Represents an NDN certificate. More...
#include <ndn-cxx/security/certificate.hpp>
Inheritance diagram for ndn::security::Certificate: Collaboration diagram for ndn::security::Certificate:Classes | |
| class | Error |
Public Member Functions | |
| Certificate () | |
| Certificate (const Block &block) | |
| Construct certificate from a wire encoding. More... | |
| Certificate (const Data &data) | |
| Construct certificate from a data object. More... | |
| Certificate (Data &&data) | |
| Construct certificate from a data object. More... | |
| InputBuffers | extractSignedRanges () const |
| Extract ranges of Data covered by the signature. More... | |
| uint64_t | getCongestionMark () const |
| Get the value of the CongestionMark tag. More... | |
| const Block & | getContent () const noexcept |
Get the Content element. More... | |
| uint32_t | getContentType () const noexcept |
Return the value of ContentType. More... | |
| Block | getExtension (uint32_t type) const |
Get extension with TLV type. More... | |
| const std::optional< name::Component > & | getFinalBlock () const noexcept |
Return the value of FinalBlockId. More... | |
| time::milliseconds | getFreshnessPeriod () const noexcept |
Return the value of FreshnessPeriod. More... | |
| const Name & | getFullName () const |
| Get the full name (including implicit digest). More... | |
| Name | getIdentity () const |
| Get identity name. More... | |
| name::Component | getIssuerId () const |
| Get issuer ID. More... | |
| name::Component | getKeyId () const |
| Get key ID. More... | |
| std::optional< KeyLocator > | getKeyLocator () const noexcept |
Get the KeyLocator element. More... | |
| Name | getKeyName () const |
| Get key name. More... | |
| const MetaInfo & | getMetaInfo () const noexcept |
Get the MetaInfo element. More... | |
| const Name & | getName () const noexcept |
| Get the Data name. More... | |
| span< const uint8_t > | getPublicKey () const noexcept |
| Return the public key as a DER-encoded SubjectPublicKeyInfo structure, i.e., exactly as it appears in the serialized certificate. More... | |
| const SignatureInfo & | getSignatureInfo () const noexcept |
Get the SignatureInfo element. More... | |
| int32_t | getSignatureType () const noexcept |
Get the SignatureType. More... | |
| const Block & | getSignatureValue () const noexcept |
Get the SignatureValue element. More... | |
| template<typename T > | |
| std::shared_ptr< T > | getTag () const |
| Get a tag item. More... | |
| ValidityPeriod | getValidityPeriod () const |
| Get validity period of the certificate. More... | |
| bool | hasContent () const noexcept |
Return whether this Data has a Content element. More... | |
| bool | hasWire () const noexcept |
| Check if this instance has cached wire encoding. More... | |
| bool | isValid (const time::system_clock::time_point &ts=time::system_clock::now()) const |
Check if the certificate is valid at ts. More... | |
| template<typename T > | |
| void | removeTag () const |
| Remove a tag item. More... | |
| void | setCongestionMark (uint64_t mark) |
| Set the CongestionMark tag to the specified value. More... | |
| Data & | setContent (const Block &block) |
Set Content from a Block. More... | |
| Data & | setContent (ConstBufferPtr value) |
Set Content from a shared buffer. More... | |
| Data & | setContent (span< const uint8_t > value) |
Set Content by copying from a contiguous sequence of bytes. More... | |
| Data & | setContent (std::nullptr_t)=delete |
| Data & | setContent (std::string_view value) |
Set Content by copying from a string. More... | |
| Data & | setContentType (uint32_t type) |
Set the ContentType. More... | |
| Data & | setFinalBlock (std::optional< name::Component > finalBlockId) |
Set the FinalBlockId. More... | |
| Data & | setFreshnessPeriod (time::milliseconds freshnessPeriod) |
Set the FreshnessPeriod. More... | |
| Data & | setMetaInfo (const MetaInfo &metaInfo) |
Set the MetaInfo element. More... | |
| Data & | setName (const Name &name) |
| Set the Data name. More... | |
| Data & | setSignatureInfo (const SignatureInfo &info) |
Set the SignatureInfo element. More... | |
| Data & | setSignatureValue (ConstBufferPtr value) |
Set SignatureValue from a shared buffer. More... | |
| Data & | setSignatureValue (span< const uint8_t > value) |
Set SignatureValue by copying from a contiguous sequence of bytes. More... | |
| Data & | setSignatureValue (std::nullptr_t)=delete |
| template<typename T > | |
