Move CertificateChain into the right header.

author: Carl Hetherington <cth@carlh.net> 2015-07-12 20:54:06 +0100
committer: Carl Hetherington <cth@carlh.net> 2015-07-12 20:54:06 +0100
commit: 43d2c7aef17adceb04f84109b432a830f00d1bd1 (patch)
tree: 66f27488ad79f0f900cf3a636b7c8ec0d763cbbb /src
parent: a09bbf5f06a9ed2f5011999c0a6eef78b9e1ca56 (diff)
5 files changed, 175 insertions, 166 deletions
diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index 22754f4e..e7de5bd8 100644
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -1,5 +1,5 @@
 /*
-    Copyright (C) 2013-2014 Carl Hetherington <cth@carlh.net>
+    Copyright (C) 2013-2015 Carl Hetherington <cth@carlh.net>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -24,6 +24,7 @@
 #include "certificate_chain.h"
 #include "exceptions.h"
 #include "util.h"
+#include "dcp_assert.h"
 #include "KM_util.h"
 #include <openssl/sha.h>
 #include <openssl/bio.h>
@@ -37,6 +38,7 @@ using std::string;
 using std::ofstream;
 using std::ifstream;
 using std::stringstream;
+using namespace dcp;
 
 /** Run a shell command.
  *  @param cmd Command to run (UTF8-encoded).
@@ -280,3 +282,139 @@ dcp::make_certificate_chain (
 
 	return directory;
 }
+
+/** @return Root certificate */
+Certificate
+CertificateChain::root () const
+{
+	DCP_ASSERT (!_certificates.empty());
+	return _certificates.front ();
+}
+
+/** @return Leaf certificate */
+Certificate
+CertificateChain::leaf () const
+{
+	DCP_ASSERT (_certificates.size() >= 2);
+	return _certificates.back ();
+}
+
+/** @return Certificates in order from root to leaf */
+CertificateChain::List
+CertificateChain::root_to_leaf () const
+{
+	return _certificates;
+}
+
+/** @return Certificates in order from leaf to root */
+CertificateChain::List
+CertificateChain::leaf_to_root () const
+{
+	List c = _certificates;
+	c.reverse ();
+	return c;
+}
+
+/** Add a certificate to the end of the chain.
+ *  @param c Certificate to add.
+ */
+void
+CertificateChain::add (Certificate c)
+{
+	_certificates.push_back (c);
+}
+
+/** Remove a certificate from the chain.
+ *  @param c Certificate to remove.
+ */
+void
+CertificateChain::remove (Certificate c)
+{
+	_certificates.remove (c);
+}
+
+/** Remove the i'th certificate in the list, as listed
+ *  from root to leaf.
+ */
+void
+CertificateChain::remove (int i)
+{
+	List::iterator j = _certificates.begin ();
+        while (j != _certificates.end () && i > 0) {
+		--i;
+		++j;
+	}
+
+	if (j != _certificates.end ()) {
+		_certificates.erase (j);
+	}
+}
+
+/** Check to see if the chain is valid (i.e. root signs the intermediate, intermediate
+ *  signs the leaf and so on).
+ *  @return true if it's ok, false if not.
+ */
+bool
+CertificateChain::valid () const
+{
+	X509_STORE* store = X509_STORE_new ();
+	if (!store) {
+		return false;
+	}
+
+	for (List::const_iterator i = _certificates.begin(); i != _certificates.end(); ++i) {
+
+		List::const_iterator j = i;
+		++j;
+		if (j ==  _certificates.end ()) {
+			break;
+		}
+
+		if (!X509_STORE_add_cert (store, i->x509 ())) {
+			X509_STORE_free (store);
+			return false;
+		}
+
+		X509_STORE_CTX* ctx = X509_STORE_CTX_new ();
+		if (!ctx) {
+			X509_STORE_free (store);
+			return false;
+		}
+
+		X509_STORE_set_flags (store, 0);
+		if (!X509_STORE_CTX_init (ctx, store, j->x509 (), 0)) {
+			X509_STORE_CTX_free (ctx);
+			X509_STORE_free (store);
+			return false;
+		}
+
+		int v = X509_verify_cert (ctx);
+		X509_STORE_CTX_free (ctx);
+
+		if (v == 0) {
+			X509_STORE_free (store);
+			return false;
+		}
+	}
+
+	X509_STORE_free (store);
+	return true;
+}
+
+/** @return true if the chain is now in order from root to leaf,
+ *  false if no correct order was found.
+ */
+bool
+CertificateChain::attempt_reorder ()
+{
+	List original = _certificates;
+	_certificates.sort ();
+	do {
+		if (valid ()) {
+			return true;
+		}
+	} while (std::next_permutation (_certificates.begin(), _certificates.end ()));
+
+	_certificates = original;
+	return false;
+}
diff --git a/src/certificate_chain.h b/src/certificate_chain.h
index dcb9c141..8ebf854c 100644
--- a/src/certificate_chain.h
+++ b/src/certificate_chain.h
@@ -21,10 +21,43 @@
  *  @brief Functions to make signer chains.
  */
 
