Gitiles
Code Review Sign In
gerrit.named-data.net / ndncert / 047386ef50b5e6ec479274de034440e2cf2b72e7 / . / tools / ndncert-ca-server.cpp
blob: 9e255551da228632cacb4de47286fe4b4925d5c7 [file] [log] [blame]
Zhiyi Zhang08e0e982017-03-01 10:10:42 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Zhiyi Zhang343cdfb2018-01-17 12:04:28 -0800[diff] [blame]3 * Copyright (c) 2017-2018, Regents of the University of California.
Zhiyi Zhang08e0e982017-03-01 10:10:42 -0800[diff] [blame]4 *
5 * This file is part of ndncert, a certificate management system based on NDN.
6 *
7 * ndncert is free software: you can redistribute it and/or modify it under the terms
8 * of the GNU General Public License as published by the Free Software Foundation, either
9 * version 3 of the License, or (at your option) any later version.
10 *
11 * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License along with
16 * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
17 *
18 * See AUTHORS.md for complete list of ndncert authors and contributors.
19 */
20
21#include "ca-module.hpp"
Zhiyi Zhang343cdfb2018-01-17 12:04:28 -0800[diff] [blame]22#include "challenge-module.hpp"
Zhiyi Zhang08e0e982017-03-01 10:10:42 -0800[diff] [blame]23
Zhiyi Zhangb6fab0f2017-09-21 16:26:27 -0700[diff] [blame]24#include <iostream>
Zhiyi Zhang343cdfb2018-01-17 12:04:28 -0800[diff] [blame]25#include <sstream>
26#include <string>
27#include <ndn-cxx/util/io.hpp>
Zhiyi Zhang08e0e982017-03-01 10:10:42 -0800[diff] [blame]28#include <boost/program_options/options_description.hpp>
29#include <boost/program_options/variables_map.hpp>
30#include <boost/program_options/parsers.hpp>
Zhiyi Zhang343cdfb2018-01-17 12:04:28 -0800[diff] [blame]31#include <boost/date_time/posix_time/posix_time_duration.hpp>
32#include <boost/asio.hpp>
Zhiyi Zhang08e0e982017-03-01 10:10:42 -0800[diff] [blame]33
34namespace ndn {
35namespace ndncert {
36
37int
38main(int argc, char* argv[])
39{
Zhiyi Zhang08e0e982017-03-01 10:10:42 -0800[diff] [blame]40 std::string configFilePath = std::string(SYSCONFDIR) + "/ndncert/ca.conf";
Zhiyi Zhang343cdfb2018-01-17 12:04:28 -0800[diff] [blame]41 std::string repoPrefix;
42 std::string repoCaIdentity;
43 std::string repoHost;
44 std::string repoPort;
45 bool isRepoOut = false;
46
47 namespace po = boost::program_options;
48 po::options_description description("General Usage\n ndncert-ca [-h] [-f] [-r] [-c]\n");
Zhiyi Zhang08e0e982017-03-01 10:10:42 -0800[diff] [blame]49 description.add_options()
Zhiyi Zhang343cdfb2018-01-17 12:04:28 -0800[diff] [blame]50 ("help,h",
51 "produce help message")
52 ("config-file,f", po::value<std::string>(&configFilePath),
53 "config file name")
54 ("repo-output,r",
55 "when enabled, all issued certificates will be published to repo-ng")
56 ("repo-host,H", po::value<std::string>(&repoHost)->default_value("localhost"),
57 "repo-ng host")
58 ("repo-port,P", po::value<std::string>(&repoPort)->default_value("7376"),
59 "repo-ng port");
60
Zhiyi Zhang08e0e982017-03-01 10:10:42 -0800[diff] [blame]61 po::positional_options_description p;
62 po::variables_map vm;
63 try {
64 po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(), vm);
65 po::notify(vm);
66 }
67 catch (const std::exception& e) {
Zhiyi Zhang343cdfb2018-01-17 12:04:28 -0800[diff] [blame]68 std::cerr << "ERROR: " << e.what()
69 << "\n" << description << std::endl;
Zhiyi Zhang08e0e982017-03-01 10:10:42 -0800[diff] [blame]70 return 1;
71 }
72 if (vm.count("help") != 0) {
73 std::cerr << description << std::endl;
74 return 0;
75 }
Zhiyi Zhang343cdfb2018-01-17 12:04:28 -0800[diff] [blame]76 if (vm.count("repo-ng-output") != 0) {
77 isRepoOut = true;
78 }
Zhiyi Zhang08e0e982017-03-01 10:10:42 -0800[diff] [blame]79
80 Face face;
81 security::v2::KeyChain keyChain;
82 CaModule ca(face, keyChain, configFilePath);
Zhiyi Zhang08e0e982017-03-01 10:10:42 -0800[diff] [blame]83
Zhiyi Zhang1c0bd372017-12-18 18:32:55 +0800[diff] [blame]84 ca.setRecommendCaHandler(Name("/ndn"),
85 [] (const std::string& input, const std::list<Name>& list) -> std::tuple<Name, std::string> {
86 Name recommendedCa;
87 std::string identity;
88 for (auto caName : list) {
89 std::string univName = readString(caName.get(-1));
90 if (input.find(univName) != std::string::npos) {
91 recommendedCa = caName;
92 identity = input.substr(0, input.find("@"));
93 break;
94 }
95 }
96 return std::make_tuple(recommendedCa, identity);
97 });
98
Zhiyi Zhang343cdfb2018-01-17 12:04:28 -0800[diff] [blame]99 if (isRepoOut) {
100 auto config = ca.getCaConf();
101 for (const auto& caItem : config.m_caItems) {
102 ca.setStatusUpdateCallback(caItem.m_caName,
103 [&] (const CertificateRequest& request) {
104 if (request.getStatus() == ChallengeModule::SUCCESS) {
105 auto issuedCert = request.getCert();
106 using namespace boost::asio::ip;
107 tcp::iostream requestStream;
108 requestStream.expires_from_now(boost::posix_time::seconds(3));
109 requestStream.connect(repoHost, repoPort);
110 if (!requestStream) {
111 std::cerr << "ERROR: Cannot publish certificate to repo-ng"
112 << " (" << requestStream.error().message() << ")"
113 << std::endl;
114 return;
115 }
116 requestStream.write(reinterpret_cast<const char*>(issuedCert.wireEncode().wire()),
117 issuedCert.wireEncode().size());
118 }
119 });
120 }
121 }
122
Zhiyi Zhang1c0bd372017-12-18 18:32:55 +0800[diff] [blame]123 face.processEvents();
Zhiyi Zhang08e0e982017-03-01 10:10:42 -0800[diff] [blame]124 return 0;
125}
126
127} // namespace ndncert
128} // namespace ndn
129
130int
131main(int argc, char* argv[])
132{
133 return ndn::ndncert::main(argc, argv);
134}