security: Reorganizing source code to prepare for support of two version of NDN certificates
This commit also removes unused ndn_digestSha256 function and deprecates
crypto::sha256 in favor of crypto::computeSha256Digest in util/crypto.hpp.
Change-Id: I24ee50ff073a96b868633bdf2cfade412d3605f3
Refs: #3098
diff --git a/tools/ndnsec/cert-dump.hpp b/tools/ndnsec/cert-dump.hpp
index 414c098..cd56e6e 100644
--- a/tools/ndnsec/cert-dump.hpp
+++ b/tools/ndnsec/cert-dump.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -30,6 +30,7 @@
ndnsec_cert_dump(int argc, char** argv)
{
using namespace ndn;
+ using namespace ndn::security;
namespace po = boost::program_options;
std::string name;
@@ -72,134 +73,114 @@
p.add("name", 1);
po::variables_map vm;
- try
- {
- po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
- vm);
- po::notify(vm);
- }
- catch (const std::exception& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- std::cerr << description << std::endl;
- return 1;
- }
+ try {
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
+ po::notify(vm);
+ }
+ catch (const std::exception& e) {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
- if (vm.count("help") != 0)
- {
- std::cerr << description << std::endl;
- return 0;
- }
+ if (vm.count("help") != 0) {
+ std::cerr << description << std::endl;
+ return 0;
+ }
- if (vm.count("name") == 0)
- {
- std::cerr << "identity_name must be specified" << std::endl;
- std::cerr << description << std::endl;
- return 1;
- }
+ if (vm.count("name") == 0) {
+ std::cerr << "identity_name must be specified" << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
- if (vm.count("key") != 0)
- {
- isCertName = false;
- isKeyName = true;
- }
- else if (vm.count("identity") != 0)
- {
- isCertName = false;
- isIdentityName = true;
- }
- else if (vm.count("file") != 0)
- {
- isCertName = false;
- // isFileName = true;
- }
+ if (vm.count("key") != 0) {
+ isCertName = false;
+ isKeyName = true;
+ }
+ else if (vm.count("identity") != 0) {
+ isCertName = false;
+ isIdentityName = true;
+ }
+ else if (vm.count("file") != 0) {
+ isCertName = false;
+ // isFileName = true;
+ }
if (vm.count("pretty") != 0)
isPretty = true;
- if (vm.count("repo-output") != 0)
- {
- isRepoOut = true;
- isStdOut = false;
- }
- else if (vm.count("dns-output") != 0)
- {
- // isDnsOut = true;
- isStdOut = false;
- std::cerr << "Error: DNS output is not supported yet!" << std::endl;
- return 1;
- }
+ if (vm.count("repo-output") != 0) {
+ isRepoOut = true;
+ isStdOut = false;
+ }
+ else if (vm.count("dns-output") != 0) {
+ // isDnsOut = true;
+ isStdOut = false;
+ std::cerr << "Error: DNS output is not supported yet!" << std::endl;
+ return 1;
+ }
- if (isPretty && !isStdOut)
- {
- std::cerr << "Error: pretty option can only be specified when other "
- << "output option is specified" << std::endl;
- return 1;
- }
+ if (isPretty && !isStdOut) {
+ std::cerr << "Error: pretty option can only be specified when other "
+ << "output option is specified" << std::endl;
+ return 1;
+ }
- shared_ptr<IdentityCertificate> certificate;
+ shared_ptr<v1::IdentityCertificate> certificate;
KeyChain keyChain;
- if (isIdentityName || isKeyName || isCertName)
- {
- if (isIdentityName)
- {
- Name certName = keyChain.getDefaultCertificateNameForIdentity(name);
- certificate = keyChain.getCertificate(certName);
- }
- else if (isKeyName)
- {
- Name certName = keyChain.getDefaultCertificateNameForKey(name);
- certificate = keyChain.getCertificate(certName);
- }
