security: Reorganizing source code to prepare for support of two version of NDN certificates
This commit also removes unused ndn_digestSha256 function and deprecates
crypto::sha256 in favor of crypto::computeSha256Digest in util/crypto.hpp.
Change-Id: I24ee50ff073a96b868633bdf2cfade412d3605f3
Refs: #3098
diff --git a/tools/ndnsec/cert-install.hpp b/tools/ndnsec/cert-install.hpp
index c8eb052..a1416ff 100644
--- a/tools/ndnsec/cert-install.hpp
+++ b/tools/ndnsec/cert-install.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -26,7 +26,6 @@
#include "util.hpp"
-
class HttpException : public std::runtime_error
{
public:
@@ -37,7 +36,7 @@
}
};
-ndn::shared_ptr<ndn::IdentityCertificate>
+ndn::shared_ptr<ndn::security::v1::IdentityCertificate>
getCertificateHttp(const std::string& host, const std::string& port, const std::string& path)
{
using namespace boost::asio::ip;
@@ -46,10 +45,9 @@
requestStream.expires_from_now(boost::posix_time::milliseconds(3000));
requestStream.connect(host, port);
- if (!static_cast<bool>(requestStream))
- {
- throw HttpException("HTTP connection error");
- }
+ if (!static_cast<bool>(requestStream)) {
+ throw HttpException("HTTP connection error");
+ }
requestStream << "GET " << path << " HTTP/1.0\r\n";
requestStream << "Host: " << host << "\r\n";
requestStream << "Accept: */*\r\n";
@@ -72,26 +70,23 @@
std::string statusMessage;
std::getline(responseStream, statusMessage);
- if (!static_cast<bool>(requestStream) || httpVersion.substr(0, 5) != "HTTP/")
- {
- throw HttpException("HTTP communication error");
- }
- if (statusCode != 200)
- {
- throw HttpException("HTTP server error");
- }
+ if (!static_cast<bool>(requestStream) || httpVersion.substr(0, 5) != "HTTP/") {
+ throw HttpException("HTTP communication error");
+ }
+ if (statusCode != 200) {
+ throw HttpException("HTTP server error");
+ }
std::string header;
while (std::getline(requestStream, header) && header != "\r")
;
ndn::OBufferStream os;
{
- using namespace CryptoPP;
- FileSource ss2(requestStream, true, new Base64Decoder(new FileSink(os)));
+ using namespace ndn::security::transform;
+ streamSource(requestStream) >> base64Decode(true) >> streamSink(os);
}
- ndn::shared_ptr<ndn::IdentityCertificate> identityCertificate =
- ndn::make_shared<ndn::IdentityCertificate>();
+ auto identityCertificate = std::make_shared<ndn::security::v1::IdentityCertificate>();
identityCertificate->wireDecode(ndn::Block(os.buf()));
return identityCertificate;
@@ -101,6 +96,7 @@
ndnsec_cert_install(int argc, char** argv)
{
using namespace ndn;
+ using namespace ndn::security;
namespace po = boost::program_options;
std::string certFileName;
@@ -122,107 +118,93 @@
p.add("cert-file", 1);
po::variables_map vm;
- try
- {
+ try {
po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
vm);
po::notify(vm);
}
- catch (const std::exception& e)
- {
+ catch (const std::exception& e) {
std::cerr << "ERROR: " << e.what() << std::endl;
return 1;
}
- if (vm.count("help") != 0)
- {
+ if (vm.count("help") != 0) {
std::cerr << description << std::endl;
return 0;
}
- if (vm.count("cert-file") == 0)
- {
- std::cerr << "cert_file must be specified" << std::endl;
- std::cerr << description << std::endl;
- return 1;
+ if (vm.count("cert-file") == 0) {
+ std::cerr << "cert_file must be specified" << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
