tools: Allow verbose option in ndnsec-list/ndnsec-ls-identity command line tools

Change-Id: I019ae8b8ee049529fbdc3c2ed42ffebddf664d78
Refs: #2197
diff --git a/src/security/certificate.cpp b/src/security/certificate.cpp
index 67c440b..bc96b69 100644
--- a/src/security/certificate.cpp
+++ b/src/security/certificate.cpp
@@ -32,6 +32,8 @@
 #include "../encoding/buffer-stream.hpp"
 #include "../util/concepts.hpp"
 
+#include <boost/algorithm/string/split.hpp>
+
 namespace ndn {
 
 BOOST_CONCEPT_ASSERT((WireEncodable<Certificate>));
@@ -262,24 +264,78 @@
   }
 }
 
-void
-Certificate::printCertificate(std::ostream& os) const
+/**
+ * @brief Output to stream with specified indent
+ *
+ * Based on http://stackoverflow.com/a/2212940/2150331
+ */
+class IndentedStream : public std::ostream
 {
-  os << "Certificate name:" << std::endl;
-  os << "  " << getName() << std::endl;
-  os << "Validity:" << std::endl;
+public:
+  IndentedStream(std::ostream& os, const std::string& indent = "")
+    : std::ostream(&m_buffer)
+    , m_buffer(os, indent)
   {
-    os << "  NotBefore: " << time::toIsoString(m_notBefore) << std::endl;
-    os << "  NotAfter: "  << time::toIsoString(m_notAfter)  << std::endl;
   }
 
-  os << "Subject Description:" << std::endl;
-  for (SubjectDescriptionList::const_iterator it = m_subjectDescriptionList.begin();
-       it != m_subjectDescriptionList.end(); ++it)
+  ~IndentedStream()
+  {
+    flush();
+  }
+
+private:
+  // Write a stream buffer that prefixes each line with Plop
+  class StreamBuf : public std::stringbuf
+  {
+  public:
+    StreamBuf(std::ostream& os, const std::string& indent)
+      : m_output(os)
+      , m_indent(indent)
     {
-      os << "  " << it->getOidString() << ": " << it->getValue() << std::endl;
     }
 
+    virtual int
+    sync()
+    {
+      typedef boost::iterator_range<std::string::const_iterator> StringView;
+
+      const std::string& output = str();
+      std::vector<StringView> splitOutput;
+      boost::split(splitOutput, output, [] (const char& ch) { return ch == '\n'; });
+
+      if (!splitOutput.empty() && splitOutput.back().empty()) {
+        splitOutput.pop_back();
+      }
+      for (const StringView& line : splitOutput) {
+        m_output << m_indent << line << "\n";
+      }
+      return 0; // success
+    }
+  private:
+    std::ostream& m_output;
+    std::string m_indent;
+  };
+
+  StreamBuf m_buffer;
+};
+
+void
+Certificate::printCertificate(std::ostream& oss, const std::string& indent) const
+{
+  IndentedStream os(oss, indent);
+
+  os << "Certificate name:\n";
+  os << "  " << getName() << "\n";
+  os << "Validity:\n";
+  {
+    os << "  NotBefore: " << time::toIsoString(m_notBefore) << "\n";
+    os << "  NotAfter: "  << time::toIsoString(m_notAfter)  << "\n";
+  }
+
+  os << "Subject Description:\n";
+  for (const auto& description : m_subjectDescriptionList)
+    os << "  " << description.getOidString() << ": " << description.getValue() << "\n";
+
   os << "Public key bits: ";
   switch (m_key.getKeyType()) {
   case KEY_TYPE_RSA:
@@ -292,12 +348,15 @@
     os << "(Unknown key type)";
     break;
   }
-  os << std::endl;
-  CryptoPP::Base64Encoder encoder(new CryptoPP::FileSink(os), true, 64);
-  m_key.encode(encoder);
+  os << "\n";
 
