certificate.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2017 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  *
21  * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
22  * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
23  */
24 
25 #include "certificate.hpp"
26 #include "additional-description.hpp"
27 #include "../../encoding/block-helpers.hpp"
28 #include "../../util/indented-stream.hpp"
29 #include "../transform.hpp"
30 
31 namespace ndn {
32 namespace security {
33 namespace v2 {
34 
35 BOOST_CONCEPT_ASSERT((WireEncodable<Certificate>));
36 BOOST_CONCEPT_ASSERT((WireDecodable<Certificate>));
37 
38 // /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version]
39 
40 const ssize_t Certificate::VERSION_OFFSET = -1;
41 const ssize_t Certificate::ISSUER_ID_OFFSET = -2;
42 const ssize_t Certificate::KEY_ID_OFFSET = -3;
43 const ssize_t Certificate::KEY_COMPONENT_OFFSET = -4;
44 const size_t Certificate::MIN_CERT_NAME_LENGTH = 4;
45 const size_t Certificate::MIN_KEY_NAME_LENGTH = 2;
46 const name::Component Certificate::KEY_COMPONENT("KEY");
47 
48 Certificate::Certificate()
49 {
50  setContentType(tlv::ContentTypeValue::ContentType_Key);
51 }
52 
53 Certificate::Certificate(Data&& data)
54  : Data(data)
55 {
56  if (!isValidName(getName())) {
57  BOOST_THROW_EXCEPTION(Data::Error("Name does not follow the naming convention for certificate"));
58  }
59  if (getContentType() != tlv::ContentTypeValue::ContentType_Key) {
60  BOOST_THROW_EXCEPTION(Data::Error("ContentType is not KEY"));
61  }
62  if (getFreshnessPeriod() < time::seconds::zero()) {
63  BOOST_THROW_EXCEPTION(Data::Error("FreshnessPeriod is not set"));
64  }
65  if (getContent().value_size() == 0) {
66  BOOST_THROW_EXCEPTION(Data::Error("Content is empty"));
67  }
68 }
69 
70 Certificate::Certificate(const Data& data)
71  : Certificate(Data(data))
72 {
73 }
74 
75 Certificate::Certificate(const Block& block)
76  : Certificate(Data(block))
77 {
78 }
79 
80 Name
81 Certificate::getKeyName() const
82 {
83  return getName().getPrefix(KEY_ID_OFFSET + 1);
84 }
85 
86 Name
87 Certificate::getIdentity() const
88 {
89  return getName().getPrefix(KEY_COMPONENT_OFFSET);
90 }
91 
92 name::Component
93 Certificate::getKeyId() const
94 {
95  return getName().at(KEY_ID_OFFSET);
96 }
97 
98 name::Component
99 Certificate::getIssuerId() const
100 {
101  return getName().at(ISSUER_ID_OFFSET);
102 }
103 
104 Buffer
105 Certificate::getPublicKey() const
106 {
107  if (getContent().value_size() == 0)
108  BOOST_THROW_EXCEPTION(Data::Error("Content is empty"));
109  return Buffer(getContent().value(), getContent().value_size());
110 }
111 
112 ValidityPeriod
113 Certificate::getValidityPeriod() const
114 {
115  return getSignature().getSignatureInfo().getValidityPeriod();
116 }
117 
118 bool
119 Certificate::isValid(const time::system_clock::TimePoint& ts) const
120 {
121  return getSignature().getSignatureInfo().getValidityPeriod().isValid(ts);
122 }
123 
124 const Block&
125 Certificate::getExtension(uint32_t type) const
126 {
127  return getSignature().getSignatureInfo().getTypeSpecificTlv(type);
128 }
129 
130 bool
131 Certificate::isValidName(const Name& certName)
132 {
133  // /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version]
134  return (certName.size() >= Certificate::MIN_CERT_NAME_LENGTH &&
135  certName.get(Certificate::KEY_COMPONENT_OFFSET) == Certificate::KEY_COMPONENT);
136 }
137 
138 std::ostream&
139 operator<<(std::ostream& os, const Certificate& cert)
140 {
141  os << "Certificate name:\n";
142  os << " " << cert.getName() << "\n";
143  os << "Validity:\n";
144  {
145  os << " NotBefore: " << time::toIsoString(cert.getValidityPeriod().getPeriod().first) << "\n";
146  os << " NotAfter: " << time::toIsoString(cert.getValidityPeriod().getPeriod().second) << "\n";
147  }
148 
149  try {
150  const Block& info = cert.getSignature().getSignatureInfo().getTypeSpecificTlv(tlv::AdditionalDescription);
151  os << "Additional Description:\n";
152  for (const auto& item : v2::AdditionalDescription(info)) {
153  os << " " << item.first << ": " << item.second << "\n";
154  }
155  }
156  catch (const SignatureInfo::Error&) {
157  // ignore
