security: CryptoPP functions are used directly to encode/decode DER/BER

This change eliminates the need for custom der decoder/encoder.

Change-Id: I5be2e55cec2b63157927a4ad87fffe8e8651ed3c
diff --git a/src/encoding/cryptopp/asn_ext.cpp b/src/encoding/cryptopp/asn_ext.cpp
new file mode 100644
index 0000000..6698426
--- /dev/null
+++ b/src/encoding/cryptopp/asn_ext.cpp
@@ -0,0 +1,107 @@
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Alexander Afanasyev <alexander.afanasyev@ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#include <ndn-cpp/ndn-cpp-config.h>
+#include "asn_ext.hpp"
+
+#if NDN_CPP_HAVE_TIME_H
+#include <time.h>
+#endif
+#if NDN_CPP_HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+
+#include <boost/format.hpp>
+#include <boost/lexical_cast.hpp>
+
+using namespace CryptoPP;
+
+namespace ndn {
+
+size_t
+DEREncodeGeneralTime(CryptoPP::BufferedTransformation &bt, MillisecondsSince1970 time)
+{
+#ifndef NDN_CPP_HAVE_GMTIME_SUPPORT
+  throw Asn::Error("Time functions are not supported by the standard library");
+#endif
+
+  if (time < 0)
+    throw Asn::Error("Calendar time value out of range");
+  else if (time > 2e14)
+    // 2e14 is about the year 8300.  We don't want to go over a 4-digit year.
+    throw Asn::Error("Calendar time value out of range");
+  
+  time_t secondsSince1970 = time / 1000;
+  struct tm* gmt = gmtime(&secondsSince1970);
+
+  std::string asn1time ((boost::format("%04d%02d%02d%02d%02d%02d%sZ")
+                         % (1900 + gmt->tm_year)
+                         % (gmt->tm_mon + 1)
+                         % gmt->tm_mday
+                         % gmt->tm_hour
+                         % gmt->tm_min
+                         % gmt->tm_sec).str());
+   // = os.str();
+  
+  bt.Put(GENERALIZED_TIME);
+  size_t lengthBytes = DERLengthEncode(bt, asn1time.size());
+  bt.Put(reinterpret_cast<const uint8_t*>(asn1time.c_str()), asn1time.size());
+  return 1+lengthBytes+asn1time.size();
+}
+
+void
+BERDecodeTime(CryptoPP::BufferedTransformation &bt, MillisecondsSince1970 &time)
+{
+  byte b;
+  if (!bt.Get(b) || (b != GENERALIZED_TIME && b != UTC_TIME))
+    BERDecodeError();
+
+  size_t bc;
+  if (!BERLengthDecode(bt, bc))
+    BERDecodeError();
+
+  SecByteBlock time_str(bc);
+  if (bc != bt.Get(time_str, bc))
+    BERDecodeError();
+
+  std::vector<std::string> params;
+  std::string current;
+  std::locale cLocale("C");
+  
+  for(uint32_t j = 0; j != time_str.size(); ++j)
+    {
+      if(std::isdigit(reinterpret_cast<char&>(time_str[j]), cLocale))
+        current += time_str[j];
+      else
+        {
+          if(current != "")
+            params.push_back(current);
+          current.clear();
+        }
+    }
+  if(current != "")
+    params.push_back(current);
+  
+  if(params.size() < 3 || params.size() > 6)
+    throw Asn::Error("Invalid time specification " + std::string(time_str.begin(), time_str.end()));
+
+  struct tm gmt;
+  gmt.tm_year = boost::lexical_cast<int>(params[0]);
+  gmt.tm_mon  = boost::lexical_cast<int>(params[1]) - 1;
+  gmt.tm_mday = boost::lexical_cast<int>(params[2]);
+  gmt.tm_hour = (params.size() >= 4) ? boost::lexical_cast<int>(params[3]) : 0;
+  gmt.tm_min  = (params.size() >= 5) ? boost::lexical_cast<int>(params[4]) : 0;
+  gmt.tm_sec  = (params.size() == 6) ? boost::lexical_cast<int>(params[5]) : 0;
+
+  if (b == GENERALIZED_TIME)
+    gmt.tm_year -= 1900;
+
+  time = timegm(&gmt) * 1000;
+}
+
+} // namespace ndn
diff --git a/src/encoding/cryptopp/asn_ext.hpp b/src/encoding/cryptopp/asn_ext.hpp
new file mode 100644
index 0000000..a7be874
--- /dev/null
+++ b/src/encoding/cryptopp/asn_ext.hpp
@@ -0,0 +1,30 @@
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Alexander Afanasyev <alexander.afanasyev@ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_ASN_EXT_HPP
+#define NDN_ASN_EXT_HPP
+
+#include <ndn-cpp/common.hpp>
+#include <cryptopp/asn.h>
+
+namespace ndn {
+
+namespace Asn {
+struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
+}
+
+size_t
+DEREncodeGeneralTime(CryptoPP::BufferedTransformation &bt, MillisecondsSince1970 time);
+
+void
+BERDecodeTime(CryptoPP::BufferedTransformation &bt, MillisecondsSince1970 &time);
+
+} // namespace ndn
+
+#endif // NDN_ASN_EXT_HPP
+
diff --git a/src/encoding/der/der-exception.cpp b/src/encoding/der/der-exception.cpp
deleted file mode 100644
index 84ab5c1..0000000
--- a/src/encoding/der/der-exception.cpp
+++ /dev/null
@@ -1,29 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#include "der-exception.hpp"
-
-using namespace std;
-
-namespace ndn {
-
-namespace der
-{
-  
-DerException::DerException(const string& errorMessage) throw()
-  : errorMessage_(errorMessage)
-{
-}
-
-DerException::~DerException() throw()
-{
-}
-  
-} // der
-
-}
diff --git a/src/encoding/der/der-exception.hpp b/src/encoding/der/der-exception.hpp
deleted file mode 100644
index 5016697..0000000
--- a/src/encoding/der/der-exception.hpp
+++ /dev/null
@@ -1,31 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_DER_EXCEPTION_HPP
-#define NDN_DER_EXCEPTION_HPP
-
-#include <stdexcept>
-#include <string>
-
-namespace ndn {
-
-namespace der {
-
-struct DerException : public std::runtime_error { DerException(const std::string &msg) : std::runtime_error(msg) {} };
-
-class NegativeLengthException : public DerException { NegativeLengthException(const std::string &msg) : DerException(msg) {} };
-
-class DerEncodingException : public DerException { DerEncodingException(const std::string &msg) : DerException(msg) {} };
-
-class DerDecodingException : public DerException { DerDecodingException(const std::string &msg) : DerException(msg) {} };
-
-} // der
-
-}
-
-#endif
diff --git a/src/encoding/der/der.cpp b/src/encoding/der/der.cpp
deleted file mode 100644
index 94578b4..0000000
--- a/src/encoding/der/der.cpp
+++ /dev/null
@@ -1,617 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#include <stdexcept>
-#include "der-exception.hpp"
-#include "../../util/logging.hpp"
-#include "../../c/util/time.h"
-#include "der.hpp"
-
-INIT_LOGGER("ndn.der.DER");
-
-using namespace std;
-
-namespace ndn {
-
-namespace der {
-
-/*
- * DerNode
- */
-DerNode::DerNode()
-  :parent_(0)
-{}
-
-DerNode::DerNode(DerType type)
-  :type_(type),
-   parent_(0)
-{}
-
-DerNode::DerNode(InputIterator& start)
-  :parent_(0)
-{
-  decode(start);
-}
-
-DerNode::~DerNode()
-{}
-
-void
-DerNode::encodeHeader(int size)
-{
-  header_.push_back((char)type_);
-
-  if (size >= 127) {
-    int val = size;
-    char buf[sizeof(val) + 1];
-    char *p = &(buf[sizeof(buf)-1]);
-    int n = 0;
-    int mask = (1 << 8) - 1;
-
-    while (val != 0) {
-      p[0] = (char)(val & mask);
-      p--;
-      n++;
-      val >>= 8;
-    }
-
-    p[0] = (char)((1<<7) | n);
-    n++;
-
-    header_.insert(header_.end(), p, p+n);
-  }
-  else if (size >= 0)
-    header_.push_back((char)size);
-  else
-    throw NegativeLengthException("Negative length");
-}
-
-int
-DerNode::decodeHeader(InputIterator& start)
-{
-  uint8_t type = start.ReadU8();
-  // char type = start.get();
-  header_.push_back(type);
-  type_ = static_cast<DerType>((int)type);
-
-  uint8_t sizeLen = start.ReadU8(); 
-  // char sizeLen = start.get();
-  header_.push_back(sizeLen);
-
-  bool longFormat = sizeLen & (1 << 7);
-
-  if (!longFormat) {
-    // _LOG_DEBUG("Short Format");
-    // _LOG_DEBUG("sizeLen: " << (int)sizeLen);
-    return (int)sizeLen;
-  }
-  else {
-    // _LOG_DEBUG("Long Format");
-    uint8_t byte;
-    // char byte;
-    int lenCount = sizeLen & ((1<<7) - 1);
-    // _LOG_DEBUG("sizeLen: " << (int)sizeLen);
-    // _LOG_DEBUG("mask: " << (int)((1<<7) - 1));
-    // _LOG_DEBUG("lenCount: " << (int)lenCount);
-    int size = 0;
-    do {
-      byte = start.ReadU8();
-      header_.push_back(byte);
-      size = size * 256 + (int)byte;
-      // _LOG_DEBUG("byte: " << (int)byte);
-      // _LOG_DEBUG("size: " << size);
-      lenCount--;
-    } while (lenCount > 0);
-
-    return size;
-  }
-}
-
-void
-DerNode::encode(OutputIterator& start)
-{
-  start.write((const char*)&header_[0], header_.size());
-  start.write((const char*)&payload_[0], payload_.size());
-}
-
-void 
-DerNode::decode(InputIterator& start)
-{
-  int payloadSize = decodeHeader(start);
-  // _LOG_DEBUG("payloadSize: " << payloadSize);
-  if (payloadSize > 0 ) {
-    char buf[payloadSize];
-    start.read(buf, payloadSize);
-    payload_.insert(payload_.end(), buf, buf + payloadSize);
-  }
-}
-
-ptr_lib::shared_ptr<DerNode>
-DerNode::parse(InputIterator& start)
-{
-  int type = ((uint8_t)start.PeekU8());
-
-  // _LOG_DEBUG("Type: " << hex << setw(2) << setfill('0') << type);
-  switch(type) {
-    case DER_BOOLEAN:
-      return ptr_lib::shared_ptr<DerBool>(new DerBool(start));
-    case DER_INTEGER:
-      return ptr_lib::shared_ptr<DerInteger>(new DerInteger(start));
-    case DER_BIT_STRING:
-      return ptr_lib::shared_ptr<DerBitString>(new DerBitString(start));
-    case DER_OCTET_STRING:
-      return ptr_lib::shared_ptr<DerOctetString>(new DerOctetString(start));
-    case DER_NULL:
-      return ptr_lib::shared_ptr<DerNull>(new DerNull(start));
-    case DER_OBJECT_IDENTIFIER:
-      return ptr_lib::shared_ptr<DerOid>(new DerOid(start));
-    case DER_SEQUENCE:
-      return ptr_lib::shared_ptr<DerSequence>(new DerSequence(start));
-    case DER_PRINTABLE_STRING:
-      return ptr_lib::shared_ptr<DerPrintableString>(new DerPrintableString(start));
-    case DER_GENERALIZED_TIME:
-      return ptr_lib::shared_ptr<DerGtime>(new DerGtime(start));
-    default:
-      throw DerDecodingException("Unimplemented DER type");
-  }
-}
-
-
-/*
- * DerComplex
- */
-DerComplex::DerComplex()
-  :DerNode(),
-   childChanged_(false),
-   size_(0)
-{}
-
-DerComplex::DerComplex(DerType type)
-  :DerNode(type),
-   childChanged_(false),
-   size_(0)
-{}
-
-DerComplex::DerComplex(InputIterator& start)
-  :DerNode(),
-   childChanged_(false),
-   size_(0)
-{
-  size_ = DerNode::decodeHeader(start);
-  // _LOG_DEBUG("Size: " << size_);
-
-  int accSize = 0;
-  
-  while (accSize < size_) {
-    // _LOG_DEBUG("accSize: " << accSize);
-    ptr_lib::shared_ptr<DerNode> nodePtr = DerNode::parse(start);
-    accSize += nodePtr->getSize();
-    addChild(nodePtr, false);
