Class: IdentityManager

IdentityManager

new IdentityManager(identityStorage, privateKeyStorage)

An IdentityManager is the interface of operations related to identity, keys, and certificates. Create a new IdentityManager to use the given IdentityStorage and PrivateKeyStorage.
Parameters:
Name Type Description
identityStorage IdentityStorage An object of a subclass of IdentityStorage.
privateKeyStorage PrivateKeyStorage An object of a subclass of PrivateKeyStorage.
Source:

Methods

(static) certificateNameToPublicKeyName(certificateName) → {Name}

Get the public key name from the full certificate name.
Parameters:
Name Type Description
certificateName Name The full certificate name.
Source:
Returns:
The related public key name. TODO: Move this to IdentityCertificate
Type
Name

addCertificate(certificate, onComplete, onError)

Add a certificate into the public key identity storage.
Parameters:
Name Type Description
certificate IdentityCertificate The certificate to to added. This makes a copy of the certificate.
onComplete function (optional) This calls onComplete() when complete. (Some database libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.)
Source:

addCertificateAsDefault(certificate, onComplete, onError)

Add a certificate into the public key identity storage and set the certificate as the default of its corresponding key.
Parameters:
Name Type Description
certificate IdentityCertificate The certificate to be added. This makes a copy of the certificate.
onComplete function (optional) This calls onComplete() when complete. (Some database libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.)
Source:

addCertificateAsIdentityDefaultPromise(certificate, useSync) → {Promise|SyncPromise}

Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.
Parameters:
Name Type Description
certificate IdentityCertificate The certificate to be added. This makes a copy of the certificate.
useSync boolean (optional) If true then return a SyncPromise which is already fulfilled. If false, this may return a SyncPromise or an async Promise.
Source:
Returns:
A promise which fulfills when the certificate is added.
Type
Promise | SyncPromise

createIdentity(identityName) → {Name}

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. If a key pair or certificate for the identity already exists, use it.
Parameters:
Name Type Description
identityName Name The name of the identity.
Deprecated:
  • Use createIdentityAndCertificate which returns the certificate name instead of the key name. You can use IdentityCertificate.certificateNameToPublicKeyName to convert the certificate name to the key name.
Source:
Returns:
The key name of the auto-generated KSK of the identity.
Type
Name

createIdentityAndCertificate(identityName, onComplete, onError) → {Name}

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. If a key pair or certificate for the identity already exists, use it.
Parameters:
Name Type Description
identityName Name The name of the identity.
onComplete function (optional) This calls onComplete(certificateName) with the name of the default certificate of the identity. If omitted, the return value is described below. (Some crypto libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some crypto libraries only use a callback, so onError is required to be notified of an exception.)
Source:
Returns:
If onComplete is omitted, return the name of the default certificate of the identity. Otherwise, if onComplete is supplied then return undefined and use onComplete as described above.
Type
Name

createIdentityAndCertificatePromise(identityName, useSync) → {Promise|SyncPromise}

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. If a key pair or certificate for the identity already exists, use it.
Parameters:
Name Type Description
identityName Name The name of the identity.
useSync boolean (optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.
Source:
Returns:
A promise which returns the name of the default certificate of the identity.
Type
Promise | SyncPromise

deleteIdentity(identityName, onComplete, onError)

Delete the identity from the public and private key storage. If the identity to be deleted is the current default system default, this will not delete the identity and will return immediately.
Parameters:
Name Type Description
identityName Name The name of the identity.
onComplete function (optional) This calls onComplete() when the operation is complete. If omitted, do not use it. (Some database libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.)
Source:

generateKeyPairPromise(identityName, isKsk, params, useSync) → {Promise|SyncPromise}

A private method to generate a pair of keys for the specified identity.
Parameters:
Name Type Description
identityName Name The name of the identity.
isKsk boolean true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK).
params KeyParams The parameters of the key.
useSync boolean (optional) If true then return a SyncPromise which is already fulfilled. If false, this may return a SyncPromise or an async Promise.
Source:
Returns:
A promise which returns the generated key name.
Type
Promise | SyncPromise

generateRSAKeyPair(identityName, isKsk, keySize) → {Name}

Generate a pair of RSA keys for the specified identity.
Parameters:
Name Type Description
identityName Name The name of the identity.
isKsk boolean True for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK).
keySize number The size of the key.
Source:
Returns:
The generated key name.
Type
Name

generateRSAKeyPairAsDefault(identityName, isKsk, keySize) → {Name}

Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
Parameters:
Name Type Description
identityName Name The name of the identity.
isKsk boolean True for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK).
keySize number The size of the key.
Source:
Returns:
The generated key name.
Type
Name

generateRSAKeyPairAsDefaultPromise(identityName, isKsk, keySize, useSync) → {Promise|SyncPromise}

Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
Parameters:
Name Type Description
identityName Name The name of the identity.
isKsk boolean True for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK).
keySize number The size of the key.
useSync boolean (optional) If true then return a SyncPromise which is already fulfilled. If false, this may return a SyncPromise or an async Promise.
Source:
Returns:
A promise which returns the generated key name.
Type
Promise | SyncPromise

getAnyCertificate(certificateName, onComplete, onError) → {IdentityCertificate}

Get a certificate even if the certificate is not valid anymore.
Parameters:
Name Type Description
certificateName Name The name of the requested certificate.
onComplete function (optional) This calls onComplete(certificate) with the requested IdentityCertificate. If omitted, the return value is described below. (Some database libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.)
Source:
Returns:
If onComplete is omitted, return the requested certificate. Otherwise, if onComplete is supplied then return undefined and use onComplete as described above.
Type
IdentityCertificate

getCertificate(certificateName, onComplete, onError) → {IdentityCertificate}

Get a certificate which is still valid with the specified name.
Parameters:
Name Type Description
certificateName Name The name of the requested certificate.
onComplete function (optional) This calls onComplete(certificate) with the requested IdentityCertificate which is valid. If omitted, the return value is described below. (Some database libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.)
Source:
Returns:
If onComplete is omitted, return the requested certificate which is valid. Otherwise, if onComplete is supplied then return undefined and use onComplete as described above.
Type
IdentityCertificate

getDefaultCertificateName(onComplete, onError) → {Name}

Get the default certificate name of the default identity, which will be used when signing is based on identity and the identity is not specified.
Parameters:
Name Type Description
onComplete function (optional) This calls onComplete(certificateName) with name of the default certificate. If omitted, the return value is described below. (Some database libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.)
Source:
Throws:
SecurityException if the default identity is not set or the default key name for the identity is not set or the default certificate name for the key name is not set. However, if onComplete and onError are defined, then if there is an exception return undefined and call onError(exception).
Returns:
If onComplete is omitted, return the default certificate name. Otherwise, if onComplete is supplied then return undefined and use onComplete as described above.
Type
Name

getDefaultCertificateNameForIdentity(identityName, onComplete, onError) → {Name}

Get the default certificate name for the specified identity, which will be used when signing is performed based on identity.
Parameters:
Name Type Description
identityName Name The name of the specified identity.
onComplete function (optional) This calls onComplete(certificateName) with name of the default certificate. If omitted, the return value is described below. (Some database libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.)
Source:
Throws:
SecurityException if the default key name for the identity is not set or the default certificate name for the key name is not set. However, if onComplete and onError are defined, then if there is an exception return undefined and call onError(exception).
Returns:
If onComplete is omitted, return the default certificate name. Otherwise, if onComplete is supplied then return undefined and use onComplete as described above.
Type
Name

getDefaultCertificateNameForIdentityPromise(identityName, useSync) → {Promise|SyncPromise}

Get the default certificate name for the specified identity.
Parameters:
Name Type Description
identityName Name The identity name.
useSync boolean (optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.
Source:
Returns:
A promise which returns the default certificate Name, or a promise rejected with SecurityException if the default key name for the identity is not set or the default certificate name for the key name is not set.
Type
Promise | SyncPromise

getDefaultCertificatePromise(useSync) → {Promise|SyncPromise}

Get the certificate of the default identity.
Parameters:
Name Type Description
useSync boolean (optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.
Source:
Returns:
A promise which returns the requested IdentityCertificate or null if not found.
Type
Promise | SyncPromise

getDefaultIdentity(onComplete, onError) → {Name}

Get the default identity.
Parameters:
Name Type Description
onComplete function (optional) This calls onComplete(identityName) with name of the default identity. If omitted, the return value is described below. (Some database libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.)
Source:
Throws:
SecurityException if the default identity is not set. However, if onComplete and onError are defined, then if there is an exception return undefined and call onError(exception).
Returns:
If onComplete is omitted, return the name of the default identity. Otherwise, if onComplete is supplied then return undefined and use onComplete as described above.
Type
Name

