d6/def/certificate_8cpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
  * Copyright (c) 2013-2020 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
  * terms of the GNU Lesser General Public License as published by the Free Software
  * Foundation, either version 3 of the License, or (at your option) any later version.
  *
  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
  * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
  *
  * You should have received copies of the GNU General Public License and GNU Lesser
  * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
  * <http://www.gnu.org/licenses/>.
  *
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  *
  * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
  * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
  */

 #include "ndn-cxx/security/certificate.hpp"
 #include "ndn-cxx/security/additional-description.hpp"
 #include "ndn-cxx/security/transform.hpp"
 #include "ndn-cxx/encoding/block-helpers.hpp"
 #include "ndn-cxx/util/indented-stream.hpp"

 namespace ndn {
 namespace security {
 inline namespace v2 {

 BOOST_CONCEPT_ASSERT((WireEncodable<Certificate>));
 BOOST_CONCEPT_ASSERT((WireDecodable<Certificate>));

 // /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version]

 const ssize_t Certificate::VERSION_OFFSET = -1;
 const ssize_t Certificate::ISSUER_ID_OFFSET = -2;
 const ssize_t Certificate::KEY_ID_OFFSET = -3;
 const ssize_t Certificate::KEY_COMPONENT_OFFSET = -4;
 const size_t Certificate::MIN_CERT_NAME_LENGTH = 4;
 const size_t Certificate::MIN_KEY_NAME_LENGTH = 2;
 const name::Component Certificate::KEY_COMPONENT("KEY");

 Certificate::Certificate()
 {
   setContentType(tlv::ContentType_Key);
 }

 Certificate::Certificate(Data&& data)
   : Data(std::move(data))
 {
   if (!isValidName(getName())) {
     NDN_THROW(Data::Error("Name does not follow the naming convention for certificate"));
   }
   if (getContentType() != tlv::ContentType_Key) {
     NDN_THROW(Data::Error("Expecting ContentType Key, got " + to_string(getContentType())));
   }
   if (getFreshnessPeriod() < time::seconds::zero()) {
     NDN_THROW(Data::Error("FreshnessPeriod is not set"));
   }
   if (getContent().value_size() == 0) {
     NDN_THROW(Data::Error("Content is empty"));
   }
 }

 Certificate::Certificate(const Data& data)
   : Certificate(Data(data))
 {
 }

 Certificate::Certificate(const Block& block)
   : Certificate(Data(block))
 {
 }

 Name
 Certificate::getKeyName() const
 {
   return getName().getPrefix(KEY_ID_OFFSET + 1);
 }

 Name
 Certificate::getIdentity() const
 {
   return getName().getPrefix(KEY_COMPONENT_OFFSET);
 }

 name::Component
 Certificate::getKeyId() const
 {
   return getName().at(KEY_ID_OFFSET);
 }

 name::Component
 Certificate::getIssuerId() const
 {
   return getName().at(ISSUER_ID_OFFSET);
 }

 Buffer
 Certificate::getPublicKey() const
 {
   if (getContent().value_size() == 0)
     NDN_THROW(Data::Error("Content is empty"));
   return Buffer(getContent().value(), getContent().value_size());
 }

 ValidityPeriod
 Certificate::getValidityPeriod() const
 {
   return getSignatureInfo().getValidityPeriod();
 }

 bool
 Certificate::isValid(const time::system_clock::TimePoint& ts) const
 {
   return getSignatureInfo().getValidityPeriod().isValid(ts);
 }

 Block
 Certificate::getExtension(uint32_t type) const
 {
   auto block = getSignatureInfo().getCustomTlv(type);
   if (!block) {
     NDN_THROW(Error("TLV-TYPE " + to_string(type) + " sub-element does not exist in SignatureInfo"));
   }
   return *block;
 }

 bool
 Certificate::isValidName(const Name& certName)
 {
   // /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version]
   return (certName.size() >= Certificate::MIN_CERT_NAME_LENGTH &&
           certName.get(Certificate::KEY_COMPONENT_OFFSET) == Certificate::KEY_COMPONENT);
 }

 std::ostream&
 operator<<(std::ostream& os, const Certificate& cert)
 {
   os << "Certificate name:\n";
   os << "  " << cert.getName() << "\n";
   os << "Validity:\n";
   {
     os << "  NotBefore: " << time::toIsoString(cert.getValidityPeriod().getPeriod().first) << "\n";
     os << "  NotAfter: "  << time::toIsoString(cert.getValidityPeriod().getPeriod().second)  << "\n";
   }

   auto additionalDescription = cert.getSignatureInfo().getCustomTlv(tlv::AdditionalDescription);
   if (additionalDescription) {
     os << "Additional Description:\n";
     for (const auto& item : v2::AdditionalDescription(*additionalDescription)) {
       os << "  " << item.first << ": " << item.second << "\n";
     }
   }