| void | setTag (std::shared_ptr< T > tag) const |
| Set (add or replace) a tag item. More... | |
| Data & | unsetContent () |
Remove the Content element. More... | |
| void | wireDecode (const Block &wire) |
Decode from wire. More... | |
| const Block & | wireEncode () const |
| Encode into a Block. More... | |
| const Block & | wireEncode (EncodingBuffer &encoder, span< const uint8_t > signature) const |
| Finalize Data packet encoding with the specified signature. More... | |
| template<encoding::Tag TAG> | |
| size_t | wireEncode (EncodingImpl< TAG > &encoder, bool wantUnsignedPortionOnly=false) const |
Prepend wire encoding to encoder. More... | |
Static Public Member Functions | |
| static bool | isValidName (const Name &certName) |
| Check if the specified name respects the naming conventions for certificates. More... | |
Static Public Attributes | |
| static const name::Component | DEFAULT_ISSUER_ID {"NA"} |
| static constexpr ssize_t | ISSUER_ID_OFFSET = -2 |
| static const name::Component | KEY_COMPONENT {"KEY"} |
| static constexpr ssize_t | KEY_COMPONENT_OFFSET = -4 |
| static constexpr ssize_t | KEY_ID_OFFSET = -3 |
| static constexpr size_t | MIN_CERT_NAME_LENGTH = 4 |
| static constexpr size_t | MIN_KEY_NAME_LENGTH = 2 |
| static constexpr ssize_t | VERSION_OFFSET = -1 |
Protected Member Functions | |
| void | resetWire () |
| Clear wire encoding and cached FullName. More... | |
Represents an NDN certificate.
Example of an NDN certificate name:
KeyId is an opaque name component to identify an instance of the public key for the certificate namespace. The value of KeyId is controlled by the namespace owner. The library includes helpers for generation of key IDs using 8-byte random number, SHA-256 digest of the public key, timestamp, or a specified numerical identifier.IssuerId is an opaque name component to identify the issuer of the certificate. The value is controlled by the issuer. The library includes helpers to set issuer ID to a 8-byte random number, SHA-256 digest of the issuer's public key, or a specified numerical identifier.Key Name is the logical name of the key used for management purposes. The key name includes the identity name, the keyword KEY, and the KeyId component.Definition at line 57 of file certificate.hpp.
| ndn::security::Certificate::Certificate | ( | ) |
Definition at line 35 of file certificate.cpp.
|
explicit |
Construct certificate from a data object.
| tlv::Error | if data does not follow certificate format |
Definition at line 41 of file certificate.cpp.
|
explicit |
Construct certificate from a data object.
| tlv::Error | if data does not follow certificate format |
Definition at line 55 of file certificate.cpp.
|
explicit |
Construct certificate from a wire encoding.
| tlv::Error | if wire encoding is invalid or does not follow certificate format |
Definition at line 60 of file certificate.cpp.
|
inherited |
Extract ranges of Data covered by the signature.
|
inherited |
Get the value of the CongestionMark tag.
Definition at line 28 of file packet-base.cpp.
|
inlinenoexceptinherited |
Get the Content element.
If the element is not present (hasContent() == false), an invalid Block will be returned.
The value of the returned Content Block (if valid) can be accessed through
|
inlinenoexceptinherited |
Return the value of ContentType.
If the ContentType element is not present, returns tlv::ContentType_Blob.
| Block ndn::security::Certificate::getExtension | ( | uint32_t | type | ) | const |
Get extension with TLV type.
| Error | The specified block type does not exist |
Definition at line 102 of file certificate.cpp.
|
inlinenoexceptinherited |
|
inlinenoexceptinherited |
Return the value of FreshnessPeriod.
If the FreshnessPeriod element is not present, returns DEFAULT_FRESHNESS_PERIOD. If the FreshnessPeriod value is not representable in the return type, it's clamped to the nearest representable value.
|
inherited |
| Name ndn::security::Certificate::getIdentity | ( | ) | const |
Get identity name.
Definition at line 66 of file certificate.cpp.
| name::Component ndn::security::Certificate::getIssuerId | ( | ) | const |
Get issuer ID.
Definition at line 84 of file certificate.cpp.
| name::Component ndn::security::Certificate::getKeyId | ( | ) | const |
Get key ID.
Definition at line 78 of file certificate.cpp.
|
inlinenoexceptinherited |
Get the KeyLocator element.
| Name ndn::security::Certificate::getKeyName | ( | ) | const |
Get key name.
