net.named_data.jndn.security
public class KeyChain extends Object
Modifier and Type | Field and Description |
---|---|
static RsaKeyParams |
DEFAULT_KEY_PARAMS |
Constructor and Description |
---|
KeyChain()
Create a new KeyChain with the the default IdentityManager and a
NoVerifyPolicyManager.
|
KeyChain(IdentityManager identityManager)
Create a new KeyChain with the given IdentityManager and a
NoVerifyPolicyManager.
|
KeyChain(IdentityManager identityManager,
PolicyManager policyManager)
Create a new KeyChain with the given IdentityManager and PolicyManager.
|
Modifier and Type | Method and Description |
---|---|
Name |
createIdentity(Name identityName)
Deprecated.
Use createIdentityAndCertificate which returns the
certificate name instead of the key name.
|
Name |
createIdentity(Name identityName,
KeyParams params)
Deprecated.
Use createIdentityAndCertificate which returns the
certificate name instead of the key name.
|
Name |
createIdentityAndCertificate(Name identityName)
Create an identity by creating a pair of Key-Signing-Key (KSK) for this
identity and a self-signed certificate of the KSK.
|
Name |
createIdentityAndCertificate(Name identityName,
KeyParams params)
Create an identity by creating a pair of Key-Signing-Key (KSK) for this
identity and a self-signed certificate of the KSK.
|
Blob |
createSigningRequest(Name keyName)
Create a public key signing request.
|
void |
deleteIdentity(Name identityName)
Delete the identity from the public and private key storage.
|
Name |
generateEcdsaKeyPair(Name identityName)
Generate a pair of ECDSA keys for the specified identity for a
Data-Signing-Key and default keySize 256.
|
Name |
generateEcdsaKeyPair(Name identityName,
boolean isKsk)
Generate a pair of ECDSA keys for the specified identity and default keySize
256.
|
Name |
generateEcdsaKeyPair(Name identityName,
boolean isKsk,
int keySize)
Generate a pair of ECDSA keys for the specified identity.
|
Name |
generateEcdsaKeyPairAsDefault(Name identityName)
Generate a pair of ECDSA keys for the specified identity and set it as
default key for the identity for a Data-Signing-Key and using the default
keySize 256.
|
Name |
generateEcdsaKeyPairAsDefault(Name identityName,
boolean isKsk)
Generate a pair of ECDSA keys for the specified identity and set it as
default key for the identity, using the default keySize 256.
|
Name |
generateEcdsaKeyPairAsDefault(Name identityName,
boolean isKsk,
int keySize)
Generate a pair of ECDSA keys for the specified identity and set it as
default key for the identity.
|
Name |
generateRSAKeyPair(Name identityName)
Generate a pair of RSA keys for the specified identity for a
Data-Signing-Key and default keySize 2048.
|
Name |
generateRSAKeyPair(Name identityName,
boolean isKsk)
Generate a pair of RSA keys for the specified identity and default keySize
2048.
|
Name |
generateRSAKeyPair(Name identityName,
boolean isKsk,
int keySize)
Generate a pair of RSA keys for the specified identity.
|
Name |
generateRSAKeyPairAsDefault(Name identityName)
Generate a pair of RSA keys for the specified identity and set it as
default key for the identity for a Data-Signing-Key and using the default
keySize 2048.
|
Name |
generateRSAKeyPairAsDefault(Name identityName,
boolean isKsk)
Generate a pair of RSA keys for the specified identity and set it as
default key for the identity, using the default keySize 2048.
|
Name |
generateRSAKeyPairAsDefault(Name identityName,
boolean isKsk,
int keySize)
Generate a pair of RSA keys for the specified identity and set it as
default key for the identity.
|
IdentityCertificate |
getCertificate(Name certificateName)
Get a certificate with the specified name.
|
Name |
getDefaultCertificateName()
Get the default certificate name of the default identity.
|
Name |
getDefaultIdentity()
Get the default identity.
|
IdentityCertificate |
getIdentityCertificate(Name certificateName)
Deprecated.
Use getCertificate.
|
IdentityManager |
getIdentityManager()
Get the identity manager given to or created by the constructor.
|
void |
installIdentityCertificate(IdentityCertificate certificate)
Install an identity certificate into the public key identity storage.
|
void |
revokeCertificate(Name certificateName)
Revoke a certificate.
|
void |
revokeKey(Name keyName)
Revoke a key.
|
void |
setDefaultCertificateForKey(IdentityCertificate certificate)
Set the certificate as the default for its corresponding key.
|
void |
setDefaultKeyForIdentity(Name keyName)
Set a key as the default key of an identity.
|
void |
setDefaultKeyForIdentity(Name keyName,
Name identityNameCheck)
Set a key as the default key of an identity.
|
void |
setFace(Face face)
Set the Face which will be used to fetch required certificates.
