Yingdi Yu | e6bfab2 | 2014-02-06 16:01:19 -0800 | [diff] [blame^] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /* |
| 3 | * Copyright (c) 2013, Regents of the University of California |
| 4 | * Yingdi Yu |
| 5 | * |
| 6 | * BSD license, See the LICENSE file for more information |
| 7 | * |
| 8 | * Author: Yingdi Yu <yingdi@cs.ucla.edu> |
| 9 | */ |
| 10 | |
| 11 | #include <iostream> |
| 12 | #include <fstream> |
| 13 | |
| 14 | #include <boost/program_options/options_description.hpp> |
| 15 | #include <boost/program_options/variables_map.hpp> |
| 16 | #include <boost/program_options/parsers.hpp> |
| 17 | #include <cryptopp/base64.h> |
| 18 | |
| 19 | #include "security/key-chain.hpp" |
| 20 | #include "security/signature-sha256-with-rsa.hpp" |
| 21 | |
| 22 | using namespace ndn; |
| 23 | namespace po = boost::program_options; |
| 24 | |
| 25 | |
| 26 | int main(int argc, char** argv) |
| 27 | { |
| 28 | std::string identityName; |
| 29 | char keyType = 'r'; |
| 30 | int keySize = 2048; |
| 31 | |
| 32 | // po::options_description desc("General Usage\n ndn-keygen [-h] [-d] [-i] [-t type] [-s size] identity\nGeneral options"); |
| 33 | po::options_description desc("General Usage\n ndn-keygen [-h] identity\nGeneral options"); |
| 34 | desc.add_options() |
| 35 | ("help,h", "produce help message") |
| 36 | ("identity_name,n", po::value<std::string>(&identityName), "identity name, for example, /ndn/ucla.edu/alice") |
| 37 | // ("type,t", po::value<char>(&keyType)->default_value('r'), "optional, key type, r for RSA key (default)") |
| 38 | // ("size,s", po::value<int>(&keySize)->default_value(2048), "optional, key size, 2048 (default)") |
| 39 | ; |
| 40 | |
| 41 | po::positional_options_description p; |
| 42 | p.add("identity_name", 1); |
| 43 | |
| 44 | po::variables_map vm; |
| 45 | po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm); |
| 46 | po::notify(vm); |
| 47 | |
| 48 | if (vm.count("help")) |
| 49 | { |
| 50 | std::cerr << desc << std::endl; |
| 51 | return 1; |
| 52 | } |
| 53 | |
| 54 | if (0 == vm.count("identity_name")) |
| 55 | { |
| 56 | std::cerr << "identity_name must be specified" << std::endl; |
| 57 | std::cerr << desc << std::endl; |
| 58 | return 1; |
| 59 | } |
| 60 | |
| 61 | KeyChain keyChain; |
| 62 | |
| 63 | Name defaultCertName = keyChain.getDefaultCertificateNameForIdentity(identityName); |
| 64 | bool isDefaultDsk = false; |
| 65 | if(defaultCertName.get(-3).toEscapedString().substr(0,4) == "dsk-") |
| 66 | isDefaultDsk = true; |
| 67 | |
| 68 | Name signingCertName; |
| 69 | shared_ptr<IdentityCertificate> kskCert; |
| 70 | if(isDefaultDsk) |
| 71 | { |
| 72 | shared_ptr<IdentityCertificate> dskCert = keyChain.getCertificate(defaultCertName); |
| 73 | SignatureSha256WithRsa sha256sig(dskCert->getSignature()); |
| 74 | |
| 75 | Name keyLocatorName = sha256sig.getKeyLocator().getName(); // will throw exception if keylocator is absent or it is not a name |
| 76 | |
| 77 | Name kskName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName); |
| 78 | Name kskCertName = keyChain.getDefaultCertificateNameForKey(kskName); |
| 79 | signingCertName = kskCertName; |
| 80 | kskCert = keyChain.getCertificate(kskCertName); |
| 81 | } |
| 82 | else |
| 83 | { |
| 84 | signingCertName = defaultCertName; |
| 85 | kskCert = keyChain.getCertificate(defaultCertName); |
| 86 | } |
| 87 | |
| 88 | Name newKeyName; |
| 89 | // if (vm.count("type")) |
| 90 | if (true) |
| 91 | { |
| 92 | switch(keyType) |
| 93 | { |
| 94 | case 'r': |
| 95 | { |
| 96 | try |
| 97 | { |
| 98 | newKeyName = keyChain.generateRSAKeyPair(Name(identityName), false, keySize); |
| 99 | |
| 100 | if(0 == newKeyName.size()) |
| 101 | { |
| 102 | std::cerr << "fail to generate key!" << std::endl; |
| 103 | return 1; |
| 104 | } |
| 105 | break; |
| 106 | } |
| 107 | catch(std::exception &e) |
| 108 | { |
| 109 | std::cerr << "ERROR: " << e.what() << std::endl; |
| 110 | return 1; |
| 111 | } |
| 112 | } |
| 113 | default: |
| 114 | std::cerr << "Unrecongized key type" << "\n"; |
| 115 | std::cerr << desc << std::endl; |
| 116 | return 1; |
| 117 | } |
| 118 | } |
| 119 | |
| 120 | |
| 121 | Name certName = newKeyName.getPrefix(newKeyName.size()-1); |
| 122 | certName.append("KEY").append(newKeyName.get(-1)).append("ID-CERT").appendVersion (); |
| 123 | |
| 124 | shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>(); |
| 125 | certificate->setName(certName); |
| 126 | certificate->setNotBefore(kskCert->getNotBefore()); |
| 127 | certificate->setNotAfter(kskCert->getNotAfter()); |
| 128 | |
| 129 | certificate->setPublicKeyInfo(*keyChain.getPublicKey(newKeyName)); |
| 130 | |
| 131 | const std::vector<CertificateSubjectDescription>& subList = kskCert->getSubjectDescriptionList(); |
| 132 | std::vector<CertificateSubjectDescription>::const_iterator it = subList.begin(); |
| 133 | for(; it != subList.end(); it++) |
| 134 | certificate->addSubjectDescription(*it); |
| 135 | |
| 136 | certificate->encode(); |
| 137 | |
| 138 | keyChain.sign(*certificate, signingCertName); |
| 139 | |
| 140 | keyChain.addCertificateAsIdentityDefault(*certificate); |
| 141 | |
| 142 | return 0; |
| 143 | } |