new IdentityManager(identityStorage, privateKeyStorage)
An IdentityManager is the interface of operations related to identity, keys,
and certificates.
Create a new IdentityManager to use the IdentityStorage and
PrivateKeyStorage.
Parameters:
| Name | Type | Description |
|---|---|---|
identityStorage |
IdentityStorage | An object of a subclass of IdentityStorage. In Node.js, if this is omitted then use BasicIdentityStorage. |
privateKeyStorage |
PrivateKeyStorage | An object of a subclass of PrivateKeyStorage. In Node.js, if this is omitted then use the default PrivateKeyStorage for your system, which is FilePrivateKeyStorage for any system other than OS X. (OS X key chain storage is not yet implemented, so you must supply a different PrivateKeyStorage.) |
Throws:
SecurityException if this is not in Node.js and identityStorage or
privateKeyStorage is omitted.
Methods
(static) certificateNameToPublicKeyName(certificateName) → {Name}
Get the public key name from the full certificate name.
Parameters:
| Name | Type | Description |
|---|---|---|
certificateName |
Name | The full certificate name. |
Returns:
The related public key name.
TODO: Move this to IdentityCertificate
- Type
- Name
(static) getDefaultIdentityStorage_(config, initialCheckPromise) → {IdentityStorage}
Get the IdentityStorage from the pib value in the configuration file if
supplied. Otherwise, get the default for this platform.
Parameters:
| Name | Type | Description |
|---|---|---|
config |
ConfigFile | The configuration file to check. |
initialCheckPromise |
function | This is passed to the BasicIdentityStorage constructor. See it for details. |
Returns:
A new IdentityStorage.
- Type
- IdentityStorage
(static) getDefaultPrivateKeyStorage_(config, canonicalTpmLocator)
Get the PrivateKeyStorage from the tpm value in the configuration file if
supplied. Otherwise, get the default for this platform.
Parameters:
| Name | Type | Description |
|---|---|---|
config |
ConfigFile | The configuration file to check. |
canonicalTpmLocator |
Array.<string> | Set canonicalTpmLocator[0] to the canonical value including the colon, * e.g. "tpm-file:". |
Returns:
A new PrivateKeyStorage.
(static) prepareUnsignedIdentityCertificateHelper_()
A helper for prepareUnsignedIdentityCertificatePromise where the publicKey
is known.
addCertificate(certificate, onComplete, onError)
Add a certificate into the public key identity storage.
Parameters:
| Name | Type | Description |
|---|---|---|
certificate |
IdentityCertificate | The certificate to to added. This makes a copy of the certificate. |
onComplete |
function | (optional) This calls onComplete() when complete. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
addCertificateAsDefault(certificate, onComplete, onError)
Add a certificate into the public key identity storage and set the
certificate as the default of its corresponding key.
Parameters:
| Name | Type | Description |
|---|---|---|
certificate |
IdentityCertificate | The certificate to be added. This makes a copy of the certificate. |
onComplete |
function | (optional) This calls onComplete() when complete. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
addCertificateAsIdentityDefaultPromise(certificate, useSync) → {Promise|SyncPromise}
Add a certificate into the public key identity storage and set the
certificate as the default for its corresponding identity.
Parameters:
| Name | Type | Description |
|---|---|---|
certificate |
IdentityCertificate | The certificate to be added. This makes a copy of the certificate. |
useSync |
boolean | (optional) If true then return a SyncPromise which is already fulfilled. If false, this may return a SyncPromise or an async Promise. |
Returns:
A promise which fulfills when the certificate
is added.
- Type
- Promise | SyncPromise
checkTpmPromise_(canonicalTpmLocator) → {Promise}
Check that identityStorage.getTpmLocatorPromise() (if defined) matches the
canonicalTpmLocator. This has to be an async Promise because it calls async
getTpmLocatorPromise.
Parameters:
| Name | Type | Description |
|---|---|---|
canonicalTpmLocator |
The canonical locator from getDefaultPrivateKeyStorage(). |
Returns:
A promise which resolves if canonicalTpmLocator is OK, or a
promise rejected with SecurityException if the private key storage does not
match.
- Type
- Promise
createIdentity(identityName) → {Name}
Create an identity by creating a pair of Key-Signing-Key (KSK) for this
identity and a self-signed certificate of the KSK. If a key pair or
certificate for the identity already exists, use it.
