pyndn.security.pib package¶

Subpackages¶

pyndn.security.pib.detail package

Submodules¶

pyndn.security.pib.pib module¶

This module defines the Pib class. In general, a PIB (Public Information Base) stores the public portion of a user’s cryptography keys. The format and location of stored information is indicated by the PIB locator. A PIB is designed to work with a TPM (Trusted Platform Module) which stores private keys. There is a one-to-one association between a PIB and a TPM, and therefore the TPM locator is recorded by the PIB to enforce this association and prevent one from operating on mismatched PIB and TPM.

Information in the PIB is organized in a hierarchy of Identity-Key-Certificate. At the top level, this Pib class provides access to identities, and allows setting a default identity. Properties of an identity (such as PibKey objects) can be accessed after obtaining a PibIdentity object. (Likewise, CertificateV2 objects can be obtained from a PibKey object.)

Note: A Pib instance is created and managed only by the KeyChain, and is returned by the KeyChain getPib() method.

class pyndn.security.pib.pib.Pib(scheme, location, pibImpl)[source]¶

Bases: object

Create a Pib instance. This constructor should only be called by KeyChain.

Parameters:	scheme (str) – The scheme for the PIB. location (str) – The location for the PIB. pibImpl (PibImpl) – The PIB backend implementation.

exception Error(message)[source]¶

Bases: exceptions.Exception

Create a Pib.Error which represents a semantic error in PIB processing.

Parameters:	message (str) – The error message.

getDefaultIdentity()[source]¶

Get the default identity.

Returns:	The PibIdentity object.
Return type:	PibIdentity
Raises:	Pib.Error – If there is no default identity.

getIdentity(identityName)[source]¶

Get the identity with name identityName.

Parameters:	identityName (Name) – The name of the identity.
Returns:	The PibIdentity object.
Return type:	PibIdentity
Raises:	Pib.Error – If the identity does not exist.

getPibLocator()[source]¶

Get the PIB locator.

Returns:	The PIB locator.
Type:	str

getScheme()[source]¶

Get the scheme of the PIB locator.

Returns:	The scheme string.
Return type:	str

getTpmLocator()[source]¶

Get the TPM Locator.

Returns:	The TPM Locator.
Return type:	str
Raises:	Pib.Error – If the TPM locator is empty.

setTpmLocator(tpmLocator)[source]¶

Set the corresponding TPM information to tpmLocator. If the tpmLocator is different from the existing one, the PIB will be reset. Otherwise, nothing will be changed.

Parameters:	tpmLocator (str) – The TPM locator.

pyndn.security.pib.pib_certificate_container module¶

This modules defines the PibCertificateContainer class which is used to search/enumerate the certificates of a key. (A PibCertificateContainer object can only be created by PibKey.)

class pyndn.security.pib.pib_certificate_container.PibCertificateContainer(keyName, pibImpl)[source]¶

Bases: object

Create a PibCertificateContainer for a key with keyName. This constructor should only be called by PibKeyImpl.

Parameters:	keyName (Name) – The name of the key, which is copied. pibImpl (PibImpl) – The PIB backend implementation.

add(certificate)[source]¶

Add certificate into the container. If the certificate already exists, this replaces it.

Parameters:	certificate (CertificateV2) – The certificate to add. This copies the object.
Raises:	ValueError – If the name of the certificate does not match the key name.

get(certificateName)[source]¶

Get the certificate with certificateName from the container.

Parameters:	certificateName (Name) – The name of the certificate.
Returns:	A copy of the certificate.
Return type:	CertificateV2
Raises:	ValueError – If certificateName does not match the key name Pib.Error – If the certificate does not exist.

isConsistent()[source]¶

Check if the container is consistent with the backend storage.

Returns:	True if the container is consistent, False otherwise.
Return type:	bool
Note:	This method is heavy-weight and should be used in a debugging mode only.

remove(certificateName)[source]¶

Remove the certificate with name certificateName from the container. If the certificate does not exist, do nothing.

Parameters:	certificateName (Name) – The name of the certificate.
Raises:	ValueError – If certificateName does not match the key name.

size()[source]¶

Get the number of certificates in the container.