+
+ if (vm.count("identity-default") != 0) {
+ isIdentityDefault = true;
+ isSystemDefault = false;
+ }
+ else if (vm.count("key-default") != 0) {
+ isKeyDefault = true;
+ isSystemDefault = false;
+ }
+ else if (vm.count("no-default") != 0) {
+ // noDefault = true;
+ isSystemDefault = false;
+ }
+
+ shared_ptr<v1::IdentityCertificate> cert;
+
+ if (certFileName.find("http://") == 0) {
+ std::string host;
+ std::string port;
+ std::string path;
+
+ size_t pos = 7; // offset of "http://"
+ size_t posSlash = certFileName.find("/", pos);
+
+ if (posSlash == std::string::npos)
+ throw HttpException("Request line is not correctly formatted");
+
+ size_t posPort = certFileName.find(":", pos);
+
+ if (posPort != std::string::npos && posPort < posSlash) {
+ // port is specified
+ port = certFileName.substr(posPort + 1, posSlash - posPort - 1);
+ host = certFileName.substr(pos, posPort - pos);
+ }
+ else {
+ port = "80";
+ host = certFileName.substr(pos, posSlash - pos);
}
- if (vm.count("identity-default") != 0)
- {
- isIdentityDefault = true;
- isSystemDefault = false;
- }
- else if (vm.count("key-default") != 0)
- {
- isKeyDefault = true;
- isSystemDefault = false;
- }
- else if (vm.count("no-default") != 0)
- {
- // noDefault = true;
- isSystemDefault = false;
- }
+ path = certFileName.substr(posSlash, certFileName.size () - posSlash);
- shared_ptr<IdentityCertificate> cert;
-
- if (certFileName.find("http://") == 0)
- {
- std::string host;
- std::string port;
- std::string path;
-
- size_t pos = 7; // offset of "http://"
- size_t posSlash = certFileName.find("/", pos);
-
- if (posSlash == std::string::npos)
- throw HttpException("Request line is not correctly formatted");
-
- size_t posPort = certFileName.find(":", pos);
-
- if (posPort != std::string::npos && posPort < posSlash) // port is specified
- {
- port = certFileName.substr(posPort + 1, posSlash - posPort - 1);
- host = certFileName.substr(pos, posPort - pos);
- }
- else
- {
- port = "80";
- host = certFileName.substr(pos, posSlash - pos);
- }
-
- path = certFileName.substr(posSlash, certFileName.size () - posSlash);
-
- cert = getCertificateHttp(host, port, path);
- }
- else
- {
- cert = getIdentityCertificate(certFileName);
- }
+ cert = getCertificateHttp(host, port, path);
+ }
+ else {
+ cert = getIdentityCertificate(certFileName);
+ }
if (!static_cast<bool>(cert))
return 1;
KeyChain keyChain;
- if (isSystemDefault)
- {
- keyChain.addCertificateAsIdentityDefault(*cert);
- Name keyName = cert->getPublicKeyName();
- Name identity = keyName.getSubName(0, keyName.size()-1);
- keyChain.setDefaultIdentity(identity);
- }
- else if (isIdentityDefault)
- {
- keyChain.addCertificateAsIdentityDefault(*cert);
- }
- else if (isKeyDefault)
- {
- keyChain.addCertificateAsKeyDefault(*cert);
- }
- else
- {
- keyChain.addCertificate(*cert);
- }
+ if (isSystemDefault) {
+ keyChain.addCertificateAsIdentityDefault(*cert);
+ Name keyName = cert->getPublicKeyName();
+ Name identity = keyName.getSubName(0, keyName.size()-1);
+ keyChain.setDefaultIdentity(identity);
+ }
+ else if (isIdentityDefault) {
+ keyChain.addCertificateAsIdentityDefault(*cert);
+ }
+ else if (isKeyDefault) {
+ keyChain.addCertificateAsKeyDefault(*cert);
+ }
+ else {
+ keyChain.addCertificate(*cert);
+ }
std::cerr << "OK: certificate with name ["
<< cert->getName().toUri()