Merge feature branch 'feature-cert'
Change-Id: If708ba37e79d6c9c8e13941ce89be97a7f45b3cb
Refs: #2861, #2868, #3058
diff --git a/docs/index.rst b/docs/index.rst
index 5543840..eaa0cb7 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -33,6 +33,7 @@
+ :doc:`tutorials/utils-ndn-regex`
+ :doc:`tutorials/security-validator-config`
+ :doc:`tutorials/signed-interest`
+ + :doc:`tutorials/certificate-format`
- :doc:`manpages`
diff --git a/docs/tutorials.rst b/docs/tutorials.rst
index 5a6f175..d4bc089 100644
--- a/docs/tutorials.rst
+++ b/docs/tutorials.rst
@@ -8,3 +8,4 @@
tutorials/utils-ndn-regex
tutorials/security-validator-config
tutorials/signed-interest
+ tutorials/certificate-format
diff --git a/docs/tutorials/certificate-format.rst b/docs/tutorials/certificate-format.rst
new file mode 100644
index 0000000..0bb059f
--- /dev/null
+++ b/docs/tutorials/certificate-format.rst
@@ -0,0 +1,221 @@
+NDN Certificate Format Version 2.0
+==================================
+
+.. contents::
+
+Since signature verification is a common operation in NDN applications, it is
+important to define a common certificate format to standardize the public key
+authentication procedure. As every NDN data packet is signed, a data packet
+that carries a public key as content is conceptually a certificate. However,
+the specification of a data packet is not sufficient to be the specification of
+a common certificate format, as it requires additional components. For example,
+a certificate may follow a specific naming convention and may need to include
+validity period, revocation information, etc. This specification defines
+naming and components of the NDN certificates and is complementary to NDN packet
+specification.
+
+::
+
+ Overview of NDN certificate format
+ +--------------------------+
+ | Name |
+ +--------------------------+
+ | MetaInfo |
+ |+------------------------+|
+ || ContentType: KEY(2) ||
+ |+------------------------+|
+ +--------------------------+
+ | Content |
+ |+------------------------+|
+ || Public Key ||
+ |+------------------------+|
+ +--------------------------+
+ | SignatureInfo |
+ |+------------------------+|
+ || SignatureType: ... ||
+ || KeyLocator: ... ||
+ || ValidityPeriod: ... ||
+ || ... ||
+ |+------------------------+|
+ +--------------------------+
+ | SignatureValue |
+ +--------------------------+
+
+
+Name
+----
+
+The name of a certificate consists of four parts as shown below:
+
+::
+
+ /<PrincipalName>/[KeyId]/KEY/[Version]
+
+A certificate name starts with the name to which a public key is bound. The
+second part is a single name component, called KeyId, which should uniquely
+identify the key under the principal namespace. The value of KeyId is up to
+the owner of the principal namespace (e.g., SHA-256 digest of the public key,
+timestamp, or numerical identifier). A special name component ``KEY`` is
+appended after KeyId, which indicates that the data is a certificate. The last
+component is version number. For example,
+
+::
+
+ /edu/ucla/cs/yingdi/%03%CD...%F1/KEY/%FD%d2...%8E
+ \_________________/\___________/ \___________/
+ Principal Name Key ID Version
+
+
+MetaInfo
+--------
+
+The ``ContentType`` of certificate is set to ``KEY`` (2).
+
+The ``FreshnessPeriod`` of certificate must be explicitly specified. The
+recommended value is 1 hour (3,600,000 milliseconds).
+
+Content
+-------
+
+By default, the content of a certificate is the public key encoded in
+`X509PublicKey <https://tools.ietf.org/html/rfc5280#section-4.1.2.7>`__ format.
+
+SignatureInfo
+-------------
+
+Besides, ``SignatureType`` and ``KeyLocator``, the ``SignatureInfo`` field of a
+certificate include more optional fields.
+
+::
+
+ SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
+ SignatureType
+ KeyLocator
+ ValidityPeriod?
+ ... (SignatureInfo Extension TLVs)
+
+One optional field is ``ValidityPeriod``, which contains two sub TLV fields:
+``NotBefore`` and ``NotAfter``, which are two UTC timestamps in ISO 8601 compact
+format (``yyyymmddTHHMMSS``, e.g., "20020131T235959"). NotBefore indicates
+when the certificate takes effect while NotAfter indicates when the certificate
+expires.
+
+.. note::
+ Using ISO style string is the convention of specifying validity period of
+ certificate, which has been adopted by many certificate systems, such as
+ X.509, PGP, and DNSSEC.
+
+::
+
+ ValidityPeriod ::= VALIDITY-PERIOD-TYPE TLV-LENGTH
+ NotBefore
+ NotAfter
+
+ NotBefore ::= NOT-BEFORE-TYPE TLV-LENGTH
+ BYTE{15}
+
+ NotAfter ::= NOT-AFTER-TYPE TLV-LENGTH
+ BYTE{15}
+
+For each TLV, the TLV-TYPE codes are assigned as below:
+
++---------------------------------------------+-------------------+----------------+
+| TLV-TYPE | Assigned code | Assigned code |
+| | (decimal) | (hexadecimal) |
++=============================================+===================+================+
+| ValidityPeriod | 253 | 0xFD |
++---------------------------------------------+-------------------+----------------+
+| NotBefore | 254 | 0xFE |
++---------------------------------------------+-------------------+----------------+
+| NotAfter | 255 | 0xFF |
++---------------------------------------------+-------------------+----------------+
+
+.. note::
+ TLV-TYPE code that falls into [253, 65536) is encoded in
+ `3-byte <http://named-data.net/doc/ndn-tlv/tlv.html#variable-size-encoding-for-type-t-and-length-l>`__
+
+Extensions
+~~~~~~~~~~
+
+A certificate may optionally carry some extensions in SignatureInfo. An extension
+could be either critical or non-critical depends on the TLV-TYPE code convention. An
+critical extension implies that if a validator cannot recognize or cannot parse the
+extension, the validator must reject the certificate. An non-critical extension
+implies that if a validator cannot recognize or cannot parse the extension, the
+validator may ignore the extension.