Parameters:
| Name | Type | Description |
|---|---|---|
identityName |
Name | The name of the identity. |
- Deprecated:
- Use createIdentityAndCertificate which returns the certificate name instead of the key name. You can use IdentityCertificate.certificateNameToPublicKeyName to convert the certificate name to the key name.
- Source:
Returns:
The key name of the auto-generated KSK of the identity.
- Type
- Name
createIdentityAndCertificate(identityName, onComplete, onError) → {Name}
Create an identity by creating a pair of Key-Signing-Key (KSK) for this
identity and a self-signed certificate of the KSK. If a key pair or
certificate for the identity already exists, use it.
Parameters:
| Name | Type | Description |
|---|---|---|
identityName |
Name | The name of the identity. |
onComplete |
function | (optional) This calls onComplete(certificateName) with the name of the default certificate of the identity. If omitted, the return value is described below. (Some crypto libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some crypto libraries only use a callback, so onError is required to be notified of an exception.) |
Returns:
If onComplete is omitted, return the name of the default
certificate of the identity. Otherwise, if onComplete is supplied then return
undefined and use onComplete as described above.
- Type
- Name
createIdentityAndCertificatePromise(identityName, useSync) → {Promise|SyncPromise}
Create an identity by creating a pair of Key-Signing-Key (KSK) for this
identity and a self-signed certificate of the KSK. If a key pair or
certificate for the identity already exists, use it.
Parameters:
| Name | Type | Description |
|---|---|---|
identityName |
Name | The name of the identity. |
useSync |
boolean | (optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise. |
Returns:
A promise which returns the name of the default
certificate of the identity.
- Type
- Promise | SyncPromise
deleteIdentity(identityName, onComplete, onError)
Delete the identity from the public and private key storage. If the
identity to be deleted is the current default system default, this will not
delete the identity and will return immediately.
Parameters:
| Name | Type | Description |
|---|---|---|
identityName |
Name | The name of the identity. |
onComplete |
function | (optional) This calls onComplete() when the operation is complete. If omitted, do not use it. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
generateKeyPairPromise(identityName, isKsk, params, useSync) → {Promise|SyncPromise}
A private method to generate a pair of keys for the specified identity.
Parameters:
| Name | Type | Description |
|---|---|---|
identityName |
Name | The name of the identity. |
isKsk |
boolean | true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). |
params |
KeyParams | The parameters of the key. |
useSync |
boolean | (optional) If true then return a SyncPromise which is already fulfilled. If false, this may return a SyncPromise or an async Promise. |
Returns:
A promise which returns the generated key name.
- Type
- Promise | SyncPromise
generateRSAKeyPair(identityName, isKsk, keySize) → {Name}
Generate a pair of RSA keys for the specified identity.
Parameters:
| Name | Type | Description |
|---|---|---|
identityName |
Name | The name of the identity. |
isKsk |
boolean | True for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). |
keySize |
number | The size of the key. |
Returns:
The generated key name.
- Type
- Name
generateRSAKeyPairAsDefault(identityName, isKsk, keySize) → {Name}
Generate a pair of RSA keys for the specified identity and set it as default
key for the identity.
Parameters:
| Name | Type | Description |
|---|---|---|
identityName |
Name | The name of the identity. |
isKsk |
boolean | True for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). |
keySize |
number | The size of the key. |
Returns:
The generated key name.
- Type
- Name
generateRSAKeyPairAsDefaultPromise(identityName, isKsk, keySize, useSync) → {Promise|SyncPromise}
Generate a pair of RSA keys for the specified identity and set it as default
key for the identity.
Parameters:
| Name | Type | Description |
|---|---|---|
identityName |
Name | The name of the identity. |
isKsk |
boolean | True for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). |
keySize |
number | The size of the key. |
useSync |
boolean | (optional) If true then return a SyncPromise which is already fulfilled. If false, this may return a SyncPromise or an async Promise. |
Returns:
A promise which returns the generated key name.
- Type
- Promise | SyncPromise
getAllCertificateNamesOfKey(keyName, nameList, isDefault, onComplete, onError) → {void}
Append all the certificate names of a particular key name to the nameList.
