docs+tools: improve ndnsec help, error messages, and manual page

Exit with status code 2 on malformed command line

Refs: #3777
Change-Id: Id682a5d69c15c74cfa1903db38b5389936f5be58
diff --git a/docs/conf.py b/docs/conf.py
index 9e76dff..82688a1 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -65,7 +65,7 @@
 
 # General information about the project.
 project = u'ndn-cxx: NDN C++ library with eXperimental eXtensions'
-copyright = u'Copyright (c) 2013-2018 Regents of the University of California.'
+copyright = u'Copyright (c) 2013-2019 Regents of the University of California.'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
@@ -239,23 +239,27 @@
 # One entry per manual page. List of tuples
 # (source start file, name, description, authors, manual section).
 man_pages = [
-    ('manpages/ndnsec', 'ndnsec', u'NDN security tools', None, 1),
-    ('manpages/ndnsec-cert-dump',    'ndnsec-cert-dump',   'part of NDN security tools', None, 1),
-    ('manpages/ndnsec-cert-gen',     'ndnsec-cert-gen',    'part of NDN security tools', None, 1),
-    ('manpages/ndnsec-cert-install', 'ndnsec-cert-instal', 'part of NDN security tools', None, 1),
-    ('manpages/ndnsec-delete',       'ndnsec-delete',      'part of NDN security tools', None, 1),
+    ('manpages/ndnsec',              'ndnsec',              'NDN security toolkit', None, 1),
+    ('manpages/ndnsec-cert-dump',    'ndnsec-cert-dump',    'export an NDN certificate', None, 1),
+    ('manpages/ndnsec-cert-gen',     'ndnsec-cert-gen',     'create an NDN certificate for an identity', None, 1),
+    ('manpages/ndnsec-cert-install', 'ndnsec-cert-install', 'import an NDN certificate from a file', None, 1),
+    ('manpages/ndnsec-delete',       'ndnsec-delete',       'delete an NDN identity, key, or certificate', None, 1),
     ('manpages/ndnsec-export',       'ndnsec-export',
-     'export a certificate and its private key to a file', None, 1),
-    ('manpages/ndnsec-get-default',  'ndnsec-get-default', 'part of NDN security tools', None, 1),
+     'export an NDN certificate and its private key to a file', None, 1),
+    ('manpages/ndnsec-get-default',  'ndnsec-get-default',
+     'show the default NDN identity, key, and certificate for the current user', None, 1),
     ('manpages/ndnsec-import',       'ndnsec-import',
-     'import a certificate and its private key from a file', None, 1),
-    ('manpages/ndnsec-key-gen',      'ndnsec-key-gen',     'part of NDN security tools', None, 1),
-    ('manpages/ndnsec-list',         'ndnsec-list',        'part of NDN security tools', None, 1),
-    ('manpages/ndnsec-set-default',  'ndnsec-set-default', 'part of NDN security tools', None, 1),
-    ('manpages/ndnsec-sign-req',     'ndnsec-sign-req',    'part of NDN security tools', None, 1),
-    ('manpages/ndnsec-unlock-tpm',   'ndnsec-unlock-tpm',  'part of NDN security tools', None, 1),
-    ('manpages/ndn-client.conf',     'ndn-client.conf',    'Configuration file for NDN platform', None, 5),
-    ('manpages/ndn-log',             'ndn-log',            'ndn-cxx logging',                     None, 7),
+     'import an NDN certificate and its private key from a file', None, 1),
+    ('manpages/ndnsec-key-gen',      'ndnsec-key-gen',
+     'generate an NDN key for an identity', None, 1),
+    ('manpages/ndnsec-list',         'ndnsec-list',
+     'list all known NDN identities, keys, and certificates', None, 1),
+    ('manpages/ndnsec-set-default',  'ndnsec-set-default',
+     'change the default NDN identity, key, or certificate for the current user', None, 1),
+    ('manpages/ndnsec-sign-req',     'ndnsec-sign-req',     'generate an NDN certificate signing request', None, 1),
+    ('manpages/ndnsec-unlock-tpm',   'ndnsec-unlock-tpm',   'unlock the TPM', None, 1),
+    ('manpages/ndn-client.conf',     'ndn-client.conf',     'configuration file for NDN platform', None, 5),
+    ('manpages/ndn-log',             'ndn-log',             'ndn-cxx logging',                     None, 7),
 ]
 
