JSDoc: Class: IdentityManager

new IdentityManager(identityStorage, privateKeyStorage)

An IdentityManager is the interface of operations related to identity, keys, and certificates. Create a new IdentityManager to use the given IdentityStorage and PrivateKeyStorage.

Parameters:

Name	Type	Description
`identityStorage`	IdentityStorage	An object of a subclass of IdentityStorage.
`privateKeyStorage`	PrivateKeyStorage	An object of a subclass of PrivateKeyStorage.

Source:

security/identity/identity-manager.js, line 49

Methods

(static) certificateNameToPublicKeyName(certificateName) → {Name}

Get the public key name from the full certificate name.

Parameters:

Name	Type	Description
`certificateName`	Name	The full certificate name.

Source:

security/identity/identity-manager.js, line 541

Returns:

The related public key name. TODO: Move this to IdentityCertificate

Type: Name

addCertificate(certificate)

Add a certificate into the public key identity storage.

Parameters:

Name	Type	Description
`certificate`	IdentityCertificate	The certificate to to added. This makes a copy of the certificate.

Source:

security/identity/identity-manager.js, line 219

addCertificateAsDefault(certificate)

Add a certificate into the public key identity storage and set the certificate as the default of its corresponding key.

Parameters:

Name	Type	Description
`certificate`	IdentityCertificate	The certificate to be added. This makes a copy of the certificate.

Source:

security/identity/identity-manager.js, line 259

addCertificateAsIdentityDefault(certificate)

Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.

Parameters:

Name	Type	Description
`certificate`	IdentityCertificate	The certificate to be added. This makes a copy of the certificate.

Source:

security/identity/identity-manager.js, line 246

createIdentity(identityName) → {Name}

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.

Parameters:

Name	Type	Description
`identityName`	Name	The name of the identity.

Deprecated:

Use createIdentityAndCertificate which returns the certificate name instead of the key name. You can use IdentityCertificate.certificateNameToPublicKeyName to convert the certificate name to the key name.

Source:

security/identity/identity-manager.js, line 91

Returns:

The key name of the auto-generated KSK of the identity.

Type: Name

createIdentityAndCertificate(identityName) → {Name}

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.

Parameters:

Name	Type	Description
`identityName`	Name	The name of the identity.

Source:

security/identity/identity-manager.js, line 67

Returns:

The name of the certificate for the auto-generated KSK of the identity.

Type: Name

deleteIdentity(identityName)

Delete the identity from the public and private key storage. If the identity to be deleted is the current default system default, this will not delete the identity and will return immediately.

Parameters:

Name	Type	Description
`identityName`	Name	The name of the identity.

Source:

security/identity/identity-manager.js, line 103

generateKeyPair(identityName, isKsk, params) → {Name}

A private method to generate a pair of keys for the specified identity.

Parameters:

Name	Type	Description
`identityName`	Name	The name of the identity.
`isKsk`	boolean	true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK).
`params`	KeyParams	The parameters of the key.

Source:

security/identity/identity-manager.js, line 600

Returns:

The generated key name.

Type: Name

generateRSAKeyPair(identityName, isKsk, keySize) → {Name}

Generate a pair of RSA keys for the specified identity.

Parameters:

Name	Type	Description
`identityName`	Name	The name of the identity.
`isKsk`	boolean	(optional) true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). If omitted, generate a Data-Signing-Key.
`keySize`	number	(optional) The size of the key. If omitted, use a default secure key size.

Source:

security/identity/identity-manager.js, line 153

Returns:

The generated key name.

Type: Name

generateRSAKeyPairAsDefault(identityName, isKsk, keySize) → {Name}

Generate a pair of RSA keys for the specified identity and set it as default key for the identity.

Parameters:

Name	Type	Description
`identityName`	Name	The name of the identity.
`isKsk`	boolean	(optional) true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). If omitted, generate a Data-Signing-Key.
`keySize`	number	(optional) The size of the key. If omitted, use a default secure key size.

Source:

security/identity/identity-manager.js, line 194

Returns:

The generated key name.

Type: Name

getAnyCertificate(certificateName) → {IdentityCertificate}

Get a certificate even if the certificate is not valid anymore.

Parameters:

Name	Type	Description
`certificateName`	Name	The name of the requested certificate.

Source:

security/identity/identity-manager.js, line 280

Returns:

the requested certificate.

Type: IdentityCertificate

getCertificate(certificateName) → {IdentityCertificate}

Get a certificate with the specified name.

Parameters:

Name	Type	Description
`certificateName`	Name	The name of the requested certificate.

Source:

security/identity/identity-manager.js, line 270

Returns:

the requested certificate which is valid.

Type: IdentityCertificate

getDefaultCertificateName() → {Name}

Get the default certificate name of the default identity, which will be used when signing is based on identity and the identity is not specified.

Source:

security/identity/identity-manager.js, line 307

Throws:

SecurityException if the default identity is not set or the default key name for the identity is not set or the default certificate name for the key name is not set.

Returns:

The requested certificate name.

Type: Name

getDefaultCertificateNameForIdentity(identityName) → {Name}

Get the default certificate name for the specified identity, which will be used when signing is performed based on identity.

Parameters:

Name	Type	Description
`identityName`	Name	The name of the specified identity.

Source:

security/identity/identity-manager.js, line 293

Throws:

SecurityException if the default key name for the identity is not set or the default certificate name for the key name is not set.

Returns:

The requested certificate name.

Type: Name

getDefaultIdentity() → {Name}

Get the default identity.

Source:

security/identity/identity-manager.js, line 139

Throws:

SecurityException if the default identity is not set.

Returns:

The name of default identity.

Type: Name

getDefaultKeyNameForIdentity(identityName) → {Name}

Get the default key for an identity.

Parameters:

Name	Type	Description
`identityName`	Name	The name of the identity.

Source:

security/identity/identity-manager.js, line 179

Throws:

SecurityException if the default key name for the identity is not set.

Returns:

The default key name.

Type: Name

getPublicKey(keyName) → {PublicKey}

Get the public key with the specified name.

Parameters:

Name	Type	Description
`keyName`	Name	The name of the key.

Source:

security/identity/identity-manager.js, line 207

Returns:

The public key.

Type: PublicKey

makeSignatureByCertificate(certificateName, digestAlgorithm) → {Signature}

Return a new Signature object based on the signature algorithm of the public key with keyName (derived from certificateName).

Parameters:

Name	Type	Description
`certificateName`	Name	The certificate name.
`digestAlgorithm`	Array	Set digestAlgorithm[0] to the signature algorithm's digest algorithm, e.g. DigestAlgorithm.SHA256.

Source:

security/identity/identity-manager.js, line 572

Returns:

A new object of the correct subclass of Signature.

Type: Signature

selfSign(keyName) → {IdentityCertificate}

Generate a self-signed certificate for a public key.

Parameters:

Name	Type	Description
`keyName`	Name	The name of the public key.

Source:

security/identity/identity-manager.js, line 506

Returns:

The generated certificate.

Type: IdentityCertificate

setDefaultCertificateForKey(certificate)

Set the certificate as the default for its corresponding key.

Parameters:

Name	Type	Description
`certificate`	IdentityCertificate	The certificate.

Source:

security/identity/identity-manager.js, line 228

setDefaultIdentity(identityName)

Set the default identity. If the identityName does not exist, then clear the default identity so that getDefaultIdentity() throws an exception.

Parameters:

Name	Type	Description
`identityName`	Name	The default identity name.

Source:

security/identity/identity-manager.js, line 129

setDefaultKeyForIdentity(keyName, identityName)

Set a key as the default key of an identity.

Parameters:

Name	Type	Description
`keyName`	Name	The name of the key.
`identityName`	Name	(optional) the name of the identity. If not specified, the identity name is inferred from the keyName.

Source:

security/identity/identity-manager.js, line 165

signByCertificate(target, certificateName, (optional), onComplete) → {Signature}

Sign the Data packet or byte array data based on the certificate name.

Parameters:

Name	Type	Description
`target`	Data \| Buffer	If this is a Data object, wire encode for signing, update its signature and key locator field and wireEncoding. If it is a Biffer, sign it to produce a Signature object.
`certificateName`	Name	The Name identifying the certificate which identifies the signing key.
`(optional)`	WireFormat	The WireFormat for calling encodeData, or WireFormat.getDefaultWireFormat() if omitted.
`onComplete`	function	(optional) If target is a Data object, this calls onComplete(data) with the supplied Data object which has been modified to set its signature. If target is a Buffer, this calls onComplete(signature) where signature is the produced Signature object. If omitted, the return value is described below. (Some crypto libraries only use a callback, so onComplete is required to use these.)

Source:

security/identity/identity-manager.js, line 332

Returns:

If onComplete is omitted, return the generated Signature object (if target is a Buffer) or null (if target is Data). Otherwise, if onComplete is supplied then return null and use onComplete as described above.

Type: Signature

signInterestByCertificate(interest, certificateName, wireFormat, onComplete)

Append a SignatureInfo to the Interest name, sign the name components and append a final name component with the signature bits.

Parameters:

Name	Type	Description
`interest`	Interest	The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.
`certificateName`	Name	The certificate name of the key to use for signing.
`wireFormat`	WireFormat	(optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
`onComplete`	function	(optional) This calls onComplete(interest) with the supplied Interest object which has been modified to set its signature. If omitted, then return when the interest has been signed. (Some crypto libraries only use a callback, so onComplete is required to use these.)

Source:

security/identity/identity-manager.js, line 404

signInterestWithSha256(interest, wireFormat)

Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and append a final name component with the signature bits (which is the digest).

Parameters:

Name	Type	Description
`interest`	Interest	The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.
`wireFormat`	WireFormat	(optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().

Source:

security/identity/identity-manager.js, line 477

signWithSha256(data, (optional))

Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.

Parameters:

Name	Type	Description
`data`	Data	The Data object to be signed. This updates its signature and wireEncoding.
`(optional)`	WireFormat	The WireFormat for calling encodeData, or WireFormat.getDefaultWireFormat() if omitted.

Source:

security/identity/identity-manager.js, line 451