1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
#include <sstream>
#include <vector>
#include <boost/algorithm/string.hpp>
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/asn1.h>
#include "certificates.h"
#include "exceptions.h"
using std::list;
using std::string;
using std::stringstream;
using std::vector;
using boost::shared_ptr;
using namespace libdcp;
/** @param c X509 certificate, which this object will take ownership of */
Certificate::Certificate (X509* c)
: _certificate (c)
{
}
Certificate::~Certificate ()
{
X509_free (_certificate);
}
string
Certificate::certificate () const
{
BIO* bio = BIO_new (BIO_s_mem ());
if (!bio) {
throw MiscError ("could not create memory BIO");
}
PEM_write_bio_X509 (bio, _certificate);
string s;
char* data;
long int const data_length = BIO_get_mem_data (bio, &data);
for (long int i = 0; i < data_length; ++i) {
s += data[i];
}
BIO_free (bio);
boost::replace_all (s, "-----BEGIN CERTIFICATE-----\n", "");
boost::replace_all (s, "\n-----END CERTIFICATE-----\n", "");
return s;
}
string
Certificate::issuer () const
{
X509_NAME* n = X509_get_issuer_name (_certificate);
assert (n);
char b[256];
X509_NAME_oneline (n, b, 256);
return b;
}
string
Certificate::name_for_xml (string const & n)
{
stringstream x;
vector<string> p;
boost::split (p, n, boost::is_any_of ("/"));
for (vector<string>::const_reverse_iterator i = p.rbegin(); i != p.rend(); ++i) {
x << *i << ",";
}
string s = x.str();
boost::replace_all (s, "+", "\\+");
return s.substr(0, s.length() - 2);
}
string
Certificate::subject () const
{
X509_NAME* n = X509_get_subject_name (_certificate);
assert (n);
char b[256];
X509_NAME_oneline (n, b, 256);
return b;
}
string
Certificate::serial () const
{
ASN1_INTEGER* s = X509_get_serialNumber (_certificate);
assert (s);
BIGNUM* b = ASN1_INTEGER_to_BN (s, 0);
char* c = BN_bn2dec (b);
BN_free (b);
string st (c);
OPENSSL_free (c);
return st;
}
/** @param filename Text file of PEM-format certificates,
* in the order:
*
* 1. self-signed root certificate
* 2. intermediate certificate signed by root certificate
* ...
* n. leaf certificate signed by previous intermediate.
*/
CertificateChain::CertificateChain (string const & filename)
{
FILE* f = fopen (filename.c_str(), "r");
if (!f) {
throw FileError ("could not open file", filename);
}
while (1) {
X509* c = 0;
if (!PEM_read_X509 (f, &c, 0, 0)) {
break;
}
_certificates.push_back (shared_ptr<Certificate> (new Certificate (c)));
}
}
shared_ptr<Certificate>
CertificateChain::root () const
{
assert (!_certificates.empty());
return _certificates.front ();
}
shared_ptr<Certificate>
CertificateChain::leaf () const
{
assert (_certificates.size() >= 2);
return _certificates.back ();
}
list<shared_ptr<Certificate> >
CertificateChain::leaf_to_root () const
{
list<shared_ptr<Certificate> > c = _certificates;
c.reverse ();
return c;
}
|