 
diff --git a/docs/manpages/ndnsec-cert-dump.rst b/docs/manpages/ndnsec-cert-dump.rst
index 0a66d9b..5aa69a9 100644
--- a/docs/manpages/ndnsec-cert-dump.rst
+++ b/docs/manpages/ndnsec-cert-dump.rst
@@ -9,7 +9,7 @@
 
 ::
 
-    $ ndnsec-cert-dump [-h] [-p] [-ikf] name
+    ndnsec-cert-dump [-h] [-p] [-ikf] name
 
 Description
 -----------
diff --git a/docs/manpages/ndnsec-cert-gen.rst b/docs/manpages/ndnsec-cert-gen.rst
index 25c6427..97e8e87 100644
--- a/docs/manpages/ndnsec-cert-gen.rst
+++ b/docs/manpages/ndnsec-cert-gen.rst
@@ -8,7 +8,7 @@
 
 ::
 
-    $ ndnsec-cert-gen [-h] [-S timestamp] [-E timestamp] [-I info] [-s sign-id] [-i issuer-id] request
+    ndnsec-cert-gen [-h] [-S timestamp] [-E timestamp] [-I info] [-s sign-id] [-i issuer-id] request
 
 Description
 -----------
diff --git a/docs/manpages/ndnsec-cert-install.rst b/docs/manpages/ndnsec-cert-install.rst
index 1ca1ddb..a1a98a3 100644
--- a/docs/manpages/ndnsec-cert-install.rst
+++ b/docs/manpages/ndnsec-cert-install.rst
@@ -8,7 +8,7 @@
 
 ::
 
-    $ ndnsec-cert-install [-h] [-IKN] cert-source
+    ndnsec-cert-install [-h] [-IKN] cert-source
 
 Description
 -----------
diff --git a/docs/manpages/ndnsec-export.rst b/docs/manpages/ndnsec-export.rst
index dc94939..7b51ad4 100644
--- a/docs/manpages/ndnsec-export.rst
+++ b/docs/manpages/ndnsec-export.rst
@@ -6,7 +6,7 @@
 
 ::
 
-    $ ndnsec-export [-h] [-o output] identity
+    ndnsec-export [-h] [-o output] identity
 
 Description
 -----------
diff --git a/docs/manpages/ndnsec-get-default.rst b/docs/manpages/ndnsec-get-default.rst
index 48889c8..54da09e 100644
--- a/docs/manpages/ndnsec-get-default.rst
+++ b/docs/manpages/ndnsec-get-default.rst
@@ -8,7 +8,7 @@
 
 ::
 
-    $ ndnsec-get-default [-h] [-kc] [-i identity|-K key] [-q]
+    ndnsec-get-default [-h] [-kc] [-i identity|-K key] [-q]
 
 Description
 -----------
diff --git a/docs/manpages/ndnsec-import.rst b/docs/manpages/ndnsec-import.rst
index c81964a..7dd02ed 100644
--- a/docs/manpages/ndnsec-import.rst
+++ b/docs/manpages/ndnsec-import.rst
@@ -6,7 +6,7 @@
 
 ::
 
-    $ ndnsec-import [-h] input
+    ndnsec-import [-h] input
 
 Description
 -----------
diff --git a/docs/manpages/ndnsec-key-gen.rst b/docs/manpages/ndnsec-key-gen.rst
index 253073b..304f189 100644
--- a/docs/manpages/ndnsec-key-gen.rst
+++ b/docs/manpages/ndnsec-key-gen.rst
@@ -8,7 +8,7 @@
 
 ::
 
-    $ ndnsec-key-gen [-h] [-n] [-d] [-t keyType] identity
+    ndnsec-key-gen [-h] [-n] [-d] [-t keyType] identity
 
