ndn::security::v2::Certificate Class Reference

The certificate following the certificate format naming convention. More...

#include <ndn-cxx/security/v2/certificate.hpp>

+ Inheritance diagram for ndn::security::v2::Certificate:
+ Collaboration diagram for ndn::security::v2::Certificate:

Public Member Functions

 Certificate ()
 
 Certificate (Data &&data)
 Construct certificate from a data object. More...
 
 Certificate (const Data &data)
 Construct certificate from a data object. More...
 
 Certificate (const Block &block)
 Construct certificate from a wire encoding. More...
 
uint64_t getCongestionMark () const
 get the value of the CongestionMark tag More...
 
const BlockgetContent () const
 Get Content. More...
 
uint32_t getContentType () const
 
const BlockgetExtension (uint32_t type) const
 Get extension with TLV type. More...
 
const optional< name::Component > & getFinalBlock () const
 
time::milliseconds getFreshnessPeriod () const
 
const NamegetFullName () const
 Get full name including implicit digest. More...
 
Name getIdentity () const
 Get identity name. More...
 
name::Component getIssuerId () const
 Get issuer ID. More...
 
name::Component getKeyId () const
 Get key ID. More...
 
Name getKeyName () const
 Get key name. More...
 
const MetaInfogetMetaInfo () const
 Get MetaInfo. More...
 
const NamegetName () const
 Get name. More...
 
Buffer getPublicKey () const
 Get public key bits (in PKCS#8 format) More...
 
const SignaturegetSignature () const
 Get Signature. More...
 
template<typename T >
shared_ptr< T > getTag () const
 get a tag item More...
 
ValidityPeriod getValidityPeriod () const
 Get validity period of the certificate. More...
 
bool hasWire () const
 Check if this instance has cached wire encoding. More...
 
bool isValid (const time::system_clock::TimePoint &ts=time::system_clock::now()) const
 Check if the certificate is valid at ts. More...
 
template<typename T >
void removeTag () const
 remove tag item More...
 
void setCongestionMark (uint64_t mark)
 set the CongestionMark tag to the specified value More...
 
DatasetContent (const Block &block)
 Set Content from a block. More...
 
DatasetContent (const uint8_t *value, size_t valueSize)
 Copy Content value from raw buffer. More...
 
DatasetContent (ConstBufferPtr value)
 Set Content from wire buffer. More...
 
DatasetContentType (uint32_t type)
 
DatasetFinalBlock (optional< name::Component > finalBlockId)
 
DatasetFreshnessPeriod (time::milliseconds freshnessPeriod)
 
DatasetMetaInfo (const MetaInfo &metaInfo)
 Set MetaInfo. More...
 
DatasetName (const Name &name)
 Set name. More...
 
DatasetSignature (const Signature &signature)
 Set Signature. More...
 
DatasetSignatureValue (const Block &value)
 Set SignatureValue. More...
 
template<typename T >
void setTag (shared_ptr< T > tag) const
 set a tag item More...
 
void wireDecode (const Block &wire)
 Decode from wire in NDN Packet Format v0.2 or v0.3. More...
 
template<encoding::Tag TAG>
size_t wireEncode (EncodingImpl< TAG > &encoder, bool wantUnsignedPortionOnly=false) const
 Prepend wire encoding to encoder in NDN Packet Format v0.2. More...
 
const BlockwireEncode (EncodingBuffer &encoder, const Block &signatureValue) const
 Finalize Data packet encoding with the specified SignatureValue. More...
 
const BlockwireEncode () const
 Encode to a Block. More...
 

Static Public Member Functions

static bool isValidName (const Name &certName)
 Check if the specified name follows the naming convention for the certificate. More...
 

Static Public Attributes

static const ssize_t ISSUER_ID_OFFSET = -2
 
static const name::Component KEY_COMPONENT
 
static const ssize_t KEY_COMPONENT_OFFSET = -4
 
static const ssize_t KEY_ID_OFFSET = -3
 
static const size_t MIN_CERT_NAME_LENGTH = 4
 
static const size_t MIN_KEY_NAME_LENGTH = 2
 
static const ssize_t VERSION_OFFSET = -1
 

Protected Member Functions

void resetWire ()
 Clear wire encoding and cached FullName. More...
 

Detailed Description

The certificate following the certificate format naming convention.

