Represents an NDN certificate following the version 2.0 format. More...
#include <ndn-cxx/security/certificate.hpp>
Inheritance diagram for ndn::security::v2::Certificate: Collaboration diagram for ndn::security::v2::Certificate:Public Member Functions | |
| Certificate () | |
| Certificate (const Block &block) | |
| Construct certificate from a wire encoding. More... | |
| Certificate (const Data &data) | |
| Construct certificate from a data object. More... | |
| Certificate (Data &&data) | |
| Construct certificate from a data object. More... | |
| InputBuffers | extractSignedRanges () const |
| Extract ranges of Data covered by the signature. More... | |
| uint64_t | getCongestionMark () const |
| get the value of the CongestionMark tag More... | |
| const Block & | getContent () const noexcept |
| Get the Content element. More... | |
| uint32_t | getContentType () const |
| Block | getExtension (uint32_t type) const |
Get extension with TLV type. More... | |
| const optional< name::Component > & | getFinalBlock () const |
| time::milliseconds | getFreshnessPeriod () const |
| const Name & | getFullName () const |
| Get full name including implicit digest. More... | |
| Name | getIdentity () const |
| Get identity name. More... | |
| name::Component | getIssuerId () const |
| Get issuer ID. More... | |
| name::Component | getKeyId () const |
| Get key ID. More... | |
| optional< KeyLocator > | getKeyLocator () const noexcept |
| Get KeyLocator. More... | |
| Name | getKeyName () const |
| Get key name. More... | |
| const MetaInfo & | getMetaInfo () const noexcept |
| Get MetaInfo. More... | |
| const Name & | getName () const noexcept |
| Get name. More... | |
| Buffer | getPublicKey () const |
| Get public key bits (in PKCS#8 format) More... | |
| const SignatureInfo & | getSignatureInfo () const noexcept |
| Get SignatureInfo. More... | |
| int32_t | getSignatureType () const noexcept |
| Get SignatureType. More... | |
| const Block & | getSignatureValue () const noexcept |
| Get SignatureValue. More... | |
| template<typename T > | |
| shared_ptr< T > | getTag () const |
| get a tag item More... | |
| ValidityPeriod | getValidityPeriod () const |
| Get validity period of the certificate. More... | |
| bool | hasContent () const noexcept |
| Return whether this Data has a Content element. More... | |
| bool | hasWire () const noexcept |
| Check if this instance has cached wire encoding. More... | |
| bool | isValid (const time::system_clock::TimePoint &ts=time::system_clock::now()) const |
Check if the certificate is valid at ts. More... | |
| template<typename T > | |
| void | removeTag () const |
| remove tag item More... | |
| void | setCongestionMark (uint64_t mark) |
| set the CongestionMark tag to the specified value More... | |
| Data & | setContent (const Block &block) |
| Set Content from a Block. More... | |
| Data & | setContent (const uint8_t *value, size_t length) |
| Set Content by copying from a raw buffer. More... | |
| Data & | setContent (ConstBufferPtr value) |
| Set Content from a shared buffer. More... | |
| Data & | setContent (span< const uint8_t > value) |
| Set Content by copying from a contiguous sequence of bytes. More... | |
| Data & | setContentType (uint32_t type) |
| Data & | setFinalBlock (optional< name::Component > finalBlockId) |
| Data & | setFreshnessPeriod (time::milliseconds freshnessPeriod) |
| Data & | setMetaInfo (const MetaInfo &metaInfo) |
| Set MetaInfo. More... | |
| Data & | setName (const Name &name) |
| Set name. More... | |
| Data & | setSignatureInfo (const SignatureInfo &info) |
| Set SignatureInfo. More... | |
| Data & | setSignatureValue (ConstBufferPtr value) |
| Set SignatureValue. More... | |
| template<typename T > | |
| void | setTag (shared_ptr< T > tag) const |
| set a tag item More... | |
| Data & | unsetContent () |
| Remove the Content element. More... | |
| void | wireDecode (const Block &wire) |
Decode from wire. More... | |
| const Block & | wireEncode () const |
