security: Correct code style for ndnsec and add command-line exception handling
Change-Id: I68de24c3fb2af5decd57b790ccbfc908dc0c8332
diff --git a/tools/ndnsec-cert-dump.hpp b/tools/ndnsec-cert-dump.hpp
index 2adca8d..10d0fe5 100644
--- a/tools/ndnsec-cert-dump.hpp
+++ b/tools/ndnsec-cert-dump.hpp
@@ -11,7 +11,7 @@
#include "ndnsec-util.hpp"
int
-ndnsec_cert_dump(int argc, char** argv)
+ndnsec_cert_dump(int argc, char** argv)
{
using namespace ndn;
namespace po = boost::program_options;
@@ -28,8 +28,8 @@
std::string repoPort = "7376";
// bool isDnsOut = false;
- po::options_description desc("General Usage\n ndnsec cert-dump [-h] [-p] [-d] [-r [-H repo-host] [-P repor-port] ] [-i|k|f] name\nGeneral options");
- desc.add_options()
+ po::options_description description("General Usage\n ndnsec cert-dump [-h] [-p] [-d] [-r [-H repo-host] [-P repor-port] ] [-i|k|f] name\nGeneral options");
+ description.add_options()
("help,h", "produce help message")
("pretty,p", "optional, if specified, display certificate in human readable format")
("identity,i", "optional, if specified, name is identity name (e.g. /ndn/edu/ucla/alice), otherwise certificate name")
@@ -44,49 +44,59 @@
po::positional_options_description p;
p.add("name", 1);
-
- po::variables_map vm;
- po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
- po::notify(vm);
- if (vm.count("help"))
+ po::variables_map vm;
+ try
{
- std::cerr << desc << std::endl;
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
+ po::notify(vm);
+ }
+ catch (const std::exception& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
+
+ if (vm.count("help") != 0)
+ {
+ std::cerr << description << std::endl;
return 0;
}
- if (0 == vm.count("name"))
+ if (vm.count("name") == 0)
{
std::cerr << "identity_name must be specified" << std::endl;
- std::cerr << desc << std::endl;
+ std::cerr << description << std::endl;
return 1;
}
-
- if (vm.count("key"))
+
+ if (vm.count("key") != 0)
{
isCertName = false;
isKeyName = true;
}
- else if (vm.count("identity"))
+ else if (vm.count("identity") != 0)
{
isCertName = false;
isIdentityName = true;
}
- else if (vm.count("file"))
+ else if (vm.count("file") != 0)
{
isCertName = false;
// isFileName = true;
- }
-
- if (vm.count("pretty"))
+ }
+
+ if (vm.count("pretty") != 0)
isPretty = true;
- if (vm.count("repo-output"))
+ if (vm.count("repo-output") != 0)
{
isRepoOut = true;
isStdOut = false;
}
- else if(vm.count("dns-output"))
+ else if (vm.count("dns-output") != 0)
{
// isDnsOut = true;
isStdOut = false;
@@ -102,103 +112,64 @@
shared_ptr<IdentityCertificate> certificate;
- try
- {
- KeyChain keyChain;
+ KeyChain keyChain;
- if(isIdentityName || isKeyName || isCertName)
+ if (isIdentityName || isKeyName || isCertName)
+ {
+ if (isIdentityName)
{
- if(isIdentityName)
- {
- Name certName = keyChain.getDefaultCertificateNameForIdentity(name);
- certificate = keyChain.getCertificate(certName);
- }
- else if(isKeyName)
- {
- Name certName = keyChain.getDefaultCertificateNameForKey(name);
- certificate = keyChain.getCertificate(certName);
- }
- else
- certificate = keyChain.getCertificate(name);
-
- if(NULL == certificate)
- {
- std::cerr << "No certificate found!" << std::endl;
- return 1;
- }
+ Name certName = keyChain.getDefaultCertificateNameForIdentity(name);
+ certificate = keyChain.getCertificate(certName);
+ }
+ else if (isKeyName)
+ {
+ Name certName = keyChain.getDefaultCertificateNameForKey(name);
+ certificate = keyChain.getCertificate(certName);
}
else
+ certificate = keyChain.getCertificate(name);
+
+ if (!static_cast<bool>(certificate))
{
- certificate = getIdentityCertificate(name);
- if(!static_cast<bool>(certificate))
- {
- std::cerr << "No certificate read!" << std::endl;
- return 1;
- }
+ std::cerr << "No certificate found!" << std::endl;
+ return 1;
}
}
- catch(SecPublicInfo::Error& e)
- {
- std::cerr << e.what() << std::endl;
- return 1;
- }
- catch(SecTpm::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
-
- if(isPretty)
- {
- std::cout << *certificate << std::endl;
- // cout << "Certificate name: " << std::endl;
- // cout << " " << certificate->getName() << std::endl;
- // cout << "Validity: " << std::endl;
- // cout << " NotBefore: " << boost::posix_time::to_simple_string(certificate->getNotBefore()) << std::endl;
- // cout << " NotAfter: " << boost::posix_time::to_simple_string(certificate->getNotAfter()) << std::endl;
- // cout << "Subject Description: " << std::endl;
- // const vector<CertificateSubjectDescription>& SubDescriptionList = certificate->getSubjectDescriptionList();
- // vector<CertificateSubjectDescription>::const_iterator it = SubDescriptionList.begin();
- // for(; it != SubDescriptionList.end(); it++)
- // cout << " " << it->getOidStr() << ": " << it->getValue() << std::endl;
- // cout << "Public key bits: " << std::endl;
- // const Blob& keyBlob = certificate->getPublicKeygetKeyBlob();
- // std::string encoded;
- // CryptoPP::StringSource ss(reinterpret_cast<const unsigned char *>(keyBlob.buf()), keyBlob.size(), true,
- // new CryptoPP::Base64Encoder(new CryptoPP::StringSink(encoded), true, 64));
- // cout << encoded;
- }
else
{
- if(isStdOut)
+ certificate = getIdentityCertificate(name);
+ if (!static_cast<bool>(certificate))
{
- try
- {
- using namespace CryptoPP;
- StringSource ss(certificate->wireEncode().wire(), certificate->wireEncode().size(), true,
- new Base64Encoder(new FileSink(std::cout), true, 64));
- return 0;
- }
- catch(CryptoPP::Exception& e)
- {
- std::cerr << e.what() << std::endl;
- return 1;
- }
+ std::cerr << "No certificate read!" << std::endl;
+ return 1;
}
- if(isRepoOut)
+ }
+
+ if (isPretty)
+ {
+ std::cout << *certificate << std::endl;
+ }
+ else
+ {
+ if (isStdOut)
+ {
+ io::save(*certificate, std::cout);
+ return 0;
+ }
+ if (isRepoOut)
{
using namespace boost::asio::ip;
tcp::iostream request_stream;
-#if (BOOST_VERSION >= 104700)
request_stream.expires_from_now(boost::posix_time::milliseconds(3000));
-#endif
- request_stream.connect(repoHost,repoPort);
- if(!request_stream)
+ request_stream.connect(repoHost, repoPort);
+ if (!request_stream)
{
std::cerr << "fail to open the stream!" << std::endl;
return 1;
}
- request_stream.write(reinterpret_cast<const char*>(certificate->wireEncode().wire()), certificate->wireEncode().size());
+ request_stream.write(reinterpret_cast<const char*>(certificate->wireEncode().wire()),
+ certificate->wireEncode().size());
+
return 0;
}
}
diff --git a/tools/ndnsec-cert-gen.hpp b/tools/ndnsec-cert-gen.hpp
index 363dd57..197cc6b 100644
--- a/tools/ndnsec-cert-gen.hpp
+++ b/tools/ndnsec-cert-gen.hpp
@@ -10,7 +10,7 @@
#include "ndnsec-util.hpp"
-int
+int
ndnsec_cert_gen(int argc, char** argv)
{
using boost::tokenizer;
@@ -21,23 +21,23 @@
std::string notBeforeStr;
std::string notAfterStr;
- std::string sName;
- std::string reqFile;
+ std::string subjectName;
+ std::string requestFile("-");
std::string signId;
- std::string subInfo;
+ std::string subjectInfo;
bool isSelfSigned = false;
- bool nack = false;
+ bool isNack = false;
- po::options_description desc("General Usage\n ndnsec cert-gen [-h] [-S date] [-E date] [-N subject-name] [-I subject-info] [-s sign-id] request\nGeneral options");
- desc.add_options()
+ po::options_description description("General Usage\n ndnsec cert-gen [-h] [-S date] [-E date] [-N subject-name] [-I subject-info] [-s sign-id] request\nGeneral options");
+ description.add_options()
("help,h", "produce help message")
("not-before,S", po::value<std::string>(¬BeforeStr), "certificate starting date, YYYYMMDDhhmmss")
("not-after,E", po::value<std::string>(¬AfterStr), "certificate ending date, YYYYMMDDhhmmss")
- ("subject-name,N", po::value<std::string>(&sName), "subject name")
- ("subject-info,I", po::value<std::string>(&subInfo), "subject info, pairs of OID and string description: \"2.5.4.10 'University of California, Los Angeles'\"")
+ ("subject-name,N", po::value<std::string>(&subjectName), "subject name")
+ ("subject-info,I", po::value<std::string>(&subjectInfo), "subject info, pairs of OID and string description: \"2.5.4.10 'University of California, Los Angeles'\"")
("nack", "Generate revocation certificate (NACK)")
("sign-id,s", po::value<std::string>(&signId), "signing Identity, self-signed if not specified")
- ("request,r", po::value<std::string>(&reqFile), "request file name, - for stdin")
+ ("request,r", po::value<std::string>(&requestFile), "request file name, - for stdin")
;
po::positional_options_description p;
@@ -46,100 +46,96 @@
po::variables_map vm;
try
{
- po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
po::notify(vm);
}
- catch (std::exception &e)
+ catch (const std::exception& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
return 1;
}
- if (vm.count("help"))
+ if (vm.count("help") != 0)
{
- std::cerr << desc << std::endl;
+ std::cerr << description << std::endl;
return 0;
}
- if (0 == vm.count("sign-id"))
- {
+ if (vm.count("sign-id") == 0)
+ {
isSelfSigned = true;
}
- if (vm.count("nack"))
+ if (vm.count("nack") != 0)
{
- nack = true;
+ isNack = true;
}
std::vector<CertificateSubjectDescription> otherSubDescrypt;
- tokenizer<escaped_list_separator<char> > subInfoItems(subInfo, escaped_list_separator<char> ("\\", " \t", "'\""));
+ tokenizer<escaped_list_separator<char> > subjectInfoItems
+ (subjectInfo, escaped_list_separator<char> ("\\", " \t", "'\""));
- tokenizer<escaped_list_separator<char> >::iterator it = subInfoItems.begin();
- try
+ tokenizer<escaped_list_separator<char> >::iterator it =
+ subjectInfoItems.begin();
+
+ while (it != subjectInfoItems.end())
{
- while (it != subInfoItems.end())
+ std::string oid = *it;
+
+ it++;