Definition at line 72 of file certificate.cpp.
|
inlinenoexceptinherited |
|
inlinenoexceptinherited |
|
inlinenoexcept |
Return the public key as a DER-encoded SubjectPublicKeyInfo structure, i.e., exactly as it appears in the serialized certificate.
Definition at line 118 of file certificate.hpp.
|
inlinenoexceptinherited |
Get the SignatureInfo element.
|
inlinenoexceptinherited |
Get the SignatureType.
|
inlinenoexceptinherited |
|
inherited |
Get a tag item.
| T | type of the tag, which must be a subclass of ndn::Tag |
| nullptr | if no Tag of type T is stored |
Definition at line 72 of file tag-host.hpp.
| ValidityPeriod ndn::security::Certificate::getValidityPeriod | ( | ) | const |
Get validity period of the certificate.
Definition at line 90 of file certificate.cpp.
|
inlinenoexceptinherited |
|
inlinenoexceptinherited |
| bool ndn::security::Certificate::isValid | ( | const time::system_clock::time_point & | ts = time::system_clock::now() | ) | const |
Check if the certificate is valid at ts.
Definition at line 96 of file certificate.cpp.
|
static |
Check if the specified name respects the naming conventions for certificates.
Definition at line 112 of file certificate.cpp.
|
inherited |
Remove a tag item.
| T | type of the tag, which must be a subclass of ndn::Tag |
Definition at line 98 of file tag-host.hpp.
|
protectedinherited |
|
inherited |
Set the CongestionMark tag to the specified value.
Definition at line 41 of file packet-base.cpp.
Set Content from a Block.
| block | TLV element to be used as Content; must be valid |
If the block's TLV-TYPE is tlv::Content, it will be used directly as this Data's Content element. Otherwise, the block will be nested into a Content element.
|
inherited |
|
inherited |
|
deleteinherited |
|
inherited |
|
inherited |
Set the ContentType.
| type | A number defined in tlv::ContentTypeValue |
|
inherited |
|
inherited |
|
inherited |
Set the SignatureInfo element.
This is a low-level function that should not normally be called directly by applications. Instead, provide a SignatureInfo to the SigningInfo object passed to KeyChain::sign().
|
inherited |
Set SignatureValue from a shared buffer.
| value | buffer containing the TLV-VALUE of the SignatureValue; must not be null |
This is a low-level function that should not normally be called directly by applications. Instead, use KeyChain::sign() to sign the packet.
|
inherited |
Set SignatureValue by copying from a contiguous sequence of bytes.
| value | buffer from which the TLV-VALUE of the SignatureValue will be copied |
This is a low-level function that should not normally be called directly by applications. Instead, use KeyChain::sign() to sign the packet.
|
deleteinherited |
|
inherited |
Set (add or replace) a tag item.
| T | type of the tag, which must be a subclass of ndn::Tag |
Definition at line 84 of file tag-host.hpp.
|
inherited |
Remove the Content element.
|
inherited |
|
inherited |
|
inherited |
Finalize Data packet encoding with the specified signature.
| encoder | EncodingBuffer containing Name, MetaInfo, Content, and SignatureInfo, but without SignatureValue and the outermost Type-Length of the Data element. |
| signature | Raw signature bytes, without TLV Type and Length; this will become the TLV-VALUE of the SignatureValue element added to the packet. |
This method is intended to be used in concert with wireEncode(encoder, true), e.g.:
|
inherited |
Prepend wire encoding to encoder.
| encoder | EncodingEstimator or EncodingBuffer instance. |
| wantUnsignedPortionOnly | If true, prepend only Name, MetaInfo, Content, and SignatureInfo to encoder, but omit SignatureValue and the outermost TLV Type and Length of the Data element. This is intended to be used with wireEncode(EncodingBuffer&, span<const uint8_t>) const. |
| Error | Signature is not present and wantUnsignedPortionOnly is false. |
|
inlinestatic |
Definition at line 159 of file certificate.hpp.
|
staticconstexpr |
Definition at line 153 of file certificate.hpp.
|
inlinestatic |
Definition at line 158 of file certificate.hpp.
|
staticconstexpr |
Definition at line 155 of file certificate.hpp.
|
staticconstexpr |
Definition at line 154 of file certificate.hpp.
|
staticconstexpr |
Definition at line 156 of file certificate.hpp.
|
staticconstexpr |
Definition at line 157 of file certificate.hpp.
|
staticconstexpr |
Definition at line 152 of file certificate.hpp.
1.9.1