1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
#include <sstream>
#include <vector>
#include <boost/algorithm/string.hpp>
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/asn1.h>
#include "certificates.h"
#include "exceptions.h"
using std::list;
using std::string;
using std::stringstream;
using std::vector;
using boost::shared_ptr;
using namespace libdcp;
/** @param c X509 certificate, which this object will take ownership of */
Certificate::Certificate (X509* c)
: _certificate (c)
{
}
Certificate::~Certificate ()
{
X509_free (_certificate);
}
string
Certificate::issuer () const
{
X509_NAME* n = X509_get_issuer_name (_certificate);
assert (n);
char b[256];
X509_NAME_oneline (n, b, 256);
return b;
}
string
Certificate::name_for_xml (string const & n)
{
stringstream x;
vector<string> p;
boost::split (p, n, boost::is_any_of ("/"));
for (vector<string>::const_reverse_iterator i = p.rbegin(); i != p.rend(); ++i) {
x << *i << ",";
}
return x.str().substr(0, x.str().length() - 2);
}
string
Certificate::subject () const
{
X509_NAME* n = X509_get_subject_name (_certificate);
assert (n);
char b[256];
X509_NAME_oneline (n, b, 256);
return b;
}
string
Certificate::serial () const
{
ASN1_INTEGER* s = X509_get_serialNumber (_certificate);
assert (s);
BIGNUM* b = ASN1_INTEGER_to_BN (s, 0);
char* c = BN_bn2dec (b);
BN_free (b);
string st (c);
OPENSSL_free (c);
return st;
}
/** @param filename Text file of PEM-format certificates,
* in the order:
*
* 1. self-signed root certificate
* 2. intermediate certificate signed by root certificate
* ...
* n. leaf certificate signed by previous intermediate.
*/
CertificateChain::CertificateChain (string const & filename)
{
FILE* f = fopen (filename.c_str(), "r");
if (!f) {
throw FileError ("could not open file", filename);
}
while (1) {
X509* c = 0;
if (!PEM_read_X509 (f, &c, 0, 0)) {
break;
}
_certificates.push_back (shared_ptr<Certificate> (new Certificate (c)));
}
}
shared_ptr<Certificate>
CertificateChain::root () const
{
assert (!_certificates.empty());
return _certificates.front ();
}
shared_ptr<Certificate>
CertificateChain::leaf () const
{
assert (_certificates.size() >= 2);
return _certificates.back ();
}
list<shared_ptr<Certificate> >
CertificateChain::leaf_to_root () const
{
list<shared_ptr<Certificate> > c = _certificates;
c.reverse ();
return c;
}
|
