Public Member Functions | |
ContentVerifier | getDefaultVerifier () |
Subclasses can override with fancier verification behavior; again move to TrustManager eventually. | |
void | close () |
Close any connections we have to the network. | |
abstract void | initialize () throws InvalidKeyException, IOException, ConfigurationException |
Allows subclasses to specialize key manager initialization. | |
abstract boolean | initialized () |
abstract void | clearSavedConfigurationState () throws FileNotFoundException, IOException |
abstract PublisherPublicKeyDigest | getDefaultKeyID () |
Get our default key ID. | |
boolean | isOurDefaultKey (PublisherPublicKeyDigest keyID) |
abstract PublicKeyCache | getPublicKeyCache () |
Access our collected store of public keys. | |
abstract SecureKeyCache | getSecureKeyCache () |
Access our store of private keys and other secret key material that we have retrieved. | |
abstract void | saveSecureKeyCache () throws FileNotFoundException, IOException |
abstract void | saveConfigurationState () throws FileNotFoundException, IOException |
abstract URI | getConfigurationDataURI () |
Not sure that this is the best idea, but others want to bootstrap on our configuration data store to stash their own config data. | |
abstract PrivateKey | getDefaultSigningKey () |
Get our default private key. | |
abstract PublicKey | getDefaultPublicKey () |
Get our default public key. | |
ContentName | getDefaultKeyName (ContentName keyPrefix, PublisherPublicKeyDigest keyID, CCNTime keyVersion) |
Return the key's content name for a given key id, given a specified prefix and version. | |
abstract ContentName | getDefaultKeyName (PublisherPublicKeyDigest keyID) |
Get the key-manager determined default key name for a key. | |
abstract ContentName | getDefaultKeyNamePrefix () |
Allow subclasses to override default publishing location. | |
abstract KeyLocator | getKeyLocator (PublisherPublicKeyDigest publisherKeyID) |
Gets the preferred key locator for this signing key. | |
abstract KeyLocator | getKeyLocator (PrivateKey signingKey) |
Get our current preferred key locator for this signing key. | |
KeyLocator | getDefaultKeyLocator () |
Get the key locator for our default key. | |
abstract boolean | haveStoredKeyLocator (PublisherPublicKeyDigest keyID) |
abstract KeyLocator | getStoredKeyLocator (PublisherPublicKeyDigest keyID) |
abstract void | clearStoredKeyLocator (PublisherPublicKeyDigest keyID) |
abstract void | setKeyLocator (PublisherPublicKeyDigest publisherKeyID, KeyLocator keyLocator) |
Remember the key locator to use for a given key. | |
KeyLocator | getKeyTypeKeyLocator (PublisherPublicKeyDigest publisherKeyID) |
Get a KEY type key locator for a particular public key. | |
abstract PublicKey | getPublicKey (PublisherPublicKeyDigest publisher) |
Get the public key associated with a given publisher. | |
abstract PublisherPublicKeyDigest | getPublisherKeyID (PrivateKey signingKey) |
Get the publisher key digest associated with one of our signing keys. | |
abstract PrivateKey | getSigningKey (PublisherPublicKeyDigest publisherKeyID) |
Get the private key associated with a given publisher. | |
abstract PrivateKey[] | getSigningKeys () |
Get all of our private keys, used for cache loading. | |
abstract PublisherPublicKeyDigest[] | getAvailableIdentities () |
Get the public key digest of all our signing keys -- essentially our available identities. | |
abstract CCNTime | getKeyVersion (PublisherPublicKeyDigest keyID) |
Get any timestamp associate with this key. | |
abstract PublicKey | getPublicKey (PublisherPublicKeyDigest publisherKeyID, KeyLocator keyLocator, long timeout) throws IOException |
Get the public key for a given publisher, going to the network to retrieve it if necessary. | |
PublicKey | getPublicKey (PublisherPublicKeyDigest publisherKeyID, KeyLocator keyLocator) throws IOException |
Get the public key for a given publisher, going to the network to retrieve it if necessary. | |
abstract PublicKeyObject | getPublicKeyObject (PublisherPublicKeyDigest desiredKeyID, KeyLocator locator, long timeout) throws IOException |
Get the public key for a given publisher as it was explicitly published, going to the network to retrieve it if necessary. | |
PublicKeyObject | publishDefaultKey (ContentName keyName) throws IOException, InvalidKeyException |
Allow subclasses to specialize key publication, if any. | |
PublicKeyObject | publishKey (ContentName keyName, PublisherPublicKeyDigest keyToPublish, PublisherPublicKeyDigest signingKeyID, KeyLocator signingKeyLocator) throws InvalidKeyException, IOException |
