From 1c24485f58cdb133477b4e1e201ba0acd93ac74e Mon Sep 17 00:00:00 2001 From: Carl Hetherington Date: Thu, 19 Sep 2013 14:15:31 +0100 Subject: Rename crypt_chain -> signer_chain. --- src/crypt_chain.cc | 168 ------------------------------------------------ src/crypt_chain.h | 26 -------- src/signer_chain.cc | 168 ++++++++++++++++++++++++++++++++++++++++++++++++ src/signer_chain.h | 26 ++++++++ src/wscript | 4 +- test/encryption_test.cc | 6 +- test/tests.cc | 10 +-- 7 files changed, 204 insertions(+), 204 deletions(-) delete mode 100644 src/crypt_chain.cc delete mode 100644 src/crypt_chain.h create mode 100644 src/signer_chain.cc create mode 100644 src/signer_chain.h diff --git a/src/crypt_chain.cc b/src/crypt_chain.cc deleted file mode 100644 index 2737f12c..00000000 --- a/src/crypt_chain.cc +++ /dev/null @@ -1,168 +0,0 @@ -/* - Copyright (C) 2013 Carl Hetherington - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -*/ - -#include -#include -#include -#include -#include "crypt_chain.h" -#include "exceptions.h" - -using std::string; -using std::ofstream; -using std::ifstream; -using std::stringstream; -using std::cout; - -static void command (char const * c) -{ - int const r = system (c); -#ifdef LIBDCP_WINDOWS - if (r) { -#else - if (WEXITSTATUS (r)) { -#endif - stringstream s; - s << "error in " << c << "\n"; - throw libdcp::MiscError (s.str()); - } -} - -void -libdcp::make_crypt_chain (boost::filesystem::path directory) -{ - boost::filesystem::path const cwd = boost::filesystem::current_path (); - - boost::filesystem::current_path (directory); - command ("openssl genrsa -out ca.key 2048"); - - { - ofstream f ("ca.cnf"); - f << "[ req ]\n" - << "distinguished_name = req_distinguished_name\n" - << "x509_extensions = v3_ca\n" - << "[ v3_ca ]\n" - << "basicConstraints = critical,CA:true,pathlen:3\n" - << "keyUsage = keyCertSign,cRLSign\n" - << "subjectKeyIdentifier = hash\n" - << "authorityKeyIdentifier = keyid:always,issuer:always\n" - << "[ req_distinguished_name ]\n" - << "O = Unique organization name\n" - << "OU = Organization unit\n" - << "CN = Entity and dnQualifier\n"; - } - - command ("openssl rsa -outform PEM -pubout -in ca.key | openssl base64 -d | dd bs=1 skip=24 2>/dev/null | openssl sha1 -binary | openssl base64 > ca_dnq"); - - string ca_dnq; - - { - ifstream f ("ca_dnq"); - getline (f, ca_dnq); - /* XXX: is this right? */ - boost::replace_all (ca_dnq, "/", "\\\\/"); - } - - string const ca_subject = "/O=example.org/OU=example.org/CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION/dnQualifier=" + ca_dnq; - - { - stringstream c; - c << "openssl req -new -x509 -sha256 -config ca.cnf -days 3650 -set_serial 5 -subj " << ca_subject << " -key ca.key -outform PEM -out ca.self-signed.pem"; - command (c.str().c_str()); - } - - command ("openssl genrsa -out intermediate.key 2048"); - - { - ofstream f ("intermediate.cnf"); - f << "[ default ]\n" - << "distinguished_name = req_distinguished_name\n" - << "x509_extensions = v3_ca\n" - << "[ v3_ca ]\n" - << "basicConstraints = critical,CA:true,pathlen:2\n" - << "keyUsage = keyCertSign,cRLSign\n" - << "subjectKeyIdentifier = hash\n" - << "authorityKeyIdentifier = keyid:always,issuer:always\n" - << "[ req_distinguished_name ]\n" - << "O = Unique organization name\n" - << "OU = Organization unit\n" - << "CN = Entity and dnQualifier\n"; - } - - command ("openssl rsa -outform PEM -pubout -in