-boost::filesystem::path make_certificate_chain (
- boost::filesystem::path openssl,
- std::string organisation = "example.org",
- std::string organisational_unit = "example.org",
- std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION",
- std::string intermediate_common_name = ".smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION",
- std::string leaf_common_name = "CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION"
- );
+class CertificateChain
+{
+public:
+ CertificateChain () {}
+
+ /** Create a chain of certificates for signing things.
+ * @param openssl Name of openssl binary (if it is on the path) or full path.
+ * @return Directory (which should be deleted by the caller) containing:
+ * - ca.self-signed.pem self-signed root certificate
+ * - intermediate.signed.pem intermediate certificate
+ * - leaf.key leaf certificate private key
+ * - leaf.signed.pem leaf certificate
+ */
+ CertificateChain (
+ boost::filesystem::path openssl,
+ std::string organisation = "example.org",
+ std::string organisational_unit = "example.org",
+ std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION",
+ std::string intermediate_common_name = ".smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION",
+ std::string leaf_common_name = "CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION"
+ );
+
+ explicit CertificateChain (std::string);
+
+ void add (Certificate c);
+ void remove (Certificate c);
+ void remove (int);
+
+ Certificate root () const;
+ Certificate leaf () const;
+
+ typedef std::list<Certificate> List;
+
+ List leaf_to_root () const;
+ List root_to_leaf () const;
+ List unordered () const;
+
+ bool valid (std::string* reason = 0) const;
+ bool chain_valid () const;
+ bool private_key_valid () const;
+
+ void sign (xmlpp::Element* parent, Standard standard) const;
+ void add_signature_value (xmlpp::Node* parent, std::string ns) const;
+
+ boost::optional<std::string> key () const {
+ return _key;
+ }
+
+ void set_key (std::string k) {
+ _key = k;
+ }
+
+ std::string chain () const;
+
+private:
+ friend struct ::certificates_validation1;
+ friend struct ::certificates_validation2;
+ friend struct ::certificates_validation3;
+ friend struct ::certificates_validation4;
+ friend struct ::certificates_validation5;
+ friend struct ::certificates_validation6;
+ friend struct ::certificates_validation7;
+ friend struct ::certificates_validation8;
+
+ bool chain_valid (List const & chain) const;
+
+ /** Our certificates, not in any particular order */
+ List _certificates;
+ /** Leaf certificate's private key, if known */
+ boost::optional<std::string> _key;
+};