master/doxygen/certificate_8cpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */

 /*

  * Copyright (c) 2013-2023 Regents of the University of California.

  *

  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).

  *

  * ndn-cxx library is free software: you can redistribute it and/or modify it under the

  * terms of the GNU Lesser General Public License as published by the Free Software

  * Foundation, either version 3 of the License, or (at your option) any later version.

  *

  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY

  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A

  * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.

  *

  * You should have received copies of the GNU General Public License and GNU Lesser

  * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see

  * <http://www.gnu.org/licenses/>.

  *

  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.

  *

  * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>

  * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>

  */


 #include "ndn-cxx/security/certificate.hpp"

 #include "ndn-cxx/security/additional-description.hpp"

 #include "ndn-cxx/security/transform/base64-encode.hpp"

 #include "ndn-cxx/security/transform/buffer-source.hpp"

 #include "ndn-cxx/security/transform/public-key.hpp"

 #include "ndn-cxx/security/transform/stream-sink.hpp"

 #include "ndn-cxx/util/indented-stream.hpp"


 namespace ndn::security {


 Certificate::Certificate()

 {

   setContentType(tlv::ContentType_Key);

   setFreshnessPeriod(1_h);

 }


 Certificate::Certificate(Data&& data)

   : Data(std::move(data))

 {

   if (!isValidName(getName())) {

     NDN_THROW(Error("Certificate name does not follow the naming conventions"));

   }

   if (getContentType() != tlv::ContentType_Key) {

     NDN_THROW(Error("Expecting ContentType=Key, got " + to_string(getContentType())));

   }

   if (getFreshnessPeriod() <= 0_ms) {

     NDN_THROW(Error("Certificate FreshnessPeriod cannot be zero"));

   }

 }


 Certificate::Certificate(const Data& data)

   : Certificate(Data(data))

 {

 }


 Certificate::Certificate(const Block& block)

   : Certificate(Data(block))

 {

 }


 Name

 Certificate::getIdentity() const

 {

   return getName().getPrefix(KEY_COMPONENT_OFFSET);

 }


 Name

 Certificate::getKeyName() const

 {

   return getName().getPrefix(KEY_ID_OFFSET + 1);

 }


 name::Component

 Certificate::getKeyId() const

 {

   return getName().at(KEY_ID_OFFSET);

 }


 name::Component

 Certificate::getIssuerId() const

 {

   return getName().at(ISSUER_ID_OFFSET);

 }


 ValidityPeriod

 Certificate::getValidityPeriod() const

 {

   return getSignatureInfo().getValidityPeriod();

 }


 bool

 Certificate::isValid(const time::system_clock::time_point& ts) const

 {

   return getSignatureInfo().getValidityPeriod().isValid(ts);

 }


 Block

 Certificate::getExtension(uint32_t type) const

 {

   auto block = getSignatureInfo().getCustomTlv(type);

   if (!block) {

     NDN_THROW(Error("TLV-TYPE " + to_string(type) + " sub-element does not exist in SignatureInfo"));

   }

   return *block;

 }


 bool

 Certificate::isValidName(const Name& certName)

 {

   // /<IdentityName>/KEY/<KeyId>/<IssuerId>/<Version>

   return certName.size() >= Certificate::MIN_CERT_NAME_LENGTH &&

          certName[Certificate::KEY_COMPONENT_OFFSET] == Certificate::KEY_COMPONENT;

 }


 std::ostream&

 operator<<(std::ostream& os, const Certificate& cert)

 {

   os << "Certificate Name:\n"

      << "  " << cert.getName() << "\n";


   auto optAddlDesc = cert.getSignatureInfo().getCustomTlv(tlv::AdditionalDescription);

   if (optAddlDesc) {

     os << "Additional Description:\n";

     try {

       AdditionalDescription additionalDesc(*optAddlDesc);

       for (const auto& item : additionalDesc) {

         os << "  " << item.first << ": " << item.second << "\n";

       }

     }

     catch (const tlv::Error&) {

       using namespace transform;

       util::IndentedStream os2(os, "  ");

       bufferSource(optAddlDesc->value_bytes()) >> base64Encode() >> streamSink(os2);

     }

   }


   os << "Public Key:\n";

   {

     using namespace transform;


     os << "  Key Type: ";

     try {

       PublicKey key;

       key.loadPkcs8(cert.getPublicKey());

       os << key.getKeySize() << "-bit " << key.getKeyType();

     }

     catch (const std::runtime_error&) {

       os << "Unknown (" << cert.getPublicKey().size() << " bytes)";

     }

     os << "\n";


     if (!cert.getPublicKey().empty()) {

       util::IndentedStream os2(os, "  ");

       bufferSource(cert.getPublicKey()) >> base64Encode() >> streamSink(os2);

