From a3aa0f8ee813656b255c24d23f4570ef56e7fca2 Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Tue, 24 Sep 2013 20:49:18 +0100
Subject: Actually encrypt AuthenticatedPrivate section of KDM.

---
 src/certificates.cc | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'src/certificates.cc')

diff --git a/src/certificates.cc b/src/certificates.cc
index d02754f1..4c41ebba 100644
--- a/src/certificates.cc
+++ b/src/certificates.cc
@@ -23,6 +23,7 @@
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 #include <openssl/asn1.h>
+#include <openssl/err.h>
 #include <libxml++/nodes/element.h>
 #include "KM_util.h"
 #include "certificates.h"
@@ -39,12 +40,14 @@ using namespace libdcp;
 /** @param c X509 certificate, which this object will take ownership of */
 Certificate::Certificate (X509* c)
 	: _certificate (c)
+	, _public_key (0)
 {
 	
 }
 
 Certificate::Certificate (boost::filesystem::path filename)
 	: _certificate (0)
+	, _public_key (0)
 {
 	FILE* f = fopen (filename.c_str(), "r");
 	if (!f) {
@@ -58,12 +61,14 @@ Certificate::Certificate (boost::filesystem::path filename)
 
 Certificate::Certificate (string cert)
 	: _certificate (0)
+	, _public_key (0)
 {
 	read_string (cert);
 }
 
 Certificate::Certificate (Certificate const & other)
 	: _certificate (0)
+	, _public_key (0)
 {
 	read_string (other.certificate (true));
 }
@@ -87,6 +92,7 @@ Certificate::read_string (string cert)
 Certificate::~Certificate ()
 {
 	X509_free (_certificate);
+	RSA_free (_public_key);
 }
 
 Certificate &
@@ -97,6 +103,10 @@ Certificate::operator= (Certificate const & other)
 	}
 
 	X509_free (_certificate);
+	_certificate = 0;
+	RSA_free (_public_key);
+	_public_key = 0;
+	
 	read_string (other.certificate ());
 
 	return *this;
@@ -224,6 +234,28 @@ Certificate::thumbprint () const
 	return Kumu::base64encode (digest, 20, digest_base64, 64);
 }
 
+RSA *
+Certificate::public_key () const
+{
+	assert (_certificate);
+
+	if (_public_key) {
+		return _public_key;
+	}
+
+	EVP_PKEY* key = X509_get_pubkey (_certificate);
+	if (!key) {
+		throw MiscError ("could not get public key from certificate");
+	}
+
+	_public_key = EVP_PKEY_get1_RSA (key);
+	if (!_public_key) {
+		throw MiscError (String::compose ("could not get RSA public key (%1)", ERR_error_string (ERR_get_error(), 0)));
+	}
+
+	return _public_key;
+}
+
 shared_ptr<Certificate>
 CertificateChain::root () const
 {
-- 
cgit v1.2.3