Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 24b75c89306eaa2f267f0468670fa8d542e31296 / . / src / security / certificate.cpp
blob: 167992b571406ae2fb0df3472268838f4a4c293b [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]2/**
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]3 * Copyright (c) 2013-2014 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]6 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]20 *
21 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
22 * @author Jeff Thompson <jefft0@remap.ucla.edu>
23 * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]24 */
25
Alexander Afanasyev09c613f2014-01-29 00:23:58 -0800[diff] [blame]26#include "common.hpp"
Alexander Afanasyev8e96e582013-11-19 12:07:04 -0800[diff] [blame]27
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]28#include "certificate.hpp"
Yingdi Yu4f324632014-01-15 18:10:03 -0800[diff] [blame]29#include "../util/time.hpp"
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]30#include "cryptopp.hpp"
Yingdi Yu4f324632014-01-15 18:10:03 -0800[diff] [blame]31#include "../encoding/cryptopp/asn_ext.hpp"
Alexander Afanasyev258ec2b2014-05-14 16:15:37 -0700[diff] [blame]32#include "../encoding/buffer-stream.hpp"
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]33
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]34using namespace std;
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]35
36namespace ndn {
37
38Certificate::Certificate()
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]39 : m_notBefore(time::system_clock::TimePoint::max())
40 , m_notAfter(time::system_clock::TimePoint::min())
41{
42}
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]43
44Certificate::Certificate(const Data& data)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]45 // Use the copy constructor. It clones the signature object.
46 : Data(data)
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]47{
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]48 decode();
49}
50
51Certificate::~Certificate()
52{
53 //TODO:
54}
55
56bool
57Certificate::isTooEarly()
58{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]59 if (time::system_clock::now() < m_notBefore)
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]60 return true;
61 else
62 return false;
63}
64
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]65bool
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]66Certificate::isTooLate()
67{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]68 if (time::system_clock::now() > m_notAfter)
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]69 return true;
70 else
71 return false;
72}
73
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]74void
75Certificate::encode()
76{
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]77 // Name
78 // <key_name>/ID-CERT/<id#>
79 // Content
80 // DER encoded idCert:
81 //
82 // idCert ::= SEQUENCE {
83 // validity Validity,
84 // subject Name,
85 // subjectPubKeyInfo SubjectPublicKeyInfo,
86 // extension Extensions OPTIONAL }
87 //
88 // Validity ::= SEQUENCE {
89 // notBefore Time,
90 // notAfter Time }
91 //
92 // Name ::= CHOICE {
93 // RDNSequence }
94 //
95 // RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
96 //
97 // RelativeDistinguishedName ::=
98 // SET OF AttributeTypeAndValue
99 //
100 // SubjectPublicKeyInfo ::= SEQUENCE {
101 // algorithm AlgorithmIdentifier
102 // keybits BIT STRING }
103 //
104 // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
105 //
106 // (see http://www.ietf.org/rfc/rfc3280.txt for more detail)
107 //
108 // KeyLocator
109 // issuer’s certificate name
110 // Signature
111
112 using namespace CryptoPP;
113
114 OBufferStream os;
115 CryptoPP::FileSink sink(os);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]116
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]117 // idCert ::= SEQUENCE {
118 // validity Validity,
119 // subject Name,
120 // subjectPubKeyInfo SubjectPublicKeyInfo,
121 // extension Extensions OPTIONAL }
122 DERSequenceEncoder idCert(sink);
123 {
124 // Validity ::= SEQUENCE {
125 // notBefore Time,
126 // notAfter Time }
127 DERSequenceEncoder validity(idCert);
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]128 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]129 DEREncodeGeneralTime(validity, m_notBefore);
130 DEREncodeGeneralTime(validity, m_notAfter);
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]131 }
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]132 validity.MessageEnd();
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]133
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]134 // Name ::= CHOICE {
135 // RDNSequence }
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]136 //
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]137 // RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
138 DERSequenceEncoder name(idCert);
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]139 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]140 for (SubjectDescriptionList::iterator it = m_subjectDescriptionList.begin();
141 it != m_subjectDescriptionList.end(); ++it)
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]142 {
143 it->encode(name);
144 }
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]145 }
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]146 name.MessageEnd();
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]147
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]148 // SubjectPublicKeyInfo
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]149 m_key.encode(idCert);
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]150
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]151 // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
152 //
153 // Extension ::= SEQUENCE {
154 // extnID OBJECT IDENTIFIER,
155 // critical BOOLEAN DEFAULT FALSE,
156 // extnValue OCTET STRING }
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]157 if (!m_extensionList.empty())
