src/security/v2/certificate.hpp - ndn-cxx - Gitiles

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
  * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
  * terms of the GNU Lesser General Public License as published by the Free Software
  * Foundation, either version 3 of the License, or (at your option) any later version.
  *
  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
  * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
  *
  * You should have received copies of the GNU General Public License and GNU Lesser
  * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
  * <http://www.gnu.org/licenses/>.
  *
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  *
  * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
  * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
  */

 #ifndef NDN_SECURITY_V2_CERTIFICATE_HPP
 #define NDN_SECURITY_V2_CERTIFICATE_HPP

 #include "../../data.hpp"

 namespace ndn {
 namespace security {
 namespace v2 {

 /**
  * @brief The certificate following the certificate format naming convention
  *
  * Overview of NDN certificate format:
  *
  *     CertificateV2 ::= DATA-TLV TLV-LENGTH
  *                         Name      (= /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version])
  *                         MetaInfo  (.ContentType = KEY)
  *                         Content   (= X509PublicKeyContent)
  *                         SignatureInfo (= CertificateV2SignatureInfo)
  *                         SignatureValue
  *
  *     X509PublicKeyContent ::= CONTENT-TLV TLV-LENGTH
  *                                BYTE+ (= public key bits in PKCS#8 format)
  *
  *     CertificateV2SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
  *                                      SignatureType
  *                                      KeyLocator
  *                                      ValidityPeriod
  *                                      ... optional critical or non-critical extension blocks ...
  *
  * An example of NDN certificate name:
  *
  *     /edu/ucla/cs/yingdi/KEY/%03%CD...%F1/%9F%D3...%B7/%FD%d2...%8E
  *     \_________________/    \___________/ \___________/\___________/
  *    Certificate Namespace      Key Id       Issuer Id     Version
  *         (Identity)
  *     \__________________________________/
  *                   Key Name
  *
  * Notes:
  *
  * - `Key Id` is opaque name component to identify an instance of the public key for the
  *   certificate namespace.  The value of `Key ID` is controlled by the namespace owner.  The
  *   library includes helpers for generation of key IDs using 8-byte random number, SHA-256
  *   digest of the public key, timestamp, and the specified numerical identifiers.
  *
  * - `Issuer Id` is opaque name component to identify issuer of the certificate.  The value is
  *   controlled by the issuer.  The library includes helpers to set issuer ID to a 8-byte
  *   random number, SHA-256 digest of the issuer's public key, and the specified numerical
  *   identifiers.
  *
  * - `Key Name` is a logical name of the key used for management pursposes. Key Name includes
  *   the certificate namespace, keyword `KEY`, and `KeyId` components.
  *
  * @see doc/specs/certificate-format.rst
  */
 class Certificate : public Data
 {
 public:
   Certificate();

   /**
    * @brief Construct certificate from a data object
    * @throw tlv::Error if data does not follow certificate format
    */
   explicit
   Certificate(Data&& data);

   /**
    * @brief Construct certificate from a data object
    * @throw tlv::Error if data does not follow certificate format
    */
   explicit
   Certificate(const Data& data);

   /**
    * @brief Construct certificate from a wire encoding
    * @throw tlv::Error if wire encoding is invalid or does not follow certificate format
    */
   explicit
   Certificate(const Block& block);

   /**
    * @brief Get key name
    */
   Name
   getKeyName() const;

   /**
    * @brief Get identity name
    */
   Name
   getIdentity() const;

   /**
    * @brief Get key ID
    */
   name::Component
   getKeyId() const;

   /**
    * @brief Get issuer ID
    */
   name::Component
   getIssuerId() const;

   /**
    * @brief Get public key bits (in PKCS#8 format)
    * @throw Error If content is empty
    */
   Buffer
   getPublicKey() const;

   /**
    * @brief Get validity period of the certificate
    */
   ValidityPeriod
   getValidityPeriod() const;

   /**
    * @brief Check if the certificate is valid at @p ts.
    */
   bool
   isValid(const time::system_clock::TimePoint& ts = time::system_clock::now()) const;

   /**
    * @brief Get extension with TLV @p type
    * @throw ndn::SignatureInfo::Error if the specified block type does not exist
    */
   const Block&
   getExtension(uint32_t type) const;

   // @TODO Implement extension enumeration (Issue #3907)
 public:
   /**
    * @brief Check if the specified name follows the naming convention for the certificate
    */
   static bool
   isValidName(const Name& certName);

 public:
   static const ssize_t VERSION_OFFSET;
   static const ssize_t ISSUER_ID_OFFSET;
   static const ssize_t KEY_COMPONENT_OFFSET;
   static const ssize_t KEY_ID_OFFSET;
   static const size_t MIN_CERT_NAME_LENGTH;
   static const size_t MIN_KEY_NAME_LENGTH;
   static const name::Component KEY_COMPONENT;
 };

 std::ostream&
 operator<<(std::ostream& os, const Certificate& cert);

 /**
  * @brief Extract identity namespace from the certificate name @p certName
  */
 Name
 extractIdentityFromCertName(const Name& certName);

 /**
  * @brief Extract key name from the certificate name @p certName
  */
 Name
 extractKeyNameFromCertName(const Name& certName);