- else
- certificate = keyChain.getCertificate(name);
+ if (isIdentityName || isKeyName || isCertName) {
+ if (isIdentityName) {
+ Name certName = keyChain.getDefaultCertificateNameForIdentity(name);
+ certificate = keyChain.getCertificate(certName);
+ }
+ else if (isKeyName) {
+ Name certName = keyChain.getDefaultCertificateNameForKey(name);
+ certificate = keyChain.getCertificate(certName);
+ }
+ else
+ certificate = keyChain.getCertificate(name);
- if (!static_cast<bool>(certificate))
- {
- std::cerr << "No certificate found!" << std::endl;
- return 1;
- }
+ if (!static_cast<bool>(certificate)) {
+ std::cerr << "No certificate found!" << std::endl;
+ return 1;
}
- else
- {
- certificate = getIdentityCertificate(name);
- if (!static_cast<bool>(certificate))
- {
- std::cerr << "No certificate read!" << std::endl;
- return 1;
- }
- }
+ }
+ else {
+ certificate = getIdentityCertificate(name);
+ if (!static_cast<bool>(certificate))
+ {
+ std::cerr << "No certificate read!" << std::endl;
+ return 1;
+ }
+ }
- if (isPretty)
- {
- std::cout << *certificate << std::endl;
+ if (isPretty) {
+ std::cout << *certificate << std::endl;
+ }
+ else {
+ if (isStdOut) {
+ io::save(*certificate, std::cout);
+ return 0;
}
- else
- {
- if (isStdOut)
- {
- io::save(*certificate, std::cout);
- return 0;
- }
- if (isRepoOut)
- {
- using namespace boost::asio::ip;
- tcp::iostream request_stream;
- request_stream.expires_from_now(boost::posix_time::milliseconds(3000));
- request_stream.connect(repoHost, repoPort);
- if (!request_stream)
- {
- std::cerr << "fail to open the stream!" << std::endl;
- return 1;
- }
- request_stream.write(reinterpret_cast<const char*>(certificate->wireEncode().wire()),
- certificate->wireEncode().size());
+ if (isRepoOut) {
+ using namespace boost::asio::ip;
+ tcp::iostream request_stream;
+ request_stream.expires_from_now(boost::posix_time::milliseconds(3000));
+ request_stream.connect(repoHost, repoPort);
+ if (!request_stream) {
+ std::cerr << "fail to open the stream!" << std::endl;
+ return 1;
+ }
+ request_stream.write(reinterpret_cast<const char*>(certificate->wireEncode().wire()),
+ certificate->wireEncode().size());
- return 0;
- }
+ return 0;
}
+ }
return 0;
}
diff --git a/tools/ndnsec/cert-gen.hpp b/tools/ndnsec/cert-gen.hpp
index 0016333..04da040 100644
--- a/tools/ndnsec/cert-gen.hpp
+++ b/tools/ndnsec/cert-gen.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -34,6 +34,7 @@
using namespace ndn;
using namespace ndn::time;
+ using namespace ndn::security;
namespace po = boost::program_options;
KeyChain keyChain;
@@ -107,8 +108,8 @@
return 1;
}
- std::vector<CertificateSubjectDescription> subjectDescription;
- subjectDescription.push_back(CertificateSubjectDescription(oid::ATTRIBUTE_NAME, subjectName));
+ std::vector<v1::CertificateSubjectDescription> subjectDescription;
+ subjectDescription.push_back(v1::CertificateSubjectDescription(oid::ATTRIBUTE_NAME, subjectName));
// 'subjectInfo' is deprecated and the following block will be removed eventually
tokenizer<escaped_list_separator<char> > subjectInfoItems
@@ -130,7 +131,7 @@
std::string value = *it;
- subjectDescription.push_back(CertificateSubjectDescription(OID(oid), value));
+ subjectDescription.push_back(v1::CertificateSubjectDescription(Oid(oid), value));
it++;
}
@@ -143,10 +144,10 @@
std::cerr << "ERROR: incorrectly formatted signed info block [" << *info << "]" << std::endl;
return 1;
}
- OID oid(info->substr(0, pos));
+ Oid oid(info->substr(0, pos));