+#ifndef LIBDCP_CERTIFICATE_CHAIN_H
+#define LIBDCP_CERTIFICATE_CHAIN_H
+
+#include "certificates.h"
 #include <boost/filesystem.hpp>
 
 namespace dcp {
 
+/** @class CertificateChain
+ *  @brief A chain of any number of certificates, from root to leaf.
+ */
+class CertificateChain
+{
+public:
+	CertificateChain () {}
+
+	void add (Certificate c);
+	void remove (Certificate c);
+	void remove (int);
+
+	Certificate root () const;
+	Certificate leaf () const;
+
+	typedef std::list<Certificate> List;
+
+	List leaf_to_root () const;
+	List root_to_leaf () const;
+
+	bool valid () const;
+	bool attempt_reorder ();
+
+private:
+	friend class ::certificates;
+
+	List _certificates;
+};
+
 /** Create a chain of certificates for signing things.
  *  @param openssl Name of openssl binary (if it is on the path) or full path.
  *  @return Directory (which should be deleted by the caller) containing:
@@ -43,3 +76,5 @@ boost::filesystem::path make_certificate_chain (
 	);
 
 }
+
+#endif
diff --git a/src/certificates.cc b/src/certificates.cc
index e5acdd25..37b57767 100644
--- a/src/certificates.cc
+++ b/src/certificates.cc
@@ -316,139 +316,3 @@ dcp::operator<< (ostream& s, Certificate const & c)
 	s << c.certificate();
 	return s;
 }
-
-/** @return Root certificate */
-Certificate
-CertificateChain::root () const
-{
-	DCP_ASSERT (!_certificates.empty());
-	return _certificates.front ();
-}
-
-/** @return Leaf certificate */
-Certificate
-CertificateChain::leaf () const
-{
-	DCP_ASSERT (_certificates.size() >= 2);
-	return _certificates.back ();
-}
-
-/** @return Certificates in order from root to leaf */
-CertificateChain::List
-CertificateChain::root_to_leaf () const
-{
-	return _certificates;
-}
-
-/** @return Certificates in order from leaf to root */
-CertificateChain::List
-CertificateChain::leaf_to_root () const
-{
-	List c = _certificates;
-	c.reverse ();
-	return c;
-}
-
-/** Add a certificate to the end of the chain.
- *  @param c Certificate to add.
- */
-void
-CertificateChain::add (Certificate c)
-{
-	_certificates.push_back (c);
-}
-
-/** Remove a certificate from the chain.
- *  @param c Certificate to remove.
- */
-void
-CertificateChain::remove (Certificate c)
-{
-	_certificates.remove (c);
-}
-
-/** Remove the i'th certificate in the list, as listed
- *  from root to leaf.
- */
-void
-CertificateChain::remove (int i)
-{
-	List::iterator j = _certificates.begin ();
-        while (j != _certificates.end () && i > 0) {
-		--i;
-		++j;
-	}
-
-	if (j != _certificates.end ()) {
-		_certificates.erase (j);
-	}
-}
-
-/** Check to see if the chain is valid (i.e. root signs the intermediate, intermediate
- *  signs the leaf and so on).
- *  @return true if it's ok, false if not.
- */
-bool