-  }
-}
-
-DerComplex::~DerComplex()
-{}
-
-int
-DerComplex::getSize()
-{
-  if (childChanged_) {
-    updateSize();
-    childChanged_ = false;
-  }
-
-  header_.clear();
-  DerNode::encodeHeader(size_);
-  return size_ + header_.size();
-}
-
-Blob
-DerComplex::getRaw()
-{
-  ptr_lib::shared_ptr<vector<uint8_t> > blob(new vector<uint8_t>());
-  blob->insert(blob->end(), header_.begin(), header_.end());
-
-  DerNodePtrList::iterator it = nodeList_.begin();
-  for (; it != nodeList_.end(); it++) {
-    Blob childBlob = (*it)->getRaw();
-    blob->insert(blob->end(), childBlob->begin(), childBlob->end());
-  }
-  return blob;
-}
-
-void
-DerComplex::updateSize()
-{
-  int newSize = 0;
-
-  DerNodePtrList::iterator it = nodeList_.begin();
-  for (; it != nodeList_.end(); it++) {
-    newSize += (*it)->getSize();
-  }
-  
-  size_ = newSize;
-  childChanged_ = false;
-}
-
-void
-DerComplex::addChild(ptr_lib::shared_ptr<DerNode> nodePtr, bool notifyParent)
-{
-  nodePtr->setParent(this);
-
-  nodeList_.push_back(nodePtr);
-
-  if (!notifyParent)
-    return;
-
-  if (childChanged_)
-    return;
-  else
-    childChanged_ = true;
-
-  if (0 != parent_)
-    parent_->setChildChanged();
-}
-
-void
-DerComplex::setChildChanged()
-{
-  if (0 != parent_ && !childChanged_) {
-    parent_->setChildChanged();
-    childChanged_ = true;
-  }
-  else
-    childChanged_ = true;
-}
-
-void
-DerComplex::encode(OutputIterator& start)
-{
-  updateSize();
-  header_.clear();
-
-  DerNode::encodeHeader(size_);
-
-  start.write((const char*)&header_[0], header_.size());
-
-  DerNodePtrList::iterator it = nodeList_.begin();
-  for (; it != nodeList_.end(); it++)
-    (*it)->encode(start);
-}
-
-
-/*
- * DerByteString
- */
-DerByteString::DerByteString(const string& str, DerType type)
-  :DerNode(type)
-{
-  payload_.insert(payload_.end(), str.begin(), str.end());
-
-  DerNode::encodeHeader(payload_.size());
-}
-
-DerByteString::DerByteString(const vector<uint8_t>& blob, DerType type)
-  :DerNode(type)
-{
-  payload_.insert(payload_.end(), blob.begin(), blob.end());
-
-  DerNode::encodeHeader(payload_.size());
-}
-
-DerByteString::DerByteString(InputIterator& start)
-  :DerNode(start)
-{}
-
-DerByteString::~DerByteString()
-{}
-
-
-/*
- * DerBool
- */
-DerBool::DerBool(bool value)
-  :DerNode(DER_BOOLEAN)
-
-{ 
-  char payload = (value ? 0xFF : 0x00);
-  payload_.push_back(payload);
-
-  DerNode::encodeHeader(payload_.size());
-}
-
-DerBool::DerBool(InputIterator& start)
-  :DerNode(start)
-{}
-
-DerBool::~DerBool()
-{}
-
-
-/*
- * DerInteger
- */
-DerInteger::DerInteger(const vector<uint8_t>& blob)
-  :DerNode(DER_INTEGER)
-{
-  payload_.insert(payload_.end(), blob.begin(), blob.end());
-
-  DerNode::encodeHeader(payload_.size());
-}
-
-DerInteger::DerInteger(InputIterator& start)
-  :DerNode(start)
-{}
-
-DerInteger::~DerInteger()
-{}
-
-
-/*
- * DerBitString
- */
-DerBitString::DerBitString(const vector<uint8_t>& blob, uint8_t paddingLen)
-  :DerNode(DER_BIT_STRING)
-{     
-  payload_.push_back((char)paddingLen);
-  payload_.insert(payload_.end(), blob.begin(), blob.end());
-
-  DerNode::encodeHeader(payload_.size());
-}
-
-DerBitString::DerBitString(InputIterator& start)
-  :DerNode(start)
-{}
-
-DerBitString::~DerBitString()
-{}
-
-
-/*
- * DerOctetString
- */
-DerOctetString::DerOctetString(const string& str)
-  :DerByteString(str, DER_OCTET_STRING)
-{}
-
-DerOctetString::DerOctetString(const vector<uint8_t>& blob)
-  :DerByteString(blob, DER_OCTET_STRING)
-{}
-
-DerOctetString::DerOctetString(InputIterator& start)
-  :DerByteString(start)
-{}
-
-DerOctetString::~DerOctetString()
-{}
-
-
-/*
- * DerNull
- */
-DerNull::DerNull()
-  :DerNode(DER_NULL)
-{
-  DerNode::encodeHeader(0);
-}
-
-DerNull::DerNull(InputIterator& start)
-  :DerNode(start)
-{}
-  
-DerNull::~DerNull()
-{}
-
-
-/*
- * DerOid
- */
-DerOid::DerOid(const OID& oid)
-  :DerNode(DER_OBJECT_IDENTIFIER)
-{
-  prepareEncoding(oid.getIntegerList());
-}
-
-
-DerOid::DerOid(const string& oidStr)
-  :DerNode(DER_OBJECT_IDENTIFIER)
-{
-  vector<int> value;
-
-  string str = oidStr + ".";
-
-  size_t pos = 0;
-  size_t ppos = 0;
-
-  while (string::npos != pos) {
-    ppos = pos;
-
-    pos = str.find_first_of('.', pos);
-    if (string::npos == pos)
-      break;
-
-    value.push_back(atoi(str.substr(ppos, pos - ppos).c_str()));
-
-    pos++;
-  }
-
-  prepareEncoding(value);
-}
-
-DerOid::DerOid(const vector<int>& value)
-  :DerNode(DER_OBJECT_IDENTIFIER)
-{
-  prepareEncoding(value);
-}
-
-DerOid::DerOid(InputIterator& start)
-  :DerNode(start)
-{}
-  
-DerOid::~DerOid()
-{}
-
-void
-DerOid::prepareEncoding(const vector<int>& value)
-{
-  ostringstream os;
-
-  int firstNumber = 0;
-  
-  if (value.size() >= 1) {
-    if (0 <= value[0] && 2 >= value[0])
-      firstNumber = value[0] * 40;
-    else
-      throw DerEncodingException("first integer of oid is out of range");
-  }
-  else
-    throw DerEncodingException("no integer in oid");
-
-  if (value.size() >= 2) {
-    if (0 <= value[1] && 39 >= value[1])
-      firstNumber += value[1];
-    else
-      throw DerEncodingException("second integer of oid is out of range");
-  }
-  
-  encode128(firstNumber, os);
-
-  if (value.size() > 2) {
-    int i = 2;
-    for (; i < value.size(); i++)
-      encode128(value[i], os);
-  }
-
-  string output = os.str();
-  DerNode::encodeHeader(output.size());
-
-  payload_.insert(payload_.end(), output.begin(), output.end());
-}
-  
-void
-DerOid::encode128(int value, ostringstream& os)
-{
-  int mask = (1 << 7) - 1;
-
-  if (128 > value) {
-    uint8_t singleByte = (uint8_t) mask & value;
-    os.write((char *)&singleByte, 1);
-  }
-  else {
-    uint8_t buf[(sizeof(value)*8 + 6)/7 + 1];
-    uint8_t *p = &(buf[sizeof(buf)-1]);
-    int n = 1;
-
-    p[0] = (uint8_t)(value & mask);
-    value >>= 7;
-
-    while (value != 0) {
-      (--p)[0] = (uint8_t)((value & mask) | (1 << 7));
-      n++;
-      value >>= 7;
-    }
-    
-    os.write((char *)p, n);
-  }
-}
-
-int
-DerOid::decode128(int & offset)
-{
-  uint8_t flagMask = 0x80;
-  int result = 0;
-  while (payload_[offset] & flagMask) {
-    result = 128 * result + (uint8_t) payload_[offset] - 128;
-    offset++;
-  }
-
-  result = result * 128 + payload_[offset];
-  offset++;
-
-  return result;
-}
-
-
-/*
- * DerSequence
- */
-DerSequence::DerSequence()
-  :DerComplex(DER_SEQUENCE)
-{}
-
-DerSequence::DerSequence(InputIterator& start)
-  :DerComplex(start)
-{}
-
-DerSequence::~DerSequence() 
-{}
-
-
-/*
- * DerPrintableString
- */
-DerPrintableString::DerPrintableString(const string& str)
-  :DerByteString(str, DER_PRINTABLE_STRING)
-{}
-
-DerPrintableString::DerPrintableString(const vector<uint8_t>& blob)
-  :DerByteString(blob, DER_PRINTABLE_STRING)
-{}
-
-DerPrintableString::DerPrintableString(InputIterator& start)
-  :DerByteString(start)
-{}
-
-DerPrintableString::~DerPrintableString()
-{}
-
-
-/*
- * DerGtime
- */
-DerGtime::DerGtime(const MillisecondsSince1970& time)
-  :DerNode(DER_GENERALIZED_TIME)
-{
-  string pTimeStr = toIsoString(time);
-  int index = pTimeStr.find_first_of('T');
-  string derTime = pTimeStr.substr(0, index) + pTimeStr.substr(index+1, pTimeStr.size() - index -1) + "Z";
-  payload_.insert(payload_.end(), derTime.begin(), derTime.end());
-
-  DerNode::encodeHeader(payload_.size());
-}
-
-DerGtime::DerGtime(InputIterator& start)
-  :DerNode(start)
-{}
-  
-DerGtime::~DerGtime()
-{}
-
-string DerGtime::toIsoString(const MillisecondsSince1970& time)
-{
-  char isoString[25];
-  ndn_Error error;
-  if ((error = ndn_toIsoString(time, isoString)))
-    throw runtime_error(ndn_getErrorString(error));
-  
-  return isoString;
-}
-
-MillisecondsSince1970 DerGtime::fromIsoString(const string& isoString)
-{
-  MillisecondsSince1970 milliseconds;
-  ndn_Error error;
-  if ((error = ndn_fromIsoString(isoString.c_str(), &milliseconds)))
-    throw runtime_error(ndn_getErrorString(error));
-  
-  return milliseconds;
-}
-
-} // der
-
-}
diff --git a/src/encoding/der/der.hpp b/src/encoding/der/der.hpp
deleted file mode 100644
index d8753be..0000000
--- a/src/encoding/der/der.hpp
+++ /dev/null
@@ -1,407 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_DER_HPP
-#define NDN_DER_HPP
-
-#include <vector>
-#include <string>
-#include <istream>
-#include <ostream>
-#include <sstream>
-
-#include <ndn-cpp/common.hpp>
-#include <ndn-cpp/encoding/oid.hpp>
-#include <ndn-cpp/util/blob.hpp>
-
-#include "visitor/visitor.hpp"
-#include "visitor/void-visitor.hpp"
-#include "visitor/no-arguments-visitor.hpp"
-#include "visitor/void-no-arguments-visitor.hpp"
-
-namespace ndn {
-
-namespace der {
-
-enum DerType {
-  DER_EOC = 0,
-  DER_BOOLEAN = 1,
-  DER_INTEGER = 2,
-  DER_BIT_STRING = 3,
-  DER_OCTET_STRING = 4,
-  DER_NULL = 5,
-  DER_OBJECT_IDENTIFIER = 6,
-  DER_OBJECT_DESCRIPTOR = 7,
-  DER_EXTERNAL = 40,
-  DER_REAL = 9,
-  DER_ENUMERATED = 10,
-  DER_EMBEDDED_PDV = 43,
-  DER_UTF8_STRING = 12,
-  DER_RELATIVE_OID = 13,
-  DER_SEQUENCE = 48,
-  DER_SET = 49,
-  DER_NUMERIC_STRING = 18,
-  DER_PRINTABLE_STRING = 19,
-  DER_T61_STRING = 20,
-  DER_VIDEOTEX_STRING = 21,
-  DER_IA5_STRING = 22,
-  DER_UTC_TIME = 23,
-  DER_GENERALIZED_TIME = 24,
-  DER_GRAPHIC_STRING = 25,
-  DER_VISIBLE_STRING = 26,
-  DER_GENERAL_STRING = 27,
-  DER_UNIVERSAL_STRING = 28,
-  DER_CHARACTER_STRING = 29,
-  DER_BMP_STRING = 30,
-};
-
-class InputIterator : public std::istream
-{
-public:
-  uint8_t ReadU8() { return static_cast<uint8_t> (get()); }
-  uint8_t PeekU8() { return static_cast<uint8_t> (peek()); }
-  bool IsEnd() const { return eof(); }
-  void Prev() { seekg(-1, std::ios_base::cur); }
-};
-
-class OutputIterator : public std::ostream
-{
-public:
-  void Write(const uint8_t * s, uint32_t n) { write (reinterpret_cast<const char*>(s),n); }
-  void WriteU8(const uint8_t s) { put (s); }
-  void WriteU8(const uint8_t s, uint32_t n) { for (uint32_t i = 0; i < n; i++) { put(s); } }
-};
-
-class DerComplex;
-
-class DerNode
-{
-public:
-  DerNode();
-
-  DerNode(DerType type);
-
-  DerNode(InputIterator& start);
-
-  virtual
-  ~DerNode();
-
-  virtual int
-  getSize() { return header_.size() + payload_.size(); }
-
-  virtual void 
-  encode(OutputIterator& start);
-  