+ if (it == subjectInfoItems.end())
{
- std::string oid = *it;
-
- it++;
- if (it == subInfoItems.end ())
- {
- std::cerr << "ERROR: unmatched info for oid [" << oid << "]" << std::endl;
- return 1;
- }
-
- std::string value = *it;
-
- otherSubDescrypt.push_back (CertificateSubjectDescription(oid, value));
-
- it++;
+ std::cerr << "ERROR: unmatched info for oid [" << oid << "]" << std::endl;
+ return 1;
}
- }
- catch (std::exception &e)
- {
- std::cerr << "error in parsing subject info" << std::endl;
- return 1;
+
+ std::string value = *it;
+
+ otherSubDescrypt.push_back(CertificateSubjectDescription(oid, value));
+
+ it++;
}
time::system_clock::TimePoint notBefore;
time::system_clock::TimePoint notAfter;
- try{
- if (0 == vm.count("not-before"))
- {
- notBefore = time::system_clock::now();
- }
- else
- {
- notBefore = time::fromIsoString(notBeforeStr.substr(0, 8) + "T" + notBeforeStr.substr(8, 6));
- }
+ if (vm.count("not-before") == 0)
+ {
+ notBefore = time::system_clock::now();
+ }
+ else
+ {
+ notBefore = time::fromIsoString(notBeforeStr.substr(0, 8) + "T" +
+ notBeforeStr.substr(8, 6));
+ }
- if (0 == vm.count("not-after"))
- {
- notAfter = notBefore + time::days(365);
- }
- else
- {
- notAfter = time::fromIsoString(notAfterStr.substr(0, 8) + "T" + notAfterStr.substr(8, 6));
- if(notAfter < notBefore)
- {
- std::cerr << "not-before is later than not-after" << std::endl;
- return 1;
- }
- }
- }catch(std::exception & e){
- std::cerr << "Error in converting validity timestamp!" << std::endl;
- return 1;
- }
+ if (vm.count("not-after") == 0)
+ {
+ notAfter = notBefore + time::days(365);
+ }
+ else
+ {
+ notAfter = time::fromIsoString(notAfterStr.substr(0, 8) + "T" +
+ notAfterStr.substr(8, 6));
- if (0 == vm.count("request"))
+ if (notAfter < notBefore)
+ {
+ std::cerr << "not-before is later than not-after" << std::endl;
+ return 1;
+ }
+ }
+
+ if (vm.count("request") == 0)
{
std::cerr << "request file must be specified" << std::endl;
return 1;
}
- shared_ptr<IdentityCertificate> selfSignedCertificate = getIdentityCertificate(reqFile);
- if(!static_cast<bool>(selfSignedCertificate))
+ shared_ptr<IdentityCertificate> selfSignedCertificate
+ = getIdentityCertificate(requestFile);
+
+ if (!static_cast<bool>(selfSignedCertificate))
{
std::cerr << "ERROR: input error" << std::endl;
return 1;
@@ -149,7 +145,7 @@
Name signIdName;
Name certName;
- if(isSelfSigned)
+ if (isSelfSigned)
{
certName = keyName.getPrefix(keyName.size()-1);
certName.append("KEY").append(keyName.get(-1)).append("ID-CERT").appendVersion();
@@ -157,72 +153,64 @@
else
{
signIdName = Name(signId);
-
+
+ int count = 0;
Name::const_iterator i = keyName.begin();
Name::const_iterator j = signIdName.begin();
- int count = 0;
- for(; i != keyName.end() && j != signIdName.end(); i++, j++, count++)
+ for (; i != keyName.end() && j != signIdName.end(); i++, j++)
{
- if(*i != *j)
+ if (*i != *j)
break;
+
+ count++;
}
-
- if(j != signIdName.end() || i == keyName.end())
+
+ if (j != signIdName.end() || i == keyName.end())
{
std::cerr << "wrong signing identity!" << std::endl;
return 1;
}
certName = keyName.getSubName(0, count);
- certName.append("KEY").append(keyName.getSubName(count, keyName.size()-count));
- certName.append("ID-CERT").appendVersion ();
+ certName.append("KEY")
+ .append(keyName.getSubName(count, keyName.size() - count))
+ .append("ID-CERT")
+ .appendVersion ();
}
Block wire;
- if (!nack)
+ if (!isNack)
{
- if (0 == vm.count("subject-name"))
+ if (vm.count("subject-name") == 0)
{
std::cerr << "subject_name must be specified" << std::endl;
return 1;
}
- try
- {
- CertificateSubjectDescription subDescryptName("2.5.4.41", sName);
- IdentityCertificate certificate;
- certificate.setName(certName);
- certificate.setNotBefore(notBefore);
- certificate.setNotAfter(notAfter);
- certificate.setPublicKeyInfo(selfSignedCertificate->getPublicKeyInfo());
- certificate.addSubjectDescription(subDescryptName);
- for (size_t i = 0; i < otherSubDescrypt.size(); i++)
- certificate.addSubjectDescription(otherSubDescrypt[i]);
- certificate.encode();
+ CertificateSubjectDescription subDescryptName("2.5.4.41", subjectName);
+ IdentityCertificate certificate;
+ certificate.setName(certName);
+ certificate.setNotBefore(notBefore);
+ certificate.setNotAfter(notAfter);
+ certificate.setPublicKeyInfo(selfSignedCertificate->getPublicKeyInfo());
+ certificate.addSubjectDescription(subDescryptName);
+ for (size_t i = 0; i < otherSubDescrypt.size(); i++)
+ certificate.addSubjectDescription(otherSubDescrypt[i]);
+ certificate.encode();
- KeyChain keyChain;
+ KeyChain keyChain;
- if(isSelfSigned)
- keyChain.selfSign(certificate);
- else
- {
- Name signingCertificateName = keyChain.getDefaultCertificateNameForIdentity(Name(signId));
-
- keyChain.sign(certificate, signingCertificateName);
- }
- wire = certificate.wireEncode();
- }
- catch(SecPublicInfo::Error& e)
+ if (isSelfSigned)
+ keyChain.selfSign(certificate);
+ else
{
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
+ Name signingCertificateName =
+ keyChain.getDefaultCertificateNameForIdentity(Name(signId));
+
+ keyChain.sign(certificate, signingCertificateName);
}
- catch(SecTpm::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
+ wire = certificate.wireEncode();
}
else
{
@@ -230,25 +218,13 @@
// revocationCert.setContent(void*, 0); // empty content
revocationCert.setName(certName);
- try
- {
- KeyChain keyChain;
-
- Name signingCertificateName = keyChain.getDefaultCertificateNameForIdentity(Name(signId));
-
- keyChain.sign (revocationCert, signingCertificateName);
- wire = revocationCert.wireEncode();
- }
- catch(SecPublicInfo::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
- catch(SecTpm::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
+ KeyChain keyChain;
+
+ Name signingCertificateName =
+ keyChain.getDefaultCertificateNameForIdentity(signId);
+
+ keyChain.sign(revocationCert, signingCertificateName);
+ wire = revocationCert.wireEncode();
}
try
@@ -257,7 +233,7 @@
StringSource ss(wire.wire(), wire.size(), true,
new Base64Encoder(new FileSink(std::cout), true, 64));
}
- catch(CryptoPP::Exception& e)
+ catch (const CryptoPP::Exception& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
return 1;
diff --git a/tools/ndnsec-cert-install.hpp b/tools/ndnsec-cert-install.hpp
index 12c036c..f23eb7a 100644
--- a/tools/ndnsec-cert-install.hpp
+++ b/tools/ndnsec-cert-install.hpp
@@ -11,95 +11,89 @@
#include "ndnsec-util.hpp"
-struct HttpException : public std::exception
+class HttpException : public std::runtime_error
{
- HttpException(const std::string &reason)
- : m_reason(reason)
+public:
+ explicit
+ HttpException(const std::string& what)
+ : std::runtime_error(what)
{
}
- ~HttpException() throw()
- {
- }
-
- const char* what() const throw()
- {
- return m_reason.c_str();
- }
-
-private:
- std::string m_reason;
};
ndn::shared_ptr<ndn::IdentityCertificate>
-getCertificateHttp(const std::string &host, const std::string &port, const std::string &path)
+getCertificateHttp(const std::string& host, const std::string& port, const std::string& path)
{
using namespace boost::asio::ip;
- tcp::iostream request_stream;
-#if (BOOST_VERSION >= 104700)
- request_stream.expires_from_now(boost::posix_time::milliseconds(3000));
-#endif
- request_stream.connect(host,port);
- if(!request_stream)
+ tcp::iostream requestStream;
+
+ requestStream.expires_from_now(boost::posix_time::milliseconds(3000));
+
+ requestStream.connect(host, port);
+ if (!static_cast<bool>(requestStream))
{
throw HttpException("HTTP connection error");
}
- request_stream << "GET " << path << " HTTP/1.0\r\n";
- request_stream << "Host: " << host << "\r\n";
- request_stream << "Accept: */*\r\n";
- request_stream << "Cache-Control: no-cache\r\n";
- request_stream << "Connection: close\r\n\r\n";
- request_stream.flush();
+ requestStream << "GET " << path << " HTTP/1.0\r\n";
+ requestStream << "Host: " << host << "\r\n";
+ requestStream << "Accept: */*\r\n";
+ requestStream << "Cache-Control: no-cache\r\n";
+ requestStream << "Connection: close\r\n\r\n";
+ requestStream.flush();
- std::string line1;
- std::getline(request_stream,line1);
- if (!request_stream)
+ std::string statusLine;
+ std::getline(requestStream, statusLine);
+ if (!static_cast<bool>(requestStream))
{
throw HttpException("HTTP communication error");
}
- std::stringstream response_stream(line1);
- std::string http_version;
- response_stream >> http_version;
- unsigned int status_code;
- response_stream >> status_code;
- std::string status_message;
+ std::stringstream responseStream(statusLine);
+ std::string httpVersion;
+ responseStream >> httpVersion;
+ unsigned int statusCode;
+ responseStream >> statusCode;
+ std::string statusMessage;
- std::getline(response_stream,status_message);
- if (!response_stream || http_version.substr(0,5)!="HTTP/")
+ std::getline(responseStream, statusMessage);
+ if (!static_cast<bool>(requestStream) || httpVersion.substr(0, 5) != "HTTP/")
{
throw HttpException("HTTP communication error");
}
- if (status_code!=200)
+ if (statusCode != 200)
{
throw HttpException("HTTP server error");
}
std::string header;
- while (std::getline(request_stream, header) && header != "\r") ;
+ while (std::getline(requestStream, header) && header != "\r")
+ ;
ndn::OBufferStream os;
- CryptoPP::FileSource ss2(request_stream, true, new CryptoPP::Base64Decoder(new CryptoPP::FileSink(os)));
+ {
+ using namespace CryptoPP;
+ FileSource ss2(requestStream, true, new Base64Decoder(new FileSink(os)));
+ }
- ndn::shared_ptr<ndn::IdentityCertificate> identityCertificate = ndn::make_shared<ndn::IdentityCertificate>();
+ ndn::shared_ptr<ndn::IdentityCertificate> identityCertificate =