-  os << std::endl;
-  os << "Signature Information:" << std::endl;
+  {
+    IndentedStream os2(os, "  ");
+    CryptoPP::Base64Encoder encoder(new CryptoPP::FileSink(os2), true, 64);
+    m_key.encode(encoder);
+  }
+
+  os << "Signature Information:\n";
   {
     os << "  Signature Type: ";
     switch (getSignature().getType()) {
@@ -313,7 +372,7 @@
     default:
       os << "Unknown Signature Type";
     }
-    os << std::endl;
+    os << "\n";
 
     if (getSignature().hasKeyLocator()) {
       const KeyLocator& keyLocator = getSignature().getKeyLocator();
@@ -337,10 +396,9 @@
       default:
         os << "Unknown";
       }
-      os << std::endl;
+      os << "\n";
     }
   }
-
 }
 
 std::ostream&
diff --git a/src/security/certificate.hpp b/src/security/certificate.hpp
index c0fe8e0..51efb7d 100644
--- a/src/security/certificate.hpp
+++ b/src/security/certificate.hpp
@@ -194,7 +194,7 @@
   isTooLate();
 
   void
-  printCertificate(std::ostream& os) const;
+  printCertificate(std::ostream& os, const std::string& indent = "") const;
 
 protected:
   void
diff --git a/tests/unit-tests/security/test-encode-decode-certificate.cpp b/tests/unit-tests/security/test-encode-decode-certificate.cpp
index 27f5c8d..04ac645 100644
--- a/tests/unit-tests/security/test-encode-decode-certificate.cpp
+++ b/tests/unit-tests/security/test-encode-decode-certificate.cpp
@@ -78,12 +78,12 @@
   "Subject Description:\n"
   "  2.5.4.41: TEST NAME\n"
   "Public key bits: (RSA)\n"
-  "MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCeBj5HhbI0N6qFR6wDJIO1nKgF\n"
-  "OiQe64kBu+mbssMirGjj8GwCzmimxNCnBpCcqhsIHYtDmjNnRG0hoxuImpdeWcQV\n"
-  "C9ksvVEHYYKtwbjXv5vPfSTCY/OXF+v+YiW6W02Kwnq9Q4qPuPLxxWow01CMyJrf\n"
-  "7+0153pi6nZ8uwgmxwIB\n"
+  "  MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCeBj5HhbI0N6qFR6wDJIO1nKgF\n"
+  "  OiQe64kBu+mbssMirGjj8GwCzmimxNCnBpCcqhsIHYtDmjNnRG0hoxuImpdeWcQV\n"
+  "  C9ksvVEHYYKtwbjXv5vPfSTCY/OXF+v+YiW6W02Kwnq9Q4qPuPLxxWow01CMyJrf\n"
+  "  7+0153pi6nZ8uwgmxwIB\n"
   "Signature Information:\n"
-  "  Signature Type: Unknown Signature Type\n\n";
+  "  Signature Type: Unknown Signature Type\n";
 
 BOOST_AUTO_TEST_CASE(Encode)
 {
@@ -138,7 +138,7 @@
                                   certificate.getContent().value_end());
 
   std::ostringstream os;
-  os << certificate << std::endl;
+  os << certificate;
   std::string info(os.str());
 