Returns:	The number of certificates.
Return type:	int

pyndn.security.pib.pib_identity module¶

This module defines the PibIdentity class which is at the top level in PIB’s Identity-Key-Certificate hierarchy. An identity has a Name, and contains zero or more keys, at most one of which is set as the default key of this identity. Properties of a key can be accessed after obtaining a PibKey object.

class pyndn.security.pib.pib_identity.PibIdentity(impl)[source]¶

Bases: object

Create a PibIdentity which uses the impl backend implementation. This constructor should only be called by PibIdentityContainer.

Parameters:	impl (PibIdentityImpl) – The PibIdentityImpl.

getDefaultKey()[source]¶

Get the default key of this Identity.

Returns:	The default PibKey.
Return type:	PibKey
Raises:	ValueError – If the backend implementation instance is invalid. Pib.Error – If the default key has not been set.

getKey(keyName)[source]¶

Get the key with name keyName.

Parameters:	keyName (Name) – The name of the key.
Returns:	The PibKey object.
Return type:	PibKey
Raises:	ValueError – If keyName does not match the identity name, or if the backend implementation instance is invalid. Pib.Error – if the key does not exist.

getName()[source]¶

Get the name of the identity.

Returns:	The name of the identity. You must not change the Name object. If you need to change it then make a copy.
Return type:	Name
Raises:	ValueError – If the backend implementation instance is invalid.

pyndn.security.pib.pib_identity_container module¶

This module defines the PibIdentityContainer class which is used to search/enumerate the identities in a PIB. (A PibIdentityContainer object can only be created by the Pib class.)

class pyndn.security.pib.pib_identity_container.PibIdentityContainer(pibImpl)[source]¶

Bases: object

Create a PibIdentityContainer using to use the pibImpl backend implementation. This constructor should only be called by the Pib class.

Parameters:	pibImpl (PibImpl) – The PIB backend implementation.

add(identityName)[source]¶

Add an identity with name identityName into the container. Create the identity if it does not exist.

Parameters:	identityName (Name) – The name of the identity, which is copied.
Returns:	The PibIdentity object.
Return type:	PibIdentity

get(identityName)[source]¶

Get the identity with name identityName from the container.

Parameters:	identityName (Name) – The name of the identity.
Returns:	The PibIdentity object.
Return type:	PibIdentity
Raises:	Pib.Error – If the identity does not exist.

isConsistent()[source]¶

Check if the container is consistent with the backend storage.

Returns:	True if the container is consistent, False otherwise.
Return type:	bool
Note:	This method is heavy-weight and should be used in a debugging mode only.

remove(identityName)[source]¶

Remove the identity with name identityName from the container, and its related keys and certificates. If the default identity is being removed, no default identity will be selected. If the identity does not exist, do nothing.

Parameters:	identityName (Name) – The name of the identity.

reset()[source]¶: Reset the state of the container. This method removes all loaded identities and retrieves identity names from the PIB implementation.

size()[source]¶

Get the number of identities in the container.

Returns:	The number of identities.
Return type:	int

pyndn.security.pib.pib_impl module¶

This module defines the PibImpl class which is an abstract base class for the PIB implementation used by the Pib class. This class defines the interface that an actual PIB implementation should provide, for example PibMemory.

class pyndn.security.pib.pib_impl.PibImpl[source]¶

Bases: object

exception Error(message)[source]¶

Bases: exceptions.Exception

Create a PibImpl.Error which represents a non-semantic error in PIB implementation processing. A subclass of PibImpl may throw a subclass of this class when there’s a non-semantic error, such as a storage problem.

Parameters:	message (str) – The error message.

addCertificate(certificate)[source]¶

Add the certificate. If a certificate with the same name (without implicit digest) already exists, then overwrite the certificate. If the key or identity does not exist, they will be created. If no default certificate for the key has been set, then set the added certificate as the default for the key. If no default key was set for the identity, it will be set as the default key for the identity. If no default identity was selected, the certificate’s identity becomes the default.

Parameters:	certificate (CertificateV2) – The certificate to add. This copies the object.
Raises:	PibImpl.Error – For a non-semantic (database access) error.

addIdentity(identityName)[source]¶

Add the identity. If the identity already exists, do nothing. If no default identity has been set, set the added identity as the default.