Publish a key at a certain name, signed by a specified identity (our default, if null). | |
PublicKeyObject | publishSelfSignedKey (ContentName keyName, PublisherPublicKeyDigest keyToPublish, boolean learnKeyLocator) throws InvalidKeyException, IOException |
Publish my public key to a local key server run in this JVM, as a self-signed key record. | |
abstract PublicKeyObject | publishKey (ContentName keyName, PublicKey keyToPublish, PublisherPublicKeyDigest signingKeyID, KeyLocator signingKeyLocator, boolean learnKeyLocator) throws InvalidKeyException, IOException |
Publish a key at a certain name, signed by our default identity. | |
abstract PublicKeyObject | publishKeyToRepository (ContentName keyName, PublisherPublicKeyDigest keyToPublish, long timeToWaitForPreexisting) throws InvalidKeyException, IOException |
Publish a key at a certain name, ensuring that it is stored in a repository. | |
abstract PublicKeyObject | publishSelfSignedKeyToRepository (ContentName keyName, PublicKey theKey, PublisherPublicKeyDigest keyToPublish, long timeToWaitForPreexisting) throws InvalidKeyException, IOException |
Publish one of our keys to a repository, if it isn't already there, and ensure that it's self-signed regardless of what credentials we have for it (this is the default behavior if we have no credentials for the key. | |
PublicKeyObject | publishKeyToRepository () throws InvalidKeyException, IOException |
Publish our default key to a repository at its default location. | |
PublicKeyObject | publishKeyToRepository (ContentName keyName, PublisherPublicKeyDigest keyToPublish) throws InvalidKeyException, IOException |
void | respondToKeyRequests (ContentName keyPrefix) throws IOException |
Right now KeyServers are hidden in our subclasses. | |
abstract AccessControlManager | getAccessControlManagerForName (ContentName contentName) |
Handle access control manager cache. | |
abstract void | rememberAccessControlManager (AccessControlManager acm) |
Static Public Member Functions | |
static synchronized KeyManager | getDefaultKeyManager () |
Accessor to retrieve default key manager instance, or create it if necessary. | |
static synchronized void | closeDefaultKeyManager () |
Clean up state left around by the default key manager and remove it. | |
static synchronized void | setDefaultKeyManager (KeyManager keyManager) |
Set the default key manager to one of our choice. | |
static PublicKeyObject | publishKeyToRepository (ContentName keyName, PublicKey keyToPublish, PublisherPublicKeyDigest signingKeyID, KeyLocator signingKeyLocator, CCNHandle handle) throws IOException |
Publish a public key to repository, if it isn't already there. | |
static PublicKeyObject | publishKeyToRepository (ContentName keyName, PublicKey keyToPublish, PublisherPublicKeyDigest signingKeyID, KeyLocator signingKeyLocator, long timeToWaitForPreexisting, boolean requirePublisherMatch, CCNHandle handle) throws IOException |
Publish a public key to repository, if it isn't already there. | |
static PublicKeyObject | publishKey (ContentName keyName, PublicKey keyToPublish, PublisherPublicKeyDigest signingKeyID, KeyLocator signingKeyLocator, CCNFlowControl flowController, SaveType saveType, CCNHandle handle, KeyManager keyManager) throws IOException |
Note: this is the lowest level interface to key publication; there are many higher-level interfaces that are probably what you want. | |
Static Public Attributes | |
static final String | DEFAULT_DIGEST_ALGORITHM = "SHA-256" |
Currently default to SHA-256. | |
static final Provider | PROVIDER = getBcProvider() |
Static Protected Member Functions | |
static synchronized KeyManager | createDefaultKeyManager () throws InvalidKeyException, IOException, ConfigurationException |
Create the default key manager. | |
Protected Attributes | |
ContentVerifier | _verifier = null |
A default verifier to use, relative to these key caches and all. | |
Static Protected Attributes | |
static final KeyLocator | SELF_SIGNED_KEY_LOCATOR = new KeyLocator() |
Canary value, indicates we want to override any other key locator available. | |
static KeyManager | _defaultKeyManager = null |
The default KeyManager for this user/VM pair. |
Also handles loading of the BouncyCastle provider, which we need for many things. Very minimal interface now, expect to evolve extensively.
static synchronized KeyManager org.ccnx.ccn.KeyManager.getDefaultKeyManager | ( | ) | [static] |
Accessor to retrieve default key manager instance, or create it if necessary.