+ ndn::make_shared<ndn::IdentityCertificate>();
identityCertificate->wireDecode(ndn::Block(os.buf()));
return identityCertificate;
}
-int
+int
ndnsec_cert_install(int argc, char** argv)
{
using namespace ndn;
namespace po = boost::program_options;
std::string certFileName;
- bool systemDefault = true;
- bool identityDefault = false;
- bool keyDefault = false;
- // bool noDefault = false;
- bool any = false;
+ bool isSystemDefault = true;
+ bool isIdentityDefault = false;
+ bool isKeyDefault = false;
- po::options_description desc("General Usage\n ndnsec cert-install [-h] [-I|K|N] cert-file\nGeneral options");
- desc.add_options()
+ po::options_description description("General Usage\n ndnsec cert-install [-h] [-I|K|N] cert-file\nGeneral options");
+ description.add_options()
("help,h", "produce help message")
("cert-file,f", po::value<std::string>(&certFileName), "file name of the ceritificate, - for stdin. "
"If starts with http://, will try to fetch "
@@ -114,131 +108,112 @@
po::variables_map vm;
try
{
- po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
po::notify(vm);
}
- catch (std::exception &e)
+ catch (const std::exception& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
return 1;
}
- if (vm.count("help"))
+ if (vm.count("help") != 0)
{
- std::cerr << desc << std::endl;
+ std::cerr << description << std::endl;
return 0;
}
- if (0 == vm.count("cert-file"))
+ if (vm.count("cert-file") == 0)
{
std::cerr << "cert_file must be specified" << std::endl;
- std::cerr << desc << std::endl;
+ std::cerr << description << std::endl;
return 1;
}
- if (vm.count("identity-default"))
+ if (vm.count("identity-default") != 0)
{
- identityDefault = true;
- systemDefault = false;
+ isIdentityDefault = true;
+ isSystemDefault = false;
}
- else if (vm.count("key-default"))
+ else if (vm.count("key-default") != 0)
{
- keyDefault = true;
- systemDefault = false;
+ isKeyDefault = true;
+ isSystemDefault = false;
}
- else if (vm.count("no-default"))
+ else if (vm.count("no-default") != 0)
{
// noDefault = true;
- systemDefault = false;
+ isSystemDefault = false;
}
- try
+ shared_ptr<IdentityCertificate> cert;
+
+ if (certFileName.find("http://") == 0)
{
- shared_ptr<IdentityCertificate> cert;
+ std::string host;
+ std::string port;
+ std::string path;
- if(certFileName.find("http://") == 0)
+ size_t pos = 7; // offset of "http://"
+ size_t posSlash = certFileName.find("/", pos);
+
+ if (posSlash == std::string::npos)
+ throw HttpException("Request line is not correctly formatted");
+
+ size_t posPort = certFileName.find(":", pos);
+
+ if (posPort != std::string::npos && posPort < posSlash) // port is specified
{
- std::string host;
- std::string port;
- std::string path;
-
- size_t pos = 7;
- size_t posSlash = certFileName.find ("/", pos);
-
- if (posSlash == std::string::npos)
- throw HttpException("Request line is not correctly formatted");
-
- size_t posPort = certFileName.find (":", pos);
-
- if (posPort != std::string::npos && posPort < posSlash) // port is specified
- {
- port = certFileName.substr (posPort + 1, posSlash - posPort - 1);
- host = certFileName.substr (pos, posPort-pos);
- }
- else
- {
- port = "80";
- host = certFileName.substr (pos, posSlash-pos);
- }
-
- path = certFileName.substr (posSlash, certFileName.size () - posSlash);
-
- cert = getCertificateHttp(host, port, path);
+ port = certFileName.substr(posPort + 1, posSlash - posPort - 1);
+ host = certFileName.substr(pos, posPort - pos);
}
else
{
- cert = getIdentityCertificate(certFileName);
+ port = "80";
+ host = certFileName.substr(pos, posSlash - pos);
}
- if(!static_cast<bool>(cert))
- return 1;
+ path = certFileName.substr(posSlash, certFileName.size () - posSlash);
- KeyChain keyChain;
-
- if(systemDefault)
- {
- keyChain.addCertificateAsIdentityDefault(*cert);
- Name keyName = cert->getPublicKeyName();
- Name identity = keyName.getSubName(0, keyName.size()-1);
- keyChain.setDefaultIdentity(identity);
- }
- else if(identityDefault)
- {
- keyChain.addCertificateAsIdentityDefault(*cert);
- }
- else if(keyDefault)
- {
- keyChain.addCertificateAsKeyDefault(*cert);
- }
- else
- {
- keyChain.addCertificate(*cert);
- }
-
- std::cerr << "OK: certificate with name [" << cert->getName().toUri() << "] has been successfully installed" << std::endl;
-
- return 0;
+ cert = getCertificateHttp(host, port, path);
}
- catch(SecPublicInfo::Error& e)
+ else
{
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
+ cert = getIdentityCertificate(certFileName);
}
- catch(SecTpm::Error& e)
+
+ if (!static_cast<bool>(cert))
+ return 1;
+
+ KeyChain keyChain;
+
+ if (isSystemDefault)
{
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
+ keyChain.addCertificateAsIdentityDefault(*cert);
+ Name keyName = cert->getPublicKeyName();
+ Name identity = keyName.getSubName(0, keyName.size()-1);
+ keyChain.setDefaultIdentity(identity);
}
- catch(std::exception &e)
+ else if (isIdentityDefault)
{
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
+ keyChain.addCertificateAsIdentityDefault(*cert);
}
- catch(...)
+ else if (isKeyDefault)
{
- std::cerr << "ERROR: unknown error" << std::endl;
- return 1;
+ keyChain.addCertificateAsKeyDefault(*cert);
}
+ else
+ {
+ keyChain.addCertificate(*cert);
+ }
+
+ std::cerr << "OK: certificate with name ["
+ << cert->getName().toUri()
+ << "] has been successfully installed"
+ << std::endl;
+
+ return 0;
}
#endif //NDNSEC_CERT_INSTALL_HPP
diff --git a/tools/ndnsec-delete.hpp b/tools/ndnsec-delete.hpp
index 2536344..bdce78f 100644
--- a/tools/ndnsec-delete.hpp
+++ b/tools/ndnsec-delete.hpp
@@ -10,89 +10,86 @@
#include "ndnsec-util.hpp"
-int
-ndnsec_delete(int argc, char** argv)
+int
+ndnsec_delete(int argc, char** argv)
{
using namespace ndn;
namespace po = boost::program_options;
// bool deleteId = true;
- bool deleteKey = false;
- bool deleteCert = false;
+ bool isDeleteKey = false;
+ bool isDeleteCert = false;
std::string name;
- po::options_description desc("General Usage\n ndnsec delete [-h] [-K|C] name\nGeneral options");
- desc.add_options()
+ po::options_description description("General Usage\n ndnsec delete [-h] [-k|c] name\nGeneral options");
+ description.add_options()
("help,h", "produce help message")
- ("delete_key,K", "(Optional) delete a key if specified.")
- ("delete_cert,C", "(Optional) delete a certificate if specified.")
+ ("delete-key,k", "(Optional) delete a key if specified.")
+ ("delete-key2,K", "(Optional) delete a key if specified.")
+ ("delete-cert,c", "(Optional) delete a certificate if specified.")
+ ("delete-cert2,C", "(Optional) delete a certificate if specified.")
("name,n", po::value<std::string>(&name), "By default, it refers to an identity."
- "If -K is specified, it refers to a key."
- "If -C is specified, it refers to a certificate.");
+ "If -k is specified, it refers to a key."
+ "If -c is specified, it refers to a certificate.");
;
po::positional_options_description p;
p.add("name", 1);
-
+
po::variables_map vm;
try
{
- po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
po::notify(vm);
}
- catch (std::exception &e)
+ catch (const std::exception& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
+ std::cerr << description << std::endl;
return 1;
}
- if (vm.count("help"))
+ if (vm.count("help") != 0)
{
- std::cerr << desc << std::endl;;
+ std::cerr << description << std::endl;;
return 0;
}
- if(vm.count("delete_cert"))
+ if (vm.count("name") == 0)
{
- deleteCert = true;
- // deleteId = false;
+ std::cerr << "ERROR: name must be specified" << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
}
- else if(vm.count("delete_key"))
- {
- deleteKey = true;
- // deleteId = false;
- }
-
- try
- {
- KeyChain keyChain;
- if(deleteCert)
- {
- keyChain.deleteCertificate(name);
- }
- else if(deleteKey)
- {
- keyChain.deleteKey(name);
- }
- else
- {
- keyChain.deleteIdentity(name);
- }
-
- return 0;
-
- }
- catch(SecPublicInfo::Error& e)
+ if (vm.count("delete-cert") != 0 || vm.count("delete-cert2") != 0)
{
- std::cerr << e.what() << std::endl;
- return 1;
+ isDeleteCert = true;
+ // deleteId = false;
}
- catch(SecTpm::Error& e)
+ else if (vm.count("delete-key") != 0 || vm.count("delete-key2") != 0)
{
- std::cerr << e.what() << std::endl;
- return 1;
+ isDeleteKey = true;
+ // deleteId = false;
}
+
+ KeyChain keyChain;
+
+ if (isDeleteCert)
+ {
+ keyChain.deleteCertificate(name);
+ }
+ else if (isDeleteKey)
+ {
+ keyChain.deleteKey(name);
+ }
+ else
+ {
+ keyChain.deleteIdentity(name);
+ }
+
+ return 0;
}
#endif //NDNSEC_DELETE_HPP
diff --git a/tools/ndnsec-dsk-gen.hpp b/tools/ndnsec-dsk-gen.hpp
index b7d95e8..08332ee 100644
--- a/tools/ndnsec-dsk-gen.hpp
+++ b/tools/ndnsec-dsk-gen.hpp
@@ -10,7 +10,7 @@
#include "ndnsec-util.hpp"
-int
+int
ndnsec_dsk_gen(int argc, char** argv)
{
using namespace ndn;
@@ -20,8 +20,8 @@
char keyType = 'r';
int keySize = 2048;
- po::options_description desc("General Usage\n ndnsec dsk-gen [-h] identity\nGeneral options");
- desc.add_options()
+ po::options_description description("General Usage\n ndnsec dsk-gen [-h] identity\nGeneral options");
+ description.add_options()
("help,h", "produce help message")
("identity,i", po::value<std::string>(&identityName), "identity name, for example, /ndn/ucla.edu/alice")
// ("type,t", po::value<char>(&keyType)->default_value('r'), "optional, key type, r for RSA key (default)")
@@ -32,128 +32,112 @@
p.add("identity", 1);
po::variables_map vm;
- po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
- po::notify(vm);
-
- if (vm.count("help"))
+ try
{
- std::cerr << desc << std::endl;
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
+ po::notify(vm);
+ }
