net.named_data.jndn.security

Class KeyChain

java.lang.Object

net.named_data.jndn.security.KeyChain

public class KeyChain
extends Object

KeyChain is the main class of the security library. The KeyChain class provides a set of interfaces to the security library such as identity management, policy configuration and packet signing and verification.

Note:

This class is an experimental feature. See the API docs for more detail at http://named-data.net/doc/ndn-ccl-api/key-chain.html .

Field Summary

Fields

Modifier and Type	Field and Description
static RsaKeyParams	DEFAULT_KEY_PARAMS

Constructor Summary

Constructors

Constructor and Description
KeyChain() Create a new KeyChain with the the default IdentityManager and a NoVerifyPolicyManager.
KeyChain(IdentityManager identityManager) Create a new KeyChain with the given IdentityManager and a NoVerifyPolicyManager.
KeyChain(IdentityManager identityManager, PolicyManager policyManager) Create a new KeyChain with the given IdentityManager and PolicyManager.

Method Summary

Methods

Modifier and Type	Method and Description
Name	createIdentity(Name identityName) Deprecated. Use createIdentityAndCertificate which returns the certificate name instead of the key name.
Name	createIdentity(Name identityName, KeyParams params) Deprecated. Use createIdentityAndCertificate which returns the certificate name instead of the key name.
Name	createIdentityAndCertificate(Name identityName) Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
Name	createIdentityAndCertificate(Name identityName, KeyParams params) Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
Blob	createSigningRequest(Name keyName) Create a public key signing request.
void	deleteIdentity(Name identityName) Delete the identity from the public and private key storage.
Name	generateEcdsaKeyPair(Name identityName) Generate a pair of ECDSA keys for the specified identity for a Data-Signing-Key and default keySize 256.
Name	generateEcdsaKeyPair(Name identityName, boolean isKsk) Generate a pair of ECDSA keys for the specified identity and default keySize 256.
Name	generateEcdsaKeyPair(Name identityName, boolean isKsk, int keySize) Generate a pair of ECDSA keys for the specified identity.
Name	generateEcdsaKeyPairAsDefault(Name identityName) Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity for a Data-Signing-Key and using the default keySize 256.
Name	generateEcdsaKeyPairAsDefault(Name identityName, boolean isKsk) Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity, using the default keySize 256.
Name	generateEcdsaKeyPairAsDefault(Name identityName, boolean isKsk, int keySize) Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity.
Name	generateRSAKeyPair(Name identityName) Generate a pair of RSA keys for the specified identity for a Data-Signing-Key and default keySize 2048.
Name	generateRSAKeyPair(Name identityName, boolean isKsk) Generate a pair of RSA keys for the specified identity and default keySize 2048.
Name	generateRSAKeyPair(Name identityName, boolean isKsk, int keySize) Generate a pair of RSA keys for the specified identity.
Name	generateRSAKeyPairAsDefault(Name identityName) Generate a pair of RSA keys for the specified identity and set it as default key for the identity for a Data-Signing-Key and using the default keySize 2048.
Name	generateRSAKeyPairAsDefault(Name identityName, boolean isKsk) Generate a pair of RSA keys for the specified identity and set it as default key for the identity, using the default keySize 2048.
Name	generateRSAKeyPairAsDefault(Name identityName, boolean isKsk, int keySize) Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
IdentityCertificate	getCertificate(Name certificateName) Get a certificate with the specified name.
Name	getDefaultCertificateName() Get the default certificate name of the default identity.
Name	getDefaultIdentity() Get the default identity.
IdentityCertificate	getIdentityCertificate(Name certificateName) Deprecated. Use getCertificate.
IdentityManager	getIdentityManager() Get the identity manager given to or created by the constructor.
void	installIdentityCertificate(IdentityCertificate certificate) Install an identity certificate into the public key identity storage.
void	revokeCertificate(Name certificateName) Revoke a certificate.