|
Signature |
sign(ByteBuffer buffer,
Name certificateName)
Sign the byte buffer using a certificate name and return a Signature object.
|
void |
sign(Data data)
Wire encode the Data object, sign it with the default identity and set its
signature.
|
void |
sign(Data data,
Name certificateName)
Wire encode the Data object, sign it and set its signature.
|
void |
sign(Data data,
Name certificateName,
WireFormat wireFormat)
Wire encode the Data object, sign it and set its signature.
|
void |
sign(Data data,
WireFormat wireFormat)
Wire encode the Data object, sign it with the default identity and set its
signature.
|
void |
sign(Interest interest)
Append a SignatureInfo to the Interest name, sign the name components with
the default identity and append a final name component with the signature
bits.
|
void |
sign(Interest interest,
Name certificateName)
Append a SignatureInfo to the Interest name, sign the name components and
append a final name component with the signature bits.
|
void |
sign(Interest interest,
Name certificateName,
WireFormat wireFormat)
Append a SignatureInfo to the Interest name, sign the name components and
append a final name component with the signature bits.
|
void |
sign(Interest interest,
WireFormat wireFormat)
Append a SignatureInfo to the Interest name, sign the name components with
the default identity and append a final name component with the signature
bits.
|
Signature |
signByIdentity(ByteBuffer buffer,
Name identityName)
Sign the byte buffer using an identity name and return a Signature object.
|
void |
signByIdentity(Data data)
Wire encode the Data object, sign it and set its signature.
|
void |
signByIdentity(Data data,
Name identityName)
Wire encode the Data object, sign it and set its signature.
|
void |
signByIdentity(Data data,
Name identityName,
WireFormat wireFormat)
Wire encode the Data object, sign it and set its signature.
|
static void |
signWithHmacWithSha256(Data data,
Blob key)
Wire encode the data packet, compute an HmacWithSha256 and update the
signature value.
|
static void |
signWithHmacWithSha256(Data data,
Blob key,
WireFormat wireFormat)
Wire encode the data packet, compute an HmacWithSha256 and update the
signature value.
|
void |
signWithSha256(Data data)
Wire encode the Data object, digest it and set its SignatureInfo to
a DigestSha256.
|
void |
signWithSha256(Data data,
WireFormat wireFormat)
Wire encode the Data object, digest it and set its SignatureInfo to
a DigestSha256.
|
void |
signWithSha256(Interest interest)
Append a SignatureInfo for DigestSha256 to the Interest name, digest the
name components and append a final name component with the signature bits
(which is the digest).
|
void |
signWithSha256(Interest interest,
WireFormat wireFormat)
Append a SignatureInfo for DigestSha256 to the Interest name, digest the
name components and append a final name component with the signature bits
(which is the digest).
|
void |
verifyData(Data data,
OnVerified onVerified,
OnVerifyFailed onVerifyFailed)
Check the signature on the Data object and call either onVerify.onVerify or
onVerifyFailed.onVerifyFailed.
|
void |
verifyData(Data data,
OnVerified onVerified,
OnVerifyFailed onVerifyFailed,
int stepCount) |
static boolean |
verifyDataWithHmacWithSha256(Data data,
Blob key)
Compute a new HmacWithSha256 for the data packet and verify it against the
signature value.
|
static boolean |
verifyDataWithHmacWithSha256(Data data,
Blob key,
WireFormat wireFormat)
Compute a new HmacWithSha256 for the data packet and verify it against the
signature value.
|
void |
verifyInterest(Interest interest,
OnVerifiedInterest onVerified,
OnVerifyInterestFailed onVerifyFailed)
Check the signature on the signed interest and call either
onVerify.onVerifiedInterest or onVerifyFailed.onVerifyInterestFailed.