+
+The TLV-TYPE code range [256, 512) is reserved for extensions. The last bit of a
+TLV-TYPE code indicates whether the extension is critical or not: ``1`` for critical
+while ``0`` for non-critical. If an extension could be either critical or
+non-critical, the extension should be allocated with two TLV-TYPE codes which only
+differ at the last bit. For example, TLV-TYPE codes 256 and 257 are allocated to the
+``StatusChecking`` extension, 256 for critical StatusChecking while 257 for
+non-critical StatusChecking.
+
+
+Proposed Extensions
+-------------------
+
+We list the proposed extensions here:
+
++---------------------------------------------+-------------------+----------------+
+| TLV-TYPE | Assigned code | Assigned code |
+| | (decimal) | (hexadecimal) |
++=============================================+===================+================+
+| StatusChecking (Non-critical) | 256 | 0x0100 |
++---------------------------------------------+-------------------+----------------+
+| StatusChecking (Critical) | 257 | 0x0101 |
++---------------------------------------------+-------------------+----------------+
+| AdditionalDescription (Non-critical) | 258 | 0x0102 |
++---------------------------------------------+-------------------+----------------+
+| MultipleSignature (Critical) | 259 | 0x0103 |
++---------------------------------------------+-------------------+----------------+
+
+.. note::
+ TLV-TYPE code that falls into [253, 65536) is encoded in
+ `3-byte <http://named-data.net/doc/ndn-tlv/tlv.html#variable-size-encoding-for-type-t-and-length-l>`__
+
+Status Checking
+~~~~~~~~~~~~~~~
+
+TBD
+
+Multiple Signature
+~~~~~~~~~~~~~~~~~~
+
+TBD
+
+AdditionalDescription
+~~~~~~~~~~~~~~~~~~~~~
+
+``AdditionalDescription`` is a non-critical extension that provides additional
+information about the certificate. The information is expressed as a set of
+key-value pairs. Both key and value are UTF-8 strings, e.g.,
+``("Organization", "UCLA")``. The issuer of a certificate can specify arbitrary
+key-value pair to provide additional description about the certificate.
+
+::
+
+ AdditionalDescription ::= ADDITIONAL-DESCRIPTION-TYPE TLV-LENGTH
+ DescriptionEntry+
+
+ DescriptionEntry ::= DESCRIPTION-ENTRY-TYPE TLV-LENGTH
+ DescriptionKey
+ DescriptionValue
+
+ DescriptionKey ::= DESCRIPTION-KEY-TYPE TLV-LENGTH
+ BYTE+
+
+ DescriptionValue ::= DESCRIPTION-VALUE-TYPE TLV-LENGTH
+ BYTE+
+
++---------------------------------------------+-------------------+----------------+
+| TLV-TYPE | Assigned code | Assigned code |
+| | (decimal) | (hexadecimal) |
++=============================================+===================+================+
+| DescriptionEntry | 512 | 0x0200 |
++---------------------------------------------+-------------------+----------------+
+| DescriptionKey | 513 | 0x0201 |
++---------------------------------------------+-------------------+----------------+
+| DescriptionValue | 514 | 0x0202 |
++---------------------------------------------+-------------------+----------------+
diff --git a/src/encoding/tlv.hpp b/src/encoding/tlv.hpp
index 78564d8..7d7461f 100644
--- a/src/encoding/tlv.hpp
+++ b/src/encoding/tlv.hpp
@@ -99,6 +99,21 @@
SignatureSha256WithEcdsa = 3
};
+/** @brief TLV codes for SignatureInfo features
+ * @sa docs/tutorials/certificate-format.rst
+ */
+enum {
+ // SignatureInfo TLVs
+ ValidityPeriod = 253,
+ NotBefore = 254,
+ NotAfter = 255,
+
+ AdditionalDescription = 258,
+ DescriptionEntry = 512,
+ DescriptionKey = 513,
+ DescriptionValue = 514
+};
+
/** @brief indicates a possible value of ContentType field
*/
enum ContentTypeValue {
diff --git a/src/security/additional-description.cpp b/src/security/additional-description.cpp
new file mode 100644
index 0000000..6aed34a
--- /dev/null
+++ b/src/security/additional-description.cpp
@@ -0,0 +1,197 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2015 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "additional-description.hpp"
+#include "../util/concepts.hpp"
+#include "../encoding/block-helpers.hpp"
+
+namespace ndn {
+namespace security {
+
+BOOST_CONCEPT_ASSERT((boost::EqualityComparable<AdditionalDescription>));
+BOOST_CONCEPT_ASSERT((WireEncodable<AdditionalDescription>));
+BOOST_CONCEPT_ASSERT((WireEncodableWithEncodingBuffer<AdditionalDescription>));
+BOOST_CONCEPT_ASSERT((WireDecodable<AdditionalDescription>));
+static_assert(std::is_base_of<tlv::Error, AdditionalDescription::Error>::value,
+ "AdditionalDescription::Error must inherit from tlv::Error");
+
+static const size_t KEY_OFFSET = 0;
+static const size_t VALUE_OFFSET = 1;
