security: Correct code style for ndnsec and add command-line exception handling
Change-Id: I68de24c3fb2af5decd57b790ccbfc908dc0c8332
diff --git a/tools/ndnsec-dsk-gen.hpp b/tools/ndnsec-dsk-gen.hpp
index b7d95e8..08332ee 100644
--- a/tools/ndnsec-dsk-gen.hpp
+++ b/tools/ndnsec-dsk-gen.hpp
@@ -10,7 +10,7 @@
#include "ndnsec-util.hpp"
-int
+int
ndnsec_dsk_gen(int argc, char** argv)
{
using namespace ndn;
@@ -20,8 +20,8 @@
char keyType = 'r';
int keySize = 2048;
- po::options_description desc("General Usage\n ndnsec dsk-gen [-h] identity\nGeneral options");
- desc.add_options()
+ po::options_description description("General Usage\n ndnsec dsk-gen [-h] identity\nGeneral options");
+ description.add_options()
("help,h", "produce help message")
("identity,i", po::value<std::string>(&identityName), "identity name, for example, /ndn/ucla.edu/alice")
// ("type,t", po::value<char>(&keyType)->default_value('r'), "optional, key type, r for RSA key (default)")
@@ -32,128 +32,112 @@
p.add("identity", 1);
po::variables_map vm;
- po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
- po::notify(vm);
-
- if (vm.count("help"))
+ try
{
- std::cerr << desc << std::endl;
+ po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+ vm);
+ po::notify(vm);
+ }
+ catch (const std::exception& e)
+ {
+ std::cerr << "ERROR: " << e.what() << std::endl;
+ std::cerr << description << std::endl;
+ return 1;
+ }
+
+ if (vm.count("help") != 0)
+ {
+ std::cerr << description << std::endl;
return 0;
}
- if (0 == vm.count("identity"))
+ if (vm.count("identity") == 0)
{
std::cerr << "identity must be specified" << std::endl;
- std::cerr << desc << std::endl;
+ std::cerr << description << std::endl;
return 1;
}
shared_ptr<IdentityCertificate> kskCert;
Name signingCertName;
- try
+
+ KeyChain keyChain;
+
+ Name defaultCertName = keyChain.getDefaultCertificateNameForIdentity(identityName);
+ bool isDefaultDsk = false;
+ if (defaultCertName.get(-3).toEscapedString().substr(0,4) == "dsk-")
+ isDefaultDsk = true;
+
+ if (isDefaultDsk)
{
- KeyChain keyChain;
+ shared_ptr<IdentityCertificate> dskCert = keyChain.getCertificate(defaultCertName);
+ SignatureSha256WithRsa sha256sig(dskCert->getSignature());
- Name defaultCertName = keyChain.getDefaultCertificateNameForIdentity(identityName);
- bool isDefaultDsk = false;
- if(defaultCertName.get(-3).toEscapedString().substr(0,4) == "dsk-")
- isDefaultDsk = true;
+ Name keyLocatorName = sha256sig.getKeyLocator().getName(); // will throw exception if keylocator is absent or it is not a name
- if(isDefaultDsk)
- {
- shared_ptr<IdentityCertificate> dskCert = keyChain.getCertificate(defaultCertName);
- SignatureSha256WithRsa sha256sig(dskCert->getSignature());
-
- Name keyLocatorName = sha256sig.getKeyLocator().getName(); // will throw exception if keylocator is absent or it is not a name
-
- Name kskName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
- Name kskCertName = keyChain.getDefaultCertificateNameForKey(kskName);
- signingCertName = kskCertName;
- kskCert = keyChain.getCertificate(kskCertName);
- }
- else
- {
- signingCertName = defaultCertName;
- kskCert = keyChain.getCertificate(defaultCertName);
- }
+ Name kskName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
+ Name kskCertName = keyChain.getDefaultCertificateNameForKey(kskName);
+ signingCertName = kskCertName;
+ kskCert = keyChain.getCertificate(kskCertName);
}
- catch(SignatureSha256WithRsa::Error& e)
+ else
{
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
- catch(KeyLocator::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
- catch(SecPublicInfo::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
+ signingCertName = defaultCertName;
+ kskCert = keyChain.getCertificate(defaultCertName);
}
- if(!static_cast<bool>(kskCert))
+ if (!static_cast<bool>(kskCert))
{
std::cerr << "ERROR: no KSK certificate." << std::endl;
return 1;
}
- try
+ Name newKeyName;
+ switch (keyType)
{
- KeyChain keyChain;
- Name newKeyName;
- switch(keyType)
- {
- case 'r':
+ case 'r':
+ {
+ newKeyName = keyChain.generateRSAKeyPair(Name(identityName), false, keySize);
+ if (0 == newKeyName.size())
{
- newKeyName = keyChain.generateRSAKeyPair(Name(identityName), false, keySize);
- if(0 == newKeyName.size())
- {
- std::cerr << "fail to generate key!" << std::endl;
- return 1;
- }
- break;
+ std::cerr << "fail to generate key!" << std::endl;
+ return 1;
}
- default:
- std::cerr << "Unrecongized key type" << "\n";
- std::cerr << desc << std::endl;
- return 1;
- }
-
- Name certName = newKeyName.getPrefix(-1);
- certName.append("KEY").append(newKeyName.get(-1)).append("ID-CERT").appendVersion();
-
- shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>();
- certificate->setName(certName);
- certificate->setNotBefore(kskCert->getNotBefore());
- certificate->setNotAfter(kskCert->getNotAfter());
-
- certificate->setPublicKeyInfo(*keyChain.getPublicKey(newKeyName));
-
- const std::vector<CertificateSubjectDescription>& subList = kskCert->getSubjectDescriptionList();
- std::vector<CertificateSubjectDescription>::const_iterator it = subList.begin();
- for(; it != subList.end(); it++)
- certificate->addSubjectDescription(*it);
-
- certificate->encode();
-
- keyChain.sign(*certificate, signingCertName);
-
- keyChain.addCertificateAsIdentityDefault(*certificate);
-
- return 0;
- }
- catch(SecPublicInfo::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
+ break;
+ }
+ default:
+ std::cerr << "Unrecongized key type" << "\n";
+ std::cerr << description << std::endl;
return 1;
}
- catch(SecTpm::Error& e)
- {
- std::cerr << "ERROR: " << e.what() << std::endl;
- return 1;
- }
+
+ Name certName = newKeyName.getPrefix(-1);
+ certName.append("KEY")
+ .append(newKeyName.get(-1))
+ .append("ID-CERT")
+ .appendVersion();
+
+ shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>();
+ certificate->setName(certName);
+ certificate->setNotBefore(kskCert->getNotBefore());
+ certificate->setNotAfter(kskCert->getNotAfter());
+
+ certificate->setPublicKeyInfo(*keyChain.getPublicKey(newKeyName));
+
+ const std::vector<CertificateSubjectDescription>& subList =
+ kskCert->getSubjectDescriptionList();
+
+ for (std::vector<CertificateSubjectDescription>::const_iterator it = subList.begin();
+ it != subList.end(); it++)
+ certificate->addSubjectDescription(*it);
+
+ certificate->encode();
+
+ keyChain.sign(*certificate, signingCertName);
+
+ keyChain.addCertificateAsIdentityDefault(*certificate);
+
+ return 0;
}
#endif //NDNSEC_DSK_GEN_HPP