+ catch (const std::exception& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
+
+ if (vm.count("help") != 0)
+ {
+ std::cerr << description << std::endl;
return 0;
}
- if (0 == vm.count("identity"))
+ if (vm.count("identity") == 0)
{
std::cerr << "identity must be specified" << std::endl;
- std::cerr << desc << std::endl;
+ std::cerr << description << std::endl;
return 1;
}
shared_ptr<IdentityCertificate> kskCert;
Name signingCertName;
- try
+
+ KeyChain keyChain;
+
+ Name defaultCertName = keyChain.getDefaultCertificateNameForIdentity(identityName);
+ bool isDefaultDsk = false;
+ if (defaultCertName.get(-3).toEscapedString().substr(0,4) == "dsk-")
+ isDefaultDsk = true;
+
+ if (isDefaultDsk)
{
- KeyChain keyChain;
+ shared_ptr<IdentityCertificate> dskCert = keyChain.getCertificate(defaultCertName);
+ SignatureSha256WithRsa sha256sig(dskCert->getSignature());
- Name defaultCertName = keyChain.getDefaultCertificateNameForIdentity(identityName);
- bool isDefaultDsk = false;
- if(defaultCertName.get(-3).toEscapedString().substr(0,4) == "dsk-")
- isDefaultDsk = true;
+ Name keyLocatorName = sha256sig.getKeyLocator().getName(); // will throw exception if keylocator is absent or it is not a name
- if(isDefaultDsk)
- {
- shared_ptr<IdentityCertificate> dskCert = keyChain.getCertificate(defaultCertName);
- SignatureSha256WithRsa sha256sig(dskCert->getSignature());
-
- Name keyLocatorName = sha256sig.getKeyLocator().getName(); // will throw exception if keylocator is absent or it is not a name
-
- Name kskName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
- Name kskCertName = keyChain.getDefaultCertificateNameForKey(kskName);
- signingCertName = kskCertName;
- kskCert = keyChain.getCertificate(kskCertName);
- }
- else
- {
- signingCertName = defaultCertName;
- kskCert = keyChain.getCertificate(defaultCertName);
- }
+ Name kskName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
+ Name kskCertName = keyChain.getDefaultCertificateNameForKey(kskName);
+ signingCertName = kskCertName;
+ kskCert = keyChain.getCertificate(kskCertName);
}
- catch(SignatureSha256WithRsa::Error& e)
+ else
{
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
- catch(KeyLocator::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
- catch(SecPublicInfo::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
+ signingCertName = defaultCertName;
+ kskCert = keyChain.getCertificate(defaultCertName);
}
- if(!static_cast<bool>(kskCert))
+ if (!static_cast<bool>(kskCert))
{
std::cerr << "ERROR: no KSK certificate." << std::endl;
return 1;
}
- try
+ Name newKeyName;
+ switch (keyType)
{
- KeyChain keyChain;
- Name newKeyName;
- switch(keyType)
- {
- case 'r':
+ case 'r':
+ {
+ newKeyName = keyChain.generateRSAKeyPair(Name(identityName), false, keySize);
+ if (0 == newKeyName.size())
{
- newKeyName = keyChain.generateRSAKeyPair(Name(identityName), false, keySize);
- if(0 == newKeyName.size())
- {
- std::cerr << "fail to generate key!" << std::endl;
- return 1;
- }
- break;
+ std::cerr << "fail to generate key!" << std::endl;
+ return 1;
}
- default:
- std::cerr << "Unrecongized key type" << "\n";
- std::cerr << desc << std::endl;
- return 1;
- }
-
- Name certName = newKeyName.getPrefix(-1);
- certName.append("KEY").append(newKeyName.get(-1)).append("ID-CERT").appendVersion();
-
- shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>();
- certificate->setName(certName);
- certificate->setNotBefore(kskCert->getNotBefore());
- certificate->setNotAfter(kskCert->getNotAfter());
-
- certificate->setPublicKeyInfo(*keyChain.getPublicKey(newKeyName));
-
- const std::vector<CertificateSubjectDescription>& subList = kskCert->getSubjectDescriptionList();
- std::vector<CertificateSubjectDescription>::const_iterator it = subList.begin();
- for(; it != subList.end(); it++)
- certificate->addSubjectDescription(*it);
-
- certificate->encode();
-
- keyChain.sign(*certificate, signingCertName);
-
- keyChain.addCertificateAsIdentityDefault(*certificate);
-
- return 0;
- }
- catch(SecPublicInfo::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
+ break;
+ }
+ default:
+ std::cerr << "Unrecongized key type" << "\n";
+ std::cerr << description << std::endl;
return 1;
}
- catch(SecTpm::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
+
+ Name certName = newKeyName.getPrefix(-1);
+ certName.append("KEY")
+ .append(newKeyName.get(-1))
+ .append("ID-CERT")
+ .appendVersion();
+
+ shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>();
+ certificate->setName(certName);
+ certificate->setNotBefore(kskCert->getNotBefore());
+ certificate->setNotAfter(kskCert->getNotAfter());
+
+ certificate->setPublicKeyInfo(*keyChain.getPublicKey(newKeyName));
+
+ const std::vector<CertificateSubjectDescription>& subList =
+ kskCert->getSubjectDescriptionList();
+
+ for (std::vector<CertificateSubjectDescription>::const_iterator it = subList.begin();
+ it != subList.end(); it++)
+ certificate->addSubjectDescription(*it);
+
+ certificate->encode();
+
+ keyChain.sign(*certificate, signingCertName);
+
+ keyChain.addCertificateAsIdentityDefault(*certificate);
+
+ return 0;
}
#endif //NDNSEC_DSK_GEN_HPP
diff --git a/tools/ndnsec-export.hpp b/tools/ndnsec-export.hpp
index ca3662f..f3773ac 100644
--- a/tools/ndnsec-export.hpp
+++ b/tools/ndnsec-export.hpp
@@ -10,7 +10,7 @@
#include "ndnsec-util.hpp"
-int
+int
ndnsec_export(int argc, char** argv)
{
using namespace ndn;
@@ -19,10 +19,10 @@
std::string identityStr;
std::string output;
std::string exportPassword;
- bool privateExport = false;
+ bool isPrivateExport = false;
- po::options_description desc("General Usage\n ndnsec export [-h] [-o output] [-p] identity \nGeneral options");
- desc.add_options()
+ po::options_description description("General Usage\n ndnsec export [-h] [-o output] [-p] identity \nGeneral options");
+ description.add_options()
("help,h", "Produce help message")
("output,o", po::value<std::string>(&output), "(Optional) output file, stdout if not specified")
("private,p", "export info contains private key")
@@ -35,56 +35,49 @@
po::variables_map vm;
try
{
- po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
po::notify(vm);
}
- catch (std::exception &e)
+ catch (const std::exception& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
+ std::cerr << description << std::endl;
return 1;
}
- if (vm.count("help"))
+ if (vm.count("help") != 0)
{
- std::cerr << desc << std::endl;
+ std::cerr << description << std::endl;
return 0;
}
- if (vm.count("private"))
- privateExport = true;
+ if (vm.count("identity") == 0)
+ {
+ std::cerr << "ERROR: identity must be specified" << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
- if (!vm.count("output"))
+ if (vm.count("private") != 0)
+ isPrivateExport = true;
+
+ if (vm.count("output") == 0)
output = "-";
Name identity(identityStr);
- if(!privateExport)
+ if (!isPrivateExport)
{
- try
- {
- KeyChain keyChain;
- shared_ptr<IdentityCertificate> cert = keyChain.getCertificate(keyChain.getDefaultCertificateNameForIdentity(identity));
- if(output == "-")
- io::save(*cert, std::cout);
- else
- io::save(*cert, output);
-
- return 0;
- }
- catch(SecPublicInfo::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
- catch(SecTpm::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
- catch(io::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
+ KeyChain keyChain;
+ shared_ptr<IdentityCertificate> cert
+ = keyChain.getCertificate(keyChain.getDefaultCertificateNameForIdentity(identity));
+
+ if (output == "-")
+ io::save(*cert, std::cout);
+ else
+ io::save(*cert, output);
+
+ return 0;
}
else
{
@@ -94,10 +87,10 @@
KeyChain keyChain;
int count = 3;
- while(!getPassword(exportPassword, "Passphrase for the private key: "))
+ while (!getPassword(exportPassword, "Passphrase for the private key: "))
{
count--;
- if(count <= 0)
+ if (count <= 0)
{
std::cerr << "ERROR: invalid password" << std::endl;
memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
@@ -106,27 +99,15 @@
}
shared_ptr<SecuredBag> securedBag = keyChain.exportIdentity(identity, exportPassword);
memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
-
- if(output == "-")
+
+ if (output == "-")
io::save(*securedBag, std::cout);
else
io::save(*securedBag, output);
return 0;
}
- catch(io::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
- return 1;
- }
- catch(SecPublicInfo::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
- return 1;
- }
- catch(SecTpm::Error& e)
+ catch (const std::runtime_error& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
diff --git a/tools/ndnsec-get-default.hpp b/tools/ndnsec-get-default.hpp
index 7827d6a..ef7bcb8 100644
--- a/tools/ndnsec-get-default.hpp
+++ b/tools/ndnsec-get-default.hpp
@@ -11,120 +11,120 @@
#include "ndnsec-util.hpp"
-int
-ndnsec_get_default(int argc, char** argv)
+int
+ndnsec_get_default(int argc, char** argv)
{
using namespace ndn;
namespace po = boost::program_options;
- bool getDefaultId = true;
- bool getDefaultKey = false;
- bool getDefaultCert = false;
- bool quiet = false;
- std::string idName;
+ bool isGetDefaultId = true;
+ bool isGetDefaultKey = false;
+ bool isGetDefaultCert = false;
+ bool isQuiet = false;
+ std::string identityString;
std::string keyName;
- po::options_description desc("General Usage\n ndnsec get-default [-h] [-K|C] [-i identity|-k key] [-q]\nGeneral options");
- desc.add_options()
+ po::options_description description("General Usage\n ndnsec get-default [-h] [-k|c] [-i identity|-K key] [-q]\nGeneral options");
+ description.add_options()
("help,h", "produce help message")
- ("default_key,K", "get default key")
- ("default_cert,C", "get default certificate")