     }

   }


   try {

     const auto& validityPeriod = cert.getValidityPeriod().getPeriod();

     os << "Validity:\n"

        << "  Not Before: " << time::toIsoExtendedString(validityPeriod.first) << "\n"

        << "  Not After: "  << time::toIsoExtendedString(validityPeriod.second)  << "\n";

   }

   catch (const tlv::Error&) {

     // ignore

   }


   os << "Signature Information:\n"

      << "  Signature Type: " << static_cast<tlv::SignatureTypeValue>(cert.getSignatureType()) << "\n";


   auto keyLoc = cert.getKeyLocator();

   if (keyLoc) {

     os << "  Key Locator: " << *keyLoc << "\n";

     if (keyLoc->getType() == tlv::Name && keyLoc->getName() == cert.getKeyName()) {

       os << "  Self-Signed: yes\n";

     }

   }


   return os;

 }


 Name

 extractIdentityFromCertName(const Name& certName)

 {

   if (!Certificate::isValidName(certName)) {

     NDN_THROW(std::invalid_argument("Certificate name `" + certName.toUri() + "` "

                                     "does not respect the naming conventions"));

   }


   return certName.getPrefix(Certificate::KEY_COMPONENT_OFFSET); // trim everything after and including "KEY"

 }


 Name

 extractKeyNameFromCertName(const Name& certName)

 {

   if (!Certificate::isValidName(certName)) {

     NDN_THROW(std::invalid_argument("Certificate name `" + certName.toUri() + "` "

                                     "does not respect the naming conventions"));

   }


   return certName.getPrefix(Certificate::KEY_ID_OFFSET + 1); // trim everything after key id

 }


 } // namespace ndn::security

additional-description.hpp

base64-encode.hpp

buffer-source.hpp

certificate.hpp

ndn::Block
Represents a TLV element of the NDN packet format.
Definition: block.hpp:45

ndn::Data
Represents a Data packet.
Definition: data.hpp:39

ndn::Data::getSignatureType
int32_t getSignatureType() const noexcept
Get the SignatureType.
Definition: data.hpp:358

ndn::Data::getFreshnessPeriod
time::milliseconds getFreshnessPeriod() const noexcept
Return the value of FreshnessPeriod.
Definition: data.hpp:327

ndn::Data::setFreshnessPeriod
Data & setFreshnessPeriod(time::milliseconds freshnessPeriod)
Set the FreshnessPeriod.
Definition: data.cpp:347

ndn::Data::getContentType
uint32_t getContentType() const noexcept
Return the value of ContentType.
Definition: data.hpp:312

ndn::Data::getSignatureInfo
const SignatureInfo & getSignatureInfo() const noexcept
Get the SignatureInfo element.
Definition: data.hpp:243

ndn::Data::getName
const Name & getName() const noexcept
Get the Data name.
Definition: data.hpp:137

ndn::Data::getKeyLocator
std::optional< KeyLocator > getKeyLocator() const noexcept
Get the KeyLocator element.
Definition: data.hpp:367

ndn::Data::setContentType
Data & setContentType(uint32_t type)
Set the ContentType.
Definition: data.cpp:337

ndn::Name
Represents an absolute name.
Definition: name.hpp:45

ndn::Name::getPrefix
PartialName getPrefix(ssize_t nComponents) const
Returns a prefix of the name.
Definition: name.hpp:241

ndn::Name::size
size_t size() const noexcept
Returns the number of components.
Definition: name.hpp:180

ndn::Name::at
const Component & at(ssize_t i) const
Returns an immutable reference to the component at the specified index, with bounds checking.
Definition: name.cpp:146

ndn::Name::toUri
void toUri(std::ostream &os, name::UriFormat format=name::UriFormat::DEFAULT) const
Write URI representation of the name to the output stream.
Definition: name.cpp:324

ndn::SignatureInfo::getValidityPeriod
security::ValidityPeriod getValidityPeriod() const
Get the ValidityPeriod element.
Definition: signature-info.cpp:202

ndn::SignatureInfo::getCustomTlv
std::optional< Block > getCustomTlv(uint32_t type) const
Get first custom TLV element with the specified TLV-TYPE.
Definition: signature-info.cpp:291

ndn::name::Component
Represents a name component.
Definition: name-component.hpp:113

ndn::security::AdditionalDescription
Represents an AdditionalDescription TLV element.
Definition: additional-description.hpp:37

ndn::security::Certificate::Error
Definition: certificate.hpp:61

ndn::security::Certificate
Represents an NDN certificate.
Definition: certificate.hpp:58

ndn::security::Certificate::getIssuerId
name::Component getIssuerId() const
Get issuer ID.
Definition: certificate.cpp:84

ndn::security::Certificate::Certificate
Certificate()
Definition: certificate.cpp:35

