Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 3ed09d0181b8207c1dd2093ec0036bd5192e25c9 / . / tools / ndnsec-cert-gen.hpp
blob: 012664659a74ca73acfcbc485c8d3e33d19eae9d [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]2/**
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]3 * Copyright (c) 2013-2014 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]6 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]20 *
21 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]22 */
23
Yingdi Yu8d7468f2014-02-21 14:49:45 -0800[diff] [blame]24#ifndef NDNSEC_CERT_GEN_HPP
25#define NDNSEC_CERT_GEN_HPP
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]26
Yingdi Yu8d7468f2014-02-21 14:49:45 -0800[diff] [blame]27#include "ndnsec-util.hpp"
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]28
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]29int
Yingdi Yu8d7468f2014-02-21 14:49:45 -0800[diff] [blame]30ndnsec_cert_gen(int argc, char** argv)
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]31{
Yingdi Yu8d7468f2014-02-21 14:49:45 -0800[diff] [blame]32 using boost::tokenizer;
33 using boost::escaped_list_separator;
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]34
Yingdi Yu8d7468f2014-02-21 14:49:45 -0800[diff] [blame]35 using namespace ndn;
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]36 using namespace ndn::time;
Yingdi Yu8d7468f2014-02-21 14:49:45 -0800[diff] [blame]37 namespace po = boost::program_options;
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]38
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]39 std::string notBeforeStr;
40 std::string notAfterStr;
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]41 std::string subjectName;
42 std::string requestFile("-");
Yingdi Yuba8604d2014-10-13 19:03:12 -0700[diff] [blame]43 Name signId;
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]44 std::string subjectInfo;
Yingdi Yuba8604d2014-10-13 19:03:12 -0700[diff] [blame]45 Name certPrefix;
46
47 KeyChain keyChain;
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]48
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]49 po::options_description description(
50 "General Usage\n"
51 " ndnsec cert-gen [-h] [-S date] [-E date] [-N subject-name] [-I subject-info] "
52 "[-s sign-id] [-p cert-prefix] request\n"
53 "General options");
54
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]55 description.add_options()
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]56 ("help,h", "produce help message")
Yingdi Yuba8604d2014-10-13 19:03:12 -0700[diff] [blame]57 ("not-before,S", po::value<std::string>(&notBeforeStr),
58 "certificate starting date, YYYYMMDDhhmmss (default: now)")
59 ("not-after,E", po::value<std::string>(&notAfterStr),
60 "certificate ending date, YYYYMMDDhhmmss (default: now + 365 days)")
61 ("subject-name,N", po::value<std::string>(&subjectName),
62 "subject name")
63 ("subject-info,I", po::value<std::string>(&subjectInfo),
64 "subject info, pairs of OID and string description: "
65 "\"2.5.4.10 'University of California, Los Angeles'\"")
66 ("sign-id,s", po::value<Name>(&signId)->default_value(keyChain.getDefaultIdentity()),
67 "signing identity")
68 ("cert-prefix,p", po::value<Name>(&certPrefix)->default_value(KeyChain::DEFAULT_PREFIX),
69 "cert prefix, which is the part of certificate name before "
70 "KEY component")
71 ("request,r", po::value<std::string>(&requestFile)->default_value("-"),
72 "request file name, - for stdin")
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]73 ;
74
75 po::positional_options_description p;
76 p.add("request", 1);
77
78 po::variables_map vm;
79 try
80 {
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]81 po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
82 vm);
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]83 po::notify(vm);
84 }
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]85 catch (const std::exception& e)
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]86 {
87 std::cerr << "ERROR: " << e.what() << std::endl;
88 return 1;
89 }
90
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]91 if (vm.count("help") != 0)
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]92 {
Yingdi Yuba8604d2014-10-13 19:03:12 -0700[diff] [blame]93 std::cout << description << std::endl;
Yingdi Yu8d7468f2014-02-21 14:49:45 -0800[diff] [blame]94 return 0;
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]95 }
96
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]97 if (vm.count("subject-name") == 0)
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]98 {
Yingdi Yuba8604d2014-10-13 19:03:12 -0700[diff] [blame]99 std::cerr << "ERROR: subject name must be specified" << std::endl
100 << std::endl
101 << description << std::endl;
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]102 return 1;
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]103 }
104
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]105 std::vector<CertificateSubjectDescription> subjectDescription;
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700[diff] [blame]106 subjectDescription.push_back(CertificateSubjectDescription(oid::ATTRIBUTE_NAME, subjectName));
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]107
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]108 tokenizer<escaped_list_separator<char> > subjectInfoItems
