Project

General

Profile

Actions

Task #3103

closed

Implement abstraction for certificate in new format

Added by Yingdi Yu over 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
08/14/2015
Due date:
% Done:

100%

Estimated time:

Description

With the new certificate format, the original thought is to use class Data directly to express certificate.
However, we found that this would be a little bit inconvenient to manipulate certificate in ndn-cxx.
After a quick discussion with Alex yesterday, we decided to implement class Certificate for certificate in new format.

Since we have already had class Certificate which has many dependencies with other classes in ndn-cxx, directly revising the existing Certificate class is not a good choice. Therefore, we will rename the existing one to be under ndn::security::old namespace, and then define a new Certificate class under ndn::security namespace, i.e., ndn::security::Certificate. All the existing classes will still use ndn::security::old::Certificate, the new ndn::security::Certificate will be used in new KeyChain and Validator implementation (We will apply the same strategy for both KeyChain and Validator refactoring).

The interface of new Certificate is defined as:

class Certificate : public Data 
{
public:
  Certificate();
  Certificate(const Block& block);

  /// @brief Set the certificate name which must follow the new certificate format naming convention
  setName(const Name& name);

  /// @brief Get the certificate name
  Name
  getName() const;

  /// @brief Get key name (key name is certificate name without version component)
  Name
  getKeyName() const;

  /// @brief Get identity name (identity name is key name without 'KEY' and keyId components)
  Name 
  getIdentity() const;

  /// @brief Set public key (the key bits is in PKCS#8 format)
  void
  setPublicKey(const uint8_t* key, size_t keyLen);

  /// @brief Get public key bits (in PKCS#8 format)
  const Buffer&
  getPublicKey() const;

  /**
   * @return the signer name in KeyLocator
   * @throw Error when KeyLocator is not a name
   */
  Name
  getIssuerName() const;

  /// @brief Check if the certificate is valid at @p ts.
  bool
  isInValidityPeriod(const TimePoint& ts = now()) const;

  /// @brief Add extension
  addExtension(const Block& extension);

  /// @brief Get extension with TLV @p type 
  Block
  getExtension(uint32_t type) const;
}

Related issues 2 (0 open2 closed)

Related to ndn-cxx - Task #2861: Write certificate format 2.0 docClosedYingdi Yu06/08/2015

Actions
Blocks ndn-cxx - Task #2926: Refactor KeyChainClosedYingdi Yu

Actions
Actions

Also available in: Atom PDF