 Description
 -----------
diff --git a/docs/manpages/ndnsec-list.rst b/docs/manpages/ndnsec-list.rst
index bc4a316..a3de1a9 100644
--- a/docs/manpages/ndnsec-list.rst
+++ b/docs/manpages/ndnsec-list.rst
@@ -9,7 +9,7 @@
 
 ::
 
-    $ ndnsec-list [-h] [-KkCc]
+    ndnsec-list [-h] [-KkCc]
 
 Description
 -----------
diff --git a/docs/manpages/ndnsec-set-default.rst b/docs/manpages/ndnsec-set-default.rst
index da0c5b5..4af6ad9 100644
--- a/docs/manpages/ndnsec-set-default.rst
+++ b/docs/manpages/ndnsec-set-default.rst
@@ -8,7 +8,7 @@
 
 ::
 
-    $ ndnsec-set-default [-h] [-k|c] name
+    ndnsec-set-default [-h] [-k|c] name
 
 Description
 -----------
diff --git a/docs/manpages/ndnsec-sign-req.rst b/docs/manpages/ndnsec-sign-req.rst
index 67d11f4..90a0694 100644
--- a/docs/manpages/ndnsec-sign-req.rst
+++ b/docs/manpages/ndnsec-sign-req.rst
@@ -8,7 +8,7 @@
 
 ::
 
-    $ ndnsec-sign-req [-h] [-k] name
+    ndnsec-sign-req [-h] [-k] name
 
 Description
 -----------
diff --git a/docs/manpages/ndnsec-unlock-tpm.rst b/docs/manpages/ndnsec-unlock-tpm.rst
index 7672f00..175ba51 100644
--- a/docs/manpages/ndnsec-unlock-tpm.rst
+++ b/docs/manpages/ndnsec-unlock-tpm.rst
@@ -9,7 +9,7 @@
 
 ::
 
-    $ ndnsec-unlock-tpm [-h]
+    ndnsec-unlock-tpm [-h]
 
 Description
 -----------
diff --git a/docs/manpages/ndnsec.rst b/docs/manpages/ndnsec.rst
index 8641d01..1eb0ed8 100644
--- a/docs/manpages/ndnsec.rst
+++ b/docs/manpages/ndnsec.rst
@@ -1,89 +1,71 @@
 ndnsec
 ======
 
-``ndnsec`` is a command-line toolkit to perform various NDN security management
-operation.
+:program:`ndnsec` is a command-line toolkit to perform various NDN security
+management operations.
 
-Usage
------
+Synopsis
+--------
 
-::
+**ndnsec** *command* [*argument*]...
 
-    $ ndnsec <command> [<args>]
-
-or alternatively
-
-::
-
-    $ ndnsec-command [<args>]
+**ndnsec-**\ *command* [*argument*]...
 
 Description
 -----------
 
-The NDN security data are stored and managed in two places: **Public Information Base** and
-**Trusted Platform Module**. ``ndnsec`` toolkit provides a command-line interface of managing and
-using the NDN security data.
+The NDN security data are stored in two places: **Public Information Base**
+(PIB) and **Trusted Platform Module** (TPM). The :program:`ndnsec` toolkit
+provides a command-line interface for managing and using the NDN security data.
 
-ndnsec commands
----------------
+Commands
+--------
 
-ndnsec-list_
-  Display information in PublicInfo.
+list_
+  List all known identities/keys/certificates.
 
-ndnsec-get-default_
-  Get default setting info.
+get-default_
+  Show the default identity/key/certificate.
 
-ndnsec-set-default_
-  Configure default setting.
+set-default_
+  Change the default identity/key/certificate.
 
-ndnsec-key-gen_
-  Generate a Key-Signing-Key for an identity.
+delete_
+  Delete an identity/key/certificate.
 
-ndnsec-dsk-gen_
-  Generate a Data-Signing-Key (DSK) for an identity and sign the DSK using the corresponding KSK.
+key-gen_
+  Generate a key for an identity.
 
-ndnsec-sign-req_
+sign-req_
   Generate a certificate signing request.
 
-ndnsec-cert-gen_
-  Generate an identity certificate.
+cert-gen_
+  Create a certificate for an identity.
 