| Encode into a Block. More... | |
| const Block & | wireEncode (EncodingBuffer &encoder, span< const uint8_t > signature) const |
| Finalize Data packet encoding with the specified signature. More... | |
| template<encoding::Tag TAG> | |
| size_t | wireEncode (EncodingImpl< TAG > &encoder, bool wantUnsignedPortionOnly=false) const |
Prepend wire encoding to encoder. More... | |
Static Public Member Functions | |
| static bool | isValidName (const Name &certName) |
| Check if the specified name follows the naming convention for the certificate. More... | |
Static Public Attributes | |
| static const ssize_t | ISSUER_ID_OFFSET = -2 |
| static const name::Component | KEY_COMPONENT |
| static const ssize_t | KEY_COMPONENT_OFFSET = -4 |
| static const ssize_t | KEY_ID_OFFSET = -3 |
| static const size_t | MIN_CERT_NAME_LENGTH = 4 |
| static const size_t | MIN_KEY_NAME_LENGTH = 2 |
| static const ssize_t | VERSION_OFFSET = -1 |
Protected Member Functions | |
| void | resetWire () |
| Clear wire encoding and cached FullName. More... | |
Represents an NDN certificate following the version 2.0 format.
Example of an NDN certificate name:
Notes:
KeyId is an opaque name component to identify an instance of the public key for the certificate namespace. The value of KeyId is controlled by the namespace owner. The library includes helpers for generation of key IDs using 8-byte random number, SHA-256 digest of the public key, timestamp, or a specified numerical identifier.IssuerId is an opaque name component to identify the issuer of the certificate. The value is controlled by the issuer. The library includes helpers to set issuer ID to a 8-byte random number, SHA-256 digest of the issuer's public key, or a specified numerical identifier.Key Name is a logical name of the key used for management purposes. The key name includes the identity name, the keyword KEY, and the KeyId component.Definition at line 60 of file certificate.hpp.
| ndn::security::v2::Certificate::Certificate | ( | ) |
Definition at line 48 of file certificate.cpp.
|
explicit |
Construct certificate from a data object.
| tlv::Error | if data does not follow certificate format |
Definition at line 53 of file certificate.cpp.
|
explicit |
Construct certificate from a data object.
| tlv::Error | if data does not follow certificate format |
Definition at line 70 of file certificate.cpp.
|
explicit |
Construct certificate from a wire encoding.
| tlv::Error | if wire encoding is invalid or does not follow certificate format |
Definition at line 75 of file certificate.cpp.
|
inherited |
Extract ranges of Data covered by the signature.
| Error | Data cannot be encoded or is missing ranges necessary for signing |
|
inherited |
get the value of the CongestionMark tag
Definition at line 28 of file packet-base.cpp.
|
inlinenoexceptinherited |
Get the Content element.
If the element is not present (hasContent() == false), an invalid Block will be returned.
The value of the returned Content Block (if valid) can be accessed through Block::value() / Block::value_size() or Block::value_begin() / Block::value_end().
|
inlineinherited |
| Block ndn::security::v2::Certificate::getExtension | ( | uint32_t | type | ) | const |
Get extension with TLV type.
| Error | The specified block type does not exist |
Definition at line 125 of file certificate.cpp.
|
inlineinherited |
|
inlineinherited |
|
inherited |
Get full name including implicit digest.
| Error | Data has no wire encoding |
| Name ndn::security::v2::Certificate::getIdentity | ( | ) | const |
Get identity name.
Definition at line 87 of file certificate.cpp.
| name::Component ndn::security::v2::Certificate::getIssuerId | ( | ) | const |
Get issuer ID.
Definition at line 99 of file certificate.cpp.
| name::Component ndn::security::v2::Certificate::getKeyId | ( | ) | const |
Get key ID.
Definition at line 93 of file certificate.cpp.
|
inlinenoexceptinherited |
Get KeyLocator.
| Name ndn::security::v2::Certificate::getKeyName | ( | ) | const |
Get key name.
