def get(self, keyName):
"""
Get the key with name keyName from the container.
:param Name keyName: The name of the key.
:return: The PibKey object.
:rtype: PibKey
:raises ValueError: If keyName does not match the identity name.
:raises Pib.Error: If the key does not exist.
"""
if not self._identityName.equals(PibKey.extractIdentityFromKeyName(keyName)):
raise ValueError("Key name `" + keyName.toUri() +
"` does not match identity `" + self._identityName.toUri() + "`")
try:
pibKeyImpl = self._keys[keyName]
except KeyError:
pibKeyImpl = None
if pibKeyImpl == None:
pibKeyImpl = PibKeyImpl(keyName, self._pibImpl)
# Copy the Name.
self._keys[Name(keyName)] = pibKeyImpl
return PibKey(pibKeyImpl)
def remove(self, keyName):
"""
Remove the key with name keyName from the container, and its related
certificates. If the key does not exist, do nothing.
:param Name keyName: The name of the key.
:raises ValueError: If keyName does not match the identity name.
"""
if not self._identityName.equals(
PibKey.extractIdentityFromKeyName(keyName)):
raise ValueError("Key name `" + keyName.toUri() +
"` does not match identity `" +
self._identityName.toUri() + "`")
try:
self._keyNames.remove(keyName)
except KeyError:
# Do nothing if it doesn't exist.
pass
try:
del self._keys[keyName]
except KeyError:
# Do nothing if it doesn't exist.
pass
self._pibImpl.removeKey(keyName)
def remove(self, keyName):
"""
Remove the key with name keyName from the container, and its related
certificates. If the key does not exist, do nothing.
:param Name keyName: The name of the key.
:raises ValueError: If keyName does not match the identity name.
"""
if not self._identityName.equals(PibKey.extractIdentityFromKeyName(keyName)):
raise ValueError("Key name `" + keyName.toUri() +
"` does not match identity `" + self._identityName.toUri() + "`")
try:
self._keyNames.remove(keyName)
except KeyError:
# Do nothing if it doesn't exist.
pass
try:
del self._keys[keyName]
except KeyError:
# Do nothing if it doesn't exist.
pass
self._pibImpl.removeKey(keyName)
def get(self, keyName):
"""
Get the key with name keyName from the container.
:param Name keyName: The name of the key.
:return: The PibKey object.
:rtype: PibKey
:raises ValueError: If keyName does not match the identity name.
:raises Pib.Error: If the key does not exist.
"""
if not self._identityName.equals(
PibKey.extractIdentityFromKeyName(keyName)):
raise ValueError("Key name `" + keyName.toUri() +
"` does not match identity `" +
self._identityName.toUri() + "`")
try:
pibKeyImpl = self._keys[keyName]
except KeyError:
pibKeyImpl = None
if pibKeyImpl == None:
pibKeyImpl = PibKeyImpl(keyName, self._pibImpl)
# Copy the Name.
self._keys[Name(keyName)] = pibKeyImpl
return PibKey(pibKeyImpl)
def __init__(self, keyName, arg2, arg3=None):
self._defaultCertificate = None
if isinstance(arg2, PibImpl):
# PibKeyImpl(keyName, pibImpl)
pibImpl = arg2
self._identityName = PibKey.extractIdentityFromKeyName(keyName)
self._keyName = Name(keyName)
self._certificates = PibCertificateContainer(keyName, pibImpl)
self._pibImpl = pibImpl
if pibImpl == None:
raise ValueError("The pibImpl is None")
self._keyEncoding = self._pibImpl.getKeyBits(self._keyName)
try:
publicKey = PublicKey(self._keyEncoding)
except:
# We don't expect this since we just fetched the encoding.
raise Pib.Error("Error decoding public key")
self._keyType = publicKey.getKeyType()
else:
# PibKeyImpl(keyName, keyEncoding, pibImpl)
keyEncoding = arg2
pibImpl = arg3
self._identityName = PibKey.extractIdentityFromKeyName(keyName)
self._keyName = Name(keyName)
self._keyEncoding = Blob(keyEncoding, True)
self._certificates = PibCertificateContainer(keyName, pibImpl)
self._pibImpl = pibImpl
if pibImpl == None:
raise ValueError("The pibImpl is None")
try:
publicKey = PublicKey(self._keyEncoding)
self._keyType = publicKey.getKeyType()
except:
raise ValueError("Invalid key encoding")
self._pibImpl.addKey(self._identityName, self._keyName,
keyEncoding)
def __init__(self, keyName, arg2, arg3 = None):
self._defaultCertificate = None
if isinstance(arg2, PibImpl):
# PibKeyImpl(keyName, pibImpl)
pibImpl = arg2
self._identityName = PibKey.extractIdentityFromKeyName(keyName)
self._keyName = Name(keyName)
self._certificates = PibCertificateContainer(keyName, pibImpl)
self._pibImpl = pibImpl
if pibImpl == None:
raise ValueError("The pibImpl is None")
self._keyEncoding = self._pibImpl.getKeyBits(self._keyName)
try:
publicKey = PublicKey(self._keyEncoding)
except:
