From d4abb1294c14b37e40375ea8d788a2ddcd501f6f Mon Sep 17 00:00:00 2001 From: Junxiao Shi Date: Fri, 15 Jan 2021 14:14:57 +0000 Subject: [PATCH] keychain: build certificate into Data::Signed type --- README.md | 1 + src/ndnph/keychain/certificate.hpp | 76 +++++++------------------- src/ndnph/keychain/ec.hpp | 35 ++++++------ src/ndnph/keychain/validity-period.hpp | 14 ++--- 4 files changed, 43 insertions(+), 83 deletions(-) diff --git a/README.md b/README.md index a2bb66a..0239ef2 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ Packet encoding and decoding Transports * UDP: unicast only +* libmemif KeyChain diff --git a/src/ndnph/keychain/certificate.hpp b/src/ndnph/keychain/certificate.hpp index f5890dd..eeaa242 100644 --- a/src/ndnph/keychain/certificate.hpp +++ b/src/ndnph/keychain/certificate.hpp @@ -223,70 +223,32 @@ getValidity(const Data& data) } // namespace certificate namespace detail { -template -class CertificateBuilder +template +Data::Signed +buildCertificate(Region& region, const Name& name, const ValidityPeriod& validity, + const Signer& signer, const Modify& modify) { -public: - template - static CertificateBuilder create(Region& region, const Name& name, - const ValidityPeriod& validity, const Signer& signer, - const Modify& modify) - { - CertificateBuilder builder(region, signer); - if (!builder) { - return builder.reset(); - } - - Data& data = builder.m_data; - data.setName(certificate::toCertName(region, name)); - data.setContentType(ContentType::Key); - data.setFreshnessPeriod(3600000); - bool ok = modify(data); - if (!ok) { - return builder.reset(); - } - - DSigInfo& si = builder.m_si; - { - Encoder encoder(region); - encoder.prepend(validity); - si.extensions = tlv::Value(encoder); - encoder.trim(); - } - return builder; - } - - explicit operator bool() const - { - return !!m_data; + auto data = region.create(); + if (!data) { + return Data::Signed(); } + data.setName(certificate::toCertName(region, name)); + data.setContentType(ContentType::Key); + data.setFreshnessPeriod(3600000); - void encodeTo(Encoder& encoder) const + DSigInfo si; { - if (!m_data) { - encoder.setError(); - } else { - m_data.sign(m_signer, m_si).encodeTo(encoder); - } + Encoder encoder(region); + encoder.prepend(validity); + si.extensions = tlv::Value(encoder); + encoder.trim(); } -private: - explicit CertificateBuilder(Region& region, const Signer& signer) - : m_data(region.create()) - , m_signer(signer) - {} - - CertificateBuilder& reset() - { - m_data = Data(); - return *this; + if (!modify(data)) { + return Data::Signed(); } - -private: - Data m_data; - DSigInfo m_si; - const Signer& m_signer; -}; + return data.sign(signer, std::move(si)); +} } // namespace detail } // namespace ndnph diff --git a/src/ndnph/keychain/ec.hpp b/src/ndnph/keychain/ec.hpp index 6dc6bc2..dfbd795 100644 --- a/src/ndnph/keychain/ec.hpp +++ b/src/ndnph/keychain/ec.hpp @@ -143,24 +143,22 @@ class EcPublicKey : public PublicKey * are kept alive. */ template - detail::CertificateBuilder buildCertificate(Region& region, const Name& name, - const ValidityPeriod& validity, - const Signer& signer) const + Data::Signed buildCertificate(Region& region, const Name& name, const ValidityPeriod& validity, + const Signer& signer) const { - return detail::CertificateBuilder::create( - region, name, validity, signer, [&](Data& data) { - auto spkiHdr = detail::getSpkiHeader(); - size_t spkiLen = spkiHdr.size() + KeyLen::value; - uint8_t* spki = region.alloc(spkiLen); - if (spki == nullptr) { - return false; - } - - auto pos = std::copy_n(spkiHdr.begin(), spkiHdr.size(), spki); - std::copy_n(m_raw, KeyLen::value, pos); - data.setContent(tlv::Value(spki, spkiLen)); - return true; - }); + return detail::buildCertificate(region, name, validity, signer, [&](Data& data) { + auto spkiHdr = detail::getSpkiHeader(); + size_t spkiLen = spkiHdr.size() + KeyLen::value; + uint8_t* spki = region.alloc(spkiLen); + if (spki == nullptr) { + return false; + } + + auto pos = std::copy_n(spkiHdr.begin(), spkiHdr.size(), spki); + std::copy_n(m_raw, KeyLen::value, pos); + data.setContent(tlv::Value(spki, spkiLen)); + return true; + }); } /** @@ -173,8 +171,7 @@ class EcPublicKey : public PublicKey * are kept alive. */ template - detail::CertificateBuilder selfSign(Region& region, const ValidityPeriod& validity, - const Signer& signer) const + Data::Signed selfSign(Region& region, const ValidityPeriod& validity, const Signer& signer) const { Name certName = certificate::makeCertName(region, getName(), certificate::getIssuerSelf()); return buildCertificate(region, certName, validity, signer); diff --git a/src/ndnph/keychain/validity-period.hpp b/src/ndnph/keychain/validity-period.hpp index dd694ad..46a9df5 100644 --- a/src/ndnph/keychain/validity-period.hpp +++ b/src/ndnph/keychain/validity-period.hpp @@ -42,7 +42,7 @@ class ValidityPeriod /** @brief Get a very long ValidityPeriod. */ static ValidityPeriod getMax() { - return ValidityPeriod(540109800, MaxTime::value); + return ValidityPeriod(540109800, MAX_TIME); } ValidityPeriod() = default; @@ -88,8 +88,13 @@ class ValidityPeriod } private: + static constexpr time_t MAX_TIME = + sizeof(time_t) <= 4 ? std::numeric_limits::max() : 253402300799; static constexpr size_t TIMESTAMP_LEN = 15; static constexpr size_t TIMESTAMP_BUFLEN = TIMESTAMP_LEN + 1; + static constexpr size_t ENCODE_LENGTH = + tlv::sizeofVarNum(TT::NotBefore) + tlv::sizeofVarNum(TIMESTAMP_LEN) + TIMESTAMP_LEN + + tlv::sizeofVarNum(TT::NotAfter) + tlv::sizeofVarNum(TIMESTAMP_LEN) + TIMESTAMP_LEN; static const char* getTimestampFormat() { @@ -128,7 +133,7 @@ class ValidityPeriod detail::UtcTimezone useUtc; *v = mktime(&m); if (sizeof(time_t) <= 4 && *v < 0 && (1900 + m.tm_year) >= 2038) { - *v = MaxTime::value; + *v = MAX_TIME; } return *v >= 0; } @@ -139,11 +144,6 @@ class ValidityPeriod /** @brief NotAfter field in seconds since Unix epoch. */ time_t notAfter = 0; - -private: - using MaxTime = - std::integral_constant::max() : 253402300799>; }; inline bool