class IdentityManagementFixture(object):
def __init__(self):
self._keyChain = KeyChain("pib-memory:", "tpm-memory:")
self._identityNames = set()
self._certificateFiles = set()
def saveCertificateToFile(self, data, filePath):
"""
:param Data data: The certificate to save.
:param str filePath: The file path, which should be writable.
:return: True if successful.
:rtype: bool
"""
self._certificateFiles.add(filePath)
try:
encoding = data.wireEncode()
encodedCertificate = Common.base64Encode(encoding.toBytes(), True)
with open(filePath, 'w') as keyFile:
keyFile.write(encodedCertificate)
return True
except Exception:
return False
def addIdentity(self, identityName, params = None):
"""
Add an identity for the identityName.
:param Name identityName: The name of the identity.
:param KeyParams params: (optional) The key parameters if a key needs to
be generated for the identity. If omitted, use
KeyChain.getDefaultKeyParams().
:return: The created PibIdentity instance.
:rtype: PibIdentity
"""
if params == None:
params = KeyChain.getDefaultKeyParams()
identity = self._keyChain.createIdentityV2(identityName, params)
self._identityNames.add(identityName)
return identity
def saveCertificate(identity, filePath):
"""
Save the identity's certificate to a file.
:param PibIdentity identity: The PibIdentity.
:param str filePath: The file path, which should be writable.
:return: True if successful.
:rtype: str
"""
try:
certificate = identity.getDefaultKey().getDefaultCertificate()
return self.saveCertificateToFile(certificate, filePath)
except Pib.Error:
return False
def addSubCertificate(self, subIdentityName, issuer, params = None):
"""
Issue a certificate for subIdentityName signed by issuer. If the
identity does not exist, it is created. A new key is generated as the
default key for the identity. A default certificate for the key is
signed by the issuer using its default certificate.
"""
if params == None:
params = KeyChain.getDefaultKeyParams()
subIdentity = self.addIdentity(subIdentityName, params)
request = subIdentity.getDefaultKey().getDefaultCertificate()
request.setName(request.getKeyName().append("parent").appendVersion(1))
certificateParams = SigningInfo(issuer)
# Validity period of 20 years.
now = Common.getNowMilliseconds()
certificateParams.setValidityPeriod(
ValidityPeriod(now, now + 20 * 365 * 24 * 3600 * 1000.0))
# Skip the AdditionalDescription.
self._keyChain.sign(request, certificateParams)
self._keyChain.setDefaultCertificate(subIdentity.getDefaultKey(), request)
return subIdentity
def addCertificate(self, key, issuerId):
"""
Add a self-signed certificate made from the key and issuer ID.
:param PibKey key: The key for the certificate.
:param str issuerId: The issuer ID name component for the certificate
name.
:return: The new certificate.
:rtype: CertificateV2
"""
certificateName = Name(key.getName())
certificateName.append(issuerId).appendVersion(3)
certificate = CertificateV2()
certificate.setName(certificateName)
# Set the MetaInfo.
certificate.getMetaInfo().setType(ContentType.KEY)
# One hour.
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0)
# Set the content.
certificate.setContent(key.getPublicKey())
params = SigningInfo(key)
# Validity period of 10 days.
now = Common.getNowMilliseconds()
params.setValidityPeriod(
ValidityPeriod(now, now + 10 * 24 * 3600 * 1000.0))
self._keyChain.sign(certificate, params)
return certificate
class IdentityManagementFixture(object):
def __init__(self):
self._keyChain = KeyChain("pib-memory:", "tpm-memory:")
self._identityNames = set()
self._certificateFiles = set()
def saveCertificateToFile(self, data, filePath):
"""
:param Data data: The certificate to save.
:param str filePath: The file path, which should be writable.
:return: True if successful.
:rtype: bool
"""
self._certificateFiles.add(filePath)
try:
encoding = data.wireEncode()
encodedCertificate = Common.base64Encode(encoding.toBytes(), True)
with open(filePath, 'w') as keyFile:
keyFile.write(encodedCertificate)
return True
except Exception:
return False
def addIdentity(self, identityName, params = None):
"""
Add an identity for the identityName.
:param Name identityName: The name of the identity.
:param KeyParams params: (optional) The key parameters if a key needs to
be generated for the identity. If omitted, use
KeyChain.getDefaultKeyParams().
:return: The created PibIdentity instance.
:rtype: PibIdentity
"""
if params == None:
params = KeyChain.getDefaultKeyParams()
identity = self._keyChain.createIdentityV2(identityName, params)
self._identityNames.add(identityName)
return identity
def saveCertificate(identity, filePath):
"""
Save the identity's certificate to a file.
:param PibIdentity identity: The PibIdentity.
:param str filePath: The file path, which should be writable.
:return: True if successful.
:rtype: str
"""
try:
certificate = identity.getDefaultKey().getDefaultCertificate()
return self.saveCertificateToFile(certificate, filePath)
except Pib.Error:
return False
def addSubCertificate(self, subIdentityName, issuer, params = None):
"""
Issue a certificate for subIdentityName signed by issuer. If the
identity does not exist, it is created. A new key is generated as the
default key for the identity. A default certificate for the key is
signed by the issuer using its default certificate.
"""
if params == None:
params = KeyChain.getDefaultKeyParams()
subIdentity = self.addIdentity(subIdentityName, params)
request = subIdentity.getDefaultKey().getDefaultCertificate()
request.setName(request.getKeyName().append("parent").appendVersion(1))
certificateParams = SigningInfo(issuer)
# Validity period of 20 years.
now = Common.getNowMilliseconds()
certificateParams.setValidityPeriod(
ValidityPeriod(now, now + 20 * 365 * 24 * 3600 * 1000.0))
# Skip the AdditionalDescription.
self._keyChain.sign(request, certificateParams)
self._keyChain.setDefaultCertificate(subIdentity.getDefaultKey(), request)
return subIdentity
def addCertificate(self, key, issuerId):
"""
Add a self-signed certificate made from the key and issuer ID.
:param PibKey key: The key for the certificate.
:param str issuerId: The issuer ID name component for the certificate
name.
:return: The new certificate.
:rtype: CertificateV2
"""
certificateName = Name(key.getName())
certificateName.append(issuerId).appendVersion(3)
certificate = CertificateV2()
certificate.setName(certificateName)
# Set the MetaInfo.
certificate.getMetaInfo().setType(ContentType.KEY)
# One hour.
certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0)
# Set the content.
certificate.setContent(key.getPublicKey())
params = SigningInfo(key)
# Validity period of 10 days.
now = Common.getNowMilliseconds()
params.setValidityPeriod(
ValidityPeriod(now, now + 10 * 24 * 3600 * 1000.0))
self._keyChain.sign(certificate, params)
return certificate