 } // namespace v2
 } // namespace security
 } // namespace ndn

 #endif // NDN_SECURITY_V2_CERTIFICATE_HPP
	/* -- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -- */
	/**
	* Copyright (c) 2013-2017 Regents of the University of California.
	*
	* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
	*
	* ndn-cxx library is free software: you can redistribute it and/or modify it under the
	* terms of the GNU Lesser General Public License as published by the Free Software
	* Foundation, either version 3 of the License, or (at your option) any later version.
	*
	* ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
	* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
	* PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
	*
	* You should have received copies of the GNU General Public License and GNU Lesser
	* General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
	* <http://www.gnu.org/licenses/>.
	*
	* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
	*
	* @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
	* @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
	*/

	#ifndef NDN_SECURITY_V2_CERTIFICATE_HPP
	#define NDN_SECURITY_V2_CERTIFICATE_HPP

	#include "../../data.hpp"

	namespace ndn {
	namespace security {
	namespace v2 {

	/**
	* @brief The certificate following the certificate format naming convention
	*
	* Overview of NDN certificate format:
	*
	* CertificateV2 ::= DATA-TLV TLV-LENGTH
	* Name (= /<NameSpace>/KEY/[KeyId]/[IssuerId]/[Version])
	* MetaInfo (.ContentType = KEY)
	* Content (= X509PublicKeyContent)
	* SignatureInfo (= CertificateV2SignatureInfo)
	* SignatureValue
	*
	* X509PublicKeyContent ::= CONTENT-TLV TLV-LENGTH
	* BYTE+ (= public key bits in PKCS#8 format)
	*
	* CertificateV2SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
	* SignatureType
	* KeyLocator
	* ValidityPeriod
	* ... optional critical or non-critical extension blocks ...
	*
	* An example of NDN certificate name:
	*
	* /edu/ucla/cs/yingdi/KEY/%03%CD...%F1/%9F%D3...%B7/%FD%d2...%8E
	* \_________________/ \___________/ \___________/\___________/
	* Certificate Namespace Key Id Issuer Id Version
	* (Identity)
	* \__________________________________/
	* Key Name
	*
	* Notes:
	*
	* - `Key Id` is opaque name component to identify an instance of the public key for the
	* certificate namespace. The value of `Key ID` is controlled by the namespace owner. The
	* library includes helpers for generation of key IDs using 8-byte random number, SHA-256
	* digest of the public key, timestamp, and the specified numerical identifiers.
	*
	* - `Issuer Id` is opaque name component to identify issuer of the certificate. The value is
	* controlled by the issuer. The library includes helpers to set issuer ID to a 8-byte
	* random number, SHA-256 digest of the issuer's public key, and the specified numerical
	* identifiers.
	*
	* - `Key Name` is a logical name of the key used for management pursposes. Key Name includes
	* the certificate namespace, keyword `KEY`, and `KeyId` components.
	*
	* @see doc/specs/certificate-format.rst
	*/
	class Certificate : public Data
	{
	public:
	Certificate();

	/**
	* @brief Construct certificate from a data object
	* @throw tlv::Error if data does not follow certificate format
	*/
	explicit
	Certificate(Data&& data);

	/**
	* @brief Construct certificate from a data object
	* @throw tlv::Error if data does not follow certificate format
	*/
	explicit
	Certificate(const Data& data);

	/**
	* @brief Construct certificate from a wire encoding
	* @throw tlv::Error if wire encoding is invalid or does not follow certificate format
	*/
	explicit
	Certificate(const Block& block);

	/**
	* @brief Get key name
	*/
	Name
	getKeyName() const;

	/**
	* @brief Get identity name
	*/
	Name
	getIdentity() const;

	/**
	* @brief Get key ID
	*/
	name::Component
	getKeyId() const;

	/**
	* @brief Get issuer ID
	*/
	name::Component
	getIssuerId() const;

	/**
	* @brief Get public key bits (in PKCS#8 format)
	* @throw Error If content is empty
	*/
	Buffer
	getPublicKey() const;

	/**
	* @brief Get validity period of the certificate
	*/
	ValidityPeriod
	getValidityPeriod() const;

	/**
	* @brief Check if the certificate is valid at @p ts.
	*/
	bool
	isValid(const time::system_clock::TimePoint& ts = time::system_clock::now()) const;

	/**
	* @brief Get extension with TLV @p type
	* @throw ndn::SignatureInfo::Error if the specified block type does not exist
	*/
	const Block&
	getExtension(uint32_t type) const;

	// @TODO Implement extension enumeration (Issue #3907)
	public:
	/**
	* @brief Check if the specified name follows the naming convention for the certificate
	*/
	static bool
	isValidName(const Name& certName);

	public:
	static const ssize_t VERSION_OFFSET;
	static const ssize_t ISSUER_ID_OFFSET;
	static const ssize_t KEY_COMPONENT_OFFSET;
	static const ssize_t KEY_ID_OFFSET;
	static const size_t MIN_CERT_NAME_LENGTH;
	static const size_t MIN_KEY_NAME_LENGTH;
	static const name::Component KEY_COMPONENT;
	};

	std::ostream&
	operator<<(std::ostream& os, const Certificate& cert);

	/**
	* @brief Extract identity namespace from the certificate name @p certName
	*/
	Name
	extractIdentityFromCertName(const Name& certName);

	/**
	* @brief Extract key name from the certificate name @p certName
	*/
	Name
	extractKeyNameFromCertName(const Name& certName);

	} // namespace v2
	} // namespace security
	} // namespace ndn

	#endif // NDN_SECURITY_V2_CERTIFICATE_HPP