mgmt: add certificate generation/export instructions to nfd.conf.sample.in and README.md
rename configuration file's "keyfile" field to "certfile" to reflect usage of
an NDN certificate
nfd.conf certfile paths are now interpreted as relative to nfd.conf's location
refs: #1332
Change-Id: Ib91cffd3d113ef084bf19e87a85172ddfd16b7eb
diff --git a/daemon/mgmt/command-validator.cpp b/daemon/mgmt/command-validator.cpp
index 9028ba2..fd8a124 100644
--- a/daemon/mgmt/command-validator.cpp
+++ b/daemon/mgmt/command-validator.cpp
@@ -8,6 +8,8 @@
#include <ndn-cpp-dev/util/io.hpp>
#include <ndn-cpp-dev/security/identity-certificate.hpp>
+#include <boost/filesystem.hpp>
+
namespace nfd {
NFD_LOG_INIT("CommandValidator");
@@ -26,7 +28,7 @@
CommandValidator::setConfigFile(ConfigFile& configFile)
{
configFile.addSectionHandler("authorizations",
- bind(&CommandValidator::onConfig, this, _1, _2));
+ bind(&CommandValidator::onConfig, this, _1, _2, _3));
}
static inline void
@@ -41,8 +43,11 @@
void
CommandValidator::onConfig(const ConfigSection& section,
- bool isDryRun)
+ bool isDryRun,
+ const std::string& filename)
{
+ using namespace boost::filesystem;
+
const ConfigSection EMPTY_SECTION;
if (section.begin() == section.end())
@@ -54,14 +59,14 @@
ConfigSection::const_iterator authIt;
for (authIt = section.begin(); authIt != section.end(); authIt++)
{
- std::string keyfile;
+ std::string certfile;
try
{
- keyfile = authIt->second.get<std::string>("keyfile");
+ certfile = authIt->second.get<std::string>("certfile");
}
catch (const std::runtime_error& e)
{
- std::string msg = "No keyfile specified";
+ std::string msg = "No certfile specified";
if (!isDryRun)
{
throw ConfigFile::Error(msg);
@@ -70,11 +75,14 @@
continue;
}
+ path certfilePath = absolute(certfile, path(filename).parent_path());
+ NFD_LOG_DEBUG("generated certfile path: " << certfilePath.native());
+
std::ifstream in;
- in.open(keyfile.c_str());
+ in.open(certfilePath.c_str());
if (!in.is_open())
{
- std::string msg = "Unable to open key file " + keyfile;
+ std::string msg = "Unable to open certificate file " + certfilePath.native();
if (!isDryRun)
{
throw ConfigFile::Error(msg);
@@ -90,7 +98,7 @@
}
catch(const std::runtime_error& error)
{
- std::string msg = "Malformed key file " + keyfile;
+ std::string msg = "Malformed certificate file " + certfilePath.native();
if (!isDryRun)
{
throw ConfigFile::Error(msg);
@@ -109,8 +117,8 @@
}
catch (const std::runtime_error& error)
{
- std::string msg = "No privileges section found for key file " +
- keyfile + " (" + id->getPublicKeyName().toUri() + ")";
+ std::string msg = "No privileges section found for certificate file " +
+ certfile + " (" + id->getPublicKeyName().toUri() + ")";
if (!isDryRun)
{
throw ConfigFile::Error(msg);
@@ -121,7 +129,8 @@
if (privileges->begin() == privileges->end())
{
- NFD_LOG_WARN("No privileges specified for key file " << keyfile + " (" << id->getPublicKeyName().toUri() << ")");
+ NFD_LOG_WARN("No privileges specified for certificate file " << certfile
+ << " (" << id->getPublicKeyName().toUri() << ")");
}
ConfigSection::const_iterator privIt;
@@ -131,7 +140,7 @@
if (m_supportedPrivileges.find(privilegeName) != m_supportedPrivileges.end())
{
NFD_LOG_INFO("Giving privilege \"" << privilegeName
- << "\" to key " << id->getPublicKeyName());
+ << "\" to identity " << id->getPublicKeyName());
if (!isDryRun)
{
const std::string regex = "^<localhost><nfd><" + privilegeName + ">";
@@ -141,8 +150,8 @@
else
{
// Invalid configuration
- std::string msg = "Invalid privilege \"" + privilegeName + "\" for key file " +
- keyfile + " (" + id->getPublicKeyName().toUri() + ")";
+ std::string msg = "Invalid privilege \"" + privilegeName + "\" for certificate file " +
+ certfile + " (" + id->getPublicKeyName().toUri() + ")";