   os << "Public key bits:\n";
   {
     using namespace transform;
     util::IndentedStream os2(os, "  ");
     bufferSource(cert.getPublicKey().data(), cert.getPublicKey().size()) >> base64Encode() >> streamSink(os2);
   }

   os << "Signature Information:\n";
   {
     os << "  Signature Type: " << static_cast<tlv::SignatureTypeValue>(cert.getSignatureType()) << "\n";

     auto keyLoc = cert.getKeyLocator();
     if (keyLoc) {
       os << "  Key Locator: ";
       if (keyLoc->getType() == tlv::Name && keyLoc->getName() == cert.getKeyName()) {
         os << "Self-Signed ";
       }
       os << *keyLoc << "\n";
     }
   }

   return os;
 }

 Name
 extractIdentityFromCertName(const Name& certName)
 {
   if (!Certificate::isValidName(certName)) {
     NDN_THROW(std::invalid_argument("Certificate name `" + certName.toUri() + "` "
                                     "does not respect the naming conventions"));
   }

   return certName.getPrefix(Certificate::KEY_COMPONENT_OFFSET); // trim everything after and including "KEY"
 }

 Name
 extractKeyNameFromCertName(const Name& certName)
 {
   if (!Certificate::isValidName(certName)) {
     NDN_THROW(std::invalid_argument("Certificate name `" + certName.toUri() + "` "
                                     "does not respect the naming conventions"));
   }

   return certName.getPrefix(Certificate::KEY_ID_OFFSET + 1); // trim everything after key id
 }

 } // inline namespace v2
 } // namespace security
 } // namespace ndn
ndn::Name::getPrefix
PartialName getPrefix(ssize_t nComponents) const
Returns a prefix of the name.
Definition: name.hpp:212

ndn::Data::setContentType
Data & setContentType(uint32_t type)
Definition: data.cpp:343

ndn
Definition: data.cpp:26

ndn::security::v2::Certificate::KEY_ID_OFFSET
static const ssize_t KEY_ID_OFFSET
Definition: certificate.hpp:169

ndn::security::v2::Certificate
The certificate following the certificate format naming convention.
Definition: certificate.hpp:81

ndn::security::v2::Certificate::getPublicKey
Buffer getPublicKey() const
Get public key bits (in PKCS#8 format)
Definition: certificate.cpp:105

ndn::security::v2::Certificate::getIssuerId
name::Component getIssuerId() const
Get issuer ID.
Definition: certificate.cpp:99

ndn::Data::Error
Definition: data.hpp:42

ndn::security::v2::Certificate::MIN_KEY_NAME_LENGTH
static const size_t MIN_KEY_NAME_LENGTH
Definition: certificate.hpp:171

ndn::to_string
std::string to_string(const T &val)
Definition: backports.hpp:101

ndn::security::v2::Certificate::getIdentity
Name getIdentity() const
Get identity name.
Definition: certificate.cpp:87

ndn::Name::get
const Component & get(ssize_t i) const
Returns an immutable reference to the component at the specified index.
Definition: name.hpp:165

ndn::security::v2::AdditionalDescription
Abstraction of AdditionalDescription.
Definition: additional-description.hpp:39

ndn::tlv::ContentType_Key
public key, certificate
Definition: tlv.hpp:162

ndn::security::v2::extractKeyNameFromCertName
Name extractKeyNameFromCertName(const Name &certName)
Extract key name from the certificate name certName.
Definition: certificate.cpp:197

std
STL namespace.

block-helpers.hpp

ndn::Block
Represents a TLV element of the NDN packet format.
Definition: block.hpp:42

ndn::Data::getKeyLocator
optional< KeyLocator > getKeyLocator() const noexcept
Get KeyLocator.
Definition: data.hpp:316

ndn::security::ValidityPeriod::isValid
bool isValid(const time::system_clock::TimePoint &now=time::system_clock::now()) const
Check if now falls within the validity period.
Definition: validity-period.cpp:147

ndn::security::v2::Certificate::MIN_CERT_NAME_LENGTH
static const size_t MIN_CERT_NAME_LENGTH
Definition: certificate.hpp:170

ndn::SignatureInfo::getCustomTlv
optional< Block > getCustomTlv(uint32_t type) const
Get first custom TLV element with the specified TLV-TYPE.
Definition: signature-info.cpp:309