+
+AdditionalDescription::AdditionalDescription(const Block& block)
+{
+ wireDecode(block);
+}
+
+const std::string&
+AdditionalDescription::get(const std::string& key) const
+{
+ auto it = m_info.find(key);
+ if (it == m_info.end())
+ throw Error("Entry does not exist for key (" + key + ")");
+
+ return it->second;
+}
+
+void
+AdditionalDescription::set(const std::string& key, const std::string& value)
+{
+ m_info[key] = value;
+}
+
+bool
+AdditionalDescription::has(const std::string& key) const
+{
+ return (m_info.find(key) != m_info.end());
+}
+
+AdditionalDescription::iterator
+AdditionalDescription::begin()
+{
+ return m_info.begin();
+}
+
+AdditionalDescription::iterator
+AdditionalDescription::end()
+{
+ return m_info.end();
+}
+
+AdditionalDescription::const_iterator
+AdditionalDescription::begin() const
+{
+ return m_info.begin();
+}
+
+AdditionalDescription::const_iterator
+AdditionalDescription::end() const
+{
+ return m_info.end();
+}
+
+template<encoding::Tag TAG>
+size_t
+AdditionalDescription::wireEncode(EncodingImpl<TAG>& encoder) const
+{
+ size_t totalLength = 0;
+
+ for (auto it = m_info.rbegin(); it != m_info.rend(); it++) {
+ size_t entryLength = 0;
+ entryLength += prependStringBlock(encoder, tlv::DescriptionValue, it->second);
+ entryLength += prependStringBlock(encoder, tlv::DescriptionKey, it->first);
+ entryLength += encoder.prependVarNumber(entryLength);
+ entryLength += encoder.prependVarNumber(tlv::DescriptionEntry);
+
+ totalLength += entryLength;
+ }
+
+ totalLength += encoder.prependVarNumber(totalLength);
+ totalLength += encoder.prependVarNumber(tlv::AdditionalDescription);
+ return totalLength;
+}
+
+template size_t
+AdditionalDescription::wireEncode<encoding::EncoderTag>(EncodingImpl<encoding::EncoderTag>& encoder) const;
+
+template size_t
+AdditionalDescription::wireEncode<encoding::EstimatorTag>(EncodingImpl<encoding::EstimatorTag>& encoder) const;
+
+const Block&
+AdditionalDescription::wireEncode() const
+{
+ if (m_wire.hasWire())
+ return m_wire;
+
+ EncodingEstimator estimator;
+ size_t estimatedSize = wireEncode(estimator);
+
+ EncodingBuffer buffer(estimatedSize, 0);
+ wireEncode(buffer);
+
+ m_wire = buffer.block();
+ m_wire.parse();
+
+ return m_wire;
+}
+
+void
+AdditionalDescription::wireDecode(const Block& wire)
+{
+ if (!wire.hasWire()) {
+ throw Error("The supplied block does not contain wire format");
+ }
+
+ m_wire = wire;
+ m_wire.parse();
+
+ if (m_wire.type() != tlv::AdditionalDescription)
+ throw Error("Unexpected TLV type when decoding AdditionalDescription");
+
+ Block::element_const_iterator it = m_wire.elements_begin();
+ while (it != m_wire.elements_end()) {
+ const Block& entry = *it;
+ entry.parse();
+
+ if (entry.type() != tlv::DescriptionEntry)
+ throw Error("Unexpected TLV type when decoding DescriptionEntry");
+
+ if (entry.elements_size() != 2)
+ throw Error("DescriptionEntry does not have two sub-TLVs");
+
+ if (entry.elements()[KEY_OFFSET].type() != tlv::DescriptionKey ||
+ entry.elements()[VALUE_OFFSET].type() != tlv::DescriptionValue)
+ throw Error("Invalid DescriptionKey or DescriptionValue field");
+
+ m_info[readString(entry.elements()[KEY_OFFSET])] = readString(entry.elements()[VALUE_OFFSET]);
+ it++;
+ }
+}
+
+bool
+AdditionalDescription::operator==(const AdditionalDescription& other) const
+{
+ return (m_info == other.m_info);
+}
+
+bool
+AdditionalDescription::operator!=(const AdditionalDescription& other) const
+{
+ return !(*this == other);
+}
+
+std::ostream&
+operator<<(std::ostream& os, const AdditionalDescription& other)
+{
+ size_t count = 0;
+ os << "(";
+ for (const auto& entry : other) {
+ if (count > 0)
+ os << ", ";
+ os << "(" << entry.first << ":" << entry.second << ")";
+ count++;
+ }
+ os << ")";
+
+ return os;
+}
+
+} // namespace security
+} // namespace ndn
diff --git a/src/security/additional-description.hpp b/src/security/additional-description.hpp
new file mode 100644
index 0000000..b34cb74
--- /dev/null
+++ b/src/security/additional-description.hpp
@@ -0,0 +1,131 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2015 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_ADDITIONAL_DESCRIPTION_HPP
+#define NDN_SECURITY_ADDITIONAL_DESCRIPTION_HPP
+
+#include "../common.hpp"
+#include "../encoding/tlv.hpp"
+#include "../encoding/block.hpp"
+#include <map>
+
+namespace ndn {
+namespace security {
+
+/**
+ * @brief Abstraction of AdditionalDescription
+ * @sa docs/tutorials/certificate-format.rst
+ */
+class AdditionalDescription
+{
+public:
+ class Error : public tlv::Error
+ {
+ public:
+ explicit
