net.named_data.jndn.security.identity
public class IdentityManager extends Object
Constructor and Description |
---|
IdentityManager()
Create a new IdentityManager to use BasicIdentityStorage and
the default PrivateKeyStorage for your system, which is
OSXPrivateKeyStorage for OS X, otherwise FilePrivateKeyStorage.
|
IdentityManager(IdentityStorage identityStorage)
Create a new IdentityManager to use the given IdentityStorage and
the default PrivateKeyStorage for your system, which is
OSXPrivateKeyStorage for OS X, otherwise FilePrivateKeyStorage.
|
IdentityManager(IdentityStorage identityStorage,
PrivateKeyStorage privateKeyStorage)
Create a new IdentityManager to use the given identity and private key
storage.
|
Modifier and Type | Method and Description |
---|---|
void |
addCertificate(IdentityCertificate certificate)
Add a certificate into the public key identity storage.
|
void |
addCertificateAsDefault(IdentityCertificate certificate)
Add a certificate into the public key identity storage and set the
certificate as the default of its corresponding key.
|
void |
addCertificateAsIdentityDefault(IdentityCertificate certificate)
Add a certificate into the public key identity storage and set the
certificate as the default for its corresponding identity.
|
Name |
createIdentity(Name identityName,
KeyParams params)
Deprecated.
Use createIdentityAndCertificate which returns the
certificate name instead of the key name. You can use
IdentityCertificate.certificateNameToPublicKeyName to convert the
certificate name to the key name.
|
Name |
createIdentityAndCertificate(Name identityName,
KeyParams params)
Create an identity by creating a pair of Key-Signing-Key (KSK) for this
identity and a self-signed certificate of the KSK.
|
Name |
createIdentityCertificate(Name certificatePrefix,
Name signerCertificateName,
double notBefore,
double notAfter)
Create an identity certificate for a public key managed by this IdentityManager.
|
IdentityCertificate |
createIdentityCertificate(Name certificatePrefix,
PublicKey publicKey,
Name signerCertificateName,
double notBefore,
double notAfter)
Create an identity certificate for a public key supplied by the caller.
|
void |
deleteIdentity(Name identityName)
Delete the identity from the public and private key storage.
|
Name |
generateEcdsaKeyPair(Name identityName)
Generate a pair of ECDSA keys for the specified identity for a
Data-Signing-Key and default keySize 256.
|
Name |
generateEcdsaKeyPair(Name identityName,
boolean isKsk)
Generate a pair of ECDSA keys for the specified identity and default keySize
256.
|
Name |
generateEcdsaKeyPair(Name identityName,
boolean isKsk,
int keySize)
Generate a pair of ECDSA keys for the specified identity.
|
Name |
generateEcdsaKeyPairAsDefault(Name identityName)
Generate a pair of ECDSA keys for the specified identity and set it as
default key for the identity for a Data-Signing-Key and using the default
keySize 256.
|
Name |
generateEcdsaKeyPairAsDefault(Name identityName,
boolean isKsk)
Generate a pair of ECDSA keys for the specified identity and set it as
default key for the identity, using the default keySize 256.
|
Name |
generateEcdsaKeyPairAsDefault(Name identityName,
boolean isKsk,
int keySize)
Generate a pair of ECDSA keys for the specified identity and set it as
default key for the identity.
|
Name |
generateRSAKeyPair(Name identityName)
Generate a pair of RSA keys for the specified identity for a
Data-Signing-Key and default keySize 2048.
|
Name |
generateRSAKeyPair(Name identityName,
boolean isKsk)
Generate a pair of RSA keys for the specified identity and default keySize
2048.
|
Name |
generateRSAKeyPair(Name identityName,
boolean isKsk,
int keySize)
Generate a pair of RSA keys for the specified identity.
|
Name |
generateRSAKeyPairAsDefault(Name identityName)
Generate a pair of RSA keys for the specified identity and set it as
default key for the identity for a Data-Signing-Key and using the default
keySize 2048.
|
Name |
generateRSAKeyPairAsDefault(Name identityName,
boolean isKsk)
Generate a pair of RSA keys for the specified identity and set it as
default key for the identity, using the default keySize 2048.
|
Name |
generateRSAKeyPairAsDefault(Name identityName,
boolean isKsk,
int keySize)
Generate a pair of RSA keys for the specified identity and set it as
default key for the identity.
|
void |
getAllCertificateNamesOfKey(Name keyName,
ArrayList nameList,
boolean isDefault)
Append all the certificate names of a particular key name to the nameList.
|
void |
getAllIdentities(ArrayList nameList,
boolean isDefault)
Append all the identity names to the nameList.
|
void |
getAllKeyNamesOfIdentity(Name identityName,
ArrayList nameList,
boolean isDefault)
Append all the key names of a particular identity to the nameList.
