ndn_cert/
lib.rs

1//! NDNCERT — NDN Certificate Management Protocol.
2//!
3//! This crate implements the NDNCERT protocol for automated NDN certificate
4//! issuance. It is transport-agnostic: protocol types are serialized to/from
5//! JSON bytes that are carried in NDN ApplicationParameters and Content fields.
6//! The network wiring (Producer/Consumer) lives in the `ndn-identity` crate.
7//!
8//! Phase 1C will replace the JSON wire format with full NDN TLV encoding
9//! (NDNCERT 0.3 type assignments defined in [`protocol`]), enabling interop
10//! with the reference C++ implementation (`ndncert-ca-server`/`ndncert-client`).
11//!
12//! # Protocol overview
13//!
14//! ```text
15//! Client                           CA
16//!   |                               |
17//!   |-- Interest: /<ca>/CA/INFO --> |
18//!   |<- Data: CaProfile  --------- |
19//!   |                               |
20//!   |-- Interest: /<ca>/CA/PROBE --> |  (optional: check namespace before enrolling)
21//!   |<- Data: ProbeResponse ------- |
22//!   |                               |
23//!   |-- Interest: /<ca>/CA/NEW  --> | (ApplicationParameters: CertRequest)
24//!   |<- Data: NewResponse --------- | (request_id + available challenges)
25//!   |                               |
26//!   |-- Interest: /<ca>/CA/CHALLENGE/<req-id> --> | (ApplicationParameters: ChallengeRequest)
27//!   |<- Data: ChallengeResponse ---- |   (Approved: cert | Processing: more rounds | Denied: error)
28//!   |                               |
29//!   |-- Interest: /<ca>/CA/REVOKE --> |  (optional: revoke an existing cert)
30//!   |<- Data: RevokeResponse ------- |
31//! ```
32
33pub mod ca;
34pub mod challenge;
35pub mod client;
36pub mod ecdh;
37pub mod error;
38pub mod policy;
39pub mod protocol;
40pub mod tlv;
41
42pub use ca::{CaConfig, CaState};
43pub use challenge::email::{EmailChallenge, EmailSender};
44pub use challenge::pin::PinChallenge;
45pub use challenge::possession::PossessionChallenge;
46pub use challenge::token::{TokenChallenge, TokenStore};
47pub use challenge::yubikey::YubikeyHotpChallenge;
48pub use challenge::{ChallengeHandler, ChallengeOutcome, ChallengeState};
49pub use client::EnrollmentSession;
50pub use ecdh::{EcdhKeypair, SessionKey};
51pub use error::CertError;
52pub use policy::{DelegationPolicy, HierarchicalPolicy, NamespacePolicy, PolicyDecision};
53pub use protocol::{
54    CaProfile, CertRequest, ChallengeRequest, ChallengeResponse, ChallengeStatus, ErrorCode,
55    NewResponse, ProbeResponse, RevokeRequest, RevokeResponse, RevokeStatus,
56};