158  }
159 
160  os << "Public key bits:\n";
161  {
162  using namespace transform;
163  util::IndentedStream os2(os, " ");
164  bufferSource(cert.getPublicKey().data(), cert.getPublicKey().size()) >> base64Encode() >> streamSink(os2);
165  }
166 
167  os << "Signature Information:\n";
168  {
169  os << " Signature Type: " << static_cast<tlv::SignatureTypeValue>(cert.getSignature().getType()) << "\n";
170 
171  if (cert.getSignature().hasKeyLocator()) {
172  os << " Key Locator: ";
173  const KeyLocator& keyLocator = cert.getSignature().getKeyLocator();
174  if (keyLocator.getType() == KeyLocator::KeyLocator_Name && keyLocator.getName() == cert.getKeyName()) {
175  os << "Self-Signed ";
176  }
177  os << keyLocator << "\n";
178  }
179  }
180 
181  return os;
182 }
183 
184 Name
185 extractIdentityFromCertName(const Name& certName)
186 {
187  if (!Certificate::isValidName(certName)) {
188  BOOST_THROW_EXCEPTION(std::invalid_argument("Certificate name `" + certName.toUri() + "` "
189  "does not follow the naming conventions"));
190  }
191 
192  return certName.getPrefix(Certificate::KEY_COMPONENT_OFFSET); // trim everything after and including "KEY"
193 }
194 
195 Name
196 extractKeyNameFromCertName(const Name& certName)
197 {
198  if (!Certificate::isValidName(certName)) {
199  BOOST_THROW_EXCEPTION(std::invalid_argument("Certificate name `" + certName.toUri() + "` "
200  "does not follow the naming conventions"));
201  }
202 
203  return certName.getPrefix(Certificate::KEY_ID_OFFSET + 1); // trim everything after key id
204 }
205 
206 } // namespace v2
207 } // namespace security
208 } // namespace ndn
ndn::security::v2::Certificate::isValid
bool isValid(const time::system_clock::TimePoint &ts=time::system_clock::now()) const
Check if the certificate is valid at ts.
Definition: certificate.cpp:119
ndn::Data::setContentType
Data & setContentType(uint32_t type)
Definition: data.cpp:241
ndn
Copyright (c) 2013-2017 Regents of the University of California.
Definition: common.hpp:66
ndn::security::v2::Certificate::KEY_ID_OFFSET
static const ssize_t KEY_ID_OFFSET
Definition: certificate.hpp:169
ndn::security::v2::Certificate
The certificate following the certificate format naming convention.
Definition: certificate.hpp:81
ndn::security::v2::Certificate::getKeyName
Name getKeyName() const
Get key name.
Definition: certificate.cpp:81
ndn::SignatureInfo::getTypeSpecificTlv
const Block & getTypeSpecificTlv(uint32_t type) const
Get SignatureType-specific sub-element.
Definition: signature-info.cpp:202
ndn::security::v2::Certificate::MIN_KEY_NAME_LENGTH
static const size_t MIN_KEY_NAME_LENGTH
Definition: certificate.hpp:171
ndn::Data::getFreshnessPeriod
const time::milliseconds & getFreshnessPeriod() const
Definition: data.hpp:210
ndn::Data::getContentType
uint32_t getContentType() const
Definition: data.hpp:201
ndn::security::v2::AdditionalDescription
Abstraction of AdditionalDescription.
Definition: additional-description.hpp:38
ndn::security::v2::extractKeyNameFromCertName
Name extractKeyNameFromCertName(const Name &certName)
Extract key name from the certificate name certName.
Definition: certificate.cpp:196
ndn::Data::getSignature
const Signature & getSignature() const
Get Signature.
Definition: data.hpp:182
ndn::Signature::hasKeyLocator
bool hasKeyLocator() const
Check if KeyLocator exists in SignatureInfo.
Definition: signature.hpp:120
ndn::Signature::getKeyLocator
const KeyLocator & getKeyLocator() const
Get KeyLocator.
Definition: signature.hpp:129
ndn::security::v2::BOOST_CONCEPT_ASSERT
BOOST_CONCEPT_ASSERT((boost::EqualityComparable< AdditionalDescription >))
ndn::security::v2::Certificate::getValidityPeriod
ValidityPeriod getValidityPeriod() const
Get validity period of the certificate.
Definition: certificate.cpp:113
ndn::Block
Represents a TLV element of NDN packet format.
Definition: block.hpp:42
ndn::KeyLocator::KeyLocator_Name
indicates KeyLocator contains a Name
Definition: key-locator.hpp:49
ndn::security::v2::Certificate::MIN_CERT_NAME_LENGTH
static const size_t MIN_CERT_NAME_LENGTH
Definition: certificate.hpp:170
ndn::Signature::getSignatureInfo
const SignatureInfo & getSignatureInfo() const
Get SignatureInfo.
Definition: signature.hpp:69
ndn::Name::toUri
std::string toUri() const
Get URI representation of the name.
Definition: name.cpp:122
ndn::KeyLocator::getName
const Name & getName() const
get Name element
Definition: key-locator.cpp:135
ndn::security::v2::Certificate::getKeyId
name::Component getKeyId() const
Get key ID.
Definition: certificate.cpp:93
ndn::security::ValidityPeriod
Abstraction of validity period.
Definition: validity-period.hpp:37
ndn::security::ValidityPeriod::getPeriod
std::pair< time::system_clock::TimePoint, time::system_clock::TimePoint > getPeriod() const
Get the stored validity period.
Definition: validity-period.cpp:141
ndn::security::v2::Certificate::KEY_COMPONENT_OFFSET
static const ssize_t KEY_COMPONENT_OFFSET
Definition: certificate.hpp:168
ndn::KeyLocator::getType
Type getType() const
Definition: key-locator.hpp:101
ndn::security::v2::Certificate::VERSION_OFFSET
static const ssize_t VERSION_OFFSET
Definition: certificate.hpp:166
ndn::security::transform::streamSink
unique_ptr< Sink > streamSink(std::ostream &os)
Definition: stream-sink.cpp:53
ndn::SignatureInfo::getValidityPeriod
security::ValidityPeriod getValidityPeriod() const
Get ValidityPeriod.
Definition: signature-info.cpp:176
ndn::security::v2::Certificate::getIssuerId
name::Component getIssuerId() const
Get issuer ID.
Definition: certificate.cpp:99
ndn::security::v2::Certificate::getExtension
const Block & getExtension(uint32_t type) const
Get extension with TLV type.
Definition: certificate.cpp:125
ndn::Name::size
size_t size() const
Get number of components.
Definition: name.hpp:154
ndn::security::v2::Certificate::getIdentity
Name getIdentity() const
Get identity name.
Definition: certificate.cpp:87
ndn::Name
Represents an absolute name.
Definition: name.hpp:42
ndn::time::toIsoString
std::string toIsoString(const system_clock::TimePoint &timePoint)
Convert to the ISO string representation of the time (YYYYMMDDTHHMMSS,fffffffff)
Definition: time.cpp:131
ndn::Name::at
const Component & at(ssize_t i) const
Get the component at the given index.
Definition: name.cpp:185
ndn::security::v2::Certificate::getPublicKey
Buffer getPublicKey() const
Get public key bits (in PKCS#8 format)
Definition: certificate.cpp:105
ndn::Signature::getType
tlv::SignatureTypeValue getType() const
Get SignatureType.
Definition: signature.cpp:44
ndn::time::system_clock::TimePoint
time_point TimePoint
Definition: time.hpp:90
ndn::security::v2::operator<<
std::ostream & operator<<(std::ostream &os, const AdditionalDescription &other)
Definition: additional-description.cpp:178
ndn::Data::getName
const Name & getName() const
Get name.
Definition: data.hpp:121
ndn::name::Component
Component holds a read-only name component value.
Definition: name-component.hpp:47
ndn::security::v2::Certificate::isValidName
static bool isValidName(const Name &certName)
Check if the specified name follows the naming convention for the certificate.
Definition: certificate.cpp:131
ndn::Data::getContent
const Block & getContent() const
Get Content.
Definition: data.cpp:185
ndn::tlv::ContentType_Key
indicates content is a public key
Definition: encoding/tlv.hpp:136
ndn::security::ValidityPeriod::isValid
bool isValid(const time::system_clock::TimePoint &now=time::system_clock::now()) const
Check if now falls within the validity period.
Definition: validity-period.cpp:147
ndn::security::v2::Certificate::KEY_COMPONENT
static const name::Component KEY_COMPONENT
Definition: certificate.hpp:172
ndn::Name::getPrefix
PartialName getPrefix(ssize_t nComponents) const
Extract a prefix of the name.
Definition: name.hpp:210
ndn::security::v2::Certificate::ISSUER_ID_OFFSET
static const ssize_t ISSUER_ID_OFFSET
Definition: certificate.hpp:167
ndn::Data
Represents a Data packet.
Definition: data.hpp:35
ndn::Buffer
General-purpose automatically managed/resized buffer.
Definition: buffer.hpp:40
ndn::util::IndentedStream
Output to stream with specified indent or prefix.
Definition: indented-stream.hpp:54
ndn::Name::get
const Component & get(ssize_t i) const
Get the component at the given index.
Definition: name.hpp:164
ndn::security::transform::base64Encode
unique_ptr< Transform > base64Encode(bool needBreak)
Definition: base64-encode.cpp:129
ndn::security::v2::extractIdentityFromCertName
Name extractIdentityFromCertName(const Name &certName)
Extract identity namespace from the certificate name certName.
Definition: certificate.cpp:185