Parameters:	identityName (Name) – The name of the identity to add. This copies the name.
Raises:	PibImpl.Error – For a non-semantic (database access) error.

addKey(identityName, keyName, key)[source]¶

Add the key. If a key with the same name already exists, overwrite the key. If the identity does not exist, it will be created. If no default key for the identity has been set, then set the added key as the default for the identity. If no default identity has been set, identity becomes the default.

Parameters:	identityName (Name) – The name of the identity that the key belongs to. This copies the name. keyName (Name) – The name of the key. This copies the name. key (an array which implements the buffer protocol) – The public key bits. This copies the array.
Raises:	PibImpl.Error – For a non-semantic (database access) error.

clearIdentities()[source]¶

Erase all certificates, keys, and identities.

Raises:	PibImpl.Error – For a non-semantic (database access) error.

getCertificate(certificateName)[source]¶

Get the certificate with name certificateName.

Parameters:	certificateName (Name) – The name of the certificate.
Returns:	A copy of the certificate.
Return type:	CertificateV2
Raises:	Pib.Error – If the certificate does not exist. PibImpl.Error – For a non-semantic (database access) error.

getCertificatesOfKey(keyName)[source]¶

Get a list of certificate names of the key with id keyName. The returned certificate names can be used to create a PibCertificateContainer. With a certificate name and a backend implementation, one can obtain the certificate.

Parameters:	keyName (Name) – The name of the key.
Returns:	The set of certificate names. The Name objects are fresh copies. If the key does not exist, return an empty set.
Return type:	set of Name
Raises:	PibImpl.Error – For a non-semantic (database access) error.

getDefaultCertificateOfKey(keyName)[source]¶

Get the default certificate for the key with eyName.

Parameters:	keyName (Name) – The name of the key.
Returns:	A copy of the default certificate.
Return type:	CertificateV2
Raises:	Pib.Error – If the default certificate does not exist. PibImpl.Error – For a non-semantic (database access) error.

getDefaultIdentity()[source]¶

Get the default identity.

Returns:	The name of the default identity, as a fresh copy.
Return type:	Name
Raises:	Pib.Error – For no default identity. PibImpl.Error – For a non-semantic (database access) error.

getDefaultKeyOfIdentity(identityName)[source]¶

Get the name of the default key for the identity with name identityName.

Parameters:	identityName (Name) – The name of the identity.
Returns:	The name of the default key, as a fresh copy.
Return type:	Name
Raises:	Pib.Error – If there is no default key or if the identity does not exist. PibImpl.Error – For a non-semantic (database access) error.

getIdentities()[source]¶

Get the names of all the identities.

Returns:	The a fresh set of identity names. The Name objects are fresh copies.
Return type:	set of Name
Raises:	PibImpl.Error – For a non-semantic (database access) error.

getKeyBits(keyName)[source]¶

Get the key bits of a key with name keyName.

Parameters:	keyName (Name) – The name of the key.
Returns:	The key bits.
Return type:	Blob
Raises:	Pib.Error – If the key does not exist. PibImpl.Error – For a non-semantic (database access) error.

getKeysOfIdentity(identityName)[source]¶

Get all the key names of the identity with the name identityName. The returned key names can be used to create a KeyContainer. With a key name and a backend implementation, one can create a Key front end instance.

Parameters:	identityName (Name) – The name of the identity.
Returns:	The set of key names. The Name objects are fresh copies. If the identity does not exist, return an empty set.
Return type:	set of Name
Raises:	PibImpl.Error – For a non-semantic (database access) error.

getTpmLocator()[source]¶

Get the TPM Locator.

Returns:	The TPM locator string.
Return type:	str
Raises:	PibImpl.Error – For a non-semantic (database access) error.

hasCertificate(certificateName)[source]¶

Check for the existence of a certificate with name certificateName.

Parameters:	certificateName (Name) – The name of the certificate.
Returns:	True if the certificate exists, otherwise False.
Return type:	bool
Raises:	PibImpl.Error – For a non-semantic (database access) error.

hasIdentity(identityName)[source]¶

Check for the existence of an identity.

Parameters:	identityName (Name) – The name of the identity.
Returns:	True if the identity exists, otherwise False.
Return type:	bool
Raises:	PibImpl.Error – For a non-semantic (database access) error.

hasKey(keyName)[source]¶

Check for the existence of a key with keyName.

