2 Copyright (C) 2013-2015 Carl Hetherington <cth@carlh.net>
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 /** @file src/signer_chain.h
21 * @brief Functions to make signer chains.
24 #ifndef LIBDCP_CERTIFICATE_CHAIN_H
25 #define LIBDCP_CERTIFICATE_CHAIN_H
27 #include "certificate.h"
29 #include <boost/filesystem.hpp>
30 #include <boost/optional.hpp>
38 /** @class CertificateChain
39 * @brief A chain of any number of certificates, from root to leaf.
41 class CertificateChain
44 CertificateChain () {}
46 /** Create a chain of certificates for signing things.
47 * @param openssl Name of openssl binary (if it is on the path) or full path.
48 * @return Directory (which should be deleted by the caller) containing:
49 * - ca.self-signed.pem self-signed root certificate
50 * - intermediate.signed.pem intermediate certificate
51 * - leaf.key leaf certificate private key
52 * - leaf.signed.pem leaf certificate
55 boost::filesystem::path openssl,
56 std::string organisation = "example.org",
57 std::string organisational_unit = "example.org",
58 std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION",
59 std::string intermediate_common_name = ".smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION",
60 std::string leaf_common_name = "CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION"
63 void add (Certificate c);
64 void remove (Certificate c);
67 Certificate root () const;
68 Certificate leaf () const;
70 typedef std::list<Certificate> List;
72 List leaf_to_root () const;
73 List root_to_leaf () const;
76 bool attempt_reorder ();
78 void sign (xmlpp::Element* parent, Standard standard) const;
79 void add_signature_value (xmlpp::Node* parent, std::string ns) const;
81 boost::optional<std::string> key () const {
85 void set_key (std::string k) {
90 friend class ::certificates;
93 /** Leaf certificate's private key, if known */
94 boost::optional<std::string> _key;