security: Add a wrapper for export/import information.
Change-Id: I5c226b44573cafdbe8ab7cf1dfe2324f0bc96d54
diff --git a/tools/ndnsec-export.hpp b/tools/ndnsec-export.hpp
index c7753f3..ca3662f 100644
--- a/tools/ndnsec-export.hpp
+++ b/tools/ndnsec-export.hpp
@@ -19,11 +19,13 @@
std::string identityStr;
std::string output;
std::string exportPassword;
+ bool privateExport = false;
- po::options_description desc("General Usage\n ndnsec export [-h] [-o output] identity \nGeneral options");
+ po::options_description desc("General Usage\n ndnsec export [-h] [-o output] [-p] identity \nGeneral options");
desc.add_options()
("help,h", "Produce help message")
("output,o", po::value<std::string>(&output), "(Optional) output file, stdout if not specified")
+ ("private,p", "export info contains private key")
("identity,i", po::value<std::string>(&identityStr), "Identity to export")
;
@@ -48,83 +50,89 @@
return 0;
}
+ if (vm.count("private"))
+ privateExport = true;
+
if (!vm.count("output"))
output = "-";
- Block wire;
Name identity(identityStr);
-
- try
+ if(!privateExport)
{
- KeyChain keyChain;
-
- int count = 3;
- while(!getPassword(exportPassword, "Passphrase for the private key: "))
+ try
{
- count--;
- if(count <= 0)
- {
- std::cerr << "ERROR: invalid password" << std::endl;
- memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
- return 1;
- }
+ KeyChain keyChain;
+ shared_ptr<IdentityCertificate> cert = keyChain.getCertificate(keyChain.getDefaultCertificateNameForIdentity(identity));
+ if(output == "-")
+ io::save(*cert, std::cout);
+ else
+ io::save(*cert, output);
+
+ return 0;
}
- wire = keyChain.exportIdentity(identity, exportPassword);
- memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
- wire.encode();
+ catch(SecPublicInfo::Error& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ return 1;
+ }
+ catch(SecTpm::Error& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ return 1;
+ }
+ catch(io::Error& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ return 1;
+ }
}
- catch(Block::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
- return 1;
- }
- catch(SecPublicInfo::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
- return 1;
- }
- catch(SecTpm::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
- return 1;
- }
-
- std::ostream* ofs;
- std::ostream* ffs = 0;
- if(output == "-")
- ofs = &std::cout;
else
{
- ofs = new std::ofstream(output.c_str());
- ffs = ofs;
+ Block wire;
+ try
+ {
+ KeyChain keyChain;
+
+ int count = 3;
+ while(!getPassword(exportPassword, "Passphrase for the private key: "))
+ {
+ count--;
+ if(count <= 0)
+ {
+ std::cerr << "ERROR: invalid password" << std::endl;
+ memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
+ return 1;
+ }
+ }
+ shared_ptr<SecuredBag> securedBag = keyChain.exportIdentity(identity, exportPassword);
+ memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
+
+ if(output == "-")
+ io::save(*securedBag, std::cout);
+ else
+ io::save(*securedBag, output);
+
+ return 0;
+ }
+ catch(io::Error& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
+ return 1;
+ }
+ catch(SecPublicInfo::Error& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
+ return 1;
+ }
+ catch(SecTpm::Error& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
+ return 1;
+ }
}
-
- try
- {
- using namespace CryptoPP;
-
- StringSource ss(wire.wire(), wire.size(), true,
- new Base64Encoder(new FileSink(*ofs), true, 64));
- if(ffs)
- delete ffs;
- ffs = 0;
- ofs = 0;
- }
- catch(CryptoPP::Exception& e)
- {
- if(ffs)
- delete ffs;
- ffs = 0;
- ofs = 0;
-
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
-
- return 0;
}
#endif //NDNSEC_EXPORT_HPP
diff --git a/tools/ndnsec-import.hpp b/tools/ndnsec-import.hpp
index b73e1cf..16c2f95 100644
--- a/tools/ndnsec-import.hpp
+++ b/tools/ndnsec-import.hpp
@@ -18,11 +18,13 @@
std::string input;
std::string importPassword;
+ bool privateImport = false;
- po::options_description desc("General Usage\n ndnsec import [-h] input \nGeneral options");
+ po::options_description desc("General Usage\n ndnsec import [-h] [-p] input \nGeneral options");
