Yingdi Yu | 8d7468f | 2014-02-21 14:49:45 -0800 | [diff] [blame^] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /* |
| 3 | * Copyright (c) 2013, Regents of the University of California |
| 4 | * BSD license, See the LICENSE file for more information |
| 5 | * Author: Yingdi Yu <yingdi@cs.ucla.edu> |
| 6 | */ |
| 7 | |
| 8 | #ifndef NDNSEC_DSK_GEN_HPP |
| 9 | #define NDNSEC_DSK_GEN_HPP |
| 10 | |
| 11 | #include "ndnsec-util.hpp" |
| 12 | |
| 13 | int |
| 14 | ndnsec_dsk_gen(int argc, char** argv) |
| 15 | { |
| 16 | using namespace ndn; |
| 17 | namespace po = boost::program_options; |
| 18 | |
| 19 | std::string identityName; |
| 20 | char keyType = 'r'; |
| 21 | int keySize = 2048; |
| 22 | |
| 23 | po::options_description desc("General Usage\n ndnsec dsk-gen [-h] identity\nGeneral options"); |
| 24 | desc.add_options() |
| 25 | ("help,h", "produce help message") |
| 26 | ("identity,i", po::value<std::string>(&identityName), "identity name, for example, /ndn/ucla.edu/alice") |
| 27 | // ("type,t", po::value<char>(&keyType)->default_value('r'), "optional, key type, r for RSA key (default)") |
| 28 | // ("size,s", po::value<int>(&keySize)->default_value(2048), "optional, key size, 2048 (default)") |
| 29 | ; |
| 30 | |
| 31 | po::positional_options_description p; |
| 32 | p.add("identity", 1); |
| 33 | |
| 34 | po::variables_map vm; |
| 35 | po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm); |
| 36 | po::notify(vm); |
| 37 | |
| 38 | if (vm.count("help")) |
| 39 | { |
| 40 | std::cerr << desc << std::endl; |
| 41 | return 0; |
| 42 | } |
| 43 | |
| 44 | if (0 == vm.count("identity")) |
| 45 | { |
| 46 | std::cerr << "identity must be specified" << std::endl; |
| 47 | std::cerr << desc << std::endl; |
| 48 | return 1; |
| 49 | } |
| 50 | |
| 51 | shared_ptr<IdentityCertificate> kskCert; |
| 52 | Name signingCertName; |
| 53 | try |
| 54 | { |
| 55 | KeyChain keyChain; |
| 56 | |
| 57 | Name defaultCertName = keyChain.getDefaultCertificateNameForIdentity(identityName); |
| 58 | bool isDefaultDsk = false; |
| 59 | if(defaultCertName.get(-3).toEscapedString().substr(0,4) == "dsk-") |
| 60 | isDefaultDsk = true; |
| 61 | |
| 62 | if(isDefaultDsk) |
| 63 | { |
| 64 | shared_ptr<IdentityCertificate> dskCert = keyChain.getCertificate(defaultCertName); |
| 65 | SignatureSha256WithRsa sha256sig(dskCert->getSignature()); |
| 66 | |
| 67 | Name keyLocatorName = sha256sig.getKeyLocator().getName(); // will throw exception if keylocator is absent or it is not a name |
| 68 | |
| 69 | Name kskName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName); |
| 70 | Name kskCertName = keyChain.getDefaultCertificateNameForKey(kskName); |
| 71 | signingCertName = kskCertName; |
| 72 | kskCert = keyChain.getCertificate(kskCertName); |
| 73 | } |
| 74 | else |
| 75 | { |
| 76 | signingCertName = defaultCertName; |
| 77 | kskCert = keyChain.getCertificate(defaultCertName); |
| 78 | } |
| 79 | } |
| 80 | catch(SignatureSha256WithRsa::Error& e) |
| 81 | { |
| 82 | std::cerr << "ERROR: " << e.what() << std::endl; |
| 83 | return 1; |
| 84 | } |
| 85 | catch(KeyLocator::Error& e) |
| 86 | { |
| 87 | std::cerr << "ERROR: " << e.what() << std::endl; |
| 88 | return 1; |
| 89 | } |
| 90 | catch(SecPublicInfo::Error& e) |
| 91 | { |
| 92 | std::cerr << "ERROR: " << e.what() << std::endl; |
| 93 | return 1; |
| 94 | } |
| 95 | |
| 96 | if(!static_cast<bool>(kskCert)) |
| 97 | { |
| 98 | std::cerr << "ERROR: no KSK certificate." << std::endl; |
| 99 | return 1; |
| 100 | } |
| 101 | |
| 102 | try |
| 103 | { |
| 104 | KeyChain keyChain; |
| 105 | Name newKeyName; |
| 106 | switch(keyType) |
| 107 | { |
| 108 | case 'r': |
| 109 | { |
| 110 | newKeyName = keyChain.generateRSAKeyPair(Name(identityName), false, keySize); |
| 111 | if(0 == newKeyName.size()) |
| 112 | { |
| 113 | std::cerr << "fail to generate key!" << std::endl; |
| 114 | return 1; |
| 115 | } |
| 116 | break; |
| 117 | } |
| 118 | default: |
| 119 | std::cerr << "Unrecongized key type" << "\n"; |
| 120 | std::cerr << desc << std::endl; |
| 121 | return 1; |
| 122 | } |
| 123 | |
| 124 | Name certName = newKeyName.getPrefix(-1); |
| 125 | certName.append("KEY").append(newKeyName.get(-1)).append("ID-CERT").appendVersion(); |
| 126 | |
| 127 | shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>(); |
| 128 | certificate->setName(certName); |
| 129 | certificate->setNotBefore(kskCert->getNotBefore()); |
| 130 | certificate->setNotAfter(kskCert->getNotAfter()); |
| 131 | |
| 132 | certificate->setPublicKeyInfo(*keyChain.getPublicKey(newKeyName)); |
| 133 | |
| 134 | const std::vector<CertificateSubjectDescription>& subList = kskCert->getSubjectDescriptionList(); |
| 135 | std::vector<CertificateSubjectDescription>::const_iterator it = subList.begin(); |
| 136 | for(; it != subList.end(); it++) |
| 137 | certificate->addSubjectDescription(*it); |
| 138 | |
| 139 | certificate->encode(); |
| 140 | |
| 141 | keyChain.sign(*certificate, signingCertName); |
| 142 | |
| 143 | keyChain.addCertificateAsIdentityDefault(*certificate); |
| 144 | |
| 145 | return 0; |
| 146 | } |
| 147 | catch(SecPublicInfo::Error& e) |
| 148 | { |
| 149 | std::cerr << "ERROR: " << e.what() << std::endl; |
| 150 | return 1; |
| 151 | } |
| 152 | catch(SecTpm::Error& e) |
| 153 | { |
| 154 | std::cerr << "ERROR: " << e.what() << std::endl; |
| 155 | return 1; |
| 156 | } |
| 157 | } |
| 158 | |
| 159 | #endif //NDNSEC_DSK_GEN_HPP |