Parameters:	keyName (Name) – The name of the key.
Returns:	True if the key exists, otherwise False. Return False if the identity does not exist.
Return type:	bool
Raises:	PibImpl.Error – For a non-semantic (database access) error.

removeCertificate(certificateName)[source]¶

Remove the certificate with name certificateName. If the certificate does not exist, do nothing.

Parameters:	certificateName (Name) – The name of the certificate.
Raises:	PibImpl.Error – For a non-semantic (database access) error.

removeIdentity(identityName)[source]¶

Remove the identity and its related keys and certificates. If the default identity is being removed, no default identity will be selected. If the identity does not exist, do nothing.

Parameters:	identityName (Name) – The name of the identity to remove.
Raises:	PibImpl.Error – For a non-semantic (database access) error.

removeKey(keyName)[source]¶

Remove the key with keyName and its related certificates. If the key does not exist, do nothing.

Parameters:	keyName (Name) – The name of the key.
Raises:	PibImpl.Error – For a non-semantic (database access) error.

setDefaultCertificateOfKey(keyName, certificateName)[source]¶

Set the cert with name certificateName as the default for the key with keyName.

Parameters:	keyName (Name) – The name of the key. certificateName (Name) – The name of the certificate. This copies the name.
Raises:	Pib.Error – If the certificate with name certificateName does not exist. PibImpl.Error – For a non-semantic (database access) error.

setDefaultIdentity(identityName)[source]¶

Set the identity with the identityName as the default identity. If the identity with identityName does not exist, then it will be created.

Parameters:	identityName (Name) – The name for the default identity. This copies the name.
Raises:	PibImpl.Error – For a non-semantic (database access) error.

setDefaultKeyOfIdentity(identityName, keyName)[source]¶

Set the key with keyName as the default key for the identity with name identityName.

Parameters:	identityName (Name) – The name of the identity. This copies the name. keyName (Name) – The name of the key. This copies the name.
Raises:	Pib.Error – If the key does not exist. PibImpl.Error – For a non-semantic (database access) error.

setTpmLocator(tpmLocator)[source]¶

Set the corresponding TPM information to tpmLocator. This method does not reset the contents of the PIB.

Parameters:	tpmLocator (str) – The TPM locator string.
Raises:	PibImpl.Error – For a non-semantic (database access) error.

pyndn.security.pib.pib_key module¶

This module defines the PibKey class which provides access to a key at the second level in the PIB’s Identity-Key-Certificate hierarchy. A PibKey object has a Name (identity + “KEY” + keyId), and contains one or more CertificateV2 objects, one of which is set as the default certificate of this key. A certificate can be directly accessed by getting a CertificateV2 object.

class pyndn.security.pib.pib_key.PibKey(impl)[source]¶

Bases: object

Create a PibKey which uses the impl backend implementation. This constructor should only be called by PibKeyContainer.

Parameters:	impl (PibKeyImpl) – An object of a subclass of PibKeyImpl.

static constructKeyName(identityName, keyId)[source]¶

Construct a key name based on the appropriate naming conventions.

Parameters:	identityName (Name) – The name of the identity. keyId (Name.Component) – The key ID name component.
Returns:	The constructed name as a new Name.
Return type:	Name

static extractIdentityFromKeyName(keyName)[source]¶

Extract the identity namespace from keyName.

Parameters:	keyName (Name) – The name of the key.
Returns:	The identity name as a new Name.
Return type:	Name

getCertificate(certificateName)[source]¶

Get the certificate with name certificateName.

Parameters:	certificateName (Name) – The name of the certificate.
Returns:	A copy of the CertificateV2 object.
Return type:	CertificateV2
Raises:	ValueError – If certificateName does not match the key name, or if the backend implementation instance is invalid. Pib.Error – If the certificate does not exist.

getDefaultCertificate()[source]¶

Get the default certificate for this Key.

Returns:	A copy of the default certificate.
Return type:	CertificateV2
Raises:	ValueError – If the backend implementation instance is invalid. Pib.Error – If the default certificate does not exist.

getIdentityName()[source]¶

Get the name of the identity this key belongs to.

