Make certificate chain validity a parameter of the constructor.v1.6.19

4 files changed, 13 insertions, 13 deletions

diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index 92e3aca1..7ade2e8c 100644
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -179,6 +179,7 @@ public_key_digest (boost::filesystem::path private_key, boost::filesystem::path
 
 CertificateChain::CertificateChain (
 	boost::filesystem::path openssl,
+	int validity_in_days,
 	string organisation,
 	string organisational_unit,
 	string root_common_name,
@@ -186,9 +187,6 @@ CertificateChain::CertificateChain (
 	string leaf_common_name
 	)
 {
-	/* Valid for 40 years */
-	int const days = 365 * 40;
-
 	boost::filesystem::path directory = boost::filesystem::temp_directory_path() / boost::filesystem::unique_path ();
 	boost::filesystem::create_directories (directory);
 
@@ -226,7 +224,7 @@ CertificateChain::CertificateChain (
 			String::compose (
 				"%1 req -new -x509 -sha256 -config ca.cnf -days %2 -set_serial 5"
 				" -subj \"%3\" -key ca.key -outform PEM -out ca.self-signed.pem",
-				quoted_openssl, days, ca_subject
+				quoted_openssl, validity_in_days, ca_subject
 				)
 			);
 	}
@@ -259,7 +257,7 @@ CertificateChain::CertificateChain (
 		command (
 			String::compose (
 				"%1 req -new -config intermediate.cnf -days %2 -subj \"%3\" -key intermediate.key -out intermediate.csr",
-				quoted_openssl, days - 1, inter_subject
+				quoted_openssl, validity_in_days - 1, inter_subject
 				)
 			);
 	}
@@ -268,7 +266,7 @@ CertificateChain::CertificateChain (
 		String::compose(
 			"%1 x509 -req -sha256 -days %2 -CA ca.self-signed.pem -CAkey ca.key -set_serial 6"
 			" -in intermediate.csr -extfile intermediate.cnf -extensions v3_ca -out intermediate.signed.pem",
-			quoted_openssl, days - 1
+			quoted_openssl, validity_in_days - 1
 			)
 		);
 
@@ -300,7 +298,7 @@ CertificateChain::CertificateChain (
 		command (
 			String::compose (
 				"%1 req -new -config leaf.cnf -days %2 -subj \"%3\" -key leaf.key -outform PEM -out leaf.csr",
-				quoted_openssl, days - 2, leaf_subject
+				quoted_openssl, validity_in_days - 2, leaf_subject
 				)
 			);
 	}
@@ -309,7 +307,7 @@ CertificateChain::CertificateChain (
 		String::compose(
 			"%1 x509 -req -sha256 -days %2 -CA intermediate.signed.pem -CAkey intermediate.key"
 			" -set_serial 7 -in leaf.csr -extfile leaf.cnf -extensions v3_ca -out leaf.signed.pem",
-			quoted_openssl, days - 2
+			quoted_openssl, validity_in_days - 2
 			)
 		);
 
diff --git a/src/certificate_chain.h b/src/certificate_chain.h
index 63ef8901..81ac098a 100644
--- a/src/certificate_chain.h
+++ b/src/certificate_chain.h
@@ -76,6 +76,7 @@ public:
 	 */
 	CertificateChain (
 		boost::filesystem::path openssl,
+		int validity_in_days,
 		std::string organisation = "example.org",
 		std::string organisational_unit = "example.org",
 		std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION",
diff --git a/test/certificates_test.cc b/test/certificates_test.cc
index 41b2357e..ef75c186 100644
--- a/test/certificates_test.cc
+++ b/test/certificates_test.cc
@@ -201,6 +201,7 @@ BOOST_AUTO_TEST_CASE (certificates_validation9)
 {
 	dcp::CertificateChain good (
 		boost::filesystem::path ("openssl"),
+		10 * 365,
 		"dcpomatic.com",
 		"dcpomatic.com",
 		".dcpomatic.smpte-430-2.ROOT",
@@ -214,7 +215,7 @@ BOOST_AUTO_TEST_CASE (certificates_validation9)
 /** Check that we can create a valid chain */
 BOOST_AUTO_TEST_CASE (certificates_validation10)
 {
-	dcp::CertificateChain good (boost::filesystem::path ("openssl"));
+	dcp::CertificateChain good (boost::filesystem::path ("openssl"), 10 * 365);
 	BOOST_CHECK_NO_THROW (good.root_to_leaf());
 }
 
@@ -230,7 +231,7 @@ BOOST_AUTO_TEST_CASE (signer_validation)
 	BOOST_CHECK (chain.valid ());
 
 	/* Put in an unrelated key and the signer should no longer be valid */
-	dcp::CertificateChain another_chain (boost::filesystem::path ("openssl"));
+	dcp::CertificateChain another_chain (boost::filesystem::path ("openssl"), 10 * 365);
 	chain.set_key (another_chain.key().get ());
 	BOOST_CHECK (!chain.valid ());
 }
@@ -238,9 +239,9 @@ BOOST_AUTO_TEST_CASE (signer_validation)
 /** Check reading of a certificate chain from a string */
 BOOST_AUTO_TEST_CASE (certificate_chain_from_string)
 {
-	dcp::CertificateChain a (dcp::file_to_string (private_test / "chain.pem"));
+	dcp::CertificateChain a (dcp::file_to_string (private_test / "chain.pem"), 10 * 365);
 	BOOST_CHECK_EQUAL (a.root_to_leaf().size(), 3);
 
-	dcp::CertificateChain b (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"));
+	dcp::CertificateChain b (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"), 10 * 365);
 	BOOST_CHECK_EQUAL (b.root_to_leaf().size(), 1);
 }
diff --git a/test/round_trip_test.cc b/test/round_trip_test.cc
index 9c100124..02818283 100644
--- a/test/round_trip_test.cc
+++ b/test/round_trip_test.cc
@@ -49,7 +49,7 @@ using boost::scoped_array;
 /** Build an encrypted picture asset and a KDM for it and check that the KDM can be decrypted */
 BOOST_AUTO_TEST_CASE (round_trip_test)
 {
-	shared_ptr<dcp::CertificateChain> signer (new dcp::CertificateChain (boost::filesystem::path ("openssl")));
+	shared_ptr<dcp::CertificateChain> signer (new dcp::CertificateChain (boost::filesystem::path ("openssl"), 10 * 365));
 
 	boost::filesystem::path work_dir = "build/test/round_trip_test";
 	boost::filesystem::create_directory (work_dir);