commit ba8604d8f0b03aa4f5ead46fc045d5637f3f914b
author Yingdi Yu <yuyingdi@gmail.com> Mon Oct 13 19:03:12 2014 -0700
committer Alexander Afanasyev <alexander.afanasyev@ucla.edu> Wed Oct 15 20:26:47 2014 -0700
tree f6075f8987c06605b894826bab3d30215dfb449b
parent 8991bb52bfaf9aaffe6c652bd3c834c5fef14d4f

tools: Fix ndnsec-cert-gen to correctly infer prefix before KEY

This commit also includes a few help message corrections in cert-dump,
cert-gen, and key-gen.

Change-Id: I67977e62c144c35e0e17fa1228c53b9d3cff201e
Refs: #2052

tools/ndnsec-cert-gen.hpp

diff --git a/tools/ndnsec-cert-gen.hpp b/tools/ndnsec-cert-gen.hpp
index 71b2035..0126646 100644
--- a/tools/ndnsec-cert-gen.hpp
+++ b/tools/ndnsec-cert-gen.hpp
@@ -40,10 +40,11 @@
   std::string notAfterStr;
   std::string subjectName;
   std::string requestFile("-");
-  std::string signId;
+  Name signId;
   std::string subjectInfo;
-  std::string certPrefix;
-  bool hasSignId = false;
+  Name certPrefix;
+
+  KeyChain keyChain;
 
   po::options_description description(
     "General Usage\n"
@@ -53,22 +54,22 @@
 
   description.add_options()
     ("help,h", "produce help message")
-    ("not-before,S",     po::value<std::string>(&notBeforeStr),
-                         "certificate starting date, YYYYMMDDhhmmss")
-    ("not-after,E",      po::value<std::string>(&notAfterStr),
-                         "certificate ending date, YYYYMMDDhhmmss")
-    ("subject-name,N",   po::value<std::string>(&subjectName),
-                         "subject name")
-    ("subject-info,I",   po::value<std::string>(&subjectInfo),
-                         "subject info, pairs of OID and string description: "
-                         "\"2.5.4.10 'University of California, Los Angeles'\"")
-    ("sign-id,s",        po::value<std::string>(&signId),
-                         "signing Identity, system default identity if not specified")
-    ("cert-prefix,p", po::value<std::string>(&certPrefix),
-                         "cert prefix, which is the part of certificate name before "
-                         "KEY component")
-    ("request,r",        po::value<std::string>(&requestFile),
-                         "request file name, - for stdin")
+    ("not-before,S",   po::value<std::string>(&notBeforeStr),
+                       "certificate starting date, YYYYMMDDhhmmss (default: now)")
+    ("not-after,E",    po::value<std::string>(&notAfterStr),
+                       "certificate ending date, YYYYMMDDhhmmss (default: now + 365 days)")
+    ("subject-name,N", po::value<std::string>(&subjectName),
+                       "subject name")
+    ("subject-info,I", po::value<std::string>(&subjectInfo),
+                       "subject info, pairs of OID and string description: "
+                       "\"2.5.4.10 'University of California, Los Angeles'\"")
+    ("sign-id,s",      po::value<Name>(&signId)->default_value(keyChain.getDefaultIdentity()),
+                       "signing identity")
+    ("cert-prefix,p",  po::value<Name>(&certPrefix)->default_value(KeyChain::DEFAULT_PREFIX),
+                       "cert prefix, which is the part of certificate name before "
+                       "KEY component")
+    ("request,r",      po::value<std::string>(&requestFile)->default_value("-"),
+                       "request file name, - for stdin")
     ;
 
   po::positional_options_description p;
@@ -89,18 +90,15 @@
 
   if (vm.count("help") != 0)
     {
-      std::cerr << description << std::endl;
+      std::cout << description << std::endl;
       return 0;
     }
 
-  if (vm.count("sign-id") != 0)
-    {
-      hasSignId = true;
-    }
-
   if (vm.count("subject-name") == 0)
     {
-      std::cerr << "subject_name must be specified" << std::endl;
+      std::cerr << "ERROR: subject name must be specified" << std::endl
+                << std::endl
+                << description << std::endl;
       return 1;
     }
 
@@ -155,14 +153,18 @@
 
       if (notAfter < notBefore)
         {
-          std::cerr << "not-before is later than not-after" << std::endl;
+          std::cerr << "ERROR: not-before cannot be later than not-after" << std::endl
+                    << std::endl
+                    << description << std::endl;
           return 1;
         }
     }
 
   if (vm.count("request") == 0)
     {
-      std::cerr << "request file must be specified" << std::endl;
+      std::cerr << "ERROR: request file must be specified" << std::endl
+                << std::endl
+                << description << std::endl;
       return 1;
     }
 
@@ -175,31 +177,22 @@
       return 1;
     }
 
-  KeyChain keyChain;
-
   Name keyName = selfSignedCertificate->getPublicKeyName();
-  Name signIdName;
-  Name prefix(certPrefix);
-
-  if (!hasSignId)
-    signIdName = keyChain.getDefaultIdentity();
-  else
-    signIdName = Name(signId);
 
   shared_ptr<IdentityCertificate> certificate =
     keyChain.prepareUnsignedIdentityCertificate(keyName, selfSignedCertificate->getPublicKeyInfo(),
-                                                signIdName, notBefore, notAfter,
-                                                subjectDescription, prefix);
+                                                signId, notBefore, notAfter,
+                                                subjectDescription, certPrefix);
 
   if (!static_cast<bool>(certificate))
     {
-      std::cerr << "ERROR: key name is not formated correctly or does not match certificate name."
+      std::cerr << "ERROR: key name is not formated correctly or does not match certificate name"
                 << std::endl;
       return 1;
     }
 
-  keyChain.createIdentity(signIdName);
-  Name signingCertificateName = keyChain.getDefaultCertificateNameForIdentity(signIdName);
+  keyChain.createIdentity(signId);
+  Name signingCertificateName = keyChain.getDefaultCertificateNameForIdentity(signId);
   keyChain.sign(*certificate, signingCertificateName);
 
   Block wire = certificate->wireEncode();