Overview of NDN certificate format:

CertificateV2 ::= DATA-TLV TLV-LENGTH
                    Name      (= /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version])
                    MetaInfo  (.ContentType = KEY)
                    Content   (= X509PublicKeyContent)
                    SignatureInfo (= CertificateV2SignatureInfo)
                    SignatureValue

X509PublicKeyContent ::= CONTENT-TLV TLV-LENGTH
                           BYTE+ (= public key bits in PKCS#8 format)

CertificateV2SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
                                 SignatureType
                                 KeyLocator
                                 ValidityPeriod
                                 ... optional critical or non-critical extension blocks ...

An example of NDN certificate name:

/edu/ucla/cs/yingdi/KEY/%03%CD...%F1/%9F%D3...%B7/%FD%d2...%8E
\_________________/    \___________/ \___________/\___________/

Certificate Namespace Key Id Issuer Id Version (Identity) __________________________________/ Key Name

Notes:

  • Key Id is opaque name component to identify an instance of the public key for the certificate namespace. The value of Key ID is controlled by the namespace owner. The library includes helpers for generation of key IDs using 8-byte random number, SHA-256 digest of the public key, timestamp, and the specified numerical identifiers.
  • Issuer Id is opaque name component to identify issuer of the certificate. The value is controlled by the issuer. The library includes helpers to set issuer ID to a 8-byte random number, SHA-256 digest of the issuer's public key, and the specified numerical identifiers.
  • Key Name is a logical name of the key used for management pursposes. Key Name includes the certificate namespace, keyword KEY, and KeyId components.
See also
doc/specs/certificate-format.rst

Definition at line 81 of file certificate.hpp.

Constructor & Destructor Documentation

◆ Certificate() [1/4]

ndn::security::v2::Certificate::Certificate ( )

Definition at line 48 of file certificate.cpp.

◆ Certificate() [2/4]

ndn::security::v2::Certificate::Certificate ( Data &&  data)
explicit

Construct certificate from a data object.

Exceptions
tlv::Errorif data does not follow certificate format

Definition at line 53 of file certificate.cpp.

◆ Certificate() [3/4]

ndn::security::v2::Certificate::Certificate ( const Data data)
explicit

Construct certificate from a data object.

Exceptions
tlv::Errorif data does not follow certificate format

Definition at line 70 of file certificate.cpp.

◆ Certificate() [4/4]

ndn::security::v2::Certificate::Certificate ( const Block block)
explicit

Construct certificate from a wire encoding.

Exceptions
tlv::Errorif wire encoding is invalid or does not follow certificate format

Definition at line 75 of file certificate.cpp.

Member Function Documentation

◆ getCongestionMark()

uint64_t ndn::PacketBase::getCongestionMark ( ) const
inherited

get the value of the CongestionMark tag

Definition at line 28 of file packet-base.cpp.

◆ getContent()

const Block & ndn::Data::getContent ( ) const
inherited

Get Content.

The Content value is accessible through value()/value_size() or value_begin()/value_end() methods of the Block class.

Definition at line 232 of file data.cpp.

◆ getContentType()

uint32_t ndn::Data::getContentType ( ) const
inlineinherited

Definition at line 204 of file data.hpp.

◆ getExtension()

const Block & ndn::security::v2::Certificate::getExtension ( uint32_t  type) const

Get extension with TLV type.

Exceptions
ndn::SignatureInfo::Errorif the specified block type does not exist

Definition at line 125 of file certificate.cpp.

◆ getFinalBlock()

const optional<name::Component>& ndn::Data::getFinalBlock ( ) const
inlineinherited

Definition at line 222 of file data.hpp.

◆ getFreshnessPeriod()

time::milliseconds ndn::Data::getFreshnessPeriod ( ) const
inlineinherited

Definition at line 213 of file data.hpp.

◆ getFullName()

const Name & ndn::Data::getFullName ( ) const
inherited

Get full name including implicit digest.

Precondition
hasWire() == true; i.e. wireEncode() must have been called
Exceptions
ErrorData has no wire encoding

Definition at line 195 of file data.cpp.

◆ getIdentity()

Name ndn::security::v2::Certificate::getIdentity ( ) const

Get identity name.

Definition at line 87 of file certificate.cpp.

◆ getIssuerId()

name::Component ndn::security::v2::Certificate::getIssuerId ( ) const

Get issuer ID.

Definition at line 99 of file certificate.cpp.

◆ getKeyId()

name::Component ndn::security::v2::Certificate::getKeyId ( ) const

Get key ID.

