BasicIdentityStorage extends IdentityStorage to implement a basic storage of identity, public keys and certificates using SQLite.
Bases: pyndn.security.identity.identity_storage.IdentityStorage
Create a new BasicIdentityStorage to work with an SQLite file.
Parameters: | databaseFilePath (str) – (optional) The path of the SQLite file. If omitted, use the default location. |
---|
Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
Parameters: | keyName (Name) – The name of the key. |
---|
Add a certificate to the identity storage.
Parameters: | certificate (IdentityCertificate) – The certificate to be added. This makes a copy of the certificate. |
---|---|
Raises SecurityException: | |
If the certificate is already installed. |
Add a new identity. Do nothing if the identity already exists.
Parameters: | identityName (Name) – The identity name. |
---|
Add a public key to the identity storage. Also call addIdentity to ensure that the identityName for the key exists.
Parameters: |
|
---|---|
Raises SecurityException: | |
If a key with the keyName already exists. |
Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
Parameters: | keyName (Name) – The name of the key. |
---|
Remove a certificate from associated keys.
Parameters: | keyName (Name) – The name of the key. |
---|
Delete an identity and related public keys and certificates.
Parameters: | identity (Name) – The identity name. |
---|
Remove the key and all certificates associated with it.
Parameters: | keyName (Name) – The name of the key. |
---|
Check if the specified certificate already exists.
Parameters: | certificateName (Name) – The name of the certificate. |
---|---|
Returns: | True if the certificate exists, otherwise False. |
Return type: | bool |
Check if the specified identity already exists.
Parameters: | identityName (Name) – The identity name. |
---|---|
Returns: | True if the identity exists, otherwise False. |
Return type: | bool |
Check if the specified key already exists.
Parameters: | keyName (Name) – The name of the key. |
---|---|
Returns: | True if the key exists, otherwise False. |
Return type: | bool |
Append all the key names of a particular identity to the nameList.
Parameters: |
|
---|
Get a certificate from the identity storage.
Parameters: |
|
---|---|
Returns: | The requested certificate. If not found, return None. |
Return type: | IdentityCertificate |
Get the default certificate name for the specified key.
Parameters: | keyName (Name) – The key name. |
---|---|
Returns: | The default certificate name. |
Return type: | Name |
Raises SecurityException: | |
if the default certificate name for the key name is not set. |
Get the default identity.
Returns: | The name of default identity. |
---|---|
Return type: | Name |
Raises SecurityException: | |
if the default identity is not set. |
Get the default key name for the specified identity.
Parameters: | identityName (Name) – The identity name. |
---|---|
Returns: | The default key name. |
Return type: | Name |
Raises SecurityException: | |
if the default key name for the identity is not set. |
Get the public key DER blob from the identity storage.
Parameters: | keyName (Name) – The name of the requested public key. |
---|---|
Returns: | The DER Blob. If not found, return a isNull() Blob. |
Return type: | Blob |
Revoke the identity.
Returns: | True if the identity was revoked, False if not. |
---|---|
Return type: | bool |
Set the default key name for the specified identity.
Parameters: |
|
---|
Set the default identity. If the identityName does not exist, then clear the default identity so that getDefaultIdentity() raises an exception.
Parameters: | identityName (Name) – The default identity name. |
---|
Set a key as the default key of an identity. The identity name is inferred from keyName.
Parameters: |
|
---|
This module defines the FilePrivateKeyStorage class which extends PrivateKeyStorage to implement private key storage using files.
Bases: pyndn.security.identity.private_key_storage.PrivateKeyStorage
Create a new FilePrivateKeyStorage to connect to the default directory.
Decrypt data.
Parameters: |
|
---|---|
Returns: | The decrypted data. |
Return type: | Blob |
Delete a pair of asymmetric keys. If the key doesn’t exist, do nothing.
Parameters: | keyName (Name) – The name of the key pair. |
---|
Check if a particular key exists.
Parameters: |
|
---|---|
Returns: | True if the key exists, otherwise false. |
Return type: | bool |
Encrypt data.
