Get first custom TLV element with the specified TLV-TYPE.
#define NDN_THROW(e)
Definition: exception.hpp:61
const Component & at(ssize_t i) const
Returns an immutable reference to the component at the specified index, with bounds checking...
Definition: name.cpp:171
std::ostream & operator<<(std::ostream &os, const AdditionalDescription &desc)
int32_t getSignatureType() const noexcept
Get SignatureType.
Definition: data.hpp:306
Represents a ValidityPeriod TLV element.
static const ssize_t KEY_COMPONENT_OFFSET
std::pair< time::system_clock::TimePoint, time::system_clock::TimePoint > getPeriod() const
Get the stored validity period.
static const ssize_t VERSION_OFFSET
unique_ptr< Sink > streamSink(std::ostream &os)
Definition: stream-sink.cpp:53
std::string toIsoExtendedString(const system_clock::time_point &timePoint)
Convert to the ISO 8601 string representation, extended format (YYYY-MM-DDTHH:MM:SS,fffffffff).
Definition: time.cpp:149
Name getKeyName() const
Get key name.
Definition: certificate.cpp:80
const Name & getName() const noexcept
Get name.
Definition: data.hpp:127
Represents an absolute name.
Definition: name.hpp:41
SignatureTypeValue
SignatureType values.
Definition: tlv.hpp:132
size_t size() const
Returns the number of components.
Definition: name.hpp:151
Represents a name component.
name::Component getKeyId() const
Get key ID.
Definition: certificate.cpp:92
static bool isValidName(const Name &certName)
Check if the specified name follows the naming convention for the certificate.
const Block & getContent() const noexcept
Get the Content element.
Definition: data.hpp:175
void toUri(std::ostream &os, name::UriFormat format=name::UriFormat::DEFAULT) const
Write URI representation of the name to the output stream.
Definition: name.cpp:349
static const name::Component KEY_COMPONENT
static const ssize_t ISSUER_ID_OFFSET
Block getExtension(uint32_t type) const
Get extension with TLV type.
const_iterator value_end() const noexcept
Get end iterator of TLV-VALUE.
Definition: block.hpp:311
ValidityPeriod getValidityPeriod() const
Get validity period of the certificate.
a concept check for TLV abstraction with .wireEncode method
Definition: concepts.hpp:44
time::milliseconds getFreshnessPeriod() const
Definition: data.hpp:284
Represents a Data packet.
Definition: data.hpp:37
a concept check for TLV abstraction with .wireDecode method and constructible from Block ...
Definition: concepts.hpp:80
General-purpose automatically managed/resized buffer.
Definition: buffer.hpp:41
Output to stream with specified indent or prefix.
uint32_t getContentType() const
Definition: data.hpp:275
bool isValid(const time::system_clock::TimePoint &ts=time::system_clock::now()) const
Check if the certificate is valid at ts.
represents an error in TLV encoding or decoding
Definition: tlv.hpp:52
const SignatureInfo & getSignatureInfo() const noexcept
Get SignatureInfo.
Definition: data.hpp:229
time_point TimePoint
Definition: time.hpp:203
security::ValidityPeriod getValidityPeriod() const
Get ValidityPeriod.
unique_ptr< Transform > base64Encode(bool needBreak)
static const name::Component DEFAULT_ISSUER_ID
Name extractIdentityFromCertName(const Name &certName)
Extract identity namespace from the certificate name certName.