-ndnsec-cert-dump_
-  Dump a certificate from PublicInfo.
+cert-dump_
+  Export a certificate.
 
-ndnsec-cert-install_
-  Install a certificate into PublicInfo.
+cert-install_
+  Import a certificate from a file.
 
-ndnsec-delete_
-  Delete identity/key/certificate.
+export_
+  Export an identity as a SafeBag.
 
-ndnsec-export_
-  Export an identity package.
+import_
+  Import an identity from a SafeBag.
 
-ndnsec-import_
-  Import an identity package.
+unlock-tpm_
+  Unlock the TPM.
 
-ndnsec-set-acl_
-  Configure ACL of a private key.
-
-ndnsec-unlock-tpm_
-  Unlock Tpm.
-
-ndnsec-op-tool_
-  Operator tool.
-
-.. _ndnsec-list: ndnsec-list.html
-.. _ndnsec-get-default: ndnsec-get-default.html
-.. _ndnsec-set-default: ndnsec-set-default.html
-.. _ndnsec-key-gen: ndnsec-key-gen.html
-.. _ndnsec-dsk-gen: ndnsec-dsk-gen.html
-.. _ndnsec-sign-req: ndnsec-sign-req.html
-.. _ndnsec-cert-gen: ndnsec-cert-gen.html
-.. _ndnsec-cert-dump: ndnsec-cert-dump.html
-.. _ndnsec-cert-install: ndnsec-cert-install.html
-.. _ndnsec-delete: ndnsec-delete.html
-.. _ndnsec-export: ndnsec-export.html
-.. _ndnsec-import: ndnsec-import.html
-.. _ndnsec-set-acl: ndnsec-set-acl.html
-.. _ndnsec-unlock-tpm: ndnsec-unlock-tpm.html
-.. _ndnsec-op-tool: ndnsec-op-tool.html
+.. _list: ndnsec-list.html
+.. _get-default: ndnsec-get-default.html
+.. _set-default: ndnsec-set-default.html
+.. _delete: ndnsec-delete.html
+.. _key-gen: ndnsec-key-gen.html
+.. _sign-req: ndnsec-sign-req.html
+.. _cert-gen: ndnsec-cert-gen.html
+.. _cert-dump: ndnsec-cert-dump.html
+.. _cert-install: ndnsec-cert-install.html
+.. _export: ndnsec-export.html
+.. _import: ndnsec-import.html
+.. _unlock-tpm: ndnsec-unlock-tpm.html
diff --git a/tools/ndnsec/main.cpp b/tools/ndnsec/main.cpp
index d2bc281..8548748 100644
--- a/tools/ndnsec/main.cpp
+++ b/tools/ndnsec/main.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2019 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -25,74 +25,66 @@
 #include "ndn-cxx/util/logger.hpp"
 #include "ndn-cxx/version.hpp"
 
-#include <boost/exception/get_error_info.hpp>
+#include <boost/exception/diagnostic_information.hpp>
 
 NDN_LOG_INIT(ndnsec);
 
-std::string ndnsec_helper = R"STR(\
-  help         Show all commands
-  version      Show version and exit
-  list         Display information in PublicInfo
-  get-default  Get default setting info
-  set-default  Configure default setting
-  key-gen      Generate a Key-Signing-Key for an identity
-  sign-req     Generate a certificate signing request
-  cert-gen     Generate an identity certificate
-  cert-dump    Dump a certificate from PublicInfo
-  cert-install Install a certificate into PublicInfo
-  delete       Delete identity/key/certificate
-  export       Export an identity package
-  import       Import an identity package
-  unlock-tpm   Unlock Tpm
-)STR";
+const char NDNSEC_HELP_TEXT[] = R"STR(Usage: ndnsec COMMAND [OPTION]...
+
+Available commands:
+  help           Print this help text
+  version        Print program version
+  list           List all known identities/keys/certificates
+  get-default    Show the default identity/key/certificate
+  set-default    Change the default identity/key/certificate
+  delete         Delete an identity/key/certificate
+  key-gen        Generate a key for an identity
+  sign-req       Generate a certificate signing request
+  cert-gen       Create a certificate for an identity
+  cert-dump      Export a certificate
+  cert-install   Import a certificate from a file
+  export         Export an identity as a SafeBag
+  import         Import an identity from a SafeBag
+  unlock-tpm     Unlock the TPM
+
+Try 'ndnsec COMMAND --help' for more information on each command.)STR";
 