Parameters: |
|
---|---|
Returns: | The encrypted data. |
Return type: | Blob |
Generate a symmetric key.
Parameters: |
|
---|
Generate a pair of asymmetric keys.
Parameters: |
|
---|
Get the public key with the keyName.
Parameters: | keyName (Name) – The name of public key. |
---|---|
Returns: | The public key. |
Return type: | PublicKey |
Create a file path from keyName and the extension
Parameters: |
|
---|---|
Returns: | The file path. |
Return type: | str |
Fetch the private key for keyName and sign the data, returning a signature Blob.
Parameters: |
|
---|---|
Returns: | The signature Blob. |
Return type: | Blob |
This module defines the IdentityManager class which is the interface of operations related to identity, keys, and certificates.
Bases: object
Create a new IdentityManager to use the optional identityStorage and privateKeyStorage.
Parameters: |
|
---|
Add a certificate into the public key identity storage.
Parameters: | certificate (IdentityCertificate) – The certificate to to added. This makes a copy of the certificate. |
---|
Add a certificate into the public key identity storage and set the certificate as the default of its corresponding key.
Parameters: | certificate (IdentityCertificate) – The certificate to to added. This makes a copy of the certificate. |
---|
Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.
Parameters: | certificate (IdentityCertificate) – The certificate to to added. This makes a copy of the certificate. |
---|
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. If a key pair or certificate for the identity already exists, use it.
Deprecated : | Use createIdentityAndCertificate which returns the certificate name instead of the key name. You can use IdentityCertificate.certificateNameToPublicKeyName to convert the certificate name to the key name. |
---|---|
Parameters: |
|
Returns: | The key name of the auto-generated KSK of the identity. |
Return type: | Name |
Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. If a key pair or certificate for the identity already exists, use it.
Parameters: |
|
---|---|
Returns: | The name of the default certificate of the identity. |
Return type: | Name |
Delete the identity from the public and private key storage. If the identity to be deleted is current default system default, the method will not delete the identity and will return immediately. :param Name identityName: The name of the identity to delete.
Generate a pair of RSA keys for the specified identity.
Parameters: |
|
---|---|
Returns: | The generated key name. |
Return type: | Name |
Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
Parameters: |
|
---|---|
Returns: | The generated key name. |
Return type: | Name |
Get a certificate even if the certificate is not valid anymore.
Parameters: | certificateName (Name) – The name of the requested certificate. |
---|---|
Returns: | The requested certificate. |
Return type: | IdentityCertificate |
Get a certificate with the specified name.
Parameters: | certificateName (Name) – The name of the requested certificate. |
---|---|
Returns: | The requested certificate which is valid. |
Return type: | IdentityCertificate |
Get the certificate of the default identity.
Returns: | The requested certificate. If not found, return None. |
---|---|
Return type: | IdentityCertificate |
Get the default certificate name of the default identity.
Returns: | The requested certificate name. |
---|---|
Return type: | Name |
Raises SecurityException: | |
if the default identity is not set or the default key name for the identity is not set or the default certificate name for the key name is not set. |
Get the default certificate name for the specified identity, which will be used when signing is performed based on identity.
Parameters: | identityName (Name) – The name of the specified identity. |
---|---|
Returns: | The requested certificate name. |
Return type: | Name |
Raises SecurityException: | |
if the default key name for the identity is not set or the default certificate name for the key name is not set. |
Get the default identity.
Returns: | The name of default identity. |
---|---|
Return type: | Name |
Raises SecurityException: | |
if the default identity is not set. |
Get the default key for an identity.
Parameters: | identityName (Name) – The name of the identity. |
---|---|
Raises SecurityException: | |
if the default key name for the identity is not set. |
Get the public key with the specified name.
Parameters: | keyName (Name) – The name of the key. |
---|---|
Returns: | The public key. |
Return type: | PublicKey |
Generate a self-signed certificate for a public key.
