Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 2 | /** |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 3 | * Copyright (c) 2013-2016 Regents of the University of California. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 6 | * |
Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 7 | * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| 8 | * terms of the GNU Lesser General Public License as published by the Free Software |
| 9 | * Foundation, either version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License and GNU Lesser |
| 16 | * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| 17 | * <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 20 | * |
| 21 | * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/> |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 22 | */ |
| 23 | |
Alexander Afanasyev | d7db8bf | 2015-01-04 15:31:02 -0800 | [diff] [blame] | 24 | #ifndef NDN_TOOLS_NDNSEC_DSK_GEN_HPP |
| 25 | #define NDN_TOOLS_NDNSEC_DSK_GEN_HPP |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 26 | |
Alexander Afanasyev | d7db8bf | 2015-01-04 15:31:02 -0800 | [diff] [blame] | 27 | #include "util.hpp" |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 28 | |
Yingdi Yu | b61f540 | 2014-02-26 17:46:11 -0800 | [diff] [blame] | 29 | int |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 30 | ndnsec_dsk_gen(int argc, char** argv) |
| 31 | { |
| 32 | using namespace ndn; |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 33 | using namespace ndn::security; |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 34 | namespace po = boost::program_options; |
| 35 | |
| 36 | std::string identityName; |
| 37 | char keyType = 'r'; |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 38 | |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 39 | po::options_description description("General Usage\n" |
| 40 | " ndnsec dsk-gen [-h] [-t keyType] identity\n" |
| 41 | "General options"); |
Yingdi Yu | b61f540 | 2014-02-26 17:46:11 -0800 | [diff] [blame] | 42 | description.add_options() |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 43 | ("help,h", "produce help message") |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 44 | ("identity,i", po::value<std::string>(&identityName), |
| 45 | "identity name, for example, /ndn/ucla.edu/alice") |
| 46 | ("type,t", po::value<char>(&keyType)->default_value('r'), |
| 47 | "optional, key type, r for RSA key (default), e for ECDSA key.") |
| 48 | // ("size,s", po::value<int>(&keySize)->default_value(2048), |
| 49 | // "optional, key size, 2048 (default)") |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 50 | ; |
| 51 | |
| 52 | po::positional_options_description p; |
| 53 | p.add("identity", 1); |
| 54 | |
| 55 | po::variables_map vm; |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 56 | try { |
| 57 | po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(), vm); |
| 58 | po::notify(vm); |
| 59 | } |
| 60 | catch (const std::exception& e) { |
| 61 | std::cerr << "ERROR: " << e.what() << std::endl; |
| 62 | std::cerr << description << std::endl; |
| 63 | return 1; |
| 64 | } |
Yingdi Yu | b61f540 | 2014-02-26 17:46:11 -0800 | [diff] [blame] | 65 | |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 66 | if (vm.count("help") != 0) { |
| 67 | std::cerr << description << std::endl; |
| 68 | return 0; |
| 69 | } |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 70 | |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 71 | if (vm.count("identity") == 0) { |
| 72 | std::cerr << "identity must be specified" << std::endl; |
| 73 | std::cerr << description << std::endl; |
| 74 | return 1; |
| 75 | } |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 76 | |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 77 | shared_ptr<v1::IdentityCertificate> kskCert; |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 78 | Name signingCertName; |
Yingdi Yu | b61f540 | 2014-02-26 17:46:11 -0800 | [diff] [blame] | 79 | |
| 80 | KeyChain keyChain; |
| 81 | |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 82 | try { |
| 83 | Name defaultCertName = keyChain.getDefaultCertificateNameForIdentity(identityName); |
| 84 | bool isDefaultDsk = false; |
| 85 | std::string keyUsageTag = defaultCertName.get(-3).toUri().substr(0,4); |
| 86 | if (keyUsageTag == "ksk-") |
| 87 | isDefaultDsk = false; |
| 88 | else if (keyUsageTag == "dsk-") |
| 89 | isDefaultDsk = true; |
| 90 | else { |
| 91 | std::cerr << "ERROR: Unknown key usage tag: " << keyUsageTag << std::endl; |
| 92 | return 1; |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 93 | } |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 94 | |
| 95 | if (isDefaultDsk) { |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 96 | shared_ptr<v1::IdentityCertificate> dskCert = keyChain.getCertificate(defaultCertName); |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 97 | |