getDefaultIdentityPromise(useSync) → {Promise|SyncPromise}

Get the default identity.
Parameters:
Name Type Description
useSync boolean (optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.
Source:
Returns:
A promise which returns the Name of default identity, or a promise rejected with SecurityException if the default identity is not set.
Type
Promise | SyncPromise

getDefaultKeyNameForIdentity(identityName, onComplete, onError) → {Name}

Get the default key for an identity.
Parameters:
Name Type Description
identityName Name The name of the identity.
onComplete function (optional) This calls onComplete(keyName) with name of the default key. If omitted, the return value is described below. (Some database libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.)
Source:
Throws:
SecurityException if the default key name for the identity is not set. However, if onComplete and onError are defined, then if there is an exception return undefined and call onError(exception).
Returns:
If onComplete is omitted, return the default key name. Otherwise, if onComplete is supplied then return undefined and use onComplete as described above.
Type
Name

getPublicKey(keyName, onComplete, onError) → {PublicKey}

Get the public key with the specified name.
Parameters:
Name Type Description
keyName Name The name of the key.
onComplete function (optional) This calls onComplete(publicKey) with PublicKey. If omitted, the return value is described below. (Some database libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.)
Source:
Returns:
If onComplete is omitted, return the public key. Otherwise, if onComplete is supplied then return undefined and use onComplete as described above.
Type
PublicKey

makeSignatureByCertificatePromise(certificateName, digestAlgorithm, useSync) → {Promise|SyncPromise}

Return a new Signature object based on the signature algorithm of the public key with keyName (derived from certificateName).
Parameters:
Name Type Description
certificateName Name The certificate name.
digestAlgorithm Array Set digestAlgorithm[0] to the signature algorithm's digest algorithm, e.g. DigestAlgorithm.SHA256.
useSync boolean (optional) If true then return a SyncPromise which is already fulfilled. If false, this may return a SyncPromise or an async Promise.
Source:
Returns:
A promise which returns a new object of the correct subclass of Signature.
Type
Promise | SyncPromise

selfSign(keyName, onComplete, onError) → {IdentityCertificate}

Generate a self-signed certificate for a public key.
Parameters:
Name Type Description
keyName Name The name of the public key.
onComplete function (optional) This calls onComplete(certificate) with the the generated IdentityCertificate. If omitted, the return value is described below. (Some crypto libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some crypto libraries only use a callback, so onError is required to be notified of an exception.)
Source:
Returns:
If onComplete is omitted, return the generated certificate. Otherwise, if onComplete is supplied then return undefined and use onComplete as described above.
Type
IdentityCertificate

selfSignPromise(keyName, useSync) → {Promise|SyncPromise}

Generate a self-signed certificate for a public key.
Parameters:
Name Type Description
keyName Name The name of the public key.
useSync boolean (optional) If true then return a SyncPromise which is already fulfilled. If false, this may return a SyncPromise or an async Promise.
Source:
Returns:
A promise which returns the generated IdentityCertificate.
Type
Promise | SyncPromise

setDefaultCertificateForKey(certificate, onComplete, onError)

Set the certificate as the default for its corresponding key.
Parameters:
Name Type Description
certificate IdentityCertificate The certificate.
onComplete function (optional) This calls onComplete() when complete. (Some database libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.)
Source:

setDefaultCertificateForKeyPromise(certificate, useSync) → {Promise|SyncPromise}

Set the certificate as the default for its corresponding key.
Parameters:
Name Type Description
certificate IdentityCertificate The certificate.
useSync boolean (optional) If true then return a SyncPromise which is already fulfilled. If false, this may return a SyncPromise or an async Promise.
Source:
Returns:
A promise which fulfills when the default certificate is set.
Type
Promise | SyncPromise

setDefaultIdentity(identityName, onComplete, onError)