Parameters: | keyName (Name) – The name of the public key. |
---|---|
Returns: | The generated certificate. |
Return type: | IdentityCertificate |
Set the certificate as the default for its corresponding key.
Parameters: | certificate (IdentityCertificate) – The certificate. |
---|
Set the default identity. If the identityName does not exist, then clear the default identity so that getDefaultIdentity() raises an exception.
Parameters: | identityName (Name) – The default identity name. |
---|
Set a key as the default key of an identity. The identity name is inferred from keyName.
Parameters: |
|
---|
Sign the target based on the certificateName. If it is a Data object, set its signature. If it is an array, return a signature object.
Parameters: |
|
---|---|
Returns: | The Signature object (only if the target is an array). |
Return type: | An object of a subclass of Signature |
Append a SignatureInfo to the Interest name, sign the name components and append a final name component with the signature bits.
Parameters: |
|
---|
Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and append a final name component with the signature bits (which is the digest).
Parameters: |
|
---|
Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.
Parameters: |
|
---|
This module defines the IdentityStorage abstract class which is a base class for the storage of identity, public keys and certificates. Private keys are stored in PrivateKeyStorage. This is an abstract base class. A subclass must implement the methods.
Bases: object
Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
Parameters: | keyName (Name) – The name of the key. |
---|
Add a certificate to the identity storage.
Parameters: | certificate (IdentityCertificate) – The certificate to be added. This makes a copy of the certificate. |
---|---|
Raises SecurityException: | |
If the certificate is already installed. |
Add a new identity. Do nothing if the identity already exists.
Parameters: | identityName (Name) – The identity name. |
---|
Add a public key to the identity storage. Also call addIdentity to ensure that the identityName for the key exists.
Parameters: |
|
---|---|
Raises SecurityException: | |
If a key with the keyName already exists. |
Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
Parameters: | keyName (Name) – The name of the key. |
---|
Remove a certificate from associated keys.
Parameters: | keyName (Name) – The name of the key. |
---|
Delete an identity and related public keys and certificates.
Parameters: | identity (Name) – The identity name. |
---|
Remove the key and all certificates associated with it.
Parameters: | keyName (Name) – The name of the key. |
---|
Check if the specified certificate already exists.
Parameters: | certificateName (Name) – The name of the certificate. |
---|---|
Returns: | True if the certificate exists, otherwise False. |
Return type: | bool |
Check if the specified identity already exists.
Parameters: | identityName (Name) – The identity name. |
---|---|
Returns: | True if the identity exists, otherwise False. |
Return type: | bool |
Check if the specified key already exists.
Parameters: | keyName (Name) – The name of the key. |
---|---|
Returns: | True if the key exists, otherwise False. |
Return type: | bool |
Append all the key names of a particular identity to the nameList.
Parameters: |
|
---|
Get a certificate from the identity storage.
Parameters: |
|
---|---|
Returns: | The requested certificate. If not found, return None. |
Return type: | IdentityCertificate |
Get the certificate of the default identity.
Returns: | The requested certificate. If not found, return None. |
---|---|
Return type: | IdentityCertificate |
Get the default certificate name for the specified identity.
Parameters: | identityName (Name) – The identity name. |
---|---|
Returns: | The default certificate name. |
Return type: | Name |
Raises SecurityException: | |
if the default key name for the identity is not set or the default certificate name for the key name is not set. |
Get the default certificate name for the specified key.
Parameters: | keyName (Name) – The key name. |
---|---|
Returns: | The default certificate name. |
Return type: | Name |
Raises SecurityException: | |
if the default certificate name for the key name is not set. |
Get the default identity.
Returns: | The name of default identity. |
---|---|
Return type: | Name |
Raises SecurityException: | |
if the default identity is not set. |
Get the default key name for the specified identity.
Parameters: | identityName (Name) – The identity name. |
---|---|
Returns: | The default key name. |
Return type: | Name |
Raises SecurityException: | |
if the default key name for the identity is not set. |
Get the public key DER blob from the identity storage.