Definition at line 93 of file certificate.cpp.

◆ getKeyName()

Name ndn::security::v2::Certificate::getKeyName ( ) const

Get key name.

Definition at line 81 of file certificate.cpp.

◆ getMetaInfo()

const MetaInfo& ndn::Data::getMetaInfo ( ) const
inlineinherited

Get MetaInfo.

Definition at line 138 of file data.hpp.

◆ getName()

const Name& ndn::Data::getName ( ) const
inlineinherited

Get name.

Definition at line 124 of file data.hpp.

◆ getPublicKey()

Buffer ndn::security::v2::Certificate::getPublicKey ( ) const

Get public key bits (in PKCS#8 format)

Exceptions
ErrorIf content is empty

Definition at line 105 of file certificate.cpp.

◆ getSignature()

const Signature& ndn::Data::getSignature ( ) const
inlineinherited

Get Signature.

Definition at line 185 of file data.hpp.

◆ getTag()

template<typename T >
shared_ptr< T > ndn::TagHost::getTag ( ) const
inherited

get a tag item

Template Parameters
Ttype of the tag, which must be a subclass of ndn::Tag
Return values
nullptrif no Tag of type T is stored

Definition at line 66 of file tag-host.hpp.

◆ getValidityPeriod()

ValidityPeriod ndn::security::v2::Certificate::getValidityPeriod ( ) const

Get validity period of the certificate.

Definition at line 113 of file certificate.cpp.

◆ hasWire()

bool ndn::Data::hasWire ( ) const
inlineinherited

Check if this instance has cached wire encoding.

Definition at line 108 of file data.hpp.

◆ isValid()

bool ndn::security::v2::Certificate::isValid ( const time::system_clock::TimePoint ts = time::system_clock::now()) const

Check if the certificate is valid at ts.

Definition at line 119 of file certificate.cpp.

◆ isValidName()

bool ndn::security::v2::Certificate::isValidName ( const Name certName)
static

Check if the specified name follows the naming convention for the certificate.

Definition at line 131 of file certificate.cpp.

◆ removeTag()

template<typename T >
void ndn::TagHost::removeTag ( ) const
inherited

remove tag item

Note
Tag can be removed even on a const tag host instance

Definition at line 93 of file tag-host.hpp.

◆ resetWire()

void ndn::Data::resetWire ( )
protectedinherited

Clear wire encoding and cached FullName.

Note
This does not clear the SignatureValue.

Definition at line 209 of file data.cpp.

◆ setCongestionMark()

void ndn::PacketBase::setCongestionMark ( uint64_t  mark)
inherited

set the CongestionMark tag to the specified value

Definition at line 41 of file packet-base.cpp.

◆ setContent() [1/3]

Data & ndn::Data::setContent ( const Block block)
inherited

Set Content from a block.

If block's TLV-TYPE is Content, it will be used directly as Data's Content element. If block's TLV-TYPE is not Content, it will be nested into a Content element.

Returns
a reference to this Data, to allow chaining

Definition at line 241 of file data.cpp.

◆ setContent() [2/3]

Data & ndn::Data::setContent ( const uint8_t *  value,
size_t  valueSize 
)
inherited

Copy Content value from raw buffer.

Parameters
valuepointer to the first octet of the value
valueSizesize of the raw buffer
Returns
a reference to this Data, to allow chaining

Definition at line 256 of file data.cpp.

◆ setContent() [3/3]

Data & ndn::Data::setContent ( ConstBufferPtr  value)
inherited

Set Content from wire buffer.

Parameters
valueContent value, which does not need to be a TLV element
Returns
a reference to this Data, to allow chaining

Definition at line 264 of file data.cpp.

◆ setContentType()

Data & ndn::Data::setContentType ( uint32_t  type)
inherited

Definition at line 288 of file data.cpp.

◆ setFinalBlock()

Data & ndn::Data::setFinalBlock ( optional< name::Component finalBlockId)
inherited

Definition at line 304 of file data.cpp.

◆ setFreshnessPeriod()

Data & ndn::Data::setFreshnessPeriod ( time::milliseconds  freshnessPeriod)
inherited

Definition at line 296 of file data.cpp.

◆ setMetaInfo()

Data & ndn::Data::setMetaInfo ( const MetaInfo metaInfo)
inherited

Set MetaInfo.

Returns
a reference to this Data, to allow chaining

Definition at line 224 of file data.cpp.

