KeyChain

ndn_security::keychain

Struct KeyChain 

Source 
pub struct KeyChain { /* private fields */ }
Expand description

A named NDN identity with an associated signing key and trust anchors.

KeyChain is the single entry point for NDN security in both applications and the forwarder. It owns a signing key, a certificate cache, and a set of trust anchors, and exposes methods for signing packets and building validators.

§Constructors

§Examples

use ndn_security::KeyChain;

// Ephemeral identity (testing / short-lived producers)
let kc = KeyChain::ephemeral("/com/example/alice")?;
let signer = kc.signer()?;

// Persistent identity
let kc = KeyChain::open_or_create(
    std::path::Path::new("/var/lib/ndn"),
    "/com/example/alice",
)?;

Implementations§

Source§

impl KeyChain

Source

pub fn ephemeral(name: impl AsRef<str>) -> Result<Self, TrustError>

Create an ephemeral, in-memory identity with a freshly generated Ed25519 key.

The key is self-signed with a 365-day certificate and registered as a trust anchor. Keys are not persisted — use open_or_create for long-lived identities.

Source

pub fn open_or_create( path: &Path, name: impl AsRef<str>, ) -> Result<Self, TrustError>

Open a persistent identity from a PIB directory, creating it if absent.

On first run, generates an Ed25519 key and self-signed certificate. On subsequent runs, loads the existing key and certificate from disk.

Source

pub fn from_parts(mgr: Arc<SecurityManager>, name: Name, key_name: Name) -> Self

Construct a KeyChain from a pre-built SecurityManager.

This is an escape hatch for framework code (NDNCERT enrollment, device provisioning) that needs to build a SecurityManager before wrapping it. Prefer ephemeral or open_or_create for application code.

Source

pub fn name(&self) -> &Name

The NDN name of this identity (e.g. /com/acme/alice).

Source

pub fn key_name(&self) -> &Name

The name of the active signing key (e.g. /com/acme/alice/KEY/v=0).

Source

pub fn signer(&self) -> Result<Arc<dyn Signer>, TrustError>

Get the signer for this identity.

Source

pub fn validator(&self) -> Validator

Build a Validator pre-configured with this identity’s trust anchors.

Uses TrustSchema::accept_all by default (any correctly-signed packet whose certificate chain terminates in a known anchor is accepted). For stricter namespace-based policy, call Validator::set_schema on the result or use TrustSchema::hierarchical.

Source

pub fn add_trust_anchor(&self, cert: Certificate)

Add an external trust anchor certificate.

Use this to accept data signed by a CA that was not issued by this identity (e.g., a network-wide trust anchor discovered via NDNCERT).

Source

pub fn cert_cache(&self) -> &CertCache

Access the certificate cache.

Useful for pre-populating the cache with known intermediate certificates before validation.

Source

pub fn trust_only( anchor_prefix: impl AsRef<str>, ) -> Result<Validator, TrustError>

Build a Validator that trusts only certificates issued under anchor_prefix.

Shorthand for creating a consumer-side validator when you know the trust-anchor prefix and don’t need a full KeyChain. For example, to accept Data signed by any certificate under /ndn/testbed:

use ndn_security::KeyChain;

let validator = KeyChain::trust_only("/ndn/testbed").unwrap();

Uses TrustSchema::hierarchical so the Data name must be a sub-name of the signing certificate prefix.

Source

pub fn sign_data(&self, builder: DataBuilder) -> Result<Bytes, TrustError>

Sign a Data packet using this KeyChain’s signing key.

Returns the encoded, signed Data wire bytes. Uses Ed25519 with the key locator set to this identity’s key name.

§Errors

Returns TrustError if the signing key is not available.

Source

pub fn sign_interest( &self, builder: InterestBuilder, ) -> Result<Bytes, TrustError>

Sign an Interest using this KeyChain’s signing key.

Returns the encoded, signed Interest wire bytes. Uses Ed25519 with the key locator set to this identity’s key name.

§Errors

Returns TrustError if the signing key is not available.

Source

pub fn build_validator(&self) -> Validator

Build a Validator pre-configured with this identity’s trust anchors.

Alias for validator. Provided for API symmetry with the trust_only constructor.

Source

pub fn manager_arc(&self) -> Arc<SecurityManager>

The Arc-wrapped SecurityManager backing this keychain.

Intended for framework code (e.g., background renewal tasks) that needs to share the manager across async tasks. Prefer the higher-level methods for application code.

Trait Implementations§

Source§

impl Debug for KeyChain

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V