This module defines the KeyChain class which provides a set of interfaces to the security library such as identity management, policy configuration and packet signing and verification. Note: This class is an experimental feature. See the API docs for more detail at http://named-data.net/doc/ndn-ccl-api/key-chain.html .
Bases: object
Create a new KeyChain to use the optional identityManager and policyManager.
Parameters: |
|
---|
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. If a key pair or certificate for the identity already exists, use it.
Deprecated : | Use createIdentityAndCertificate which returns the certificate name instead of the key name. You can use IdentityCertificate.certificateNameToPublicKeyName to convert the certificate name to the key name. |
---|---|
Parameters: |
|
Returns: | The key name of the auto-generated KSK of the identity. |
Return type: | Name |
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. If a key pair or certificate for the identity already exists, use it.
Parameters: |
|
---|---|
Returns: | The name of the default certificate of the identity. |
Return type: | Name |
Create a public key signing request.
Parameters: | keyName (Name) – The name of the key. |
---|---|
Returns: | The signing request data. |
Return type: | Blob |
Delete the identity from the public and private key storage. If the identity to be deleted is current default system default, the method will not delete the identity and will return immediately. :param Name identityName: The name of the identity to delete.
Generate a pair of RSA keys for the specified identity.
Parameters: |
|
---|---|
Returns: | The generated key name. |
Return type: | Name |
Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
Parameters: |
|
---|---|
Returns: | The generated key name. |
Return type: | Name |
Get a certificate even if the certificate is not valid anymore.
Parameters: | certificateName (Name) – The name of the requested certificate. |
---|---|
Returns: | The requested certificate. |
Return type: | IdentityCertificate |
Get an identity certificate even if the certificate is not valid anymore.
Parameters: | certificateName (Name) – The name of the requested certificate. |
---|---|
Returns: | The requested certificate. |
Return type: | IdentityCertificate |
Get a certificate with the specified name.
Parameters: | certificateName (Name) – The name of the requested certificate. |
---|---|
Returns: | The requested certificate which is valid. |
Return type: | IdentityCertificate |
Get the default certificate name of the default identity.
Returns: | The requested certificate name. |
---|---|
Return type: | Name |
Raises SecurityException: | |
if the default identity is not set or the default key name for the identity is not set or the default certificate name for the key name is not set. |
Get the default identity.
Returns: | The name of default identity. |
---|---|
Return type: | Name |
Raises SecurityException: | |
if the default identity is not set. |
Get an identity certificate with the specified name.
Parameters: | certificateName (Name) – The name of the requested certificate. |
---|---|
Returns: | The requested certificate which is valid. |
Return type: | IdentityCertificate |
Get the identity manager given to or created by the constructor.
Returns: | The identity manager. |
---|---|
Return type: | IdentityManager |
Get the policy manager given to or created by the constructor.
Returns: | The policy manager. |
---|---|
Return type: | PolicyManager |
Install an identity certificate into the public key identity storage.
Parameters: | certificate (IdentityCertificate) – The certificate to to added. |
---|
Revoke a certificate.
Parameters: | certificateName (Name) – The name of the certificate that will be revoked. |
---|
Revoke a key.
Parameters: | keyName (Name) – The name of the key that will be revoked. |
---|
Set the certificate as the default for its corresponding key.
Parameters: | certificate (IdentityCertificate) – The certificate. |
---|
Set a key as the default key of an identity. The identity name is inferred from keyName.
Parameters: |
|
---|
Set the Face which will be used to fetch required certificates.
Parameters: | face (Face) – The Face object. |
---|
Sign the target. If it is a Data or Interest object, set its signature. If it is an array, return a signature object. There are two forms of sign: sign(target, certificateName, wireFormat = None). sign(target, wireFormat = None).
Parameters: |
|
---|---|
Returns: | The Signature object (only if the target is an array). |
Return type: | An object of a subclass of Signature |
Sign the target. If it is a Data object, set its signature. If it is an array, return a signature object.
Parameters: |
|
---|---|
Returns: | The Signature object (only if the target is an array). |
Return type: | An object of a subclass of Signature |
Sign the target using DigestSha256.
Parameters: |
|
---|
Check the signature on the Data object and call either onVerify or onVerifyFailed. We use callback functions because verify may fetch information to check the signature.
Parameters: |
|
---|
Check the signature on the signed interest and call either onVerify or onVerifyFailed. We use callback functions because verify may fetch information to check the signature.
Parameters: |
|
---|
This module defines KeyParams which is a base class for key parameters. This also defines the subclasses which are used to store parameters for key generation.
Bases: object
The constructor is protected and used by subclasses.
This module defines the SecurityException class which extends Exception to report an exception from the security library.
Bases: exceptions.Exception
This module defines constants used by the security library.