intermediate.key | openssl base64 -d | dd bs=1 skip=24 2>/dev/null | openssl sha1 -binary | openssl base64 > inter_dnq"); - - string inter_dnq; - - { - ifstream f ("inter_dnq"); - getline (f, inter_dnq); - boost::replace_all (inter_dnq, "/", "\\\\/"); - } - - string const inter_subject = "/O=example.org/OU=example.org/CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION/dnQualifier=" + inter_dnq; - - { - stringstream s; - s << "openssl req -new -config intermediate.cnf -days 3649 -subj " << inter_subject << " -key intermediate.key -out intermediate.csr"; - command (s.str().c_str()); - } - - - command ("openssl x509 -req -sha256 -days 3649 -CA ca.self-signed.pem -CAkey ca.key -set_serial 6 -in intermediate.csr -extfile intermediate.cnf -extensions v3_ca -out intermediate.signed.pem"); - - command ("openssl genrsa -out leaf.key 2048"); - - { - ofstream f ("leaf.cnf"); - f << "[ default ]\n" - << "distinguished_name = req_distinguished_name\n" - << "x509_extensions = v3_ca\n" - << "[ v3_ca ]\n" - << "basicConstraints = critical,CA:false\n" - << "keyUsage = digitalSignature,keyEncipherment\n" - << "subjectKeyIdentifier = hash\n" - << "authorityKeyIdentifier = keyid,issuer:always\n" - << "[ req_distinguished_name ]\n" - << "O = Unique organization name\n" - << "OU = Organization unit\n" - << "CN = Entity and dnQualifier\n"; - } - - command ("openssl rsa -outform PEM -pubout -in leaf.key | openssl base64 -d | dd bs=1 skip=24 2>/dev/null | openssl sha1 -binary | openssl base64 > leaf_dnq"); - - string leaf_dnq; - - { - ifstream f ("leaf_dnq"); - getline (f, leaf_dnq); - boost::replace_all (leaf_dnq, "/", "\\\\/"); - } - - string const leaf_subject = "/O=example.org/OU=example.org/CN=CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION/dnQualifier=" + leaf_dnq; - - { - stringstream s; - s << "openssl req -new -config leaf.cnf -days 3648 -subj " << leaf_subject << " -key leaf.key -outform PEM -out leaf.csr"; - command (s.str().c_str()); - } - - command ("openssl x509 -req -sha256 -days 3648 -CA intermediate.signed.pem -CAkey intermediate.key -set_serial 7 -in leaf.csr -extfile leaf.cnf -extensions v3_ca -out leaf.signed.pem"); - - boost::filesystem::current_path (cwd); -} diff --git a/src/crypt_chain.h b/src/crypt_chain.h deleted file mode 100644 index 0e6667f1..00000000 --- a/src/crypt_chain.h +++ /dev/null @@ -1,26 +0,0 @@ -/* - Copyright (C) 2013 Carl Hetherington - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -*/ - -#include - -namespace libdcp { - -void make_crypt_chain (boost::filesystem::path); - -} diff --git a/src/signer_chain.cc b/src/signer_chain.cc new file mode 100644 index 00000000..1fa8090d --- /dev/null +++ b/src/signer_chain.cc @@ -0,0 +1,168 @@ +/* + Copyright (C) 2013 Carl Hetherington + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#include +#include +#include +#include +#include "signer_chain.h" +#include "exceptions.h" + +using std::string; +using std::ofstream; +using std::ifstream; +using std::stringstream; +using std::cout; + +static void command (char const * c) +{ + int const r = system (c); +#ifdef LIBDCP_WINDOWS + if (r) { +#else + if (WEXITSTATUS (r)) { +#endif + stringstream s; + s << "error in " << c << "\n"; + throw libdcp::MiscError (s.str()); + } +} + +void +libdcp::make_signer_chain (boost::filesystem::path directory) +{ + boost::filesystem::path const cwd = boost::filesystem::current_path (); + + boost::filesystem::current_path (directory); + command ("openssl genrsa -out ca.key 2048"); + + { + ofstream f ("ca.cnf"); + f << "[ req ]\n" + << "distinguished_name = req_distinguished_name\n" + << "x509_extensions = v3_ca\n" + << "[ v3_ca ]\n" + << "basicConstraints = critical,CA:true,pathlen:3\n" + << "keyUsage = keyCertSign,cRLSign\n" + << "subjectKeyIdentifier = hash\n" + << "authorityKeyIdentifier = keyid:always,issuer:always\n" + << "[ req_distinguished_name ]\n" + << "O = Unique organization name\n" + << "OU = Organization unit\n" + << "CN = Entity and dnQualifier\n"; + } + + command ("openssl rsa -outform PEM -pubout -in ca.key | openssl base64 -d | dd bs=1 skip=24 2>/dev/null | openssl sha1 -binary | openssl base64 > ca_dnq"); + + string ca_dnq; + + { + ifstream f ("ca_dnq"); + getline (f, ca_dnq); + /* XXX: is this right? */ + boost::replace_all (ca_dnq, "/", "\\\\/"); + } + + string const ca_subject = "/O=example.org/OU=example.org/CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION/dnQualifier=" + ca_dnq; + + { + stringstream c; + c << "openssl req -new -x509 -sha256 -config ca.cnf -days 3650 -set_serial 5 -subj " << ca_subject << " -key ca.key -outform PEM -out ca.self-signed.pem"; + command (c.str().c_str()); + } + + command ("openssl genrsa -out intermediate.key 2048"); + + { + ofstream f ("intermediate.cnf"); + f << "[ default ]\n" + << "distinguished_name = req_distinguished_name\n" + << "x509_extensions = v3_ca\n" + << "[ v3_ca ]\n" + << "basicConstraints = critical,CA:true,pathlen:2\n" + << "keyUsage = keyCertSign,cRLSign\n" + << "subjectKeyIdentifier = hash\n" + << "authorityKeyIdentifier = keyid:always,issuer:always\n" + << "[ req_distinguished_name ]\n" + << "O = Unique organization name\n" + << "OU = Organization unit\n" + << "CN = Entity and dnQualifier\n"; + } + + command ("openssl rsa -outform PEM -pubout -in intermediate.key | openssl base64 -d | dd bs=1 skip=24 2>/dev/null | openssl sha1 -binary | openssl base64 > inter_dnq"); + + string inter_dnq; + + { + ifstream f ("inter_dnq"); + getline (f, inter_dnq); + boost::replace_all (inter_dnq, "/", "\\\\/"); + } + + string const inter_subject = "/O=example.org/OU=example.org/CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION/dnQualifier=" + inter_dnq; + + { + stringstream s; + s << "openssl req -new -config intermediate.cnf -days 3649 -subj " << inter_subject << " -key intermediate.key -out intermediate.csr"; + command (s.str().c_str()); + } + + + command ("openssl x509 -req -sha256 -days 3649 -CA ca.self-signed.pem -CAkey ca.key -set_serial 6 -in intermediate.csr -extfile intermediate.cnf -extensions v3_ca -out intermediate.signed.pem"); + + command ("openssl genrsa -out leaf.key 2048"); + + { + ofstream f ("leaf.cnf"); + f << "[ default ]\n" + << "distinguished_name = req_distinguished_name\n" + << "x509_extensions = v3_ca\n" + << "[ v3_ca ]\n" + << "basicConstraints = critical,CA:false\n" + << "keyUsage = digitalSignature,keyEncipherment\n" + << "subjectKeyIdentifier = hash\n" + << "authorityKeyIdentifier = keyid,issuer:always\n" + << "[ req_distinguished_name ]\n" + << "O = Unique organization name\n" + << "OU = Organization unit\n" + << "CN = Entity and dnQualifier\n"; + } + + command ("openssl rsa -outform PEM -pubout -in leaf.key | openssl base64 -d | dd bs=1 skip=24 2>/dev/null | openssl sha1 -binary | openssl base64 > leaf_dnq"); + + string leaf_dnq; + + { + ifstream