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700[diff] [blame]109 (subjectInfo, escaped_list_separator<char>("\\", " \t", "'\""));
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]110
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]111 tokenizer<escaped_list_separator<char> >::iterator it =
112 subjectInfoItems.begin();
113
114 while (it != subjectInfoItems.end())
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]115 {
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]116 std::string oid = *it;
117
118 it++;
119 if (it == subjectInfoItems.end())
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]120 {
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]121 std::cerr << "ERROR: unmatched info for oid [" << oid << "]" << std::endl;
122 return 1;
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]123 }
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]124
125 std::string value = *it;
126
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700[diff] [blame]127 subjectDescription.push_back(CertificateSubjectDescription(OID(oid), value));
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]128
129 it++;
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]130 }
131
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]132 system_clock::TimePoint notBefore;
133 system_clock::TimePoint notAfter;
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]134
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]135 if (vm.count("not-before") == 0)
136 {
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]137 notBefore = system_clock::now();
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]138 }
139 else
140 {
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]141 notBefore = fromIsoString(notBeforeStr.substr(0, 8) + "T" +
142 notBeforeStr.substr(8, 6));
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]143 }
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]144
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]145 if (vm.count("not-after") == 0)
146 {
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]147 notAfter = notBefore + days(365);
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]148 }
149 else
150 {
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]151 notAfter = fromIsoString(notAfterStr.substr(0, 8) + "T" +
152 notAfterStr.substr(8, 6));
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]153
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]154 if (notAfter < notBefore)
155 {
Yingdi Yuba8604d2014-10-13 19:03:12 -0700[diff] [blame]156 std::cerr << "ERROR: not-before cannot be later than not-after" << std::endl
157 << std::endl
158 << description << std::endl;
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]159 return 1;
160 }
161 }
162
163 if (vm.count("request") == 0)
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]164 {
Yingdi Yuba8604d2014-10-13 19:03:12 -0700[diff] [blame]165 std::cerr << "ERROR: request file must be specified" << std::endl
166 << std::endl
167 << description << std::endl;
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]168 return 1;
169 }
170
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]171 shared_ptr<IdentityCertificate> selfSignedCertificate
172 = getIdentityCertificate(requestFile);
173
174 if (!static_cast<bool>(selfSignedCertificate))
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]175 {
176 std::cerr << "ERROR: input error" << std::endl;
177 return 1;
178 }
179
180 Name keyName = selfSignedCertificate->getPublicKeyName();
Yingdi Yu05842f22014-04-15 19:21:56 -0700[diff] [blame]181
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]182 shared_ptr<IdentityCertificate> certificate =
183 keyChain.prepareUnsignedIdentityCertificate(keyName, selfSignedCertificate->getPublicKeyInfo(),
Yingdi Yuba8604d2014-10-13 19:03:12 -0700[diff] [blame]184 signId, notBefore, notAfter,
185 subjectDescription, certPrefix);
Yingdi Yu05842f22014-04-15 19:21:56 -0700[diff] [blame]186
Yingdi Yuc4c81202014-07-08 11:07:50 -0700[diff] [blame]187 if (!static_cast<bool>(certificate))
188 {
Yingdi Yuba8604d2014-10-13 19:03:12 -0700[diff] [blame]189 std::cerr << "ERROR: key name is not formated correctly or does not match certificate name"
Yingdi Yuc4c81202014-07-08 11:07:50 -0700[diff] [blame]190 << std::endl;
191 return 1;
192 }
193
Yingdi Yuba8604d2014-10-13 19:03:12 -0700[diff] [blame]194 keyChain.createIdentity(signId);
195 Name signingCertificateName = keyChain.getDefaultCertificateNameForIdentity(signId);
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]196 keyChain.sign(*certificate, signingCertificateName);
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]197
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]198 Block wire = certificate->wireEncode();
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]199
Yingdi Yu8d7468f2014-02-21 14:49:45 -0800[diff] [blame]200 try
201 {
202 using namespace CryptoPP;
203 StringSource ss(wire.wire(), wire.size(), true,
204 new Base64Encoder(new FileSink(std::cout), true, 64));
205 }
Yingdi Yub61f5402014-02-26 17:46:11 -0800[diff] [blame]206 catch (const CryptoPP::Exception& e)
Yingdi Yu8d7468f2014-02-21 14:49:45 -0800[diff] [blame]207 {
208 std::cerr << "ERROR: " << e.what() << std::endl;
209 return 1;
210 }
Yingdi Yue6bfab22014-02-06 16:01:19 -0800[diff] [blame]211
212 return 0;
213}
Yingdi Yu8d7468f2014-02-21 14:49:45 -0800[diff] [blame]214
215#endif //NDNSEC_CERT_GEN_HPP