Documentation
¶
Index ¶
- Constants
- func CertIsExpired(cert ndn.Data) bool
- func DecodeFile(content []byte) (signers []ndn.Signer, certs [][]byte, err error)
- func GetIdentityFromCertName(name enc.Name) (enc.Name, error)
- func GetIdentityFromKeyName(name enc.Name) (enc.Name, error)
- func GetKeyNameFromCertName(name enc.Name) (enc.Name, error)
- func MakeCertName(keyName enc.Name, issuerId enc.Component, version uint64) (enc.Name, error)
- func MakeKeyName(name enc.Name) enc.Name
- func PemDecode(str []byte) [][]byte
- func PemEncode(raw []byte) ([]byte, error)
- func SelfSign(args SignCertArgs) (wire enc.Wire, err error)
- func SignCert(args SignCertArgs) (enc.Wire, error)
- type CertCache
- type SignCertArgs
- type TrustConfig
- type TrustConfigValidateArgs
Constants ¶
const PEM_HEADER_KEY = "SignerKey"
const PEM_HEADER_NAME = "Name"
const PEM_HEADER_SIGTYPE = "SigType"
const PEM_HEADER_VALIDITY = "Validity"
const PEM_TYPE_CERT = "NDN CERT"
const PEM_TYPE_SECRET = "NDN KEY"
Variables ¶
This section is empty.
Functions ¶
func CertIsExpired ¶
Checks whether a certificate's validity period (as specified in its signature) has expired based on the current time, considering both notBefore and notAfter timestamps.
func DecodeFile ¶
DecodeFile decodes all signers and certs from the given content. The input can either be TLV or PEM encoded. If PEM encoded, the input may have more than one signers and/or certs. May return empty slices for signers and certs if no valid entries.
func GetIdentityFromCertName ¶
GetIdentityFromCertName extracts the identity name from a certificate name.
func GetIdentityFromKeyName ¶
GetIdentityFromKeyName extracts the identity name from a key name.
func GetKeyNameFromCertName ¶
GetKeyNameFromCertName extracts the key name from a certificate name.
func MakeCertName ¶
MakeCertName generates a new certificate name for a given key name.
func MakeKeyName ¶
MakeKeyName generates a new key name for a given identity.
Types ¶
type CertCache ¶
type CertCache struct {
// contains filtered or unexported fields
}
CertCache is a memcache for certificates. It stores certificates by their name and key locator. Only the most recent certificate is stored. The cache is thread-safe.
func NewCertCache ¶
func NewCertCache() *CertCache
Constructs a new empty CertCache instance for managing certificate storage and retrieval.
type SignCertArgs ¶
type SignCertArgs struct {
// Signer is the private key used to sign the certificate.
Signer ndn.Signer
// Data is the CSR or Key to be signed.
Data ndn.Data
// IssuerId is the issuer ID to be included in the certificate name.
IssuerId enc.Component
// NotBefore is the start of the certificate validity period.
NotBefore time.Time
// NotAfter is the end of the certificate validity period.
NotAfter time.Time
// Description is extra information to be included in the certificate.
Description map[string]string
// CrossSchema to attach to the certificate.
CrossSchema enc.Wire
}
SignCertArgs are the arguments to SignCert.
type TrustConfig ¶
type TrustConfig struct {
// UseDataNameFwHint enables using the data name as the forwarding hint.
// This flag is useful depending on application naming structure.
//
// When a Data is being verified, every certificate in the chain
// will be fetched by attaching the original Data name as the
// forwarding hint to the Interest.
UseDataNameFwHint bool
// contains filtered or unexported fields
}
TrustConfig is the configuration of the trust module.
func NewTrustConfig ¶
func NewTrustConfig(keyChain ndn.KeyChain, schema ndn.TrustSchema, roots []enc.Name) (*TrustConfig, error)
NewTrustConfig creates a new TrustConfig. ALl roots must be full names and already present in the keychain.
func (*TrustConfig) String ¶
func (tc *TrustConfig) String() string
Returns the string "trust-config" as the string representation of the TrustConfig instance.
func (*TrustConfig) Suggest ¶
func (tc *TrustConfig) Suggest(name enc.Name) ndn.Signer
Suggest suggests a signer for a given name.
func (*TrustConfig) Validate ¶
func (tc *TrustConfig) Validate(args TrustConfigValidateArgs)
Validate validates a Data packet using a fetch API.
type TrustConfigValidateArgs ¶
type TrustConfigValidateArgs struct {
// Data is the packet to validate.
Data ndn.Data
// DataSigCov is the signature covered data wire.
DataSigCov enc.Wire
// Fetch is the fetch function to use for fetching certificates.
// The fetcher MUST check the store for the certificate before fetching.
Fetch func(enc.Name, *ndn.InterestConfig, ndn.ExpressCallbackFunc)
// UseDataNameFwHint overrides trust config option.
UseDataNameFwHint optional.Optional[bool]
// Callback is the callback to call when validation is done.
Callback func(bool, error)
// OverrideName is an override for the data name (advanced usage).
OverrideName enc.Name
// ignore ValidityPeriod in the valication chain
IgnoreValidity optional.Optional[bool]
// contains filtered or unexported fields
}
TrustConfigValidateArgs are the arguments for the TrustConfig Validate function.
Source Files
Directories