Project

General

Profile

Feature #5004

CertificateBundle encoding and decoding

Added by Junxiao Shi about 2 years ago. Updated 4 months ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
Due date:
% Done:

20%

Estimated time:
6.00 h

Description

Implement CertificateBundle low-level encoding and decoding API, as specified in #2766-30.

This issue includes these functions and types:

  • deriveCertBundleName
  • deriveCertBundlePrefixFromKeyLocator
  • encodeCertBundle
  • CertBundleDecoder

Related issues

Blocks ndn-cxx - Feature #5005: CertificateBundle publisherNewJeremy Clark

Actions
Blocks ndn-cxx - Feature #5007: CertificateBundle fetcherNewJeremy Clark

Actions
Blocked by ndn-cxx - Feature #4696: SegmentPublisher: segmentation utilityIn Progress

Actions
#1

Updated by Junxiao Shi about 2 years ago

#2

Updated by Junxiao Shi about 2 years ago

  • Tags set to CertificateBundle
#3

Updated by Junxiao Shi about 2 years ago

#4

Updated by Junxiao Shi about 2 years ago

  • Description updated (diff)
#6

Updated by Jeremy Clark almost 2 years ago

  • Status changed from New to In Progress
#7

Updated by Jeremy Clark almost 2 years ago

For the deriveCertBundleName and deriveCertBundlePrefixFromKeyLocator functions, what should they return if the name passed to the function isn't correct?

#8

Updated by Junxiao Shi almost 2 years ago

what should they return if the name passed to the function isn't correct?

If argument is wrong, throw std::invalid_argument exception.

#9

Updated by Junxiao Shi almost 2 years ago

  • Blocked by Feature #4696: SegmentPublisher: segmentation utility added
#10

Updated by Junxiao Shi almost 2 years ago

Part of this task is blocked by #4696 because encodeCertBundle relies on SegmentPublisher.
Other parts are not blocked. You can submit a Gerrit Change when unblocked parts are ready.

#12

Updated by Jeremy Clark almost 2 years ago

Should I ignore encodeCertBundle for now, write the skeleton of the method around the call to the SegmentPublisher, or include a simple segmentation implementation within it?

#13

Updated by Junxiao Shi almost 2 years ago

Should I ignore encodeCertBundle for now, write the skeleton of the method around the call to the SegmentPublisher, or include a simple segmentation implementation within it?

You should submit a Change without encodeCertBundle and anything else that depend on SegmentPublisher.
You should also push the assignee of #4696 to complete his/her assignment, so that you can continue working on encodeCertBundle.
In either case, "simple segmentation implementation" is NOT part of this task.

#14

Updated by Jeremy Clark over 1 year ago

Since the bundle decoder is a stream decoder, when a data segment is appended, should the decoder check if that segment is (or is part of) a certificate?

Does it make each bundle available as they are decoded?

#15

Updated by Junxiao Shi over 1 year ago

when a data segment is appended, should the decoder check if that segment is (or is part of) a certificate?
Does it make each bundle available as they are decoded?

Yes. The logic would be similar as reading top-level TLV packets from a stream socket.

#16

Updated by Jeremy Clark over 1 year ago

Is it possible for a data segment to contain part of two different certificates? For example, if segments are 8000 bytes each and a certificate is 9000, would the first certificate be contained in the first and second segment and the start of the second certificate also be contained in the second segment?

If this is the case, is there a class in ndn-cxx for reading TLV data directly?

#17

Updated by Junxiao Shi over 1 year ago

Is it possible for a data segment to contain part of two different certificates? For example, if segments are 8000 bytes each and a certificate is 9000, would the first certificate be contained in the first and second segment and the start of the second certificate also be contained in the second segment?

Yes, this is allowed by protocol.

is there a class in ndn-cxx for reading TLV data directly?

SegmentFetcher and SegmentPublisher are expected to expose a streaming interface. Decoding and encoding certificates in the payload stream of a segmented object shall be similar as decoding and encoding L3 packets in a Unix socket.

#18

Updated by Ashlesh Gawande over 1 year ago

is there a class in ndn-cxx for reading TLV data directly?

SegmentFetcher and SegmentPublisher are expected to expose a streaming interface. Decoding and encoding certificates in the payload stream of a segmented object shall be similar as decoding and encoding L3 packets in a Unix socket.

Could you please point to the code?

#20

Updated by Jeremy Clark over 1 year ago

What is the SegmentFetcher exposing its streaming interface to? Is the purpose of the append function in the CertBundleDecoder not to accept incoming segments from the Fetcher?

#21

Updated by Junxiao Shi over 1 year ago

What is the SegmentFetcher exposing its streaming interface to? Is the purpose of the append function in the CertBundleDecoder not to accept incoming segments from the Fetcher?

CertBundleFetcher would use SegmentFetcher to retrieve the segments, and pass each received segment to CertBundleDecoder::append.

#22

Updated by Jeremy Clark over 1 year ago

Ok. What do you mean by "expose a streaming interface?"

#23

Updated by Junxiao Shi over 1 year ago

Ok. What do you mean by "expose a streaming interface?"

This means the decoder can incrementally accept input, and emit successfully decoded certificates as they are received.
In TypeScript analogy, it's a function that accepts AsyncIterable<Uint8Array> type and returns AsyncIterable<Certificate> type.

#24

Updated by Alex Afanasyev over 1 year ago

  • Tags changed from CertificateBundle to CertificateBundle, security
#25

Updated by Jeremy Clark about 1 year ago

The design states that "A producer MAY provide one or more certificate bundle names in the RDR metadata."

Should creation of the metadata packets be part of the publishing API or is my goal here just to extend the existing MetadataObject with the ability to create such packets?

#26

Updated by Junxiao Shi about 1 year ago

MetadataObject needs to have an extension for Certificate Bundle name, but publishing RDR metadata isn't certificate bundle's responsibility.

#27

Updated by Davide Pesavento about 1 year ago

  • % Done changed from 0 to 20
#28

Updated by Davide Pesavento 4 months ago

  • Target version changed from v0.8 to v0.9

Also available in: Atom PDF