std::string value = info->substr(pos + 1);
- subjectDescription.push_back(CertificateSubjectDescription(oid, value));
+ subjectDescription.push_back(v1::CertificateSubjectDescription(oid, value));
}
system_clock::TimePoint notBefore;
@@ -188,7 +189,7 @@
return 1;
}
- shared_ptr<IdentityCertificate> selfSignedCertificate
+ shared_ptr<v1::IdentityCertificate> selfSignedCertificate
= getIdentityCertificate(requestFile);
if (!static_cast<bool>(selfSignedCertificate))
@@ -199,7 +200,7 @@
Name keyName = selfSignedCertificate->getPublicKeyName();
- shared_ptr<IdentityCertificate> certificate =
+ shared_ptr<v1::IdentityCertificate> certificate =
keyChain.prepareUnsignedIdentityCertificate(keyName, selfSignedCertificate->getPublicKeyInfo(),
signId, notBefore, notAfter,
subjectDescription, certPrefix);
@@ -219,17 +220,13 @@
Block wire = certificate->wireEncode();
- try
- {
- using namespace CryptoPP;
- StringSource ss(wire.wire(), wire.size(), true,
- new Base64Encoder(new FileSink(std::cout), true, 64));
- }
- catch (const CryptoPP::Exception& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
+ try {
+ transform::bufferSource(wire.wire(), wire.size()) >> transform::base64Encode(true) >> transform::streamSink(std::cout);
+ }
+ catch (const transform::Error& e) {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ return 1;
+ }
return 0;
}
diff --git a/tools/ndnsec/cert-install.hpp b/tools/ndnsec/cert-install.hpp
index c8eb052..a1416ff 100644
--- a/tools/ndnsec/cert-install.hpp
+++ b/tools/ndnsec/cert-install.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -26,7 +26,6 @@
#include "util.hpp"
-
class HttpException : public std::runtime_error
{
public:
@@ -37,7 +36,7 @@
}
};
-ndn::shared_ptr<ndn::IdentityCertificate>
+ndn::shared_ptr<ndn::security::v1::IdentityCertificate>
getCertificateHttp(const std::string& host, const std::string& port, const std::string& path)
{
using namespace boost::asio::ip;
@@ -46,10 +45,9 @@
requestStream.expires_from_now(boost::posix_time::milliseconds(3000));
requestStream.connect(host, port);
- if (!static_cast<bool>(requestStream))
- {
- throw HttpException("HTTP connection error");
- }
+ if (!static_cast<bool>(requestStream)) {
+ throw HttpException("HTTP connection error");
+ }
requestStream << "GET " << path << " HTTP/1.0\r\n";
requestStream << "Host: " << host << "\r\n";
requestStream << "Accept: */*\r\n";
@@ -72,26 +70,23 @@
std::string statusMessage;
std::getline(responseStream, statusMessage);
- if (!static_cast<bool>(requestStream) || httpVersion.substr(0, 5) != "HTTP/")
- {
- throw HttpException("HTTP communication error");
- }
- if (statusCode != 200)
- {
- throw HttpException("HTTP server error");
- }
+ if (!static_cast<bool>(requestStream) || httpVersion.substr(0, 5) != "HTTP/") {
+ throw HttpException("HTTP communication error");
+ }
+ if (statusCode != 200) {
+ throw HttpException("HTTP server error");
+ }
std::string header;
while (std::getline(requestStream, header) && header != "\r")
;
ndn::OBufferStream os;
{
- using namespace CryptoPP;
- FileSource ss2(requestStream, true, new Base64Decoder(new FileSink(os)));
+ using namespace ndn::security::transform;
+ streamSource(requestStream) >> base64Decode(true) >> streamSink(os);
}
- ndn::shared_ptr<ndn::IdentityCertificate> identityCertificate =
- ndn::make_shared<ndn::IdentityCertificate>();
+ auto identityCertificate = std::make_shared<ndn::security::v1::IdentityCertificate>();
identityCertificate->wireDecode(ndn::Block(os.buf()));
return identityCertificate;