+ Error(const std::string& what)
+ : tlv::Error(what)
+ {
+ }
+ };
+
+ typedef std::map<std::string, std::string>::iterator iterator;
+ typedef std::map<std::string, std::string>::const_iterator const_iterator;
+
+public:
+
+ /**
+ * @brief Create an empty AdditionalDescription
+ */
+ AdditionalDescription() = default;
+
+ /**
+ * @brief Create AdditionalDescription from @p block
+ */
+ explicit
+ AdditionalDescription(const Block& block);
+
+ const std::string&
+ get(const std::string& key) const;
+
+ void
+ set(const std::string& key, const std::string& value);
+
+ bool
+ has(const std::string& key) const;
+
+ size_t
+ size() const
+ {
+ return m_info.size();
+ }
+
+ iterator
+ begin();
+
+ iterator
+ end();
+
+ const_iterator
+ begin() const;
+
+ const_iterator
+ end() const;
+
+ /** @brief Fast encoding or block size estimation
+ */
+ template<encoding::Tag TAG>
+ size_t
+ wireEncode(EncodingImpl<TAG>& encoder) const;
+
+ /** @brief Encode ValidityPeriod into TLV block
+ */
+ const Block&
+ wireEncode() const;
+
+ /** @brief Decode ValidityPeriod from TLV block
+ * @throw Error when an invalid TLV block supplied
+ */
+ void
+ wireDecode(const Block& wire);
+
+public: // EqualityComparable concept
+
+ bool
+ operator==(const AdditionalDescription& other) const;
+
+ bool
+ operator!=(const AdditionalDescription& other) const;
+
+private:
+
+ std::map<std::string, std::string> m_info;
+
+ mutable Block m_wire;
+};
+
+std::ostream&
+operator<<(std::ostream& os, const AdditionalDescription& period);
+
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_ADDITIONAL_DESCRIPTION_HPP
diff --git a/src/security/validity-period.cpp b/src/security/validity-period.cpp
new file mode 100644
index 0000000..008cd3c
--- /dev/null
+++ b/src/security/validity-period.cpp
@@ -0,0 +1,172 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2015 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "validity-period.hpp"
+#include "../encoding/block-helpers.hpp"
+#include "../util/concepts.hpp"
+
+namespace ndn {
+namespace security {
+
+BOOST_CONCEPT_ASSERT((boost::EqualityComparable<ValidityPeriod>));
+BOOST_CONCEPT_ASSERT((WireEncodable<ValidityPeriod>));
+BOOST_CONCEPT_ASSERT((WireEncodableWithEncodingBuffer<ValidityPeriod>));
+BOOST_CONCEPT_ASSERT((WireDecodable<ValidityPeriod>));
+static_assert(std::is_base_of<tlv::Error, ValidityPeriod::Error>::value,
+ "ValidityPeriod::Error must inherit from tlv::Error");
+
+static const size_t ISO_DATETIME_SIZE = 15;
+static const size_t NOT_BEFORE_OFFSET = 0;
+static const size_t NOT_AFTER_OFFSET = 1;
+
+using boost::chrono::time_point_cast;
+
+ValidityPeriod::ValidityPeriod(const time::system_clock::TimePoint& notBefore,
+ const time::system_clock::TimePoint& notAfter)
+ : m_notBefore(time_point_cast<TimePoint::duration>(notBefore + TimePoint::duration(1) -
+ time::system_clock::TimePoint::duration(1)))
+ , m_notAfter(time_point_cast<TimePoint::duration>(notAfter))
+{
+}
+
+ValidityPeriod::ValidityPeriod(const Block& block)
+{
+ wireDecode(block);
+}
+
+template<encoding::Tag TAG>
+size_t
+ValidityPeriod::wireEncode(EncodingImpl<TAG>& encoder) const
+{
+ size_t totalLength = 0;
+
+ totalLength += prependStringBlock(encoder, tlv::NotAfter, time::toIsoString(m_notAfter));
+ totalLength += prependStringBlock(encoder, tlv::NotBefore, time::toIsoString(m_notBefore));
+
+ totalLength += encoder.prependVarNumber(totalLength);
+ totalLength += encoder.prependVarNumber(tlv::ValidityPeriod);
+ return totalLength;
+}
+
+template size_t
+ValidityPeriod::wireEncode<encoding::EncoderTag>(EncodingImpl<encoding::EncoderTag>& encoder) const;
+
+template size_t
+ValidityPeriod::wireEncode<encoding::EstimatorTag>(EncodingImpl<encoding::EstimatorTag>& encoder) const;
+
+const Block&
+ValidityPeriod::wireEncode() const
+{
+ if (m_wire.hasWire())
+ return m_wire;
+
+ EncodingEstimator estimator;
+ size_t estimatedSize = wireEncode(estimator);
+
+ EncodingBuffer buffer(estimatedSize, 0);
+ wireEncode(buffer);
+
+ m_wire = buffer.block();
+ m_wire.parse();
+
+ return m_wire;
+}
+
+void
+ValidityPeriod::wireDecode(const Block& wire)
+{
+ if (!wire.hasWire()) {
+ throw Error("The supplied block does not contain wire format");
+ }
+
+ m_wire = wire;
+ m_wire.parse();
+
+ if (m_wire.type() != tlv::ValidityPeriod)
+ throw Error("Unexpected TLV type when decoding ValidityPeriod");
+
+ if (m_wire.elements_size() != 2)
+ throw Error("Does not have two sub-TLVs");
+
+ if (m_wire.elements()[NOT_BEFORE_OFFSET].type() != tlv::NotBefore ||
+ m_wire.elements()[NOT_BEFORE_OFFSET].value_size() != ISO_DATETIME_SIZE ||