   BOOST_CHECK_EQUAL(CERT_INFO, info);
@@ -179,15 +179,15 @@
 "Subject Description:\n"
 "  2.5.4.41: NDN Testbed Root\n"
 "Public key bits: (RSA)\n"
-"MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEA06x+elwzWCHa4I3byrYC\n"
-"MAIVxQpRVLuOXp0h+BS+5GNgMVPi7+40o4zSJG+kiU8CIH1mtj8RQAzBX9hFI5VA\n"
-"yOC8nS8D8YOfBwt2yRDZPgt1E5PpyYUBiDYuq/zmJDL8xjxAlxrMzVOqD/uj/vkk\n"
-"cBM/T1t9Q6p1CpRyq+GMRbV4EAHvH7MFb6bDrH9t8DHEg7NPUCaSQBrd7PvL72P+\n"
-"QdiNH9zs/EiVzAkeMG4iniSXLuYM3z0gMqqcyUUUr6r1F9IBmDO+Kp97nZh8VCL+\n"
-"cnIEwyzAFAupQH5GoXUWGiee8oKWwH2vGHX7u6sWZsCp15NMSG3OC4jUIZOEiVUF\n"
-"1QIB\n"
+"  MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEA06x+elwzWCHa4I3byrYC\n"
+"  MAIVxQpRVLuOXp0h+BS+5GNgMVPi7+40o4zSJG+kiU8CIH1mtj8RQAzBX9hFI5VA\n"
+"  yOC8nS8D8YOfBwt2yRDZPgt1E5PpyYUBiDYuq/zmJDL8xjxAlxrMzVOqD/uj/vkk\n"
+"  cBM/T1t9Q6p1CpRyq+GMRbV4EAHvH7MFb6bDrH9t8DHEg7NPUCaSQBrd7PvL72P+\n"
+"  QdiNH9zs/EiVzAkeMG4iniSXLuYM3z0gMqqcyUUUr6r1F9IBmDO+Kp97nZh8VCL+\n"
+"  cnIEwyzAFAupQH5GoXUWGiee8oKWwH2vGHX7u6sWZsCp15NMSG3OC4jUIZOEiVUF\n"
+"  1QIB\n"
 "Signature Information:\n"
-"  Signature Type: Unknown Signature Type\n\n";
+"  Signature Type: Unknown Signature Type\n";
 
 const uint8_t SELF_SIGNED_ECDSA_CERT[] = {
 0x06, 0xfd, 0x01, 0x5b, 0x07, 0x33, 0x08, 0x05, 0x65, 0x63, 0x64, 0x73, 0x61, 0x08, 0x03,
@@ -225,11 +225,11 @@
 "Subject Description:\n"
 "  2.5.4.41: /ecdsa/ksk-1416594552827\n"
 "Public key bits: (ECDSA)\n"
-"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEg+WBGdn6ZECtfJP8FZBrOB7FyrFr\n"
-"Cx9kv0iq0JFcJNZ4QP2VXVRk4S0OmGYderBhFwUmE2MlfNqHEclnzRIF\n"
+"  MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEg+WBGdn6ZECtfJP8FZBrOB7FyrFr\n"
+"  Cx9kv0iq0JFcJNZ4QP2VXVRk4S0OmGYderBhFwUmE2MlfNqHEclnzRIF\n"
 "Signature Information:\n"
 "  Signature Type: SignatureSha256WithEcdsa\n"
-"  Key Locator: (Self-Signed) /ecdsa/KEY/ksk-1416594552827/ID-CERT\n\n";
+"  Key Locator: (Self-Signed) /ecdsa/KEY/ksk-1416594552827/ID-CERT\n";
 