|
IdentityCertificate |
getCertificate(Name certificateName)
Get a certificate with the specified name.
|
IdentityCertificate |
getDefaultCertificate()
Get the certificate of the default identity.
|
Name |
getDefaultCertificateName()
Get the default certificate name of the default identity, which will be
used when signing is based on identity and the identity is not specified.
|
Name |
getDefaultCertificateNameForIdentity(Name identityName)
Get the default certificate name for the specified identity, which will be
used when signing is performed based on identity.
|
Name |
getDefaultIdentity()
Get the default identity.
|
Name |
getDefaultKeyNameForIdentity()
Get the default key for an identity, inferred from the keyName.
|
Name |
getDefaultKeyNameForIdentity(Name identityName)
Get the default key for an identity.
|
PublicKey |
getPublicKey(Name keyName)
Get the public key with the specified name.
|
IdentityCertificate |
prepareUnsignedIdentityCertificate(Name keyName,
Name signingIdentity,
double notBefore,
double notAfter,
List subjectDescription)
Use the keyName to get the public key from the identity storage and
prepare an unsigned identity certificate.
|
IdentityCertificate |
prepareUnsignedIdentityCertificate(Name keyName,
Name signingIdentity,
double notBefore,
double notAfter,
List subjectDescription,
Name certPrefix)
Use the keyName to get the public key from the identity storage and
prepare an unsigned identity certificate.
|
IdentityCertificate |
prepareUnsignedIdentityCertificate(Name keyName,
PublicKey publicKey,
Name signingIdentity,
double notBefore,
double notAfter,
List subjectDescription)
Prepare an unsigned identity certificate.
|
IdentityCertificate |
prepareUnsignedIdentityCertificate(Name keyName,
PublicKey publicKey,
Name signingIdentity,
double notBefore,
double notAfter,
List subjectDescription,
Name certPrefix)
Prepare an unsigned identity certificate.
|
IdentityCertificate |
selfSign(Name keyName)
Generate a self-signed certificate for a public key.
|
void |
setDefaultCertificateForKey(IdentityCertificate certificate)
Set the certificate as the default for its corresponding key.
|
void |
setDefaultIdentity(Name identityName)
Set the default identity.
|
void |
setDefaultKeyForIdentity(Name keyName)
Set a key as the default key of an identity.
|
void |
setDefaultKeyForIdentity(Name keyName,
Name identityNameCheck)
Set a key as the default key of an identity.
|
Signature |
signByCertificate(ByteBuffer buffer,
Name certificateName)
Sign the byte array data based on the certificate name.
|
void |
signByCertificate(Data data,
Name certificateName)
Sign data packet based on the certificate name.
|
void |
signByCertificate(Data data,
Name certificateName,
WireFormat wireFormat)
Sign data packet based on the certificate name.
|
void |
signInterestByCertificate(Interest interest,
Name certificateName,
WireFormat wireFormat)
Append a SignatureInfo to the Interest name, sign the name components and
append a final name component with the signature bits.
|
void |
signInterestWithSha256(Interest interest,
WireFormat wireFormat)
Append a SignatureInfo for DigestSha256 to the Interest name, digest the
name components and append a final name component with the signature bits
(which is the digest).
|
void |
signWithSha256(Data data,
WireFormat wireFormat)
Wire encode the Data object, digest it and set its SignatureInfo to
a DigestSha256.