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]158 {
159 DERSequenceEncoder extensions(idCert);
160 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]161 for (ExtensionList::iterator it = m_extensionList.begin();
162 it != m_extensionList.end(); ++it)
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]163 {
164 it->encode(extensions);
165 }
166 }
167 extensions.MessageEnd();
168 }
169 }
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]170
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]171 idCert.MessageEnd();
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]172
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]173 setContent(os.buf());
174 setContentType(MetaInfo::TYPE_KEY);
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]175}
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]176
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]177void
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]178Certificate::decode()
179{
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]180 using namespace CryptoPP;
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]181
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]182 OBufferStream os;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]183 StringSource source(getContent().value(), getContent().value_size(), true);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]184
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]185 // idCert ::= SEQUENCE {
186 // validity Validity,
187 // subject Name,
188 // subjectPubKeyInfo SubjectPublicKeyInfo,
189 // extension Extensions OPTIONAL }
190 BERSequenceDecoder idCert(source);
191 {
192 // Validity ::= SEQUENCE {
193 // notBefore Time,
194 // notAfter Time }
195 BERSequenceDecoder validity(idCert);
196 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]197 BERDecodeTime(validity, m_notBefore);
198 BERDecodeTime(validity, m_notAfter);
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]199 }
200 validity.MessageEnd();
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]201
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]202 // Name ::= CHOICE {
203 // RDNSequence }
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]204 //
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]205 // RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]206 m_subjectDescriptionList.clear();
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]207 BERSequenceDecoder name(idCert);
208 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]209 while (!name.EndReached())
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]210 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]211 m_subjectDescriptionList.push_back(CertificateSubjectDescription(name));
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]212 }
213 }
214 name.MessageEnd();
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]215
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]216 // SubjectPublicKeyInfo ::= SEQUENCE {
217 // algorithm AlgorithmIdentifier
218 // keybits BIT STRING }
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]219 m_key.decode(idCert);
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]220
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]221 // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
222 //
223 // Extension ::= SEQUENCE {
224 // extnID OBJECT IDENTIFIER,
225 // critical BOOLEAN DEFAULT FALSE,
226 // extnValue OCTET STRING }
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]227 m_extensionList.clear();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]228 if (!idCert.EndReached())
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]229 {
230 BERSequenceDecoder extensions(idCert);
231 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]232 while (!extensions.EndReached())
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]233 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]234 m_extensionList.push_back(CertificateExtension(extensions));
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]235 }
236 }
237 extensions.MessageEnd();
238 }
239 }
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]240
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]241 idCert.MessageEnd();
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]242}
243
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]244void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]245Certificate::printCertificate(std::ostream& os) const
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]246{
Alexander Afanasyev049f8f72013-12-26 19:07:15 -0800[diff] [blame]247 os << "Certificate name:" << endl;
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]248 os << " " << getName() << endl;
249 os << "Validity:" << endl;
250 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]251 os << " NotBefore: " << time::toIsoString(m_notBefore) << endl;
252 os << " NotAfter: " << time::toIsoString(m_notAfter) << endl;
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]253 }
254
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]255 os << "Subject Description:" << endl;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]256 for (SubjectDescriptionList::const_iterator it = m_subjectDescriptionList.begin();
257 it != m_subjectDescriptionList.end(); ++it)
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]258 {
259 os << " " << it->getOidString() << ": " << it->getValue() << endl;
260 }
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]261
Alexander Afanasyev049f8f72013-12-26 19:07:15 -0800[diff] [blame]262 os << "Public key bits:" << endl;
Alexander Afanasyev0ea6e082013-12-26 15:16:37 -0800[diff] [blame]263 CryptoPP::Base64Encoder encoder(new CryptoPP::FileSink(os), true, 64);
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]264 m_key.encode(encoder);
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]265}
Jeff Thompsona5dc3512013-10-17 10:26:19 -0700[diff] [blame]266
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]267} // namespace ndn