|
void |
verifyInterest(Interest interest,
OnVerifiedInterest onVerified,
OnVerifyInterestFailed onVerifyFailed,
int stepCount) |
public static final RsaKeyParams DEFAULT_KEY_PARAMS
public KeyChain(IdentityManager identityManager, PolicyManager policyManager)
identityManager
- An object of a subclass of IdentityManager.policyManager
- An object of a subclass of PolicyManager.public KeyChain(IdentityManager identityManager)
identityManager
- An object of a subclass of IdentityManager.public KeyChain() throws SecurityException
SecurityException
public final Name createIdentityAndCertificate(Name identityName, KeyParams params) throws SecurityException
identityName
- The name of the identity.params
- The key parameters if a key needs to be generated for the
identity.SecurityException
- if the identity has already been created.public final Name createIdentityAndCertificate(Name identityName) throws SecurityException
identityName
- The name of the identity.SecurityException
- if the identity has already been created.public final Name createIdentity(Name identityName, KeyParams params) throws SecurityException
identityName
- The name of the identity.params
- The key parameters if a key needs to be generated for the
identity.SecurityException
- if the identity has already been created.public final Name createIdentity(Name identityName) throws SecurityException
identityName
- The name of the identity.SecurityException
- if the identity has already been created.public final void deleteIdentity(Name identityName) throws SecurityException
identityName
- The name of the identity.SecurityException
public final Name getDefaultIdentity() throws SecurityException
SecurityException
- if the default identity is not set.public final Name getDefaultCertificateName() throws SecurityException
SecurityException
- if the default identity is not set or the default
key name for the identity is not set or the default certificate name for
the key name is not set.public final Name generateRSAKeyPair(Name identityName, boolean isKsk, int keySize) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).keySize
- The size of the key.SecurityException
public final Name generateRSAKeyPair(Name identityName, boolean isKsk) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).SecurityException
public final Name generateRSAKeyPair(Name identityName) throws SecurityException
identityName
- The name of the identity.SecurityException
public final Name generateEcdsaKeyPair(Name identityName, boolean isKsk, int keySize) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).keySize
- The size of the key.SecurityException
public final Name generateEcdsaKeyPair(Name identityName, boolean isKsk) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).SecurityException
public final Name generateEcdsaKeyPair(Name identityName) throws SecurityException
identityName
- The name of the identity.SecurityException
public final void setDefaultKeyForIdentity(Name keyName, Name identityNameCheck) throws SecurityException
keyName
- The name of the key.identityNameCheck
- The identity name to check that the keyName
contains the same identity name. If an empty name, it is ignored.SecurityException
public final void setDefaultKeyForIdentity(Name keyName) throws SecurityException
keyName
- The name of the key.SecurityException
public final Name generateRSAKeyPairAsDefault(Name identityName, boolean isKsk, int keySize) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).keySize
- The size of the key.SecurityException
public final Name generateRSAKeyPairAsDefault(Name identityName, boolean isKsk) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).SecurityException
public final Name generateRSAKeyPairAsDefault(Name identityName) throws SecurityException
identityName
- The name of the identity.SecurityException
public final Name generateEcdsaKeyPairAsDefault(Name identityName, boolean isKsk, int keySize) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).keySize
- The size of the key.SecurityException
public final Name generateEcdsaKeyPairAsDefault(Name identityName, boolean isKsk) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).SecurityException
public final Name generateEcdsaKeyPairAsDefault(Name identityName) throws SecurityException
identityName
- The name of the identity.SecurityException
public final Blob createSigningRequest(Name keyName) throws SecurityException
keyName
- The name of the key.SecurityException
- if the keyName is not found.public final void installIdentityCertificate(IdentityCertificate certificate) throws SecurityException
certificate
- The certificate to to added.SecurityException
public final void setDefaultCertificateForKey(IdentityCertificate certificate) throws SecurityException
certificate
- The certificate.SecurityException
public final IdentityCertificate getCertificate(Name certificateName) throws SecurityException, DerDecodingException
certificateName
- The name of the requested certificate.SecurityException
DerDecodingException
public final IdentityCertificate getIdentityCertificate(Name certificateName) throws SecurityException, DerDecodingException
public final void revokeKey(Name keyName)
keyName
- The name of the key that will be revoked.public final void revokeCertificate(Name certificateName)
certificateName
- The name of the certificate that will be revoked.public final IdentityManager getIdentityManager()
public final void sign(Data data, Name certificateName, WireFormat wireFormat) throws SecurityException
data
- The Data object to be signed. This updates its signature and
key locator field and wireEncoding.certificateName
- The certificate name of the key to use for signing.wireFormat
- A WireFormat object used to encode the input.SecurityException
public final void sign(Data data, Name certificateName) throws SecurityException
data
- The Data object to be signed. This updates its signature and
key locator field and wireEncoding.certificateName
- The certificate name of the key to use for signing.SecurityException
public final void sign(Data data, WireFormat wireFormat) throws SecurityException
data
- The Data object to be signed. This updates its signature and
key locator field and wireEncoding.wireFormat
- A WireFormat object used to encode the input.SecurityException
public final void sign(Data data) throws SecurityException
data
- The Data object to be signed. This updates its signature and
key locator field and wireEncoding.SecurityException
public final void sign(Interest interest, Name certificateName, WireFormat wireFormat) throws SecurityException
interest
- The Interest object to be signed. This appends name
components of SignatureInfo and the signature bits.certificateName
- The certificate name of the key to use for signing.wireFormat
- A WireFormat object used to encode the input.SecurityException
public final void sign(Interest interest, Name certificateName) throws SecurityException
interest
- The Interest object to be signed. This appends name
components of SignatureInfo and the signature bits.certificateName
- The certificate name of the key to use for signing.SecurityException
public final void sign(Interest interest, WireFormat wireFormat) throws SecurityException
interest
- The Interest object to be signed. This appends name
components of SignatureInfo and the signature bits.wireFormat
- A WireFormat object used to encode the input.SecurityException
public final void sign(Interest interest) throws SecurityException
interest
- The Interest object to be signed. This appends name
components of SignatureInfo and the signature bits.SecurityException
public Signature sign(ByteBuffer buffer, Name certificateName) throws SecurityException
buffer
- The byte array to be signed.certificateName
- The certificate name used to get the signing key and which will be put into KeyLocator.SecurityException
public final void signByIdentity(Data data, Name identityName, WireFormat wireFormat) throws SecurityException
data
- The Data object to be signed. This updates its signature and
key locator field and wireEncoding.identityName
- The identity name for the key to use for signing.