if (!isDryRun)
{
throw ConfigFile::Error(msg);
@@ -163,7 +172,7 @@
{
if (m_supportedPrivileges.find(privilege) != m_supportedPrivileges.end())
{
- throw CommandValidator::Error("Duplicated privivilege: " + privilege);
+ throw CommandValidator::Error("Duplicated privilege: " + privilege);
}
m_supportedPrivileges.insert(privilege);
}
diff --git a/daemon/mgmt/command-validator.hpp b/daemon/mgmt/command-validator.hpp
index 466bb70..97c7c18 100644
--- a/daemon/mgmt/command-validator.hpp
+++ b/daemon/mgmt/command-validator.hpp
@@ -39,7 +39,7 @@
* \throws ConfigFile::Error on parse error
*/
void
- onConfig(const ConfigSection& section, bool isDryRun);
+ onConfig(const ConfigSection& section, bool isDryRun, const std::string& filename);
/**
* \param privilege name of privilege to add
diff --git a/daemon/mgmt/config-file.cpp b/daemon/mgmt/config-file.cpp
index e5bbb9d..d0eddd5 100644
--- a/daemon/mgmt/config-file.cpp
+++ b/daemon/mgmt/config-file.cpp
@@ -20,7 +20,7 @@
void
ConfigFile::addSectionHandler(const std::string& sectionName,
- OnConfig subscriber)
+ ConfigSectionHandler subscriber)
{
m_subscriptions[sectionName] = subscriber;
}
@@ -90,8 +90,8 @@
SubscriptionTable::iterator subscriberIt = m_subscriptions.find(sectionName);
if (subscriberIt != m_subscriptions.end())
{
- OnConfig subscriber = subscriberIt->second;
- subscriber(section, isDryRun);
+ ConfigSectionHandler subscriber = subscriberIt->second;
+ subscriber(section, isDryRun, filename);
}
else
{
diff --git a/daemon/mgmt/config-file.hpp b/daemon/mgmt/config-file.hpp
index 2a94fac..15eca05 100644
--- a/daemon/mgmt/config-file.hpp
+++ b/daemon/mgmt/config-file.hpp
@@ -16,9 +16,9 @@
typedef boost::property_tree::ptree ConfigSection;
/// \brief callback for config file sections
-typedef function<void(const ConfigSection&, bool)> OnConfig;
+typedef function<void(const ConfigSection&, bool, const std::string&)> ConfigSectionHandler;
-class ConfigFile
+class ConfigFile : noncopyable
{
public:
@@ -37,7 +37,7 @@
/// \brief setup notification of configuration file sections
void
addSectionHandler(const std::string& sectionName,
- OnConfig subscriber);
+ ConfigSectionHandler subscriber);
/**
@@ -75,7 +75,7 @@
private:
- typedef std::map<std::string, OnConfig> SubscriptionTable;
+ typedef std::map<std::string, ConfigSectionHandler> SubscriptionTable;
SubscriptionTable m_subscriptions;
diff --git a/daemon/mgmt/face-manager.cpp b/daemon/mgmt/face-manager.cpp
index 6407237..237a914 100644
--- a/daemon/mgmt/face-manager.cpp
+++ b/daemon/mgmt/face-manager.cpp
@@ -87,12 +87,14 @@
FaceManager::setConfigFile(ConfigFile& configFile)
{
configFile.addSectionHandler("face_system",
- bind(&FaceManager::onConfig, this, _1, _2));
+ bind(&FaceManager::onConfig, this, _1, _2, _3));
}
void
-FaceManager::onConfig(const ConfigSection& configSection, bool isDryRun)
+FaceManager::onConfig(const ConfigSection& configSection,
+ bool isDryRun,
+ const std::string& filename)
{
bool hasSeenUnix = false;
bool hasSeenTcp = false;
diff --git a/daemon/mgmt/face-manager.hpp b/daemon/mgmt/face-manager.hpp
index 4139152..8efb509 100644
--- a/daemon/mgmt/face-manager.hpp
+++ b/daemon/mgmt/face-manager.hpp
@@ -83,7 +83,7 @@
private:
void
- onConfig(const ConfigSection& configSection, bool isDryRun);
+ onConfig(const ConfigSection& configSection, bool isDryRun, const std::string& filename);
void
processSectionUnix(const ConfigSection& configSection, bool isDryRun);
diff --git a/daemon/mgmt/fib-manager.cpp b/daemon/mgmt/fib-manager.cpp
index 4e1dbe7..0ffe333 100644
--- a/daemon/mgmt/fib-manager.cpp
+++ b/daemon/mgmt/fib-manager.cpp
@@ -214,10 +214,4 @@
}
}
-// void
-// FibManager::onConfig(ConfigFile::Node section, bool isDryRun)
-// {
-
-// }
-
} // namespace nfd