Issues and signs certificates for Zero Trust identity validation. More...

#include <zt-certificate.h>

Collaboration diagram for CertificateAuthority:

Public Member Functions
	CertificateAuthority ()
	Constructor that initializes and generates RSA key pair.

std::string	SignIdentity (uint32_t nodeId, const std::string &role, time_t expiry)
	Signs an identity certificate with node ID, role, and expiry.

CryptoPP::RSA::PublicKey	GetPublicKey () const
	Retrieves the public RSA key of the CA.

Private Attributes
CryptoPP::RSA::PrivateKey	privateKey
	RSA private key used for signing certificates.

CryptoPP::RSA::PublicKey	publicKey
	RSA public key distributed for verification.

Detailed Description

Issues and signs certificates for Zero Trust identity validation.

Simulates a Certificate Authority (CA) that issues and signs identity certificates.

The CA generates a public-private RSA key pair and uses it to sign certificates for nodes, which include identity, role, and expiry information.

Definition at line 17 of file zt-certificate.h.

Constructor & Destructor Documentation

◆ CertificateAuthority()

CertificateAuthority::CertificateAuthority ( )

Constructor that initializes and generates RSA key pair.

Definition at line 16 of file zt-certificate.cc.

                                           {
  AutoSeededRandomPool prng;
  privateKey.GenerateRandomWithKeySize(prng, 1024);
  publicKey = privateKey;
}

Member Function Documentation

◆ GetPublicKey()

RSA::PublicKey CertificateAuthority::GetPublicKey ( ) const

Retrieves the public RSA key of the CA.

Returns the public key of the Certificate Authority.

Returns: The public key corresponding to the CA's private key.; RSA public key

Definition at line 52 of file zt-certificate.cc.

                                                      {
  return publicKey;
}

Here is the caller graph for this function:

◆ SignIdentity()

std::string CertificateAuthority::SignIdentity	(	uint32_t	nodeId,
		const std::string &	role,
		time_t	expiry
	)

Signs an identity certificate with node ID, role, and expiry.

Signs a certificate with node ID, role, and expiry.

Parameters

nodeId	The unique identifier of the node.
role	The assigned role of the node (e.g., "sensor", "gateway").
expiry	Expiry timestamp for the certificate.

Returns: A signed certificate string in plain format with a base64-encoded signature.

Parameters

nodeId	ID of the node requesting certificate
role	Role assigned to the node (e.g., sensor, gateway)
expiry	Expiry timestamp of the certificate

Returns: Signed certificate string with base64-encoded signature

Definition at line 29 of file zt-certificate.cc.

                                                                                                  {
  AutoSeededRandomPool prng;
 
  std::ostringstream cert;
  cert << "ID:" << nodeId << "|ROLE:" << role << "|EXP:" << expiry;
 
  RSASS<PSSR, SHA1>::Signer signer(privateKey);
  std::string signature;
  StringSource(cert.str(), true,
    new SignerFilter(prng, signer,
      new StringSink(signature)));
 
  std::string encodedSig;
  StringSource(signature, true,
    new Base64Encoder(new StringSink(encodedSig), false));
 
  return cert.str() + "|SIG:" + encodedSig;
}

Here is the caller graph for this function:

Field Documentation

◆ privateKey

CryptoPP::RSA::PrivateKey CertificateAuthority::privateKey

private

RSA private key used for signing certificates.

Definition at line 40 of file zt-certificate.h.

◆ publicKey

CryptoPP::RSA::PublicKey CertificateAuthority::publicKey

private

RSA public key distributed for verification.

Definition at line 41 of file zt-certificate.h.

The documentation for this class was generated from the following files:

model/zt-certificate.h
model/zt-certificate.cc

Public Member Functions

Private Attributes