Bases: object
Remove a certificate from the cache. Does nothing if it is not present.
Parameters: | certificateName (Name) – The name of the certificate to remove. Assumes there is no timestamp in the name. |
---|
Fetch a certificate from the cache.
Parameters: | certificateName (Name) – The name of the certificate to remove. Assumes there is no timestamp in the name. |
---|
Bases: pyndn.security.policy.policy_manager.PolicyManager
Create a new ConfigPolicyManager which will act on the rules specified in the configuration and download unknown certificates when necessary.
Parameters: |
|
---|
Override to always indicate that the signing certificate name and data name satisfy the signing policy.
Parameters: |
|
---|---|
Returns: | True to indicate that the signing certificate can be used to sign the data. |
Return type: | boolean |
If there is a rule matching the data or interest, and the matching certificate is missing, download it. If there is no matching rule, verification fails. Otherwise, verify the signature using the public key in the IdentityStorage.
Parameters: |
|
---|---|
Returns: | None for no further step for looking up a certificate chain. |
Return type: | ValidationRequest |
Call reset() and load the configuration rules from the file name or the input string. There are two forms: load(configFileName) reads configFileName from the file system. load(input, inputName) reads from the input, in which case inputName is used only for log messages, etc.
Parameters: |
|
---|
Bases: pyndn.security.policy.policy_manager.PolicyManager
Override to always indicate that the signing certificate name and data name satisfy the signing policy.
Parameters: |
|
---|---|
Returns: | True to indicate that the signing certificate can be used to sign the data. |
Return type: | boolean |
Override to call onVerified(dataOrInterest) and to indicate no further verification step.
Parameters: |
|
---|---|
Returns: | None for no further step for looking up a certificate chain. |
Return type: | ValidationRequest |
Override to indicate that the signing identity cannot be inferred.
Parameters: | dataName (Name) – The name of data to be signed. |
---|---|
Returns: | An empty name because cannot infer. |
Return type: | Name |
Bases: object
Check if the signing certificate name and data name satisfy the signing policy. Your derived class should override.
Parameters: |
|
---|---|
Returns: | True if the signing certificate can be used to sign the data, otherwise False. |
Return type: | bool |
Raises RuntimeError: | |
for unimplemented if the derived class does not override. |
Check whether the received data packet complies with the verification policy, and get the indication of the next verification step. Your derived class should override.
Parameters: |
|
---|---|
Returns: | The indication of next verification step, or None if there is no further step. |
Return type: | ValidationRequest |
Raises RuntimeError: | |
for unimplemented if the derived class does not override. |
Infer the signing identity name according to the policy. If the signing identity cannot be inferred, return an empty name. Your derived class should override.
Parameters: | dataName (Name) – The name of data to be signed. |
---|---|
Returns: | The signing identity or an empty name if cannot infer. |
Return type: | Name |
Raises RuntimeError: | |
for unimplemented if the derived class does not override. |
Check if this PolicyManager has a verification rule for the received data packet or signed interest. Your derived class should override.
Parameters: | dataOrInterest (Data or Interest) – The received data packet or interest. |
---|---|
Returns: | True if the data or interest must be verified, otherwise False. |
Return type: | bool |
Raises RuntimeError: | |
for unimplemented if the derived class does not override. |
Check if the received data packet or signed interest can escape from verification and be trusted as valid. Your derived class should override.
Parameters: | dataOrInterest (Data or Interest) – The received data packet or interest. |
---|---|
Returns: | True if the data or interest does not need to be verified to be trusted as valid, otherwise False. |
Return type: | bool |
Raises RuntimeError: | |
for unimplemented if the derived class does not override. |
Check the type of signature and use the publicKeyDer to verify the signedBlob using the appropriate signature algorithm.
Parameters: |
|
---|---|
Returns: | True if the signature verifies, False if not. |
Return type: | bool |
Raises : | SecurityException if the signature type is not recognized or if publicKeyDer can’t be decoded. |
This module defines the SelfVerifyPolicyManager class which implements a PolicyManager to look in the IdentityStorage for the public key with the name in the KeyLocator (if available) and use it to verify the data packet or signed interest, without searching a certificate chain. If the public key can’t be found, the verification fails.
Bases: pyndn.security.policy.policy_manager.PolicyManager
Create a new SelfVerifyPolicyManager which will look up the public key in the given identityStorage.
Parameters: | identityStorage (IdentityStorage) – (optional) The IdentityStorage for looking up the public key. This object must remain valid during the life of this SelfVerifyPolicyManager. If omitted, then don’t look for a public key with the name in the KeyLocator and rely on the KeyLocator having the full public key DER. |
---|
Override to always indicate that the signing certificate name and data name satisfy the signing policy.
Parameters: |
|
---|---|
Returns: | True to indicate that the signing certificate can be used to sign the data. |
Return type: | boolean |
Look in the IdentityStorage for the public key with the name in the KeyLocator (if available) and use it to verify the data packet or signed interest. If the public key can’t be found, call onVerifyFailed.
Parameters: |
|
---|---|
Returns: | None for no further step for looking up a certificate chain. |
Return type: | ValidationRequest |
Override to indicate that the signing identity cannot be inferred.
Parameters: | dataName (Name) – The name of data to be signed. |
---|---|
Returns: | An empty name because cannot infer. |
Return type: | Name |
This module defines the ValidationRequest class which is used to return information from PolicyManager.checkVerificationPolicy.
Bases: object
Create a new ValidationRequest with the given values.
Parameters: |
|
---|