diff options
| author | Carl Hetherington <cth@carlh.net> | 2014-09-11 14:06:19 +0100 |
|---|---|---|
| committer | Carl Hetherington <cth@carlh.net> | 2014-09-11 14:06:19 +0100 |
| commit | f4e3b9c0b4027018c39b9085e080325c19ac9164 (patch) | |
| tree | ec6319337e328d0a26fd7daddb004d411bf76e20 /src | |
| parent | f0da23525fd60c4c9f054e5d603adb1b7ec05d19 (diff) | |
Allow Signer and certificate chains to be made with specified organisation, common name etc.
Diffstat (limited to 'src')
| -rw-r--r-- | src/certificate_chain.cc | 26 | ||||
| -rw-r--r-- | src/certificate_chain.h | 11 | ||||
| -rw-r--r-- | src/signer.cc | 27 | ||||
| -rw-r--r-- | src/signer.h | 12 |
4 files changed, 65 insertions, 11 deletions
diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc index 5d01790b..b2ebeca8 100644 --- a/src/certificate_chain.cc +++ b/src/certificate_chain.cc @@ -157,7 +157,14 @@ public_key_digest (boost::filesystem::path private_key, boost::filesystem::path } boost::filesystem::path -dcp::make_certificate_chain (boost::filesystem::path openssl) +dcp::make_certificate_chain ( + boost::filesystem::path openssl, + string organisation, + string organisational_unit, + string root_common_name, + string intermediate_common_name, + string leaf_common_name + ) { boost::filesystem::path directory = boost::filesystem::temp_directory_path() / boost::filesystem::unique_path (); boost::filesystem::create_directories (directory); @@ -185,7 +192,10 @@ dcp::make_certificate_chain (boost::filesystem::path openssl) << "CN = Entity and dnQualifier\n"; } - string const ca_subject = "/O=example.org/OU=example.org/CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION/dnQualifier=" + public_key_digest ("ca.key", openssl); + string const ca_subject = "/O=" + organisation + + "/OU=" + organisational_unit + + "/CN=" + root_common_name + + "/dnQualifier=" + public_key_digest ("ca.key", openssl); { stringstream c; @@ -213,8 +223,10 @@ dcp::make_certificate_chain (boost::filesystem::path openssl) << "CN = Entity and dnQualifier\n"; } - string const inter_subject = "/O=example.org/OU=example.org/CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION/dnQualifier=" - + public_key_digest ("intermediate.key", openssl); + string const inter_subject = "/O=" + organisation + + "/OU=" + organisational_unit + + "/CN=" + intermediate_common_name + + "/dnQualifier=" + public_key_digest ("intermediate.key", openssl); { stringstream s; @@ -248,8 +260,10 @@ dcp::make_certificate_chain (boost::filesystem::path openssl) << "CN = Entity and dnQualifier\n"; } - string const leaf_subject = "/O=example.org/OU=example.org/CN=CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION/dnQualifier=" - + public_key_digest ("leaf.key", openssl); + string const leaf_subject = "/O=" + organisation + + "/OU=" + organisational_unit + + "/CN=" + leaf_common_name + + "/dnQualifier=" + public_key_digest ("leaf.key", openssl); { stringstream s; diff --git a/src/certificate_chain.h b/src/certificate_chain.h index 6a6fc483..e074f8fd 100644 --- a/src/certificate_chain.h +++ b/src/certificate_chain.h @@ -33,6 +33,13 @@ namespace dcp { * - leaf.key leaf certificate private key * - leaf.signed.pem leaf certificate */ -boost::filesystem::path make_certificate_chain (boost::filesystem::path openssl); - +boost::filesystem::path make_certificate_chain ( + boost::filesystem::path openssl, + std::string organisation = "example.org", + std::string organisational_unit = "example.org", + std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION", + std::string intermediate_common_name = ".smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION", + std::string leaf_common_name = "CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION" + ); + } diff --git a/src/signer.cc b/src/signer.cc index d048ca4c..67c8ac58 100644 --- a/src/signer.cc +++ b/src/signer.cc @@ -42,8 +42,32 @@ using namespace dcp; Signer::Signer (boost::filesystem::path openssl) { - boost::filesystem::path directory = make_certificate_chain (openssl); + create (make_certificate_chain (openssl)); +} + +Signer::Signer (boost::filesystem::path openssl, + string organisation, + string organisational_unit, + string root_common_name, + string intermediate_common_name, + string leaf_common_name + ) +{ + create ( + make_certificate_chain ( + openssl, + organisation, + organisational_unit, + root_common_name, + intermediate_common_name, + leaf_common_name + ) + ); +} +void +Signer::create (boost::filesystem::path directory) +{ _certificates.add (dcp::Certificate (dcp::file_to_string (directory / "ca.self-signed.pem"))); _certificates.add (dcp::Certificate (dcp::file_to_string (directory / "intermediate.signed.pem"))); _certificates.add (dcp::Certificate (dcp::file_to_string (directory / "leaf.signed.pem"))); @@ -52,7 +76,6 @@ Signer::Signer (boost::filesystem::path openssl) boost::filesystem::remove_all (directory); } - /** Add a <Signer> and <ds:Signature> nodes to an XML node. * @param parent XML node to add to. diff --git a/src/signer.h b/src/signer.h index 6fd17033..1d53d5ba 100644 --- a/src/signer.h +++ b/src/signer.h @@ -42,6 +42,15 @@ class Signer { public: Signer (boost::filesystem::path openssl); + + Signer ( + boost::filesystem::path openssl, + std::string organisation, + std::string organisational_unit, + std::string root_common_name, + std::string intermediate_common_name, + std::string leaf_common_name + ); /** @param c Certificate chain to sign with. * @param k Key to sign with as a PEM-format string. @@ -73,7 +82,8 @@ public: bool valid () const; private: - + void create (boost::filesystem::path directory); + /** Certificate chain to sign with */ CertificateChain _certificates; /** Key to sign with as a PEM-format string */ |