| /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
| /* |
| * Copyright (c) 2013-2021 Regents of the University of California. |
| * |
| * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
| * |
| * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| * terms of the GNU Lesser General Public License as published by the Free Software |
| * Foundation, either version 3 of the License, or (at your option) any later version. |
| * |
| * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| * |
| * You should have received copies of the GNU General Public License and GNU Lesser |
| * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| * <http://www.gnu.org/licenses/>. |
| * |
| * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
| */ |
| |
| #include "ndnsec.hpp" |
| #include "util.hpp" |
| |
| #include "ndn-cxx/encoding/buffer-stream.hpp" |
| #include "ndn-cxx/security/transform/base64-decode.hpp" |
| #include "ndn-cxx/security/transform/stream-sink.hpp" |
| #include "ndn-cxx/security/transform/stream-source.hpp" |
| |
| #include <boost/asio/ip/tcp.hpp> |
| #if BOOST_VERSION < 106700 |
| #include <boost/date_time/posix_time/posix_time_duration.hpp> |
| #endif // BOOST_VERSION < 106700 |
| |
| namespace ndn { |
| namespace ndnsec { |
| |
| class HttpException : public std::runtime_error |
| { |
| public: |
| explicit |
| HttpException(const std::string& what) |
| : std::runtime_error(what) |
| { |
| } |
| }; |
| |
| static security::Certificate |
| getCertificateHttp(const std::string& host, const std::string& port, const std::string& path) |
| { |
| boost::asio::ip::tcp::iostream requestStream; |
| #if BOOST_VERSION >= 106700 |
| requestStream.expires_after(std::chrono::seconds(10)); |
| #else |
| requestStream.expires_from_now(boost::posix_time::seconds(10)); |
| #endif // BOOST_VERSION >= 106700 |
| |
| requestStream.connect(host, port); |
| if (!requestStream) { |
| NDN_THROW(HttpException("HTTP connection error")); |
| } |
| |
| requestStream << "GET " << path << " HTTP/1.0\r\n"; |
| requestStream << "Host: " << host << "\r\n"; |
| requestStream << "Accept: */*\r\n"; |
| requestStream << "Cache-Control: no-cache\r\n"; |
| requestStream << "Connection: close\r\n\r\n"; |
| requestStream.flush(); |
| |
| std::string statusLine; |
| std::getline(requestStream, statusLine); |
| if (!requestStream) { |
| NDN_THROW(HttpException("HTTP communication error")); |
| } |
| |
| std::stringstream responseStream(statusLine); |
| std::string httpVersion; |
| responseStream >> httpVersion; |
| unsigned int statusCode; |
| responseStream >> statusCode; |
| std::string statusMessage; |
| |
| std::getline(responseStream, statusMessage); |
| if (!requestStream || httpVersion.substr(0, 5) != "HTTP/") { |
| NDN_THROW(HttpException("HTTP communication error")); |
| } |
| if (statusCode != 200) { |
| NDN_THROW(HttpException("HTTP server error")); |
| } |
| std::string header; |
| while (std::getline(requestStream, header) && header != "\r") |
| ; |
| |
| OBufferStream os; |
| { |
| using namespace ndn::security::transform; |
| streamSource(requestStream) >> base64Decode(true) >> streamSink(os); |
| } |
| |
| return security::Certificate(Block(os.buf())); |
| } |
| |
| int |
| ndnsec_cert_install(int argc, char** argv) |
| { |
| namespace po = boost::program_options; |
| |
| std::string certFile; |
| bool isIdentityDefault = false; |
| bool isKeyDefault = false; |
| bool isNoDefault = false; |
| |
| po::options_description description( |
| "Usage: ndnsec cert-install [-h] [-I|-K|-N] [-f] FILE\n" |
| "\n" |
| "Options"); |
| description.add_options() |
| ("help,h", "produce help message") |
| ("cert-file,f", po::value<std::string>(&certFile), |
| "file name of the certificate to be imported, '-' for stdin; " |
| "if it starts with 'http://', the certificate will be fetched " |
| "using a plain HTTP/1.0 GET request") |
| ("identity-default,I", po::bool_switch(&isIdentityDefault), |
| "set the imported certificate as the default certificate for the identity") |
| ("key-default,K", po::bool_switch(&isKeyDefault), |
| "set the imported certificate as the default certificate for the key") |
| ("no-default,N", po::bool_switch(&isNoDefault), |
| "do not change any default settings") |
| ; |
| |
| po::positional_options_description p; |
| p.add("cert-file", 1); |
| |
| po::variables_map vm; |
| try { |
| po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(), vm); |
| po::notify(vm); |
| } |
| catch (const std::exception& e) { |
| std::cerr << "ERROR: " << e.what() << "\n\n" |
| << description << std::endl; |
| return 2; |
| } |
| |
| if (vm.count("help") > 0) { |
| std::cout << description << std::endl; |
| return 0; |
| } |
| |
| if (vm.count("cert-file") == 0) { |
| std::cerr << "ERROR: you must specify a file name" << std::endl; |
| return 2; |
| } |
| |
| if (isIdentityDefault + isKeyDefault + isNoDefault > 1) { |
| std::cerr << "ERROR: at most one of '--identity-default', '--key-default', " |
| "or '--no-default' may be specified" << std::endl; |
| return 2; |
| } |
| |
| security::Certificate cert; |
| if (certFile.find("http://") == 0) { |
| try { |
| std::string host; |
| std::string port; |
| std::string path; |
| |
| size_t pos = 7; // offset of "http://" |
| size_t posSlash = certFile.find('/', pos); |
| |
| if (posSlash == std::string::npos) |
| NDN_THROW(HttpException("Request line is not correctly formatted")); |
| |
| size_t posPort = certFile.find(':', pos); |
| if (posPort != std::string::npos && posPort < posSlash) { |
| // port is specified |
| port = certFile.substr(posPort + 1, posSlash - posPort - 1); |
| host = certFile.substr(pos, posPort - pos); |
| } |
| else { |
| port = "80"; |
| host = certFile.substr(pos, posSlash - pos); |
| } |
| |
| path = certFile.substr(posSlash, certFile.size() - posSlash); |
| |
| cert = getCertificateHttp(host, port, path); |
| } |
| catch (const std::runtime_error& e) { |
| std::cerr << "ERROR: Cannot download the certificate from '" << certFile |
| << "': " << e.what() << std::endl; |
| return 1; |
| } |
| } |
| else { |
| cert = loadFromFile<security::Certificate>(certFile); |
| } |
| |
| KeyChain keyChain; |
| |
| auto id = keyChain.getPib().getIdentity(cert.getIdentity()); |
| auto key = id.getKey(cert.getKeyName()); |
| |
| keyChain.addCertificate(key, cert); |
| |
| if (isIdentityDefault) { |
| keyChain.setDefaultKey(id, key); |
| keyChain.setDefaultCertificate(key, cert); |
| } |
| else if (isKeyDefault) { |
| keyChain.setDefaultCertificate(key, cert); |
| } |
| else if (!isNoDefault) { |
| keyChain.setDefaultIdentity(id); |
| keyChain.setDefaultKey(id, key); |
| keyChain.setDefaultCertificate(key, cert); |
| } |
| |
| std::cerr << "OK: certificate with name [" << cert.getName().toUri() << "] " |
| << "has been successfully installed" << std::endl; |
| |
| return 0; |
| } |
| |
| } // namespace ndnsec |
| } // namespace ndn |