◆ setName()

Data & ndn::Data::setName ( const Name name)
inherited

Set name.

Returns
a reference to this Data, to allow chaining

Definition at line 216 of file data.cpp.

◆ setSignature()

Data & ndn::Data::setSignature ( const Signature signature)
inherited

Set Signature.

Returns
a reference to this Data, to allow chaining

Definition at line 272 of file data.cpp.

◆ setSignatureValue()

Data & ndn::Data::setSignatureValue ( const Block value)
inherited

Set SignatureValue.

Returns
a reference to this Data, to allow chaining

Definition at line 280 of file data.cpp.

◆ setTag()

template<typename T >
void ndn::TagHost::setTag ( shared_ptr< T >  tag) const
inherited

set a tag item

Template Parameters
Ttype of the tag, which must be a subclass of ndn::Tag
Note
Tag can be set even on a const tag host instance

Definition at line 79 of file tag-host.hpp.

◆ wireDecode()

void ndn::Data::wireDecode ( const Block wire)
inherited

Decode from wire in NDN Packet Format v0.2 or v0.3.

Definition at line 122 of file data.cpp.

◆ wireEncode() [1/3]

template<encoding::Tag TAG>
size_t ndn::Data::wireEncode ( EncodingImpl< TAG > &  encoder,
bool  wantUnsignedPortionOnly = false 
) const
inherited

Prepend wire encoding to encoder in NDN Packet Format v0.2.

Parameters
encoderEncodingEstimator or EncodingBuffer instance
wantUnsignedPortionOnlyIf true, only prepends Name, MetaInfo, Content, and SignatureInfo to encoder, but omit SignatureValue and outmost Type-Length of Data element. This is intended to be used with wireEncode(encoder, signatureValue).
Exceptions
ErrorSignatureBits are not provided and wantUnsignedPortionOnly is false.

Definition at line 48 of file data.cpp.

◆ wireEncode() [2/3]

const Block & ndn::Data::wireEncode ( EncodingBuffer &  encoder,
const Block signatureValue 
) const
inherited

Finalize Data packet encoding with the specified SignatureValue.

Parameters
encoderEncodingBuffer containing Name, MetaInfo, Content, and SignatureInfo, but without SignatureValue or outmost Type-Length of Data element
signatureValueSignatureValue element

This method is intended to be used in concert with Data::wireEncode(encoder, true)

Data data;
...
EncodingBuffer encoder;
data.wireEncode(encoder, true);
...
Block signatureValue = <sign_over_unsigned_portion>(encoder.buf(), encoder.size());
data.wireEncode(encoder, signatureValue)

Definition at line 93 of file data.cpp.

◆ wireEncode() [3/3]

const Block & ndn::Data::wireEncode ( ) const
inherited

Encode to a Block.

Precondition
Data is signed.

Normally, this function encodes to NDN Packet Format v0.2. However, if this instance has cached wire encoding (hasWire() is true), the cached encoding is returned and it might be in v0.3 format.

Definition at line 106 of file data.cpp.

Member Data Documentation

◆ ISSUER_ID_OFFSET

const ssize_t ndn::security::v2::Certificate::ISSUER_ID_OFFSET = -2
static

Definition at line 167 of file certificate.hpp.

◆ KEY_COMPONENT

const name::Component ndn::security::v2::Certificate::KEY_COMPONENT
static

Definition at line 172 of file certificate.hpp.

◆ KEY_COMPONENT_OFFSET

const ssize_t ndn::security::v2::Certificate::KEY_COMPONENT_OFFSET = -4
static

Definition at line 168 of file certificate.hpp.

◆ KEY_ID_OFFSET

const ssize_t ndn::security::v2::Certificate::KEY_ID_OFFSET = -3
static

Definition at line 169 of file certificate.hpp.

◆ MIN_CERT_NAME_LENGTH

const size_t ndn::security::v2::Certificate::MIN_CERT_NAME_LENGTH = 4
static

Definition at line 170 of file certificate.hpp.

◆ MIN_KEY_NAME_LENGTH

const size_t ndn::security::v2::Certificate::MIN_KEY_NAME_LENGTH = 2
static

Definition at line 171 of file certificate.hpp.

◆ VERSION_OFFSET

const ssize_t ndn::security::v2::Certificate::VERSION_OFFSET = -1
static

Definition at line 166 of file certificate.hpp.