|
public IdentityManager(IdentityStorage identityStorage, PrivateKeyStorage privateKeyStorage)
identityStorage
- An object of a subclass of IdentityStorage.privateKeyStorage
- An object of a subclass of PrivateKeyStorage.public IdentityManager(IdentityStorage identityStorage) throws SecurityException
identityStorage
- An object of a subclass of IdentityStorage.SecurityException
public IdentityManager() throws SecurityException
SecurityException
public final Name createIdentityAndCertificate(Name identityName, KeyParams params) throws SecurityException
identityName
- The name of the identity.params
- The key parameters if a key needs to be generated for the identity.SecurityException
- if the identity has already been created.public final Name createIdentity(Name identityName, KeyParams params) throws SecurityException
identityName
- The name of the identity.params
- The key parameters if a key needs to be generated for the identity.SecurityException
- if the identity has already been created.public final void deleteIdentity(Name identityName) throws SecurityException
identityName
- The name of the identity.SecurityException
public final void setDefaultIdentity(Name identityName) throws SecurityException
identityName
- The default identity name.SecurityException
public final Name getDefaultIdentity() throws SecurityException
SecurityException
- if the default identity is not set.public final IdentityCertificate getDefaultCertificate() throws SecurityException
SecurityException
public final Name generateRSAKeyPair(Name identityName, boolean isKsk, int keySize) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).keySize
- The size of the key.SecurityException
public final Name generateRSAKeyPair(Name identityName, boolean isKsk) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).SecurityException
public final Name generateRSAKeyPair(Name identityName) throws SecurityException
identityName
- The name of the identity.SecurityException
public final Name generateEcdsaKeyPair(Name identityName, boolean isKsk, int keySize) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).keySize
- The size of the key.SecurityException
public final Name generateEcdsaKeyPair(Name identityName, boolean isKsk) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).SecurityException
public final Name generateEcdsaKeyPair(Name identityName) throws SecurityException
identityName
- The name of the identity.SecurityException
public final void setDefaultKeyForIdentity(Name keyName, Name identityNameCheck) throws SecurityException
keyName
- The name of the key.identityNameCheck
- The identity name to check that the keyName
contains the same identity name. If an empty name, it is ignored.SecurityException
public final void setDefaultKeyForIdentity(Name keyName) throws SecurityException
keyName
- The name of the key.SecurityException
public final Name getDefaultKeyNameForIdentity(Name identityName) throws SecurityException
identityName
- the name of the identity. If empty, the identity name
is inferred from the keyName.SecurityException
- if the default key name for the identity is not set.public final Name getDefaultKeyNameForIdentity() throws SecurityException
SecurityException
- if the default key name for the identity is not set.public final Name generateRSAKeyPairAsDefault(Name identityName, boolean isKsk, int keySize) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).keySize
- The size of the key.SecurityException
public final Name generateRSAKeyPairAsDefault(Name identityName, boolean isKsk) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).SecurityException
public final Name generateRSAKeyPairAsDefault(Name identityName) throws SecurityException
identityName
- The name of the identity.SecurityException
public final Name generateEcdsaKeyPairAsDefault(Name identityName, boolean isKsk, int keySize) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).keySize
- The size of the key.SecurityException
public final Name generateEcdsaKeyPairAsDefault(Name identityName, boolean isKsk) throws SecurityException
identityName
- The name of the identity.isKsk
- true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).SecurityException
public final Name generateEcdsaKeyPairAsDefault(Name identityName) throws SecurityException
identityName
- The name of the identity.SecurityException
public final PublicKey getPublicKey(Name keyName) throws SecurityException
keyName
- The name of the key.SecurityException
- if the keyName is not found.public final Name createIdentityCertificate(Name certificatePrefix, Name signerCertificateName, double notBefore, double notAfter) throws SecurityException
certificatePrefix
- The name of public key to be signed.signerCertificateName
- The name of signing certificate.notBefore
- The notBefore value in the validity field of the
generated certificate as milliseconds since 1970.notAfter
- The notAfter value in validity field of the generated
certificate as milliseconds since 1970.SecurityException
public final IdentityCertificate prepareUnsignedIdentityCertificate(Name keyName, Name signingIdentity, double notBefore, double notAfter, List subjectDescription, Name certPrefix) throws SecurityException
keyName
- The key name, e.g., `/{identity_name}/ksk-123456`.signingIdentity
- The signing identity.notBefore
- See IdentityCertificate.notAfter
- See IdentityCertificate.subjectDescription
- A list of CertificateSubjectDescription. See
IdentityCertificate. If null or empty, this adds a an ATTRIBUTE_NAME based
on the keyName.certPrefix
- The prefix before the `KEY` component. If null, this
infers the certificate name according to the relation between the
signingIdentity and the subject identity. If the signingIdentity is a
prefix of the subject identity, `KEY` will be inserted after the
signingIdentity, otherwise `KEY` is inserted after subject identity (i.e.,
before `ksk-...`).SecurityException
public final IdentityCertificate prepareUnsignedIdentityCertificate(Name keyName, Name signingIdentity, double notBefore, double notAfter, List subjectDescription) throws SecurityException
keyName
- The key name, e.g., `/{identity_name}/ksk-123456`.signingIdentity
- The signing identity.notBefore
- See IdentityCertificate.notAfter
- See IdentityCertificate.subjectDescription
- A list of CertificateSubjectDescription. See