Set the default identity. If the identityName does not exist, then clear the default identity so that getDefaultIdentity() throws an exception.
Parameters:
Name Type Description
identityName Name The default identity name.
onComplete function (optional) This calls onComplete() when complete. (Some database libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.)
Source:

setDefaultIdentityPromise(identityName, useSync) → {Promise|SyncPromise}

Set the default identity. If the identityName does not exist, then clear the default identity so that getDefaultIdentity() throws an exception.
Parameters:
Name Type Description
identityName Name The default identity name.
useSync boolean (optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.
Source:
Returns:
A promise which fulfills when the default identity is set.
Type
Promise | SyncPromise

setDefaultKeyForIdentity(keyName, identityNameCheck, onComplete, onError)

Set a key as the default key of an identity. The identity name is inferred from keyName.
Parameters:
Name Type Description
keyName Name The name of the key.
identityNameCheck Name (optional) The identity name to check that the keyName contains the same identity name. If an empty name, it is ignored.
onComplete function (optional) This calls onComplete() when complete. (Some database libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.)
Source:

signByCertificate(target, certificateName, (optional), onComplete, onError) → {Signature}

Sign the Data packet or byte array data based on the certificate name.
Parameters:
Name Type Description
target Data | Buffer If this is a Data object, wire encode for signing, update its signature and key locator field and wireEncoding. If it is a Buffer, sign it to produce a Signature object.
certificateName Name The Name identifying the certificate which identifies the signing key.
(optional) WireFormat The WireFormat for calling encodeData, or WireFormat.getDefaultWireFormat() if omitted.
onComplete function (optional) If target is a Data object, this calls onComplete(data) with the supplied Data object which has been modified to set its signature. If target is a Buffer, this calls onComplete(signature) where signature is the produced Signature object. If omitted, the return value is described below. (Some crypto libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some crypto libraries only use a callback, so onError is required to be notified of an exception.)
Source:
Returns:
If onComplete is omitted, return the generated Signature object (if target is a Buffer) or the target (if target is Data). Otherwise, if onComplete is supplied then return undefined and use onComplete as described above.
Type
Signature

signByCertificatePromise(target, certificateName, (optional), useSync) → {Promise|SyncPromise}

Sign the Data packet or byte array data based on the certificate name.
Parameters:
Name Type Description
target Data | Buffer If this is a Data object, wire encode for signing, update its signature and key locator field and wireEncoding. If it is a Buffer, sign it to produce a Signature object.
certificateName Name The Name identifying the certificate which identifies the signing key.
(optional) WireFormat The WireFormat for calling encodeData, or WireFormat.getDefaultWireFormat() if omitted.
useSync boolean (optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.
Source:
Returns:
A promise that returns the generated Signature object (if target is a Buffer) or the target (if target is Data).
Type
Promise | SyncPromise

signInterestByCertificate(interest, certificateName, wireFormat, onComplete, onError) → {Signature}

Append a SignatureInfo to the Interest name, sign the name components and append a final name component with the signature bits.
Parameters:
Name Type Description
interest Interest The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.
certificateName Name The certificate name of the key to use for signing.
wireFormat WireFormat (optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
onComplete function (optional) This calls onComplete(interest) with the supplied Interest object which has been modified to set its signature. If omitted, then return when the interest has been signed. (Some crypto libraries only use a callback, so onComplete is required to use these.)
onError function (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some crypto libraries only use a callback, so onError is required to be notified of an exception.)
Source:
Returns:
If onComplete is omitted, return the interest. Otherwise, if onComplete is supplied then return undefined and use onComplete as described above.
Type
Signature

signInterestByCertificatePromise(interest, certificateName, wireFormat, useSync) → {Promise|SyncPromise}

Append a SignatureInfo to the Interest name, sign the name components and append a final name component with the signature bits.
Parameters:
Name Type Description
interest Interest The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.
certificateName Name The certificate name of the key to use for signing.
wireFormat WireFormat (optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
useSync boolean (optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise.
Source:
Returns:
A promise that returns the supplied Interest.
Type
Promise | SyncPromise

signInterestWithSha256(interest, wireFormat)

Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and append a final name component with the signature bits (which is the digest).
Parameters:
Name Type Description
interest Interest The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.
wireFormat WireFormat (optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
Source:

signWithSha256(data, (optional))

Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.
Parameters:
Name Type Description
data Data The Data object to be signed. This updates its signature and wireEncoding.
(optional) WireFormat The WireFormat for calling encodeData, or WireFormat.getDefaultWireFormat() if omitted.
Source: