Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 35109a19d048365fda0a5efdb7c1525404a212a5^! / . / tools / ndnsec / cert-dump.cpp
commit35109a19d048365fda0a5efdb7c1525404a212a5[log] [tgz]
authorAlexander Afanasyev <alexander.afanasyev@ucla.edu>Wed Jan 04 15:39:06 2017 -0800
committerAlex Afanasyev <aa@cs.ucla.edu>Wed Jun 07 19:14:15 2017 -0700
tree9f9f9a8504a01aaa6b70ea0586785cb379dd93fe
parent6bf48a07c459b2c9025dd42e95f9f09de33cc5ea [diff] [blame]
tools: Convert ndnsec to v2::KeyChain

This commit removes the following tools:
- cert-revoke (wasn't working properly before and need a new
  design)
- set-acl (wasn't working before)
- dsk-gen (no longer makes sense with the new certificate naming
  conventions, new tools for creating derivative certificates will
  be created later)

This commit also fixes Bug #3644 causing import command to ask for
unnecessary password confirmation.

ndnsec main now catch all exceptions logs the extended message

Change-Id: Ib50e0994970020bcf0a1840aca6bc3942818094b
Refs: #3098, #3644

diff --git a/tools/ndnsec/cert-dump.cpp b/tools/ndnsec/cert-dump.cpp
index 83c34a3..60f57b1 100644
--- a/tools/ndnsec/cert-dump.cpp
+++ b/tools/ndnsec/cert-dump.cpp

@@ -124,41 +124,50 @@
     return 1;
   }
 
-  shared_ptr<security::v1::IdentityCertificate> certificate;
+  security::v2::Certificate certificate;
 
-  security::v1::KeyChain keyChain;
+  security::v2::KeyChain keyChain;
 
-  if (isIdentityName || isKeyName || isCertName) {
-    if (isIdentityName) {
-      Name certName = keyChain.getDefaultCertificateNameForIdentity(name);
-      certificate = keyChain.getCertificate(certName);
+  try {
+    if (isIdentityName || isKeyName || isCertName) {
+      if (isIdentityName) {
+        certificate = keyChain.getPib()
+          .getIdentity(name)
+          .getDefaultKey()
+          .getDefaultCertificate();
+      }
+      else if (isKeyName) {
+        certificate = keyChain.getPib()
+          .getIdentity(security::v2::extractIdentityFromKeyName(name))
+          .getKey(name)
+          .getDefaultCertificate();
+      }
+      else {
+        certificate = keyChain.getPib()
+          .getIdentity(security::v2::extractIdentityFromCertName(name))
+          .getKey(security::v2::extractKeyNameFromCertName(name))
+          .getDefaultCertificate();
+      }
     }
-    else if (isKeyName) {
-      Name certName = keyChain.getDefaultCertificateNameForKey(name);
-      certificate = keyChain.getCertificate(certName);
-    }
-    else
-      certificate = keyChain.getCertificate(name);
-
-    if (certificate == nullptr) {
-      std::cerr << "No certificate found!" << std::endl;
-      return 1;
+    else {
+      certificate = loadCertificate(name);
     }
   }
-  else {
-    certificate = getIdentityCertificate(name);
-    if (certificate == nullptr) {
-      std::cerr << "No certificate read!" << std::endl;
-      return 1;
-    }
+  catch (const security::Pib::Error& e) {
+    std::cerr << "ERROR: " << e.what() << std::endl;
+    return 1;
+  }
+  catch (const CannotLoadCertificate&) {
+    std::cerr << "Cannot load certificate from `" << name << "`" << std::endl;
+    return 1;
   }
 
   if (isPretty) {
-    std::cout << *certificate << std::endl;
+    std::cout << certificate << std::endl;
   }
   else {
     if (isStdOut) {
-      io::save(*certificate, std::cout);
+      io::save(certificate, std::cout);
       return 0;
     }
     if (isRepoOut) {
@@ -170,8 +179,8 @@
         std::cerr << "fail to open the stream!" << std::endl;
         return 1;
       }
-      request_stream.write(reinterpret_cast<const char*>(certificate->wireEncode().wire()),
-                           certificate->wireEncode().size());
+      request_stream.write(reinterpret_cast<const char*>(certificate.wireEncode().wire()),
+                           certificate.wireEncode().size());
 
       return 0;
     }