tools: Convert ndnsec to v2::KeyChain
This commit removes the following tools:
- cert-revoke (wasn't working properly before and need a new
design)
- set-acl (wasn't working before)
- dsk-gen (no longer makes sense with the new certificate naming
conventions, new tools for creating derivative certificates will
be created later)
This commit also fixes Bug #3644 causing import command to ask for
unnecessary password confirmation.
ndnsec main now catch all exceptions logs the extended message
Change-Id: Ib50e0994970020bcf0a1840aca6bc3942818094b
Refs: #3098, #3644
diff --git a/tools/ndnsec/key-gen.cpp b/tools/ndnsec/key-gen.cpp
index 584b79c..81e5d39 100644
--- a/tools/ndnsec/key-gen.cpp
+++ b/tools/ndnsec/key-gen.cpp
@@ -31,7 +31,7 @@
using namespace ndn;
namespace po = boost::program_options;
- std::string identityName;
+ Name identityName;
bool isDefault = true;
char keyType = 'r';
std::string outputFilename;
@@ -41,14 +41,13 @@
"General options");
description.add_options()
("help,h", "produce help message")
- ("identity,i", po::value<std::string>(&identityName),
+ ("identity,i", po::value<Name>(&identityName),
"identity name, for example, /ndn/edu/ucla/alice")
("not_default,n",
"optional, if not specified, the target identity will be set as "
"the default identity of the system")
- ("dsk,d", "generate Data-Signing-Key (DSK) instead of the default Key-Signing-Key (KSK)")
("type,t", po::value<char>(&keyType)->default_value('r'),
- "optional, key type, r for RSA key (default), e for EC key")
+ "optional, key type, r for RSA key (default), e for EC key")
// ("size,s", po::value<int>(&keySize)->default_value(2048),
// "optional, key size, 2048 (default)")
;
@@ -78,21 +77,18 @@
return 1;
}
- if (vm.count("not_default") != 0)
+ if (vm.count("not_default") != 0) {
isDefault = false;
-
- bool isKsk = (vm.count("dsk") == 0);
-
- security::v1::KeyChain keyChain;
- Name keyName;
+ }
try {
+ unique_ptr<KeyParams> params;
switch (keyType) {
case 'r':
- keyName = keyChain.generateRsaKeyPair(Name(identityName), isKsk, RsaKeyParams().getKeySize());
+ params = make_unique<RsaKeyParams>();
break;
case 'e':
- keyName = keyChain.generateEcKeyPair(Name(identityName), isKsk, EcKeyParams().getKeySize());
+ params = make_unique<EcKeyParams>();
break;
default:
std::cerr << "Unrecongized key type\n"
@@ -100,19 +96,27 @@
return 1;
}
- if (keyName.empty()) {
- std::cerr << "Error: failed to generate key" << std::endl;
- return 1;
+ // @TODO set other parameters based on whatever user specified
+
+ security::v2::KeyChain keyChain;
+ security::Identity identity;
+ security::Key key;
+ try {
+ identity = keyChain.getPib().getIdentity(identityName);
+ key = keyChain.createKey(identity, *params);
+ }
+ catch (const security::Pib::Error&) {
+ // identity doesn't exist, so create it and generate key
+ identity = keyChain.createIdentity(identityName, *params);
+ key = identity.getDefaultKey();
}
- keyChain.setDefaultKeyNameForIdentity(keyName);
+ if (isDefault) {
+ keyChain.setDefaultKey(identity, key);
+ keyChain.setDefaultIdentity(identity);
+ }
- shared_ptr<security::v1::IdentityCertificate> identityCert = keyChain.selfSign(keyName);
-
- if (isDefault)
- keyChain.setDefaultIdentity(Name(identityName));
-
- io::save(*identityCert, std::cout);
+ io::save(key.getDefaultCertificate(), std::cout);
}
catch (const std::exception& e) {
std::cerr << "Error: " << e.what() << std::endl;