f ("leaf_dnq"); + getline (f, leaf_dnq); + boost::replace_all (leaf_dnq, "/", "\\\\/"); + } + + string const leaf_subject = "/O=example.org/OU=example.org/CN=CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION/dnQualifier=" + leaf_dnq; + + { + stringstream s; + s << "openssl req -new -config leaf.cnf -days 3648 -subj " << leaf_subject << " -key leaf.key -outform PEM -out leaf.csr"; + command (s.str().c_str()); + } + + command ("openssl x509 -req -sha256 -days 3648 -CA intermediate.signed.pem -CAkey intermediate.key -set_serial 7 -in leaf.csr -extfile leaf.cnf -extensions v3_ca -out leaf.signed.pem"); + + boost::filesystem::current_path (cwd); +} diff --git a/src/signer_chain.h b/src/signer_chain.h new file mode 100644 index 00000000..ea67f7e1 --- /dev/null +++ b/src/signer_chain.h @@ -0,0 +1,26 @@ +/* + Copyright (C) 2013 Carl Hetherington + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#include + +namespace libdcp { + +void make_signer_chain (boost::filesystem::path); + +} diff --git a/src/wscript b/src/wscript index 7afeb537..70fd1794 100644 --- a/src/wscript +++ b/src/wscript @@ -14,7 +14,6 @@ def build(bld): asset.cc certificates.cc colour_matrix.cc - crypt_chain.cc cpl.cc dcp.cc dcp_time.cc @@ -30,6 +29,7 @@ def build(bld): reel.cc rgb_xyz.cc signer.cc + signer_chain.cc sound_asset.cc sound_frame.cc srgb_linearised_gamma_lut.cc @@ -49,7 +49,6 @@ def build(bld): certificates.h colour_matrix.h cpl.h - crypt_chain.h dcp.h dcp_time.h exceptions.h @@ -67,6 +66,7 @@ def build(bld): rec709_linearised_gamma_lut.h reel.h argb_frame.h + signer_chain.h sound_asset.h sound_frame.h srgb_linearised_gamma_lut.h diff --git a/test/encryption_test.cc b/test/encryption_test.cc index 11028083..1b0de19a 100644 --- a/test/encryption_test.cc +++ b/test/encryption_test.cc @@ -39,9 +39,9 @@ BOOST_AUTO_TEST_CASE (encryption) libdcp::DCP d ("build/test/DCP/bar"); libdcp::CertificateChain chain; - chain.add (shared_ptr (new libdcp::Certificate ("build/test/crypt/ca.self-signed.pem"))); - chain.add (shared_ptr (new libdcp::Certificate ("build/test/crypt/intermediate.signed.pem"))); - chain.add (shared_ptr (new libdcp::Certificate ("build/test/crypt/leaf.signed.pem"))); + chain.add (shared_ptr (new libdcp::Certificate ("build/test/signer/ca.self-signed.pem"))); + chain.add (shared_ptr (new libdcp::Certificate ("build/test/signer/intermediate.signed.pem"))); + chain.add (shared_ptr (new libdcp::Certificate ("build/test/signer/leaf.signed.pem"))); shared_ptr signer ( new libdcp::Signer ( diff --git a/test/tests.cc b/test/tests.cc index 28e15cf1..5e63d5ed 100644 --- a/test/tests.cc +++ b/test/tests.cc @@ -31,7 +31,7 @@ #include "sound_asset.h" #include "reel.h" #include "certificates.h" -#include "crypt_chain.h" +#include "signer_chain.h" #include "gamma_lut.h" #include "cpl.h" #include "signer.h" @@ -84,11 +84,11 @@ static string test_corpus = "../libdcp-test"; #include "recovery_test.cc" #include "certificates_test.cc" -BOOST_AUTO_TEST_CASE (crypt_chain) +BOOST_AUTO_TEST_CASE (signer_chain) { - boost::filesystem::remove_all ("build/test/crypt"); - boost::filesystem::create_directory ("build/test/crypt"); - libdcp::make_crypt_chain ("build/test/crypt"); + boost::filesystem::remove_all ("build/test/signer"); + boost::filesystem::create_directory ("build/test/signer"); + libdcp::make_signer_chain ("build/test/signer"); } #include "encryption_test.cc" -- cgit v1.2.3