 const uint8_t RSA_CERT[] = {
 0x06, 0xfd, 0x02, 0xd7, 0x07, 0x38, 0x08, 0x03, 0x6e, 0x64, 0x6e, 0x08, 0x03, 0x4b, 0x45,
@@ -292,16 +292,16 @@
 "Subject Description:\n"
 "  2.5.4.41: /ndn/site1\n"
 "Public key bits: (RSA)\n"
-"MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAtlR+6PKRfcFtyyVEl5Dc\n"
-"eBUO77Xn/Qks+NWcL+Wmrp1+lS38x8NDRrBvU83NaikdlaFizany+OL6i13+oSsV\n"
-"P39x5j65sSnRIm9W37aFr9SzZ4uUuIPLcobE8oayfJS8OHuMkoY2gw4RjJVJ/8wW\n"
-"YttVQH/IjeQ/hwKHr/Yvin10ENO7o/5ae49WCYtJRp99VaNK6CJ7gIpv3p/7L+v3\n"
-"KYo4Z0GuIXrje5YakDV9BKpNn+bWABdOAjRsVjqBPLR/mEgioJ9TNflOro/D+guT\n"
-"1FV4BbBAREh0t5stZfA9LocrSCkShfCvxNxzzhiL2UxgFVGuRx4rVN72uncwXWia\n"
-"+wIB\n"
+"  MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAtlR+6PKRfcFtyyVEl5Dc\n"
+"  eBUO77Xn/Qks+NWcL+Wmrp1+lS38x8NDRrBvU83NaikdlaFizany+OL6i13+oSsV\n"
+"  P39x5j65sSnRIm9W37aFr9SzZ4uUuIPLcobE8oayfJS8OHuMkoY2gw4RjJVJ/8wW\n"
+"  YttVQH/IjeQ/hwKHr/Yvin10ENO7o/5ae49WCYtJRp99VaNK6CJ7gIpv3p/7L+v3\n"
+"  KYo4Z0GuIXrje5YakDV9BKpNn+bWABdOAjRsVjqBPLR/mEgioJ9TNflOro/D+guT\n"
+"  1FV4BbBAREh0t5stZfA9LocrSCkShfCvxNxzzhiL2UxgFVGuRx4rVN72uncwXWia\n"
+"  +wIB\n"
 "Signature Information:\n"
 "  Signature Type: SignatureSha256WithRsa\n"
-"  Key Locator: (Name) /ndn/KEY/ksk-1416425295546/ID-CERT\n\n";
+"  Key Locator: (Name) /ndn/KEY/ksk-1416425295546/ID-CERT\n";
 
 BOOST_AUTO_TEST_CASE(Decode)
 {
@@ -311,7 +311,7 @@
   ndn::Certificate certificate(data);
 
   std::ostringstream os;
-  os << certificate << std::endl;
+  os << certificate;
   std::string info(os.str());
 
   BOOST_CHECK_EQUAL(REAL_CERT_INFO, info);
@@ -322,7 +322,7 @@
   selfSignedCert.wireDecode(selfSignedCertBlock);
 
   std::ostringstream selfSignedCertOs;
-  selfSignedCertOs << selfSignedCert << std::endl;
+  selfSignedCertOs << selfSignedCert;
   std::string selfSignedCertInfo(selfSignedCertOs.str());
 
   BOOST_CHECK_EQUAL(SELF_SIGNED_ECDSA_CERT_INFO, selfSignedCertInfo);
@@ -333,7 +333,7 @@
   rsaCert.wireDecode(rsaCertBlock);
 
   std::ostringstream rsaCertOs;
-  rsaCertOs << rsaCert << std::endl;
+  rsaCertOs << rsaCert;
   std::string rsaCertInfo(rsaCertOs.str());
 
   BOOST_CHECK_EQUAL(RSA_CERT_INFO, rsaCertInfo);
diff --git a/tools/ndnsec-list.hpp b/tools/ndnsec-list.hpp
index 0406fca..4194cd3 100644
--- a/tools/ndnsec-list.hpp
+++ b/tools/ndnsec-list.hpp
@@ -26,222 +26,149 @@
 
 #include "ndnsec-util.hpp"
 