+ m_wire.elements()[NOT_AFTER_OFFSET].type() != tlv::NotAfter ||
+ m_wire.elements()[NOT_AFTER_OFFSET].value_size() != ISO_DATETIME_SIZE) {
+ throw Error("Invalid NotBefore or NotAfter field");
+ }
+
+ try {
+ m_notBefore = time_point_cast<TimePoint::duration>(
+ time::fromIsoString(readString(m_wire.elements()[NOT_BEFORE_OFFSET])));
+ m_notAfter = time_point_cast<TimePoint::duration>(
+ time::fromIsoString(readString(m_wire.elements()[NOT_AFTER_OFFSET])));
+ }
+ catch (const std::bad_cast&) {
+ throw Error("Invalid date format in NOT-BEFORE or NOT-AFTER field");
+ }
+}
+
+ValidityPeriod&
+ValidityPeriod::setPeriod(const time::system_clock::TimePoint& notBefore,
+ const time::system_clock::TimePoint& notAfter)
+{
+ m_wire.reset();
+ m_notBefore = time_point_cast<TimePoint::duration>(notBefore + TimePoint::duration(1) -
+ time::system_clock::TimePoint::duration(1));
+ m_notAfter = time_point_cast<TimePoint::duration>(notAfter);
+ return *this;
+}
+
+std::pair<time::system_clock::TimePoint, time::system_clock::TimePoint>
+ValidityPeriod::getPeriod() const
+{
+ return std::make_pair(m_notBefore, m_notAfter);
+}
+
+bool
+ValidityPeriod::isValid(const time::system_clock::TimePoint& now) const
+{
+ return m_notBefore < now && now < m_notAfter;
+}
+
+bool
+ValidityPeriod::operator==(const ValidityPeriod& other) const
+{
+ return (this->m_notBefore == other.m_notBefore &&
+ this->m_notAfter == other.m_notAfter);
+}
+
+bool
+ValidityPeriod::operator!=(const ValidityPeriod& other) const
+{
+ return !(*this == other);
+}
+
+std::ostream&
+operator<<(std::ostream& os, const ValidityPeriod& period)
+{
+ os << "(" << time::toIsoString(period.getPeriod().first)
+ << ", " << time::toIsoString(period.getPeriod().second) << ")";
+ return os;
+}
+
+} // namespace security
+} // namespace ndn
diff --git a/src/security/validity-period.hpp b/src/security/validity-period.hpp
new file mode 100644
index 0000000..ab24d68
--- /dev/null
+++ b/src/security/validity-period.hpp
@@ -0,0 +1,134 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2015 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_VALIDITY_PERIOD_HPP
+#define NDN_SECURITY_VALIDITY_PERIOD_HPP
+
+#include "../common.hpp"
+#include "../encoding/tlv.hpp"
+#include "../encoding/block.hpp"
+#include "../util/time.hpp"
+
+namespace ndn {
+namespace security {
+
+
+/** @brief Abstraction of validity period
+ * @sa docs/tutorials/certificate-format.rst
+ */
+class ValidityPeriod
+{
+public:
+ class Error : public tlv::Error
+ {
+ public:
+ explicit
+ Error(const std::string& what)
+ : tlv::Error(what)
+ {
+ }
+ };
+
+public:
+ /** @brief Set validity period (UNIX epoch, UNIX epoch) that is always invalid
+ */
+ ValidityPeriod() = default;
+
+ /** @brief Create validity period from @p block
+ */
+ explicit
+ ValidityPeriod(const Block& block);
+
+ /** @brief Create validity period (@p notBefore, @p notAfter)
+ * @param notBefore exclusive beginning of the validity period range
+ * @param notAfter exclusive end of the validity period range
+ *
+ * @note The supplied time points will be rounded up to the whole seconds:
+ * - @p notBefore is rounded up the next whole second
+ * - @p notAfter is truncated to the previous whole second
+ */
+ ValidityPeriod(const time::system_clock::TimePoint& notBefore,
+ const time::system_clock::TimePoint& notAfter);
+
+ /** @brief Check if @p now falls within the validity period
+ * @param now Time point to check if it falls within the period
+ * @return periodBegin < @p now and @p now < periodEnd
+ */
+ bool
+ isValid(const time::system_clock::TimePoint& now = time::system_clock::now()) const;
+
+ /** @brief Set validity period (@p notBefore, @p notAfter)
+ * @param notBefore exclusive beginning of the validity period range
+ * @param notAfter exclusive end of the validity period range
+ *
+ * @note The supplied time points will be rounded up to the whole seconds:
+ * - @p notBefore is rounded up the next whole second
+ * - @p notAfter is truncated to the previous whole second
+ */
+ ValidityPeriod&
+ setPeriod(const time::system_clock::TimePoint& notBefore,
+ const time::system_clock::TimePoint& notAfter);
+
+ /** @brief Get the stored validity period
+ */
+ std::pair<time::system_clock::TimePoint, time::system_clock::TimePoint>
+ getPeriod() const;
+
+ /** @brief Fast encoding or block size estimation
+ */
+ template<encoding::Tag TAG>
+ size_t
+ wireEncode(EncodingImpl<TAG>& encoder) const;
+
+ /** @brief Encode ValidityPeriod into TLV block
+ */
+ const Block&
+ wireEncode() const;
+
+ /** @brief Decode ValidityPeriod from TLV block
