Quite large reworking of signer/cert handling.

5 files changed, 39 insertions, 33 deletions

diff --git a/test/certificates_test.cc b/test/certificates_test.cc
index 3e345948..8cbe9527 100644
--- a/test/certificates_test.cc
+++ b/test/certificates_test.cc
@@ -19,8 +19,12 @@
 
 #include <boost/test/unit_test.hpp>
 #include "certificates.h"
+#include "signer.h"
+#include "util.h"
 
 using std::list;
+using std::cout;
+using std::string;
 using boost::shared_ptr;
 
 BOOST_AUTO_TEST_CASE (certificates)
@@ -31,9 +35,9 @@ BOOST_AUTO_TEST_CASE (certificates)
 	c.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
 	c.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
 
-	list<shared_ptr<dcp::Certificate> > leaf_to_root = c.leaf_to_root ();
+	dcp::CertificateChain::List leaf_to_root = c.leaf_to_root ();
 
-	list<shared_ptr<dcp::Certificate> >::iterator i = leaf_to_root.begin ();
+	dcp::CertificateChain::List::iterator i = leaf_to_root.begin ();
 
 	/* Leaf */
 	BOOST_CHECK_EQUAL (*i, c.leaf ());
@@ -82,49 +86,66 @@ BOOST_AUTO_TEST_CASE (certificates)
 	BOOST_CHECK_EQUAL (test.certificate(), c.root()->certificate());
 }
 
-/** Check that dcp::CertificateChain::validate() and ::attempt_reorder() basically work */
+/** Check that dcp::CertificateChain::valid() and ::attempt_reorder() basically work */
 BOOST_AUTO_TEST_CASE (certificates_validation)
 {
 	dcp::CertificateChain good1;
 	good1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
 	good1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
 	good1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
-	BOOST_CHECK (good1.verify ());
+	BOOST_CHECK (good1.valid ());
 
 	dcp::CertificateChain good2;
 	good2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
-	BOOST_CHECK (good2.verify ());
+	BOOST_CHECK (good2.valid ());
 	
 	dcp::CertificateChain bad1;
 	bad1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
 	bad1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
-	BOOST_CHECK (!bad1.verify ());
+	BOOST_CHECK (!bad1.valid ());
 	BOOST_CHECK (!bad1.attempt_reorder ());
 
 	dcp::CertificateChain bad2;
 	bad2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
 	bad2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
 	bad2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
-	BOOST_CHECK (!bad2.verify ());
+	BOOST_CHECK (!bad2.valid ());
 	BOOST_CHECK (bad2.attempt_reorder ());
 
 	dcp::CertificateChain bad3;
 	bad3.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
 	bad3.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
 	bad3.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
-	BOOST_CHECK (!bad3.verify ());
+	BOOST_CHECK (!bad3.valid ());
 	BOOST_CHECK (bad3.attempt_reorder ());
 
 	dcp::CertificateChain bad4;
 	bad4.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
 	bad4.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
 	bad4.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
-	BOOST_CHECK (!bad4.verify ());
+	BOOST_CHECK (!bad4.valid ());
 	BOOST_CHECK (bad4.attempt_reorder ());
 
 	dcp::CertificateChain bad5;
 	bad5.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
 	bad5.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
-	BOOST_CHECK (!bad5.verify ());
+	BOOST_CHECK (!bad5.valid ());
 	BOOST_CHECK (!bad5.attempt_reorder ());
 }
+
+/** Check that dcp::Signer::valid() basically works */
+BOOST_AUTO_TEST_CASE (signer_validation)
+{
+	/* Check a valid signer */
+	dcp::CertificateChain chain;
+	chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
+	chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
+	chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
+	dcp::Signer signer (chain, dcp::file_to_string ("test/ref/crypt/leaf.key"));
+	BOOST_CHECK (signer.valid ());
+
+	/* Put in an unrelated key and the signer should no longer be valid */
+	dcp::Signer another_signer ("openssl");
+	signer.set_key (another_signer.key ());
+	BOOST_CHECK (!signer.valid ());
+}
diff --git a/test/decryption_test.cc b/test/decryption_test.cc
index f80bb900..b5077a46 100644
--- a/test/decryption_test.cc
+++ b/test/decryption_test.cc
@@ -1,5 +1,5 @@
 /*
-    Copyright (C) 2013 Carl Hetherington <cth@carlh.net>
+    Copyright (C) 2013-2014 Carl Hetherington <cth@carlh.net>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -61,7 +61,7 @@ BOOST_AUTO_TEST_CASE (decryption_test)
 
 	dcp::DecryptedKDM kdm (
 		dcp::EncryptedKDM ("test/data/kdm_TONEPLATES-SMPTE-ENC_.smpte-430-2.ROOT.NOT_FOR_PRODUCTION_20130706_20230702_CAR_OV_t1_8971c838.xml"),
-		"test/data/private.key"
+		dcp::file_to_string ("test/data/private.key")
 		);
 	