Definition at line 81 of file certificate.cpp.
|
inlinenoexceptinherited |
|
inlinenoexceptinherited |
| Buffer ndn::security::v2::Certificate::getPublicKey | ( | ) | const |
Get public key bits (in PKCS#8 format)
| Error | If content is empty |
Definition at line 105 of file certificate.cpp.
|
inlinenoexceptinherited |
Get SignatureInfo.
|
inlinenoexceptinherited |
Get SignatureType.
|
inlinenoexceptinherited |
|
inherited |
get a tag item
| T | type of the tag, which must be a subclass of ndn::Tag |
| nullptr | if no Tag of type T is stored |
Definition at line 66 of file tag-host.hpp.
| ValidityPeriod ndn::security::v2::Certificate::getValidityPeriod | ( | ) | const |
Get validity period of the certificate.
Definition at line 113 of file certificate.cpp.
|
inlinenoexceptinherited |
|
inlinenoexceptinherited |
| bool ndn::security::v2::Certificate::isValid | ( | const time::system_clock::TimePoint & | ts = time::system_clock::now() | ) | const |
Check if the certificate is valid at ts.
Definition at line 119 of file certificate.cpp.
|
static |
Check if the specified name follows the naming convention for the certificate.
Definition at line 135 of file certificate.cpp.
|
inherited |
remove tag item
Definition at line 93 of file tag-host.hpp.
|
protectedinherited |
|
inherited |
set the CongestionMark tag to the specified value
Definition at line 41 of file packet-base.cpp.
Set Content from a Block.
| block | TLV block to be used as Content; must be valid |
If the block's TLV-TYPE is tlv::Content, it will be used directly as this Data's Content element. Otherwise, the block will be nested into a Content element.
|
inherited |
Set Content by copying from a raw buffer.
| value | buffer with the TLV-VALUE of the content; may be nullptr if length is zero |
| length | size of the buffer |
|
inherited |
|
inherited |
|
inherited |
|
inherited |
|
inherited |
|
inherited |
Set SignatureInfo.
This is a low-level function that should not normally be called directly by applications. Instead, provide a SignatureInfo to the SigningInfo object passed to KeyChain::sign().
|
inherited |
Set SignatureValue.
| value | buffer containing the TLV-VALUE of the SignatureValue; must not be nullptr |
This is a low-level function that should not normally be called directly by applications. Instead, use KeyChain::sign() to sign the packet.
|
inherited |
set a tag item
| T | type of the tag, which must be a subclass of ndn::Tag |
Definition at line 79 of file tag-host.hpp.
|
inherited |
Remove the Content element.
|
inherited |
|
inherited |
|
inherited |
Finalize Data packet encoding with the specified signature.
| encoder | EncodingBuffer containing Name, MetaInfo, Content, and SignatureInfo, but without SignatureValue and the outermost Type-Length of the Data element. |
| signature | Raw signature bytes, without TLV Type and Length; this will become the TLV-VALUE of the SignatureValue element added to the packet. |
This method is intended to be used in concert with wireEncode(encoder, true), e.g.:
|
inherited |
Prepend wire encoding to encoder.
| encoder | EncodingEstimator or EncodingBuffer instance. |
| wantUnsignedPortionOnly | If true, prepend only Name, MetaInfo, Content, and SignatureInfo to encoder, but omit SignatureValue and the outermost TLV Type and Length of the Data element. This is intended to be used with wireEncode(EncodingBuffer&, span<const uint8_t>) const. |
| Error | Signature is not present and wantUnsignedPortionOnly is false. |
|
static |
Definition at line 146 of file certificate.hpp.
|
static |
Definition at line 151 of file certificate.hpp.
|
static |
Definition at line 147 of file certificate.hpp.
|
static |
Definition at line 148 of file certificate.hpp.
|
static |
Definition at line 149 of file certificate.hpp.
|
static |
Definition at line 150 of file certificate.hpp.
|
static |
Definition at line 145 of file certificate.hpp.
1.9.1