1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
/*
Copyright (C) 2013-2015 Carl Hetherington <cth@carlh.net>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
/** @file src/signer_chain.h
* @brief Functions to make signer chains.
*/
#ifndef LIBDCP_CERTIFICATE_CHAIN_H
#define LIBDCP_CERTIFICATE_CHAIN_H
#include "certificate.h"
#include "types.h"
#include <boost/filesystem.hpp>
#include <boost/optional.hpp>
namespace xmlpp {
class Node;
}
namespace dcp {
/** @class CertificateChain
* @brief A chain of any number of certificates, from root to leaf.
*/
class CertificateChain
{
public:
CertificateChain () {}
/** Create a chain of certificates for signing things.
* @param openssl Name of openssl binary (if it is on the path) or full path.
* @return Directory (which should be deleted by the caller) containing:
* - ca.self-signed.pem self-signed root certificate
* - intermediate.signed.pem intermediate certificate
* - leaf.key leaf certificate private key
* - leaf.signed.pem leaf certificate
*/
CertificateChain (
boost::filesystem::path openssl,
std::string organisation = "example.org",
std::string organisational_unit = "example.org",
std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION",
std::string intermediate_common_name = ".smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION",
std::string leaf_common_name = "CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION"
);
void add (Certificate c);
void remove (Certificate c);
void remove (int);
Certificate root () const;
Certificate leaf () const;
typedef std::list<Certificate> List;
List leaf_to_root () const;
List root_to_leaf () const;
bool valid () const;
bool attempt_reorder ();
void sign (xmlpp::Element* parent, Standard standard) const;
void add_signature_value (xmlpp::Node* parent, std::string ns) const;
boost::optional<std::string> key () const {
return _key;
}
void set_key (std::string k) {
_key = k;
}
private:
friend class ::certificates;
List _certificates;
/** Leaf certificate's private key, if known */
boost::optional<std::string> _key;
};
}
#endif
|
