diff options
| author | Carl Hetherington <cth@carlh.net> | 2014-07-18 00:15:34 +0100 |
|---|---|---|
| committer | Carl Hetherington <cth@carlh.net> | 2014-07-18 00:15:34 +0100 |
| commit | 56e7a6f1768036df852a45d939b9adc038b17057 (patch) | |
| tree | 93cf6bb1fb7c9ebe43de09d7690e69cd75b634ea /src/signer.cc | |
| parent | 0b85b9216da9d6519a553de67103a9417504aba1 (diff) | |
Quite large reworking of signer/cert handling.
Diffstat (limited to 'src/signer.cc')
| -rw-r--r-- | src/signer.cc | 40 |
1 files changed, 38 insertions, 2 deletions
diff --git a/src/signer.cc b/src/signer.cc index a0d9912a..55684759 100644 --- a/src/signer.cc +++ b/src/signer.cc @@ -23,6 +23,8 @@ #include "signer.h" #include "exceptions.h" +#include "certificate_chain.h" +#include "util.h" #include <libcxml/cxml.h> #include <libxml++/libxml++.h> #include <xmlsec/xmldsig.h> @@ -37,6 +39,20 @@ using std::cout; using boost::shared_ptr; using namespace dcp; +Signer::Signer (boost::filesystem::path openssl) +{ + boost::filesystem::path directory = make_certificate_chain (openssl); + + _certificates.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (directory / "ca.self-signed.pem"))); + _certificates.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (directory / "intermediate.signed.pem"))); + _certificates.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (directory / "leaf.signed.pem"))); + + _key = dcp::file_to_string (directory / "leaf.key"); + + boost::filesystem::remove_all (directory); +} + + /** Add a <Signer> and <ds:Signature> nodes to an XML node. * @param parent XML node to add to. * @param standard INTEROP or SMPTE. @@ -96,8 +112,8 @@ Signer::add_signature_value (xmlpp::Node* parent, string ns) const xmlpp::Node* key_info = cp.node_child("KeyInfo")->node (); /* Add the certificate chain to the KeyInfo child node of parent */ - list<shared_ptr<Certificate> > c = _certificates.leaf_to_root (); - for (list<shared_ptr<Certificate> >::iterator i = c.begin(); i != c.end(); ++i) { + CertificateChain::List c = _certificates.leaf_to_root (); + for (CertificateChain::List::iterator i = c.begin(); i != c.end(); ++i) { xmlpp::Element* data = key_info->add_child("X509Data", ns); { @@ -134,3 +150,23 @@ Signer::add_signature_value (xmlpp::Node* parent, string ns) const xmlSecDSigCtxDestroy (signature_context); } + +bool +Signer::valid () const +{ + if (!_certificates.valid ()) { + return false; + } + + BIO* bio = BIO_new_mem_buf (const_cast<char *> (_key.c_str ()), -1); + if (!bio) { + throw MiscError ("could not create memory BIO"); + } + + RSA* private_key = PEM_read_bio_RSAPrivateKey (bio, 0, 0, 0); + RSA* public_key = _certificates.leaf()->public_key (); + bool const valid = !BN_cmp (private_key->n, public_key->n); + BIO_free (bio); + + return valid; +} |