-  void
-  setParent(DerComplex * parent) { parent_ = parent; }
-
-  static ptr_lib::shared_ptr<DerNode>
-  parse(InputIterator& start);
-
-  const std::vector<uint8_t>& 
-  getHeader() const { return header_; }
-
-  std::vector<uint8_t>& 
-  getHeader() { return header_; }
-
-  const std::vector<uint8_t>& 
-  getPayload() const { return payload_; }
-  
-  std::vector<uint8_t>& 
-  getPayload() { return payload_; }
-
-  const DerType& 
-  getType() { return type_; }
-
-  virtual Blob
-  getRaw()
-  { 
-    ptr_lib::shared_ptr<std::vector<uint8_t> > blob(new std::vector<uint8_t>());
-    blob->insert(blob->end(), header_.begin(), header_.end());
-    blob->insert(blob->end(), payload_.begin(), payload_.end());
-
-    return blob;
-  }
-
-  virtual void accept(VoidNoArgumentsVisitor& visitor) = 0;
-  virtual void accept(VoidVisitor& visitor, ndnboost::any param) = 0;
-  virtual ndnboost::any accept(NoArgumentsVisitor& visitor) = 0;
-  virtual ndnboost::any accept(Visitor& visitor, ndnboost::any param) = 0;
-  
-protected:
-  void
-  decode(InputIterator& start);
-
-  void
-  encodeHeader(int size);
-
-  int 
-  decodeHeader(InputIterator& start);
-
-protected:
-  DerType type_;
-  std::vector<uint8_t> header_;
-  std::vector<uint8_t> payload_;
-  DerComplex * parent_;
-};
-
-
-typedef std::vector<ptr_lib::shared_ptr<DerNode> > DerNodePtrList;
-
-class DerComplex : public DerNode
-{
-public:
-  DerComplex();
-  
-  DerComplex(DerType type);
-
-  DerComplex(InputIterator& start);
-
-  virtual 
-  ~DerComplex();
-
-  virtual int
-  getSize();
-
-  void 
-  addChild(ptr_lib::shared_ptr<DerNode> nodePtr, bool notifyParent = true);
-
-  virtual void
-  encode(OutputIterator& start);
-
-  const DerNodePtrList& 
-  getChildren() const { return nodeList_; }
-
-  DerNodePtrList& 
-  getChildren() { return nodeList_; }
-
-  virtual Blob
-  getRaw();
-
-private:
-  void
-  updateSize();
-
-  void
-  setChildChanged();
-
-private:
-  bool childChanged_;
-  int size_;
-  DerNodePtrList nodeList_;
-};
-
-
-
-class DerByteString : public DerNode
-{
-public:
-  DerByteString(const std::string& str, DerType type);
-
-  DerByteString(const std::vector<uint8_t>& blob, DerType type);
-
-  DerByteString(InputIterator& start);
-
-  virtual
-  ~DerByteString();
-};
-
-
-//0x01  
-class DerBool : public DerNode
-{
-public:
-  DerBool(bool value);
-
-  DerBool(InputIterator& start);
-
-  virtual
-  ~DerBool();
-
-  virtual void accept(VoidNoArgumentsVisitor& visitor)                {        visitor.visit(*this);        }
-  virtual void accept(VoidVisitor& visitor, ndnboost::any param)      {        visitor.visit(*this, param); }
-  virtual ndnboost::any accept(NoArgumentsVisitor& visitor)           { return visitor.visit(*this);        }
-  virtual ndnboost::any accept(Visitor& visitor, ndnboost::any param) { return visitor.visit(*this, param); }
-};
-
-//0x02  
-class DerInteger : public DerNode
-{
-public:
-  DerInteger(const std::vector<uint8_t>& blob);
-
-  DerInteger(InputIterator& start);
-
-  virtual 
-  ~DerInteger();
-
-  virtual void accept(VoidNoArgumentsVisitor& visitor)                {        visitor.visit(*this);        }
-  virtual void accept(VoidVisitor& visitor, ndnboost::any param)      {        visitor.visit(*this, param); }
-  virtual ndnboost::any accept(NoArgumentsVisitor& visitor)           { return visitor.visit(*this);        }
-  virtual ndnboost::any accept(Visitor& visitor, ndnboost::any param) { return visitor.visit(*this, param); }
-};
-
-//0x03
-class DerBitString : public DerNode
-{
-public:
-  DerBitString(const std::vector<uint8_t>& blob, uint8_t paddingLen);
-
-  DerBitString(InputIterator& start);
-  
-  virtual
-  ~DerBitString();
-
-  virtual void accept(VoidNoArgumentsVisitor& visitor)                {        visitor.visit(*this);        }
-  virtual void accept(VoidVisitor& visitor, ndnboost::any param)      {        visitor.visit(*this, param); }
-  virtual ndnboost::any accept(NoArgumentsVisitor& visitor)           { return visitor.visit(*this);        }
-  virtual ndnboost::any accept(Visitor& visitor, ndnboost::any param) { return visitor.visit(*this, param); }
-};
-
-//0x04
-class DerOctetString : public DerByteString
-{
-public:
-  DerOctetString(const std::string& str);
-  
-  DerOctetString(const std::vector<uint8_t>& blob);
-
-  DerOctetString(InputIterator& start);
-
-  virtual
-  ~DerOctetString();
-
-  virtual void accept(VoidNoArgumentsVisitor& visitor)                {        visitor.visit(*this);        }
-  virtual void accept(VoidVisitor& visitor, ndnboost::any param)      {        visitor.visit(*this, param); }
-  virtual ndnboost::any accept(NoArgumentsVisitor& visitor)           { return visitor.visit(*this);        }
-  virtual ndnboost::any accept(Visitor& visitor, ndnboost::any param) { return visitor.visit(*this, param); }
-};
-
-
-//0x05
-class DerNull : public DerNode
-{
-public:
-  DerNull();
-
-  DerNull(InputIterator& start);
-  
-  virtual
-  ~DerNull();
-
-  virtual void accept(VoidNoArgumentsVisitor& visitor)                {        visitor.visit(*this);        }
-  virtual void accept(VoidVisitor& visitor, ndnboost::any param)      {        visitor.visit(*this, param); }
-  virtual ndnboost::any accept(NoArgumentsVisitor& visitor)           { return visitor.visit(*this);        }
-  virtual ndnboost::any accept(Visitor& visitor, ndnboost::any param) { return visitor.visit(*this, param); }
-};
-
-
-//0x06
-class DerOid : public DerNode
-{
-public:
-  DerOid(const OID& oid);
-  
-  DerOid(const std::string& oidStr);
-
-  DerOid(const std::vector<int>& value);
-
-  DerOid(InputIterator& start);
-  
-  virtual
-  ~DerOid();
-  
-  virtual void accept(VoidNoArgumentsVisitor& visitor)                {        visitor.visit(*this);        }
-  virtual void accept(VoidVisitor& visitor, ndnboost::any param)      {        visitor.visit(*this, param); }
-  virtual ndnboost::any accept(NoArgumentsVisitor& visitor)           { return visitor.visit(*this);        }
-  virtual ndnboost::any accept(Visitor& visitor, ndnboost::any param) { return visitor.visit(*this, param); }
-
-  int 
-  decode128(int& offset);
-
-private:
-  void 
-  prepareEncoding(const std::vector<int>& value);
-
-  void 
-  encode128(int value, std::ostringstream& os);    
-};
-
-
-//0x10
-class DerSequence : public DerComplex
-{
-public:
-  DerSequence();
-
-  DerSequence(InputIterator& start);
-  
-  virtual
-  ~DerSequence();
-
-  virtual void accept(VoidNoArgumentsVisitor& visitor)                {        visitor.visit(*this);        }
-  virtual void accept(VoidVisitor& visitor, ndnboost::any param)      {        visitor.visit(*this, param); }
-  virtual ndnboost::any accept(NoArgumentsVisitor& visitor)           { return visitor.visit(*this);        }
-  virtual ndnboost::any accept(Visitor& visitor, ndnboost::any param) { return visitor.visit(*this, param); }
-};
-
-//0x13
-class DerPrintableString : public DerByteString
-{
-public:
-  DerPrintableString(const std::string& str);
-
-  DerPrintableString(const std::vector<uint8_t>& blob);
-
-  DerPrintableString(InputIterator& start);
-
-  virtual 
-  ~DerPrintableString();
-
-  virtual void accept(VoidNoArgumentsVisitor& visitor)                {        visitor.visit(*this);        }
-  virtual void accept(VoidVisitor& visitor, ndnboost::any param)      {        visitor.visit(*this, param); }
-  virtual ndnboost::any accept(NoArgumentsVisitor& visitor)           { return visitor.visit(*this);        }
-  virtual ndnboost::any accept(Visitor& visitor, ndnboost::any param) { return visitor.visit(*this, param); }
-};
-
-//0x1b
-class DerGtime : public DerNode
-{
-public:
-  DerGtime(const MillisecondsSince1970& time);
-
-  DerGtime(InputIterator& start);
-  
-  virtual 
-  ~DerGtime();
-
-  virtual void accept(VoidNoArgumentsVisitor& visitor)                {        visitor.visit(*this);        }
-  virtual void accept(VoidVisitor& visitor, ndnboost::any param)      {        visitor.visit(*this, param); }
-  virtual ndnboost::any accept(NoArgumentsVisitor& visitor)           { return visitor.visit(*this);        }
-  virtual ndnboost::any accept(Visitor& visitor, ndnboost::any param) { return visitor.visit(*this, param); }
-
-  /**
-   * Convert to the ISO string representation of the time.
-   * @param time Milliseconds since 1/1/1970.
-   * @return The ISO string.
-   */
-  static std::string toIsoString(const MillisecondsSince1970& time);
-  
-  /**
-   * Convert from the ISO string representation to the internal time format.
-   * @param isoString The ISO time formatted string. 
-   * @return The time in milliseconds since 1/1/1970.
-   */
-  static MillisecondsSince1970 fromIsoString(const std::string& isoString);
-};
- 
-} // der
-
-}
-
-#endif
diff --git a/src/encoding/der/visitor/certificate-data-visitor.cpp b/src/encoding/der/visitor/certificate-data-visitor.cpp
deleted file mode 100644
index 7edf794..0000000
--- a/src/encoding/der/visitor/certificate-data-visitor.cpp
+++ /dev/null
@@ -1,157 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#include "simple-visitor.hpp"
-#include "public-key-visitor.hpp"
-#include "../der.hpp"
-
-#include <ndn-cpp/security/certificate/certificate.hpp>
-#include <ndn-cpp/security/certificate/certificate-subject-description.hpp>
-#include <ndn-cpp/security/certificate/certificate-extension.hpp>
-
-#include "../../../util/logging.hpp"
-#include "certificate-data-visitor.hpp"
-
-using namespace std;
-
-INIT_LOGGER("ndn.der.CertificateDataVisitor");
-
-namespace ndn {
-
-namespace der {
-  
-/*
- * CertificateDataVisitor
- */
-void 
-CertificateDataVisitor::visit(DerSequence& derSeq, ndnboost::any param)
-{
-  // _LOG_DEBUG("CertificateDataVisitor::visit");
-
-  DerNodePtrList& children = derSeq.getChildren();
-  CertificateValidityVisitor validityVisitor;
-  children[0]->accept(validityVisitor, param);
-  CertificateSubjectVisitor subjectVisitor;
-  children[1]->accept(subjectVisitor, param);
-  PublicKeyVisitor pubkeyVisitor;
-  Certificate* certData = ndnboost::any_cast<Certificate*>(param);
-  certData->setPublicKeyInfo(*ndnboost::any_cast<ptr_lib::shared_ptr<PublicKey> >(children[2]->accept(pubkeyVisitor)));
-      
-  if(children.size() > 3)
-    {