ndn::security::Certificate::getPublicKey
span< const uint8_t > getPublicKey() const noexcept
Return the public key as a DER-encoded SubjectPublicKeyInfo structure, i.e., exactly as it appears in...
Definition: certificate.hpp:118

ndn::security::Certificate::getKeyName
Name getKeyName() const
Get key name.
Definition: certificate.cpp:72

ndn::security::Certificate::getIdentity
Name getIdentity() const
Get identity name.
Definition: certificate.cpp:66

ndn::security::Certificate::KEY_COMPONENT_OFFSET
static constexpr ssize_t KEY_COMPONENT_OFFSET
Definition: certificate.hpp:155

ndn::security::Certificate::getKeyId
name::Component getKeyId() const
Get key ID.
Definition: certificate.cpp:78

ndn::security::Certificate::isValid
bool isValid(const time::system_clock::time_point &ts=time::system_clock::now()) const
Check if the certificate is valid at ts.
Definition: certificate.cpp:96

ndn::security::Certificate::getValidityPeriod
ValidityPeriod getValidityPeriod() const
Get validity period of the certificate.
Definition: certificate.cpp:90

ndn::security::Certificate::ISSUER_ID_OFFSET
static constexpr ssize_t ISSUER_ID_OFFSET
Definition: certificate.hpp:153

ndn::security::Certificate::KEY_ID_OFFSET
static constexpr ssize_t KEY_ID_OFFSET
Definition: certificate.hpp:154

ndn::security::Certificate::KEY_COMPONENT
static const name::Component KEY_COMPONENT
Definition: certificate.hpp:158

ndn::security::Certificate::isValidName
static bool isValidName(const Name &certName)
Check if the specified name respects the naming conventions for certificates.
Definition: certificate.cpp:112

ndn::security::Certificate::MIN_CERT_NAME_LENGTH
static constexpr size_t MIN_CERT_NAME_LENGTH
Definition: certificate.hpp:156

ndn::security::Certificate::getExtension
Block getExtension(uint32_t type) const
Get extension with TLV type.
Definition: certificate.cpp:102

ndn::security::ValidityPeriod
Represents a ValidityPeriod TLV element.
Definition: validity-period.hpp:36

ndn::security::ValidityPeriod::getPeriod
std::pair< time::system_clock::time_point, time::system_clock::time_point > getPeriod() const
Get the stored validity period.
Definition: validity-period.cpp:170

ndn::security::ValidityPeriod::isValid
bool isValid(const time::system_clock::time_point &now=time::system_clock::now()) const
Check if now falls within the validity period.
Definition: validity-period.cpp:176

ndn::time::system_clock::time_point
::boost::chrono::time_point< system_clock > time_point
Definition: time.hpp:205

ndn::tlv::Error
Represents an error in TLV encoding or decoding.
Definition: tlv.hpp:54

ndn::util::IndentedStream
Output to stream with specified indent or prefix.
Definition: indented-stream.hpp:54

NDN_THROW
#define NDN_THROW(e)
Definition: exception.hpp:56

indented-stream.hpp

ndn::exception::to_string
std::string to_string(const errinfo_stacktrace &x)
Definition: exception.cpp:30

ndn::security::transform::streamSink
unique_ptr< Sink > streamSink(std::ostream &os)
Definition: stream-sink.cpp:51

ndn::security::transform::bufferSource
BufferSource bufferSource
Definition: buffer-source.hpp:71

ndn::security::transform::base64Encode
unique_ptr< Transform > base64Encode(bool needBreak)
Definition: base64-encode.cpp:127

ndn::security
Contains the ndn-cxx security framework.
Definition: additional-description.cpp:26

ndn::security::operator<<
std::ostream & operator<<(std::ostream &os, const AdditionalDescription &desc)
Definition: additional-description.cpp:157

ndn::security::extractIdentityFromCertName
Name extractIdentityFromCertName(const Name &certName)
Extract identity namespace from the certificate name certName.
Definition: certificate.cpp:187

ndn::security::extractKeyNameFromCertName
Name extractKeyNameFromCertName(const Name &certName)
Extract key name from the certificate name certName.
Definition: certificate.cpp:198

ndn::time::toIsoExtendedString
std::string toIsoExtendedString(const system_clock::time_point &timePoint)
Convert to the ISO 8601 string representation, extended format (YYYY-MM-DDTHH:MM:SS,...
Definition: time.cpp:136

ndn::tlv::Name
@ Name
Definition: tlv.hpp:71

ndn::tlv::AdditionalDescription
@ AdditionalDescription
Definition: tlv.hpp:110

ndn::tlv::ContentType_Key
@ ContentType_Key
public key, certificate
Definition: tlv.hpp:147

ndn::tlv::SignatureTypeValue
SignatureTypeValue
SignatureType values.
Definition: tlv.hpp:127

public-key.hpp

stream-sink.hpp