Parameters:
| Name | Type | Description |
|---|---|---|
keyName |
Name | The key name to search for. |
nameList |
Array.<Name> | Append result names to nameList. |
isDefault |
boolean | If true, add only the default certificate name. If false, add only the non-default certificate names. |
onComplete |
function | (optional) This calls onComplete() when finished adding to nameList. If omitted, this returns when complete. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
Returns:
If onComplete is omitted, return when complete. Otherwise, if
onComplete is supplied then return undefined and use onComplete as described
above.
- Type
- void
getAllIdentities(nameList, isDefault, onComplete, onError) → {void}
Append all the identity names to the nameList.
Parameters:
| Name | Type | Description |
|---|---|---|
nameList |
Array.<Name> | Append result names to nameList. |
isDefault |
boolean | If true, add only the default identity name. If false, add only the non-default identity names. |
onComplete |
function | (optional) This calls onComplete() when finished adding to nameList. If omitted, this returns when complete. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
Returns:
If onComplete is omitted, return when complete. Otherwise, if
onComplete is supplied then return undefined and use onComplete as described
above.
- Type
- void
getAllKeyNamesOfIdentity(identityName, nameList, isDefault, onComplete, onError) → {void}
Append all the key names of a particular identity to the nameList.
Parameters:
| Name | Type | Description |
|---|---|---|
identityName |
Name | The identity name to search for. |
nameList |
Array.<Name> | Append result names to nameList. |
isDefault |
boolean | If true, add only the default key name. If false, add only the non-default key names. |
onComplete |
function | (optional) This calls onComplete() when finished adding to nameList. If omitted, this returns when complete. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
Returns:
If onComplete is omitted, return when complete. Otherwise, if
onComplete is supplied then return undefined and use onComplete as described
above.
- Type
- void
getCertificate(certificateName, onComplete, onError) → {IdentityCertificate}
Get a certificate which is still valid with the specified name.
Parameters:
| Name | Type | Description |
|---|---|---|
certificateName |
Name | The name of the requested certificate. |
onComplete |
function | (optional) This calls onComplete(certificate) with the requested IdentityCertificate. If omitted, the return value is described below. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
Returns:
If onComplete is omitted, return the requested
certificate. Otherwise, if onComplete is supplied then return undefined and
use onComplete as described above.
- Type
- IdentityCertificate
getDefaultCertificateName(onComplete, onError) → {Name}
Get the default certificate name of the default identity, which will be used
when signing is based on identity and the identity is not specified.
Parameters:
| Name | Type | Description |
|---|---|---|
onComplete |
function | (optional) This calls onComplete(certificateName) with name of the default certificate. If omitted, the return value is described below. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
Throws:
SecurityException if the default identity is not set or the default
key name for the identity is not set or the default certificate name for
the key name is not set. However, if onComplete and onError are defined, then
if there is an exception return undefined and call onError(exception).
Returns:
If onComplete is omitted, return the default certificate name.
Otherwise, if onComplete is supplied then return undefined and use
onComplete as described above.
- Type
- Name
getDefaultCertificateNameForIdentity(identityName, onComplete, onError) → {Name}
Get the default certificate name for the specified identity, which will be
used when signing is performed based on identity.
Parameters:
| Name | Type | Description |
|---|---|---|
identityName |
Name | The name of the specified identity. |
onComplete |
function | (optional) This calls onComplete(certificateName) with name of the default certificate. If omitted, the return value is described below. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
Throws:
SecurityException if the default key name for the identity is not
set or the default certificate name for the key name is not set. However, if
onComplete and onError are defined, then if there is an exception return
undefined and call onError(exception).
Returns:
If onComplete is omitted, return the default certificate name.
Otherwise, if onComplete is supplied then return undefined and use
onComplete as described above.
- Type
- Name
getDefaultCertificateNameForIdentityPromise(identityName, useSync) → {Promise|SyncPromise}
Get the default certificate name for the specified identity.
Parameters:
| Name | Type | Description |
|---|---|---|
identityName |
Name | The identity name. |
useSync |
boolean | (optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise. |
Returns:
A promise which returns the default certificate
Name, or a promise rejected with SecurityException if the default key name
for the identity is not set or the default certificate name for the key name
is not set.
- Type
- Promise | SyncPromise
getDefaultCertificatePromise(useSync) → {Promise|SyncPromise}
Get the certificate of the default identity.
Parameters:
| Name | Type | Description |
|---|---|---|
useSync |
boolean | (optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise. |
Returns:
A promise which returns the requested
IdentityCertificate or null if not found.