ConfigurationException | if there is a problem with the user or system configuration that requires intervention to resolve, or we have a significant problem starting up the key manager. |
static synchronized void org.ccnx.ccn.KeyManager.closeDefaultKeyManager | ( | ) | [static] |
Clean up state left around by the default key manager and remove it.
For now that just means shutting down the network manager started by it
static synchronized KeyManager org.ccnx.ccn.KeyManager.createDefaultKeyManager | ( | ) | throws InvalidKeyException, IOException, ConfigurationException [static, protected] |
Create the default key manager.
ConfigurationException | if there is a problem with the user or system configuration that requires intervention to fix | |
IOException | if there is an operational problem loading data or initializing the key store | |
ConfigurationException |
static synchronized void org.ccnx.ccn.KeyManager.setDefaultKeyManager | ( | KeyManager | keyManager | ) | [static] |
Set the default key manager to one of our choice.
If you do this, be careful on calling close().
void org.ccnx.ccn.KeyManager.close | ( | ) |
Close any connections we have to the network.
Ideally prepare to reopen them when they are next needed.
Reimplemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract void org.ccnx.ccn.KeyManager.initialize | ( | ) | throws InvalidKeyException, IOException, ConfigurationException [pure virtual] |
Allows subclasses to specialize key manager initialization.
ConfigurationException | ||
IOException |
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract PublisherPublicKeyDigest org.ccnx.ccn.KeyManager.getDefaultKeyID | ( | ) | [pure virtual] |
Get our default key ID.
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract PublicKeyCache org.ccnx.ccn.KeyManager.getPublicKeyCache | ( | ) | [pure virtual] |
Access our collected store of public keys.
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract SecureKeyCache org.ccnx.ccn.KeyManager.getSecureKeyCache | ( | ) | [pure virtual] |
Access our store of private keys and other secret key material that we have retrieved.
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract URI org.ccnx.ccn.KeyManager.getConfigurationDataURI | ( | ) | [pure virtual] |
Not sure that this is the best idea, but others want to bootstrap on our configuration data store to stash their own config data.
Return location as a URI as it might be a namespace rather than a directory.
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager, and org.ccnx.ccn.impl.security.keys.NetworkKeyManager.
abstract PrivateKey org.ccnx.ccn.KeyManager.getDefaultSigningKey | ( | ) | [pure virtual] |
Get our default private key.
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract PublicKey org.ccnx.ccn.KeyManager.getDefaultPublicKey | ( | ) | [pure virtual] |
Get our default public key.
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
ContentName org.ccnx.ccn.KeyManager.getDefaultKeyName | ( | ContentName | keyPrefix, | |
PublisherPublicKeyDigest | keyID, | |||
CCNTime | keyVersion | |||
) |
Return the key's content name for a given key id, given a specified prefix and version.
The default key name is the publisher ID itself, under the user's key collection.
keyID[] | publisher ID |
abstract ContentName org.ccnx.ccn.KeyManager.getDefaultKeyName | ( | PublisherPublicKeyDigest | keyID | ) | [pure virtual] |
Get the key-manager determined default key name for a key.
Might include a version, might allow caller to save with generated version.
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract KeyLocator org.ccnx.ccn.KeyManager.getKeyLocator | ( | PublisherPublicKeyDigest | publisherKeyID | ) | [pure virtual] |
Gets the preferred key locator for this signing key.
publisherKeyID | the key whose locator we want to retrieve, if null retrieves the key locator for our default key |
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract KeyLocator org.ccnx.ccn.KeyManager.getKeyLocator | ( | PrivateKey | signingKey | ) | [pure virtual] |
Get our current preferred key locator for this signing key.
Uses getKeyLocator(PublisherPublicKeyDigest).
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
KeyLocator org.ccnx.ccn.KeyManager.getDefaultKeyLocator | ( | ) |
Get the key locator for our default key.
Same as getKeyLocator(null)
abstract void org.ccnx.ccn.KeyManager.setKeyLocator | ( | PublisherPublicKeyDigest | publisherKeyID, | |
KeyLocator | keyLocator | |||
) | [pure virtual] |
Remember the key locator to use for a given key.