If empty, infer the signing identity from the data packet name.wireFormat
- A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().SecurityException
public final void signByIdentity(Data data, Name identityName) throws SecurityException
data
- The Data object to be signed. This updates its signature and
key locator field and wireEncoding.
Use the default WireFormat.getDefaultWireFormat().identityName
- The identity name for the key to use for signing.
If empty, infer the signing identity from the data packet name.SecurityException
public final void signByIdentity(Data data) throws SecurityException
data
- The Data object to be signed. This updates its signature and
key locator field and wireEncoding.
Infer the signing identity from the data packet name.
Use the default WireFormat.getDefaultWireFormat().SecurityException
public Signature signByIdentity(ByteBuffer buffer, Name identityName) throws SecurityException
buffer
- The byte array to be signed.identityName
- The identity name.SecurityException
public final void signWithSha256(Data data, WireFormat wireFormat) throws SecurityException
data
- The Data object to be signed. This updates its signature and
wireEncoding.wireFormat
- A WireFormat object used to encode the input.SecurityException
public final void signWithSha256(Data data) throws SecurityException
data
- The Data object to be signed. This updates its signature and
wireEncoding.SecurityException
public final void signWithSha256(Interest interest, WireFormat wireFormat) throws SecurityException
interest
- The Interest object to be signed. This appends name
components of SignatureInfo and the signature bits.wireFormat
- A WireFormat object used to encode the input.SecurityException
public final void signWithSha256(Interest interest) throws SecurityException
interest
- The Interest object to be signed. This appends name
components of SignatureInfo and the signature bits.SecurityException
public final void verifyData(Data data, OnVerified onVerified, OnVerifyFailed onVerifyFailed, int stepCount) throws SecurityException
SecurityException
public final void verifyData(Data data, OnVerified onVerified, OnVerifyFailed onVerifyFailed) throws SecurityException
data
- The Data object with the signature to check. It is an error if
data does not have a wireEncoding.
To set the wireEncoding, you can call data.wireDecode.onVerified
- If the signature is verified, this calls
onVerified.onVerified(data).
NOTE: The library will log any exceptions thrown by this callback, but for
better error handling the callback should catch and properly handle any
exceptions.onVerifyFailed
- If the signature check fails, this calls
onVerifyFailed.onVerifyFailed(data).
NOTE: The library will log any exceptions thrown by this callback, but for
better error handling the callback should catch and properly handle any
exceptions.SecurityException
public final void verifyInterest(Interest interest, OnVerifiedInterest onVerified, OnVerifyInterestFailed onVerifyFailed, int stepCount) throws SecurityException
SecurityException
public final void verifyInterest(Interest interest, OnVerifiedInterest onVerified, OnVerifyInterestFailed onVerifyFailed) throws SecurityException
interest
- The interest with the signature to check.onVerified
- If the signature is verified, this calls
onVerified.onVerifiedInterest(interest).
NOTE: The library will log any exceptions thrown by this callback, but for
better error handling the callback should catch and properly handle any
exceptions.onVerifyFailed
- If the signature check fails, this calls
onVerifyFailed.onVerifyInterestFailed(interest).
NOTE: The library will log any exceptions thrown by this callback, but for
better error handling the callback should catch and properly handle any
exceptions.SecurityException
public final void setFace(Face face)
face
- The Face object.public static void signWithHmacWithSha256(Data data, Blob key, WireFormat wireFormat)
data
- The Data object to be signed. This updates its signature.key
- The key for the HmacWithSha256.wireFormat
- A WireFormat object used to encode the data packet.public static void signWithHmacWithSha256(Data data, Blob key)
data
- The Data object to be signed. This updates its signature.key
- The key for the HmacWithSha256.public static boolean verifyDataWithHmacWithSha256(Data data, Blob key, WireFormat wireFormat)
data
- The Data packet to verify.key
- The key for the HmacWithSha256.wireFormat
- A WireFormat object used to encode the data packet.public static boolean verifyDataWithHmacWithSha256(Data data, Blob key)
data
- The Data packet to verify.key
- The key for the HmacWithSha256.Copyright © 2016. All rights reserved.