# We don't expect this since we just fetched the encoding.
raise Pib.Error("Error decoding public key")
self._keyType = publicKey.getKeyType()
else:
# PibKeyImpl(keyName, keyEncoding, pibImpl)
keyEncoding = arg2
pibImpl = arg3
self._identityName = PibKey.extractIdentityFromKeyName(keyName)
self._keyName = Name(keyName)
self._keyEncoding = Blob(keyEncoding, True)
self._certificates = PibCertificateContainer(keyName, pibImpl)
self._pibImpl = pibImpl
if pibImpl == None:
raise ValueError("The pibImpl is None")
try:
publicKey = PublicKey(self._keyEncoding)
self._keyType = publicKey.getKeyType()
except:
raise ValueError("Invalid key encoding")
self._pibImpl.addKey(self._identityName, self._keyName, keyEncoding)
def delete_security_object(name, kind):
key_chain = KeyChain()
logging.info("Delete security object %s %s", name, kind)
if kind == "c":
id_name = CertificateV2.extractIdentityFromCertName(Name(name))
key_name = CertificateV2.extractKeyNameFromCertName(Name(name))
cur_id = key_chain.getPib().getIdentity(id_name)
cur_key = cur_id.getKey(key_name)
key_chain.deleteCertificate(cur_key, Name(name))
elif kind == "k":
id_name = PibKey.extractIdentityFromKeyName(Name(name))
cur_id = key_chain.getPib().getIdentity(id_name)
cur_key = cur_id.getKey(Name(name))
key_chain.deleteKey(cur_id, cur_key)
else:
key_chain.deleteIdentity(Name(name))
def getKeysOfIdentity(self, identityName):
"""
Get all the key names of the identity with the name identityName. The
returned key names can be used to create a KeyContainer. With a key name
and a backend implementation, one can create a Key front end instance.
:param Name identityName: The name of the identity.
:return: The set of key names. The Name objects are fresh copies. If the
identity does not exist, return an empty set.
:rtype: set of Name
"""
ids = set()
for keyName in self._keys:
if identityName.equals(PibKey.extractIdentityFromKeyName(keyName)):
# Copy the name.
ids.add(Name(keyName))
return ids
def getKeysOfIdentity(self, identityName):
"""
Get all the key names of the identity with the name identityName. The
returned key names can be used to create a KeyContainer. With a key name
and a backend implementation, one can create a Key front end instance.
:param Name identityName: The name of the identity.
:return: The set of key names. The Name objects are fresh copies. If the
identity does not exist, return an empty set.
:rtype: set of Name
"""
ids = set()
for keyName in self._keys:
if identityName.equals(PibKey.extractIdentityFromKeyName(keyName)):
# Copy the name.
ids.add(Name(keyName))
return ids
def _checkPolicyHelper(self, keyName, state, continueValidation):
"""
:param Name keyName:
:param ValidationState state:
:param continueValidation:
:type continueValidation: function object
"""
try:
identity = self._pib.getIdentity(
PibKey.extractIdentityFromKeyName(keyName))
except Exception as ex:
state.fail(
ValidationError(
ValidationError.CANNOT_RETRIEVE_CERTIFICATE,
"Cannot get the PIB identity for key " + keyName.toUri() +
": " + repr(ex)))
return
try:
key = identity.getKey(keyName)
except Exception as ex:
state.fail(
ValidationError(
ValidationError.CANNOT_RETRIEVE_CERTIFICATE,
"Cannot get the PIB key " + keyName.toUri() + ": " +
repr(ex)))
return
try:
certificate = key.getDefaultCertificate()
except Exception as ex:
state.fail(
ValidationError(
ValidationError.CANNOT_RETRIEVE_CERTIFICATE,
"Cannot get the default certificate for key " +
keyName.toUri() + ": " + repr(ex)))
return
# Add the certificate as the temporary trust anchor.
self._validator.resetAnchors()
self._validator.loadAnchor("", certificate)
continueValidation(CertificateRequest(Interest(keyName)), state)
# Clear the temporary trust anchor.
self._validator.resetAnchors()
def checkNames(self, packetName, keyLocatorName, state):
"""
:param Name packetName:
:param Name keyLocatorName:
:param ValidationState state:
:rtype: bool
"""