void	revokeKey(Name keyName) Revoke a key.
void	setDefaultCertificateForKey(IdentityCertificate certificate) Set the certificate as the default for its corresponding key.
void	setDefaultKeyForIdentity(Name keyName) Set a key as the default key of an identity.
void	setDefaultKeyForIdentity(Name keyName, Name identityNameCheck) Set a key as the default key of an identity.
void	setFace(Face face) Set the Face which will be used to fetch required certificates.
Signature	sign(ByteBuffer buffer, Name certificateName) Sign the byte buffer using a certificate name and return a Signature object.
void	sign(Data data) Wire encode the Data object, sign it with the default identity and set its signature.
void	sign(Data data, Name certificateName) Wire encode the Data object, sign it and set its signature.
void	sign(Data data, Name certificateName, WireFormat wireFormat) Wire encode the Data object, sign it and set its signature.
void	sign(Data data, WireFormat wireFormat) Wire encode the Data object, sign it with the default identity and set its signature.
void	sign(Interest interest) Append a SignatureInfo to the Interest name, sign the name components with the default identity and append a final name component with the signature bits.
void	sign(Interest interest, Name certificateName) Append a SignatureInfo to the Interest name, sign the name components and append a final name component with the signature bits.
void	sign(Interest interest, Name certificateName, WireFormat wireFormat) Append a SignatureInfo to the Interest name, sign the name components and append a final name component with the signature bits.
void	sign(Interest interest, WireFormat wireFormat) Append a SignatureInfo to the Interest name, sign the name components with the default identity and append a final name component with the signature bits.
Signature	signByIdentity(ByteBuffer buffer, Name identityName) Sign the byte buffer using an identity name and return a Signature object.
void	signByIdentity(Data data) Wire encode the Data object, sign it and set its signature.
void	signByIdentity(Data data, Name identityName) Wire encode the Data object, sign it and set its signature.
void	signByIdentity(Data data, Name identityName, WireFormat wireFormat) Wire encode the Data object, sign it and set its signature.
static void	signWithHmacWithSha256(Data data, Blob key) Wire encode the data packet, compute an HmacWithSha256 and update the signature value.
static void	signWithHmacWithSha256(Data data, Blob key, WireFormat wireFormat) Wire encode the data packet, compute an HmacWithSha256 and update the signature value.
void	signWithSha256(Data data) Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.
void	signWithSha256(Data data, WireFormat wireFormat) Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.
void	signWithSha256(Interest interest) Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and append a final name component with the signature bits (which is the digest).
void	signWithSha256(Interest interest, WireFormat wireFormat) Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and append a final name component with the signature bits (which is the digest).
void	verifyData(Data data, OnVerified onVerified, OnVerifyFailed onVerifyFailed) Check the signature on the Data object and call either onVerify.onVerify or onVerifyFailed.onVerifyFailed.
void	verifyData(Data data, OnVerified onVerified, OnVerifyFailed onVerifyFailed, int stepCount)
static boolean	verifyDataWithHmacWithSha256(Data data, Blob key) Compute a new HmacWithSha256 for the data packet and verify it against the signature value.
static boolean	verifyDataWithHmacWithSha256(Data data, Blob key, WireFormat wireFormat) Compute a new HmacWithSha256 for the data packet and verify it against the signature value.
void	verifyInterest(Interest interest, OnVerifiedInterest onVerified, OnVerifyInterestFailed onVerifyFailed) Check the signature on the signed interest and call either onVerify.onVerifiedInterest or onVerifyFailed.onVerifyInterestFailed.
void	verifyInterest(Interest interest, OnVerifiedInterest onVerified, OnVerifyInterestFailed onVerifyFailed, int stepCount)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_KEY_PARAMS