+void
+printCertificate(ndn::KeyChain& keyChain,
+                 const ndn::Name& certName,
+                 bool isDefault,
+                 int verboseLevel)
+{
+  if (isDefault)
+    std::cout << "       +->* ";
+  else
+    std::cout << "       +->  ";
+
+  std::cout << certName << std::endl;
+
+  if (verboseLevel >= 3) {
+    ndn::shared_ptr<ndn::IdentityCertificate> certificate = keyChain.getCertificate(certName);
+    if (static_cast<bool>(certificate))
+      certificate->printCertificate(std::cout, "            ");
+  }
+}
+
+void
+printKey(ndn::KeyChain& keyChain,
+         const ndn::Name& keyName,
+         bool isDefault,
+         int verboseLevel)
+{
+  if (isDefault)
+    std::cout << "  +->* ";
+  else
+    std::cout << "  +->  ";
+
+  std::cout << keyName << std::endl;
+
+  if (verboseLevel >= 2) {
+    std::vector<ndn::Name> defaultCertificates;
+    keyChain.getAllCertificateNamesOfKey(keyName, defaultCertificates, true);
+
+    for (const auto& certName : defaultCertificates)
+      printCertificate(keyChain, certName, true, verboseLevel);
+
+    std::vector<ndn::Name> otherCertificates;
+    keyChain.getAllCertificateNamesOfKey(keyName, otherCertificates, false);
+    for (const auto& certName : otherCertificates)
+      printCertificate(keyChain, certName, false, verboseLevel);
+  }
+}
+
+void
+printIdentity(ndn::KeyChain& keyChain,
+              const ndn::Name& identity,
+              bool isDefault,
+              int verboseLevel)
+{
+  if (isDefault)
+    std::cout << "* ";
+  else
+    std::cout << "  ";
+
+  std::cout << identity << std::endl;
+
+  if (verboseLevel >= 1) {
+    std::vector<ndn::Name> defaultKeys;
+    keyChain.getAllKeyNamesOfIdentity(identity, defaultKeys, true);
+    for (const auto& keyName : defaultKeys)
+      printKey(keyChain, keyName, true, verboseLevel);
+
+    std::vector<ndn::Name> otherKeys;
+    keyChain.getAllKeyNamesOfIdentity(identity, otherKeys, false);
+    for (const auto& keyName : otherKeys) {
+      printKey(keyChain, keyName, false, verboseLevel);
+    }
+
+    std::cout << std::endl;
+  }
+}
+
 int
 ndnsec_list(int argc, char** argv)
 {
   using namespace ndn;
   namespace po = boost::program_options;
 
-  bool isGetId = true;
-  bool isGetKey = false;
-  bool isGetCert = false;
+  int verboseLevel = 0; // 0 print identity only
+                        // 1 print key name
+                        // 2 print cert name
+                        // 3 print cert content
 
-  po::options_description description("General Usage\n  ndnsec list [-h] [-k|c]\nGeneral options");
-  description.add_options()
-    ("help,h", "produce help message")
-    ("key,k", "granularity: key")
-    ("key2,K", "granularity: key")
-    ("cert,c", "granularity: certificate")
-    ("cert2,C", "granularity: certificate")
+  po::options_description options("General Usage\n  ndnsec list [-h] [-k|c]\nGeneral options");
+  options.add_options()
+    ("help,h",    "produce help message")
+    ("key,k",     "granularity: key")
+    ("cert,c",    "granularity: certificate")
+    ("verbose,v", accumulator<int>(&verboseLevel),
+                  "verbose mode: -v is equivalent to -k, -vv is equivalent to -c")
     ;
 
+  po::options_description oldOptions;
+  oldOptions.add_options()
+    ("key2,K",         "granularity: key")
+    ("cert2,C",        "granularity: certificate");
+
+  po::options_description allOptions;
+  allOptions.add(options).add(oldOptions);
+
   po::variables_map vm;
-  try
-    {
-      po::store(po::parse_command_line(argc, argv, description), vm);
-      po::notify(vm);
-    }
-  catch (const std::exception& e)
-    {
-      std::cerr << "ERROR: " << e.what() << std::endl;
-      std::cerr << description << std::endl;
-      return 1;
-    }
+  try {
+    po::store(po::parse_command_line(argc, argv, allOptions), vm);
+    po::notify(vm);
+  }
+  catch (const std::exception& e) {
+    std::cerr << "ERROR: " << e.what() << std::endl;
+    std::cerr << options << std::endl;
+    return 1;
+  }
 
