tools: remove HTTP download feature in ndnsec cert-install

refs #4506

Change-Id: Ia25547ac056cdcca1f2ca664bdef25a2381d96cd
diff --git a/docs/manpages/ndnsec-cert-install.rst b/docs/manpages/ndnsec-cert-install.rst
index f98b5d4..1f83d11 100644
--- a/docs/manpages/ndnsec-cert-install.rst
+++ b/docs/manpages/ndnsec-cert-install.rst
@@ -14,8 +14,9 @@
 will be set as the default certificate for the corresponding identity and
 the identity will be set as the user's default identity.
 
-*file* can be a filesystem path or an HTTP URL of a file containing the certificate
-to install. If *file* is "-", the certificate will be read from the standard input.
+*file* is a path to a file that contains the certificate to install.
+If *file* is "-", the certificate will be read from the standard input.
+The certificate should be in Base64 encoding.
 
 Options
 -------
@@ -41,10 +42,6 @@
 
     $ ndnsec-cert-install cert_file.cert
 
-Install a certificate via HTTP and set it as the default certificate::
-
-    $ ndnsec-cert-install "http://ndncert.domain.com/cert/get/my-certificate.ndncert"
-
 Install a certificate but do not change any default settings::
 
     $ ndnsec-cert-install -N cert_file.cert
diff --git a/tools/ndnsec/cert-install.cpp b/tools/ndnsec/cert-install.cpp
index caa10b6..9a13e33 100644
--- a/tools/ndnsec/cert-install.cpp
+++ b/tools/ndnsec/cert-install.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2021 Regents of the University of California.
+ * Copyright (c) 2013-2022 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -27,79 +27,9 @@
 #include "ndn-cxx/security/transform/stream-sink.hpp"
 #include "ndn-cxx/security/transform/stream-source.hpp"
 
-#include <boost/asio/ip/tcp.hpp>
-#if BOOST_VERSION < 106700
-#include <boost/date_time/posix_time/posix_time_duration.hpp>
-#endif // BOOST_VERSION < 106700
-
 namespace ndn {
 namespace ndnsec {
 
-class HttpException : public std::runtime_error
-{
-public:
-  explicit
-  HttpException(const std::string& what)
-    : std::runtime_error(what)
-  {
-  }
-};
-
-static security::Certificate
-getCertificateHttp(const std::string& host, const std::string& port, const std::string& path)
-{
-  boost::asio::ip::tcp::iostream requestStream;
-#if BOOST_VERSION >= 106700
-  requestStream.expires_after(std::chrono::seconds(10));
-#else
-  requestStream.expires_from_now(boost::posix_time::seconds(10));
-#endif // BOOST_VERSION >= 106700
-
-  requestStream.connect(host, port);
-  if (!requestStream) {
-    NDN_THROW(HttpException("HTTP connection error"));
-  }
-
-  requestStream << "GET " << path << " HTTP/1.0\r\n";
-  requestStream << "Host: " << host << "\r\n";
-  requestStream << "Accept: */*\r\n";
-  requestStream << "Cache-Control: no-cache\r\n";
-  requestStream << "Connection: close\r\n\r\n";
-  requestStream.flush();
-
-  std::string statusLine;
-  std::getline(requestStream, statusLine);
-  if (!requestStream) {
-    NDN_THROW(HttpException("HTTP communication error"));
-  }
-
-  std::stringstream responseStream(statusLine);
-  std::string httpVersion;
-  responseStream >> httpVersion;
-  unsigned int statusCode;
-  responseStream >> statusCode;
-  std::string statusMessage;
-
-  std::getline(responseStream, statusMessage);
-  if (!requestStream || httpVersion.substr(0, 5) != "HTTP/") {
-    NDN_THROW(HttpException("HTTP communication error"));
-  }
-  if (statusCode != 200) {
-    NDN_THROW(HttpException("HTTP server error"));
-  }
-  std::string header;
-  while (std::getline(requestStream, header) && header != "\r")
-    ;
-
-  OBufferStream os;
-  {
-    using namespace ndn::security::transform;
-    streamSource(requestStream) >> base64Decode(true) >> streamSink(os);
-  }
-
-  return security::Certificate(Block(os.buf()));
-}
-
 int
 ndnsec_cert_install(int argc, char** argv)
 {
@@ -117,9 +47,7 @@
   description.add_options()
     ("help,h", "produce help message")
     ("cert-file,f",        po::value<std::string>(&certFile),
-                           "file name of the certificate to be imported, '-' for stdin; "
-                           "if it starts with 'http://', the certificate will be fetched "
-                           "using a plain HTTP/1.0 GET request")
+                           "file name of the certificate to be imported, '-' for stdin")
     ("identity-default,I", po::bool_switch(&isIdentityDefault),
                            "set the imported certificate as the default certificate for the identity")
     ("key-default,K",      po::bool_switch(&isKeyDefault),
@@ -158,51 +86,21 @@
     return 2;
   }
 
-  security::Certificate cert;
   if (certFile.find("http://") == 0) {
-    try {
-      std::string host;
-      std::string port;
-      std::string path;
-
-      size_t pos = 7; // offset of "http://"
-      size_t posSlash = certFile.find('/', pos);
-
-      if (posSlash == std::string::npos)
-        NDN_THROW(HttpException("Request line is not correctly formatted"));
-
-      size_t posPort = certFile.find(':', pos);
-      if (posPort != std::string::npos && posPort < posSlash) {
-        // port is specified
-        port = certFile.substr(posPort + 1, posSlash - posPort - 1);
-        host = certFile.substr(pos, posPort - pos);
-      }
-      else {
-        port = "80";
-        host = certFile.substr(pos, posSlash - pos);
-      }
-
-      path = certFile.substr(posSlash, certFile.size() - posSlash);
-
-      cert = getCertificateHttp(host, port, path);
-    }
-    catch (const std::runtime_error& e) {
-      std::cerr << "ERROR: Cannot download the certificate from '" << certFile
-                << "': " << e.what() << std::endl;
-      return 1;
-    }
-  }
-  else {
-    cert = loadFromFile<security::Certificate>(certFile);
+    std::cerr << "Downloading certificate over HTTP is no longer supported." << std::endl
+              << "Instead, please run:" << std::endl
+              << "curl -sfLS " << std::quoted(certFile, '\'', '\\')
+              << " | ndnsec cert-install -" << std::endl;
+    return 2;
   }
 
-  KeyChain keyChain;
+  auto cert = loadFromFile<security::Certificate>(certFile);
 
+  KeyChain keyChain; // open KeyChain after loading certificate
   auto id = keyChain.getPib().getIdentity(cert.getIdentity());
   auto key = id.getKey(cert.getKeyName());
 
   keyChain.addCertificate(key, cert);
-
   if (isIdentityDefault) {
     keyChain.setDefaultKey(id, key);
     keyChain.setDefaultCertificate(key, cert);
@@ -216,7 +114,7 @@
     keyChain.setDefaultCertificate(key, cert);
   }
 
-  std::cerr << "OK: certificate with name [" << cert.getName().toUri() << "] "
+  std::cerr << "OK: certificate with name [" << cert.getName() << "] "
             << "has been successfully installed" << std::endl;
 
   return 0;