@@ -101,6 +96,7 @@
ndnsec_cert_install(int argc, char** argv)
{
using namespace ndn;
+ using namespace ndn::security;
namespace po = boost::program_options;
std::string certFileName;
@@ -122,107 +118,93 @@
p.add("cert-file", 1);
po::variables_map vm;
- try
- {
+ try {
po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
vm);
po::notify(vm);
}
- catch (const std::exception& e)
- {
+ catch (const std::exception& e) {
std::cerr << "ERROR: " << e.what() << std::endl;
return 1;
}
- if (vm.count("help") != 0)
- {
+ if (vm.count("help") != 0) {
std::cerr << description << std::endl;
return 0;
}
- if (vm.count("cert-file") == 0)
- {
- std::cerr << "cert_file must be specified" << std::endl;
- std::cerr << description << std::endl;
- return 1;
+ if (vm.count("cert-file") == 0) {
+ std::cerr << "cert_file must be specified" << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
+
+ if (vm.count("identity-default") != 0) {
+ isIdentityDefault = true;
+ isSystemDefault = false;
+ }
+ else if (vm.count("key-default") != 0) {
+ isKeyDefault = true;
+ isSystemDefault = false;
+ }
+ else if (vm.count("no-default") != 0) {
+ // noDefault = true;
+ isSystemDefault = false;
+ }
+
+ shared_ptr<v1::IdentityCertificate> cert;
+
+ if (certFileName.find("http://") == 0) {
+ std::string host;
+ std::string port;
+ std::string path;
+
+ size_t pos = 7; // offset of "http://"
+ size_t posSlash = certFileName.find("/", pos);
+
+ if (posSlash == std::string::npos)
+ throw HttpException("Request line is not correctly formatted");
+
+ size_t posPort = certFileName.find(":", pos);
+
+ if (posPort != std::string::npos && posPort < posSlash) {
+ // port is specified
+ port = certFileName.substr(posPort + 1, posSlash - posPort - 1);
+ host = certFileName.substr(pos, posPort - pos);
+ }
+ else {
+ port = "80";
+ host = certFileName.substr(pos, posSlash - pos);
}
- if (vm.count("identity-default") != 0)
- {
- isIdentityDefault = true;
- isSystemDefault = false;
- }
- else if (vm.count("key-default") != 0)
- {
- isKeyDefault = true;
- isSystemDefault = false;
- }
- else if (vm.count("no-default") != 0)
- {
- // noDefault = true;
- isSystemDefault = false;
- }
+ path = certFileName.substr(posSlash, certFileName.size () - posSlash);
- shared_ptr<IdentityCertificate> cert;
-
- if (certFileName.find("http://") == 0)
- {
- std::string host;
- std::string port;
- std::string path;
-
- size_t pos = 7; // offset of "http://"
- size_t posSlash = certFileName.find("/", pos);
-
- if (posSlash == std::string::npos)
- throw HttpException("Request line is not correctly formatted");
-
- size_t posPort = certFileName.find(":", pos);
-
- if (posPort != std::string::npos && posPort < posSlash) // port is specified
- {
- port = certFileName.substr(posPort + 1, posSlash - posPort - 1);
- host = certFileName.substr(pos, posPort - pos);
- }
- else
- {
- port = "80";
- host = certFileName.substr(pos, posSlash - pos);
- }
-
- path = certFileName.substr(posSlash, certFileName.size () - posSlash);
-
- cert = getCertificateHttp(host, port, path);
- }
- else
- {
- cert = getIdentityCertificate(certFileName);
- }
+ cert = getCertificateHttp(host, port, path);
+ }
+ else {
+ cert = getIdentityCertificate(certFileName);
+ }
if (!static_cast<bool>(cert))
return 1;
KeyChain keyChain;
- if (isSystemDefault)
- {
- keyChain.addCertificateAsIdentityDefault(*cert);
- Name keyName = cert->getPublicKeyName();
- Name identity = keyName.getSubName(0, keyName.size()-1);
- keyChain.setDefaultIdentity(identity);