-      CertificateExtensionVisitor extnVisitor;
-      children[3]->accept(extnVisitor, param);
-    }
-}
-
-/*
- * CertValidityVisitor
- */
-void 
-CertificateValidityVisitor::visit(DerSequence& derSeq, ndnboost::any param)
-{
-  // _LOG_DEBUG("CertValidityVisitor::visit");
-  
-  Certificate* certData = ndnboost::any_cast<Certificate*>(param); 
-
-  DerNodePtrList& children = derSeq.getChildren();
-  
-  SimpleVisitor simpleVisitor;
-
-  MillisecondsSince1970 notBefore = ndnboost::any_cast<MillisecondsSince1970>(children[0]->accept(simpleVisitor));
-  MillisecondsSince1970 notAfter = ndnboost::any_cast<MillisecondsSince1970>(children[1]->accept(simpleVisitor));
-
-  // _LOG_DEBUG("parsed notBefore: " << notBefore);
-  // _LOG_DEBUG("parsed notAfter: " << notAfter);
-
-  certData->setNotBefore(notBefore);
-  certData->setNotAfter(notAfter);
-}
-
-/*
- * CertSubDescryptVisitor
- */
-void
-CertificateSubjectDescriptionVisitor::visit(DerSequence& derSeq, ndnboost::any param)
-{
-  Certificate* certData = ndnboost::any_cast<Certificate*>(param); 
-  
-  DerNodePtrList& children = derSeq.getChildren();
-  
-  SimpleVisitor simpleVisitor;
-
-  OID oid = ndnboost::any_cast<OID>(children[0]->accept(simpleVisitor));
-  string value = ndnboost::any_cast<string>(children[1]->accept(simpleVisitor));
-
-  CertificateSubjectDescription subDescrypt(oid, value);
-
-  certData->addSubjectDescription(subDescrypt);
-}
-
-/*
- * CertSubjectVisitor
- */
-void 
-CertificateSubjectVisitor::visit(DerSequence& derSeq, ndnboost::any param)
-{
-  // _LOG_DEBUG("CertSubjectVisitor::visit");
-
-  DerNodePtrList& children = derSeq.getChildren();
-  
-  CertificateSubjectDescriptionVisitor descryptVisitor;
-
-  DerNodePtrList::iterator it = children.begin();
-
-  while(it != children.end()) {
-    (*it)->accept(descryptVisitor, param);
-    it++;
-  }
-}
-
-/*
- * CertExtnEntryVisitor
- */
-void 
-CertificateExtensionEntryVisitor::visit(DerSequence& derSeq, ndnboost::any param)
-{
-  Certificate* certData = ndnboost::any_cast<Certificate*>(param); 
-  
-  DerNodePtrList& children = derSeq.getChildren();
-  
-  SimpleVisitor simpleVisitor;
-
-  OID oid = ndnboost::any_cast<OID>(children[0]->accept(simpleVisitor));
-  bool critical = ndnboost::any_cast<bool>(children[1]->accept(simpleVisitor));
-  const vector<uint8_t>& value = ndnboost::any_cast<const vector<uint8_t>&>(children[2]->accept(simpleVisitor));
-
-  CertificateExtension extension(oid, critical, value);
-
-  certData->addExtension(extension);
-}
-
-/*
- * CertExtensionVisitor
- */
-void 
-CertificateExtensionVisitor::visit(DerSequence& derSeq, ndnboost::any param)
-{
-  DerNodePtrList& children = derSeq.getChildren();
-  
-  CertificateExtensionEntryVisitor extnEntryVisitor;
-
-  DerNodePtrList::iterator it = children.begin();
-
-  while(it != children.end()) {
-    (*it)->accept(extnEntryVisitor, param);
-    it++;
-  }
-}
-
-} // der
-
-}
diff --git a/src/encoding/der/visitor/certificate-data-visitor.hpp b/src/encoding/der/visitor/certificate-data-visitor.hpp
deleted file mode 100644
index ec73bd7..0000000
--- a/src/encoding/der/visitor/certificate-data-visitor.hpp
+++ /dev/null
@@ -1,51 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_CERTIFICATE_DATA_VISITOR_HPP
-#define NDN_CERTIFICATE_DATA_VISITOR_HPP
-
-#include "void-visitor.hpp"
-
-namespace ndn {
-
-namespace der {
-  
-class CertificateDataVisitor : public VoidVisitor {
-  virtual void visit(DerSequence&,         ndnboost::any);
-};
-
-class CertificateValidityVisitor : public VoidVisitor {
-public:
-  virtual void visit(DerSequence&,         ndnboost::any);
-};
-
-class CertificateSubjectDescriptionVisitor : public VoidVisitor {
-public:
-  virtual void visit(DerSequence&,         ndnboost::any);
-};
-
-class CertificateSubjectVisitor : public VoidVisitor {
-public:
-  virtual void visit(DerSequence&,         ndnboost::any);
-};
-
-class CertificateExtensionEntryVisitor : public VoidVisitor {
-public:
-  virtual void visit(DerSequence&,         ndnboost::any);
-};
-
-class CertificateExtensionVisitor : public VoidVisitor {
-public:
-  virtual void visit(DerSequence&,         ndnboost::any);
-};
-
-} // der
-
-}
-
-#endif
diff --git a/src/encoding/der/visitor/no-arguments-visitor.cpp b/src/encoding/der/visitor/no-arguments-visitor.cpp
deleted file mode 100644
index 06f2157..0000000
--- a/src/encoding/der/visitor/no-arguments-visitor.cpp
+++ /dev/null
@@ -1,53 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#include "no-arguments-visitor.hpp"
-
-namespace ndn {
-
-namespace der
-{
-ndnboost::any
-NoArgumentsVisitor::visit(DerBool& derBool)
-{ return  ndnboost::any(0); }
-
-ndnboost::any 
-NoArgumentsVisitor::visit(DerInteger& derInteger)
-{ return  ndnboost::any(0); }
-
-ndnboost::any 
-NoArgumentsVisitor::visit(DerPrintableString& derPStr)
-{ return  ndnboost::any(0); }
-
-ndnboost::any 
-NoArgumentsVisitor::visit(DerBitString& derBStr)
-{ return  ndnboost::any(0); }
-
-ndnboost::any 
-NoArgumentsVisitor::visit(DerNull& derNull)
-{ return  ndnboost::any(0); }
-
-ndnboost::any 
-NoArgumentsVisitor::visit(DerOctetString& derOStr)
-{ return  ndnboost::any(0); }
-
-ndnboost::any 
-NoArgumentsVisitor::visit(DerOid& derOid)
-{ return  ndnboost::any(0); }
-
-ndnboost::any 
-NoArgumentsVisitor::visit(DerSequence& derSeq)
-{ return  ndnboost::any(0); }
-
-ndnboost::any 
-NoArgumentsVisitor::visit(DerGtime& derGtime)
-{ return  ndnboost::any(0); }
-
-} // der
-
-}
diff --git a/src/encoding/der/visitor/no-arguments-visitor.hpp b/src/encoding/der/visitor/no-arguments-visitor.hpp
deleted file mode 100644
index 09c24c1..0000000
--- a/src/encoding/der/visitor/no-arguments-visitor.hpp
+++ /dev/null
@@ -1,36 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_DER_NO_ARGUMENTS_VISITOR_HPP
-#define NDN_DER_NO_ARGUMENTS_VISITOR_HPP
-
-#include "visitor.hpp"
-
-namespace ndn {
-
-namespace der {
-
-class NoArgumentsVisitor
-{
-public:
-  virtual ndnboost::any visit(DerBool&           );
-  virtual ndnboost::any visit(DerInteger&        );
-  virtual ndnboost::any visit(DerPrintableString&);
-  virtual ndnboost::any visit(DerBitString&      );
-  virtual ndnboost::any visit(DerNull&           );
-  virtual ndnboost::any visit(DerOctetString&    );
-  virtual ndnboost::any visit(DerOid&            );
-  virtual ndnboost::any visit(DerSequence&       );
-  virtual ndnboost::any visit(DerGtime&          );
-};
-
-} // der
-
-}
-
-#endif
diff --git a/src/encoding/der/visitor/print-visitor.cpp b/src/encoding/der/visitor/print-visitor.cpp
deleted file mode 100644
index 80a4f5d..0000000
--- a/src/encoding/der/visitor/print-visitor.cpp
+++ /dev/null
@@ -1,131 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#include "print-visitor.hpp"
-#include "../der.hpp"
-#include <iostream>
-#include <iomanip>
-
-using namespace std;
-
-namespace ndn {
-
-namespace der {
-
-void 
-PrintVisitor::visit(DerBool& derBool, ndnboost::any param)
-{
-  const string& indent = ndnboost::any_cast<const string&>(param);
-      
-  printData(derBool.getHeader(), indent);
-  printData(derBool.getPayload(), indent + "   ");
-}
-
-void
-PrintVisitor::visit(DerInteger& derInteger, ndnboost::any param)
-{
-  const string& indent = ndnboost::any_cast<const string&>(param);
-      
-  printData(derInteger.getHeader(), indent);
-  printData(derInteger.getPayload(), indent + "   ");
-}
-  
-void
-PrintVisitor::visit(DerPrintableString& derPStr, ndnboost::any param)
-{
-  const string& indent = ndnboost::any_cast<const string&>(param);
-      
-  printData(derPStr.getHeader(), indent);
-  printData(derPStr.getPayload(), indent + "   ");
-}
-
-void 
-PrintVisitor::visit(DerBitString& derBStr, ndnboost::any param)
-{
-  const string& indent = ndnboost::any_cast<const string&>(param);
-      
-  printData(derBStr.getHeader(), indent);
-  const vector<uint8_t>& payload = derBStr.getPayload();
-  cout << indent << "   " << " " << hex << setw(2) << setfill('0') << (int)(uint8_t)payload[0] << endl;
-  printData(payload, indent + "   ", 1);
-}
-
-void 
-PrintVisitor::visit(DerNull& derNull, ndnboost::any param)
-{
-  const string& indent = ndnboost::any_cast<const string&>(param);
-      
-  printData(derNull.getHeader(), indent);
-  printData(derNull.getPayload(), indent + "   ");
-
-}
-
-void 
-PrintVisitor::visit(DerOctetString& derOStr, ndnboost::any param)
-{
-  const string& indent = ndnboost::any_cast<const string&>(param);
-      
-  printData(derOStr.getHeader(), indent);
-  printData(derOStr.getPayload(), indent + "   ");
-}
-
-void 
-PrintVisitor::visit(DerOid& derOid, ndnboost::any param)
-{
-  const string& indent = ndnboost::any_cast<const string&>(param);
-  
-  printData(derOid.getHeader(), indent);
-  printData(derOid.getPayload(), indent + "   ");
-
-}
-
-void 
-PrintVisitor::visit(DerGtime& derGtime, ndnboost::any param)
-{
-  const string& indent = ndnboost::any_cast<const string&>(param);
-  
-  printData(derGtime.getHeader(), indent);
-  printData(derGtime.getPayload(), indent + "   ");
-}
-
-void 
-PrintVisitor::visit(DerSequence& derSequence, ndnboost::any param)
-{
-  const string& indent = ndnboost::any_cast<const string&>(param);
-  
-  printData(derSequence.getHeader(), indent);
-
-  DerNodePtrList& children = derSequence.getChildren();
-  DerNodePtrList::iterator it = children.begin();
-  for(; it != children.end(); it++)
-  (*it)->accept(*this, indent + " | ");
-}
-
-
-void 
-PrintVisitor::printData(const vector<uint8_t>& blob, const string& indent, int offset)
-{
-  cout << indent;
-
-  int count = 0;
-  for(int i = offset; i < blob.size(); i++)
-    {
-      cout << " " << hex << setw(2) << setfill('0') << (int)blob[i];
-      count++;
-      if(8 == count)
-        {
-          count = 0;
-          cout << "\n" << indent;
-        }
-    }
-  cout << endl;
-}
-
-} // der
-
-}
diff --git a/src/encoding/der/visitor/print-visitor.hpp b/src/encoding/der/visitor/print-visitor.hpp
deleted file mode 100644
index 45d0bfd..0000000
--- a/src/encoding/der/visitor/print-visitor.hpp
+++ /dev/null
@@ -1,40 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_PRINT_VISITOR_HPP
-#define NDN_PRINT_VISITOR_HPP
-
-#include <vector>
-#include <string>
-#include "void-visitor.hpp"
-
-namespace ndn {
-