public static final RsaKeyParams DEFAULT_KEY_PARAMS

Constructor Detail

KeyChain

public KeyChain(IdentityManager identityManager,
        PolicyManager policyManager)

Create a new KeyChain with the given IdentityManager and PolicyManager.

Parameters:

identityManager - An object of a subclass of IdentityManager.

policyManager - An object of a subclass of PolicyManager.

KeyChain

public KeyChain(IdentityManager identityManager)

Create a new KeyChain with the given IdentityManager and a NoVerifyPolicyManager.

Parameters:

identityManager - An object of a subclass of IdentityManager.

KeyChain

public KeyChain()
         throws SecurityException

Create a new KeyChain with the the default IdentityManager and a NoVerifyPolicyManager.

Throws:

SecurityException

Method Detail

createIdentityAndCertificate

public final Name createIdentityAndCertificate(Name identityName,
                                KeyParams params)
                                        throws SecurityException

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. If a key pair or certificate for the identity already exists, use it.

Parameters:

identityName - The name of the identity.

params - The key parameters if a key needs to be generated for the identity.

Returns:

The name of the default certificate of the identity.

Throws:

SecurityException - if the identity has already been created.

createIdentityAndCertificate

public final Name createIdentityAndCertificate(Name identityName)
                                        throws SecurityException

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. Use DEFAULT_KEY_PARAMS to create the key if needed. If a key pair or certificate for the identity already exists, use it.

Parameters:

identityName - The name of the identity.

Returns:

The name of the default certificate of the identity.

Throws:

SecurityException - if the identity has already been created.

createIdentity

public final Name createIdentity(Name identityName,
                  KeyParams params)
                          throws SecurityException

Deprecated. Use createIdentityAndCertificate which returns the certificate name instead of the key name.

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.

Parameters:

identityName - The name of the identity.

params - The key parameters if a key needs to be generated for the identity.

Returns:

The key name of the auto-generated KSK of the identity.

Throws:

SecurityException - if the identity has already been created.

createIdentity

public final Name createIdentity(Name identityName)
                          throws SecurityException

Deprecated. Use createIdentityAndCertificate which returns the certificate name instead of the key name.

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. Use DEFAULT_KEY_PARAMS to create the key if needed.

Parameters:

identityName - The name of the identity.

Returns:

The key name of the auto-generated KSK of the identity.

Throws:

SecurityException - if the identity has already been created.

deleteIdentity

public final void deleteIdentity(Name identityName)
                          throws SecurityException

Delete the identity from the public and private key storage. If the identity to be deleted is the current default system default, this will not delete the identity and will return immediately.

Parameters:

identityName - The name of the identity.

Throws:

SecurityException

getDefaultIdentity

public final Name getDefaultIdentity()
                              throws SecurityException

Get the default identity.

Returns:

The name of default identity.

Throws:

SecurityException - if the default identity is not set.

getDefaultCertificateName

public final Name getDefaultCertificateName()
                                     throws SecurityException

Get the default certificate name of the default identity.

Returns:

The requested certificate name.

Throws:

SecurityException - if the default identity is not set or the default key name for the identity is not set or the default certificate name for the key name is not set.

generateRSAKeyPair

public final Name generateRSAKeyPair(Name identityName,
                      boolean isKsk,
                      int keySize)
                              throws SecurityException

Generate a pair of RSA keys for the specified identity.

Parameters:

identityName - The name of the identity.

isKsk - true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).

keySize - The size of the key.

Returns:

The generated key name.

Throws:

SecurityException

generateRSAKeyPair

public final Name generateRSAKeyPair(Name identityName,
                      boolean isKsk)
                              throws SecurityException

Generate a pair of RSA keys for the specified identity and default keySize 2048.

Parameters:

identityName - The name of the identity.

isKsk - true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).

Returns:

The generated key name.

Throws:

SecurityException

generateRSAKeyPair

public final Name generateRSAKeyPair(Name identityName)
                              throws SecurityException

Generate a pair of RSA keys for the specified identity for a Data-Signing-Key and default keySize 2048.

Parameters:

identityName - The name of the identity.

Returns:

The generated key name.

Throws:

SecurityException

generateEcdsaKeyPair

public final Name generateEcdsaKeyPair(Name identityName,
                        boolean isKsk,
                        int keySize)
                                throws SecurityException

Generate a pair of ECDSA keys for the specified identity.

Parameters:

identityName - The name of the identity.

isKsk - true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).

keySize - The size of the key.

Returns:

The generated key name.

Throws:

SecurityException

generateEcdsaKeyPair

public final Name generateEcdsaKeyPair(Name identityName,
                        boolean isKsk)
                                throws SecurityException

Generate a pair of ECDSA keys for the specified identity and default keySize 256.

Parameters:

identityName - The name of the identity.

isKsk - true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).

Returns:

The generated key name.

Throws:

SecurityException

generateEcdsaKeyPair

public final Name generateEcdsaKeyPair(Name identityName)
                                throws SecurityException

Generate a pair of ECDSA keys for the specified identity for a Data-Signing-Key and default keySize 256.

Parameters:

identityName - The name of the identity.

Returns:

The generated key name.

Throws:

SecurityException

setDefaultKeyForIdentity

public final void setDefaultKeyForIdentity(Name keyName,
                            Name identityNameCheck)
                                    throws SecurityException

Set a key as the default key of an identity. The identity name is inferred from keyName.

Parameters:

keyName - The name of the key.

identityNameCheck - The identity name to check that the keyName contains the same identity name. If an empty name, it is ignored.