- }
- else if (isIdentityDefault)
- {
- keyChain.addCertificateAsIdentityDefault(*cert);
- }
- else if (isKeyDefault)
- {
- keyChain.addCertificateAsKeyDefault(*cert);
- }
- else
- {
- keyChain.addCertificate(*cert);
- }
+ if (isSystemDefault) {
+ keyChain.addCertificateAsIdentityDefault(*cert);
+ Name keyName = cert->getPublicKeyName();
+ Name identity = keyName.getSubName(0, keyName.size()-1);
+ keyChain.setDefaultIdentity(identity);
+ }
+ else if (isIdentityDefault) {
+ keyChain.addCertificateAsIdentityDefault(*cert);
+ }
+ else if (isKeyDefault) {
+ keyChain.addCertificateAsKeyDefault(*cert);
+ }
+ else {
+ keyChain.addCertificate(*cert);
+ }
std::cerr << "OK: certificate with name ["
<< cert->getName().toUri()
diff --git a/tools/ndnsec/cert-revoke.hpp b/tools/ndnsec/cert-revoke.hpp
index c2b20c8..6aa8d02 100644
--- a/tools/ndnsec/cert-revoke.hpp
+++ b/tools/ndnsec/cert-revoke.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -30,6 +30,7 @@
ndnsec_cert_revoke(int argc, char** argv)
{
using namespace ndn;
+ using namespace ndn::security;
namespace po = boost::program_options;
KeyChain keyChain;
@@ -56,136 +57,118 @@
p.add("request", 1);
po::variables_map vm;
- try
- {
- po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
- vm);
- po::notify(vm);
- }
- catch (const std::exception& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
+ try {
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
+ po::notify(vm);
+ }
+ catch (const std::exception& e) {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ return 1;
+ }
- if (vm.count("help") != 0)
- {
- std::cerr << description << std::endl;
- return 0;
- }
+ if (vm.count("help") != 0) {
+ std::cerr << description << std::endl;
+ return 0;
+ }
hasSignId = (vm.count("sign-id") != 0);
- if (vm.count("request") == 0)
- {
- std::cerr << "request file must be specified" << std::endl;
- return 1;
- }
+ if (vm.count("request") == 0) {
+ std::cerr << "request file must be specified" << std::endl;
+ return 1;
+ }
- shared_ptr<IdentityCertificate> revokedCertificate
- = getIdentityCertificate(requestFile);
+ shared_ptr<v1::IdentityCertificate> revokedCertificate = getIdentityCertificate(requestFile);
- if (!static_cast<bool>(revokedCertificate))
- {
- std::cerr << "ERROR: input error" << std::endl;
- return 1;
- }
+ if (!static_cast<bool>(revokedCertificate)) {
+ std::cerr << "ERROR: input error" << std::endl;
+ return 1;
+ }
Block wire;
- try
- {
- Name keyName;
+ try {
+ Name keyName;
- if (hasSignId) {
- keyName = keyChain.getDefaultKeyNameForIdentity(signId);
- }
- else {
- const Signature& signature = revokedCertificate->getSignature();
- if (!signature.hasKeyLocator() ||
- signature.getKeyLocator().getType() != KeyLocator::KeyLocator_Name)
- {
- std::cerr << "ERROR: Invalid certificate to revoke" << std::endl;
- return 1;
- }
-
- keyName = IdentityCertificate::certificateNameToPublicKeyName(
- signature.getKeyLocator().getName());
- }
-
- Name certName;
- if (certPrefix == KeyChain::DEFAULT_PREFIX) {
- certName = revokedCertificate->getName().getPrefix(-1);
- }
- else {
- Name revokedKeyName = revokedCertificate->getPublicKeyName();
-
- if (certPrefix.isPrefixOf(revokedKeyName) && certPrefix != revokedKeyName) {
- certName.append(certPrefix)
- .append("KEY")
- .append(revokedKeyName.getSubName(certPrefix.size()))
- .append("ID-CERT");
- }
- else {
- std::cerr << "ERROR: certificate prefix does not match the revoked certificate"
- << std::endl;
- return 1;
- }
- }
- certName