Returns:	The name of the identity. You must not modify the Key object. If you need to modify it, make a copy.
Return type:	Name
Raises:	ValueError – If the backend implementation instance is invalid.

getKeyType()[source]¶

Get the key type.

Returns:	The key type.
Return type:	an int from the KeyType enum
Raises:	ValueError – If the backend implementation instance is invalid.

getName()[source]¶

Get the key name.

Returns:	The key name. You must not modify the Name object. If you need to modify it, make a copy.
Return type:	Name
Raises:	ValueError – If the backend implementation instance is invalid.

getPublicKey()[source]¶

Get the public key encoding.

Returns:	The public key encoding.
Return type:	Blob
Raises:	ValueError – If the backend implementation instance is invalid.

static isValidKeyName(keyName)[source]¶

Check if keyName follows the naming conventions for a key name.

Parameters:	keyName (Name) – The name of the key.
Returns:	True if keyName follows the naming conventions, otherwise False.
Rtype bool:

pyndn.security.pib.pib_key_container module¶

This module defines the PibKeyContainer class which is used to search/enumerate the keys of an identity. (A PibKeyContainer object can only be created by PibIdentity.)

class pyndn.security.pib.pib_key_container.PibKeyContainer(identityName, pibImpl)[source]¶

Bases: object

Create a PibKeyContainer for an identity with identityName. This constructor should only be called by PibIdentityImpl.

Parameters:	identityName (Name) – The name of the identity, which is copied. pibImpl (PibImpl) – The PIB backend implementation.

add(key, keyName)[source]¶

Add a key with name keyName into the container. If a key with the same name already exists, this replaces it.

Parameters:	key (an array which implements the buffer protocol) – The buffer of encoded key bytes. keyName (Name) – The name of the key, which is copied.
Returns:	The PibKey object.
Return type:	PibKey
Raises:	ValueError – If the name of the key does not match the identity name.

get(keyName)[source]¶

Get the key with name keyName from the container.

Parameters:	keyName (Name) – The name of the key.
Returns:	The PibKey object.
Return type:	PibKey
Raises:	ValueError – If keyName does not match the identity name. Pib.Error – If the key does not exist.

getKeyNames()[source]¶

Get the names of all the keys in the container.

Returns:	A new list of Name.
Return type:	Array<Name>

isConsistent()[source]¶

Check if the container is consistent with the backend storage.

Returns:	True if the container is consistent, False otherwise.
Return type:	bool
Note:	This method is heavy-weight and should be used in a debugging mode only.

remove(keyName)[source]¶

Remove the key with name keyName from the container, and its related certificates. If the key does not exist, do nothing.

Parameters:	keyName (Name) – The name of the key.
Raises:	ValueError – If keyName does not match the identity name.

size()[source]¶

Get the number of keys in the container.

Returns:	The number of keys.
Return type:	int

pyndn.security.pib.pib_memory module¶

This module defines the PibMemory class which extends PibImpl and is used by the Pib class as an in-memory implementation of a PIB. All the contents in the PIB are stored in memory and have the same lifetime as the PibMemory instance.

class pyndn.security.pib.pib_memory.PibMemory[source]¶

Bases: pyndn.security.pib.pib_impl.PibImpl

Create an empty PibMemory.

addCertificate(certificate)[source]¶

Add the certificate. If a certificate with the same name (without implicit digest) already exists, then overwrite the certificate. If the key or identity does not exist, they will be created. If no default certificate for the key has been set, then set the added certificate as the default for the key. If no default key was set for the identity, it will be set as the default key for the identity. If no default identity was selected, the certificate’s identity becomes the default.

Parameters:	certificate (CertificateV2) – The certificate to add. This copies the object.

addIdentity(identityName)[source]¶

Add the identity. If the identity already exists, do nothing. If no default identity has been set, set the added identity as the default.

Parameters:	identityName (Name) – The name of the identity to add. This copies the name.

addKey(identityName, keyName, key)[source]¶

Add the key. If a key with the same name already exists, overwrite the key. If the identity does not exist, it will be created. If no default key for the identity has been set, then set the added key as the default for the identity. If no default identity has been set, identity becomes the default.