- ("identity,i", po::value<std::string>(&idName), "target identity")
- ("key,k", po::value<std::string>(&keyName), "target key")
+ ("default_key,k", "get default key")
+ ("default_cert,c", "get default certificate")
+ ("identity,i", po::value<std::string>(&identityString), "target identity")
+ ("key,K", po::value<std::string>(&keyName), "target key")
("quiet,q", "don't output trailing newline")
;
po::variables_map vm;
- po::store(po::parse_command_line(argc, argv, desc), vm);
- po::notify(vm);
-
- if (vm.count("help"))
+ try
{
- std::cerr << desc << std::endl;;
+ po::store(po::parse_command_line(argc, argv, description), vm);
+ po::notify(vm);
+ }
+ catch (const std::exception& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
+
+ if (vm.count("help") != 0)
+ {
+ std::cerr << description << std::endl;;
return 0;
}
- if(vm.count("default_cert"))
+ if (vm.count("default_cert") != 0)
{
- getDefaultCert = true;
- getDefaultId = false;
+ isGetDefaultCert = true;
+ isGetDefaultId = false;
}
- else if(vm.count("default_key"))
+ else if (vm.count("default_key") != 0)
{
- getDefaultKey = true;
- getDefaultId = false;
+ isGetDefaultKey = true;
+ isGetDefaultId = false;
}
- if(vm.count("quiet"))
+ if (vm.count("quiet") != 0)
{
- quiet = true;
+ isQuiet = true;
}
-
- try
- {
- KeyChain keyChain;
- if(vm.count("key"))
- {
- Name keyNdnName(keyName);
- if(getDefaultCert)
- {
- std::cout << keyChain.getDefaultCertificateNameForKey(keyNdnName);
- if (!quiet) std::cout << std::endl;
- return 0;
- }
- return 1;
- }
- else if(vm.count("identity"))
- {
- Name idNdnName(idName);
-
- if(getDefaultKey)
- {
- std::cout << keyChain.getDefaultKeyNameForIdentity(idNdnName);
- if (!quiet) std::cout << std::endl;
- return 0;
- }
- if(getDefaultCert)
- {
- std::cout << keyChain.getDefaultCertificateNameForIdentity(idNdnName);
- if (!quiet) std::cout << std::endl;
- return 0;
- }
- return 1;
- }
- else
- {
- Name idNdnName = keyChain.getDefaultIdentity();
- if(getDefaultId)
- {
- std::cout << idNdnName;
- if (!quiet) std::cout << std::endl;
- return 0;
- }
- if(getDefaultKey)
- {
- std::cout << keyChain.getDefaultKeyNameForIdentity(idNdnName);
- if (!quiet) std::cout << std::endl;
- return 0;
- }
- if(getDefaultCert)
- {
- std::cout << keyChain.getDefaultCertificateNameForIdentity(idNdnName);
- if (!quiet) std::cout << std::endl;
- return 0;
- }
- return 1;
- }
- }
- catch(SecPublicInfo::Error& e)
+ KeyChain keyChain;
+
+ if (vm.count("key") != 0)
{
- std::cerr << "ERROR: " << e.what() << std::endl;
+ Name keyNdnName(keyName);
+ if (isGetDefaultCert)
+ {
+ std::cout << keyChain.getDefaultCertificateNameForKey(keyNdnName);
+ if (!isQuiet) std::cout << std::endl;
+ return 0;
+ }
return 1;
}
- catch(SecTpm::Error& e)
+ else if (vm.count("identity") != 0)
{
- std::cerr << "ERROR: " << e.what() << std::endl;
+ Name identity(identityString);
+
+ if (isGetDefaultKey)
+ {
+ std::cout << keyChain.getDefaultKeyNameForIdentity(identity);
+ if (!isQuiet)
+ std::cout << std::endl;
+
+ return 0;
+ }
+ if (isGetDefaultCert)
+ {
+ std::cout << keyChain.getDefaultCertificateNameForIdentity(identity);
+ if (!isQuiet)
+ std::cout << std::endl;
+
+ return 0;
+ }
+ return 1;
+ }
+ else
+ {
+ Name identity = keyChain.getDefaultIdentity();
+ if (isGetDefaultId)
+ {
+ std::cout << identity;
+ if (!isQuiet) std::cout << std::endl;
+ return 0;
+ }
+ if (isGetDefaultKey)
+ {
+ std::cout << keyChain.getDefaultKeyNameForIdentity(identity);
+ if (!isQuiet) std::cout << std::endl;
+ return 0;
+ }
+ if (isGetDefaultCert)
+ {
+ std::cout << keyChain.getDefaultCertificateNameForIdentity(identity);
+ if (!isQuiet) std::cout << std::endl;
+ return 0;
+ }
return 1;
}
}
diff --git a/tools/ndnsec-import.hpp b/tools/ndnsec-import.hpp
index 16c2f95..0dd6b89 100644
--- a/tools/ndnsec-import.hpp
+++ b/tools/ndnsec-import.hpp
@@ -10,18 +10,18 @@
#include "ndnsec-util.hpp"
-int
+int
ndnsec_import(int argc, char** argv)
{
using namespace ndn;
namespace po = boost::program_options;
- std::string input;
+ std::string input("-");
std::string importPassword;
- bool privateImport = false;
+ bool isPrivateImport = false;
- po::options_description desc("General Usage\n ndnsec import [-h] [-p] input \nGeneral options");
- desc.add_options()
+ po::options_description description("General Usage\n ndnsec import [-h] [-p] input \nGeneral options");
+ description.add_options()
("help,h", "produce help message")
("private,p", "import info contains private key")
("input,i", po::value<std::string>(&input), "input source, stdin if -")
@@ -33,27 +33,30 @@
po::variables_map vm;
try
{
- po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
po::notify(vm);
}
- catch (std::exception &e)
+ catch (const std::exception& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
+ std::cerr << description << std::endl;
return 1;
}
- if (vm.count("help"))
+ if (vm.count("help") != 0)
{
- std::cerr << desc << std::endl;
+ std::cerr << description << std::endl;
return 0;
}
- if (vm.count("private"))
- privateImport = true;
+ if (vm.count("private") != 0)
+ isPrivateImport = true;
- if(!privateImport)
+ if (!isPrivateImport)
{
- std::cerr << "You are trying to import certificate!\nPlease use ndnsec cert-install!" << std::endl;
+ std::cerr << "You are trying to import certificate!\n"
+ << "Please use ndnsec cert-install!" << std::endl;
return 1;
}
else
@@ -63,16 +66,16 @@
KeyChain keyChain;
shared_ptr<SecuredBag> securedBag;
- if(input == "-")
+ if (input == "-")
securedBag = io::load<SecuredBag>(std::cin);
else
securedBag = io::load<SecuredBag>(input);
-
+
int count = 3;
- while(!getPassword(importPassword, "Passphrase for the private key: "))
+ while (!getPassword(importPassword, "Passphrase for the private key: "))
{
count--;
- if(count <= 0)
+ if (count <= 0)
{
std::cerr << "ERROR: Fail to get password" << std::endl;
memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
@@ -82,19 +85,7 @@
keyChain.importIdentity(*securedBag, importPassword);
memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
}
- catch(io::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
- return 1;
- }
- catch(SecPublicInfo::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
- return 1;
- }
- catch(SecTpm::Error& e)
+ catch (const std::runtime_error& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
diff --git a/tools/ndnsec-key-gen.hpp b/tools/ndnsec-key-gen.hpp
index 3df9c6b..76aa69c 100644
--- a/tools/ndnsec-key-gen.hpp
+++ b/tools/ndnsec-key-gen.hpp
@@ -10,20 +10,20 @@
#include "ndnsec-util.hpp"
-int
-ndnsec_key_gen(int argc, char** argv)
+int
+ndnsec_key_gen(int argc, char** argv)
{
using namespace ndn;
namespace po = boost::program_options;
std::string identityName;
- bool notDefault = false;
+ bool isDefault = true;
char keyType = 'r';
int keySize = 2048;
std::string outputFilename;
- po::options_description desc("General Usage\n ndnsec key-gen [-h] [-n] identity\nGeneral options");
- desc.add_options()
+ po::options_description description("General Usage\n ndnsec key-gen [-h] [-n] identity\nGeneral options");
+ description.add_options()
("help,h", "produce help message")
("identity,i", po::value<std::string>(&identityName), "identity name, for example, /ndn/ucla.edu/alice")
("not_default,n", "optional, if not specified, the target identity will be set as the default identity of the system")
@@ -33,84 +33,64 @@
po::positional_options_description p;
p.add("identity", 1);
-
- po::variables_map vm;
- po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
- po::notify(vm);
- if (vm.count("help"))
+ po::variables_map vm;
+ try
{
- std::cerr << desc << std::endl;
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
+ po::notify(vm);
+ }
+ catch (const std::exception& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
+
+ if (vm.count("help") != 0)
+ {
+ std::cerr << description << std::endl;
return 0;
}
- if (0 == vm.count("identity"))
+ if (vm.count("identity") == 0)
{
std::cerr << "identity must be specified" << std::endl;
- std::cerr << desc << std::endl;
+ std::cerr << description << std::endl;
return 1;
}
-
- if (vm.count("not_default"))
- notDefault = true;
-
- if (true)
- {
- switch(keyType)
- {
- case 'r':
- {
- shared_ptr<IdentityCertificate> idcert;
- try
- {
- KeyChain keyChain;
-
- Name keyName = keyChain.generateRSAKeyPair(Name(identityName), true, keySize);
-
- if(0 == keyName.size())
- {
- return 1;
- }
-
- keyChain.setDefaultKeyNameForIdentity(keyName);
-
- idcert = keyChain.selfSign(keyName);
-
- if(!notDefault)
- {
- keyChain.setDefaultIdentity(Name(identityName));
- }
- }
- catch(const SecPublicInfo::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
- catch(const SecTpm::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
- try
- {
- CryptoPP::StringSource ss(idcert->wireEncode().wire(),
- idcert->wireEncode().size(),
- true,
- new CryptoPP::Base64Encoder(new CryptoPP::FileSink(std::cout), true, 64));
- return 0;
- }
- catch(const CryptoPP::Exception& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
- }
- default:
- std::cerr << "Unrecongized key type" << "\n";
- std::cerr << desc << std::endl;
- return 1;
+ if (vm.count("not_default") != 0)
+ isDefault = false;
+
+ switch (keyType)
+ {
+ case 'r':
+ {
+ shared_ptr<IdentityCertificate> identityCert;
+
+ KeyChain keyChain;
+
+ Name keyName = keyChain.generateRSAKeyPair(Name(identityName), true, keySize);
+
+ if (0 == keyName.size())
+ return 1;
+
+ keyChain.setDefaultKeyNameForIdentity(keyName);
+
+ identityCert = keyChain.selfSign(keyName);
+
+ if (isDefault)
+ keyChain.setDefaultIdentity(Name(identityName));
+
+ io::save(*identityCert, std::cout);
+ return 0;
}
+ default:
+ std::cerr << "Unrecongized key type" << "\n";