- .appendVersion()
- .append("REVOKED");
-
- Data revocationCert;
- revocationCert.setName(certName);
-
- if (keyChain.doesPublicKeyExist(keyName))
+ if (hasSignId) {
+ keyName = keyChain.getDefaultKeyNameForIdentity(signId);
+ }
+ else {
+ const Signature& signature = revokedCertificate->getSignature();
+ if (!signature.hasKeyLocator() ||
+ signature.getKeyLocator().getType() != KeyLocator::KeyLocator_Name)
{
- Name signingCertificateName = keyChain.getDefaultCertificateNameForKey(keyName);
- keyChain.sign(revocationCert,
- security::SigningInfo(security::SigningInfo::SIGNER_TYPE_CERT,
- signingCertificateName));
- }
- else
- {
- std::cerr << "ERROR: Cannot find the signing key!" << std::endl;
+ std::cerr << "ERROR: Invalid certificate to revoke" << std::endl;
return 1;
}
- wire = revocationCert.wireEncode();
+ keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(
+ signature.getKeyLocator().getName());
}
- catch (Signature::Error& e)
- {
- std::cerr << "ERROR: No valid signature!" << std::endl;
- return 1;
+
+ Name certName;
+ if (certPrefix == KeyChain::DEFAULT_PREFIX) {
+ certName = revokedCertificate->getName().getPrefix(-1);
}
- catch (KeyLocator::Error& e)
- {
- std::cerr << "ERROR: No valid KeyLocator!" << std::endl;
- return 1;
+ else {
+ Name revokedKeyName = revokedCertificate->getPublicKeyName();
+
+ if (certPrefix.isPrefixOf(revokedKeyName) && certPrefix != revokedKeyName) {
+ certName.append(certPrefix)
+ .append("KEY")
+ .append(revokedKeyName.getSubName(certPrefix.size()))
+ .append("ID-CERT");
+ }
+ else {
+ std::cerr << "ERROR: certificate prefix does not match the revoked certificate"
+ << std::endl;
+ return 1;
+ }
}
- catch (IdentityCertificate::Error& e)
- {
- std::cerr << "ERROR: Cannot determine the signing key!" << std::endl;
- return 1;
+ certName
+ .appendVersion()
+ .append("REVOKED");
+
+ Data revocationCert;
+ revocationCert.setName(certName);
+
+ if (keyChain.doesPublicKeyExist(keyName)) {
+ Name signingCertificateName = keyChain.getDefaultCertificateNameForKey(keyName);
+ keyChain.sign(revocationCert,
+ SigningInfo(SigningInfo::SIGNER_TYPE_CERT, signingCertificateName));
}
- catch (SecPublicInfo::Error& e)
- {
- std::cerr << "ERROR: Incomplete or corrupted PIB (" << e.what() << ")" << std::endl;
+ else {
+ std::cerr << "ERROR: Cannot find the signing key!" << std::endl;
return 1;
}
- try
- {
- using namespace CryptoPP;
- StringSource ss(wire.wire(), wire.size(), true,
- new Base64Encoder(new FileSink(std::cout), true, 64));
+ wire = revocationCert.wireEncode();
+ }
+ catch (const Signature::Error& e) {
+ std::cerr << "ERROR: No valid signature!" << std::endl;
+ return 1;
+ }
+ catch (const KeyLocator::Error& e) {
+ std::cerr << "ERROR: No valid KeyLocator!" << std::endl;
+ return 1;
+ }
+ catch (const v1::IdentityCertificate::Error& e) {
+ std::cerr << "ERROR: Cannot determine the signing key!" << std::endl;
+ return 1;
+ }
+ catch (const SecPublicInfo::Error& e) {
+ std::cerr << "ERROR: Incomplete or corrupted PIB (" << e.what() << ")" << std::endl;
+ return 1;
+ }
+
+ try {
+ transform::bufferSource(wire.wire(), wire.size()) >> transform::base64Encode(true) >> transform::streamSink(std::cout);
}
- catch (const CryptoPP::Exception& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
+ catch (const transform::Error& e) {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ return 1;
+ }
return 0;
}
diff --git a/tools/ndnsec/dsk-gen.hpp b/tools/ndnsec/dsk-gen.hpp
index 80a31ed..4f994c3 100644