Parameters:	identityName (Name) – The name of the identity that the key belongs to. This copies the name. keyName (Name) – The name of the key. This copies the name. key (an array which implements the buffer protocol) – The public key bits. This copies the array.

clearIdentities()[source]¶: Erase all certificates, keys, and identities.

getCertificate(certificateName)[source]¶

Get the certificate with name certificateName.

Parameters:	certificateName (Name) – The name of the certificate.
Returns:	A copy of the certificate.
Return type:	CertificateV2
Raises:	Pib.Error – If the certificate does not exist.

getCertificatesOfKey(keyName)[source]¶

Get a list of certificate names of the key with id keyName. The returned certificate names can be used to create a PibCertificateContainer. With a certificate name and a backend implementation, one can obtain the certificate.

Parameters:	keyName (Name) – The name of the key.
Returns:	The set of certificate names. The Name objects are fresh copies. If the key does not exist, return an empty set.
Return type:	set of Name

getDefaultCertificateOfKey(keyName)[source]¶

Get the default certificate for the key with eyName.

Parameters:	keyName (Name) – The name of the key.
Returns:	A copy of the default certificate.
Return type:	CertificateV2
Raises:	Pib.Error – If the default certificate does not exist.

getDefaultIdentity()[source]¶

Get the default identity.

Returns:	The name of the default identity, as a fresh copy.
Return type:	Name
Raises:	Pib.Error – For no default identity.

getDefaultKeyOfIdentity(identityName)[source]¶

Get the name of the default key for the identity with name identityName.

Parameters:	identityName (Name) – The name of the identity.
Returns:	The name of the default key, as a fresh copy.
Return type:	Name
Raises:	Pib.Error – If there is no default key or if the identity does not exist.

getIdentities()[source]¶

Get the names of all the identities.

Returns:	A fresh set of identity names. The Name objects are fresh copies.
Return type:	set of Name

getKeyBits(keyName)[source]¶

Get the key bits of a key with name keyName.

Parameters:	keyName (Name) – The name of the key.
Returns:	The key bits.
Return type:	Blob
Raises:	Pib.Error – If the key does not exist.

getKeysOfIdentity(identityName)[source]¶

Get all the key names of the identity with the name identityName. The returned key names can be used to create a KeyContainer. With a key name and a backend implementation, one can create a Key front end instance.

Parameters:	identityName (Name) – The name of the identity.
Returns:	The set of key names. The Name objects are fresh copies. If the identity does not exist, return an empty set.
Return type:	set of Name

static getScheme()[source]¶

getTpmLocator()[source]¶

Get the TPM Locator.

Returns:	The TPM locator string.
Return type:	str

hasCertificate(certificateName)[source]¶

Check for the existence of a certificate with name certificateName.

Parameters:	certificateName (Name) – The name of the certificate.
Returns:	True if the certificate exists, otherwise False.
Return type:	bool

hasIdentity(identityName)[source]¶

Check for the existence of an identity.

Parameters:	identityName (Name) – The name of the identity.
Returns:	True if the identity exists, otherwise False.
Return type:	bool

hasKey(keyName)[source]¶

Check for the existence of a key with keyName.

Parameters:	keyName (Name) – The name of the key.
Returns:	True if the key exists, otherwise False. Return False if the identity does not exist.
Return type:	bool

removeCertificate(certificateName)[source]¶

Remove the certificate with name certificateName. If the certificate does not exist, do nothing.

Parameters:	certificateName (Name) – The name of the certificate.

removeIdentity(identityName)[source]¶

Remove the identity and its related keys and certificates. If the default identity is being removed, no default identity will be selected. If the identity does not exist, do nothing.

Parameters:	identityName (Name) – The name of the identity to remove.

removeKey(keyName)[source]¶

Remove the key with keyName and its related certificates. If the key does not exist, do nothing.

Parameters:	keyName (Name) – The name of the key.

setDefaultCertificateOfKey(keyName, certificateName)[source]¶

Set the cert with name certificateName as the default for the key with keyName.

Parameters:	keyName (Name) – The name of the key. certificateName (Name) – The name of the certificate. This copies the name.
Raises:	Pib.Error – If the certificate with name certificateName does not exist.

setDefaultIdentity(identityName)[source]¶

Set the identity with the identityName as the default identity. If the identity with identityName does not exist, then it will be created.

