poke: add --signing-info option
Supersedes --digest and --identity, which are now deprecated.
Change-Id: Ia4c57659874f134af0192aa1ca721ec1a58e7901
diff --git a/manpages/ndnpoke.rst b/manpages/ndnpoke.rst
index 5f704ee..83abfeb 100644
--- a/manpages/ndnpoke.rst
+++ b/manpages/ndnpoke.rst
@@ -4,7 +4,7 @@
Synopsis
--------
-**ndnpoke** [-h] [-u] [-F] [-x *freshness*] [-i *identity*\|\ -D] [-w *timeout*] [-v] [-V] *name*
+**ndnpoke** [-h] [-u] [-F] [-x *freshness*] [-S *info*] [-w *timeout*] [-v] [-V] *name*
Description
-----------
@@ -29,11 +29,17 @@
``-x, --freshness <freshness>``
Set ``freshness`` (in milliseconds) as the ``FreshnessPeriod``.
-``-i, --identity <identity>``
- Use ``identity`` to sign the Data packet.
+``-S, --signing-info <info>``
+ Specify the parameters used to sign the Data packet. If omitted, the default key of
+ the default identity is used. The general syntax is ``<scheme>:<name>``. The most
+ common supported combinations are as follows:
-``-D, --digest``
- Use ``DigestSha256`` signature type instead of the default ``SignatureSha256WithRsa``.
+ * Sign with the default certificate of the default key of an identity: ``id:/<my-identity>``.
+ * Sign with the default certificate of a specific key: ``key:/<my-identity>/ksk-1``.
+ * Sign with a specific certificate: ``cert:/<my-identity>/KEY/ksk-1/ID-CERT/%FD%01``.
+ * Sign with a SHA-256 digest: ``id:/localhost/identity/digest-sha256``. Note that this
+ is only a hash function, not a real signature, but it can significantly speed up
+ packet signing operations.
``-w, --timeout <timeout>``
Quit the program after ``timeout`` milliseconds, even if no Interest has been received.
diff --git a/manpages/ndnputchunks.rst b/manpages/ndnputchunks.rst
index 7fef106..768fa6c 100644
--- a/manpages/ndnputchunks.rst
+++ b/manpages/ndnputchunks.rst
@@ -4,9 +4,7 @@
Synopsis
--------
-::
-
- ndnputchunks [options] ndn:/name
+**ndnputchunks** [options] *name*
Description
-----------
@@ -38,11 +36,16 @@
.. option:: -S, --signing-info STRING
- Signing information. Can be set to "id:/localhost/identity/digest-sha256" in order to speed up signing.
- However, keep in mind that this only a hash function and not a real signature.
- Other options are found in the `ndn-cxx documentation for SigningInfo`_.
+ Specify the parameters used to sign the Data packet. If omitted, the default key of
+ the default identity is used. The general syntax is ``<scheme>:<name>``. The most
+ common supported combinations are as follows:
- .. _ndn-cxx documentation for SigningInfo: https://named-data.net/doc/ndn-cxx/0.6.5/doxygen/d8/dc8/classndn_1_1security_1_1SigningInfo.html#afc960f9f5da5536b958403dc7b701826
+ * Sign with the default certificate of the default key of an identity: ``id:/<my-identity>``.
+ * Sign with the default certificate of a specific key: ``key:/<my-identity>/ksk-1``.
+ * Sign with a specific certificate: ``cert:/<my-identity>/KEY/ksk-1/ID-CERT/%FD%01``.
+ * Sign with a SHA-256 digest: ``id:/localhost/identity/digest-sha256``. Note that this
+ is only a hash function, not a real signature, but it can significantly speed up
+ packet signing operations.
.. option:: -q, --quiet
@@ -56,9 +59,8 @@
Print program version and exit.
-
-Examples
---------
+Example
+-------
The following command will publish the text of the GPL-3 license under the `/localhost/demo/gpl3`
prefix::
@@ -81,9 +83,3 @@
If the version component is not valid, a new well-formed version will be generated and appended
to the supplied NDN name.
-
-
-Notes
------
-
-.. target-notes::
diff --git a/tools/peek/ndnpoke/main.cpp b/tools/peek/ndnpoke/main.cpp
index 4e8713a..00686ff 100644
--- a/tools/peek/ndnpoke/main.cpp
+++ b/tools/peek/ndnpoke/main.cpp
@@ -48,6 +48,7 @@
{
std::string progName(argv[0]);
PokeOptions options;
+ std::string signingStr;
bool wantDigestSha256 = false;
po::options_description genericOptDesc("Generic options");
@@ -66,9 +67,7 @@
"set FinalBlockId to the last component of the Data name")
("freshness,x", po::value<time::milliseconds::rep>()->default_value(options.freshnessPeriod.count()),
"set FreshnessPeriod, in milliseconds")
- ("identity,i", po::value<std::string>(), "use the specified identity for signing")
- ("digest,D", po::bool_switch(&wantDigestSha256),
- "use DigestSha256 signing method instead of SignatureSha256WithRsa")
+ ("signing-info,S", po::value<std::string>(&signingStr), "see 'man ndnpoke' for usage")
;
po::options_description visibleOptDesc;
@@ -80,7 +79,9 @@
po::options_description deprecatedOptDesc;
deprecatedOptDesc.add_options()
- ("force,f", po::bool_switch())
+ ("force,f", po::bool_switch())
+ ("identity,i", po::value<std::string>())
+ ("digest,D", po::bool_switch(&wantDigestSha256))
;
po::options_description optDesc;
@@ -104,6 +105,10 @@
"in the near future. Use '-u/--unsolicited' instead." << std::endl;
options.wantUnsolicited = true;
}
+ if (wantDigestSha256 || vm.count("identity") > 0) {
+ std::cerr << "WARNING: options '-i/--identity' and '-D/--digest' are deprecated and will be "
+ "removed in the near future. Use '-S/--signing-info' instead." << std::endl;
+ }
if (vm.count("help") > 0) {
usage(std::cout, progName, visibleOptDesc);
@@ -158,6 +163,14 @@
options.signingInfo.setSha256Signing();
}
+ try {
+ options.signingInfo = security::SigningInfo(signingStr);
+ }
+ catch (const std::invalid_argument& e) {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ return 2;
+ }
+
if (vm.count("timeout") > 0) {
if (options.wantUnsolicited) {
std::cerr << "ERROR: conflicting '--unsolicited' and '--timeout' options specified" << std::endl;