Throws:

SecurityException

setDefaultKeyForIdentity

public final void setDefaultKeyForIdentity(Name keyName)
                                    throws SecurityException

Set a key as the default key of an identity. The identity name is inferred from keyName.

Parameters:

keyName - The name of the key.

Throws:

SecurityException

generateRSAKeyPairAsDefault

public final Name generateRSAKeyPairAsDefault(Name identityName,
                               boolean isKsk,
                               int keySize)
                                       throws SecurityException

Generate a pair of RSA keys for the specified identity and set it as default key for the identity.

Parameters:

identityName - The name of the identity.

isKsk - true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).

keySize - The size of the key.

Returns:

The generated key name.

Throws:

SecurityException

generateRSAKeyPairAsDefault

public final Name generateRSAKeyPairAsDefault(Name identityName,
                               boolean isKsk)
                                       throws SecurityException

Generate a pair of RSA keys for the specified identity and set it as default key for the identity, using the default keySize 2048.

Parameters:

identityName - The name of the identity.

isKsk - true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).

Returns:

The generated key name.

Throws:

SecurityException

generateRSAKeyPairAsDefault

public final Name generateRSAKeyPairAsDefault(Name identityName)
                                       throws SecurityException

Generate a pair of RSA keys for the specified identity and set it as default key for the identity for a Data-Signing-Key and using the default keySize 2048.

Parameters:

identityName - The name of the identity.

Returns:

The generated key name.

Throws:

SecurityException

generateEcdsaKeyPairAsDefault

public final Name generateEcdsaKeyPairAsDefault(Name identityName,
                                 boolean isKsk,
                                 int keySize)
                                         throws SecurityException

Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity.

Parameters:

identityName - The name of the identity.

isKsk - true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).

keySize - The size of the key.

Returns:

The generated key name.

Throws:

SecurityException

generateEcdsaKeyPairAsDefault

public final Name generateEcdsaKeyPairAsDefault(Name identityName,
                                 boolean isKsk)
                                         throws SecurityException

Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity, using the default keySize 256.

Parameters:

identityName - The name of the identity.

isKsk - true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).

Returns:

The generated key name.

Throws:

SecurityException

generateEcdsaKeyPairAsDefault

public final Name generateEcdsaKeyPairAsDefault(Name identityName)
                                         throws SecurityException

Generate a pair of ECDSA keys for the specified identity and set it as default key for the identity for a Data-Signing-Key and using the default keySize 256.

Parameters:

identityName - The name of the identity.

Returns:

The generated key name.

Throws:

SecurityException

createSigningRequest

public final Blob createSigningRequest(Name keyName)
                                throws SecurityException

Create a public key signing request.

Parameters:

keyName - The name of the key.

Returns:

The signing request data.

Throws:

SecurityException - if the keyName is not found.

installIdentityCertificate

public final void installIdentityCertificate(IdentityCertificate certificate)
                                      throws SecurityException

Install an identity certificate into the public key identity storage.

Parameters:

certificate - The certificate to to added.

Throws:

SecurityException

setDefaultCertificateForKey

public final void setDefaultCertificateForKey(IdentityCertificate certificate)
                                       throws SecurityException

Set the certificate as the default for its corresponding key.

Parameters:

certificate - The certificate.

Throws:

SecurityException

getCertificate

public final IdentityCertificate getCertificate(Name certificateName)
                                         throws SecurityException,
                                                DerDecodingException

Get a certificate with the specified name.

Parameters:

certificateName - The name of the requested certificate.

Returns:

The requested certificate.

Throws:

SecurityException

DerDecodingException

getIdentityCertificate

public final IdentityCertificate getIdentityCertificate(Name certificateName)
                                                 throws SecurityException,
                                                        DerDecodingException

Deprecated. Use getCertificate.

Throws:

SecurityException

DerDecodingException

revokeKey

public final void revokeKey(Name keyName)

Revoke a key.

Parameters:

keyName - The name of the key that will be revoked.

revokeCertificate

public final void revokeCertificate(Name certificateName)

Revoke a certificate.

Parameters:

certificateName - The name of the certificate that will be revoked.

getIdentityManager

public final IdentityManager getIdentityManager()

Get the identity manager given to or created by the constructor.

Returns:

The identity manager.

sign

public final void sign(Data data,
        Name certificateName,
        WireFormat wireFormat)
                throws SecurityException

Wire encode the Data object, sign it and set its signature.