Parameters:	identityName (Name) – The name for the default identity. This copies the name.

setDefaultKeyOfIdentity(identityName, keyName)[source]¶

Set the key with keyName as the default key for the identity with name identityName.

Parameters:	identityName (Name) – The name of the identity. This copies the name. keyName (Name) – The name of the key. This copies the name.
Raises:	Pib.Error – If the key does not exist.

setTpmLocator(tpmLocator)[source]¶

Set the corresponding TPM information to tpmLocator. This method does not reset the contents of the PIB.

Parameters:	tpmLocator (str) – The TPM locator string.

pyndn.security.pib.pib_sqlite3 module¶

This module defines the PibSqlite3 class which extends PibImpl and is used by the Pib class as an implementation of a PIB based on an SQLite3 database. All the contents in the PIB are stored in an SQLite3 database file. This provides more persistent storage than PibMemory.

class pyndn.security.pib.pib_sqlite3.PibSqlite3(databaseDirectoryPath=None, databaseFilename='pib.db')[source]¶

Bases: pyndn.security.pib.pib_impl.PibImpl

Create a new PibSqlite3 to work with an SQLite3 file. This assumes that the database directory does not contain a PIB database of an older version.

Parameters:	databaseDirectoryPath (str) – (optional) The directory where the database file is located. If omitted, use $HOME/.ndn . If the directory does not exist, create it. databaseFilename (str) – (optional) The name if the database file in the databaseDirectoryPath. If omitted, use “pib.db”.
Raises:	PibImpl.Error – If initialization fails.

addCertificate(certificate)[source]¶

Add the certificate. If a certificate with the same name (without implicit digest) already exists, then overwrite the certificate. If the key or identity does not exist, they will be created. If no default certificate for the key has been set, then set the added certificate as the default for the key. If no default key was set for the identity, it will be set as the default key for the identity. If no default identity was selected, the certificate’s identity becomes the default.

Parameters:	certificate (CertificateV2) – The certificate to add. This copies the object.

addIdentity(identityName)[source]¶

Add the identity. If the identity already exists, do nothing. If no default identity has been set, set the added identity as the default.

Parameters:	identityName (Name) – The name of the identity to add. This copies the name.

addKey(identityName, keyName, key)[source]¶

Add the key. If a key with the same name already exists, overwrite the key. If the identity does not exist, it will be created. If no default key for the identity has been set, then set the added key as the default for the identity. If no default identity has been set, identity becomes the default.

Parameters:	identityName (Name) – The name of the identity that the key belongs to. This copies the name. keyName (Name) – The name of the key. This copies the name. key (an array which implements the buffer protocol) – The public key bits. This copies the array.

clearIdentities()[source]¶: Erase all certificates, keys, and identities.

getCertificate(certificateName)[source]¶

Get the certificate with name certificateName.

Parameters:	certificateName (Name) – The name of the certificate.
Returns:	A copy of the certificate.
Return type:	CertificateV2
Raises:	Pib.Error – If the certificate does not exist.

getCertificatesOfKey(keyName)[source]¶

Get a list of certificate names of the key with id keyName. The returned certificate names can be used to create a PibCertificateContainer. With a certificate name and a backend implementation, one can obtain the certificate.

Parameters:	keyName (Name) – The name of the key.
Returns:	The set of certificate names. The Name objects are fresh copies. If the key does not exist, return an empty set.
Return type:	set of Name

getDefaultCertificateOfKey(keyName)[source]¶

Get the default certificate for the key with eyName.

Parameters:	keyName (Name) – The name of the key.
Returns:	A copy of the default certificate.
Return type:	CertificateV2
Raises:	Pib.Error – If the default certificate does not exist.

static getDefaultDatabaseDirectoryPath()[source]¶

Get the default that the constructor uses if databaseDirectoryPath is omitted. This does not try to create the directory.

Returns:	The default database directory path.
Return type:	str

static getDefaultDatabaseFilePath()[source]¶

Get the default database file path that the constructor uses if databaseDirectoryPath and databaseFilename are omitted.

Returns:	The default database file path.
Return type:	str

getDefaultIdentity()[source]¶

Get the default identity.

