SecurityManager

ndn_security::manager

Struct SecurityManager 

Source 
pub struct SecurityManager { /* private fields */ }
Expand description

High-level NDN security manager.

Owns a key store and certificate cache, and provides operations for:

  • Key pair generation
  • Self-signed certificate issuance (trust-anchor certificates)
  • Certificate issuance (signing a key Data packet with another key)
  • Trust anchor registration
  • Retrieving a signer for a key name

For production use, replace MemKeyStore with a file-backed store.

Implementations§

Source§

impl SecurityManager

Source

pub fn new() -> Self

Source

pub fn generate_ed25519(&self, key_name: Name) -> Result<Name, TrustError>

Generate a new Ed25519 key pair using a cryptographically random seed and store it in the in-memory key store.

key_name should follow NDN key naming convention: /<identity>/KEY/<key-id>.

Returns the key name on success.

Source

pub fn generate_ed25519_from_seed( &self, key_name: Name, seed: &[u8; 32], ) -> Result<Name, TrustError>

Generate a new Ed25519 key from explicit raw seed bytes (for testing).

Source

pub fn issue_self_signed( &self, key_name: &Name, public_key_bytes: Bytes, validity_ms: u64, ) -> Result<Certificate, TrustError>

Issue a self-signed certificate (trust anchor).

The certificate is inserted into both the cert cache and the anchor set. validity_ms is the certificate lifetime in milliseconds; pass u64::MAX for non-expiring anchors.

Source

pub async fn certify( &self, subject_key_name: &Name, subject_public_key: Bytes, issuer_key_name: &Name, validity_ms: u64, ) -> Result<Certificate, TrustError>

Issue a certificate for subject_key signed by issuer_key.

Both keys must already exist in the key store. The issuer signs a complete NDN certificate Data packet (TLV-encoded) whose Content carries the subject’s public key and validity period. The resulting Certificate is stored in the cert cache; the full wire-format Data packet is stored in Certificate::wire.

Source

pub fn add_trust_anchor(&self, cert: Certificate)

Register a pre-existing certificate as a trust anchor.

Source

pub fn trust_anchor(&self, key_name: &Name) -> Option<Certificate>

Look up a trust anchor by key name.

Source

pub fn trust_anchor_names(&self) -> Vec<Arc<Name>>

List all trust anchor names.

Source

pub async fn get_signer( &self, key_name: &Name, ) -> Result<Arc<dyn Signer>, TrustError>

Retrieve a signer for the given key name.

Source

pub fn get_signer_sync( &self, key_name: &Name, ) -> Result<Arc<dyn Signer>, TrustError>

Retrieve a signer synchronously (for use in non-async contexts).

Source

pub fn cert_cache(&self) -> &CertCache

Access the certificate cache (e.g., to pass to a Validator).

Source

pub fn from_pib(pib: &FilePib, identity: &Name) -> Result<Self, TrustError>

Build a SecurityManager by loading an identity from a FilePib.

  • Loads the signing key for identity from the PIB.
  • If a certificate is present for that identity, inserts it into the cert cache.
  • Loads all trust anchors stored in the PIB.
Source

pub fn auto_init( identity: &Name, pib_path: &Path, ) -> Result<(Self, bool), TrustError>

Auto-initialize security state from a PIB directory.

If the PIB has no keys, generates a new Ed25519 identity with a self-signed certificate and stores it. If keys already exist, loads the first identity found.

Returns (SecurityManager, bool) where the bool is true if a new identity was generated (useful for logging).

Trait Implementations§

Source§

impl Default for SecurityManager

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V