NDN_THROW
#define NDN_THROW(e)
Definition: exception.hpp:61

ndn::security::v2::Certificate::Certificate
Certificate()
Definition: certificate.cpp:48

ndn::Name::at
const Component & at(ssize_t i) const
Returns an immutable reference to the component at the specified index, with bounds checking...
Definition: name.cpp:171

ndn::security::v2::operator<<
std::ostream & operator<<(std::ostream &os, const AdditionalDescription &desc)
Definition: additional-description.cpp:167

ndn::Data::getSignatureType
int32_t getSignatureType() const noexcept
Get SignatureType.
Definition: data.hpp:308

ndn::security::ValidityPeriod
Abstraction of validity period.
Definition: validity-period.hpp:37

ndn::security::v2::Certificate::KEY_COMPONENT_OFFSET
static const ssize_t KEY_COMPONENT_OFFSET
Definition: certificate.hpp:168

ndn::security::ValidityPeriod::getPeriod
std::pair< time::system_clock::TimePoint, time::system_clock::TimePoint > getPeriod() const
Get the stored validity period.
Definition: validity-period.cpp:141

ndn::security::v2::Certificate::VERSION_OFFSET
static const ssize_t VERSION_OFFSET
Definition: certificate.hpp:166

ndn::security::transform::streamSink
unique_ptr< Sink > streamSink(std::ostream &os)
Definition: stream-sink.cpp:53

ndn::security::v2::Certificate::getKeyName
Name getKeyName() const
Get key name.
Definition: certificate.cpp:81

ndn::security::transform::bufferSource
BufferSource bufferSource
Definition: buffer-source.hpp:81

ndn::Data::getName
const Name & getName() const noexcept
Get name.
Definition: data.hpp:126

certificate.hpp

ndn::Name
Represents an absolute name.
Definition: name.hpp:44

ndn::time::toIsoString
std::string toIsoString(const system_clock::TimePoint &timePoint)
Convert to the ISO string representation of the time (YYYYMMDDTHHMMSS,fffffffff)
Definition: time.cpp:143

ndn::tlv::Name
Definition: tlv.hpp:66

ndn::tlv::SignatureTypeValue
SignatureTypeValue
SignatureType values.
Definition: tlv.hpp:131

ndn::Name::size
size_t size() const
Returns the number of components.
Definition: name.hpp:154

ndn::time::system_clock::TimePoint
time_point TimePoint
Definition: time.hpp:195

transform.hpp

ndn::name::Component
Represents a name component.
Definition: name-component.hpp:102

ndn::security::v2::Certificate::getKeyId
name::Component getKeyId() const
Get key ID.
Definition: certificate.cpp:93

ndn::security::v2::Certificate::isValidName
static bool isValidName(const Name &certName)
Check if the specified name follows the naming convention for the certificate.
Definition: certificate.cpp:135

ndn::Data::getContent
const Block & getContent() const noexcept
Get the Content element.
Definition: data.hpp:172

ndn::Name::toUri
void toUri(std::ostream &os, name::UriFormat format=name::UriFormat::DEFAULT) const
Write URI representation of the name to the output stream.
Definition: name.cpp:348

ndn::security::v2::Certificate::KEY_COMPONENT
static const name::Component KEY_COMPONENT
Definition: certificate.hpp:172

indented-stream.hpp

ndn::security::v2::Certificate::ISSUER_ID_OFFSET
static const ssize_t ISSUER_ID_OFFSET
Definition: certificate.hpp:167

ndn::security::v2::Certificate::getExtension
Block getExtension(uint32_t type) const
Get extension with TLV type.
Definition: certificate.cpp:125

ndn::tlv::AdditionalDescription
Definition: tlv.hpp:150

ndn::security::v2::Certificate::getValidityPeriod
ValidityPeriod getValidityPeriod() const
Get validity period of the certificate.
Definition: certificate.cpp:113

ndn::Data::getFreshnessPeriod
time::milliseconds getFreshnessPeriod() const
Definition: data.hpp:286

ndn::Data
Represents a Data packet.
Definition: data.hpp:39

ndn::Buffer
General-purpose automatically managed/resized buffer.
Definition: buffer.hpp:40

ndn::util::IndentedStream
Output to stream with specified indent or prefix.
Definition: indented-stream.hpp:54

ndn::Data::getContentType
uint32_t getContentType() const
Definition: data.hpp:277

ndn::security::v2::Certificate::isValid
bool isValid(const time::system_clock::TimePoint &ts=time::system_clock::now()) const
Check if the certificate is valid at ts.
Definition: certificate.cpp:119

additional-description.hpp

ndn::Data::getSignatureInfo
const SignatureInfo & getSignatureInfo() const noexcept
Get SignatureInfo.
Definition: data.hpp:231

ndn::SignatureInfo::getValidityPeriod
security::ValidityPeriod getValidityPeriod() const
Get ValidityPeriod.
Definition: signature-info.cpp:215

ndn::security::transform::base64Encode
unique_ptr< Transform > base64Encode(bool needBreak)
Definition: base64-encode.cpp:129

ndn::security::v2::extractIdentityFromCertName
Name extractIdentityFromCertName(const Name &certName)
Extract identity namespace from the certificate name certName.
Definition: certificate.cpp:186