Returns:	The name of the default identity, as a fresh copy.
Return type:	Name
Raises:	Pib.Error – For no default identity.

getDefaultKeyOfIdentity(identityName)[source]¶

Get the name of the default key for the identity with name identityName.

Parameters:	identityName (Name) – The name of the identity.
Returns:	The name of the default key, as a fresh copy.
Return type:	Name
Raises:	Pib.Error – If there is no default key or if the identity does not exist.

getIdentities()[source]¶

Get the names of all the identities.

Returns:	The a fresh set of identity names. The Name objects are fresh copies.
Return type:	set of Name

getKeyBits(keyName)[source]¶

Get the key bits of a key with name keyName.

Parameters:	keyName (Name) – The name of the key.
Returns:	The key bits.
Return type:	Blob
Raises:	Pib.Error – If the key does not exist.

getKeysOfIdentity(identityName)[source]¶

Get all the key names of the identity with the name identityName. The returned key names can be used to create a KeyContainer. With a key name and a backend implementation, one can create a Key front end instance.

Parameters:	identityName (Name) – The name of the identity.
Returns:	The set of key names. The Name objects are fresh copies. If the identity does not exist, return an empty set.
Return type:	set of Name

static getScheme()[source]¶

getTpmLocator()[source]¶

Get the TPM Locator.

Returns:	The TPM locator string.
Return type:	str

hasCertificate(certificateName)[source]¶

Check for the existence of a certificate with name certificateName.

Parameters:	certificateName (Name) – The name of the certificate.
Returns:	True if the certificate exists, otherwise False.
Return type:	bool

hasIdentity(identityName)[source]¶

Check for the existence of an identity.

Parameters:	identityName (Name) – The name of the identity.
Returns:	True if the identity exists, otherwise False.
Return type:	bool

hasKey(keyName)[source]¶

Check for the existence of a key with keyName.

Parameters:	keyName (Name) – The name of the key.
Returns:	True if the key exists, otherwise False. Return False if the identity does not exist.
Return type:	bool

removeCertificate(certificateName)[source]¶

Remove the certificate with name certificateName. If the certificate does not exist, do nothing.

Parameters:	certificateName (Name) – The name of the certificate.

removeIdentity(identityName)[source]¶

Remove the identity and its related keys and certificates. If the default identity is being removed, no default identity will be selected. If the identity does not exist, do nothing.

Parameters:	identityName (Name) – The name of the identity to remove.

removeKey(keyName)[source]¶

Remove the key with keyName and its related certificates. If the key does not exist, do nothing.

Parameters:	keyName (Name) – The name of the key.

setDefaultCertificateOfKey(keyName, certificateName)[source]¶

Set the cert with name certificateName as the default for the key with keyName.

Parameters:	keyName (Name) – The name of the key. certificateName (Name) – The name of the certificate. This copies the name.
Raises:	Pib.Error – If the certificate with name certificateName does not exist.

setDefaultIdentity(identityName)[source]¶

Set the identity with the identityName as the default identity. If the identity with identityName does not exist, then it will be created.

Parameters:	identityName (Name) – The name for the default identity. This copies the name.

setDefaultKeyOfIdentity(identityName, keyName)[source]¶

Set the key with keyName as the default key for the identity with name identityName.

Parameters:	identityName (Name) – The name of the identity. This copies the name. keyName (Name) – The name of the key. This copies the name.
Raises:	Pib.Error – If the key does not exist.

setTpmLocator(tpmLocator)[source]¶

Set the corresponding TPM information to tpmLocator. This method does not reset the contents of the PIB.

Parameters:	tpmLocator (str) – The TPM locator string.

pyndn.security.pib package¶

Subpackages¶

Submodules¶

pyndn.security.pib.pib module¶

pyndn.security.pib.pib_certificate_container module¶

pyndn.security.pib.pib_identity module¶

pyndn.security.pib.pib_identity_container module¶

pyndn.security.pib.pib_impl module¶

pyndn.security.pib.pib_key module¶

pyndn.security.pib.pib_key_container module¶

pyndn.security.pib.pib_memory module¶

pyndn.security.pib.pib_sqlite3 module¶

Module contents¶

Table Of Contents

Previous topic

Next topic

This Page