Use this to publish this key in the future if not overridden by method calls. If no key locator stored for this key, and no override given, compute a KEY type key locator if this key has not been published, and the name given to it when published if it has.
publisherKeyID | the key whose locator to set; if null sets it for our default key | |
keyLocator | the new key locator for this key; overrides any previous value. If null, erases previous value and defaults will be used. |
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
KeyLocator org.ccnx.ccn.KeyManager.getKeyTypeKeyLocator | ( | PublisherPublicKeyDigest | publisherKeyID | ) |
Get a KEY type key locator for a particular public key.
publisherKeyID | the key whose locator we want to retrieve |
IOException |
abstract PublicKey org.ccnx.ccn.KeyManager.getPublicKey | ( | PublisherPublicKeyDigest | publisher | ) | [pure virtual] |
Get the public key associated with a given publisher.
publisher | the digest of the desired key |
IOException |
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract PublisherPublicKeyDigest org.ccnx.ccn.KeyManager.getPublisherKeyID | ( | PrivateKey | signingKey | ) | [pure virtual] |
Get the publisher key digest associated with one of our signing keys.
signingKey | key whose publisher data we want |
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract PrivateKey org.ccnx.ccn.KeyManager.getSigningKey | ( | PublisherPublicKeyDigest | publisherKeyID | ) | [pure virtual] |
Get the private key associated with a given publisher.
publisherKeyID | the public key digest of the desired key |
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract PrivateKey [] org.ccnx.ccn.KeyManager.getSigningKeys | ( | ) | [pure virtual] |
Get all of our private keys, used for cache loading.
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract CCNTime org.ccnx.ccn.KeyManager.getKeyVersion | ( | PublisherPublicKeyDigest | keyID | ) | [pure virtual] |
Get any timestamp associate with this key.
keyID |
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract PublicKey org.ccnx.ccn.KeyManager.getPublicKey | ( | PublisherPublicKeyDigest | publisherKeyID, | |
KeyLocator | keyLocator, | |||
long | timeout | |||
) | throws IOException [pure virtual] |
Get the public key for a given publisher, going to the network to retrieve it if necessary.
publisherKeyID | the digest of the keys we want | |
keyLocator | the key locator to tell us where to retrieve the key from | |
timeout | how long to try to retrieve the key |
IOException | if we run into an error attempting to read the key |
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
PublicKey org.ccnx.ccn.KeyManager.getPublicKey | ( | PublisherPublicKeyDigest | publisherKeyID, | |
KeyLocator | keyLocator | |||
) | throws IOException |
Get the public key for a given publisher, going to the network to retrieve it if necessary.
Uses the SystemConfiguration.EXTRA_LONG_TIMEOUT to be aggressive and reexpress.
publisherKeyID | the digest of the keys we want | |
keyLocator | the key locator to tell us where to retrieve the key from |
IOException | if we run into an error attempting to read the key |
abstract PublicKeyObject org.ccnx.ccn.KeyManager.getPublicKeyObject | ( | PublisherPublicKeyDigest | desiredKeyID, | |
KeyLocator | locator, | |||
long | timeout | |||
) | throws IOException [pure virtual] |
Get the public key for a given publisher as it was explicitly published, going to the network to retrieve it if necessary.
If the key was not published as a KEY content item (was in our keystore, or was in a KEY type of key locator), this wil not retrieve anything.
publisherKeyID | the digest of the keys we want | |
keyLocator | the key locator to tell us where to retrieve the key from | |
timeout | how long to try to retrieve the key |
IOException | if we run into an error attempting to read the key |
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
PublicKeyObject org.ccnx.ccn.KeyManager.publishDefaultKey | ( | ContentName | keyName | ) | throws IOException, InvalidKeyException |
Allow subclasses to specialize key publication, if any.
defaultPrefix | our default namespace, if we know one for this environment. If null, take user defaults. |
ConfigurationException |
Reimplemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
PublicKeyObject org.ccnx.ccn.KeyManager.publishKey | ( | ContentName | keyName, | |
PublisherPublicKeyDigest | keyToPublish, | |||
PublisherPublicKeyDigest | signingKeyID, | |||
KeyLocator | signingKeyLocator | |||
) | throws InvalidKeyException, IOException |
Publish a key at a certain name, signed by a specified identity (our default, if null).
Usually used to publish our own keys, but can specify other keys we have in our cache.
