Bug #4085: ndnsec list: wrong default identity and default key - ndn-cxx - NDN project issue tracking system

Bug #4085

closed

ndnsec list: wrong default identity and default key

Added by Zhiyi Zhang almost 7 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Junxiao Shi

Category:

Security

Target version:

v0.6

Start date:

Due date:

% Done:

100%

Estimated time:

3.00 h

Description

Steps to reproduce:

rm -rf ~/.ndn
ndnsec key-gen /id1
ndnsec key-gen /id1
ndnsec key-gen /id2
ndnsec list -c

Expected: one of two identities is indicated as default; one of two keys under /id1 is indicated as default
Actual: neither identity is indicated as default; both keys are indicated as default

Related issues 1 (0 open — 1 closed)

Blocks NFD - Task #4275: Release 0.6.0

Closed

Alex Afanasyev

Actions

Issue # Delay: days Cancel

History
Notes
Property changes

Actions

Copy link

Updated by Junxiao Shi almost 7 years ago

Project changed from NFD to ndn-cxx
Category set to Security
Target version set to v0.6

Actions

Copy link

Updated by Zhiyi Zhang over 6 years ago

Subject changed from Bugs in ndnsec command line tools of keychain version 2 to Bugs in keychain v2: cannot show default identity/key and have same output when dumping different certs

Actions

Copy link

Updated by Junxiao Shi over 6 years ago

The error is not caused by command line tools but caused by ndn-cxx KeyChain v2

How do you know that? Is there a minimal code snippet that calls KeyChain and reproduces the issue?

Is the problem specific to one PIB backend (SQLite3 or in-memory), or occurs with both?

Actions

Copy link

Updated by Junxiao Shi over 6 years ago

Blocks Task #4275: Release 0.6.0 added

Actions

Copy link

Updated by Junxiao Shi over 6 years ago

Subject changed from Bugs in keychain v2: cannot show default identity/key and have same output when dumping different certs to ndnsec list: wrong default identity and default key
Description updated (diff)
Start date deleted (~~05/23/2017~~)
Estimated time set to 3.00 h

This issue previously contained a bug in ndnsec cert-dump that has been split to #4323.

There are two causes of this bug.
First, ndnsec list is missing an assignment to defaultIdentity variable, so that none of the identities would be indicated as default.

Second, ndnsec list uses == operator to compare an identity or key to the default, but Identity and Key types lack custom operator== operators. Coincidentally, both types are implicitly convertible to bool to indicate whether the instance is valid, which causes all keys to be indicated as default. This issue does not affect default certificate because Certificate's base class Data has a proper operator==.