+ * @throw Error when an invalid TLV block supplied
+ */
+ void
+ wireDecode(const Block& wire);
+
+public: // EqualityComparable concept
+ bool
+ operator==(const ValidityPeriod& other) const;
+
+ bool
+ operator!=(const ValidityPeriod& other) const;
+
+private:
+ typedef boost::chrono::time_point<time::system_clock, time::seconds> TimePoint;
+
+ TimePoint m_notBefore;
+ TimePoint m_notAfter;
+
+ mutable Block m_wire;
+};
+
+std::ostream&
+operator<<(std::ostream& os, const ValidityPeriod& period);
+
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_VALIDITY_PERIOD_HPP
diff --git a/src/signature-info.cpp b/src/signature-info.cpp
index 9c1f0de..e48482e 100644
--- a/src/signature-info.cpp
+++ b/src/signature-info.cpp
@@ -91,6 +91,32 @@
}
void
+SignatureInfo::setValidityPeriod(const security::ValidityPeriod& validityPeriod)
+{
+ unsetValidityPeriod();
+ m_otherTlvs.push_front(validityPeriod.wireEncode());
+}
+
+void
+SignatureInfo::unsetValidityPeriod()
+{
+ m_wire.reset();
+ if (!m_otherTlvs.empty() && m_otherTlvs.front().type() == tlv::ValidityPeriod) {
+ m_otherTlvs.erase(m_otherTlvs.begin());
+ }
+}
+
+security::ValidityPeriod
+SignatureInfo::getValidityPeriod() const
+{
+ if (m_otherTlvs.empty() || m_otherTlvs.front().type() != tlv::ValidityPeriod) {
+ throw Error("SignatureInfo does not contain the requested ValidityPeriod field");
+ }
+
+ return security::ValidityPeriod(m_otherTlvs.front());
+}
+
+void
SignatureInfo::appendTypeSpecificTlv(const Block& block)
{
m_otherTlvs.push_back(block);
diff --git a/src/signature-info.hpp b/src/signature-info.hpp
index a88b759..4ee8e64 100644
--- a/src/signature-info.hpp
+++ b/src/signature-info.hpp
@@ -24,6 +24,7 @@
#include "encoding/tlv.hpp"
#include "key-locator.hpp"
+#include "security/validity-period.hpp"
#include <list>
namespace ndn {
@@ -90,6 +91,18 @@
const KeyLocator&
getKeyLocator() const;
+ /// @brief Set ValidityPeriod
+ void
+ setValidityPeriod(const security::ValidityPeriod& validityPeriod);
+
+ /// @brief Unset ValidityPeriod
+ void
+ unsetValidityPeriod();
+
+ /// @brief Get ValidityPeriod
+ security::ValidityPeriod
+ getValidityPeriod() const;
+
/// @brief Append signature type specific tlv block
void
appendTypeSpecificTlv(const Block& block);
diff --git a/tests/unit-tests/security/additional-info.t.cpp b/tests/unit-tests/security/additional-info.t.cpp
new file mode 100644
index 0000000..63320f7
--- /dev/null
+++ b/tests/unit-tests/security/additional-info.t.cpp
@@ -0,0 +1,101 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2015 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "security/additional-description.hpp"
+
+#include "boost-test.hpp"
+
+namespace ndn {
+namespace security {
+namespace tests {
+
+BOOST_AUTO_TEST_SUITE(SecurityAdditionalDescription)
+
+static const uint8_t description[] = {
+ 0xfd, 0x01, 0x02, 0x28,
+ 0xfd, 0x02, 0x00, 0x10, // DescriptionEntry
+ 0xfd, 0x02, 0x01, 0x04, // DescriptionKey
+ 0x6b, 0x65, 0x79, 0x31, // "key1"
+ 0xfd, 0x02, 0x02, 0x04, // DescriptionValue
+ 0x76, 0x61, 0x6c, 0x31, // "val1"
+ 0xfd, 0x02, 0x00, 0x10, // DescriptionEntry
+ 0xfd, 0x02, 0x01, 0x04, // DescriptionKey
+ 0x6b, 0x65, 0x79, 0x32, // "key2"
+ 0xfd, 0x02, 0x02, 0x04, // DescriptionValue
+ 0x76, 0x61, 0x6c, 0x32, // "val2"
+};
+
+static const std::string text = "((key1:val1), (key2:val2))";
+
+BOOST_AUTO_TEST_CASE(Basic)
+{
+ AdditionalDescription aDescription;
+
+ aDescription.set("key2", "val2");
+ aDescription.set("key1", "val1");
+
+ BOOST_REQUIRE_NO_THROW(aDescription.get("key1"));
+ BOOST_REQUIRE_NO_THROW(aDescription.get("key2"));
+ BOOST_REQUIRE_THROW(aDescription.get("key3"), AdditionalDescription::Error);
+
+ BOOST_CHECK_EQUAL(aDescription.has("key1"), true);
+ BOOST_CHECK_EQUAL(aDescription.has("key2"), true);
+ BOOST_CHECK_EQUAL(aDescription.has("key3"), false);
+
+ auto val1 = aDescription.get("key1");
+ auto val2 = aDescription.get("key2");
+
+ BOOST_CHECK_EQUAL(val1, "val1");
+ BOOST_CHECK_EQUAL(val2, "val2");
+
+ auto it = aDescription.begin();
+ BOOST_CHECK_EQUAL(it->second, "val1");
+ it++;
+ BOOST_CHECK_EQUAL(it->second, "val2");
+ it++;
+ BOOST_CHECK(it == aDescription.end());
+
+ BOOST_CHECK_EQUAL_COLLECTIONS(aDescription.wireEncode().wire(),
+ aDescription.wireEncode().wire() + aDescription.wireEncode().size(),
+ description,
+ description + sizeof(description));
+
+ BOOST_REQUIRE_NO_THROW(AdditionalDescription(Block(description, sizeof(description))));
+ AdditionalDescription aDescription2(Block(description, sizeof(description)));
+
+ BOOST_CHECK(aDescription2 == aDescription);
+
+ AdditionalDescription aDescription3;