- Type
- Promise | SyncPromise
getDefaultIdentity(onComplete, onError) → {Name}
Get the default identity.
Parameters:
| Name | Type | Description |
|---|---|---|
onComplete |
function | (optional) This calls onComplete(identityName) with name of the default identity. If omitted, the return value is described below. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
Throws:
SecurityException if the default identity is not set. However, if
onComplete and onError are defined, then if there is an exception return
undefined and call onError(exception).
Returns:
If onComplete is omitted, return the name of the default
identity. Otherwise, if onComplete is supplied then return undefined and use
onComplete as described above.
- Type
- Name
getDefaultIdentityPromise(useSync) → {Promise|SyncPromise}
Get the default identity.
Parameters:
| Name | Type | Description |
|---|---|---|
useSync |
boolean | (optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise. |
Returns:
A promise which returns the Name of default
identity, or a promise rejected with SecurityException if the default
identity is not set.
- Type
- Promise | SyncPromise
getDefaultKeyNameForIdentity(identityName, onComplete, onError) → {Name}
Get the default key for an identity.
Parameters:
| Name | Type | Description |
|---|---|---|
identityName |
Name | The name of the identity. |
onComplete |
function | (optional) This calls onComplete(keyName) with name of the default key. If omitted, the return value is described below. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
Throws:
SecurityException if the default key name for the identity is not set.
However, if onComplete and onError are defined, then if there is an exception
return undefined and call onError(exception).
Returns:
If onComplete is omitted, return the default key name.
Otherwise, if onComplete is supplied then return undefined and use onComplete
as described above.
- Type
- Name
getPublicKey(keyName, onComplete, onError) → {PublicKey}
Get the public key with the specified name.
Parameters:
| Name | Type | Description |
|---|---|---|
keyName |
Name | The name of the key. |
onComplete |
function | (optional) This calls onComplete(publicKey) with PublicKey. If omitted, the return value is described below. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
Returns:
If onComplete is omitted, return the public key.
Otherwise, if onComplete is supplied then return undefined and use onComplete
as described above.
- Type
- PublicKey
makeSignatureByCertificatePromise(certificateName, digestAlgorithm, useSync) → {Promise|SyncPromise}
Return a new Signature object based on the signature algorithm of the public
key with keyName (derived from certificateName).
Parameters:
| Name | Type | Description |
|---|---|---|
certificateName |
Name | The certificate name. |
digestAlgorithm |
Array | Set digestAlgorithm[0] to the signature algorithm's digest algorithm, e.g. DigestAlgorithm.SHA256. |
useSync |
boolean | (optional) If true then return a SyncPromise which is already fulfilled. If false, this may return a SyncPromise or an async Promise. |
Returns:
A promise which returns a new object of the
correct subclass of Signature.
- Type
- Promise | SyncPromise
prepareUnsignedIdentityCertificate(keyName, publicKey, signingIdentity, notBefore, notAfter, subjectDescription, certPrefix, onComplete, onError) → {IdentityCertificate}
Prepare an unsigned identity certificate.
Parameters:
| Name | Type | Description |
|---|---|---|
keyName |
Name | The key name, e.g., `/{identity_name}/ksk-123456`. |
publicKey |
PublicKey | (optional) The public key to sign. If ommited, use the keyName to get the public key from the identity storage. |
signingIdentity |
Name | The signing identity. |
notBefore |
number | See IdentityCertificate. |
notAfter |
number | See IdentityCertificate. |
subjectDescription |
Array.<CertificateSubjectDescription> | A list of CertificateSubjectDescription. See IdentityCertificate. If null or empty, this adds a an ATTRIBUTE_NAME based on the keyName. |
certPrefix |
Name | (optional) The prefix before the `KEY` component. If null or omitted, this infers the certificate name according to the relation between the signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-...`). |
onComplete |
function | (optional) This calls onComplete(certificate) with the unsigned IdentityCertificate, or null if the inputs are invalid. If omitted, the return value is described below. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
Returns:
If onComplete is omitted, return the the
unsigned IdentityCertificate, or null if the inputs are invalid. Otherwise,
if onComplete is supplied then return undefined and use onComplete as
described above.
- Type
- IdentityCertificate
prepareUnsignedIdentityCertificatePromise(keyName, publicKey, signingIdentity, notBefore, notAfter, subjectDescription, certPrefix, useSync) → {Promise|SyncPromise}
Prepare an unsigned identity certificate.