| 98 | if (static_cast<bool>(dskCert)) { |
| 99 | SignatureSha256WithRsa sha256sig(dskCert->getSignature()); |
| 100 | |
| 101 | Name keyLocatorName = sha256sig.getKeyLocator().getName(); |
| 102 | |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 103 | Name kskName = v1::IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName); |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 104 | Name kskCertName = keyChain.getDefaultCertificateNameForKey(kskName); |
| 105 | signingCertName = kskCertName; |
| 106 | kskCert = keyChain.getCertificate(kskCertName); |
| 107 | } |
| 108 | else { |
| 109 | std::cerr << "ERROR: The default certificate is missing." << std::endl; |
| 110 | return 1; |
| 111 | } |
| 112 | } |
| 113 | else { |
Yingdi Yu | b61f540 | 2014-02-26 17:46:11 -0800 | [diff] [blame] | 114 | signingCertName = defaultCertName; |
| 115 | kskCert = keyChain.getCertificate(defaultCertName); |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 116 | } |
| 117 | |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 118 | if (!static_cast<bool>(kskCert)) { |
| 119 | std::cerr << "ERROR: KSK certificate is missing." << std::endl; |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 120 | return 1; |
| 121 | } |
| 122 | |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 123 | Name newKeyName; |
| 124 | switch (keyType) { |
Yingdi Yu | b61f540 | 2014-02-26 17:46:11 -0800 | [diff] [blame] | 125 | case 'r': |
| 126 | { |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 127 | RsaKeyParams params; |
| 128 | newKeyName = keyChain.generateRsaKeyPair(Name(identityName), false, params.getKeySize()); |
| 129 | if (0 == newKeyName.size()) { |
| 130 | std::cerr << "ERROR: Fail to generate RSA key!" << std::endl; |
| 131 | return 1; |
| 132 | } |
| 133 | break; |
| 134 | } |
| 135 | case 'e': |
| 136 | { |
| 137 | EcdsaKeyParams params; |
| 138 | newKeyName = keyChain.generateEcdsaKeyPair(Name(identityName), false, params.getKeySize()); |
| 139 | if (0 == newKeyName.size()) { |
| 140 | std::cerr << "ERROR: Fail to generate ECDSA key!" << std::endl; |
| 141 | return 1; |
| 142 | } |
Yingdi Yu | b61f540 | 2014-02-26 17:46:11 -0800 | [diff] [blame] | 143 | break; |
| 144 | } |
| 145 | default: |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 146 | std::cerr << "ERROR: Unrecongized key type" << "\n"; |
Yingdi Yu | b61f540 | 2014-02-26 17:46:11 -0800 | [diff] [blame] | 147 | std::cerr << description << std::endl; |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 148 | return 1; |
| 149 | } |
Yingdi Yu | b61f540 | 2014-02-26 17:46:11 -0800 | [diff] [blame] | 150 | |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 151 | Name certName = newKeyName.getPrefix(-1); |
| 152 | certName.append("KEY") |
| 153 | .append(newKeyName.get(-1)) |
| 154 | .append("ID-CERT") |
| 155 | .appendVersion(); |
Yingdi Yu | b61f540 | 2014-02-26 17:46:11 -0800 | [diff] [blame] | 156 | |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 157 | shared_ptr<v1::IdentityCertificate> certificate = |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 158 | keyChain.prepareUnsignedIdentityCertificate(newKeyName, |
| 159 | Name(identityName), |
| 160 | kskCert->getNotBefore(), |
| 161 | kskCert->getNotAfter(), |
| 162 | kskCert->getSubjectDescriptionList()); |
Yingdi Yu | b61f540 | 2014-02-26 17:46:11 -0800 | [diff] [blame] | 163 | |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 164 | if (static_cast<bool>(certificate)) |
| 165 | certificate->encode(); |
| 166 | else { |
| 167 | std::cerr << "ERROR: Cannot format the certificate of the requested dsk." << "\n"; |
| 168 | return 1; |
| 169 | } |
Yingdi Yu | b61f540 | 2014-02-26 17:46:11 -0800 | [diff] [blame] | 170 | |
Yingdi Yu | 1b0311c | 2015-06-10 14:58:47 -0700 | [diff] [blame] | 171 | keyChain.sign(*certificate, |
| 172 | security::SigningInfo(security::SigningInfo::SIGNER_TYPE_CERT, signingCertName)); |
Yingdi Yu | b61f540 | 2014-02-26 17:46:11 -0800 | [diff] [blame] | 173 | |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 174 | keyChain.addCertificateAsIdentityDefault(*certificate); |
Yingdi Yu | b61f540 | 2014-02-26 17:46:11 -0800 | [diff] [blame] | 175 | |
Alexander Afanasyev | ace7445 | 2014-11-30 22:28:24 -0800 | [diff] [blame] | 176 | std::cerr << "OK: dsk certificate with name [" << certificate->getName() << |
| 177 | "] has been successfully installed\n"; |
| 178 | return 0; |
| 179 | } |
| 180 | catch (std::runtime_error& e) { |
| 181 | std::cerr << "ERROR: other runtime errors: " << e.what() << "\n"; |
| 182 | return 1; |
| 183 | } |
Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame] | 184 | } |
| 185 | |
Alexander Afanasyev | d7db8bf | 2015-01-04 15:31:02 -0800 | [diff] [blame] | 186 | #endif // NDN_TOOLS_NDNSEC_DSK_GEN_HPP |