-CertificateChain::valid () const
-{
-	X509_STORE* store = X509_STORE_new ();
-	if (!store) {
-		return false;
-	}
-
-	for (List::const_iterator i = _certificates.begin(); i != _certificates.end(); ++i) {
-
-		List::const_iterator j = i;
-		++j;
-		if (j ==  _certificates.end ()) {
-			break;
-		}
-
-		if (!X509_STORE_add_cert (store, i->x509 ())) {
-			X509_STORE_free (store);
-			return false;
-		}
-
-		X509_STORE_CTX* ctx = X509_STORE_CTX_new ();
-		if (!ctx) {
-			X509_STORE_free (store);
-			return false;
-		}
-
-		X509_STORE_set_flags (store, 0);
-		if (!X509_STORE_CTX_init (ctx, store, j->x509 (), 0)) {
-			X509_STORE_CTX_free (ctx);
-			X509_STORE_free (store);
-			return false;
-		}
-
-		int v = X509_verify_cert (ctx);
-		X509_STORE_CTX_free (ctx);
-
-		if (v == 0) {
-			X509_STORE_free (store);
-			return false;
-		}
-	}
-
-	X509_STORE_free (store);
-	return true;
-}
-
-/** @return true if the chain is now in order from root to leaf,
- *  false if no correct order was found.
- */
-bool
-CertificateChain::attempt_reorder ()
-{
-	List original = _certificates;
-	_certificates.sort ();
-	do {
-		if (valid ()) {
-			return true;
-		}
-	} while (std::next_permutation (_certificates.begin(), _certificates.end ()));
-
-	_certificates = original;
-	return false;
-}
diff --git a/src/certificates.h b/src/certificates.h
index 2ece6f78..c2121a83 100644
--- a/src/certificates.h
+++ b/src/certificates.h
@@ -91,35 +91,6 @@ bool operator== (Certificate const & a, Certificate const & b);
 bool operator< (Certificate const & a, Certificate const & b);
 std::ostream& operator<< (std::ostream&s, Certificate const & c);
 
-/** @class CertificateChain
- *  @brief A chain of any number of certificates, from root to leaf.
- */
-class CertificateChain
-{
-public:
-	CertificateChain () {}
-
-	void add (Certificate c);
-	void remove (Certificate c);
-	void remove (int);
-
-	Certificate root () const;
-	Certificate leaf () const;
-
-	typedef std::list<Certificate> List;
-
-	List leaf_to_root () const;
-	List root_to_leaf () const;
-
-	bool valid () const;
-	bool attempt_reorder ();
-
-private:
-	friend class ::certificates;
-
-	List _certificates;
-};
-
 }
 
 #endif
diff --git a/src/signer.h b/src/signer.h
index 97cfa6d1..a65de11f 100644
--- a/src/signer.h
+++ b/src/signer.h
@@ -25,6 +25,7 @@
  */
 
 #include "certificates.h"
+#include "certificate_chain.h"
 #include "types.h"
 #include <boost/filesystem.hpp>
author	Carl Hetherington <cth@carlh.net>	2015-07-12 20:54:06 +0100
committer	Carl Hetherington <cth@carlh.net>	2015-07-12 20:54:06 +0100
commit	43d2c7aef17adceb04f84109b432a830f00d1bd1 (patch)
tree	66f27488ad79f0f900cf3a636b7c8ec0d763cbbb /src
parent	a09bbf5f06a9ed2f5011999c0a6eef78b9e1ca56 (diff)