# packetName is not used in this check.
identity = PibKey.extractIdentityFromKeyName(keyLocatorName)
result = ConfigNameRelation.checkNameRelation(
self._relation, self._name, identity)
if not result:
state.fail(ValidationError(ValidationError.POLICY_ERROR,
"KeyLocator check failed: name relation " + self._name.toUri() + " " +
ConfigNameRelation.toString(self._relation) + " for packet " +
packetName.toUri() + " is invalid (KeyLocator=" +
keyLocatorName.toUri() + ", identity=" + identity.toUri() + ")"))
return result
def _checkPolicyHelper(self, keyName, state, continueValidation):
"""
:param Name keyName:
:param ValidationState state:
:param continueValidation:
:type continueValidation: function object
"""
try:
identity = self._pib.getIdentity(
PibKey.extractIdentityFromKeyName(keyName))
except Exception as ex:
state.fail(ValidationError
(ValidationError.CANNOT_RETRIEVE_CERTIFICATE,
"Cannot get the PIB identity for key " + keyName.toUri() + ": " +
repr(ex)))
return
try:
key = identity.getKey(keyName)
except Exception as ex:
state.fail(ValidationError
(ValidationError.CANNOT_RETRIEVE_CERTIFICATE,
"Cannot get the PIB key " + keyName.toUri() + ": " + repr(ex)))
return
try:
certificate = key.getDefaultCertificate()
except Exception as ex:
state.fail(ValidationError
(ValidationError.CANNOT_RETRIEVE_CERTIFICATE,
"Cannot get the default certificate for key " + keyName.toUri() +
": " + repr(ex)))
return
# Add the certificate as the temporary trust anchor.
self._validator.resetAnchors()
self._validator.loadAnchor("", certificate)
continueValidation(CertificateRequest(Interest(keyName)), state)
# Clear the temporary trust anchor.
self._validator.resetAnchors()
def removeKey(self, keyName):
"""
Remove the key with keyName and its related certificates. If the key
does not exist, do nothing.
:param Name keyName: The name of the key.
"""
identityName = PibKey.extractIdentityFromKeyName(keyName)
try:
del self._keys[keyName]
except KeyError:
# Do nothing if it doesn't exist.
pass
try:
del self._defaultKeyNames[identityName]
except KeyError:
# Do nothing if it doesn't exist.
pass
for certificateName in self.getCertificatesOfKey(keyName):
self.removeCertificate(certificateName)
def removeKey(self, keyName):
"""
Remove the key with keyName and its related certificates. If the key
does not exist, do nothing.
:param Name keyName: The name of the key.
"""
identityName = PibKey.extractIdentityFromKeyName(keyName)
try:
del self._keys[keyName]
except KeyError:
# Do nothing if it doesn't exist.
pass
try:
del self._defaultKeyNames[identityName]
except KeyError:
# Do nothing if it doesn't exist.
pass
for certificateName in self.getCertificatesOfKey(keyName):
self.removeCertificate(certificateName)
def add(self, key, keyName):
"""
Add a key with name keyName into the container. If a key with the same
name already exists, this replaces it.
:param key: The buffer of encoded key bytes.
:type key: an array which implements the buffer protocol
:param Name keyName: The name of the key, which is copied.
:return: The PibKey object.
:rtype: PibKey
:raises ValueError: If the name of the key does not match the identity
name.
"""
if not self._identityName.equals(PibKey.extractIdentityFromKeyName(keyName)):
raise ValueError("The key name `" + keyName.toUri() +
"` does not match the identity name `" +
self._identityName.toUri() + "`")
# Copy the Name.
self._keyNames.add(Name(keyName))
self._keys[Name(keyName)] = PibKeyImpl(keyName, key, self._pibImpl)
return self.get(keyName)
def add(self, key, keyName):
"""
Add a key with name keyName into the container. If a key with the same
name already exists, this replaces it.
:param key: The buffer of encoded key bytes.
:type key: an array which implements the buffer protocol
:param Name keyName: The name of the key, which is copied.
:return: The PibKey object.
:rtype: PibKey
:raises ValueError: If the name of the key does not match the identity
name.
"""
if not self._identityName.equals(
PibKey.extractIdentityFromKeyName(keyName)):
raise ValueError("The key name `" + keyName.toUri() +
"` does not match the identity name `" +
self._identityName.toUri() + "`")
# Copy the Name.
self._keyNames.add(Name(keyName))
self._keys[Name(keyName)] = PibKeyImpl(keyName, key, self._pibImpl)
return self.get(keyName)
def checkNames(self, packetName, keyLocatorName, state):
"""
:param Name packetName:
:param Name keyLocatorName:
:param ValidationState state:
:rtype: bool
"""
# packetName is not used in this check.
identity = PibKey.extractIdentityFromKeyName(keyLocatorName)
result = ConfigNameRelation.checkNameRelation(self._relation,
self._name, identity)
if not result:
state.fail(
ValidationError(
ValidationError.POLICY_ERROR,
"KeyLocator check failed: name relation " +
self._name.toUri() + " " +
ConfigNameRelation.toString(self._relation) +
" for packet " + packetName.toUri() +
" is invalid (KeyLocator=" + keyLocatorName.toUri() +
", identity=" + identity.toUri() + ")"))
return result