IdentityCertificate. If null or empty, this adds a an ATTRIBUTE_NAME based
on the keyName.SecurityException
public final IdentityCertificate prepareUnsignedIdentityCertificate(Name keyName, PublicKey publicKey, Name signingIdentity, double notBefore, double notAfter, List subjectDescription, Name certPrefix) throws SecurityException
keyName
- The key name, e.g., `/{identity_name}/ksk-123456`.publicKey
- The public key to sign.signingIdentity
- The signing identity.notBefore
- See IdentityCertificate.notAfter
- See IdentityCertificate.subjectDescription
- A list of CertificateSubjectDescription. See
IdentityCertificate. If null or empty, this adds a an ATTRIBUTE_NAME based
on the keyName.certPrefix
- The prefix before the `KEY` component. If null, this
infers the certificate name according to the relation between the
signingIdentity and the subject identity. If the signingIdentity is a
prefix of the subject identity, `KEY` will be inserted after the
signingIdentity, otherwise `KEY` is inserted after subject identity (i.e.,
before `ksk-...`).SecurityException
public final IdentityCertificate prepareUnsignedIdentityCertificate(Name keyName, PublicKey publicKey, Name signingIdentity, double notBefore, double notAfter, List subjectDescription) throws SecurityException
keyName
- The key name, e.g., `/{identity_name}/ksk-123456`.publicKey
- The public key to sign.signingIdentity
- The signing identity.notBefore
- See IdentityCertificate.notAfter
- See IdentityCertificate.subjectDescription
- A list of CertificateSubjectDescription. See
IdentityCertificate. If null or empty, this adds a an ATTRIBUTE_NAME based
on the keyName.SecurityException
public final IdentityCertificate createIdentityCertificate(Name certificatePrefix, PublicKey publicKey, Name signerCertificateName, double notBefore, double notAfter) throws SecurityException
certificatePrefix
- The name of public key to be signed.publicKey
- The public key to be signed.signerCertificateName
- The name of signing certificate.notBefore
- The notBefore value in the validity field of the generated certificate.notAfter
- The notAfter vallue in validity field of the generated certificate.SecurityException
public final void addCertificate(IdentityCertificate certificate) throws SecurityException
certificate
- The certificate to to added. This makes a copy of the
certificate.SecurityException
public final void setDefaultCertificateForKey(IdentityCertificate certificate) throws SecurityException
certificate
- The certificate.SecurityException
public final void addCertificateAsIdentityDefault(IdentityCertificate certificate) throws SecurityException
certificate
- The certificate to be added. This makes a copy of the
certificate.SecurityException
public final void addCertificateAsDefault(IdentityCertificate certificate) throws SecurityException
certificate
- The certificate to be added. This makes a copy of the
certificate.SecurityException
public final IdentityCertificate getCertificate(Name certificateName) throws SecurityException, DerDecodingException
certificateName
- The name of the requested certificate.SecurityException
DerDecodingException
public final Name getDefaultCertificateNameForIdentity(Name identityName) throws SecurityException
identityName
- The name of the specified identity.SecurityException
- if the default key name for the identity is not
set or the default certificate name for the key name is not set.public final Name getDefaultCertificateName() throws SecurityException
SecurityException
- if the default identity is not set or the default
key name for the identity is not set or the default certificate name for
the key name is not set.public void getAllIdentities(ArrayList nameList, boolean isDefault) throws SecurityException
nameList
- Append result names to nameList.isDefault
- If true, add only the default identity name. If false, add
only the non-default identity names.SecurityException
public final void getAllKeyNamesOfIdentity(Name identityName, ArrayList nameList, boolean isDefault) throws SecurityException
identityName
- The identity name to search for.nameList
- Append result names to nameList.isDefault
- If true, add only the default key name. If false, add only
the non-default key names.SecurityException
public void getAllCertificateNamesOfKey(Name keyName, ArrayList nameList, boolean isDefault) throws SecurityException
keyName
- The key name to search for.nameList
- Append result names to nameList.isDefault
- If true, add only the default certificate name. If false,
add only the non-default certificate names.SecurityException
public final Signature signByCertificate(ByteBuffer buffer, Name certificateName) throws SecurityException
buffer
- The byte buffer to be signed.certificateName
- The signing certificate name.SecurityException
public final void signByCertificate(Data data, Name certificateName) throws SecurityException
data
- The Data object to sign and update its signature.certificateName
- The Name identifying the certificate which
identifies the signing key.SecurityException
public final void signByCertificate(Data data, Name certificateName, WireFormat wireFormat) throws SecurityException
data
- The Data object to sign and update its signature.certificateName
- The Name identifying the certificate which
identifies the signing key.wireFormat
- The WireFormat for calling encodeData.SecurityException
public final void signInterestByCertificate(Interest interest, Name certificateName, WireFormat wireFormat) throws SecurityException
interest
- The Interest object to be signed. This appends name
components of SignatureInfo and the signature bits.certificateName
- The certificate name of the key to use for signing.wireFormat
- A WireFormat object used to encode the input.SecurityException
public final void signWithSha256(Data data, WireFormat wireFormat)
data
- The Data object to be signed. This updates its signature and
wireEncoding.wireFormat
- The WireFormat for calling encodeData.public final void signInterestWithSha256(Interest interest, WireFormat wireFormat)
interest
- The Interest object to be signed. This appends name
components of SignatureInfo and the signature bits.wireFormat
- A WireFormat object used to encode the input.public IdentityCertificate selfSign(Name keyName) throws SecurityException
keyName
- The name of the public key.SecurityException
Copyright © 2016. All rights reserved.