+ std::cerr << description << std::endl;
+ return 1;
}
return 0;
diff --git a/tools/ndnsec-list.hpp b/tools/ndnsec-list.hpp
index 3ebe2ca..db796c1 100644
--- a/tools/ndnsec-list.hpp
+++ b/tools/ndnsec-list.hpp
@@ -10,181 +10,222 @@
#include "ndnsec-util.hpp"
-int
-ndnsec_list(int argc, char** argv)
+int
+ndnsec_list(int argc, char** argv)
{
using namespace ndn;
namespace po = boost::program_options;
- bool getId = true;
- bool getKey = false;
- bool getCert = false;
+ bool isGetId = true;
+ bool isGetKey = false;
+ bool isGetCert = false;
- po::options_description desc("General Usage\n ndnsec list [-h] [-K|C]\nGeneral options");
- desc.add_options()
+ po::options_description description("General Usage\n ndnsec list [-h] [-k|c]\nGeneral options");
+ description.add_options()
("help,h", "produce help message")
- ("key,K", "granularity: key")
- ("cert,C", "granularity: certificate")
+ ("key,k", "granularity: key")
+ ("key2,K", "granularity: key")
+ ("cert,c", "granularity: certificate")
+ ("cert2,C", "granularity: certificate")
;
po::variables_map vm;
- po::store(po::parse_command_line(argc, argv, desc), vm);
- po::notify(vm);
-
- if (vm.count("help"))
+ try
{
- std::cerr << desc << std::endl;;
+ po::store(po::parse_command_line(argc, argv, description), vm);
+ po::notify(vm);
+ }
+ catch (const std::exception& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
+
+ if (vm.count("help") != 0)
+ {
+ std::cerr << description << std::endl;;
return 0;
}
- if (vm.count("cert"))
+ if (vm.count("cert") != 0 || vm.count("cert2") != 0)
{
- getCert = true;
- getId = false;
+ isGetCert = true;
+ isGetId = false;
}
- else if(vm.count("key"))
+ else if(vm.count("key") != 0 || vm.count("key2") != 0)
{
- getKey = true;
- getId = false;
+ isGetKey = true;
+ isGetId = false;
}
- try
+ KeyChain keyChain;
+
+ if (isGetId)
{
- KeyChain keyChain;
-
- if(getId)
- {
- std::vector<Name> defaultList;
- keyChain.getAllIdentities(defaultList, true);
- for(size_t i = 0; i < defaultList.size(); i++)
- std::cout << "* " << defaultList[i] << std::endl;
- std::vector<Name> otherList;
- keyChain.getAllIdentities(otherList, false);
- for(size_t i = 0; i < otherList.size(); i++)
- std::cout << " " << otherList[i] << std::endl;
- return 0;
- }
- if(getKey)
- {
- std::vector<Name> defaultIdList;
- keyChain.getAllIdentities(defaultIdList, true);
- for(size_t i = 0; i < defaultIdList.size(); i++)
- {
- std::cout << "* " << defaultIdList[i] << std::endl;
- std::vector<Name> defaultKeyList;
- keyChain.getAllKeyNamesOfIdentity(defaultIdList[i], defaultKeyList, true);
- for(size_t j = 0; j < defaultKeyList.size(); j++)
- std::cout << " +->* " << defaultKeyList[j] << std::endl;
- std::vector<Name> otherKeyList;
- keyChain.getAllKeyNamesOfIdentity(defaultIdList[i], otherKeyList, false);
- for(size_t j = 0; j < otherKeyList.size(); j++)
- std::cout << " +-> " << otherKeyList[j] << std::endl;
- std::cout << std::endl;
- }
- std::vector<Name> otherIdList;
- keyChain.getAllIdentities(otherIdList, false);
- for(size_t i = 0; i < otherIdList.size(); i++)
- {
- std::cout << " " << otherIdList[i] << std::endl;
- std::vector<Name> defaultKeyList;
- keyChain.getAllKeyNamesOfIdentity(otherIdList[i], defaultKeyList, true);
- for(size_t j = 0; j < defaultKeyList.size(); j++)
- std::cout << " +->* " << defaultKeyList[j] << std::endl;
- std::vector<Name> otherKeyList;
- keyChain.getAllKeyNamesOfIdentity(otherIdList[i], otherKeyList, false);
- for(size_t j = 0; j < otherKeyList.size(); j++)
- std::cout << " +-> " << otherKeyList[j] << std::endl;
- std::cout << std::endl;
- }
- return 0;
- }
- if(getCert)
- {
- std::vector<Name> defaultIdList;
- keyChain.getAllIdentities(defaultIdList, true);
- for(size_t i = 0; i < defaultIdList.size(); i++)
- {
- std::cout << "* " << defaultIdList[i] << std::endl;
- std::vector<Name> defaultKeyList;
- keyChain.getAllKeyNamesOfIdentity(defaultIdList[i], defaultKeyList, true);
- for(size_t j = 0; j < defaultKeyList.size(); j++)
- {
- std::cout << " +->* " << defaultKeyList[j] << std::endl;
- std::vector<Name> defaultCertList;
- keyChain.getAllCertificateNamesOfKey(defaultKeyList[j], defaultCertList, true);
- for(size_t k = 0; k < defaultCertList.size(); k++)
- std::cout << " +->* " << defaultCertList[k] << std::endl;
- std::vector<Name> otherCertList;
- keyChain.getAllCertificateNamesOfKey(defaultKeyList[j], otherCertList, false);
- for(size_t k = 0; k < otherCertList.size(); k++)
- std::cout << " +-> " << otherCertList[k] << std::endl;
- }
- std::vector<Name> otherKeyList;
- keyChain.getAllKeyNamesOfIdentity(defaultIdList[i], otherKeyList, false);
- for(size_t j = 0; j < otherKeyList.size(); j++)
- {
- std::cout << " +-> " << otherKeyList[j] << std::endl;
- std::vector<Name> defaultCertList;
- keyChain.getAllCertificateNamesOfKey(otherKeyList[j], defaultCertList, true);
- for(size_t k = 0; k < defaultCertList.size(); k++)
- std::cout << " +->* " << defaultCertList[k] << std::endl;
- std::vector<Name> otherCertList;
- keyChain.getAllCertificateNamesOfKey(otherKeyList[j], otherCertList, false);
- for(size_t k = 0; k < otherCertList.size(); k++)
- std::cout << " +-> " << otherCertList[k] << std::endl;
- }
-
- std::cout << std::endl;
- }
- std::vector<Name> otherIdList;
- keyChain.getAllIdentities(otherIdList, false);
- for(size_t i = 0; i < otherIdList.size(); i++)
- {
- std::cout << " " << otherIdList[i] << std::endl;
- std::vector<Name> defaultKeyList;
- keyChain.getAllKeyNamesOfIdentity(otherIdList[i], defaultKeyList, true);
- for(size_t j = 0; j < defaultKeyList.size(); j++)
- {
- std::cout << " +->* " << defaultKeyList[j] << std::endl;
- std::vector<Name> defaultCertList;
- keyChain.getAllCertificateNamesOfKey(defaultKeyList[j], defaultCertList, true);
- for(size_t k = 0; k < defaultCertList.size(); k++)
- std::cout << " +->* " << defaultCertList[k] << std::endl;
- std::vector<Name> otherCertList;
- keyChain.getAllCertificateNamesOfKey(defaultKeyList[j], otherCertList, false);
- for(size_t k = 0; k < otherCertList.size(); k++)
- std::cout << " +-> " << otherCertList[k] << std::endl;
- }
- std::vector<Name> otherKeyList;
- keyChain.getAllKeyNamesOfIdentity(otherIdList[i], otherKeyList, false);
- for(size_t j = 0; j < otherKeyList.size(); j++)
- {
- std::cout << " +-> " << otherKeyList[j] << std::endl;
- std::vector<Name> defaultCertList;
- keyChain.getAllCertificateNamesOfKey(otherKeyList[j], defaultCertList, true);
- for(size_t k = 0; k < defaultCertList.size(); k++)
- std::cout << " +->* " << defaultCertList[k] << std::endl;
- std::vector<Name> otherCertList;
- keyChain.getAllCertificateNamesOfKey(otherKeyList[j], otherCertList, false);
- for(size_t k = 0; k < otherCertList.size(); k++)
- std::cout << " +-> " << otherCertList[k] << std::endl;
- }
- std::cout << std::endl;
- }
- return 0;
- }
- return 1;
+ std::vector<Name> defaultIdentities;
+ keyChain.getAllIdentities(defaultIdentities, true);
+
+ for (size_t i = 0; i < defaultIdentities.size(); i++)
+ std::cout << "* " << defaultIdentities[i] << std::endl;
+
+ std::vector<Name> otherIdentities;
+ keyChain.getAllIdentities(otherIdentities, false);
+ for (size_t i = 0; i < otherIdentities.size(); i++)
+ std::cout << " " << otherIdentities[i] << std::endl;
+
+ return 0;
}
- catch(const SecPublicInfo::Error& e)
+ if (isGetKey)
{
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
+ std::vector<Name> defaultIdentities;
+ keyChain.getAllIdentities(defaultIdentities, true);
+
+ for (size_t i = 0; i < defaultIdentities.size(); i++)
+ {
+ std::cout << "* " << defaultIdentities[i] << std::endl;
+
+ std::vector<Name> defaultKeys;
+ keyChain.getAllKeyNamesOfIdentity(defaultIdentities[i], defaultKeys, true);
+
+ for (size_t j = 0; j < defaultKeys.size(); j++)
+ std::cout << " +->* " << defaultKeys[j] << std::endl;
+
+ std::vector<Name> otherKeys;
+ keyChain.getAllKeyNamesOfIdentity(defaultIdentities[i], otherKeys, false);
+
+ for (size_t j = 0; j < otherKeys.size(); j++)
+ std::cout << " +-> " << otherKeys[j] << std::endl;
+
+ std::cout << std::endl;
+ }
+
+ std::vector<Name> otherIdentities;
+ keyChain.getAllIdentities(otherIdentities, false);
+
+ for (size_t i = 0; i < otherIdentities.size(); i++)
+ {
+ std::cout << " " << otherIdentities[i] << std::endl;
+
+ std::vector<Name> defaultKeys;
+ keyChain.getAllKeyNamesOfIdentity(otherIdentities[i], defaultKeys, true);
+
+ for (size_t j = 0; j < defaultKeys.size(); j++)
+ std::cout << " +->* " << defaultKeys[j] << std::endl;
+
+ std::vector<Name> otherKeys;
+ keyChain.getAllKeyNamesOfIdentity(otherIdentities[i], otherKeys, false);
+
+ for (size_t j = 0; j < otherKeys.size(); j++)
+ std::cout << " +-> " << otherKeys[j] << std::endl;
+
+ std::cout << std::endl;
+ }
+ return 0;
}
- catch(const SecTpm::Error& e)
+ if (isGetCert)
{
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
+ std::vector<Name> defaultIdentities;
+ keyChain.getAllIdentities(defaultIdentities, true);
+
+ for (size_t i = 0; i < defaultIdentities.size(); i++)
+ {
+ std::cout << "* " << defaultIdentities[i] << std::endl;
+
+ std::vector<Name> defaultKeys;
+ keyChain.getAllKeyNamesOfIdentity(defaultIdentities[i], defaultKeys, true);
+
+ for (size_t j = 0; j < defaultKeys.size(); j++)
+ {
+ std::cout << " +->* " << defaultKeys[j] << std::endl;
+
+ std::vector<Name> defaultCertificates;
+ keyChain.getAllCertificateNamesOfKey(defaultKeys[j], defaultCertificates, true);
+
+ for (size_t k = 0; k < defaultCertificates.size(); k++)
+ std::cout << " +->* " << defaultCertificates[k] << std::endl;
+
+ std::vector<Name> otherCertificates;
+ keyChain.getAllCertificateNamesOfKey(defaultKeys[j], otherCertificates, false);
+
+ for (size_t k = 0; k < otherCertificates.size(); k++)