+ aDescription3.set("key3", "val3");
+ aDescription3.set("key2", "val2");
+
+ BOOST_CHECK(aDescription2 != aDescription3);
+
+ std::ostringstream os;
+ os << aDescription;
+ BOOST_CHECK_EQUAL(os.str(), text);
+}
+
+BOOST_AUTO_TEST_SUITE_END()
+
+} // namespace tests
+} // namespace security
+} // namespace ndn
diff --git a/tests/unit-tests/security/validity-period.t.cpp b/tests/unit-tests/security/validity-period.t.cpp
new file mode 100644
index 0000000..be5b2e4
--- /dev/null
+++ b/tests/unit-tests/security/validity-period.t.cpp
@@ -0,0 +1,191 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2015 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "security/validity-period.hpp"
+
+#include "boost-test.hpp"
+#include <boost/lexical_cast.hpp>
+
+namespace ndn {
+namespace security {
+namespace test {
+
+BOOST_AUTO_TEST_SUITE(SecurityValidityPeriod)
+
+BOOST_AUTO_TEST_CASE(ConstructorSetter)
+{
+ time::system_clock::TimePoint notBefore = time::system_clock::now() - time::days(1);
+ time::system_clock::TimePoint notAfter = notBefore + time::days(2);
+
+ ValidityPeriod validity1 = ValidityPeriod(notBefore, notAfter);
+
+ auto period = validity1.getPeriod();
+ BOOST_CHECK_GE(period.first, notBefore); // fractional seconds will be removed
+ BOOST_CHECK_LT(period.first, notBefore + time::seconds(1));
+
+ BOOST_CHECK_LE(period.second, notAfter); // fractional seconds will be removed
+ BOOST_CHECK_GT(period.second, notAfter - time::seconds(1));
+ BOOST_CHECK_EQUAL(validity1.isValid(), true);
+
+ BOOST_CHECK_EQUAL(ValidityPeriod(time::system_clock::now() - time::days(2),
+ time::system_clock::now() - time::days(1)).isValid(),
+ false);
+
+ BOOST_CHECK_NO_THROW((ValidityPeriod()));
+ ValidityPeriod validity2;
+ BOOST_CHECK(validity2.getPeriod() == std::make_pair(time::getUnixEpoch(), time::getUnixEpoch()));
+
+ validity2.setPeriod(notBefore, notAfter);
+ BOOST_CHECK(validity2.getPeriod() != std::make_pair(time::getUnixEpoch(), time::getUnixEpoch()));
+ BOOST_CHECK_EQUAL(validity2, validity1);
+
+ validity1.setPeriod(time::getUnixEpoch(), time::getUnixEpoch() + time::days(10 * 365));
+ BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(validity1),
+ "(19700101T000000, 19791230T000000)");
+
+ validity1.setPeriod(time::getUnixEpoch() + time::nanoseconds(1),
+ time::getUnixEpoch() + time::days(10 * 365) + time::nanoseconds(1));
+ BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(validity1),
+ "(19700101T000001, 19791230T000000)");
+}
+
+const uint8_t VP1[] = {
+ 0xfd, 0x00, 0xfd, 0x26, // ValidityPeriod
+ 0xfd, 0x00, 0xfe, 0x0f, // NotBefore
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x31, // 19700101T000000
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0xfd, 0x00, 0xff, 0x0f, // NotAfter
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x32, // 19700102T000000
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30
+};
+
+BOOST_AUTO_TEST_CASE(EncodingDecoding)
+{
+ time::system_clock::TimePoint notBefore = time::getUnixEpoch();
+ time::system_clock::TimePoint notAfter = notBefore + time::days(1);
+
+ ValidityPeriod v1(notBefore, notAfter);
+
+ BOOST_CHECK_EQUAL_COLLECTIONS(v1.wireEncode().begin(), v1.wireEncode().end(),
+ VP1, VP1 + sizeof(VP1));
+
+ BOOST_REQUIRE_NO_THROW(ValidityPeriod(Block(VP1, sizeof(VP1))));
+ Block block(VP1, sizeof(VP1));
+ ValidityPeriod v2(block);
+ BOOST_CHECK(v1.getPeriod() == v2.getPeriod());
+}
+
+const uint8_t VP_E1[] = {
+ 0xfd, 0x00, 0xff, 0x26, // ValidityPeriod (error)
+ 0xfd, 0x00, 0xfe, 0x0f, // NotBefore
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x31, // 19700101T000000
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0xfd, 0x00, 0xff, 0x0f, // NotAfter
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x32, // 19700102T000000
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30
+};
+
+const uint8_t VP_E2[] = {
+ 0xfd, 0x00, 0xfd, 0x26, // ValidityPeriod
+ 0xfd, 0x00, 0xff, 0x0f, // NotBefore (error)
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x31, // 19700101T000000
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0xfd, 0x00, 0xff, 0x0f, // NotAfter
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x32, // 19700102T000000
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30
+};
+
+const uint8_t VP_E3[] = {
+ 0xfd, 0x00, 0xfd, 0x26, // ValidityPeriod
+ 0xfd, 0x00, 0xfe, 0x0f, // NotBefore
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x31, // 19700101T000000
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0xfd, 0x00, 0xfe, 0x0f, // NotAfter (error)
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x32, // 19700102T000000
