Feature #5004
openCertificateBundle encoding and decoding
20%
Description
Implement CertificateBundle low-level encoding and decoding API, as specified in #2766-30.
This issue includes these functions and types:
deriveCertBundleName
deriveCertBundlePrefixFromKeyLocator
encodeCertBundle
CertBundleDecoder
Updated by Junxiao Shi about 5 years ago
- Blocks Feature #5005: CertificateBundle publisher added
Updated by Junxiao Shi about 5 years ago
- Blocks Feature #5007: CertificateBundle fetcher added
Updated by Junxiao Shi about 5 years ago
Reminder sent to assignee: https://www.lists.cs.ucla.edu/pipermail/nfd-dev/2019-October/003828.html
Updated by Jeremy Clark about 5 years ago
- Status changed from New to In Progress
Updated by Jeremy Clark about 5 years ago
For the deriveCertBundleName and deriveCertBundlePrefixFromKeyLocator functions, what should they return if the name passed to the function isn't correct?
Updated by Junxiao Shi about 5 years ago
what should they return if the name passed to the function isn't correct?
If argument is wrong, throw std::invalid_argument
exception.
Updated by Junxiao Shi about 5 years ago
- Blocked by Feature #4696: SegmentPublisher: segmentation utility added
Updated by Junxiao Shi about 5 years ago
Part of this task is blocked by #4696 because encodeCertBundle
relies on SegmentPublisher
.
Other parts are not blocked. You can submit a Gerrit Change when unblocked parts are ready.
Updated by Junxiao Shi about 5 years ago
Reminder sent to assignee: https://www.lists.cs.ucla.edu/pipermail/nfd-dev/2019-November/003874.html
Updated by Jeremy Clark about 5 years ago
Should I ignore encodeCertBundle
for now, write the skeleton of the method around the call to the SegmentPublisher
, or include a simple segmentation implementation within it?
Updated by Junxiao Shi about 5 years ago
Should I ignore
encodeCertBundle
for now, write the skeleton of the method around the call to theSegmentPublisher
, or include a simple segmentation implementation within it?
You should submit a Change without encodeCertBundle
and anything else that depend on SegmentPublisher
.
You should also push the assignee of #4696 to complete his/her assignment, so that you can continue working on encodeCertBundle
.
In either case, "simple segmentation implementation" is NOT part of this task.
Updated by Jeremy Clark almost 5 years ago
Since the bundle decoder is a stream decoder, when a data segment is appended, should the decoder check if that segment is (or is part of) a certificate?
Does it make each bundle available as they are decoded?
Updated by Junxiao Shi almost 5 years ago
when a data segment is appended, should the decoder check if that segment is (or is part of) a certificate?
Does it make each bundle available as they are decoded?
Yes. The logic would be similar as reading top-level TLV packets from a stream socket.
Updated by Jeremy Clark almost 5 years ago
Is it possible for a data segment to contain part of two different certificates? For example, if segments are 8000 bytes each and a certificate is 9000, would the first certificate be contained in the first and second segment and the start of the second certificate also be contained in the second segment?
If this is the case, is there a class in ndn-cxx for reading TLV data directly?
Updated by Junxiao Shi almost 5 years ago
Is it possible for a data segment to contain part of two different certificates? For example, if segments are 8000 bytes each and a certificate is 9000, would the first certificate be contained in the first and second segment and the start of the second certificate also be contained in the second segment?
Yes, this is allowed by protocol.
is there a class in ndn-cxx for reading TLV data directly?
SegmentFetcher
and SegmentPublisher
are expected to expose a streaming interface. Decoding and encoding certificates in the payload stream of a segmented object shall be similar as decoding and encoding L3 packets in a Unix socket.
Updated by Ashlesh Gawande almost 5 years ago
is there a class in ndn-cxx for reading TLV data directly?
SegmentFetcher
andSegmentPublisher
are expected to expose a streaming interface. Decoding and encoding certificates in the payload stream of a segmented object shall be similar as decoding and encoding L3 packets in a Unix socket.
Could you please point to the code?
Updated by Junxiao Shi almost 5 years ago
I don’t know enough about C++ version. In Python it’s here:
https://github.com/zjkmxy/python-ndn/blob/16cb6de6537a334ada2e76c2a43b156269edfed3/src/ndn/transport/stream_socket.py
Updated by Jeremy Clark almost 5 years ago
What is the SegmentFetcher exposing its streaming interface to? Is the purpose of the append function in the CertBundleDecoder not to accept incoming segments from the Fetcher?
Updated by Junxiao Shi almost 5 years ago
What is the SegmentFetcher exposing its streaming interface to? Is the purpose of the append function in the CertBundleDecoder not to accept incoming segments from the Fetcher?
CertBundleFetcher
would use SegmentFetcher
to retrieve the segments, and pass each received segment to CertBundleDecoder::append
.
Updated by Jeremy Clark almost 5 years ago
Ok. What do you mean by "expose a streaming interface?"
Updated by Junxiao Shi over 4 years ago
Ok. What do you mean by "expose a streaming interface?"
This means the decoder can incrementally accept input, and emit successfully decoded certificates as they are received.
In TypeScript analogy, it's a function that accepts AsyncIterable<Uint8Array>
type and returns AsyncIterable<Certificate>
type.
Updated by Alex Afanasyev over 4 years ago
- Tags changed from CertificateBundle to CertificateBundle, security
Updated by Jeremy Clark over 4 years ago
The design states that "A producer MAY provide one or more certificate bundle names in the RDR metadata."
Should creation of the metadata packets be part of the publishing API or is my goal here just to extend the existing MetadataObject with the ability to create such packets?
Updated by Junxiao Shi over 4 years ago
MetadataObject
needs to have an extension for Certificate Bundle name, but publishing RDR metadata isn't certificate bundle's responsibility.
Updated by Davide Pesavento over 3 years ago
- Target version changed from 0.8.0 to 0.9.0
Updated by Davide Pesavento about 1 year ago
- Tags changed from security, CertificateBundle to CertificateBundle
- Assignee deleted (
Jeremy Clark) - Target version deleted (
0.9.0)