__init__(self)
(Constructor)

Create an empty <certChain>.

addCert(self, exprString, publicKeys, notAfter=None, protocols=[], secLevel=None)

Parameters:

exprString - A string containing a key expression. The expression can contain lowercase key variables starting with 'a', then 'b', and so on. Each such variable corresponds to a key in the publicKeys lists, and will be substituted with the appropriate upper-case variable in the actual key expression.
           (type=str)

publicKeys - This list contains public keys and/or public key hashes. The first entry in this list corresponds to key variable 'a', the second to 'b', and so on. The entries in this list will be used to populate the <keyHash> elements in the added certificate. The public key instances will also be added to the certificate chain's <publicKeys> list.
           (type=list containing cryptoIDlib.utils.RSAKey.RSAKey instances and/or strings)

notAfter - When the <cert> expires. None means never.
           (type=datetime.datetime or None)

protocols - These URIs restrict which protocols the cryptoID may be used with. An empty list means the cryptoID may be used with any protocols.
           (type=list of strings)

secLevel - A number in (104, 112, 120, 128, 136, 144, 152, 160). This determines the security level of the resultant cryptoID. A higher security level means greater resistance to brute-force collision-finding attacks, but requires more time to generate. Instead of passing a large value here, you can start with a small value, and then use scanModifiers() or searchModifier() to search for better modifiers.
           (type=int)

addPublicKeys(self, publicKeys)

Parameters:

publicKeys - This list contains public key instances which will be added to the certificate chain's <publicKeys> list. Each key must match some <keyHash> in the certificate chain.
           (type=list of cryptoIDlib.utils.RSAKey.RSAKey)

Raises:

ValueError - If a key does not match any <keyHash>.

addSignature(self, privateKey, lists=None, notAfter=None)

Parameters:

privateKey - The private key instance which will perform the signature.
           (type=cryptoIDlib.utils.RSAKey)

lists - A pair of (listCA, listVA) lists. Each list should contain integers between 0 and 9 referring to the certificates that should be covered by this signature. The privateKey must referenced from the key expression of every listed certificate. If None, then the signature will be applied for every certificate in which the key figures. A VA signature will be applied to an end-entity cert, a CA signature for every other cert.
           (type=tuple or None)

notAfter - a datetime instance to use for 'notAfter'. If None, this signature doesn't expire.
           (type=datetime.datetime or None.)

checkProtocol(self, protocol)

Parameters:

protocol - A protocol URI. The <certChain> must be authorized for some protocol which is a prefix of this one.
           (type=str)

Returns:

Whether or not this <certChain> is authorized for the specified URI.
           (type=bool)

clean(self)

copy(self)

Returns:

cryptoIDlib.CertChain.CertChain

deleteSignatures(self)

parse(self, s)

Parameters:

s - A <certChain> XML element.
           (type=str)

Raises:

SyntaxError - If parsing fails.

popCert(self, lastCert=None)

Parameters:

lastCert - If an index is specified, all <cert>s after and including the specified one will be removed. This function also removes any <publicKey> and <signature> elements that correspond to keys whose key hashes have been removed, or which reference <cert>s which have been removed.
           (type=int or None)

scanModifiers(self, startLevel=0, modifierStart=0, reportInterval=0)

Scan for modifiers for the <certChain>.

This function discovers and prints modifiers that yield successively higher security levels. The leftmost number in each row is the security level, the next number is the modifier, and the next numbers are performance data.

Finding each successive modifier is about 256x harder than the previous one, so you should let this run until you're happy with the security level, and then Ctrl-C it. Then you can use setModifier() to update the <certChain> with one of the discovered modifiers.

Parameters:

startLevel - A value in (104, 112, ..., 160). If zero, it will search for the next security level above the current security level.
           (type=int)

modifierStart - The modifier number to start at.
           (type=int)

reportInterval - Print status reports after this many modifiers. If zero don't print status reports.
           (type=0)

searchModifier(self, startLevel=0, modifierStart=0)

Search for a modifier for the <certChain>.

Parameters:

startLevel - A value in (104, 112, ..., 160). If zero, it will search for the next security level above the current security level.
           (type=int)

modifierStart - The modifier number to start at.
           (type=int)

setModifier(self, secLevel, modifier)

Set the security level and modifier for the <certChain>.

Parameters:

secLevel - A value in (104, 112, ..., 160).
           (type=int)

modifier - A modifier string or integer.
           (type=str or int)

validate(self, listProblems=False)

Validates the <certChain>

Parameters:

listProblems - If False, the function will return False on discovering a problem, and True on success. If True, it will return a list of strings describing all problems encountered, or None on success.
           (type=bool)

write(self, indent='')

Parameters:

indent - Whitespace to add to each written line.
           (type=str)

Returns:

An XML <certChain> element.
           (type=str)

_parse(self, element)

Helper function for parse().

modifier

Get Method:

getModifier(self)

protocols

Get Method:

getEndEntityProtocols(self)

publicKey

Get Method:

getEndEntityPublicKey(self)

securityLevel

Get Method:

getSecurityLevel(self)