blob: b7d95e8f97671f1d08f355c4f36020d1e30473af [file] [log] [blame]
Yingdi Yu8d7468f2014-02-21 14:49:45 -08001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013, Regents of the University of California
4 * BSD license, See the LICENSE file for more information
5 * Author: Yingdi Yu <yingdi@cs.ucla.edu>
6 */
7
8#ifndef NDNSEC_DSK_GEN_HPP
9#define NDNSEC_DSK_GEN_HPP
10
11#include "ndnsec-util.hpp"
12
13int
14ndnsec_dsk_gen(int argc, char** argv)
15{
16 using namespace ndn;
17 namespace po = boost::program_options;
18
19 std::string identityName;
20 char keyType = 'r';
21 int keySize = 2048;
22
23 po::options_description desc("General Usage\n ndnsec dsk-gen [-h] identity\nGeneral options");
24 desc.add_options()
25 ("help,h", "produce help message")
26 ("identity,i", po::value<std::string>(&identityName), "identity name, for example, /ndn/ucla.edu/alice")
27 // ("type,t", po::value<char>(&keyType)->default_value('r'), "optional, key type, r for RSA key (default)")
28 // ("size,s", po::value<int>(&keySize)->default_value(2048), "optional, key size, 2048 (default)")
29 ;
30
31 po::positional_options_description p;
32 p.add("identity", 1);
33
34 po::variables_map vm;
35 po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
36 po::notify(vm);
37
38 if (vm.count("help"))
39 {
40 std::cerr << desc << std::endl;
41 return 0;
42 }
43
44 if (0 == vm.count("identity"))
45 {
46 std::cerr << "identity must be specified" << std::endl;
47 std::cerr << desc << std::endl;
48 return 1;
49 }
50
51 shared_ptr<IdentityCertificate> kskCert;
52 Name signingCertName;
53 try
54 {
55 KeyChain keyChain;
56
57 Name defaultCertName = keyChain.getDefaultCertificateNameForIdentity(identityName);
58 bool isDefaultDsk = false;
59 if(defaultCertName.get(-3).toEscapedString().substr(0,4) == "dsk-")
60 isDefaultDsk = true;
61
62 if(isDefaultDsk)
63 {
64 shared_ptr<IdentityCertificate> dskCert = keyChain.getCertificate(defaultCertName);
65 SignatureSha256WithRsa sha256sig(dskCert->getSignature());
66
67 Name keyLocatorName = sha256sig.getKeyLocator().getName(); // will throw exception if keylocator is absent or it is not a name
68
69 Name kskName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
70 Name kskCertName = keyChain.getDefaultCertificateNameForKey(kskName);
71 signingCertName = kskCertName;
72 kskCert = keyChain.getCertificate(kskCertName);
73 }
74 else
75 {
76 signingCertName = defaultCertName;
77 kskCert = keyChain.getCertificate(defaultCertName);
78 }
79 }
80 catch(SignatureSha256WithRsa::Error& e)
81 {
82 std::cerr << "ERROR: " << e.what() << std::endl;
83 return 1;
84 }
85 catch(KeyLocator::Error& e)
86 {
87 std::cerr << "ERROR: " << e.what() << std::endl;
88 return 1;
89 }
90 catch(SecPublicInfo::Error& e)
91 {
92 std::cerr << "ERROR: " << e.what() << std::endl;
93 return 1;
94 }
95
96 if(!static_cast<bool>(kskCert))
97 {
98 std::cerr << "ERROR: no KSK certificate." << std::endl;
99 return 1;
100 }
101
102 try
103 {
104 KeyChain keyChain;
105 Name newKeyName;
106 switch(keyType)
107 {
108 case 'r':
109 {
110 newKeyName = keyChain.generateRSAKeyPair(Name(identityName), false, keySize);
111 if(0 == newKeyName.size())
112 {
113 std::cerr << "fail to generate key!" << std::endl;
114 return 1;
115 }
116 break;
117 }
118 default:
119 std::cerr << "Unrecongized key type" << "\n";
120 std::cerr << desc << std::endl;
121 return 1;
122 }
123
124 Name certName = newKeyName.getPrefix(-1);
125 certName.append("KEY").append(newKeyName.get(-1)).append("ID-CERT").appendVersion();
126
127 shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>();
128 certificate->setName(certName);
129 certificate->setNotBefore(kskCert->getNotBefore());
130 certificate->setNotAfter(kskCert->getNotAfter());
131
132 certificate->setPublicKeyInfo(*keyChain.getPublicKey(newKeyName));
133
134 const std::vector<CertificateSubjectDescription>& subList = kskCert->getSubjectDescriptionList();
135 std::vector<CertificateSubjectDescription>::const_iterator it = subList.begin();
136 for(; it != subList.end(); it++)
137 certificate->addSubjectDescription(*it);
138
139 certificate->encode();
140
141 keyChain.sign(*certificate, signingCertName);
142
143 keyChain.addCertificateAsIdentityDefault(*certificate);
144
145 return 0;
146 }
147 catch(SecPublicInfo::Error& e)
148 {
149 std::cerr << "ERROR: " << e.what() << std::endl;
150 return 1;
151 }
152 catch(SecTpm::Error& e)
153 {
154 std::cerr << "ERROR: " << e.what() << std::endl;
155 return 1;
156 }
157}
158
159#endif //NDNSEC_DSK_GEN_HPP