Parameters:

data - The Data object to be signed. This updates its signature and key locator field and wireEncoding.

certificateName - The certificate name of the key to use for signing.

wireFormat - A WireFormat object used to encode the input.

Throws:

SecurityException

sign

public final void sign(Data data,
        Name certificateName)
                throws SecurityException

Wire encode the Data object, sign it and set its signature. Use the default WireFormat.getDefaultWireFormat()

Parameters:

data - The Data object to be signed. This updates its signature and key locator field and wireEncoding.

certificateName - The certificate name of the key to use for signing.

Throws:

SecurityException

sign

public final void sign(Data data,
        WireFormat wireFormat)
                throws SecurityException

Wire encode the Data object, sign it with the default identity and set its signature.

Parameters:

data - The Data object to be signed. This updates its signature and key locator field and wireEncoding.

wireFormat - A WireFormat object used to encode the input.

Throws:

SecurityException

sign

public final void sign(Data data)
                throws SecurityException

Wire encode the Data object, sign it with the default identity and set its signature. Use the default WireFormat.getDefaultWireFormat()

Parameters:

data - The Data object to be signed. This updates its signature and key locator field and wireEncoding.

Throws:

SecurityException

sign

public final void sign(Interest interest,
        Name certificateName,
        WireFormat wireFormat)
                throws SecurityException

Append a SignatureInfo to the Interest name, sign the name components and append a final name component with the signature bits.

Parameters:

interest - The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.

certificateName - The certificate name of the key to use for signing.

wireFormat - A WireFormat object used to encode the input.

Throws:

SecurityException

sign

public final void sign(Interest interest,
        Name certificateName)
                throws SecurityException

Append a SignatureInfo to the Interest name, sign the name components and append a final name component with the signature bits.

Parameters:

interest - The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.

certificateName - The certificate name of the key to use for signing.

Throws:

SecurityException

sign

public final void sign(Interest interest,
        WireFormat wireFormat)
                throws SecurityException

Append a SignatureInfo to the Interest name, sign the name components with the default identity and append a final name component with the signature bits.

Parameters:

interest - The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.

wireFormat - A WireFormat object used to encode the input.

Throws:

SecurityException

sign

public final void sign(Interest interest)
                throws SecurityException

Append a SignatureInfo to the Interest name, sign the name components with the default identity and append a final name component with the signature bits.

Parameters:

interest - The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.

Throws:

SecurityException

sign

public Signature sign(ByteBuffer buffer,
             Name certificateName)
               throws SecurityException

Sign the byte buffer using a certificate name and return a Signature object.

Parameters:

buffer - The byte array to be signed.

certificateName - The certificate name used to get the signing key and which will be put into KeyLocator.

Returns:

The Signature.

Throws:

SecurityException

signByIdentity

public final void signByIdentity(Data data,
                  Name identityName,
                  WireFormat wireFormat)
                          throws SecurityException

Wire encode the Data object, sign it and set its signature.

Parameters:

data - The Data object to be signed. This updates its signature and key locator field and wireEncoding.

identityName - The identity name for the key to use for signing. If empty, infer the signing identity from the data packet name.

wireFormat - A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().

Throws:

SecurityException

signByIdentity

public final void signByIdentity(Data data,
                  Name identityName)
                          throws SecurityException

Wire encode the Data object, sign it and set its signature.

Parameters:

data - The Data object to be signed. This updates its signature and key locator field and wireEncoding. Use the default WireFormat.getDefaultWireFormat().

identityName - The identity name for the key to use for signing. If empty, infer the signing identity from the data packet name.

Throws:

SecurityException

signByIdentity

public final void signByIdentity(Data data)
                          throws SecurityException

Wire encode the Data object, sign it and set its signature.

Parameters:

data - The Data object to be signed. This updates its signature and key locator field and wireEncoding. Infer the signing identity from the data packet name. Use the default WireFormat.getDefaultWireFormat().

Throws:

SecurityException

signByIdentity

public Signature signByIdentity(ByteBuffer buffer,
                       Name identityName)
                         throws SecurityException

Sign the byte buffer using an identity name and return a Signature object.

Parameters:

buffer - The byte array to be signed.

identityName - The identity name.

Returns:

The Signature.

Throws:

SecurityException

signWithSha256

public final void signWithSha256(Data data,
                  WireFormat wireFormat)
                          throws SecurityException

Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.

Parameters:

data - The Data object to be signed. This updates its signature and wireEncoding.

wireFormat - A WireFormat object used to encode the input.