-namespace der {
-
-class PrintVisitor : public VoidVisitor {
-public:
-  virtual void visit(DerBool&,             ndnboost::any);
-  virtual void visit(DerInteger&,          ndnboost::any);
-  virtual void visit(DerPrintableString&,  ndnboost::any);
-  virtual void visit(DerBitString&,        ndnboost::any);
-  virtual void visit(DerNull&,             ndnboost::any);
-  virtual void visit(DerOctetString&,      ndnboost::any);
-  virtual void visit(DerOid&,              ndnboost::any);
-  virtual void visit(DerSequence&,         ndnboost::any);
-  virtual void visit(DerGtime&,            ndnboost::any);
-
-private:
-  static void printData(const std::vector<uint8_t>& blob, const std::string& indent, int offset = 0);
-};
-
-} // der
-
-}
-
-#endif
diff --git a/src/encoding/der/visitor/public-key-visitor.cpp b/src/encoding/der/visitor/public-key-visitor.cpp
deleted file mode 100644
index a5f5542..0000000
--- a/src/encoding/der/visitor/public-key-visitor.cpp
+++ /dev/null
@@ -1,34 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#include "simple-visitor.hpp"
-#include <ndn-cpp/security/certificate/public-key.hpp>
-#include "../der.hpp"
-#include "public-key-visitor.hpp"
-
-using namespace std;
-
-namespace ndn {
-
-namespace der {
-  
-ndnboost::any 
-PublicKeyVisitor::visit(DerSequence& derSeq)
-{
-  DerNodePtrList& children = derSeq.getChildren();
-
-  SimpleVisitor simpleVisitor;
-  ptr_lib::shared_ptr<DerSequence> algoSeq = ptr_lib::dynamic_pointer_cast<DerSequence>(children[0]); 
-  OID algorithm = ndnboost::any_cast<OID>(algoSeq->getChildren()[0]->accept(simpleVisitor));  
-  Blob raw = derSeq.getRaw();   
-  return ndnboost::any(ptr_lib::shared_ptr<PublicKey>(new PublicKey(algorithm, raw)));    
-}
-
-} // der
-
-}
diff --git a/src/encoding/der/visitor/public-key-visitor.hpp b/src/encoding/der/visitor/public-key-visitor.hpp
deleted file mode 100644
index 54dfb66..0000000
--- a/src/encoding/der/visitor/public-key-visitor.hpp
+++ /dev/null
@@ -1,27 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_PUBLIC_KEY_VISITOR_HPP
-#define NDN_PUBLIC_KEY_VISITOR_HPP
-
-#include "no-arguments-visitor.hpp"
-
-namespace ndn {
-
-namespace der {
-
-class PublicKeyVisitor : public NoArgumentsVisitor {
-  public:
-    virtual ndnboost::any visit(DerSequence&       );
-};
-
-} // der
-
-}
-
-#endif
diff --git a/src/encoding/der/visitor/simple-visitor.cpp b/src/encoding/der/visitor/simple-visitor.cpp
deleted file mode 100644
index c56f999..0000000
--- a/src/encoding/der/visitor/simple-visitor.cpp
+++ /dev/null
@@ -1,99 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#include "simple-visitor.hpp"
-#include "../der.hpp"
-#include <ndn-cpp/encoding/oid.hpp>
-
-using namespace std;
-
-namespace ndn {
-
-namespace der
-{
-  
-ndnboost::any 
-SimpleVisitor::visit(DerBool& derBool)
-{
-  bool result = true;
-  
-  if(0 == derBool.getPayload()[0])
-    result = false;
-  
-  return ndnboost::any(result);
-}
-
-ndnboost::any 
-SimpleVisitor::visit(DerInteger& derInteger)
-{
-  return ndnboost::any(derInteger.getPayload());
-}
-
-ndnboost::any 
-SimpleVisitor::visit(DerPrintableString& derPStr)
-{
-  return ndnboost::any(string((const char*)&derPStr.getPayload()[0], derPStr.getPayload().size()));
-}
-
-ndnboost::any 
-SimpleVisitor::visit(DerBitString& derBStr)
-{
-  return ndnboost::any(derBStr.getPayload());
-}
-
-ndnboost::any 
-SimpleVisitor::visit(DerNull& derNull)
-{
-  return ndnboost::any();
-}
-
-ndnboost::any 
-SimpleVisitor::visit(DerOctetString& derOStr)
-{
-  vector<uint8_t> result(derOStr.getPayload());
-  return ndnboost::any(result);
-}
-
-ndnboost::any 
-SimpleVisitor::visit(DerOid& derOid)
-{
-  vector<int> intList;
-  int offset = 0;
-
-  vector<uint8_t>& blob = derOid.getPayload();
-    
-  int first = blob[offset];
-  
-  intList.push_back(first / 40);
-  intList.push_back(first % 40);
-
-  offset++;
-  
-  while(offset < blob.size()){
-    intList.push_back(derOid.decode128(offset));
-  }
-  
-  return ndnboost::any(OID(intList));
-}
-
-ndnboost::any 
-SimpleVisitor::visit(DerSequence& derSeq)
-{
-  return ndnboost::any();
-}
-
-ndnboost::any 
-SimpleVisitor::visit(DerGtime& derGtime)
-{
-  string str((const char*)&derGtime.getPayload()[0], derGtime.getPayload().size());
-  return ndnboost::any(DerGtime::fromIsoString(str.substr(0, 8) + "T" + str.substr(8, 6)));
-}
-
-} // der
-
-}
diff --git a/src/encoding/der/visitor/simple-visitor.hpp b/src/encoding/der/visitor/simple-visitor.hpp
deleted file mode 100644
index 3f0584e..0000000
--- a/src/encoding/der/visitor/simple-visitor.hpp
+++ /dev/null
@@ -1,36 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_DER_SIMPLE_VISITOR_HPP
-#define NDN_DER_SIMPLE_VISITOR_HPP
-
-#include "no-arguments-visitor.hpp"
-
-namespace ndn {
-
-namespace der {
-
-class SimpleVisitor : public NoArgumentsVisitor
-{
-public:
-  virtual ndnboost::any visit(DerBool&           );
-  virtual ndnboost::any visit(DerInteger&        );
-  virtual ndnboost::any visit(DerPrintableString&);
-  virtual ndnboost::any visit(DerBitString&      );
-  virtual ndnboost::any visit(DerNull&           );
-  virtual ndnboost::any visit(DerOctetString&    );
-  virtual ndnboost::any visit(DerOid&            );
-  virtual ndnboost::any visit(DerSequence&       );
-  virtual ndnboost::any visit(DerGtime&          );
-};
-
-} // der
-
-}
-
-#endif
diff --git a/src/encoding/der/visitor/visitor.hpp b/src/encoding/der/visitor/visitor.hpp
deleted file mode 100644
index 06c469f..0000000
--- a/src/encoding/der/visitor/visitor.hpp
+++ /dev/null
@@ -1,54 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_DER_VISITOR_HPP
-#define NDN_DER_VISITOR_HPP
-
-#include <ndn-cpp/common.hpp>
-
-#if NDN_CPP_USE_SYSTEM_BOOST
-#include <boost/any.hpp>
-namespace ndnboost = boost;
-#else
-// We can use ndnboost::any because this is an internal header and will not conflict with the application if it uses boost::any.
-#include <ndnboost/any.hpp>
-#endif
-
-namespace ndn {
-
-namespace der {
-  
-class DerBool;
-class DerInteger;
-class DerPrintableString;
-class DerBitString;
-class DerNull;
-class DerOctetString;
-class DerOid;
-class DerSequence;
-class DerGtime;
-
-class Visitor
-{
-public:
-  virtual ndnboost::any visit(DerBool&,             ndnboost::any) = 0;
-  virtual ndnboost::any visit(DerInteger&,          ndnboost::any) = 0;
-  virtual ndnboost::any visit(DerPrintableString&,  ndnboost::any) = 0;
-  virtual ndnboost::any visit(DerBitString&,        ndnboost::any) = 0;
-  virtual ndnboost::any visit(DerNull&,             ndnboost::any) = 0;
-  virtual ndnboost::any visit(DerOctetString&,      ndnboost::any) = 0;
-  virtual ndnboost::any visit(DerOid&,              ndnboost::any) = 0;
-  virtual ndnboost::any visit(DerSequence&,         ndnboost::any) = 0;
-  virtual ndnboost::any visit(DerGtime&,            ndnboost::any) = 0;
-};
-
-} // der
-
-}
-
-#endif
diff --git a/src/encoding/der/visitor/void-no-arguments-visitor.hpp b/src/encoding/der/visitor/void-no-arguments-visitor.hpp
deleted file mode 100644
index 7e60d38..0000000
--- a/src/encoding/der/visitor/void-no-arguments-visitor.hpp
+++ /dev/null
@@ -1,36 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_DER_VOID_NO_ARGUMENTS_VISITOR_HPP
-#define NDN_DER_VOID_NO_ARGUMENTS_VISITOR_HPP
-
-#include "visitor.hpp"
-
-namespace ndn {
-
-namespace der {
-
-class VoidNoArgumentsVisitor
-{
-public:
-  virtual void visit(DerBool&           ) = 0;
-  virtual void visit(DerInteger&        ) = 0;
-  virtual void visit(DerPrintableString&) = 0;
-  virtual void visit(DerBitString&      ) = 0;
-  virtual void visit(DerNull&           ) = 0;
-  virtual void visit(DerOctetString&    ) = 0;
-  virtual void visit(DerOid&            ) = 0;
-  virtual void visit(DerSequence&       ) = 0;
-  virtual void visit(DerGtime&          ) = 0;
-};
-
-} // der
-
-}
-
-#endif
diff --git a/src/encoding/der/visitor/void-visitor.cpp b/src/encoding/der/visitor/void-visitor.cpp
deleted file mode 100644
index dd8217a..0000000
--- a/src/encoding/der/visitor/void-visitor.cpp
+++ /dev/null
@@ -1,53 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#include "void-visitor.hpp"
-
-namespace ndn {
-
-namespace der {
-
-void 
-VoidVisitor::visit(DerBool& derBool, ndnboost::any)
-{}
-
-void
-VoidVisitor::visit(DerInteger& derInteger, ndnboost::any)
-{}
-
-void 
-VoidVisitor::visit(DerPrintableString& derPStr, ndnboost::any)
-{}
-
-void 
-VoidVisitor::visit(DerBitString& derBStr, ndnboost::any)
-{}
-
-void
-VoidVisitor::visit(DerNull& derNull, ndnboost::any)
-{}
-
-void 
-VoidVisitor::visit(DerOctetString& derOStr, ndnboost::any)
-{}
-
-void
-VoidVisitor::visit(DerOid& derOid, ndnboost::any)
-{}
-
-void 
-VoidVisitor::visit(DerSequence& derSequence, ndnboost::any)
-{}
-
-void 
-VoidVisitor::visit(DerGtime& derGtime, ndnboost::any)
-{}
-
-} // der
-
-}
diff --git a/src/encoding/der/visitor/void-visitor.hpp b/src/encoding/der/visitor/void-visitor.hpp
deleted file mode 100644
index e853ee6..0000000
--- a/src/encoding/der/visitor/void-visitor.hpp
+++ /dev/null
@@ -1,36 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
-/**
- * Copyright (C) 2013 Regents of the University of California.
- * @author: Yingdi Yu <yingdi@cs.ucla.edu>
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
- * See COPYING for copyright and distribution information.
- */
-
-#ifndef NDN_DER_VOID_VISITOR_HPP
-#define NDN_DER_VOID_VISITOR_HPP
-
-#include "visitor.hpp"
-
-namespace ndn {
-
-namespace der {
-
-class VoidVisitor
-{
-public:
-  virtual void visit(DerBool&,             ndnboost::any);
-  virtual void visit(DerInteger&,          ndnboost::any);
-  virtual void visit(DerPrintableString&,  ndnboost::any);
-  virtual void visit(DerBitString&,        ndnboost::any);
-  virtual void visit(DerNull&,             ndnboost::any);
-  virtual void visit(DerOctetString&,      ndnboost::any);
-  virtual void visit(DerOid&,              ndnboost::any);
-  virtual void visit(DerSequence&,         ndnboost::any);
-  virtual void visit(DerGtime&,            ndnboost::any);
-};
-
-} // der
-
-}
-
-#endif
diff --git a/src/encoding/oid.cpp b/src/encoding/oid.cpp
index 633d1cf..2db72f7 100644
--- a/src/encoding/oid.cpp
+++ b/src/encoding/oid.cpp
@@ -9,8 +9,10 @@
 #include <sstream>
 
