The certificate following the certificate format naming convention. More...
#include <certificate.hpp>
Public Member Functions | |
Certificate () | |
Certificate (Data &&data) | |
Construct certificate from a data object. More... | |
Certificate (const Data &data) | |
Construct certificate from a data object. More... | |
Certificate (const Block &block) | |
Construct certificate from a wire encoding. More... | |
Name | getKeyName () const |
Get key name. More... | |
Name | getIdentity () const |
Get identity name. More... | |
name::Component | getKeyId () const |
Get key ID. More... | |
name::Component | getIssuerId () const |
Get issuer ID. More... | |
Buffer | getPublicKey () const |
Get public key bits (in PKCS#8 format) More... | |
ValidityPeriod | getValidityPeriod () const |
Get validity period of the certificate. More... | |
bool | isValid (const time::system_clock::TimePoint &ts=time::system_clock::now()) const |
Check if the certificate is valid at ts . More... | |
const Block & | getExtension (uint32_t type) const |
Get extension with TLV type . More... | |
template<encoding::Tag TAG> | |
size_t | wireEncode (EncodingImpl< TAG > &encoder, bool wantUnsignedPortionOnly=false) const |
Fast encoding or block size estimation. More... | |
const Block & | wireEncode () const |
Encode to a wire format. More... | |
const Block & | wireEncode (EncodingBuffer &encoder, const Block &signatureValue) const |
Finalize Data packet encoding with the specified SignatureValue. More... | |
void | wireDecode (const Block &wire) |
Decode from the wire format. More... | |
bool | hasWire () const |
Check if Data is already has wire encoding. More... | |
const Name & | getName () const |
Get name of the Data packet. More... | |
Data & | setName (const Name &name) |
Set name to a copy of the given Name. More... | |
const Name & | getFullName () const |
Get full name of Data packet, including the implicit digest. More... | |
const MetaInfo & | getMetaInfo () const |
Get MetaInfo block from Data packet. More... | |
Data & | setMetaInfo (const MetaInfo &metaInfo) |
Set metaInfo to a copy of the given MetaInfo. More... | |
uint32_t | getContentType () const |
Data & | setContentType (uint32_t type) |
const time::milliseconds & | getFreshnessPeriod () const |
Data & | setFreshnessPeriod (const time::milliseconds &freshnessPeriod) |
const name::Component & | getFinalBlockId () const |
Data & | setFinalBlockId (const name::Component &finalBlockId) |
const Block & | getContent () const |
Get content Block. More... | |
Data & | setContent (const uint8_t *buffer, size_t bufferSize) |
Set the content from the buffer (buffer will be copied) More... | |
Data & | setContent (const Block &block) |
Set the content from the block. More... | |
Data & | setContent (const ConstBufferPtr &contentValue) |
Set the content from the pointer to immutable buffer. More... | |
const Signature & | getSignature () const |
Data & | setSignature (const Signature &signature) |
Set the signature to a copy of the given signature. More... | |
Data & | setSignatureValue (const Block &value) |
bool | operator== (const Data &other) const |
bool | operator!= (const Data &other) const |
template<typename T > | |
shared_ptr< T > | getTag () const |
get a tag item More... | |
template<typename T > | |
void | setTag (shared_ptr< T > tag) const |
set a tag item More... | |
template<typename T > | |
void | removeTag () const |
remove tag item More... | |
Static Public Member Functions | |
static bool | isValidName (const Name &certName) |
Check if the specified name follows the naming convention for the certificate. More... | |
Static Public Attributes | |
static const ssize_t | VERSION_OFFSET = -1 |
static const ssize_t | ISSUER_ID_OFFSET = -2 |
static const ssize_t | KEY_COMPONENT_OFFSET = -4 |
static const ssize_t | KEY_ID_OFFSET = -3 |
static const size_t | MIN_CERT_NAME_LENGTH = 4 |
static const size_t | MIN_KEY_NAME_LENGTH = 2 |
static const name::Component | KEY_COMPONENT |
Protected Member Functions | |
void | onChanged () |
Clear the wire encoding. More... | |
The certificate following the certificate format naming convention.
Overview of NDN certificate format:
CertificateV2 ::= DATA-TLV TLV-LENGTH Name (= /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version]) MetaInfo (.ContentType = KEY) Content (= X509PublicKeyContent) SignatureInfo (= CertificateV2SignatureInfo) SignatureValue X509PublicKeyContent ::= CONTENT-TLV TLV-LENGTH BYTE+ (= public key bits in PKCS#8 format) CertificateV2SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH SignatureType KeyLocator ValidityPeriod ... optional critical or non-critical extension blocks ...