+ std::cout << " +-> " << otherCertificates[k] << std::endl;
+ }
+
+ std::vector<Name> otherKeys;
+ keyChain.getAllKeyNamesOfIdentity(defaultIdentities[i], otherKeys, false);
+
+ for (size_t j = 0; j < otherKeys.size(); j++)
+ {
+ std::cout << " +-> " << otherKeys[j] << std::endl;
+
+ std::vector<Name> defaultCertificates;
+ keyChain.getAllCertificateNamesOfKey(otherKeys[j], defaultCertificates, true);
+
+ for (size_t k = 0; k < defaultCertificates.size(); k++)
+ std::cout << " +->* " << defaultCertificates[k] << std::endl;
+
+ std::vector<Name> otherCertificates;
+ keyChain.getAllCertificateNamesOfKey(otherKeys[j], otherCertificates, false);
+
+ for (size_t k = 0; k < otherCertificates.size(); k++)
+ std::cout << " +-> " << otherCertificates[k] << std::endl;
+ }
+ std::cout << std::endl;
+ }
+
+ std::vector<Name> otherIdentities;
+ keyChain.getAllIdentities(otherIdentities, false);
+
+ for (size_t i = 0; i < otherIdentities.size(); i++)
+ {
+ std::cout << " " << otherIdentities[i] << std::endl;
+
+ std::vector<Name> defaultKeys;
+ keyChain.getAllKeyNamesOfIdentity(otherIdentities[i], defaultKeys, true);
+
+ for (size_t j = 0; j < defaultKeys.size(); j++)
+ {
+ std::cout << " +->* " << defaultKeys[j] << std::endl;
+
+ std::vector<Name> defaultCertificates;
+ keyChain.getAllCertificateNamesOfKey(defaultKeys[j], defaultCertificates, true);
+
+ for (size_t k = 0; k < defaultCertificates.size(); k++)
+ std::cout << " +->* " << defaultCertificates[k] << std::endl;
+
+ std::vector<Name> otherCertificates;
+ keyChain.getAllCertificateNamesOfKey(defaultKeys[j], otherCertificates, false);
+
+ for (size_t k = 0; k < otherCertificates.size(); k++)
+ std::cout << " +-> " << otherCertificates[k] << std::endl;
+ }
+
+ std::vector<Name> otherKeys;
+ keyChain.getAllKeyNamesOfIdentity(otherIdentities[i], otherKeys, false);
+
+ for (size_t j = 0; j < otherKeys.size(); j++)
+ {
+ std::cout << " +-> " << otherKeys[j] << std::endl;
+
+ std::vector<Name> defaultCertificates;
+ keyChain.getAllCertificateNamesOfKey(otherKeys[j], defaultCertificates, true);
+
+ for (size_t k = 0; k < defaultCertificates.size(); k++)
+ std::cout << " +->* " << defaultCertificates[k] << std::endl;
+
+ std::vector<Name> otherCertificates;
+ keyChain.getAllCertificateNamesOfKey(otherKeys[j], otherCertificates, false);
+
+ for (size_t k = 0; k < otherCertificates.size(); k++)
+ std::cout << " +-> " << otherCertificates[k] << std::endl;
+ }
+
+ std::cout << std::endl;
+ }
+ return 0;
}
+ return 1;
}
#endif //NDNSEC_LIST_HPP
diff --git a/tools/ndnsec-op-tool.hpp b/tools/ndnsec-op-tool.hpp
index a8d9421..0501a06 100644
--- a/tools/ndnsec-op-tool.hpp
+++ b/tools/ndnsec-op-tool.hpp
@@ -19,75 +19,60 @@
namespace po = boost::program_options;
std::string command;
-
- po::options_description desc("General options");
- desc.add_options()
+
+ po::options_description description("General options");
+ description.add_options()
("help,h", "produce this help message")
("command", po::value<std::string>(&command), "command")
;
po::positional_options_description p;
p.add("command", 1);
-
+
po::variables_map vm;
try
{
- po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
po::notify(vm);
}
- catch(std::exception &e)
+ catch (const std::exception& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
+ std::cerr << description << std::endl;
return -1;
}
-
- if (vm.count("help"))
+
+ if (vm.count("help") != 0)
{
- std::cerr << desc << std::endl;
+ std::cerr << description << std::endl;
return 0;
}
-
- if (0 == vm.count("command"))
+
+ if (vm.count("command") == 0)
{
std::cerr << "command must be specified" << std::endl;
- std::cerr << desc << std::endl;
+ std::cerr << description << std::endl;
return 1;
}
if (command == "sign") // the content to be signed from stdin
{
- try
+ KeyChain keyChain;
+
+ Buffer dataToSign((istreambuf_iterator<char>(cin)), istreambuf_iterator<char>());
+
+ Signature signature = keyChain.sign(dataToSign.buf(), dataToSign.size(),
+ keyChain.getDefaultCertificateName());
+
+ if (signature.getValue().value_size() == 0)
{
- KeyChain keyChain;
-
- Buffer dataToSign((istreambuf_iterator<char>(cin)), istreambuf_iterator<char>());
-
- Signature signature = keyChain.sign(dataToSign.buf(), dataToSign.size(),
- keyChain.getDefaultCertificateName());
-
- if (signature.getValue().value_size() == 0)
- {
- std::cerr << "Error signing with default key" << std::endl;
- return -1;
- }
-
- std::cout.write(reinterpret_cast<const char*>(signature.getValue().wire()), signature.getValue().size());
- }
- catch (boost::exception& e)
- {
- std::cerr << "ERROR: " << boost::diagnostic_information (e) << std::endl;
+ std::cerr << "Error signing with default key" << std::endl;
return -1;
}
- catch (SecTpm::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return -1;
- }
- catch (SecPublicInfo::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return -1;
- }
+
+ std::cout.write(reinterpret_cast<const char*>(signature.getValue().wire()),
+ signature.getValue().size());
}
return 0;
diff --git a/tools/ndnsec-set-acl.hpp b/tools/ndnsec-set-acl.hpp
index 2d64aca..7851322 100644
--- a/tools/ndnsec-set-acl.hpp
+++ b/tools/ndnsec-set-acl.hpp
@@ -16,11 +16,11 @@
using namespace ndn;
namespace po = boost::program_options;
- std::string keyName;
+ std::string keyName;
std::string appPath;
- po::options_description desc("General Usage\n ndnsec set-acl [-h] keyName appPath \nGeneral options");
- desc.add_options()
+ po::options_description description("General Usage\n ndnsec set-acl [-h] keyName appPath \nGeneral options");
+ description.add_options()
("help,h", "produce help message")
("keyName,k", po::value<std::string>(&keyName), "Key name.")
("appPath,p", po::value<std::string>(&appPath), "Application path.")
@@ -33,39 +33,39 @@
po::variables_map vm;
try
{
- po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
po::notify(vm);
}
- catch (std::exception &e)
+ catch (std::exception& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
return 1;
}
- if (vm.count("help"))
+ if (vm.count("help") != 0)
{
- std::cerr << desc << std::endl;
+ std::cerr << description << std::endl;
return 0;
}
- try
+ if (vm.count("keyName") == 0)
{
- KeyChain keyChain;
- keyChain.addAppToACL(keyName, KEY_CLASS_PRIVATE, appPath, ACL_TYPE_PRIVATE);
-
- }
- catch(const SecTpm::Error& e)
- {
- std::cerr << e.what() << std::endl;
- return 1;
- }
- catch(const SecPublicInfo::Error& e)
- {
- std::cerr << e.what() << std::endl;
+ std::cerr << "ERROR: keyName is required!" << std::endl;
+ std::cerr << description << std::endl;
return 1;
}
-
+ if (vm.count("appPath") == 0)
+ {
+ std::cerr << "ERROR: appPath is required!" << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
+
+ KeyChain keyChain;
+ keyChain.addAppToACL(keyName, KEY_CLASS_PRIVATE, appPath, ACL_TYPE_PRIVATE);
+
return 0;
}
diff --git a/tools/ndnsec-set-default.hpp b/tools/ndnsec-set-default.hpp
index 86c831a..7003afc 100644
--- a/tools/ndnsec-set-default.hpp
+++ b/tools/ndnsec-set-default.hpp
@@ -8,86 +8,87 @@
#ifndef NDNSEC_SET_DEFAULT_HPP
#define NDNSEC_SET_DEFAULT_HPP
-int
-ndnsec_set_default(int argc, char** argv)
+int
+ndnsec_set_default(int argc, char** argv)
{
using namespace ndn;
namespace po = boost::program_options;
std::string certFileName;
- bool setDefaultId = true;
- bool setDefaultKey = false;
- bool setDefaultCert = false;
+ bool isSetDefaultId = true;
+ bool isSetDefaultKey = false;
+ bool isSetDefaultCert = false;
std::string name;
- po::options_description desc("General Usage\n ndnsec set-default [-h] [-K|C] name\nGeneral options");
- desc.add_options()
+ po::options_description description("General Usage\n ndnsec set-default [-h] [-k|c] name\nGeneral options");
+ description.add_options()
("help,h", "produce help message")
- ("default_key,K", "set default key of the identity")
- ("default_cert,C", "set default certificate of the key")
+ ("default_key,k", "set default key of the identity")
+ ("default_cert,c", "set default certificate of the key")
("name,n", po::value<std::string>(&name), "the name to set")
;
po::positional_options_description p;
p.add("name", 1);
po::variables_map vm;
- po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
-
- po::notify(vm);
-
- if (vm.count("help"))
+ try
{
- std::cerr << desc << std::endl;
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
+ po::notify(vm);
+ }
+ catch (const std::exception& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
+
+ if (vm.count("help") != 0)
+ {
+ std::cerr << description << std::endl;
return 0;
}
- try
+ if (vm.count("name") == 0)
{
- KeyChain keyChain;
-
- if (vm.count("default_key"))
- {
- setDefaultKey = true;
- setDefaultId = false;
- }
- else if(vm.count("default_cert"))
- {
- setDefaultCert = true;
- setDefaultId = false;
- }
-
- if (setDefaultId)
- {
- Name idName(name);
- keyChain.setDefaultIdentity(idName);
- return 0;
- }
- if (setDefaultKey)
- {
- Name keyName(name);
- keyChain.setDefaultKeyNameForIdentity(keyName);
- return 0;
- }
-
- if (setDefaultCert)
- {
- keyChain.setDefaultCertificateNameForKey(name);
- return 0;
- }
-
- return 1;
-
- }
- catch(SecPublicInfo::Error& e)
- {
- std::cerr << e.what() << std::endl;
- return 1;
- }
- catch(SecTpm::Error& e)
- {
- std::cerr << e.what() << std::endl;
+ std::cerr << "ERROR: name is required!" << std::endl;
+ std::cerr << description << std::endl;
return 1;
}
+ KeyChain keyChain;
+
+ if (vm.count("default_key") != 0)
+ {
+ isSetDefaultKey = true;
+ isSetDefaultId = false;
+ }
+ else if (vm.count("default_cert") != 0)
+ {
+ isSetDefaultCert = true;
+ isSetDefaultId = false;
+ }
+
+ if (isSetDefaultId)
+ {
+ Name idName(name);
