tools: Convert ndnsec to v2::KeyChain
This commit removes the following tools:
- cert-revoke (wasn't working properly before and need a new
design)
- set-acl (wasn't working before)
- dsk-gen (no longer makes sense with the new certificate naming
conventions, new tools for creating derivative certificates will
be created later)
This commit also fixes Bug #3644 causing import command to ask for
unnecessary password confirmation.
ndnsec main now catch all exceptions logs the extended message
Change-Id: Ib50e0994970020bcf0a1840aca6bc3942818094b
Refs: #3098, #3644
diff --git a/tools/ndnsec/export.cpp b/tools/ndnsec/export.cpp
index 9b7a0e9..4de938e 100644
--- a/tools/ndnsec/export.cpp
+++ b/tools/ndnsec/export.cpp
@@ -28,20 +28,17 @@
int
ndnsec_export(int argc, char** argv)
{
- using namespace ndn;
namespace po = boost::program_options;
- std::string identityStr;
+ Name identityName;
std::string output;
std::string exportPassword;
- bool isPrivateExport = false;
po::options_description description("General Usage\n ndnsec export [-h] [-o output] [-p] identity \nGeneral options");
description.add_options()
("help,h", "Produce help message")
("output,o", po::value<std::string>(&output), "(Optional) output file, stdout if not specified")
- ("private,p", "export info contains private key")
- ("identity,i", po::value<std::string>(&identityStr), "Identity to export")
+ ("identity,i", po::value<Name>(&identityName), "Identity to export")
;
po::positional_options_description p;
@@ -69,55 +66,39 @@
return 1;
}
- if (vm.count("private") != 0)
- isPrivateExport = true;
-
if (vm.count("output") == 0)
output = "-";
- Name identity(identityStr);
- if (!isPrivateExport) {
- security::v1::KeyChain keyChain;
- shared_ptr<security::v1::IdentityCertificate> cert =
- keyChain.getCertificate(keyChain.getDefaultCertificateNameForIdentity(identity));
+ try {
+ int count = 3;
+ while (!getPassword(exportPassword, "Passphrase for the private key: ")) {
+ count--;
+ if (count <= 0) {
+ std::cerr << "ERROR: invalid password" << std::endl;
+ memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
+ return 1;
+ }
+ }
+
+ security::v2::KeyChain keyChain;
+ security::Identity id = keyChain.getPib().getIdentity(identityName);
+
+ // @TODO export all certificates, selected key pair, selected certificate
+ shared_ptr<security::SafeBag> safeBag = keyChain.exportSafeBag(id.getDefaultKey().getDefaultCertificate(),
+ exportPassword.c_str(), exportPassword.size());
+ memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
if (output == "-")
- io::save(*cert, std::cout);
+ io::save(*safeBag, std::cout);
else
- io::save(*cert, output);
+ io::save(*safeBag, output);
return 0;
}
- else {
- Block wire;
- try {
- security::v1::KeyChain keyChain;
-
- int count = 3;
- while (!getPassword(exportPassword, "Passphrase for the private key: ")) {
- count--;
- if (count <= 0) {
- std::cerr << "ERROR: invalid password" << std::endl;
- memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
- return 1;
- }
- }
- shared_ptr<security::v1::SecuredBag> securedBag =
- keyChain.exportIdentity(identity, exportPassword);
- memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
-
- if (output == "-")
- io::save(*securedBag, std::cout);
- else
- io::save(*securedBag, output);
-
- return 0;
- }
- catch (const std::runtime_error& e) {
- std::cerr << "ERROR: " << e.what() << std::endl;
- memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
- return 1;
- }
+ catch (const std::runtime_error& e) {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
+ return 1;
}
}