Task #3103
closedImplement abstraction for certificate in new format
100%
Description
With the new certificate format, the original thought is to use class Data
directly to express certificate.
However, we found that this would be a little bit inconvenient to manipulate certificate in ndn-cxx.
After a quick discussion with Alex yesterday, we decided to implement class Certificate
for certificate in new format.
Since we have already had class Certificate
which has many dependencies with other classes in ndn-cxx, directly revising the existing Certificate
class is not a good choice. Therefore, we will rename the existing one to be under ndn::security::old
namespace, and then define a new Certificate class under ndn::security
namespace, i.e., ndn::security::Certificate
. All the existing classes will still use ndn::security::old::Certificate
, the new ndn::security::Certificate
will be used in new KeyChain and Validator implementation (We will apply the same strategy for both KeyChain and Validator refactoring).
The interface of new Certificate is defined as:
class Certificate : public Data
{
public:
Certificate();
Certificate(const Block& block);
/// @brief Set the certificate name which must follow the new certificate format naming convention
setName(const Name& name);
/// @brief Get the certificate name
Name
getName() const;
/// @brief Get key name (key name is certificate name without version component)
Name
getKeyName() const;
/// @brief Get identity name (identity name is key name without 'KEY' and keyId components)
Name
getIdentity() const;
/// @brief Set public key (the key bits is in PKCS#8 format)
void
setPublicKey(const uint8_t* key, size_t keyLen);
/// @brief Get public key bits (in PKCS#8 format)
const Buffer&
getPublicKey() const;
/**
* @return the signer name in KeyLocator
* @throw Error when KeyLocator is not a name
*/
Name
getIssuerName() const;
/// @brief Check if the certificate is valid at @p ts.
bool
isInValidityPeriod(const TimePoint& ts = now()) const;
/// @brief Add extension
addExtension(const Block& extension);
/// @brief Get extension with TLV @p type
Block
getExtension(uint32_t type) const;
}
Updated by Yingdi Yu over 9 years ago
- Blocks Task #2926: Refactor KeyChain added
Updated by Yingdi Yu over 9 years ago
- Related to Task #2861: Write certificate format 2.0 doc added
Updated by Junxiao Shi over 9 years ago
- Subject changed from Implement abstraction for certificate in new fomrat to Implement abstraction for certificate in new format
Updated by Yingdi Yu over 9 years ago
- Status changed from New to Code review
- % Done changed from 0 to 80
Updated by Yingdi Yu over 9 years ago
After some thoughts, I feel we should make certificate abstraction read-only, otherwise it may contradict with current Signature abstraction and the KeyChain signing abstraction.
Updated by Junxiao Shi over 9 years ago
commit:c8fe843c0acc527564f7b47bbfc7f83a1433c723 places Certificate
in tmp
directory.
Previously, it's placed in the normal place, while old abstraction are moved into old
directory.
What's the rationale for the design switch?
Updated by Yingdi Yu over 9 years ago
because renaming old class introduces more changes (e.g., renaming those classes in all depending files) than putting the new class in a new directory. We tried renaming once, but the result is not very good.
Updated by Yingdi Yu over 9 years ago
- Status changed from Code review to Closed
- % Done changed from 80 to 100