tools: Convert ndnsec to v2::KeyChain
This commit removes the following tools:
- cert-revoke (wasn't working properly before and need a new
design)
- set-acl (wasn't working before)
- dsk-gen (no longer makes sense with the new certificate naming
conventions, new tools for creating derivative certificates will
be created later)
This commit also fixes Bug #3644 causing import command to ask for
unnecessary password confirmation.
ndnsec main now catch all exceptions logs the extended message
Change-Id: Ib50e0994970020bcf0a1840aca6bc3942818094b
Refs: #3098, #3644
diff --git a/tools/ndnsec/cert-install.cpp b/tools/ndnsec/cert-install.cpp
index 72a82bd..c506a53 100644
--- a/tools/ndnsec/cert-install.cpp
+++ b/tools/ndnsec/cert-install.cpp
@@ -35,7 +35,7 @@
}
};
-shared_ptr<security::v1::IdentityCertificate>
+security::v2::Certificate
getCertificateHttp(const std::string& host, const std::string& port, const std::string& path)
{
using namespace boost::asio::ip;
@@ -84,17 +84,12 @@
streamSource(requestStream) >> base64Decode(true) >> streamSink(os);
}
- auto identityCertificate = std::make_shared<security::v1::IdentityCertificate>();
- identityCertificate->wireDecode(ndn::Block(os.buf()));
-
- return identityCertificate;
+ return security::v2::Certificate(Block(os.buf()));
}
int
ndnsec_cert_install(int argc, char** argv)
{
- using namespace ndn;
- using namespace ndn::security;
namespace po = boost::program_options;
std::string certFileName;
@@ -149,8 +144,9 @@
isSystemDefault = false;
}
- shared_ptr<security::v1::IdentityCertificate> cert;
+ security::v2::Certificate cert;
+ try {
if (certFileName.find("http://") == 0) {
std::string host;
std::string port;
@@ -179,32 +175,42 @@
cert = getCertificateHttp(host, port, path);
}
else {
- cert = getIdentityCertificate(certFileName);
+ cert = loadCertificate(certFileName);
+ }
+ }
+ catch (const CannotLoadCertificate&) {
+ std::cerr << "ERROR: Cannot load the certificate " << certFileName << std::endl;
+ return 1;
}
- if (cert == nullptr)
- return 1;
+ security::v2::KeyChain keyChain;
+ security::Identity id;
+ security::Key key;
+ try {
+ id = keyChain.getPib().getIdentity(cert.getIdentity());
+ key = id.getKey(cert.getKeyName());
+ }
+ catch (const security::Pib::Error& e) {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ }
- security::v1::KeyChain keyChain;
+ keyChain.addCertificate(key, cert);
if (isSystemDefault) {
- keyChain.addCertificateAsIdentityDefault(*cert);
- Name keyName = cert->getPublicKeyName();
- Name identity = keyName.getSubName(0, keyName.size() - 1);
- keyChain.setDefaultIdentity(identity);
+ keyChain.setDefaultIdentity(id);
+ keyChain.setDefaultKey(id, key);
+ keyChain.setDefaultCertificate(key, cert);
}
else if (isIdentityDefault) {
- keyChain.addCertificateAsIdentityDefault(*cert);
+ keyChain.setDefaultKey(id, key);
+ keyChain.setDefaultCertificate(key, cert);
}
else if (isKeyDefault) {
- keyChain.addCertificateAsKeyDefault(*cert);
- }
- else {
- keyChain.addCertificate(*cert);
+ keyChain.setDefaultCertificate(key, cert);
}
- std::cerr << "OK: certificate with name [" << cert->getName().toUri()
- << "] has been successfully installed" << std::endl;
+ std::cerr << "OK: certificate with name [" << cert.getName().toUri() << "] "
+ << "has been successfully installed" << std::endl;
return 0;
}