An example of NDN certificate name:
/edu/ucla/cs/yingdi/KEY/%03%CD...%F1/%9F%D3...%B7/%FD%d2...%8E \_________________/ \___________/ \___________/\___________/
Certificate Namespace Key Id Issuer Id Version (Identity) __________________________________/ Key Name
Notes:
Key Id
is opaque name component to identify an instance of the public key for the certificate namespace. The value of Key ID
is controlled by the namespace owner. The library includes helpers for generation of key IDs using 8-byte random number, SHA-256 digest of the public key, timestamp, and the specified numerical identifiers.Issuer Id
is opaque name component to identify issuer of the certificate. The value is controlled by the issuer. The library includes helpers to set issuer ID to a 8-byte random number, SHA-256 digest of the issuer's public key, and the specified numerical identifiers.Key Name
is a logical name of the key used for management pursposes. Key Name includes the certificate namespace, keyword KEY
, and KeyId
components.Definition at line 81 of file v2/certificate.hpp.
ndn::security::v2::Certificate::Certificate | ( | ) |
Definition at line 48 of file v2/certificate.cpp.
|
explicit |
Construct certificate from a data object.
tlv::Error | if data does not follow certificate format |
Definition at line 53 of file v2/certificate.cpp.
|
explicit |
Construct certificate from a data object.
tlv::Error | if data does not follow certificate format |
Definition at line 70 of file v2/certificate.cpp.
|
explicit |
Construct certificate from a wire encoding.
tlv::Error | if wire encoding is invalid or does not follow certificate format |
Definition at line 75 of file v2/certificate.cpp.
|
inherited |
|
inlineinherited |
const Block & ndn::security::v2::Certificate::getExtension | ( | uint32_t | type | ) | const |
Get extension with TLV type
.
ndn::SignatureInfo::Error | if the specified block type does not exist |
Definition at line 125 of file v2/certificate.cpp.
|
inlineinherited |
|
inlineinherited |
|
inherited |
Name ndn::security::v2::Certificate::getIdentity | ( | ) | const |
Get identity name.
Definition at line 87 of file v2/certificate.cpp.
name::Component ndn::security::v2::Certificate::getIssuerId | ( | ) | const |
Get issuer ID.
Definition at line 99 of file v2/certificate.cpp.
name::Component ndn::security::v2::Certificate::getKeyId | ( | ) | const |
Get key ID.
Definition at line 93 of file v2/certificate.cpp.
Name ndn::security::v2::Certificate::getKeyName | ( | ) | const |
Get key name.
Definition at line 81 of file v2/certificate.cpp.
|
inlineinherited |
|
inlineinherited |
Buffer ndn::security::v2::Certificate::getPublicKey | ( | ) | const |
Get public key bits (in PKCS#8 format)
Error | If content is empty |
Definition at line 105 of file v2/certificate.cpp.
|
inlineinherited |
|
inlineinherited |
get a tag item
T | type of the tag, which must be a subclass of ndn::Tag |
nullptr | if no Tag of type T is stored |
Definition at line 67 of file tag-host.hpp.
ValidityPeriod ndn::security::v2::Certificate::getValidityPeriod | ( | ) | const |
Get validity period of the certificate.
Definition at line 113 of file v2/certificate.cpp.
|
inlineinherited |
bool ndn::security::v2::Certificate::isValid | ( | const time::system_clock::TimePoint & | ts = time::system_clock::now() | ) | const |
Check if the certificate is valid at ts
.
Definition at line 119 of file v2/certificate.cpp.
|
static |
Check if the specified name follows the naming convention for the certificate.
Definition at line 131 of file v2/certificate.cpp.
|
protectedinherited |
|
inherited |
|
inherited |
|
inlineinherited |
remove tag item
Definition at line 94 of file tag-host.hpp.
|
inherited |
Set the content from the block.
Depending on type of the supplied block, there are two cases:
block | The Block containing the content to assign |
|
inherited |
Set the content from the pointer to immutable buffer.
This method will create a Block with tlv::Content and set contentValue as a payload for this block. Note that this method is very different from setContent(const Block&), since it does not require that payload should be a valid TLV element.
contentValue | The pointer to immutable buffer containing the content to assign |
|
inherited |
|
inherited |
|
inherited |
|
inlineinherited |
set a tag item
T | type of the tag, which must be a subclass of ndn::Tag |
Definition at line 80 of file tag-host.hpp.
|
inherited |
|
inherited |
Fast encoding or block size estimation.
encoder | EncodingEstimator or EncodingBuffer instance |
wantUnsignedPortionOnly | Request only unsigned portion to be encoded in block. If true, only Name, MetaInfo, Content, and SignatureInfo blocks will be encoded into the block. Note that there will be no outer TLV header of the Data packet. |
|
inherited |
|
inherited |
Finalize Data packet encoding with the specified SignatureValue.
encoder | EncodingBuffer instance, containing Name, MetaInfo, Content, and SignatureInfo (without outer TLV header of the Data packet). |
signatureValue | SignatureValue block to be added to Data packet to finalize the wire encoding |
This method is intended to be used in concert with Data::wireEncode(EncodingBuffer&, true) method to optimize Data packet wire format creation:
Data data; ... EncodingBuffer encoder; data.wireEncode(encoder, true); ... Block signatureValue = <sign_over_unsigned_portion>(encoder.buf(), encoder.size()); data.wireEncode(encoder, signatureValue)
|
static |
Definition at line 167 of file v2/certificate.hpp.
|
static |
Definition at line 172 of file v2/certificate.hpp.
|
static |
Definition at line 168 of file v2/certificate.hpp.
|
static |
Definition at line 169 of file v2/certificate.hpp.
|
static |
Definition at line 170 of file v2/certificate.hpp.
|
static |
Definition at line 171 of file v2/certificate.hpp.
|
static |
Definition at line 166 of file v2/certificate.hpp.