-  if (vm.count("help") != 0)
-    {
-      std::cerr << description << std::endl;;
-      return 0;
-    }
+  if (vm.count("help") != 0) {
+    std::cerr << options << std::endl;;
+    return 0;
+  }
 
+  int tmpVerboseLevel = 0;
   if (vm.count("cert") != 0 || vm.count("cert2") != 0)
-    {
-      isGetCert = true;
-      isGetId = false;
-    }
+    tmpVerboseLevel = 2;
   else if(vm.count("key") != 0 || vm.count("key2") != 0)
-    {
-      isGetKey = true;
-      isGetId = false;
-    }
+    tmpVerboseLevel = 1;
+
+  verboseLevel = std::max(verboseLevel, tmpVerboseLevel);
 
   KeyChain keyChain;
 
-  if (isGetId)
-    {
-      std::vector<Name> defaultIdentities;
-      keyChain.getAllIdentities(defaultIdentities, true);
+  std::vector<Name> defaultIdentities;
+  keyChain.getAllIdentities(defaultIdentities, true);
+  for (const auto& identity : defaultIdentities) {
+    printIdentity(keyChain, identity, true, verboseLevel);
+  }
 
-      for (size_t i = 0; i < defaultIdentities.size(); i++)
-        std::cout << "* " << defaultIdentities[i] << std::endl;
+  std::vector<Name> otherIdentities;
+  keyChain.getAllIdentities(otherIdentities, false);
+  for (const auto& identity : otherIdentities) {
+    printIdentity(keyChain, identity, false, verboseLevel);
+  }
 