 int
-main(int argc, char** argv)
+main(int argc, char* argv[])
 {
   if (argc < 2) {
-    std::cerr << ndnsec_helper << std::endl;
-    return 1;
+    std::cerr << NDNSEC_HELP_TEXT << std::endl;
+    return 2;
   }
 
   using namespace ndn::ndnsec;
 
   std::string command(argv[1]);
   try {
-    if (command == "help")              { std::cout << ndnsec_helper << std::endl; }
+    if (command == "help")              { std::cout << NDNSEC_HELP_TEXT << std::endl; }
     else if (command == "version")      { std::cout << NDN_CXX_VERSION_BUILD_STRING << std::endl; }
     else if (command == "list")         { return ndnsec_list(argc - 1, argv + 1); }
     else if (command == "get-default")  { return ndnsec_get_default(argc - 1, argv + 1); }
     else if (command == "set-default")  { return ndnsec_set_default(argc - 1, argv + 1); }
+    else if (command == "delete")       { return ndnsec_delete(argc - 1, argv + 1); }
     else if (command == "key-gen")      { return ndnsec_key_gen(argc - 1, argv + 1); }
     else if (command == "sign-req")     { return ndnsec_sign_req(argc - 1, argv + 1); }
     else if (command == "cert-gen")     { return ndnsec_cert_gen(argc - 1, argv + 1); }
     else if (command == "cert-dump")    { return ndnsec_cert_dump(argc - 1, argv + 1); }
     else if (command == "cert-install") { return ndnsec_cert_install(argc - 1, argv + 1); }
-    else if (command == "delete")       { return ndnsec_delete(argc - 1, argv + 1); }
     else if (command == "export")       { return ndnsec_export(argc - 1, argv + 1); }
     else if (command == "import")       { return ndnsec_import(argc - 1, argv + 1); }
     else if (command == "unlock-tpm")   { return ndnsec_unlock_tpm(argc - 1, argv + 1); }
     else {
-      std::cerr << ndnsec_helper << std::endl;
-      return 1;
+      std::cerr << "ERROR: Unknown command '" << command << "'\n"
+                << "\n"
+                << NDNSEC_HELP_TEXT << std::endl;
+      return 2;
     }
   }
   catch (const std::exception& e) {
-
-    std::cerr << "ERROR: " << e.what();
-
-    std::ostringstream extendedError;
-    const char* const* file = boost::get_error_info<boost::throw_file>(e);
-    const int* line = boost::get_error_info<boost::throw_line>(e);
-    const char* const* func = boost::get_error_info<boost::throw_function>(e);
-    if (file && line) {
-      extendedError << " [from " << *file << ":" << *line;
-      if (func) {
-        extendedError << " in " << *func;
-      }
-      extendedError << "]";
-    }
-    NDN_LOG_ERROR(e.what() << extendedError.str());
+    std::cerr << "ERROR: " << e.what() << std::endl;
+    NDN_LOG_ERROR(boost::diagnostic_information(e));
     return 1;
   }
 
diff --git a/tools/ndnsec/util.cpp b/tools/ndnsec/util.cpp
index 1a4b8f4..4895ed3 100644
--- a/tools/ndnsec/util.cpp
+++ b/tools/ndnsec/util.cpp
@@ -23,6 +23,8 @@
 
 #include "ndn-cxx/security/impl/openssl.hpp"
 
+#include <unistd.h>
+
 namespace ndn {
 namespace ndnsec {
 
@@ -42,7 +44,7 @@
     return true;
   }
 
-  pw0 = getpass("Confirm:");
+  pw0 = getpass("Confirm: ");
   if (!pw0) {
     OPENSSL_cleanse(&password1.front(), password1.size());
     return false;