desc.add_options()
("help,h", "produce help message")
- ("input,i", po::value<std::string>(&input), "input source, stdin if not specified")
+ ("private,p", "import info contains private key")
+ ("input,i", po::value<std::string>(&input), "input source, stdin if -")
;
po::positional_options_description p;
@@ -46,61 +48,61 @@
return 0;
}
- if (!vm.count("input"))
- input = "-";
+ if (vm.count("private"))
+ privateImport = true;
- KeyChain keyChain;
-
- OBufferStream os;
- std::istream* ifs;
- if(input == "-")
- ifs = &std::cin;
+ if(!privateImport)
+ {
+ std::cerr << "You are trying to import certificate!\nPlease use ndnsec cert-install!" << std::endl;
+ return 1;
+ }
else
- ifs = new std::ifstream(input.c_str());
-
- {
- using namespace CryptoPP;
- FileSource ss(*ifs, true, new Base64Decoder(new FileSink(os)));
- }
-
- try
{
- Block wire(os.buf());
-
- int count = 3;
- while(!getPassword(importPassword, "Passphrase for the private key: "))
+ try
{
- count--;
- if(count <= 0)
- {
- std::cerr << "ERROR: Fail to get password" << std::endl;
- memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
- return 1;
- }
- }
- keyChain.importIdentity(wire, importPassword);
- memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
- }
- catch(Block::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
- return 1;
- }
- catch(SecPublicInfo::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
- return 1;
- }
- catch(SecTpm::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
- return 1;
- }
+ KeyChain keyChain;
- return 0;
+ shared_ptr<SecuredBag> securedBag;
+ if(input == "-")
+ securedBag = io::load<SecuredBag>(std::cin);
+ else
+ securedBag = io::load<SecuredBag>(input);
+
+ int count = 3;
+ while(!getPassword(importPassword, "Passphrase for the private key: "))
+ {
+ count--;
+ if(count <= 0)
+ {
+ std::cerr << "ERROR: Fail to get password" << std::endl;
+ memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
+ return 1;
+ }
+ }
+ keyChain.importIdentity(*securedBag, importPassword);
+ memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
+ }
+ catch(io::Error& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
+ return 1;
+ }
+ catch(SecPublicInfo::Error& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
+ return 1;
+ }
+ catch(SecTpm::Error& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
+ return 1;
+ }
+
+ return 0;
+ }
}
#endif //NDNSEC_IMPORT_HPP
diff --git a/tools/ndnsec-util.hpp b/tools/ndnsec-util.hpp
index 2827023..f2fc390 100644
--- a/tools/ndnsec-util.hpp
+++ b/tools/ndnsec-util.hpp
@@ -26,6 +26,7 @@
#include <cryptopp/files.h>
#include "security/key-chain.hpp"
+#include "util/io.hpp"
bool
getPassword(std::string& password, const std::string& prompt)
@@ -67,54 +68,11 @@
ndn::shared_ptr<ndn::IdentityCertificate>
getIdentityCertificate(const std::string& fileName)
{
- std::istream* ifs;
- std::istream* ffs = 0;
- if(fileName == "-")
- ifs = &std::cin;
- else
- {
- ifs = new std::ifstream(fileName.c_str());
- ffs = ifs;
- }
- ndn::OBufferStream os;
- try
- {
- CryptoPP::FileSource ss2(*ifs, true, new CryptoPP::Base64Decoder(new CryptoPP::FileSink(os)));
-
- if(ffs)
- delete ffs;
- ffs = 0;
- ifs = 0;
-
- }
- catch(const CryptoPP::Exception& e)
- {
- if(ffs)
- delete ffs;
- ffs = 0;
- ifs = 0;
-
- std::cerr << "ERROR: " << e.what() << std::endl;
- return ndn::shared_ptr<ndn::IdentityCertificate>();
- }
-
- try
- {
- ndn::shared_ptr<ndn::IdentityCertificate> identityCertificate = ndn::make_shared<ndn::IdentityCertificate>();
- identityCertificate->wireDecode(ndn::Block(os.buf()));
- return identityCertificate;
- }
- catch(const ndn::SecPublicInfo::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return ndn::shared_ptr<ndn::IdentityCertificate>();
- }
- catch(const ndn::SecTpm::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return ndn::shared_ptr<ndn::IdentityCertificate>();
- }
+ if(fileName == "-")
+ return ndn::io::load<ndn::IdentityCertificate>(std::cin);
+ else
+ return ndn::io::load<ndn::IdentityCertificate>(fileName);
}
#endif //NDNSEC_UTIL_HPP