Throws:

SecurityException

signWithSha256

public final void signWithSha256(Data data)
                          throws SecurityException

Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.

Parameters:

data - The Data object to be signed. This updates its signature and wireEncoding.

Throws:

SecurityException

signWithSha256

public final void signWithSha256(Interest interest,
                  WireFormat wireFormat)
                          throws SecurityException

Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and append a final name component with the signature bits (which is the digest).

Parameters:

interest - The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.

wireFormat - A WireFormat object used to encode the input.

Throws:

SecurityException

signWithSha256

public final void signWithSha256(Interest interest)
                          throws SecurityException

Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and append a final name component with the signature bits (which is the digest).

Parameters:

interest - The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.

Throws:

SecurityException

verifyData

public final void verifyData(Data data,
              OnVerified onVerified,
              OnVerifyFailed onVerifyFailed,
              int stepCount)
                      throws SecurityException

Throws:

SecurityException

verifyData

public final void verifyData(Data data,
              OnVerified onVerified,
              OnVerifyFailed onVerifyFailed)
                      throws SecurityException

Check the signature on the Data object and call either onVerify.onVerify or onVerifyFailed.onVerifyFailed. We use callback functions because verify may fetch information to check the signature.

Parameters:

data - The Data object with the signature to check. It is an error if data does not have a wireEncoding. To set the wireEncoding, you can call data.wireDecode.

onVerified - If the signature is verified, this calls onVerified.onVerified(data). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.

onVerifyFailed - If the signature check fails, this calls onVerifyFailed.onVerifyFailed(data). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.

Throws:

SecurityException

verifyInterest

public final void verifyInterest(Interest interest,
                  OnVerifiedInterest onVerified,
                  OnVerifyInterestFailed onVerifyFailed,
                  int stepCount)
                          throws SecurityException

Throws:

SecurityException

verifyInterest

public final void verifyInterest(Interest interest,
                  OnVerifiedInterest onVerified,
                  OnVerifyInterestFailed onVerifyFailed)
                          throws SecurityException

Check the signature on the signed interest and call either onVerify.onVerifiedInterest or onVerifyFailed.onVerifyInterestFailed. We use callback functions because verify may fetch information to check the signature.

Parameters:

interest - The interest with the signature to check.

onVerified - If the signature is verified, this calls onVerified.onVerifiedInterest(interest). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.

onVerifyFailed - If the signature check fails, this calls onVerifyFailed.onVerifyInterestFailed(interest). NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.

Throws:

SecurityException

setFace

public final void setFace(Face face)

Set the Face which will be used to fetch required certificates.

Parameters:

face - The Face object.

signWithHmacWithSha256

public static void signWithHmacWithSha256(Data data,
                          Blob key,
                          WireFormat wireFormat)

Wire encode the data packet, compute an HmacWithSha256 and update the signature value.

Parameters:

data - The Data object to be signed. This updates its signature.

key - The key for the HmacWithSha256.

wireFormat - A WireFormat object used to encode the data packet.

Note:

This method is an experimental feature. The API may change.

signWithHmacWithSha256

public static void signWithHmacWithSha256(Data data,
                          Blob key)

Wire encode the data packet, compute an HmacWithSha256 and update the signature value. Use the default WireFormat.getDefaultWireFormat().

Parameters:

data - The Data object to be signed. This updates its signature.

key - The key for the HmacWithSha256.

Note:

This method is an experimental feature. The API may change.

verifyDataWithHmacWithSha256

public static boolean verifyDataWithHmacWithSha256(Data data,
                                   Blob key,
                                   WireFormat wireFormat)

Compute a new HmacWithSha256 for the data packet and verify it against the signature value.

Parameters:

data - The Data packet to verify.

key - The key for the HmacWithSha256.

wireFormat - A WireFormat object used to encode the data packet.

Returns:

True if the signature verifies, otherwise false.

Note:

This method is an experimental feature. The API may change.

verifyDataWithHmacWithSha256

public static boolean verifyDataWithHmacWithSha256(Data data,
                                   Blob key)

Compute a new HmacWithSha256 for the data packet and verify it against the signature value. Use the default WireFormat.getDefaultWireFormat().

Parameters:

data - The Data packet to verify.

key - The key for the HmacWithSha256.

Returns:

True if the signature verifies, otherwise false.

Note:

This method is an experimental feature. The API may change.