commit e6bfab24af1d8680df4d130145cdcde987d74867
author Yingdi Yu <yuyingdi@gmail.com> Thu Feb 06 16:01:19 2014 -0800
committer Alexander Afanasyev <alexander.afanasyev@ucla.edu> Thu Feb 06 20:11:32 2014 -0800
tree a3354992f76998ca5ef3d20a55c1cd0156bedb82
parent a4e57673744103d4ce5f78fc2f7ee6b46d399e37

tools: Add security tools; Add waf build options for tools.

Change-Id: I058510acc1a0361fed43d94c7a0b545416a9efb4

tools/ndnsec-install-cert.cpp

diff --git a/tools/ndnsec-install-cert.cpp b/tools/ndnsec-install-cert.cpp
new file mode 100644
index 0000000..4bcd4a2
--- /dev/null
+++ b/tools/ndnsec-install-cert.cpp
@@ -0,0 +1,261 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/*
+ * Copyright (c) 2013, Regents of the University of California
+ *                     Yingdi Yu
+ *
+ * BSD license, See the LICENSE file for more information
+ *
+ * Author: Yingdi Yu <yingdi@cs.ucla.edu>
+ */
+
+#include <iostream>
+#include <fstream>
+
+#include <boost/program_options/options_description.hpp>
+#include <boost/program_options/variables_map.hpp>
+#include <boost/program_options/parsers.hpp>
+#include <boost/date_time/posix_time/posix_time.hpp>
+#include <boost/asio.hpp>
+
+#include <cryptopp/base64.h>
+#include <cryptopp/files.h>
+
+#include "security/key-chain.hpp"
+
+using namespace std;
+using namespace ndn;
+namespace po = boost::program_options;
+
+ptr_lib::shared_ptr<IdentityCertificate>
+getCertificate(const string& fileName)
+{
+  istream* ifs;
+  if(fileName == string("-"))
+    ifs = &cin;
+  else
+    ifs = new ifstream(fileName.c_str());
+
+  string decoded;
+  CryptoPP::FileSource ss2(*ifs, true,
+                           new CryptoPP::Base64Decoder(new CryptoPP::StringSink(decoded)));
+
+  ptr_lib::shared_ptr<IdentityCertificate> identityCertificate = ptr_lib::make_shared<IdentityCertificate>();
+  identityCertificate->wireDecode(Block(decoded.c_str(), decoded.size()));
+
+  return identityCertificate;
+}
+
+struct HttpException : public std::exception
+{
+  HttpException(const std::string &reason)
+    : m_reason(reason)
+  {
+  }
+  ~HttpException() throw()
+  {
+  }
+
+  const char* what() const throw()
+  {
+    return m_reason.c_str();
+  }
+
+private:
+  std::string m_reason;
+};
+
+ptr_lib::shared_ptr<IdentityCertificate>
+getCertificateHttp(const std::string &host, const std::string &port, const std::string &path)
+{
+  using namespace boost::asio::ip;
+  tcp::iostream request_stream;
+#if (BOOST_VERSION >= 104700)
+  request_stream.expires_from_now(boost::posix_time::milliseconds(3000));
+#endif
+  request_stream.connect(host,port);
+  if(!request_stream)
+    {
+      throw HttpException("HTTP connection error");
+    }
+  request_stream << "GET " << path << " HTTP/1.0\r\n";
+  request_stream << "Host: " << host << "\r\n";
+  request_stream << "Accept: */*\r\n";
+  request_stream << "Cache-Control: no-cache\r\n";
+  request_stream << "Connection: close\r\n\r\n";
+  request_stream.flush();
+
+  std::string line1;
+  std::getline(request_stream,line1);
+  if (!request_stream)
+    {
+      throw HttpException("HTTP communication error");
+    }
+
+  std::stringstream response_stream(line1);
+  std::string http_version;
+  response_stream >> http_version;
+  unsigned int status_code;
+  response_stream >> status_code;
+  std::string status_message;
+
+  std::getline(response_stream,status_message);
+  if (!response_stream || http_version.substr(0,5)!="HTTP/")
+    {
+      throw HttpException("HTTP communication error");
+    }
+  if (status_code!=200)
+    {
+      throw HttpException("HTTP server error");
+    }
+  std::string header;
+  while (std::getline(request_stream, header) && header != "\r") ;
+
+
+  string decoded;
+  CryptoPP::FileSource ss2(request_stream, true,
+                           new CryptoPP::Base64Decoder(new CryptoPP::StringSink(decoded)));
+
+  ptr_lib::shared_ptr<IdentityCertificate> identityCertificate = ptr_lib::make_shared<IdentityCertificate>();