--- a/tools/ndnsec/dsk-gen.hpp
+++ b/tools/ndnsec/dsk-gen.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -30,6 +30,7 @@
ndnsec_dsk_gen(int argc, char** argv)
{
using namespace ndn;
+ using namespace ndn::security;
namespace po = boost::program_options;
std::string identityName;
@@ -73,7 +74,7 @@
return 1;
}
- shared_ptr<IdentityCertificate> kskCert;
+ shared_ptr<v1::IdentityCertificate> kskCert;
Name signingCertName;
KeyChain keyChain;
@@ -92,14 +93,14 @@
}
if (isDefaultDsk) {
- shared_ptr<IdentityCertificate> dskCert = keyChain.getCertificate(defaultCertName);
+ shared_ptr<v1::IdentityCertificate> dskCert = keyChain.getCertificate(defaultCertName);
if (static_cast<bool>(dskCert)) {
SignatureSha256WithRsa sha256sig(dskCert->getSignature());
Name keyLocatorName = sha256sig.getKeyLocator().getName();
- Name kskName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
+ Name kskName = v1::IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
Name kskCertName = keyChain.getDefaultCertificateNameForKey(kskName);
signingCertName = kskCertName;
kskCert = keyChain.getCertificate(kskCertName);
@@ -153,7 +154,7 @@
.append("ID-CERT")
.appendVersion();
- shared_ptr<IdentityCertificate> certificate =
+ shared_ptr<v1::IdentityCertificate> certificate =
keyChain.prepareUnsignedIdentityCertificate(newKeyName,
Name(identityName),
kskCert->getNotBefore(),
diff --git a/tools/ndnsec/export.hpp b/tools/ndnsec/export.hpp
index 62933b8..cd0c786 100644
--- a/tools/ndnsec/export.hpp
+++ b/tools/ndnsec/export.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -49,31 +49,27 @@
p.add("identity", 1);
po::variables_map vm;
- try
- {
- po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
- vm);
- po::notify(vm);
- }
- catch (const std::exception& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- std::cerr << description << std::endl;
- return 1;
- }
+ try {
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
+ po::notify(vm);
+ }
+ catch (const std::exception& e) {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
- if (vm.count("help") != 0)
- {
- std::cerr << description << std::endl;
- return 0;
- }
+ if (vm.count("help") != 0) {
+ std::cerr << description << std::endl;
+ return 0;
+ }
- if (vm.count("identity") == 0)
- {
- std::cerr << "ERROR: identity must be specified" << std::endl;
- std::cerr << description << std::endl;
- return 1;
- }
+ if (vm.count("identity") == 0) {
+ std::cerr << "ERROR: identity must be specified" << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
if (vm.count("private") != 0)
isPrivateExport = true;
@@ -82,54 +78,48 @@
output = "-";
Name identity(identityStr);
- if (!isPrivateExport)
- {
+ if (!isPrivateExport) {
+ KeyChain keyChain;
+ shared_ptr<security::v1::IdentityCertificate> cert
+ = keyChain.getCertificate(keyChain.getDefaultCertificateNameForIdentity(identity));
+
+ if (output == "-")
+ io::save(*cert, std::cout);
+ else
+ io::save(*cert, output);
+
+ return 0;
+ }
+ else {
+ Block wire;
+ try {
KeyChain keyChain;
- shared_ptr<IdentityCertificate> cert
- = keyChain.getCertificate(keyChain.getDefaultCertificateNameForIdentity(identity));
- if (output == "-")
- io::save(*cert, std::cout);
- else
- io::save(*cert, output);
-
- return 0;
- }
- else
- {
- Block wire;
- try
- {
- KeyChain keyChain;
-
- int count = 3;
- while (!getPassword(exportPassword, "Passphrase for the private key: "))
- {
- count--;
- if (count <= 0)
- {
- std::cerr << "ERROR: invalid password" << std::endl;
- memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