+ keyChain.setDefaultIdentity(idName);
+ return 0;
+ }
+ if (isSetDefaultKey)
+ {
+ Name keyName(name);
+ keyChain.setDefaultKeyNameForIdentity(keyName);
+ return 0;
+ }
+
+ if (isSetDefaultCert)
+ {
+ keyChain.setDefaultCertificateNameForKey(name);
+ return 0;
+ }
+
+ return 1;
}
#endif //NDNSEC_SET_DEFAULT_HPP
diff --git a/tools/ndnsec-sign-req.hpp b/tools/ndnsec-sign-req.hpp
index 54a5c9a..1072372 100644
--- a/tools/ndnsec-sign-req.hpp
+++ b/tools/ndnsec-sign-req.hpp
@@ -10,8 +10,8 @@
#include "ndnsec-util.hpp"
-int
-ndnsec_sign_req(int argc, char** argv)
+int
+ndnsec_sign_req(int argc, char** argv)
{
using namespace ndn;
namespace po = boost::program_options;
@@ -19,8 +19,8 @@
std::string name;
bool isKeyName = false;
- po::options_description desc("General Usage\n ndnsec sign-req [-h] [-k] name\nGeneral options");
- desc.add_options()
+ po::options_description description("General Usage\n ndnsec sign-req [-h] [-k] name\nGeneral options");
+ description.add_options()
("help,h", "produce help message")
("key,k", "optional, if specified, name is keyName (e.g. /ndn/edu/ucla/alice/ksk-123456789), otherwise identity name")
("name,n", po::value<std::string>(&name), "name, for example, /ndn/edu/ucla/alice")
@@ -30,71 +30,51 @@
p.add("name", 1);
po::variables_map vm;
- try {
- po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
- po::notify(vm);
- }
- catch(const std::exception &e) {
- std::cerr << "ERROR: " << e.what() << std::endl;
- std::cerr << desc << std::endl;
- return 1;
- }
-
- if (vm.count("help"))
+ try
{
- std::cerr << desc << std::endl;
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
+ po::notify(vm);
+ }
+ catch (const std::exception& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
+
+ if (vm.count("help") != 0)
+ {
+ std::cerr << description << std::endl;
return 0;
}
- if (0 == vm.count("name"))
+ if (vm.count("name") == 0)
{
- std::cerr << "identity_name must be specified" << std::endl;
- std::cerr << desc << std::endl;
+ std::cerr << "ERROR: name must be specified" << std::endl;
+ std::cerr << description << std::endl;
return 1;
}
-
- if (vm.count("key"))
+
+ if (vm.count("key") != 0)
isKeyName = true;
shared_ptr<IdentityCertificate> selfSignCert;
- try
+ KeyChain keyChain;
+
+ if (isKeyName)
{
- KeyChain keyChain;
-
- if(isKeyName)
- {
- selfSignCert = keyChain.selfSign(name);
- }
- else
- {
- Name keyName = keyChain.getDefaultKeyNameForIdentity(name);
- selfSignCert = keyChain.selfSign(keyName);
- }
+ selfSignCert = keyChain.selfSign(name);
}
- catch(SecPublicInfo::Error& e)
+ else
{
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
- catch(SecTpm::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
+ Name keyName = keyChain.getDefaultKeyNameForIdentity(name);
+ selfSignCert = keyChain.selfSign(keyName);
}
- try
- {
- using namespace CryptoPP;
- StringSource ss(selfSignCert->wireEncode().wire(), selfSignCert->wireEncode().size(), true,
- new Base64Encoder(new FileSink(std::cout), true, 64));
- }
- catch(CryptoPP::Exception& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
-
+ io::save(*selfSignCert, std::cout);
+
return 0;
}
diff --git a/tools/ndnsec-unlock-tpm.hpp b/tools/ndnsec-unlock-tpm.hpp
index 3ee4d7c..5d2dcff 100644
--- a/tools/ndnsec-unlock-tpm.hpp
+++ b/tools/ndnsec-unlock-tpm.hpp
@@ -16,48 +16,43 @@
using namespace ndn;
namespace po = boost::program_options;
- std::string keyName;
- std::string appPath;
+ std::string keyName;
- po::options_description desc("General Usage\n ndnsec unlock-tpm [-h] \nGeneral options");
- desc.add_options()
+ po::options_description description("General Usage\n ndnsec unlock-tpm [-h] \nGeneral options");
+ description.add_options()
("help,h", "produce help message")
;
po::variables_map vm;
- po::store(po::parse_command_line(argc, argv, desc), vm);
- po::notify(vm);
- if (vm.count("help"))
- {
- std::cerr << desc << std::endl;
- return 0;
- }
-
- bool res = false;
-
try
{
- KeyChain keyChain;
-
- char* password;
- password = getpass("Password to unlock the TPM: ");
- res = keyChain.unlockTpm(password, strlen(password), true);
- memset(password, 0, strlen(password));
-
+ po::store(po::parse_command_line(argc, argv, description), vm);
+ po::notify(vm);
}
- catch(const SecPublicInfo::Error& e)
+ catch (const std::exception& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
- catch(const SecTpm::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
+ std::cerr << description << std::endl;
return 1;
}
- if(res)
+ if (vm.count("help") != 0)
+ {
+ std::cerr << description << std::endl;
+ return 0;
+ }
+
+ bool isUnlocked = false;
+
+ KeyChain keyChain;
+
+ char* password;
+ password = getpass("Password to unlock the TPM: ");
+ isUnlocked = keyChain.unlockTpm(password, strlen(password), true);
+ memset(password, 0, strlen(password));
+
+ if (isUnlocked)
{
std::cerr << "OK: TPM is unlocked" << std::endl;
return 0;
diff --git a/tools/ndnsec-util.hpp b/tools/ndnsec-util.hpp
index f2fc390..0934d90 100644
--- a/tools/ndnsec-util.hpp
+++ b/tools/ndnsec-util.hpp
@@ -31,27 +31,27 @@
bool
getPassword(std::string& password, const std::string& prompt)
{
- int result = false;
+ bool isReady = false;
- char* pw0 = NULL;
+ char* pw0 = 0;
pw0 = getpass(prompt.c_str());
- if(!pw0)
+ if (!pw0)
return false;
std::string password1 = pw0;
memset(pw0, 0, strlen(pw0));
pw0 = getpass("Confirm:");
- if(!pw0)
+ if (!pw0)
{
char* pw1 = const_cast<char*>(password1.c_str());
memset(pw1, 0, password1.size());
return false;
}
- if(!password1.compare(pw0))
+ if (!password1.compare(pw0))
{
- result = true;
+ isReady = true;
password.swap(password1);
}
@@ -59,17 +59,17 @@
memset(pw1, 0, password1.size());
memset(pw0, 0, strlen(pw0));
- if(password.empty())
+ if (password.empty())
return false;
- return result;
+ return isReady;
}
ndn::shared_ptr<ndn::IdentityCertificate>
getIdentityCertificate(const std::string& fileName)
{
- if(fileName == "-")
+ if (fileName == "-")
return ndn::io::load<ndn::IdentityCertificate>(std::cin);
else
return ndn::io::load<ndn::IdentityCertificate>(fileName);
diff --git a/tools/ndnsec.cpp b/tools/ndnsec.cpp
index db1f50b..24026e0 100644
--- a/tools/ndnsec.cpp
+++ b/tools/ndnsec.cpp
@@ -31,7 +31,6 @@
get-default Get default setting info.\n\
set-default Configure default setting.\n\
key-gen Generate a Key-Signing-Key for an identity.\n\
- dsk-gen Generate a Data-Signing-Key for an identity.\n\
sign-req Generate a certificate signing request.\n\
cert-gen Generate an identity certificate.\n\
cert-dump Dump a certificate from PublicInfo.\n\
@@ -48,35 +47,42 @@
int
main(int argc, char** argv)
{
- if (argc < 1)
+ if (argc < 2)
{
std::cerr << ndnsec_helper << std::endl;
return 1;
}
std::string command(argv[1]);
-
- if (command == "help") { std::cerr << ndnsec_helper << std::endl; }
- else if (command == "list") { return ndnsec_list(argc - 1, argv + 1); }
- else if (command == "get-default") { return ndnsec_get_default(argc - 1, argv + 1); }
- else if (command == "set-default") { return ndnsec_set_default(argc - 1, argv + 1); }
- else if (command == "key-gen") { return ndnsec_key_gen(argc - 1, argv + 1); }
- else if (command == "dsk-gen") { return ndnsec_dsk_gen(argc - 1, argv + 1); }
- else if (command == "sign-req") { return ndnsec_sign_req(argc - 1, argv + 1); }
- else if (command == "cert-gen") { return ndnsec_cert_gen(argc - 1, argv + 1); }
- else if (command == "cert-dump") { return ndnsec_cert_dump(argc - 1, argv + 1); }
- else if (command == "cert-install") { return ndnsec_cert_install(argc - 1, argv + 1); }
- else if (command == "delete") { return ndnsec_delete(argc - 1, argv + 1); }
- else if (command == "export") { return ndnsec_export(argc - 1, argv + 1); }
- else if (command == "import") { return ndnsec_import(argc - 1, argv + 1); }
- else if (command == "sig-verify") { return ndnsec_sig_verify(argc - 1, argv + 1); }
- else if (command == "set-acl") { return ndnsec_set_acl(argc - 1, argv + 1); }
- else if (command == "unlock-tpm") { return ndnsec_unlock_tpm(argc - 1, argv + 1); }
- else if (command == "op-tool") { return ndnsec_op_tool(argc - 1, argv + 1); }
- else {
- std::cerr << ndnsec_helper << std::endl;
- return 1;
- }
+
+ try
+ {
+ if (command == "help") { std::cerr << ndnsec_helper << std::endl; }
+ else if (command == "list") { return ndnsec_list(argc - 1, argv + 1); }
+ else if (command == "get-default") { return ndnsec_get_default(argc - 1, argv + 1); }
+ else if (command == "set-default") { return ndnsec_set_default(argc - 1, argv + 1); }
+ else if (command == "key-gen") { return ndnsec_key_gen(argc - 1, argv + 1); }
+ else if (command == "sign-req") { return ndnsec_sign_req(argc - 1, argv + 1); }
+ else if (command == "cert-gen") { return ndnsec_cert_gen(argc - 1, argv + 1); }
+ else if (command == "cert-dump") { return ndnsec_cert_dump(argc - 1, argv + 1); }
+ else if (command == "cert-install") { return ndnsec_cert_install(argc - 1, argv + 1); }
+ else if (command == "delete") { return ndnsec_delete(argc - 1, argv + 1); }
+ else if (command == "export") { return ndnsec_export(argc - 1, argv + 1); }
+ else if (command == "import") { return ndnsec_import(argc - 1, argv + 1); }
+ else if (command == "sig-verify") { return ndnsec_sig_verify(argc - 1, argv + 1); }
+ else if (command == "set-acl") { return ndnsec_set_acl(argc - 1, argv + 1); }
+ else if (command == "unlock-tpm") { return ndnsec_unlock_tpm(argc - 1, argv + 1); }
+ else if (command == "op-tool") { return ndnsec_op_tool(argc - 1, argv + 1); }
+ else {
+ std::cerr << ndnsec_helper << std::endl;
+ return 1;
+ }
+ }
+ catch (const std::runtime_error& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ return 1;
+ }
return 0;
}