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30
+};
+
+const uint8_t VP_E4[] = {
+ 0xfd, 0x00, 0xfd, 0x39, // ValidityPeriod
+ 0xfd, 0x00, 0xfe, 0x0f, // NotBefore
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x31, // 19700101T000000
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0xfd, 0x00, 0xff, 0x0f, // NotAfter
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x32, // 19700102T000000
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0xfd, 0x00, 0xff, 0x0f, // NotAfter (error)
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x32, // 19700102T000000
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30
+};
+
+const uint8_t VP_E5[] = {
+ 0xfd, 0x00, 0xfd, 0x13, // ValidityPeriod
+ 0xfd, 0x00, 0xfe, 0x0f, // NotBefore
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x31, // 19700101T000000
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30
+};
+
+const uint8_t VP_E6[] = {
+ 0xfd, 0x00, 0xfd, 0x26, // ValidityPeriod
+ 0xfd, 0x00, 0xfe, 0x0f, // NotBefore
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x31, // 19700101T00000\xFF
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0xFF,
+ 0xfd, 0x00, 0xff, 0x0f, // NotAfter
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x32, // 19700102T000000
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30
+};
+
+
+BOOST_AUTO_TEST_CASE(DecodingError)
+{
+ BOOST_CHECK_THROW(ValidityPeriod(Block(VP_E1, sizeof(VP_E1))), ValidityPeriod::Error);
+
+ BOOST_CHECK_THROW(ValidityPeriod(Block(VP_E2, sizeof(VP_E2))), ValidityPeriod::Error);
+ BOOST_CHECK_THROW(ValidityPeriod(Block(VP_E3, sizeof(VP_E3))), ValidityPeriod::Error);
+
+ BOOST_CHECK_THROW(ValidityPeriod(Block(VP_E4, sizeof(VP_E4))), ValidityPeriod::Error);
+ BOOST_CHECK_THROW(ValidityPeriod(Block(VP_E5, sizeof(VP_E5))), ValidityPeriod::Error);
+
+ Block emptyBlock;
+ BOOST_CHECK_THROW((ValidityPeriod(emptyBlock)), ValidityPeriod::Error);
+
+ BOOST_CHECK_THROW(ValidityPeriod(Block(VP_E6, sizeof(VP_E6))), ValidityPeriod::Error);
+}
+
+BOOST_AUTO_TEST_CASE(Comparison)
+{
+ time::system_clock::TimePoint notBefore = time::getUnixEpoch();
+ time::system_clock::TimePoint notAfter = notBefore + time::days(1);
+ time::system_clock::TimePoint notAfter2 = notBefore + time::days(2);
+
+ ValidityPeriod validity1(notBefore, notAfter);
+ ValidityPeriod validity2(notBefore, notAfter);
+ BOOST_CHECK(validity1 == validity2);
+
+ ValidityPeriod validity3(notBefore, notAfter2);
+ BOOST_CHECK(validity1 != validity3);
+}
+
+BOOST_AUTO_TEST_SUITE_END()
+
+} // namespace test
+} // namespace security
+} // namespace ndn
diff --git a/tests/unit-tests/signature-info.t.cpp b/tests/unit-tests/signature-info.t.cpp
index b1f2047..9e7f600 100644
--- a/tests/unit-tests/signature-info.t.cpp
+++ b/tests/unit-tests/signature-info.t.cpp
@@ -155,6 +155,56 @@
BOOST_CHECK_THROW(info.getKeyLocator(), SignatureInfo::Error);
}
+BOOST_AUTO_TEST_CASE(ValidityPeriodExtension)
+{
+ const uint8_t sigInfo[] = {
+ 0x16, 0x45, // SignatureInfo
+ 0x1b, 0x01, // SignatureType
+ 0x01, // Sha256WithRsa
+ 0x1c, 0x16, // KeyLocator
+ 0x07, 0x14, // Name
+ 0x08, 0x04,
+ 0x74, 0x65, 0x73, 0x74,
+ 0x08, 0x03,
+ 0x6b, 0x65, 0x79,
+ 0x08, 0x07,
+ 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72,
+ 0xfd, 0x00, 0xfd, 0x26, // ValidityPeriod
+ 0xfd, 0x00, 0xfe, 0x0f, // NotBefore
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x31, // 19700101T000000
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0xfd, 0x00, 0xff, 0x0f, // NotAfter
+ 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x32, // 19700102T000000
+ 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30
+ };
+
+ time::system_clock::TimePoint notBefore = time::getUnixEpoch();
+ time::system_clock::TimePoint notAfter = notBefore + time::days(1);
+ security::ValidityPeriod vp1(notBefore, notAfter);
+
+ // encode
+ SignatureInfo info;
+ info.setSignatureType(tlv::SignatureSha256WithRsa);
+ info.setKeyLocator(KeyLocator("/test/key/locator"));
+ info.setValidityPeriod(vp1);
+
+ BOOST_CHECK(info.getValidityPeriod() == vp1);
+
+ const Block& encoded = info.wireEncode();
+
+ BOOST_CHECK_EQUAL_COLLECTIONS(sigInfo, sigInfo + sizeof(sigInfo),
+ encoded.wire(), encoded.wire() + encoded.size());
+
+ // decode
+ Block block(sigInfo, sizeof(sigInfo));
+ SignatureInfo info2;
+ info2.wireDecode(block);
+ BOOST_CHECK(info2.getValidityPeriod() == vp1);
+
+ const security::ValidityPeriod& validityPeriod = info2.getValidityPeriod();
+ BOOST_CHECK(validityPeriod.getPeriod() == std::make_pair(notBefore, notAfter));
+}
+
BOOST_AUTO_TEST_CASE(OtherTlvs)
{
SignatureInfo info;