Parameters:
| Name | Type | Description |
|---|---|---|
keyName |
Name | The key name, e.g., `/{identity_name}/ksk-123456`. |
publicKey |
PublicKey | (optional) The public key to sign. If ommited, use the keyName to get the public key from the identity storage. |
signingIdentity |
Name | The signing identity. |
notBefore |
number | See IdentityCertificate. |
notAfter |
number | See IdentityCertificate. |
subjectDescription |
Array.<CertificateSubjectDescription> | A list of CertificateSubjectDescription. See IdentityCertificate. If null or empty, this adds a an ATTRIBUTE_NAME based on the keyName. |
certPrefix |
Name | (optional) The prefix before the `KEY` component. If null or omitted, this infers the certificate name according to the relation between the signingIdentity and the subject identity. If the signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-...`). |
useSync |
boolean | (optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise. |
Returns:
A promise that returns the unsigned
IdentityCertificate, or that returns null if the inputs are invalid.
- Type
- Promise | SyncPromise
selfSign(keyName, onComplete, onError) → {IdentityCertificate}
Generate a self-signed certificate for a public key.
Parameters:
| Name | Type | Description |
|---|---|---|
keyName |
Name | The name of the public key. |
onComplete |
function | (optional) This calls onComplete(certificate) with the the generated IdentityCertificate. If omitted, the return value is described below. (Some crypto libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some crypto libraries only use a callback, so onError is required to be notified of an exception.) |
Returns:
If onComplete is omitted, return the
generated certificate. Otherwise, if onComplete is supplied then return
undefined and use onComplete as described above.
- Type
- IdentityCertificate
selfSignPromise(keyName, useSync) → {Promise|SyncPromise}
Generate a self-signed certificate for a public key.
Parameters:
| Name | Type | Description |
|---|---|---|
keyName |
Name | The name of the public key. |
useSync |
boolean | (optional) If true then return a SyncPromise which is already fulfilled. If false, this may return a SyncPromise or an async Promise. |
Returns:
A promise which returns the generated
IdentityCertificate.
- Type
- Promise | SyncPromise
setDefaultCertificateForKey(certificate, onComplete, onError)
Set the certificate as the default for its corresponding key.
Parameters:
| Name | Type | Description |
|---|---|---|
certificate |
IdentityCertificate | The certificate. |
onComplete |
function | (optional) This calls onComplete() when complete. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
setDefaultCertificateForKeyPromise(certificate, useSync) → {Promise|SyncPromise}
Set the certificate as the default for its corresponding key.
Parameters:
| Name | Type | Description |
|---|---|---|
certificate |
IdentityCertificate | The certificate. |
useSync |
boolean | (optional) If true then return a SyncPromise which is already fulfilled. If false, this may return a SyncPromise or an async Promise. |
Returns:
A promise which fulfills when the default
certificate is set.
- Type
- Promise | SyncPromise
setDefaultIdentity(identityName, onComplete, onError)
Set the default identity. If the identityName does not exist, then clear the
default identity so that getDefaultIdentity() throws an exception.
Parameters:
| Name | Type | Description |
|---|---|---|
identityName |
Name | The default identity name. |
onComplete |
function | (optional) This calls onComplete() when complete. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
setDefaultIdentityPromise(identityName, useSync) → {Promise|SyncPromise}
Set the default identity. If the identityName does not exist, then clear the
default identity so that getDefaultIdentity() throws an exception.
Parameters:
| Name | Type | Description |
|---|---|---|
identityName |
Name | The default identity name. |
useSync |
boolean | (optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise. |
Returns:
A promise which fulfills when the default
identity is set.
- Type
- Promise | SyncPromise
setDefaultKeyForIdentity(keyName, identityNameCheck, onComplete, onError)
Set a key as the default key of an identity. The identity name is inferred
from keyName.
Parameters:
| Name | Type | Description |
|---|---|---|
keyName |
Name | The name of the key. |
identityNameCheck |
Name | (optional) The identity name to check that the keyName contains the same identity name. If an empty name, it is ignored. |
onComplete |
function | (optional) This calls onComplete() when complete. (Some database libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some database libraries only use a callback, so onError is required to be notified of an exception.) |
signByCertificate(target, certificateName, (optional), onComplete, onError) → {Signature}
Sign the Data packet or byte array data based on the certificate name.