- return 1;
- }
- }
- shared_ptr<SecuredBag> securedBag = keyChain.exportIdentity(identity, exportPassword);
- memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
-
- if (output == "-")
- io::save(*securedBag, std::cout);
- else
- io::save(*securedBag, output);
-
- return 0;
- }
- catch (const std::runtime_error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
+ int count = 3;
+ while (!getPassword(exportPassword, "Passphrase for the private key: ")) {
+ count--;
+ if (count <= 0) {
+ std::cerr << "ERROR: invalid password" << std::endl;
memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
return 1;
}
+ }
+ shared_ptr<SecuredBag> securedBag = keyChain.exportIdentity(identity, exportPassword);
+ memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
+
+ if (output == "-")
+ io::save(*securedBag, std::cout);
+ else
+ io::save(*securedBag, output);
+
+ return 0;
}
+ catch (const std::runtime_error& e) {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
+ return 1;
+ }
+ }
}
#endif // NDN_TOOLS_NDNSEC_EXPORT_HPP
diff --git a/tools/ndnsec/key-gen.hpp b/tools/ndnsec/key-gen.hpp
index 16ce9c2..1384ac8 100644
--- a/tools/ndnsec/key-gen.hpp
+++ b/tools/ndnsec/key-gen.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -110,7 +110,7 @@
keyChain.setDefaultKeyNameForIdentity(keyName);
- shared_ptr<IdentityCertificate> identityCert = keyChain.selfSign(keyName);
+ shared_ptr<security::v1::IdentityCertificate> identityCert = keyChain.selfSign(keyName);
if (isDefault)
keyChain.setDefaultIdentity(Name(identityName));
diff --git a/tools/ndnsec/list.hpp b/tools/ndnsec/list.hpp
index 90b4757..8a750f2 100644
--- a/tools/ndnsec/list.hpp
+++ b/tools/ndnsec/list.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -40,7 +40,7 @@
std::cout << certName << std::endl;
if (verboseLevel >= 3) {
- ndn::shared_ptr<ndn::IdentityCertificate> certificate = keyChain.getCertificate(certName);
+ ndn::shared_ptr<ndn::security::v1::IdentityCertificate> certificate = keyChain.getCertificate(certName);
if (static_cast<bool>(certificate))
certificate->printCertificate(std::cout, " ");
}
diff --git a/tools/ndnsec/sign-req.hpp b/tools/ndnsec/sign-req.hpp
index d3ec904..bb8906e 100644
--- a/tools/ndnsec/sign-req.hpp
+++ b/tools/ndnsec/sign-req.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -30,6 +30,7 @@
ndnsec_sign_req(int argc, char** argv)
{
using namespace ndn;
+ using namespace ndn::security;
namespace po = boost::program_options;
std::string name;
@@ -75,7 +76,7 @@
if (vm.count("key") != 0)
isKeyName = true;
- shared_ptr<IdentityCertificate> selfSignCert;
+ shared_ptr<v1::IdentityCertificate> selfSignCert;
KeyChain keyChain;
diff --git a/tools/ndnsec/util.hpp b/tools/ndnsec/util.hpp
index 253f170..696d348 100644
--- a/tools/ndnsec/util.hpp
+++ b/tools/ndnsec/util.hpp
@@ -37,9 +37,6 @@
#include <boost/asio.hpp>
#include <boost/exception/all.hpp>
-
-#include "security/cryptopp.hpp"
-
#include "security/key-chain.hpp"
#include "util/io.hpp"
@@ -84,14 +81,14 @@
#endif // NDN_CXX_HAVE_GETPASS
}
-ndn::shared_ptr<ndn::IdentityCertificate>
+ndn::shared_ptr<ndn::security::v1::IdentityCertificate>
getIdentityCertificate(const std::string& fileName)
{
if (fileName == "-")
- return ndn::io::load<ndn::IdentityCertificate>(std::cin);
+ return ndn::io::load<ndn::security::v1::IdentityCertificate>(std::cin);
else
- return ndn::io::load<ndn::IdentityCertificate>(fileName);
+ return ndn::io::load<ndn::security::v1::IdentityCertificate>(fileName);
}