-      std::vector<Name> otherIdentities;
-      keyChain.getAllIdentities(otherIdentities, false);
-      for (size_t i = 0; i < otherIdentities.size(); i++)
-        std::cout << "  " << otherIdentities[i] << std::endl;
-
-      return 0;
-    }
-  if (isGetKey)
-    {
-      std::vector<Name> defaultIdentities;
-      keyChain.getAllIdentities(defaultIdentities, true);
-
-      for (size_t i = 0; i < defaultIdentities.size(); i++)
-        {
-          std::cout << "* " << defaultIdentities[i] << std::endl;
-
-          std::vector<Name> defaultKeys;
-          keyChain.getAllKeyNamesOfIdentity(defaultIdentities[i], defaultKeys, true);
-
-          for (size_t j = 0; j < defaultKeys.size(); j++)
-            std::cout << "  +->* " << defaultKeys[j] << std::endl;
-
-          std::vector<Name> otherKeys;
-          keyChain.getAllKeyNamesOfIdentity(defaultIdentities[i], otherKeys, false);
-
-          for (size_t j = 0; j < otherKeys.size(); j++)
-            std::cout << "  +->  " << otherKeys[j] << std::endl;
-
-          std::cout << std::endl;
-        }
-
-      std::vector<Name> otherIdentities;
-      keyChain.getAllIdentities(otherIdentities, false);
-
-      for (size_t i = 0; i < otherIdentities.size(); i++)
-        {
-          std::cout << "  " << otherIdentities[i] << std::endl;
-
-          std::vector<Name> defaultKeys;
-          keyChain.getAllKeyNamesOfIdentity(otherIdentities[i], defaultKeys, true);
-
-          for (size_t j = 0; j < defaultKeys.size(); j++)
-            std::cout << "  +->* " << defaultKeys[j] << std::endl;
-
-          std::vector<Name> otherKeys;
-          keyChain.getAllKeyNamesOfIdentity(otherIdentities[i], otherKeys, false);
-
-          for (size_t j = 0; j < otherKeys.size(); j++)
-            std::cout << "  +->  " << otherKeys[j] << std::endl;
-
-          std::cout << std::endl;
-        }
-      return 0;
-    }
-  if (isGetCert)
-    {
-      std::vector<Name> defaultIdentities;
-      keyChain.getAllIdentities(defaultIdentities, true);
-
-      for (size_t i = 0; i < defaultIdentities.size(); i++)
-        {
-          std::cout << "* " << defaultIdentities[i] << std::endl;
-
-          std::vector<Name> defaultKeys;
-          keyChain.getAllKeyNamesOfIdentity(defaultIdentities[i], defaultKeys, true);
-
-          for (size_t j = 0; j < defaultKeys.size(); j++)
-            {
-              std::cout << "  +->* " << defaultKeys[j] << std::endl;
-
-              std::vector<Name> defaultCertificates;
-              keyChain.getAllCertificateNamesOfKey(defaultKeys[j], defaultCertificates, true);
-
-              for (size_t k = 0; k < defaultCertificates.size(); k++)
-                std::cout << "       +->* " << defaultCertificates[k] << std::endl;
-
-              std::vector<Name> otherCertificates;
-              keyChain.getAllCertificateNamesOfKey(defaultKeys[j], otherCertificates, false);
-
-              for (size_t k = 0; k < otherCertificates.size(); k++)
-                std::cout << "       +->  " << otherCertificates[k] << std::endl;
-            }
-
-          std::vector<Name> otherKeys;
-          keyChain.getAllKeyNamesOfIdentity(defaultIdentities[i], otherKeys, false);
-
-          for (size_t j = 0; j < otherKeys.size(); j++)
-            {
-              std::cout << "  +->  " << otherKeys[j] << std::endl;
-
-              std::vector<Name> defaultCertificates;
-              keyChain.getAllCertificateNamesOfKey(otherKeys[j], defaultCertificates, true);
-
-              for (size_t k = 0; k < defaultCertificates.size(); k++)
-                std::cout << "       +->* " << defaultCertificates[k] << std::endl;
-
-              std::vector<Name> otherCertificates;
-              keyChain.getAllCertificateNamesOfKey(otherKeys[j], otherCertificates, false);
-
-              for (size_t k = 0; k < otherCertificates.size(); k++)
-                std::cout << "       +->  " << otherCertificates[k] << std::endl;
-            }
-          std::cout << std::endl;
-        }
-
-      std::vector<Name> otherIdentities;
-      keyChain.getAllIdentities(otherIdentities, false);
-
-      for (size_t i = 0; i < otherIdentities.size(); i++)
-        {
-          std::cout << "  " << otherIdentities[i] << std::endl;
-
-          std::vector<Name> defaultKeys;
-          keyChain.getAllKeyNamesOfIdentity(otherIdentities[i], defaultKeys, true);
-
-          for (size_t j = 0; j < defaultKeys.size(); j++)
-            {
-              std::cout << "  +->* " << defaultKeys[j] << std::endl;
-
-              std::vector<Name> defaultCertificates;
-              keyChain.getAllCertificateNamesOfKey(defaultKeys[j], defaultCertificates, true);
-
-              for (size_t k = 0; k < defaultCertificates.size(); k++)
-                std::cout << "       +->* " << defaultCertificates[k] << std::endl;
-
-              std::vector<Name> otherCertificates;
-              keyChain.getAllCertificateNamesOfKey(defaultKeys[j], otherCertificates, false);
-
-              for (size_t k = 0; k < otherCertificates.size(); k++)
-                std::cout << "       +->  " << otherCertificates[k] << std::endl;
-            }
-
-          std::vector<Name> otherKeys;
-          keyChain.getAllKeyNamesOfIdentity(otherIdentities[i], otherKeys, false);
-
-          for (size_t j = 0; j < otherKeys.size(); j++)
-            {
-              std::cout << "  +->  " << otherKeys[j] << std::endl;
-
-              std::vector<Name> defaultCertificates;
-              keyChain.getAllCertificateNamesOfKey(otherKeys[j], defaultCertificates, true);
-
-              for (size_t k = 0; k < defaultCertificates.size(); k++)
-                std::cout << "       +->* " << defaultCertificates[k] << std::endl;
-
-              std::vector<Name> otherCertificates;
-              keyChain.getAllCertificateNamesOfKey(otherKeys[j], otherCertificates, false);
-
-              for (size_t k = 0; k < otherCertificates.size(); k++)
-                std::cout << "       +->  " << otherCertificates[k] << std::endl;
-            }
-
-          std::cout << std::endl;
-        }
-      return 0;
-    }
-  return 1;
+  return 0;
 }
 