 #include <ndn-cpp/encoding/oid.hpp>
+#include <cryptopp/asn.h>
 
 using namespace std;
+using namespace CryptoPP;
 
 namespace ndn {
 
@@ -48,7 +50,8 @@
   return convert.str();
 }
 
-bool OID::equal(const OID& oid) const
+bool
+OID::equal(const OID& oid) const
 {
   vector<int>::const_iterator i = oid_.begin();
   vector<int>::const_iterator j = oid.oid_.begin();
@@ -64,4 +67,75 @@
     return false;
 }
 
+inline void
+EncodeValue(BufferedTransformation &bt, word32 v)
+{
+  for (unsigned int i=RoundUpToMultipleOf(STDMAX(7U,BitPrecision(v)), 7U)-7; i != 0; i-=7)
+    bt.Put((byte)(0x80 | ((v >> i) & 0x7f)));
+  bt.Put((byte)(v & 0x7f));
+}
+
+inline size_t
+DecodeValue(BufferedTransformation &bt, word32 &v)
+{
+  byte b;
+  size_t i=0;
+  v = 0;
+  while (true)
+    {
+      if (!bt.Get(b))
+        BERDecodeError();
+      i++;
+      if (v >> (8*sizeof(v)-7))	// v about to overflow
+        BERDecodeError();
+      v <<= 7;
+      v += b & 0x7f;
+      if (!(b & 0x80))
+        return i;
+    }
+}
+
+void
+OID::encode(CryptoPP::BufferedTransformation &out) const
+{
+  assert(oid_.size() >= 2);
+  ByteQueue temp;
+  temp.Put(byte(oid_[0] * 40 + oid_[1]));
+  for (size_t i=2; i<oid_.size(); i++)
+    EncodeValue(temp, oid_[i]);
+  out.Put(OBJECT_IDENTIFIER);
+  DERLengthEncode(out, temp.CurrentSize());
+  temp.TransferTo(out);
+}
+
+void
+OID::decode(CryptoPP::BufferedTransformation &in)
+{
+  byte b;
+  if (!in.Get(b) || b != OBJECT_IDENTIFIER)
+    BERDecodeError();
+
+  size_t length;
+  if (!BERLengthDecode(in, length) || length < 1)
+    BERDecodeError();
+
+  if (!in.Get(b))
+    BERDecodeError();
+	
+  length--;
+  oid_.resize(2);
+  oid_[0] = b / 40;
+  oid_[1] = b % 40;
+
+  while (length > 0)
+    {
+      word32 v;
+      size_t valueLen = DecodeValue(in, v);
+      if (valueLen > length)
+        BERDecodeError();
+      oid_.push_back(v);
+      length -= valueLen;
+    }
+}
+
 }
diff --git a/src/security/certificate/certificate-extension.cpp b/src/security/certificate/certificate-extension.cpp
index d9297a9..51c29ed 100644
--- a/src/security/certificate/certificate-extension.cpp
+++ b/src/security/certificate/certificate-extension.cpp
@@ -6,42 +6,51 @@
  * See COPYING for copyright and distribution information.
  */
 
