diff options
| author | Carl Hetherington <cth@carlh.net> | 2013-09-19 13:49:37 +0100 |
|---|---|---|
| committer | Carl Hetherington <cth@carlh.net> | 2013-09-19 13:49:37 +0100 |
| commit | 452144160eb864984121d3fa883a12d40fbf7e47 (patch) | |
| tree | f5da78c803eb8f668d2409de856ddc86be81d492 /src/util.cc | |
| parent | afeea0415dd56a3106a4c71df2e4a6ccc2d72e74 (diff) | |
Rename Encryption -> Signer; move some methods into it.
Diffstat (limited to 'src/util.cc')
| -rw-r--r-- | src/util.cc | 105 |
1 files changed, 0 insertions, 105 deletions
diff --git a/src/util.cc b/src/util.cc index f2728a38..4bcc61fb 100644 --- a/src/util.cc +++ b/src/util.cc @@ -255,111 +255,6 @@ libdcp::init () } } -/** Sign an XML node. This function takes a certificate chain (to prove that the sender is bona fide) and - * a private key with which to sign the node. - * - * @param parent Node to sign. - * @param certificates Certificate chain for the signer. - * @param signer_key Filename of the private key of the signer. - * @param ns Namespace to use for the signature XML nodes. - */ -void -libdcp::add_signature_value (xmlpp::Element* parent, CertificateChain const & certificates, boost::filesystem::path signer_key, string const & ns) -{ - parent->add_child("SignatureValue", ns); - - /* Add the certificate chain to a KeyInfo child node of parent */ - xmlpp::Element* key_info = parent->add_child("KeyInfo", ns); - list<shared_ptr<Certificate> > c = certificates.leaf_to_root (); - for (list<shared_ptr<Certificate> >::iterator i = c.begin(); i != c.end(); ++i) { - xmlpp::Element* data = key_info->add_child("X509Data", ns); - - { - xmlpp::Element* serial = data->add_child("X509IssuerSerial", ns); - serial->add_child("X509IssuerName", ns)->add_child_text((*i)->issuer ()); - serial->add_child("X509SerialNumber", ns)->add_child_text((*i)->serial ()); - } - - data->add_child("X509Certificate", ns)->add_child_text((*i)->certificate()); - } - - xmlSecDSigCtxPtr signature_context = xmlSecDSigCtxCreate (0); - if (signature_context == 0) { - throw MiscError ("could not create signature context"); - } - - signature_context->signKey = xmlSecCryptoAppKeyLoad (signer_key.c_str(), xmlSecKeyDataFormatPem, 0, 0, 0); - if (signature_context->signKey == 0) { - throw FileError ("could not load private key file", signer_key); - } - - /* XXX: set key name to the file name: is this right? */ - if (xmlSecKeySetName (signature_context->signKey, reinterpret_cast<const xmlChar *> (signer_key.c_str())) < 0) { - throw MiscError ("could not set key name"); - } - - if (xmlSecDSigCtxSign (signature_context, parent->cobj ()) < 0) { - throw MiscError ("could not sign"); - } - - xmlSecDSigCtxDestroy (signature_context); -} - - -void -libdcp::add_signer (xmlpp::Element* parent, CertificateChain const & certificates, string const & ns) -{ - xmlpp::Element* signer = parent->add_child("Signer"); - - { - xmlpp::Element* data = signer->add_child("X509Data", ns); - - { - xmlpp::Element* serial_element = data->add_child("X509IssuerSerial", ns); - serial_element->add_child("X509IssuerName", ns)->add_child_text (certificates.leaf()->issuer()); - serial_element->add_child("X509SerialNumber", ns)->add_child_text (certificates.leaf()->serial()); - } - - data->add_child("X509SubjectName", ns)->add_child_text (certificates.leaf()->subject()); - } -} - -/** @param signer_key Filename of private key to sign with */ -void -libdcp::sign (xmlpp::Element* parent, CertificateChain const & certificates, boost::filesystem::path signer_key, bool interop) -{ - add_signer (parent, certificates, "dsig"); - - xmlpp::Element* signature = parent->add_child("Signature", "dsig"); - - { - xmlpp::Element* signed_info = signature->add_child ("SignedInfo", "dsig"); - signed_info->add_child("CanonicalizationMethod", "dsig")->set_attribute ("Algorithm", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); - - if (interop) { - signed_info->add_child("SignatureMethod", "dsig")->set_attribute("Algorithm", "http://www.w3.org/2000/09/xmldsig#rsa-sha1"); - } else { - signed_info->add_child("SignatureMethod", "dsig")->set_attribute("Algorithm", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); - } - - { - xmlpp::Element* reference = signed_info->add_child("Reference", "dsig"); - reference->set_attribute ("URI", ""); - { - xmlpp::Element* transforms = reference->add_child("Transforms", "dsig"); - transforms->add_child("Transform", "dsig")->set_attribute ( - "Algorithm", "http://www.w3.org/2000/09/xmldsig#enveloped-signature" - ); - } - reference->add_child("DigestMethod", "dsig")->set_attribute("Algorithm", "http://www.w3.org/2000/09/xmldsig#sha1"); - /* This will be filled in by the signing later */ - reference->add_child("DigestValue", "dsig"); - } - } - - add_signature_value (signature, certificates, signer_key, "dsig"); -} - bool libdcp::operator== (libdcp::Size const & a, libdcp::Size const & b) { return (a.width == b.width && a.height == b.height); |