+  identityCertificate->wireDecode(Block(decoded.c_str(), decoded.size()));
+
+  return identityCertificate;
+}
+
+int main(int argc, char** argv)
+{
+  string certFileName;
+  bool systemDefault = true;
+  bool identityDefault = false;
+  bool keyDefault = false;
+  bool noDefault = false;
+  bool any = false;
+
+  po::options_description desc("General Usage\n  ndn-install-cert [-h] [-I|K|N] cert-file\nGeneral options");
+  desc.add_options()
+    ("help,h", "produce help message")
+    ("cert-file,f", po::value<string>(&certFileName), "file name of the ceritificate, - for stdin. "
+                                                      "If starts with http://, will try to fetch "
+                                                      "the certificate using HTTP GET request")
+    ("identity-default,I", "optional, if specified, the certificate will be set as the default certificate of the identity")
+    ("key-default,K", "optional, if specified, the certificate will be set as the default certificate of the key")
+    ("no-default,N", "optional, if specified, the certificate will be simply installed")
+    ;
+  po::positional_options_description p;
+  p.add("cert-file", 1);
+
+  po::variables_map vm;
+  try
+    {
+      po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
+      po::notify(vm);
+    }
+  catch (exception &e)
+    {
+      cerr << "ERROR: " << e.what() << endl;
+      return 1;
+    }
+
+  if (vm.count("help"))
+    {
+      cerr << desc << endl;
+      return 1;
+    }
+
+  if (0 == vm.count("cert-file"))
+    {
+      cerr << "cert_file must be specified" << endl;
+      cerr << desc << endl;
+      return 1;
+    }
+
+  if (vm.count("identity-default"))
+    {
+      identityDefault = true;
+      systemDefault = false;
+    }
+  else if (vm.count("key-default"))
+    {
+      keyDefault = true;
+      systemDefault = false;
+    }
+  else if (vm.count("no-default"))
+    {
+      noDefault = true;
+      systemDefault = false;
+    }
+
+  try
+    {
+      ptr_lib::shared_ptr<IdentityCertificate> cert;
+
+      if(certFileName.find("http://") == 0)
+        {
+          string host;
+          string port;
+          string path;
+
+          size_t pos = 7;
+          size_t posSlash = certFileName.find ("/", pos);
+
+          if (posSlash == string::npos)
+            throw HttpException("Request line is not correctly formatted");
+
+          size_t posPort = certFileName.find (":", pos);
+
+          if (posPort != string::npos && posPort < posSlash) // port is specified
+            {
+              port = certFileName.substr (posPort + 1, posSlash - posPort - 1);
+              host = certFileName.substr (pos, posPort-pos);
+            }
+          else
+            {
+              port = "80";
+              host = certFileName.substr (pos, posSlash-pos);
+            }
+
+          path = certFileName.substr (posSlash, certFileName.size () - posSlash);
+
+          cert = getCertificateHttp(host, port, path);
+        }
+      else
+        {
+          cert = getCertificate(certFileName);
+        }
+
+      KeyChain keyChain;
+
+      if(systemDefault)
+        {
+          keyChain.addCertificateAsIdentityDefault(*cert);
+          Name keyName = cert->getPublicKeyName();
+          Name identity = keyName.getSubName(0, keyName.size()-1);
+          keyChain.setDefaultIdentity(identity);
+        }
+      else if(identityDefault)
+        {
+          keyChain.addCertificateAsIdentityDefault(*cert);
+        }
+      else if(keyDefault)
+        {
+          keyChain.addCertificateAsKeyDefault(*cert);
+        }
+      else
+        {
+          keyChain.addCertificate(*cert);
+        }
+
+      cout << "OK: certificate with name [" << cert->getName().toUri() << "] has been successfully installed" << endl;
+
+      return 0;
+    }
+  catch(std::exception &e)
+    {
+      cerr << "ERROR: " << e.what() << endl;
+      return 1;
+    }
+  catch(...)
+    {
+      cerr << "ERROR: unknown error" << endl;
+      return 1;
+    }
+}