Parameters:
| Name | Type | Description |
|---|---|---|
target |
Data | Buffer | If this is a Data object, wire encode for signing, update its signature and key locator field and wireEncoding. If it is a Buffer, sign it to produce a Signature object. |
certificateName |
Name | The Name identifying the certificate which identifies the signing key. |
(optional) |
WireFormat | The WireFormat for calling encodeData, or WireFormat.getDefaultWireFormat() if omitted. |
onComplete |
function | (optional) If target is a Data object, this calls onComplete(data) with the supplied Data object which has been modified to set its signature. If target is a Buffer, this calls onComplete(signature) where signature is the produced Signature object. If omitted, the return value is described below. (Some crypto libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some crypto libraries only use a callback, so onError is required to be notified of an exception.) |
Returns:
If onComplete is omitted, return the generated Signature
object (if target is a Buffer) or the target (if target is Data). Otherwise,
if onComplete is supplied then return undefined and use onComplete as described
above.
- Type
- Signature
signByCertificatePromise(target, certificateName, (optional), useSync) → {Promise|SyncPromise}
Sign the Data packet or byte array data based on the certificate name.
Parameters:
| Name | Type | Description |
|---|---|---|
target |
Data | Buffer | If this is a Data object, wire encode for signing, update its signature and key locator field and wireEncoding. If it is a Buffer, sign it to produce a Signature object. |
certificateName |
Name | The Name identifying the certificate which identifies the signing key. |
(optional) |
WireFormat | The WireFormat for calling encodeData, or WireFormat.getDefaultWireFormat() if omitted. |
useSync |
boolean | (optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise. |
Returns:
A promise that returns the generated Signature
object (if target is a Buffer) or the target (if target is Data).
- Type
- Promise | SyncPromise
signInterestByCertificate(interest, certificateName, wireFormat, onComplete, onError) → {Signature}
Append a SignatureInfo to the Interest name, sign the name components and
append a final name component with the signature bits.
Parameters:
| Name | Type | Description |
|---|---|---|
interest |
Interest | The Interest object to be signed. This appends name components of SignatureInfo and the signature bits. |
certificateName |
Name | The certificate name of the key to use for signing. |
wireFormat |
WireFormat | (optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat(). |
onComplete |
function | (optional) This calls onComplete(interest) with the supplied Interest object which has been modified to set its signature. If omitted, then return when the interest has been signed. (Some crypto libraries only use a callback, so onComplete is required to use these.) |
onError |
function | (optional) If defined, then onComplete must be defined and if there is an exception, then this calls onError(exception) with the exception. If onComplete is defined but onError is undefined, then this will log any thrown exception. (Some crypto libraries only use a callback, so onError is required to be notified of an exception.) |
Returns:
If onComplete is omitted, return the interest. Otherwise,
if onComplete is supplied then return undefined and use onComplete as
described above.
- Type
- Signature
signInterestByCertificatePromise(interest, certificateName, wireFormat, useSync) → {Promise|SyncPromise}
Append a SignatureInfo to the Interest name, sign the name components and
append a final name component with the signature bits.
Parameters:
| Name | Type | Description |
|---|---|---|
interest |
Interest | The Interest object to be signed. This appends name components of SignatureInfo and the signature bits. |
certificateName |
Name | The certificate name of the key to use for signing. |
wireFormat |
WireFormat | (optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat(). |
useSync |
boolean | (optional) If true then return a SyncPromise which is already fulfilled. If omitted or false, this may return a SyncPromise or an async Promise. |
Returns:
A promise that returns the supplied Interest.
- Type
- Promise | SyncPromise
signInterestWithSha256(interest, wireFormat)
Append a SignatureInfo for DigestSha256 to the Interest name, digest the
name components and append a final name component with the signature bits
(which is the digest).
Parameters:
| Name | Type | Description |
|---|---|---|
interest |
Interest | The Interest object to be signed. This appends name components of SignatureInfo and the signature bits. |
wireFormat |
WireFormat | (optional) A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat(). |
signWithSha256(data, (optional))
Wire encode the Data object, digest it and set its SignatureInfo to a
DigestSha256.
Parameters:
| Name | Type | Description |
|---|---|---|
data |
Data | The Data object to be signed. This updates its signature and wireEncoding. |
(optional) |
WireFormat | The WireFormat for calling encodeData, or WireFormat.getDefaultWireFormat() if omitted. |