Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 58de07ae203500ea1778e80a0e7151c4525f461d^! / . / tools / ndnsec / key-gen.cpp
commit58de07ae203500ea1778e80a0e7151c4525f461d[log] [tgz]
authorDavide Pesavento <davidepesa@gmail.com>Wed Jun 08 00:02:02 2022 -0400
committerDavide Pesavento <davidepesa@gmail.com>Mon Jun 13 21:35:22 2022 -0400
treebc8d11b374301030f9c02bc508567e0675549cf7
parent9faf34bdf44c641d2df9e56bf2682be6d0c680e9 [diff] [blame]
tools: relax restriction on KeyId component type in `ndnsec key-gen`

And add a similar check on the IssuerId in cert-gen

Change-Id: I6828287a8c2f97dacba3326f0579afc71d9c69a3

diff --git a/tools/ndnsec/key-gen.cpp b/tools/ndnsec/key-gen.cpp
index 6773e72..ac85fe8 100644
--- a/tools/ndnsec/key-gen.cpp
+++ b/tools/ndnsec/key-gen.cpp

@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2021 Regents of the University of California.
+ * Copyright (c) 2013-2022 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -47,9 +47,10 @@
     ("type,t",        po::value<char>(&keyTypeChoice)->default_value('e'),
                       "key type: 'r' for RSA, 'e' for ECDSA")
     ("keyid-type,k",  po::value<char>(&keyIdTypeChoice),
-                      "key id type: 'h' for the SHA-256 of the public key, 'r' for a 64-bit "
+                      "key ID type: 'h' for the SHA-256 of the public key, 'r' for a 64-bit "
                       "random number (the default unless --keyid is specified)")
-    ("keyid",         po::value<std::string>(&userKeyId), "user-specified key id")
+    ("keyid",         po::value<std::string>(&userKeyId),
+                      "user-specified key ID, interpreted as a name component in URI format")
     ;
 
   po::positional_options_description p;
@@ -87,12 +88,11 @@
 
     keyIdType = KeyIdType::USER_SPECIFIED;
     userKeyIdComponent = name::Component::fromEscapedString(userKeyId);
-    if (userKeyIdComponent.empty()) {
-      std::cerr << "ERROR: key id cannot be an empty name component" << std::endl;
-      return 2;
-    }
-    if (!userKeyIdComponent.isGeneric()) {
-      std::cerr << "ERROR: key id must be a GenericNameComponent" << std::endl;
+    if (userKeyIdComponent.empty() ||
+        userKeyIdComponent.isImplicitSha256Digest() ||
+        userKeyIdComponent.isParametersSha256Digest() ||
+        userKeyIdComponent.isKeyword()) {
+      std::cerr << "ERROR: '" << userKeyIdComponent << "' cannot be used as key ID" << std::endl;
       return 2;
     }
   }
@@ -106,7 +106,7 @@
       // KeyIdType::RANDOM is the default
       break;
     default:
-      std::cerr << "ERROR: unrecognized key id type '" << keyIdTypeChoice << "'" << std::endl;
+      std::cerr << "ERROR: unrecognized key ID type '" << keyIdTypeChoice << "'" << std::endl;
       return 2;
     }
   }