Parameters: | keyName (Name) – The name of the requested public key. |
---|---|
Returns: | The DER Blob. If not found, return a isNull() Blob. |
Return type: | Blob |
Generate a name for a new key belonging to the identity.
Parameters: |
|
---|---|
Returns: | The generated key name. |
Return type: | Name |
Revoke the identity.
Returns: | True if the identity was revoked, False if not. |
---|---|
Return type: | bool |
Set the default key name for the specified identity.
Parameters: |
|
---|
Set the default identity. If the identityName does not exist, then clear the default identity so that getDefaultIdentity() raises an exception.
Parameters: | identityName (Name) – The default identity name. |
---|
Set a key as the default key of an identity. The identity name is inferred from keyName.
Parameters: |
|
---|
This module defines the MemoryIdentityStorage class which extends IdentityStorage and implements its methods to store identity, public key and certificate objects in memory. The application must get the objects through its own means and add the objects to the MemoryIdentityStorage object. To use permanent file-based storage, see BasicIdentityStorage.
Bases: pyndn.security.identity.identity_storage.IdentityStorage
Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.
Parameters: | keyName (Name) – The name of the key. |
---|
Add a certificate to the identity storage.
Parameters: | certificate (IdentityCertificate) – The certificate to be added. This makes a copy of the certificate. |
---|---|
Raises SecurityException: | |
If the certificate is already installed. |
Add a new identity. Do nothing if the identity already exists.
Parameters: | identityName (Name) – The identity name. |
---|
Add a public key to the identity storage. Also call addIdentity to ensure that the identityName for the key exists.
Parameters: |
|
---|---|
Raises SecurityException: | |
If a key with the keyName already exists. |
Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.
Parameters: | keyName (Name) – The name of the key. |
---|
Check if the specified certificate already exists.
Parameters: | certificateName (Name) – The name of the certificate. |
---|---|
Returns: | True if the certificate exists, otherwise False. |
Return type: | bool |
Check if the specified identity already exists.
Parameters: | identityName (Name) – The identity name. |
---|---|
Returns: | True if the identity exists, otherwise False. |
Return type: | bool |
Check if the specified key already exists.
Parameters: | keyName (Name) – The name of the key. |
---|---|
Returns: | True if the key exists, otherwise False. |
Return type: | bool |
Get a certificate from the identity storage.
Parameters: |
|
---|---|
Returns: | The requested certificate. If not found, return None. |
Return type: | IdentityCertificate |
Get the default certificate name for the specified key.
Parameters: | keyName (Name) – The key name. |
---|---|
Returns: | The default certificate name. |
Return type: | Name |
Raises SecurityException: | |
if the default certificate name for the key name is not set. |
Get the default identity.
Returns: | The name of default identity. |
---|---|
Return type: | Name |
Raises SecurityException: | |
if the default identity is not set. |
Get the default key name for the specified identity.
Parameters: | identityName (Name) – The identity name. |
---|---|
Returns: | The default key name. |
Return type: | Name |
Raises SecurityException: | |
if the default key name for the identity is not set. |
Get the public key DER blob from the identity storage.
Parameters: | keyName (Name) – The name of the requested public key. |
---|---|
Returns: | The DER Blob. If not found, return a isNull() Blob. |
Return type: | Blob |
Revoke the identity.
Returns: | True if the identity was revoked, False if not. |
---|---|
Return type: | bool |
Set the default key name for the specified identity.
Parameters: |
|
---|
Set the default identity. If the identityName does not exist, then clear the default identity so that getDefaultIdentity() raises an exception.
Parameters: | identityName (Name) – The default identity name. |
---|
Set a key as the default key of an identity. The identity name is inferred from keyName.
Parameters: |
|
---|
This module defines the MemoryPrivateKeyStorage class which extends PrivateKeyStorage to implement private key storage in memory.
Bases: pyndn.security.identity.private_key_storage.PrivateKeyStorage
PrivateKey is a simple class to hold a PyCrypto key object along with a KeyType.