-#include "../../encoding/der/der.hpp"
-#include "../../util/blob-stream.hpp"
 #include <ndn-cpp/security/certificate/certificate-extension.hpp>
+#include <cryptopp/asn.h>
 
 using namespace std;
+using namespace CryptoPP;
 
 namespace ndn {
 
-ptr_lib::shared_ptr<der::DerNode> 
-CertificateExtension::toDer() const
+void
+CertificateExtension::encode(CryptoPP::BufferedTransformation &out) const
 {
-  ptr_lib::shared_ptr<der::DerSequence> root(new der::DerSequence);
-    
-  ptr_lib::shared_ptr<der::DerOid> extensionId(new der::DerOid(extensionId_));
-  ptr_lib::shared_ptr<der::DerBool> isCritical(new der::DerBool(isCritical_));
-  ptr_lib::shared_ptr<der::DerOctetString> extensionValue(new der::DerOctetString(*extensionValue_));
+  // Extension ::= SEQUENCE {
+  //        extnID      OBJECT IDENTIFIER,
+  //        critical    BOOLEAN DEFAULT FALSE,
+  //        extnValue   OCTET STRING  }
 
-  root->addChild(extensionId);
-  root->addChild(isCritical);
-  root->addChild(extensionValue);
-
-  root->getSize();
-
-  return root;
+  DERSequenceEncoder extension(out);
+  {
+    extensionId_.encode(extension);
+    DEREncodeUnsigned(extension, isCritical_, BOOLEAN);
+    DEREncodeOctetString(extension, extensionValue_.buf(), extensionValue_.size());
+  }
+  extension.MessageEnd();
 }
 
-Blob
-CertificateExtension::toDerBlob() const
+void
+CertificateExtension::decode(CryptoPP::BufferedTransformation &in)
 {
-  blob_stream blobStream;
-  der::OutputIterator& start = reinterpret_cast<der::OutputIterator&>(blobStream);
+  // Extension ::= SEQUENCE {
+  //        extnID      OBJECT IDENTIFIER,
+  //        critical    BOOLEAN DEFAULT FALSE,
+  //        extnValue   OCTET STRING  }
 
-  toDer()->encode(start);
+  BERSequenceDecoder extension(in);
+  {
+    extensionId_.decode(extension);
+    BERDecodeUnsigned(extension, isCritical_, BOOLEAN);
 
-  return blobStream.buf();
+    // the extra copy operation can be optimized, but not trivial,
+    // since the length is not known in advance
+    SecByteBlock tmpBlock;
+    BERDecodeOctetString(extension, tmpBlock);
+    extensionValue_.assign(tmpBlock.begin(), tmpBlock.end());
+  }
+  extension.MessageEnd();
 }
-
-
+ 
 }
diff --git a/src/security/certificate/certificate-subject-description.cpp b/src/security/certificate/certificate-subject-description.cpp
index 3571f7f..472b30e 100644
--- a/src/security/certificate/certificate-subject-description.cpp
+++ b/src/security/certificate/certificate-subject-description.cpp
@@ -6,25 +6,58 @@
  * See COPYING for copyright and distribution information.
  */
 
-#include "../../encoding/der/der.hpp"
 #include <ndn-cpp/security/certificate/certificate-subject-description.hpp>
+#include <cryptopp/asn.h>
 
 using namespace std;
+using namespace CryptoPP;
 
 namespace ndn {
 
-ptr_lib::shared_ptr<der::DerNode> 
-CertificateSubjectDescription::toDer() const
+void
+CertificateSubjectDescription::encode(CryptoPP::BufferedTransformation &out) const
 {
-  ptr_lib::shared_ptr<der::DerSequence> root(new der::DerSequence());
+  // RelativeDistinguishedName ::=
+  //     SET OF AttributeTypeAndValue
+  // 
+  // AttributeTypeAndValue ::= SEQUENCE {
+  //     type     AttributeType,
+  //     value    AttributeValue   }
+  // 
+  // AttributeType ::= OBJECT IDENTIFIER
+  // 
+  // AttributeValue ::= ANY DEFINED BY AttributeType
+  DERSequenceEncoder attributeTypeAndValue(out);
+  {
+    oid_.encode(attributeTypeAndValue);
+    DEREncodeTextString(attributeTypeAndValue, value_, PRINTABLE_STRING);
+  }
+  attributeTypeAndValue.MessageEnd();
+}
 
-  ptr_lib::shared_ptr<der::DerOid> oid(new der::DerOid(oid_));
-  ptr_lib::shared_ptr<der::DerPrintableString> value(new der::DerPrintableString(value_));
+void
+CertificateSubjectDescription::decode(CryptoPP::BufferedTransformation &in)
+{
+  // RelativeDistinguishedName ::=
+  //     SET OF AttributeTypeAndValue
+  // 
+  // AttributeTypeAndValue ::= SEQUENCE {
+  //     type     AttributeType,
+  //     value    AttributeValue   }
+  // 
+  // AttributeType ::= OBJECT IDENTIFIER
+  // 
+  // AttributeValue ::= ANY DEFINED BY AttributeType
 
-  root->addChild(oid);
-  root->addChild(value);
+  BERSequenceDecoder attributeTypeAndValue(in);
+  {
+    oid_.decode(attributeTypeAndValue);
 
-  return root;
+    /// @todo May be add more intelligent processing, since the following
+    ///       may fail if somebody encoded attribute that uses non PRINTABLE_STRING as value
+    BERDecodeTextString(attributeTypeAndValue, value_, PRINTABLE_STRING);
+  }
+  attributeTypeAndValue.MessageEnd();
 }
 
 }
diff --git a/src/security/certificate/certificate.cpp b/src/security/certificate/certificate.cpp
index 3275ac5..da88444 100644
--- a/src/security/certificate/certificate.cpp
+++ b/src/security/certificate/certificate.cpp
@@ -8,7 +8,7 @@
 
 #include <ndn-cpp/common.hpp>
 
-#include <float.h>
+#include "certificate.hpp"
 
 #if NDN_CPP_USE_SYSTEM_BOOST
 #include <boost/iostreams/stream.hpp>
@@ -20,14 +20,16 @@
 #include <ndnboost/iostreams/device/array.hpp>
 #endif
 
-#include <ndn-cpp/sha256-with-rsa-signature.hpp>
-#include "../../encoding/der/der.hpp"
-#include "../../encoding/der/visitor/certificate-data-visitor.hpp"
-#include "../../encoding/der/visitor/print-visitor.hpp"
 #include "../../util/logging.hpp"
-#include "../../util/blob-stream.hpp"
-#include "../../c/util/time.h"
-#include <ndn-cpp/security/certificate/certificate.hpp>
+// #include "../../util/blob-stream.hpp"
+// #include <ndn-cpp/security/certificate/certificate.hpp>
+#include "../../util/time.hpp"
+
+#include <cryptopp/asn.h>
+#include <cryptopp/base64.h>
+#include <cryptopp/files.h>
+
+#include "../../encoding/cryptopp/asn_ext.hpp"
 
 INIT_LOGGER("ndn.security.Certificate");
 
@@ -36,8 +38,8 @@
 namespace ndn {
 
 Certificate::Certificate()
-  : notBefore_(DBL_MAX)
-  , notAfter_(-DBL_MAX)
+  : notBefore_(std::numeric_limits<MillisecondsSince1970>::max())
+  , notAfter_(std::numeric_limits<MillisecondsSince1970>::min())
 {}
 
 Certificate::Certificate(const Data& data)
@@ -77,80 +79,202 @@
 void
 Certificate::encode()
 {
-  ptr_lib::shared_ptr<der::DerSequence> root(new der::DerSequence());
+  // Name
+  //    <key_name>/ID-CERT/<id#>
+  // Content
+  // DER encoded idCert:
+  //
+  // 	idCert ::= SEQUENCE {
+  //        validity            Validity,
+  // 	    subject             Name,
+  // 	    subjectPubKeyInfo   SubjectPublicKeyInfo,
+  // 	    extension           Extensions OPTIONAL   }
+  //
+  // 	Validity ::= SEQUENCE {
+  //        notBefore           Time,
+  //        notAfter            Time   }
+  //
+  //    Name ::= CHOICE {
+  //        RDNSequence   }
+  //
+  //    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+  //
+  //    RelativeDistinguishedName ::=
+  //        SET OF AttributeTypeAndValue
+  //
+  // 	SubjectPublicKeyInfo ::= SEQUENCE {
+  //        algorithm           AlgorithmIdentifier
+  //        keybits             BIT STRING   }
+  //
+  //    Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+  //
+  // (see http://www.ietf.org/rfc/rfc3280.txt for more detail)
+  //
+  // KeyLocator
+  //    issuer’s certificate name
+  // Signature
+
+  using namespace CryptoPP;
+
+  OBufferStream os;
+  CryptoPP::FileSink sink(os);
   
-  ptr_lib::shared_ptr<der::DerSequence> validity(new der::DerSequence());
-  ptr_lib::shared_ptr<der::DerGtime> notBefore(new der::DerGtime(notBefore_));
-  ptr_lib::shared_ptr<der::DerGtime> notAfter(new der::DerGtime(notAfter_));
-  validity->addChild(notBefore);
-  validity->addChild(notAfter);
-  root->addChild(validity);
-
-  ptr_lib::shared_ptr<der::DerSequence> subjectList(new der::DerSequence());
-  SubjectDescriptionList::iterator it = subjectDescriptionList_.begin();
-  for(; it != subjectDescriptionList_.end(); it++)
+  // idCert ::= SEQUENCE {
+  //     validity            Validity,
+  //     subject             Name,
+  //     subjectPubKeyInfo   SubjectPublicKeyInfo,
+  //     extension           Extensions OPTIONAL   }
+  DERSequenceEncoder idCert(sink);
+  {
+    // Validity ::= SEQUENCE {
+    //       notBefore           Time,
+    //       notAfter            Time   }
+    DERSequenceEncoder validity(idCert);
     {
-      ptr_lib::shared_ptr<der::DerNode> child = it->toDer();
-      subjectList->addChild(child);
+      DEREncodeGeneralTime(validity, notBefore_);
+      DEREncodeGeneralTime(validity, notAfter_);
     }
-  root->addChild(subjectList);
+    validity.MessageEnd();
 
-  root->addChild(key_.toDer());
-
-  if(!extensionList_.empty())
+    // Name ::= CHOICE {
+    //     RDNSequence   }
+    // 
+    // RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+    DERSequenceEncoder name(idCert);
     {
-      ptr_lib::shared_ptr<der::DerSequence> extnList(new der::DerSequence());
-      ExtensionList::iterator it = extensionList_.begin();
-      for(; it != extensionList_.end(); it++)
-        extnList->addChild(it->toDer());
-      root->addChild(extnList);
+      for(SubjectDescriptionList::iterator it = subjectDescriptionList_.begin();
+          it != subjectDescriptionList_.end(); ++it)
+        {
+          it->encode(name);
+        }
     }
+    name.MessageEnd();
+  
+    // SubjectPublicKeyInfo
+    key_.encode(idCert);
 
-  blob_stream blobStream;
-  der::OutputIterator& start = reinterpret_cast<der::OutputIterator&>(blobStream);
+    // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+    //
+    // Extension ::= SEQUENCE {
+    //        extnID      OBJECT IDENTIFIER,
+    //        critical    BOOLEAN DEFAULT FALSE,
+    //        extnValue   OCTET STRING  }
+    if(!extensionList_.empty())
+      {
+        DERSequenceEncoder extensions(idCert);
+        {
+          
+          for(ExtensionList::iterator it = extensionList_.begin();
+              it != extensionList_.end(); ++it)
+            {
+              it->encode(extensions);
+            }
+        }
+        extensions.MessageEnd();
+      }
+  }
 
