5.14 pisces.spkilib.keystore - Abstract storage interface for keys and certifications

5.14 `pisces.spkilib.keystore` - Abstract storage interface for keys and certifications

getPrincipal (obj): Return the principal associated with a SPKI object. The implementation either returns the object directly, if it is a hash, or calls the object's getPrincipal method.

KeyStore (path)

A KeyStore provides a high-level interface for a collection of keys and certificates stored in files. The constructor takes a path argument that specifies the directory where the files are located.

A KeyStore uses three files: keys, private, and certs. Each file uses is read and written using pisces.spkilib.database.

Each KeyStore has a default key that is used to create and resolve name certs.

close (): Calls the save method if changes have been made since the last save.

save (): Writes the contents of the KeyStore to files.

setDefaultKey (hash): Make key with has hash be the default key. The KeyStore must already contain the private key.

getDefaultKey (): Return the hash of the default key.

addPrivateKey (key, pub, pword, [bogus]): Add a private key key with corresponding public key pub. The key is encrypted using password pword and marked as bogus if the optional bogus argument is non-zero. The key is encrypted using pisces.spkilib.spki.encryptWithPassword. The public key is not added to the database.

addPublicKey (key): Add the public key key.

addCert (cert): Add the certificate cert to the database. A name cert should be added using addName.

addName (cert): Add the name certificate cert to the database.

lookupKey (hash): Return the public key corresponding to hash.

lookupPrivateKey (hash): Return the encrypted private key corresponding to hash. The hash is of the public key.

lookupName (name[, namespace]): Return a list of certificates issued for name, which can be either an instance of pisces.spkilib.spki.Name or a simple string. If name is a string, a public key or hash must be supplied as the optional namespace argument.

lookupCertBySubject (subj): Return all certificates with a subject matching subj.

lookupCertByIssuer (iss): Return all certificates with an issuer matching iss. A certificate with a name in the issuer slot matches when the name is identical to iss or iss is the principal at the root of a fully qualified name.

listPublicKeys (): Return the hashes of all public keys in the KeyStore.

listPrivateKeys (): Return the hashes of all public keys corresponding to private keys in the KeyStore.

listCerts (): Return a list of all certificates in the KeyStore.

MultiKeyStore ([readers, writers, both, private])

A MultiKeyStore instance provides a KeyStore-interface on top of several underlying KeyStore implementations. It can be used to share a KeyStore among several users.

The constructor accepts objects implementing the KeyStore interface as arguments. It uses keyword arguments to indicate whether a particular object should be read-only or read-write and whether it should be used to store private keys. The readers argument accepts a list of objects that will be used for lookups only. The writers argument accepts a list of objects that will be used for adds only. The both argument accepts a list of objects that are used for lookups and adds. The private argument accepts a list of objects that can be used to store private keys; a writer object will not be used for private keys unless it is also in the private list.