Delete a pair of asymmetric keys. If the key doesn’t exist, do nothing.
Parameters: | keyName (Name) – The name of the key pair. |
---|
Check if a particular key exists.
Parameters: |
|
---|---|
Returns: | True if the key exists, otherwise false. |
Return type: | bool |
Generate a pair of asymmetric keys.
Parameters: |
|
---|
Get the public key with the keyName.
Parameters: | keyName (Name) – The name of public key. |
---|---|
Returns: | The public key. |
Return type: | PublicKey |
Set the public and private key for the keyName.
Parameters: |
|
---|
Set the private key for the keyName.
Parameters: |
|
---|
Set the public key for the keyName.
Parameters: |
|
---|
Fetch the private key for keyName and sign the data, returning a signature Blob.
Parameters: |
|
---|---|
Returns: | The signature Blob. |
Return type: | Blob |
Raises SecurityException: | |
if can’t find the private key with keyName. |
This module defines the OSXPrivateKeyStorage class which extends PrivateKeyStorage to implement private key storage using the OS X Keychain.
Bases: pyndn.security.identity.private_key_storage.PrivateKeyStorage
Decrypt data.
Parameters: |
|
---|---|
Returns: | The decrypted data. |
Return type: | Blob |
Delete a pair of asymmetric keys. If the key doesn’t exist, do nothing.
Parameters: | keyName (Name) – The name of the key pair. |
---|
Check if a particular key exists.
Parameters: |
|
---|---|
Returns: | True if the key exists, otherwise false. |
Return type: | bool |
Encrypt data.
Parameters: |
|
---|---|
Returns: | The encrypted data. |
Return type: | Blob |
Generate a symmetric key.
Parameters: |
|
---|
Generate a pair of asymmetric keys.
Parameters: |
|
---|
Get the public key with the keyName.
Parameters: | keyName (Name) – The name of public key. |
---|---|
Returns: | The public key. |
Return type: | PublicKey |
Fetch the private key for keyName and sign the data, returning a signature Blob.
Parameters: |
|
---|---|
Returns: | The signature Blob. |
Return type: | Blob |
This module defines the PrivateKeyStorage abstract class which declares methods for working with a private key storage. You should use a subclass.
Bases: object
Decrypt data. Your derived class should override.
Parameters: |
|
---|---|
Returns: | The decrypted data. |
Return type: | Blob |
Raises RuntimeError: | |
for unimplemented if the derived class does not override. |
Delete a pair of asymmetric keys. If the key doesn’t exist, do nothing. Your derived class should override.
Parameters: | keyName (Name) – The name of the key pair. |
---|---|
Raises RuntimeError: | |
for unimplemented if the derived class does not override. |
Check if a particular key exists. Your derived class should override.
Parameters: |
|
---|---|
Returns: | True if the key exists, otherwise false. |
Return type: | bool |
Raises RuntimeError: | |
for unimplemented if the derived class does not override. |
Encrypt data. Your derived class should override.
Parameters: |
|
---|---|
Returns: | The encrypted data. |
Return type: | Blob |
Raises RuntimeError: | |
for unimplemented if the derived class does not override. |
Generate a symmetric key. Your derived class should override.
Parameters: |
|
---|---|
Raises RuntimeError: | |
for unimplemented if the derived class does not override. |
Generate a pair of asymmetric keys. Your derived class should override.
Parameters: |
|
---|---|
Raises RuntimeError: | |
for unimplemented if the derived class does not override. |
Get the public key with the keyName. Your derived class should override.
Parameters: | keyName (Name) – The name of public key. |
---|---|
Returns: | The public key. |
Return type: | PublicKey |
Raises RuntimeError: | |
for unimplemented if the derived class does not override. |
Fetch the private key for keyName and sign the data, returning a signature Blob. Your derived class should override.
Parameters: |
|
---|---|
Returns: | The signature Blob. |
Return type: | Blob |
Raises RuntimeError: | |
for unimplemented if the derived class does not override. |