diff options
| -rw-r--r-- | src/certificate_chain.cc | 14 | ||||
| -rw-r--r-- | src/certificate_chain.h | 1 | ||||
| -rw-r--r-- | test/certificates_test.cc | 5 | ||||
| -rw-r--r-- | test/round_trip_test.cc | 2 |
4 files changed, 11 insertions, 11 deletions
diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc index 5ff9b294..84478dc1 100644 --- a/src/certificate_chain.cc +++ b/src/certificate_chain.cc @@ -187,6 +187,7 @@ public_key_digest (boost::filesystem::path private_key, boost::filesystem::path CertificateChain::CertificateChain ( boost::filesystem::path openssl, + int validity_in_days, string organisation, string organisational_unit, string root_common_name, @@ -194,9 +195,6 @@ CertificateChain::CertificateChain ( string leaf_common_name ) { - /* Valid for 40 years */ - int const days = 365 * 40; - auto directory = boost::filesystem::temp_directory_path() / boost::filesystem::unique_path (); boost::filesystem::create_directories (directory); @@ -234,7 +232,7 @@ CertificateChain::CertificateChain ( String::compose ( "%1 req -new -x509 -sha256 -config ca.cnf -days %2 -set_serial 5" " -subj \"%3\" -key ca.key -outform PEM -out ca.self-signed.pem", - quoted_openssl, days, ca_subject + quoted_openssl, validity_in_days, ca_subject ) ); } @@ -267,7 +265,7 @@ CertificateChain::CertificateChain ( command ( String::compose ( "%1 req -new -config intermediate.cnf -days %2 -subj \"%3\" -key intermediate.key -out intermediate.csr", - quoted_openssl, days - 1, inter_subject + quoted_openssl, validity_in_days - 1, inter_subject ) ); } @@ -276,7 +274,7 @@ CertificateChain::CertificateChain ( String::compose ( "%1 x509 -req -sha256 -days %2 -CA ca.self-signed.pem -CAkey ca.key -set_serial 6" " -in intermediate.csr -extfile intermediate.cnf -extensions v3_ca -out intermediate.signed.pem", - quoted_openssl, days - 1 + quoted_openssl, validity_in_days - 1 ) ); @@ -308,7 +306,7 @@ CertificateChain::CertificateChain ( command ( String::compose ( "%1 req -new -config leaf.cnf -days %2 -subj \"%3\" -key leaf.key -outform PEM -out leaf.csr", - quoted_openssl, days - 2, leaf_subject + quoted_openssl, validity_in_days - 2, leaf_subject ) ); } @@ -317,7 +315,7 @@ CertificateChain::CertificateChain ( String::compose ( "%1 x509 -req -sha256 -days %2 -CA intermediate.signed.pem -CAkey intermediate.key" " -set_serial 7 -in leaf.csr -extfile leaf.cnf -extensions v3_ca -out leaf.signed.pem", - quoted_openssl, days - 2 + quoted_openssl, validity_in_days - 2 ) ); diff --git a/src/certificate_chain.h b/src/certificate_chain.h index 934e1fc5..df9f4ccf 100644 --- a/src/certificate_chain.h +++ b/src/certificate_chain.h @@ -86,6 +86,7 @@ public: */ CertificateChain ( boost::filesystem::path openssl, + int validity_in_days, std::string organisation = "example.org", std::string organisational_unit = "example.org", std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION", diff --git a/test/certificates_test.cc b/test/certificates_test.cc index 927bddaf..0c671fc3 100644 --- a/test/certificates_test.cc +++ b/test/certificates_test.cc @@ -215,6 +215,7 @@ BOOST_AUTO_TEST_CASE (certificates_validation9) { dcp::CertificateChain good ( boost::filesystem::path ("openssl"), + 10 * 365, "dcpomatic.com", "dcpomatic.com", ".dcpomatic.smpte-430-2.ROOT", @@ -228,7 +229,7 @@ BOOST_AUTO_TEST_CASE (certificates_validation9) /** Check that we can create a valid chain */ BOOST_AUTO_TEST_CASE (certificates_validation10) { - dcp::CertificateChain good (boost::filesystem::path ("openssl")); + dcp::CertificateChain good (boost::filesystem::path ("openssl"), 10 * 365); BOOST_CHECK_NO_THROW (good.root_to_leaf()); } @@ -244,7 +245,7 @@ BOOST_AUTO_TEST_CASE (signer_validation) BOOST_CHECK (chain.valid ()); /* Put in an unrelated key and the signer should no longer be valid */ - dcp::CertificateChain another_chain (boost::filesystem::path ("openssl")); + dcp::CertificateChain another_chain (boost::filesystem::path ("openssl"), 10 * 365); chain.set_key (another_chain.key().get ()); BOOST_CHECK (!chain.valid ()); } diff --git a/test/round_trip_test.cc b/test/round_trip_test.cc index c5ad414c..add00651 100644 --- a/test/round_trip_test.cc +++ b/test/round_trip_test.cc @@ -65,7 +65,7 @@ using boost::scoped_array; /** Build an encrypted picture asset and a KDM for it and check that the KDM can be decrypted */ BOOST_AUTO_TEST_CASE (round_trip_test) { - auto signer = make_shared<dcp::CertificateChain>(boost::filesystem::path ("openssl")); + auto signer = make_shared<dcp::CertificateChain>(boost::filesystem::path("openssl"), 10 * 365); boost::filesystem::path work_dir = "build/test/round_trip_test"; boost::filesystem::create_directory (work_dir); |