 	encrypted.add (kdm);
@@ -81,6 +81,6 @@ BOOST_AUTO_TEST_CASE (failing_kdm_test)
 {
 	dcp::DecryptedKDM kdm (
 		dcp::EncryptedKDM ("test/data/target.pem.crt.de5d4eba-e683-41ca-bdda-aa4ad96af3f4.kdm.xml"),
-		"test/data/private.key"
+		dcp::file_to_string ("test/data/private.key")
 		);
 }
diff --git a/test/encryption_test.cc b/test/encryption_test.cc
index 600a4eae..6d2e052e 100644
--- a/test/encryption_test.cc
+++ b/test/encryption_test.cc
@@ -30,7 +30,6 @@
 #include "reel.h"
 #include "test.h"
 #include "file.h"
-#include "signer_chain.h"
 #include "subtitle_content.h"
 #include "reel_mono_picture_asset.h"
 #include "reel_sound_asset.h"
@@ -49,7 +48,6 @@ BOOST_AUTO_TEST_CASE (encryption_test)
 {
 	boost::filesystem::remove_all ("build/test/signer");
 	boost::filesystem::create_directory ("build/test/signer");
-	dcp::make_signer_chain ("build/test/signer", "openssl");
 	
 	Kumu::libdcp_test = true;
 
diff --git a/test/kdm_test.cc b/test/kdm_test.cc
index 7de62f5a..1fc76dba 100644
--- a/test/kdm_test.cc
+++ b/test/kdm_test.cc
@@ -21,6 +21,7 @@
 #include <libxml++/libxml++.h>
 #include "encrypted_kdm.h"
 #include "decrypted_kdm.h"
+#include "util.h"
 
 using std::list;
 using std::stringstream;
@@ -30,7 +31,7 @@ BOOST_AUTO_TEST_CASE (kdm_test)
 {
 	dcp::DecryptedKDM kdm (
 		dcp::EncryptedKDM ("test/data/kdm_TONEPLATES-SMPTE-ENC_.smpte-430-2.ROOT.NOT_FOR_PRODUCTION_20130706_20230702_CAR_OV_t1_8971c838.xml"),
-		"test/data/private.key"
+		dcp::file_to_string ("test/data/private.key")
 		);
 
 	list<dcp::DecryptedKDMKey> keys = kdm.keys ();
diff --git a/test/round_trip_test.cc b/test/round_trip_test.cc
index 899734f4..7ba501e6 100644
--- a/test/round_trip_test.cc
+++ b/test/round_trip_test.cc
@@ -28,7 +28,7 @@
 #include "cpl.h"
 #include "mono_picture_frame.h"
 #include "argb_frame.h"
-#include "signer_chain.h"
+#include "certificate_chain.h"
 #include "mono_picture_mxf_writer.h"
 #include "reel_picture_asset.h"
 #include "reel_mono_picture_asset.h"
@@ -42,21 +42,7 @@ using boost::shared_ptr;
 /* Build an encrypted picture MXF and a KDM for it and check that the KDM can be decrypted */
 BOOST_AUTO_TEST_CASE (round_trip_test)
 {
-	boost::filesystem::remove_all ("build/test/signer");
-	boost::filesystem::create_directory ("build/test/signer");
-	dcp::make_signer_chain ("build/test/signer", "openssl");
-	
-	dcp::CertificateChain chain;
-	chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("build/test/signer/ca.self-signed.pem"))));
-	chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("build/test/signer/intermediate.signed.pem"))));
-	chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("build/test/signer/leaf.signed.pem"))));
-
-	shared_ptr<dcp::Signer> signer (
-		new dcp::Signer (
-			chain,
-			dcp::file_to_string ("test/data/signer.key")
-			)
-		);
+	shared_ptr<dcp::Signer> signer (new dcp::Signer ("openssl"));
 
 	boost::filesystem::path work_dir = "build/test/round_trip_test";
 	boost::filesystem::create_directory (work_dir);
@@ -93,7 +79,7 @@ BOOST_AUTO_TEST_CASE (round_trip_test)
 	kdm_A.encrypt(signer, signer->certificates().leaf(), dcp::MODIFIED_TRANSITIONAL_1).as_xml (kdm_file);
 
 	/* Reload the KDM, using our private key to decrypt it */
-	dcp::DecryptedKDM kdm_B (dcp::EncryptedKDM (kdm_file), "build/test/signer/leaf.key");
+	dcp::DecryptedKDM kdm_B (dcp::EncryptedKDM (kdm_file), signer->key ());
 
 	/* Check that the decrypted KDMKeys are the same as the ones we started with */
 	BOOST_CHECK_EQUAL (kdm_A.keys().size(), kdm_B.keys().size());