-  root->encode(start);
+  idCert.MessageEnd();
 
-  ptr_lib::shared_ptr<vector<uint8_t> > blob = blobStream.buf();
-  setContent(blob);
-  getMetaInfo().setType(ndn_ContentType_KEY);
+  setContent(os.buf());
+  setContentType(MetaInfo::TYPE_KEY);
 }
 
 void 
 Certificate::decode()
 {
-  Blob blob = getContent();
+  using namespace CryptoPP;
 
-  ndnboost::iostreams::stream<ndnboost::iostreams::array_source> is((const char*)blob.buf(), blob.size());
+  OBufferStream os;
+  CryptoPP::StringSource source(getContent().value(), getContent().value_size(), true);
+  
+  // idCert ::= SEQUENCE {
+  //     validity            Validity,
+  //     subject             Name,
+  //     subjectPubKeyInfo   SubjectPublicKeyInfo,
+  //     extension           Extensions OPTIONAL   }
+  BERSequenceDecoder idCert(source);
+  {
+    // Validity ::= SEQUENCE {
+    //       notBefore           Time,
+    //       notAfter            Time   }
+    BERSequenceDecoder validity(idCert);
+    {
+      BERDecodeTime(validity, notBefore_);
+      BERDecodeTime(validity, notAfter_);
+    }
+    validity.MessageEnd();
 
-  ptr_lib::shared_ptr<der::DerNode> node = der::DerNode::parse(reinterpret_cast<der::InputIterator&>(is));
+    // Name ::= CHOICE {
+    //     RDNSequence   }
+    // 
+    // RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+    subjectDescriptionList_.clear();
+    BERSequenceDecoder name(idCert);
+    {
+      while(!name.EndReached())
+        {
+          subjectDescriptionList_.push_back(CertificateSubjectDescription(name));
+        }
+    }
+    name.MessageEnd();
+  
+    // SubjectPublicKeyInfo ::= SEQUENCE {
+    //     algorithm           AlgorithmIdentifier
+    //     keybits             BIT STRING   }
+    key_.decode(idCert);
 
-  // der::PrintVisitor printVisitor;
-  // node->accept(printVisitor, string(""));
+    // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+    //
+    // Extension ::= SEQUENCE {
+    //        extnID      OBJECT IDENTIFIER,
+    //        critical    BOOLEAN DEFAULT FALSE,
+    //        extnValue   OCTET STRING  }
+    extensionList_.clear();
+    if(!idCert.EndReached())
+      {
+        BERSequenceDecoder extensions(idCert);
+        {
+          while(!extensions.EndReached())
+            {
+              extensionList_.push_back(CertificateExtension(extensions));
+            }
+        }
+        extensions.MessageEnd();
+      }
+  }
 
-  der::CertificateDataVisitor certDataVisitor;
-  node->accept(certDataVisitor, this);
+  idCert.MessageEnd();
 }
 
 void 
-Certificate::printCertificate()
+Certificate::printCertificate(std::ostream &os) const
 {
-  cout << "Validity:" << endl;
-  cout << der::DerGtime::toIsoString(notBefore_) << endl;
-  cout << der::DerGtime::toIsoString(notAfter_) << endl;
-
-  cout << "Subject Info:" << endl;  
-  vector<CertificateSubjectDescription>::iterator it = subjectDescriptionList_.begin();
-  for(; it < subjectDescriptionList_.end(); it++){
-    cout << it->getOidString() << "\t" << it->getValue() << endl;
+  os << "Certificate name: " << endl;
+  os << "  " << getName() << endl;
+  os << "Validity:" << endl;
+  {
+    os << "  NotBefore: " << toIsoString(notBefore_) << endl;
+    os << "  NotAfter: "  << toIsoString(notAfter_)  << endl;
   }
 
-  ndnboost::iostreams::stream<ndnboost::iostreams::array_source> is((const char*)key_.getKeyDer().buf(), key_.getKeyDer().size());
+  os << "Subject Description:" << endl;  
+  for(SubjectDescriptionList::const_iterator it = subjectDescriptionList_.begin();
+      it != subjectDescriptionList_.end(); ++it)
+    {
+      os << "  " << it->getOidString() << ": " << it->getValue() << endl;
+    }
 
-  ptr_lib::shared_ptr<der::DerNode> keyRoot = der::DerNode::parse(reinterpret_cast<der::InputIterator&> (is));
+  os << "Public key bits: " << endl;
+  CryptoPP::Base64Encoder encoder(new CryptoPP::FileSink(os), true, 64);
+  key_.encode(encoder);
+  
+  // ndnboost::iostreams::stream<ndnboost::iostreams::array_source> is((const char*)key_.getKeyDer().buf(), key_.getKeyDer().size());
 
-  der::PrintVisitor printVisitor;
-  keyRoot->accept(printVisitor, string(""));
+  // ptr_lib::shared_ptr<der::DerNode> keyRoot = der::DerNode::parse(reinterpret_cast<der::InputIterator&> (is));
+
+  // der::PrintVisitor printVisitor;
+  // keyRoot->accept(printVisitor, string(""));
 }
 
 }
diff --git a/src/security/certificate/public-key.cpp b/src/security/certificate/public-key.cpp
index fc41a94..131e3c1 100644
--- a/src/security/certificate/public-key.cpp
+++ b/src/security/certificate/public-key.cpp
@@ -8,6 +8,8 @@
 
 #include <ndn-cpp/common.hpp>
 
+#include "public-key.hpp"
+
 #if NDN_CPP_USE_SYSTEM_BOOST
 #include <boost/iostreams/stream.hpp>
 #include <boost/iostreams/device/array.hpp>
@@ -18,49 +20,109 @@
 #include <ndnboost/iostreams/device/array.hpp>
 #endif
 
-#include <ndn-cpp/security/security-exception.hpp>
-#include "../../c/util/crypto.h"
-#include "../../encoding/der/der.hpp"
-#include <ndn-cpp/security/certificate/public-key.hpp>
+#include <cryptopp/rsa.h>
+#include <cryptopp/base64.h>
+#include <cryptopp/files.h>
 
 using namespace std;
+using namespace CryptoPP;
 
 namespace ndn {
 
-ptr_lib::shared_ptr<der::DerNode>
-PublicKey::toDer()
-{
-  ndnboost::iostreams::stream<ndnboost::iostreams::array_source> is((const char*)keyDer_.buf (), keyDer_.size ());
+static OID RSA_OID("1.2.840.113549.1.1.1");
 
-  return der::DerNode::parse(reinterpret_cast<der::InputIterator&> (is));
+PublicKey::PublicKey()
+{
 }
 
-static int RSA_OID[] = { 1, 2, 840, 113549, 1, 1, 1 };
-
-ptr_lib::shared_ptr<PublicKey>
-PublicKey::fromDer(const Blob& keyDer)
+/**
+ * Create a new PublicKey with the given values.
+ * @param algorithm The algorithm of the public key.
+ * @param keyDer The blob of the PublicKeyInfo in terms of DER.
+ */
+PublicKey::PublicKey(const uint8_t *keyDerBuf, size_t keyDerSize)
 {
-  // Use a temporary pointer since d2i updates it.
-  const uint8_t *derPointer = keyDer.buf();
-  RSA *publicKey = d2i_RSA_PUBKEY(NULL, &derPointer, keyDer.size());
-  if (!publicKey)
-    throw UnrecognizedKeyFormatException("Error decoding public key DER");  
-  RSA_free(publicKey);
-  
-  return ptr_lib::shared_ptr<PublicKey>(new PublicKey(OID(vector<int>(RSA_OID, RSA_OID + sizeof(RSA_OID))), keyDer));
+  StringSource src(keyDerBuf, keyDerSize, true);
+  decode(src);
 }
 
-Blob
-PublicKey::getDigest(DigestAlgorithm digestAlgorithm) const
+void
+PublicKey::encode(CryptoPP::BufferedTransformation &out) const
 {
-  if (digestAlgorithm == DIGEST_ALGORITHM_SHA256) {
-    uint8_t digest[SHA256_DIGEST_LENGTH];
-    ndn_digestSha256(keyDer_.buf(), keyDer_.size(), digest);
-    
-    return Blob(digest, sizeof(digest));
+  // SubjectPublicKeyInfo ::= SEQUENCE {
+  //     algorithm           AlgorithmIdentifier
+  //     keybits             BIT STRING   }
+
+  out.Put(key_.buf(), key_.size());
+}
+
+void
+PublicKey::decode(CryptoPP::BufferedTransformation &in)
+{
+  // SubjectPublicKeyInfo ::= SEQUENCE {
+  //     algorithm           AlgorithmIdentifier
+  //     keybits             BIT STRING   }
+
+  try {
+    std::string out;
+    StringSink sink(out);
+
+    ////////////////////////
+    // part 1: copy as is //
+    ////////////////////////
+    BERSequenceDecoder decoder(in);
+    {
+      assert (decoder.IsDefiniteLength());
+
+      DERSequenceEncoder encoder(sink);
+      decoder.TransferTo(encoder, decoder.RemainingLength());
+      encoder.MessageEnd();
+    }
+    decoder.MessageEnd();
+
+    ////////////////////////
+    // part 2: check if the key is RSA (since it is the only supported for now)
+    ////////////////////////
+    StringSource checkedSource(out, true);
+    BERSequenceDecoder subjectPublicKeyInfo(checkedSource);
+    {
+      BERSequenceDecoder algorithmInfo(subjectPublicKeyInfo);
+      {
+        OID algorithm;
+        algorithm.decode(algorithmInfo);
+
+        if (algorithm != RSA_OID)
+          throw Error("Only RSA public keys are supported for now (" + algorithm.toString() + " requested");
+      }
+    }
+
+    key_.assign(out.begin(), out.end());
   }
-  else
-    throw UnrecognizedDigestAlgorithmException("Wrong format!");
+  catch (CryptoPP::BERDecodeErr &err) {
+    throw Error("PublicKey decoding error");
+  }
+}
+
+// Blob
+// PublicKey::getDigest(DigestAlgorithm digestAlgorithm) const
+// {
+//   if (digestAlgorithm == DIGEST_ALGORITHM_SHA256) {
+//     uint8_t digest[SHA256_DIGEST_LENGTH];
+//     ndn_digestSha256(keyDer_.buf(), keyDer_.size(), digest);
+    
+//     return Blob(digest, sizeof(digest));
+//   }
+//   else
+//     throw UnrecognizedDigestAlgorithmException("Wrong format!");
+// }
+
+std::ostream &
+operator <<(std::ostream &os, const PublicKey &key)
+{
+  CryptoPP::StringSource(key.get().buf(), key.get().size(), true,
+                         new CryptoPP::Base64Encoder(new CryptoPP::FileSink(os), true, 64));
+
+  return os;
 }
 
 }