-#endif //NDNSEC_LIST_HPP
+#endif // NDNSEC_LIST_HPP
diff --git a/tools/ndnsec-util.hpp b/tools/ndnsec-util.hpp
index 1503065..14ddf48 100644
--- a/tools/ndnsec-util.hpp
+++ b/tools/ndnsec-util.hpp
@@ -90,4 +90,136 @@
     return ndn::io::load<ndn::IdentityCertificate>(fileName);
 }
 
-#endif //NDNSEC_UTIL_HPP
+
+/**
+ * @brief An accumulating option value to handle multiple incrementing options.
+ *
+ * Based on https://gitorious.org/bwy/bwy/source/8753148c324ddfacb1f3cdc315650586bd7b75a4:use/accumulator.hpp
+ * @sa http://benjaminwolsey.de/node/103
+ */
+template<typename T>
+class AccumulatorType : public boost::program_options::value_semantic
+{
+public:
+  explicit
+  AccumulatorType(T* store)
+    : m_store(store)
+    , m_interval(1)
+    , m_default(0)
+  {
+  }
+
+  virtual
+  ~AccumulatorType()
+  {
+  }
+
+  /// @brief Set the default value for this option.
+  AccumulatorType*
+  setDefaultValue(const T& t)
+  {
+    m_default = t;
+    return this;
+  }
+
+  /**
+   * @brief Set the interval for this option.
+   *
+   * Unlike for program_options::value, this specifies a value
+   * to be applied on each occurrence of the option.
+   */
+  AccumulatorType*
+  setInterval(const T& t) {
+    m_interval = t;
+    return this;
+  }
+
+  virtual std::string
+  name() const
+  {
+    return std::string();
+  }
+
+  // There are no tokens for an AccumulatorType
+  virtual unsigned
+  min_tokens() const
+  {
+    return 0;
+  }
+
+  virtual unsigned
+  max_tokens() const
+  {
+    return 0;
+  }
+
+  // Accumulating from different sources is silly.
+  virtual bool
+  is_composing() const
+  {
+    return false;
+  }
+
+  // Requiring one or more appearances is unlikely.
+  virtual bool
+  is_required() const
+  {
+    return false;
+  }
+
+  /**
+   * @brief Parse options
+   *
+   * Every appearance of the option simply increments the value
+   * There should never be any tokens.
+   */
+  virtual void
+  parse(boost::any& value_store,
+        const std::vector<std::string>& new_tokens,
+        bool utf8) const
+  {
+    if (value_store.empty())
+      value_store = T();
+    boost::any_cast<T&>(value_store) += m_interval;
+  }
+
+  /**
+   * @brief If the option doesn't appear, this is the default value.
+   */
+  virtual bool
+  apply_default(boost::any& value_store) const
+  {
+    value_store = m_default;
+    return true;
+  }
+
+  /**
+   * @brief Notify the user function with the value of the value store.
+   */
+  virtual void
+  notify(const boost::any& value_store) const
+  {
+    const T* val = boost::any_cast<T>(&value_store);
+    if (m_store)
+      *m_store = *val;
+  }
+
+private:
+    T* m_store;
+    T m_interval;
+    T m_default;
+};
+
+template<typename T>
+AccumulatorType<T>* accumulator()
+{
+  return new AccumulatorType<T>(0);
+}
+
+template<typename T>
+AccumulatorType<T>* accumulator(T* store)
+{
+  return new AccumulatorType<T>(store);
+}
+
+#endif // NDNSEC_UTIL_HPP