This publishes our key to our own internal key server, from where it can be retrieved as long as this KeyManager is running. It does not put it on the wire until someone requests it. Implementation Note: This code is used in CCNHandle initialization, and as such it cannot use a CCNHandle or any of the standard network operations without introducing a circular dependency. The code is very low-level and should only be modified with great caution.
keyName | content name of the public key | |
keyToPublish | public key digest of key to publish, if null publish our default key | |
handle | handle for ccn |
IOException | ||
InvalidKeyException |
PublicKeyObject org.ccnx.ccn.KeyManager.publishSelfSignedKey | ( | ContentName | keyName, | |
PublisherPublicKeyDigest | keyToPublish, | |||
boolean | learnKeyLocator | |||
) | throws InvalidKeyException, IOException |
Publish my public key to a local key server run in this JVM, as a self-signed key record.
We do this by default if we don't have any credentials for this key; this just allows the caller to explicitly request this behavior even if we do have credentials. TODO need mechanism for controlling whether this ends up in the key locator...
keyName | content name of the public key | |
keyToPublish | public key digest of key to publish and to sign with | |
handle | handle for ccn |
IOException | ||
InvalidKeyException |
abstract PublicKeyObject org.ccnx.ccn.KeyManager.publishKey | ( | ContentName | keyName, | |
PublicKey | keyToPublish, | |||
PublisherPublicKeyDigest | signingKeyID, | |||
KeyLocator | signingKeyLocator, | |||
boolean | learnKeyLocator | |||
) | throws InvalidKeyException, IOException [pure virtual] |
Publish a key at a certain name, signed by our default identity.
Usually used to publish our own keys, but can specify other keys we have in our cache.
This publishes our key to our own internal key server, from where it can be retrieved as long as this KeyManager is running. It does not put it on the wire until someone requests it. Implementation Note: This code is used in CCNHandle initialization, and as such it cannot use a CCNHandle or any of the standard network operations without introducing a circular dependency. The code is very low-level and should only be modified with great caution.
keyName | the name under which the key should be published. For the moment, keys are unversioned. | |
keyToPublish | can be null, in which case we publish our own default public key | |
signingKeyID | key to sign with, if we wish to override default | |
signingKeyLocator | locator to use, if we wish to override default; if null, one will be computed | |
learnKeyLocator | do we remember the key locator used as the default for this signing key |
InvalidKeyException | ||
IOException | ||
ConfigurationException |
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract PublicKeyObject org.ccnx.ccn.KeyManager.publishKeyToRepository | ( | ContentName | keyName, | |
PublisherPublicKeyDigest | keyToPublish, | |||
long | timeToWaitForPreexisting | |||
) | throws InvalidKeyException, IOException [pure virtual] |
Publish a key at a certain name, ensuring that it is stored in a repository.
Will throw an exception if no repository available. Usually used to publish our own keys, but can specify any key known to our key cache.
keyName | Name under which to publish the key. Currently added under existing version, or version included in keyName. | |
keyToPublish | can be null, in which case we publish our own default public key. | |
handle | the handle to use for network requests |
InvalidKeyException | ||
IOException |
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract PublicKeyObject org.ccnx.ccn.KeyManager.publishSelfSignedKeyToRepository | ( | ContentName | keyName, | |
PublicKey | theKey, | |||
PublisherPublicKeyDigest | keyToPublish, | |||
long | timeToWaitForPreexisting | |||
) | throws InvalidKeyException, IOException [pure virtual] |
Publish one of our keys to a repository, if it isn't already there, and ensure that it's self-signed regardless of what credentials we have for it (this is the default behavior if we have no credentials for the key.
Throws an exception if no repository is available
keyName | Name under which to publish the key. Currently added under existing version, or version included in keyName. | |
theKey | the public key to publish, if we happen to have it; otherwise it will be retrieved from cache based on keyToPublish. | |
keyToPublish | can be null, in which case we publish our own default public key. | |
handle | the handle to use for network requests |
InvalidKeyException | ||
IOException |
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
PublicKeyObject org.ccnx.ccn.KeyManager.publishKeyToRepository | ( | ) | throws InvalidKeyException, IOException |
Publish our default key to a repository at its default location.
handle | the handle used for network requests |
InvalidKeyException | ||
IOException |
static PublicKeyObject org.ccnx.ccn.KeyManager.publishKeyToRepository | ( | ContentName | keyName, | |
PublicKey | keyToPublish, | |||
PublisherPublicKeyDigest | signingKeyID, | |||
KeyLocator | signingKeyLocator, | |||
CCNHandle | handle | |||
) | throws IOException [static] |
Publish a public key to repository, if it isn't already there.
