Project

General

Profile

Actions

Task #3103

closed

Implement abstraction for certificate in new format

Added by Yingdi Yu over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
08/14/2015
Due date:
% Done:

100%

Estimated time:

Description

With the new certificate format, the original thought is to use class Data directly to express certificate.
However, we found that this would be a little bit inconvenient to manipulate certificate in ndn-cxx.
After a quick discussion with Alex yesterday, we decided to implement class Certificate for certificate in new format.

Since we have already had class Certificate which has many dependencies with other classes in ndn-cxx, directly revising the existing Certificate class is not a good choice. Therefore, we will rename the existing one to be under ndn::security::old namespace, and then define a new Certificate class under ndn::security namespace, i.e., ndn::security::Certificate. All the existing classes will still use ndn::security::old::Certificate, the new ndn::security::Certificate will be used in new KeyChain and Validator implementation (We will apply the same strategy for both KeyChain and Validator refactoring).

The interface of new Certificate is defined as:

class Certificate : public Data 
{
public:
  Certificate();
  Certificate(const Block& block);

  /// @brief Set the certificate name which must follow the new certificate format naming convention
  setName(const Name& name);

  /// @brief Get the certificate name
  Name
  getName() const;

  /// @brief Get key name (key name is certificate name without version component)
  Name
  getKeyName() const;

  /// @brief Get identity name (identity name is key name without 'KEY' and keyId components)
  Name 
  getIdentity() const;

  /// @brief Set public key (the key bits is in PKCS#8 format)
  void
  setPublicKey(const uint8_t* key, size_t keyLen);

  /// @brief Get public key bits (in PKCS#8 format)
  const Buffer&
  getPublicKey() const;

  /**
   * @return the signer name in KeyLocator
   * @throw Error when KeyLocator is not a name
   */
  Name
  getIssuerName() const;

  /// @brief Check if the certificate is valid at @p ts.
  bool
  isInValidityPeriod(const TimePoint& ts = now()) const;

  /// @brief Add extension
  addExtension(const Block& extension);

  /// @brief Get extension with TLV @p type 
  Block
  getExtension(uint32_t type) const;
}

Related issues 2 (0 open2 closed)

Related to ndn-cxx - Task #2861: Write certificate format 2.0 docClosedYingdi Yu06/08/2015

Actions
Blocks ndn-cxx - Task #2926: Refactor KeyChainClosedYingdi Yu

Actions
Actions #1

Updated by Yingdi Yu over 9 years ago

Actions #2

Updated by Yingdi Yu over 9 years ago

  • Related to Task #2861: Write certificate format 2.0 doc added
Actions #3

Updated by Yingdi Yu over 9 years ago

  • Assignee set to Zhiyi Zhang
Actions #4

Updated by Junxiao Shi over 9 years ago

  • Subject changed from Implement abstraction for certificate in new fomrat to Implement abstraction for certificate in new format
Actions #5

Updated by Yingdi Yu over 9 years ago

  • Status changed from New to Code review
  • % Done changed from 0 to 80
Actions #6

Updated by Yingdi Yu over 9 years ago

After some thoughts, I feel we should make certificate abstraction read-only, otherwise it may contradict with current Signature abstraction and the KeyChain signing abstraction.

Actions #7

Updated by Junxiao Shi over 9 years ago

commit:c8fe843c0acc527564f7b47bbfc7f83a1433c723 places Certificate in tmp directory.

Previously, it's placed in the normal place, while old abstraction are moved into old directory.

What's the rationale for the design switch?

Actions #8

Updated by Yingdi Yu over 9 years ago

because renaming old class introduces more changes (e.g., renaming those classes in all depending files) than putting the new class in a new directory. We tried renaming once, but the result is not very good.

Actions #9

Updated by Yingdi Yu over 9 years ago

  • Status changed from Code review to Closed
  • % Done changed from 80 to 100
Actions

Also available in: Atom PDF