new SelfVerifyPolicyManager(identityStorage)
A SelfVerifyPolicyManager implements a PolicyManager to look in the
IdentityStorage for the public key with the name in the KeyLocator (if
available) and use it to verify the data packet, without searching a
certificate chain. If the public key can't be found, the verification fails.
Parameters:
Name | Type | Description |
---|---|---|
identityStorage |
IdentityStorage | (optional) The IdentityStorage for looking up the public key. This object must remain valid during the life of this SelfVerifyPolicyManager. If omitted, then don't look for a public key with the name in the KeyLocator and rely on the KeyLocator having the full public key DER. |
Methods
checkSigningPolicy(dataName, certificateName) → {boolean}
Override to always indicate that the signing certificate name and data name
satisfy the signing policy.
Parameters:
Name | Type | Description |
---|---|---|
dataName |
Name | The name of data to be signed. |
certificateName |
Name | The name of signing certificate. |
Returns:
True to indicate that the signing certificate can be used
to sign the data.
- Type
- boolean
checkVerificationPolicy(dataOrInterest, stepCount, onVerified, onVerifyFailed, wireFormat) → {ValidationRequest}
Look in the IdentityStorage for the public key with the name in the
KeyLocator (if available) and use it to verify the data packet. If the
public key can't be found, call onVerifyFailed.
Parameters:
Name | Type | Description |
---|---|---|
dataOrInterest |
Data | Interest | The Data object or interest with the signature to check. |
stepCount |
number | The number of verification steps that have been done, used to track the verification progress. |
onVerified |
function | If the signature is verified, this calls onVerified(dataOrInterest). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions. |
onVerifyFailed |
function | If the signature check fails, this calls onVerifyFailed(dataOrInterest). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions. |
wireFormat |
WireFormat |
Returns:
null for no further step for looking up a
certificate chain.
- Type
- ValidationRequest
getPublicKeyDer(keyLocator, onComplete)
Look in the IdentityStorage for the public key with the name in the
KeyLocator (if available). If the public key can't be found, return and empty
Blob.
Parameters:
Name | Type | Description |
---|---|---|
keyLocator |
KeyLocator | The KeyLocator. |
onComplete |
function | This calls onComplete(publicKeyDer) where publicKeyDer is the public key DER Blob or an isNull Blob if not found. |
inferSigningIdentity(dataName) → {Name}
Override to indicate that the signing identity cannot be inferred.
Parameters:
Name | Type | Description |
---|---|---|
dataName |
Name | The name of data to be signed. |
Returns:
An empty name because cannot infer.
- Type
- Name
requireVerify(dataOrInterest) → {boolean}
Always return true to use the self-verification rule for the received data.
Parameters:
Name | Type | Description |
---|---|---|
dataOrInterest |
Data | Interest | The received data packet or interest. |
Returns:
True.
- Type
- boolean
skipVerifyAndTrust(dataOrInterest) → {boolean}
Never skip verification.
Parameters:
Name | Type | Description |
---|---|---|
dataOrInterest |
Data | Interest | The received data packet or interest. |
Returns:
False.
- Type
- boolean
verify(signatureInfo, signedBlob, onComplete)
Check the type of signatureInfo to get the KeyLocator. Look in the
IdentityStorage for the public key with the name in the KeyLocator (if
available) and use it to verify the signedBlob. If the public key can't be
found, return false. (This is a generalized method which can verify both a
Data packet and an interest.)
Parameters:
Name | Type | Description |
---|---|---|
signatureInfo |
Signature | An object of a subclass of Signature, e.g. Sha256WithRsaSignature. |
signedBlob |
SignedBlob | the SignedBlob with the signed portion to verify. |
onComplete |
function | This calls onComplete(true) if the signature verifies, otherwise onComplete(false). |