keyName | content name of the public key to publish under (adds a version) | |
keyToPublish | the key to publish | |
handle | the handle to use to publish it with |
IOException |
static PublicKeyObject org.ccnx.ccn.KeyManager.publishKeyToRepository | ( | ContentName | keyName, | |
PublicKey | keyToPublish, | |||
PublisherPublicKeyDigest | signingKeyID, | |||
KeyLocator | signingKeyLocator, | |||
long | timeToWaitForPreexisting, | |||
boolean | requirePublisherMatch, | |||
CCNHandle | handle | |||
) | throws IOException [static] |
Publish a public key to repository, if it isn't already there.
keyName | content name of the public key to publish under (adds a version) | |
keyToPublish | the key to publish | |
signingKeyID | the key to sign with | |
signingKeyLocator | the key locator to use | |
timeToWaitForPreexisting | how long to wait to see if it has already been published (avoid re-publishing). If 0, we don't even try to find preexisting content. | |
requirePublisherMatch | check to see if we match the specified publisher. Key locator match too complex to check, make caller do that one. | |
handle | the handle to use to publish it with |
IOException |
static PublicKeyObject org.ccnx.ccn.KeyManager.publishKey | ( | ContentName | keyName, | |
PublicKey | keyToPublish, | |||
PublisherPublicKeyDigest | signingKeyID, | |||
KeyLocator | signingKeyLocator, | |||
CCNFlowControl | flowController, | |||
SaveType | saveType, | |||
CCNHandle | handle, | |||
KeyManager | keyManager | |||
) | throws IOException [static] |
Note: this is the lowest level interface to key publication; there are many higher-level interfaces that are probably what you want.
This needs to be public to get across package constraints. Publish a signed record for this key. We've already decided we need to publish, and how; no more checks are made to see if the key already exists.
keyName | the key's content name. Will add a version when saving if it doesn't have one already. If it does have a version, will use that one (see below for effect of version on the key locator). (Note that this is not standard behavior for savable network content, which needs its version explicitly set.) | |
keyToPublish | the public key to publish | |
keyID | the publisher id | |
signingKeyID | the key id of the key pair to sign with | |
signingKeyLocator | the key locator to use if we save this key (if it is not already published). If not specified, we look for the default locator for the signing key. If there is none, and we are signing with the same key we are publishing, we build a self-referential key locator, using the name passed in (versioned or not). | |
flowController | flow controller to use. If non-null, saveType is ignored. | |
saveType | -- if we don't want to hand in a special-purpose flow controller, set saveType to RAW or REPO to get standard publishing behavior. | |
handle | the handle to use if we haven't specified a flow controller. Makes a flow controller of the type specified by saveType. | |
keyManager | the key manager to use to pull additional signing information (default keys and locators if not specified). If null, taken from handle. Also publish key added to its cache. |
IOException |
void org.ccnx.ccn.KeyManager.respondToKeyRequests | ( | ContentName | keyPrefix | ) | throws IOException |
Right now KeyServers are hidden in our subclasses.
... this makes it hard to expose control of filter registration. This is a bad attempt at an API for that, it should change. Don't make it abstract as subclasses may not need it.
IOException |
Reimplemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
abstract AccessControlManager org.ccnx.ccn.KeyManager.getAccessControlManagerForName | ( | ContentName | contentName | ) | [pure virtual] |
Handle access control manager cache.
contentName |
Implemented in org.ccnx.ccn.impl.security.keys.BasicKeyManager.
final String org.ccnx.ccn.KeyManager.DEFAULT_DIGEST_ALGORITHM = "SHA-256" [static] |
Currently default to SHA-256.
Only thing that associates a specific digest algorithm with a version of the CCN protocol is the calculation of the vestigial content digest component of ContentName used in Interest matching, and publisher digests. Changing the latter is handled by backwards-compatible changes to the protocol encoding. All other digests are stored prefaced with an algorithm identifier, to allow them to be modified. We expect the protocol default digest algorithm to move to SHA3 when defined.
KeyManager org.ccnx.ccn.KeyManager._defaultKeyManager = null [static, protected] |
The default KeyManager for this user/VM pair.
The KeyManager will eventually have access to significant cached state, and so a single one should be shared by as many processes within the same trust domain as possible. We might make multiple KeyManagers representing different "users" for testing purposes.
ContentVerifier org.ccnx.ccn.KeyManager._verifier = null [protected] |
A default verifier to use, relative to these key caches and all.
Move to TrustManager eventually.