blob: f23eb7a40fda45256468109ba7b5ba30a8242458 [file] [log] [blame]
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
/*
* Copyright (c) 2013, Regents of the University of California
* BSD license, See the LICENSE file for more information
* Author: Yingdi Yu <yingdi@cs.ucla.edu>
*/
#ifndef NDNSEC_CERT_INSTALL_HPP
#define NDNSEC_CERT_INSTALL_HPP
#include "ndnsec-util.hpp"
class HttpException : public std::runtime_error
{
public:
explicit
HttpException(const std::string& what)
: std::runtime_error(what)
{
}
};
ndn::shared_ptr<ndn::IdentityCertificate>
getCertificateHttp(const std::string& host, const std::string& port, const std::string& path)
{
using namespace boost::asio::ip;
tcp::iostream requestStream;
requestStream.expires_from_now(boost::posix_time::milliseconds(3000));
requestStream.connect(host, port);
if (!static_cast<bool>(requestStream))
{
throw HttpException("HTTP connection error");
}
requestStream << "GET " << path << " HTTP/1.0\r\n";
requestStream << "Host: " << host << "\r\n";
requestStream << "Accept: */*\r\n";
requestStream << "Cache-Control: no-cache\r\n";
requestStream << "Connection: close\r\n\r\n";
requestStream.flush();
std::string statusLine;
std::getline(requestStream, statusLine);
if (!static_cast<bool>(requestStream))
{
throw HttpException("HTTP communication error");
}
std::stringstream responseStream(statusLine);
std::string httpVersion;
responseStream >> httpVersion;
unsigned int statusCode;
responseStream >> statusCode;
std::string statusMessage;
std::getline(responseStream, statusMessage);
if (!static_cast<bool>(requestStream) || httpVersion.substr(0, 5) != "HTTP/")
{
throw HttpException("HTTP communication error");
}
if (statusCode != 200)
{
throw HttpException("HTTP server error");
}
std::string header;
while (std::getline(requestStream, header) && header != "\r")
;
ndn::OBufferStream os;
{
using namespace CryptoPP;
FileSource ss2(requestStream, true, new Base64Decoder(new FileSink(os)));
}
ndn::shared_ptr<ndn::IdentityCertificate> identityCertificate =
ndn::make_shared<ndn::IdentityCertificate>();
identityCertificate->wireDecode(ndn::Block(os.buf()));
return identityCertificate;
}
int
ndnsec_cert_install(int argc, char** argv)
{
using namespace ndn;
namespace po = boost::program_options;
std::string certFileName;
bool isSystemDefault = true;
bool isIdentityDefault = false;
bool isKeyDefault = false;
po::options_description description("General Usage\n ndnsec cert-install [-h] [-I|K|N] cert-file\nGeneral options");
description.add_options()
("help,h", "produce help message")
("cert-file,f", po::value<std::string>(&certFileName), "file name of the ceritificate, - for stdin. "
"If starts with http://, will try to fetch "
"the certificate using HTTP GET request")
("identity-default,I", "optional, if specified, the certificate will be set as the default certificate of the identity")
("key-default,K", "optional, if specified, the certificate will be set as the default certificate of the key")
("no-default,N", "optional, if specified, the certificate will be simply installed")
;
po::positional_options_description p;
p.add("cert-file", 1);
po::variables_map vm;
try
{
po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
vm);
po::notify(vm);
}
catch (const std::exception& e)
{
std::cerr << "ERROR: " << e.what() << std::endl;
return 1;
}
if (vm.count("help") != 0)
{
std::cerr << description << std::endl;
return 0;
}
if (vm.count("cert-file") == 0)
{
std::cerr << "cert_file must be specified" << std::endl;
std::cerr << description << std::endl;
return 1;
}
if (vm.count("identity-default") != 0)
{
isIdentityDefault = true;
isSystemDefault = false;
}
else if (vm.count("key-default") != 0)
{
isKeyDefault = true;
isSystemDefault = false;
}
else if (vm.count("no-default") != 0)
{
// noDefault = true;
isSystemDefault = false;
}
shared_ptr<IdentityCertificate> cert;
if (certFileName.find("http://") == 0)
{
std::string host;
std::string port;
std::string path;
size_t pos = 7; // offset of "http://"
size_t posSlash = certFileName.find("/", pos);
if (posSlash == std::string::npos)
throw HttpException("Request line is not correctly formatted");
size_t posPort = certFileName.find(":", pos);
if (posPort != std::string::npos && posPort < posSlash) // port is specified
{
port = certFileName.substr(posPort + 1, posSlash - posPort - 1);
host = certFileName.substr(pos, posPort - pos);
}
else
{
port = "80";
host = certFileName.substr(pos, posSlash - pos);
}
path = certFileName.substr(posSlash, certFileName.size () - posSlash);
cert = getCertificateHttp(host, port, path);
}
else
{
cert = getIdentityCertificate(certFileName);
}
if (!static_cast<bool>(cert))
return 1;
KeyChain keyChain;
if (isSystemDefault)
{
keyChain.addCertificateAsIdentityDefault(*cert);
Name keyName = cert->getPublicKeyName();
Name identity = keyName.getSubName(0, keyName.size()-1);
keyChain.setDefaultIdentity(identity);
}
else if (isIdentityDefault)
{
keyChain.addCertificateAsIdentityDefault(*cert);
}
else if (isKeyDefault)
{
keyChain.addCertificateAsKeyDefault(*cert);
}
else
{
keyChain.addCertificate(*cert);
}
std::cerr << "OK: certificate with name ["
<< cert->getName().toUri()
<< "] has been successfully installed"
<< std::endl;
return 0;
}
#endif //NDNSEC_CERT_INSTALL_HPP